mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7999 Commits
49 Branches
Tree: 566e49d7d3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '566e49d7d3'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache.../tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java

ApacheSshTest.java 20KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610 
  1. /*

  2.  * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.transport.sshd;

  11. 

  12. import static org.junit.Assert.assertEquals;

  13. import static org.junit.Assert.assertFalse;

  14. import static org.junit.Assert.assertNotNull;

  15. import static org.junit.Assert.assertThrows;

  16. import static org.junit.Assert.assertTrue;

  17. 

  18. import java.io.BufferedWriter;

  19. import java.io.File;

  20. import java.io.IOException;

  21. import java.io.UncheckedIOException;

  22. import java.net.URISyntaxException;

  23. import java.nio.charset.StandardCharsets;

  24. import java.nio.file.Files;

  25. import java.nio.file.StandardOpenOption;

  26. import java.security.KeyPair;

  27. import java.security.KeyPairGenerator;

  28. import java.security.PublicKey;

  29. import java.util.Arrays;

  30. import java.util.Collections;

  31. import java.util.List;

  32. import java.util.stream.Collectors;

  33. 

  34. import org.apache.sshd.client.config.hosts.KnownHostEntry;

  35. import org.apache.sshd.client.config.hosts.KnownHostHashValue;

  36. import org.apache.sshd.common.PropertyResolverUtils;

  37. import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;

  38. import org.apache.sshd.common.config.keys.KeyUtils;

  39. import org.apache.sshd.common.config.keys.PublicKeyEntry;

  40. import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;

  41. import org.apache.sshd.common.session.Session;

  42. import org.apache.sshd.common.util.net.SshdSocketAddress;

  43. import org.apache.sshd.server.ServerAuthenticationManager;

  44. import org.apache.sshd.server.ServerFactoryManager;

  45. import org.apache.sshd.server.SshServer;

  46. import org.apache.sshd.server.forward.StaticDecisionForwardingFilter;

  47. import org.eclipse.jgit.api.Git;

  48. import org.eclipse.jgit.api.errors.TransportException;

  49. import org.eclipse.jgit.junit.ssh.SshTestBase;

  50. import org.eclipse.jgit.lib.Constants;

  51. import org.eclipse.jgit.transport.SshSessionFactory;

  52. import org.eclipse.jgit.util.FS;

  53. import org.junit.Test;

  54. import org.junit.experimental.theories.Theories;

  55. import org.junit.runner.RunWith;

  56. 

  57. @RunWith(Theories.class)

  58. public class ApacheSshTest extends SshTestBase {

  59. 

  60. 	@Override

  61. 	protected SshSessionFactory createSessionFactory() {

  62. 		SshdSessionFactory result = new SshdSessionFactory(new JGitKeyCache(),

  63. 				null);

  64. 		// The home directory is mocked at this point!

  65. 		result.setHomeDirectory(FS.DETECTED.userHome());

  66. 		result.setSshDirectory(sshDir);

  67. 		return result;

  68. 	}

  69. 

  70. 	@Override

  71. 	protected void installConfig(String... config) {

  72. 		File configFile = new File(sshDir, Constants.CONFIG);

  73. 		if (config != null) {

  74. 			try {

  75. 				Files.write(configFile.toPath(), Arrays.asList(config));

  76. 			} catch (IOException e) {

  77. 				throw new UncheckedIOException(e);

  78. 			}

  79. 		}

  80. 	}

  81. 

  82. 	@Test

  83. 	public void testEd25519HostKey() throws Exception {

  84. 		// Using ed25519 user identities is tested in the super class in

  85. 		// testSshKeys().

  86. 		File newHostKey = new File(getTemporaryDirectory(), "newhostkey");

  87. 		copyTestResource("id_ed25519", newHostKey);

  88. 		server.addHostKey(newHostKey.toPath(), true);

  89. 		File newHostKeyPub = new File(getTemporaryDirectory(),

  90. 				"newhostkey.pub");

  91. 		copyTestResource("id_ed25519.pub", newHostKeyPub);

  92. 		createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);

  93. 		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //

  94. 				"Host git", //

  95. 				"HostName localhost", //

  96. 				"Port " + testPort, //

  97. 				"User " + TEST_USER, //

  98. 				"IdentityFile " + privateKey1.getAbsolutePath());

  99. 	}

  100. 

  101. 	@Test

  102. 	public void testHashedKnownHosts() throws Exception {

  103. 		assertTrue("Failed to delete known_hosts", knownHosts.delete());

  104. 		// The provider will answer "yes" to all questions, so we should be able

  105. 		// to connect and end up with a new known_hosts file with the host key.

  106. 		TestCredentialsProvider provider = new TestCredentialsProvider();

  107. 		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //

  108. 				"HashKnownHosts yes", //

  109. 				"Host localhost", //

  110. 				"HostName localhost", //

  111. 				"Port " + testPort, //

  112. 				"User " + TEST_USER, //

  113. 				"IdentityFile " + privateKey1.getAbsolutePath());

  114. 		List<LogEntry> messages = provider.getLog();

  115. 		assertFalse("Expected user interaction", messages.isEmpty());

  116. 		assertEquals(

  117. 				"Expected to be asked about the key, and the file creation", 2,

  118. 				messages.size());

  119. 		assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());

  120. 		// Let's clone again without provider. If it works, the server host key

  121. 		// was written correctly.

  122. 		File clonedAgain = new File(getTemporaryDirectory(), "cloned2");

  123. 		cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //

  124. 				"Host localhost", //

  125. 				"HostName localhost", //

  126. 				"Port " + testPort, //

  127. 				"User " + TEST_USER, //

  128. 				"IdentityFile " + privateKey1.getAbsolutePath());

  129. 		// Check that the first line contains neither "localhost" nor

  130. 		// "127.0.0.1", but does contain the expected hash.

  131. 		List<String> lines = Files.readAllLines(knownHosts.toPath()).stream()

  132. 				.filter(s -> s != null && s.length() >= 1 && s.charAt(0) != '#'

  133. 						&& !s.trim().isEmpty())

  134. 				.collect(Collectors.toList());

  135. 		assertEquals("Unexpected number of known_hosts lines", 1, lines.size());

  136. 		String line = lines.get(0);

  137. 		assertFalse("Found host in line", line.contains("localhost"));

  138. 		assertFalse("Found IP in line", line.contains("127.0.0.1"));

  139. 		assertTrue("Hash not found", line.contains("|"));

  140. 		KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line);

  141. 		assertTrue("Hash doesn't match localhost",

  142. 				entry.isHostMatch("localhost", testPort)

  143. 						|| entry.isHostMatch("127.0.0.1", testPort));

  144. 	}

  145. 

  146. 	@Test

  147. 	public void testPreamble() throws Exception {

  148. 		// Test that the client can deal with strange lines being sent before

  149. 		// the server identification string.

  150. 		StringBuilder b = new StringBuilder();

  151. 		for (int i = 0; i < 257; i++) {

  152. 			b.append('a');

  153. 		}

  154. 		server.setPreamble("A line with a \000 NUL",

  155. 				"A long line: " + b.toString());

  156. 		cloneWith(

  157. 				"ssh://" + TEST_USER + "@localhost:" + testPort

  158. 						+ "/doesntmatter",

  159. 				defaultCloneDir, null,

  160. 				"IdentityFile " + privateKey1.getAbsolutePath());

  161. 	}

  162. 

  163. 	@Test

  164. 	public void testLongPreamble() throws Exception {

  165. 		// Test that the client can deal with a long (about 60k) preamble.

  166. 		StringBuilder b = new StringBuilder();

  167. 		for (int i = 0; i < 1024; i++) {

  168. 			b.append('a');

  169. 		}

  170. 		String line = b.toString();

  171. 		String[] lines = new String[60];

  172. 		for (int i = 0; i < lines.length; i++) {

  173. 			lines[i] = line;

  174. 		}

  175. 		server.setPreamble(lines);

  176. 		cloneWith(

  177. 				"ssh://" + TEST_USER + "@localhost:" + testPort

  178. 						+ "/doesntmatter",

  179. 				defaultCloneDir, null,

  180. 				"IdentityFile " + privateKey1.getAbsolutePath());

  181. 	}

  182. 

  183. 	@Test

  184. 	public void testHugePreamble() throws Exception {

  185. 		// Test that the connection fails when the preamble is longer than 64k.

  186. 		StringBuilder b = new StringBuilder();

  187. 		for (int i = 0; i < 1024; i++) {

  188. 			b.append('a');

  189. 		}

  190. 		String line = b.toString();

  191. 		String[] lines = new String[70];

  192. 		for (int i = 0; i < lines.length; i++) {

  193. 			lines[i] = line;

  194. 		}

  195. 		server.setPreamble(lines);

  196. 		TransportException e = assertThrows(TransportException.class,

  197. 				() -> cloneWith(

  198. 						"ssh://" + TEST_USER + "@localhost:" + testPort

  199. 								+ "/doesntmatter",

  200. 						defaultCloneDir, null,

  201. 						"IdentityFile " + privateKey1.getAbsolutePath()));

  202. 		// The assertions test that we don't run into bug 565394 / SSHD-1050

  203. 		assertFalse(e.getMessage().contains("timeout"));

  204. 		assertTrue(e.getMessage().contains("65536")

  205. 				|| e.getMessage().contains("closed"));

  206. 	}

  207. 

  208. 	/**

  209. 	 * Test for SSHD-1028. If the server doesn't close sessions, the second

  210. 	 * fetch will fail. Occurs on sshd 2.5.[01].

  211. 	 *

  212. 	 * @throws Exception

  213. 	 *             on errors

  214. 	 * @see <a href=

  215. 	 *      "https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1028">SSHD-1028</a>

  216. 	 */

  217. 	@Test

  218. 	public void testCloneAndFetchWithSessionLimit() throws Exception {

  219. 		PropertyResolverUtils.updateProperty(server.getPropertyResolver(),

  220. 				ServerFactoryManager.MAX_CONCURRENT_SESSIONS, 2);

  221. 		File localClone = cloneWith("ssh://localhost/doesntmatter",

  222. 				defaultCloneDir, null, //

  223. 				"Host localhost", //

  224. 				"HostName localhost", //

  225. 				"Port " + testPort, //

  226. 				"User " + TEST_USER, //

  227. 				"IdentityFile " + privateKey1.getAbsolutePath());

  228. 		// Fetch a couple of times

  229. 		try (Git git = Git.open(localClone)) {

  230. 			git.fetch().call();

  231. 			git.fetch().call();

  232. 		}

  233. 	}

  234. 

  235. 	/**

  236. 	 * Creates a simple proxy server. Accepts only publickey authentication from

  237. 	 * the given user with the given key, allows all forwardings. Adds the

  238. 	 * proxy's host key to {@link #knownHosts}.

  239. 	 *

  240. 	 * @param user

  241. 	 *            to accept

  242. 	 * @param userKey

  243. 	 *            public key of that user at this server

  244. 	 * @param report

  245. 	 *            single-element array to report back the forwarded address.

  246. 	 * @return the started server

  247. 	 * @throws Exception

  248. 	 */

  249. 	private SshServer createProxy(String user, File userKey,

  250. 			SshdSocketAddress[] report) throws Exception {

  251. 		SshServer proxy = SshServer.setUpDefaultServer();

  252. 		// Give the server its own host key

  253. 		KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");

  254. 		generator.initialize(2048);

  255. 		KeyPair proxyHostKey = generator.generateKeyPair();

  256. 		proxy.setKeyPairProvider(

  257. 				session -> Collections.singletonList(proxyHostKey));

  258. 		// Allow (only) publickey authentication

  259. 		proxy.setUserAuthFactories(Collections.singletonList(

  260. 				ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY));

  261. 		// Install the user's public key

  262. 		PublicKey userProxyKey = AuthorizedKeyEntry

  263. 				.readAuthorizedKeys(userKey.toPath()).get(0)

  264. 				.resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);

  265. 		proxy.setPublickeyAuthenticator(

  266. 				(userName, publicKey, session) -> user.equals(userName)

  267. 						&& KeyUtils.compareKeys(userProxyKey, publicKey));

  268. 		// Allow forwarding

  269. 		proxy.setForwardingFilter(new StaticDecisionForwardingFilter(true) {

  270. 

