use of com.gitblit.transport.ssh.SshKey in project gitblit by gitblit.
the class SshKeysDispatcherTest method testKeysAddCommand.
@Test
public void testKeysAddCommand() throws Exception {
KeyPair kp = generator.generateKeyPair();
SshKey key = new SshKey(kp.getPublic());
testSshCommand("keys add --permission R", key.getRawData());
List<SshKey> keys = getKeyManager().getKeys(username);
assertEquals(String.format("There are %d keys!", keys.size()), 3, keys.size());
assertEquals(AccessPermission.CLONE, keys.get(2).getPermission());
String result = testSshCommand("keys ls -L");
StringBuilder sb = new StringBuilder();
for (SshKey sk : keys) {
sb.append(sk.getRawData());
sb.append(System.getProperty("line.separator", "\n"));
}
sb.setLength(sb.length() - System.getProperty("line.separator", "\n").length());
assertEquals(sb.toString(), result);
}
use of com.gitblit.transport.ssh.SshKey in project gitblit by gitblit.
the class LdapPublicKeyManagerTest method getPubKey.
private String getPubKey(String type, String comment, KeyPairGenerator generator) {
KeyPair kp = getKeyPair(type, comment, generator);
if (kp == null) {
return null;
}
SshKey sk = new SshKey(kp.getPublic());
sk.setComment(comment);
return sk.getRawData();
}
use of com.gitblit.transport.ssh.SshKey in project gitblit by gitblit.
the class LdapPublicKeyManagerTest method testGetKeysPrefixedPermissions.
@Test
public void testGetKeysPrefixedPermissions() throws LDAPException {
// This test is independent from authentication mode, so run only once.
assumeTrue(authMode == AuthMode.ANONYMOUS);
String keyRsaOne = getRsaPubKey("UserOne@example.com");
String keyRsaTwo = getRsaPubKey("UserTwo at example.com");
String keyDsaTwo = getDsaPubKey("UserTwo@example.com");
String keyRsaThree = getRsaPubKey("example.com: user Three");
String keyDsaThree = getDsaPubKey("");
String keyEcThree = getEcPubKey(" ");
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "permitopen=\"host:220\"" + keyRsaOne));
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "sshkey:" + " " + keyRsaTwo));
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHKEY :" + "no-agent-forwarding " + keyDsaTwo));
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " command=\"sh /etc/netstart tun0 \" " + keyRsaThree));
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " command=\"netstat -nult\",environment=\"gb=\\\"What now\\\"\" " + keyDsaThree));
getDS().modify(DN_USER_ONE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",command=\"netstat -nult\",environment=\"gbPerms=VIEW\" " + keyEcThree));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "environment=\"gbPerm=R\" " + keyRsaOne));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHKey : " + " restrict,environment=\"gbPerm=V\",permitopen=\"sshkey: 220\" " + keyRsaTwo));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "permitopen=\"sshkey: 443\",restrict,environment=\"gbPerm=RW\",pty " + keyDsaTwo));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"gbPerm=CLONE\",permitopen=\"pubkey: 29184\",environment=\"X=\\\" Y \\\"\" " + keyRsaThree));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " environment=\"A = B \",from=\"*.example.com,!pc.example.com\",environment=\"gbPerm=VIEW\" " + keyDsaThree));
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",environment=\"gbPerm=PUSH\",environemnt=\"XYZ='Ali Baba'\" " + keyEcThree));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "environment=\"gbPerm=R\",environment=\"josh=\\\"mean\\\"\",tunnel=\"0\" " + keyRsaOne));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey : " + " environment=\" gbPerm = V \" " + keyRsaTwo));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "SSHkey: " + "command=\"sh echo \\\"Nope, not you! \\b (bell)\\\" \",user-rc,environment=\"gbPerm=RW\" " + keyDsaTwo));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"gbPerm=VIEW\",command=\"sh /etc/netstart tun0 \",environment=\"gbPerm=CLONE\",no-pty " + keyRsaThree));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + " command=\"netstat -nult\",environment=\"gbPerm=VIEW\" " + keyDsaThree));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "pubkey: " + "environment=\"SSH=git\",command=\"netstat -nult\",environment=\"gbPerm=PUSH\" " + keyEcThree));
// Weird stuff, not to specification but shouldn't make it stumble.
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", "opttest: " + "permitopen=host:443,command=,environment=\"gbPerm=CLONE\",no-pty= " + keyRsaThree));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", " opttest: " + " cmd=git,environment=\"gbPerm=\\\"VIEW\\\"\" " + keyDsaThree));
getDS().modify(DN_USER_THREE, new Modification(ModificationType.ADD, "altSecurityIdentities", " opttest:" + "environment=,command=netstat,environment=gbperm=push " + keyEcThree));
LdapKeyManager kmgr = new LdapKeyManager(settings);
settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:SSHkey");
List<SshKey> keys = kmgr.getKeys("UserOne");
assertNotNull(keys);
assertEquals(2, keys.size());
int seen = 0;
for (SshKey key : keys) {
assertEquals(AccessPermission.PUSH, key.getPermission());
if (keyRsaOne.equals(key.getRawData())) {
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
seen += 1 << 5;
}
}
assertEquals(6, seen);
keys = kmgr.getKeys("UserTwo");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
if (keyRsaOne.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 5;
}
}
assertEquals(7, seen);
keys = kmgr.getKeys("UserThree");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
if (keyRsaOne.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 5;
}
}
assertEquals(7, seen);
settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:pubKey");
keys = kmgr.getKeys("UserOne");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
assertEquals(AccessPermission.PUSH, key.getPermission());
if (keyRsaOne.equals(key.getRawData())) {
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
seen += 1 << 5;
}
}
assertEquals(56, seen);
keys = kmgr.getKeys("UserTwo");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
if (keyRsaOne.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 5;
}
}
assertEquals(56, seen);
keys = kmgr.getKeys("UserThree");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
if (keyRsaOne.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 5;
}
}
assertEquals(56, seen);
settings.put(Keys.realm.ldap.sshPublicKey, "altSecurityIdentities:opttest");
keys = kmgr.getKeys("UserThree");
assertNotNull(keys);
assertEquals(3, keys.size());
seen = 0;
for (SshKey key : keys) {
if (keyRsaOne.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 0;
} else if (keyRsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 1;
} else if (keyDsaTwo.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 2;
} else if (keyRsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.CLONE, key.getPermission());
seen += 1 << 3;
} else if (keyDsaThree.equals(key.getRawData())) {
assertEquals(AccessPermission.VIEW, key.getPermission());
seen += 1 << 4;
} else if (keyEcThree.equals(key.getRawData())) {
assertEquals(AccessPermission.PUSH, key.getPermission());
seen += 1 << 5;
}
}
assertEquals(56, seen);
}
use of com.gitblit.transport.ssh.SshKey in project gitblit by gitblit.
