1 files changed, 80 insertions, 0 deletions

diff --git a/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/internal/ssh/AuthorizedKeysFileAuthenticator.java b/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/internal/ssh/AuthorizedKeysFileAuthenticator.java
new file mode 100644
index 000000000..5abd2be74
--- /dev/null
+++ b/bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/internal/ssh/AuthorizedKeysFileAuthenticator.java
@@ -0,0 +1,80 @@
+/**
+ * Copyright (c) 2012 Gunnar Wagenknecht and others.
+ * All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v1.0 which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *     Gunnar Wagenknecht - initial API and implementation
+ */
+package org.eclipse.equinox.console.internal.ssh;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.PublicKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
+
+import org.apache.sshd.server.PublickeyAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+
+/**
+ * {@link PublickeyAuthenticator} which authenticates using a specified
+ * {@link #setAuthorizedKeysFile(String) authorized_keys} file.
+ */
+public class AuthorizedKeysFileAuthenticator implements PublickeyAuthenticator {
+	private String authorizedKeysFile;
+
+	public String getAuthorizedKeysFile() {
+		return authorizedKeysFile;
+	}
+
+	public void setAuthorizedKeysFile(String authorizedKeysFile) {
+		this.authorizedKeysFile = authorizedKeysFile;
+	}
+
+	public boolean authenticate(String username, PublicKey key, ServerSession session) {
+		String authorizedKeysFile = getAuthorizedKeysFile();
+		if(null == authorizedKeysFile) {
+			// TODO should use better logging than System.err?
+			System.err.println("No authorized_keys file configured!");
+			return false;
+		}
+		try {
+			// dynamically read key file at each login attempt
+			AuthorizedKeys keys = new AuthorizedKeys(authorizedKeysFile);
+			for (PublicKey authorizedKey : keys.getKeys()) {
+				if (isSameKey(authorizedKey, key)) {
+					return true;
+				}
+			}
+		} catch (FileNotFoundException e) {
+			// TODO should use better logging than System.err?
+			System.err.println("Configured authorized_keys file not found! " + e.getMessage());
+		} catch (IOException e) {
+			// TODO should use better logging than System.err?
+			System.err.println("Please check authorized_keys file! " + e.getMessage());
+		}
+		return false;
+	}
+
+	private boolean isSameKey(PublicKey k1, PublicKey k2) throws IOException {
+		if ((k1 instanceof DSAPublicKey) && (k2 instanceof DSAPublicKey)) {
+			return isSameDSAKey((DSAPublicKey) k1, (DSAPublicKey) k2);
+		} else if ((k1 instanceof RSAPublicKey) && (k2 instanceof RSAPublicKey)) {
+			return isSameRSAKey((RSAPublicKey) k1, (RSAPublicKey) k2);
+		} else {
+			throw new IOException("Unsupported key types detected!");
+		}
+	}
+
+	private boolean isSameRSAKey(RSAPublicKey k1, RSAPublicKey k2) {
+		return k1.getPublicExponent().equals(k2.getPublicExponent()) && k1.getModulus().equals(k2.getModulus());
+	}
+
+	private boolean isSameDSAKey(DSAPublicKey k1, DSAPublicKey k2) {
+		return k1.getY().equals(k2.getY()) && k1.getParams().getG().equals(k2.getParams().getG()) && k1.getParams().getP().equals(k2.getParams().getP()) && k1.getParams().getQ().equals(k2.getParams().getQ());
+	}
+}
\ No newline at end of file