Code Review / netconf.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Refresh IETF client/server models
[netconf.git] / netconf / callhome-server / src / test / java / org / opendaylight / netconf / callhome / server / ssh / CallHomeSshServerTest.java
1 /*
2  * Copyright (c) 2023 PANTHEON.tech s.r.o. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netconf.callhome.server.ssh;
9
10 import static org.mockito.ArgumentMatchers.any;
11 import static org.mockito.ArgumentMatchers.eq;
12 import static org.mockito.ArgumentMatchers.nullable;
13 import static org.mockito.Mockito.doReturn;
14 import static org.mockito.Mockito.timeout;
15 import static org.mockito.Mockito.times;
16 import static org.mockito.Mockito.verify;
17 import static org.opendaylight.netconf.api.TransportConstants.SSH_SUBSYSTEM;
18
19 import com.google.common.util.concurrent.SettableFuture;
20 import io.netty.util.HashedWheelTimer;
21 import java.net.InetAddress;
22 import java.net.InetSocketAddress;
23 import java.net.ServerSocket;
24 import java.net.SocketAddress;
25 import java.security.KeyPair;
26 import java.security.KeyPairGenerator;
27 import java.security.PublicKey;
28 import java.security.SecureRandom;
29 import java.security.spec.RSAKeyGenParameterSpec;
30 import java.util.List;
31 import java.util.Set;
32 import java.util.concurrent.TimeUnit;
33 import org.eclipse.jdt.annotation.Nullable;
34 import org.junit.jupiter.api.Test;
35 import org.junit.jupiter.api.extension.ExtendWith;
36 import org.mockito.Mock;
37 import org.mockito.junit.jupiter.MockitoExtension;
38 import org.opendaylight.netconf.callhome.server.CallHomeStatusRecorder;
39 import org.opendaylight.netconf.callhome.server.ssh.CallHomeSshAuthSettings.DefaultAuthSettings;
40 import org.opendaylight.netconf.client.NetconfClientSession;
41 import org.opendaylight.netconf.client.NetconfClientSessionListener;
42 import org.opendaylight.netconf.server.NetconfServerSession;
43 import org.opendaylight.netconf.server.NetconfServerSessionNegotiatorFactory;
44 import org.opendaylight.netconf.server.ServerTransportInitializer;
45 import org.opendaylight.netconf.server.api.monitoring.NetconfMonitoringService;
46 import org.opendaylight.netconf.server.api.monitoring.SessionListener;
47 import org.opendaylight.netconf.server.impl.DefaultSessionIdProvider;
48 import org.opendaylight.netconf.server.osgi.AggregatedNetconfOperationServiceFactory;
49 import org.opendaylight.netconf.shaded.sshd.client.session.ClientSession;
50 import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyPairProvider;
51 import org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordAuthenticator;
52 import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswordFactory;
53 import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.PublickeyAuthenticator;
54 import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
55 import org.opendaylight.netconf.transport.ssh.SSHServer;
56 import org.opendaylight.netconf.transport.ssh.SSHTransportStackFactory;
57 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Host;
58 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IetfInetUtil;
59 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
60 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev231228.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
61 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.Capabilities;
62 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.monitoring.rev101004.netconf.state.CapabilitiesBuilder;
63 import org.opendaylight.yangtools.yang.common.Uint16;
64
65 @ExtendWith(MockitoExtension.class)
66 public class CallHomeSshServerTest {
67     private static final long TIMEOUT = 5000L;
68     private static final Capabilities EMPTY_CAPABILITIES = new CapabilitiesBuilder().setCapability(Set.of()).build();
69     private static final String USERNAME = "username";
70     private static final String PASSWORD = "pa$$W0rd";
71
72     @Mock
73     private NetconfMonitoringService monitoringService;
74     @Mock
75     private SessionListener serverSessionListener;
76     @Mock
77     private NetconfClientSessionListener clientSessionListener;
78     @Mock
79     private CallHomeStatusRecorder statusRecorder;
80
81     @Test
82     void integrationTest() throws Exception {
83
84         // key pairs
85         final var serverKeys = generateKeyPair();
86         final var client1Keys = generateKeyPair();
87         final var client2Keys = generateKeyPair();
