apps/netconf-nb/src/main/java/org/opendaylight/netconf/northbound/SshServerTransport.java

   1 /*
   2  * Copyright (c) 2016 Inocybe Technologies and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netconf.northbound;
   9
  10 import java.io.IOException;
  11 import java.util.List;
  12 import java.util.concurrent.ExecutionException;
  13 import org.opendaylight.netconf.api.TransportConstants;
  14 import org.opendaylight.netconf.auth.AuthProvider;
  15 import org.opendaylight.netconf.server.ServerChannelInitializer;
  16 import org.opendaylight.netconf.server.ServerTransportInitializer;
  17 import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswordFactory;
  18 import org.opendaylight.netconf.shaded.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
  19 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
  20 import org.opendaylight.netconf.transport.ssh.SSHServer;
  21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
  22 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
  23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.server.rev230417.netconf.server.listen.stack.grouping.transport.ssh.ssh.TcpServerParametersBuilder;
  24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
  25 import org.opendaylight.yangtools.yang.common.Uint16;
  26 import org.osgi.service.component.annotations.Activate;
  27 import org.osgi.service.component.annotations.Component;
  28 import org.osgi.service.component.annotations.Deactivate;
  29 import org.osgi.service.component.annotations.Reference;
  30 import org.osgi.service.metatype.annotations.AttributeDefinition;
  31 import org.osgi.service.metatype.annotations.Designate;
  32 import org.osgi.service.metatype.annotations.ObjectClassDefinition;
  33 import org.slf4j.Logger;
  34 import org.slf4j.LoggerFactory;
  35
  36 /**
  37  * NETCONF server for MD-SAL (listening by default on port 2830).
  38  */
  39 @Component(service = { }, configurationPid = "org.opendaylight.netconf.ssh")
  40 @Designate(ocd = SshServerTransport.Configuration.class)
  41 public final class SshServerTransport implements AutoCloseable {
  42     @ObjectClassDefinition
  43     public @interface Configuration {
  44         @AttributeDefinition
  45         String bindingAddress() default "0.0.0.0";
  46         // NOTE: default is not TransportConstants.SSH_TCP_PORT to allow unprivileged execution
  47         @AttributeDefinition(min = "1", max = "65535")
  48         int portNumber() default 2830;
  49     }
  50
  51     private static final Logger LOG = LoggerFactory.getLogger(SshServerTransport.class);
  52
  53     private final SSHServer sshServer;
  54
  55     @Activate
  56     public SshServerTransport(@Reference final TransportFactoryHolder factoryHolder,
  57             @Reference final OSGiNetconfServer backend,
  58             @Reference(target = "(type=netconf-auth-provider)") final AuthProvider authProvider,
  59             final Configuration configuration) {
  60         this(factoryHolder, backend.serverChannelInitializer(), authProvider, new TcpServerParametersBuilder()
  61             .setLocalAddress(IetfInetUtil.ipAddressFor(configuration.bindingAddress()))
  62             .setLocalPort(new PortNumber(Uint16.valueOf(configuration.portNumber())))
  63             .build());
  64     }
  65
  66     public SshServerTransport(final TransportFactoryHolder factoryHolder, final ServerChannelInitializer initializer,
  67             final AuthProvider authProvider, final TcpServerGrouping listenParams) {
  68         final var localAddr = listenParams.requireLocalAddress().stringValue();
  69         final var localPort = listenParams.requireLocalPort().getValue();
  70
  71         try {
  72             sshServer = factoryHolder.factory().listenServer(TransportConstants.SSH_SUBSYSTEM,
  73                 new ServerTransportInitializer(initializer), listenParams, null, factoryMgr -> {
  74                     factoryMgr.setUserAuthFactories(List.of(UserAuthPasswordFactory.INSTANCE));
  75                     factoryMgr.setPasswordAuthenticator(
  76                         (username, password, session) -> authProvider.authenticated(username, password));
  77                     factoryMgr.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());
  78                 })
  79                 .get();
  80         } catch (UnsupportedConfigurationException | ExecutionException | InterruptedException e) {
  81             LOG.warn("Could not start SSH NETCONF server at {}:{}", localAddr, localPort, e);
  82             throw new IllegalStateException("Unable to start SSH netconf server", e);
  83         }
  84
  85         LOG.info("SSH NETCONF server at {}:{} started", localAddr, localPort);
  86     }
  87
  88     @Deactivate
  89     @Override
  90     public void close() throws IOException {
  91         try {
  92             sshServer.shutdown().get();
  93         } catch (ExecutionException | InterruptedException e) {
  94             LOG.warn("Could not stop SSH NETCONF server {}", sshServer, e);
  95         }
  96     }
  97 }