Validate jumphost configuration on connect.

Author: dkocher

core/src/main/java/ch/cyberduck/core/Host.java

@@ -38,6 +38,10 @@ public class Host implements Serializable, Comparable<Host>, PreferencesReader {
      * The credentials to authenticate with for the CDN
      */
     private final Credentials cloudfront = new Credentials();
+    /**
+     * Proxy configuration
+     */
+    private Host jumphost;
     /**
      * The protocol identifier.
      */
@@ -357,6 +361,14 @@ public Host withCredentials(final Credentials credentials) {
         return this;
     }
 
+    public Host getJumphost() {
+        return jumphost;
+    }
+
+    public void setJumphost(final Host jumphost) {
+        this.jumphost = jumphost;
+    }
+
     /**
      * @return Credentials to modify CDN configuration
      */

core/src/main/java/ch/cyberduck/core/KeychainLoginService.java

@@ -43,6 +43,10 @@ public KeychainLoginService(final HostPasswordStore keychain) {
     @Override
     public void validate(final Host host, final X509KeyManager keys, final LoginCallback prompt, final LoginOptions options) throws ConnectionCanceledException, LoginFailureException {
         log.debug("Validate login credentials for {}", host);
+        final Host jumphost = host.getJumphost();
+        if(null != jumphost) {
+            this.validate(jumphost, keys, prompt, new LoginOptions(jumphost.getProtocol()));
+        }
         final Credentials credentials = host.getCredentials();
         if(credentials.isPublicKeyAuthentication()) {
             if(!credentials.getIdentity().attributes().getPermission().isReadable()) {
@@ -213,9 +217,12 @@ public boolean authenticate(final Session<?> session, final ProgressListener lis
     public void save(final Host bookmark) {
         final Credentials credentials = bookmark.getCredentials();
         if(credentials.isSaved()) {
-            // Write credentials to keychain
+            // Write credentials to the password store
             try {
                 keychain.save(bookmark);
+                if(bookmark.getJumphost() != null) {
+                    keychain.save(bookmark.getJumphost());
+                }
             }
             catch(LocalAccessDeniedException e) {
                 log.error("Failure saving credentials for {} in keychain. {}", bookmark, e);

