Class KeyUtils
java.lang.Object
org.apache.sshd.common.config.keys.KeyUtils
Utility class for keys
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final Map<Class<?>, PublicKeyEntryDecoder<?, ?>> private static final Map<String, PublicKeyEntryDecoder<?, ?>> private static final AtomicReference<DigestFactory> static final DigestFactoryThe defaultFactoryofDigests initialized as the value ofgetDefaultFingerPrintFactory()if not overridden byKEY_FINGERPRINT_FACTORY_PROPorsetDefaultFingerPrintFactory(DigestFactory)static final BigIntegerThe most commonly used RSA public key exponentstatic final StringName of algorithm for DSS keys to be used when calling security providerstatic final StringName of algorithm for EC keys to be used when calling security providerstatic final StringSystem property that can be used to control the default fingerprint factory used for keys.static final StringName of algorithm for RSA keys to be used when calling security providerstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Set<PosixFilePermission> TheSetofPosixFilePermissionnot allowed if strict permissions are enforced on key files -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncheckFingerPrint(String expected, PublicKey key) checkFingerPrint(String expected, Digest d, PublicKey key) checkFingerPrint(String expected, Factory<? extends Digest> f, PublicKey key) static KeyPaircloneKeyPair(String keyType, KeyPair kp) Performs a deep-clone of the originalKeyPair- i.e., creates new public/private keys that are clones of the original onestatic booleancompareDSAKeys(DSAPrivateKey k1, DSAPrivateKey k2) static booleancompareDSAKeys(DSAPublicKey k1, DSAPublicKey k2) static booleancompareDSAParams(DSAParams p1, DSAParams p2) static booleancompareECKeys(ECPrivateKey k1, ECPrivateKey k2) static booleancompareECKeys(ECPublicKey k1, ECPublicKey k2) static booleanstatic booleancompareKeyPairs(KeyPair k1, KeyPair k2) static booleancompareKeys(PrivateKey k1, PrivateKey k2) static booleancompareKeys(PublicKey k1, PublicKey k2) static booleanstatic booleancompareRSAKeys(RSAPrivateKey k1, RSAPrivateKey k2) static booleancompareRSAKeys(RSAPublicKey k1, RSAPublicKey k2) static booleanstatic booleanstatic PublicKeyfindMatchingKey(PublicKey key, PublicKey... keySet) static PublicKeyfindMatchingKey(PublicKey key, Collection<? extends PublicKey> keySet) static KeyPairgenerateKeyPair(String keyType, int keySize) getAllEquivalentKeyTypes(String keyType) static StringgetCanonicalKeyType(String keyType) static DigestFactorystatic StringgetFingerPrint(String password) static StringgetFingerPrint(String password, Charset charset) static StringgetFingerPrint(PublicKey key) static StringgetFingerPrint(Digest d, String s) static StringgetFingerPrint(Digest d, String s, Charset charset) static StringgetFingerPrint(Digest d, PublicKey key) static StringgetFingerPrint(Factory<? extends Digest> f, String s) static StringgetFingerPrint(Factory<? extends Digest> f, String s, Charset charset) static StringgetFingerPrint(Factory<? extends Digest> f, PublicKey key) static intgetKeySize(Key key) Determines the key size in bitsstatic StringgetKeyType(Key key) static StringgetKeyType(KeyPair kp) static PublicKeyEntryDecoder<?, ?> getPublicKeyEntryDecoder(Class<?> keyType) static PublicKeyEntryDecoder<?, ?> getPublicKeyEntryDecoder(String keyType) static PublicKeyEntryDecoder<?, ?> static PublicKeyEntryDecoder<?, ?