Add parameter to retrieve private key for mTLS.

Author: dkocher

cli/src/main/java/ch/cyberduck/cli/TerminalLoginService.java

@@ -27,9 +27,9 @@
 import ch.cyberduck.core.LoginOptions;
 import ch.cyberduck.core.PasswordStoreFactory;
 import ch.cyberduck.core.exception.ConnectionCanceledException;
-import ch.cyberduck.core.exception.LoginCanceledException;
 import ch.cyberduck.core.exception.LoginFailureException;
 import ch.cyberduck.core.preferences.PreferencesFactory;
+import ch.cyberduck.core.ssl.X509KeyManager;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.lang3.StringUtils;
@@ -44,7 +44,7 @@ public TerminalLoginService(final CommandLine input) {
     }
 
     @Override
-    public void validate(final Host bookmark, final LoginCallback prompt, final LoginOptions options) throws ConnectionCanceledException, LoginFailureException {
+    public void validate(final Host bookmark, final X509KeyManager keys, final LoginCallback prompt, final LoginOptions options) throws ConnectionCanceledException, LoginFailureException {
         final Credentials credentials = bookmark.getCredentials();
         if(input.hasOption(TerminalOptionsBuilder.Params.anonymous.name())) {
             credentials.setUsername(PreferencesFactory.get().getProperty("connection.login.anon.name"));
@@ -61,6 +61,6 @@ public void validate(final Host bookmark, final LoginCallback prompt, final Logi
         if(StringUtils.isNotBlank(credentials.getUsername()) && StringUtils.isNotBlank(credentials.getPassword())) {
             return;
         }
-        super.validate(bookmark, prompt, options);
+        super.validate(bookmark, keys, prompt, options);
     }
 }

core/src/main/java/ch/cyberduck/core/KeychainLoginService.java

@@ -36,18 +36,13 @@ public class KeychainLoginService implements LoginService {
 
     private final HostPasswordStore keychain;
 
-    public KeychainLoginService() {
-        this(PasswordStoreFactory.get());
-    }
-
     public KeychainLoginService(final HostPasswordStore keychain) {
         this.keychain = keychain;
     }
 
     @Override
-    public void validate(final Session<?> session, final LoginCallback prompt, final LoginOptions options) throws ConnectionCanceledException, LoginFailureException {
-        log.debug("Validate login credentials for {}", session);
-        final Host host = session.getHost();
+    public void validate(final Host host, final X509KeyManager keys, final LoginCallback prompt, final LoginOptions options) throws ConnectionCanceledException, LoginFailureException {
+        log.debug("Validate login credentials for {}", host);
         final Credentials credentials = host.getCredentials();
         if(credentials.isPublicKeyAuthentication()) {
             if(!credentials.getIdentity().attributes().getPermission().isReadable()) {
@@ -96,9 +91,8 @@ public void validate(final Session<?> session, final LoginCallback prompt, final
             if(options.certificate) {
                 final String alias = host.getCredentials().getCertificate();
                 if(StringUtils.isNotBlank(alias)) {
-                    final X509KeyManager manager = session.getFeature(X509KeyManager.class);
-                    if(manager != null) {
-                        if(null == manager.getPrivateKey(alias)) {
+                    if(keys != null) {
+                        if(null == keys.getPrivateKey(alias)) {
                             log.warn("No private key found for alias {} in keychain", alias);
                             throw new LoginFailureException(LocaleFactory.localizedString("Provide additional login credentials", "Credentials"));
                         }

core/src/main/java/ch/cyberduck/core/LoginConnectionService.java

@@ -24,6 +24,7 @@
 import ch.cyberduck.core.proxy.ProxyFactory;
 import ch.cyberduck.core.proxy.ProxyFinder;
 import ch.cyberduck.core.proxy.ProxyHostUrlProvider;
+import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.threading.CancelCallback;
 
 import org.apache.commons.lang3.StringUtils;
@@ -93,7 +94,7 @@ public boolean check(final Session<?> session, final CancelCallback callback) th
         }
         // Obtain password from keychain or prompt
         synchronized(login) {
-            login.validate(session, prompt, new LoginOptions(bookmark.getProtocol()));
+            login.validate(bookmark, session.getFeature(X509KeyManager.class), prompt, new LoginOptions(bookmark.getProtocol()));
         }
         this.connect(session, callback);
         return true;

core/src/main/java/ch/cyberduck/core/LoginService.java

@@ -21,17 +21,18 @@
 import ch.cyberduck.core.exception.ConnectionCanceledException;
 import ch.cyberduck.core.exception.LoginCanceledException;
 import ch.cyberduck.core.exception.LoginFailureException;
+import ch.cyberduck.core.ssl.X509KeyManager;
 import ch.cyberduck.core.threading.CancelCallback;
 
 public interface LoginService {
     /**
      * Obtain password from password store or prompt user for input
      *
-     * @param session Credentials
-     * @param pompt   Login prompt
+     * @param bookmark Credentials
+     * @param prompt   Login prompt
      * @param options Login mechanism features
      */
-    void validate(Session<?> session, LoginCallback pompt, LoginOptions options) throws ConnectionCanceledException, LoginFailureException;
+    void validate(Host bookmark, X509KeyManager keys, LoginCallback prompt, LoginOptions options) throws ConnectionCanceledException, LoginFailureException;
 
     /**
      * Login and prompt on failure

core/src/test/java/ch/cyberduck/core/KeychainLoginServiceTest.java

@@ -4,6 +4,7 @@
 import ch.cyberduck.core.exception.LoginCanceledException;
 import ch.cyberduck.core.preferences.PreferencesFactory;
 import ch.cyberduck.core.proxy.DisabledProxyFinder;
+import ch.cyberduck.core.ssl.DefaultX509KeyManager;
 import ch.cyberduck.core.threading.CancelCallback;
 
 import org.junit.Test;
@@ -51,7 +52,8 @@ else if(1 == i) {
     @Test(expected = LoginCanceledException.class)
     public void testCancel() throws Exception {
         LoginService l = new KeychainLoginService(new DisabledPasswordStore());
-        l.validate(new NullSession(new Host(new TestProtocol(), "h")), new DisabledLoginCallback(), new LoginOptions());
+        l.validate(new Host(new TestProtocol(), "h"),
+                new DefaultX509KeyManager(), new DisabledLoginCallback(), new LoginOptions());
     }
 
     @Test
@@ -68,7 +70,7 @@ public String findLoginPassword(final Host bookmark) {
         final Credentials credentials = new Credentials();
         credentials.setUsername("u");
         final Host host = new Host(new TestProtocol(), "test.cyberduck.ch", credentials);
-        l.validate(new NullSession(host), new DisabledLoginCallback(), new LoginOptions(host.getProtocol()));
+        l.validate(host, new DefaultX509KeyManager(), new DisabledLoginCallback(), new LoginOptions(host.getProtocol()));
         assertTrue(keychain.get());
         assertFalse(host.getCredentials().isSaved());
         assertEquals("P", host.getCredentials().getPassword());