sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java - mina-sshd - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.sshd.server;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;

 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.NamedResource;
 import org.apache.sshd.common.util.GenericUtils;
 import org.apache.sshd.common.util.ValidateUtils;
 import org.apache.sshd.server.auth.BuiltinUserAuthFactories;
 import org.apache.sshd.server.auth.UserAuth;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
 import org.apache.sshd.server.auth.hostbased.HostBasedAuthenticator;
 import org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator;
 import org.apache.sshd.server.auth.keyboard.UserAuthKeyboardInteractiveFactory;
 import org.apache.sshd.server.auth.password.PasswordAuthenticator;
 import org.apache.sshd.server.auth.password.UserAuthPasswordFactory;
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
 import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;

 /**
  * Holds providers and helpers related to the server side authentication process
  * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
  */
 public interface ServerAuthenticationManager {
     /**
      * Key used to retrieve the value in the configuration properties map
      * of the maximum number of failed authentication requests before the
      * server closes the connection.
      * @see #DEFAULT_MAX_AUTH_REQUESTS
      */
     String MAX_AUTH_REQUESTS = "max-auth-requests";

     /**
      * Default value for {@link #MAX_AUTH_REQUESTS} if none configured
      */
     int DEFAULT_MAX_AUTH_REQUESTS = 20;

     /**
      * Retrieve the list of named factories for <code>UserAuth</code> objects.
      *
      * @return a list of named <code>UserAuth</code> factories, never {@code null}/empty
      */
     List<NamedFactory<UserAuth>> getUserAuthFactories();
     default String getUserAuthFactoriesNameList() {
         return NamedResource.Utils.getNames(getUserAuthFactories());
     }
     default List<String> getUserAuthFactoriesNames() {
         return NamedResource.Utils.getNameList(getUserAuthFactories());
     }

     void setUserAuthFactories(List<NamedFactory<UserAuth>> userAuthFactories);
     default void setUserAuthFactoriesNameList(String names) {
         setUserAuthFactoriesNames(GenericUtils.split(names, ','));
     }
     default void setUserAuthFactoriesNames(String ... names) {
         setUserAuthFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.<String>emptyList() : Arrays.asList(names));
     }
     default void setUserAuthFactoriesNames(Collection<String> names) {
         BuiltinUserAuthFactories.ParseResult result = BuiltinUserAuthFactories.parseFactoriesList(names);
         @SuppressWarnings({ "rawtypes", "unchecked" })
         List<NamedFactory<UserAuth>> factories =
                 (List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), "No supported cipher factories: %s", names);
         Collection<String> unsupported = result.getUnsupportedFactories();
         ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported cipher factories found: %s", unsupported);
         setUserAuthFactories(factories);
     }

     /**
      * Retrieve the <code>PublickeyAuthenticator</code> to be used by SSH server.
      * If no authenticator has been configured (i.e. this method returns
      * {@code null}), then client authentication requests based on keys will be
      * rejected.
      *
      * @return the {@link PublickeyAuthenticator} or {@code null}
      */
     PublickeyAuthenticator getPublickeyAuthenticator();
     void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator);

     /**
      * Retrieve the <code>PasswordAuthenticator</code> to be used by the SSH server.
      * If no authenticator has been configured (i.e. this method returns
      * {@code null}), then client authentication requests based on passwords
      * will be rejected.
      *
      * @return the {@link PasswordAuthenticator} or {@code null}
      */
     PasswordAuthenticator getPasswordAuthenticator();
     void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator);

     /**
      * Retrieve the <code>KeyboardInteractiveAuthenticator</code> to be used by
      * the SSH server. If no authenticator has been configured (i.e. this method returns
      * {@code null}), then client authentication requests based on this method
      * will be rejected.
      *
      * @return The {@link KeyboardInteractiveAuthenticator} or {@code null}
      */
     KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator();
     void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator);

