netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/NetconfClientBuilder.java

   1 /*
   2  * Copyright (c) 2019 PANTHEON.tech, s.r.o. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netconf.nettyutil.handler.ssh.client;
   9
  10 import static com.google.common.base.Verify.verify;
  11
  12 import com.google.common.annotations.Beta;
  13 import com.google.common.collect.ImmutableList;
  14 import com.google.common.collect.Streams;
  15 import java.util.Arrays;
  16 import java.util.List;
  17 import java.util.stream.Stream;
  18 import org.opendaylight.netconf.shaded.sshd.client.ClientBuilder;
  19 import org.opendaylight.netconf.shaded.sshd.client.SshClient;
  20 import org.opendaylight.netconf.shaded.sshd.common.NamedFactory;
  21 import org.opendaylight.netconf.shaded.sshd.common.kex.BuiltinDHFactories;
  22 import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
  23 import org.opendaylight.netconf.shaded.sshd.common.signature.BuiltinSignatures;
  24 import org.opendaylight.netconf.shaded.sshd.common.signature.Signature;
  25
  26 /**
  27  * A {@link ClientBuilder} which builds {@link NetconfSshClient} instances.
  28  */
  29 @Beta
  30 public class NetconfClientBuilder extends ClientBuilder {
  31     // RFC8332 rsa-sha2-256/rsa-sha2-512 are not a part of Mina's default set of signatures for clients as of 2.5.1.
  32     // Add them to ensure interop with modern highly-secured devices.
  33     private static final ImmutableList<NamedFactory<Signature>> FULL_SIGNATURE_PREFERENCE =
  34             Streams.concat(DEFAULT_SIGNATURE_PREFERENCE.stream(), Arrays.asList(
  35                 BuiltinSignatures.rsaSHA512, BuiltinSignatures.rsaSHA256).stream())
  36             .filter(BuiltinSignatures::isSupported)
  37             .distinct()
  38             .collect(ImmutableList.<NamedFactory<Signature>>toImmutableList());
  39
  40     // The SHA1 algorithm is disabled by default in Mina SSHD since 2.6.0.
  41     // More details available here: https://issues.apache.org/jira/browse/SSHD-1004
  42     // This block adds diffie-hellman-group14-sha1 back to the list of supported algorithms.
  43     private static final ImmutableList<BuiltinDHFactories> FULL_DH_FACTORIES_LIST =
  44         Streams.concat(DEFAULT_KEX_PREFERENCE.stream(), Stream.of(BuiltinDHFactories.dhg14))
  45             .collect(ImmutableList.toImmutableList());
  46     private static final List<KeyExchangeFactory> FULL_KEX_PREFERENCE =
  47         NamedFactory.setUpTransformedFactories(true, FULL_DH_FACTORIES_LIST, DH2KEX);
  48
  49     @Override
  50     public NetconfSshClient build() {
  51         final SshClient client = super.build();
  52         verify(client instanceof NetconfSshClient, "Unexpected client %s", client);
  53         return (NetconfSshClient) client;
  54     }
  55
  56     @Override
  57     protected ClientBuilder fillWithDefaultValues() {
  58         if (factory == null) {
  59             factory = NetconfSshClient.DEFAULT_NETCONF_SSH_CLIENT_FACTORY;
  60         }
  61         if (signatureFactories == null) {
  62             signatureFactories = FULL_SIGNATURE_PREFERENCE;
  63         }
  64         if (keyExchangeFactories == null) {
  65             keyExchangeFactories = FULL_KEX_PREFERENCE;
  66         }
  67         return super.fillWithDefaultValues();
  68     }
  69 }