Context Navigation

← Previous Changeset
Next Changeset →

Changeset 7471

Timestamp:

Apr 9, 2018, 3:23:53 PM (5 years ago)

Author:

Nicklas Nordborg

Message:

References #2112: Add support for SSH private keys to file server items

Added 3 new database columns for storing the private key data, password and format. No special update is needed besides incrementing the schema version.

Location:

trunk/src/core/net/sf/basedb

Files:

: 5 edited

core/FileServer.java (modified) (2 diffs)
core/Install.java (modified) (1 diff)
core/Update.java (modified) (2 diffs)
core/data/FileServerData.java (modified) (1 diff)
util/uri/ConnectionParameters.java (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/core/net/sf/basedb/core/FileServer.java

-                      r7381
+                      r7471
   public static final int FINGERPRINT_LENGTH = FileServerData.FINGERPRINT_LENGTH;
+  /**
+    The maximum length of the SSH private key format path that can be stored in the database.
+    @see #setSshPrivateKeyFormat(String)
+    @since 3.13
+  */
+  public static final int MAX_FORMAT_LENGTH = FileServerData.MAX_FORMAT_LENGTH;
   /**
 …
+  }
+  /**
+    The maximum length of the SSH private key that can be stored in the database.
+    @see #setSshPrivateKey(byte[])
+    @since 3.13
+  */
+  public static final int MAX_PRIVATE_KEY_LENGTH = FileServerData.MAX_PRIVATE_KEY_LENGTH;
+  /**
+    Check if a SSH private key has been set on this file server.
+    @since 3.13
+  */
+  public boolean hasSshPrivateKey()
+  {
+    byte[] key = getData().getSshPrivateKey();
+    return key != null && key.length > 0;
+  }
+  /**
+    Get the private key that BASE should use to authenticate with the server
+    when connecting with SSH. This can be used as an alternate to password
+    authentication. Note that BASE has no built-in support for SSH connections.
+    See http://baseplugins.thep.lu.se/wiki/net.sf.basedb.xfiles for an extension
+    which includes support for SSH.
+    <p>
+    NOTE! WRITE permission is required to read this property since
+    it may contain sensitive data.
+    @return A byte array with the private key or null if no private key has been set
+    @since 3.13
+  */
+  public byte[] getSshPrivateKey()
+  {
+    if (!hasPermission(Permission.WRITE))
+    {
+      throw new PermissionDeniedException("WRITE permission is required to read the raw private key");
+    }
+    byte[] key = getData().getSshPrivateKey();
+    if (key == null || key.length == 0) return null;
+    return Arrays.copyOf(key, key.length);
+  }
+  /**
+    Set the private that BASE should use to authenticate with the server
+    when connecting with SSH.
+    @param privateKey The private key data or null if no private key is required
+    @since 3.13
+  */
+  public void setSshPrivateKey(byte[] privateKey)
+  {
+    checkPermission(Permission.WRITE);
+    if (privateKey != null && privateKey.length > MAX_PRIVATE_KEY_LENGTH)
+    {
+      throw new InvalidDataException("The 'sshPrivateKey' mustn't be longer than "+MAX_PRIVATE_KEY_LENGTH+
+          " bytes. The supplied value is "+privateKey.length+ " bytes.");
+    }
+    byte[] key = null;
+    if (privateKey != null && privateKey.length > 0)
+    {
+      key = Arrays.copyOf(privateKey, privateKey.length);
+    }
+    getData().setSshPrivateKey(key);
+  }
+  /**
+    Get the password that is needed to unlock the SSH private key.
+    NOTE! WRITE permission is required to read this property.
+    @return The password (which may be null)
+    @since 3.13
+  */
+  public String getSshPrivateKeyPassword()
+  {
+    if (!hasPermission(Permission.WRITE))
+    {
+      throw new PermissionDeniedException("WRITE permission is required to read the password");
+    }
+    return getData().getSshPrivateKeyPassword();
+  }
+  /**
+    Set the password that is needed to unlock the SSH private key.
+    @param password The new password (can be null)
+    @throws PermissionDeniedException If the logged in user doesn't have
+      write permission
+    @throws InvalidDataException If the password is longer than {@link #MAX_PASSWORD_LENGTH}
+    @since 3.13
+  */
+  public void setSshPrivateKeyPassword(String password)
+    throws PermissionDeniedException, InvalidDataException
+  {
+    checkPermission(Permission.WRITE);
+    getData().setSshPrivateKeyPassword(StringUtil.setNullableString(password,
+        "sshPrivateKeyPassword", MAX_PASSWORD_LENGTH));
+  }
+  /**
+    Get the format of the SSH private key.
+    @return The format (which may be null to use auto-detection)
+    @since 3.13
+  */
+  public String getSshPrivateKeyFormat()
+  {
+    return getData().getSshPrivateKeyFormat();
+  }
+  /**
+    Set the format of the SSH private key. Supported values are:
+    * PuTTY
+    * OpenSSH
+    * OpenSSHv1
+    * PKCS5
+    * PKCS8
+    @param format The private key format or null to use auto-detection
+    @throws PermissionDeniedException If the logged in user doesn't have
+      write permission
+    @throws InvalidDataException If the password is longer than {@link #MAX_FORMAT_LENGTH}
+    @since 3.13
+  */
+  public void setSshPrivateKeyFormat(String password)
+    throws PermissionDeniedException, InvalidDataException
+  {
+    checkPermission(Permission.WRITE);
+    getData().setSshPrivateKeyFormat(StringUtil.setNullableString(password,
+        "sshPrivateKeyFormat", MAX_FORMAT_LENGTH));
+  }
   /**
     @since 3.3