     /**
      * Retrieve the <code>GSSAuthenticator</code> to be used by the SSH server.
      * If no authenticator has been configured (i.e. this method returns
      * {@code null}), then client authentication requests based on gssapi
      * will be rejected.
      *
      * @return the {@link GSSAuthenticator} or {@code null}
      */
     GSSAuthenticator getGSSAuthenticator();
     void setGSSAuthenticator(GSSAuthenticator gssAuthenticator);

     /**
      * Retrieve the {@code HostBasedAuthenticator} to be used by the SSH server. If
      * no authenticator has been configured (i.e. this method returns {@code null}),
      * then client authentication requests based on this method will be rejected.
      *
      * @return the {@link HostBasedAuthenticator} or {@code null}
      */
     HostBasedAuthenticator getHostBasedAuthenticator();
     void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator);

     // CHECKSTYLE:OFF
     final class Utils {
     // CHECKSTYLE:ON
         public static final UserAuthPublicKeyFactory DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY =
                 UserAuthPublicKeyFactory.INSTANCE;

         public static final UserAuthGSSFactory DEFAULT_USER_AUTH_GSS_FACTORY =
                 UserAuthGSSFactory.INSTANCE;

         public static final UserAuthPasswordFactory DEFAULT_USER_AUTH_PASSWORD_FACTORY =
                 UserAuthPasswordFactory.INSTANCE;

         public static final UserAuthKeyboardInteractiveFactory DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY =
                 UserAuthKeyboardInteractiveFactory.INSTANCE;

         private Utils() {
             throw new UnsupportedOperationException("No instance allowed");
         }

         /**
          * If user authentication factories already set, then simply returns them. Otherwise,
          * builds the factories list from the individual authenticators available for
          * the manager - password public key, keyboard-interactive, GSS, etc...
          *
          * @param manager The {@link ServerAuthenticationManager} - ignored if {@code null}
          * @return The resolved {@link List} of {@link NamedFactory} for the {@link UserAuth}s
          * @see #resolveUserAuthFactories(ServerAuthenticationManager, List)
          */
         public static List<NamedFactory<UserAuth>> resolveUserAuthFactories(ServerAuthenticationManager manager) {
             if (manager == null) {
                 return Collections.emptyList();
             } else {
                 return resolveUserAuthFactories(manager, manager.getUserAuthFactories());
             }
         }

         /**
          * If user authentication factories already set, then simply returns them. Otherwise,
          * builds the factories list from the individual authenticators available for
          * the manager - password public key, keyboard-interactive, GSS, etc...
          *
          * @param manager The {@link ServerAuthenticationManager} - ignored if {@code null}
          * @param userFactories The currently available {@link UserAuth} factories - if not
          * {@code null}/empty then they are used as-is.
          * @return The resolved {@link List} of {@link NamedFactory} for the {@link UserAuth}s
          */
         public static List<NamedFactory<UserAuth>> resolveUserAuthFactories(
                 ServerAuthenticationManager manager, List<NamedFactory<UserAuth>> userFactories) {
             if (GenericUtils.size(userFactories) > 0) {
                 return userFactories;   // use whatever the user decided
             }

             if (manager == null) {
                 return Collections.emptyList();
             }

             List<NamedFactory<UserAuth>> factories = new ArrayList<>();
             if (manager.getPasswordAuthenticator() != null) {
                 factories.add(DEFAULT_USER_AUTH_PASSWORD_FACTORY);
                 factories.add(DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
             } else if (manager.getKeyboardInteractiveAuthenticator() != null) {
                 factories.add(DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
             }

             if (manager.getPublickeyAuthenticator() != null) {
                 factories.add(DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
             }

             if (manager.getGSSAuthenticator() != null) {
                 factories.add(DEFAULT_USER_AUTH_GSS_FACTORY);
             }

             return factories;
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.sshd.server;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Collection;
	import java.util.Collections;
	import java.util.List;

