Class KeyUtils
- java.lang.Object
-
- org.apache.sshd.common.config.keys.KeyUtils
-
public final class KeyUtils extends Object
Utility class for keys- Author:
- Apache MINA SSHD Project
-
-
Field Summary
Fields Modifier and Type Field Description static DigestFactory
DEFAULT_FINGERPRINT_DIGEST_FACTORY
The defaultFactory
ofDigest
s initialized as the value ofgetDefaultFingerPrintFactory()
if not overridden byKEY_FINGERPRINT_FACTORY_PROP
orsetDefaultFingerPrintFactory(DigestFactory)
static BigInteger
DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponentstatic String
DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security providerstatic String
EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security providerstatic String
KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys.static String
RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security providerstatic String
RSA_SHA256_CERT_TYPE_ALIAS
static String
RSA_SHA256_KEY_TYPE_ALIAS
static String
RSA_SHA512_CERT_TYPE_ALIAS
static String
RSA_SHA512_KEY_TYPE_ALIAS
static Set<PosixFilePermission>
STRICTLY_PROHIBITED_FILE_PERMISSION
TheSet
ofPosixFilePermission
not allowed if strict permissions are enforced on key files
-
Method Summary
-
-
-
Field Detail
-
RSA_ALGORITHM
public static final String RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security provider- See Also:
- Constant Field Values
-
DEFAULT_RSA_PUBLIC_EXPONENT
public static final BigInteger DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponent
-
DSS_ALGORITHM
public static final String DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security provider- See Also:
- Constant Field Values
-
EC_ALGORITHM
public static final String EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security provider- See Also:
- Constant Field Values
-
STRICTLY_PROHIBITED_FILE_PERMISSION
public static final Set<PosixFilePermission> STRICTLY_PROHIBITED_FILE_PERMISSION
TheSet
ofPosixFilePermission
not allowed if strict permissions are enforced on key files
-
KEY_FINGERPRINT_FACTORY_PROP
public static final String KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys. If not set theDEFAULT_FINGERPRINT_DIGEST_FACTORY
is used- See Also:
- Constant Field Values
-
DEFAULT_FINGERPRINT_DIGEST_FACTORY
public static final DigestFactory DEFAULT_FINGERPRINT_DIGEST_FACTORY
The defaultFactory
ofDigest
s initialized as the value ofgetDefaultFingerPrintFactory()
if not overridden byKEY_FINGERPRINT_FACTORY_PROP
orsetDefaultFingerPrintFactory(DigestFactory)
-
RSA_SHA256_KEY_TYPE_ALIAS
public static final String RSA_SHA256_KEY_TYPE_ALIAS
-
RSA_SHA512_KEY_TYPE_ALIAS
public static final String RSA_SHA512_KEY_TYPE_ALIAS
- See Also:
- Constant Field Values
-
RSA_SHA256_CERT_TYPE_ALIAS
public static final String RSA_SHA256_CERT_TYPE_ALIAS
- See Also:
- Constant Field Values
-
RSA_SHA512_CERT_TYPE_ALIAS
public static final String RSA_SHA512_CERT_TYPE_ALIAS
- See Also:
- Constant Field Values
-
-
Method Detail
-
validateStrictKeyFilePermissions
public static AbstractMap.SimpleImmutableEntry<String,Object> validateStrictKeyFilePermissions(Path path, LinkOption... options) throws IOException
Checks if a path has strict permissions
-
The path may not have
PosixFilePermission.OTHERS_EXECUTE
permission -
(For
Unix
) The path may not have group or others permissions -
(For
Unix
) If the path is a file, then its folder may not have group or others permissions -
The path must be owned by current user.
-
(For
Unix
) The path may be owned by root. -
(For
Unix
) If the path is a file, then its folder must also have valid owner.
