001 /*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019 package org.crsh.auth;
020
021 import org.apache.sshd.common.KeyPairProvider;
022 import org.crsh.plugin.CRaSHPlugin;
023 import org.crsh.plugin.PropertyDescriptor;
024
025 import java.io.File;
026 import java.security.KeyPair;
027 import java.security.PublicKey;
028 import java.util.Arrays;
029 import java.util.Collections;
030 import java.util.LinkedHashSet;
031 import java.util.Set;
032 import java.util.logging.Level;
033
034 /** @author <a href="mailto:julien.viet@exoplatform.com">Julien Viet</a> */
035 public class KeyAuthenticationPlugin extends CRaSHPlugin<KeyAuthenticationPlugin> implements AuthenticationPlugin<PublicKey> {
036
037 /** . */
038 private static final String[] TYPES = { KeyPairProvider.SSH_DSS, KeyPairProvider.SSH_RSA };
039
040 /** The SSH authorized key path. */
041 public static final PropertyDescriptor<String> AUTHORIZED_KEY_PATH = PropertyDescriptor.create(
042 "auth.key.path",
043 (String)null,
044 "The path to the authorized key file");
045
046 /** . */
047 private Set<PublicKey> authorizedKeys = Collections.emptySet();
048
049 @Override
050 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
051 return Arrays.<PropertyDescriptor<?>>asList(AUTHORIZED_KEY_PATH);
052 }
053
054 public String getName() {
055 return "key";
056 }
057
058 @Override
059 public KeyAuthenticationPlugin getImplementation() {
060 return this;
061 }
062
063 public Class<PublicKey> getCredentialType() {
064 return PublicKey.class;
065 }
066
067 @Override
068 public void init() {
069 String authorizedKeyPath = getContext().getProperty(AUTHORIZED_KEY_PATH);
070 if (authorizedKeyPath != null) {
071 File f = new File(authorizedKeyPath);
072 if (f.exists() && f.isFile()) {
073 log.log(Level.FINE, "Found authorized key path " + authorizedKeyPath);
074 Set<PublicKey> keys;
075 keys = new LinkedHashSet<PublicKey>();
076 KeyPairProvider provider = new FilePublicKeyProvider(new String[]{authorizedKeyPath});
077 for (String type : TYPES) {
078 KeyPair pair = provider.loadKey(type);
079 if (pair != null) {
080 PublicKey key = pair.getPublic();
081 if (key != null) {
082 keys.add(key);
083 }
084 }
085 }
086 authorizedKeys = keys;
087 } else {
088 log.log(Level.FINE, "Ignoring invalid authorized key path " + authorizedKeyPath);
089 }
090 }
091 }
092
093 public boolean authenticate(String username, PublicKey credential) throws Exception {
094 if (authorizedKeys.contains(credential)) {
095 log.log(Level.FINE, "Authenticated " + username + " with public key " + credential);
096 return true;
097 } else {
098 log.log(Level.FINE, "Denied " + username + " with public key " + credential);
099 return false;
100 }
101 }
102 }