2 * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.topology.callhome;
10 import com.google.common.collect.ImmutableMap;
11 import java.io.ByteArrayOutputStream;
12 import java.io.DataOutput;
13 import java.io.DataOutputStream;
14 import java.io.IOException;
15 import java.math.BigInteger;
16 import java.nio.charset.StandardCharsets;
17 import java.security.GeneralSecurityException;
18 import java.security.KeyFactory;
19 import java.security.NoSuchAlgorithmException;
20 import java.security.Provider;
21 import java.security.PublicKey;
22 import java.security.Security;
23 import java.security.interfaces.DSAPublicKey;
24 import java.security.interfaces.RSAPublicKey;
25 import java.security.spec.DSAPublicKeySpec;
26 import java.security.spec.ECPoint;
27 import java.security.spec.ECPublicKeySpec;
28 import java.security.spec.RSAPublicKeySpec;
29 import java.util.Arrays;
30 import org.bouncycastle.jce.ECNamedCurveTable;
31 import org.bouncycastle.jce.ECPointUtil;
32 import org.bouncycastle.jce.interfaces.ECPublicKey;
33 import org.bouncycastle.jce.provider.BouncyCastleProvider;
34 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
35 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
36 import org.eclipse.jdt.annotation.NonNull;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev240129.SshPublicKey;
38 import org.slf4j.Logger;
39 import org.slf4j.LoggerFactory;
41 final class AuthorizedKeysDecoder {
42 private static final Logger LOG = LoggerFactory.getLogger(AuthorizedKeysDecoder.class);
44 private static final ImmutableMap<String, String> ECDSA_CURVES = ImmutableMap.<String, String>builder()
45 .put("nistp256", "secp256r1")
46 .put("nistp384", "secp384r1")
47 .put("nistp512", "secp512r1")
50 private static final String ECDSA_SUPPORTED_CURVE_NAME = "nistp256";
51 private static final byte[] ECDSA_SUPPORTED_CURVE_NAME_BYTES =
52 ECDSA_SUPPORTED_CURVE_NAME.getBytes(StandardCharsets.UTF_8);
53 private static final String ECDSA_SUPPORTED_CURVE_NAME_SPEC = ECDSA_CURVES.get(ECDSA_SUPPORTED_CURVE_NAME);
55 private static final String KEY_TYPE_RSA = "ssh-rsa";
56 private static final byte[] KEY_TYPE_RSA_BYTES = KEY_TYPE_RSA.getBytes(StandardCharsets.UTF_8);
58 private static final String KEY_TYPE_DSA = "ssh-dss";
59 private static final byte[] KEY_TYPE_DSA_BYTES = KEY_TYPE_DSA.getBytes(StandardCharsets.UTF_8);
60 private static final String KEY_TYPE_ECDSA = "ecdsa-sha2-" + ECDSA_SUPPORTED_CURVE_NAME;
61 private static final byte[] KEY_TYPE_ECDSA_BYTES = KEY_TYPE_ECDSA.getBytes(StandardCharsets.UTF_8);
63 private static final KeyFactory RSA_FACTORY;
64 private static final KeyFactory DSA_FACTORY;
65 private static final KeyFactory EC_FACTORY;
68 // Default provider fails to validate keys, see https://jira.opendaylight.org/browse/NETCONF-1249
69 var bcprov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
71 bcprov = new BouncyCastleProvider();
73 RSA_FACTORY = loadOrWarn("RSA", bcprov);
74 DSA_FACTORY = loadOrWarn("DSA", bcprov);
75 EC_FACTORY = loadOrWarn("EC", bcprov);
78 private static KeyFactory loadOrWarn(final String algorithm, final Provider provider) {
80 return KeyFactory.getInstance(algorithm, provider);
81 } catch (NoSuchAlgorithmException e) {
82 LOG.warn("KeyFactory for {} not found", algorithm, e);
87 private final byte[] bytes;
90 private AuthorizedKeysDecoder(final SshPublicKey keyLine) {
91 bytes = keyLine.getValue();
94 static @NonNull PublicKey decodePublicKey(final @NonNull SshPublicKey keyLine) throws GeneralSecurityException {
95 final var instance = new AuthorizedKeysDecoder(keyLine);
96 final var type = instance.decodeType();
97 return switch (type) {
98 case KEY_TYPE_RSA -> instance.decodeAsRSA();
