Class KeyUtils
java.lang.Object
org.apache.sshd.common.config.keys.KeyUtils
Utility class for keys
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final Map<Class<?>,
PublicKeyEntryDecoder<?, ?>> private static final Map<String,
PublicKeyEntryDecoder<?, ?>> private static final AtomicReference<DigestFactory>
static final DigestFactory
The defaultFactory
ofDigest
s initialized as the value ofgetDefaultFingerPrintFactory()
if not overridden byKEY_FINGERPRINT_FACTORY_PROP
orsetDefaultFingerPrintFactory(DigestFactory)
static final BigInteger
The most commonly used RSA public key exponentstatic final String
Name of algorithm for DSS keys to be used when calling security providerstatic final String
Name of algorithm for EC keys to be used when calling security providerstatic final String
System property that can be used to control the default fingerprint factory used for keys.static final String
Name of algorithm for RSA keys to be used when calling security providerstatic final String
static final String
static final String
static final String
static final Set<PosixFilePermission>
TheSet
ofPosixFilePermission
not allowed if strict permissions are enforced on key files -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncheckFingerPrint
(String expected, PublicKey key) checkFingerPrint
(String expected, Digest d, PublicKey key) checkFingerPrint
(String expected, Factory<? extends Digest> f, PublicKey key) static KeyPair
cloneKeyPair
(String keyType, KeyPair kp) Performs a deep-clone of the originalKeyPair
- i.e., creates new public/private keys that are clones of the original onestatic boolean
compareDSAKeys
(DSAPrivateKey k1, DSAPrivateKey k2) static boolean
compareDSAKeys
(DSAPublicKey k1, DSAPublicKey k2) static boolean
compareDSAParams
(DSAParams p1, DSAParams p2) static boolean
compareECKeys
(ECPrivateKey k1, ECPrivateKey k2) static boolean
compareECKeys
(ECPublicKey k1, ECPublicKey k2) static boolean
static boolean
compareKeyPairs
(KeyPair k1, KeyPair k2) static boolean
compareKeys
(PrivateKey k1, PrivateKey k2) static boolean
compareKeys
(PublicKey k1, PublicKey k2) static boolean
static boolean
compareRSAKeys
(RSAPrivateKey k1, RSAPrivateKey k2) static boolean
compareRSAKeys
(RSAPublicKey k1, RSAPublicKey k2) static boolean
static boolean
static PublicKey
findMatchingKey
(PublicKey key, PublicKey... keySet) static PublicKey
findMatchingKey
(PublicKey key, Collection<? extends PublicKey> keySet) static KeyPair
generateKeyPair
(String keyType, int keySize) getAllEquivalentKeyTypes
(String keyType) static String
getCanonicalKeyType
(String keyType) static DigestFactory
static String
getFingerPrint
(String password) static String
getFingerPrint
(String password, Charset charset) static String
getFingerPrint
(PublicKey key) static String
getFingerPrint
(Digest d, String s) static String
getFingerPrint
(Digest d, String s, Charset charset) static String
getFingerPrint
(Digest d, PublicKey key) static String
getFingerPrint
(Factory<? extends Digest> f, String s) static String
getFingerPrint
(Factory<? extends Digest> f, String s, Charset charset) static String
getFingerPrint
(Factory<? extends Digest> f, PublicKey key) static int
getKeySize
(Key key) Determines the key size in bitsstatic String
getKeyType
(Key key) static String
getKeyType
(KeyPair kp) static PublicKeyEntryDecoder<?,
?> getPublicKeyEntryDecoder
(Class<?> keyType) static PublicKeyEntryDecoder<?,
?> getPublicKeyEntryDecoder
