aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.test/src/org/eclipse
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2018-10-05 21:35:16 +0200
committerMatthias Sohn <matthias.sohn@sap.com>2018-11-13 10:49:26 -0800
commitec1116627f251dbc434111840111a417263403ee (patch)
treeff7241ac75492d96311a4eca8d79eb09bde5a58d /org.eclipse.jgit.test/src/org/eclipse
parent63a87b398ff67584069ab8cf6a17824f009a7102 (diff)
downloadjgit-ec1116627f251dbc434111840111a417263403ee.tar.gz
jgit-ec1116627f251dbc434111840111a417263403ee.zip
Apache MINA sshd client: properly handle HostKeyAlgorithms config
By default sshd will use its default built-in list, which matches the one of openssh (as far as the algorithms exist in sshd at all). But it doesn't handle HostKeyAlgorithms from the ssh config at all. Implement this as in openssh, including the '+' and '-' modifiers and reordering the default if there are known host keys for a server already. Add tests for the reordering. Also use a more robust reader for the known hosts file. The default aborts on the first error. Bug: 520927 Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.test/src/org/eclipse')
-rw-r--r--org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java36
1 files changed, 36 insertions, 0 deletions
diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
index 3b5aa5adb7..3e4493119e 100644
--- a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
+++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
@@ -595,6 +595,42 @@ public abstract class SshTestBase extends SshTestHarness {
"PreferredAuthentications password");
}
+ @Test
+ public void testRsaHostKeySecond() throws Exception {
+ // See https://git.eclipse.org/r/#/c/130402/ : server has EcDSA
+ // (preferred), RSA, we have RSA in known_hosts: client and server
+ // should agree on RSA.
+ File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
+ copyTestResource("id_ecdsa_256", newHostKey);
+ server.addHostKey(newHostKey.toPath(), true);
+ cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+ "Host git", //
+ "HostName localhost", //
+ "Port " + testPort, //
+ "User " + TEST_USER, //
+ "IdentityFile " + privateKey1.getAbsolutePath());
+ }
+
+ @Test
+ public void testEcDsaHostKey() throws Exception {
+ // See https://git.eclipse.org/r/#/c/130402/ : server has RSA
+ // (preferred), EcDSA, we have EcDSA in known_hosts: client and server
+ // should agree on EcDSA.
+ File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
+ copyTestResource("id_ecdsa_256", newHostKey);
+ server.addHostKey(newHostKey.toPath(), false);
+ File newHostKeyPub = new File(getTemporaryDirectory(),
+ "newhostkey.pub");
+ copyTestResource("id_ecdsa_256.pub", newHostKeyPub);
+ createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
+ cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+ "Host git", //
+ "HostName localhost", //
+ "Port " + testPort, //
+ "User " + TEST_USER, //
+ "IdentityFile " + privateKey1.getAbsolutePath());
+ }
+
@Theory
public void testSshKeys(String keyName) throws Exception {
// JSch fails on ECDSA 384/521 keys. Compare