Class KeyExchanger
java.lang.Object
net.schmizz.sshj.transport.KeyExchanger
- All Implemented Interfaces:
ErrorNotifiable, SSHPacketHandler
Algorithm negotiation and key exchange.
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from interface ErrorNotifiable
ErrorNotifiable.Util -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final Queue<AlgorithmsVerifier> private Proposalprivate final Event<TransportException> private KeyExchanger.ExpectedWhat we are expecting from the next packetprivate final Queue<HostKeyVerifier> HostKeyVerifier.verify(String, int, java.security.PublicKey)is invoked byverifyHost(PublicKey)when we are ready to verify the the server's host key.private final AtomicBooleanprivate KeyExchangeInstance of negotiated key exchange algorithmprivate final Event<TransportException> private final AtomicBooleanprivate final org.slf4j.Loggerprivate NegotiatedAlgorithmsprivate byte[]Computed session IDprivate final AtomicBooleanprivate final TransportImpl -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) voidaddAlgorithmsVerifier(AlgorithmsVerifier verifier) (package private) voidAdd a callback for host key verification.private voidprivate static voidensureReceivedMatchesExpected(Message got, Message expected) findKnownHostAlgs(String hostname, int port) (package private) byte[]Returns the session identifier computed during key exchange.private voidgotKexInit(SSHPacket buf) private voidprivate voidgotStrictKexInfo(Proposal serverProposal) voidDelegate handling of some SSH packet to this object.(package private) boolean(package private) boolean(package private) booleanprivate booleanKey exchange can be initiated exactly once while connecting or later after authentication when re-keying.(package private) booleanvoidnotifyError(SSHException error) Notifies this object of anerror.private static byte[]resizedKey(byte[] E, int blockSize, Digest hash, BigInteger K, byte[] H) Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.private voidSends SSH_MSG_KEXINIT and sets thekexInitSentevent.private voidprivate void(package private) voidstartKex(boolean waitForDone) Starts key exchange by sending aSSH_MSG_KEXINITpacket.private voidverifyHost(PublicKey key) Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers)(package private) void
-
Field Details
-
log
private final org.slf4j.Logger log -
transport
-
hostVerifiers
HostKeyVerifier.verify(String, int, java.security.PublicKey)is invoked byverifyHost(PublicKey)when we are ready to verify the the server's host key. -
algorithmVerifiers
-
kexOngoing
-
initialKex
-
strictKex
-
expected
What we are expecting from the next packet -
kex
Instance of negotiated key exchange algorithm -
sessionID
private byte[] sessionIDComputed session ID -
clientProposal
-
negotiatedAlgs
-
kexInitSent
-
done
-
-
Constructor Details
-
KeyExchanger
KeyExchanger(TransportImpl trans)
-
-
Method Details
-
addHostKeyVerifier
Add a callback for host key verification. Any of theHostKeyVerifierimplementations added this way can deem a host key to be acceptable, allowing key exchange to successfully complete. Otherwise, aTransportExceptionwill result during key exchange.- Parameters:
hkv- object whoseHostKeyVerifier.verify(String, int, PublicKey)method will be invoked
-
addAlgorithmsVerifier
-
getSessionID
byte[] getSessionID()Returns the session identifier computed during key exchange.- Returns:
- session identifier as a byte array
-
isKexDone
boolean isKexDone()- Returns:
- whether key exchange has been completed
-
isKexOngoing
boolean isKexOngoing()- Returns:
- whether key exchange is currently ongoing
-
isStrictKex
boolean isStrictKex() -
isInitialKex
boolean isInitialKex() -
startKex
Starts key exchange by sending aSSH_MSG_KEXINITpacket. Key exchange needs to be done once mandatorily after initializing theTransportfor it to be usable and may be initiated at any later point e.g. ifalgorithmshave changed and should be renegotiated.- Parameters:
waitForDone- whether should block till key exchange completed- Throws:
TransportException- if there is an error during key exchange
-
isKeyExchangeAllowed
private boolean isKeyExchangeAllowed()Key exchange can be initiated exactly once while connecting or later after authentication when re-keying. -
waitForDone
- Throws:
TransportException
-
ensureKexOngoing
- Throws:
TransportException
-
ensureReceivedMatchesExpected
private static void ensureReceivedMatchesExpected(Message got, Message expected) throws TransportException - Throws:
TransportException
-
sendKexInit
Sends SSH_MSG_KEXINIT and sets thekexInitSentevent.- Throws:
TransportException
-
findKnownHostAlgs
-
sendNewKeys
- Throws:
TransportException
-
verifyHost
Tries to validate host key with all the host key verifiers known to this instance (hostVerifiers)- Parameters:
key- the host key to verify- Throws:
TransportException
-
setKexDone
private void setKexDone() -
gotKexInit
- Throws:
TransportException
-
gotStrictKexInfo
- Throws:
TransportException
-
resizedKey
Private method used while putting new keys into use that will resize the key used to initialize the cipher to the needed length.- Parameters:
E- the key to resizeblockSize- the cipher block sizehash- the hash algorithmK- the key exchange K parameterH- the key exchange H parameter- Returns:
- the resized key
-
gotNewKeys
private void gotNewKeys() -
handle
Description copied from interface:SSHPacketHandlerDelegate handling of some SSH packet to this object.- Specified by:
handlein interfaceSSHPacketHandler- Parameters:
msg- the SSHmessage identifierbuf-SSHPacketcontaining rest of the request- Throws:
TransportException
-
notifyError
Description copied from interface:ErrorNotifiableNotifies this object of anerror.- Specified by:
notifyErrorin interfaceErrorNotifiable
-