From 76aa756423d17ae2a8670e741203cfc68b4df268 Mon Sep 17 00:00:00 2001 From: serge-rider Date: Fri, 19 Jan 2018 22:31:37 +0300 Subject: [PATCH] #1115 Check for cert encryption before password check --- .../registry/DataSourceDescriptor.java | 10 ++++--- .../dbeaver/model/impl/net/SSHTunnelImpl.java | 26 ++++++++++++++++++- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java b/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java index e5e3a0f457..e48c7087bb 100644 --- a/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java +++ b/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java @@ -693,10 +693,12 @@ public class DataSourceDescriptor try { if (!tunnelConfiguration.isSavePassword()) { DBWTunnel.AuthCredentials rc = tunnel.getRequiredCredentials(tunnelConfiguration); - if (!DataSourceHandler.askForPassword(this, tunnelConfiguration, rc == DBWTunnel.AuthCredentials.PASSWORD)) { - DataSourceHandler.updateDataSourceObject(this); - tunnel = null; - return false; + if (rc != DBWTunnel.AuthCredentials.NONE) { + if (!DataSourceHandler.askForPassword(this, tunnelConfiguration, rc == DBWTunnel.AuthCredentials.PASSWORD)) { + DataSourceHandler.updateDataSourceObject(this); + tunnel = null; + return false; + } } } diff --git a/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java b/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java index b06aa2bb60..79836bf0ba 100644 --- a/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java +++ b/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java @@ -34,6 +34,7 @@ import org.jkiss.utils.IOUtils; import java.io.File; import java.io.IOException; import java.lang.reflect.InvocationTargetException; +import java.util.List; import java.util.Map; /** @@ -227,7 +228,30 @@ public class SSHTunnelImpl implements DBWTunnel { if (sshAuthType != null) { authType = SSHConstants.AuthType.valueOf(sshAuthType); } - return authType == SSHConstants.AuthType.PUBLIC_KEY ? AuthCredentials.PASSWORD : AuthCredentials.CREDENTIALS; + if (authType == SSHConstants.AuthType.PUBLIC_KEY) { + // Check whether this key is encrypted + String privKeyPath = configuration.getProperties().get(SSHConstants.PROP_KEY_PATH); + if (privKeyPath != null) { + // Determine whether public key is encrypted + try { + JSch testSch = new JSch(); + testSch.addIdentity(privKeyPath); + IdentityRepository ir = testSch.getIdentityRepository(); + List identities = ir.getIdentities(); + for (Identity identity : identities) { + if (identity.isEncrypted()) { + return AuthCredentials.PASSWORD; + } + } + } catch (JSchException e) { + // Something went wrong + log.debug("Can't check private key encryption: " + e.getMessage()); + } + } + + return AuthCredentials.NONE; + } + return AuthCredentials.CREDENTIALS; } @Override -- GitLab