mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8270 Commits
49 Branches
Tree: fd3edc7bfc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd3edc7bfc'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache.../tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java

ApacheSshTest.java 23KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705 
  1. /*

  2.  * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.transport.sshd;

  11. 

  12. import static org.apache.sshd.core.CoreModuleProperties.MAX_CONCURRENT_SESSIONS;

  13. import static org.junit.Assert.assertEquals;

  14. import static org.junit.Assert.assertFalse;

  15. import static org.junit.Assert.assertNotNull;

  16. import static org.junit.Assert.assertThrows;

  17. import static org.junit.Assert.assertTrue;

  18. 

  19. import java.io.BufferedWriter;

  20. import java.io.File;

  21. import java.io.IOException;

  22. import java.io.UncheckedIOException;

  23. import java.net.URISyntaxException;

  24. import java.nio.charset.StandardCharsets;

  25. import java.nio.file.Files;

  26. import java.nio.file.StandardOpenOption;

  27. import java.security.KeyPair;

  28. import java.security.KeyPairGenerator;

  29. import java.security.PublicKey;

  30. import java.util.Arrays;

  31. import java.util.Collections;

  32. import java.util.List;

  33. import java.util.stream.Collectors;

  34. 

  35. import org.apache.sshd.client.config.hosts.KnownHostEntry;

  36. import org.apache.sshd.client.config.hosts.KnownHostHashValue;

  37. import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;

  38. import org.apache.sshd.common.config.keys.KeyUtils;

  39. import org.apache.sshd.common.config.keys.PublicKeyEntry;

  40. import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;

  41. import org.apache.sshd.common.session.Session;

  42. import org.apache.sshd.common.util.net.SshdSocketAddress;

  43. import org.apache.sshd.server.ServerAuthenticationManager;

  44. import org.apache.sshd.server.SshServer;

  45. import org.apache.sshd.server.forward.StaticDecisionForwardingFilter;

  46. import org.eclipse.jgit.api.Git;

  47. import org.eclipse.jgit.api.errors.TransportException;

  48. import org.eclipse.jgit.junit.ssh.SshTestBase;

  49. import org.eclipse.jgit.lib.Constants;

  50. import org.eclipse.jgit.transport.RemoteSession;

  51. import org.eclipse.jgit.transport.SshSessionFactory;

  52. import org.eclipse.jgit.transport.URIish;

  53. import org.eclipse.jgit.util.FS;

  54. import org.junit.Test;

  55. import org.junit.experimental.theories.Theories;

  56. import org.junit.runner.RunWith;

  57. 

  58. @RunWith(Theories.class)

  59. public class ApacheSshTest extends SshTestBase {

  60. 

  61. 	@Override

  62. 	protected SshSessionFactory createSessionFactory() {

  63. 		SshdSessionFactory result = new SshdSessionFactory(new JGitKeyCache(),

  64. 				null);

  65. 		// The home directory is mocked at this point!

  66. 		result.setHomeDirectory(FS.DETECTED.userHome());

  67. 		result.setSshDirectory(sshDir);

  68. 		return result;

  69. 	}

  70. 

  71. 	@Override

  72. 	protected void installConfig(String... config) {

  73. 		File configFile = new File(sshDir, Constants.CONFIG);

  74. 		if (config != null) {

  75. 			try {

  76. 				Files.write(configFile.toPath(), Arrays.asList(config));

  77. 			} catch (IOException e) {

  78. 				throw new UncheckedIOException(e);

  79. 			}

  80. 		}

  81. 	}

  82. 

  83. 	@Test

  84. 	public void testEd25519HostKey() throws Exception {

  85. 		// Using ed25519 user identities is tested in the super class in

  86. 		// testSshKeys().

  87. 		File newHostKey = new File(getTemporaryDirectory(), "newhostkey");

  88. 		copyTestResource("id_ed25519", newHostKey);

  89. 		server.addHostKey(newHostKey.toPath(), true);

  90. 		File newHostKeyPub = new File(getTemporaryDirectory(),

  91. 				"newhostkey.pub");

  92. 		copyTestResource("id_ed25519.pub", newHostKeyPub);

  93. 		createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);

  94. 		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //

  95. 				"Host git", //

  96. 				"HostName localhost", //

  97. 				"Port " + testPort, //

  98. 				"User " + TEST_USER, //

  99. 				"IdentityFile " + privateKey1.getAbsolutePath());

  100. 	}

  101. 