- Parameters:
path
- ThePath
to be checked - ignored ifnull
or does not existoptions
- TheLinkOption
s to use to query the file's permissions- Returns:
- The violated permission as
AbstractMap.SimpleImmutableEntry
where key is a message and value is the offending objectPosixFilePermission
orString
for owner -null
if no violations detected - Throws:
IOException
- If failed to retrieve the permissions- See Also:
STRICTLY_PROHIBITED_FILE_PERMISSION
-
-
generateKeyPair
public static KeyPair generateKeyPair(String keyType, int keySize) throws GeneralSecurityException
- Parameters:
keyType
- The key type -OpenSSH
name - e.g.,ssh-rsa, ssh-dss
keySize
- The key size (in bits)- Returns:
- A
KeyPair
of the specified type and size - Throws:
GeneralSecurityException
- If failed to generate the key pair- See Also:
getPublicKeyEntryDecoder(String)
,KeyEntryResolver.generateKeyPair(int)
-
cloneKeyPair
public static KeyPair cloneKeyPair(String keyType, KeyPair kp) throws GeneralSecurityException
Performs a deep-clone of the originalKeyPair
- i.e., creates new public/private keys that are clones of the original one- Parameters:
keyType
- The key type -OpenSSH
name - e.g.,ssh-rsa, ssh-dss
kp
- TheKeyPair
to clone - ignored ifnull
- Returns:
- The cloned instance
- Throws:
GeneralSecurityException
- If failed to clone the pair
-
registerPublicKeyEntryDecoder
public static void registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
- Parameters:
decoder
- The decoder to register- Throws:
IllegalArgumentException
- if no decoder or not key type or no supported names for the decoder- See Also:
IdentityResourceLoader.getPublicKeyType()
,KeyTypeNamesSupport.getSupportedKeyTypes()
-
registerPublicKeyEntryDecoderKeyTypes
public static void registerPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?,?> decoder)
Registers the specified decoder for all the types itsupports
- Parameters:
decoder
- The (nevernull
)decoder
to register- See Also:
registerPublicKeyEntryDecoderForKeyType(String, PublicKeyEntryDecoder)
-
registerPublicKeyEntryDecoderForKeyType
public static PublicKeyEntryDecoder<?,?> registerPublicKeyEntryDecoderForKeyType(String keyType, PublicKeyEntryDecoder<?,?> decoder)
- Parameters:
keyType
- The key (nevernull
/empty) key typedecoder
- The (nevernull
)decoder
to register- Returns:
- The previously registered decoder for this key type -
null
if none
-
unregisterPublicKeyEntryDecoder
public static NavigableSet<String> unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
- Parameters:
decoder
- The (nevernull
)decoder
to unregister- Returns:
- The case insensitive
NavigableSet
of all the effectively un-registered key types out of all thesupported
ones. - See Also:
unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder)
-
unregisterPublicKeyEntryDecoderKeyTypes
public static NavigableSet<String> unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?,?> decoder)
Unregisters the specified decoder for all the types it supports- Parameters:
decoder
- The (nevernull
)decoder
to unregister- Returns:
- The case insensitive
NavigableSet
of all the effectively un-registered key types out of all thesupported
ones. - See Also:
unregisterPublicKeyEntryDecoderForKeyType(String)
-
unregisterPublicKeyEntryDecoderForKeyType
public static PublicKeyEntryDecoder<?,?> unregisterPublicKeyEntryDecoderForKeyType(String keyType)
Unregister the decoder registered for the specified key type- Parameters:
keyType
- The key (nevernull
/empty) key type- Returns:
- The unregistered
PublicKeyEntryDecoder
-null
if none registered for this key type
-
getPublicKeyEntryDecoder
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(String keyType)
- Parameters:
keyType
- TheOpenSSH
key type string - e.g.,ssh-rsa, ssh-dss
- ignored ifnull
/empty- Returns:
- The registered
PublicKeyEntryDecoder
or {code null} if not found
-
getPublicKeyEntryDecoder
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(KeyPair kp)
- Parameters:
kp
- TheKeyPair
to examine - ignored ifnull
- Returns:
- The matching
PublicKeyEntryDecoder
provided both the public and private keys have the same decoder -null
if no match found - See Also:
getPublicKeyEntryDecoder(Key)
-
getPublicKeyEntryDecoder
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Key key)
- Parameters:
key
- TheKey
(public or private) - ignored ifnull
- Returns:
- The registered
PublicKeyEntryDecoder
for this key or {code null} if no match found - See Also:
getPublicKeyEntryDecoder(Class)
-
getPublicKeyEntryDecoder
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Class<?> keyType)
- Parameters:
keyType
- The keyClass
- ignored ifnull