99 case KEY_TYPE_DSA -> instance.decodeAsDSA();
100 case KEY_TYPE_ECDSA -> instance.decodeAsEcDSA();
101 default -> throw new NoSuchAlgorithmException("Unknown decode key type " + type + " in " + keyLine);
105 static @NonNull SshPublicKey encodePublicKey(final PublicKey publicKey) throws IOException {
106 final var baos = new ByteArrayOutputStream();
108 try (var dout = new DataOutputStream(baos)) {
109 if (publicKey instanceof RSAPublicKey rsa) {
110 dout.writeInt(KEY_TYPE_RSA_BYTES.length);
111 dout.write(KEY_TYPE_RSA_BYTES);
112 encodeBigInt(dout, rsa.getPublicExponent());
113 encodeBigInt(dout, rsa.getModulus());
114 } else if (publicKey instanceof DSAPublicKey dsa) {
115 final var dsaParams = dsa.getParams();
116 dout.writeInt(KEY_TYPE_DSA_BYTES.length);
117 dout.write(KEY_TYPE_DSA_BYTES);
118 encodeBigInt(dout, dsaParams.getP());
119 encodeBigInt(dout, dsaParams.getQ());
120 encodeBigInt(dout, dsaParams.getG());
121 encodeBigInt(dout, dsa.getY());
122 } else if (publicKey instanceof ECPublicKey ec) {
123 dout.writeInt(KEY_TYPE_ECDSA_BYTES.length);
124 dout.write(KEY_TYPE_ECDSA_BYTES);
125 dout.writeInt(ECDSA_SUPPORTED_CURVE_NAME_BYTES.length);
126 dout.write(ECDSA_SUPPORTED_CURVE_NAME_BYTES);
128 final var q = ec.getQ();
129 final var coordX = q.getAffineXCoord().getEncoded();
130 final var coordY = q.getAffineYCoord().getEncoded();
131 dout.writeInt(coordX.length + coordY.length + 1);
132 dout.writeByte(0x04);
136 throw new IOException("Unknown public key encoding: " + publicKey);
139 return new SshPublicKey(baos.toByteArray());
142 private @NonNull PublicKey decodeAsEcDSA() throws GeneralSecurityException {
143 if (EC_FACTORY == null) {
144 throw new NoSuchAlgorithmException("ECDSA keys are not supported");
147 ECNamedCurveParameterSpec spec256r1 = ECNamedCurveTable.getParameterSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC);
148 ECNamedCurveSpec params256r1 = new ECNamedCurveSpec(
149 ECDSA_SUPPORTED_CURVE_NAME_SPEC, spec256r1.getCurve(), spec256r1.getG(), spec256r1.getN());
150 // copy last 65 bytes from ssh key.
151 ECPoint point = ECPointUtil.decodePoint(params256r1.getCurve(), Arrays.copyOfRange(bytes, 39, bytes.length));
152 return EC_FACTORY.generatePublic(new ECPublicKeySpec(point, params256r1));
155 private @NonNull PublicKey decodeAsDSA() throws GeneralSecurityException {
156 if (DSA_FACTORY == null) {
157 throw new NoSuchAlgorithmException("RSA keys are not supported");
160 final var p = decodeBigInt();
161 final var q = decodeBigInt();
162 final var g = decodeBigInt();
163 final var y = decodeBigInt();
164 return DSA_FACTORY.generatePublic(new DSAPublicKeySpec(y, p, q, g));
167 private @NonNull PublicKey decodeAsRSA() throws GeneralSecurityException {
168 if (RSA_FACTORY == null) {
169 throw new NoSuchAlgorithmException("RSA keys are not supported");
172 final var exponent = decodeBigInt();
173 final var modulus = decodeBigInt();
174 return RSA_FACTORY.generatePublic(new RSAPublicKeySpec(modulus, exponent));
177 private String decodeType() {
178 int len = decodeInt();
179 String type = new String(bytes, pos, len, StandardCharsets.UTF_8);
184 private int decodeInt() {
185 return (bytes[pos++] & 0xFF) << 24 | (bytes[pos++] & 0xFF) << 16
186 | (bytes[pos++] & 0xFF) << 8 | bytes[pos++] & 0xFF;
189 private BigInteger decodeBigInt() {
190 int len = decodeInt();
191 byte[] bigIntBytes = new byte[len];
192 System.arraycopy(bytes, pos, bigIntBytes, 0, len);
194 return new BigInteger(bigIntBytes);
197 private static void encodeBigInt(final DataOutput out, final BigInteger value) throws IOException {
198 final var bytes = value.toByteArray();
199 out.writeInt(bytes.length);