1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
/*
* Copyright (C) 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.transport.sshd;
import static org.junit.Assert.assertNotNull;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshSessionFactory;
import org.eclipse.jgit.junit.ssh.SshTestHarness;
import org.eclipse.jgit.util.FS;
import org.junit.After;
import org.junit.Test;
/**
* Test for using the SshdSessionFactory without files in ~/.ssh but with an
* in-memory setup, creating the factory via the builder API.
*/
public class NoFilesSshBuilderTest extends SshTestHarness {
private PublicKey testServerKey;
private KeyPair testUserKey;
@Override
protected SshSessionFactory createSessionFactory() {
return new SshdSessionFactoryBuilder() //
// No proxies in tests
.setProxyDataFactory(null)
// No ssh-agent in tests
.setConnectorFactory(null)
.setConfigStoreFactory((h, f, u) -> null)
.setDefaultKeysProvider(f -> new KeyAuthenticator())
.setServerKeyDatabase((h, s) -> new ServerKeyDatabase() {
@Override
public List<PublicKey> lookup(String connectAddress,
InetSocketAddress remoteAddress,
Configuration config) {
return Collections.singletonList(testServerKey);
}
@Override
public boolean accept(String connectAddress,
InetSocketAddress remoteAddress,
PublicKey serverKey, Configuration config,
CredentialsProvider provider) {
return KeyUtils.compareKeys(serverKey, testServerKey);
}
}) //
.setPreferredAuthentications("publickey")
.setHomeDirectory(FS.DETECTED.userHome())
.setSshDirectory(sshDir) //
.build(new JGitKeyCache());
}
private class KeyAuthenticator
implements KeyIdentityProvider, Iterable<KeyPair> {
@Override
public Iterator<KeyPair> iterator() {
// Should not be called. The use of the Iterable interface in
// SshdSessionFactory.getDefaultKeys() made sense in sshd 2.0.0,
// but sshd 2.2.0 added the SessionContext, which although good
// (without it we couldn't check here) breaks the Iterable analogy.
// But we're stuck now with that interface for getDefaultKeys, and
// so this override throwing an exception is unfortunately needed.
throw new UnsupportedOperationException();
}
@Override
public Iterable<KeyPair> loadKeys(SessionContext session)
throws IOException, GeneralSecurityException {
if (!TEST_USER.equals(session.getUsername())) {
return Collections.emptyList();
}
SshdSocketAddress remoteAddress = SshdSocketAddress
.toSshdSocketAddress(session.getRemoteAddress());
switch (remoteAddress.getHostName()) {
case "localhost":
case "127.0.0.1":
return Collections.singletonList(testUserKey);
default:
return Collections.emptyList();
}
}
}
@After
public void cleanUp() {
testServerKey = null;
testUserKey = null;
}
@Override
protected void installConfig(String... config) {
File configFile = new File(sshDir, Constants.CONFIG);
if (config != null) {
try {
Files.write(configFile.toPath(), Arrays.asList(config));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
}
@Test
public void testCloneWithBuiltInKeys() throws Exception {
// This test should fail unless our in-memory setup is taken: no
// known_hosts file, a config that specifies a non-existing key,
// and the test is using a newly generated KeyPairs anyway.
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
testUserKey = generator.generateKeyPair();
KeyPair hostKey = generator.generateKeyPair();
server.addHostKey(hostKey, true);
testServerKey = hostKey.getPublic();
assertNotNull(testServerKey);
assertNotNull(testUserKey);
server.setTestUserPublicKey(testUserKey.getPublic());
cloneWith(
"ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter",
new File(getTemporaryDirectory(), "cloned"), null, //
"Host localhost", //
"IdentityFile "
+ new File(sshDir, "does_not_exist").getAbsolutePath());
}
}
|
