2 * Copyright (c) 2022 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.transport.ssh;
10 import static java.util.Objects.requireNonNull;
12 import com.google.common.collect.ImmutableList;
13 import com.google.common.collect.ImmutableMap;
14 import com.google.common.util.concurrent.ListenableFuture;
15 import io.netty.bootstrap.Bootstrap;
16 import io.netty.bootstrap.ServerBootstrap;
17 import io.netty.channel.group.DefaultChannelGroup;
18 import io.netty.util.concurrent.GlobalEventExecutor;
19 import java.security.PublicKey;
20 import java.util.List;
21 import org.eclipse.jdt.annotation.NonNull;
22 import org.eclipse.jdt.annotation.Nullable;
23 import org.opendaylight.netconf.shaded.sshd.common.io.IoHandler;
24 import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyPairProvider;
25 import org.opendaylight.netconf.shaded.sshd.common.util.threads.ThreadUtils;
26 import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
27 import org.opendaylight.netconf.shaded.sshd.server.SshServer;
28 import org.opendaylight.netconf.shaded.sshd.server.auth.UserAuthFactory;
29 import org.opendaylight.netconf.shaded.sshd.server.auth.hostbased.UserAuthHostBasedFactory;
30 import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswordFactory;
31 import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
32 import org.opendaylight.netconf.shaded.sshd.server.session.SessionFactory;
33 import org.opendaylight.netconf.transport.api.TransportChannelListener;
34 import org.opendaylight.netconf.transport.api.TransportStack;
35 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
36 import org.opendaylight.netconf.transport.tcp.TCPClient;
37 import org.opendaylight.netconf.transport.tcp.TCPServer;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.SshServerGrouping;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ClientAuthentication;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev221212.ssh.server.grouping.ServerIdentity;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev221212.TcpClientGrouping;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev221212.TcpServerGrouping;
45 * A {@link TransportStack} acting as an SSH server.
47 public final class SSHServer extends SSHTransportStack {
49 private final ServerFactoryManager serverFactoryManager;
50 private final SessionFactory serverSessionFactory;
52 private SSHServer(final TransportChannelListener listener, final ServerFactoryManager serverFactoryManager) {
54 this.serverFactoryManager = requireNonNull(serverFactoryManager);
55 this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
56 this.serverSessionFactory = new SessionFactory(serverFactoryManager);
57 this.ioService = new SshIoService(this.serverFactoryManager,
58 new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),
59 this.serverSessionFactory);
63 protected IoHandler getSessionFactory() {
64 return serverSessionFactory;
67 public static @NonNull ListenableFuture<SSHServer> connect(final TransportChannelListener listener,
68 final Bootstrap bootstrap, final TcpClientGrouping connectParams, final SshServerGrouping serverParams)
69 throws UnsupportedConfigurationException {
70 final var server = new SSHServer(listener, newFactoryManager(serverParams));
71 return transformUnderlay(server, TCPClient.connect(server.asListener(), bootstrap, connectParams));
74 public static @NonNull ListenableFuture<SSHServer> listen(final TransportChannelListener listener,
75 final ServerBootstrap bootstrap, final TcpServerGrouping connectParams,
76 final SshServerGrouping serverParams)
77 throws UnsupportedConfigurationException {
78 final var server = new SSHServer(listener, newFactoryManager(serverParams));
79 return transformUnderlay(server, TCPServer.listen(server.asListener(), bootstrap, connectParams));
82 private static ServerFactoryManager newFactoryManager(
83 final SshServerGrouping serverParams)
84 throws UnsupportedConfigurationException {
85 var factoryMgr = SshServer.setUpDefaultServer();
87 ConfigUtils.setTransportParams(factoryMgr, serverParams.getTransportParams());
88 ConfigUtils.setKeepAlives(factoryMgr, serverParams.getKeepalives());
89 setServerIdentity(factoryMgr, serverParams.getServerIdentity());
90 setClientAuthentication(factoryMgr, serverParams.getClientAuthentication());
92 factoryMgr.setServiceFactories(SshServer.DEFAULT_SERVICE_FACTORIES);
93 factoryMgr.setScheduledExecutorService(ThreadUtils.newSingleThreadScheduledExecutor(""));
97 private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,
98 final @NonNull ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
99 if (serverIdentity == null) {
100 throw new UnsupportedConfigurationException("Server identity configuration is required");
102 if (serverIdentity.getHostKey() != null && !serverIdentity.getHostKey().isEmpty()) {
103 final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(serverIdentity.getHostKey());
104 if (!serverHostKeyPairs.isEmpty()) {
105 factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
108 throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
112 private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,
113 final @Nullable ClientAuthentication clientAuthentication) throws UnsupportedConfigurationException {
114 if (clientAuthentication == null) {
117 if (clientAuthentication.getUsers() != null && clientAuthentication.getUsers().getUser() != null) {
118 final var passwordMapBuilder = ImmutableMap.<String, String>builder();
119 final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
120 final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
121 for (var entry : clientAuthentication.getUsers().getUser().entrySet()) {
122 final String username = entry.getKey().getName();
123 if (entry.getValue().getPassword() != null) { // password
124 passwordMapBuilder.put(username, entry.getValue().getPassword().getValue());
126 if (entry.getValue().getHostbased() != null) {
127 hostBasedMapBuilder.put(username,
128 ConfigUtils.extractPublicKeys(entry.getValue().getHostbased().getLocalOrTruststore()));
130 if (entry.getValue().getPublicKeys() != null) {
131 publicKeyMapBuilder.put(username,
132 ConfigUtils.extractPublicKeys(entry.getValue().getPublicKeys().getLocalOrTruststore()));
135 final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();
136 final var passwordMap = passwordMapBuilder.build();
137 if (!passwordMap.isEmpty()) {
138 authFactoriesBuilder.add(new UserAuthPasswordFactory());
139 factoryMgr.setPasswordAuthenticator(new CryptHashPasswordAuthenticator(passwordMap));
141 final var hostBasedMap = hostBasedMapBuilder.build();
142 if (!hostBasedMap.isEmpty()) {
143 final var factory = new UserAuthHostBasedFactory();
144 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
145 authFactoriesBuilder.add(factory);
146 factoryMgr.setHostBasedAuthenticator(new UserPublicKeyAuthenticator(hostBasedMap));
148 final var publicKeyMap = publicKeyMapBuilder.build();
149 if (!publicKeyMap.isEmpty()) {
150 final var factory = new UserAuthPublicKeyFactory();
151 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
152 authFactoriesBuilder.add(factory);
153 factoryMgr.setPublickeyAuthenticator(new UserPublicKeyAuthenticator(publicKeyMap));
155 factoryMgr.setUserAuthFactories(authFactoriesBuilder.build());