*/
package org.opendaylight.controller.netconf.ssh.authentication;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.commons.io.IOUtils;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.VisibleForTesting;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
-import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.usermanager.IUserManager;
-import org.opendaylight.controller.usermanager.UserConfig;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
+import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class AuthProvider implements AuthProviderInterface {
-
- private static IUserManager um;
- private static final String DEFAULT_USER = "netconf";
- private static final String DEFAULT_PASSWORD = "netconf";
- private String PEM;
+public class AuthProvider {
+ private static final Logger logger = LoggerFactory.getLogger(AuthProvider.class);
- private static final Logger logger = LoggerFactory.getLogger(AuthProvider.class);
+ private final String pem;
+ private IUserManager nullableUserManager;
- public AuthProvider(IUserManager ium,InputStream privateKeyFileInputStream) throws Exception {
+ public AuthProvider(String pemCertificate, final BundleContext bundleContext) {
+ checkNotNull(pemCertificate, "Parameter 'pemCertificate' is null");
+ pem = pemCertificate;
- AuthProvider.um = ium;
- if (AuthProvider.um == null){
- throw new Exception("No usermanager service available.");
- }
+ ServiceTrackerCustomizer<IUserManager, IUserManager> customizer = new ServiceTrackerCustomizer<IUserManager, IUserManager>() {
+ @Override
+ public IUserManager addingService(final ServiceReference<IUserManager> reference) {
+ logger.trace("Service {} added", reference);
+ nullableUserManager = bundleContext.getService(reference);
+ return nullableUserManager;
+ }
- List<String> roles = new ArrayList<String>(1);
- roles.add(UserLevel.SYSTEMADMIN.toString());
- AuthProvider.um.addLocalUser(new UserConfig(DEFAULT_USER, DEFAULT_PASSWORD, roles));
+ @Override
+ public void modifiedService(final ServiceReference<IUserManager> reference, final IUserManager service) {
+ logger.trace("Replacing modified service {} in netconf SSH.", reference);
+ nullableUserManager = service;
+ }
- try {
- PEM = IOUtils.toString(privateKeyFileInputStream);
- } catch (IOException e) {
- logger.error("Error reading RSA key from file.");
- throw new IllegalStateException("Error reading RSA key from file.");
- }
- }
- @Override
- public boolean authenticated(String username, String password) throws Exception {
- if (AuthProvider.um == null){
- throw new Exception("No usermanager service available.");
- }
- AuthResultEnum authResult = AuthProvider.um.authenticate(username,password);
- if (authResult.equals(AuthResultEnum.AUTH_ACCEPT) || authResult.equals(AuthResultEnum.AUTH_ACCEPT_LOC)){
- return true;
- }
- return false;
+ @Override
+ public void removedService(final ServiceReference<IUserManager> reference, final IUserManager service) {
+ logger.trace("Removing service {} from netconf SSH. " +
+ "SSH won't authenticate users until IUserManager service will be started.", reference);
+ synchronized (AuthProvider.this) {
+ nullableUserManager = null;
+ }
+ }
+ };
+ ServiceTracker<IUserManager, IUserManager> listenerTracker = new ServiceTracker<>(bundleContext, IUserManager.class, customizer);
+ listenerTracker.open();
}
- @Override
- public char[] getPEMAsCharArray() throws Exception {
- if (null == PEM){
- logger.error("Missing RSA key string.");
- throw new Exception("Missing RSA key.");
+ /**
+ * Authenticate user. This implementation tracks IUserManager and delegates the decision to it. If the service is not
+ * available, IllegalStateException is thrown.
+ */
+ public synchronized boolean authenticated(String username, String password) {
+ if (nullableUserManager == null) {
+ logger.warn("Cannot authenticate user '{}', user manager service is missing", username);
+ throw new IllegalStateException("User manager service is not available");
}
- return PEM.toCharArray();
+ AuthResultEnum authResult = nullableUserManager.authenticate(username, password);
+ logger.debug("Authentication result for user '{}' : {}", username, authResult);
+ return authResult.equals(AuthResultEnum.AUTH_ACCEPT) || authResult.equals(AuthResultEnum.AUTH_ACCEPT_LOC);
}
- @Override
- public void removeUserManagerService() {
- AuthProvider.um = null;
+ public char[] getPEMAsCharArray() {
+ return pem.toCharArray();
}
- @Override
- public void addUserManagerService(IUserManager userManagerService) {
- AuthProvider.um = userManagerService;
+ @VisibleForTesting
+ void setNullableUserManager(IUserManager nullableUserManager) {
+ this.nullableUserManager = nullableUserManager;
}
-
-
}