Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
66d61328
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
66d61328
编写于
3月 04, 2014
作者:
O
Oliver Gondža
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Expose PrivateKeyProvider
上级
2ea3d8f1
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
175 addition
and
103 deletion
+175
-103
cli/src/main/java/hudson/cli/CLI.java
cli/src/main/java/hudson/cli/CLI.java
+13
-103
cli/src/main/java/hudson/cli/PrivateKeyProvider.java
cli/src/main/java/hudson/cli/PrivateKeyProvider.java
+162
-0
未找到文件。
cli/src/main/java/hudson/cli/CLI.java
浏览文件 @
66d61328
...
...
@@ -23,7 +23,6 @@
*/
package
hudson.cli
;
import
com.trilead.ssh2.crypto.PEMDecoder
;
import
hudson.cli.client.Messages
;
import
hudson.remoting.Channel
;
import
hudson.remoting.PingThread
;
...
...
@@ -49,7 +48,6 @@ import java.io.Closeable;
import
java.io.DataInputStream
;
import
java.io.DataOutputStream
;
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.OutputStream
;
...
...
@@ -61,13 +59,10 @@ import java.net.Socket;
import
java.net.URL
;
import
java.net.URLConnection
;
import
java.security.GeneralSecurityException
;
import
java.security.KeyFactory
;
import
java.security.KeyPair
;
import
java.security.PublicKey
;
import
java.security.SecureRandom
;
import
java.security.Signature
;
import
java.security.spec.DSAPrivateKeySpec
;
import
java.security.spec.DSAPublicKeySpec
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.Collections
;
...
...
@@ -78,8 +73,6 @@ import java.util.concurrent.ExecutorService;
import
java.util.concurrent.Executors
;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
import
java.io.Console
;
import
static
java
.
util
.
logging
.
Level
.*;
/**
...
...
@@ -391,7 +384,7 @@ public class CLI {
public
static
int
_main
(
String
[]
_args
)
throws
Exception
{
List
<
String
>
args
=
Arrays
.
asList
(
_args
);
List
<
KeyPair
>
candidateKeys
=
new
ArrayList
<
KeyPair
>
();
PrivateKeyProvider
provider
=
new
PrivateKeyProvider
();
boolean
sshAuthRequestedExplicitly
=
false
;
String
httpProxy
=
null
;
...
...
@@ -431,17 +424,9 @@ public class CLI {
printUsage
(
Messages
.
CLI_NoSuchFileExists
(
f
));
return
-
1
;
}
KeyPair
kp
;
try
{
kp
=
loadKey
(
f
);
}
catch
(
IOException
e
)
{
//if the PEM file is encrypted, IOException is thrown
kp
=
tryEncryptedFile
(
f
);
}
catch
(
GeneralSecurityException
e
)
{
throw
new
Exception
(
"Failed to load key: "
+
f
,
e
);
}
if
(
kp
!=
null
)
candidateKeys
.
add
(
kp
);
provider
.
readFrom
(
f
);
args
=
args
.
subList
(
2
,
args
.
size
());
sshAuthRequestedExplicitly
=
true
;
continue
;
...
...
@@ -462,8 +447,8 @@ public class CLI {
if
(
args
.
isEmpty
())
args
=
Arrays
.
asList
(
"help"
);
// default to help
if
(
candidateKeys
.
isEmpty
())
addDefaultPrivateKeyLocations
(
candidateKeys
);
if
(
!
provider
.
hasKeys
())
provider
.
readFromDefaultLocations
(
);
CLIConnectionFactory
factory
=
new
CLIConnectionFactory
().
url
(
url
).
httpsProxyTunnel
(
httpProxy
);
String
userInfo
=
new
URL
(
url
).
getUserInfo
();
...
...
@@ -473,10 +458,10 @@ public class CLI {
CLI
cli
=
factory
.
connect
();
try
{
if
(
!
candidateKeys
.
isEmpty
())
{
if
(
provider
.
hasKeys
())
{
try
{
// TODO: server verification
cli
.
authenticate
(
candidateKeys
);
cli
.
authenticate
(
provider
.
getKeys
()
);
}
catch
(
IllegalStateException
e
)
{
if
(
sshAuthRequestedExplicitly
)
{
System
.
err
.
println
(
"The server doesn't support public key authentication"
);
...
...
@@ -528,97 +513,22 @@ public class CLI {
* Loads RSA/DSA private key in a PEM format into {@link KeyPair}.
