sshpropertyhandler.java

一个非常好的ssh客户端实现

    }

    public void setAlias(String alias) {
	if(sshHomeDir == null)
	    return;
	currentAlias     = alias;
	currentPropsFile = sshHomeDir + alias + PROPS_FILE_EXT;
    }

    public String getAlias() {
	return currentAlias;
    }

    public void loadAliasFile(String alias, boolean promptPwd) throws IOException {
	String oldAlias = currentAlias;
	setAlias(alias);
	if(oldAlias == null || !oldAlias.equals(alias)) {
	    loadProperties(currentPropsFile, promptPwd);
	}
    }

    public String[] availableAliases() {
	if(sshHomeDir == null)
	    return null;

        if (com.mindbright.util.Util.isNetscapeJava()) {
            try {
                netscape.security.PrivilegeManager.enablePrivilege("UniversalFileAccess");
            } catch (netscape.security.ForbiddenTargetException e) {
            }
        }
        
	// sshHomeDir always ends with a trailing File.separator. Strip before we
	// try to create it (some platforms don't like ending 'separator' in name)
	//
	File dir = new File(sshHomeDir.substring(0, sshHomeDir.length() - 1));
	String[] list, alist;
	int  i, cnt = 0;

	list = dir.list();
	for(i = 0; i < list.length; i++) {
	    if(!list[i].endsWith(PROPS_FILE_EXT)) {
		list[i] = null;
		cnt++;
	    }
	}
	if(cnt == list.length)
	    return null;
	alist = new String[list.length - cnt];
	cnt = 0;
	for(i = 0; i < list.length; i++) {
	    if(list[i] != null) {
		int pi = list[i].lastIndexOf(PROPS_FILE_EXT);
		alist[cnt++] = list[i].substring(0, pi);
	    }
	}

	return alist;
    }

    public boolean isAlias(String alias) {
	String[] aliases = availableAliases();
	boolean  isAlias = false;
	if(aliases != null) {
	    for(int i = 0; i < aliases.length; i++)
		if(alias.equals(aliases[i])) {
		    isAlias = true;
		    break;
		}
	}
	return isAlias;
    }

    public boolean isAbsolutFile(String fileName) {
	if(sshHomeDir == null)
	    return false;

        if (com.mindbright.util.Util.isNetscapeJava()) {
            try {
                netscape.security.PrivilegeManager.enablePrivilege("UniversalFileAccess");
            } catch (netscape.security.ForbiddenTargetException e) {
            }
        }
        
	File file = new File(fileName);
	return (file.isFile() && file.exists());
    }

    public Terminal getTerminal() {
	if(client == null || client.console == null)
	    return null;
	Terminal term = client.console.getTerminal();
	return term;
    }

    public void removeLocalTunnelAt(int idx, boolean kill) {
	int i, sz = client.localForwards.size();
	props.remove("local" + idx);
	for(i = idx; i < sz - 1; i++) {
	    props.put("local" + i, props.get("local" + (i + 1)));
	    props.remove("local" + (i + 1));
	}
	propsChanged = true;
	if(kill) {
	    SSHClient.LocalForward fwd = (SSHClient.LocalForward)client.localForwards.elementAt(idx);
	    client.delLocalPortForward(fwd.localHost, fwd.localPort);
	} else {
	    client.localForwards.removeElementAt(idx);
	}
    }

    public void removeRemoteTunnelAt(int idx) {
	int i, sz = client.remoteForwards.size();
	props.remove("remote" + idx);
	for(i = idx; i < sz - 1; i++) {
	    props.put("remote" + i, props.get("remote" + (i + 1)));
	    props.remove("remote" + (i + 1));
	}
	propsChanged = true;
	if(client.isSSH2) {
	    SSHClient.RemoteForward fwd = (SSHClient.RemoteForward)
		client.remoteForwards.elementAt(idx);
	    if(fwd != null) {
		client.delRemotePortForward(fwd.remotePort);
	    }
	} else {
	    client.remoteForwards.removeElementAt(idx);
	}
    }

    public Object[] parseForwardSpec(String spec)
	throws IllegalArgumentException
    {
	int    d1, d2, d3;
	String tmp;
	Object[] components = new Object[5];

	if(spec.startsWith("/")) {
	    int i = spec.indexOf('/', 1);
	    if(i == 0) {
		throw new IllegalArgumentException("Invalid port forward spec. "
						   + spec);
	    }
	    components[0] = spec.substring(1, i);
	    spec = spec.substring(i + 1);
	} else {
	    components[0] = "general";
	}

