2 * Copyright (c) 2019 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.nettyutil.handler.ssh.client;
10 import static com.google.common.base.Verify.verify;
12 import com.google.common.annotations.Beta;
13 import com.google.common.collect.ImmutableList;
14 import com.google.common.collect.Streams;
15 import java.util.Arrays;
16 import java.util.List;
17 import java.util.stream.Stream;
18 import org.opendaylight.netconf.shaded.sshd.client.ClientBuilder;
19 import org.opendaylight.netconf.shaded.sshd.client.SshClient;
20 import org.opendaylight.netconf.shaded.sshd.common.NamedFactory;
21 import org.opendaylight.netconf.shaded.sshd.common.kex.BuiltinDHFactories;
22 import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
23 import org.opendaylight.netconf.shaded.sshd.common.signature.BuiltinSignatures;
24 import org.opendaylight.netconf.shaded.sshd.common.signature.Signature;
27 * A {@link ClientBuilder} which builds {@link NetconfSshClient} instances.
30 public class NetconfClientBuilder extends ClientBuilder {
31 // RFC8332 rsa-sha2-256/rsa-sha2-512 are not a part of Mina's default set of signatures for clients as of 2.5.1.
32 // Add them to ensure interop with modern highly-secured devices.
33 private static final ImmutableList<NamedFactory<Signature>> FULL_SIGNATURE_PREFERENCE =
34 Streams.concat(DEFAULT_SIGNATURE_PREFERENCE.stream(), Arrays.asList(
35 BuiltinSignatures.rsaSHA512, BuiltinSignatures.rsaSHA256).stream())
36 .filter(BuiltinSignatures::isSupported)
38 .collect(ImmutableList.<NamedFactory<Signature>>toImmutableList());
40 // The SHA1 algorithm is disabled by default in Mina SSHD since 2.6.0.
41 // More details available here: https://issues.apache.org/jira/browse/SSHD-1004
42 // This block adds diffie-hellman-group14-sha1 back to the list of supported algorithms.
43 private static final ImmutableList<BuiltinDHFactories> FULL_DH_FACTORIES_LIST =
44 Streams.concat(DEFAULT_KEX_PREFERENCE.stream(), Stream.of(BuiltinDHFactories.dhg14))
45 .collect(ImmutableList.toImmutableList());
46 private static final List<KeyExchangeFactory> FULL_KEX_PREFERENCE =
47 NamedFactory.setUpTransformedFactories(true, FULL_DH_FACTORIES_LIST, DH2KEX);
50 public NetconfSshClient build() {
51 final SshClient client = super.build();
52 verify(client instanceof NetconfSshClient, "Unexpected client %s", client);
53 return (NetconfSshClient) client;
57 protected ClientBuilder fillWithDefaultValues() {
58 if (factory == null) {
59 factory = NetconfSshClient.DEFAULT_NETCONF_SSH_CLIENT_FACTORY;
61 if (signatureFactories == null) {
62 signatureFactories = FULL_SIGNATURE_PREFERENCE;
64 if (keyExchangeFactories == null) {
65 keyExchangeFactories = FULL_KEX_PREFERENCE;
67 return super.fillWithDefaultValues();