	import org.apache.sshd.common.NamedFactory;
	import org.apache.sshd.common.NamedResource;
	import org.apache.sshd.common.util.GenericUtils;
	import org.apache.sshd.common.util.ValidateUtils;
	import org.apache.sshd.server.auth.BuiltinUserAuthFactories;
	import org.apache.sshd.server.auth.UserAuth;
	import org.apache.sshd.server.auth.gss.GSSAuthenticator;
	import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
	import org.apache.sshd.server.auth.hostbased.HostBasedAuthenticator;
	import org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator;
	import org.apache.sshd.server.auth.keyboard.UserAuthKeyboardInteractiveFactory;
	import org.apache.sshd.server.auth.password.PasswordAuthenticator;
	import org.apache.sshd.server.auth.password.UserAuthPasswordFactory;
	import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
	import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;

	/**
	* Holds providers and helpers related to the server side authentication process
	* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
	*/
	public interface ServerAuthenticationManager {
	/**
	* Key used to retrieve the value in the configuration properties map
	* of the maximum number of failed authentication requests before the
	* server closes the connection.
	* @see #DEFAULT_MAX_AUTH_REQUESTS
	*/
	String MAX_AUTH_REQUESTS = "max-auth-requests";

	/**
	* Default value for {@link #MAX_AUTH_REQUESTS} if none configured
	*/
	int DEFAULT_MAX_AUTH_REQUESTS = 20;

	/**
	* Retrieve the list of named factories for <code>UserAuth</code> objects.
	*
	* @return a list of named <code>UserAuth</code> factories, never {@code null}/empty
	*/
	List<NamedFactory<UserAuth>> getUserAuthFactories();
	default String getUserAuthFactoriesNameList() {
	return NamedResource.Utils.getNames(getUserAuthFactories());
	}
	default List<String> getUserAuthFactoriesNames() {
	return NamedResource.Utils.getNameList(getUserAuthFactories());
	}

	void setUserAuthFactories(List<NamedFactory<UserAuth>> userAuthFactories);
	default void setUserAuthFactoriesNameList(String names) {
	setUserAuthFactoriesNames(GenericUtils.split(names, ','));
	}
	default void setUserAuthFactoriesNames(String ... names) {
	setUserAuthFactoriesNames(GenericUtils.isEmpty((Object[]) names) ? Collections.<String>emptyList() : Arrays.asList(names));
	}
	default void setUserAuthFactoriesNames(Collection<String> names) {
	BuiltinUserAuthFactories.ParseResult result = BuiltinUserAuthFactories.parseFactoriesList(names);
	@SuppressWarnings({ "rawtypes", "unchecked" })
	List<NamedFactory<UserAuth>> factories =
	(List) ValidateUtils.checkNotNullAndNotEmpty(result.getParsedFactories(), "No supported cipher factories: %s", names);
	Collection<String> unsupported = result.getUnsupportedFactories();
	ValidateUtils.checkTrue(GenericUtils.isEmpty(unsupported), "Unsupported cipher factories found: %s", unsupported);
	setUserAuthFactories(factories);
	}

	/**
	* Retrieve the <code>PublickeyAuthenticator</code> to be used by SSH server.
	* If no authenticator has been configured (i.e. this method returns
	* {@code null}), then client authentication requests based on keys will be
	* rejected.
	*
	* @return the {@link PublickeyAuthenticator} or {@code null}
	*/
	PublickeyAuthenticator getPublickeyAuthenticator();
	void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator);

	/**
	* Retrieve the <code>PasswordAuthenticator</code> to be used by the SSH server.
	* If no authenticator has been configured (i.e. this method returns
	* {@code null}), then client authentication requests based on passwords
	* will be rejected.
	*
	* @return the {@link PasswordAuthenticator} or {@code null}
	*/
	PasswordAuthenticator getPasswordAuthenticator();
	void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator);

	/**
	* Retrieve the <code>KeyboardInteractiveAuthenticator</code> to be used by
	* the SSH server. If no authenticator has been configured (i.e. this method returns
	* {@code null}), then client authentication requests based on this method
	* will be rejected.
	*
	* @return The {@link KeyboardInteractiveAuthenticator} or {@code null}
	*/
	KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator();
	void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator);