  271. 			@Override

  272. 			protected boolean checkAcceptance(String request, Session session,

  273. 					SshdSocketAddress target) {

  274. 				report[0] = target;

  275. 				return super.checkAcceptance(request, session, target);

  276. 			}

  277. 		});

  278. 		proxy.start();

  279. 		// Add the proxy's host key to knownhosts

  280. 		try (BufferedWriter writer = Files.newBufferedWriter(

  281. 				knownHosts.toPath(), StandardCharsets.US_ASCII,

  282. 				StandardOpenOption.WRITE, StandardOpenOption.APPEND)) {

  283. 			writer.append('\n');

  284. 			KnownHostHashValue.appendHostPattern(writer, "localhost",

  285. 					proxy.getPort());

  286. 			writer.append(',');

  287. 			KnownHostHashValue.appendHostPattern(writer, "127.0.0.1",

  288. 					proxy.getPort());

  289. 			writer.append(' ');

  290. 			PublicKeyEntry.appendPublicKeyEntry(writer,

  291. 					proxyHostKey.getPublic());

  292. 			writer.append('\n');

  293. 		}

  294. 		return proxy;

  295. 	}

  296. 

  297. 	@Test

  298. 	public void testJumpHost() throws Exception {

  299. 		SshdSocketAddress[] forwarded = { null };

  300. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  301. 				forwarded)) {

  302. 			try {

  303. 				// Now try to clone via the proxy

  304. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  305. 						"Host server", //

  306. 						"HostName localhost", //

  307. 						"Port " + testPort, //

  308. 						"User " + TEST_USER, //

  309. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  310. 						"ProxyJump " + TEST_USER + "X@proxy:" + proxy.getPort(), //

  311. 						"", //

  312. 						"Host proxy", //

  313. 						"Hostname localhost", //

  314. 						"IdentityFile " + privateKey2.getAbsolutePath());

  315. 				assertNotNull(forwarded[0]);

  316. 				assertEquals(testPort, forwarded[0].getPort());

  317. 			} finally {

  318. 				proxy.stop();

  319. 			}

  320. 		}

  321. 	}

  322. 

  323. 	@Test

  324. 	public void testJumpHostWrongKeyAtProxy() throws Exception {

  325. 		// Test that we find the proxy server's URI in the exception message

  326. 		SshdSocketAddress[] forwarded = { null };

  327. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  328. 				forwarded)) {

  329. 			try {

  330. 				// Now try to clone via the proxy

  331. 				TransportException e = assertThrows(TransportException.class,

  332. 						() -> cloneWith("ssh://server/doesntmatter",

  333. 								defaultCloneDir, null, //

  334. 								"Host server", //

  335. 								"HostName localhost", //

  336. 								"Port " + testPort, //

  337. 								"User " + TEST_USER, //

  338. 								"IdentityFile " + privateKey1.getAbsolutePath(),

  339. 								"ProxyJump " + TEST_USER + "X@proxy:"

  340. 										+ proxy.getPort(), //

  341. 								"", //

  342. 								"Host proxy", //

  343. 								"Hostname localhost", //

  344. 								"IdentityFile "

  345. 										+ privateKey1.getAbsolutePath()));

  346. 				String message = e.getMessage();

  347. 				assertTrue(message.contains("localhost:" + proxy.getPort()));

  348. 				assertTrue(message.contains("proxy:" + proxy.getPort()));

  349. 			} finally {

  350. 				proxy.stop();

  351. 			}

  352. 		}

  353. 	}

  354. 

  355. 	@Test

  356. 	public void testJumpHostWrongKeyAtServer() throws Exception {

  357. 		// Test that we find the target server's URI in the exception message

  358. 		SshdSocketAddress[] forwarded = { null };

  359. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  360. 				forwarded)) {

  361. 			try {

  362. 				// Now try to clone via the proxy

  363. 				TransportException e = assertThrows(TransportException.class,

  364. 						() -> cloneWith("ssh://server/doesntmatter",

  365. 								defaultCloneDir, null, //

  366. 								"Host server", //

  367. 								"HostName localhost", //

  368. 								"Port " + testPort, //

  369. 								"User " + TEST_USER, //

  370. 								"IdentityFile " + privateKey2.getAbsolutePath(),

  371. 								"ProxyJump " + TEST_USER + "X@proxy:"

  372. 										+ proxy.getPort(), //

  373. 								"", //

  374. 								"Host proxy", //

  375. 								"Hostname localhost", //

  376. 								"IdentityFile "

  377. 										+ privateKey2.getAbsolutePath()));

  378. 				String message = e.getMessage();

  379. 				assertTrue(message.contains("localhost:" + testPort));

  380. 				assertTrue(message.contains("ssh://server"));

  381. 			} finally {

  382. 				proxy.stop();

  383. 			}

  384. 		}

  385. 	}

  386. 