or not aKey
compatible type- Returns:
- The registered
PublicKeyEntryDecoder
or {code null} if no match found
-
getDefaultFingerPrintFactory
public static DigestFactory getDefaultFingerPrintFactory()
- Returns:
- The default
DigestFactory
by thegetFingerPrint(PublicKey)
andgetFingerPrint(String)
methods - See Also:
KEY_FINGERPRINT_FACTORY_PROP
,setDefaultFingerPrintFactory(DigestFactory)
-
setDefaultFingerPrintFactory
public static void setDefaultFingerPrintFactory(DigestFactory f)
- Parameters:
f
- TheDigestFactory
ofDigest
s to be used - may not benull
-
getFingerPrint
public static String getFingerPrint(PublicKey key)
- Parameters:
key
- the public key - ignored ifnull
- Returns:
- the fingerprint or
null
if no key. Note: if exception encountered then returns the exception's simple class name - See Also:
getFingerPrint(Factory, PublicKey)
-
getFingerPrint
public static String getFingerPrint(String password)
- Parameters:
password
- TheString
to digest - ignored ifnull
/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
getFingerPrint(String, Charset)
-
getFingerPrint
public static String getFingerPrint(String password, Charset charset)
- Parameters:
password
- TheString
to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
getFingerPrint(Factory, String, Charset)
,getDefaultFingerPrintFactory()
-
getFingerPrint
public static String getFingerPrint(Factory<? extends Digest> f, PublicKey key)
- Parameters:
f
- TheFactory
to create theDigest
to usekey
- the public key - ignored ifnull
- Returns:
- the fingerprint or
null
if no key. Note: if exception encountered then returns the exception's simple class name - See Also:
getFingerPrint(Digest, PublicKey)
-
getFingerPrint
public static String getFingerPrint(Digest d, PublicKey key)
- Parameters:
d
- TheDigest
to usekey
- the public key - ignored ifnull
- Returns:
- the fingerprint or
null
if no key. Note: if exception encountered then returns the exception's simple class name - See Also:
DigestUtils.getFingerPrint(Digest, byte[], int, int)
-
getRawFingerprint
public static byte[] getRawFingerprint(PublicKey key) throws Exception
- Throws:
Exception
-
getRawFingerprint
public static byte[] getRawFingerprint(Factory<? extends Digest> f, PublicKey key) throws Exception
- Throws:
Exception
-
getRawFingerprint
public static byte[] getRawFingerprint(Digest d, PublicKey key) throws Exception
- Throws:
Exception
-
getFingerPrint
public static String getFingerPrint(Factory<? extends Digest> f, String s)
- Parameters:
f
- TheFactory
to create theDigest
to uses
- TheString
to digest - ignored ifnull
/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
getFingerPrint(Digest, String, Charset)
-
getFingerPrint
public static String getFingerPrint(Factory<? extends Digest> f, String s, Charset charset)
- Parameters:
f
- TheFactory
to create theDigest
to uses
- TheString
to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input Note: if exception encountered then returns the exception's simple class name - See Also:
DigestUtils.getFingerPrint(Digest, String, Charset)
-
getFingerPrint
public static String getFingerPrint(Digest d, String s)
- Parameters:
d
- TheDigest
to uses
- TheString
to digest - ignored ifnull
/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
DigestUtils.getFingerPrint(Digest, String, Charset)
-
getFingerPrint
public static String getFingerPrint(Digest d, String s, Charset charset)
- Parameters:
d
- TheDigest
to use to calculate the fingerprints
- The string to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
DigestUtils.getFingerPrint(Digest, String, Charset)
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, PublicKey key)
- Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.key
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry
- key is success indicator, value is actual fingerprint, null
if no key. - See Also:
getDefaultFingerPrintFactory()
,checkFingerPrint(String, Factory, PublicKey)
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Factory<? extends Digest> f, PublicKey key)
- Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.f
- TheFactory
to be used to generate the defaultDigest
for the keykey
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry
- key is success indicator, value is actual fingerprint, null
if no key.
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Digest d, PublicKey key)
- Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.d
- TheDigest
to be used to generate the default fingerprint for the keykey
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry
- key is success indicator, value is actual fingerprint, null
if no key.
