Improve SSH layer

[lgpl/argeo-commons.git] / org.argeo.cms.ssh / src / org / argeo / cms / ssh / SshKeyPair.java

diff --git a/org.argeo.cms.ssh/src/org/argeo/cms/ssh/SshKeyPair.java b/org.argeo.cms.ssh/src/org/argeo/cms/ssh/SshKeyPair.java
index ed1818d407bca0838b0658f24212c1a0b59f219a..f5cbb04501498c725794edcce32f173ed79e4a87 100644 (file)
--- a/org.argeo.cms.ssh/src/org/argeo/cms/ssh/SshKeyPair.java
+++ b/org.argeo.cms.ssh/src/org/argeo/cms/ssh/SshKeyPair.java
@@ -20,9 +20,12 @@ import java.security.spec.RSAPublicKeySpec;
 import org.apache.sshd.common.config.keys.KeyUtils;
 import org.apache.sshd.common.config.keys.PublicKeyEntry;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.PKCS8Generator;
+import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
@@ -125,12 +128,32 @@ public class SshKeyPair {
                }
        }
 
+       public static SshKeyPair loadDefault(char[] password) {
+               Path privateKeyPath = Paths.get(System.getProperty("user.home") + "/.ssh/id_rsa");
+               // TODO try other formats
+               return load(privateKeyPath, password);
+       }
+
+       public static SshKeyPair load(Path privateKeyPath, char[] password) {
+               try (Reader reader = Files.newBufferedReader(privateKeyPath)) {
+                       return load(reader, password);
+               } catch (IOException e) {
+                       throw new IllegalStateException("Cannot load private key from " + privateKeyPath, e);
+               }
+
+       }
+
        public static SshKeyPair load(Reader reader, char[] password) {
                try (PEMParser pemParser = new PEMParser(reader)) {
                        Object object = pemParser.readObject();
                        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();// .setProvider("BC");
                        KeyPair kp;
-                       if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
+                       if (object instanceof PEMEncryptedKeyPair) {
+                               PEMEncryptedKeyPair ekp = (PEMEncryptedKeyPair) object;
+                               PEMDecryptorProvider decryptorProvider = new BcPEMDecryptorProvider(password);
+                               PEMKeyPair pemKp = ekp.decryptKeyPair(decryptorProvider);
+                               kp = converter.getKeyPair(pemKp);
+                       } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
                                // Encrypted key - we will use provided password
                                PKCS8EncryptedPrivateKeyInfo ckp = (PKCS8EncryptedPrivateKeyInfo) object;
 //                             PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password);