| | |
|---|
| | | import java.security.PublicKey; |
|---|
| | | import java.util.List; |
|---|
| | | import java.util.Locale; |
|---|
| | | import java.util.concurrent.ExecutionException; |
|---|
| | | import java.util.concurrent.TimeUnit; |
|---|
| | | |
|---|
| | | import org.apache.sshd.server.PublickeyAuthenticator; |
|---|
| | | import org.apache.sshd.server.session.ServerSession; |
|---|
| | |
|---|
| | | |
|---|
| | | import com.gitblit.manager.IAuthenticationManager; |
|---|
| | | import com.gitblit.models.UserModel; |
|---|
| | | import com.google.common.cache.Cache; |
|---|
| | | import com.google.common.cache.CacheBuilder; |
|---|
| | | import com.google.common.cache.CacheLoader; |
|---|
| | | import com.google.common.cache.LoadingCache; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * |
|---|
| | |
|---|
| | | protected final Logger log = LoggerFactory.getLogger(getClass()); |
|---|
| | | |
|---|
| | | protected final IKeyManager keyManager; |
|---|
| | | |
|---|
| | | protected final IAuthenticationManager authManager; |
|---|
| | | |
|---|
| | | LoadingCache<String, List<PublicKey>> sshKeyCache = CacheBuilder |
|---|
| | | .newBuilder(). |
|---|
| | | expireAfterAccess(15, TimeUnit.MINUTES). |
|---|
| | | maximumSize(100) |
|---|
| | | .build(new CacheLoader<String, List<PublicKey>>() { |
|---|
| | | @Override |
|---|
| | | public List<PublicKey> load(String username) { |
|---|
| | | return keyManager.getKeys(username); |
|---|
| | | } |
|---|
| | | }); |
|---|
| | | protected final IAuthenticationManager authManager; |
|---|
| | | |
|---|
| | | public SshKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) { |
|---|
| | | this.keyManager = keyManager; |
|---|
| | |
|---|
| | | @Override |
|---|
| | | public boolean authenticate(String username, final PublicKey suppliedKey, |
|---|
| | | final ServerSession session) { |
|---|
| | | final SshSession client = session.getAttribute(SshSession.KEY); |
|---|
| | | final SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); |
|---|
| | | |
|---|
| | | if (client.getRemoteUser() != null) { |
|---|
| | | if (client.getUser() != null) { |
|---|
| | | // TODO why do we re-authenticate? |
|---|
| | | log.info("{} has already authenticated!", username); |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | |
|---|
| | | username = username.toLowerCase(Locale.US); |
|---|
| | | try { |
|---|
| | | List<PublicKey> keys = sshKeyCache.get(username); |
|---|
| | | if (keys == null || keys.isEmpty()) { |
|---|
| | | log.info("{} has not added any public keys for ssh authentication", username); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | List<PublicKey> keys = keyManager.getKeys(username); |
|---|
| | | if (keys == null || keys.isEmpty()) { |
|---|
| | | log.info("{} has not added any public keys for ssh authentication", username); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | for (PublicKey key : keys) { |
|---|
| | | if (key.equals(suppliedKey)) { |
|---|
| | | UserModel user = authManager.authenticate(username, key); |
|---|
| | | if (user != null) { |
|---|
| | | client.authenticationSuccess(username); |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | for (PublicKey key : keys) { |
|---|
| | | if (key.equals(suppliedKey)) { |
|---|
| | | UserModel user = authManager.authenticate(username, key); |
|---|
| | | if (user != null) { |
|---|
| | | client.setUser(user); |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } catch (ExecutionException e) { |
|---|
| | | } |
|---|
| | | |
|---|
| | | log.warn("could not authenticate {} for SSH using the supplied public key", username); |
|---|
| | |
|---|
| | | |
|---|
| | | public IKeyManager getKeyManager() { |
|---|
| | | return keyManager; |
|---|
| | | } |
|---|
| | | |
|---|
| | | public Cache<String, List<PublicKey>> getKeyCache() { |
|---|
| | | return sshKeyCache; |
|---|
| | | } |
|---|
| | | } |
|---|
