aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.junit.ssh/src
Commit message (Collapse)AuthorAgeFilesLines
* Add missing since tag for SshBasicTestBasestable-5.11Matthias Sohn2023-04-201-0/+2
| | | | Change-Id: Iad8ae9bb526418b279dc54a5e9d0c877c1eca475
* Merge branch 'stable-5.10' into stable-5.11Matthias Sohn2023-04-201-0/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-5.10: Add missing since tag for SshTestHarness#publicKey2 Silence API errors Prevent infinite loop rescanning the pack list on PackMismatchException Remove blank in maven.config Migrated "Prevent infinite loop rescanning the pack list on PackMismatchException" to refactoring done in https://git.eclipse.org/r/q/topic:restore-preserved-packs Change-Id: I0fb77bb9b498d48d5da88a93486b99bf8121e3bd
| * Add missing since tag for SshTestHarness#publicKey2stable-5.10Matthias Sohn2023-04-201-0/+3
| | | | | | | | Change-Id: Ib6e4945340d2e1761dc0e787bdbe72286cdc95bc
* | Migrate to Apache MINA sshd 2.6.0 and Orbit I20210203173513David Ostrovsky2021-02-041-16/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Re-enable DSA, DSA_CERT, and RSA_CERT public key authentication. DSA is discouraged for a long time already, but it might still be way too disruptive to completely drop it. RSA is discouraged for far less long, and dropping that would be really disruptive. Adapt to the changed property handling. Remove work-arounds for shortcomings of earlier sshd versions. Use Orbit I20210203173513, which includes sshd 2.6.0. This also bumps apache.httpclient to 4.5.13 and apache.httpcore to 4.4.14. Change-Id: I2d24a1ce4cc9f616a94bb5c4bdaedbf20dc6638e Signed-off-by: David Ostrovsky <david@ostrovsky.org> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* | Client-side protocol V2 support for fetchingThomas Wolf2021-01-012-19/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (stateless protocol, simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. The SSH tests are much slower and much more focused on the SSH protocol and SSH key handling. Factor out two very simple cloning and pulling tests and make those run with protocol V2. Bug: 553083 Change-Id: I357c7f5daa7efb2872f1c64ee6f6d54229031ae1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* | [spotbugs] Silence NP_BOOLEAN_RETURN_NULL in FakeUserAuthGSS#doAuthMatthias Sohn2020-12-221-1/+2
|/ | | | | | Also mark the return value @Nullable to enable null analysis in Eclipse. Change-Id: Ib954b231d743da6ea122adb2cc4880b5f99824cc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* sshd: support the ProxyJump ssh configThomas Wolf2020-09-191-1/+3
| | | | | | | | | | | | | | This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Fix JSchProcess.waitFor() with time-outThomas Wolf2020-08-102-4/+108
| | | | | | | | | | | | | | | | SshSupport.runSshCommand() had a comment that wait with time-out could not be used because JSchProcess.exitValue() threw the wrong unchecked exception when the process was still running. Fix this and make JSchProcess.exitValue() throw the right exception, then wait with a time-out in SshSupport. The Apache sshd client's SshdExecProcess has always used the correct IllegalThreadStateException. Add tests for SshSupport.runCommand(). Change-Id: Id30893174ae8be3b9a16119674049337b0cf4381 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: use PropertyResolver in testThomas Wolf2020-07-281-6/+6
| | | | | | | | | | Improve the SshTestGitServer API for accessing the server properties. Instead of returning the raw property map, return the proper sshd API abstraction PropertyResolver. This makes the interface more resilient against upstream changes. Change-Id: Ie5b685bddc4e59f3eb6c121026d3658d57618ca4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Remove dependency on JSch from SSH test frameworkThomas Wolf2020-07-262-43/+115
| | | | | | | | | | Use standard java.security to generate test keys, use sshd to write public key files, and write PKCS#8 PEM files for our non-encrypted test private keys. This is a format that both JSch and Apache MINA sshd can read. Change-Id: I6ec55cfd7346b672a7fb6139d51abfb06d81a394 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Add a test for upstream bug SSHD-1028Thomas Wolf2020-07-031-0/+12
| | | | | | | | | SSHD-1028:[1] server doesn't close server-side sessions properly when client disconnects. [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1028 Change-Id: I0d67f49e35abe8375cb1370a494dc01d0fb2c9b1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Decouple JSch from JGit CoreMatthias Sohn2020-06-012-0/+1231
