com.sshtools.j2ssh.transport: abstract public class: AbstractKnownHostsKeyVerification

com.sshtools.j2ssh.transport
abstract public class: AbstractKnownHostsKeyVerification [javadoc | source]

java.lang.Object
   com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification

All Implemented Interfaces:
HostKeyVerification

Direct Known Subclasses:
ConsoleKnownHostsKeyVerification, DialogKnownHostsKeyVerification

An abstract HostKeyVerification class providing validation against the known_hosts format.

author: Lee - David Painter

version: $ - Revision: 1.18 $

since: 0.2.0 -

Constructor:

Constructor:
public AbstractKnownHostsKeyVerification(String knownhosts) throws InvalidHostFileException { //private boolean expectEndElement = false; //private String currentElement = null; InputStream in = null; try { // If no host file is supplied, or there is not enough permission to load // the file, then just create an empty list. if (knownhosts != null) { if (System.getSecurityManager() != null) { AccessController.checkPermission(new FilePermission( knownhosts, "read")); } // Load the hosts file. Do not worry if fle doesnt exist, just disable // save of File f = new File(knownhosts); if (f.exists()) { in = new FileInputStream(f); BufferedReader reader = new BufferedReader(new InputStreamReader( in)); String line; while ((line = reader.readLine()) != null) { StringTokenizer tokens = new StringTokenizer(line, " "); String host = (String) tokens.nextElement(); String algorithm = (String) tokens.nextElement(); String key = (String) tokens.nextElement(); SshPublicKey pk = SshKeyPairFactory.decodePublicKey(Base64.decode( key)); /if (host.indexOf(",") > -1) { host = host.substring(0, host.indexOf(",")); }/ putAllowedKey(host, pk); //allowedHosts.put(host + "#" + pk.getAlgorithmName(), pk); } reader.close(); hostFileWriteable = f.canWrite(); } else { // Try to create the file and its parents if necersary f.getParentFile().mkdirs(); if (f.createNewFile()) { FileOutputStream out = new FileOutputStream(f); out.write(toString().getBytes()); out.close(); hostFileWriteable = true; } else { hostFileWriteable = false; } } if (!hostFileWriteable) { log.warn("Host file is not writeable."); } this.knownhosts = knownhosts; } } catch (AccessControlException ace) { hostFileWriteable = false; log.warn( "Not enough permission to load a hosts file, so just creating an empty list"); } catch (IOException ioe) { hostFileWriteable = false; log.info("Could not open or read " + knownhosts + ": " + ioe.getMessage()); } finally { if (in != null) { try { in.close(); } catch (IOException ioe) { } } } } Constructs a host key verification instance reading the specified known_hosts file. Parameters: `knownhosts` - the path of the known_hosts file Throws: `InvalidHostFileException` - if the known_hosts file is invalid since: `0.2.0` -

 public AbstractKnownHostsKeyVerification(String knownhosts) throws InvalidHostFileException {
    //private boolean expectEndElement = false;
    //private String currentElement = null;
        InputStream in = null;
        try {
            //  If no host file is supplied, or there is not enough permission to load
            //  the file, then just create an empty list.
            if (knownhosts != null) {
                if (System.getSecurityManager() != null) {
                    AccessController.checkPermission(new FilePermission(
                            knownhosts, "read"));
                }
                //  Load the hosts file. Do not worry if fle doesnt exist, just disable
                //  save of
                File f = new File(knownhosts);
                if (f.exists()) {
                    in = new FileInputStream(f);
                    BufferedReader reader = new BufferedReader(new InputStreamReader(
                                in));
                    String line;
                    while ((line = reader.readLine()) != null) {
                        StringTokenizer tokens = new StringTokenizer(line, " ");
                        String host = (String) tokens.nextElement();
                        String algorithm = (String) tokens.nextElement();
                        String key = (String) tokens.nextElement();
                        SshPublicKey pk = SshKeyPairFactory.decodePublicKey(Base64.decode(
                            key));
                          /*if (host.indexOf(",")  > -1) {
                           host = host.substring(0, host.indexOf(","));
                           }*/
                        putAllowedKey(host, pk);
                        //allowedHosts.put(host + "#" + pk.getAlgorithmName(), pk);
                    }
                    reader.close();
                    hostFileWriteable = f.canWrite();
                } else {
                    // Try to create the file and its parents if necersary
                    f.getParentFile().mkdirs();
                    if (f.createNewFile()) {
                        FileOutputStream out = new FileOutputStream(f);
                        out.write(toString().getBytes());
                        out.close();
                        hostFileWriteable = true;
                    } else {
                        hostFileWriteable = false;
                    }
                }
                if (!hostFileWriteable) {
                    log.warn("Host file is not writeable.");
                }
                this.knownhosts = knownhosts;
            }
        } catch (AccessControlException ace) {
            hostFileWriteable = false;
            log.warn(
                "Not enough permission to load a hosts file, so just creating an empty list");
        } catch (IOException ioe) {
            hostFileWriteable = false;
            log.info("Could not open or read " + knownhosts + ": " +
                ioe.getMessage());
        } finally {
            if (in != null) {
                try {
                    in.close();
                } catch (IOException ioe) {
                }
            }
        }
}

Constructs a host key verification instance reading the specified known_hosts file.

