diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2018-10-05 21:35:16 +0200 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-11-13 10:49:26 -0800 |
| commit | ec1116627f251dbc434111840111a417263403ee (patch) | |
| tree | ff7241ac75492d96311a4eca8d79eb09bde5a58d /org.eclipse.jgit.junit/src | |
| parent | 63a87b398ff67584069ab8cf6a17824f009a7102 (diff) | |
| download | jgit-ec1116627f251dbc434111840111a417263403ee.tar.gz jgit-ec1116627f251dbc434111840111a417263403ee.zip | |
Apache MINA sshd client: properly handle HostKeyAlgorithms config
By default sshd will use its default built-in list, which matches
the one of openssh (as far as the algorithms exist in sshd at all).
But it doesn't handle HostKeyAlgorithms from the ssh config at all.
Implement this as in openssh, including the '+' and '-' modifiers
and reordering the default if there are known host keys for a
server already.
Add tests for the reordering.
Also use a more robust reader for the known hosts file. The default
aborts on the first error.
Bug: 520927
Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit/src')
| -rw-r--r-- | org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java index 3c1111d242..97058e76ea 100644 --- a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java +++ b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java @@ -44,6 +44,8 @@ package org.eclipse.jgit.junit.ssh; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.KeyPair; @@ -101,6 +103,9 @@ public class SshTestGitServer { @NonNull private Repository repository; + @NonNull + private List<KeyPair> hostKeys = new ArrayList<>(); + private final ExecutorService executorService = Executors .newFixedThreadPool(2); @@ -130,17 +135,16 @@ public class SshTestGitServer { this.repository = repository; server = SshServer.setUpDefaultServer(); // Set host key + try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) { + hostKeys.add(SecurityUtils.loadKeyPairIdentity("", in, null)); + } catch (IOException | GeneralSecurityException e) { + // Ignore. + } server.setKeyPairProvider(new KeyPairProvider() { @Override public Iterable<KeyPair> loadKeys() { - try (ByteArrayInputStream in = new ByteArrayInputStream( - hostKey)) { - return Collections.singletonList( - SecurityUtils.loadKeyPairIdentity("", in, null)); - } catch (IOException | GeneralSecurityException e) { - return null; - } + return hostKeys; } }); @@ -220,6 +224,32 @@ public class SshTestGitServer { } /** + * Adds an additional host key to the server. + * + * @param key + * path to the private key file; should not be encrypted + * @param inFront + * whether to add the new key before other existing keys + * @throws IOException + * if the file denoted by the {@link Path} {@code key} cannot be + * read + * @throws GeneralSecurityException + * if the key contained in the file cannot be read + */ + public void addHostKey(@NonNull Path key, boolean inFront) + throws IOException, GeneralSecurityException { + try (InputStream in = Files.newInputStream(key)) { + KeyPair pair = SecurityUtils.loadKeyPairIdentity(key.toString(), in, + null); + if (inFront) { + hostKeys.add(0, pair); + } else { + hostKeys.add(pair); + } + } + } + + /** * Starts the test server, listening on a random port. * * @return the port the server listens on; test clients should connect to |