diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2018-11-16 17:00:25 +0100 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-11-17 07:28:08 -0800 |
commit | 00b235f0b86769ec6781a8114cd741f3cba08de5 (patch) | |
tree | 32066a6319b5b43b521abb162be76cce492ef161 /org.eclipse.jgit.test/src/org | |
parent | 1316d43e51d4f687e2b0cc32665495e7bc18c9f9 (diff) | |
download | jgit-00b235f0b86769ec6781a8114cd741f3cba08de5.tar.gz jgit-00b235f0b86769ec6781a8114cd741f3cba08de5.zip |
Apache MINA sshd client: test & fix password authentication
Add tests for password and keyboard-interactive authentication.
Implement password authentication; the default provided by sshd
is non-interactive, which is not useful for JGit.
Make sure the CredentialsProvider gets reset on successive password
retrieval attempts. Otherwise it might always return the same non-
accepted password from a secure storage. (That one was discovered
by actually trying this via EGit; the JGit tests don't catch this.)
Change the default order of authentication mechanisms to prefer
password over keyboard-interactive. This is a mitigation for upstream
bug SSHD-866.[1]
Also include a fix for upstream bug SSHD-867.[2]
[1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866
[2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867
Bug: 520927
Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.test/src/org')
-rw-r--r-- | org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java index 86dbc4edcd..92a2fbd275 100644 --- a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java +++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java @@ -54,6 +54,7 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.util.List; +import java.util.Locale; import org.eclipse.jgit.api.errors.TransportException; import org.eclipse.jgit.transport.CredentialItem; @@ -668,6 +669,137 @@ public abstract class SshTestBase extends SshTestHarness { "IdentityFile " + privateKey1.getAbsolutePath()); } + @Test + public void testPasswordAuth() throws Exception { + server.enablePasswordAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications password"); + } + + @Test + public void testPasswordAuthSeveralTimes() throws Exception { + server.enablePasswordAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications password"); + } + + @Test(expected = TransportException.class) + public void testPasswordAuthWrongPassword() throws Exception { + server.enablePasswordAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass"); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications password"); + } + + @Test(expected = TransportException.class) + public void testPasswordAuthNoPassword() throws Exception { + server.enablePasswordAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider(); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications password"); + } + + @Test(expected = TransportException.class) + public void testPasswordAuthCorrectPasswordTooLate() throws Exception { + server.enablePasswordAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass", "wrongpass", "wrongpass", + TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications password"); + } + + @Test + public void testKeyboardInteractiveAuth() throws Exception { + server.enableKeyboardInteractiveAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications keyboard-interactive"); + } + + @Test + public void testKeyboardInteractiveAuthSeveralTimes() throws Exception { + server.enableKeyboardInteractiveAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications keyboard-interactive"); + } + + @Test(expected = TransportException.class) + public void testKeyboardInteractiveAuthWrongPassword() throws Exception { + server.enableKeyboardInteractiveAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass"); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications keyboard-interactive"); + } + + @Test(expected = TransportException.class) + public void testKeyboardInteractiveAuthNoPassword() throws Exception { + server.enableKeyboardInteractiveAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider(); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications keyboard-interactive"); + } + + @Test(expected = TransportException.class) + public void testKeyboardInteractiveAuthCorrectPasswordTooLate() + throws Exception { + server.enableKeyboardInteractiveAuthentication(); + TestCredentialsProvider provider = new TestCredentialsProvider( + "wrongpass", "wrongpass", "wrongpass", + TEST_USER.toUpperCase(Locale.ROOT)); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "PreferredAuthentications keyboard-interactive"); + } + @Theory public void testSshKeys(String keyName) throws Exception { // JSch fails on ECDSA 384/521 keys. Compare |