1 files changed, 113 insertions, 0 deletions

diff --git a/src/main/java/com/gitblit/transport/ssh/CachingPublicKeyAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/CachingPublicKeyAuthenticator.java
new file mode 100644
index 00000000..4ce26d0f
--- /dev/null
+++ b/src/main/java/com/gitblit/transport/ssh/CachingPublicKeyAuthenticator.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2014 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package com.gitblit.transport.ssh;
+
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.sshd.common.Session;
+import org.apache.sshd.common.SessionListener;
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.gitblit.manager.IAuthenticationManager;
+import com.gitblit.models.UserModel;
+import com.google.common.base.Preconditions;
+
+/**
+ *
+ * @author Eric Myrhe
+ *
+ */
+public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator, SessionListener {
+
+	protected final Logger log = LoggerFactory.getLogger(getClass());
+
+	protected final IPublicKeyManager keyManager;
+
+	protected final IAuthenticationManager authManager;
+
+	private final Map<ServerSession, Map<PublicKey, Boolean>> cache = new ConcurrentHashMap<ServerSession, Map<PublicKey, Boolean>>();
+
+	public CachingPublicKeyAuthenticator(IPublicKeyManager keyManager, IAuthenticationManager authManager) {
+		this.keyManager = keyManager;
+		this.authManager = authManager;
+	}
+
+	@Override
+	public boolean authenticate(String username, PublicKey key, ServerSession session) {
+		Map<PublicKey, Boolean> map = cache.get(session);
+		if (map == null) {
+			map = new HashMap<PublicKey, Boolean>();
+			cache.put(session, map);
+			session.addListener(this);
+		}
+		if (map.containsKey(key)) {
+			return map.get(key);
+		}
+		boolean result = doAuthenticate(username, key, session);
+		map.put(key, result);
+		return result;
+	}
+
+	private boolean doAuthenticate(String username, PublicKey suppliedKey, ServerSession session) {
+		SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
+		Preconditions.checkState(client.getUser() == null);
+		username = username.toLowerCase(Locale.US);
+		List<SshKey> keys = keyManager.getKeys(username);
+		if (keys.isEmpty()) {
+			log.info("{} has not added any public keys for ssh authentication", username);
+			return false;
+		}
+
+		SshKey pk = new SshKey(suppliedKey);
+		log.debug("auth supplied {}", pk.getFingerprint());
+
+		for (SshKey key : keys) {
+			log.debug("auth compare to {}", key.getFingerprint());
+			if (key.equals(suppliedKey)) {
+				UserModel user = authManager.authenticate(username, key);
+				if (user != null) {
+					client.setUser(user);
+					client.setKey(key);
+					return true;
+				}
+			}
+		}
+
+		log.warn("could not authenticate {} for SSH using the supplied public key", username);
+		return false;
+	}
+
+	@Override
+	public void sessionCreated(Session session) {
+	}
+
+	@Override
+	public void sessionEvent(Session sesssion, Event event) {
+	}
+
+	@Override
+	public void sessionClosed(Session session) {
+		cache.remove(session);
+	}
+}