  102. 	@Test

  103. 	public void testHashedKnownHosts() throws Exception {

  104. 		assertTrue("Failed to delete known_hosts", knownHosts.delete());

  105. 		// The provider will answer "yes" to all questions, so we should be able

  106. 		// to connect and end up with a new known_hosts file with the host key.

  107. 		TestCredentialsProvider provider = new TestCredentialsProvider();

  108. 		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //

  109. 				"HashKnownHosts yes", //

  110. 				"Host localhost", //

  111. 				"HostName localhost", //

  112. 				"Port " + testPort, //

  113. 				"User " + TEST_USER, //

  114. 				"IdentityFile " + privateKey1.getAbsolutePath());

  115. 		List<LogEntry> messages = provider.getLog();

  116. 		assertFalse("Expected user interaction", messages.isEmpty());

  117. 		assertEquals(

  118. 				"Expected to be asked about the key, and the file creation", 2,

  119. 				messages.size());

  120. 		assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());

  121. 		// Let's clone again without provider. If it works, the server host key

  122. 		// was written correctly.

  123. 		File clonedAgain = new File(getTemporaryDirectory(), "cloned2");

  124. 		cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //

  125. 				"Host localhost", //

  126. 				"HostName localhost", //

  127. 				"Port " + testPort, //

  128. 				"User " + TEST_USER, //

  129. 				"IdentityFile " + privateKey1.getAbsolutePath());

  130. 		// Check that the first line contains neither "localhost" nor

  131. 		// "127.0.0.1", but does contain the expected hash.

  132. 		List<String> lines = Files.readAllLines(knownHosts.toPath()).stream()

  133. 				.filter(s -> s != null && s.length() >= 1 && s.charAt(0) != '#'

  134. 						&& !s.trim().isEmpty())

  135. 				.collect(Collectors.toList());

  136. 		assertEquals("Unexpected number of known_hosts lines", 1, lines.size());

  137. 		String line = lines.get(0);

  138. 		assertFalse("Found host in line", line.contains("localhost"));

  139. 		assertFalse("Found IP in line", line.contains("127.0.0.1"));

  140. 		assertTrue("Hash not found", line.contains("|"));

  141. 		KnownHostEntry entry = KnownHostEntry.parseKnownHostEntry(line);

  142. 		assertTrue("Hash doesn't match localhost",

  143. 				entry.isHostMatch("localhost", testPort)

  144. 						|| entry.isHostMatch("127.0.0.1", testPort));

  145. 	}

  146. 

  147. 	@Test

  148. 	public void testPreamble() throws Exception {

  149. 		// Test that the client can deal with strange lines being sent before

  150. 		// the server identification string.

  151. 		StringBuilder b = new StringBuilder();

  152. 		for (int i = 0; i < 257; i++) {

  153. 			b.append('a');

  154. 		}

  155. 		server.setPreamble("A line with a \000 NUL",

  156. 				"A long line: " + b.toString());

  157. 		cloneWith(

  158. 				"ssh://" + TEST_USER + "@localhost:" + testPort

  159. 						+ "/doesntmatter",

  160. 				defaultCloneDir, null,

  161. 				"IdentityFile " + privateKey1.getAbsolutePath());

  162. 	}

  163. 

  164. 	@Test

  165. 	public void testLongPreamble() throws Exception {

  166. 		// Test that the client can deal with a long (about 60k) preamble.

  167. 		StringBuilder b = new StringBuilder();

  168. 		for (int i = 0; i < 1024; i++) {

  169. 			b.append('a');

  170. 		}

  171. 		String line = b.toString();

  172. 		String[] lines = new String[60];

  173. 		for (int i = 0; i < lines.length; i++) {

  174. 			lines[i] = line;

  175. 		}

  176. 		server.setPreamble(lines);

  177. 		cloneWith(

  178. 				"ssh://" + TEST_USER + "@localhost:" + testPort

  179. 						+ "/doesntmatter",

  180. 				defaultCloneDir, null,

  181. 				"IdentityFile " + privateKey1.getAbsolutePath());

  182. 	}

  183. 

  184. 	@Test

  185. 	public void testHugePreamble() throws Exception {

  186. 		// Test that the connection fails when the preamble is longer than 64k.