	d1 = spec.indexOf(':');
	d2 = spec.lastIndexOf(':');
	if(d1 == d2)
	    throw new IllegalArgumentException("Invalid port forward spec. " +
					       spec);

	d3 = spec.indexOf(':', d1 + 1);

	if(d3 != d2) {
	    components[1] = spec.substring(0, d1);
	    components[2] = Integer.valueOf(spec.substring(d1 + 1, d3));
	    components[3] = spec.substring(d3 + 1, d2);
	} else {
	    components[1] = client.getLocalAddr().getHostAddress();
	    components[2] = Integer.valueOf(spec.substring(0, d1));
	    components[3] = spec.substring(d1 + 1, d2);
	}

	tmp = spec.substring(d2 + 1);
	components[4] = Integer.valueOf(tmp);

	return components;
    }

    public void addLocalPortForward(String fwdSpec, boolean commit)
	throws IllegalArgumentException, IOException
    {
	Object[] components = parseForwardSpec(fwdSpec);
	if(commit) {
	    client.addLocalPortForward((String)components[1],
				       ((Integer)components[2]).intValue(),
				       (String)components[3],
				       ((Integer)components[4]).intValue(),
				       (String)components[0]);
	}
    }

    public void addRemotePortForward(String fwdSpec, boolean commit)
	throws IllegalArgumentException
    {
	Object[] components = parseForwardSpec(fwdSpec);
	if(commit) {
	    client.addRemotePortForward((String)components[1],
				       ((Integer)components[2]).intValue(),
				       (String)components[3],
				       ((Integer)components[4]).intValue(),
				       (String)components[0]);
	}
    }

    //
    // SSHAuthenticator interface
    //
    public String getUsername(SSHClientUser origin) throws IOException {
	String username = getProperty("username");
	if(kludgeSrvPrompt ||
	   !interactor.quietPrompts() ||
	   (username == null || username.equals(""))) {
	    String username2 = interactor.promptLine(getProperty("server") + " login: ", username);
	    if(!username2.equals(username)) {
		clearPasswords();
		username = username2;
	    }
	    setProperty("username", username); // Changing the user name does not save new properties...
	}
	return username;
    }

    public String getPassword(SSHClientUser origin) throws IOException {
	String password = getProperty("password");
	if(password == null) {
	    password = interactor.promptPassword(getProperty("username") + "@" +
						 getProperty("server") + "'s password: ");
	    setProperty("password", password);
	}
	return password;
    }

    public String getChallengeResponse(SSHClientUser origin, String challenge) throws IOException {
	String tisPassword = getProperty("tispassword");
	if(tisPassword == null) {
	    tisPassword = interactor.promptPassword(challenge);
	    setProperty("tispassword", tisPassword);
	}
	return tisPassword;
    }

    public int[] getAuthTypes(SSHClientUser origin) {
	return SSH.getAuthTypes(getProperty("auth-method"));
    }

    public int getCipher(SSHClientUser origin) {
	int cipher = SSH.getCipherType(getProperty("ssh1-cipher"));
	if(cipher == SSH.CIPHER_NOTSUPPORTED) {
	    interactor.report("Cipher '" + getProperty("ssh1-cipher") +
			      "' not supported in ssh1, using default");
	    resetProperty("ssh1-cipher");
	}
	return SSH.getCipherType(getProperty("ssh1-cipher"));
    }

    public SSHRSAKeyFile getIdentityFile(SSHClientUser origin) throws IOException {
	String idFile = getProperty("private-key");
	if(idFile.indexOf(File.separator) == -1) {
	    idFile = sshHomeDir + idFile;
	}

        if (com.mindbright.util.Util.isNetscapeJava()) {
            try {
                netscape.security.PrivilegeManager.enablePrivilege("UniversalFileAccess");
            } catch (netscape.security.ForbiddenTargetException e) {
            }
        }
        
	keyFile = new SSHRSAKeyFile(idFile);
	return keyFile;
    }

    public String getIdentityPassword(SSHClientUser origin) throws IOException {
	String rsaPassword = getProperty("passphrase");
	if(rsaPassword == null) {
	    rsaPassword = interactor.promptPassword("key file '" + keyFile.getComment() +
						    "' password: ");
	    setProperty("passphrase", rsaPassword);
	}
	return rsaPassword;
    }

    public String getIdentityPassword(String prompt)
	throws IOException
    {
	String rsaPassword = getProperty("passphrase");
	if(rsaPassword == null) {
	    rsaPassword = interactor.promptPassword(prompt);
	    setProperty("passphrase", rsaPassword);
	}
	return rsaPassword;
    }

