aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.junit.ssh/src
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2018-11-08 16:58:52 +0100
committerMatthias Sohn <matthias.sohn@sap.com>2018-11-17 07:28:08 -0800
commit1316d43e51d4f687e2b0cc32665495e7bc18c9f9 (patch)
tree72b2a9816a7ef2c5919a3f6dbae319b4e0af1138 /org.eclipse.jgit.junit.ssh/src
parent6c14d273faa89ab1657e818315b68f3bd672ff87 (diff)
downloadjgit-1316d43e51d4f687e2b0cc32665495e7bc18c9f9.tar.gz
jgit-1316d43e51d4f687e2b0cc32665495e7bc18c9f9.zip
Move SshTestGitServer to new bundle org.eclipse.jgit.junit.ssh
Create the bundle and move the SshTestGitServer there. Verified that the Eclipse build still works and ran JSchSshTest and ApacheSshTest as junit tests inside Eclipse. Update maven build and features to account for that. Verified by running full maven build including packaging. Update bazel build files to account for that. Verified by a clean-slate bazel build :all, followed by running the JSchSshTest and the ApacheSshTest via bazel. Change-Id: Ia084942f4425b454529de148e00417e7da786a90 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.ssh/src')
-rw-r--r--org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java362
1 files changed, 362 insertions, 0 deletions
diff --git a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
new file mode 100644
index 0000000000..0683dbb52e
--- /dev/null
+++ b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
@@ -0,0 +1,362 @@
+/*
+ * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
+ * and other copyright owners as documented in the project's IP log.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ * names of its contributors may be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.eclipse.jgit.junit.ssh;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import org.apache.sshd.common.NamedFactory;
+import org.apache.sshd.common.SshConstants;
+import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
+import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
+import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
+import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.util.buffer.Buffer;
+import org.apache.sshd.common.util.security.SecurityUtils;
+import org.apache.sshd.server.ServerAuthenticationManager;
+import org.apache.sshd.server.SshServer;
+import org.apache.sshd.server.auth.UserAuth;
+import org.apache.sshd.server.auth.gss.GSSAuthenticator;
+import org.apache.sshd.server.auth.gss.UserAuthGSS;
+import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
+import org.apache.sshd.server.command.AbstractCommandSupport;
+import org.apache.sshd.server.command.Command;
+import org.apache.sshd.server.session.ServerSession;
+import org.apache.sshd.server.shell.UnknownCommand;
+import org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory;
+import org.eclipse.jgit.annotations.NonNull;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.transport.ReceivePack;
+import org.eclipse.jgit.transport.RemoteConfig;
+import org.eclipse.jgit.transport.UploadPack;
+
+/**
+ * A simple ssh/sftp git <em>test</em> server based on Apache MINA sshd.
+ * <p>
+ * Supports only a single repository. Authenticates only the given test user
+ * against his given test public key. Supports fetch and push.
+ * </p>
+ *
+ * @since 5.2
+ */
+public class SshTestGitServer {
+
+ @NonNull
+ protected final String testUser;
+
+ @NonNull
+ protected final Repository repository;
+
+ @NonNull
+ protected final List<KeyPair> hostKeys = new ArrayList<>();
+
+ protected final SshServer server;
+
+ @NonNull
+ protected PublicKey testKey;
+
+ private final ExecutorService executorService = Executors
+ .newFixedThreadPool(2);
+
+ /**
+ * Creates a ssh git <em>test</em> server. It serves one single repository,
+ * and accepts public-key authentication for exactly one test user.
+ *
+ * @param testUser
+ * user name of the test user
+ * @param testKey
+ * <em>private</em> key file of the test user; the server will
+ * only user the public key from it
+ * @param repository
+ * to serve
+ * @param hostKey
+ * the unencrypted private key to use as host key
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public SshTestGitServer(@NonNull String testUser, @NonNull Path testKey,
+ @NonNull Repository repository, @NonNull byte[] hostKey)
+ throws IOException, GeneralSecurityException {
+ this.testUser = testUser;
+ setTestUserPublicKey(testKey);
+ this.repository = repository;
+ server = SshServer.setUpDefaultServer();
+ // Set host key
+ try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) {
+ hostKeys.add(SecurityUtils.loadKeyPairIdentity("", in, null));
+ } catch (IOException | GeneralSecurityException e) {
+ // Ignore.
+ }
+ server.setKeyPairProvider(() -> hostKeys);
+
+ configureAuthentication();
+
+ List<NamedFactory<Command>> subsystems = configureSubsystems();
+ if (!subsystems.isEmpty()) {
+ server.setSubsystemFactories(subsystems);
+ }
+
+ configureShell();
+
+ server.setCommandFactory(command -> {
+ if (command.startsWith(RemoteConfig.DEFAULT_UPLOAD_PACK)) {
+ return new GitUploadPackCommand(command, executorService);
+ } else if (command.startsWith(RemoteConfig.DEFAULT_RECEIVE_PACK)) {
+ return new GitReceivePackCommand(command, executorService);
+ }
+ return new UnknownCommand(command);
+ });
+ }
+
+ private static class FakeUserAuthGSS extends UserAuthGSS {
+ @Override
+ protected Boolean doAuth(Buffer buffer, boolean initial)
+ throws Exception {
+ // We always reply that we did do this, but then we fail at the
+ // first token message. That way we can test that the client-side
+ // sends the correct initial request and then is skipped correctly,
+ // even if it causes a GSSException if Kerberos isn't configured at
+ // all.
