1 package org.kuali.common.util.secure;
2
3 import java.io.BufferedOutputStream;
4 import java.io.ByteArrayInputStream;
5 import java.io.File;
6 import java.io.IOException;
7 import java.io.InputStream;
8 import java.io.OutputStream;
9 import java.util.List;
10 import java.util.Properties;
11
12 import org.apache.commons.io.FileUtils;
13 import org.apache.commons.io.FilenameUtils;
14 import org.apache.commons.io.IOUtils;
15 import org.apache.commons.lang3.StringUtils;
16 import org.kuali.common.util.LocationUtils;
17 import org.kuali.common.util.PropertyUtils;
18 import org.kuali.common.util.Str;
19 import org.slf4j.Logger;
20 import org.slf4j.LoggerFactory;
21 import org.springframework.util.Assert;
22
23 import com.jcraft.jsch.Channel;
24 import com.jcraft.jsch.ChannelExec;
25 import com.jcraft.jsch.ChannelSftp;
26 import com.jcraft.jsch.JSch;
27 import com.jcraft.jsch.JSchException;
28 import com.jcraft.jsch.Session;
29 import com.jcraft.jsch.SftpATTRS;
30 import com.jcraft.jsch.SftpException;
31
32 public class DefaultSecureChannel implements SecureChannel {
33
34 private static final Logger logger = LoggerFactory.getLogger(DefaultSecureChannel.class);
35 private static final String SFTP = "sftp";
36 private static final String EXEC = "exec";
37 private static final String FORWARDSLASH = "/";
38
39 File knownHosts = SSHUtils.DEFAULT_KNOWN_HOSTS;
40 File config = SSHUtils.DEFAULT_CONFIG_FILE;
41 boolean includeDefaultPrivateKeyLocations = true;
42 boolean strictHostKeyChecking = true;
43 int port = SSHUtils.DEFAULT_PORT;
44 String username;
45 String hostname;
46 Integer connectTimeout;
47 List<File> privateKeys;
48 Properties options;
49
50 protected Session session;
51 protected ChannelSftp sftp;
52 protected ChannelExec exec;
53
54 @Override
55 public synchronized void open() throws IOException {
56 logOpen();
57 validate();
58 try {
59 JSch jsch = getJSch();
60 this.session = openSession(jsch);
61 this.sftp = openSftpChannel(session, connectTimeout);
62 this.exec = openExecChannel(session, connectTimeout);
63 } catch (JSchException e) {
64 throw new IOException("Unexpected error opening secure channel", e);
65 }
66 }
67
68 @Override
69 public synchronized void close() {
70 logger.info("Closing secure channel - {}", getLocation());
71 closeQuietly(sftp);
72 closeQuietly(exec);
73 closeQuietly(session);
74 }
75
76 @Override
77 public RemoteFile getWorkingDirectory() {
78 try {
79 String workingDirectory = sftp.pwd();
80 return getMetaData(workingDirectory);
81 } catch (SftpException e) {
82 throw new IllegalStateException(e);
83 }
84 }
85
86 protected void validate() {
87 Assert.isTrue(SSHUtils.isValidPort(port));
88 Assert.isTrue(!StringUtils.isBlank(hostname));
89 }
90
91 protected void logOpen() {
92 logger.info("Opening secure channel - {}", getLocation());
93 if (privateKeys != null) {
94 logger.debug("Private keys - {}", privateKeys.size());
95 } else {
96 logger.debug("Private key config - {}", config);
97 }
98 logger.debug("Check default private key locations - {}", includeDefaultPrivateKeyLocations);
99 logger.debug("Strict host key checking - {}", strictHostKeyChecking);
100 logger.debug("Known hosts - {}", knownHosts);
101 logger.debug("Port - {}", port);
102 logger.debug("Connect timeout - {}", connectTimeout);
103 if (options != null) {
104 logger.debug("Configuring channel with {} options", options.size());
105 PropertyUtils.debug(options);
106 }
107 }
108
109 protected String getLocation() {
110 return (username == null) ? hostname : username + "@" + hostname;
111 }
112
113 protected ChannelExec openExecChannel(Session session, Integer timeout) throws JSchException {
114 ChannelExec channel = (ChannelExec) session.openChannel(EXEC);
115 connect(channel, timeout);
116 return channel;
117 }
118
119 protected ChannelSftp openSftpChannel(Session session, Integer timeout) throws JSchException {
120 ChannelSftp sftp = (ChannelSftp) session.openChannel(SFTP);
121 connect(sftp, timeout);