88         final var client3Keys = generateKeyPair();
89         final var client4Keys = generateKeyPair();
90
91         // Auth provider
92         final var authProvider = new CallHomeSshAuthProvider() {
93             @Override
94             public CallHomeSshAuthSettings provideAuth(final SocketAddress remoteAddress, final PublicKey publicKey) {
95                 // identify client 2 by password (invalid)
96                 if (client2Keys.getPublic().equals(publicKey)) {
97                     return new DefaultAuthSettings("client2-id", USERNAME, Set.of("invalid-password"), null);
98                 }
99                 // identify client 3 by password (valid)
100                 if (client3Keys.getPublic().equals(publicKey)) {
101                     return new DefaultAuthSettings("client3-id", USERNAME, Set.of(PASSWORD), null);
102                 }
103                 // identify client 4 by public key
104                 if (client4Keys.getPublic().equals(publicKey)) {
105                     return new DefaultAuthSettings("client4-id", USERNAME, null, Set.of(serverKeys));
106                 }
107                 // client 1 is not identified
108                 return null;
109             }
110         };
111         // client side authenticators
112         final PasswordAuthenticator passwordAuthenticator =
113             (username, password, session) -> USERNAME.equals(username) && PASSWORD.equals(password);
114         final PublickeyAuthenticator publicKeyAuthenticator =
115             (username, publicKey, session) -> serverKeys.getPublic().equals(publicKey);
116
117         // Netconf layer for clients
118         doReturn(serverSessionListener).when(monitoringService).getSessionListener();
119         doReturn(EMPTY_CAPABILITIES).when(monitoringService).getCapabilities();
120
121         final var negotiatorFactory = NetconfServerSessionNegotiatorFactory.builder()
122             .setTimer(new HashedWheelTimer())
123             .setAggregatedOpService(new AggregatedNetconfOperationServiceFactory())
124             .setIdProvider(new DefaultSessionIdProvider())
125             .setConnectionTimeoutMillis(TIMEOUT)
126             .setMonitoringService(monitoringService)
127             .build();
128         final var netconfTransportListener = new ServerTransportInitializer(negotiatorFactory);
129
130         // tcp layer for clients
131         final var sshTransportFactory = new SSHTransportStackFactory("call-home-test-client", 0);
132         final var serverPort = serverPort();
133         final var tcpConnectParams = new TcpClientParametersBuilder()
134             .setRemoteAddress(new Host(IetfInetUtil.ipAddressFor(InetAddress.getLoopbackAddress())))
135             .setRemotePort(new PortNumber(Uint16.valueOf(serverPort))).build();
136
137         // Session context manager
138         final var contextManager = new CallHomeSshSessionContextManager() {
139             // inject netconf session listener
140             @Override
141             public CallHomeSshSessionContext createContext(String id, ClientSession clientSession) {
142                 return new CallHomeSshSessionContext(id, clientSession.getRemoteAddress(), clientSession,
143                     clientSessionListener, SettableFuture.create());
144             }
145         };
146
147         // start Call-Home server
148         final var server = CallHomeSshServer.builder()
149             .withPort(serverPort)
150             .withAuthProvider(authProvider)
151             .withSessionContextManager(contextManager)
152             .withStatusRecorder(statusRecorder)
153             .build();
154
155         SSHServer client1 = null;
156         SSHServer client2 = null;
157         SSHServer client3 = null;
158         SSHServer client4 = null;
159
160         try {
161             // client 1: rejected due to public key is not identified
162             client1 = sshTransportFactory.connectServer(SSH_SUBSYSTEM, netconfTransportListener, tcpConnectParams,
163                 null, factoryMgr -> {
164                     factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(client1Keys));
165                     factoryMgr.setPasswordAuthenticator(passwordAuthenticator);
166                     factoryMgr.setUserAuthFactories(List.of(new UserAuthPasswordFactory()));
167                 }).get(TIMEOUT, TimeUnit.MILLISECONDS);
