2 * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.callhome.protocol;
10 import java.io.ByteArrayOutputStream;
11 import java.io.DataOutputStream;
12 import java.io.IOException;
13 import java.math.BigInteger;
14 import java.security.KeyFactory;
15 import java.security.NoSuchAlgorithmException;
16 import java.security.NoSuchProviderException;
17 import java.security.PublicKey;
18 import java.security.interfaces.DSAParams;
19 import java.security.interfaces.DSAPublicKey;
20 import java.security.interfaces.RSAPublicKey;
21 import java.security.spec.DSAPublicKeySpec;
22 import java.security.spec.ECPoint;
23 import java.security.spec.ECPublicKeySpec;
24 import java.security.spec.InvalidKeySpecException;
25 import java.security.spec.RSAPublicKeySpec;
26 import java.util.Arrays;
27 import java.util.HashMap;
29 import org.apache.sshd.common.util.Base64;
30 import org.apache.sshd.common.util.SecurityUtils;
31 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
32 import org.bouncycastle.jce.ECNamedCurveTable;
33 import org.bouncycastle.jce.ECPointUtil;
34 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
35 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
39 * FIXME: This should be probably located at AAA library
41 public class AuthorizedKeysDecoder {
43 private static final String KEY_FACTORY_TYPE_RSA = "RSA";
44 private static final String KEY_FACTORY_TYPE_DSA = "DSA";
45 private static final String KEY_FACTORY_TYPE_ECDSA = "EC";
47 private static Map<String, String> ECDSA_CURVES = new HashMap<>();
50 ECDSA_CURVES.put("nistp256", "secp256r1");
51 ECDSA_CURVES.put("nistp384", "secp384r1");
52 ECDSA_CURVES.put("nistp512", "secp512r1");
55 private static String ECDSA_SUPPORTED_CURVE_NAME = "nistp256";
56 private static String ECDSA_SUPPORTED_CURVE_NAME_SPEC = ECDSA_CURVES.get(ECDSA_SUPPORTED_CURVE_NAME);
58 private static final String KEY_TYPE_RSA = "ssh-rsa";
59 private static final String KEY_TYPE_DSA = "ssh-dss";
60 private static final String KEY_TYPE_ECDSA = "ecdsa-sha2-" + ECDSA_SUPPORTED_CURVE_NAME;
62 private byte[] bytes = new byte[0];
66 public PublicKey decodePublicKey(String keyLine) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException {
68 // look for the Base64 encoded part of the line to decode
69 // both ssh-rsa and ssh-dss begin with "AAAA" due to the length bytes
70 bytes = Base64.decodeBase64(keyLine.getBytes());
71 if (bytes.length == 0)
72 throw new IllegalArgumentException("No Base64 part to decode in " + keyLine);
75 String type = decodeType();
76 if (type.equals(KEY_TYPE_RSA))
79 if (type.equals(KEY_TYPE_DSA))
82 if (type.equals(KEY_TYPE_ECDSA))
83 return decodeAsECDSA();
85 throw new IllegalArgumentException("Unknown decode key type " + type + " in " + keyLine);
88 private PublicKey decodeAsECDSA()
89 throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
90 KeyFactory ecdsaFactory = SecurityUtils.getKeyFactory(KEY_FACTORY_TYPE_ECDSA);
92 ECNamedCurveParameterSpec spec256r1 = ECNamedCurveTable.getParameterSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC);
93 ECNamedCurveSpec params256r1 = new ECNamedCurveSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC, spec256r1.getCurve(), spec256r1.getG(), spec256r1.getN());
94 // copy last 65 bytes from ssh key.