  187. 		StringBuilder b = new StringBuilder();

  188. 		for (int i = 0; i < 1024; i++) {

  189. 			b.append('a');

  190. 		}

  191. 		String line = b.toString();

  192. 		String[] lines = new String[70];

  193. 		for (int i = 0; i < lines.length; i++) {

  194. 			lines[i] = line;

  195. 		}

  196. 		server.setPreamble(lines);

  197. 		TransportException e = assertThrows(TransportException.class,

  198. 				() -> cloneWith(

  199. 						"ssh://" + TEST_USER + "@localhost:" + testPort

  200. 								+ "/doesntmatter",

  201. 						defaultCloneDir, null,

  202. 						"IdentityFile " + privateKey1.getAbsolutePath()));

  203. 		// The assertions test that we don't run into bug 565394 / SSHD-1050

  204. 		assertFalse(e.getMessage().contains("timeout"));

  205. 		assertTrue(e.getMessage().contains("65536")

  206. 				|| e.getMessage().contains("closed"));

  207. 	}

  208. 

  209. 	/**

  210. 	 * Test for SSHD-1028. If the server doesn't close sessions, the second

  211. 	 * fetch will fail. Occurs on sshd 2.5.[01].

  212. 	 *

  213. 	 * @throws Exception

  214. 	 *             on errors

  215. 	 * @see <a href=

  216. 	 *      "https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1028">SSHD-1028</a>

  217. 	 */

  218. 	@Test

  219. 	public void testCloneAndFetchWithSessionLimit() throws Exception {

  220. 		MAX_CONCURRENT_SESSIONS

  221. 				.set(server.getPropertyResolver(), Integer.valueOf(2));

  222. 		File localClone = cloneWith("ssh://localhost/doesntmatter",

  223. 				defaultCloneDir, null, //

  224. 				"Host localhost", //

  225. 				"HostName localhost", //

  226. 				"Port " + testPort, //

  227. 				"User " + TEST_USER, //

  228. 				"IdentityFile " + privateKey1.getAbsolutePath());

  229. 		// Fetch a couple of times

  230. 		try (Git git = Git.open(localClone)) {

  231. 			git.fetch().call();

  232. 			git.fetch().call();

  233. 		}

  234. 	}

  235. 

  236. 	/**

  237. 	 * Creates a simple SSH server without git setup.

  238. 	 *

  239. 	 * @param user

  240. 	 *            to accept

  241. 	 * @param userKey

  242. 	 *            public key of that user at this server

  243. 	 * @return the {@link SshServer}, not yet started

  244. 	 * @throws Exception

  245. 	 */

  246. 	private SshServer createServer(String user, File userKey) throws Exception {

  247. 		SshServer srv = SshServer.setUpDefaultServer();

  248. 		// Give the server its own host key

  249. 		KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");

  250. 		generator.initialize(2048);

  251. 		KeyPair proxyHostKey = generator.generateKeyPair();

  252. 		srv.setKeyPairProvider(

  253. 				session -> Collections.singletonList(proxyHostKey));

  254. 		// Allow (only) publickey authentication

  255. 		srv.setUserAuthFactories(Collections.singletonList(

  256. 				ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY));

  257. 		// Install the user's public key

  258. 		PublicKey userProxyKey = AuthorizedKeyEntry

  259. 				.readAuthorizedKeys(userKey.toPath()).get(0)

  260. 				.resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);

  261. 		srv.setPublickeyAuthenticator(

  262. 				(userName, publicKey, session) -> user.equals(userName)

  263. 						&& KeyUtils.compareKeys(userProxyKey, publicKey));

  264. 		return srv;

  265. 	}

  266. 

  267. 	/**

  268. 	 * Writes the server's host key to our knownhosts file.

  269. 	 *

  270. 	 * @param srv to register

  271. 	 * @throws Exception

  272. 	 */

  273. 	private void registerServer(SshServer srv) throws Exception {

  274. 		// Add the proxy's host key to knownhosts

  275. 		try (BufferedWriter writer = Files.newBufferedWriter(

  276. 				knownHosts.toPath(), StandardCharsets.US_ASCII,

  277. 				StandardOpenOption.WRITE, StandardOpenOption.APPEND)) {

  278. 			writer.append('\n');

  279. 			KnownHostHashValue.appendHostPattern(writer, "localhost",

  280. 					srv.getPort());

  281. 			writer.append(',');

  282. 			KnownHostHashValue.appendHostPattern(writer, "127.0.0.1",

  283. 					srv.getPort());

  284. 			writer.append(' ');

  285. 			PublicKeyEntry.appendPublicKeyEntry(writer,

  286. 					srv.getKeyPairProvider().loadKeys(null).iterator().next().getPublic());

  287. 			writer.append('\n');

  288. 		}

  289. 	}

  290. 