-
getKeyType
public static String getKeyType(KeyPair kp)
- Parameters:
kp
- a key pair - ignored ifnull
. If the private key is non-null
then it is used to determine the type, otherwise the public one is used.- Returns:
- the key type or
null
if cannot determine it - See Also:
getKeyType(Key)
-
getKeyType
public static String getKeyType(Key key)
- Parameters:
key
- a public or private key- Returns:
- the key type or
null
if cannot determine it
-
getAllEquivalentKeyTypes
public static List<String> getAllEquivalentKeyTypes(String keyType)
- Parameters:
keyType
- A key type name - ignored ifnull
/empty- Returns:
- A
List
of they canonical key name and all its aliases - See Also:
getCanonicalKeyType(String)
-
getCanonicalKeyType
public static String getCanonicalKeyType(String keyType)
- Parameters:
keyType
- The available key-type - ignored ifnull
/empty- Returns:
- The canonical key type - same as input if no alias registered for the provided key type
- See Also:
RSA_SHA256_KEY_TYPE_ALIAS
,RSA_SHA512_KEY_TYPE_ALIAS
-
getRegisteredKeyTypeAliases
public static NavigableSet<String> getRegisteredKeyTypeAliases()
- Returns:
- A case insensitive
NavigableSet
of the currently registered key type "aliases". - See Also:
getCanonicalKeyType(String)
-
registerCanonicalKeyTypes
public static List<String> registerCanonicalKeyTypes(String keyType, Collection<String> aliases)
Registers a collection of aliases to a canonical key type- Parameters:
keyType
- The (nevernull
/empty) canonical namealiases
- The (nevernull
/empty) aliases- Returns:
- A
List
of the replaced aliases - empty if no previous aliases for the canonical name
-
unregisterCanonicalKeyTypeAlias
public static String unregisterCanonicalKeyTypeAlias(String alias)
- Parameters:
alias
- The alias to unregister (ignored ifnull
/empty)- Returns:
- The associated canonical key type -
null
if alias not registered
-
getKeySize
public static int getKeySize(Key key)
Determines the key size in bits- Parameters:
key
- TheKey
to examine - ignored ifnull
- Returns:
- The key size - non-positive value if cannot determine it
-
findMatchingKey
public static PublicKey findMatchingKey(PublicKey key, PublicKey... keySet)
- Parameters:
key
- ThePublicKey
to be checked - ignored ifnull
keySet
- The keys to be searched - ignored ifnull
/empty- Returns:
- The matching
PublicKey
from the keys ornull
if no match found - See Also:
compareKeys(PublicKey, PublicKey)
-
findMatchingKey
public static PublicKey findMatchingKey(PublicKey key, Collection<? extends PublicKey> keySet)
- Parameters:
key
- ThePublicKey
to be checked - ignored ifnull
keySet
- The keys to be searched - ignored ifnull
/empty- Returns:
- The matching
PublicKey
from the keys ornull
if no match found - See Also:
compareKeys(PublicKey, PublicKey)
-
recoverPublicKey
public static PublicKey recoverPublicKey(PrivateKey key) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
compareKeys
public static boolean compareKeys(PrivateKey k1, PrivateKey k2)
-
compareRSAKeys
public static boolean compareRSAKeys(RSAPublicKey k1, RSAPublicKey k2)
-
compareRSAKeys
public static boolean compareRSAKeys(RSAPrivateKey k1, RSAPrivateKey k2)
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
recoverFromRSAPrivateCrtKey
public static RSAPublicKey recoverFromRSAPrivateCrtKey(RSAPrivateCrtKey rsaKey) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
compareDSAKeys
public static boolean compareDSAKeys(DSAPublicKey k1, DSAPublicKey k2)
-
compareDSAKeys
public static boolean compareDSAKeys(DSAPrivateKey k1, DSAPrivateKey k2)
-
recoverDSAPublicKey
public static DSAPublicKey recoverDSAPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
compareECKeys
public static boolean compareECKeys(ECPrivateKey k1, ECPrivateKey k2)
-
compareECKeys
public static boolean compareECKeys(ECPublicKey k1, ECPublicKey k2)
-
compareECParams
public static boolean compareECParams(ECParameterSpec s1, ECParameterSpec s2)
-
compareSkEcdsaKeys
public static boolean compareSkEcdsaKeys(SkEcdsaPublicKey k1, SkEcdsaPublicKey k2)
-
compareSkEd25519Keys
public static boolean compareSkEd25519Keys(SkED25519PublicKey k1, SkED25519PublicKey k2)
-
-