sftp: Simplify authentication with private key

Let ssh2 derive the public key from the private key. Much easier.
author: Joel Klinghed <the_jk@spawned.biz> 2024-10-31 22:38:03 +0100
committer: Joel Klinghed <the_jk@spawned.biz> 2024-10-31 22:40:33 +0100
commit: 284a09b19bc3be8849fc71acd0ad407c43ec7380 (patch)
tree: 616691547cf01371131aabd2585dc82b81da2826 /libs/sftp
parent: 542454c4056fb5361c982c5ecdd2aef38b9c6b9f (diff)
4 files changed, 9 insertions, 37 deletions
diff --git a/libs/sftp/src/main/cpp/sftp.cpp b/libs/sftp/src/main/cpp/sftp.cpp
index 1bc4fcb..3368c53 100644
--- a/libs/sftp/src/main/cpp/sftp.cpp
+++ b/libs/sftp/src/main/cpp/sftp.cpp
@@ -364,11 +364,10 @@ class SshSession {
                                         nullptr) == 0;
   }
 
-  bool Authenticate(const std::string& username, const std::vector<uint8_t>& public_key,
-                    const std::vector<uint8_t>& private_key, const std::string& passphrase) {
+  bool Authenticate(const std::string& username, const std::vector<uint8_t>& private_key, const std::string& passphrase) {
     return libssh2_userauth_publickey_frommemory(
         session_.get(), username.data(), username.size(),
-        reinterpret_cast<const char*>(public_key.data()), public_key.size(),
+        nullptr, 0,
         reinterpret_cast<const char*>(private_key.data()), private_key.size(),
         passphrase.c_str()) == 0;
   }
@@ -425,13 +424,11 @@ jbyteArray nativeSshSessionHandshake(JNIEnv* env, jclass, jlong ptr) {
 }
 
 jboolean nativeSshSessionAuthenticate(JNIEnv* env, jclass, jlong ptr, jstring j_username,
-                                      jstring password, jbyteArray public_key,
-                                      jbyteArray private_key) {
+                                      jstring password, jbyteArray private_key) {
   auto username = jni::StringToUTF8(env, jni::ParamRef<jstring>(env, j_username));
-  if (public_key != nullptr && private_key != nullptr) {
+  if (private_key != nullptr) {
     return reinterpret_cast<SshSession*>(ptr)->Authenticate(
         username,
-        jni::ByteArrayToVector(env, jni::ParamRef<jbyteArray>(env, public_key)),
         jni::ByteArrayToVector(env, jni::ParamRef<jbyteArray>(env, private_key)),
         password != nullptr ? jni::StringToUTF8(env, jni::ParamRef<jstring>(env, password)) : "")
         ? JNI_TRUE : JNI_FALSE;
@@ -576,7 +573,7 @@ void RegisterSftp(JNIEnv* env) {
       { "nativeSshSessionGetLastError", "(J)Ljava/lang/String;", reinterpret_cast<void*>(&nativeSshSessionGetLastError) },
       { "nativeSshSessionConnect", "(JLjava/lang/String;I)Z", reinterpret_cast<void*>(&nativeSshSessionConnect) },
       { "nativeSshSessionHandshake", "(J)[B", reinterpret_cast<void*>(&nativeSshSessionHandshake) },
-      { "nativeSshSessionAuthenticate", "(JLjava/lang/String;Ljava/lang/String;[B[B)Z", reinterpret_cast<void*>(&nativeSshSessionAuthenticate) },
+      { "nativeSshSessionAuthenticate", "(JLjava/lang/String;Ljava/lang/String;[B)Z", reinterpret_cast<void*>(&nativeSshSessionAuthenticate) },
       { "nativeSshSessionNewSftpSession", "(J)J", reinterpret_cast<void*>(&nativeSshSessionNewSftpSession) },
 
       { "nativeSftpSessionDestroy", "(J)V", reinterpret_cast<void*>(&nativeSftpSessionDestroy) },
diff --git a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/NativeSftp.kt b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/NativeSftp.kt
index 52d7a0a..342076a 100644
--- a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/NativeSftp.kt
+++ b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/NativeSftp.kt
@@ -18,7 +18,7 @@ internal object NativeSftp {
         fun lastError(): String
         fun connect(host: String, port: Int = 22): Boolean
         fun handshake(): Fingerprint?
-        fun authenticate(username: String, password: String?, keyPair: KeyPair?): Boolean
+        fun authenticate(username: String, password: String?, privateKey: ByteArray?): Boolean
 
         fun newSftpSession(): SftpSession?
     }
@@ -87,29 +87,6 @@ internal object NativeSftp {
         }
     }
 
-    data class KeyPair(
-        val public: ByteArray,
-        val private: ByteArray,
-    ) {
-        override fun equals(other: Any?): Boolean {
-            if (this === other) return true
-            if (javaClass != other?.javaClass) return false
-
-            other as KeyPair
-
-            if (!public.contentEquals(other.public)) return false
-            if (!private.contentEquals(other.private)) return false
-
-            return true
-        }
-
-        override fun hashCode(): Int {
-            var result = public.contentHashCode()
-            result = 31 * result + private.contentHashCode()
-            return result
-        }
-    }
-
     private class NativeSshSession(private var ptr: Long): SshSession {
         override fun destroy() {
             if (ptr == 0L) return
@@ -133,9 +110,9 @@ internal object NativeSftp {
         override fun authenticate(
             username: String,
             password: String?,
-            keyPair: KeyPair?
+            privateKey: ByteArray?,
         ): Boolean {
-            return nativeSshSessionAuthenticate(ptr, username, password, keyPair?.public, keyPair?.private)
+            return nativeSshSessionAuthenticate(ptr, username, password, privateKey)
         }
 
         override fun newSftpSession(): SftpSession? {
@@ -263,7 +240,6 @@ internal object NativeSftp {
         ptr: Long,
         username: String,
         password: String?,
-        publicKey: ByteArray?,
         privateKey: ByteArray?,
     ): Boolean
     private external fun nativeSshSessionNewSftpSession(ptr: Long): Long
diff --git a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpConnection.kt b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpConnection.kt
index 5809186..43eb88a 100644
--- a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpConnection.kt
+++ b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpConnection.kt
@@ -85,7 +85,7 @@ internal class SftpConnection(uri: Uri, credentials: SftpCredentials) {
                 if (!sshSession.authenticate(
                         credentials.username,
                         credentials.passphrase ?: "",
-                        NativeSftp.KeyPair(credentials.publicKey, credentials.privateKey),
+                        credentials.privateKey,
                     )
                 ) return false
         }
diff --git a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpCredentials.kt b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpCredentials.kt
index 0097000..90f5bd1 100644
--- a/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpCredentials.kt
+++ b/libs/sftp/src/main/java/org/the_jk/cleversync/io/sftp/SftpCredentials.kt
@@ -6,7 +6,6 @@ sealed class SftpCredentials(
     class SftpPasswordCredentials(username: String, val password: String): SftpCredentials(username)
     class SftpKeyCredentials(
         username: String,
-        val publicKey: ByteArray,
         val privateKey: ByteArray,
         val passphrase: String?,
     ): SftpCredentials(username)
author	Joel Klinghed <the_jk@spawned.biz>	2024-10-31 22:38:03 +0100
committer	Joel Klinghed <the_jk@spawned.biz>	2024-10-31 22:40:33 +0100
commit	284a09b19bc3be8849fc71acd0ad407c43ec7380 (patch)
tree	616691547cf01371131aabd2585dc82b81da2826 /libs/sftp
parent	542454c4056fb5361c982c5ecdd2aef38b9c6b9f (diff)