Package org.apache.sshd.server.auth.pubkey

Interface PublickeyAuthenticator

All Known Implementing Classes:

AcceptAllPublickeyAuthenticator, AuthorizedKeyEntriesPublickeyAuthenticator, AuthorizedKeysAuthenticator, CachingPublicKeyAuthenticator, DefaultAuthorizedKeysAuthenticator, KeySetPublickeyAuthenticator, RejectAllPublickeyAuthenticator, StaticPublickeyAuthenticator

Functional Interface:

This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.

@FunctionalInterface
public interface PublickeyAuthenticator

The PublickeyAuthenticator is used on the server side to authenticate user public keys.

Author:

Apache MINA SSHD Project

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(String username, PublicKey key, ServerSession session)	Checks whether the given PublicKey is allowed to be used for authenticating user "username" in a session.
static PublickeyAuthenticator	fromAuthorizedEntries(Object id, ServerSession session, Collection<? extends AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver)

Method Details

authenticate

boolean authenticate(String username,
 PublicKey key,
 ServerSession session)
              throws AsyncAuthException

Checks whether the given PublicKey is allowed to be used for authenticating user "username" in a session.

Note that the key may be a OpenSshCertificate. A typical implementation for a certificate would check that the certificate's CA key is known to be trusted as a certificate authority, and that the given user name is listed in the certificate's principals.

Parameters:

username - the username

key - the key

session - the server session

Returns:

true if the key may be used; false otherwise

Throws:

AsyncAuthException - If the authentication is performed asynchronously

fromAuthorizedEntries

static PublickeyAuthenticator fromAuthorizedEntries(Object id,
 ServerSession session,
 Collection<? extends AuthorizedKeyEntry> entries,
 PublicKeyEntryResolver fallbackResolver)
                                             throws IOException,
GeneralSecurityException

Parameters:

id - Some kind of mnemonic identifier for the authenticator - used also in toString()

session - The ServerSession that triggered this call - may be null if invoked by offline tool (e.g., unit test) or session context unknown to caller.

entries - The entries to parse - ignored if null/empty

fallbackResolver - The public key resolver to use if none of the default registered ones works

Returns:

A wrapper with all the parsed keys

Throws:

IOException - If failed to parse the keys data

GeneralSecurityException - If failed to generate the relevant keys from the parsed data