1
/*******************************************************************************
2
* Copyright (c) 2009 Eucalyptus Systems, Inc.
4
* This program is free software: you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation, only version 3 of the License.
9
* This file is distributed in the hope that it will be useful, but WITHOUT
10
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14
* You should have received a copy of the GNU General Public License along
15
* with this program. If not, see <http://www.gnu.org/licenses/>.
17
* Please contact Eucalyptus Systems, Inc., 130 Castilian
18
* Dr., Goleta, CA 93101 USA or visit <http://www.eucalyptus.com/licenses/>
19
* if you need additional information or have any questions.
21
* This file may incorporate work covered under the following copyright and
24
* Software License Agreement (BSD License)
26
* Copyright (c) 2008, Regents of the University of California
27
* All rights reserved.
29
* Redistribution and use of this software in source and binary forms, with
30
* or without modification, are permitted provided that the following
33
* Redistributions of source code must retain the above copyright notice,
34
* this list of conditions and the following disclaimer.
36
* Redistributions in binary form must reproduce the above copyright
37
* notice, this list of conditions and the following disclaimer in the
38
* documentation and/or other materials provided with the distribution.
40
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
41
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
42
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
43
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
44
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
46
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
47
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
48
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
49
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
50
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. USERS OF
51
* THIS SOFTWARE ACKNOWLEDGE THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE
52
* LICENSED MATERIAL, COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS
53
* SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
54
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
55
* BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
56
* THE REGENTS' DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
57
* OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
58
* WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
59
* ANY SUCH LICENSES OR RIGHTS.
60
*******************************************************************************
61
* @author chris grzegorczyk <grze@eucalyptus.com>
64
package com.eucalyptus.keys;
66
import java.math.BigInteger;
67
import java.security.KeyPair;
68
import java.security.PrivateKey;
69
import java.security.interfaces.RSAPublicKey;
70
import java.util.List;
71
import javax.persistence.EntityTransaction;
72
import org.apache.log4j.Logger;
73
import org.bouncycastle.util.encoders.Base64;
74
import org.hibernate.exception.ConstraintViolationException;
75
import com.eucalyptus.auth.principal.AccountFullName;
76
import com.eucalyptus.auth.principal.UserFullName;
77
import com.eucalyptus.cloud.util.DuplicateMetadataException;
78
import com.eucalyptus.cloud.util.MetadataCreationException;
79
import com.eucalyptus.cloud.util.MetadataException;
80
import com.eucalyptus.cloud.util.NoSuchMetadataException;
81
import com.eucalyptus.crypto.Certs;
82
import com.eucalyptus.entities.Entities;
83
import com.eucalyptus.entities.TransactionException;
84
import com.eucalyptus.entities.Transactions;
85
import com.eucalyptus.records.Logs;
86
import com.eucalyptus.util.OwnerFullName;
88
public class KeyPairs {
89
private static Logger LOG = Logger.getLogger( KeyPairs.class );
90
private static SshKeyPair NO_KEY = SshKeyPair.noKey( );
91
public static String NO_KEY_NAME = "";
93
public static SshKeyPair noKey( ) {
97
public static List<SshKeyPair> list( OwnerFullName ownerFullName ) throws NoSuchMetadataException {
99
return Transactions.findAll( SshKeyPair.named( ownerFullName, null ) );
100
} catch ( Exception e ) {
101
throw new NoSuchMetadataException( "Failed to find key pairs for " + ownerFullName, e );
105
public static SshKeyPair lookup( OwnerFullName ownerFullName, String keyName ) throws NoSuchMetadataException {
107
return Transactions.find( new SshKeyPair( ownerFullName, keyName ) );
108
} catch ( Exception e ) {
109
throw new NoSuchMetadataException( "Failed to find key pair: " + keyName + " for " + ownerFullName, e );
113
public static void delete( OwnerFullName ownerFullName, String keyName ) throws NoSuchMetadataException {
114
EntityTransaction db = Entities.get( SshKeyPair.class );
116
SshKeyPair entity = Entities.uniqueResult( SshKeyPair.named( ownerFullName, keyName ) );
117
Entities.delete( entity );
119
} catch ( Exception ex ) {
120
Logs.exhaust( ).error( ex, ex );
122
throw new NoSuchMetadataException( "Failed to find key pair: " + keyName + " for " + ownerFullName, ex );
126
public static SshKeyPair fromPublicKey( OwnerFullName ownerFullName, String keyValue ) throws NoSuchMetadataException {
128
return Transactions.find( SshKeyPair.withPublicKey( ownerFullName, keyValue ) );
129
} catch ( Exception e ) {
130
throw new NoSuchMetadataException( "Failed to find key pair with public key: " + keyValue + " for " + ownerFullName, e );
135
public static PrivateKey create( UserFullName userName, String keyName ) throws MetadataException, TransactionException {
136
SshKeyPair newKey = SshKeyPair.create( userName, keyName );
137
KeyPair newKeys = null;
139
newKeys = Certs.generateKeyPair( );
140
String authKeyString = KeyPairs.getAuthKeyString( userName, keyName, newKeys );
141
newKey.setPublicKey( authKeyString );
142
newKey.setFingerPrint( Certs.getFingerPrint( newKeys.getPrivate( ) ) );
143
} catch ( Exception e ) {
144
throw new MetadataCreationException( "KeyPair generation error: Key pair creation failed.", e );
147
Transactions.save( newKey );
148
} catch ( ConstraintViolationException ex ) {
149
throw new DuplicateMetadataException( "Keypair already exists: " + keyName + ": " + ex.getMessage( ), ex );
151
return newKeys.getPrivate( );
154
private static String getAuthKeyString( UserFullName userName, String keyName, KeyPair newKeys ) {
155
RSAPublicKey publicKey = ( RSAPublicKey ) newKeys.getPublic( );
156
byte[] keyType = "ssh-rsa".getBytes( );
157
byte[] expBlob = publicKey.getPublicExponent( ).toByteArray( );
158
byte[] modBlob = publicKey.getModulus( ).toByteArray( );
159
byte[] authKeyBlob = new byte[3 * 4 + keyType.length + expBlob.length + modBlob.length];
161
byte[] lenArray = null;
162
lenArray = BigInteger.valueOf( keyType.length ).toByteArray( );
163
System.arraycopy( lenArray, 0, authKeyBlob, 4 - lenArray.length, lenArray.length );
164
System.arraycopy( keyType, 0, authKeyBlob, 4, keyType.length );
166
lenArray = BigInteger.valueOf( expBlob.length ).toByteArray( );
167
System.arraycopy( lenArray, 0, authKeyBlob, 4 + keyType.length + 4 - lenArray.length, lenArray.length );
168
System.arraycopy( expBlob, 0, authKeyBlob, 4 + ( 4 + keyType.length ), expBlob.length );
170
lenArray = BigInteger.valueOf( modBlob.length ).toByteArray( );
171
System.arraycopy( lenArray, 0, authKeyBlob, 4 + expBlob.length + 4 + keyType.length + 4 - lenArray.length, lenArray.length );
172
System.arraycopy( modBlob, 0, authKeyBlob, 4 + ( 4 + expBlob.length + ( 4 + keyType.length ) ), modBlob.length );
174
String authKeyString = String.format( "%s %s %s@eucalyptus.%s", new String( keyType ), new String( Base64.encode( authKeyBlob ) ), userName.getAccountNumber( ), keyName );
175
return authKeyString;