trunk/src/core/net/sf/basedb/core/Install.java

r7413	r7471
119	119	method.
120	120	*/
121		public static final int NEW_SCHEMA_VERSION = Integer.valueOf(140).intValue();
	121	public static final int NEW_SCHEMA_VERSION = Integer.valueOf(141).intValue();
122	122
123	123	public static synchronized int createTables(SchemaGenerator.Mode mode, ProgressReporter progress,

trunk/src/core/net/sf/basedb/core/Update.java

-                      r7461
+                      r7471
     </td>
   </tr>
+  <tr>
+    <td>141</td>
+    <td>
+      Added {@link FileServerData#getSshPrivateKey()}, {@link FileServerData#getSshPrivateKeyPassword()}
+      and {@link FileServerData#getSshPrivateKeyFormat()}. No special database update is needed.
+      Only increase the schema version.
+    </td>
+  </tr>
   </table>
 …
         schemaVersion = setSchemaVersionInTransaction(session, 140);
         progress_current += 2 * progress_step;
+      }
+      if (schemaVersion < 141)
+      {
+        if (progress != null) progress.display((int)(progress_current), "--Updating schema version: " + schemaVersion + " -> 141...");
+        schemaVersion = setSchemaVersionInTransaction(session, 141);
+        progress_current += progress_step;
+      }

