001 /* 002 * Copyright (C) 2012 eXo Platform SAS. 003 * 004 * This is free software; you can redistribute it and/or modify it 005 * under the terms of the GNU Lesser General Public License as 006 * published by the Free Software Foundation; either version 2.1 of 007 * the License, or (at your option) any later version. 008 * 009 * This software is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * You should have received a copy of the GNU Lesser General Public 015 * License along with this software; if not, write to the Free 016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 018 */ 019 package org.crsh.auth; 020 021 import org.apache.sshd.common.KeyPairProvider; 022 import org.crsh.plugin.CRaSHPlugin; 023 import org.crsh.plugin.PropertyDescriptor; 024 025 import java.io.File; 026 import java.security.KeyPair; 027 import java.security.PublicKey; 028 import java.util.Arrays; 029 import java.util.Collections; 030 import java.util.LinkedHashSet; 031 import java.util.Set; 032 import java.util.logging.Level; 033 034 /** @author <a href="mailto:julien.viet@exoplatform.com">Julien Viet</a> */ 035 public class KeyAuthenticationPlugin extends CRaSHPlugin<KeyAuthenticationPlugin> implements AuthenticationPlugin<PublicKey> { 036 037 /** . */ 038 private static final String[] TYPES = { KeyPairProvider.SSH_DSS, KeyPairProvider.SSH_RSA }; 039 040 /** The SSH authorized key path. */ 041 public static final PropertyDescriptor<String> AUTHORIZED_KEY_PATH = PropertyDescriptor.create( 042 "auth.key.path", 043 (String)null, 044 "The path to the authorized key file"); 045 046 /** . */ 047 private Set<PublicKey> authorizedKeys = Collections.emptySet(); 048 049 @Override 050 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() { 051 return Arrays.<PropertyDescriptor<?>>asList(AUTHORIZED_KEY_PATH); 052 } 053 054 public String getName() { 055 return "key"; 056 } 057 058 @Override 059 public KeyAuthenticationPlugin getImplementation() { 060 return this; 061 } 062 063 public Class<PublicKey> getCredentialType() { 064 return PublicKey.class; 065 } 066 067 @Override 068 public void init() { 069 String authorizedKeyPath = getContext().getProperty(AUTHORIZED_KEY_PATH); 070 if (authorizedKeyPath != null) { 071 File f = new File(authorizedKeyPath); 072 if (f.exists() && f.isFile()) { 073 log.log(Level.FINE, "Found authorized key path " + authorizedKeyPath); 074 Set<PublicKey> keys; 075 keys = new LinkedHashSet<PublicKey>(); 076 KeyPairProvider provider = new FilePublicKeyProvider(new String[]{authorizedKeyPath}); 077 for (String type : TYPES) { 078 KeyPair pair = provider.loadKey(type); 079 if (pair != null) { 080 PublicKey key = pair.getPublic(); 081 if (key != null) { 082 keys.add(key); 083 } 084 } 085 } 086 authorizedKeys = keys; 087 } else { 088 log.log(Level.FINE, "Ignoring invalid authorized key path " + authorizedKeyPath); 089 } 090 } 091 } 092 093 public boolean authenticate(String username, PublicKey credential) throws Exception { 094 if (authorizedKeys.contains(credential)) { 095 log.log(Level.FINE, "Authenticated " + username + " with public key " + credential); 096 return true; 097 } else { 098 log.log(Level.FINE, "Denied " + username + " with public key " + credential); 099 return false; 100 } 101 } 102 }