You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by gn...@apache.org on 2014/03/17 13:07:11 UTC
[3/3] git commit: [SSHD-300] Double public key authentication
[SSHD-300] Double public key authentication
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/fddf2ae7
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/fddf2ae7
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/fddf2ae7
Branch: refs/heads/master
Commit: fddf2ae7f08f9beedc4757bbfc9c0ec2ac0ae225
Parents: e9f41eb
Author: Guillaume Nodet <gn...@apache.org>
Authored: Mon Mar 17 12:00:27 2014 +0100
Committer: Guillaume Nodet <gn...@apache.org>
Committed: Mon Mar 17 13:05:52 2014 +0100
----------------------------------------------------------------------
.../auth/CachingPublicKeyAuthenticator.java | 69 +++++++++
.../apache/sshd/SinglePublicKeyAuthTest.java | 148 +++++++++++++++++++
2 files changed, 217 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/fddf2ae7/sshd-core/src/main/java/org/apache/sshd/server/auth/CachingPublicKeyAuthenticator.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/CachingPublicKeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/CachingPublicKeyAuthenticator.java
new file mode 100644
index 0000000..c2c333c
--- /dev/null
+++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/CachingPublicKeyAuthenticator.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.server.auth;
+
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.sshd.common.Session;
+import org.apache.sshd.common.SessionListener;
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+
+/**
+ * TODO Add javadoc
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public class CachingPublicKeyAuthenticator implements PublickeyAuthenticator, SessionListener {
+
+ protected final PublickeyAuthenticator authenticator;
+ protected final Map<ServerSession, Map<PublicKey, Boolean>> cache = new ConcurrentHashMap<ServerSession, Map<PublicKey, Boolean>>();
+
+ public CachingPublicKeyAuthenticator(PublickeyAuthenticator authenticator) {
+ this.authenticator = authenticator;
+ }
+
+ public boolean authenticate(String username, PublicKey key, ServerSession session) {
+ Map<PublicKey, Boolean> map = cache.get(session);
+ if (map == null) {
+ map = new HashMap<PublicKey, Boolean>();
+ cache.put(session, map);
+ session.addListener(this);
+ }
+ if (map.containsKey(key)) {
+ return map.get(key);
+ }
+ boolean result = authenticator.authenticate(username, key, session);
+ map.put(key, result);
+ return result;
+ }
+
+ public void sessionCreated(Session session) {
+ }
+
+ public void sessionEvent(Session sesssion, Event event) {
+ }
+
+ public void sessionClosed(Session session) {
+ cache.remove(session);
+ }
+}
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/fddf2ae7/sshd-core/src/test/java/org/apache/sshd/SinglePublicKeyAuthTest.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/test/java/org/apache/sshd/SinglePublicKeyAuthTest.java b/sshd-core/src/test/java/org/apache/sshd/SinglePublicKeyAuthTest.java
new file mode 100644
index 0000000..29efe15
--- /dev/null
+++ b/sshd-core/src/test/java/org/apache/sshd/SinglePublicKeyAuthTest.java
@@ -0,0 +1,148 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd;
+
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.common.util.KeyUtils;
+import org.apache.sshd.server.Command;
+import org.apache.sshd.server.CommandFactory;
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
+import org.apache.sshd.server.command.UnknownCommand;
+import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
+import org.apache.sshd.server.session.ServerSession;
+import org.apache.sshd.util.BaseTest;
+import org.apache.sshd.util.Utils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * TODO Add javadoc
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public class SinglePublicKeyAuthTest extends BaseTest {