    // !!! TODO Make SSHHostKeyVerify which can do both ssh1 and ssh2
    // !!! verifyHostKey(PublicKey key, byte[] keyBlob, String type)
    //
    public boolean verifyKnownHosts(RSAPublicKey hostPub) throws IOException {
	File        tmpFile;
	String      fileName     = null;
	InputStream knownHostsIn = null;
	int         hostCheck    = 0;
	boolean     confirm      = true;
	boolean     strict       = strictHostKeyCheck();

	byte[] rawN = hostPub.getModulus().toByteArray();
	byte[] rawE = hostPub.getPublicExponent().toByteArray();
	int nCutZero = ((rawN[0] == 0) ? 1 : 0);
	int eCutZero = ((rawE[0] == 0) ? 1 : 0);

	byte[] blob = new byte[rawN.length + rawE.length - nCutZero - eCutZero];
	System.arraycopy(rawN, nCutZero, blob , 0, rawN.length - nCutZero);
	System.arraycopy(rawE, eCutZero, blob , rawN.length - nCutZero,
			 rawE.length - eCutZero);
	showFingerprint(blob, "rsa1");

	SSHRSAPublicKeyFile file = null;

	knownHostsIn = this.getClass().getResourceAsStream("/defaults/known_hosts.txt");

	try {
	    boolean tryingResource = true;
	    while(tryingResource) {
		if(knownHostsIn != null) {
		    fileName = "<resource>/defaults/known_hosts.txt";
		    if(interactor.isVerbose())
			interactor.report("Found preinstalled 'known_hosts' file.");
		} else {
		    tryingResource = false;
		    if(sshHomeDir == null && !strict) {
			if(interactor.isVerbose())
			    interactor.report("File operations disabled, server identity can't be verified");
			return true;
		    }

                    if (com.mindbright.util.Util.isNetscapeJava()) {
                        try {
                            netscape.security.PrivilegeManager.enablePrivilege("UniversalFileAccess");
                        } catch (netscape.security.ForbiddenTargetException e) {
                        }
                    }
                    
		    fileName = sshHomeDir + knownHosts;
		    tmpFile = new File(fileName);

		    if(!tmpFile.exists()) {
			if(interactor.askConfirmation("File '"  + fileName + "' not found, create it?", true)) {
			    FileOutputStream f = new FileOutputStream(tmpFile);
			    f.close();
			} else if(!strict) {
			    interactor.report("Verification of server key disabled in this session.");
			    return true;
			}
		    }

		    knownHostsIn = new FileInputStream(fileName);
		}

		file = new SSHRSAPublicKeyFile(knownHostsIn, fileName, true);

		if((hostCheck = file.checkPublic(hostPub.getModulus(), getProperty("server"))) ==
		   SSH.SRV_HOSTKEY_KNOWN)
		    return true;

		if(tryingResource) {
		    if(!interactor.askConfirmation("Host was not found in preinstalled 'known_hosts' file! Continue anyway?", false))
			return false;
		}

		knownHostsIn = null;
	    }

	    if(strict) {
		strictHostFailed();
		return false;
	    }

	    if(hostCheck == SSH.SRV_HOSTKEY_NEW) {
		if(!askSaveKeyConfirmation(fileName)) {
		    return true;
		}
		confirm = true;
	    } else {
		confirm = askChangeKeyConfirmation();
		file.removePublic(getProperty("server"));
	    }

	    if(confirm) {
		file.addPublic(getProperty("server"), null,
			       hostPub.getPublicExponent(),
			       hostPub.getModulus());
		tmpFile      = new File(fileName + ".tmp");
		File oldFile = new File(fileName);
		oldFile.renameTo(tmpFile);
		try {
		    file.saveToFile(fileName);
		} catch (IOException e) {
		    oldFile = new File(fileName);
		    tmpFile.renameTo(oldFile);
		    throw e;
		}
		tmpFile.delete();
	    } else {
		return false;
	    }
	} finally {
	    try { knownHostsIn.close(); } catch (Exception e) {}  
	}

	return true;
    }

    public boolean verifyKnownSSH2Hosts(SSHInteractiveClient cli,
					SSH2Signature serverHostKey)
	throws IOException, SSH2Exception
    {