| | | | | | | | | | | | | | | | | | | | | | | | Motivation: JSch serves as 'default' implementations of the SSH transport. If a client application does not use it then there is no need to pull in this dependency. Move the classes depending on JSch to an OSGi fragment extending the org.eclipse.jgit bundle and keep them in the same package as before since moving them to another package would break API. Defer moving them to a separate package to the next major release. Add a new feature org.eclipse.jgit.ssh.jsch feature to enable installation. With that users can now decide which of the ssh client integrations (JCraft JSch or Apache Mina SSHD) they want to install. We will remove the JCraft JSch integration in a later step due to the reasons discussed in bug 520927. Bug: 553625 Change-Id: I5979c8a9dbbe878a2e8ac0fbfde7230059d74dc2 Also-by: Michael Dardis <git@md-5.net> Signed-off-by: Michael Dardis <git@md-5.net> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Signed-off-by: David Ostrovsky <david@ostrovsky.org>
* In-memory SSH keys for the "no files" sshd testsThomas Wolf2020-05-231-6/+31
| | | | | | | Avoid using a key written to a file. This makes it clearer that the test does not rely on files being present. Change-Id: I31cf4f404aab5b891c32fc4bda906b7f8fe03777 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Update to org.apache.sshd 2.4.0Thomas Wolf2020-03-221-8/+9
| | | | | | | | | | | | | | | | | Change target platforms to Orbit I20200319180910 and regenerate them. Change package imports to [2.4.0,2.5.0); adapt code to upstream API changes. Maven build: update version in root pom. Bazel build: update version & hash in WORKSPACE file. Proxy functionality verified manually using 3proxy (HTTP & SOCKS, with basic authentication) and ssh -vvv -D7020 localhost (SOCKS, no authentication). Bug: 561078 Change-Id: I582f6b98055b013c006f2c749890fe6db801cbaa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Update EDL 1.0 license headers to new short SPDX compliant formatMatthias Sohn2020-01-041-38/+5
| | | | | | | | | | This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* sshd: add missing javadoc in SshTestGitServerThomas Wolf2019-07-151-0/+10
| | | | Change-Id: Ie2e207eb05e0f6da8018153f8a5dd636e8f35f4c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* sshd: correct the protocol version exchangeThomas Wolf2019-07-151-0/+18
| | | | | | | | | | | | | | | | | | | RFC 4253 section 4.2 allows an ssh server to send additional lines before its server identification string. Apache MINA sshd enforces for these lines the constraints specified for the server identification line, too: no NUL characters and not longer than 255 characters. That is too strict. RFC 4253 doesn't mandate this, and it also doesn't make sense given the rationale for these lines in RFC 4253: a TCP wrapper may not be aware of SSH restrictions, and may not adhere to these constraints. Be more lenient when parsing the server's protocol version. Allow NULs and longer lines in the preamble, and also handle line endings more leniently. Only enforce the restrictions for the actual server identification line. Bug: 545939 Change-Id: I75955e9d8a8daef7c04fc0f39539c2ee93514e1c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Apache MINA sshd client: adapt to sshd 2.2.0Thomas Wolf2019-05-061-13/+17
| | | | | | | | | | | | | | Update target platforms, maven and bazel builds to use sshd 2.2.0. Adapt internal classes to changed sshd interfaces and remove previous work-arounds for asking repeatedly for key passwords and for loading keys lazily; both are now done by sshd. CQ: 19034 CQ: 19035 Bug: 541425 Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
* Apache MINA sshd client: test & fix password authenticationThomas Wolf2018-11-171-2/+32
| | | | | | | | | | | | | | | | | | | | | | | Add tests for password and keyboard-interactive authentication. Implement password authentication; the default provided by sshd is non-interactive, which is not useful for JGit. Make sure the CredentialsProvider gets reset on successive password retrieval attempts. Otherwise it might always return the same non- accepted password from a secure storage. (That one was discovered by actually trying this via EGit; the JGit tests don't catch this.) Change the default order of authentication mechanisms to prefer password over keyboard-interactive. This is a mitigation for upstream bug SSHD-866.[1] Also include a fix for upstream bug SSHD-867.[2] [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 [2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867 Bug: 520927 Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Move SshTestGitServer to new bundle org.eclipse.jgit.junit.sshThomas Wolf2018-11-171-0/+362
Create the bundle and move the SshTestGitServer there. Verified that the Eclipse build still works and ran JSchSshTest and ApacheSshTest as junit tests inside Eclipse. Update maven build and features to account for that. Verified by running full maven build including packaging. Update bazel build files to account for that. Verified by a clean-slate bazel build :all, followed by running the JSchSshTest and the ApacheSshTest via bazel. Change-Id: Ia084942f4425b454529de148e00417e7da786a90 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>