sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/AuthorizedKeyEntriesPublickeyAuthenticator.java - mina-sshd - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.sshd.server.auth.pubkey;

 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;

 import org.apache.sshd.common.AttributeRepository;
 import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
 import org.apache.sshd.common.config.keys.KeyUtils;
 import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
 import org.apache.sshd.common.util.GenericUtils;
 import org.apache.sshd.common.util.MapEntryUtils;
 import org.apache.sshd.common.util.logging.AbstractLoggingBean;
 import org.apache.sshd.server.session.ServerSession;

 /**
  * Checks against a {@link Collection} of {@link AuthorizedKeyEntry}s
  *
  * Records the matched entry under a session attribute.
  */
 public class AuthorizedKeyEntriesPublickeyAuthenticator extends AbstractLoggingBean implements PublickeyAuthenticator {
     public static final AttributeRepository.AttributeKey<AuthorizedKeyEntry> AUTHORIZED_KEY
             = new AttributeRepository.AttributeKey<>();

     private Map<AuthorizedKeyEntry, PublicKey> resolvedKeys;
     private Object id;

     public AuthorizedKeyEntriesPublickeyAuthenticator(Object id, ServerSession session,
                                                       Collection<? extends AuthorizedKeyEntry> entries,
                                                       PublicKeyEntryResolver fallbackResolver)
             throws IOException, GeneralSecurityException {
         this.id = id;
         int numEntries = GenericUtils.size(entries);
         if (numEntries <= 0) {
             resolvedKeys = Collections.emptyMap();
         } else {
             resolvedKeys = new HashMap<>(numEntries);
             for (AuthorizedKeyEntry e : entries) {
                 Map<String, String> headers = e.getLoginOptions();
                 PublicKey k = e.resolvePublicKey(session, headers, fallbackResolver);
                 if (k != null) {
                     resolvedKeys.put(e, k);
                 }
             }
         }
     }

     /**
      * @return Some kind of mnemonic identifier for the authenticator - used also in {@code toString()}
      */
     public Object getId() {
         return id;
     }

     @Override
     public boolean authenticate(String username, PublicKey key, ServerSession session) {
         if (MapEntryUtils.isEmpty(resolvedKeys)) {
             if (log.isDebugEnabled()) {
                 log.debug("authenticate({})[{}] no entries", username, session);
             }

             return false;
         }

         for (Map.Entry<AuthorizedKeyEntry, PublicKey> e : resolvedKeys.entrySet()) {
             if (KeyUtils.compareKeys(key, e.getValue())) {
                 if (log.isDebugEnabled()) {
                     log.debug("authenticate({})[{}] match found", username, session);
                 }
                 if (session != null) {
                     session.setAttribute(AUTHORIZED_KEY, e.getKey());
                 }
                 return true;
             }
         }

         if (log.isDebugEnabled()) {
             log.debug("authenticate({})[{}] match not found", username, session);
         }
         return false;
     }

     @Override
     public String toString() {
         return Objects.toString(getId());
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.sshd.server.auth.pubkey;

	import java.io.IOException;
	import java.security.GeneralSecurityException;
	import java.security.PublicKey;
	import java.util.Collection;
	import java.util.Collections;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.Objects;

	import org.apache.sshd.common.AttributeRepository;
	import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
	import org.apache.sshd.common.config.keys.KeyUtils;
	import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
	import org.apache.sshd.common.util.GenericUtils;
	import org.apache.sshd.common.util.MapEntryUtils;
	import org.apache.sshd.common.util.logging.AbstractLoggingBean;
	import org.apache.sshd.server.session.ServerSession;

	/**
	* Checks against a {@link Collection} of {@link AuthorizedKeyEntry}s
	*
	* Records the matched entry under a session attribute.
	*/
	public class AuthorizedKeyEntriesPublickeyAuthenticator extends AbstractLoggingBean implements PublickeyAuthenticator {
	public static final AttributeRepository.AttributeKey<AuthorizedKeyEntry> AUTHORIZED_KEY
	= new AttributeRepository.AttributeKey<>();

	private Map<AuthorizedKeyEntry, PublicKey> resolvedKeys;
	private Object id;

	public AuthorizedKeyEntriesPublickeyAuthenticator(Object id, ServerSession session,
	Collection<? extends AuthorizedKeyEntry> entries,
	PublicKeyEntryResolver fallbackResolver)
	throws IOException, GeneralSecurityException {
	this.id = id;
	int numEntries = GenericUtils.size(entries);
	if (numEntries <= 0) {
	resolvedKeys = Collections.emptyMap();
	} else {
	resolvedKeys = new HashMap<>(numEntries);
	for (AuthorizedKeyEntry e : entries) {
	Map<String, String> headers = e.getLoginOptions();
	PublicKey k = e.resolvePublicKey(session, headers, fallbackResolver);
	if (k != null) {
	resolvedKeys.put(e, k);
	}
	}
	}
	}

	/**
	* @return Some kind of mnemonic identifier for the authenticator - used also in {@code toString()}
	*/
	public Object getId() {
	return id;
	}

	@Override
	public boolean authenticate(String username, PublicKey key, ServerSession session) {
	if (MapEntryUtils.isEmpty(resolvedKeys)) {
	if (log.isDebugEnabled()) {
	log.debug("authenticate({})[{}] no entries", username, session);
	}

	return false;
	}

	for (Map.Entry<AuthorizedKeyEntry, PublicKey> e : resolvedKeys.entrySet()) {
	if (KeyUtils.compareKeys(key, e.getValue())) {
	if (log.isDebugEnabled()) {
	log.debug("authenticate({})[{}] match found", username, session);
	}
	if (session != null) {
	session.setAttribute(AUTHORIZED_KEY, e.getKey());
	}
	return true;
	}
	}

	if (log.isDebugEnabled()) {
	log.debug("authenticate({})[{}] match not found", username, session);
	}
	return false;
	}

	@Override
	public String toString() {
	return Objects.toString(getId());
	}
	}