Update to org.apache.sshd 2.4.0

Change target platforms to Orbit I20200319180910 and regenerate them.
Change package imports to [2.4.0,2.5.0); adapt code to upstream API
changes.

Maven build: update version in root pom.

Bazel build: update version & hash in WORKSPACE file.

Proxy functionality verified manually using 3proxy (HTTP & SOCKS,
with basic authentication) and ssh -vvv -D7020 localhost (SOCKS, no
authentication).

Bug: 561078
Change-Id: I582f6b98055b013c006f2c749890fe6db801cbaa
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

5 files changed, 63 insertions, 65 deletions

diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
index 2195e06d17..2f0c12d388 100644
--- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
@@ -33,48 +33,48 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.8.0";x-inter
    org.apache.sshd.client.session,
    org.apache.sshd.client.keyverifier"
 Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
- org.apache.sshd.agent;version="[2.2.0,2.3.0)",
- org.apache.sshd.client;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.auth;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.auth.keyboard;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.auth.password;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.auth.pubkey;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.channel;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.config.hosts;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.config.keys;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.future;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.keyverifier;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.session;version="[2.2.0,2.3.0)",
- org.apache.sshd.client.subsystem.sftp;version="[2.2.0,2.3.0)",
- org.apache.sshd.common;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.auth;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.channel;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.compression;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.config.keys.loader;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.digest;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.forward;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.future;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.helpers;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.io;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.kex;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.mac;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.random;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.session;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.session.helpers;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.signature;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.subsystem.sftp;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.buffer;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.closeable;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.io;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.io.resource;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.logging;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.net;version="[2.2.0,2.3.0)",
- org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)",
- org.apache.sshd.server.auth;version="[2.2.0,2.3.0)",
+ org.apache.sshd.agent;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.auth;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.auth.keyboard;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.auth.password;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.auth.pubkey;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.channel;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.config.hosts;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.config.keys;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.future;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.keyverifier;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.session;version="[2.4.0,2.5.0)",
+ org.apache.sshd.client.subsystem.sftp;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.auth;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.channel;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.compression;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.config.keys;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.config.keys.loader;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.digest;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.forward;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.future;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.helpers;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.io;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.kex;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.keyprovider;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.mac;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.random;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.session;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.session.helpers;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.signature;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.subsystem.sftp;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.buffer;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.closeable;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.io;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.io.resource;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.logging;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.net;version="[2.4.0,2.5.0)",
+ org.apache.sshd.common.util.security;version="[2.4.0,2.5.0)",
+ org.apache.sshd.server.auth;version="[2.4.0,2.5.0)",
  org.eclipse.jgit.annotations;version="[5.8.0,5.9.0)",
  org.eclipse.jgit.errors;version="[5.8.0,5.9.0)",
  org.eclipse.jgit.fnmatch;version="[5.8.0,5.9.0)",
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthFactory.java
index 2d5991647c..e4b3716fc7 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthFactory.java
@@ -9,8 +9,11 @@
  */
 package org.eclipse.jgit.internal.transport.sshd;
 
+import java.io.IOException;
+
 import org.apache.sshd.client.auth.AbstractUserAuthFactory;
 import org.apache.sshd.client.auth.UserAuth;
+import org.apache.sshd.client.session.ClientSession;
 
 /**
  * Factory to create {@link GssApiWithMicAuthentication} handlers.
@@ -28,7 +31,8 @@ public class GssApiWithMicAuthFactory extends AbstractUserAuthFactory {
 	}
 
 	@Override
-	public UserAuth create() {
+	public UserAuth createUserAuth(ClientSession session)
+			throws IOException {
 		return new GssApiWithMicAuthentication();
 	}
 
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java
index 0bf203f45a..420a1d16eb 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java
@@ -12,6 +12,7 @@ package org.eclipse.jgit.internal.transport.sshd;
 import static java.text.MessageFormat.format;
 
 import java.io.IOException;
+import java.io.StreamCorruptedException;
 import java.net.SocketAddress;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
@@ -309,18 +310,6 @@ public class JGitClientSession extends ClientSessionImpl {
 		return newNames;
 	}
 