+ if (initial) {
+ ServerSession session = getServerSession();
+ Buffer b = session.createBuffer(
+ SshConstants.SSH_MSG_USERAUTH_INFO_REQUEST);
+ b.putBytes(KRB5_MECH.getDER());
+ session.writePacket(b);
+ return null;
+ }
+ return Boolean.FALSE;
+ }
+ }
+
+ private List<NamedFactory<UserAuth>> getAuthFactories() {
+ List<NamedFactory<UserAuth>> authentications = new ArrayList<>();
+ authentications.add(
+ ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
+ authentications.add(new UserAuthGSSFactory() {
+ @Override
+ public UserAuth create() {
+ return new FakeUserAuthGSS();
+ }
+ });
+ return authentications;
+ }
+
+ /**
+ * Configures the authentication mechanisms of this test server. Invoked
+ * from the constructor. The default sets up public key authentication for
+ * the test user, and a gssapi-with-mic authenticator that pretends to
+ * support this mechanism, but that then refuses to authenticate anyone.
+ */
+ protected void configureAuthentication() {
+ server.setUserAuthFactories(getAuthFactories());
+ // Disable some authentications
+ server.setPasswordAuthenticator(null);
+ server.setKeyboardInteractiveAuthenticator(null);
+ server.setHostBasedAuthenticator(null);
+ // Pretend we did gssapi-with-mic.
+ server.setGSSAuthenticator(new GSSAuthenticator() {
+ @Override
+ public boolean validateInitialUser(ServerSession session,
+ String user) {
+ return false;
+ }
+ });
+ // Accept only the test user/public key
+ server.setPublickeyAuthenticator((userName, publicKey, session) -> {
+ return SshTestGitServer.this.testUser.equals(userName) && KeyUtils
+ .compareKeys(SshTestGitServer.this.testKey, publicKey);
+ });
+ }
+
+ /**
+ * Configures the test server's subsystems (sftp, scp). Invoked from the
+ * constructor. The default provides a simple SFTP setup with the root
+ * directory as the given repository's .git directory's parent. (I.e., at
+ * the directory containing the .git directory.)
+ *
+ * @return A possibly empty collection of subsystems.
+ */
+ @NonNull
+ protected List<NamedFactory<Command>> configureSubsystems() {
+ // SFTP.
+ server.setFileSystemFactory(new VirtualFileSystemFactory() {
+
+ @Override
+ protected Path computeRootDir(Session session) throws IOException {
+ return SshTestGitServer.this.repository.getDirectory()
+ .getParentFile().getAbsoluteFile().toPath();
+ }
+ });
+ return Collections
+ .singletonList((new SftpSubsystemFactory.Builder()).build());
+ }
+
+ /**
+ * Configures shell access for the test server. The default provides no
+ * shell at all.
+ */
+ protected void configureShell() {
+ // No shell
+ server.setShellFactory(null);
+ }
+
+ /**
+ * Adds an additional host key to the server.
+ *
+ * @param key
+ * path to the private key file; should not be encrypted
+ * @param inFront
+ * whether to add the new key before other existing keys
+ * @throws IOException
+ * if the file denoted by the {@link Path} {@code key} cannot be
+ * read
+ * @throws GeneralSecurityException
+ * if the key contained in the file cannot be read
+ */
+ public void addHostKey(@NonNull Path key, boolean inFront)
+ throws IOException, GeneralSecurityException {
+ try (InputStream in = Files.newInputStream(key)) {
+ KeyPair pair = SecurityUtils.loadKeyPairIdentity(key.toString(), in,
+ null);
+ if (inFront) {
+ hostKeys.add(0, pair);
+ } else {
+ hostKeys.add(pair);
+ }
+ }
+ }
+
+ /**
+ * Starts the test server, listening on a random port.
+ *
+ * @return the port the server listens on; test clients should connect to
+ * that port
+ * @throws IOException
+ */
+ public int start() throws IOException {
+ server.start();
+ return server.getPort();
+ }
+
+ /**
+ * Stops the test server.
+ *
+ * @throws IOException
+ */
+ public void stop() throws IOException {
+ executorService.shutdownNow();
+ server.stop(true);
+ }
+
+ public void setTestUserPublicKey(Path key)
+ throws IOException, GeneralSecurityException {
+ this.testKey = AuthorizedKeyEntry.readAuthorizedKeys(key).get(0)
+ .resolvePublicKey(PublicKeyEntryResolver.IGNORING);
+ }
+
+ private class GitUploadPackCommand extends AbstractCommandSupport {
+
+ protected GitUploadPackCommand(String command,
+ ExecutorService executorService) {
+ super(command, executorService, false);
+ }
+
+ @Override
+ public void run() {
+ UploadPack uploadPack = new UploadPack(repository);
+ String gitProtocol = getEnvironment().getEnv().get("GIT_PROTOCOL");
+ if (gitProtocol != null) {
+ uploadPack
+ .setExtraParameters(Collections.singleton(gitProtocol));
+ }
+ try {
+ uploadPack.upload(getInputStream(), getOutputStream(),
+ getErrorStream());
+ onExit(0);
+ } catch (IOException e) {
+ log.warn(
+ MessageFormat.format("Could not run {0}", getCommand()),
+ e);
+ onExit(-1, e.toString());
+ }
+ }
+
+ }
+
+ private class GitReceivePackCommand extends AbstractCommandSupport {
+
+ protected GitReceivePackCommand(String command,
+ ExecutorService executorService) {
+ super(command, executorService, false);
+ }
+
+ @Override
+ public void run() {
+ try {
+ new ReceivePack(repository).receive(getInputStream(),
+ getOutputStream(), getErrorStream());
+ onExit(0);
+ } catch (IOException e) {
+ log.warn(
+ MessageFormat.format("Could not run {0}", getCommand()),
+ e);
+ onExit(-1, e.toString());
+ }
+ }
+
+ }
+}