• Home
• org.opendaylight.netconf
• shaded-sshd
• 8.0.2
• source code
• ServerBuilder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.opendaylight.netconf.shaded.sshd.server.ServerBuilder Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.opendaylight.netconf.shaded.sshd.server;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;

import org.opendaylight.netconf.shaded.sshd.common.BaseBuilder;
import org.opendaylight.netconf.shaded.sshd.common.BuiltinFactory;
import org.opendaylight.netconf.shaded.sshd.common.NamedFactory;
import org.opendaylight.netconf.shaded.sshd.common.channel.ChannelFactory;
import org.opendaylight.netconf.shaded.sshd.common.channel.RequestHandler;
import org.opendaylight.netconf.shaded.sshd.common.cipher.BuiltinCiphers;
import org.opendaylight.netconf.shaded.sshd.common.compression.BuiltinCompressions;
import org.opendaylight.netconf.shaded.sshd.common.compression.Compression;
import org.opendaylight.netconf.shaded.sshd.common.compression.CompressionFactory;
import org.opendaylight.netconf.shaded.sshd.common.global.KeepAliveHandler;
import org.opendaylight.netconf.shaded.sshd.common.kex.DHFactory;
import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchange;
import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
import org.opendaylight.netconf.shaded.sshd.common.kex.extension.DefaultServerKexExtensionHandler;
import org.opendaylight.netconf.shaded.sshd.common.kex.extension.KexExtensionHandler;
import org.opendaylight.netconf.shaded.sshd.common.session.ConnectionService;
import org.opendaylight.netconf.shaded.sshd.common.signature.Signature;
import org.opendaylight.netconf.shaded.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.channel.ChannelSessionFactory;
import org.opendaylight.netconf.shaded.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.forward.DirectTcpipFactory;
import org.opendaylight.netconf.shaded.sshd.server.global.CancelTcpipForwardHandler;
import org.opendaylight.netconf.shaded.sshd.server.global.NoMoreSessionsHandler;
import org.opendaylight.netconf.shaded.sshd.server.global.OpenSshHostKeysHandler;
import org.opendaylight.netconf.shaded.sshd.server.global.TcpipForwardHandler;
import org.opendaylight.netconf.shaded.sshd.server.kex.DHGEXServer;
import org.opendaylight.netconf.shaded.sshd.server.kex.DHGServer;

/**
 * SshServer builder
 */
public class ServerBuilder extends BaseBuilder {
    @SuppressWarnings("checkstyle:Indentation")
    public static final Function DH2KEX = factory -> factory == null
            ? null
            : factory.isGroupExchange()
                    ? DHGEXServer.newFactory(factory)
            : DHGServer.newFactory(factory);

    public static final List DEFAULT_CHANNEL_FACTORIES = Collections.unmodifiableList(
            Arrays.asList(
                    ChannelSessionFactory.INSTANCE,
                    DirectTcpipFactory.INSTANCE));

    public static final List> DEFAULT_GLOBAL_REQUEST_HANDLERS = Collections.unmodifiableList(
            Arrays.> asList(
                    KeepAliveHandler.INSTANCE,
                    NoMoreSessionsHandler.INSTANCE,
                    TcpipForwardHandler.INSTANCE,
                    CancelTcpipForwardHandler.INSTANCE,
                    OpenSshHostKeysHandler.INSTANCE));

    public static final PublickeyAuthenticator DEFAULT_PUBLIC_KEY_AUTHENTICATOR = DefaultAuthorizedKeysAuthenticator.INSTANCE;
    public static final KeyboardInteractiveAuthenticator DEFAULT_INTERACTIVE_AUTHENTICATOR
            = DefaultKeyboardInteractiveAuthenticator.INSTANCE;
    public static final List DEFAULT_COMPRESSION_FACTORIES = Collections.unmodifiableList(
            Arrays. asList(
                    BuiltinCompressions.none,
                    BuiltinCompressions.zlib,
                    BuiltinCompressions.delayedZlib));
    public static final KexExtensionHandler DEFAULT_KEX_EXTENSION_HANDLER = DefaultServerKexExtensionHandler.INSTANCE;

    /**
     * Default list of ciphers for a server. This excludes the AES-CBC ciphers -- OpenSSH has stopped proposing them by
     * default in 2014 (and removed them from the client proposal in 2017, too). CBC is susceptible to padding oracle
     * attacks and other attacks and is thus not recommended anymore.
     * 

