Class SshAgentClient

java.lang.Object
org.eclipse.jgit.internal.transport.sshd.agent.SshAgentClient
All Implemented Interfaces:
Closeable, AutoCloseable, Channel, org.apache.sshd.agent.SshAgent

public class SshAgentClient extends Object implements org.apache.sshd.agent.SshAgent
A client for an SSH2 agent. This client supports querying identities, signature requests, and adding keys to an agent (with or without constraints). Removing keys is not supported, and the older SSH1 protocol is not supported.
See Also:
  • Field Details

    • LOG

      private static final org.slf4j.Logger LOG
    • MAX_NUMBER_OF_KEYS

      private static final int MAX_NUMBER_OF_KEYS
      See Also:
    • closed

      private final AtomicBoolean closed
    • connector

      private final Connector connector
  • Constructor Details

    • SshAgentClient

      public SshAgentClient(Connector connector)
      Creates a new SshAgentClient implementing the SSH2 ssh agent protocol, using the given Connector to connect to the SSH agent and to exchange messages.
      Parameters:
      connector - Connector to use
  • Method Details

    • open

      private boolean open(boolean debugging) throws IOException
      Throws:
      IOException
    • close

      public void close() throws IOException
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Channel
      Specified by:
      close in interface Closeable
      Throws:
      IOException
    • getIdentities

      public Iterable<? extends Map.Entry<PublicKey,String>> getIdentities() throws IOException
      Specified by:
      getIdentities in interface org.apache.sshd.agent.SshAgent
      Throws:
      IOException
    • sign

      public Map.Entry<String,byte[]> sign(org.apache.sshd.common.session.SessionContext session, PublicKey key, String algorithm, byte[] data) throws IOException
      Specified by:
      sign in interface org.apache.sshd.agent.SshAgent
      Throws:
      IOException
    • addIdentity

      public void addIdentity(KeyPair key, String comment, org.apache.sshd.agent.SshAgentKeyConstraint... constraints) throws IOException
      Specified by:
      addIdentity in interface org.apache.sshd.agent.SshAgent
      Throws:
      IOException
    • putEd25519Key

      private static void putEd25519Key(org.apache.sshd.common.util.buffer.Buffer msg, KeyPair key) throws IOException
      Writes an ed25519 KeyPair to a Buffer. OpenSSH specifies that it expects the 32 public key bytes, followed by 64 bytes formed by concatenating the 32 private key bytes with the 32 public key bytes.
      Parameters:
      msg - Buffer to write to
      key - KeyPair to write
      Throws:
      IOException - if the private key cannot be written
    • asn1Parse

      private static byte[] asn1Parse(byte[] encoded, int n) throws IOException
      Extracts the private key bytes from an encoded ed25519 private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):
       OneAsymmetricKey ::= SEQUENCE {
         version Version,
         privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
         privateKey PrivateKey,
         ...
       }
      
       Version ::= INTEGER
       PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
       PrivateKey ::= OCTET STRING
      
       AlgorithmIdentifier  ::=  SEQUENCE  {
         algorithm   OBJECT IDENTIFIER,
         parameters  ANY DEFINED BY algorithm OPTIONAL
       }
       

      and RFC 8410: "... when encoding a OneAsymmetricKey object, the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field."

       CurvePrivateKey ::= OCTET STRING
       
      Parameters:
      encoded - encoded private key to extract the private key bytes from
      n - number of bytes expected
      Returns:
      the extracted private key bytes; of length n
      Throws:
      IOException - if the private key cannot be extracted
      See Also:
    • readKey

      private static PublicKey readKey(org.apache.sshd.common.util.buffer.Buffer buffer) throws org.apache.sshd.common.util.buffer.BufferException
      A safe version of Buffer.getPublicKey(). Upon return the buffers's read position is always after the key blob; any exceptions thrown by trying to read the key are logged and not propagated.

      This is needed because an SSH agent might contain and deliver keys that we cannot handle (for instance ed448 keys).

      Parameters:
      buffer - to read the key from
      Returns:
      the PublicKey, or null if the key could not be read
      Throws:
      org.apache.sshd.common.util.buffer.BufferException - if the length of the key blob cannot be read or is corrupted
    • rpc

      private org.apache.sshd.common.util.buffer.Buffer rpc(byte command, byte[] message) throws IOException
      Throws:
      IOException
    • rpc

      private org.apache.sshd.common.util.buffer.Buffer rpc(byte command) throws IOException
      Throws:
      IOException
    • isOpen

      public boolean isOpen()
      Specified by:
      isOpen in interface Channel
    • removeIdentity

      public void removeIdentity(PublicKey key) throws IOException
      Specified by:
      removeIdentity in interface org.apache.sshd.agent.SshAgent
      Throws:
      IOException
    • removeAllIdentities

      public void removeAllIdentities() throws IOException
      Specified by:
      removeAllIdentities in interface org.apache.sshd.agent.SshAgent
      Throws:
      IOException