diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-06-21 22:39:19 +0200 |
|---|---|---|
| committer | Thomas Wolf <thomas.wolf@paranor.ch> | 2019-09-02 21:30:27 +0200 |
| commit | 2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d (patch) | |
| tree | 225681308b2dfbaa2b152ead24430ebe1f4d59cf /org.eclipse.jgit.ssh.apache.test | |
| parent | 124fbbc33a05c177767c5f4233717765acb1ab4d (diff) | |
| download | jgit-2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d.tar.gz jgit-2d34d0bd9c6e5bad80befd42b76d5658de8e0d4d.zip | |
sshd: support the HashKnownHosts configuration
Add the constant, and implement hashing of known host names in
OpenSshServerKeyDatabase. Add a test verifying that the hashing
works.
Bug: 548492
Change-Id: Iabe82b666da627bd7f4d82519a366d166aa9ddd4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.ssh.apache.test')
| -rw-r--r-- | org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF | 3 | ||||
| -rw-r--r-- | org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java | 53 |
2 files changed, 54 insertions, 2 deletions
diff --git a/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF index af0ef2f219..d0383b82e5 100644 --- a/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF @@ -7,7 +7,8 @@ Bundle-Version: 5.5.0.qualifier Bundle-Vendor: %Bundle-Vendor Bundle-Localization: plugin Bundle-RequiredExecutionEnvironment: JavaSE-1.8 -Import-Package: org.apache.sshd.common;version="[2.2.0,2.3.0)", +Import-Package: org.apache.sshd.client.config.hosts;version="[2.2.0,2.3.0)", + org.apache.sshd.common;version="[2.2.0,2.3.0)", org.apache.sshd.common.auth;version="[2.2.0,2.3.0)", org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)", org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)", diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java index df0b832a0f..b9b7353d3e 100644 --- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java +++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java @@ -42,16 +42,22 @@ */ package org.eclipse.jgit.transport.sshd; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + import java.io.File; import java.io.IOException; import java.io.UncheckedIOException; import java.nio.file.Files; import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; +import org.apache.sshd.client.config.hosts.KnownHostEntry; import org.eclipse.jgit.api.errors.TransportException; import org.eclipse.jgit.lib.Constants; import org.eclipse.jgit.transport.SshSessionFactory; import org.eclipse.jgit.transport.ssh.SshTestBase; -import org.eclipse.jgit.transport.sshd.SshdSessionFactory; import org.eclipse.jgit.util.FS; import org.junit.Test; import org.junit.experimental.theories.Theories; @@ -102,6 +108,51 @@ public class ApacheSshTest extends SshTestBase { } @Test + public void testHashedKnownHosts() throws Exception { + assertTrue("Failed to delete known_hosts", knownHosts.delete()); + // The provider will answer "yes" to all questions, so we should be able + // to connect and end up with a new known_hosts file with the host key. + TestCredentialsProvider provider = new TestCredentialsProvider(); + cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, // + "HashKnownHosts yes", // + "Host localhost", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "IdentityFile " + privateKey1.getAbsolutePath()); + List<LogEntry> messages = provider.getLog(); + assertFalse("Expected user interaction", messages.isEmpty()); + assertEquals( + "Expected to be asked about the key, and the file creation", 2, + messages.size()); + assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists()); + // Let's clone again without provider. If it works, the server host key + // was written correctly. + File clonedAgain = new File(getTemporaryDirectory(), "cloned2"); + cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, // + "Host localhost", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "IdentityFile " + privateKey1.getAbsolutePath()); + // Check that the first line contains neither "localhost" nor + // "127.0.0.1", but does contain the expected hash. + List<String> lines = Files.readAllLines(knownHosts.toPath()).stream() + .filter(s -> s != null && s.length() >= 1 && s.charAt(0) != '#' + && !s.trim().isEmpty()) + .collect(Collectors.toList()); + assertEquals("Unexpected number of known_hosts lines", 1, lines.size()); + String line = lines.get(0); + assertFalse("Found host in line", line.contains("localhost")); + assertFalse("Found IP in line", line.contains("127.0.0.1")); + assertTrue("Hash not found", line.contains("|")); + KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line); + assertTrue("Hash doesn't match localhost", + entry.isHostMatch("localhost", testPort) + || entry.isHostMatch("127.0.0.1", testPort)); + } + + @Test public void testPreamble() throws Exception { // Test that the client can deal with strange lines being sent before // the server identification string. |