Code Review / netconf.git / blob
? search:


d3e398c58bb5d6c9daed8aa4d25f1ed0ab4b7f5a
[netconf.git] / transport / transport-ssh / src / main / java / org / opendaylight / netconf / transport / ssh / SSHServer.java
1 /*
2  * Copyright (c) 2022 PANTHEON.tech, s.r.o. and others.  All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netconf.transport.ssh;
9
10 import static com.google.common.base.Preconditions.checkArgument;
11 import static java.util.Objects.requireNonNull;
12
13 import com.google.common.collect.ImmutableList;
14 import com.google.common.collect.ImmutableMap;
15 import com.google.common.util.concurrent.ListenableFuture;
16 import io.netty.bootstrap.Bootstrap;
17 import io.netty.bootstrap.ServerBootstrap;
18 import io.netty.channel.group.DefaultChannelGroup;
19 import io.netty.util.concurrent.GlobalEventExecutor;
20 import java.security.PublicKey;
21 import java.util.List;
22 import org.eclipse.jdt.annotation.NonNull;
23 import org.eclipse.jdt.annotation.Nullable;
24 import org.opendaylight.netconf.shaded.sshd.common.io.IoHandler;
25 import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyPairProvider;
26 import org.opendaylight.netconf.shaded.sshd.common.util.threads.ThreadUtils;
27 import org.opendaylight.netconf.shaded.sshd.server.ServerFactoryManager;
28 import org.opendaylight.netconf.shaded.sshd.server.SshServer;
29 import org.opendaylight.netconf.shaded.sshd.server.auth.UserAuthFactory;
30 import org.opendaylight.netconf.shaded.sshd.server.auth.hostbased.UserAuthHostBasedFactory;
31 import org.opendaylight.netconf.shaded.sshd.server.auth.password.UserAuthPasswordFactory;
32 import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
33 import org.opendaylight.netconf.shaded.sshd.server.session.SessionFactory;
34 import org.opendaylight.netconf.transport.api.TransportChannelListener;
35 import org.opendaylight.netconf.transport.api.TransportStack;
36 import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
37 import org.opendaylight.netconf.transport.tcp.TCPClient;
38 import org.opendaylight.netconf.transport.tcp.TCPServer;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.SshServerGrouping;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ClientAuthentication;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev230417.ssh.server.grouping.ServerIdentity;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
44
45 /**
46  * A {@link TransportStack} acting as an SSH server.
47  */
48 public final class SSHServer extends SSHTransportStack {
49     private final ServerFactoryManager serverFactoryManager;
50     private final SessionFactory serverSessionFactory;
51
52     private SSHServer(final TransportChannelListener listener, final ServerFactoryManager serverFactoryManager) {
53         super(listener);
54         this.serverFactoryManager = requireNonNull(serverFactoryManager);
55         this.serverFactoryManager.addSessionListener(new UserAuthSessionListener(sessionAuthHandlers, sessions));
56         serverSessionFactory = new SessionFactory(serverFactoryManager);
57         ioService = new SshIoService(this.serverFactoryManager,
58                 new DefaultChannelGroup("sshd-server-channels", GlobalEventExecutor.INSTANCE),
59                 serverSessionFactory);
60     }
61
62     @Override
63     IoHandler getSessionFactory() {
64         return serverSessionFactory;
65     }
66
67     public static @NonNull ListenableFuture<SSHServer> connect(final TransportChannelListener listener,
68             final Bootstrap bootstrap, final TcpClientGrouping connectParams, final SshServerGrouping serverParams)
69             throws UnsupportedConfigurationException {
70         final var server = new SSHServer(listener, newFactoryManager(requireNonNull(serverParams), null));
71         return transformUnderlay(server, TCPClient.connect(server.asListener(), bootstrap, connectParams));
72     }
73
74     public static @NonNull ListenableFuture<SSHServer> listen(final TransportChannelListener listener,
75             final ServerBootstrap bootstrap, final TcpServerGrouping connectParams,
76             final SshServerGrouping serverParams) throws UnsupportedConfigurationException {
77         requireNonNull(serverParams);
78         return listen(listener, bootstrap, connectParams, serverParams, null);
79     }
80
81     /**
82      * Builds and starts SSH Server.
