Code Review / netconf.git / blob
? search:


318c07f18e87beb05c9a41e09cf2a3720ce918d9
[netconf.git] / transport / transport-ssh / src / main / java / org / opendaylight / netconf / transport / ssh / SSHServer.java
1 /*
2  * Copyright (c) 2022 PANTHEON.tech, s.r.o. and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netconf.transport.ssh;
9
10 import static java.util.Objects.requireNonNull;
11
12 import com.google.common.collect.ImmutableList;
13 import com.google.common.collect.ImmutableMap;
14 import com.google.common.util.concurrent.ListenableFuture;
15 import io.netty.bootstrap.Bootstrap;
16 import io.netty.bootstrap.ServerBootstrap;
17 import io.netty.channel.group.DefaultChannelGroup;
18 import io.netty.util.concurrent.GlobalEventExecutor;
19 import java.security.PublicKey;
20 import java.util.List;
21 import org.eclipse.jdt.annotation.NonNull;
22 import org.eclipse.jdt.annotation.Nullable;
23 import org.opendaylight.netconf.shaded.sshd.common.io.IoHandler;
24 import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyPairProvider;
25 import org.opendaylight.netconf.shaded.sshd.common.util.threads.ThreadUtils;
26 import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
27 import org.opendaylight.netconf.shaded.sshd.server.SshServer;
28 import org.opendaylight.netconf.shaded.sshd.server.auth.UserAuthFactory;
29 import org.opendaylight.netconf.shaded.sshd.server.auth.hostbased.UserAuthHostBasedFactory;
30 import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswordFactory;
31 import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
32 import org.opendaylight.netconf.shaded.sshd.server.session.SessionFactory;
33 import org.opendaylight.netconf.transport.api.TransportChannelListener;
34 import org.opendaylight.netconf.transport.api.TransportStack;
35 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
36 import org.opendaylight.netconf.transport.tcp.TCPClient;
37 import org.opendaylight.netconf.transport.tcp.TCPServer;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
43
44 /**
45  * A {@link TransportStack} acting as an SSH server.
46  */
47 public final class SSHServer extends SSHTransportStack {
48
49     private final ServerFactoryManager serverFactoryManager;
50     private final SessionFactory serverSessionFactory;
51
52     private SSHServer(final TransportChannelListener listener, final ServerFactoryManager serverFactoryManager) {
53         super(listener);
54         this.serverFactoryManager = requireNonNull(serverFactoryManager);
55         this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
56         this.serverSessionFactory = new SessionFactory(serverFactoryManager);
57         this.ioService = new SshIoService(this.serverFactoryManager,
58                 new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),
59                 this.serverSessionFactory);
60     }
61
62     @Override
63     protected IoHandler getSessionFactory() {
64         return serverSessionFactory;
65     }
66
67     public static @NonNull ListenableFuture<SSHServer> connect(final TransportChannelListener listener,
68             final Bootstrap bootstrap, final TcpClientGrouping connectParams, final SshServerGrouping serverParams)
69             throws UnsupportedConfigurationException {
70         final var server = new SSHServer(listener, newFactoryManager(serverParams));
71         return transformUnderlay(server, TCPClient.connect(server.asListener(), bootstrap, connectParams));
72     }
73
74     public static @NonNull ListenableFuture<SSHServer> listen(final TransportChannelListener listener,
75             final ServerBootstrap bootstrap, final TcpServerGrouping connectParams,
76             final SshServerGrouping serverParams)
77             throws UnsupportedConfigurationException {
78         final var server = new SSHServer(listener, newFactoryManager(serverParams));
79         return transformUnderlay(server, TCPServer.listen(server.asListener(), bootstrap, connectParams));
80     }
81
82     private static ServerFactoryManager newFactoryManager(
83             final SshServerGrouping serverParams)
84             throws UnsupportedConfigurationException {
85         var factoryMgr = SshServer.setUpDefaultServer();
86
87         ConfigUtils.setTransportParams(factoryMgr, serverParams.getTransportParams());
88         ConfigUtils.setKeepAlives(factoryMgr, serverParams.getKeepalives());
89         setServerIdentity(factoryMgr, serverParams.getServerIdentity());
90         setClientAuthentication(factoryMgr, serverParams.getClientAuthentication());
91
92         factoryMgr.setServiceFactories(SshServer.DEFAULT_SERVICE_FACTORIES);
93         factoryMgr.setScheduledExecutorService(ThreadUtils.newSingleThreadScheduledExecutor(""));
94         return factoryMgr;
95     }
96
97     private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,
98             final @NonNull ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
99         if (serverIdentity == null) {
100             throw new UnsupportedConfigurationException("Server identity configuration is required");
101         }
102         if (serverIdentity.getHostKey() != null && !serverIdentity.getHostKey().isEmpty()) {
103             final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(serverIdentity.getHostKey());
104             if (!serverHostKeyPairs.isEmpty()) {
105                 factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
106             }
107         } else {
108             throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
109         }
110     }
111
112     private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,
113             final @Nullable ClientAuthentication clientAuthentication) throws UnsupportedConfigurationException {
114         if (clientAuthentication == null) {
115             return;
116         }
117         if (clientAuthentication.getUsers() != null && clientAuthentication.getUsers().getUser() != null) {
118             final var passwordMapBuilder = ImmutableMap.<String, String>builder();
119             final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
120             final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
121             for (var entry : clientAuthentication.getUsers().getUser().entrySet()) {
122                 final String username = entry.getKey().getName();
123                 if (entry.getValue().getPassword() != null) { // password
124                     passwordMapBuilder.put(username, entry.getValue().getPassword().getValue());
125                 }
126                 if (entry.getValue().getHostbased() != null) {
127                     hostBasedMapBuilder.put(username,
128                             ConfigUtils.extractPublicKeys(entry.getValue().getHostbased().getLocalOrTruststore()));
129                 }
130                 if (entry.getValue().getPublicKeys() != null) {
131                     publicKeyMapBuilder.put(username,
132                             ConfigUtils.extractPublicKeys(entry.getValue().getPublicKeys().getLocalOrTruststore()));
133                 }
134             }
135             final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();
136             final var passwordMap = passwordMapBuilder.build();
137             if (!passwordMap.isEmpty()) {
138                 authFactoriesBuilder.add(new UserAuthPasswordFactory());
139                 factoryMgr.setPasswordAuthenticator(new CryptHashPasswordAuthenticator(passwordMap));
140             }
141             final var hostBasedMap = hostBasedMapBuilder.build();
142             if (!hostBasedMap.isEmpty()) {
143                 final var factory = new UserAuthHostBasedFactory();
144                 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
145                 authFactoriesBuilder.add(factory);
146                 factoryMgr.setHostBasedAuthenticator(new UserPublicKeyAuthenticator(hostBasedMap));
147             }
148             final var publicKeyMap = publicKeyMapBuilder.build();
149             if (!publicKeyMap.isEmpty()) {
150                 final var factory = new UserAuthPublicKeyFactory();
151                 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
152                 authFactoriesBuilder.add(factory);
153                 factoryMgr.setPublickeyAuthenticator(new UserPublicKeyAuthenticator(publicKeyMap));
154             }
155             factoryMgr.setUserAuthFactories(authFactoriesBuilder.build());
156         }
157     }
158 }
Netconf