> static byte[]static byte[]getRawFingerprint(Digest d, PublicKey key) static byte[]getRawFingerprint(Factory<? extends Digest> f, PublicKey key) static NavigableSet<String> static StringgetSignatureAlgorithm(String chosenAlgorithm, PublicKey key) static PublicKeyloadPublicKey(Path path) Reads a singlePublicKeyfrom a public key file.static DSAPublicKeyrecoverDSAPublicKey(DSAPrivateKey privateKey) static RSAPublicKeystatic PublicKeystatic RSAPublicKeyrecoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) static RSAPublicKeyrecoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) static RSAPublicKeyrecoverRSAPublicKey(RSAPrivateKey privateKey) registerCanonicalKeyTypes(String keyType, Collection<String> aliases) Registers a collection of aliases to a canonical key typestatic voidregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?, ?> decoder) static PublicKeyEntryDecoder<?, ?> registerPublicKeyEntryDecoderForKeyType(String keyType, PublicKeyEntryDecoder<?, ?> decoder) static voidregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?, ?> decoder) Registers the specified decoder for all the types itsupportsstatic voidstatic Stringstatic NavigableSet<String> unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?, ?> decoder) static PublicKeyEntryDecoder<?, ?> Unregister the decoder registered for the specified key typestatic NavigableSet<String> unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?, ?> decoder) Unregisters the specified decoder for all the types it supportsvalidateStrictKeyFilePermissions(Path path, LinkOption... options) Checks if a path has strict permissions
-
Field Details
-
RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security provider- See Also:
-
DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponent -
DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security provider- See Also:
-
EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security provider- See Also:
-
STRICTLY_PROHIBITED_FILE_PERMISSION
TheSetofPosixFilePermissionnot allowed if strict permissions are enforced on key files -
KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys. If not set theDEFAULT_FINGERPRINT_DIGEST_FACTORYis used- See Also:
-
DEFAULT_FINGERPRINT_DIGEST_FACTORY
The defaultFactoryofDigests initialized as the value ofgetDefaultFingerPrintFactory()if not overridden byKEY_FINGERPRINT_FACTORY_PROPorsetDefaultFingerPrintFactory(DigestFactory) -
RSA_SHA256_KEY_TYPE_ALIAS
- See Also:
-
RSA_SHA512_KEY_TYPE_ALIAS
- See Also:
-
RSA_SHA256_CERT_TYPE_ALIAS
- See Also:
-
RSA_SHA512_CERT_TYPE_ALIAS
- See Also:
-
DEFAULT_DIGEST_HOLDER
-
BY_KEY_TYPE_DECODERS_MAP
-
BY_KEY_CLASS_DECODERS_MAP
-
KEY_TYPE_ALIASES
-
SIGNATURE_ALGORITHM_MAP
-
-
Constructor Details
-
KeyUtils
private KeyUtils()
-
-
Method Details
-
validateStrictKeyFilePermissions
public static AbstractMap.SimpleImmutableEntry<String,Object> validateStrictKeyFilePermissions(Path path, LinkOption... options) throws IOException Checks if a path has strict permissions
-
The path may not have
PosixFilePermission.OTHERS_EXECUTEpermission -
(For
Unix) The path may not have group or others permissions -
(For
Unix) If the path is a file, then its folder may not have group or others permissions -
The path must be owned by current user.
-
(For
Unix) The path may be owned by root. -
(For
Unix) If the path is a file, then its folder must also have valid owner.
