Class UserAuthPublicKey
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.client.auth.AbstractUserAuth
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
- All Implemented Interfaces:
UserAuth,ClientSessionHolder,UserAuthInstance<ClientSession>,NamedResource,SignatureFactoriesHolder,SignatureFactoriesManager
Implements the "publickey" authentication mechanism
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected Stringprotected PublicKeyIdentityprotected List<NamedFactory<Signature>> static final AttributeRepository.AttributeKey<String> Is set on aClientSessionwhen it is created; contains the value of theIdentityAgentSSH config setting.protected Iterator<PublicKeyIdentity> static final Stringstatic final AttributeRepository.AttributeKey<Boolean> Is set on aClientSessionwhen it is created; ifBoolean.FALSE, no default identities shall be used.Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
logFields inherited from interface org.apache.sshd.common.NamedResource
BY_NAME_COMPARATOR, NAME_EXTRACTOR -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected byte[]appendSignature(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer) protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession session, SignatureFactoriesManager manager) voiddestroy()Called to release any allocated resourcesprotected StringgetDefaultSignatureAlgorithm(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories.voidinit(ClientSession session, String service) protected booleanprocessAuthDataRequest(ClientSession session, String service, Buffer buffer) protected voidprotected PublicKeyIdentityresolveAttemptedPublicKeyIdentity(ClientSession session, String service) protected PublicKeyIdentityresolveAttemptedPublicKeyIdentity(ClientSession session, String service, PublicKeyAuthenticationReporter reporter) protected booleansendAuthDataRequest(ClientSession session, String service) voidsetSignatureFactories(List<NamedFactory<Signature>> factories) voidsignalAuthMethodFailure(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) Signals reception ofSSH_MSG_USERAUTH_FAILUREmessagevoidsignalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) Signal reception ofSSH_MSG_USERAUTH_SUCCESSmessageMethods inherited from class org.apache.sshd.client.auth.AbstractUserAuth
getClientSession, getName, getService, getSession, isCancellable, process, setCancellable, toStringMethods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warnMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesHolder
getSignatureFactoriesNameList, getSignatureFactoriesNamesMethods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesManager
setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
-
Field Details
-
NAME
- See Also:
-
USE_DEFAULT_IDENTITIES
Is set on aClientSessionwhen it is created; ifBoolean.FALSE, no default identities shall be used. -
IDENTITY_AGENT
Is set on aClientSessionwhen it is created; contains the value of theIdentityAgentSSH config setting. May be the empty string if not specified in theHostConfigEntry. -
currentAlgorithms
-
keys
-
current
-
factories
-
chosenAlgorithm
-
-
Constructor Details
-
UserAuthPublicKey
public UserAuthPublicKey() -
UserAuthPublicKey
-
-
Method Details
-
getSignatureFactories
- Specified by:
getSignatureFactoriesin interfaceSignatureFactoriesHolder- Returns:
- The list of named
Signaturefactories
-
setSignatureFactories
- Specified by:
setSignatureFactoriesin interfaceSignatureFactoriesManager
-
init
- Specified by:
initin interfaceUserAuth- Overrides:
initin classAbstractUserAuth- Parameters:
session- TheClientSessionservice- The requesting service name- Throws:
Exception- If failed to initialize the mechanism
-
createPublicKeyIterator
protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession session, SignatureFactoriesManager manager) throws Exception - Throws:
Exception
-
sendAuthDataRequest
- Specified by:
sendAuthDataRequestin classAbstractUserAuth- Throws:
Exception
-
resolveAttemptedPublicKeyIdentity
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service) throws Exception - Throws:
Exception
-
resolveAttemptedPublicKeyIdentity
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service, PublicKeyAuthenticationReporter reporter) throws Exception - Throws:
Exception
-
getDefaultSignatureAlgorithm
protected String getDefaultSignatureAlgorithm(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) throws Exception Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories. If a non-nullnon-empty string is returned, it is used as is in the authentication.This is mainly intended for use with identities from an SSH agent, where the SSH agent may be able to sign the request even if there is no appropriate signature factory present in Java. Whether it makes sense to allow this depends on the application logic and how it handles e.g. SSH config
PubkeyAcceptedKeyTypes(orPubkeyAcceptedAlgorithms}.This default implementation always returns
null, skipping the key.- Parameters:
session-ClientSessiontrying to authenticateservice- SSH service nameidentity-PublicKeyIdentityconsidered to be used for authenticationkeyPair-KeyPairfromidentitykeyType- the key type ofkeyPair- Returns:
nullor an empty string to skip this key and consider another key, if any, to use for authentication, or a non-empty signature algorithm name to use for the authentication attempt using the givenidentity- Throws:
Exception- if an error occurs- See Also:
-
processAuthDataRequest
protected boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception - Specified by:
processAuthDataRequestin classAbstractUserAuth- Throws:
Exception
-
appendSignature
protected byte[] appendSignature(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer) throws Exception - Throws:
Exception
-
signalAuthMethodSuccess
public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception Description copied from interface:UserAuthSignal reception ofSSH_MSG_USERAUTH_SUCCESSmessage- Specified by:
signalAuthMethodSuccessin interfaceUserAuth- Parameters:
session- TheClientSessionservice- The requesting service namebuffer- TheBuffercontaining the success message (after having consumed the relevant data from it)- Throws:
Exception- If failed to handle the callback - Note: may cause session close
-
signalAuthMethodFailure
public void signalAuthMethodFailure(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) throws Exception Description copied from interface:UserAuthSignals reception ofSSH_MSG_USERAUTH_FAILUREmessage- Specified by:
signalAuthMethodFailurein interfaceUserAuth- Parameters:
session- TheClientSessionservice- The requesting service namepartial-trueif some partial authentication success so farserverMethods- TheListof authentication methods that can continuebuffer- TheBuffercontaining the failure message (after having consumed the relevant data from it)- Throws:
Exception- If failed to handle the callback - Note: may cause session close
-
destroy
public void destroy()Description copied from interface:UserAuthCalled to release any allocated resources- Specified by:
destroyin interfaceUserAuth- Overrides:
destroyin classAbstractUserAuth
-
releaseKeys
- Throws:
IOException
-