com.enterprisedt.net.ftp.ssh
Class SSHFTPValidator

java.lang.Object
  com.enterprisedt.net.ftp.ssh.SSHFTPValidator

public class SSHFTPValidator
extends java.lang.Object

Provides server validation services for SSHFTPClient. By default, SSHFTPClient uses an instance of this class for all its validation functions. It provides the following functions:

• Enable/disable server validation.
• Load a set of valid servers from a file/stream in the OpenSSH "known_hosts" format.
• Add/remote valid servers using public keys in files/streams of PEM format.

This class may be subclassed if specialized validation functionality is required. An instance of the subclass should be passed to SCPClient.setValidator(SSHFTPValidator).

Version:

$Revision: 1.18 $

Author:

Hans Andersen

Constructor Summary

SSHFTPValidator()
Default constructor.

Method Summary

void	addKnownHost(java.lang.String hostName, java.io.InputStream publicKeyStream) Adds the given host (and associated key data supplied in the inputstream) to the list of known hosts.
void	addKnownHost(java.lang.String hostName, SSHFTPPublicKey publicKey) Adds the given host to the list of known hosts.
void	addKnownHost(java.lang.String hostName, java.lang.String publicKeyFile) Adds the given host (and associated key-file) to the list of known hosts.
SSHFTPPublicKey	getHostPublicKey() Provides access to the current remote host's public key.
SSHFTPPublicKey[]	getKnownHostKeys(java.lang.String hostname) Get all the public keys in the known hosts file that match the supplied hostname.
java.lang.String[]	getKnownHostnames() Get the known host name entries.
java.util.Hashtable	getKnownHosts() Deprecated. use getKnownHostnames() and getKnownHostKeys(String) instead
boolean	isHostValidationEnabled() Returns true if host validation is enabled.
boolean	isPortsInKnownHosts() Are non-standard port numbers used in known_hosts files? If so then hosts are stored as [hostname]:port if the port number is not 22.
void	loadKnownHosts(java.io.InputStream hostsStream) Loads a list of hosts and their associated public keys from the given InputStream.
void	loadKnownHosts(java.lang.String hostsFileName) Loads a list of hosts and their associated public keys from the given file.
void	removeAllKnownHosts() Clears all known hosts.
void	removeKnownHost(java.lang.String hostName) Remove the given host from the list of known hosts.
void	saveKnownHosts() Overwrite the currently loaded known_hosts file with the cached known host data, which may be different.
void	saveKnownHosts(java.lang.String knownHosts) Write the cached known host data to the supplied filename.
void	setHostValidationEnabled(boolean hostValidationEnabled) Sets the flag controlling whether or not hosts will be validated.
void	setPortsInKnownHosts(boolean portsInKnownHosts) Change whether or not non-standard port numbers are used in known_hosts files.
protected boolean	validate(java.lang.String hostSpecifier, SSHFTPPublicKey publicKey, boolean hostKnown)
protected boolean	validate(java.lang.String hostSpecifier, java.lang.String fingerPrint, boolean hostKnown) Deprecated. Use validate(String, SSHFTPPublicKey, boolean).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSHFTPValidator

public SSHFTPValidator()

Default constructor.

Method Detail

isPortsInKnownHosts

public boolean isPortsInKnownHosts()

Are non-standard port numbers used in known_hosts files? If so then hosts are stored as [hostname]:port if the port number is not 22.

Default is true.

Returns:

true if non-standard ports used in known_hosts

setPortsInKnownHosts

public void setPortsInKnownHosts(boolean portsInKnownHosts)

Change whether or not non-standard port numbers are used in known_hosts files. If so then hosts are stored as [hostname]:port if the port number is not 22.

Parameters:

portsInKnownHosts - true to enable, false to disable

loadKnownHosts

public void loadKnownHosts(java.lang.String hostsFileName)
                    throws java.io.FileNotFoundException,
                           java.io.IOException

Loads a list of hosts and their associated public keys from the given file. The format of the file is similar to that used in OpenSSH. Each line contains the name of a host followed by its IP address (separated by a comma), the type of key it has, and its key (in base-64 printable form). For example:

 jackspc,192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE...
 

If there are more than one host using a given key the host-name may be replaced by a comma-separated list of host-names. IP addresses may be used. Wildcards may not be used.

Note that this method does not clear any previous settings.

Parameters:

hostsFileName - Name of the file containing the hosts.

Throws:

java.io.FileNotFoundException - Thrown if the file could not be found.

java.io.IOException - Thrown if the file could not be read.

loadKnownHosts

public void loadKnownHosts(java.io.InputStream hostsStream)
                    throws java.io.IOException

Loads a list of hosts and their associated public keys from the given InputStream. The format of the content of the stream is similar to that used in OpenSSH. Each line contains the name of a host followed by its IP address (separated by a comma), the type of key it has, and its key (in base-64 printable form). For example:

 jackspc,192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE...
 

If there are more than one host using a given key the host-name may be replaced by a comma-separated list of host-names. IP addresses may be used. Wildcards may not be used.

Note that this method does not clear any previous settings.

Parameters:

hostsStream - Stream containing the hosts.

