+++ /dev/null
-/*
- * Copyright 2014 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-package com.gitblit.transport.ssh;
-
-import java.security.PublicKey;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.sshd.common.Session;
-import org.apache.sshd.common.SessionListener;
-import org.apache.sshd.server.PublickeyAuthenticator;
-import org.apache.sshd.server.session.ServerSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.gitblit.manager.IAuthenticationManager;
-import com.gitblit.models.UserModel;
-import com.google.common.base.Preconditions;
-
-/**
- * Authenticates an SSH session against a public key.
- *
- */
-public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator, SessionListener {
-
- protected final Logger log = LoggerFactory.getLogger(getClass());
-
- protected final IPublicKeyManager keyManager;
-
- protected final IAuthenticationManager authManager;
-
- private final Map<ServerSession, Map<PublicKey, Boolean>> cache = new ConcurrentHashMap<ServerSession, Map<PublicKey, Boolean>>();
-
- public CachingPublicKeyAuthenticator(IPublicKeyManager keyManager, IAuthenticationManager authManager) {
- this.keyManager = keyManager;
- this.authManager = authManager;
- }
-
- @Override
- public boolean authenticate(String username, PublicKey key, ServerSession session) {
- Map<PublicKey, Boolean> map = cache.get(session);
- if (map == null) {
- map = new HashMap<PublicKey, Boolean>();
- cache.put(session, map);
- session.addListener(this);
- }
- if (map.containsKey(key)) {
- return map.get(key);
- }
- boolean result = doAuthenticate(username, key, session);
- map.put(key, result);
- return result;
- }
-
- private boolean doAuthenticate(String username, PublicKey suppliedKey, ServerSession session) {
- SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
- Preconditions.checkState(client.getUser() == null);
- username = username.toLowerCase(Locale.US);
- List<SshKey> keys = keyManager.getKeys(username);
- if (keys.isEmpty()) {
- log.info("{} has not added any public keys for ssh authentication", username);
- return false;
- }
-
- SshKey pk = new SshKey(suppliedKey);
- log.debug("auth supplied {}", pk.getFingerprint());
-
- for (SshKey key : keys) {
- log.debug("auth compare to {}", key.getFingerprint());
- if (key.getPublicKey().equals(suppliedKey)) {
- UserModel user = authManager.authenticate(username, key);
- if (user != null) {
- client.setUser(user);
- client.setKey(key);
- return true;
- }
- }
- }
-
- log.warn("could not authenticate {} for SSH using the supplied public key", username);
- return false;
- }
-
- @Override
- public void sessionCreated(Session session) {
- }
-
- @Override
- public void sessionEvent(Session sesssion, Event event) {
- }
-
- @Override
- public void sessionClosed(Session session) {
- cache.remove(session);
- }
-}
--- /dev/null
+/*
+ * Copyright 2014 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.gitblit.transport.ssh;
+
+import java.security.PublicKey;
+import java.util.List;
+import java.util.Locale;
+
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
+import com.google.common.base.Preconditions;
+
+/**
+ * Authenticates an SSH session against a public key.
+ *
+ */
+public class FileBasedPubKeyAuth implements PublickeyAuthenticator {
+
+ protected final Logger log = LoggerFactory.getLogger(getClass());
+
+ protected final IPublicKeyManager keyManager;
+
+ protected final IAuthenticationManager authManager;
+
+ public FileBasedPubKeyAuth(IPublicKeyManager keyManager, IAuthenticationManager authManager) {
+ this.keyManager = keyManager;
+ this.authManager = authManager;
+ }
+
+ @Override
+ public boolean authenticate(String username, PublicKey suppliedKey, ServerSession session) {
+ SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
+ Preconditions.checkState(client.getUser() == null);
+ username = username.toLowerCase(Locale.US);
+ List<SshKey> keys = keyManager.getKeys(username);
+ if (keys.isEmpty()) {
+ log.info("{} has not added any public keys for ssh authentication", username);
+ return false;
+ }
+
+ SshKey pk = new SshKey(suppliedKey);
+ log.debug("auth supplied {}", pk.getFingerprint());
+
+ for (SshKey key : keys) {
+ log.debug("auth compare to {}", key.getFingerprint());
+ if (key.getPublicKey().equals(suppliedKey)) {
+ UserModel user = authManager.authenticate(username, key);
+ if (user != null) {
+ client.setUser(user);
+ client.setKey(key);
+ return true;
+ }
+ }
+ }
+
+ log.warn("could not authenticate {} for SSH using the supplied public key", username);
+ return false;
+ }
+}
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
import org.bouncycastle.openssl.PEMWriter;
import org.eclipse.jgit.internal.JGitText;
import org.slf4j.Logger;
// Client public key authenticator
CachingPublicKeyAuthenticator keyAuthenticator =
- new CachingPublicKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit);
+ new CachingPublicKeyAuthenticator(new FileBasedPubKeyAuth(gitblit.getPublicKeyManager(), gitblit));
// Configure the preferred SSHD backend
String sshBackendStr = settings.getString(Keys.git.sshBackend,
projects / gitblit.git / commitdiff