001: /*
002: * SSHTools - Java SSH2 API
003: *
004: * Copyright (C) 2002-2003 Lee David Painter and Contributors.
005: *
006: * Contributions made by:
007: *
008: * Brett Smith
009: * Richard Pernavas
010: * Erwin Bolwidt
011: *
012: * This program is free software; you can redistribute it and/or
013: * modify it under the terms of the GNU General Public License
014: * as published by the Free Software Foundation; either version 2
015: * of the License, or (at your option) any later version.
016: *
017: * This program is distributed in the hope that it will be useful,
018: * but WITHOUT ANY WARRANTY; without even the implied warranty of
019: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
020: * GNU General Public License for more details.
021: *
022: * You should have received a copy of the GNU General Public License
023: * along with this program; if not, write to the Free Software
024: * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
025: */
026: package com.sshtools.j2ssh.openssh;
027:
028: import com.sshtools.j2ssh.io.ByteArrayReader;
029: import com.sshtools.j2ssh.io.ByteArrayWriter;
030: import com.sshtools.j2ssh.transport.publickey.InvalidSshKeyException;
031: import com.sshtools.j2ssh.transport.publickey.SshPrivateKeyFormat;
032: import com.sshtools.j2ssh.util.SimpleASNReader;
033: import com.sshtools.j2ssh.util.SimpleASNWriter;
034:
035: import java.io.IOException;
036: import java.io.Reader;
037: import java.io.StringReader;
038: import java.io.StringWriter;
039:
040: import java.math.BigInteger;
041:
042: import java.security.GeneralSecurityException;
043:
044: /**
045: *
046: *
047: * @author $author$
048: * @version $Revision: 1.12 $
049: */
050: public class OpenSSHPrivateKeyFormat implements SshPrivateKeyFormat {
051: /**
052: * Creates a new OpenSSHPrivateKeyFormat object.
053: */
054: public OpenSSHPrivateKeyFormat() {
055: }
056:
057: /**
058: *
059: *
060: * @return
061: */
062: public String getFormatType() {
063: return "OpenSSH-PrivateKey";
064: }
065:
066: /**
067: *
068: *
069: * @return
070: */
071: public String toString() {
072: return getFormatType();
073: }
074:
075: /**
076: *
077: *
078: * @param formattedKey
079: * @param passphrase
080: *
081: * @return
082: *
083: * @throws InvalidSshKeyException
084: */
085: public byte[] decryptKeyblob(byte[] formattedKey, String passphrase)
086: throws InvalidSshKeyException {
087: //System.err.println("Decrypting key using passphrase " + passphrase);
088: try {
089: Reader r = new StringReader(new String(formattedKey,
090: "US-ASCII"));
091: PEMReader pem = new PEMReader(r);
092: byte[] payload = pem.decryptPayload(passphrase);
093: SimpleASNReader asn = new SimpleASNReader(payload);
094:
095: if (PEM.DSA_PRIVATE_KEY.equals(pem.getType())) {
096: DSAKeyInfo keyInfo = DSAKeyInfo.getDSAKeyInfo(asn);
097: ByteArrayWriter baw = new ByteArrayWriter();
098: baw.writeString("ssh-dss");
099: baw.writeBigInteger(keyInfo.getP());
100: baw.writeBigInteger(keyInfo.getQ());
101: baw.writeBigInteger(keyInfo.getG());
102: baw.writeBigInteger(keyInfo.getX());
103:
104: return baw.toByteArray();
105: } else if (PEM.RSA_PRIVATE_KEY.equals(pem.getType())) {
106: RSAKeyInfo keyInfo = RSAKeyInfo.getRSAKeyInfo(asn);
107: ByteArrayWriter baw = new ByteArrayWriter();
108: baw.writeString("ssh-rsa");
109: baw.writeBigInteger(keyInfo.getPublicExponent());
110: baw.writeBigInteger(keyInfo.getModulus());
111: baw.writeBigInteger(keyInfo.getPrivateExponent());
112:
113: return baw.toByteArray();