122 return sftp;
123 }
124
125 protected void connect(Channel channel, Integer timeout) throws JSchException {
126 if (timeout == null) {
127 channel.connect();
128 } else {
129 channel.connect(timeout);
130 }
131 }
132
133 protected void closeQuietly(Session session) {
134 if (session != null) {
135 session.disconnect();
136 }
137 }
138
139 protected void closeQuietly(Channel channel) {
140 if (channel != null) {
141 channel.disconnect();
142 }
143 }
144
145 protected Properties getSessionProperties(Properties options, boolean strictHostKeyChecking) {
146 Properties properties = new Properties();
147 if (options != null) {
148 properties.putAll(options);
149 }
150 if (!strictHostKeyChecking) {
151 properties.setProperty(SSHUtils.STRICT_HOST_KEY_CHECKING, SSHUtils.NO);
152 }
153 return properties;
154 }
155
156 protected Session openSession(JSch jsch) throws JSchException {
157 Session session = jsch.getSession(username, hostname, port);
158 session.setConfig(getSessionProperties(options, strictHostKeyChecking));
159 if (connectTimeout == null) {
160 session.connect();
161 } else {
162 session.connect(connectTimeout);
163 }
164 return session;
165 }
166
167 protected JSch getJSch() throws JSchException {
168 List<File> mergedPrivateKeys = getMergedPrivateKeys();
169 logger.debug("Located {} private keys", mergedPrivateKeys.size());
170 JSch jsch = getJSch(mergedPrivateKeys);
171 if (strictHostKeyChecking && knownHosts != null) {
172 String path = LocationUtils.getCanonicalPath(knownHosts);
173 jsch.setKnownHosts(path);
174 }
175 return jsch;
176 }
177
178 protected JSch getJSch(List<File> privateKeys) throws JSchException {
179 JSch jsch = new JSch();
180 for (File privateKey : privateKeys) {
181 String path = LocationUtils.getCanonicalPath(privateKey);
182 jsch.addIdentity(path);
183 }
184 return jsch;
185 }
186
187 protected List<File> getMergedPrivateKeys() {
188 if (privateKeys == null) {
189 logger.debug("Examining {}", config);
190 return SSHUtils.getPrivateKeys(config, includeDefaultPrivateKeyLocations);
191 } else {
192 return SSHUtils.getPrivateKeys(privateKeys, includeDefaultPrivateKeyLocations);
193 }
194 }
195
196 @Override
197 public RemoteFile getMetaData(String absolutePath) {
198 Assert.hasLength(absolutePath);
199 RemoteFile file = new RemoteFile();
200 file.setAbsolutePath(absolutePath);
201 fillInAttributes(file, absolutePath);
202 return file;
203 }
204
205 protected String getLocation(RemoteFile file) {
206 return getLocation() + ":" + file.getAbsolutePath();
207 }
208
209 @Override
210 public void deleteFile(String absolutePath) {
211 RemoteFile file = getMetaData(absolutePath);
212 if (isStatus(file, Status.MISSING)) {
213 return;
214 }
215 if (file.isDirectory()) {
216 throw new IllegalArgumentException("[" + getLocation(file) + "] is a directory.");
217 }
218 try {
219 sftp.rm(absolutePath);
220 } catch (SftpException e) {
221 throw new IllegalStateException(e);
222 }
223 }
224
225 @Override
226 public boolean exists(String absolutePath) {
227 RemoteFile file = getMetaData(absolutePath);
228 return isStatus(file, Status.EXISTS);
229 }
230
231 @Override
232 public boolean isDirectory(String absolutePath) {
233 RemoteFile file = getMetaData(absolutePath);
234 return isStatus(file, Status.EXISTS) && file.isDirectory();
235 }
236
237 protected void fillInAttributes(RemoteFile file) {
238 fillInAttributes(file, file.getAbsolutePath());
239 }
240
241 protected void fillInAttributes(RemoteFile file, String path) {
242 try {
243 SftpATTRS attributes = sftp.stat(path);
244 fillInAttributes(file, attributes);
245 } catch (SftpException e) {
246 handleNoSuchFileException(file, e);
247 }
248 }
249
250 protected void fillInAttributes(RemoteFile file, SftpATTRS attributes) {
251 file.setDirectory(attributes.isDir());
252 file.setPermissions(attributes.getPermissions());
253 file.setUserId(attributes.getUId());
254 file.setGroupId(attributes.getGId());
255 file.setSize(attributes.getSize());