168             // verify unknown key reported
169             verify(statusRecorder, timeout(TIMEOUT).times(1))
170                 .reportUnknown(any(InetSocketAddress.class), eq(client1Keys.getPublic()));
171
172             // client 2: rejected due to auth failure (wrong password)
173             client2 = sshTransportFactory.connectServer(SSH_SUBSYSTEM, netconfTransportListener, tcpConnectParams,
174                 null, factoryMgr -> {
175                     factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(client2Keys));
176                     factoryMgr.setPasswordAuthenticator(passwordAuthenticator);
177                     factoryMgr.setUserAuthFactories(List.of(new UserAuthPasswordFactory()));
178                 }).get(TIMEOUT, TimeUnit.MILLISECONDS);
179             // verify auth failure reported for known key
180             verify(statusRecorder, timeout(TIMEOUT).times(1)).reportFailedAuth("client2-id");
181
182             // client 3: success with password auth
183             client3 = sshTransportFactory.connectServer(SSH_SUBSYSTEM, netconfTransportListener, tcpConnectParams,
184                 null, factoryMgr -> {
185                     factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(client3Keys));
186                     factoryMgr.setPasswordAuthenticator(passwordAuthenticator);
187                     factoryMgr.setUserAuthFactories(List.of(new UserAuthPasswordFactory()));
188                 }).get(TIMEOUT, TimeUnit.MILLISECONDS);
189             // verify netconf sessions established
190             verify(clientSessionListener, timeout(TIMEOUT).times(1)).onSessionUp(any(NetconfClientSession.class));
191             verify(serverSessionListener, timeout(TIMEOUT).times(1)).onSessionUp(any(NetconfServerSession.class));
192             verify(statusRecorder, times(1)).reportSuccess("client3-id");
193
194             // client 4: success with public key auth
195             client4 = sshTransportFactory.connectServer(SSH_SUBSYSTEM, netconfTransportListener, tcpConnectParams,
196                 null, factoryMgr -> {
197                     factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(client4Keys));
198                     final var pkFactory = new UserAuthPublicKeyFactory();
199                     pkFactory.setSignatureFactories(factoryMgr.getSignatureFactories());
200                     factoryMgr.setPublickeyAuthenticator(publicKeyAuthenticator);
201                     factoryMgr.setUserAuthFactories(List.of(pkFactory));
202                 }).get(TIMEOUT, TimeUnit.MILLISECONDS);
203             // verify netconf sessions established
204             verify(clientSessionListener, timeout(TIMEOUT).times(2)).onSessionUp(any(NetconfClientSession.class));
205             verify(serverSessionListener, timeout(TIMEOUT).times(2)).onSessionUp(any(NetconfServerSession.class));
206             verify(statusRecorder, times(1)).reportSuccess("client4-id");
207
208         } finally {
209             server.close();
210             shutdownClient(client1);
211             shutdownClient(client2);
212             shutdownClient(client3);
213             shutdownClient(client4);
214         }
215
216         // verify disconnect reported
217         verify(serverSessionListener, timeout(TIMEOUT).times(2)).onSessionDown(any(NetconfServerSession.class));
218         verify(clientSessionListener, timeout(TIMEOUT).times(2))
219             .onSessionDown(any(NetconfClientSession.class), nullable(Exception.class));
220         verify(statusRecorder, times(1)).reportDisconnected("client3-id");
221         verify(statusRecorder, times(1)).reportDisconnected("client4-id");
222     }
223
224     private static void shutdownClient(final @Nullable SSHServer client) throws Exception {
225         if (client != null) {
226             client.shutdown().get(TIMEOUT, TimeUnit.MILLISECONDS);
227         }
228     }
229
230     private static int serverPort() throws Exception {
231         try (var socket = new ServerSocket(0)) {
232             return socket.getLocalPort();
233         }
234     }
235
236     private static KeyPair generateKeyPair() throws Exception {
237         final var keyPairGenerator = KeyPairGenerator.getInstance("RSA");
238         keyPairGenerator.initialize(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4), new SecureRandom());
239         return keyPairGenerator.generateKeyPair();
240     }
241 }
Netconf