83      *
84      * @param listener server channel listener, required
85      * @param bootstrap server bootstrap instance, required
86      * @param connectParams tcp transport configuration, required
87      * @param serverParams ssh overlay configuration, optional if configurator is defined, required otherwise
88      * @param configurator server factory manager configurator, optional if serverParams is defined, required otherwise
89      * @return server instance as listenable future
90      * @throws UnsupportedConfigurationException if any of configurations is invalid or incomplete
91      * @throws NullPointerException if any of required parameters is null
92      * @throws IllegalArgumentException if both configurator and serverParams are null
93      */
94     public static @NonNull ListenableFuture<SSHServer> listen(final TransportChannelListener listener,
95             final ServerBootstrap bootstrap, final TcpServerGrouping connectParams,
96             final SshServerGrouping serverParams, final ServerFactoryManagerConfigurator configurator)
97             throws UnsupportedConfigurationException {
98         checkArgument(serverParams != null || configurator != null,
99             "Neither server parameters nor factory configurator is defined");
100         final var factoryMgr = newFactoryManager(serverParams, configurator);
101         final var server = new SSHServer(listener, factoryMgr);
102         return transformUnderlay(server, TCPServer.listen(server.asListener(), bootstrap, connectParams));
103     }
104
105     private static ServerFactoryManager newFactoryManager(final @Nullable SshServerGrouping serverParams,
106             final @Nullable ServerFactoryManagerConfigurator configurator) throws UnsupportedConfigurationException {
107         final var factoryMgr = SshServer.setUpDefaultServer();
108         if (serverParams != null) {
109             ConfigUtils.setTransportParams(factoryMgr, serverParams.getTransportParams());
110             ConfigUtils.setKeepAlives(factoryMgr, serverParams.getKeepalives());
111             setServerIdentity(factoryMgr, serverParams.getServerIdentity());
112             setClientAuthentication(factoryMgr, serverParams.getClientAuthentication());
113         }
114         if (configurator != null) {
115             configurator.configureServerFactoryManager(factoryMgr);
116         }
117         factoryMgr.setServiceFactories(SshServer.DEFAULT_SERVICE_FACTORIES);
118         factoryMgr.setScheduledExecutorService(ThreadUtils.newSingleThreadScheduledExecutor(""));
119         return factoryMgr;
120     }
121
122     private static void setServerIdentity(final @NonNull ServerFactoryManager factoryMgr,
123             final @Nullable ServerIdentity serverIdentity) throws UnsupportedConfigurationException {
124         if (serverIdentity == null) {
125             throw new UnsupportedConfigurationException("Server identity configuration is required");
126         }
127         final var hostKey = serverIdentity.getHostKey();
128         if (hostKey == null || hostKey.isEmpty()) {
129             throw new UnsupportedConfigurationException("Host keys is missing in server identity configuration");
130         }
131         final var serverHostKeyPairs = ConfigUtils.extractServerHostKeys(hostKey);
132         if (!serverHostKeyPairs.isEmpty()) {
133             factoryMgr.setKeyPairProvider(KeyPairProvider.wrap(serverHostKeyPairs));
134         }
135     }
136
137     private static void setClientAuthentication(final @NonNull ServerFactoryManager factoryMgr,
138             final @Nullable ClientAuthentication clientAuthentication) throws UnsupportedConfigurationException {
139         if (clientAuthentication == null) {
140             return;
141         }
142         final var users = clientAuthentication.getUsers();
143         if (users == null) {
144             return;
145         }
146         final var userMap = users.getUser();
147         if (userMap != null) {
148             final var passwordMapBuilder = ImmutableMap.<String, String>builder();
149             final var hostBasedMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
150             final var publicKeyMapBuilder = ImmutableMap.<String, List<PublicKey>>builder();
151             for (var entry : userMap.entrySet()) {
152                 final String username = entry.getKey().getName();
153                 final var value = entry.getValue();
154                 final var password = value.getPassword();
155                 if (password != null) {
156                     passwordMapBuilder.put(username, password.getValue());
157                 }
158                 final var hostBased = value.getHostbased();
159                 if (hostBased != null) {
160                     hostBasedMapBuilder.put(username, ConfigUtils.extractPublicKeys(hostBased.getInlineOrTruststore()));
161                 }
162                 final var publicKey = value.getPublicKeys();
163                 if (publicKey != null) {
164                     publicKeyMapBuilder.put(username, ConfigUtils.extractPublicKeys(publicKey.getInlineOrTruststore()));
165                 }
166             }
167             final var authFactoriesBuilder = ImmutableList.<UserAuthFactory>builder();
168             final var passwordMap = passwordMapBuilder.build();
169             if (!passwordMap.isEmpty()) {
170                 authFactoriesBuilder.add(new UserAuthPasswordFactory());
171                 factoryMgr.setPasswordAuthenticator(new CryptHashPasswordAuthenticator(passwordMap));
172             }
173             final var hostBasedMap = hostBasedMapBuilder.build();
174             if (!hostBasedMap.isEmpty()) {
175                 final var factory = new UserAuthHostBasedFactory();
176                 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
177                 authFactoriesBuilder.add(factory);
178                 factoryMgr.setHostBasedAuthenticator(new UserPublicKeyAuthenticator(hostBasedMap));
179             }
180             final var publicKeyMap = publicKeyMapBuilder.build();
181             if (!publicKeyMap.isEmpty()) {
182                 final var factory = new UserAuthPublicKeyFactory();
183                 factory.setSignatureFactories(factoryMgr.getSignatureFactories());
184                 authFactoriesBuilder.add(factory);
185                 factoryMgr.setPublickeyAuthenticator(new UserPublicKeyAuthenticator(publicKeyMap));
186             }
187             factoryMgr.setUserAuthFactories(authFactoriesBuilder.build());
188         }
189     }
190 }
Netconf