diff options
Diffstat (limited to 'src/main/java/com/gitblit/transport/ssh/PublicKeyAuthenticator.java')
| -rw-r--r-- | src/main/java/com/gitblit/transport/ssh/PublicKeyAuthenticator.java | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/PublicKeyAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/PublicKeyAuthenticator.java new file mode 100644 index 00000000..84e7afa5 --- /dev/null +++ b/src/main/java/com/gitblit/transport/ssh/PublicKeyAuthenticator.java @@ -0,0 +1,83 @@ +/* + * Copyright 2014 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package com.gitblit.transport.ssh; + +import java.security.PublicKey; +import java.util.List; +import java.util.Locale; + +import org.apache.sshd.server.PublickeyAuthenticator; +import org.apache.sshd.server.session.ServerSession; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.gitblit.manager.IAuthenticationManager; +import com.gitblit.models.UserModel; + +/** + * + * @author Eric Myrhe + * + */ +public class PublicKeyAuthenticator implements PublickeyAuthenticator { + + protected final Logger log = LoggerFactory.getLogger(getClass()); + + protected final IKeyManager keyManager; + + protected final IAuthenticationManager authManager; + + public PublicKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) { + this.keyManager = keyManager; + this.authManager = authManager; + } + + @Override + public boolean authenticate(String username, final PublicKey suppliedKey, + final ServerSession session) { + final SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); + + if (client.getUser() != null) { + // TODO why do we re-authenticate? + log.info("{} has already authenticated!", username); + return true; + } + + username = username.toLowerCase(Locale.US); + List<PublicKey> keys = keyManager.getKeys(username); + if (keys == null || keys.isEmpty()) { + log.info("{} has not added any public keys for ssh authentication", username); + return false; + } + + for (PublicKey key : keys) { + if (key.equals(suppliedKey)) { + UserModel user = authManager.authenticate(username, key); + if (user != null) { + client.setUser(user); + return true; + } + } + } + + log.warn("could not authenticate {} for SSH using the supplied public key", username); + return false; + } + + public IKeyManager getKeyManager() { + return keyManager; + } +} |