summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.ssh.apache.test/tst
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2019-06-21 22:39:19 +0200
committerThomas Wolf <thomas.wolf@paranor.ch>2019-09-02 21:30:27 +0200
commit2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d (patch)
tree225681308b2dfbaa2b152ead24430ebe1f4d59cf /org.eclipse.jgit.ssh.apache.test/tst
parent124fbbc33a05c177767c5f4233717765acb1ab4d (diff)
downloadjgit-2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d.tar.gz
jgit-2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d.zip
sshd: support the HashKnownHosts configuration
Add the constant, and implement hashing of known host names in OpenSshServerKeyDatabase. Add a test verifying that the hashing works. Bug: 548492 Change-Id: Iabe82b666da627bd7f4d82519a366d166aa9ddd4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.ssh.apache.test/tst')
-rw-r--r--org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java53
1 files changed, 52 insertions, 1 deletions
diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
index df0b832a0f..b9b7353d3e 100644
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@@ -42,16 +42,22 @@
*/
package org.eclipse.jgit.transport.sshd;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.apache.sshd.client.config.hosts.KnownHostEntry;
import org.eclipse.jgit.api.errors.TransportException;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.transport.SshSessionFactory;
import org.eclipse.jgit.transport.ssh.SshTestBase;
-import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
import org.eclipse.jgit.util.FS;
import org.junit.Test;
import org.junit.experimental.theories.Theories;
@@ -102,6 +108,51 @@ public class ApacheSshTest extends SshTestBase {
}
@Test
+ public void testHashedKnownHosts() throws Exception {
+ assertTrue("Failed to delete known_hosts", knownHosts.delete());
+ // The provider will answer "yes" to all questions, so we should be able
+ // to connect and end up with a new known_hosts file with the host key.
+ TestCredentialsProvider provider = new TestCredentialsProvider();
+ cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+ "HashKnownHosts yes", //
+ "Host localhost", //
+ "HostName localhost", //
+ "Port " + testPort, //
+ "User " + TEST_USER, //
+ "IdentityFile " + privateKey1.getAbsolutePath());
+ List<LogEntry> messages = provider.getLog();
+ assertFalse("Expected user interaction", messages.isEmpty());
+ assertEquals(
+ "Expected to be asked about the key, and the file creation", 2,
+ messages.size());
+ assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
+ // Let's clone again without provider. If it works, the server host key
+ // was written correctly.
+ File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
+ cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //
+ "Host localhost", //
+ "HostName localhost", //
+ "Port " + testPort, //
+ "User " + TEST_USER, //
+ "IdentityFile " + privateKey1.getAbsolutePath());
+ // Check that the first line contains neither "localhost" nor
+ // "127.0.0.1", but does contain the expected hash.
+ List<String> lines = Files.readAllLines(knownHosts.toPath()).stream()
+ .filter(s -> s != null && s.length() >= 1 && s.charAt(0) != '#'
+ && !s.trim().isEmpty())
+ .collect(Collectors.toList());
+ assertEquals("Unexpected number of known_hosts lines", 1, lines.size());
+ String line = lines.get(0);
+ assertFalse("Found host in line", line.contains("localhost"));
+ assertFalse("Found IP in line", line.contains("127.0.0.1"));
+ assertTrue("Hash not found", line.contains("|"));
+ KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line);
+ assertTrue("Hash doesn't match localhost",
+ entry.isHostMatch("localhost", testPort)
+ || entry.isHostMatch("127.0.0.1", testPort));
+ }
+
+ @Test
public void testPreamble() throws Exception {
// Test that the client can deal with strange lines being sent before
// the server identification string.