You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by gn...@apache.org on 2013/12/18 22:49:10 UTC
git commit: [KARAF-2639] Provide a way to configure ciphers and macs
and use only the secured one by default
Updated Branches:
refs/heads/karaf-2.x ef651d7c9 -> a7e5444e6
[KARAF-2639] Provide a way to configure ciphers and macs and use only the secured one by default
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/a7e5444e
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/a7e5444e
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/a7e5444e
Branch: refs/heads/karaf-2.x
Commit: a7e5444e6a16860f724105f6ab03955e0227ea6f
Parents: ef651d7
Author: Guillaume Nodet <gn...@gmail.com>
Authored: Wed Dec 18 22:48:53 2013 +0100
Committer: Guillaume Nodet <gn...@gmail.com>
Committed: Wed Dec 18 22:48:53 2013 +0100
----------------------------------------------------------------------
.../org/apache/karaf/shell/ssh/SshUtils.java | 99 ++++++++++++++++++++
.../resources/OSGI-INF/blueprint/shell-ssh.xml | 12 +++
2 files changed, 111 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/a7e5444e/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshUtils.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshUtils.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshUtils.java
new file mode 100644
index 0000000..7f29803
--- /dev/null
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshUtils.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.karaf.shell.ssh;
+
+import java.security.InvalidKeyException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.sshd.common.Cipher;
+import org.apache.sshd.common.Mac;
+import org.apache.sshd.common.NamedFactory;
+import org.apache.sshd.common.cipher.AES128CBC;
+import org.apache.sshd.common.cipher.AES128CTR;
+import org.apache.sshd.common.cipher.AES192CBC;
+import org.apache.sshd.common.cipher.AES256CBC;
+import org.apache.sshd.common.cipher.AES256CTR;
+import org.apache.sshd.common.cipher.ARCFOUR128;
+import org.apache.sshd.common.cipher.ARCFOUR256;
+import org.apache.sshd.common.cipher.BlowfishCBC;
+import org.apache.sshd.common.cipher.TripleDESCBC;
+import org.apache.sshd.common.mac.HMACMD5;
+import org.apache.sshd.common.mac.HMACMD596;
+import org.apache.sshd.common.mac.HMACSHA1;
+import org.apache.sshd.common.mac.HMACSHA196;
+
+public class SshUtils {
+
+ public static <S> List<NamedFactory<S>> filter(Collection<NamedFactory<S>> factories, String names) {
+ List<NamedFactory<S>> list = new ArrayList<NamedFactory<S>>();
+ for (String name : names.split(",")) {
+ for (NamedFactory<S> factory : factories) {
+ if (factory.getName().equals(name)) {
+ list.add(factory);
+ }
+ }
+ }
+ return list;
+ }
+
+ public static List<NamedFactory<Mac>> buildMacs(String names) {
+ return filter(Arrays.<NamedFactory<Mac>>asList(
+ new HMACMD5.Factory(),
+ new HMACSHA1.Factory(),
+ new HMACMD596.Factory(),
+ new HMACSHA196.Factory()),
+ names);
+ }
+
+ public static List<NamedFactory<Cipher>> buildCiphers(String names) {
+ List<NamedFactory<Cipher>> avail = new LinkedList<NamedFactory<Cipher>>();
+ avail.add(new AES128CTR.Factory());
+ avail.add(new AES256CTR.Factory());
+ avail.add(new ARCFOUR128.Factory());
+ avail.add(new ARCFOUR256.Factory());
+ avail.add(new AES128CBC.Factory());
+ avail.add(new TripleDESCBC.Factory());
+ avail.add(new BlowfishCBC.Factory());
+ avail.add(new AES192CBC.Factory());
+ avail.add(new AES256CBC.Factory());
+
+ avail = filter(avail, names);
+
+ for (Iterator<NamedFactory<Cipher>> i = avail.iterator(); i.hasNext();) {
+ final NamedFactory<Cipher> f = i.next();
+ try {
+ final Cipher c = f.create();
+ final byte[] key = new byte[c.getBlockSize()];
+ final byte[] iv = new byte[c.getIVSize()];
+ c.init(Cipher.Mode.Encrypt, key, iv);
+ } catch (InvalidKeyException e) {
+ i.remove();
+ } catch (Exception e) {
+ i.remove();
+ }
+ }
+ return avail;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/a7e5444e/shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml b/shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
index 8787c3a..6a79a42 100644
--- a/shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
+++ b/shell/ssh/src/main/resources/OSGI-INF/blueprint/shell-ssh.xml
@@ -47,6 +47,8 @@
<cm:property name="authMethods" value="keyboard-interactive,password,publickey"/>
<cm:property name="keySize" value="1024"/>
<cm:property name="algorithm" value="DSA"/>
+ <cm:property name="macs" value="hmac-sha1" />
+ <cm:property name="ciphers" value="aes256-ctr,aes192-ctr,aes128-ctr,arcfour256" />
</cm:default-properties>
</cm:property-placeholder>
@@ -78,6 +80,16 @@
<bean id="sshServer" class="org.apache.sshd.SshServer" factory-method="setUpDefaultServer" scope="prototype">
<property name="port" value="${sshPort}"/>
<property name="host" value="${sshHost}"/>
+ <property name="macFactories">
+ <bean class="org.apache.karaf.shell.ssh.SshUtils" factory-method="buildMacs">
+ <argument value="${macs}" />
+ </bean>
+ </property>
+ <property name="cipherFactories">
+ <bean class="org.apache.karaf.shell.ssh.SshUtils" factory-method="buildCiphers">
+ <argument value="${ciphers}" />
+ </bean>
+ </property>
<property name="shellFactory">
<bean class="org.apache.karaf.shell.ssh.ShellFactoryImpl">
<property name="commandProcessor" ref="commandProcessor"/>