opendev
/
gerrit
Code Issues Proposed changes

Simple tool for converting SSH keys 

If SSH keys are created without Bouncy Castle, the keys are stored in
a non-standard format. These can be read back in and converted back to
standard OpenSSH format through the use of this tool.  This may be used
by anyone trying to support new key types after installing Bouncy
Castle.

Change-Id: I52c00fcd44a55c855b5e3a6ebac1283f860e08b8
This commit is contained in:
Doug Kelly 2015-11-09 09:48:25 -08:00
parent 6add9edc1e
commit bd3b9958a6
2 changed files with 162 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
contrib/convertkey/pom.xml Normal file
View File

@ -0,0 +1,89 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.googlesource.gerrit</groupId>
<artifactId>convertkey</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>convertkey</name>
<url>http://maven.apache.org</url>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.8</version>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>prepare-package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
<overWriteReleases>false</overWriteReleases>
<overWriteSnapshots>false</overWriteSnapshots>
<overWriteIfNewer>true</overWriteIfNewer>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<classpathPrefix>lib/</classpathPrefix>
<mainClass>com.googlesource.gerrit.convertkey.ConvertKey</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<version>0.14.0</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.52</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.52</version>
</dependency>
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.53</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-nop</artifactId>
<version>1.7.12</version>
</dependency>
</dependencies>
</project>

73
contrib/convertkey/src/main/java/com/googlesource/gerrit/convertkey/ConvertKey.java Normal file
View File

@ -0,0 +1,73 @@
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.googlesource.gerrit.convertkey;
import com.jcraft.jsch.HostKey;
import com.jcraft.jsch.JSchException;
import org.apache.sshd.common.util.Buffer;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.GeneralSecurityException;
public class ConvertKey {
public static void main(String[] args)
throws GeneralSecurityException, JSchException, IOException {
SimpleGeneratorHostKeyProvider p;
if (args.length != 1) {
System.err.println("Error: requires path to the SSH host key");
return;
} else {
File file = new File(args[0]);
if (!file.exists() || !file.isFile() || !file.canRead()) {
System.err.println("Error: ssh key should exist and be readable");
return;
}
}
p = new SimpleGeneratorHostKeyProvider();
// Gerrit's SSH "simple" keys are always RSA.
p.setPath(args[0]);
p.setAlgorithm("RSA");
Iterable<KeyPair> keys = p.loadKeys(); // forces the key to generate.
for (KeyPair k : keys) {
System.out.println("Public Key (" + k.getPublic().getAlgorithm() + "):");
// From Gerrit's SshDaemon class; use JSch to get the public
// key/type
final Buffer buf = new Buffer();
buf.putRawPublicKey(k.getPublic());
final byte[] keyBin = buf.getCompactData();
HostKey pub = new HostKey("localhost", keyBin);
System.out.println(pub.getType() + " " + pub.getKey());
System.out.println("Private Key:");
// Use Bouncy Castle to write the private key back in PEM format
// (PKCS#1)
// http://stackoverflow.com/questions/25129822/export-rsa-public-key-to-pem-string-using-java
StringWriter privout = new StringWriter();
JcaPEMWriter privWriter = new JcaPEMWriter(privout);
privWriter.writeObject(k.getPrivate());
privWriter.close();
System.out.println(privout);
}
}
}