import org.opendaylight.controller.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
import org.opendaylight.controller.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
import org.opendaylight.controller.netconf.ssh.SshProxyServer;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfigurationBuilder;
import org.opendaylight.controller.netconf.util.messages.NetconfMessageUtil;
import org.opendaylight.controller.netconf.util.osgi.NetconfConfigUtil;
import org.opendaylight.controller.netconf.util.xml.XmlUtil;
clientGroup = new NioEventLoopGroup();
minaTimerEx = Executors.newScheduledThreadPool(1);
sshProxyServer = new SshProxyServer(minaTimerEx, clientGroup, nioExec);
- sshProxyServer.bind(TLS_ADDRESS, NetconfConfigUtil.getNetconfLocalAddress(), new PasswordAuthenticator() {
+ sshProxyServer.bind(
+ new SshProxyServerConfigurationBuilder()
+ .setBindingAddress(TLS_ADDRESS)
+ .setLocalAddress(NetconfConfigUtil.getNetconfLocalAddress())
+ .setAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(final String username, final String password, final ServerSession session) {
return true;
}
- }, new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString()));
+ })
+ .setKeyPairProvider(new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString()))
+ .setIdleTimeout(Integer.MAX_VALUE)
+ .createSshProxyServerConfiguration());
}
@After
import com.google.common.collect.Lists;
import io.netty.channel.EventLoopGroup;
-import io.netty.channel.local.LocalAddress;
import java.io.IOException;
-import java.net.InetSocketAddress;
import java.nio.channels.AsynchronousChannelGroup;
+import java.util.HashMap;
+import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.SshServer;
import org.apache.sshd.common.FactoryManager;
-import org.apache.sshd.common.KeyPairProvider;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.util.CloseableUtils;
import org.apache.sshd.server.Command;
-import org.apache.sshd.server.PasswordAuthenticator;
+import org.apache.sshd.server.ServerFactoryManager;
/**
* Proxy SSH server that just delegates decrypted content to a delegate server within same VM.
this.sshServer = SshServer.setUpDefaultServer();
}
- public void bind(final InetSocketAddress bindingAddress, final LocalAddress localAddress, final PasswordAuthenticator authenticator, final KeyPairProvider keyPairProvider) throws IOException {
- sshServer.setHost(bindingAddress.getHostString());
- sshServer.setPort(bindingAddress.getPort());
+ public void bind(final SshProxyServerConfiguration sshProxyServerConfiguration) throws IOException {
+ sshServer.setHost(sshProxyServerConfiguration.getBindingAddress().getHostString());
+ sshServer.setPort(sshProxyServerConfiguration.getBindingAddress().getPort());
- sshServer.setPasswordAuthenticator(authenticator);
- sshServer.setKeyPairProvider(keyPairProvider);
+ sshServer.setPasswordAuthenticator(sshProxyServerConfiguration.getAuthenticator());
+ sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
sshServer.setScheduledExecutorService(minaTimerExecutor);
+ sshServer.setProperties(getProperties(sshProxyServerConfiguration));
final RemoteNetconfCommand.NetconfCommandFactory netconfCommandFactory =
- new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, localAddress);
+ new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, sshProxyServerConfiguration.getLocalAddress());
sshServer.setSubsystemFactories(Lists.<NamedFactory<Command>>newArrayList(netconfCommandFactory));
sshServer.start();
}
+ private static Map<String, String> getProperties(final SshProxyServerConfiguration sshProxyServerConfiguration) {
+ return new HashMap<String, String>()
+ {{
+ put(ServerFactoryManager.IDLE_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+ }};
+ }
+
@Override
public void close() {
try {
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.controller.netconf.ssh;
+
+import com.google.common.base.Preconditions;
+import io.netty.channel.local.LocalAddress;
+import java.net.InetSocketAddress;
+import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PasswordAuthenticator;
+
+public final class SshProxyServerConfiguration {
+ private final InetSocketAddress bindingAddress;
+ private final LocalAddress localAddress;
+ private final PasswordAuthenticator authenticator;
+ private final KeyPairProvider keyPairProvider;
+ private final int idleTimeout;
+
+ SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress, final PasswordAuthenticator authenticator, final KeyPairProvider keyPairProvider, final int idleTimeout) {
+ this.bindingAddress = Preconditions.checkNotNull(bindingAddress);
+ this.localAddress = Preconditions.checkNotNull(localAddress);
+ this.authenticator = Preconditions.checkNotNull(authenticator);
+ this.keyPairProvider = Preconditions.checkNotNull(keyPairProvider);
+ // Idle timeout cannot be disabled in the sshd by using =< 0 value
+ Preconditions.checkArgument(idleTimeout > 0, "Idle timeout has to be > 0");
+ this.idleTimeout = idleTimeout;
+ }
+
+ public InetSocketAddress getBindingAddress() {
+ return bindingAddress;
+ }
+
+ public LocalAddress getLocalAddress() {
+ return localAddress;
+ }
+
+ public PasswordAuthenticator getAuthenticator() {
+ return authenticator;
+ }
+
+ public KeyPairProvider getKeyPairProvider() {
+ return keyPairProvider;
+ }
+
+ public int getIdleTimeout() {
+ return idleTimeout;
+ }
+
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.controller.netconf.ssh;
+
+import io.netty.channel.local.LocalAddress;
+import java.net.InetSocketAddress;
+import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PasswordAuthenticator;
+
+public final class SshProxyServerConfigurationBuilder {
+ private InetSocketAddress bindingAddress;
+ private LocalAddress localAddress;
+ private PasswordAuthenticator authenticator;
+ private KeyPairProvider keyPairProvider;
+ private int idleTimeout;
+
+ public SshProxyServerConfigurationBuilder setBindingAddress(final InetSocketAddress bindingAddress) {
+ this.bindingAddress = bindingAddress;
+ return this;
+ }
+
+ public SshProxyServerConfigurationBuilder setLocalAddress(final LocalAddress localAddress) {
+ this.localAddress = localAddress;
+ return this;
+ }
+
+ public SshProxyServerConfigurationBuilder setAuthenticator(final PasswordAuthenticator authenticator) {
+ this.authenticator = authenticator;
+ return this;
+ }
+
+ public SshProxyServerConfigurationBuilder setKeyPairProvider(final KeyPairProvider keyPairProvider) {
+ this.keyPairProvider = keyPairProvider;
+ return this;
+ }
+
+ public SshProxyServerConfigurationBuilder setIdleTimeout(final int idleTimeout) {
+ this.idleTimeout = idleTimeout;
+ return this;
+ }
+
+ public SshProxyServerConfiguration createSshProxyServerConfiguration() {
+ return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator, keyPairProvider, idleTimeout);
+ }
+
+ public SshProxyServerConfigurationBuilder create () {
+ return new SshProxyServerConfigurationBuilder();
+ }
+}
\ No newline at end of file
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.TimeUnit;
import org.apache.commons.io.FilenameUtils;
import org.apache.sshd.common.util.ThreadUtils;
import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
import org.opendaylight.controller.netconf.ssh.SshProxyServer;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfigurationBuilder;
import org.opendaylight.controller.netconf.util.osgi.NetconfConfigUtil;
import org.opendaylight.controller.netconf.util.osgi.NetconfConfigUtil.InfixProp;
import org.osgi.framework.BundleActivator;
private static final java.lang.String ALGORITHM = "RSA";
private static final int KEY_SIZE = 4096;
public static final int POOL_SIZE = 8;
+ private static final int DEFAULT_IDLE_TIMEOUT = (int) TimeUnit.MINUTES.toMillis(20);
private ScheduledExecutorService minaTimerExecutor;
private NioEventLoopGroup clientGroup;
NetconfConfigUtil.getPrivateKeyKey());
final SshProxyServer sshProxyServer = new SshProxyServer(minaTimerExecutor, clientGroup, nioExecutor);
- sshProxyServer.bind(sshSocketAddress, localAddress, authProviderTracker, new PEMGeneratorHostKeyProvider(path, ALGORITHM, KEY_SIZE));
+ sshProxyServer.bind(
+ new SshProxyServerConfigurationBuilder()
+ .setBindingAddress(sshSocketAddress)
+ .setLocalAddress(localAddress)
+ .setAuthenticator(authProviderTracker)
+ .setKeyPairProvider(new PEMGeneratorHostKeyProvider(path, ALGORITHM, KEY_SIZE))
+ .setIdleTimeout(DEFAULT_IDLE_TIMEOUT)
+ .createSshProxyServerConfiguration());
return sshProxyServer;
}
import org.opendaylight.controller.netconf.nettyutil.handler.ssh.authentication.LoginPassword;
import org.opendaylight.controller.netconf.nettyutil.handler.ssh.client.AsyncSshHandler;
