X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fnetconf%2Fnetconf-ssh%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fnetconf%2Fssh%2FSshProxyServer.java;h=b91bdc8da67d95a630077170ae0cdd78869a32af;hp=0b85cf2653e9ca07b294651265cc882bbae8b841;hb=1915e780a3e1e1746c0c5071a7bda8aad57d9d36;hpb=73e969cf365dd78772596c71e940ae44fe2f22d3;ds=sidebyside

diff --git a/opendaylight/netconf/netconf-ssh/src/main/java/org/opendaylight/controller/netconf/ssh/SshProxyServer.java b/opendaylight/netconf/netconf-ssh/src/main/java/org/opendaylight/controller/netconf/ssh/SshProxyServer.java
index 0b85cf2653..b91bdc8da6 100644
--- a/opendaylight/netconf/netconf-ssh/src/main/java/org/opendaylight/controller/netconf/ssh/SshProxyServer.java
+++ b/opendaylight/netconf/netconf-ssh/src/main/java/org/opendaylight/controller/netconf/ssh/SshProxyServer.java
@@ -10,18 +10,22 @@ package org.opendaylight.controller.netconf.ssh;
 
 import com.google.common.collect.Lists;
 import io.netty.channel.EventLoopGroup;
-import io.netty.channel.local.LocalAddress;
 import java.io.IOException;
-import java.net.InetSocketAddress;
 import java.nio.channels.AsynchronousChannelGroup;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import org.apache.sshd.SshServer;
+import org.apache.sshd.common.Cipher;
 import org.apache.sshd.common.FactoryManager;
-import org.apache.sshd.common.KeyPairProvider;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.RuntimeSshException;
+import org.apache.sshd.common.cipher.ARCFOUR128;
+import org.apache.sshd.common.cipher.ARCFOUR256;
 import org.apache.sshd.common.io.IoAcceptor;
 import org.apache.sshd.common.io.IoConnector;
 import org.apache.sshd.common.io.IoHandler;
@@ -32,7 +36,7 @@ import org.apache.sshd.common.io.nio2.Nio2Connector;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.util.CloseableUtils;
 import org.apache.sshd.server.Command;
-import org.apache.sshd.server.PasswordAuthenticator;
+import org.apache.sshd.server.ServerFactoryManager;
 
 /**
  * Proxy SSH server that just delegates decrypted content to a delegate server within same VM.
@@ -40,6 +44,8 @@ import org.apache.sshd.server.PasswordAuthenticator;
  */
 public class SshProxyServer implements AutoCloseable {
 
+    private static final ARCFOUR128.Factory DEFAULT_ARCFOUR128_FACTORY = new ARCFOUR128.Factory();
+    private static final ARCFOUR256.Factory DEFAULT_ARCFOUR256_FACTORY = new ARCFOUR256.Factory();
     private final SshServer sshServer;
     private final ScheduledExecutorService minaTimerExecutor;
     private final EventLoopGroup clientGroup;
@@ -52,22 +58,43 @@ public class SshProxyServer implements AutoCloseable {
         this.sshServer = SshServer.setUpDefaultServer();
     }
 
-    public void bind(final InetSocketAddress bindingAddress, final LocalAddress localAddress, final PasswordAuthenticator authenticator, final KeyPairProvider keyPairProvider) throws IOException {
-        sshServer.setHost(bindingAddress.getHostString());
-        sshServer.setPort(bindingAddress.getPort());
-
-        sshServer.setPasswordAuthenticator(authenticator);
-        sshServer.setKeyPairProvider(keyPairProvider);
+    public void bind(final SshProxyServerConfiguration sshProxyServerConfiguration) throws IOException {
+        sshServer.setHost(sshProxyServerConfiguration.getBindingAddress().getHostString());
+        sshServer.setPort(sshProxyServerConfiguration.getBindingAddress().getPort());
+
+        //remove rc4 ciphers
+        final List<NamedFactory<Cipher>> cipherFactories = sshServer.getCipherFactories();
+        for (Iterator<NamedFactory<Cipher>> i = cipherFactories.iterator(); i.hasNext(); ) {
+            final NamedFactory<Cipher> factory = i.next();
+            if (factory.getName().contains(DEFAULT_ARCFOUR128_FACTORY.getName())
+                    || factory.getName().contains(DEFAULT_ARCFOUR256_FACTORY.getName())) {
+                i.remove();
+            }
+        }
+        sshServer.setPasswordAuthenticator(sshProxyServerConfiguration.getAuthenticator());
+        sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
 
         sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
         sshServer.setScheduledExecutorService(minaTimerExecutor);
+        sshServer.setProperties(getProperties(sshProxyServerConfiguration));
 
         final RemoteNetconfCommand.NetconfCommandFactory netconfCommandFactory =
-                new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, localAddress);
+                new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, sshProxyServerConfiguration.getLocalAddress());
         sshServer.setSubsystemFactories(Lists.<NamedFactory<Command>>newArrayList(netconfCommandFactory));
         sshServer.start();
     }
 
+    private static Map<String, String> getProperties(final SshProxyServerConfiguration sshProxyServerConfiguration) {
+        return new HashMap<String, String>()
+        {
+            {
+                put(ServerFactoryManager.IDLE_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+                // TODO make auth timeout configurable on its own
+                put(ServerFactoryManager.AUTH_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+            }
+        };
+    }
+
     @Override
     public void close() {
         try {