From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates
---
src/main/java/com/gitblit/transport/ssh/FileKeyManager.java | 201 +++++++++++++++++++++++++++++++++++++++----------
1 files changed, 158 insertions(+), 43 deletions(-)
diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java b/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
index 87912ca..1a2cd68 100644
--- a/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
+++ b/src/main/java/com/gitblit/transport/ssh/FileKeyManager.java
@@ -17,67 +17,89 @@
import java.io.File;
import java.io.IOException;
-import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.sshd.common.util.Buffer;
-import org.eclipse.jgit.lib.Constants;
-
+import com.gitblit.Constants.AccessPermission;
import com.gitblit.Keys;
import com.gitblit.manager.IRuntimeManager;
import com.google.common.base.Charsets;
+import com.google.common.base.Joiner;
import com.google.common.io.Files;
+import com.google.inject.Inject;
/**
- * Manages SSH keys on the filesystem.
- *
+ * Manages public keys on the filesystem.
+ *
* @author James Moger
*
*/
-public class FileKeyManager implements IKeyManager {
+public class FileKeyManager extends IPublicKeyManager {
protected final IRuntimeManager runtimeManager;
-
+
+ protected final Map<File, Long> lastModifieds;
+
+ @Inject
public FileKeyManager(IRuntimeManager runtimeManager) {
this.runtimeManager = runtimeManager;
+ this.lastModifieds = new ConcurrentHashMap<File, Long>();
}
-
+
@Override
public String toString() {
File dir = runtimeManager.getFileOrFolder(Keys.git.sshKeysFolder, "${baseFolder}/ssh");
return MessageFormat.format("{0} ({1})", getClass().getSimpleName(), dir);
}
-
+
@Override
public FileKeyManager start() {
+ log.info(toString());
return this;
}
-
+
@Override
public boolean isReady() {
return true;
}
-
+
@Override
public FileKeyManager stop() {
return this;
}
@Override
- public List<PublicKey> getKeys(String username) {
+ protected boolean isStale(String username) {
+ File keystore = getKeystore(username);
+ if (!keystore.exists()) {
+ // keystore may have been deleted
+ return true;
+ }
+
+ if (lastModifieds.containsKey(keystore)) {
+ // compare modification times
+ long lastModified = lastModifieds.get(keystore);
+ return lastModified != keystore.lastModified();
+ }
+
+ // assume stale
+ return true;
+ }
+
+ @Override
+ protected List<SshKey> getKeysImpl(String username) {
try {
- File keys = getKeystore(username);
- if (!keys.exists()) {
+ log.info("loading ssh keystore for {}", username);
+ File keystore = getKeystore(username);
+ if (!keystore.exists()) {
return null;
}
- if (keys.exists()) {
- String str = Files.toString(keys, Charsets.ISO_8859_1);
- String [] entries = str.split("\n");
- List<PublicKey> list = new ArrayList<PublicKey>();
- for (String entry : entries) {
+ if (keystore.exists()) {
+ List<SshKey> list = new ArrayList<SshKey>();
+ for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) {
if (entry.trim().length() == 0) {
// skip blanks
continue;
@@ -86,57 +108,124 @@
// skip comments
continue;
}
- final String[] parts = entry.split(" ");
- final byte[] bin = Base64.decodeBase64(Constants.encodeASCII(parts[1]));
- list.add(new Buffer(bin).getRawPublicKey());
+ String [] parts = entry.split(" ", 2);
+ AccessPermission perm = AccessPermission.fromCode(parts[0]);
+ if (perm.equals(AccessPermission.NONE)) {
+ // ssh-rsa DATA COMMENT
+ SshKey key = new SshKey(entry);
+ list.add(key);
+ } else if (perm.exceeds(AccessPermission.NONE)) {
+ // PERMISSION ssh-rsa DATA COMMENT
+ SshKey key = new SshKey(parts[1]);
+ key.setPermission(perm);
+ list.add(key);
+ }
}
-
+
if (list.isEmpty()) {
return null;
}
+
+ lastModifieds.put(keystore, keystore.lastModified());
return list;
}
} catch (IOException e) {
- throw new RuntimeException("Canot read ssh keys", e);
+ throw new RuntimeException("Cannot read ssh keys", e);
}
return null;
}
+ /**
+ * Adds a unique key to the keystore. This function determines uniqueness
+ * by disregarding the comment/description field during key comparisons.