     * For clients, we do still include the CBC modes to better support connecting with legacy servers.
     * 
     */
    public static final List DEFAULT_SERVER_CIPHERS_PREFERENCE = Collections.unmodifiableList(
            Arrays.asList(
                    BuiltinCiphers.cc20p1305_openssh,
                    BuiltinCiphers.aes128ctr,
                    BuiltinCiphers.aes192ctr,
                    BuiltinCiphers.aes256ctr,
                    BuiltinCiphers.aes128gcm,
                    BuiltinCiphers.aes256gcm));

    protected PublickeyAuthenticator pubkeyAuthenticator;
    protected KeyboardInteractiveAuthenticator interactiveAuthenticator;

    public ServerBuilder() {
        super();
    }

    public ServerBuilder interactiveAuthenticator(KeyboardInteractiveAuthenticator auth) {
        interactiveAuthenticator = auth;
        return this;
    }

    public ServerBuilder publickeyAuthenticator(PublickeyAuthenticator auth) {
        pubkeyAuthenticator = auth;
        return this;
    }

    @Override
    protected ServerBuilder fillWithDefaultValues() {
        if (cipherFactories == null) {
            cipherFactories(BuiltinFactory.setUpFactories(false, DEFAULT_SERVER_CIPHERS_PREFERENCE));
        }
        super.fillWithDefaultValues();

        if (compressionFactories == null) {
            compressionFactories = setUpDefaultCompressionFactories(false);
        }

        if (signatureFactories == null) {
            signatureFactories = setUpDefaultSignatureFactories(false);
        }

        if (keyExchangeFactories == null) {
            keyExchangeFactories = setUpDefaultKeyExchanges(false);
        }

        if (kexExtensionHandler == null) {
            kexExtensionHandler = DEFAULT_KEX_EXTENSION_HANDLER;
        }

        if (channelFactories == null) {
            channelFactories = DEFAULT_CHANNEL_FACTORIES;
        }

        if (globalRequestHandlers == null) {
            globalRequestHandlers = DEFAULT_GLOBAL_REQUEST_HANDLERS;
        }

        if (pubkeyAuthenticator == null) {
            pubkeyAuthenticator = DEFAULT_PUBLIC_KEY_AUTHENTICATOR;
        }

        if (interactiveAuthenticator == null) {
            interactiveAuthenticator = DEFAULT_INTERACTIVE_AUTHENTICATOR;
        }

        if (factory == null) {
            factory = SshServer.DEFAULT_SSH_SERVER_FACTORY;
        }

        return me();
    }

    @Override
    public SshServer build(boolean isFillWithDefaultValues) {
        SshServer server = super.build(isFillWithDefaultValues);
        server.setPublickeyAuthenticator(pubkeyAuthenticator);
        server.setKeyboardInteractiveAuthenticator(interactiveAuthenticator);
        return server;
    }

    @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy
    public static List> setUpDefaultSignatureFactories(boolean ignoreUnsupported) {
        return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_SIGNATURE_PREFERENCE);
    }

    @SuppressWarnings({ "unchecked", "rawtypes" }) // safe due to the hierarchy
    public static List> setUpDefaultCompressionFactories(boolean ignoreUnsupported) {
        return (List) NamedFactory.setUpBuiltinFactories(ignoreUnsupported, DEFAULT_COMPRESSION_FACTORIES);
    }

    /**
     * @param  ignoreUnsupported If {@code true} then all the default key exchanges are included, regardless of whether
     *                           they are currently supported by the JCE. Otherwise, only the supported ones out of the
     *                           list are included
     * @return                   A {@link List} of the default {@link NamedFactory} instances of the
     *                           {@link KeyExchange}s according to the preference order defined by
     *                           {@link #DEFAULT_KEX_PREFERENCE}. Note: the list may be filtered to exclude
     *                           unsupported JCE key exchanges according to the ignoreUnsupported parameter
     * @see                      org.apache.sshd.common.kex.BuiltinDHFactories#isSupported()
     */
    public static List setUpDefaultKeyExchanges(boolean ignoreUnsupported) {
        return NamedFactory.setUpTransformedFactories(ignoreUnsupported, DEFAULT_KEX_PREFERENCE, DH2KEX);
    }

    public static ServerBuilder builder() {
        return new ServerBuilder();
    }
}