*/
public
static
KeyPair
loadKey
(
File
f
,
String
passwd
)
throws
IOException
,
GeneralSecurityException
{
return
loadKey
(
readPemFile
(
f
)
,
passwd
);
return
PrivateKeyProvider
.
loadKey
(
f
,
passwd
);
}
public
static
KeyPair
loadKey
(
File
f
)
throws
IOException
,
GeneralSecurityException
{
return
loadKey
(
f
,
null
);
}
private
static
String
readPemFile
(
File
f
)
throws
IOException
{
FileInputStream
is
=
new
FileInputStream
(
f
);
try
{
DataInputStream
dis
=
new
DataInputStream
(
is
);
byte
[]
bytes
=
new
byte
[(
int
)
f
.
length
()];
dis
.
readFully
(
bytes
);
dis
.
close
();
return
new
String
(
bytes
);
}
finally
{
is
.
close
();
}
return
loadKey
(
f
,
null
);
}
/**
* Loads RSA/DSA private key in a PEM format into {@link KeyPair}.
*/
public
static
KeyPair
loadKey
(
String
pemString
,
String
passwd
)
throws
IOException
,
GeneralSecurityException
{
Object
key
=
PEMDecoder
.
decode
(
pemString
.
toCharArray
(),
passwd
);
if
(
key
instanceof
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
)
{
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
x
=
(
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
)
key
;
// System.out.println("ssh-rsa " + new String(Base64.encode(RSASHA1Verify.encodeSSHRSAPublicKey(x.getPublicKey()))));
return
x
.
toJCEKeyPair
();
}
if
(
key
instanceof
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
)
{
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
x
=
(
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
)
key
;
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"DSA"
);
// System.out.println("ssh-dsa " + new String(Base64.encode(DSASHA1Verify.encodeSSHDSAPublicKey(x.getPublicKey()))));
return
new
KeyPair
(
kf
.
generatePublic
(
new
DSAPublicKeySpec
(
x
.
getY
(),
x
.
getP
(),
x
.
getQ
(),
x
.
getG
())),
kf
.
generatePrivate
(
new
DSAPrivateKeySpec
(
x
.
getX
(),
x
.
getP
(),
x
.
getQ
(),
x
.
getG
())));
}
throw
new
UnsupportedOperationException
(
"Unrecognizable key format: "
+
key
);
return
PrivateKeyProvider
.
loadKey
(
pemString
,
passwd
);
}
public
static
KeyPair
loadKey
(
String
pemString
)
throws
IOException
,
GeneralSecurityException
{
return
loadKey
(
pemString
,
null
);
}
private
static
KeyPair
tryEncryptedFile
(
File
f
)
throws
IOException
,
GeneralSecurityException
{
KeyPair
kp
=
null
;
if
(
isPemEncrypted
(
f
)){
String
passwd
=
askForPasswd
(
f
.
getCanonicalPath
());
kp
=
loadKey
(
f
,
passwd
);
}
return
kp
;
}
private
static
boolean
isPemEncrypted
(
File
f
)
throws
IOException
{
String
pemString
=
readPemFile
(
f
);
//simple check if the file is encrypted
return
pemString
.
contains
(
"4,ENCRYPTED"
);
}
private
static
String
askForPasswd
(
String
filePath
){
Console
cons
=
System
.
console
();
String
passwd
=
null
;
if
(
cons
!=
null
){
char
[]
p
=
cons
.
readPassword
(
"%s"
,
"Enter passphrase for "
+
filePath
+
":"
);
passwd
=
String
.
valueOf
(
p
);
}
return
passwd
;
}
/**
* try all the default key locations
*/
private
static
void
addDefaultPrivateKeyLocations
(
List
<
KeyPair
>
keyFileCandidates
)
{
File
home
=
new
File
(
System
.
getProperty
(
"user.home"
));
for
(
String
path
:
new
String
[]{
".ssh/id_rsa"
,
".ssh/id_dsa"
,
".ssh/identity"
})
{
File
key
=
new
File
(
home
,
path
);
if
(
key
.
exists
())
{
try
{
keyFileCandidates
.
add
(
loadKey
(
key
));
}
catch
(
IOException
e
)
{
// don't report an error. the user can still see it by using the -i option
LOGGER
.
log
(
FINE
,
"Failed to load "
+
key
,
e
);
}
catch
(
GeneralSecurityException
e
)
{
LOGGER
.
log
(
FINE
,
"Failed to load "
+
key
,
e
);
}
}
}
return
loadKey
(
pemString
,
null
);
}
/**
...
...
cli/src/main/java/hudson/cli/PrivateKeyProvider.java
0 → 100644
浏览文件 @
66d61328
/*
* The MIT License
*
* Copyright (c) 2014 Red Hat, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.cli
;
import
static
java
.
util
.
logging
.
Level
.
FINE
;
import
java.io.Console
;
import
java.io.DataInputStream
;
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.io.IOException
;
import
java.security.GeneralSecurityException
;
import
java.security.KeyFactory
;
import
java.security.KeyPair
;
import
java.security.spec.DSAPrivateKeySpec
;
import
java.security.spec.DSAPublicKeySpec
;
import
java.util.ArrayList
;
import
java.util.Collections
;
import
java.util.List
;
import
java.util.logging.Logger
;
import
com.trilead.ssh2.crypto.PEMDecoder
;
/**
* Read DSA or RSA key from file(s) asking for password interactively.