the class LdapPublicKeyManagerTest method testKeyValidity.
@Test
public void testKeyValidity() throws LDAPException, GeneralSecurityException {
LdapKeyManager kmgr = new LdapKeyManager(settings);
String comment = "UserTwo@example.com";
String keyDsaTwo = getDsaPubKey(comment);
getDS().modify(DN_USER_TWO, new Modification(ModificationType.ADD, "sshPublicKey", keyDsaTwo));
List<SshKey> keys = kmgr.getKeys("UserTwo");
assertNotNull(keys);
assertEquals(1, keys.size());
SshKey sshKey = keys.get(0);
assertEquals(keyDsaTwo, sshKey.getRawData());
Signature signature = SecurityUtils.getSignature("DSA");
signature.initSign(getDsaKeyPair(comment).getPrivate());
byte[] message = comment.getBytes();
signature.update(message);
byte[] sigBytes = signature.sign();
signature.initVerify(sshKey.getPublicKey());
signature.update(message);
assertTrue("Verify failed with retrieved SSH key.", signature.verify(sigBytes));
}
use of com.gitblit.transport.ssh.SshKey in project gitblit by gitblit.
the class SshKeysPanel method onInitialize.
@Override
protected void onInitialize() {
super.onInitialize();
setOutputMarkupId(true);
final List<SshKey> keys = new ArrayList<SshKey>(app().keys().getKeys(user.username));
final ListDataProvider<SshKey> dp = new ListDataProvider<SshKey>(keys);
final DataView<SshKey> keysView = new DataView<SshKey>("keys", dp) {
private static final long serialVersionUID = 1L;
@Override
public void populateItem(final Item<SshKey> item) {
final SshKey key = item.getModelObject();
item.add(new Label("comment", key.getComment()));
item.add(new Label("fingerprint", key.getFingerprint()));
item.add(new Label("permission", key.getPermission().toString()));
item.add(new Label("algorithm", key.getAlgorithm()));
AjaxLink<Void> delete = new AjaxLink<Void>("delete") {
private static final long serialVersionUID = 1L;
@Override
public void onClick(AjaxRequestTarget target) {
if (app().keys().removeKey(user.username, key)) {
// reset the keys list
keys.clear();
keys.addAll(app().keys().getKeys(user.username));
// update the panel
target.addComponent(SshKeysPanel.this);
}
}
};
if (!canWriteKeys) {
delete.setVisibilityAllowed(false);
}
item.add(delete);
}
};
add(keysView);
Form<Void> addKeyForm = new Form<Void>("addKeyForm");
final IModel<String> keyData = Model.of("");
addKeyForm.add(new TextAreaOption("addKeyData", getString("gb.key"), null, "span5", keyData));
final IModel<AccessPermission> keyPermission = Model.of(AccessPermission.PUSH);
addKeyForm.add(new ChoiceOption<AccessPermission>("addKeyPermission", getString("gb.permission"), getString("gb.sshKeyPermissionDescription"), keyPermission, Arrays.asList(AccessPermission.SSHPERMISSIONS)));
final IModel<String> keyComment = Model.of("");
addKeyForm.add(new TextOption("addKeyComment", getString("gb.comment"), getString("gb.sshKeyCommentDescription"), "span5", keyComment));
addKeyForm.add(new AjaxButton("addKeyButton") {
private static final long serialVersionUID = 1L;
@Override
protected void onSubmit(AjaxRequestTarget target, Form<?> form) {
UserModel user = GitBlitWebSession.get().getUser();
String data = keyData.getObject();
if (StringUtils.isEmpty(data)) {
// do not submit empty key
return;
}
SshKey key = new SshKey(data);
try {
key.getPublicKey();
} catch (Exception e) {
// failed to parse the key
return;
}
AccessPermission permission = keyPermission.getObject();
key.setPermission(permission);
String comment = keyComment.getObject();
if (!StringUtils.isEmpty(comment)) {
key.setComment(comment);
}
if (app().keys().addKey(user.username, key)) {
// reset add key fields
keyData.setObject("");
keyPermission.setObject(AccessPermission.PUSH);
keyComment.setObject("");
// reset the keys list
keys.clear();
keys.addAll(app().keys().getKeys(user.username));
// update the panel
target.addComponent(SshKeysPanel.this);
}
}
});
if (!canWriteKeys) {
addKeyForm.setVisibilityAllowed(false);
}
add(addKeyForm);
}
Aggregations