Commit 4d37fdff authored by ls1947's avatar ls1947
Browse files

use bouncycastle opensshpublickeyparser for pub key check

parent bb3cf4a7
......@@ -3,78 +3,41 @@ package edu.kit.scc.webreg.ssh;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import javax.enterprise.context.ApplicationScoped;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.OpenSSHPublicKeyUtil;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import edu.kit.scc.webreg.entity.SshPubKeyEntity;
@ApplicationScoped
public class OpenSshKeyDecoder implements Serializable {
private static final long serialVersionUID = 1L;
public OpenSshPublicKey decode(SshPubKeyEntity pubKeyEntity) throws UnsupportedKeyTypeException {
OpenSshPublicKey key = new OpenSshPublicKey();
key.setPubKeyEntity(pubKeyEntity);
return decode(key);
}
public OpenSshPublicKey decode(OpenSshPublicKey key) throws UnsupportedKeyTypeException {
public void decode(OpenSshPublicKey key) throws UnsupportedKeyTypeException {
getKeyBytes(key);
try {
String type = decodeType(key);
key.getPubKeyEntity().setKeyType(type);
if (type.equals("ssh-rsa")) {
BigInteger e = decodeBigInt(key);
BigInteger m = decodeBigInt(key);
RSAPublicKeySpec spec = new RSAPublicKeySpec(m, e);
key.setPublicKey(KeyFactory.getInstance("RSA").generatePublic(spec));
MessageDigest digest = MessageDigest.getInstance("SHA256");
byte[] result = digest.digest(key.getBytes());
key.setFingerprint(java.util.Base64.getEncoder().encodeToString(result));
} else if (type.equals("ssh-dss")) {
BigInteger p = decodeBigInt(key);
BigInteger q = decodeBigInt(key);
BigInteger g = decodeBigInt(key);
BigInteger y = decodeBigInt(key);
DSAPublicKeySpec spec = new DSAPublicKeySpec(y, p, q, g);
key.setPublicKey(KeyFactory.getInstance("DSA").generatePublic(spec));
} else if (type.startsWith("ecdsa-sha2-") &&
(type.endsWith("nistp256") || type.endsWith("nistp384") || type.endsWith("nistp521"))) {
// Based on RFC 5656, section 3.1 (https://tools.ietf.org/html/rfc5656#section-3.1)
String identifier = decodeType(key);
BigInteger q = decodeBigInt(key);
ECPoint ecPoint = getECPoint(q, identifier);
ECParameterSpec ecParameterSpec = getECParameterSpec(identifier);
ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
key.setPublicKey(KeyFactory.getInstance("EC").generatePublic(spec));
} else {
key.setDecoderResult("Unsupported key type");
}
return key;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
key.setDecoderResult("Unable to decode public key");
return key;
MessageDigest digest = MessageDigest.getInstance("SHA256");
AsymmetricKeyParameter params = OpenSSHPublicKeyUtil.parsePublicKey(key.getBytes());
byte[] result = digest.digest(key.getBytes());
key.setFingerprint(java.util.Base64.getEncoder().encodeToString(result));
} catch (Throwable t) {
throw new UnsupportedKeyTypeException(t);
}
}
......
......@@ -76,8 +76,11 @@ public class UserSshKeyManagementBean implements Serializable {
keyList = new ArrayList<OpenSshPublicKey>();
for (SshPubKeyEntity sshKey : sshPubKeyList) {
OpenSshPublicKey key = new OpenSshPublicKey();
key.setPubKeyEntity(sshKey);
keyList.add(key);
try {
keyList.add(keyDecoder.decode(sshKey));
keyDecoder.decode(key);
} catch (UnsupportedKeyTypeException e) {
logger.warn("Unsupported key exception: ", e.getMessage());
messageGenerator.addResolvedErrorMessage("error_msg", "SSH Key not readable.", false);
......@@ -107,8 +110,9 @@ public class UserSshKeyManagementBean implements Serializable {
}
public void deployKey() {
OpenSshPublicKey key;
OpenSshPublicKey key = new OpenSshPublicKey();
SshPubKeyEntity sshPubKeyEntity = sshPubKeyService.createNew();
key.setPubKeyEntity(sshPubKeyEntity);
try {
sshPubKeyEntity.setName(newName);
......@@ -116,7 +120,7 @@ public class UserSshKeyManagementBean implements Serializable {
sshPubKeyEntity.setUser(user);
sshPubKeyEntity.setKeyStatus(SshPubKeyStatus.ACTIVE);
key = keyDecoder.decode(sshPubKeyEntity);
keyDecoder.decode(key);
sshPubKeyEntity.setEncodedKey(key.getBaseDate());
......
......@@ -42,8 +42,8 @@
<p:outputLabel for="@next" value="#{messages.fingerprint} (SHA256):"/>
<h:panelGroup>
<h:outputText value="#{key.fingerprint}" rendered="#{not empty key.publicKey}"/>
<h:outputText value="#{messages.unknown}" rendered="#{empty key.publicKey}"/>
<h:outputText value="#{key.fingerprint}" rendered="#{not empty key.fingerprint}"/>
<h:outputText value="#{messages.unknown}" rendered="#{empty key.fingerprint}"/>
</h:panelGroup>
<h:outputText value="#{messages.expires}:"/>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment