001    /*
002     * Copyright (C) 2012 eXo Platform SAS.
003     *
004     * This is free software; you can redistribute it and/or modify it
005     * under the terms of the GNU Lesser General Public License as
006     * published by the Free Software Foundation; either version 2.1 of
007     * the License, or (at your option) any later version.
008     *
009     * This software is distributed in the hope that it will be useful,
010     * but WITHOUT ANY WARRANTY; without even the implied warranty of
011     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012     * Lesser General Public License for more details.
013     *
014     * You should have received a copy of the GNU Lesser General Public
015     * License along with this software; if not, write to the Free
016     * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017     * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018     */
019    
020    package org.crsh.ssh;
021    
022    import org.apache.sshd.common.KeyPairProvider;
023    import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
024    import org.crsh.auth.AuthenticationPlugin;
025    import org.crsh.plugin.CRaSHPlugin;
026    import org.crsh.plugin.PropertyDescriptor;
027    import org.crsh.plugin.ResourceKind;
028    import org.crsh.ssh.term.SSHLifeCycle;
029    import org.crsh.ssh.term.URLKeyPairProvider;
030    import org.crsh.vfs.Resource;
031    
032    import java.io.File;
033    import java.io.IOException;
034    import java.net.MalformedURLException;
035    import java.net.URL;
036    import java.util.ArrayList;
037    import java.util.Arrays;
038    import java.util.List;
039    import java.util.logging.Level;
040    
041    import org.apache.sshd.common.util.SecurityUtils;
042    
043    public class SSHPlugin extends CRaSHPlugin<SSHPlugin> {
044    
045      /** The SSH port. */
046      public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port");
047    
048      /** The SSH server key path. */
049      public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file");
050    
051      /** SSH host key auto generate */
052      public static final PropertyDescriptor<String> SSH_SERVER_KEYGEN = PropertyDescriptor.create("ssh.keygen", "false", "Whether to automatically generate a host key");
053    
054      /** The SSH server idle timeout. */
055      private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000;
056      public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle-timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions in milliseconds");
057    
058      /** The SSH server authentication timeout. */
059      private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000;
060      public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth-timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions in milliseconds");
061    
062    
063      /** . */
064      private SSHLifeCycle lifeCycle;
065    
066      @Override
067      public SSHPlugin getImplementation() {
068        return this;
069      }
070    
071      @Override
072      protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
073        return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_KEYGEN, SSH_SERVER_AUTH_TIMEOUT, SSH_SERVER_IDLE_TIMEOUT, AuthenticationPlugin.AUTH);
074      }
075    
076      @Override
077      public void init() {
078    
079        SecurityUtils.setRegisterBouncyCastle(true);
080        //
081        Integer port = getContext().getProperty(SSH_PORT);
082        if (port == null) {
083          log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration");
084          return;
085        }
086    
087        //
088        Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT);
089        if (idleTimeout == null) {
090          idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT;
091        }
092        Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT);
093        if (authTimeout == null) {
094          authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT;
095        }
096    
097        //
098        Resource serverKey = null;
099        KeyPairProvider keyPairProvider = null;
100    
101        // Get embedded default key
102        URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem");
103        if (serverKeyURL != null) {
104          try {
105            log.log(Level.FINE, "Found embedded key url " + serverKeyURL);
106            serverKey = new Resource("hostkey.pem", serverKeyURL);
107          }
108          catch (IOException e) {
109            log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e);
110          }
111        }
112    
113        // Override from config if any
114        Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG);
115        if (serverKeyRes != null) {
116          serverKey = serverKeyRes;
117          log.log(Level.FINE, "Found server ssh key url");
118        }
119    
120        // If we have a key path, we convert is as an URL
121        String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH);
122        if (serverKeyPath != null) {
123          log.log(Level.FINE, "Found server key path " + serverKeyPath);
124          File f = new File(serverKeyPath);
125          String keyGen = getContext().getProperty(SSH_SERVER_KEYGEN);
126          if (keyGen != null && keyGen.equals("true")) {
127            keyPairProvider = new PEMGeneratorHostKeyProvider(serverKeyPath, "RSA");
128          } else if (f.exists() && f.isFile()) {
129            try {
130              serverKeyURL = f.toURI().toURL();
131              serverKey = new Resource("hostkey.pem", serverKeyURL);
132            } catch (MalformedURLException e) {
133              log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e);
134            } catch (IOException e) {
135              log.log(Level.FINE, "Could not load SSH key from " + serverKeyPath, e);
136            }
137          } else {
138            log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath);
139          }
140        }
141    
142        //
143        if (serverKeyURL == null) {
144          log.log(Level.INFO, "Could not boot SSHD due to missing server key");
145          return;
146        }
147    
148        //
149        if (keyPairProvider == null) {
150          keyPairProvider = new URLKeyPairProvider(serverKey);
151        }
152    
153        // Get the authentication
154        ArrayList<AuthenticationPlugin> authPlugins = new ArrayList<AuthenticationPlugin>(0);
155        List authentication = getContext().getProperty(AuthenticationPlugin.AUTH);
156        if (authentication != null) {
157          for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) {
158            if (authentication.contains(authenticationPlugin.getName())) {
159              authPlugins.add(authenticationPlugin);
160            }
161          }
162        }
163    
164        //
165        log.log(Level.INFO, "Booting SSHD");
166        SSHLifeCycle lifeCycle = new SSHLifeCycle(getContext(), authPlugins);
167        lifeCycle.setPort(port);
168        lifeCycle.setAuthTimeout(authTimeout);
169        lifeCycle.setIdleTimeout(idleTimeout);
170        lifeCycle.setKeyPairProvider(keyPairProvider);
171        lifeCycle.init();
172    
173        //
174        this.lifeCycle = lifeCycle;
175      }
176    
177      @Override
178      public void destroy() {
179        if (lifeCycle != null) {
180          log.log(Level.INFO, "Shutting down SSHD");
181          lifeCycle.destroy();
182          lifeCycle = null;
183        }
184      }
185    }