114: } else {
115: throw new InvalidSshKeyException("Unsupported type: "
116: + pem.getType());
117: }
118: } catch (GeneralSecurityException e) {
119: //e.printStackTrace();
120: throw new InvalidSshKeyException(
121: "Can't read key due to cryptography problems: " + e);
122: } catch (IOException e) {
123: //e.printStackTrace();
124: throw new InvalidSshKeyException(
125: "Can't read key due to internal IO problems: " + e);
126: }
127: }
128:
129: /**
130: *
131: *
132: * @param keyblob
133: * @param passphrase
134: *
135: * @return
136: *
137: * @throws InvalidSshKeyException
138: */
139: public byte[] encryptKeyblob(byte[] keyblob, String passphrase)
140: throws InvalidSshKeyException {
141: try {
142: ByteArrayReader bar = new ByteArrayReader(keyblob);
143: String algorithm = bar.readString(); // dsa or rsa
144: byte[] payload;
145: PEMWriter pem = new PEMWriter();
146:
147: if ("ssh-dss".equals(algorithm)) {
148: BigInteger p = bar.readBigInteger();
149: BigInteger q = bar.readBigInteger();
150: BigInteger g = bar.readBigInteger();
151: BigInteger x = bar.readBigInteger();
152: DSAKeyInfo keyInfo = new DSAKeyInfo(p, q, g, x,
153: BigInteger.ZERO);
154: SimpleASNWriter asn = new SimpleASNWriter();
155: DSAKeyInfo.writeDSAKeyInfo(asn, keyInfo);
156: payload = asn.toByteArray();
157: pem.setType(PEM.DSA_PRIVATE_KEY);
158: } else if ("ssh-rsa".equals(algorithm)) {
159: BigInteger e = bar.readBigInteger();
160: BigInteger n = bar.readBigInteger();
161: BigInteger p = bar.readBigInteger();
162: RSAKeyInfo keyInfo = new RSAKeyInfo(n, p, e,
163: BigInteger.ZERO, BigInteger.ZERO,
164: BigInteger.ZERO, BigInteger.ZERO,
165: BigInteger.ZERO);
166: SimpleASNWriter asn = new SimpleASNWriter();
167: RSAKeyInfo.writeRSAKeyInfo(asn, keyInfo);
168: payload = asn.toByteArray();
169: pem.setType(PEM.RSA_PRIVATE_KEY);
170: } else {
171: throw new InvalidSshKeyException(
172: "Unsupported J2SSH algorithm: " + algorithm);
173: }
174:
175: pem.setPayload(payload);
176: pem.encryptPayload(payload, passphrase);
177:
178: StringWriter w = new StringWriter();
179: pem.write(w);
180:
181: return w.toString().getBytes("US-ASCII");
182: } catch (GeneralSecurityException e) {
183: //e.printStackTrace();
184: throw new InvalidSshKeyException(
185: "Can't read key due to cryptography problems: " + e);
186: } catch (IOException e) {
187: //e.printStackTrace();
188: throw new InvalidSshKeyException(
189: "Can't read key due to internal IO problems: " + e);
190: }
191: }
192:
193: /**
194: *
195: *
196: * @param formattedKey
197: *
198: * @return
199: */
200: public boolean isFormatted(byte[] formattedKey) {
201: try {
202: Reader r = new StringReader(new String(formattedKey,
203: "US-ASCII"));
204: PEMReader pem = new PEMReader(r);
205:
206: return true;
207: } catch (IOException e) {
208: return false;
209: }
210: }
211:
212: /**
213: *
214: *
215: * @param formattedKey
216: *
217: * @return
218: */
219: public boolean isPassphraseProtected(byte[] formattedKey) {
220: try {
221: Reader r = new StringReader(new String(formattedKey,
222: "US-ASCII"));
223: PEMReader pem = new PEMReader(r);
224:
225: return pem.getHeader().containsKey("DEK-Info");
226: } catch (IOException e) {
227: return true;
228: }
229: }
230:
231: /**
232: *
233: *
234: * @param algorithm
235: *
236: * @return
237: */
238: public boolean supportsAlgorithm(String algorithm) {
239: if ("ssh-dss".equals(algorithm) || "ssh-rsa".equals(algorithm)) {
240: return true;
241: } else {
242: return false;
243: }
244: }
245: }
|