/* * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html */ package org.opendaylight.netconf.callhome.protocol; import static java.util.Objects.requireNonNull; import com.google.common.collect.ImmutableSet; import java.security.KeyPair; import java.util.Collection; import java.util.HashSet; import java.util.Set; import org.opendaylight.netconf.shaded.sshd.client.session.ClientSession; /** * Authorization context for incoming call home sessions. * * @see CallHomeAuthorizationProvider */ public abstract class CallHomeAuthorization { private static final CallHomeAuthorization REJECTED = new CallHomeAuthorization() { @Override public boolean isServerAllowed() { return false; } @Override protected String getSessionName() { return ""; } @Override protected void applyTo(final ClientSession session) { throw new IllegalStateException("Server is not allowed."); } }; /** * Returns CallHomeAuthorization object with intent to * reject incoming connection. * *
* {@link CallHomeAuthorizationProvider} may use returned object * as return value for * {@link CallHomeAuthorizationProvider#provideAuth(java.net.SocketAddress, java.security.PublicKey)} * if the incoming session should be rejected due to policy implemented * by provider. * * @return CallHomeAuthorization with {@code isServerAllowed() == false} */ public static final CallHomeAuthorization rejected() { return REJECTED; } /** * Creates a builder for CallHomeAuthorization with intent * to accept incoming connection and to provide credentials. * *
* Note: If session with same sessionName is already opened and * active, incoming session will be rejected. * * @param sessionName Application specific unique identifier for incoming session * @param username Username to be used for authorization * @return Builder which allows to specify credentials. */ public static final Builder serverAccepted(final String sessionName, final String username) { return new Builder(sessionName, username); } /** * Returns true if incomming connection is allowed. * * @return true if incoming connection from SSH Server is allowed. */ public abstract boolean isServerAllowed(); /** * Applies provided authentification to Mina SSH Client Session. * * @param session Client Session to which authorization parameters will by applied */ protected abstract void applyTo(ClientSession session); protected abstract String getSessionName(); /** * Builder for CallHomeAuthorization which accepts incoming connection. * *
* Use {@link CallHomeAuthorization#serverAccepted(String, String)} to instantiate
* builder.
*/
public static class Builder implements org.opendaylight.yangtools.concepts.Builder