From bd3b9958a66c97396ec5df6e56e8028358560971 Mon Sep 17 00:00:00 2001
From: Doug Kelly <dougk.ff7@gmail.com>
Date: Mon, 9 Nov 2015 09:48:25 -0800
Subject: [PATCH] Simple tool for converting SSH keys

If SSH keys are created without Bouncy Castle, the keys are stored in
a non-standard format. These can be read back in and converted back to
standard OpenSSH format through the use of this tool.  This may be used
by anyone trying to support new key types after installing Bouncy
Castle.

Change-Id: I52c00fcd44a55c855b5e3a6ebac1283f860e08b8
---
 contrib/convertkey/pom.xml                    | 89 +++++++++++++++++++
 .../gerrit/convertkey/ConvertKey.java         | 73 +++++++++++++++
 2 files changed, 162 insertions(+)
 create mode 100644 contrib/convertkey/pom.xml
 create mode 100644 contrib/convertkey/src/main/java/com/googlesource/gerrit/convertkey/ConvertKey.java

diff --git a/contrib/convertkey/pom.xml b/contrib/convertkey/pom.xml
new file mode 100644
index 0000000000..bc71b9ee2b
--- /dev/null
+++ b/contrib/convertkey/pom.xml
@@ -0,0 +1,89 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.googlesource.gerrit</groupId>
+  <artifactId>convertkey</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <packaging>jar</packaging>
+
+  <name>convertkey</name>
+  <url>http://maven.apache.org</url>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <version>2.8</version>
+        <executions>
+          <execution>
+            <id>copy-dependencies</id>
+            <phase>prepare-package</phase>
+            <goals>
+              <goal>copy-dependencies</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>${project.build.directory}/lib</outputDirectory>
+              <overWriteReleases>false</overWriteReleases>
+              <overWriteSnapshots>false</overWriteSnapshots>
+              <overWriteIfNewer>true</overWriteIfNewer>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <version>2.4</version>
+        <configuration>
+          <archive>
+            <manifest>
+              <addClasspath>true</addClasspath>
+              <classpathPrefix>lib/</classpathPrefix>
+              <mainClass>com.googlesource.gerrit.convertkey.ConvertKey</mainClass>
+            </manifest>
+          </archive>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sshd</groupId>
+      <artifactId>sshd-core</artifactId>
+      <version>0.14.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+      <version>1.52</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+      <version>1.52</version>
+    </dependency>
+    <dependency>
+      <groupId>com.jcraft</groupId>
+      <artifactId>jsch</artifactId>
+      <version>0.1.53</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-nop</artifactId>
+      <version>1.7.12</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/contrib/convertkey/src/main/java/com/googlesource/gerrit/convertkey/ConvertKey.java b/contrib/convertkey/src/main/java/com/googlesource/gerrit/convertkey/ConvertKey.java
new file mode 100644
index 0000000000..5c6ef58acb
--- /dev/null
+++ b/contrib/convertkey/src/main/java/com/googlesource/gerrit/convertkey/ConvertKey.java
@@ -0,0 +1,73 @@
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.convertkey;
+
+import com.jcraft.jsch.HostKey;
+import com.jcraft.jsch.JSchException;
+
+import org.apache.sshd.common.util.Buffer;
+import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
+
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.KeyPair;
+import java.security.GeneralSecurityException;
+
+public class ConvertKey {
+  public static void main(String[] args)
+      throws GeneralSecurityException, JSchException, IOException {
+    SimpleGeneratorHostKeyProvider p;
+
+    if (args.length != 1) {
+      System.err.println("Error: requires path to the SSH host key");
+      return;
+    } else {
+      File file = new File(args[0]);
+      if (!file.exists() || !file.isFile() || !file.canRead()) {
+        System.err.println("Error: ssh key should exist and be readable");
+        return;
+      }
+    }
+
+    p = new SimpleGeneratorHostKeyProvider();
+    // Gerrit's SSH "simple" keys are always RSA.
+    p.setPath(args[0]);
+    p.setAlgorithm("RSA");
+    Iterable<KeyPair> keys = p.loadKeys(); // forces the key to generate.
+    for (KeyPair k : keys) {
+      System.out.println("Public Key (" + k.getPublic().getAlgorithm() + "):");
+      // From Gerrit's SshDaemon class; use JSch to get the public
+      // key/type
+      final Buffer buf = new Buffer();
+      buf.putRawPublicKey(k.getPublic());
+      final byte[] keyBin = buf.getCompactData();
+      HostKey pub = new HostKey("localhost", keyBin);
+      System.out.println(pub.getType() + " " + pub.getKey());
+      System.out.println("Private Key:");
+      // Use Bouncy Castle to write the private key back in PEM format
+      // (PKCS#1)
+      // http://stackoverflow.com/questions/25129822/export-rsa-public-key-to-pem-string-using-java
+      StringWriter privout = new StringWriter();
+      JcaPEMWriter privWriter = new JcaPEMWriter(privout);
+      privWriter.writeObject(k.getPrivate());
+      privWriter.close();
+      System.out.println(privout);
+    }
+  }
+
+}