(String keyType) static PublicKeyEntryDecoder<?,
?> static PublicKeyEntryDecoder<?,
?> static byte[]
static byte[]
getRawFingerprint
(Digest d, PublicKey key) static byte[]
getRawFingerprint
(Factory<? extends Digest> f, PublicKey key) static NavigableSet<String>
static String
getSignatureAlgorithm
(String chosenAlgorithm, PublicKey key) static DSAPublicKey
recoverDSAPublicKey
(DSAPrivateKey privateKey) static RSAPublicKey
static PublicKey
static RSAPublicKey
recoverRSAPublicKey
(BigInteger modulus, BigInteger publicExponent) static RSAPublicKey
recoverRSAPublicKey
(BigInteger p, BigInteger q, BigInteger publicExponent) static RSAPublicKey
recoverRSAPublicKey
(RSAPrivateKey privateKey) registerCanonicalKeyTypes
(String keyType, Collection<String> aliases) Registers a collection of aliases to a canonical key typestatic void
registerPublicKeyEntryDecoder
(PublicKeyEntryDecoder<?, ?> decoder) static PublicKeyEntryDecoder<?,
?> registerPublicKeyEntryDecoderForKeyType
(String keyType, PublicKeyEntryDecoder<?, ?> decoder) static void
registerPublicKeyEntryDecoderKeyTypes
(PublicKeyEntryDecoder<?, ?> decoder) Registers the specified decoder for all the types itsupports
static void
static String
static NavigableSet<String>
unregisterPublicKeyEntryDecoder
(PublicKeyEntryDecoder<?, ?> decoder) static PublicKeyEntryDecoder<?,
?> Unregister the decoder registered for the specified key typestatic NavigableSet<String>
unregisterPublicKeyEntryDecoderKeyTypes
(PublicKeyEntryDecoder<?, ?> decoder) Unregisters the specified decoder for all the types it supportsvalidateStrictKeyFilePermissions
(Path path, LinkOption... options) Checks if a path has strict permissions
-
Field Details
-
RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security provider- See Also:
-
DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponent -
DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security provider- See Also:
-
EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security provider- See Also:
-
STRICTLY_PROHIBITED_FILE_PERMISSION
TheSet
ofPosixFilePermission
not allowed if strict permissions are enforced on key files -
KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys. If not set theDEFAULT_FINGERPRINT_DIGEST_FACTORY
is used- See Also:
-
DEFAULT_FINGERPRINT_DIGEST_FACTORY
The defaultFactory
ofDigest
s initialized as the value ofgetDefaultFingerPrintFactory()
if not overridden byKEY_FINGERPRINT_FACTORY_PROP
orsetDefaultFingerPrintFactory(DigestFactory)
-
RSA_SHA256_KEY_TYPE_ALIAS
-
RSA_SHA512_KEY_TYPE_ALIAS
- See Also:
-
RSA_SHA256_CERT_TYPE_ALIAS
- See Also:
-
RSA_SHA512_CERT_TYPE_ALIAS
- See Also:
-
DEFAULT_DIGEST_HOLDER
-
BY_KEY_TYPE_DECODERS_MAP
-
BY_KEY_CLASS_DECODERS_MAP
-
KEY_TYPE_ALIASES
-
SIGNATURE_ALGORITHM_MAP
-
-
Constructor Details
-
KeyUtils
private KeyUtils()
-
-
Method Details
-
validateStrictKeyFilePermissions
public static AbstractMap.SimpleImmutableEntry<String,Object> validateStrictKeyFilePermissions(Path path, LinkOption... options) throws IOException Checks if a path has strict permissions
-
The path may not have
PosixFilePermission.OTHERS_EXECUTE
permission -
(For
Unix
) The path may not have group or others permissions -
(For
Unix
) If the path is a file, then its folder may not have group or others permissions -
The path must be owned by current user.
-
(For
Unix
) The path may be owned by root. -
(For
Unix
) If the path is a file, then its folder must also have valid owner.
