BUG-9261: Add basic public key auth to testtool

Adds public key authenticator that accepts every connection to
testtool.

Change-Id: I49e98613cf5fb5dc33c8ccb465cdc16044b33f5e
Signed-off-by: Tomas Cere <tcere@cisco.com>

diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java
index 17af06e796d9eec8ea16fb77d6558c737611a837..f525674436d9a9e01eef95575199edfc032e9187 100644 (file)
--- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java
+++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java
@@ -70,6 +70,8 @@ public class SshProxyServer implements AutoCloseable {
             (username, password, session)
                 -> sshProxyServerConfiguration.getAuthenticator().authenticated(username, password));
 
+        sshProxyServerConfiguration.getPublickeyAuthenticator().ifPresent(sshServer::setPublickeyAuthenticator);
+
         sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
 
         sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);

diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java
index 9fe57a40b692105fcaa2568dba7446c160ad5dd6..75692ba575f604f314a45ebde1a577acdeeb0b5c 100644 (file)
--- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java
+++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java
@@ -11,7 +11,9 @@ package org.opendaylight.netconf.ssh;
 import com.google.common.base.Preconditions;
 import io.netty.channel.local.LocalAddress;
 import java.net.InetSocketAddress;
+import java.util.Optional;
 import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PublickeyAuthenticator;
 import org.opendaylight.netconf.auth.AuthProvider;
 
 public final class SshProxyServerConfiguration {
@@ -20,9 +22,16 @@ public final class SshProxyServerConfiguration {
     private final AuthProvider authenticator;
     private final KeyPairProvider keyPairProvider;
     private final int idleTimeout;
+    private final Optional<PublickeyAuthenticator> publickeyAuthenticator;
 
     SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress,
                     final AuthProvider authenticator, final KeyPairProvider keyPairProvider, final int idleTimeout) {
+        this(bindingAddress, localAddress, authenticator, null, keyPairProvider, idleTimeout);
+    }
+
+    SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress,
+                                final AuthProvider authenticator, final PublickeyAuthenticator publickeyAuthenticator,
+                                final KeyPairProvider keyPairProvider, final int idleTimeout) {
         this.bindingAddress = Preconditions.checkNotNull(bindingAddress);
         this.localAddress = Preconditions.checkNotNull(localAddress);
         this.authenticator = Preconditions.checkNotNull(authenticator);
@@ -30,6 +39,7 @@ public final class SshProxyServerConfiguration {
         // Idle timeout cannot be disabled in the sshd by using =< 0 value
         Preconditions.checkArgument(idleTimeout > 0, "Idle timeout has to be > 0");
         this.idleTimeout = idleTimeout;
+        this.publickeyAuthenticator = Optional.ofNullable(publickeyAuthenticator);
     }
 
     public InetSocketAddress getBindingAddress() {
@@ -52,5 +62,7 @@ public final class SshProxyServerConfiguration {
         return idleTimeout;
     }
 
-
+    public Optional<PublickeyAuthenticator> getPublickeyAuthenticator() {
+        return publickeyAuthenticator;
+    }
 }

diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java
index 5b7948ed6fde4a803e10e2a96c2cbafd19d9224a..6d9a364af9aadacd70601fd4b48851a431949a21 100644 (file)
--- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java
+++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java
@@ -11,6 +11,7 @@ package org.opendaylight.netconf.ssh;
 import io.netty.channel.local.LocalAddress;
 import java.net.InetSocketAddress;
 import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PublickeyAuthenticator;
 import org.opendaylight.netconf.auth.AuthProvider;
 
 public final class SshProxyServerConfigurationBuilder {
@@ -19,6 +20,7 @@ public final class SshProxyServerConfigurationBuilder {
     private AuthProvider authenticator;
     private KeyPairProvider keyPairProvider;
     private int idleTimeout;
+    private PublickeyAuthenticator publicKeyAuthenticator = null;
 
     public SshProxyServerConfigurationBuilder setBindingAddress(final InetSocketAddress bindingAddress) {
         this.bindingAddress = bindingAddress;
@@ -35,6 +37,11 @@ public final class SshProxyServerConfigurationBuilder {
         return this;
     }
 
+    public SshProxyServerConfigurationBuilder setPublickeyAuthenticator(final PublickeyAuthenticator authenticator) {
+        this.publicKeyAuthenticator = authenticator;
+        return this;
+    }
+
     public SshProxyServerConfigurationBuilder setKeyPairProvider(final KeyPairProvider keyPairProvider) {
         this.keyPairProvider = keyPairProvider;
         return this;
@@ -46,7 +53,7 @@ public final class SshProxyServerConfigurationBuilder {
     }
 
     public SshProxyServerConfiguration createSshProxyServerConfiguration() {
-        return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator,
+        return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator, publicKeyAuthenticator,
                 keyPairProvider, idleTimeout);
     }
 

diff --git a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java
index 3e9115d041928e8d686b8f90b7b004ad53c9c5eb..7c750cc67f97bc7a851fb6e964eabd612aecbf5d 100644 (file)
--- a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java
+++ b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java
@@ -32,7 +32,7 @@ public class DatastoreBackedPublicKeyAuth extends AuthenticationHandler {
     private final NetconfKeystoreAdapter keystoreAdapter;
     private final AAAEncryptionService encryptionService;
 
-    private Optional<KeyPair> keyPair;
+    private Optional<KeyPair> keyPair = Optional.empty();
 
     public DatastoreBackedPublicKeyAuth(final String username, final String pairId,
                                         final NetconfKeystoreAdapter keystoreAdapter,

diff --git a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java
index ab45f2d73743d5ce78823da1adeb07a3161b7630..bbf8af73dba4d8e134799644a732e4223345c33e 100644 (file)
--- a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java
+++ b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java
@@ -273,6 +273,10 @@ public class NetconfDeviceSimulator implements Closeable {
                 .setBindingAddress(bindingAddress)
                 .setLocalAddress(tcpLocalAddress)
                 .setAuthenticator((username, password) -> true)
+                .setPublickeyAuthenticator(((username, key, session) -> {
+                    LOG.info("Auth with public key: {}", key);
+                    return true;
+                }))
                 .setKeyPairProvider(keyPairProvider)
                 .setIdleTimeout(Integer.MAX_VALUE)
                 .createSshProxyServerConfiguration();