org.apache.sshd.common.config.keys

Class KeyUtils

java.lang.Object

org.apache.sshd.common.config.keys.KeyUtils

public final class KeyUtils
extends Object

Utility class for keys

Author:

Apache MINA SSHD Project

Field Summary

Fields

Modifier and Type	Field and Description
static Factory<Digest>	DEFAULT_FINGERPRINT_DIGEST_FACTORY The default Factory of Digests initialized as the value of getDefaultFingerPrintFactory()
static Set<PosixFilePermission>	STRICTLY_PROHIBITED_FILE_PERMISSION The Set of PosixFilePermission not allowed if strict permissions are enforced on key files

Method Summary

Modifier and Type	Method and Description
static KeyPair	cloneKeyPair(String keyType, KeyPair kp) Performs a deep-clone of the original KeyPair - i.e., creates new public/private keys that are clones of the original one
static boolean	compareDSAKeys(DSAPrivateKey k1, DSAPrivateKey k2)
static boolean	compareDSAKeys(DSAPublicKey k1, DSAPublicKey k2)
static boolean	compareDSAParams(DSAParams p1, DSAParams p2)
static boolean	compareECKeys(ECPrivateKey k1, ECPrivateKey k2)
static boolean	compareECKeys(ECPublicKey k1, ECPublicKey k2)
static boolean	compareECParams(ECParameterSpec s1, ECParameterSpec s2)
static boolean	compareKeyPairs(KeyPair k1, KeyPair k2)
static boolean	compareKeys(PrivateKey k1, PrivateKey k2)
static boolean	compareKeys(PublicKey k1, PublicKey k2)
static boolean	compareRSAKeys(RSAPrivateKey k1, RSAPrivateKey k2)
static boolean	compareRSAKeys(RSAPublicKey k1, RSAPublicKey k2)
static PublicKey	findMatchingKey(PublicKey key, Collection<? extends PublicKey> keySet)
static PublicKey	findMatchingKey(PublicKey key, PublicKey... keySet)
static KeyPair	generateKeyPair(String keyType, int keySize)
static Factory<? extends Digest>	getDefaultFingerPrintFactory()
static String	getFingerPrint(Digest d, PublicKey key)
static String	getFingerPrint(Digest d, String s)
static String	getFingerPrint(Digest d, String s, Charset charset)
static String	getFingerPrint(Factory<? extends Digest> f, PublicKey key)
static String	getFingerPrint(Factory<? extends Digest> f, String s)
static String	getFingerPrint(Factory<? extends Digest> f, String s, Charset charset)
static String	getFingerPrint(PublicKey key)
static String	getFingerPrint(String password)
static String	getFingerPrint(String password, Charset charset)
static String	getKeyType(Key key)
static String	getKeyType(KeyPair kp)
static PublicKeyEntryDecoder<?,?>	getPublicKeyEntryDecoder(Class<?> keyType)
static PublicKeyEntryDecoder<?,?>	getPublicKeyEntryDecoder(Key key)
static PublicKeyEntryDecoder<?,?>	getPublicKeyEntryDecoder(KeyPair kp)
static PublicKeyEntryDecoder<?,?>	getPublicKeyEntryDecoder(String keyType)
static void	registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
static void	setDefaultFingerPrintFactory(Factory<? extends Digest> f)
static PosixFilePermission	validateStrictKeyFilePermissions(Path path, LinkOption... options) Checks if a path has strict permissions

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

STRICTLY_PROHIBITED_FILE_PERMISSION

public static final Set<PosixFilePermission> STRICTLY_PROHIBITED_FILE_PERMISSION

The Set of PosixFilePermission not allowed if strict permissions are enforced on key files

DEFAULT_FINGERPRINT_DIGEST_FACTORY

public static final Factory<Digest> DEFAULT_FINGERPRINT_DIGEST_FACTORY

The default Factory of Digests initialized as the value of getDefaultFingerPrintFactory()

Method Detail

validateStrictKeyFilePermissions

public static PosixFilePermission validateStrictKeyFilePermissions(Path path,
                                                                   LinkOption... options)
                                                            throws IOException

Checks if a path has strict permissions

• The path may not have PosixFilePermission.OTHERS_EXECUTE permission

• (For Unix) The path may not have group or others permissions

• (For Unix) If the path is a file, then its folder may not have group or others permissions

Parameters:

path - The Path to be checked - ignored if null or does not exist

options - The LinkOptions to use to query the file's permissions

Returns:

