• Home
• org.apache.sshd
• sshd-common
• 2.14.0
• source code
• UserAuthMethodFactory.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.sshd.common.auth.UserAuthMethodFactory Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.sshd.common.auth;

import java.io.IOException;
import java.util.Collection;

import org.apache.sshd.common.CommonModuleProperties;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.session.SessionContext;

/**
 * Represents a user authentication method
 *
 * @param   The type of {@link SessionContext} being provided to the instance creator
 * @param   The authentication method factory type
 * @author     Apache MINA SSHD Project
 */
public interface UserAuthMethodFactory> extends NamedResource {
    /**
     * Password authentication method name
     */
    String PASSWORD = "password";

    /**
     * Public key authentication method name
     */
    String PUBLIC_KEY = "publickey";

    /**
     * Keyboard interactive authentication method
     */
    String KB_INTERACTIVE = "keyboard-interactive";

    /**
     * Host-based authentication method
     */
    String HOST_BASED = "hostbased";

    /**
     * @param  session     The session for which authentication is required
     * @return             The authenticator instance
     * @throws IOException If failed to create the instance
     */
    M createUserAuth(S session) throws IOException;

    /**
     * @param           The type of {@link SessionContext} being provided to the instance creator
     * @param           The authentication method factory type
     * @param  session     The session through which the request is being made
     * @param  factories   The available factories
     * @param  name        The requested factory name
     * @return             The created authenticator instance - {@code null} if no matching factory
     * @throws IOException If failed to create the instance
     */
    static > M createUserAuth(
            S session, Collection> factories, String name)
            throws IOException {
        UserAuthMethodFactory f = NamedResource.findByName(name, String.CASE_INSENSITIVE_ORDER, factories);
        if (f != null) {
            return f.createUserAuth(session);
        } else {
            return null;
        }
    }

    /**
     * According to RFC 4252 - section 8:
     *
     * 
     *      Both the server and the client should check whether the underlying
     *      transport layer provides confidentiality (i.e., if encryption is
     *      being used).  If no confidentiality is provided ("none" cipher),
     *      password authentication SHOULD be disabled.  If there is no
     *      confidentiality or no MAC, password change SHOULD be disabled.
     * 
     *
     * @param  session The {@link SessionContext} being used for authentication
     * @return         {@code true} if the context is not {@code null} and the ciphers have been established to anything
     *                 other than "none".
     * @see            CommonModuleProperties#ALLOW_INSECURE_AUTH
     * @see            SessionContext#isSecureSessionTransport(SessionContext)
     */
    static boolean isSecureAuthenticationTransport(SessionContext session) {
        if (session == null) {
            return false;
        }

        boolean allowInsecure = CommonModuleProperties.ALLOW_INSECURE_AUTH.getRequired(session);
        if (allowInsecure) {
            return true;
        }

        return SessionContext.isSecureSessionTransport(session);
    }

    /**
     * @param  session The {@link SessionContext} being used for authentication
     * @return         {@code true} if the context is not {@code null} and the MAC(s) used to verify packet integrity
     *                 have been established.
     * @see            CommonModuleProperties#ALLOW_NON_INTEGRITY_AUTH
     * @see            SessionContext#isDataIntegrityTransport(SessionContext)
     */
    static boolean isDataIntegrityAuthenticationTransport(SessionContext session) {
        if (session == null) {
            return false;
        }

        boolean allowNonValidated = CommonModuleProperties.ALLOW_NON_INTEGRITY_AUTH.getRequired(session);
        if (allowNonValidated) {
            return true;
        }

        return SessionContext.isDataIntegrityTransport(session);
    }
}