-	@Override
-	protected boolean readIdentification(Buffer buffer) throws IOException {
-		// Propagate a failure from doReadIdentification.
-		// TODO: remove for sshd > 2.3.0; its doReadIdentification throws
-		// StreamCorruptedException instead of IllegalStateException.
-		try {
-			return super.readIdentification(buffer);
-		} catch (IllegalStateException e) {
-			throw new IOException(e.getLocalizedMessage(), e);
-		}
-	}
-
 	/**
 	 * Reads the RFC 4253, section 4.2 protocol version identification. The
 	 * Apache MINA sshd default implementation checks for NUL bytes also in any
@@ -336,12 +325,14 @@ public class JGitClientSession extends ClientSessionImpl {
 	 * @return the lines read, with the server identification line last, or
 	 *         {@code null} if no identification line was found and more bytes
 	 *         are needed
-	 *
+	 * @throws StreamCorruptedException
+	 *             if the identification is malformed
 	 * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253,
 	 *      section 4.2</a>
 	 */
 	@Override
-	protected List<String> doReadIdentification(Buffer buffer, boolean server) {
+	protected List<String> doReadIdentification(Buffer buffer, boolean server)
+			throws StreamCorruptedException {
 		if (server) {
 			// Should never happen. No translation; internal bug.
 			throw new IllegalStateException(
@@ -379,12 +370,12 @@ public class JGitClientSession extends ClientSessionImpl {
 				ident.add(line);
 				if (line.startsWith("SSH-")) { //$NON-NLS-1$
 					if (hasNul) {
-						throw new IllegalStateException(
+						throw new StreamCorruptedException(
 								format(SshdText.get().serverIdWithNul,
 										escapeControls(line)));
 					}
 					if (line.length() + eol > 255) {
-						throw new IllegalStateException(
+						throw new StreamCorruptedException(
 								format(SshdText.get().serverIdTooLong,
 										escapeControls(line)));
 					}
@@ -406,7 +397,7 @@ public class JGitClientSession extends ClientSessionImpl {
 					log.debug(msg);
 					log.debug(buffer.toHex());
 				}
-				throw new IllegalStateException(msg);
+				throw new StreamCorruptedException(msg);
 			}
 		}
 		// Need more data
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java
index 0326368fc5..715f3b8edd 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java
@@ -9,9 +9,12 @@
  */
 package org.eclipse.jgit.internal.transport.sshd;
 
+import java.io.IOException;
+
 import org.apache.sshd.client.auth.AbstractUserAuthFactory;
-import org.apache.sshd.client.auth.UserAuth;
+import org.apache.sshd.client.auth.password.UserAuthPassword;
 import org.apache.sshd.client.auth.password.UserAuthPasswordFactory;
+import org.apache.sshd.client.session.ClientSession;
 
 /**
  * A customized {@link UserAuthPasswordFactory} that creates instance of
@@ -27,7 +30,8 @@ public class JGitPasswordAuthFactory extends AbstractUserAuthFactory {
 	}
 
 	@Override
-	public UserAuth create() {
+	public UserAuthPassword createUserAuth(ClientSession session)
+			throws IOException {
 		return new JGitPasswordAuthentication();
 	}
 }
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
index 54157448ac..4c1b49b67f 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
@@ -29,11 +29,10 @@ import java.util.stream.Collectors;
 
 import org.apache.sshd.client.ClientBuilder;
 import org.apache.sshd.client.SshClient;
-import org.apache.sshd.client.auth.UserAuth;
+import org.apache.sshd.client.auth.UserAuthFactory;
 import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
 import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
 import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
-import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.compression.BuiltinCompressions;
 import org.apache.sshd.common.config.keys.FilePasswordProvider;
 import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions;
@@ -505,7 +504,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
 	 * @return the non-empty list of factories.
 	 */
 	@NonNull
-	private List<NamedFactory<UserAuth>> getUserAuthFactories() {
+	private List<UserAuthFactory> getUserAuthFactories() {
 		// About the order of password and keyboard-interactive, see upstream
 		// bug https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 .
 		// Password auth doesn't have this problem.