Parameters:

knownhosts - the path of the known_hosts file

Throws:

InvalidHostFileException - if the known_hosts file is invalid

since: 0.2.0 -

Method from com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification Summary:
allowHost, allowedHosts, isHostFileWriteable, onHostKeyMismatch, onUnknownHost, removeAllowedHost, saveHostFile, toString, verifyHost

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification Detail:
public void allowHost(String host, SshPublicKey pk, boolean always) throws InvalidHostFileException { if (log.isDebugEnabled()) { log.debug("Allowing " + host + " with fingerprint " + pk.getFingerprint()); } // Put the host into the allowed hosts list, overiding any previous // entry putAllowedKey(host, pk); //allowedHosts.put(host, pk); // If we always want to allow then save the host file with the // new details if (always) { saveHostFile(); } } Allows a host key, optionally recording the key to the known_hosts file.
public Map allowedHosts() { return allowedHosts; } Returns a Map of the allowed hosts. The keys of the returned Map are comma separated strings of "hostname,ipaddress". The value objects are Maps containing a string key of the public key alogorithm name and the public key as the value.
public boolean isHostFileWriteable() { return hostFileWriteable; } Determines whether the host file is writable.
abstract public void onHostKeyMismatch(String host, SshPublicKey allowedHostKey, SshPublicKey actualHostKey) throws TransportProtocolException Called by the `verifyHost` method when the host key supplied by the host does not match the current key recording in the known hosts file.
abstract public void onUnknownHost(String host, SshPublicKey key) throws TransportProtocolException Called by the `verifyHost` method when the host key supplied is not recorded in the known_hosts file.
public void removeAllowedHost(String host) { Iterator it = allowedHosts.keySet().iterator(); while (it.hasNext()) { StringTokenizer tokens = new StringTokenizer((String) it.next(), ","); while (tokens.hasMoreElements()) { String name = (String) tokens.nextElement(); if (name.equals(host)) { allowedHosts.remove(name); } } } } Removes an allowed host.
public void saveHostFile() throws InvalidHostFileException { if (!hostFileWriteable) { throw new InvalidHostFileException("Host file is not writeable."); } log.info("Saving " + defaultHostFile); try { File f = new File(knownhosts); FileOutputStream out = new FileOutputStream(f); out.write(toString().getBytes()); out.close(); } catch (IOException e) { throw new InvalidHostFileException("Could not write to " + knownhosts); } } Save's the host key file to be saved.
public String toString() { String knownhosts = ""; Map.Entry entry; Map.Entry entry2; Iterator it = allowedHosts.entrySet().iterator(); while (it.hasNext()) { entry = (Map.Entry) it.next(); Iterator it2 = ((Map) entry.getValue()).entrySet().iterator(); while (it2.hasNext()) { entry2 = (Map.Entry) it2.next(); SshPublicKey pk = (SshPublicKey) entry2.getValue(); knownhosts += (entry.getKey().toString() + " " + pk.getAlgorithmName() + " " + Base64.encodeBytes(pk.getEncoded(), true) + "\n"); } } return knownhosts; } Outputs the allowed hosts in the known_hosts file format. The format consists of any number of lines each representing one key for a single host. `titan,192.168.1.12 ssh-dss AAAAB3NzaC1kc3MAAACBAP1/U4Ed..... titan,192.168.1.12 ssh-rsa AAAAB3NzaC1kc3MAAACBAP1/U4Ed..... einstein,192.168.1.40 ssh-dss AAAAB3NzaC1kc3MAAACBAP1/U4Ed.....`
public boolean verifyHost(String host, SshPublicKey pk) throws TransportProtocolException { String fingerprint = pk.getFingerprint(); log.info("Verifying " + host + " host key"); if (log.isDebugEnabled()) { log.debug("Fingerprint: " + fingerprint); } Iterator it = allowedHosts.keySet().iterator(); while (it.hasNext()) { // Could be a comma delimited string of names/ip addresses String names = (String) it.next(); if (names.equals(host)) { return validateHost(names, pk); } StringTokenizer tokens = new StringTokenizer(names, ","); while (tokens.hasMoreElements()) { // Try the allowed hosts by looking at the allowed hosts map String name = (String) tokens.nextElement(); if (name.equalsIgnoreCase(host)) { return validateHost(names, pk); } } } // The host is unknown os ask the user onUnknownHost(host, pk); // Recheck ans return the result return checkKey(host, pk); } Verifies a host key against the list of known_hosts. If the host unknown or the key does not match the currently allowed host key the abstract `onUnknownHost` or `onHostKeyMismatch` methods are called so that the caller may identify and allow the host.

