|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844 |
- /*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
- * and other copyright owners as documented in the project's IP log.
- *
- * This program and the accompanying materials are made available
- * under the terms of the Eclipse Distribution License v1.0 which
- * accompanies this distribution, is reproduced below, and is
- * available at http://www.eclipse.org/org/documents/edl-v10.php
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or
- * without modification, are permitted provided that the following
- * conditions are met:
- *
- * - Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * - Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * - Neither the name of the Eclipse Foundation, Inc. nor the
- * names of its contributors may be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- package org.eclipse.jgit.transport.ssh;
-
- import static org.junit.Assert.assertArrayEquals;
- import static org.junit.Assert.assertEquals;
- import static org.junit.Assert.assertFalse;
- import static org.junit.Assert.assertNotNull;
- import static org.junit.Assert.assertTrue;
- import static org.junit.Assume.assumeTrue;
-
- import java.io.File;
- import java.io.IOException;
- import java.nio.charset.StandardCharsets;
- import java.nio.file.Files;
- import java.util.List;
- import java.util.Locale;
-
- import org.eclipse.jgit.api.errors.TransportException;
- import org.eclipse.jgit.transport.CredentialItem;
- import org.eclipse.jgit.transport.JschConfigSessionFactory;
- import org.junit.Test;
- import org.junit.experimental.theories.DataPoints;
- import org.junit.experimental.theories.Theory;
-
- /**
- * The ssh tests. Concrete subclasses can re-use these tests by implementing the
- * abstract operations from {@link SshTestHarness}. This gives a way to test
- * different ssh clients against a unified test suite.
- */
- public abstract class SshTestBase extends SshTestHarness {
-
- @DataPoints
- public static String[] KEY_RESOURCES = { //
- "id_dsa", //
- "id_rsa_1024", //
- "id_rsa_2048", //
- "id_rsa_3072", //
- "id_rsa_4096", //
- "id_ecdsa_256", //
- "id_ecdsa_384", //
- "id_ecdsa_521", //
- "id_ed25519", //
- // And now encrypted. Passphrase is "testpass".
- "id_dsa_testpass", //
- "id_rsa_1024_testpass", //
- "id_rsa_2048_testpass", //
- "id_rsa_3072_testpass", //
- "id_rsa_4096_testpass", //
- "id_ecdsa_256_testpass", //
- "id_ecdsa_384_testpass", //
- "id_ecdsa_521_testpass" };
-
- protected File defaultCloneDir;
-
- @Override
- public void setUp() throws Exception {
- super.setUp();
- defaultCloneDir = new File(getTemporaryDirectory(), "cloned");
- }
-
- @Test(expected = TransportException.class)
- public void testSshWithoutConfig() throws Exception {
- cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
- + "/doesntmatter", defaultCloneDir, null);
- }
-
- @Test
- public void testSshWithGlobalIdentity() throws Exception {
- cloneWith(
- "ssh://" + TEST_USER + "@localhost:" + testPort
- + "/doesntmatter",
- defaultCloneDir, null,
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithDefaultIdentity() throws Exception {
- File idRsa = new File(privateKey1.getParentFile(), "id_rsa");
- Files.copy(privateKey1.toPath(), idRsa.toPath());
- // We expect the session factory to pick up these keys...
- cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
- + "/doesntmatter", defaultCloneDir, null);
- }
-
- @Test
- public void testSshWithConfig() throws Exception {
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithConfigEncryptedUnusedKey() throws Exception {
- // Copy the encrypted test key from the bundle.
- File encryptedKey = new File(sshDir, "id_dsa");
- copyTestResource("id_dsa_testpass", encryptedKey);
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "testpass");
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- assertEquals("CredentialsProvider should not have been called", 0,
- provider.getLog().size());
- }
-
- @Test
- public void testSshWithConfigEncryptedUnusedKeyInConfigLast()
- throws Exception {
- // Copy the encrypted test key from the bundle.
- File encryptedKey = new File(sshDir, "id_dsa_test_key");
- copyTestResource("id_dsa_testpass", encryptedKey);
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "testpass");
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(),
- "IdentityFile " + encryptedKey.getAbsolutePath());
- // This test passes with JSch per chance because JSch completely ignores
- // the second IdentityFile
- assertEquals("CredentialsProvider should not have been called", 0,
- provider.getLog().size());
- }
-
- @Test
- public void testSshWithConfigEncryptedUnusedKeyInConfigFirst()
- throws Exception {
- // Test cannot pass with JSch; it handles only one IdentityFile.
- // assumeTrue(!(getSessionFactory() instanceof
- // JschConfigSessionFactory)); gives in bazel a failure with "Never
- // found parameters that satisfied method assumptions."
- // In maven it's fine!?
