use of io.bastillion.manage.model.ApplicationKey in project KeyBox by skavanagh.
the class SSHUtil method authAndAddPubKey.
/**
* distributes authorized keys for host system
*
* @param hostSystem object contains host system information
* @param passphrase ssh key passphrase
* @param password password to host system if needed
* @return status of key distribution
*/
public static HostSystem authAndAddPubKey(HostSystem hostSystem, String passphrase, String password) {
JSch jsch = new JSch();
Session session = null;
hostSystem.setStatusCd(HostSystem.SUCCESS_STATUS);
try {
ApplicationKey appKey = PrivateKeyDB.getApplicationKey();
// check to see if passphrase has been provided
if (passphrase == null || passphrase.trim().equals("")) {
passphrase = appKey.getPassphrase();
// check for null inorder to use key without passphrase
if (passphrase == null) {
passphrase = "";
}
}
// add private key
jsch.addIdentity(appKey.getId().toString(), appKey.getPrivateKey().trim().getBytes(), appKey.getPublicKey().getBytes(), passphrase.getBytes());
// create session
session = jsch.getSession(hostSystem.getUser(), hostSystem.getHost(), hostSystem.getPort());
// set password if passed in
if (password != null && !password.equals("")) {
session.setPassword(password);
}
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
session.setServerAliveInterval(SERVER_ALIVE_INTERVAL);
session.connect(SESSION_TIMEOUT);
addPubKey(hostSystem, session, appKey.getPublicKey());
} catch (JSchException | SQLException | GeneralSecurityException ex) {
log.info(ex.toString(), ex);
hostSystem.setErrorMsg(ex.getMessage());
if (ex.getMessage().toLowerCase().contains("userauth fail")) {
hostSystem.setStatusCd(HostSystem.PUBLIC_KEY_FAIL_STATUS);
} else if (ex.getMessage().toLowerCase().contains("auth fail") || ex.getMessage().toLowerCase().contains("auth cancel")) {
hostSystem.setStatusCd(HostSystem.AUTH_FAIL_STATUS);
} else if (ex.getMessage().toLowerCase().contains("unknownhostexception")) {
hostSystem.setErrorMsg("DNS Lookup Failed");
hostSystem.setStatusCd(HostSystem.HOST_FAIL_STATUS);
} else {
hostSystem.setStatusCd(HostSystem.GENERIC_FAIL_STATUS);
}
}
if (session != null) {
session.disconnect();
}
return hostSystem;
}
use of io.bastillion.manage.model.ApplicationKey in project KeyBox by skavanagh.
the class PrivateKeyDB method getApplicationKey.
/**
* returns public private key for application
*
* @return app key values
*/
public static ApplicationKey getApplicationKey() throws SQLException, GeneralSecurityException {
ApplicationKey appKey = null;
Connection con = DBUtils.getConn();
PreparedStatement stmt = con.prepareStatement("select * from application_key");
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
appKey = new ApplicationKey();
appKey.setId(rs.getLong("id"));
appKey.setPassphrase(EncryptionUtil.decrypt(rs.getString("passphrase")));
appKey.setPrivateKey(EncryptionUtil.decrypt(rs.getString("private_key")));
appKey.setPublicKey(rs.getString("public_key"));
}
DBUtils.closeRs(rs);
DBUtils.closeStmt(stmt);
DBUtils.closeConn(con);
return appKey;
}
use of io.bastillion.manage.model.ApplicationKey in project KeyBox by skavanagh.
the class SSHUtil method openSSHTermOnSystem.
