Merge pull request #346 from FlowCI/feature/1426

Feature/1426

Author: gy2006

core/src/main/java/com/flowci/core/common/helper/CipherHelper.java

@@ -23,23 +23,21 @@
 import com.jcraft.jsch.JSch;
 import com.jcraft.jsch.JSchException;
 import com.jcraft.jsch.KeyPair;
+import sun.security.util.DerInputStream;
+import sun.security.util.DerValue;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.*;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Base64;
-import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerValue;
 
 public abstract class CipherHelper {
 
@@ -100,8 +98,29 @@ public static String decrypt(String encrypted, String privateKey) {
             }
         }
 
+        public static String fingerprintMd5(String publicKey) throws NoSuchAlgorithmException {
+            String derFormat = publicKey.split(" ")[1].trim();
+            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
+            byte[] digest = messageDigest.digest(Base64.getDecoder().decode(derFormat));
+            final StringBuilder toRet = new StringBuilder();
+            for (int i = 0; i < digest.length; i++) {
+                if (i != 0) {
+                    toRet.append(":");
+                }
+
+                int b = digest[i] & 0xff;
+                String hex = Integer.toHexString(b);
+
+                if (hex.length() == 1) {
+                    toRet.append("0");
+                }
+                toRet.append(hex);
+            }
+            return toRet.toString();
+        }
+
         private static PrivateKey toPrivateKey(String key)
-            throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+                throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
             KeyFactory keyFactory = KeyFactory.getInstance("RSA");
 
             String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
@@ -121,7 +140,7 @@ private static PrivateKey toPrivateKey(String key)
             BigInteger crtCoef = seq[8].getBigInteger();
 
             RSAPrivateCrtKeySpec keySpec =
-                new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
+                    new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
 
             return keyFactory.generatePrivate(keySpec);
         }
@@ -130,7 +149,7 @@ private static PrivateKey toPrivateKey(String key)
          * from <type><space><base64data><space><comment> to public key
          */
         private static PublicKey toPublicKey(String sshPublicKey)
-            throws NoSuchAlgorithmException, InvalidKeySpecException {
+                throws NoSuchAlgorithmException, InvalidKeySpecException {
             String[] line = sshPublicKey.trim().split(" ", 3);
             String type = line[0];
             String content = line[1];

core/src/main/java/com/flowci/core/secret/domain/RSASecret.java

@@ -33,6 +33,8 @@ public final class RSASecret extends Secret {
 
     private SimpleKeyPair pair;
 
+    private String md5Fingerprint;
+
     public RSASecret() {
         this.pair = new SimpleKeyPair();
         this.setCategory(Category.SSH_RSA);

core/src/main/java/com/flowci/core/secret/service/SecretServiceImpl.java

@@ -31,13 +31,15 @@
 import com.flowci.domain.SimpleKeyPair;
 import com.flowci.exception.DuplicateException;
 import com.flowci.exception.NotFoundException;
+import com.flowci.exception.StatusException;
 import com.flowci.util.StringHelper;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.event.EventListener;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Service;
 
+import java.security.NoSuchAlgorithmException;
 import java.util.List;
 import java.util.Optional;
 
@@ -94,20 +96,20 @@ public SimpleKeyPair genRSA() {
     public RSASecret createRSA(String name) {
         String email = sessionManager.get().getEmail();
         SimpleKeyPair pair = CipherHelper.RSA.gen(email);
-
-        RSASecret rsaCredential = new RSASecret();
-        rsaCredential.setName(name);
-        rsaCredential.setPair(pair);
-
-        return save(rsaCredential);
+        return createRSA(name, pair);
     }
 
     @Override
     public RSASecret createRSA(String name, SimpleKeyPair pair) {
-        RSASecret rsaCredential = new RSASecret();
-        rsaCredential.setName(name);
-        rsaCredential.setPair(pair);
-        return save(rsaCredential);
+        try {
+            RSASecret secret = new RSASecret();
+            secret.setName(name);
+            secret.setPair(pair);
+            secret.setMd5Fingerprint(CipherHelper.RSA.fingerprintMd5(pair.getPublicKey()));
+            return save(secret);
+        } catch (NoSuchAlgorithmException e) {
+            throw new StatusException("failed to generate fingerprint");
+        }
     }
 
     @Override

core/src/test/java/com/flowci/core/test/common/CipherHelperTest.java

@@ -20,10 +20,17 @@
 import com.flowci.core.common.helper.CipherHelper;
 import com.flowci.core.common.helper.CipherHelper.RSA;
 import com.flowci.domain.SimpleKeyPair;
+import com.flowci.util.StringHelper;
 import com.google.common.base.Strings;
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.NoSuchAlgorithmException;
+
+import static com.flowci.core.common.helper.CipherHelper.RSA.fingerprintMd5;
+
 public class CipherHelperTest {
 
     private final String source = "!@#!@#!@1fsd";
@@ -53,4 +60,11 @@ public void should_encrypt_decrypt_by_rsa() {
 
         Assert.assertEquals(source, decrypted);
     }
+
+    @Test
+    public void should_create_public_key_fingerprint() throws IOException, NoSuchAlgorithmException {
+        InputStream in = CipherHelper.class.getClassLoader().getResourceAsStream("pk_fingerprint");
+        String publicKey = StringHelper.toString(in);
+        Assert.assertEquals("09:e6:ce:d3:ba:a3:ee:75:9e:96:7b:55:12:85:c6:4e", fingerprintMd5(publicKey));
+    }
 }

core/src/test/java/com/flowci/core/test/secret/SecretServiceTest.java

@@ -57,9 +57,10 @@ public void should_create_rsa_secret() {
         Secret loaded = secretService.get("hello.rsa");
         Assert.assertTrue(loaded instanceof RSASecret);
 
-        RSASecret keyPair = (RSASecret) loaded;
-        Assert.assertFalse(Strings.isNullOrEmpty(keyPair.getPublicKey()));
-        Assert.assertFalse(Strings.isNullOrEmpty(keyPair.getPrivateKey()));
+        RSASecret secret = (RSASecret) loaded;
+        Assert.assertFalse(Strings.isNullOrEmpty(secret.getPublicKey()));
+        Assert.assertFalse(Strings.isNullOrEmpty(secret.getPrivateKey()));
+        Assert.assertNotNull(secret.getMd5Fingerprint());
     }
 
     @Test

core/src/test/resources/pk_fingerprint

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl7ATm/Rsk5jj8oQA3wxxqJFyeYHkcRHxzt+cNnfquwRugnnB0Hh8JBMACeG+es/14jI9tErh4oKGzTiEcCTnBe05C3MVNTbvtO6lP6rM4E+bSJwip2jNKYP7Ozofim2xgD55tGDdWQtBdDOiQWGQAvx+JDLPLGlWYoi1CBnC2zzVHtJCq9+eVhHvghDIjuO1+9iJUwkmh+38ABK2wMxugx46qaNHJuF1p/ncQCB9vb5c6mq3lZQH1usujMGWOH0jctoJVzXX8cJapROWPKombl0svO8+GKAG4FuLcrx+W7OSKCweKPgpnCloCp5Up/zzZeheG8gIYpQPiIvEEKLTb [email protected]