- Parameters:
path
- ThePath
to be checked - ignored ifnull
or does not existoptions
- TheLinkOption
s to use to query the file's permissions- Returns:
- The violated permission as
AbstractMap.SimpleImmutableEntry
where key is a message and value is the offending objectPosixFilePermission
orString
for owner -null
if no violations detected - Throws:
IOException
- If failed to retrieve the permissions- See Also:
-
-
generateKeyPair
- Parameters:
keyType
- The key type -OpenSSH
name - e.g.,ssh-rsa, ssh-dss
keySize
- The key size (in bits)- Returns:
- A
KeyPair
of the specified type and size - Throws:
GeneralSecurityException
- If failed to generate the key pair- See Also:
-
cloneKeyPair
Performs a deep-clone of the originalKeyPair
- i.e., creates new public/private keys that are clones of the original one- Parameters:
keyType
- The key type -OpenSSH
name - e.g.,ssh-rsa, ssh-dss
kp
- TheKeyPair
to clone - ignored ifnull
- Returns:
- The cloned instance
- Throws:
GeneralSecurityException
- If failed to clone the pair
-
registerPublicKeyEntryDecoder
- Parameters:
decoder
- The decoder to register- Throws:
IllegalArgumentException
- if no decoder or not key type or no supported names for the decoder- See Also:
-
registerPublicKeyEntryDecoderKeyTypes
Registers the specified decoder for all the types itsupports
- Parameters:
decoder
- The (nevernull
)decoder
to register- See Also:
-
registerPublicKeyEntryDecoderForKeyType
public static PublicKeyEntryDecoder<?,?> registerPublicKeyEntryDecoderForKeyType(String keyType, PublicKeyEntryDecoder<?, ?> decoder) - Parameters:
keyType
- The key (nevernull
/empty) key typedecoder
- The (nevernull
)decoder
to register- Returns:
- The previously registered decoder for this key type -
null
if none
-
unregisterPublicKeyEntryDecoder
public static NavigableSet<String> unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?, ?> decoder) - Parameters:
decoder
- The (nevernull
)decoder
to unregister- Returns:
- The case insensitive
NavigableSet
of all the effectively un-registered key types out of all thesupported
ones. - See Also:
-
unregisterPublicKeyEntryDecoderKeyTypes
public static NavigableSet<String> unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?, ?> decoder) Unregisters the specified decoder for all the types it supports- Parameters:
decoder
- The (nevernull
)decoder
to unregister- Returns:
- The case insensitive
NavigableSet
of all the effectively un-registered key types out of all thesupported
ones. - See Also:
-
unregisterPublicKeyEntryDecoderForKeyType
Unregister the decoder registered for the specified key type- Parameters:
keyType
- The key (nevernull
/empty) key type- Returns:
- The unregistered
PublicKeyEntryDecoder
-null
if none registered for this key type
-
getPublicKeyEntryDecoder
- Parameters:
keyType
- TheOpenSSH
key type string - e.g.,ssh-rsa, ssh-dss
- ignored ifnull
/empty- Returns:
- The registered
PublicKeyEntryDecoder
or {code null} if not found
-
getPublicKeyEntryDecoder
- Parameters:
kp
- TheKeyPair
to examine - ignored ifnull
- Returns:
- The matching
PublicKeyEntryDecoder
provided both the public and private keys have the same decoder -null
if no match found - See Also:
-
getPublicKeyEntryDecoder
- Parameters:
key
- TheKey
(public or private) - ignored ifnull
- Returns:
- The registered
PublicKeyEntryDecoder
for this key or {code null} if no match found - See Also:
-
getPublicKeyEntryDecoder
- Parameters:
keyType
- The keyClass
- ignored ifnull
or not aKey
compatible type- Returns:
- The registered
PublicKeyEntryDecoder
or {code null} if no match found
-
getDefaultFingerPrintFactory
- Returns:
- The default
DigestFactory
by thegetFingerPrint(PublicKey)
andgetFingerPrint(String)
methods - See Also:
-
setDefaultFingerPrintFactory
- Parameters:
f
- TheDigestFactory
ofDigest
s to be used - may not benull
-
getFingerPrint
- Parameters:
key
- the public key - ignored ifnull
- Returns:
- the fingerprint or
null
if no key. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
password
- TheString
to digest - ignored ifnull
/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
password
- TheString
to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
-
getFingerPrint
- Parameters:
d
- TheDigest
to usekey
- the public key - ignored ifnull