- Parameters:
path- ThePathto be checked - ignored ifnullor does not existoptions- TheLinkOptions to use to query the file's permissions- Returns:
- The violated permission as
AbstractMap.SimpleImmutableEntrywhere key is a message and value is the offending objectPosixFilePermissionorStringfor owner -nullif no violations detected - Throws:
IOException- If failed to retrieve the permissions- See Also:
-
-
loadPublicKey
Reads a singlePublicKeyfrom a public key file.- Parameters:
path-Pathof the file to read; must not benull- Returns:
- the
PublicKey, may benullif the file is empty - Throws:
IOException- if the file cannot be read or parsedGeneralSecurityException- if the file contents cannot be read as a singlePublicKey
-
generateKeyPair
- Parameters:
keyType- The key type -OpenSSHname - e.g.,ssh-rsa, ssh-dsskeySize- The key size (in bits)- Returns:
- A
KeyPairof the specified type and size - Throws:
GeneralSecurityException- If failed to generate the key pair- See Also:
-
cloneKeyPair
Performs a deep-clone of the originalKeyPair- i.e., creates new public/private keys that are clones of the original one- Parameters:
keyType- The key type -OpenSSHname - e.g.,ssh-rsa, ssh-dsskp- TheKeyPairto clone - ignored ifnull- Returns:
- The cloned instance
- Throws:
GeneralSecurityException- If failed to clone the pair
-
registerPublicKeyEntryDecoder
- Parameters:
decoder- The decoder to register- Throws:
IllegalArgumentException- if no decoder or not key type or no supported names for the decoder- See Also:
-
registerPublicKeyEntryDecoderKeyTypes
Registers the specified decoder for all the types itsupports- Parameters:
decoder- The (nevernull)decoderto register- See Also:
-
registerPublicKeyEntryDecoderForKeyType
public static PublicKeyEntryDecoder<?,?> registerPublicKeyEntryDecoderForKeyType(String keyType, PublicKeyEntryDecoder<?, ?> decoder) - Parameters:
keyType- The key (nevernull/empty) key typedecoder- The (nevernull)decoderto register- Returns:
- The previously registered decoder for this key type -
nullif none
-
unregisterPublicKeyEntryDecoder
public static NavigableSet<String> unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?, ?> decoder) - Parameters:
decoder- The (nevernull)decoderto unregister- Returns:
- The case insensitive
NavigableSetof all the effectively un-registered key types out of all thesupportedones. - See Also:
-
unregisterPublicKeyEntryDecoderKeyTypes
public static NavigableSet<String> unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?, ?> decoder) Unregisters the specified decoder for all the types it supports- Parameters:
decoder- The (nevernull)decoderto unregister- Returns:
- The case insensitive
NavigableSetof all the effectively un-registered key types out of all thesupportedones. - See Also:
-
unregisterPublicKeyEntryDecoderForKeyType
Unregister the decoder registered for the specified key type- Parameters:
keyType- The key (nevernull/empty) key type- Returns:
- The unregistered
PublicKeyEntryDecoder-nullif none registered for this key type
-
getPublicKeyEntryDecoder
- Parameters:
keyType- TheOpenSSHkey type string - e.g.,ssh-rsa, ssh-dss- ignored ifnull/empty- Returns:
- The registered
PublicKeyEntryDecoderor {code null} if not found
-
getPublicKeyEntryDecoder
- Parameters:
kp- TheKeyPairto examine - ignored ifnull- Returns:
- The matching
PublicKeyEntryDecoderprovided both the public and private keys have the same decoder -nullif no match found - See Also:
-
getPublicKeyEntryDecoder
- Parameters:
key- TheKey(public or private) - ignored ifnull- Returns:
- The registered
PublicKeyEntryDecoderfor this key or {code null} if no match found - See Also:
-
getPublicKeyEntryDecoder
- Parameters:
keyType- The keyClass- ignored ifnullor not aKeycompatible type- Returns:
- The registered
PublicKeyEntryDecoderor {code null} if no match found
-
getDefaultFingerPrintFactory
- Returns:
- The default
DigestFactoryby thegetFingerPrint(PublicKey)andgetFingerPrint(String)methods - See Also:
-
setDefaultFingerPrintFactory
- Parameters:
f- TheDigestFactoryofDigests to be used - may not benull
-
getFingerPrint
- Parameters:
key- the public key - ignored ifnull- Returns:
- the fingerprint or
nullif no key. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
password- TheStringto digest - ignored ifnull/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
nullifnull/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
