com.sshtools.common.hosts: abstract public class: AbstractHostKeyVerification

com.sshtools.common.hosts
abstract public class: AbstractHostKeyVerification [javadoc | source]

java.lang.Object
   org.xml.sax.helpers.DefaultHandler
      com.sshtools.common.hosts.AbstractHostKeyVerification

All Implemented Interfaces:
HostKeyVerification, ErrorHandler, EntityResolver, ContentHandler, DTDHandler

Direct Known Subclasses:
ConsoleHostKeyVerification, DialogHostKeyVerification

author: $ - author$

version: $ - Revision: 1.13 $

Constructor:

Constructor:
public AbstractHostKeyVerification() throws InvalidHostFileException { this(defaultHostFile); hostFile = defaultHostFile; } Creates a new AbstractHostKeyVerification object. Throws: `InvalidHostFileException` -
public AbstractHostKeyVerification(String hostFileName) throws InvalidHostFileException { InputStream in = null; try { // If no host file is supplied, or there is not enough permission to load // the file, then just create an empty list. if (hostFileName != null) { if (System.getSecurityManager() != null) { AccessController.checkPermission(new FilePermission( hostFileName, "read")); } // Load the hosts file. Do not worry if fle doesnt exist, just disable // save of File f = new File(hostFileName); if (f.exists()) { in = new FileInputStream(f); hostFile = hostFileName; SAXParserFactory saxFactory = SAXParserFactory.newInstance(); SAXParser saxParser = saxFactory.newSAXParser(); saxParser.parse(in, this); hostFileWriteable = f.canWrite(); } else { // Try to create the file if (f.createNewFile()) { FileOutputStream out = new FileOutputStream(f); out.write(toString().getBytes()); out.close(); hostFileWriteable = true; } else { hostFileWriteable = false; } } if (!hostFileWriteable) { log.warn("Host file is not writeable."); } } } catch (AccessControlException ace) { log.warn( "Not enough permission to load a hosts file, so just creating an empty list"); } catch (IOException ioe) { throw new InvalidHostFileException("Could not open or read " + hostFileName); } catch (SAXException sax) { throw new InvalidHostFileException("Failed XML parsing: " + sax.getMessage()); } catch (ParserConfigurationException pce) { throw new InvalidHostFileException( "Failed to initialize xml parser: " + pce.getMessage()); } finally { if (in != null) { try { in.close(); } catch (IOException ioe) { } } } } Creates a new AbstractHostKeyVerification object. Parameters: `hostFileName` - Throws: `InvalidHostFileException` -

 public AbstractHostKeyVerification() throws InvalidHostFileException {
           
        this(defaultHostFile);
        hostFile = defaultHostFile;
}

Creates a new AbstractHostKeyVerification object.

Throws:

InvalidHostFileException -

 public AbstractHostKeyVerification(String hostFileName) throws InvalidHostFileException {
        InputStream in = null;
        try {
            //  If no host file is supplied, or there is not enough permission to load
            //  the file, then just create an empty list.
            if (hostFileName != null) {
                if (System.getSecurityManager() != null) {
                    AccessController.checkPermission(new FilePermission(
                            hostFileName, "read"));
                }
                //  Load the hosts file. Do not worry if fle doesnt exist, just disable
                //  save of
                File f = new File(hostFileName);
                if (f.exists()) {
                    in = new FileInputStream(f);
                    hostFile = hostFileName;
                    SAXParserFactory saxFactory = SAXParserFactory.newInstance();
                    SAXParser saxParser = saxFactory.newSAXParser();
                    saxParser.parse(in, this);
                    hostFileWriteable = f.canWrite();
                } else {
                    // Try to create the file
                    if (f.createNewFile()) {
                        FileOutputStream out = new FileOutputStream(f);
                        out.write(toString().getBytes());
                        out.close();
                        hostFileWriteable = true;
                    } else {
                        hostFileWriteable = false;
                    }
                }
                if (!hostFileWriteable) {
                    log.warn("Host file is not writeable.");
                }
            }
        } catch (AccessControlException ace) {
            log.warn(
                "Not enough permission to load a hosts file, so just creating an empty list");
        } catch (IOException ioe) {
            throw new InvalidHostFileException("Could not open or read " +
                hostFileName);
        } catch (SAXException sax) {
            throw new InvalidHostFileException("Failed XML parsing: " +
                sax.getMessage());
        } catch (ParserConfigurationException pce) {
            throw new InvalidHostFileException(
                "Failed to initialize xml parser: " + pce.getMessage());
        } finally {
            if (in != null) {
                try {
                    in.close();
                } catch (IOException ioe) {
                }
            }
        }
}

Creates a new AbstractHostKeyVerification object.

Parameters:

hostFileName -

Throws:

InvalidHostFileException -

Method from com.sshtools.common.hosts.AbstractHostKeyVerification Summary:
allowHost, allowedHosts, deniedHosts, denyHost, endElement, isHostFileWriteable, onDeniedHost, onHostKeyMismatch, onUnknownHost, removeAllowedHost, removeDeniedHost, saveHostFile, startElement, toString, verifyHost

Methods from org.xml.sax.helpers.DefaultHandler:
characters, endDocument, endElement, endPrefixMapping, error, fatalError, ignorableWhitespace, notationDecl, processingInstruction, resolveEntity, setDocumentLocator, skippedEntity, startDocument, startElement, startPrefixMapping, unparsedEntityDecl, warning

