Provide a realistic SFTP public key
* Provide a more realistic SFTP configuration example, utilizing `~/.ssh/known_hosts` based on the `PublickeyAuthenticator` support from Apache MINA.
This commit is contained in:
@@ -18,18 +18,14 @@ package org.springframework.integration.samples.sftp;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.math.BigInteger;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.PublicKey;
|
||||
import java.security.spec.RSAPublicKeySpec;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
|
||||
import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
|
||||
import org.apache.sshd.server.SshServer;
|
||||
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
|
||||
import org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator;
|
||||
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
|
||||
import org.apache.sshd.sftp.server.SftpSubsystemFactory;
|
||||
|
||||
@@ -37,8 +33,6 @@ import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.context.SmartLifecycle;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.integration.sftp.session.DefaultSftpSessionFactory;
|
||||
import org.springframework.util.Base64Utils;
|
||||
import org.springframework.util.StreamUtils;
|
||||
|
||||
/**
|
||||
* @author Artem Bilan
|
||||
@@ -68,8 +62,7 @@ public class EmbeddedSftpServer implements InitializingBean, SmartLifecycle {
|
||||
|
||||
@Override
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
final PublicKey allowedKey = decodePublicKey();
|
||||
this.server.setPublickeyAuthenticator((username, key, session) -> key.equals(allowedKey));
|
||||
this.server.setPublickeyAuthenticator(getPublickeyAuthenticator());
|
||||
this.server.setPort(this.port);
|
||||
this.server.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(new File("hostkey.ser").toPath()));
|
||||
server.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
|
||||
@@ -78,35 +71,9 @@ public class EmbeddedSftpServer implements InitializingBean, SmartLifecycle {
|
||||
server.setFileSystemFactory(new VirtualFileSystemFactory(Paths.get(pathname)));
|
||||
}
|
||||
|
||||
private PublicKey decodePublicKey() throws Exception {
|
||||
InputStream stream = new ClassPathResource("META-INF/keys/sftp_rsa.pub").getInputStream();
|
||||
byte[] keyBytes = StreamUtils.copyToByteArray(stream);
|
||||
// strip any newline chars
|
||||
while (keyBytes[keyBytes.length - 1] == 0x0a || keyBytes[keyBytes.length - 1] == 0x0d) {
|
||||
keyBytes = Arrays.copyOf(keyBytes, keyBytes.length - 1);
|
||||
}
|
||||
byte[] decodeBuffer = Base64Utils.decode(keyBytes);
|
||||
ByteBuffer bb = ByteBuffer.wrap(decodeBuffer);
|
||||
int len = bb.getInt();
|
||||
byte[] type = new byte[len];
|
||||
bb.get(type);
|
||||
if ("ssh-rsa".equals(new String(type))) {
|
||||
BigInteger e = decodeBigInt(bb);
|
||||
BigInteger m = decodeBigInt(bb);
|
||||
RSAPublicKeySpec spec = new RSAPublicKeySpec(m, e);
|
||||
return KeyFactory.getInstance("RSA").generatePublic(spec);
|
||||
|
||||
}
|
||||
else {
|
||||
throw new IllegalArgumentException("Only supports RSA");
|
||||
}
|
||||
}
|
||||
|
||||
private BigInteger decodeBigInt(ByteBuffer bb) {
|
||||
int len = bb.getInt();
|
||||
byte[] bytes = new byte[len];
|
||||
bb.get(bytes);
|
||||
return new BigInteger(bytes);
|
||||
private PublickeyAuthenticator getPublickeyAuthenticator() throws Exception {
|
||||
Path path = new ClassPathResource("META-INF/keys/sftp_known_hosts").getFile().toPath();
|
||||
return new AuthorizedKeysAuthenticator(path);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
localhost ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMQB/vTCY6QEF+/P73ZQZzgj5LBUG8gKPbAXdWcE/X0g3jgsPpxb7+NGiqNpP+oVIQsL9Q7TBsv1/X7xc6sd6SmM/UTP8LF0zlf0GSvEehC2BT98GCiDqI8BKpZjG6O8+pPEBY8M5iGOLtDUSzlhzyV7kPcADYLHl/z1fssU+x2UML7BoSmgh0XPc2u+Gv6+58SVk2ipAZOmaWZDyzWAc3sczz/DkQeR/cpj047HVc1Zb/M5a4ajYI18Ka+mVhKeiQnHc3NKwE6ZxcwlacbVK/feypfperHQOlj6Ee6f6huhnVx9x42V11A41Toh98WI2EVDequ4EcTxHHJntJhpbd
|
||||
@@ -1 +0,0 @@
|
||||
AAAAB3NzaC1yc2EAAAADAQABAAABAQDMQB/vTCY6QEF+/P73ZQZzgj5LBUG8gKPbAXdWcE/X0g3jgsPpxb7+NGiqNpP+oVIQsL9Q7TBsv1/X7xc6sd6SmM/UTP8LF0zlf0GSvEehC2BT98GCiDqI8BKpZjG6O8+pPEBY8M5iGOLtDUSzlhzyV7kPcADYLHl/z1fssU+x2UML7BoSmgh0XPc2u+Gv6+58SVk2ipAZOmaWZDyzWAc3sczz/DkQeR/cpj047HVc1Zb/M5a4ajYI18Ka+mVhKeiQnHc3NKwE6ZxcwlacbVK/feypfperHQOlj6Ee6f6huhnVx9x42V11A41Toh98WI2EVDequ4EcTxHHJntJhpbd
|
||||
Reference in New Issue
Block a user