From 030fd739b3151162c4e84e9c63ce57532af45219 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 18:58:08 -0400
Subject: [PATCH] Support hidden commands and hide create-repo and review

---
 src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java |   92 ++++++++++++++++++---------------------------
 1 files changed, 37 insertions(+), 55 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
index 4cda268..3631922 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
@@ -15,29 +15,23 @@
  */
 package com.gitblit.transport.ssh;
 
-import java.io.File;
-import java.io.IOException;
 import java.security.PublicKey;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 
-import org.apache.commons.codec.binary.Base64;
-import org.apache.sshd.common.util.Buffer;
 import org.apache.sshd.server.PublickeyAuthenticator;
 import org.apache.sshd.server.session.ServerSession;
-import org.eclipse.jgit.lib.Constants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import com.gitblit.Keys;
-import com.gitblit.manager.IGitblit;
+import com.gitblit.manager.IAuthenticationManager;
 import com.gitblit.models.UserModel;
-import com.google.common.base.Charsets;
+import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
-import com.google.common.io.Files;
 
 /**
  *
@@ -46,80 +40,68 @@
  */
 public class SshKeyAuthenticator implements PublickeyAuthenticator {
 
-	protected final IGitblit gitblit;
+	protected final Logger log = LoggerFactory.getLogger(getClass());
+
+	protected final IKeyManager keyManager;
+
+	protected final IAuthenticationManager authManager;
 
 	LoadingCache<String, List<PublicKey>> sshKeyCache = CacheBuilder
 			.newBuilder().
 			expireAfterAccess(15, TimeUnit.MINUTES).
 			maximumSize(100)
 			.build(new CacheLoader<String, List<PublicKey>>() {
+				@Override
 				public List<PublicKey> load(String username) {
-					try {
-						File dir = gitblit.getFileOrFolder(Keys.git.sshKeysFolder, "${baseFolder}/ssh");
-						dir.mkdirs();
-						File keys = new File(dir, username + ".keys");
-						if (!keys.exists()) {
-							return null;
-						}
-						if (keys.exists()) {
-							String str = Files.toString(keys, Charsets.ISO_8859_1);
-							String [] entries = str.split("\n");
-							List<PublicKey> list = new ArrayList<PublicKey>();
-							for (String entry : entries) {
-								final String[] parts = entry.split(" ");
-								final byte[] bin = Base64.decodeBase64(Constants.encodeASCII(parts[1]));
-								list.add(new Buffer(bin).getRawPublicKey());
-							}
-							
-							if (list.isEmpty()) {
-								return null;
-							}
-							return list;
-						}
-					} catch (IOException e) {
-						throw new RuntimeException("Canot read public key", e);
-					}
-					return null;
+					return keyManager.getKeys(username);
 				}
 			});
 
-	public SshKeyAuthenticator(IGitblit gitblit) {
-		this.gitblit = gitblit;
+	public SshKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) {
+		this.keyManager = keyManager;
+		this.authManager = authManager;
 	}
 
 	@Override
 	public boolean authenticate(String username, final PublicKey suppliedKey,
 			final ServerSession session) {
-		final SshSession sd = session.getAttribute(SshSession.KEY);
+		final SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
+
+		if (client.getUser() != null) {
+			// TODO why do we re-authenticate?
+			log.info("{} has already authenticated!", username);
+			return true;
+		}
 
 		username = username.toLowerCase(Locale.US);
 		try {
 			List<PublicKey> keys = sshKeyCache.get(username);
 			if (keys == null || keys.isEmpty()) {
-				sd.authenticationError(username, "no-matching-key");
+				log.info("{} has not added any public keys for ssh authentication", username);
 				return false;
 			}
+
 			for (PublicKey key : keys) {
 				if (key.equals(suppliedKey)) {
-					return validate(username, sd);
+					UserModel user = authManager.authenticate(username, key);
+					if (user != null) {
+						client.setUser(user);
+						return true;
+					}
 				}
 			}
-			return false;
 		} catch (ExecutionException e) {
-			sd.authenticationError(username, "user-not-found");
-			return false;
 		}
+
+		log.warn("could not authenticate {} for SSH using the supplied public key", username);
+		return false;
 	}
 
-	boolean validate(String username, SshSession sd) {
-		// now that the key has been validated, check with the authentication
-		// manager to ensure that this user exists and can authenticate
-		sd.authenticationSuccess(username);
-		UserModel user = gitblit.authenticate(sd);
-		if (user != null) {
-			return true;
-		}
-		sd.authenticationError(username, "user-not-found");
-		return false;
+	public IKeyManager getKeyManager() {
+		return keyManager;
+	}
+
+	public Cache<String, List<PublicKey>> getKeyCache() {
+		return sshKeyCache;
 	}
 }

--
Gitblit v1.9.1