Skip to content

Commit 64aaa86

Browse files
xflordxflord
committed
feat(core): bulk-up public ssh key validation
* validation of public ssh keys in the attributes now also includes a call of ssh-keygen * this should catch some edge case invalid keys * extracted the validation method to RPC to call from WUI DEPLOYMENT NOTE: the `ssh-keygen` tool has to be available on instance machines
1 parent fb3efba commit 64aaa86

File tree

10 files changed

+449
-264
lines changed

10 files changed

+449
-264
lines changed

perun-base/src/main/java/cz/metacentrum/perun/core/api/exceptions/SSHKeyNotValidException.java

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
package cz.metacentrum.perun.core.api.exceptions;
2+
3+
/**
4+
* Validation of SSH key failed for some reason
5+
*
6+
* @author David Flor <[email protected]>
7+
*/
8+
public class SSHKeyNotValidException extends PerunException {
9+
10+
/**
11+
* Simple constructor with a message
12+
* @param message message with details about the cause
13+
*/
14+
public SSHKeyNotValidException(String message) {
15+
super(message);
16+
}
17+
18+
/**
19+
* Constructor with a message and Throwable object
20+
* @param message message with details about the cause
21+
* @param cause Throwable that caused throwing of this exception
22+
*/
23+
public SSHKeyNotValidException(String message, Throwable cause) {
24+
super(message, cause);
25+
}
26+
27+
/**
28+
* Constructor with a Throwable object
29+
* @param cause Throwable that caused throwing of this exception
30+
*/
31+
public SSHKeyNotValidException(Throwable cause) {
32+
super(cause);
33+
}
34+
}

perun-core/src/main/java/cz/metacentrum/perun/core/api/UsersManager.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
import cz.metacentrum.perun.core.api.exceptions.RelationExistsException;
2626
import cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException;
2727
import cz.metacentrum.perun.core.api.exceptions.ResourceNotExistsException;
28+
import cz.metacentrum.perun.core.api.exceptions.SSHKeyNotValidException;
2829
import cz.metacentrum.perun.core.api.exceptions.ServiceNotExistsException;
2930
import cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException;
3031
import cz.metacentrum.perun.core.api.exceptions.SpecificUserExpectedException;
@@ -1337,6 +1338,15 @@ List<RichUser> findRichUsersWithoutSpecificVoWithAttributes(PerunSession sess, V
13371338
*/
13381339
String validatePreferredEmailChange(PerunSession sess, User user, String token) throws PrivilegeException, UserNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, WrongReferenceAttributeValueException, WrongAttributeValueException;
13391340

1341+
/**
1342+
* Validate ssh public key, throws exception if validation fails
1343+
*
1344+
* @param sess sess
1345+
* @param sshKey ssh public key to verify
1346+
* @throws SSHKeyNotValidException when validation fails
1347+
*/
1348+
void validateSSHKey(PerunSession sess, String sshKey) throws SSHKeyNotValidException;
1349+
13401350
/**
13411351
* Return list of email addresses of user, which are
13421352
* awaiting validation and are inside time window

perun-core/src/main/java/cz/metacentrum/perun/core/bl/UsersManagerBl.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
import cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException;
4646
import cz.metacentrum.perun.core.api.exceptions.RelationExistsException;
4747
import cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException;
48+
import cz.metacentrum.perun.core.api.exceptions.SSHKeyNotValidException;
4849
import cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException;
4950
import cz.metacentrum.perun.core.api.exceptions.SpecificUserOwnerAlreadyRemovedException;
5051
import cz.metacentrum.perun.core.api.exceptions.UserAlreadyRemovedException;
@@ -1519,6 +1520,15 @@ void deletePassword(PerunSession sess, User user, String loginNamespace)
15191520
*/
15201521
String validatePreferredEmailChange(PerunSession sess, User user, String token) throws WrongAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, WrongReferenceAttributeValueException;
15211522

1523+
/**
1524+
* Validate ssh public key, throws exception if validation fails
1525+
*
1526+
* @param sess sess
1527+
* @param sshKey ssh public key to verify
1528+
* @throws SSHKeyNotValidException when validation fails
1529+
*/
1530+
void validateSSHKey(PerunSession sess, String sshKey) throws SSHKeyNotValidException;
1531+
15221532
/**
15231533
* Return list of email addresses of user, which are
15241534
* awaiting validation and are inside time window

perun-core/src/main/java/cz/metacentrum/perun/core/blImpl/UsersManagerBlImpl.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@
7070
import cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException;
7171
import cz.metacentrum.perun.core.api.exceptions.RelationExistsException;
7272
import cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException;
73+
import cz.metacentrum.perun.core.api.exceptions.SSHKeyNotValidException;
7374
import cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException;
7475
import cz.metacentrum.perun.core.api.exceptions.SpecificUserOwnerAlreadyRemovedException;
7576
import cz.metacentrum.perun.core.api.exceptions.UserAlreadyRemovedException;
@@ -92,6 +93,7 @@
9293
import cz.metacentrum.perun.core.bl.PerunBl;
9394
import cz.metacentrum.perun.core.bl.UsersManagerBl;
9495
import cz.metacentrum.perun.core.impl.PerunSessionImpl;
96+
import cz.metacentrum.perun.core.impl.SSHValidator;
9597
import cz.metacentrum.perun.core.impl.Utils;
9698
import cz.metacentrum.perun.core.impl.modules.pwdmgr.GenericPasswordManagerModule;
9799
import cz.metacentrum.perun.core.implApi.UsersManagerImplApi;
@@ -1910,6 +1912,11 @@ public String validatePreferredEmailChange(PerunSession sess, User user, String
19101912
return email;
19111913
}
19121914

1915+
@Override
1916+
public void validateSSHKey(PerunSession sess, String sshKey) throws SSHKeyNotValidException {
1917+
Utils.validateSSHPublicKey(sshKey);
1918+
}
1919+
19131920
@Override
19141921
public List<String> getPendingPreferredEmailChanges(PerunSession sess, User user) throws WrongAttributeAssignmentException, AttributeNotExistsException {
19151922

perun-core/src/main/java/cz/metacentrum/perun/core/entry/UsersManagerEntry.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@
5858
import cz.metacentrum.perun.core.api.exceptions.RelationExistsException;
5959
import cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException;
6060
import cz.metacentrum.perun.core.api.exceptions.ResourceNotExistsException;
61+
import cz.metacentrum.perun.core.api.exceptions.SSHKeyNotValidException;
6162
import cz.metacentrum.perun.core.api.exceptions.ServiceNotExistsException;
6263
import cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException;
6364
import cz.metacentrum.perun.core.api.exceptions.SpecificUserExpectedException;
@@ -1560,6 +1561,13 @@ public String validatePreferredEmailChange(PerunSession sess, User user, String
15601561
return getPerunBl().getUsersManagerBl().validatePreferredEmailChange(sess, user, token);
15611562
}
15621563

1564+
@Override
1565+
public void validateSSHKey(PerunSession sess, String sshKey) throws SSHKeyNotValidException {
1566+
Utils.checkPerunSession(sess);
1567+
1568+
getPerunBl().getUsersManagerBl().validateSSHKey(sess, sshKey);
1569+
}
1570+
15631571
@Override
15641572
public List<String> getPendingPreferredEmailChanges(PerunSession sess, User user) throws PrivilegeException, UserNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException {
15651573

0 commit comments

Comments
 (0)