/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key /// </summary> public static void addConfirmConstraint(this ISshKey aKey) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; aKey.AddConstraint(constraint); }
/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key /// </summary> public static void addLifetimeConstraint(this ISshKey aKey, uint aLifetime) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME; constraint.Data = aLifetime; aKey.AddConstraint(constraint); }
public void AddConstraint(Agent.KeyConstraint aConstraint) { if ((aConstraint.Data == null && aConstraint.Type.GetDataType() != null) || (aConstraint.Data != null && aConstraint.Data.GetType() != aConstraint.Type.GetDataType())) { throw new ArgumentException("Malformed constraint", "aConstraint"); } keyConstraints.Add(aConstraint); }
public void TestAddConstrainedKey() { var agentClient = new TestAgentClient(); agentClient.Agent.ConfirmUserPermissionCallback = delegate { return true; }; Agent.KeyConstraint constraint; List<Agent.KeyConstraint> constraints = new List<Agent.KeyConstraint>(); constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; constraints.Add(constraint); agentClient.AddKey(rsaKey, constraints); Assert.That(agentClient.Agent.KeyCount, Is.EqualTo(1)); Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.Count, Is.EqualTo(1)); Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.First().Type, Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM)); constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME; constraint.Data = (uint)10; constraints.Clear(); constraints.Add(constraint); agentClient.AddKey(rsaKey, constraints); Assert.That(agentClient.Agent.KeyCount, Is.EqualTo(1)); Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.Count, Is.EqualTo(1)); Assert.That(agentClient.Agent.GetAllKeys().First().Constraints.First().Type, Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME)); }
/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key /// </summary> public static void addLifetimeConstraint(this ISshKey aKey, uint aLifetime) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME; constraint.Data = aLifetime; aKey.AddConstraint(constraint); }
private void PageantAgent_KeyAdded(object sender,SshKeyEventArgs e) { if (Options.AlwaysConfirm && !e.Key.HasConstraint( Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM)) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; e.Key.AddConstraint(constraint); } }
/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key /// </summary> public static void addConfirmConstraint(this ISshKey aKey) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; aKey.AddConstraint(constraint); }
/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM constraint to key /// </summary> public static void addConfirmConstraint(this ICollection<Agent.KeyConstraint> aKeyCollection) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; aKeyCollection.Add(constraint); }
/// <summary> /// Adds Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME constraint to key /// </summary> public static void addLifetimeConstraint(this ICollection<Agent.KeyConstraint> aKeyCollection, uint aLifetime) { var constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME; constraint.Data = aLifetime; aKeyCollection.Add(constraint); }
public void TestAnswerSSH2_AGENTC_SIGN_REQUEST() { const string signatureData = "this is the data that gets signed"; byte[] signatureDataBytes = Encoding.UTF8.GetBytes(signatureData); BlobBuilder builder = new BlobBuilder(); Agent agent = new TestAgent(allKeys); Agent.BlobHeader header; byte[] signatureBlob; BlobParser signatureParser; string algorithm; byte[] signature; ISigner signer; bool signatureOk; BigInteger r, s; DerSequence seq; /* test signatures */ foreach (ISshKey key in allKeys.Where(key => key.Version == SshVersion.SSH2)) { builder.Clear(); builder.AddBlob(key.GetPublicKeyBlob()); builder.AddStringBlob(signatureData); builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST); PrepareMessage(builder); agent.AnswerMessage(stream); RewindStream(); /* check that proper response type was received */ header = parser.ReadHeader(); Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE)); signatureBlob = parser.ReadBlob(); signatureParser = new BlobParser(signatureBlob); algorithm = signatureParser.ReadString(); Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString())); signature = signatureParser.ReadBlob(); if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA) { Assert.That(signature.Length == key.Size / 8); } else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS) { Assert.That(signature.Length, Is.EqualTo(40)); r = new BigInteger(1, signature, 0, 20); s = new BigInteger(1, signature, 20, 20); seq = new DerSequence(new DerInteger(r), new DerInteger(s)); signature = seq.GetDerEncoded(); } else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 || key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 || key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521) { Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8)); Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10)); BlobParser sigParser = new BlobParser(signature); r = new BigInteger(sigParser.ReadBlob()); s = new BigInteger(sigParser.ReadBlob()); seq = new DerSequence(new DerInteger(r), new DerInteger(s)); signature = seq.GetDerEncoded(); } else if (key.Algorithm == PublicKeyAlgorithm.ED25519) { Assert.That(signature.Length, Is.EqualTo(64)); } signer = key.GetSigner(); signer.Init(false, key.GetPublicKeyParameters()); signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length); signatureOk = signer.VerifySignature(signature); Assert.That(signatureOk, Is.True, "invalid signature"); Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4)); } /* test DSA key old signature format */ builder.Clear(); builder.AddBlob(dsaKey.GetPublicKeyBlob()); builder.AddStringBlob(signatureData); builder.AddInt((uint)Agent.SignRequestFlags.SSH_AGENT_OLD_SIGNATURE); builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST); PrepareMessage(builder); agent.AnswerMessage(stream); RewindStream(); header = parser.ReadHeader(); Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE)); signatureBlob = parser.ReadBlob(); signatureParser = new BlobParser(signatureBlob); signature = signatureParser.ReadBlob(); Assert.That(signature.Length == 40); r = new BigInteger(1, signature, 0, 20); s = new BigInteger(1, signature, 20, 20); seq = new DerSequence(new DerInteger(r), new DerInteger(s)); signature = seq.GetDerEncoded(); signer = dsaKey.GetSigner(); signer.Init(false, dsaKey.GetPublicKeyParameters()); signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length); signatureOk = signer.VerifySignature(signature); Assert.That(signatureOk, Is.True, "invalid signature"); Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4)); /* test key not found */ agent = new TestAgent(); builder.Clear(); builder.AddBlob(dsaKey.GetPublicKeyBlob()); builder.AddStringBlob(signatureData); builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST); PrepareMessage(builder); agent.AnswerMessage(stream); RewindStream(); Agent.BlobHeader header2 = parser.ReadHeader(); Assert.That(header2.BlobLength, Is.EqualTo(1)); Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE)); /* test confirm constraint */ agent = new TestAgent(); Agent.KeyConstraint testConstraint = new Agent.KeyConstraint(); testConstraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM; SshKey testKey = dsaKey.Clone(); bool confirmCallbackReturnValue = false; agent.ConfirmUserPermissionCallback = delegate(ISshKey k, Process p) { return confirmCallbackReturnValue; }; testKey.AddConstraint(testConstraint); agent.AddKey(testKey); builder.Clear(); builder.AddBlob(dsaKey.GetPublicKeyBlob()); builder.AddStringBlob(signatureData); builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST); PrepareMessage(builder); agent.AnswerMessage(stream); RewindStream(); header2 = parser.ReadHeader(); Assert.That(header2.BlobLength, Is.EqualTo(1)); Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE)); confirmCallbackReturnValue = true; PrepareMessage(builder); agent.AnswerMessage(stream); RewindStream(); header2 = parser.ReadHeader(); Assert.That(header2.BlobLength, Is.Not.EqualTo(1)); Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE)); }
public void TestOnKeyListChanged() { Agent agent = new TestAgent(); /* test that key with lifetime constraint is automatically removed * * after lifetime expires */ AsymmetricCipherKeyPair keyPair = new AsymmetricCipherKeyPair(rsaKey.GetPublicKeyParameters(), rsaKey.GetPrivateKeyParameters()); ISshKey key = new SshKey(SshVersion.SSH2, keyPair); Agent.KeyConstraint constraint = new Agent.KeyConstraint(); constraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME; constraint.Data = (UInt32)1; key.AddConstraint(constraint); agent.AddKey(key); Thread.Sleep(500); Assert.That(agent.GetAllKeys().Count, Is.EqualTo(1)); Thread.Sleep(1000); Assert.That(agent.GetAllKeys().Count, Is.EqualTo(0)); }