Throws:

java.io.FileNotFoundException - Thrown if the file could not be found.

java.io.IOException - Thrown if the file could not be read.

saveKnownHosts

public void saveKnownHosts()
                    throws java.io.IOException

Overwrite the currently loaded known_hosts file with the cached known host data, which may be different. If the current data has not been loaded from a known_hosts file, a filename should be supplied to write to.

Throws:

java.io.IOException

saveKnownHosts

public void saveKnownHosts(java.lang.String knownHosts)
                    throws java.io.IOException

Write the cached known host data to the supplied filename.

Parameters:

knownHosts - the path to the file to write to

Throws:

java.io.IOException

addKnownHost

public void addKnownHost(java.lang.String hostName,
                         java.lang.String publicKeyFile)
                  throws java.io.IOException,
                         com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException

Adds the given host (and associated key-file) to the list of known hosts. The key-file can be in either OpenSSH format (generated by default by ssh-keygen) or SECSH format.

Parameters:

hostName - Name of the host

publicKeyFile - Name of the file containing the host's public key.

Throws:

java.io.IOException - Thrown if there was a problem reading the key-file.

com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException - Thrown if the key was not valid.

addKnownHost

public void addKnownHost(java.lang.String hostName,
                         SSHFTPPublicKey publicKey)
                  throws com.enterprisedt.net.j2ssh.transport.InvalidHostFileException,
                         com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException

Adds the given host to the list of known hosts.

Parameters:

hostName - Name of the host

publicKey - Public key

Throws:

java.io.IOException - Thrown if there was a problem reading the key-file.

com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException - Thrown if the key was not valid.

com.enterprisedt.net.j2ssh.transport.InvalidHostFileException

addKnownHost

public void addKnownHost(java.lang.String hostName,
                         java.io.InputStream publicKeyStream)
                  throws java.io.IOException,
                         com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException

Adds the given host (and associated key data supplied in the inputstream) to the list of known hosts. The key-file can be in either OpenSSH format (generated by default by ssh-keygen) or SECSH format. The stream is not closed after reading.

Parameters:

hostName - Name of the host

publicKeyStream - stream containing the host's public key.

Throws:

java.io.IOException - Thrown if there was a problem reading the stream.

com.enterprisedt.net.j2ssh.transport.publickey.InvalidSshKeyException - Thrown if the key was not valid.

removeKnownHost

public void removeKnownHost(java.lang.String hostName)

Remove the given host from the list of known hosts.

Parameters:

hostName - Name of the host.

removeAllKnownHosts

public void removeAllKnownHosts()

Clears all known hosts.

validate

protected boolean validate(java.lang.String hostSpecifier,
                           java.lang.String fingerPrint,
                           boolean hostKnown)

Deprecated. Use validate(String, SSHFTPPublicKey, boolean).

Override this method to implement customized host-validation. The default implementation simply writes a message in the log and returns false.

Parameters:

hostSpecifier - Host-name and IP address separated by a comma.

fingerPrint - Human-readable form of the host's fingerprint.

hostKnown - true if there was an entry for the host but not with the required algorithm (note that several algorithms may be defined for each host).

Returns:

Returns true if the host is valid.

validate

protected boolean validate(java.lang.String hostSpecifier,
                           SSHFTPPublicKey publicKey,
                           boolean hostKnown)

isHostValidationEnabled

public boolean isHostValidationEnabled()

Returns true if host validation is enabled.

Returns:

Returns true if host validation is enabled.

setHostValidationEnabled

public void setHostValidationEnabled(boolean hostValidationEnabled)

Sets the flag controlling whether or not hosts will be validated. Note that it is unwise to disable host validation except when testing.

Parameters:

hostValidationEnabled - New valid of the flag.

getKnownHosts

public java.util.Hashtable getKnownHosts()

Deprecated. use getKnownHostnames() and getKnownHostKeys(String) instead

Returns the known hosts and their public keys. The hashtable returned has host-names as its keys and hash-tables of algorithm-names/fingerprints as its keys/values. The hashtable is populated by calling loadKnownHosts() or by addKnownHost().

Note that hashed host-names are not returned in the hashtable.

Returns:

Returns the known hosts in a hashtable, which has host-names as its keys and hash-tables of algorithm-names/fingerprints as its keys/values.

getKnownHostnames

public java.lang.String[] getKnownHostnames()

Get the known host name entries. This may include IP addresses, and host names may be a combination of IP address and hostname, e.g. edtmobile,10.0.0.3 This method does not split these up. Also, hashed hostnames are included - still hashed of course.

Returns:

array of known host names

getKnownHostKeys

public SSHFTPPublicKey[] getKnownHostKeys(java.lang.String hostname)

Get all the public keys in the known hosts file that match the supplied hostname.

Parameters:

hostname - hostname we want the keys for

Returns:

array of public keys

getHostPublicKey

public SSHFTPPublicKey getHostPublicKey()

Provides access to the current remote host's public key. This member is only valid after an attempt has been made to connect to the host. It is null before the first connection attempt is made.

This method is particularly useful if the server's public key is not available by other means. In such cases a connection attempt should be made without adding any known hosts. This attempt will fail, but getHostPublicKey() may be used afterwards to obtain the public key. The SSHFTPPublicKey.write(OutputStream,int) method may be used to write it to a file for use in subsequent connections.

Note that null may be returned after a connection attempt is made if the attempt failed before public keys were exchanged between the client and the server.

Returns:

Returns the server's public key.