  291. 	/**

  292. 	 * Creates a simple proxy server. Accepts only publickey authentication from

  293. 	 * the given user with the given key, allows all forwardings. Adds the

  294. 	 * proxy's host key to {@link #knownHosts}.

  295. 	 *

  296. 	 * @param user

  297. 	 *            to accept

  298. 	 * @param userKey

  299. 	 *            public key of that user at this server

  300. 	 * @param report

  301. 	 *            single-element array to report back the forwarded address.

  302. 	 * @return the started server

  303. 	 * @throws Exception

  304. 	 */

  305. 	private SshServer createProxy(String user, File userKey,

  306. 			SshdSocketAddress[] report) throws Exception {

  307. 		SshServer proxy = createServer(user, userKey);

  308. 		// Allow forwarding

  309. 		proxy.setForwardingFilter(new StaticDecisionForwardingFilter(true) {

  310. 

  311. 			@Override

  312. 			protected boolean checkAcceptance(String request, Session session,

  313. 					SshdSocketAddress target) {

  314. 				report[0] = target;

  315. 				return super.checkAcceptance(request, session, target);

  316. 			}

  317. 		});

  318. 		proxy.start();

  319. 		registerServer(proxy);

  320. 		return proxy;

  321. 	}

  322. 

  323. 	@Test

  324. 	public void testJumpHost() throws Exception {

  325. 		SshdSocketAddress[] forwarded = { null };

  326. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  327. 				forwarded)) {

  328. 			try {

  329. 				// Now try to clone via the proxy

  330. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  331. 						"Host server", //

  332. 						"HostName localhost", //

  333. 						"Port " + testPort, //

  334. 						"User " + TEST_USER, //

  335. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  336. 						"ProxyJump " + TEST_USER + "X@proxy:" + proxy.getPort(), //

  337. 						"", //

  338. 						"Host proxy", //

  339. 						"Hostname localhost", //

  340. 						"IdentityFile " + privateKey2.getAbsolutePath());

  341. 				assertNotNull(forwarded[0]);

  342. 				assertEquals(testPort, forwarded[0].getPort());

  343. 			} finally {

  344. 				proxy.stop();

  345. 			}

  346. 		}

  347. 	}

  348. 

  349. 	@Test

  350. 	public void testJumpHostWrongKeyAtProxy() throws Exception {

  351. 		// Test that we find the proxy server's URI in the exception message

  352. 		SshdSocketAddress[] forwarded = { null };

  353. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  354. 				forwarded)) {

  355. 			try {

  356. 				// Now try to clone via the proxy

  357. 				TransportException e = assertThrows(TransportException.class,

  358. 						() -> cloneWith("ssh://server/doesntmatter",

  359. 								defaultCloneDir, null, //

  360. 								"Host server", //

  361. 								"HostName localhost", //

  362. 								"Port " + testPort, //

  363. 								"User " + TEST_USER, //

  364. 								"IdentityFile " + privateKey1.getAbsolutePath(),

  365. 								"ProxyJump " + TEST_USER + "X@proxy:"

  366. 										+ proxy.getPort(), //

  367. 								"", //

  368. 								"Host proxy", //

  369. 								"Hostname localhost", //

  370. 								"IdentityFile "

  371. 										+ privateKey1.getAbsolutePath()));

  372. 				String message = e.getMessage();

  373. 				assertTrue(message.contains("localhost:" + proxy.getPort()));

  374. 				assertTrue(message.contains("proxy:" + proxy.getPort()));

  375. 			} finally {

  376. 				proxy.stop();

  377. 			}

  378. 		}

  379. 	}

  380. 