*
* @author ogondza
* @since 1.555
*/
public
class
PrivateKeyProvider
{
private
List
<
KeyPair
>
privateKeys
=
new
ArrayList
<
KeyPair
>();
/**
* Get keys read so far.
*
* @return Possibly empty list. Never null.
*/
public
List
<
KeyPair
>
getKeys
()
{
return
Collections
.
unmodifiableList
(
privateKeys
);
}
public
boolean
hasKeys
()
{
return
!
privateKeys
.
isEmpty
();
}
/**
* Read keys from default keyFiles
*
* <tt>.ssh/id_rsa</tt>, <tt>.ssh/id_dsa</tt> and <tt>.ssh/identity</tt>.
*
* @return true if some key was read successfully.
*/
public
boolean
readFromDefaultLocations
()
{
final
File
home
=
new
File
(
System
.
getProperty
(
"user.home"
));
boolean
read
=
false
;
for
(
String
path
:
new
String
[]
{
".ssh/id_rsa"
,
".ssh/id_dsa"
,
".ssh/identity"
})
{
final
File
key
=
new
File
(
home
,
path
);
if
(!
key
.
exists
())
continue
;
try
{
readFrom
(
key
);
read
=
true
;
}
catch
(
IOException
e
)
{
LOGGER
.
log
(
FINE
,
"Failed to load "
+
key
,
e
);
}
catch
(
GeneralSecurityException
e
)
{
LOGGER
.
log
(
FINE
,
"Failed to load "
+
key
,
e
);
}
}
return
read
;
}
/**
* Read key from keyFile.
*/
public
void
readFrom
(
File
keyFile
)
throws
IOException
,
GeneralSecurityException
{
final
String
password
=
isPemEncrypted
(
keyFile
)
?
askForPasswd
(
keyFile
.
getCanonicalPath
())
:
null
;
privateKeys
.
add
(
loadKey
(
keyFile
,
password
));
}
private
static
boolean
isPemEncrypted
(
File
f
)
throws
IOException
{
//simple check if the file is encrypted
return
readPemFile
(
f
).
contains
(
"4,ENCRYPTED"
);
}
private
static
String
askForPasswd
(
String
filePath
){
Console
cons
=
System
.
console
();
String
passwd
=
null
;
if
(
cons
!=
null
){
char
[]
p
=
cons
.
readPassword
(
"%s"
,
"Enter passphrase for "
+
filePath
+
":"
);
passwd
=
String
.
valueOf
(
p
);
}
return
passwd
;
}
public
static
KeyPair
loadKey
(
File
f
,
String
passwd
)
throws
IOException
,
GeneralSecurityException
{
return
loadKey
(
readPemFile
(
f
),
passwd
);
}
private
static
String
readPemFile
(
File
f
)
throws
IOException
{
FileInputStream
is
=
new
FileInputStream
(
f
);
try
{
DataInputStream
dis
=
new
DataInputStream
(
is
);
byte
[]
bytes
=
new
byte
[(
int
)
f
.
length
()];
dis
.
readFully
(
bytes
);
dis
.
close
();
return
new
String
(
bytes
);
}
finally
{
is
.
close
();
}
}
public
static
KeyPair
loadKey
(
String
pemString
,
String
passwd
)
throws
IOException
,
GeneralSecurityException
{
Object
key
=
PEMDecoder
.
decode
(
pemString
.
toCharArray
(),
passwd
);
if
(
key
instanceof
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
)
{
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
x
=
(
com
.
trilead
.
ssh2
.
signature
.
RSAPrivateKey
)
key
;
return
x
.
toJCEKeyPair
();
}
if
(
key
instanceof
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
)
{
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
x
=
(
com
.
trilead
.
ssh2
.
signature
.
DSAPrivateKey
)
key
;
KeyFactory
kf
=
KeyFactory
.
getInstance
(
"DSA"
);
return
new
KeyPair
(
kf
.
generatePublic
(
new
DSAPublicKeySpec
(
x
.
getY
(),
x
.
getP
(),
x
.
getQ
(),
x
.
getG
())),
kf
.
generatePrivate
(
new
DSAPrivateKeySpec
(
x
.
getX
(),
x
.
getP
(),
x
.
getQ
(),
x
.
getG
())));
}
throw
new
UnsupportedOperationException
(
"Unrecognizable key format: "
+
key
);
}
private
static
final
Logger
LOGGER
=
Logger
.
getLogger
(
PrivateKeyProvider
.
class
.
getName
());
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录