256 file.setStatus(Status.EXISTS);
257 }
258
259 @Override
260 public void copyFile(File source, RemoteFile destination) {
261 Assert.notNull(source);
262 Assert.isTrue(source.exists());
263 Assert.isTrue(!source.isDirectory());
264 Assert.isTrue(source.canRead());
265 copyLocationToFile(LocationUtils.getCanonicalURLString(source), destination);
266 }
267
268 @Override
269 public void copyFileToDirectory(File source, RemoteFile destination) {
270 String filename = source.getName();
271 addFilenameToPath(destination, filename);
272 copyFile(source, destination);
273 }
274
275 @Override
276 public void copyLocationToFile(String location, RemoteFile destination) {
277 Assert.notNull(location);
278 Assert.isTrue(LocationUtils.exists(location));
279 InputStream in = null;
280 try {
281 in = LocationUtils.getInputStream(location);
282 copyInputStreamToFile(in, destination);
283 } catch (Exception e) {
284 throw new IllegalStateException(e);
285 } finally {
286 IOUtils.closeQuietly(in);
287 }
288 }
289
290 @Override
291 public void copyStringToFile(String string, String encoding, RemoteFile destination) {
292 Assert.notNull(string);
293 Assert.notNull(encoding);
294 InputStream in = new ByteArrayInputStream(Str.getBytes(string, encoding));
295 copyInputStreamToFile(in, destination);
296 IOUtils.closeQuietly(in);
297 }
298
299 @Override
300 public void copyInputStreamToFile(InputStream source, RemoteFile destination) {
301 Assert.notNull(source);
302 try {
303 createDirectories(destination);
304 sftp.put(source, destination.getAbsolutePath());
305 } catch (SftpException e) {
306 throw new IllegalStateException(e);
307 }
308 }
309
310 protected String getAbsolutePath(String absolutePath, String filename) {
311 if (StringUtils.endsWith(absolutePath, FORWARDSLASH)) {
312 return absolutePath + filename;
313 } else {
314 return absolutePath + FORWARDSLASH + filename;
315 }
316 }
317
318 protected void addFilenameToPath(RemoteFile destination, String filename) {
319 String newAbsolutePath = getAbsolutePath(destination.getAbsolutePath(), filename);
320 destination.setAbsolutePath(newAbsolutePath);
321 destination.setDirectory(false);
322 }
323
324 @Override
325 public void copyLocationToDirectory(String location, RemoteFile destination) {
326 String filename = LocationUtils.getFilename(location);
327 addFilenameToPath(destination, filename);
328 copyLocationToFile(location, destination);
329 }
330
331 @Override
332 public void copyFile(RemoteFile source, File destination) {
333 OutputStream out = null;
334 try {
335 out = new BufferedOutputStream(FileUtils.openOutputStream(destination));
336 sftp.get(source.getAbsolutePath(), out);
337 } catch (Exception e) {
338 throw new IllegalStateException(e);
339 } finally {
340 IOUtils.closeQuietly(out);
341 }
342 }
343
344 @Override
345 public void copyFileToDirectory(RemoteFile source, File destination) {
346 String filename = FilenameUtils.getName(source.getAbsolutePath());
347 File newDestination = new File(destination, filename);
348 copyFile(source, newDestination);
349 }
350
351 @Override
352 public void forceMkdir(RemoteFile dir) {
353 Assert.isTrue(dir.isDirectory());
354 try {
355 createDirectories(dir);
356 } catch (SftpException e) {
357 throw new IllegalStateException(e);
358 }
359 }
360
361 protected void createDirectories(RemoteFile file) throws SftpException {
362 boolean directoryIndicator = file.isDirectory();
363 fillInAttributes(file);
364 validate(file, directoryIndicator);
365 List<String> directories = LocationUtils.getNormalizedPathFragments(file.getAbsolutePath(), file.isDirectory());
366 for (String directory : directories) {
367 RemoteFile parentDir = new RemoteFile(directory);
368 fillInAttributes(parentDir);
369 validate(parentDir, true);
370 if (!isStatus(parentDir, Status.EXISTS)) {
371 createDirectory(parentDir);
372 }
373 }
374 }
375
376 protected boolean isStatus(RemoteFile file, Status status) {
377 return file.getStatus().equals(status);
378 }
379
380 protected void validate(RemoteFile file, Status... allowed) {
381 for (Status status : allowed) {
382 if (isStatus(file, status)) {
383 return;
384 }
385 }
386 throw new IllegalArgumentException("Invalid status - " + file.getStatus());
387 }
388
389 protected boolean validate(RemoteFile file, boolean directoryIndicator) {
390
391 validate(file, Status.MISSING, Status.EXISTS);
392
393
394 boolean missing = isStatus(file, Status.MISSING);
395 boolean exists = isStatus(file, Status.EXISTS);
396
397
398 boolean correctFileType = file.isDirectory() == directoryIndicator;
399
400
401 boolean valid = missing || exists && correctFileType;
402 if (valid) {
403 return true;
404 } else {
405
406 throw new IllegalArgumentException(getInvalidExistingFileMessage(file));
407 }
408 }
409
410 protected String getInvalidExistingFileMessage(RemoteFile existing) {
411 if (existing.isDirectory()) {
412 return "[" + getLocation(existing) + "] is an existing directory. Unable to create file.";
413 } else {
414 return "[" + getLocation(existing) + "] is an existing file. Unable to create directory.";
415 }
416 }
417
418 protected void createDirectory(RemoteFile dir) throws SftpException {
419 String path = dir.getAbsolutePath();
420 logger.debug("Creating [{}]", path);
421 sftp.mkdir(path);
422 setAttributes(dir);
423 }
424
425 protected void setAttributes(RemoteFile file) throws SftpException {
426 String path = file.getAbsolutePath();
427 if (file.getPermissions() != null) {
428 sftp.chmod(file.getPermissions(), path);
429 }
430 if (file.getGroupId() != null) {
431 sftp.chgrp(file.getGroupId(), path);
432 }
433 if (file.getUserId() != null) {
434 sftp.chown(file.getUserId(), path);
435 }
436 }
437
438 protected void handleNoSuchFileException(RemoteFile file, SftpException e) {
439 if (isNoSuchFileException(e)) {
440 file.setStatus(Status.MISSING);
441 } else {
442 throw new IllegalStateException(e);
443 }
444 }
445
446 protected boolean isNoSuchFileException(SftpException exception) {
447 return exception.id == ChannelSftp.SSH_FX_NO_SUCH_FILE;
448 }
449
450 public File getKnownHosts() {
451 return knownHosts;
452 }
453
454 public void setKnownHosts(File knownHosts) {
455 this.knownHosts = knownHosts;
456 }
457
458 public File getConfig() {
459 return config;
460 }
461
462 public void setConfig(File config) {
463 this.config = config;
464 }
465
466 public boolean isIncludeDefaultPrivateKeyLocations() {
467 return includeDefaultPrivateKeyLocations;
468 }
469
470 public void setIncludeDefaultPrivateKeyLocations(boolean includeDefaultPrivateKeyLocations) {
471 this.includeDefaultPrivateKeyLocations = includeDefaultPrivateKeyLocations;
472 }
473
474 public boolean isStrictHostKeyChecking() {
475 return strictHostKeyChecking;
476 }
477
478 public void setStrictHostKeyChecking(boolean strictHostKeyChecking) {
479 this.strictHostKeyChecking = strictHostKeyChecking;
480 }
481
482 public String getUsername() {
483 return username;
484 }
485
486 public void setUsername(String username) {
487 this.username = username;
488 }
489
490 public String getHostname() {
491 return hostname;
492 }
493
494 public void setHostname(String hostname) {
495 this.hostname = hostname;
496 }
497
498 public int getPort() {
499 return port;
500 }
501
502 public void setPort(int port) {
503 this.port = port;
504 }
505
506 public int getConnectTimeout() {
507 return connectTimeout;
508 }
509
510 public void setConnectTimeout(int connectTimeout) {
511 this.connectTimeout = connectTimeout;
512 }
513
514 public List<File> getPrivateKeys() {
515 return privateKeys;
516 }
517
518 public void setPrivateKeys(List<File> privateKeys) {
519 this.privateKeys = privateKeys;
520 }
521
522 public Properties getOptions() {
523 return options;
524 }
525
526 public void setOptions(Properties options) {
527 this.options = options;
528 }
529
530 public void setConnectTimeout(Integer connectTimeout) {
531 this.connectTimeout = connectTimeout;
532 }
533
534 }