Package net.schmizz.sshj.transport
Class KeyExchanger
- java.lang.Object
-
- net.schmizz.sshj.transport.KeyExchanger
-
- All Implemented Interfaces:
ErrorNotifiable
,SSHPacketHandler
final class KeyExchanger extends java.lang.Object implements SSHPacketHandler, ErrorNotifiable
Algorithm negotiation and key exchange.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
KeyExchanger.Expected
-
Nested classes/interfaces inherited from interface net.schmizz.sshj.common.ErrorNotifiable
ErrorNotifiable.Util
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Queue<AlgorithmsVerifier>
algorithmVerifiers
private Proposal
clientProposal
private Event<TransportException>
done
private KeyExchanger.Expected
expected
What we are expecting from the next packetprivate java.util.Queue<HostKeyVerifier>
hostVerifiers
HostKeyVerifier.verify(String, int, java.security.PublicKey)
is invoked byverifyHost(PublicKey)
when we are ready to verify the the server's host key.private java.util.concurrent.atomic.AtomicBoolean
initialKex
private KeyExchange
kex
Instance of negotiated key exchange algorithmprivate Event<TransportException>
kexInitSent
private java.util.concurrent.atomic.AtomicBoolean
kexOngoing
private org.slf4j.Logger
log
private NegotiatedAlgorithms
negotiatedAlgs
private byte[]
sessionID
Computed session IDprivate java.util.concurrent.atomic.AtomicBoolean
strictKex
private TransportImpl
transport
-
Constructor Summary
Constructors Constructor Description KeyExchanger(TransportImpl trans)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) void
addAlgorithmsVerifier(AlgorithmsVerifier verifier)
(package private) void
addHostKeyVerifier(HostKeyVerifier hkv)
Add a callback for host key verification.private void
ensureKexOngoing()
private static void
ensureReceivedMatchesExpected(Message got, Message expected)
private java.util.List<java.lang.String>
findKnownHostAlgs(java.lang.String hostname, int port)
(package private) byte[]
getSessionID()
Returns the session identifier computed during key exchange.private void
gotKexInit(SSHPacket buf)
private void
gotNewKeys()
private void
gotStrictKexInfo(Proposal serverProposal)
void
handle(Message msg, SSHPacket buf)
Delegate handling of some SSH packet to this object.(package private) boolean
isInitialKex()
(package private) boolean
isKexDone()
(package private) boolean
isKexOngoing()
private boolean
isKeyExchangeAllowed()
Key exchange can be initiated exactly once while connecting or later after authentication when re-keying.(package private) boolean
isStrictKex()
void
notifyError(SSHException error)
Notifies this object of anerror
.private static byte[]
resizedKey(byte[] E, int blockSize, Digest hash, java.math.BigInteger K, byte[] H)
Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.private void
sendKexInit()
Sends SSH_MSG_KEXINIT and sets thekexInitSent
event.private void
sendNewKeys()
private void
setKexDone()
(package private) void
startKex(boolean waitForDone)
Starts key exchange by sending aSSH_MSG_KEXINIT
packet.private void
verifyHost(java.security.PublicKey key)
Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers
)(package private) void
waitForDone()
-
-
-
Field Detail
-
log
private final org.slf4j.Logger log
-
transport
private final TransportImpl transport
-
hostVerifiers
private final java.util.Queue<HostKeyVerifier> hostVerifiers
HostKeyVerifier.verify(String, int, java.security.PublicKey)
is invoked byverifyHost(PublicKey)
when we are ready to verify the the server's host key.