Method from com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification Detail:

 public  void allowHost(String host,
    SshPublicKey pk,
    boolean always) throws InvalidHostFileException {
        if (log.isDebugEnabled()) {
            log.debug("Allowing " + host + " with fingerprint " +
                pk.getFingerprint());
        }
        // Put the host into the allowed hosts list, overiding any previous
        // entry
        putAllowedKey(host, pk);
        //allowedHosts.put(host, pk);
        // If we always want to allow then save the host file with the
        // new details
        if (always) {
            saveHostFile();
        }
}

Allows a host key, optionally recording the key to the known_hosts file.

 public Map allowedHosts() {
        return allowedHosts;
}

Returns a Map of the allowed hosts.

The keys of the returned Map are comma separated strings of "hostname,ipaddress". The value objects are Maps containing a string key of the public key alogorithm name and the public key as the value.

 public boolean isHostFileWriteable() {
        return hostFileWriteable;
}

Determines whether the host file is writable.

 abstract public  void onHostKeyMismatch(String host,
    SshPublicKey allowedHostKey,
    SshPublicKey actualHostKey) throws TransportProtocolException
Called by the verifyHost method when the host key supplied
by the host does not match the current key recording in the known hosts
file.

 abstract public  void onUnknownHost(String host,
    SshPublicKey key) throws TransportProtocolException
Called by the verifyHost method when the host key supplied
is not recorded in the known_hosts file.

 public  void removeAllowedHost(String host) {
        Iterator it = allowedHosts.keySet().iterator();
        while (it.hasNext()) {
            StringTokenizer tokens = new StringTokenizer((String) it.next(), ",");
            while (tokens.hasMoreElements()) {
                String name = (String) tokens.nextElement();
                if (name.equals(host)) {
                    allowedHosts.remove(name);
                }
            }
        }
}

Removes an allowed host.

 public  void saveHostFile() throws InvalidHostFileException {
        if (!hostFileWriteable) {
            throw new InvalidHostFileException("Host file is not writeable.");
        }
        log.info("Saving " + defaultHostFile);
        try {
            File f = new File(knownhosts);
            FileOutputStream out = new FileOutputStream(f);
            out.write(toString().getBytes());
            out.close();
        } catch (IOException e) {
            throw new InvalidHostFileException("Could not write to " +
                knownhosts);
        }
}

Save's the host key file to be saved.

 public String toString() {
        String knownhosts = "";
        Map.Entry entry;
        Map.Entry entry2;
        Iterator it = allowedHosts.entrySet().iterator();
        while (it.hasNext()) {
            entry = (Map.Entry) it.next();
            Iterator it2 = ((Map) entry.getValue()).entrySet().iterator();
            while (it2.hasNext()) {
                entry2 = (Map.Entry) it2.next();
                SshPublicKey pk = (SshPublicKey) entry2.getValue();
                knownhosts += (entry.getKey().toString() + " " +
                pk.getAlgorithmName() + " " +
                Base64.encodeBytes(pk.getEncoded(), true) + "\n");
            }
        }
        return knownhosts;
}

Outputs the allowed hosts in the known_hosts file format.

The format consists of any number of lines each representing one key for a single host.

 titan,192.168.1.12 ssh-dss AAAAB3NzaC1kc3MAAACBAP1/U4Ed.....
titan,192.168.1.12 ssh-rsa AAAAB3NzaC1kc3MAAACBAP1/U4Ed.....
einstein,192.168.1.40 ssh-dss AAAAB3NzaC1kc3MAAACBAP1/U4Ed.....

 public boolean verifyHost(String host,
    SshPublicKey pk) throws TransportProtocolException {
        String fingerprint = pk.getFingerprint();
        log.info("Verifying " + host + " host key");
        if (log.isDebugEnabled()) {
            log.debug("Fingerprint: " + fingerprint);
        }
        Iterator it = allowedHosts.keySet().iterator();
        while (it.hasNext()) {
            // Could be a comma delimited string of names/ip addresses
            String names = (String) it.next();
            if (names.equals(host)) {
                return validateHost(names, pk);
            }
            StringTokenizer tokens = new StringTokenizer(names, ",");
            while (tokens.hasMoreElements()) {
                // Try the allowed hosts by looking at the allowed hosts map
                String name = (String) tokens.nextElement();
                if (name.equalsIgnoreCase(host)) {
                    return validateHost(names, pk);
                }
            }
        }
        // The host is unknown os ask the user
        onUnknownHost(host, pk);
        // Recheck ans return the result
        return checkKey(host, pk);
}

Verifies a host key against the list of known_hosts.

If the host unknown or the key does not match the currently allowed host key the abstract onUnknownHost or onHostKeyMismatch methods are called so that the caller may identify and allow the host.