- if (getSessionFactory() instanceof JschConfigSessionFactory) {
- return;
- }
- // Copy the encrypted test key from the bundle.
- File encryptedKey = new File(sshDir, "id_dsa_test_key");
- copyTestResource("id_dsa_testpass", encryptedKey);
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "testpass");
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + encryptedKey.getAbsolutePath(),
- "IdentityFile " + privateKey1.getAbsolutePath());
- assertEquals("CredentialsProvider should have been called once", 1,
- provider.getLog().size());
- }
-
- @Test
- public void testSshEncryptedUsedKeyCached() throws Exception {
- // Make sure we are asked for the password only once if we do several
- // operations with an encrypted key.
- File encryptedKey = new File(sshDir, "id_dsa_test_key");
- copyTestResource("id_dsa_testpass", encryptedKey);
- File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
- copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
- server.setTestUserPublicKey(encryptedPublicKey.toPath());
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "testpass");
- pushTo(provider,
- cloneWith("ssh://localhost/doesntmatter", //
- defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + encryptedKey.getAbsolutePath()));
- assertEquals("CredentialsProvider should have been called once", 1,
- provider.getLog().size());
- }
-
- @Test(expected = TransportException.class)
- public void testSshEncryptedUsedKeyWrongPassword() throws Exception {
- File encryptedKey = new File(sshDir, "id_dsa_test_key");
- copyTestResource("id_dsa_testpass", encryptedKey);
- File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
- copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
- server.setTestUserPublicKey(encryptedPublicKey.toPath());
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass");
- cloneWith("ssh://localhost/doesntmatter", //
- defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "NumberOfPasswordPrompts 1", //
- "IdentityFile " + encryptedKey.getAbsolutePath());
- }
-
- @Test
- public void testSshEncryptedUsedKeySeveralPassword() throws Exception {
- File encryptedKey = new File(sshDir, "id_dsa_test_key");
- copyTestResource("id_dsa_testpass", encryptedKey);
- File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
- copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
- server.setTestUserPublicKey(encryptedPublicKey.toPath());
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass", "wrongpass2", "testpass");
- cloneWith("ssh://localhost/doesntmatter", //
- defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + encryptedKey.getAbsolutePath());
- assertEquals("CredentialsProvider should have been called 3 times", 3,
- provider.getLog().size());
- }
-
- @Test(expected = TransportException.class)
- public void testSshWithoutKnownHosts() throws Exception {
- assertTrue("Could not delete known_hosts", knownHosts.delete());
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithoutKnownHostsWithProviderAsk()
- throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- // The provider will answer "yes" to all questions, so we should be able
- // to connect and end up with a new known_hosts file with the host key.
- TestCredentialsProvider provider = new TestCredentialsProvider();
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- List<LogEntry> messages = provider.getLog();
- assertFalse("Expected user interaction", messages.isEmpty());
- if (getSessionFactory() instanceof JschConfigSessionFactory) {
- // JSch doesn't create a non-existing file.
- assertEquals("Expected to be asked about the key", 1,
- messages.size());
- return;
- }
- assertEquals(
- "Expected to be asked about the key, and the file creation",
- 2, messages.size());
- assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
- // Instead of checking the file contents, let's just clone again
- // without provider. If it works, the server host key was written
- // correctly.
- File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
- cloneWith("ssh://localhost/doesntmatter", clonedAgain, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithoutKnownHostsWithProviderAcceptNew()
- throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- TestCredentialsProvider provider = new TestCredentialsProvider();
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "StrictHostKeyChecking accept-new", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- if (getSessionFactory() instanceof JschConfigSessionFactory) {
- // JSch doesn't create new files.
- assertTrue("CredentialsProvider not called",
- provider.getLog().isEmpty());
- return;
- }
- assertEquals("Expected to be asked about the file creation", 1,
- provider.getLog().size());
- assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
- // Instead of checking the file contents, let's just clone again
- // without provider. If it works, the server host key was written
- // correctly.
- File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
- cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test(expected = TransportException.class)
- public void testSshWithoutKnownHostsDeny() throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "StrictHostKeyChecking yes", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test(expected = TransportException.class)
- public void testSshModifiedHostKeyDeny()
- throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- // Now produce a new known_hosts file containing some other key.
- createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "StrictHostKeyChecking yes", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test(expected = TransportException.class)
- public void testSshModifiedHostKeyWithProviderDeny() throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- // Now produce a new known_hosts file containing some other key.
- createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
- TestCredentialsProvider provider = new TestCredentialsProvider();
- try {
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "StrictHostKeyChecking yes", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- } catch (Exception e) {
- assertEquals("Expected to be told about the modified key", 1,
- provider.getLog().size());
- assertTrue("Only messages expected", provider.getLog().stream()
- .flatMap(l -> l.getItems().stream()).allMatch(
- c -> c instanceof CredentialItem.InformationalMessage));
- throw e;
- }
- }
-
- private void checkKnownHostsModifiedHostKey(File backup, File newFile,
- String wrongKey) throws IOException {
- List<String> oldLines = Files.readAllLines(backup.toPath(),
- StandardCharsets.UTF_8);
- // Find the original entry. We should have that again in known_hosts.
- String oldKeyPart = null;
- for (String oldLine : oldLines) {
- if (oldLine.contains("[localhost]:")) {
- String[] parts = oldLine.split("\\s+");
- if (parts.length > 2) {
- oldKeyPart = parts[parts.length - 2] + ' '
- + parts[parts.length - 1];
- break;
- }
- }
- }
- assertNotNull("Old key not found", oldKeyPart);
- List<String> newLines = Files.readAllLines(newFile.toPath(),
- StandardCharsets.UTF_8);
- assertFalse("Old host key still found in known_hosts file" + newFile,
- hasHostKey("localhost", testPort, wrongKey, newLines));
- assertTrue("New host key not found in known_hosts file" + newFile,
- hasHostKey("localhost", testPort, oldKeyPart, newLines));
-
- }
-
- @Test
- public void testSshModifiedHostKeyAllow() throws Exception {
- assertTrue("Failed to delete known_hosts", knownHosts.delete());
- createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
- File backup = new File(getTemporaryDirectory(), "backupKnownHosts");
- Files.copy(knownHosts.toPath(), backup.toPath());
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "StrictHostKeyChecking no", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- // File should not have been updated!
- String[] oldLines = Files
- .readAllLines(backup.toPath(), StandardCharsets.UTF_8)
- .toArray(new String[0]);
- String[] newLines = Files
- .readAllLines(knownHosts.toPath(), StandardCharsets.UTF_8)
- .toArray(new String[0]);
- assertArrayEquals("Known hosts file should not be modified", oldLines,
- newLines);
- }
-
- @Test
- public void testSshModifiedHostKeyAsk() throws Exception {
- File copiedHosts = new File(knownHosts.getParentFile(),
- "copiedKnownHosts");
- assertTrue("Failed to rename known_hosts",
- knownHosts.renameTo(copiedHosts));
- String wrongKeyPart = createKnownHostsFile(knownHosts, "localhost",
- testPort, publicKey1);
- TestCredentialsProvider provider = new TestCredentialsProvider();
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- checkKnownHostsModifiedHostKey(copiedHosts, knownHosts, wrongKeyPart);
- assertEquals("Expected to be asked about the modified key", 1,
- provider.getLog().size());
- }
-
- @Test
- public void testSshCloneWithConfigAndPush() throws Exception {
- pushTo(cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath()));
- }
-
- @Test
- public void testSftpWithConfig() throws Exception {
- cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSftpCloneWithConfigAndPush() throws Exception {
- pushTo(cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath()));
- }
-
- @Test(expected = TransportException.class)
- public void testSshWithConfigWrongKey() throws Exception {
- cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey2.getAbsolutePath());
- }
-
- @Test
- public void testSshWithWrongUserNameInConfig() throws Exception {
- // Bug 526778
- cloneWith(
- "ssh://" + TEST_USER + "@localhost:" + testPort
- + "/doesntmatter",
- defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "User sombody_else", //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithWrongPortInConfig() throws Exception {
- // Bug 526778
- cloneWith(
- "ssh://" + TEST_USER + "@localhost:" + testPort
- + "/doesntmatter",
- defaultCloneDir, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port 22", //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testSshWithAliasInConfig() throws Exception {
- // Bug 531118
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), "", //
- "Host localhost", //
- "HostName localhost", //
- "Port 22", //
- "User someone_else", //
- "IdentityFile " + privateKey2.getAbsolutePath());
- }
-
- @Test
- public void testSshWithUnknownCiphersInConfig() throws Exception {
- // Bug 535672
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr");
- }
-
- @Test
- public void testSshWithUnknownHostKeyAlgorithmsInConfig()
- throws Exception {
- // Bug 535672
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "HostKeyAlgorithms foobar,ssh-rsa,ssh-dss");
- }
-
- @Test
- public void testSshWithUnknownKexAlgorithmsInConfig()
- throws Exception {
- // Bug 535672
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "KexAlgorithms foobar,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521");
- }
-
- @Test
- public void testSshWithMinimalHostKeyAlgorithmsInConfig()
- throws Exception {
- // Bug 537790
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "HostKeyAlgorithms ssh-rsa,ssh-dss");
- }
-
- @Test
- public void testSshWithUnknownAuthInConfig() throws Exception {
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "PreferredAuthentications gssapi-with-mic,hostbased,publickey,keyboard-interactive,password");
- }
-
- @Test(expected = TransportException.class)
- public void testSshWithNoMatchingAuthInConfig() throws Exception {
- // Server doesn't do password, and anyway we set no password.
