1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
/*
* Copyright (C) 2019, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.transport.sshd;
import static org.junit.Assert.assertNotNull;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.junit.ssh.SshTestHarness;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshSessionFactory;
import org.eclipse.jgit.util.FS;
import org.junit.After;
import org.junit.Test;
/**
* Test for using the SshdSessionFactory without files in ~/.ssh but with an
* in-memory setup.
*/
public class NoFilesSshTest extends SshTestHarness {
private PublicKey testServerKey;
private KeyPair testUserKey;
@Override
protected SshSessionFactory createSessionFactory() {
SshdSessionFactory result = new SshdSessionFactory(new JGitKeyCache(),
null) {
@Override
protected File getSshConfig(File dir) {
return null;
}
@Override
protected ServerKeyDatabase getServerKeyDatabase(File homeDir,
File dir) {
return new ServerKeyDatabase() {
@Override
public List<PublicKey> lookup(String connectAddress,
InetSocketAddress remoteAddress,
Configuration config) {
return Collections.singletonList(testServerKey);
}
@Override
public boolean accept(String connectAddress,
InetSocketAddress remoteAddress,
PublicKey serverKey, Configuration config,
CredentialsProvider provider) {
return KeyUtils.compareKeys(serverKey, testServerKey);
}
};
}
@Override
protected Iterable<KeyPair> getDefaultKeys(File dir) {
// This would work for this simple test case:
// return Collections.singletonList(testUserKey);
// But let's see if we can check the host and username that's used.
// For that, we need access to the sshd SessionContext:
return new KeyAuthenticator();
}
@Override
protected String getDefaultPreferredAuthentications() {
return "publickey";
}
};
// The home directory is mocked at this point!
result.setHomeDirectory(FS.DETECTED.userHome());
result.setSshDirectory(sshDir);
return result;
}
private class KeyAuthenticator implements KeyIdentityProvider, Iterable<KeyPair> {
@Override
public Iterator<KeyPair> iterator() {
// Should not be called. The use of the Iterable interface in
// SshdSessionFactory.getDefaultKeys() made sense in sshd 2.0.0,
// but sshd 2.2.0 added the SessionContext, which although good
// (without it we couldn't check here) breaks the Iterable analogy.
// But we're stuck now with that interface for getDefaultKeys, and
// so this override throwing an exception is unfortunately needed.
throw new UnsupportedOperationException();
}
@Override
public Iterable<KeyPair> loadKeys(SessionContext session)
throws IOException, GeneralSecurityException {
if (!TEST_USER.equals(session.getUsername())) {
return Collections.emptyList();
}
SshdSocketAddress remoteAddress = SshdSocketAddress
.toSshdSocketAddress(session.getRemoteAddress());
switch (remoteAddress.getHostName()) {
case "localhost":
case "127.0.0.1":
return Collections.singletonList(testUserKey);
default:
return Collections.emptyList();
}
}
}
@After
public void cleanUp() {
testServerKey = null;
testUserKey = null;
}
@Override
protected void installConfig(String... config) {
File configFile = new File(sshDir, Constants.CONFIG);
if (config != null) {
try {
Files.write(configFile.toPath(), Arrays.asList(config));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
}
@Test
public void testCloneWithBuiltInKeys() throws Exception {
// This test should fail unless our in-memory setup is taken: no
// known_hosts file, a config that specifies a non-existing key,
// and the test is using a newly generated KeyPairs anyway.
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
testUserKey = generator.generateKeyPair();
KeyPair hostKey = generator.generateKeyPair();
server.addHostKey(hostKey, true);
testServerKey = hostKey.getPublic();
assertNotNull(testServerKey);
assertNotNull(testUserKey);
server.setTestUserPublicKey(testUserKey.getPublic());
cloneWith(
"ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter",
new File(getTemporaryDirectory(), "cloned"), null, //
"Host localhost", //
"IdentityFile "
+ new File(sshDir, "does_not_exist").getAbsolutePath());
}
}
|
