From aaecd8f2a36d2c0d780b42425aa57725fe708551 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 18:58:08 -0400
Subject: [PATCH] Move cache to IKeyManager and implement isStale() in FileKeyManager
---
src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java | 77 ++++++++++++++++----------------------
1 files changed, 33 insertions(+), 44 deletions(-)
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
index d41afdd..922f25a 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKeyAuthenticator.java
@@ -18,17 +18,14 @@
import java.security.PublicKey;
import java.util.List;
import java.util.Locale;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.TimeUnit;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import com.gitblit.manager.IAuthenticationManager;
import com.gitblit.models.UserModel;
-import com.google.common.cache.CacheBuilder;
-import com.google.common.cache.CacheLoader;
-import com.google.common.cache.LoadingCache;
/**
*
@@ -37,19 +34,11 @@
*/
public class SshKeyAuthenticator implements PublickeyAuthenticator {
- protected final IKeyManager keyManager;
-
- protected final IAuthenticationManager authManager;
+ protected final Logger log = LoggerFactory.getLogger(getClass());
- LoadingCache<String, List<PublicKey>> sshKeyCache = CacheBuilder
- .newBuilder().
- expireAfterAccess(15, TimeUnit.MINUTES).
- maximumSize(100)
- .build(new CacheLoader<String, List<PublicKey>>() {
- public List<PublicKey> load(String username) {
- return keyManager.getKeys(username);
- }
- });
+ protected final IKeyManager keyManager;
+
+ protected final IAuthenticationManager authManager;
public SshKeyAuthenticator(IKeyManager keyManager, IAuthenticationManager authManager) {
this.keyManager = keyManager;
@@ -59,36 +48,36 @@
@Override
public boolean authenticate(String username, final PublicKey suppliedKey,
final ServerSession session) {
- final SshSession sd = session.getAttribute(SshSession.KEY);
+ final SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
- username = username.toLowerCase(Locale.US);
- try {
- List<PublicKey> keys = sshKeyCache.get(username);
- if (keys == null || keys.isEmpty()) {
- sd.authenticationError(username, "no-matching-key");
- return false;
- }
- for (PublicKey key : keys) {
- if (key.equals(suppliedKey)) {
- return validate(username, sd);
- }
- }
- return false;
- } catch (ExecutionException e) {
- sd.authenticationError(username, "user-not-found");
- return false;
- }
- }
-
- boolean validate(String username, SshSession sd) {
- // now that the key has been validated, check with the authentication
- // manager to ensure that this user exists and can authenticate
- sd.authenticationSuccess(username);
- UserModel user = authManager.authenticate(sd);
- if (user != null) {
+ if (client.getUser() != null) {
+ // TODO why do we re-authenticate?
+ log.info("{} has already authenticated!", username);
return true;
}
- sd.authenticationError(username, "user-not-found");
+
+ username = username.toLowerCase(Locale.US);
+ List<PublicKey> keys = keyManager.getKeys(username);
+ if (keys == null || keys.isEmpty()) {
+ log.info("{} has not added any public keys for ssh authentication", username);
+ return false;
+ }
+
+ for (PublicKey key : keys) {
+ if (key.equals(suppliedKey)) {
+ UserModel user = authManager.authenticate(username, key);
+ if (user != null) {
+ client.setUser(user);
+ return true;
+ }
+ }
+ }
+
+ log.warn("could not authenticate {} for SSH using the supplied public key", username);
return false;
}
+
+ public IKeyManager getKeyManager() {
+ return keyManager;
+ }
}
--
Gitblit v1.9.1