+ */
@Override
- public boolean addKey(String username, String data) {
+ public boolean addKey(String username, SshKey key) {
try {
- File keys = getKeystore(username);
- Files.append(data + '\n', keys, Charsets.ISO_8859_1);
+ boolean replaced = false;
+ List<String> lines = new ArrayList<String>();
+ File keystore = getKeystore(username);
+ if (keystore.exists()) {
+ for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) {
+ String line = entry.trim();
+ if (line.length() == 0) {
+ // keep blanks
+ lines.add(entry);
+ continue;
+ }
+ if (line.charAt(0) == '#') {
+ // keep comments
+ lines.add(entry);
+ continue;
+ }
+
+ SshKey oldKey = parseKey(line);
+ if (key.equals(oldKey)) {
+ // replace key
+ lines.add(key.getPermission() + " " + key.getRawData());
+ replaced = true;
+ } else {
+ // retain key
+ lines.add(entry);
+ }
+ }
+ }
+
+ if (!replaced) {
+ // new key, append
+ lines.add(key.getPermission() + " " + key.getRawData());
+ }
+
+ // write keystore
+ String content = Joiner.on("\n").join(lines).trim().concat("\n");
+ Files.write(content, keystore, Charsets.ISO_8859_1);
+
+ lastModifieds.remove(keystore);
+ keyCache.invalidate(username);
return true;
} catch (IOException e) {
throw new RuntimeException("Cannot add ssh key", e);
}
}
-
+
+ /**
+ * Removes the specified key from the keystore.
+ */
@Override
- public boolean removeKey(String username, String data) {
+ public boolean removeKey(String username, SshKey key) {
try {
File keystore = getKeystore(username);
if (keystore.exists()) {
- String str = Files.toString(keystore, Charsets.ISO_8859_1);
- List<String> keep = new ArrayList<String>();
- String [] entries = str.split("\n");
- for (String entry : entries) {
- if (entry.trim().length() == 0) {
+ List<String> lines = new ArrayList<String>();
+ for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) {
+ String line = entry.trim();
+ if (line.length() == 0) {
// keep blanks
- keep.add(entry);
+ lines.add(entry);
continue;
}
- if (entry.charAt(0) == '#') {
+ if (line.charAt(0) == '#') {
// keep comments
- keep.add(entry);
+ lines.add(entry);
continue;
}
- final String[] parts = entry.split(" ");
- if (!parts[1].equals(data)) {
- keep.add(entry);
+
+ // only include keys that are NOT rmKey
+ SshKey oldKey = parseKey(line);
+ if (!key.equals(oldKey)) {
+ lines.add(entry);
}
}
+ if (lines.isEmpty()) {
+ keystore.delete();
+ } else {
+ // write keystore
+ String content = Joiner.on("\n").join(lines).trim().concat("\n");
+ Files.write(content, keystore, Charsets.ISO_8859_1);
+ }
+
+ lastModifieds.remove(keystore);
+ keyCache.invalidate(username);
return true;
}
} catch (IOException e) {
@@ -144,11 +233,37 @@
}
return false;
}
-
+
+ @Override
+ public boolean removeAllKeys(String username) {
+ File keystore = getKeystore(username);
+ if (keystore.delete()) {
+ lastModifieds.remove(keystore);
+ keyCache.invalidate(username);
+ return true;
+ }
+ return false;
+ }
+
protected File getKeystore(String username) {
File dir = runtimeManager.getFileOrFolder(Keys.git.sshKeysFolder, "${baseFolder}/ssh");
dir.mkdirs();
File keys = new File(dir, username + ".keys");
return keys;
}
+
+ protected SshKey parseKey(String line) {
+ String [] parts = line.split(" ", 2);
+ AccessPermission perm = AccessPermission.fromCode(parts[0]);
+ if (perm.equals(AccessPermission.NONE)) {
+ // ssh-rsa DATA COMMENT
+ SshKey key = new SshKey(line);
+ return key;
+ } else {
+ // PERMISSION ssh-rsa DATA COMMENT
+ SshKey key = new SshKey(parts[1]);
+ key.setPermission(perm);
+ return key;
+ }
+ }
}
--
Gitblit v1.9.1