From ec1116627f251dbc434111840111a417263403ee Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Fri, 5 Oct 2018 21:35:16 +0200 Subject: Apache MINA sshd client: properly handle HostKeyAlgorithms config By default sshd will use its default built-in list, which matches the one of openssh (as far as the algorithms exist in sshd at all). But it doesn't handle HostKeyAlgorithms from the ssh config at all. Implement this as in openssh, including the '+' and '-' modifiers and reordering the default if there are known host keys for a server already. Add tests for the reordering. Also use a more robust reader for the known hosts file. The default aborts on the first error. Bug: 520927 Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916 Signed-off-by: Thomas Wolf --- .../eclipse/jgit/junit/ssh/SshTestGitServer.java | 44 ++++++++++++++++++---- 1 file changed, 37 insertions(+), 7 deletions(-) (limited to 'org.eclipse.jgit.junit/src') diff --git a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java index 3c1111d242..97058e76ea 100644 --- a/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java +++ b/org.eclipse.jgit.junit/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java @@ -44,6 +44,8 @@ package org.eclipse.jgit.junit.ssh; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.KeyPair; @@ -101,6 +103,9 @@ public class SshTestGitServer { @NonNull private Repository repository; + @NonNull + private List hostKeys = new ArrayList<>(); + private final ExecutorService executorService = Executors .newFixedThreadPool(2); @@ -130,17 +135,16 @@ public class SshTestGitServer { this.repository = repository; server = SshServer.setUpDefaultServer(); // Set host key + try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) { + hostKeys.add(SecurityUtils.loadKeyPairIdentity("", in, null)); + } catch (IOException | GeneralSecurityException e) { + // Ignore. + } server.setKeyPairProvider(new KeyPairProvider() { @Override public Iterable loadKeys() { - try (ByteArrayInputStream in = new ByteArrayInputStream( - hostKey)) { - return Collections.singletonList( - SecurityUtils.loadKeyPairIdentity("", in, null)); - } catch (IOException | GeneralSecurityException e) { - return null; - } + return hostKeys; } }); @@ -219,6 +223,32 @@ public class SshTestGitServer { return authentications; } + /** + * Adds an additional host key to the server. + * + * @param key + * path to the private key file; should not be encrypted + * @param inFront + * whether to add the new key before other existing keys + * @throws IOException + * if the file denoted by the {@link Path} {@code key} cannot be + * read + * @throws GeneralSecurityException + * if the key contained in the file cannot be read + */ + public void addHostKey(@NonNull Path key, boolean inFront) + throws IOException, GeneralSecurityException { + try (InputStream in = Files.newInputStream(key)) { + KeyPair pair = SecurityUtils.loadKeyPairIdentity(key.toString(), in, + null); + if (inFront) { + hostKeys.add(0, pair); + } else { + hostKeys.add(pair); + } + } + } + /** * Starts the test server, listening on a random port. * -- cgit v1.2.3