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath(), //
- "PreferredAuthentications password");
- }
-
- @Test
- public void testRsaHostKeySecond() throws Exception {
- // See https://git.eclipse.org/r/#/c/130402/ : server has EcDSA
- // (preferred), RSA, we have RSA in known_hosts: client and server
- // should agree on RSA.
- File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
- copyTestResource("id_ecdsa_256", newHostKey);
- server.addHostKey(newHostKey.toPath(), true);
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testEcDsaHostKey() throws Exception {
- // See https://git.eclipse.org/r/#/c/130402/ : server has RSA
- // (preferred), EcDSA, we have EcDSA in known_hosts: client and server
- // should agree on EcDSA.
- File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
- copyTestResource("id_ecdsa_256", newHostKey);
- server.addHostKey(newHostKey.toPath(), false);
- File newHostKeyPub = new File(getTemporaryDirectory(),
- "newhostkey.pub");
- copyTestResource("id_ecdsa_256.pub", newHostKeyPub);
- createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey1.getAbsolutePath());
- }
-
- @Test
- public void testPasswordAuth() throws Exception {
- server.enablePasswordAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications password");
- }
-
- @Test
- public void testPasswordAuthSeveralTimes() throws Exception {
- server.enablePasswordAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications password");
- }
-
- @Test(expected = TransportException.class)
- public void testPasswordAuthWrongPassword() throws Exception {
- server.enablePasswordAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass");
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications password");
- }
-
- @Test(expected = TransportException.class)
- public void testPasswordAuthNoPassword() throws Exception {
- server.enablePasswordAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider();
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications password");
- }
-
- @Test(expected = TransportException.class)
- public void testPasswordAuthCorrectPasswordTooLate() throws Exception {
- server.enablePasswordAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass", "wrongpass", "wrongpass",
- TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications password");
- }
-
- @Test
- public void testKeyboardInteractiveAuth() throws Exception {
- server.enableKeyboardInteractiveAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications keyboard-interactive");
- }
-
- @Test
- public void testKeyboardInteractiveAuthSeveralTimes() throws Exception {
- server.enableKeyboardInteractiveAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications keyboard-interactive");
- }
-
- @Test(expected = TransportException.class)
- public void testKeyboardInteractiveAuthWrongPassword() throws Exception {
- server.enableKeyboardInteractiveAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass");
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications keyboard-interactive");
- }
-
- @Test(expected = TransportException.class)
- public void testKeyboardInteractiveAuthNoPassword() throws Exception {
- server.enableKeyboardInteractiveAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider();
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications keyboard-interactive");
- }
-
- @Test(expected = TransportException.class)
- public void testKeyboardInteractiveAuthCorrectPasswordTooLate()
- throws Exception {
- server.enableKeyboardInteractiveAuthentication();
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "wrongpass", "wrongpass", "wrongpass",
- TEST_USER.toUpperCase(Locale.ROOT));
- cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
- "Host git", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "PreferredAuthentications keyboard-interactive");
- }
-
- @Theory
- public void testSshKeys(String keyName) throws Exception {
- // JSch fails on ECDSA 384/521 keys. Compare
- // https://sourceforge.net/p/jsch/patches/10/
- assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
- && (keyName.contains("ed25519")
- || keyName.startsWith("id_ecdsa_384")
- || keyName.startsWith("id_ecdsa_521"))));
- File cloned = new File(getTemporaryDirectory(), "cloned");
- String keyFileName = keyName + "_key";
- File privateKey = new File(sshDir, keyFileName);
- copyTestResource(keyName, privateKey);
- File publicKey = new File(sshDir, keyFileName + ".pub");
- copyTestResource(keyName + ".pub", publicKey);
- server.setTestUserPublicKey(publicKey.toPath());
- TestCredentialsProvider provider = new TestCredentialsProvider(
- "testpass");
- pushTo(provider,
- cloneWith("ssh://localhost/doesntmatter", //
- cloned, provider, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey.getAbsolutePath()));
- int expectedCalls = keyName.endsWith("testpass") ? 1 : 0;
- assertEquals("Unexpected calls to CredentialsProvider", expectedCalls,
- provider.getLog().size());
- // Should now also work without credentials provider, even if the key
- // was encrypted.
- cloned = new File(getTemporaryDirectory(), "cloned2");
- pushTo(null,
- cloneWith("ssh://localhost/doesntmatter", //
- cloned, null, //
- "Host localhost", //
- "HostName localhost", //
- "Port " + testPort, //
- "User " + TEST_USER, //
- "IdentityFile " + privateKey.getAbsolutePath()));
- }
- }
|