import java.io.IOException;
import java.nio.channels.AsynchronousChannelGroup;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
-import org.apache.sshd.SshServer;
-import org.apache.sshd.common.Cipher;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
-import org.apache.sshd.common.cipher.ARCFOUR128;
-import org.apache.sshd.common.cipher.ARCFOUR256;
+import org.apache.sshd.common.cipher.BuiltinCiphers;
+import org.apache.sshd.common.cipher.Cipher;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoConnector;
import org.apache.sshd.common.io.IoHandler;
import org.apache.sshd.common.io.nio2.Nio2Acceptor;
import org.apache.sshd.common.io.nio2.Nio2Connector;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
-import org.apache.sshd.common.util.CloseableUtils;
-import org.apache.sshd.server.PasswordAuthenticator;
+import org.apache.sshd.common.util.closeable.AbstractCloseable;
import org.apache.sshd.server.ServerFactoryManager;
-import org.apache.sshd.server.session.ServerSession;
+import org.apache.sshd.server.SshServer;
/**
* Proxy SSH server that just delegates decrypted content to a delegate server within same VM.
* Implemented using Apache Mina SSH lib.
*/
public class SshProxyServer implements AutoCloseable {
-
- private static final ARCFOUR128.Factory DEFAULT_ARCFOUR128_FACTORY = new ARCFOUR128.Factory();
- private static final ARCFOUR256.Factory DEFAULT_ARCFOUR256_FACTORY = new ARCFOUR256.Factory();
private final SshServer sshServer;
private final ScheduledExecutorService minaTimerExecutor;
private final EventLoopGroup clientGroup;
//remove rc4 ciphers
final List<NamedFactory<Cipher>> cipherFactories = sshServer.getCipherFactories();
- for (Iterator<NamedFactory<Cipher>> i = cipherFactories.iterator(); i.hasNext(); ) {
- final NamedFactory<Cipher> factory = i.next();
- if (factory.getName().contains(DEFAULT_ARCFOUR128_FACTORY.getName())
- || factory.getName().contains(DEFAULT_ARCFOUR256_FACTORY.getName())) {
- i.remove();
- }
- }
- sshServer.setPasswordAuthenticator(new PasswordAuthenticator() {
- @Override
- public boolean authenticate(final String username, final String password, final ServerSession session) {
- return sshProxyServerConfiguration.getAuthenticator().authenticated(username, password);
- }
- });
+ cipherFactories.removeIf(factory -> factory.getName().contains(BuiltinCiphers.arcfour128.getName())
+ || factory.getName().contains(BuiltinCiphers.arcfour256.getName()));
+ sshServer.setPasswordAuthenticator(
+ (username, password, session)
+ -> sshProxyServerConfiguration.getAuthenticator().authenticated(username, password));
+
+ sshProxyServerConfiguration.getPublickeyAuthenticator().ifPresent(sshServer::setPublickeyAuthenticator);
sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
sshServer.setScheduledExecutorService(minaTimerExecutor);
- sshServer.setProperties(getProperties(sshProxyServerConfiguration));
+ sshServer.getProperties().put(ServerFactoryManager.IDLE_TIMEOUT,
+ String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+ sshServer.getProperties().put(ServerFactoryManager.AUTH_TIMEOUT,
+ String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
final RemoteNetconfCommand.NetconfCommandFactory netconfCommandFactory =
new RemoteNetconfCommand.NetconfCommandFactory(clientGroup,
}
@Override
- public void close() {
+ public void close() throws IOException {
try {
sshServer.stop(true);
- } catch (final InterruptedException e) {
- throw new RuntimeException("Interrupted while stopping sshServer", e);
} finally {
sshServer.close(true);
}
/**
* Based on Nio2ServiceFactory with one addition: injectable executor.
*/
- private static final class NioServiceWithPoolFactory
- extends CloseableUtils.AbstractCloseable implements IoServiceFactory {
+ private static final class NioServiceWithPoolFactory extends AbstractCloseable implements IoServiceFactory {
private final FactoryManager manager;
private final AsynchronousChannelGroup group;