import org.opendaylight.controller.netconf.ssh.SshProxyServer;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfigurationBuilder;
import org.opendaylight.controller.netconf.util.osgi.NetconfConfigUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
final InetSocketAddress addr = new InetSocketAddress("127.0.0.1", 10831);
final SshProxyServer sshProxyServer = new SshProxyServer(minaTimerEx, nettyGroup, nioExec);
- sshProxyServer.bind(addr, NetconfConfigUtil.getNetconfLocalAddress(),
- new PasswordAuthenticator() {
+ sshProxyServer.bind(
+ new SshProxyServerConfigurationBuilder().setBindingAddress(addr).setLocalAddress(NetconfConfigUtil.getNetconfLocalAddress()).setAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(final String username, final String password, final ServerSession session) {
return true;
}
- }, new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString()));
+ }).setKeyPairProvider(new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString())).setIdleTimeout(Integer.MAX_VALUE).createSshProxyServerConfiguration());
final EchoClientHandler echoClientHandler = connectClient(addr);
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.opendaylight.controller.netconf.ssh.SshProxyServer;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfigurationBuilder;
import org.opendaylight.controller.netconf.util.osgi.NetconfConfigUtil;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceListener;
final InetSocketAddress addr = InetSocketAddress.createUnresolved(HOST, PORT);
server = new SshProxyServer(minaTimerEx, clientGroup, nioExec);
- server.bind(addr, NetconfConfigUtil.getNetconfLocalAddress(),
- new PasswordAuthenticator() {
+ server.bind(
+ new SshProxyServerConfigurationBuilder().setBindingAddress(addr).setLocalAddress(NetconfConfigUtil.getNetconfLocalAddress()).setAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(final String username, final String password, final ServerSession session) {
return true;
}
- }, new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString()));
+ }).setKeyPairProvider(new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString())).setIdleTimeout(Integer.MAX_VALUE).createSshProxyServerConfiguration());
logger.info("SSH server started on " + PORT);
}
import org.opendaylight.controller.netconf.mapping.api.NetconfOperationServiceSnapshot;
import org.opendaylight.controller.netconf.monitoring.osgi.NetconfMonitoringOperationService;
import org.opendaylight.controller.netconf.ssh.SshProxyServer;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfiguration;
+import org.opendaylight.controller.netconf.ssh.SshProxyServerConfigurationBuilder;
import org.opendaylight.yangtools.yang.model.api.SchemaContext;
import org.opendaylight.yangtools.yang.model.repo.api.SchemaSourceException;
import org.opendaylight.yangtools.yang.model.repo.api.SchemaSourceRepresentation;
server = dispatcher.createLocalServer(tcpLocalAddress);
try {
final SshProxyServer sshServer = new SshProxyServer(minaTimerExecutor, nettyThreadgroup, nioExecutor);
- sshServer.bind(bindingAddress, tcpLocalAddress,
- new PasswordAuthenticator() {
- @Override
- public boolean authenticate(final String username, final String password, final ServerSession session) {
- // All connections are accepted
- return true;
- }
- }, keyPairProvider);
-
+ sshServer.bind(getSshConfiguration(bindingAddress, tcpLocalAddress));
sshWrappers.add(sshServer);
} catch (final Exception e) {
LOG.warn("Cannot start simulated device on {}, skipping", address, e);
return openDevices;
}
+ private SshProxyServerConfiguration getSshConfiguration(final InetSocketAddress bindingAddress, final LocalAddress tcpLocalAddress) throws IOException {
+ return new SshProxyServerConfigurationBuilder()
+ .setBindingAddress(bindingAddress)
+ .setLocalAddress(tcpLocalAddress)
+ .setAuthenticator(new PasswordAuthenticator() {
+ @Override
+ public boolean authenticate(final String username, final String password, final ServerSession session) {
+ return true;
+ }
+ })
+ .setKeyPairProvider(new PEMGeneratorHostKeyProvider(Files.createTempFile("prefix", "suffix").toAbsolutePath().toString()))
+ .setIdleTimeout(Integer.MAX_VALUE)
+ .createSshProxyServerConfiguration();
+ }
+
private PEMGeneratorHostKeyProvider getPemGeneratorHostKeyProvider() {
try {
final Path tempFile = Files.createTempFile("tempKeyNetconfTest", "suffix");
Code Review / controller.git / commitdiff