-
algorithmVerifiers
private final java.util.Queue<AlgorithmsVerifier> algorithmVerifiers
-
kexOngoing
private final java.util.concurrent.atomic.AtomicBoolean kexOngoing
-
initialKex
private final java.util.concurrent.atomic.AtomicBoolean initialKex
-
strictKex
private final java.util.concurrent.atomic.AtomicBoolean strictKex
-
expected
private KeyExchanger.Expected expected
What we are expecting from the next packet
-
kex
private KeyExchange kex
Instance of negotiated key exchange algorithm
-
sessionID
private byte[] sessionID
Computed session ID
-
clientProposal
private Proposal clientProposal
-
negotiatedAlgs
private NegotiatedAlgorithms negotiatedAlgs
-
kexInitSent
private final Event<TransportException> kexInitSent
-
done
private final Event<TransportException> done
-
-
Constructor Detail
-
KeyExchanger
KeyExchanger(TransportImpl trans)
-
-
Method Detail
-
addHostKeyVerifier
void addHostKeyVerifier(HostKeyVerifier hkv)
Add a callback for host key verification. Any of theHostKeyVerifier
implementations added this way can deem a host key to be acceptable, allowing key exchange to successfully complete. Otherwise, aTransportException
will result during key exchange.- Parameters:
hkv
- object whoseHostKeyVerifier.verify(java.lang.String, int, java.security.PublicKey)
method will be invoked
-
addAlgorithmsVerifier
void addAlgorithmsVerifier(AlgorithmsVerifier verifier)
-
getSessionID
byte[] getSessionID()
Returns the session identifier computed during key exchange.- Returns:
- session identifier as a byte array
-
isKexDone
boolean isKexDone()
- Returns:
- whether key exchange has been completed
-
isKexOngoing
boolean isKexOngoing()
- Returns:
- whether key exchange is currently ongoing
-
isStrictKex
boolean isStrictKex()
-
isInitialKex
boolean isInitialKex()
-
startKex
void startKex(boolean waitForDone) throws TransportException
Starts key exchange by sending aSSH_MSG_KEXINIT
packet. Key exchange needs to be done once mandatorily after initializing theTransport
for it to be usable and may be initiated at any later point e.g. ifalgorithms
have changed and should be renegotiated.- Parameters:
waitForDone
- whether should block till key exchange completed- Throws:
TransportException
- if there is an error during key exchange
-
isKeyExchangeAllowed
private boolean isKeyExchangeAllowed()
Key exchange can be initiated exactly once while connecting or later after authentication when re-keying.
-
waitForDone
void waitForDone() throws TransportException
- Throws:
TransportException
-
ensureKexOngoing
private void ensureKexOngoing() throws TransportException
- Throws:
TransportException
-
ensureReceivedMatchesExpected
private static void ensureReceivedMatchesExpected(Message got, Message expected) throws TransportException
- Throws:
TransportException
-
sendKexInit
private void sendKexInit() throws TransportException
Sends SSH_MSG_KEXINIT and sets thekexInitSent
event.- Throws:
TransportException
-
findKnownHostAlgs
private java.util.List<java.lang.String> findKnownHostAlgs(java.lang.String hostname, int port)
-
sendNewKeys
private void sendNewKeys() throws TransportException
- Throws:
TransportException
-
verifyHost
private void verifyHost(java.security.PublicKey key) throws TransportException
Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers
)- Parameters:
key
- the host key to verify- Throws:
TransportException
-
setKexDone
private void setKexDone()
-
gotKexInit
private void gotKexInit(SSHPacket buf) throws TransportException
- Throws:
TransportException
-
gotStrictKexInfo
private void gotStrictKexInfo(Proposal serverProposal) throws TransportException
- Throws:
TransportException
-
resizedKey
private static byte[] resizedKey(byte[] E, int blockSize, Digest hash, java.math.BigInteger K, byte[] H)
Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.- Parameters:
E
- the key to resizeblockSize
- the cipher block sizehash
- the hash algorithmK
- the key exchange K parameterH
- the key exchange H parameter- Returns:
- the resized key
-
gotNewKeys
private void gotNewKeys()
-
handle
public void handle(Message msg, SSHPacket buf) throws TransportException
Description copied from interface:SSHPacketHandler
Delegate handling of some SSH packet to this object.- Specified by:
handle
in interfaceSSHPacketHandler
- Parameters:
msg
- the SSHmessage identifier
buf
-SSHPacket
containing rest of the request- Throws:
TransportException
-
notifyError
public void notifyError(SSHException error)
Description copied from interface:ErrorNotifiable
Notifies this object of anerror
.- Specified by:
notifyError
in interfaceErrorNotifiable
-
-