*/
package org.opendaylight.controller.netconf.ssh.authentication;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.VisibleForTesting;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
-import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.usermanager.IUserManager;
-import org.opendaylight.controller.usermanager.UserConfig;
-
-import java.util.ArrayList;
-import java.util.List;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
+import org.osgi.util.tracker.ServiceTrackerCustomizer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import static com.google.common.base.Preconditions.checkNotNull;
-
-public class AuthProvider implements AuthProviderInterface {
+public class AuthProvider {
+ private static final Logger logger = LoggerFactory.getLogger(AuthProvider.class);
- private static IUserManager um; //FIXME static mutable state, no locks
- private static final String DEFAULT_USER = "netconf";
- private static final String DEFAULT_PASSWORD = "netconf";
private final String pem;
+ private IUserManager nullableUserManager;
- public AuthProvider(IUserManager ium, String pemCertificate) throws Exception {
+ public AuthProvider(String pemCertificate, final BundleContext bundleContext) {
checkNotNull(pemCertificate, "Parameter 'pemCertificate' is null");
- AuthProvider.um = ium;
- if (AuthProvider.um == null) {
- throw new Exception("No usermanager service available.");
- }
-
- List<String> roles = new ArrayList<String>(1);
- roles.add(UserLevel.SYSTEMADMIN.toString());
- AuthProvider.um.addLocalUser(new UserConfig(DEFAULT_USER, DEFAULT_PASSWORD, roles)); //FIXME hardcoded auth
pem = pemCertificate;
+
+ ServiceTrackerCustomizer<IUserManager, IUserManager> customizer = new ServiceTrackerCustomizer<IUserManager, IUserManager>() {
+ @Override
+ public IUserManager addingService(final ServiceReference<IUserManager> reference) {
+ logger.trace("Service {} added", reference);
+ nullableUserManager = bundleContext.getService(reference);
+ return nullableUserManager;
+ }
+
+ @Override
+ public void modifiedService(final ServiceReference<IUserManager> reference, final IUserManager service) {
+ logger.trace("Replacing modified service {} in netconf SSH.", reference);
+ nullableUserManager = service;
+ }
+
+ @Override
+ public void removedService(final ServiceReference<IUserManager> reference, final IUserManager service) {
+ logger.trace("Removing service {} from netconf SSH. " +
+ "SSH won't authenticate users until IUserManager service will be started.", reference);
+ synchronized (AuthProvider.this) {
+ nullableUserManager = null;
+ }
+ }
+ };
+ ServiceTracker<IUserManager, IUserManager> listenerTracker = new ServiceTracker<>(bundleContext, IUserManager.class, customizer);
+ listenerTracker.open();
}
- @Override
- public boolean authenticated(String username, String password) {
- if (AuthProvider.um == null) {
- throw new IllegalStateException("No usermanager service available.");
+ /**
+ * Authenticate user. This implementation tracks IUserManager and delegates the decision to it. If the service is not
+ * available, IllegalStateException is thrown.
+ */
+ public synchronized boolean authenticated(String username, String password) {
+ if (nullableUserManager == null) {
+ logger.warn("Cannot authenticate user '{}', user manager service is missing", username);
+ throw new IllegalStateException("User manager service is not available");
}
- AuthResultEnum authResult = AuthProvider.um.authenticate(username, password);
+ AuthResultEnum authResult = nullableUserManager.authenticate(username, password);
+ logger.debug("Authentication result for user '{}' : {}", username, authResult);
return authResult.equals(AuthResultEnum.AUTH_ACCEPT) || authResult.equals(AuthResultEnum.AUTH_ACCEPT_LOC);
}
- @Override
public char[] getPEMAsCharArray() {
return pem.toCharArray();
}
- @Override
- public void removeUserManagerService() {
- AuthProvider.um = null;
- }
-
- @Override
- public void addUserManagerService(IUserManager userManagerService) {
- AuthProvider.um = userManagerService;
+ @VisibleForTesting
+ void setNullableUserManager(IUserManager nullableUserManager) {
+ this.nullableUserManager = nullableUserManager;
}
}