import io.netty.channel.EventLoopGroup;
import java.io.IOException;
import java.nio.channels.AsynchronousChannelGroup;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
-import org.apache.sshd.SshServer;
-import org.apache.sshd.common.Cipher;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
-import org.apache.sshd.common.cipher.ARCFOUR128;
-import org.apache.sshd.common.cipher.ARCFOUR256;
+import org.apache.sshd.common.cipher.BuiltinCiphers;
+import org.apache.sshd.common.cipher.Cipher;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoConnector;
import org.apache.sshd.common.io.IoHandler;
import org.apache.sshd.common.io.nio2.Nio2Acceptor;
import org.apache.sshd.common.io.nio2.Nio2Connector;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
-import org.apache.sshd.common.util.CloseableUtils;
+import org.apache.sshd.common.util.closeable.AbstractCloseable;
import org.apache.sshd.server.ServerFactoryManager;
+import org.apache.sshd.server.SshServer;
/**
* Proxy SSH server that just delegates decrypted content to a delegate server within same VM.
* Implemented using Apache Mina SSH lib.
*/
public class SshProxyServer implements AutoCloseable {
-
- private static final ARCFOUR128.Factory DEFAULT_ARCFOUR128_FACTORY = new ARCFOUR128.Factory();
- private static final ARCFOUR256.Factory DEFAULT_ARCFOUR256_FACTORY = new ARCFOUR256.Factory();
private final SshServer sshServer;
private final ScheduledExecutorService minaTimerExecutor;
private final EventLoopGroup clientGroup;
//remove rc4 ciphers
final List<NamedFactory<Cipher>> cipherFactories = sshServer.getCipherFactories();
- cipherFactories.removeIf(factory -> factory.getName().contains(DEFAULT_ARCFOUR128_FACTORY.getName())
- || factory.getName().contains(DEFAULT_ARCFOUR256_FACTORY.getName()));
+ cipherFactories.removeIf(factory -> factory.getName().contains(BuiltinCiphers.arcfour128.getName())
+ || factory.getName().contains(BuiltinCiphers.arcfour256.getName()));
sshServer.setPasswordAuthenticator(
(username, password, session)
-> sshProxyServerConfiguration.getAuthenticator().authenticated(username, password));
+ sshProxyServerConfiguration.getPublickeyAuthenticator().ifPresent(sshServer::setPublickeyAuthenticator);
+
sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
sshServer.setScheduledExecutorService(minaTimerExecutor);
- sshServer.setProperties(getProperties(sshProxyServerConfiguration));
+ sshServer.getProperties().put(ServerFactoryManager.IDLE_TIMEOUT,
+ String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+ sshServer.getProperties().put(ServerFactoryManager.AUTH_TIMEOUT,
+ String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
final RemoteNetconfCommand.NetconfCommandFactory netconfCommandFactory =
new RemoteNetconfCommand.NetconfCommandFactory(clientGroup,
sshServer.start();
}
- private static Map<String, String> getProperties(final SshProxyServerConfiguration sshProxyServerConfiguration) {
- final Map<String, String> ret = new HashMap<>();
- ret.put(ServerFactoryManager.IDLE_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
- // TODO make auth timeout configurable on its own
- ret.put(ServerFactoryManager.AUTH_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
-
- return ret;
- }
-
@Override
- public void close() {
+ public void close() throws IOException {
try {
sshServer.stop(true);
- } catch (final InterruptedException e) {
- throw new RuntimeException("Interrupted while stopping sshServer", e);
} finally {
sshServer.close(true);
}
/**
* Based on Nio2ServiceFactory with one addition: injectable executor.
*/
- private static final class NioServiceWithPoolFactory
- extends CloseableUtils.AbstractCloseable implements IoServiceFactory {
+ private static final class NioServiceWithPoolFactory extends AbstractCloseable implements IoServiceFactory {
private final FactoryManager manager;
private final AsynchronousChannelGroup group;