From 083981362c3424cefa6752595fce82576ba43eb2 Mon Sep 17 00:00:00 2001 From: Tomas Cere Date: Tue, 24 Oct 2017 13:14:20 +0200 Subject: [PATCH] BUG-9261: Add basic public key auth to testtool Adds public key authenticator that accepts every connection to testtool. Change-Id: I49e98613cf5fb5dc33c8ccb465cdc16044b33f5e Signed-off-by: Tomas Cere --- .../opendaylight/netconf/ssh/SshProxyServer.java | 2 ++ .../netconf/ssh/SshProxyServerConfiguration.java | 14 +++++++++++++- .../ssh/SshProxyServerConfigurationBuilder.java | 9 ++++++++- .../netconf/auth/DatastoreBackedPublicKeyAuth.java | 2 +- .../netconf/test/tool/NetconfDeviceSimulator.java | 4 ++++ 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java index 17af06e796..f525674436 100644 --- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java +++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServer.java @@ -70,6 +70,8 @@ public class SshProxyServer implements AutoCloseable { (username, password, session) -> sshProxyServerConfiguration.getAuthenticator().authenticated(username, password)); + sshProxyServerConfiguration.getPublickeyAuthenticator().ifPresent(sshServer::setPublickeyAuthenticator); + sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider()); sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory); diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java index 9fe57a40b6..75692ba575 100644 --- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java +++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfiguration.java @@ -11,7 +11,9 @@ package org.opendaylight.netconf.ssh; import com.google.common.base.Preconditions; import io.netty.channel.local.LocalAddress; import java.net.InetSocketAddress; +import java.util.Optional; import org.apache.sshd.common.KeyPairProvider; +import org.apache.sshd.server.PublickeyAuthenticator; import org.opendaylight.netconf.auth.AuthProvider; public final class SshProxyServerConfiguration { @@ -20,9 +22,16 @@ public final class SshProxyServerConfiguration { private final AuthProvider authenticator; private final KeyPairProvider keyPairProvider; private final int idleTimeout; + private final Optional publickeyAuthenticator; SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress, final AuthProvider authenticator, final KeyPairProvider keyPairProvider, final int idleTimeout) { + this(bindingAddress, localAddress, authenticator, null, keyPairProvider, idleTimeout); + } + + SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress, + final AuthProvider authenticator, final PublickeyAuthenticator publickeyAuthenticator, + final KeyPairProvider keyPairProvider, final int idleTimeout) { this.bindingAddress = Preconditions.checkNotNull(bindingAddress); this.localAddress = Preconditions.checkNotNull(localAddress); this.authenticator = Preconditions.checkNotNull(authenticator); @@ -30,6 +39,7 @@ public final class SshProxyServerConfiguration { // Idle timeout cannot be disabled in the sshd by using =< 0 value Preconditions.checkArgument(idleTimeout > 0, "Idle timeout has to be > 0"); this.idleTimeout = idleTimeout; + this.publickeyAuthenticator = Optional.ofNullable(publickeyAuthenticator); } public InetSocketAddress getBindingAddress() { @@ -52,5 +62,7 @@ public final class SshProxyServerConfiguration { return idleTimeout; } - + public Optional getPublickeyAuthenticator() { + return publickeyAuthenticator; + } } diff --git a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java index 5b7948ed6f..6d9a364af9 100644 --- a/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java +++ b/netconf/netconf-ssh/src/main/java/org/opendaylight/netconf/ssh/SshProxyServerConfigurationBuilder.java @@ -11,6 +11,7 @@ package org.opendaylight.netconf.ssh; import io.netty.channel.local.LocalAddress; import java.net.InetSocketAddress; import org.apache.sshd.common.KeyPairProvider; +import org.apache.sshd.server.PublickeyAuthenticator; import org.opendaylight.netconf.auth.AuthProvider; public final class SshProxyServerConfigurationBuilder { @@ -19,6 +20,7 @@ public final class SshProxyServerConfigurationBuilder { private AuthProvider authenticator; private KeyPairProvider keyPairProvider; private int idleTimeout; + private PublickeyAuthenticator publicKeyAuthenticator = null; public SshProxyServerConfigurationBuilder setBindingAddress(final InetSocketAddress bindingAddress) { this.bindingAddress = bindingAddress; @@ -35,6 +37,11 @@ public final class SshProxyServerConfigurationBuilder { return this; } + public SshProxyServerConfigurationBuilder setPublickeyAuthenticator(final PublickeyAuthenticator authenticator) { + this.publicKeyAuthenticator = authenticator; + return this; + } + public SshProxyServerConfigurationBuilder setKeyPairProvider(final KeyPairProvider keyPairProvider) { this.keyPairProvider = keyPairProvider; return this; @@ -46,7 +53,7 @@ public final class SshProxyServerConfigurationBuilder { } public SshProxyServerConfiguration createSshProxyServerConfiguration() { - return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator, + return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator, publicKeyAuthenticator, keyPairProvider, idleTimeout); } diff --git a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java index 3e9115d041..7c750cc67f 100644 --- a/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java +++ b/netconf/sal-netconf-connector/src/main/java/org/opendaylight/netconf/sal/connect/netconf/auth/DatastoreBackedPublicKeyAuth.java @@ -32,7 +32,7 @@ public class DatastoreBackedPublicKeyAuth extends AuthenticationHandler { private final NetconfKeystoreAdapter keystoreAdapter; private final AAAEncryptionService encryptionService; - private Optional keyPair; + private Optional keyPair = Optional.empty(); public DatastoreBackedPublicKeyAuth(final String username, final String pairId, final NetconfKeystoreAdapter keystoreAdapter, diff --git a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java index ab45f2d737..bbf8af73db 100644 --- a/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java +++ b/netconf/tools/netconf-testtool/src/main/java/org/opendaylight/netconf/test/tool/NetconfDeviceSimulator.java @@ -273,6 +273,10 @@ public class NetconfDeviceSimulator implements Closeable { .setBindingAddress(bindingAddress) .setLocalAddress(tcpLocalAddress) .setAuthenticator((username, password) -> true) + .setPublickeyAuthenticator(((username, key, session) -> { + LOG.info("Auth with public key: {}", key); + return true; + })) .setKeyPairProvider(keyPairProvider) .setIdleTimeout(Integer.MAX_VALUE) .createSshProxyServerConfiguration(); -- 2.36.6