public void run() throws IOException, InterruptedException { PrintWriter out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(),"UTF-8")),true); out.println("Welcome"); runCli(new Connection(socket)); }
/** * Upgrades a connection with transport encryption by the specified symmetric cipher. * * @return * A new {@link Connection} object that includes the transport encryption. */ public Connection encryptConnection(SecretKey sessionKey, String algorithm) throws IOException, GeneralSecurityException { Cipher cout = Cipher.getInstance(algorithm); cout.init(Cipher.ENCRYPT_MODE, sessionKey, new IvParameterSpec(sessionKey.getEncoded())); CipherOutputStream o = new CipherOutputStream(out, cout); Cipher cin = Cipher.getInstance(algorithm); cin.init(Cipher.DECRYPT_MODE, sessionKey, new IvParameterSpec(sessionKey.getEncoded())); CipherInputStream i = new CipherInputStream(in, cin); return new Connection(i,o); }
@Override public void run() throws IOException, InterruptedException { try { DataOutputStream out = new DataOutputStream(socket.getOutputStream()); out.writeUTF("Welcome"); // perform coin-toss and come up with a session key to encrypt data Connection c = new Connection(socket); byte[] secret = c.diffieHellman(true).generateSecret(); SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret,128/8),"AES"); c = c.encryptConnection(sessionKey,"AES/CFB8/NoPadding"); try { // HACK: TODO: move the transport support into modules Class<?> cls = Jenkins.getActiveInstance().pluginManager.uberClassLoader.loadClass("org.jenkinsci.main.modules.instance_identity.InstanceIdentity"); Object iid = cls.getDeclaredMethod("get").invoke(null); PrivateKey instanceId = (PrivateKey)cls.getDeclaredMethod("getPrivate").invoke(iid); // send a signature to prove our identity Signature signer = Signature.getInstance("SHA1withRSA"); signer.initSign(instanceId); signer.update(secret); c.writeByteArray(signer.sign()); } catch (ClassNotFoundException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { throw new Error(e); } runCli(c); } catch (GeneralSecurityException e) { throw new IOException("Failed to encrypt the CLI channel",e); } } }
@Override public void run() { cta.authenticate(protocol,channel,new Connection(c2s.getIn(), s2c.getOut())); } }.start();
Connection c = new Connection(SocketChannelStream.in(s),out);
/** * Authenticate ourselves against the server. * * @return * identity of the server represented as a public key. * @deprecated Specific to {@link Mode#REMOTING}. */ @Deprecated public PublicKey authenticate(Iterable<KeyPair> privateKeys) throws IOException, GeneralSecurityException { Pipe c2s = Pipe.createLocalToRemote(); Pipe s2c = Pipe.createRemoteToLocal(); entryPoint.authenticate("ssh",c2s, s2c); Connection c = new Connection(s2c.getIn(), c2s.getOut()); try { byte[] sharedSecret = c.diffieHellman(false).generateSecret(); PublicKey serverIdentity = c.verifyIdentity(sharedSecret); // try all the public keys for (KeyPair key : privateKeys) { c.proveIdentity(sharedSecret,key); if (c.readBoolean()) return serverIdentity; // succeeded } if (privateKeys.iterator().hasNext()) throw new GeneralSecurityException("Authentication failed. No private key accepted."); else throw new GeneralSecurityException("No private key is available for use in authentication"); } finally { c.close(); } }
public void run() throws IOException, InterruptedException { PrintWriter out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(),"UTF-8")),true); out.println("Welcome"); runCli(new Connection(socket)); }
@Override public void run() throws IOException, InterruptedException { try { DataOutputStream out = new DataOutputStream(socket.getOutputStream()); out.writeUTF("Welcome"); // perform coin-toss and come up with a session key to encrypt data Connection c = new Connection(socket); byte[] secret = c.diffieHellman(true).generateSecret(); SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret,128/8),"AES"); c = c.encryptConnection(sessionKey,"AES/CFB8/NoPadding"); try { // HACK: TODO: move the transport support into modules Class<?> cls = Jenkins.getActiveInstance().pluginManager.uberClassLoader.loadClass("org.jenkinsci.main.modules.instance_identity.InstanceIdentity"); Object iid = cls.getDeclaredMethod("get").invoke(null); PrivateKey instanceId = (PrivateKey)cls.getDeclaredMethod("getPrivate").invoke(iid); // send a signature to prove our identity Signature signer = Signature.getInstance("SHA1withRSA"); signer.initSign(instanceId); signer.update(secret); c.writeByteArray(signer.sign()); } catch (ClassNotFoundException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { throw new Error(e); } runCli(c); } catch (GeneralSecurityException e) { throw new IOException("Failed to encrypt the CLI channel",e); } } }
@Override public void run() { cta.authenticate(protocol,channel,new Connection(c2s.getIn(), s2c.getOut())); } }.start();