#1115 Check for cert encryption before password check

Former-commit-id: 76aa7564

#1115 Check for cert encryption before password check
Former-commit-id: 76aa7564
f8a2881e · serge-rider · 859e51e0 · f8a2881e · f8a2881e
2 changed file
--- a/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java
+++ b/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java
@@ -693,10 +693,12 @@ public class DataSourceDescriptor
                try {
                    if (!tunnelConfiguration.isSavePassword()) {
                        DBWTunnel.AuthCredentials rc = tunnel.getRequiredCredentials(tunnelConfiguration);
-                        if (!DataSourceHandler.askForPassword(this, tunnelConfiguration, rc == DBWTunnel.AuthCredentials.PASSWORD)) {
-                            DataSourceHandler.updateDataSourceObject(this);
-                            tunnel = null;
-                            return false;
+                        if (rc != DBWTunnel.AuthCredentials.NONE) {
+                            if (!DataSourceHandler.askForPassword(this, tunnelConfiguration, rc == DBWTunnel.AuthCredentials.PASSWORD)) {
+                                DataSourceHandler.updateDataSourceObject(this);
+                                tunnel = null;
+                                return false;
+                            }
                        }
                    }


--- a/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java
+++ b/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/net/SSHTunnelImpl.java
@@ -34,6 +34,7 @@ import org.jkiss.utils.IOUtils;
 import java.io.File;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
+import java.util.List;
 import java.util.Map;

 /**
@@ -227,7 +228,30 @@ public class SSHTunnelImpl implements DBWTunnel {
        if (sshAuthType != null) {
            authType = SSHConstants.AuthType.valueOf(sshAuthType);
        }
-        return authType == SSHConstants.AuthType.PUBLIC_KEY ? AuthCredentials.PASSWORD : AuthCredentials.CREDENTIALS;
+        if (authType == SSHConstants.AuthType.PUBLIC_KEY) {
+            // Check whether this key is encrypted
+            String privKeyPath = configuration.getProperties().get(SSHConstants.PROP_KEY_PATH);
+            if (privKeyPath != null) {
+                // Determine whether public key is encrypted
+                try {
+                    JSch testSch = new JSch();
+                    testSch.addIdentity(privKeyPath);
+                    IdentityRepository ir = testSch.getIdentityRepository();
+                    List<Identity> identities = ir.getIdentities();
+                    for (Identity identity : identities) {
+                        if (identity.isEncrypted()) {
+                            return AuthCredentials.PASSWORD;
+                        }
+                    }
+                } catch (JSchException e) {
+                    // Something went wrong
+                    log.debug("Can't check private key encryption: " + e.getMessage());
+                }
+            }
+
+            return AuthCredentials.NONE;
+        }
+        return AuthCredentials.CREDENTIALS;
    }

    @Override