- Returns:
- the fingerprint or
null
if no key. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getRawFingerprint
- Throws:
Exception
-
getRawFingerprint
- Throws:
Exception
-
getRawFingerprint
- Throws:
Exception
-
getFingerPrint
- Parameters:
f
- TheFactory
to create theDigest
to uses
- TheString
to digest - ignored ifnull
/empty, otherwise its UTF-8 representation is used as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
- Parameters:
f
- TheFactory
to create theDigest
to uses
- TheString
to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input Note: if exception encountered then returns the exception's simple class name - See Also:
-
getFingerPrint
-
getFingerPrint
- Parameters:
d
- TheDigest
to use to calculate the fingerprints
- The string to digest - ignored ifnull
/emptycharset
- TheCharset
to use in order to convert the string to its byte representation to use as input for the fingerprint- Returns:
- The fingerprint -
null
ifnull
/empty input. Note: if exception encountered then returns the exception's simple class name - See Also:
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, PublicKey key) - Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.key
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
null
if no key. - See Also:
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Factory<? extends Digest> f, PublicKey key) - Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.f
- TheFactory
to be used to generate the defaultDigest
for the keykey
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
null
if no key.
-
checkFingerPrint
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Digest d, PublicKey key) - Parameters:
expected
- The expected fingerprint ifnull
or empty then returns a failure with the default fingerprint.d
- TheDigest
to be used to generate the default fingerprint for the keykey
- thePublicKey
- ifnull
then returns null.- Returns:
- SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
null
if no key.
-
getKeyType
- Parameters:
kp
- a key pair - ignored ifnull
. If the private key is non-null
then it is used to determine the type, otherwise the public one is used.- Returns:
- the key type or
null
if cannot determine it - See Also:
-
getKeyType
- Parameters:
key
- a public or private key- Returns:
- the key type or
null
if cannot determine it
-
getAllEquivalentKeyTypes
- Parameters:
keyType
- A key type name - ignored ifnull
/empty- Returns:
- A
List
of they canonical key name and all its aliases - See Also:
-
getCanonicalKeyType
- Parameters:
keyType
- The available key-type - ignored ifnull
/empty- Returns:
- The canonical key type - same as input if no alias registered for the provided key type
- See Also:
-
getRegisteredKeyTypeAliases
- Returns:
- A case insensitive
NavigableSet
of the currently registered key type "aliases". - See Also:
-
registerCanonicalKeyTypes
Registers a collection of aliases to a canonical key type- Parameters:
keyType
- The (nevernull
/empty) canonical namealiases
- The (nevernull
/empty) aliases- Returns:
- A
List
of the replaced aliases - empty if no previous aliases for the canonical name
-
unregisterCanonicalKeyTypeAlias
- Parameters:
alias
- The alias to unregister (ignored ifnull
/empty)- Returns:
- The associated canonical key type -
null
if alias not registered
-
getKeySize
Determines the key size in bits- Parameters:
key
- TheKey
to examine - ignored ifnull
- Returns:
- The key size - non-positive value if cannot determine it
-
findMatchingKey
-
findMatchingKey
-
compareKeyPairs
-
compareKeys
-
recoverPublicKey
- Throws:
GeneralSecurityException
-
compareKeys
-
compareRSAKeys
-
compareRSAKeys
-
compareOpenSSHCertificateKeys
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverFromRSAPrivateCrtKey
public static RSAPublicKey recoverFromRSAPrivateCrtKey(RSAPrivateCrtKey rsaKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
recoverRSAPublicKey
public static RSAPublicKey recoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
compareDSAKeys
-
compareDSAKeys
-
compareDSAParams
-
recoverDSAPublicKey
public static DSAPublicKey recoverDSAPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
compareECKeys
-
compareECKeys
-
compareECParams
-
compareSkEcdsaKeys
-
compareSkEd25519Keys
-
getSignatureAlgorithm
-