  381. 	@Test

  382. 	public void testJumpHostWrongKeyAtServer() throws Exception {

  383. 		// Test that we find the target server's URI in the exception message

  384. 		SshdSocketAddress[] forwarded = { null };

  385. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  386. 				forwarded)) {

  387. 			try {

  388. 				// Now try to clone via the proxy

  389. 				TransportException e = assertThrows(TransportException.class,

  390. 						() -> cloneWith("ssh://server/doesntmatter",

  391. 								defaultCloneDir, null, //

  392. 								"Host server", //

  393. 								"HostName localhost", //

  394. 								"Port " + testPort, //

  395. 								"User " + TEST_USER, //

  396. 								"IdentityFile " + privateKey2.getAbsolutePath(),

  397. 								"ProxyJump " + TEST_USER + "X@proxy:"

  398. 										+ proxy.getPort(), //

  399. 								"", //

  400. 								"Host proxy", //

  401. 								"Hostname localhost", //

  402. 								"IdentityFile "

  403. 										+ privateKey2.getAbsolutePath()));

  404. 				String message = e.getMessage();

  405. 				assertTrue(message.contains("localhost:" + testPort));

  406. 				assertTrue(message.contains("ssh://server"));

  407. 			} finally {

  408. 				proxy.stop();

  409. 			}

  410. 		}

  411. 	}

  412. 

  413. 	@Test

  414. 	public void testJumpHostNonSsh() throws Exception {

  415. 		SshdSocketAddress[] forwarded = { null };

  416. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  417. 				forwarded)) {

  418. 			try {

  419. 				TransportException e = assertThrows(TransportException.class,

  420. 						() -> cloneWith("ssh://server/doesntmatter",

  421. 								defaultCloneDir, null, //

  422. 								"Host server", //

  423. 								"HostName localhost", //

  424. 								"Port " + testPort, //

  425. 								"User " + TEST_USER, //

  426. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  427. 								"ProxyJump http://" + TEST_USER + "X@proxy:"

  428. 										+ proxy.getPort(), //

  429. 								"", //

  430. 								"Host proxy", //

  431. 								"Hostname localhost", //

  432. 								"IdentityFile "

  433. 										+ privateKey2.getAbsolutePath()));

  434. 				// Find the expected message

  435. 				Throwable t = e;

  436. 				while (t != null) {

  437. 					if (t instanceof URISyntaxException) {

  438. 						break;

  439. 					}

  440. 					t = t.getCause();

  441. 				}

  442. 				assertNotNull(t);

  443. 				assertTrue(t.getMessage().contains("Non-ssh"));

  444. 			} finally {

  445. 				proxy.stop();

  446. 			}

  447. 		}

  448. 	}

  449. 

  450. 	@Test

  451. 	public void testJumpHostWithPath() throws Exception {

  452. 		SshdSocketAddress[] forwarded = { null };

  453. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  454. 				forwarded)) {

  455. 			try {

  456. 				TransportException e = assertThrows(TransportException.class,

  457. 						() -> cloneWith("ssh://server/doesntmatter",

  458. 								defaultCloneDir, null, //

  459. 								"Host server", //

  460. 								"HostName localhost", //

  461. 								"Port " + testPort, //

  462. 								"User " + TEST_USER, //

  463. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  464. 								"ProxyJump ssh://" + TEST_USER + "X@proxy:"

  465. 										+ proxy.getPort() + "/wrongPath", //

  466. 								"", //

  467. 								"Host proxy", //

  468. 								"Hostname localhost", //

  469. 								"IdentityFile "

  470. 										+ privateKey2.getAbsolutePath()));

  471. 				// Find the expected message

  472. 				Throwable t = e;

  473. 				while (t != null) {

  474. 					if (t instanceof URISyntaxException) {

  475. 						break;

  476. 					}

  477. 					t = t.getCause();

  478. 				}

  479. 				assertNotNull(t);

  480. 				assertTrue(t.getMessage().contains("wrongPath"));

  481. 			} finally {

  482. 				proxy.stop();

  483. 			}

  484. 		}

  485. 	}

  486. 

  487. 	@Test

  488. 	public void testJumpHostWithPathShort() throws Exception {

  489. 		SshdSocketAddress[] forwarded = { null };

  490. 		try (SshServer proxy = createProxy(TEST_USER + 'X', publicKey2,

  491. 				forwarded)) {

  492. 			try {

  493. 				TransportException e = assertThrows(TransportException.class,

  494. 						() -> cloneWith("ssh://server/doesntmatter",

  495. 								defaultCloneDir, null, //

  496. 								"Host server", //

  497. 								"HostName localhost", //

  498. 								"Port " + testPort, //

  499. 								"User " + TEST_USER, //

  500. 								"IdentityFile " + privateKey1.getAbsolutePath(), //

  501. 								"ProxyJump " + TEST_USER + "X@proxy:wrongPath", //

  502. 								"", //

  503. 								"Host proxy", //

  504. 								"Hostname localhost", //

  505. 								"Port " + proxy.getPort(), //

  506. 								"IdentityFile "

