2 files changed, 60 insertions, 2 deletions

diff --git a/org.eclipse.jgit.junit/META-INF/MANIFEST.MF b/org.eclipse.jgit.junit/META-INF/MANIFEST.MF
index e44ee0301e..044576fcc8 100644
--- a/org.eclipse.jgit.junit/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.junit/META-INF/MANIFEST.MF
@@ -8,17 +8,22 @@ Bundle-Localization: plugin
 Bundle-Vendor: %provider_name
 Bundle-ActivationPolicy: lazy
 Bundle-RequiredExecutionEnvironment: JavaSE-1.8
-Import-Package:  org.apache.sshd.common;version="[2.0.0,2.1.0)",
+Import-Package: org.apache.sshd.common;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.config.keys;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.file.virtualfs;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.helpers;version="[2.0.0,2.1.0)",
+ org.apache.sshd.common.io;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.kex;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.keyprovider;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.session;version="[2.0.0,2.1.0)",
+ org.apache.sshd.common.util.buffer;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.util.logging;version="[2.0.0,2.1.0)",
  org.apache.sshd.common.util.security;version="[2.0.0,2.1.0)",
  org.apache.sshd.server;version="[2.0.0,2.1.0)",
+ org.apache.sshd.server.auth;version="[2.0.0,2.1.0)",
+ org.apache.sshd.server.auth.gss;version="[2.0.0,2.1.0)",
  org.apache.sshd.server.command;version="[2.0.0,2.1.0)",
+ org.apache.sshd.server.session;version="[2.0.0,2.1.0)",
  org.apache.sshd.server.shell;version="[2.0.0,2.1.0)",
  org.apache.sshd.server.subsystem.sftp;version="[2.0.0,2.1.0)",
  org.eclipse.jgit.annotations;version="[5.2.0,5.3.0)",
diff --git a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
index 8d3207c43e..3c1111d242 100644
--- a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
+++ b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
@@ -49,19 +49,30 @@ import java.security.GeneralSecurityException;
 import java.security.KeyPair;
 import java.security.PublicKey;
 import java.text.MessageFormat;
+import java.util.ArrayList;
 import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
+import org.apache.sshd.common.NamedFactory;
+import org.apache.sshd.common.SshConstants;
 import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
 import org.apache.sshd.common.config.keys.KeyUtils;
 import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
 import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
 import org.apache.sshd.common.keyprovider.KeyPairProvider;
 import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.util.buffer.Buffer;
 import org.apache.sshd.common.util.security.SecurityUtils;
+import org.apache.sshd.server.ServerAuthenticationManager;
 import org.apache.sshd.server.SshServer;
+import org.apache.sshd.server.auth.UserAuth;
+import org.apache.sshd.server.auth.gss.GSSAuthenticator;
+import org.apache.sshd.server.auth.gss.UserAuthGSS;
+import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
 import org.apache.sshd.server.command.AbstractCommandSupport;
+import org.apache.sshd.server.session.ServerSession;
 import org.apache.sshd.server.shell.UnknownCommand;
 import org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory;
 import org.eclipse.jgit.annotations.NonNull;
@@ -142,6 +153,7 @@ public class SshTestGitServer {
 						.getParentFile().getAbsoluteFile().toPath();
 			}
 		});
+		server.setUserAuthFactories(getAuthFactories());
 		server.setSubsystemFactories(Collections
 				.singletonList((new SftpSubsystemFactory.Builder()).build()));
 		// No shell
@@ -149,8 +161,15 @@ public class SshTestGitServer {
 		// Disable some authentications
 		server.setPasswordAuthenticator(null);
 		server.setKeyboardInteractiveAuthenticator(null);
-		server.setGSSAuthenticator(null);
 		server.setHostBasedAuthenticator(null);
+		// Pretend we did gssapi-with-mic.
+		server.setGSSAuthenticator(new GSSAuthenticator() {
+			@Override
+			public boolean validateInitialUser(ServerSession session,
+					String user) {
+				return false;
+			}
+		});
 		// Accept only the test user/public key
 		server.setPublickeyAuthenticator((userName, publicKey, session) -> {
 			return SshTestGitServer.this.testUser.equals(userName) && KeyUtils
@@ -166,6 +185,40 @@ public class SshTestGitServer {
 		});
 	}
 
+	private static class FakeUserAuthGSS extends UserAuthGSS {
+		@Override
+		protected Boolean doAuth(Buffer buffer, boolean initial)
+				throws Exception {
+			// We always reply that we did do this, but then we fail at the
+			// first token message. That way we can test that the client-side
+			// sends the correct initial request and then is skipped correctly,
+			// even if it causes a GSSException if Kerberos isn't configured at
+			// all.
+			if (initial) {
+				ServerSession session = getServerSession();
+				Buffer b = session.createBuffer(
+						SshConstants.SSH_MSG_USERAUTH_INFO_REQUEST);
+				b.putBytes(KRB5_MECH.getDER());
+				session.writePacket(b);
+				return null;
+			}
+			return Boolean.FALSE;
+		}
+	}
+
+	private List<NamedFactory<UserAuth>> getAuthFactories() {
+		List<NamedFactory<UserAuth>> authentications = new ArrayList<>();
+		authentications.add(
+				ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
+		authentications.add(new UserAuthGSSFactory() {
+			@Override
+			public UserAuth create() {
+				return new FakeUserAuthGSS();
+			}
+		});
+		return authentications;
+	}
+
 	/**
 	 * Starts the test server, listening on a random port.
 	 *