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from com.sshtools.common.hosts.AbstractHostKeyVerification Detail:
public void allowHost(String host, String hostKeyFingerprint, boolean always) throws InvalidHostFileException { if (log.isDebugEnabled()) { log.debug("Allowing " + host + " with fingerprint " + hostKeyFingerprint); } // Put the host into the allowed hosts list, overiding any previous // entry allowedHosts.put(host, hostKeyFingerprint); // If we always want to allow then save the host file with the // new details if (always) { saveHostFile(); } }
public Map allowedHosts() { return allowedHosts; }
public List deniedHosts() { return deniedHosts; }
public void denyHost(String host, boolean always) throws InvalidHostFileException { if (log.isDebugEnabled()) { log.debug(host + " is denied access"); } // Get the denied host from the list if (!deniedHosts.contains(host)) { deniedHosts.add(host); } // Save it if need be if (always) { saveHostFile(); } }
public void endElement(String uri, String localName, String qname) throws SAXException { if (currentElement == null) { throw new SAXException("Unexpected end element found!"); } if (currentElement.equals("HostAuthorizations")) { currentElement = null; return; } if (currentElement.equals("AllowHost")) { currentElement = "HostAuthorizations"; return; } if (currentElement.equals("DenyHost")) { currentElement = "HostAuthorizations"; return; } }
public boolean isHostFileWriteable() { return hostFileWriteable; }
abstract public void onDeniedHost(String host) throws TransportProtocolException
abstract public void onHostKeyMismatch(String host, String allowedHostKey, String actualHostKey) throws TransportProtocolException
abstract public void onUnknownHost(String host, String hostKeyFingerprint) throws TransportProtocolException
public void removeAllowedHost(String host) { allowedHosts.remove(host); }
public void removeDeniedHost(String host) { for (int i = deniedHosts.size() - 1; i >= 0; i--) { String h = (String) deniedHosts.get(i); if (h.equals(host)) { deniedHosts.remove(i); } } }
public void saveHostFile() throws InvalidHostFileException { if (!hostFileWriteable) { throw new InvalidHostFileException("Host file is not writeable."); } log.info("Saving " + defaultHostFile); try { File f = new File(hostFile); FileOutputStream out = new FileOutputStream(f); out.write(toString().getBytes()); out.close(); } catch (IOException e) { throw new InvalidHostFileException("Could not write to " + hostFile); } }
public void startElement(String uri, String localName, String qname, Attributes attrs) throws SAXException { if (currentElement == null) { if (qname.equals("HostAuthorizations")) { allowedHosts.clear(); deniedHosts.clear(); currentElement = qname; } else { throw new SAXException("Unexpected document element!"); } } else { if (!currentElement.equals("HostAuthorizations")) { throw new SAXException("Unexpected parent element found!"); } if (qname.equals("AllowHost")) { String hostname = attrs.getValue("HostName"); String fingerprint = attrs.getValue("Fingerprint"); if ((hostname != null) && (fingerprint != null)) { if (log.isDebugEnabled()) { log.debug("AllowHost element for host '" + hostname + "' with fingerprint '" + fingerprint + "'"); } allowedHosts.put(hostname, fingerprint); currentElement = qname; } else { throw new SAXException("Requried attribute(s) missing!"); } } else if (qname.equals("DenyHost")) { String hostname = attrs.getValue("HostName"); if (hostname != null) { if (log.isDebugEnabled()) { log.debug("DenyHost element for host " + hostname); } deniedHosts.add(hostname); currentElement = qname; } else { throw new SAXException( "Required attribute hostname missing"); } } else { log.warn("Unexpected " + qname + " element found in allowed hosts file"); } } }
public String toString() { String xml = "< ?xml version=\"1.0\" encoding=\"UTF-8\"? >\n< HostAuthorizations >\n"; xml += "< !-- Host Authorizations file, used by the abstract class HostKeyVerification to verify the servers host key -- >"; xml += " < !-- Allow the following hosts access if they provide the correct public key -- >\n"; Map.Entry entry; Iterator it = allowedHosts.entrySet().iterator(); while (it.hasNext()) { entry = (Map.Entry) it.next(); xml += (" " + "< AllowHost HostName=\"" + entry.getKey().toString() + "\" Fingerprint=\"" + entry.getValue().toString() + "\"/ >\n"); } xml += " < !-- Deny the following hosts access -- >\n"; it = deniedHosts.iterator(); while (it.hasNext()) { xml += (" < DenyHost HostName=\"" + it.next().toString() + "\"/ >\n"); } xml += "< /HostAuthorizations >"; return xml; }
public boolean verifyHost(String host, SshPublicKey pk) throws TransportProtocolException { String fingerprint = pk.getFingerprint(); log.info("Verifying " + host + " host key"); if (log.isDebugEnabled()) { log.debug("Fingerprint: " + fingerprint); } // See if the host is denied by looking at the denied hosts list if (deniedHosts.contains(host)) { onDeniedHost(host); return false; } // Try the allowed hosts by looking at the allowed hosts map if (allowedHosts.containsKey(host)) { // The host is allowed so check the fingerprint String currentFingerprint = (String) allowedHosts.get(host); if (currentFingerprint.compareToIgnoreCase(fingerprint) == 0) { return true; } // The host key does not match the recorded so call the abstract // method so that the user can decide onHostKeyMismatch(host, currentFingerprint, fingerprint); // Recheck the after the users input return checkFingerprint(host, fingerprint); } else { // The host is unknown os ask the user onUnknownHost(host, fingerprint); // Recheck ans return the result return checkFingerprint(host, fingerprint); } }