  507. 										+ privateKey2.getAbsolutePath()));

  508. 				// Find the expected message

  509. 				Throwable t = e;

  510. 				while (t != null) {

  511. 					if (t instanceof URISyntaxException) {

  512. 						break;

  513. 					}

  514. 					t = t.getCause();

  515. 				}

  516. 				assertNotNull(t);

  517. 				assertTrue(t.getMessage().contains("wrongPath"));

  518. 			} finally {

  519. 				proxy.stop();

  520. 			}

  521. 		}

  522. 	}

  523. 

  524. 	@Test

  525. 	public void testJumpHostChain() throws Exception {

  526. 		SshdSocketAddress[] forwarded1 = { null };

  527. 		SshdSocketAddress[] forwarded2 = { null };

  528. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  529. 				forwarded1);

  530. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  531. 			try {

  532. 				// Clone proxy1 -> proxy2 -> server

  533. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  534. 						"Host server", //

  535. 						"HostName localhost", //

  536. 						"Port " + testPort, //

  537. 						"User " + TEST_USER, //

  538. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  539. 						"ProxyJump proxy2," + TEST_USER + "X@proxy:"

  540. 								+ proxy1.getPort(), //

  541. 						"", //

  542. 						"Host proxy", //

  543. 						"Hostname localhost", //

  544. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  545. 						"", //

  546. 						"Host proxy2", //

  547. 						"Hostname localhost", //

  548. 						"User foo", //

  549. 						"Port " + proxy2.getPort(), //

  550. 						"IdentityFile " + privateKey1.getAbsolutePath());

  551. 				assertNotNull(forwarded1[0]);

  552. 				assertEquals(proxy2.getPort(), forwarded1[0].getPort());

  553. 				assertNotNull(forwarded2[0]);

  554. 				assertEquals(testPort, forwarded2[0].getPort());

  555. 			} finally {

  556. 				proxy1.stop();

  557. 				proxy2.stop();

  558. 			}

  559. 		}

  560. 	}

  561. 

  562. 	@Test

  563. 	public void testJumpHostCascade() throws Exception {

  564. 		SshdSocketAddress[] forwarded1 = { null };

  565. 		SshdSocketAddress[] forwarded2 = { null };

  566. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  567. 				forwarded1);

  568. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  569. 			try {

  570. 				// Clone proxy2 -> proxy1 -> server

  571. 				cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //

  572. 						"Host server", //

  573. 						"HostName localhost", //

  574. 						"Port " + testPort, //

  575. 						"User " + TEST_USER, //

  576. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  577. 						"ProxyJump " + TEST_USER + "X@proxy", //

  578. 						"", //

  579. 						"Host proxy", //

  580. 						"Hostname localhost", //

  581. 						"Port " + proxy1.getPort(), //

  582. 						"ProxyJump ssh://proxy2:" + proxy2.getPort(), //

  583. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  584. 						"", //

  585. 						"Host proxy2", //

  586. 						"Hostname localhost", //

  587. 						"User foo", //

  588. 						"IdentityFile " + privateKey1.getAbsolutePath());

  589. 				assertNotNull(forwarded1[0]);

  590. 				assertEquals(testPort, forwarded1[0].getPort());

  591. 				assertNotNull(forwarded2[0]);

  592. 				assertEquals(proxy1.getPort(), forwarded2[0].getPort());

  593. 			} finally {

  594. 				proxy1.stop();

  595. 				proxy2.stop();

  596. 			}

  597. 		}

  598. 	}

  599. 

  600. 	@Test

  601. 	public void testJumpHostRecursion() throws Exception {

  602. 		SshdSocketAddress[] forwarded1 = { null };

  603. 		SshdSocketAddress[] forwarded2 = { null };

  604. 		try (SshServer proxy1 = createProxy(TEST_USER + 'X', publicKey2,

  605. 				forwarded1);