core/src/main/java/ch/cyberduck/core/LoginConnectionService.java

@@ -89,10 +89,15 @@ public boolean check(final Session<?> session, final CancelCallback callback) th
         }
         if(session.isConnected()) {
             log.debug("Skip opening connection for session {}", session);
-            // Connection already open
+            // Connection is already open
             return false;
         }
-        // Obtain password from keychain or prompt
+        final Host jumphost = JumpHostConfiguratorFactory.get(bookmark.getProtocol()).getJumphost(bookmark.getHostname());
+        if(null != jumphost) {
+            log.debug("Configure with jump host {}", jumphost);
+            bookmark.setJumphost(jumphost);
+        }
+        // Get password from the password store or prompt
         synchronized(login) {
             login.validate(bookmark, session.getFeature(X509KeyManager.class), prompt, new LoginOptions(bookmark.getProtocol()));
         }
@@ -103,7 +108,7 @@ public boolean check(final Session<?> session, final CancelCallback callback) th
     @Override
     public void close(final Session<?> session) throws BackgroundException {
         listener.message(MessageFormat.format(LocaleFactory.localizedString("Disconnecting {0}", "Status"),
-            session.getHost().getHostname()));
+                session.getHost().getHostname()));
         // Close the underlying socket first
         session.interrupt();
     }
@@ -131,24 +136,24 @@ public void connect(final Session<?> session, final CancelCallback cancel) throw
             }
         }
         listener.message(MessageFormat.format(LocaleFactory.localizedString("Opening {0} connection to {1}", "Status"),
-            bookmark.getProtocol().getName(), hostname));
+                bookmark.getProtocol().getName(), hostname));
         // The IP address could successfully be determined
         session.open(proxy, key, prompt, cancel);
         listener.message(MessageFormat.format(LocaleFactory.localizedString("{0} connection opened", "Status"),
-            bookmark.getProtocol().getName()));
+                bookmark.getProtocol().getName()));
         // Update last accessed timestamp
         bookmark.setTimestamp(new Date());
         // Warning about insecure connection prior authenticating
         if(session.alert(prompt)) {
             // Warning if credentials are sent plaintext.
             prompt.warn(bookmark, MessageFormat.format(LocaleFactory.localizedString("Unsecured {0} connection", "Credentials"),
-                bookmark.getProtocol().getName()),
-                MessageFormat.format("{0} {1}.", MessageFormat.format(LocaleFactory.localizedString("{0} will be sent in plaintext.", "Credentials"),
-                    bookmark.getProtocol().getPasswordPlaceholder()),
-                    LocaleFactory.localizedString("Please contact your web hosting service provider for assistance", "Support")),
-                LocaleFactory.localizedString("Continue", "Credentials"),
-                LocaleFactory.localizedString("Disconnect", "Credentials"),
-                String.format("connection.unsecure.%s", bookmark.getHostname()));
+                            bookmark.getProtocol().getName()),
+                    MessageFormat.format("{0} {1}.", MessageFormat.format(LocaleFactory.localizedString("{0} will be sent in plaintext.", "Credentials"),
+                                    bookmark.getProtocol().getPasswordPlaceholder()),
+                            LocaleFactory.localizedString("Please contact your web hosting service provider for assistance", "Support")),
+                    LocaleFactory.localizedString("Continue", "Credentials"),
+                    LocaleFactory.localizedString("Disconnect", "Credentials"),
+                    String.format("connection.unsecure.%s", bookmark.getHostname()));
         }
         // Login
         try {
@@ -163,7 +168,7 @@ public void connect(final Session<?> session, final CancelCallback cancel) throw
     private void authenticate(final Session<?> session, final CancelCallback callback) throws BackgroundException {
         if(!login.authenticate(session, listener, prompt, callback)) {
             if(session.isConnected()) {
-                // Next attempt with updated credentials but cancel when prompt is dismissed
+                // Next attempt with updated credentials but cancel when the prompt is dismissed
                 this.authenticate(session, callback);
             }
             else {

ssh/src/main/java/ch/cyberduck/core/sftp/SFTPSession.java

@@ -39,10 +39,8 @@
 import ch.cyberduck.core.sftp.compression.JcraftDelayedZlibCompression;
 import ch.cyberduck.core.sftp.compression.JcraftZlibCompression;
 import ch.cyberduck.core.sftp.openssh.OpenSSHAgentAuthenticator;
-import ch.cyberduck.core.sftp.openssh.OpenSSHCredentialsConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHHostnameConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHIdentityAgentConfigurator;
-import ch.cyberduck.core.sftp.openssh.OpenSSHJumpHostConfigurator;
 import ch.cyberduck.core.sftp.openssh.OpenSSHPreferredAuthenticationsConfigurator;
 import ch.cyberduck.core.sftp.openssh.WindowsOpenSSHAgentAuthenticator;
 import ch.cyberduck.core.sftp.putty.PageantAuthenticator;
@@ -144,19 +142,14 @@ protected SSHClient connect(final HostKeyCallback key, final LoginCallback promp
         final SSHClient connection = this.toClient(key, configuration);
         try {
             // Look for jump host configuration
-            final Host proxy = new OpenSSHJumpHostConfigurator().getJumphost(host.getHostname());
+            final Host proxy = host.getJumphost();
             if(null != proxy) {
                 log.info("Connect using jump host configuration {}", proxy);
                 final SSHClient hop = this.toClient(key, configuration);
                 hop.connect(proxy.getHostname(), proxy.getPort());
-                proxy.setCredentials(new OpenSSHCredentialsConfigurator().configure(proxy));
-                final KeychainLoginService service = new KeychainLoginService();
-                service.validate(proxy, prompt, new LoginOptions(proxy.getProtocol()));
                 // Authenticate with jump host
                 this.authenticate(hop, proxy, prompt, new DisabledCancelCallback());
                 log.debug("Authenticated with jump host {}", proxy);
-                // Write credentials to keychain
-                service.save(proxy);
                 final DirectConnection tunnel = hop.newDirectConnection(
                         new OpenSSHHostnameConfigurator().getHostname(host.getHostname()), host.getPort());
                 // Connect to internal host