HostKeyVerifier.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.utils.hostinstall;

import java.net.SocketAddress;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.sshd.ClientSession;
import org.apache.sshd.client.ServerKeyVerifier;
import org.apache.sshd.common.util.BufferUtils;

/***
 *
 *
 */
public class HostKeyVerifier implements ServerKeyVerifier {

    public static final ServerKeyVerifier INSTANCE = new HostKeyVerifier();
    private static Log log = LogFactory.getLog(HostKeyVerifier.class);
    private byte[] serverKeyFingerprint;

    HostKeyVerifier() {
        serverKeyFingerprint = null;
    }

    private static byte[] intToDWord(int i) {
        byte[] dword = new byte[4];
        dword[0] = (byte) ((i >> 24));
        dword[1] = (byte) ((i >> 16));
        dword[2] = (byte) ((i >> 8));
        dword[3] = (byte) (i);
        return dword;
    }

    private byte[] getKeyFingerprint(PublicKey serverKey) {
        byte[] baFP = null;
        MessageDigest md5;
        KeyFactory kf = null;
        RSAPublicKeySpec k = null;

        try {
            kf = KeyFactory.getInstance("RSA");
            k = kf.getKeySpec(serverKey, RSAPublicKeySpec.class);

            md5 = MessageDigest.getInstance("MD5");
            md5.reset();

            byte[] bData = "ssh-rsa".getBytes();
            byte[] bLen = intToDWord(bData.length);
            md5.update(bLen, 0, bLen.length);
            md5.update(bData, 0, bData.length);

            bData = k.getPublicExponent().toByteArray();
            bLen = intToDWord(bData.length);
            ;
            md5.update(bLen, 0, bLen.length);
            md5.update(bData, 0, bData.length);

            bData = k.getModulus().toByteArray();
            bLen = intToDWord(bData.length);
            ;
            md5.update(bLen, 0, bLen.length);
            md5.update(bData, 0, bData.length);

            baFP = md5.digest();
            log.debug("Server fingerprint: " + BufferUtils.printHex(baFP));

        } catch (Exception e) {
            log.error("Unable to calculate fingerprint: " + e);
        }

        return baFP;
    }

    @Override
    public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
        boolean fReturn = true;
        serverKeyFingerprint = getKeyFingerprint(serverKey);
        if (serverKeyFingerprint == null) {
            fReturn = false;
        }

        return fReturn;
    }

    public byte[] getServerFingerprint() {
        return serverKeyFingerprint;
    }
}