	/**
	* Retrieve the <code>GSSAuthenticator</code> to be used by the SSH server.
	* If no authenticator has been configured (i.e. this method returns
	* {@code null}), then client authentication requests based on gssapi
	* will be rejected.
	*
	* @return the {@link GSSAuthenticator} or {@code null}
	*/
	GSSAuthenticator getGSSAuthenticator();
	void setGSSAuthenticator(GSSAuthenticator gssAuthenticator);

	/**
	* Retrieve the {@code HostBasedAuthenticator} to be used by the SSH server. If
	* no authenticator has been configured (i.e. this method returns {@code null}),
	* then client authentication requests based on this method will be rejected.
	*
	* @return the {@link HostBasedAuthenticator} or {@code null}
	*/
	HostBasedAuthenticator getHostBasedAuthenticator();
	void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator);

	// CHECKSTYLE:OFF
	final class Utils {
	// CHECKSTYLE:ON
	public static final UserAuthPublicKeyFactory DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY =
	UserAuthPublicKeyFactory.INSTANCE;

	public static final UserAuthGSSFactory DEFAULT_USER_AUTH_GSS_FACTORY =
	UserAuthGSSFactory.INSTANCE;

	public static final UserAuthPasswordFactory DEFAULT_USER_AUTH_PASSWORD_FACTORY =
	UserAuthPasswordFactory.INSTANCE;

	public static final UserAuthKeyboardInteractiveFactory DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY =
	UserAuthKeyboardInteractiveFactory.INSTANCE;

	private Utils() {
	throw new UnsupportedOperationException("No instance allowed");
	}

	/**
	* If user authentication factories already set, then simply returns them. Otherwise,
	* builds the factories list from the individual authenticators available for
	* the manager - password public key, keyboard-interactive, GSS, etc...
	*
	* @param manager The {@link ServerAuthenticationManager} - ignored if {@code null}
	* @return The resolved {@link List} of {@link NamedFactory} for the {@link UserAuth}s
	* @see #resolveUserAuthFactories(ServerAuthenticationManager, List)
	*/
	public static List<NamedFactory<UserAuth>> resolveUserAuthFactories(ServerAuthenticationManager manager) {
	if (manager == null) {
	return Collections.emptyList();
	} else {
	return resolveUserAuthFactories(manager, manager.getUserAuthFactories());
	}
	}

	/**
	* If user authentication factories already set, then simply returns them. Otherwise,
	* builds the factories list from the individual authenticators available for
	* the manager - password public key, keyboard-interactive, GSS, etc...
	*
	* @param manager The {@link ServerAuthenticationManager} - ignored if {@code null}
	* @param userFactories The currently available {@link UserAuth} factories - if not
	* {@code null}/empty then they are used as-is.
	* @return The resolved {@link List} of {@link NamedFactory} for the {@link UserAuth}s
	*/
	public static List<NamedFactory<UserAuth>> resolveUserAuthFactories(
	ServerAuthenticationManager manager, List<NamedFactory<UserAuth>> userFactories) {
	if (GenericUtils.size(userFactories) > 0) {
	return userFactories; // use whatever the user decided
	}

	if (manager == null) {
	return Collections.emptyList();
	}

	List<NamedFactory<UserAuth>> factories = new ArrayList<>();
	if (manager.getPasswordAuthenticator() != null) {
	factories.add(DEFAULT_USER_AUTH_PASSWORD_FACTORY);
	factories.add(DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
	} else if (manager.getKeyboardInteractiveAuthenticator() != null) {
	factories.add(DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
	}

	if (manager.getPublickeyAuthenticator() != null) {
	factories.add(DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
	}

	if (manager.getGSSAuthenticator() != null) {
	factories.add(DEFAULT_USER_AUTH_GSS_FACTORY);
	}

	return factories;
	}
	}
	}