95 ECPoint point = ECPointUtil.decodePoint(params256r1.getCurve(), Arrays.copyOfRange(bytes, 39, bytes.length));
96 ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params256r1);
98 return ecdsaFactory.generatePublic(pubKeySpec);
101 private PublicKey decodeAsDSA() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
102 KeyFactory dsaFactory = SecurityUtils.getKeyFactory(KEY_FACTORY_TYPE_DSA);
103 BigInteger p = decodeBigInt();
104 BigInteger q = decodeBigInt();
105 BigInteger g = decodeBigInt();
106 BigInteger y = decodeBigInt();
107 DSAPublicKeySpec spec = new DSAPublicKeySpec(y, p, q, g);
109 return dsaFactory.generatePublic(spec);
112 private PublicKey decodeAsRSA() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
113 KeyFactory rsaFactory = SecurityUtils.getKeyFactory(KEY_FACTORY_TYPE_RSA);
114 BigInteger exponent = decodeBigInt();
115 BigInteger modulus = decodeBigInt();
116 RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
118 return rsaFactory.generatePublic(spec);
121 private String decodeType() {
122 int len = decodeInt();
123 String type = new String(bytes, pos, len);
128 private int decodeInt() {
129 return ((bytes[pos++] & 0xFF) << 24) | ((bytes[pos++] & 0xFF) << 16)
130 | ((bytes[pos++] & 0xFF) << 8) | (bytes[pos++] & 0xFF);
133 private BigInteger decodeBigInt() {
134 int len = decodeInt();
135 byte[] bigIntBytes = new byte[len];
136 System.arraycopy(bytes, pos, bigIntBytes, 0, len);
138 return new BigInteger(bigIntBytes);
141 public static String encodePublicKey(PublicKey publicKey) throws IOException {
142 String publicKeyEncoded;
143 ByteArrayOutputStream byteOs = new ByteArrayOutputStream();
144 if (publicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_RSA)) {
145 RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
146 DataOutputStream dout = new DataOutputStream(byteOs);
147 dout.writeInt(KEY_TYPE_RSA.getBytes().length);
148 dout.write(KEY_TYPE_RSA.getBytes());
149 dout.writeInt(rsaPublicKey.getPublicExponent().toByteArray().length);
150 dout.write(rsaPublicKey.getPublicExponent().toByteArray());
151 dout.writeInt(rsaPublicKey.getModulus().toByteArray().length);
152 dout.write(rsaPublicKey.getModulus().toByteArray());
153 } else if (publicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_DSA)) {
154 DSAPublicKey dsaPublicKey = (DSAPublicKey) publicKey;
155 DSAParams dsaParams = dsaPublicKey.getParams();
156 DataOutputStream dout = new DataOutputStream(byteOs);
157 dout.writeInt(KEY_TYPE_DSA.getBytes().length);
158 dout.write(KEY_TYPE_DSA.getBytes());
159 dout.writeInt(dsaParams.getP().toByteArray().length);
160 dout.write(dsaParams.getP().toByteArray());
161 dout.writeInt(dsaParams.getQ().toByteArray().length);
162 dout.write(dsaParams.getQ().toByteArray());
163 dout.writeInt(dsaParams.getG().toByteArray().length);
164 dout.write(dsaParams.getG().toByteArray());
165 dout.writeInt(dsaPublicKey.getY().toByteArray().length);
166 dout.write(dsaPublicKey.getY().toByteArray());
167 } else if (publicKey.getAlgorithm().equals(KEY_FACTORY_TYPE_ECDSA)) {
168 BCECPublicKey ecPublicKey = (BCECPublicKey) publicKey;
169 DataOutputStream dout = new DataOutputStream(byteOs);
170 dout.writeInt(KEY_TYPE_ECDSA.getBytes().length);
171 dout.write(KEY_TYPE_ECDSA.getBytes());
172 dout.writeInt(ECDSA_SUPPORTED_CURVE_NAME.getBytes().length);
173 dout.write(ECDSA_SUPPORTED_CURVE_NAME.getBytes());
175 byte[] x = ecPublicKey.getQ().getAffineXCoord().getEncoded();
176 byte[] y = ecPublicKey.getQ().getAffineYCoord().getEncoded();
177 dout.writeInt(x.length + y.length + 1);
178 dout.writeByte(0x04);
182 throw new IllegalArgumentException("Unknown public key encoding: " + publicKey.getAlgorithm());
184 publicKeyEncoded = new String(Base64.encodeBase64(byteOs.toByteArray()));
185 return publicKeyEncoded;