The violated PosixFilePermission - null if no violations detected

Throws:

IOException - If failed to retrieve the permissions

See Also:

STRICTLY_PROHIBITED_FILE_PERMISSION

generateKeyPair

public static KeyPair generateKeyPair(String keyType,
                                      int keySize)
                               throws GeneralSecurityException

Parameters:

keyType - The key type - OpenSSH name - e.g., ssh-rsa, ssh-dss

keySize - The key size (in bits)

Returns:

A KeyPair of the specified type and size

Throws:

GeneralSecurityException - If failed to generate the key pair

See Also:

getPublicKeyEntryDecoder(String), PublicKeyEntryDecoder.generateKeyPair(int)

cloneKeyPair

public static KeyPair cloneKeyPair(String keyType,
                                   KeyPair kp)
                            throws GeneralSecurityException

Performs a deep-clone of the original KeyPair - i.e., creates new public/private keys that are clones of the original one

Parameters:

keyType - The key type - OpenSSH name - e.g., ssh-rsa, ssh-dss

kp - The KeyPair to clone - ignored if null

Returns:

The cloned instance

Throws:

GeneralSecurityException - If failed to clone the pair

registerPublicKeyEntryDecoder

public static void registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)

Parameters:

decoder - The decoder to register

Throws:

IllegalArgumentException - if no decoder or not key type or no supported names for the decoder

See Also:

PublicKeyEntryDecoder.getPublicKeyType(), PublicKeyEntryDecoder.getSupportedTypeNames()

getPublicKeyEntryDecoder

public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(String keyType)

Parameters:

keyType - The OpenSSH key type string - e.g., ssh-rsa, ssh-dss - ignored if null/empty

Returns:

The registered PublicKeyEntryDecoder or {code null} if not found

getPublicKeyEntryDecoder

public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(KeyPair kp)

Parameters:

kp - The KeyPair to examine - ignored if null

Returns:

The matching PublicKeyEntryDecoder provided both the public and private keys have the same decoder - null if no match found

See Also:

getPublicKeyEntryDecoder(Key)

getPublicKeyEntryDecoder

public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Key key)

Parameters:

key - The Key (public or private) - ignored if null

Returns:

The registered PublicKeyEntryDecoder for this key or {code null} if no match found

See Also:

getPublicKeyEntryDecoder(Class)

getPublicKeyEntryDecoder

public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Class<?> keyType)

Parameters:

keyType - The key Class - ignored if null or not a Key compatible type

Returns:

The registered PublicKeyEntryDecoder or {code null} if no match found

getDefaultFingerPrintFactory

public static Factory<? extends Digest> getDefaultFingerPrintFactory()

Returns:

The default Factory of Digests used by the getFingerPrint(PublicKey) and getFingerPrint(String) methods

See Also:

setDefaultFingerPrintFactory(Factory)

setDefaultFingerPrintFactory

public static void setDefaultFingerPrintFactory(Factory<? extends Digest> f)

Parameters:

f - The Factory of Digests to be used - may not be null

getFingerPrint

public static String getFingerPrint(PublicKey key)

Parameters:

key - the public key - ignored if null

Returns:

the fingerprint or null if no key. Note: if exception encountered then returns the exception's simple class name

See Also:

getFingerPrint(Factory, PublicKey)

getFingerPrint

public static String getFingerPrint(String password)

Parameters:

password - The String to digest - ignored if null/empty, otherwise its UTF-8 representation is used as input for the fingerprint

Returns:

The fingerprint - null if null/empty input. Note: if exception encountered then returns the exception's simple class name

See Also:

getFingerPrint(String, Charset)

getFingerPrint

public static String getFingerPrint(String password,
                                    Charset charset)

Parameters:

password - The String to digest - ignored if null/empty

charset - The Charset to use in order to convert the string to its byte representation to use as input for the fingerprint

Returns:

The fingerprint - null if null/empty input. Note: if exception encountered then returns the exception's simple class name

See Also:

getFingerPrint(Factory, String, Charset), getDefaultFingerPrintFactory()

getFingerPrint

public static String getFingerPrint(Factory<? extends Digest> f,
                                    PublicKey key)

Parameters:

f - The Factory to create the Digest to use

key - the public key - ignored if null

Returns:

the fingerprint or null if no key. Note: if exception encountered then returns the exception's simple class name

See Also:

getFingerPrint(Digest, PublicKey)

getFingerPrint

public static String getFingerPrint(Digest d,
                                    PublicKey key)