  387. 	@Test

  388. 	public void testJumpHostNonSsh() throws Exception {

  389. 		SshdSocketAddress[] forwarded = { null };

  390. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  391. 				forwarded)) {

  392. 			try {

  393. 				TransportException e = assertThrows(TransportException.class,

  394. 						() -> cloneWith("ssh://server/doesntmatter",

  395. 								defaultCloneDir, null, //

  396. 								"Host server", //

  397. 								"HostName localhost", //

  398. 								"Port " + testPort, //

  399. 								"User " + TEST_USER, //

  400. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  401. 								"ProxyJump http://" + TEST_USER + "X@proxy:"

  402. 										+ proxy.getPort(), //

  403. 								"", //

  404. 								"Host proxy", //

  405. 								"Hostname localhost", //

  406. 								"IdentityFile "

  407. 										+ privateKey2.getAbsolutePath()));

  408. 				// Find the expected message

  409. 				Throwable t = e;

  410. 				while (t != null) {

  411. 					if (t instanceof URISyntaxException) {

  412. 						break;

  413. 					}

  414. 					t = t.getCause();

  415. 				}

  416. 				assertNotNull(t);

  417. 				assertTrue(t.getMessage().contains("Non-ssh"));

  418. 			} finally {

  419. 				proxy.stop();

  420. 			}

  421. 		}

  422. 	}

  423. 

  424. 	@Test

  425. 	public void testJumpHostWithPath() throws Exception {

  426. 		SshdSocketAddress[] forwarded = { null };

  427. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  428. 				forwarded)) {

  429. 			try {

  430. 				TransportException e = assertThrows(TransportException.class,

  431. 						() -> cloneWith("ssh://server/doesntmatter",

  432. 								defaultCloneDir, null, //

  433. 								"Host server", //

  434. 								"HostName localhost", //

  435. 								"Port " + testPort, //

  436. 								"User " + TEST_USER, //

  437. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  438. 								"ProxyJump ssh://" + TEST_USER + "X@proxy:"

  439. 										+ proxy.getPort() + "/wrongPath", //

  440. 								"", //

  441. 								"Host proxy", //

  442. 								"Hostname localhost", //

  443. 								"IdentityFile "

  444. 										+ privateKey2.getAbsolutePath()));

  445. 				// Find the expected message

  446. 				Throwable t = e;

  447. 				while (t != null) {

  448. 					if (t instanceof URISyntaxException) {

  449. 						break;

  450. 					}

  451. 					t = t.getCause();

  452. 				}

  453. 				assertNotNull(t);

  454. 				assertTrue(t.getMessage().contains("wrongPath"));

  455. 			} finally {

  456. 				proxy.stop();

  457. 			}

  458. 		}

  459. 	}

  460. 

  461. 	@Test

  462. 	public void testJumpHostWithPathShort() throws Exception {

  463. 		SshdSocketAddress[] forwarded = { null };

  464. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  465. 				forwarded)) {

  466. 			try {

  467. 				TransportException e = assertThrows(TransportException.class,

  468. 						() -> cloneWith("ssh://server/doesntmatter",

  469. 								defaultCloneDir, null, //

  470. 								"Host server", //

  471. 								"HostName localhost", //

  472. 								"Port " + testPort, //

  473. 								"User " + TEST_USER, //

  474. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  475. 								"ProxyJump " + TEST_USER + "X@proxy:wrongPath", //

  476. 								"", //

  477. 								"Host proxy", //

  478. 								"Hostname localhost", //

  479. 								"Port " + proxy.getPort(), //

  480. 								"IdentityFile "

  481. 										+ privateKey2.getAbsolutePath()));

  482. 				// Find the expected message

  483. 				Throwable t = e;

  484. 				while (t != null) {

  485. 					if (t instanceof URISyntaxException) {

  486. 						break;

  487. 					}

  488. 					t = t.getCause();

  489. 				}

  490. 				assertNotNull(t);

  491. 				assertTrue(t.getMessage().contains("wrongPath"));

  492. 			} finally {

  493. 				proxy.stop();

  494. 			}

  495. 		}

  496. 	}

  497. 