+
+ private SshServer sshd;
+ private int port = 0;
+ private KeyPair pairRsa = Utils.createTestHostKeyProvider().loadKey(KeyPairProvider.SSH_RSA);
+ private KeyPair pairRsaBad = new SimpleGeneratorHostKeyProvider(null, "RSA").loadKey(KeyPairProvider.SSH_RSA);
+ private PublickeyAuthenticator delegate;
+
+ @Before
+ public void setUp() throws Exception {
+ port = Utils.getFreePort();
+ sshd = SshServer.setUpDefaultServer();
+ sshd.setPort(port);
+ sshd.setKeyPairProvider(Utils.createTestHostKeyProvider());
+ sshd.setCommandFactory(new CommandFactory() {
+ public Command createCommand(String command) {
+ return new UnknownCommand(command);
+ }
+ });
+ sshd.getProperties().put(SshServer.AUTH_METHODS, "publickey");
+ sshd.setPublickeyAuthenticator(new PublickeyAuthenticator() {
+ public boolean authenticate(String username, PublicKey key, ServerSession session) {
+ return delegate.authenticate(username, key, session);
+ }
+ });
+ sshd.start();
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ if (sshd != null) {
+ sshd.stop(true);
+ Thread.sleep(50);
+ }
+ }
+
+ @Test
+ public void testPublicKeyAuthWithCache() throws Exception {
+ final ConcurrentHashMap<String, AtomicInteger> count = new ConcurrentHashMap<String, AtomicInteger>();
+ TestCachingPublicKeyAuthenticator auth = new TestCachingPublicKeyAuthenticator(new PublickeyAuthenticator() {
+ public boolean authenticate(String username, PublicKey key,
+ ServerSession session) {
+ count.putIfAbsent(KeyUtils.getFingerPrint(key), new AtomicInteger());
+ count.get(KeyUtils.getFingerPrint(key)).incrementAndGet();
+ return key.equals(pairRsa.getPublic());
+ }
+ });
+ delegate = auth;
+ SshClient client = SshClient.setUpDefaultClient();
+ client.start();
+ ClientSession session = client.connect("smx", "localhost", port).await().getSession();
+ session.addPublicKeyIdentity(pairRsaBad);
+ session.addPublicKeyIdentity(pairRsa);
+ assertTrue(session.auth().await().isSuccess());
+ assertEquals(2, count.size());
+ assertTrue(count.containsKey(KeyUtils.getFingerPrint(pairRsaBad.getPublic())));
+ assertTrue(count.containsKey(KeyUtils.getFingerPrint(pairRsa.getPublic())));
+ assertEquals(1, count.get(KeyUtils.getFingerPrint(pairRsaBad.getPublic())).get());
+ assertEquals(1, count.get(KeyUtils.getFingerPrint(pairRsa.getPublic())).get());
+ client.close(false).await();
+ assertTrue(auth.getCache().isEmpty());
+ }
+
+ @Test
+ public void testPublicKeyAuthWithoutCache() throws Exception {
+ final ConcurrentHashMap<String, AtomicInteger> count = new ConcurrentHashMap<String, AtomicInteger>();
+ delegate = new PublickeyAuthenticator() {
+ public boolean authenticate(String username, PublicKey key,
+ ServerSession session) {
+ count.putIfAbsent(KeyUtils.getFingerPrint(key), new AtomicInteger());
+ count.get(KeyUtils.getFingerPrint(key)).incrementAndGet();
+ return key.equals(pairRsa.getPublic());
+ }
+ };
+ SshClient client = SshClient.setUpDefaultClient();
+ client.start();
+ ClientSession session = client.connect("smx", "localhost", port).await().getSession();
+ session.addPublicKeyIdentity(pairRsaBad);
+ session.addPublicKeyIdentity(pairRsa);
+ assertTrue(session.auth().await().isSuccess());
+ assertEquals(2, count.size());
+ assertTrue(count.containsKey(KeyUtils.getFingerPrint(pairRsaBad.getPublic())));
+ assertTrue(count.containsKey(KeyUtils.getFingerPrint(pairRsa.getPublic())));
+ assertEquals(1, count.get(KeyUtils.getFingerPrint(pairRsaBad.getPublic())).get());
+ assertEquals(2, count.get(KeyUtils.getFingerPrint(pairRsa.getPublic())).get());
+ }
+
+ public static class TestCachingPublicKeyAuthenticator extends CachingPublicKeyAuthenticator {
+ public TestCachingPublicKeyAuthenticator(PublickeyAuthenticator authenticator) {
+ super(authenticator);
+ }
+ public Map<ServerSession, Map<PublicKey, Boolean>> getCache() {
+ return cache;
+ }
+ }
+
+}
+
+