eclipse-ditto#985 apply public key credentials for ssh tunnel

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
bosch-io · Mar 19, 2021 · 41f0fef · 41f0fef
1 parent 6e7a701
commit 41f0fef
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 13 deletions.
diff --git a/...eclipse/ditto/services/connectivity/messaging/tunnel/ClientSessionCredentialsVisitor.java b/...eclipse/ditto/services/connectivity/messaging/tunnel/ClientSessionCredentialsVisitor.java
@@ -12,11 +12,14 @@
  */
 package org.eclipse.ditto.services.connectivity.messaging.tunnel;
 
+import java.security.KeyPair;
+
 import org.apache.sshd.client.session.ClientSession;
 import org.eclipse.ditto.model.connectivity.ClientCertificateCredentials;
 import org.eclipse.ditto.model.connectivity.CredentialsVisitor;
-import org.eclipse.ditto.model.connectivity.KeyPairCredentials;
+import org.eclipse.ditto.model.connectivity.SshPublicKeyAuthentication;
 import org.eclipse.ditto.model.connectivity.UserPasswordCredentials;
+import org.eclipse.ditto.services.connectivity.messaging.internal.ssl.KeyPairCreator;
 
 /**
  * TODO
@@ -31,8 +34,8 @@ class ClientSessionCredentialsVisitor implements CredentialsVisitor<Void> {
 
     @Override
     public Void clientCertificate(final ClientCertificateCredentials credentials) {
-        // TODO
-        throw new UnsupportedOperationException();
+        // not supported
+        return null;
     }
 
     @Override
@@ -42,8 +45,9 @@ public Void usernamePassword(final UserPasswordCredentials credentials) {
     }
 
     @Override
-    public Void keyPair(final KeyPairCredentials credentials) {
-        // TODO
-        throw new UnsupportedOperationException();
+    public Void sshPublicKeyAuthentication(final SshPublicKeyAuthentication credentials) {
+        final KeyPair keyPair = KeyPairCreator.getInstance().createKeyPair(credentials);
+        clientSession.addPublicKeyIdentity(keyPair);
+        return null;
     }
 }
diff --git a/...rc/main/java/org/eclipse/ditto/services/connectivity/messaging/tunnel/SshTunnelActor.java b/...rc/main/java/org/eclipse/ditto/services/connectivity/messaging/tunnel/SshTunnelActor.java
@@ -30,11 +30,15 @@
 import org.apache.sshd.client.session.ClientSession;
 import org.apache.sshd.common.future.SshFuture;
 import org.apache.sshd.common.util.net.SshdSocketAddress;
+import org.eclipse.ditto.model.connectivity.ClientCertificateCredentials;
 import org.eclipse.ditto.model.connectivity.Connection;
 import org.eclipse.ditto.model.connectivity.ConnectivityModelFactory;
 import org.eclipse.ditto.model.connectivity.ConnectivityStatus;
+import org.eclipse.ditto.model.connectivity.CredentialsVisitor;
 import org.eclipse.ditto.model.connectivity.ResourceStatus;
+import org.eclipse.ditto.model.connectivity.SshPublicKeyAuthentication;
 import org.eclipse.ditto.model.connectivity.SshTunnel;
+import org.eclipse.ditto.model.connectivity.UserPasswordCredentials;
 import org.eclipse.ditto.services.connectivity.config.DittoConnectivityConfig;
 import org.eclipse.ditto.services.connectivity.config.MonitoringConfig;
 import org.eclipse.ditto.services.connectivity.messaging.internal.RetrieveAddressStatus;
@@ -53,7 +57,7 @@
 /**
  * TODO DG
  */
-public final class SshTunnelActor extends AbstractActorWithTimers {
+public final class SshTunnelActor extends AbstractActorWithTimers implements CredentialsVisitor<Void> {
 
     /**
      * The name of this Actor in the ActorSystem.
@@ -66,8 +70,7 @@ public final class SshTunnelActor extends AbstractActorWithTimers {
     private final SshClient sshClient;
     private final String sshHost;
     private final int sshPort;
-    // TODO username
-    private final String sshUser = "test";
+    private String sshUser = "test";
     private final ServerKeyVerifier serverKeyVerifier;
 
     @Nullable private ClientSession sshSession = null;
@@ -94,6 +97,10 @@ private SshTunnelActor(final Connection connection) {
         sshHost = sshUri.getHost();
         sshPort = sshUri.getPort();
 
+        this.connection.getSshTunnel()
+                .map(SshTunnel::getCredentials)
+                .ifPresent(credentials -> credentials.accept(this));
+
         if (sshTunnel.isValidateHost()) {
             serverKeyVerifier = new FingerprintVerifier(sshTunnel.getKnownHosts());
         } else {
@@ -127,7 +134,6 @@ private void handleStartTunnel() {
             try {
                 logger.debug("Connecting to ssh server at {}:{}", sshHost, sshPort);
                 final ConnectFuture connectFuture;
-                // TODO username
                 connectFuture = sshClient.connect(sshUser, sshHost, sshPort);
                 pipeToSelf(connectFuture);
             } catch (final IOException ioException) {
@@ -153,12 +159,9 @@ private void handleConnectResult(final ConnectFuture connectFuture) throws IOExc
             sshSession.addSessionListener(new TunnelSessionListener(getSelf(), logger));
             sshSession.addChannelListener(new TunnelChannelListener(getSelf()));
             sshSession.setServerKeyVerifier(serverKeyVerifier);
-
-            // TODO private/public key
             connection.getSshTunnel()
                     .map(SshTunnel::getCredentials)
                     .ifPresent(c -> c.accept(new ClientSessionCredentialsVisitor(sshSession)));
-
             pipeToSelf(sshSession.auth());
         } else {
             connectionLogger.failure("SSH connection failed: {}", getMessage(connectFuture.getException()));
@@ -191,6 +194,20 @@ private void handleAuthResult(final AuthFuture authFuture) {
     }
 
     private void handleTunnelClosed(final TunnelClosed tunnelClosed) {
+
+        logger.info("Received tunnel closed. ");
+
+        if (sshSession != null) {
+            logger.info("Tunnel is connected {}", sshSession.isOpen());
+            logger.info("Session state {}", sshSession.getSessionState());
+            logger.info("StartedLocalPortForwards {}", sshSession.getStartedLocalPortForwards());
+
+            if (sshSession.isOpen() && !sshSession.getStartedLocalPortForwards().isEmpty()) {
+                logger.info("!!! do not report !!!");
+            }
+
+        }
+
         if (tunnelClosed.getError() != null) {
             connectionLogger.failure("SSH Tunnel failed: ", getMessage(tunnelClosed.getError()));
         } else {
@@ -271,6 +288,24 @@ private ResourceStatus getResourceStatus() {
                 .get(), status, statusDetail, inStateSince);
     }
 
+    @Override
+    public Void clientCertificate(final ClientCertificateCredentials credentials) {
+        // not supported
+        return null;
+    }
+
+    @Override
+    public Void usernamePassword(final UserPasswordCredentials credentials) {
+        this.sshUser = credentials.getUsername();
+        return null;
+    }
+
+    @Override
+    public Void sshPublicKeyAuthentication(final SshPublicKeyAuthentication credentials) {
+        this.sshUser = credentials.getUsername();
+        return null;
+    }
+
     /**
      * TODO
      */
@@ -315,6 +350,13 @@ public Throwable getError() {
             return reason;
         }
 
+        @Override
+        public String toString() {
+            return getClass().getSimpleName() + " [" +
+                    "message=" + message +
+                    ", reason=" + reason +
+                    "]";
+        }
     }
 
     /**