  498. 	@Test

  499. 	public void testJumpHostChain() throws Exception {

  500. 		SshdSocketAddress[] forwarded1 = { null };

  501. 		SshdSocketAddress[] forwarded2 = { null };

  502. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  503. 				forwarded1);

  504. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  505. 			try {

  506. 				// Clone proxy1 -> proxy2 -> server

  507. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  508. 						"Host server", //

  509. 						"HostName localhost", //

  510. 						"Port " + testPort, //

  511. 						"User " + TEST_USER, //

  512. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  513. 						"ProxyJump proxy2," + TEST_USER + "X@proxy:"

  514. 								+ proxy1.getPort(), //

  515. 						"", //

  516. 						"Host proxy", //

  517. 						"Hostname localhost", //

  518. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  519. 						"", //

  520. 						"Host proxy2", //

  521. 						"Hostname localhost", //

  522. 						"User foo", //

  523. 						"Port " + proxy2.getPort(), //

  524. 						"IdentityFile " + privateKey1.getAbsolutePath());

  525. 				assertNotNull(forwarded1[0]);

  526. 				assertEquals(proxy2.getPort(), forwarded1[0].getPort());

  527. 				assertNotNull(forwarded2[0]);

  528. 				assertEquals(testPort, forwarded2[0].getPort());

  529. 			} finally {

  530. 				proxy1.stop();

  531. 				proxy2.stop();

  532. 			}

  533. 		}

  534. 	}

  535. 

  536. 	@Test

  537. 	public void testJumpHostCascade() throws Exception {

  538. 		SshdSocketAddress[] forwarded1 = { null };

  539. 		SshdSocketAddress[] forwarded2 = { null };

  540. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  541. 				forwarded1);

  542. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  543. 			try {

  544. 				// Clone proxy2 -> proxy1 -> server

  545. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  546. 						"Host server", //

  547. 						"HostName localhost", //

  548. 						"Port " + testPort, //

  549. 						"User " + TEST_USER, //

  550. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  551. 						"ProxyJump " + TEST_USER + "X@proxy", //

  552. 						"", //

  553. 						"Host proxy", //

  554. 						"Hostname localhost", //

  555. 						"Port " + proxy1.getPort(), //

  556. 						"ProxyJump ssh://proxy2:" + proxy2.getPort(), //

  557. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  558. 						"", //

  559. 						"Host proxy2", //

  560. 						"Hostname localhost", //

  561. 						"User foo", //

  562. 						"IdentityFile " + privateKey1.getAbsolutePath());

  563. 				assertNotNull(forwarded1[0]);

  564. 				assertEquals(testPort, forwarded1[0].getPort());

  565. 				assertNotNull(forwarded2[0]);

  566. 				assertEquals(proxy1.getPort(), forwarded2[0].getPort());

  567. 			} finally {

  568. 				proxy1.stop();

  569. 				proxy2.stop();

  570. 			}

  571. 		}

  572. 	}

  573. 

  574. 	@Test

  575. 	public void testJumpHostRecursion() throws Exception {

  576. 		SshdSocketAddress[] forwarded1 = { null };

  577. 		SshdSocketAddress[] forwarded2 = { null };

  578. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  579. 				forwarded1);

  580. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  581. 			try {

  582. 				TransportException e = assertThrows(TransportException.class,

  583. 						() -> cloneWith(

  584. 						"ssh://server/doesntmatter", defaultCloneDir, null, //

  585. 						"Host server", //

  586. 						"HostName localhost", //

  587. 						"Port " + testPort, //

  588. 						"User " + TEST_USER, //

  589. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  590. 						"ProxyJump " + TEST_USER + "X@proxy", //

  591. 						"", //

  592. 						"Host proxy", //

  593. 						"Hostname localhost", //

  594. 						"Port " + proxy1.getPort(), //

  595. 						"ProxyJump ssh://proxy2:" + proxy2.getPort(), //

  596. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  597. 						"", //

  598. 						"Host proxy2", //

  599. 						"Hostname localhost", //

  600. 						"User foo", //

  601. 						"ProxyJump " + TEST_USER + "X@proxy", //

  602. 						"IdentityFile " + privateKey1.getAbsolutePath()));

  603. 				assertTrue(e.getMessage().contains("proxy"));

  604. 			} finally {

  605. 				proxy1.stop();

  606. 				proxy2.stop();

  607. 			}

  608. 		}

  609. 	}

  610. }