  606. 				SshServer proxy2 = createProxy("foo", publicKey1, forwarded2)) {

  607. 			try {

  608. 				TransportException e = assertThrows(TransportException.class,

  609. 						() -> cloneWith(

  610. 						"ssh://server/doesntmatter", defaultCloneDir, null, //

  611. 						"Host server", //

  612. 						"HostName localhost", //

  613. 						"Port " + testPort, //

  614. 						"User " + TEST_USER, //

  615. 						"IdentityFile " + privateKey1.getAbsolutePath(), //

  616. 						"ProxyJump " + TEST_USER + "X@proxy", //

  617. 						"", //

  618. 						"Host proxy", //

  619. 						"Hostname localhost", //

  620. 						"Port " + proxy1.getPort(), //

  621. 						"ProxyJump ssh://proxy2:" + proxy2.getPort(), //

  622. 						"IdentityFile " + privateKey2.getAbsolutePath(), //

  623. 						"", //

  624. 						"Host proxy2", //

  625. 						"Hostname localhost", //

  626. 						"User foo", //

  627. 						"ProxyJump " + TEST_USER + "X@proxy", //

  628. 						"IdentityFile " + privateKey1.getAbsolutePath()));

  629. 				assertTrue(e.getMessage().contains("proxy"));

  630. 			} finally {

  631. 				proxy1.stop();

  632. 				proxy2.stop();

  633. 			}

  634. 		}

  635. 	}

  636. 

  637. 	/**

  638. 	 * Tests that one can log in to an old server that doesn't handle

  639. 	 * rsa-sha2-512 if one puts ssh-rsa first in the client's list of public key

  640. 	 * signature algorithms.

  641. 	 *

  642. 	 * @see <a href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=572056">bug

  643. 	 *      572056</a>

  644. 	 * @throws Exception

  645. 	 *             on failure

  646. 	 */

  647. 	@Test

  648. 	public void testConnectAuthSshRsaPubkeyAcceptedAlgorithms()

  649. 			throws Exception {

  650. 		try (SshServer oldServer = createServer(TEST_USER, publicKey1)) {

  651. 			oldServer.setSignatureFactoriesNames("ssh-rsa");

  652. 			oldServer.start();

  653. 			registerServer(oldServer);

  654. 			installConfig("Host server", //

  655. 					"HostName localhost", //

  656. 					"Port " + oldServer.getPort(), //

  657. 					"User " + TEST_USER, //

  658. 					"IdentityFile " + privateKey1.getAbsolutePath(), //

  659. 					"PubkeyAcceptedAlgorithms ^ssh-rsa");

  660. 			RemoteSession session = getSessionFactory().getSession(

  661. 					new URIish("ssh://server/doesntmatter"), null, FS.DETECTED,

  662. 					10000);

  663. 			assertNotNull(session);

  664. 			session.disconnect();

  665. 		}

  666. 	}

  667. 

  668. 	/**

  669. 	 * Tests that one can log in to an old server that knows only the ssh-rsa

  670. 	 * signature algorithm. The client has by default the list of signature

  671. 	 * algorithms for RSA as "rsa-sha2-512,rsa-sha2-256,ssh-rsa". It should try

  672. 	 * all three with the single key configured, and finally succeed.

  673. 	 * <p>

  674. 	 * The re-ordering mechanism (see

  675. 	 * {@link #testConnectAuthSshRsaPubkeyAcceptedAlgorithms()}) is still

  676. 	 * important; servers may impose a penalty (back-off delay) for subsequent

  677. 	 * attempts with signature algorithms unknown to the server. So a user

  678. 	 * connecting to such a server and noticing delays may still want to put

  679. 	 * ssh-rsa first in the list for that host.

  680. 	 * </p>

  681. 	 *

  682. 	 * @see <a href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=572056">bug

  683. 	 *      572056</a>

  684. 	 * @throws Exception

  685. 	 *             on failure

  686. 	 */

  687. 	@Test

  688. 	public void testConnectAuthSshRsa() throws Exception {

  689. 		try (SshServer oldServer = createServer(TEST_USER, publicKey1)) {

  690. 			oldServer.setSignatureFactoriesNames("ssh-rsa");

  691. 			oldServer.start();

  692. 			registerServer(oldServer);

  693. 			installConfig("Host server", //

  694. 					"HostName localhost", //

  695. 					"Port " + oldServer.getPort(), //

  696. 					"User " + TEST_USER, //

  697. 					"IdentityFile " + privateKey1.getAbsolutePath());

  698. 			RemoteSession session = getSessionFactory().getSession(

  699. 					new URIish("ssh://server/doesntmatter"), null, FS.DETECTED,

  700. 					10000);

  701. 			assertNotNull(session);

  702. 			session.disconnect();

  703. 		}

  704. 	}

  705. }