/**
* open new ssh session on host system
*
* @param passphrase key passphrase for instance
* @param password password for instance
* @param userId user id
* @param sessionId session id
* @param hostSystem host system
* @param userSessionMap user session map
* @return status of systems
*/
public static HostSystem openSSHTermOnSystem(String passphrase, String password, Long userId, Long sessionId, HostSystem hostSystem, Map<Long, UserSchSessions> userSessionMap) throws SQLException, GeneralSecurityException {
JSch jsch = new JSch();
int instanceId = getNextInstanceId(sessionId, userSessionMap);
hostSystem.setStatusCd(HostSystem.SUCCESS_STATUS);
hostSystem.setInstanceId(instanceId);
SchSession schSession = null;
try {
ApplicationKey appKey = PrivateKeyDB.getApplicationKey();
// check to see if passphrase has been provided
if (passphrase == null || passphrase.trim().equals("")) {
passphrase = appKey.getPassphrase();
// check for null inorder to use key without passphrase
if (passphrase == null) {
passphrase = "";
}
}
// add private key
jsch.addIdentity(appKey.getId().toString(), appKey.getPrivateKey().trim().getBytes(), appKey.getPublicKey().getBytes(), passphrase.getBytes());
// create session
Session session = jsch.getSession(hostSystem.getUser(), hostSystem.getHost(), hostSystem.getPort());
// set password if it exists
if (password != null && !password.trim().equals("")) {
session.setPassword(password);
}
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
session.setServerAliveInterval(SERVER_ALIVE_INTERVAL);
session.connect(SESSION_TIMEOUT);
Channel channel = session.openChannel("shell");
if ("true".equals(AppConfig.getProperty("agentForwarding"))) {
((ChannelShell) channel).setAgentForwarding(true);
}
((ChannelShell) channel).setPtyType("xterm");
InputStream outFromChannel = channel.getInputStream();
// new session output
SessionOutput sessionOutput = new SessionOutput(sessionId, hostSystem);
Runnable run = new SecureShellTask(sessionOutput, outFromChannel);
Thread thread = new Thread(run);
thread.start();
OutputStream inputToChannel = channel.getOutputStream();
PrintStream commander = new PrintStream(inputToChannel, true);
channel.connect();
schSession = new SchSession();
schSession.setUserId(userId);
schSession.setSession(session);
schSession.setChannel(channel);
schSession.setCommander(commander);
schSession.setInputToChannel(inputToChannel);
schSession.setOutFromChannel(outFromChannel);
schSession.setHostSystem(hostSystem);
// refresh keys for session
addPubKey(hostSystem, session, appKey.getPublicKey());
} catch (JSchException | IOException | GeneralSecurityException ex) {
log.info(ex.toString(), ex);
hostSystem.setErrorMsg(ex.getMessage());
if (ex.getMessage().toLowerCase().contains("userauth fail")) {
hostSystem.setStatusCd(HostSystem.PUBLIC_KEY_FAIL_STATUS);
} else if (ex.getMessage().toLowerCase().contains("auth fail") || ex.getMessage().toLowerCase().contains("auth cancel")) {
hostSystem.setStatusCd(HostSystem.AUTH_FAIL_STATUS);
} else if (ex.getMessage().toLowerCase().contains("unknownhostexception")) {
hostSystem.setErrorMsg("DNS Lookup Failed");
hostSystem.setStatusCd(HostSystem.HOST_FAIL_STATUS);
} else {
hostSystem.setStatusCd(HostSystem.GENERIC_FAIL_STATUS);
}
}
// add session to map
if (hostSystem.getStatusCd().equals(HostSystem.SUCCESS_STATUS)) {
// get the server maps for user
UserSchSessions userSchSessions = userSessionMap.get(sessionId);
// if no user session create a new one
if (userSchSessions == null) {
userSchSessions = new UserSchSessions();
}
Map<Integer, SchSession> schSessionMap = userSchSessions.getSchSessionMap();
// add server information
schSessionMap.put(instanceId, schSession);
userSchSessions.setSchSessionMap(schSessionMap);
// add back to map
userSessionMap.put(sessionId, userSchSessions);
}
SystemStatusDB.updateSystemStatus(hostSystem, userId);
SystemDB.updateSystem(hostSystem);
return hostSystem;
}
Aggregations