| commit | author | age | ||
| 75ebd3 | 1 | /* |
| DO | 2 | * Copyright 2014 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not | |
| 5 | * use this file except in compliance with the License. You may obtain a copy of | |
| 6 | * the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
| 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
| 13 | * License for the specific language governing permissions and limitations under | |
| 14 | * the License. | |
| 15 | */ | |
| 16 | package com.gitblit.transport.ssh; | |
| 17 | ||
| 18 | import java.security.PublicKey; | |
| 19 | import java.util.List; | |
| 20 | import java.util.Locale; | |
| 21 | ||
| d41034 | 22 | import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator; |
| 75ebd3 | 23 | import org.apache.sshd.server.session.ServerSession; |
| DO | 24 | import org.slf4j.Logger; |
| 25 | import org.slf4j.LoggerFactory; | |
| 26 | ||
| 27 | import com.gitblit.manager.IAuthenticationManager; | |
| 28 | import com.gitblit.models.UserModel; | |
| 29 | import com.google.common.base.Preconditions; | |
| 30 | ||
| 31 | /** | |
| 56b3f3 | 32 | * Authenticates an SSH session against a public key. |
| 245836 | 33 | * |
| 75ebd3 | 34 | */ |
| 7a273c | 35 | public class SshKeyAuthenticator implements PublickeyAuthenticator { |
| 75ebd3 | 36 | |
| DO | 37 | protected final Logger log = LoggerFactory.getLogger(getClass()); |
| 38 | ||
| 245836 | 39 | protected final IPublicKeyManager keyManager; |
| 75ebd3 | 40 | |
| DO | 41 | protected final IAuthenticationManager authManager; |
| 42 | ||
| 7a273c | 43 | public SshKeyAuthenticator(IPublicKeyManager keyManager, IAuthenticationManager authManager) { |
| 75ebd3 | 44 | this.keyManager = keyManager; |
| DO | 45 | this.authManager = authManager; |
| 46 | } | |
| 47 | ||
| 48 | @Override | |
| f6196b | 49 | public boolean authenticate(String username, PublicKey suppliedKey, ServerSession session) { |
| 75ebd3 | 50 | SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY); |
| DO | 51 | Preconditions.checkState(client.getUser() == null); |
| 52 | username = username.toLowerCase(Locale.US); | |
| bcc8a0 | 53 | List<SshKey> keys = keyManager.getKeys(username); |
| 521cb6 | 54 | if (keys.isEmpty()) { |
| JM | 55 | log.info("{} has not added any public keys for ssh authentication", username); |
| 75ebd3 | 56 | return false; |
| DO | 57 | } |
| 58 | ||
| 521cb6 | 59 | SshKey pk = new SshKey(suppliedKey); |
| JM | 60 | log.debug("auth supplied {}", pk.getFingerprint()); |
| 61 | ||
| bcc8a0 | 62 | for (SshKey key : keys) { |
| 521cb6 | 63 | log.debug("auth compare to {}", key.getFingerprint()); |
| 81583a | 64 | if (key.getPublicKey().equals(suppliedKey)) { |
| 75ebd3 | 65 | UserModel user = authManager.authenticate(username, key); |
| DO | 66 | if (user != null) { |
| 67 | client.setUser(user); | |
| 8d96b9 | 68 | client.setKey(key); |
| 75ebd3 | 69 | return true; |
| DO | 70 | } |
| 71 | } | |
| 72 | } | |
| 73 | ||
| 521cb6 | 74 | log.warn("could not authenticate {} for SSH using the supplied public key", username); |
| 75ebd3 | 75 | return false; |
| DO | 76 | } |
| 77 | } | |
