Package net.schmizz.sshj.transport
Class KeyExchanger
java.lang.Object
net.schmizz.sshj.transport.KeyExchanger
- All Implemented Interfaces:
ErrorNotifiable
,SSHPacketHandler
Algorithm negotiation and key exchange.
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from interface net.schmizz.sshj.common.ErrorNotifiable
ErrorNotifiable.Util
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final Queue
<AlgorithmsVerifier> private Proposal
private final Event
<TransportException> private KeyExchanger.Expected
What we are expecting from the next packetprivate final Queue
<HostKeyVerifier> HostKeyVerifier.verify(String, int, java.security.PublicKey)
is invoked byverifyHost(PublicKey)
when we are ready to verify the the server's host key.private final AtomicBoolean
private KeyExchange
Instance of negotiated key exchange algorithmprivate final Event
<TransportException> private final AtomicBoolean
private final org.slf4j.Logger
private NegotiatedAlgorithms
private byte[]
Computed session IDprivate final AtomicBoolean
private final TransportImpl
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) void
addAlgorithmsVerifier
(AlgorithmsVerifier verifier) (package private) void
Add a callback for host key verification.private void
private static void
ensureReceivedMatchesExpected
(Message got, Message expected) findKnownHostAlgs
(String hostname, int port) (package private) byte[]
Returns the session identifier computed during key exchange.private void
gotKexInit
(SSHPacket buf) private void
private void
gotStrictKexInfo
(Proposal serverProposal) void
Delegate handling of some SSH packet to this object.(package private) boolean
(package private) boolean
(package private) boolean
private boolean
Key exchange can be initiated exactly once while connecting or later after authentication when re-keying.(package private) boolean
void
notifyError
(SSHException error) Notifies this object of anerror
.private static byte[]
resizedKey
(byte[] E, int blockSize, Digest hash, BigInteger K, byte[] H) Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.private void
Sends SSH_MSG_KEXINIT and sets thekexInitSent
event.private void
private void
(package private) void
startKex
(boolean waitForDone) Starts key exchange by sending aSSH_MSG_KEXINIT
packet.private void
verifyHost
(PublicKey key) Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers
)(package private) void
-
Field Details
-
log
private final org.slf4j.Logger log -
transport
-
hostVerifiers
HostKeyVerifier.verify(String, int, java.security.PublicKey)
is invoked byverifyHost(PublicKey)
when we are ready to verify the the server's host key. -
algorithmVerifiers
-
kexOngoing
-
initialKex
-
strictKex
-
expected
What we are expecting from the next packet -
kex
Instance of negotiated key exchange algorithm -
sessionID
private byte[] sessionIDComputed session ID -
clientProposal
-
negotiatedAlgs
-
kexInitSent
-
done
-
-
Constructor Details
-
KeyExchanger
KeyExchanger(TransportImpl trans)
-
-
Method Details
-
addHostKeyVerifier
Add a callback for host key verification. Any of theHostKeyVerifier
implementations added this way can deem a host key to be acceptable, allowing key exchange to successfully complete. Otherwise, aTransportException
will result during key exchange.- Parameters:
hkv
- object whoseHostKeyVerifier.verify(java.lang.String, int, java.security.PublicKey)
method will be invoked
-
addAlgorithmsVerifier
-
getSessionID
byte[] getSessionID()Returns the session identifier computed during key exchange.- Returns:
- session identifier as a byte array
-
isKexDone
boolean isKexDone()- Returns:
- whether key exchange has been completed
-
isKexOngoing
boolean isKexOngoing()- Returns:
- whether key exchange is currently ongoing
-
isStrictKex
boolean isStrictKex() -
isInitialKex
boolean isInitialKex() -
startKex
Starts key exchange by sending aSSH_MSG_KEXINIT
packet. Key exchange needs to be done once mandatorily after initializing theTransport
for it to be usable and may be initiated at any later point e.g. ifalgorithms
have changed and should be renegotiated.- Parameters:
waitForDone
- whether should block till key exchange completed- Throws:
TransportException
- if there is an error during key exchange
-
isKeyExchangeAllowed
private boolean isKeyExchangeAllowed()Key exchange can be initiated exactly once while connecting or later after authentication when re-keying. -
waitForDone
- Throws:
TransportException
-
ensureKexOngoing
- Throws:
TransportException
-
ensureReceivedMatchesExpected
private static void ensureReceivedMatchesExpected(Message got, Message expected) throws TransportException - Throws:
TransportException
-
sendKexInit
Sends SSH_MSG_KEXINIT and sets thekexInitSent
event.- Throws:
TransportException
-
findKnownHostAlgs
-
sendNewKeys
- Throws:
TransportException
-
verifyHost
Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers
)- Parameters:
key
- the host key to verify- Throws:
TransportException
-
setKexDone
private void setKexDone() -
gotKexInit
- Throws:
TransportException
-
gotStrictKexInfo
- Throws:
TransportException
-
resizedKey
Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.- Parameters:
E
- the key to resizeblockSize
- the cipher block sizehash
- the hash algorithmK
- the key exchange K parameterH
- the key exchange H parameter- Returns:
- the resized key
-
gotNewKeys
private void gotNewKeys() -
handle
Description copied from interface:SSHPacketHandler
Delegate handling of some SSH packet to this object.- Specified by:
handle
in interfaceSSHPacketHandler
- Parameters:
msg
- the SSHmessage identifier
buf
-SSHPacket
containing rest of the request- Throws:
TransportException
-
notifyError
Description copied from interface:ErrorNotifiable
Notifies this object of anerror
.- Specified by:
notifyError
in interfaceErrorNotifiable
-