trunk/src/core/net/sf/basedb/core/data/FileServerData.java

-                      r7332
+                      r7471
+  }
+  public static final int MAX_PRIVATE_KEY_LENGTH = 65535;
+  private byte[] sshPrivateKey;
+  /**
+    Get the SSH private key that we need to send to the server
+    to make the server accept our connection.
+    @since 3.13
+    @hibernate.property column="`ssh_private_key`" type="binary" length="65535" not-null="false"
+  */
+  @PropertyPathProtected
+  public byte[] getSshPrivateKey()
+  {
+    return sshPrivateKey;
+  }
+  public void setSshPrivateKey(byte[] sshPrivateKey)
+  {
+    this.sshPrivateKey = sshPrivateKey;
+  }
+  private String sshPrivateKeyPassword;
+  /**
+    Get the password that is used to unlock the SSH private key.
+    @since 3.13
+    @hibernate.property column="`ssh_private_key_password`" type="string" length="255" not-null="false"
+  */
+  @PropertyPathProtected
+  public String getSshPrivateKeyPassword()
+  {
+    return sshPrivateKeyPassword;
+  }
+  public void setSshPrivateKeyPassword(String sshPrivateKeyPassword)
+  {
+    this.sshPrivateKeyPassword = sshPrivateKeyPassword;
+  }
+  public static final int MAX_FORMAT_LENGTH = 255;
+  private String sshPrivateKeyFormat;
+  /**
+    Get the private key format.
+    @since 3.13
+    @hibernate.property column="`ssh_private_key_format`" type="string" length="255" not-null="false"
+  */
+  public String getSshPrivateKeyFormat()
+  {
+    return sshPrivateKeyFormat;
+  }
+  public void setSshPrivateKeyFormat(String sshPrivateKeyFormat)
+  {
+    this.sshPrivateKeyFormat = sshPrivateKeyFormat;
+  }
   public static final int MAX_CERTIFICATE_LENGTH = 65535;
   private byte[] serverCertificate;

trunk/src/core/net/sf/basedb/util/uri/ConnectionParameters.java

-                      r6497
+                      r7471
 import java.net.URI;
 import java.net.URISyntaxException;
+import org.bouncycastle.util.Arrays;
 import net.sf.basedb.core.FileServer;
 …
     parameters.setUsername(fileServer.getUsername());
     parameters.setPassword(fileServer.getPassword());
     parameters.setServerCertificate(fileServer.getServerCertificate());
     parameters.setClientCertificate(fileServer.getClientCertificate());
+    parameters.setServerCertificate(Arrays.clone(fileServer.getServerCertificate()));
+    parameters.setClientCertificate(Arrays.clone(fileServer.getClientCertificate()));
     parameters.setClientCertificatePassword(fileServer.getClientCertificatePassword());
     parameters.setRootPath(fileServer.getRootPath());
     parameters.setSshFingerprint(fileServer.getSshFingerprint());
+    parameters.setSshPrivateKey(Arrays.clone(fileServer.getSshPrivateKey()));
+    parameters.setSshPrivateKeyPassword(fileServer.getSshPrivateKeyPassword());
+    parameters.setSshPrivateKeyFormat(fileServer.getSshPrivateKeyFormat());
     return parameters;
+  }
 …
   private String rootPath;
   private String sshFingerprint;
+  private byte[] sshPrivateKey;
+  private String sshPrivateKeyPassword;
+  private String sshPrivateKeyFormat;
   private byte[] serverCertificate;
   private byte[] clientCertificate;
 …
+  }
+  /**
+    Get the private key that should be used to authenticate with the server
+    when connecting using SSH.
+    @since 3.13
+  */
+  public byte[] getSshPrivateKey()
+  {
+    return sshPrivateKey;
+  }
+  public void setSshPrivateKey(byte[] sshPrivateKey)
+  {
+    this.sshPrivateKey = sshPrivateKey;
+  }
+  /**
+    Get the password that is needed to unlock the SSH private key.
+    @return The password (which may be null)
+    @since 3.13
+  */
+  public String getSshPrivateKeyPassword()
+  {
+    return sshPrivateKeyPassword;
+  }
+  public void setSshPrivateKeyPassword(String password)
+  {
+    this.sshPrivateKeyPassword = password;
+  }
+  /**
+    Get the format of the SSH private key (if known).
+    @return The private key format (or null to try auto-detection)
+    @since 3.13
+  */
+  public String getSshPrivateKeyFormat()
+  {
+    return sshPrivateKeyFormat;
+  }
+  public void setSshPrivateKeyFormat(String format)
+  {
+    this.sshPrivateKeyFormat = format;
+  }
   /**
     If the connection parameters include a specific host:port or root path

Note: See TracChangeset for help on using the changeset viewer.