Class SshAgentClient
java.lang.Object
org.eclipse.jgit.internal.transport.sshd.agent.SshAgentClient
- All Implemented Interfaces:
Closeable
,AutoCloseable
,Channel
,org.apache.sshd.agent.SshAgent
A client for an SSH2 agent. This client supports querying identities,
signature requests, and adding keys to an agent (with or without
constraints). Removing keys is not supported, and the older SSH1 protocol is
not supported.
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AtomicBoolean
private final Connector
private static final org.slf4j.Logger
private static final int
Fields inherited from interface org.apache.sshd.agent.SshAgent
SSH_AUTHSOCKET_ENV_NAME
-
Constructor Summary
ConstructorsConstructorDescriptionSshAgentClient
(Connector connector) Creates a newSshAgentClient
implementing the SSH2 ssh agent protocol, using the givenConnector
to connect to the SSH agent and to exchange messages. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addIdentity
(KeyPair key, String comment, org.apache.sshd.agent.SshAgentKeyConstraint... constraints) private static byte[]
asn1Parse
(byte[] encoded, int n) Extracts the private key bytes from an encoded ed25519 private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):void
close()
boolean
isOpen()
private boolean
open
(boolean debugging) private static void
putEd25519Key
(org.apache.sshd.common.util.buffer.Buffer msg, KeyPair key) Writes an ed25519KeyPair
to aBuffer
.private static PublicKey
readKey
(org.apache.sshd.common.util.buffer.Buffer buffer) A safe version ofBuffer.getPublicKey()
.void
void
removeIdentity
(PublicKey key) private org.apache.sshd.common.util.buffer.Buffer
rpc
(byte command) private org.apache.sshd.common.util.buffer.Buffer
rpc
(byte command, byte[] message) sign
(org.apache.sshd.common.session.SessionContext session, PublicKey key, String algorithm, byte[] data) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.sshd.agent.SshAgent
resolveLocalIdentity
-
Field Details
-
LOG
private static final org.slf4j.Logger LOG -
MAX_NUMBER_OF_KEYS
private static final int MAX_NUMBER_OF_KEYS- See Also:
-
closed
-
connector
-
-
Constructor Details
-
SshAgentClient
Creates a newSshAgentClient
implementing the SSH2 ssh agent protocol, using the givenConnector
to connect to the SSH agent and to exchange messages.- Parameters:
connector
-Connector
to use
-
-
Method Details
-
open
- Throws:
IOException
-
close
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceChannel
- Specified by:
close
in interfaceCloseable
- Throws:
IOException
-
getIdentities
- Specified by:
getIdentities
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
IOException
-
sign
public Map.Entry<String,byte[]> sign(org.apache.sshd.common.session.SessionContext session, PublicKey key, String algorithm, byte[] data) throws IOException - Specified by:
sign
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
IOException
-
addIdentity
public void addIdentity(KeyPair key, String comment, org.apache.sshd.agent.SshAgentKeyConstraint... constraints) throws IOException - Specified by:
addIdentity
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
IOException
-
putEd25519Key
private static void putEd25519Key(org.apache.sshd.common.util.buffer.Buffer msg, KeyPair key) throws IOException Writes an ed25519KeyPair
to aBuffer
. OpenSSH specifies that it expects the 32 public key bytes, followed by 64 bytes formed by concatenating the 32 private key bytes with the 32 public key bytes.- Parameters:
msg
-Buffer
to write tokey
-KeyPair
to write- Throws:
IOException
- if the private key cannot be written
-
asn1Parse
Extracts the private key bytes from an encoded ed25519 private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):OneAsymmetricKey ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, ... } Version ::= INTEGER PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
and RFC 8410: "... when encoding a OneAsymmetricKey object, the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field."
CurvePrivateKey ::= OCTET STRING
- Parameters:
encoded
- encoded private key to extract the private key bytes fromn
- number of bytes expected- Returns:
- the extracted private key bytes; of length
n
- Throws:
IOException
- if the private key cannot be extracted- See Also:
-
readKey
private static PublicKey readKey(org.apache.sshd.common.util.buffer.Buffer buffer) throws org.apache.sshd.common.util.buffer.BufferException A safe version ofBuffer.getPublicKey()
. Upon return the buffers's read position is always after the key blob; any exceptions thrown by trying to read the key are logged and not propagated.This is needed because an SSH agent might contain and deliver keys that we cannot handle (for instance ed448 keys).
- Parameters:
buffer
- to read the key from- Returns:
- the
PublicKey
, ornull
if the key could not be read - Throws:
org.apache.sshd.common.util.buffer.BufferException
- if the length of the key blob cannot be read or is corrupted
-
rpc
private org.apache.sshd.common.util.buffer.Buffer rpc(byte command, byte[] message) throws IOException - Throws:
IOException
-
rpc
- Throws:
IOException
-
isOpen
public boolean isOpen() -
removeIdentity
- Specified by:
removeIdentity
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
IOException
-
removeAllIdentities
- Specified by:
removeAllIdentities
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
IOException
-