Parameters:

d - The Digest to use

key - the public key - ignored if null

Returns:

the fingerprint or null if no key. Note: if exception encountered then returns the exception's simple class name

See Also:

DigestUtils.getFingerPrint(Digest, byte[], int, int)

getFingerPrint

public static String getFingerPrint(Factory<? extends Digest> f,
                                    String s)

Parameters:

f - The Factory to create the Digest to use

s - The String to digest - ignored if null/empty, otherwise its UTF-8 representation is used as input for the fingerprint

Returns:

The fingerprint - null if null/empty input. Note: if exception encountered then returns the exception's simple class name

See Also:

getFingerPrint(Digest, String, Charset)

getFingerPrint

public static String getFingerPrint(Factory<? extends Digest> f,
                                    String s,
                                    Charset charset)

Parameters:

f - The Factory to create the Digest to use

s - The String to digest - ignored if null/empty

charset - The Charset to use in order to convert the string to its byte representation to use as input for the fingerprint

Returns:

The fingerprint - null if null/empty input Note: if exception encountered then returns the exception's simple class name

See Also:

DigestUtils.getFingerPrint(Digest, String, Charset)

getFingerPrint

public static String getFingerPrint(Digest d,
                                    String s)

Parameters:

d - The Digest to use

s - The String to digest - ignored if null/empty, otherwise its UTF-8 representation is used as input for the fingerprint

Returns:

The fingerprint - null if null/empty input. Note: if exception encountered then returns the exception's simple class name

See Also:

DigestUtils.getFingerPrint(Digest, String, Charset)

getFingerPrint

public static String getFingerPrint(Digest d,
                                    String s,
                                    Charset charset)

Parameters:

d - The Digest to use to calculate the fingerprint

s - The string to digest - ignored if null/empty

charset - The Charset to use in order to convert the string to its byte representation to use as input for the fingerprint

Returns:

The fingerprint - null if null/empty input. Note: if exception encountered then returns the exception's simple class name

See Also:

DigestUtils.getFingerPrint(Digest, String, Charset)

getKeyType

public static String getKeyType(KeyPair kp)

Parameters:

kp - a key pair - ignored if null. If the private key is non-null then it is used to determine the type, otherwise the public one is used.

Returns:

the key type or null if cannot determine it

See Also:

getKeyType(Key)

getKeyType

public static String getKeyType(Key key)

Parameters:

key - a public or private key

Returns:

the key type or null if cannot determine it

findMatchingKey

public static PublicKey findMatchingKey(PublicKey key,
                                        PublicKey... keySet)

Parameters:

key - The PublicKey to be checked - ignored if null

keySet - The keys to be searched - ignored if null/empty

Returns:

The matching PublicKey from the keys or null if no match found

See Also:

compareKeys(PublicKey, PublicKey)

findMatchingKey

public static PublicKey findMatchingKey(PublicKey key,
                                        Collection<? extends PublicKey> keySet)

Parameters:

key - The PublicKey to be checked - ignored if null

keySet - The keys to be searched - ignored if null/empty

Returns:

The matching PublicKey from the keys or null if no match found

See Also:

compareKeys(PublicKey, PublicKey)

compareKeyPairs

public static boolean compareKeyPairs(KeyPair k1,
                                      KeyPair k2)

compareKeys

public static boolean compareKeys(PrivateKey k1,
                                  PrivateKey k2)

compareRSAKeys

public static boolean compareRSAKeys(RSAPrivateKey k1,
                                     RSAPrivateKey k2)

compareDSAKeys

public static boolean compareDSAKeys(DSAPrivateKey k1,
                                     DSAPrivateKey k2)

compareECKeys

public static boolean compareECKeys(ECPrivateKey k1,
                                    ECPrivateKey k2)

compareKeys

public static boolean compareKeys(PublicKey k1,
                                  PublicKey k2)

compareRSAKeys

public static boolean compareRSAKeys(RSAPublicKey k1,
                                     RSAPublicKey k2)

compareDSAKeys

public static boolean compareDSAKeys(DSAPublicKey k1,
                                     DSAPublicKey k2)

compareDSAParams

public static boolean compareDSAParams(DSAParams p1,
                                       DSAParams p2)

compareECKeys

public static boolean compareECKeys(ECPublicKey k1,
                                    ECPublicKey k2)

compareECParams

public static boolean compareECParams(ECParameterSpec s1,
                                      ECParameterSpec s2)