use of com.sshtools.common.ssh.components.SshKeyPair in project vcert-java by Venafi.
the class TppTokenConnectorATForSSH method requestAndRetrieveSshCertificateWithKeyPairProvided.
@Test
@DisplayName("TPP - Testing the requestSshCertificate() and retrieveSshCertificate() methods when KeyPair is provided")
public void requestAndRetrieveSshCertificateWithKeyPairProvided() throws VCertException, Exception {
String keyId = TppTestUtils.getRandSshKeyId();
// getting an SSH Key Pair with a key size of 3072 bits
SshKeyPair pair = SshKeyPairGenerator.generateKeyPair(SshKeyPairGenerator.SSH2_RSA, 3072);
// extracting the Public Key and adding the KeyId as comment, at the end of the Public Key
// because TPP returns the Public Key on that way
String publicKeyData = SshKeyUtils.getFormattedKey(pair.getPublicKey(), keyId);
// building an SshCertificateRequest
SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod("4h").template(System.getenv("TPP_SSH_CA")).publicKeyData(publicKeyData).sourceAddresses(new String[] { "test.com" });
// requesting the SSH Certificate
String pickUpID = classUnderTest.requestSshCertificate(req);
// setting the pickUp ID
req.pickupID(pickUpID);
// retrieving the Cert and details
SshCertRetrieveDetails sshCertRetrieveDetails = classUnderTest.retrieveSshCertificate(req);
assertEquals(publicKeyData, sshCertRetrieveDetails.publicKeyData());
assertNotNull(sshCertRetrieveDetails.certificateData());
Long validityPeriodFromCert = Long.parseLong(sshCertRetrieveDetails.certificateDetails().validTo()) - Long.parseLong(sshCertRetrieveDetails.certificateDetails().validFrom());
// 4h
assertEquals(14400L, validityPeriodFromCert.longValue());
}
use of com.sshtools.common.ssh.components.SshKeyPair in project vcert-java by Venafi.
the class TppTokenConnectorATForSSH method requestAndRetrieveSshCertificate.
@Test
@DisplayName("TPP - Testing the requestSshCertificate() and retrieveSshCertificate() methods when the KeyPair is not provided and it will be generated by the Server")
public void requestAndRetrieveSshCertificate() throws VCertException, Exception {
SshCertificateRequest req = new SshCertificateRequest().keyId(TppTestUtils.getRandSshKeyId()).validityPeriod("4h").template(System.getenv("TPP_SSH_CA")).sourceAddresses(new String[] { "test.com" });
// requesting the SSH Certificate
String pickUpID = classUnderTest.requestSshCertificate(req);
// setting the pickUp ID
req.pickupID(pickUpID);
// setting a passphrase to the KeyPair service generated
req.privateKeyPassphrase("my-passphrase");
// retrieving the Cert and details
SshCertRetrieveDetails sshCertRetrieveDetails = classUnderTest.retrieveSshCertificate(req);
assertNotNull(sshCertRetrieveDetails.certificateData());
// The following it should works correctly given that the passphrase is correct.
SshKeyPair sshKeyPair = SshKeyUtils.getPrivateKey(sshCertRetrieveDetails.privateKeyData(), "my-passphrase");
assertNotNull(sshKeyPair);
}
use of com.sshtools.common.ssh.components.SshKeyPair in project vcert-java by Venafi.
the class SshCertificateRequestRetrieveWithKeyPairProvided method main.
/**
* @param args
*/
public static void main(String[] args) {
try {
// replace it by the key id value
String keyId = "<KEY_ID>";
// replace it by the CADN or the CA Name
String template = "<TPP_SSH_CA>";
// replace it by the TPP User
String user = "<TPPUSER>";
// replace it by the TPP Password
String password = "<TPPPASSWORD>";
// replace it by the TPP URL
String baseUri = "<TPP_URL>";
// 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
VCertTknClient client = new VCertTknClient(config);
client.getAccessToken(auth);
// To work with the SSH KeyPair, we are going to use some utilities from
// maverick-synergy project. For more information, please visit https://github.com/sshtools/maverick-synergy
// 2. Get an SSH Key Pair with a key size of 3072 bits
SshKeyPair pair = SshKeyPairGenerator.generateKeyPair(SshKeyPairGenerator.SSH2_RSA, 3072);
// 3. Extract the Public Key and adding the KeyId as comment, at the end of the Public Key
// because TPP returns the Public Key on that way
String publicKeyData = SshKeyUtils.getFormattedKey(pair.getPublicKey(), keyId);
// 4. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
"4h").publicKeyData(publicKeyData).template(template);
// .sourceAddresses(new String[]{"test.com"});
// 5. Use the VCertClient method requestSshCertificate() to request the creation of a new
// SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
// will be used to retrieve the created SSH Certificate.
String pickUpID = client.requestSshCertificate(req);
// 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
// but in order to avoid the boilerplate, it's preferable to use the already one created.
req.pickupID(pickUpID);
// 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
// SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
// will contain the Ssh Certificate Data, the Public Key, etc.
SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
client.revokeAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
}
use of com.sshtools.common.ssh.components.SshKeyPair in project agileway by fangjinuo.
the class SynergyConnection method authenticateWithPublicKey.
@Override
public boolean authenticateWithPublicKey(String user, byte[] pemPrivateKey, String passphrase) throws SshException {
try {
ByteArrayInputStream inputStream = new ByteArrayInputStream(pemPrivateKey);
SshKeyPair keyPair = SshKeyUtils.getPrivateKey(inputStream, passphrase);
SshClientContext context = new SshClientContext();
context.setUsername(user);
context.setHostKeyVerification(new ToSynergyHostKeyVerifierAdapter(this.hostKeyVerifier));
client = new SshClient(sshConfig.getHost(), sshConfig.getPort(), user, context, keyPair);
if (client.isConnected()) {
setStatus(SshConnectionStatus.CONNECTED);
}
return true;
} catch (Throwable ex) {
throw new SshException(ex);
}
}
use of com.sshtools.common.ssh.components.SshKeyPair in project vcert-java by Venafi.
the class TppConnectorATForSSH method requestAndRetrieveSshCertificate.
@Test
@DisplayName("TPP - Testing the requestSshCertificate() and retrieveSshCertificate() methods when the KeyPair is not provided and it will be generated by the Server")
public void requestAndRetrieveSshCertificate() throws VCertException, Exception {
SshCertificateRequest req = new SshCertificateRequest().keyId(TppTestUtils.getRandSshKeyId()).validityPeriod("4h").template(System.getenv("TPP_SSH_CA")).sourceAddresses(new String[] { "test.com" });
// requesting the SSH Certificate
String pickUpID = classUnderTest.requestSshCertificate(req);
// setting the pickUp ID
req.pickupID(pickUpID);
// setting a passphrase to the KeyPair service generated
req.privateKeyPassphrase("my-passphrase");
// retrieving the Cert and details
SshCertRetrieveDetails sshCertRetrieveDetails = classUnderTest.retrieveSshCertificate(req);
assertNotNull(sshCertRetrieveDetails.certificateData());
// The following it should works correctly given that the passphrase is correct.
SshKeyPair sshKeyPair = SshKeyUtils.getPrivateKey(sshCertRetrieveDetails.privateKeyData(), "my-passphrase");
assertNotNull(sshKeyPair);
}
Aggregations