password- TheStringto digest - ignored ifnull/emptycharset- TheCharsetto use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
nullifnull/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
-
getFingerPrint
- Parameters:
d- TheDigestto usekey- the public key - ignored ifnull- Returns:
- the fingerprint or
nullif no key. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getRawFingerprint
- Throws:
Exception
-
getRawFingerprint
- Throws:
Exception
-
getRawFingerprint
- Throws:
Exception
-
getFingerPrint
- Parameters:
f- TheFactoryto create theDigestto uses- TheStringto digest - ignored ifnull/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
nullifnull/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
f- TheFactoryto create theDigestto uses- TheStringto digest - ignored ifnull/emptycharset- TheCharsetto use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
nullifnull/empty input Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
-
getFingerPrint
- Parameters:
d- TheDigestto use to calculate the fingerprints- The string to digest - ignored ifnull/emptycharset- TheCharsetto use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
nullifnull/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, PublicKey key) - Parameters:
expected- The expected fingerprint ifnullor empty then returns a failure with the default fingerprint.key- thePublicKey- ifnullthen returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
nullif no key. - See Also:
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Factory<? extends Digest> f, PublicKey key) - Parameters:
expected- The expected fingerprint ifnullor empty then returns a failure with the default fingerprint.f- TheFactoryto be used to generate the defaultDigestfor the keykey- thePublicKey- ifnullthen returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
nullif no key.
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Digest d, PublicKey key) - Parameters:
expected- The expected fingerprint ifnullor empty then returns a failure with the default fingerprint.d- TheDigestto be used to generate the default fingerprint for the keykey- thePublicKey- ifnullthen returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
nullif no key.
-
getKeyType
- Parameters:
kp- a key pair - ignored ifnull. If the private key is non-nullthen it is used to determine the type, otherwise the public one is used.- Returns:
- the key type or
nullif cannot determine it - See Also:
-
getKeyType
- Parameters:
key- a public or private key- Returns:
- the key type or
nullif cannot determine it
-
getAllEquivalentKeyTypes
- Parameters:
keyType- A key type name - ignored ifnull/empty- Returns:
- A
Listof they canonical key name and all its aliases - See Also:
-
getCanonicalKeyType
- Parameters:
keyType- The available key-type - ignored ifnull/empty- Returns:
- The canonical key type - same as input if no alias registered for the provided key type
- See Also:
-
getRegisteredKeyTypeAliases
- Returns:
- A case insensitive
NavigableSetof the currently registered key type "aliases". - See Also:
-
registerCanonicalKeyTypes
Registers a collection of aliases to a canonical key type- Parameters:
keyType- The (nevernull/empty) canonical namealiases- The (nevernull/empty) aliases- Returns:
- A
Listof the replaced aliases - empty if no previous aliases for the canonical name
-
unregisterCanonicalKeyTypeAlias
- Parameters:
alias- The alias to unregister (ignored ifnull/empty)- Returns:
- The associated canonical key type -
nullif alias not registered
-
getKeySize
Determines the key size in bits- Parameters:
key- TheKeyto examine - ignored ifnull- Returns:
- The key size - non-positive value if cannot determine it
-
findMatchingKey
-
findMatchingKey
-
compareKeyPairs
-
compareKeys
-
recoverPublicKey
- Throws:
GeneralSecurityException
-
compareKeys
-
compareRSAKeys
-
compareRSAKeys
-
compareOpenSSHCertificateKeys
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverFromRSAPrivateCrtKey
public static RSAPublicKey recoverFromRSAPrivateCrtKey(RSAPrivateCrtKey rsaKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
compareDSAKeys
-
compareDSAKeys
-
compareDSAParams
-
recoverDSAPublicKey
public static DSAPublicKey recoverDSAPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
compareECKeys
-
compareECKeys
-
compareECParams
-
compareSkEcdsaKeys
-
compareSkEd25519Keys
-
getSignatureAlgorithm
-