From 7439f7a073dcdd154f61ad83b91c7568f2bdb394 Mon Sep 17 00:00:00 2001 From: Matthias Wiedemann Date: Thu, 4 Mar 2021 12:36:45 +0000 Subject: [PATCH] moving up key decryption to handle openssh v1 format --- .../com/jcraft/jsch/UserAuthPublicKey.java | 77 ++++++++++--------- src/test/java/com/jcraft/jsch/KeyPairIT.java | 53 +++++++++++++ .../java/com/jcraft/jsch/KeyPairTest.java | 1 - 3 files changed, 94 insertions(+), 37 deletions(-) diff --git a/src/main/java/com/jcraft/jsch/UserAuthPublicKey.java b/src/main/java/com/jcraft/jsch/UserAuthPublicKey.java index a84c349d..a0527a47 100644 --- a/src/main/java/com/jcraft/jsch/UserAuthPublicKey.java +++ b/src/main/java/com/jcraft/jsch/UserAuthPublicKey.java @@ -39,7 +39,6 @@ public boolean start(Session session) throws Exception{ Vector identities=session.getIdentityRepository().getIdentities(); - byte[] passphrase=null; byte[] _username=null; int command; @@ -89,6 +88,10 @@ public boolean start(Session session) throws Exception{ Identity identity=identities.elementAt(i); + //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); + decryptKey(session, identity); + //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); + String ipkmethod=identity.getAlgName(); String[] ipkmethoda=null; if(ipkmethod.equals("ssh-rsa")){ @@ -182,42 +185,7 @@ else if(command==SSH_MSG_USERAUTH_BANNER){ } } -//System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); - - int count=5; - while(true){ - if((identity.isEncrypted() && passphrase==null)){ - if(userinfo==null) throw new JSchException("USERAUTH fail"); - if(identity.isEncrypted() && - !userinfo.promptPassphrase("Passphrase for "+identity.getName())){ - throw new JSchAuthCancelException("publickey"); - //throw new JSchException("USERAUTH cancel"); - //break; - } - String _passphrase=userinfo.getPassphrase(); - if(_passphrase!=null){ - passphrase=Util.str2byte(_passphrase); - } - } - - if(!identity.isEncrypted() || passphrase!=null){ - if(identity.setPassphrase(passphrase)){ - if(passphrase!=null && - (session.getIdentityRepository() instanceof IdentityRepository.Wrapper)){ - ((IdentityRepository.Wrapper)session.getIdentityRepository()).check(); - } - break; - } - } - Util.bzero(passphrase); - passphrase=null; - count--; - if(count==0)break; - } - Util.bzero(passphrase); - passphrase=null; -//System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); if(identity.isEncrypted()) continue; if(pubkeyblob==null) pubkeyblob=identity.getPublicKeyBlob(); @@ -322,4 +290,41 @@ else if(command==SSH_MSG_USERAUTH_FAILURE){ } return false; } + + private void decryptKey(Session session, Identity identity) throws JSchException { + byte[] passphrase=null; + int count=5; + while(true){ + if((identity.isEncrypted() && passphrase==null)){ + if(userinfo==null) throw new JSchException("USERAUTH fail"); + if(identity.isEncrypted() && + !userinfo.promptPassphrase("Passphrase for "+identity.getName())){ + throw new JSchAuthCancelException("publickey"); + //throw new JSchException("USERAUTH cancel"); + //break; + } + String _passphrase=userinfo.getPassphrase(); + if(_passphrase!=null){ + passphrase= Util.str2byte(_passphrase); + } + } + + if(!identity.isEncrypted() || passphrase!=null){ + if(identity.setPassphrase(passphrase)){ + if(passphrase!=null && + (session.getIdentityRepository() instanceof IdentityRepository.Wrapper)){ + ((IdentityRepository.Wrapper)session.getIdentityRepository()).check(); + } + break; + } + } + Util.bzero(passphrase); + passphrase=null; + count--; + if(count==0)break; + } + + Util.bzero(passphrase); + passphrase=null; + } } diff --git a/src/test/java/com/jcraft/jsch/KeyPairIT.java b/src/test/java/com/jcraft/jsch/KeyPairIT.java index 2d0d820b..bbe79cb8 100644 --- a/src/test/java/com/jcraft/jsch/KeyPairIT.java +++ b/src/test/java/com/jcraft/jsch/KeyPairIT.java @@ -47,6 +47,59 @@ void connectWithPublicKey(String path, String password, String keyType) throws E } + @ParameterizedTest + @MethodSource("com.jcraft.jsch.KeyPairTest#keyArgs") + void connectWithPublicKeyAndUserInfo(String path, String password, String keyType) throws Exception { + + final JSch jSch = new JSch(); + + jSch.addIdentity(Paths.get(ClassLoader.getSystemResource(path).toURI()).toFile().getAbsolutePath()); + + Session session = createSession(jSch); + session.setUserInfo(new UserInfo() { + @Override + public String getPassphrase() { + return password; + } + + @Override + public String getPassword() { + return null; + } + + @Override + public boolean promptPassword(String message) { + return false; + } + + @Override + public boolean promptPassphrase(String message) { + return true; + } + + @Override + public boolean promptYesNo(String message) { + return false; + } + + @Override + public void showMessage(String message) { + + } + }); + + if (keyType != null) { + session.setConfig("PubkeyAcceptedKeyTypes", keyType); + } + try { + session.connect(2000); + assertTrue(session.isConnected()); + } finally { + session.disconnect(); + } + + } + private JSch createIdentity(String path, String password) throws JSchException, URISyntaxException { JSch ssh = new JSch(); if (password != null) { diff --git a/src/test/java/com/jcraft/jsch/KeyPairTest.java b/src/test/java/com/jcraft/jsch/KeyPairTest.java index 8687e9a1..ee90cf66 100644 --- a/src/test/java/com/jcraft/jsch/KeyPairTest.java +++ b/src/test/java/com/jcraft/jsch/KeyPairTest.java @@ -11,7 +11,6 @@ import java.net.URISyntaxException; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.Objects; import java.util.stream.Stream; import static java.nio.charset.StandardCharsets.UTF_8;