SshTestBase.java
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.transport.ssh;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeTrue;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.List;
import java.util.Locale;
import org.eclipse.jgit.api.errors.TransportException;
import org.eclipse.jgit.transport.CredentialItem;
import org.eclipse.jgit.transport.JschConfigSessionFactory;
import org.junit.Test;
import org.junit.experimental.theories.DataPoints;
import org.junit.experimental.theories.Theory;
/**
* The ssh tests. Concrete subclasses can re-use these tests by implementing the
* abstract operations from {@link SshTestHarness}. This gives a way to test
* different ssh clients against a unified test suite.
*/
public abstract class SshTestBase extends SshTestHarness {
@DataPoints
public static String[] KEY_RESOURCES = { //
"id_dsa", //
"id_rsa_1024", //
"id_rsa_2048", //
"id_rsa_3072", //
"id_rsa_4096", //
"id_ecdsa_256", //
"id_ecdsa_384", //
"id_ecdsa_521", //
"id_ed25519", //
// And now encrypted. Passphrase is "testpass".
"id_dsa_testpass", //
"id_rsa_1024_testpass", //
"id_rsa_2048_testpass", //
"id_rsa_3072_testpass", //
"id_rsa_4096_testpass", //
"id_ecdsa_256_testpass", //
"id_ecdsa_384_testpass", //
"id_ecdsa_521_testpass", //
"id_ed25519_testpass", //
"id_ed25519_expensive_testpass" };
protected File defaultCloneDir;
@Override
public void setUp() throws Exception {
super.setUp();
defaultCloneDir = new File(getTemporaryDirectory(), "cloned");
}
@Test(expected = TransportException.class)
public void testSshWithoutConfig() throws Exception {
cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter", defaultCloneDir, null);
}
@Test
public void testSshWithGlobalIdentity() throws Exception {
cloneWith(
"ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter",
defaultCloneDir, null,
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithDefaultIdentity() throws Exception {
File idRsa = new File(privateKey1.getParentFile(), "id_rsa");
Files.copy(privateKey1.toPath(), idRsa.toPath());
// We expect the session factory to pick up these keys...
cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter", defaultCloneDir, null);
}
@Test
public void testSshWithConfig() throws Exception {
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithConfigEncryptedUnusedKey() throws Exception {
// Copy the encrypted test key from the bundle.
File encryptedKey = new File(sshDir, "id_dsa");
copyTestResource("id_dsa_testpass", encryptedKey);
TestCredentialsProvider provider = new TestCredentialsProvider(
"testpass");
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
assertEquals("CredentialsProvider should not have been called", 0,
provider.getLog().size());
}
@Test
public void testSshWithConfigEncryptedUnusedKeyInConfigLast()
throws Exception {
// Copy the encrypted test key from the bundle.
File encryptedKey = new File(sshDir, "id_dsa_test_key");
copyTestResource("id_dsa_testpass", encryptedKey);
TestCredentialsProvider provider = new TestCredentialsProvider(
"testpass");
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(),
"IdentityFile " + encryptedKey.getAbsolutePath());
// This test passes with JSch per chance because JSch completely ignores
// the second IdentityFile
assertEquals("CredentialsProvider should not have been called", 0,
provider.getLog().size());
}
@Test
public void testSshWithConfigEncryptedUnusedKeyInConfigFirst()
throws Exception {
// Test cannot pass with JSch; it handles only one IdentityFile.
// assumeTrue(!(getSessionFactory() instanceof
// JschConfigSessionFactory)); gives in bazel a failure with "Never
// found parameters that satisfied method assumptions."
// In maven it's fine!?
if (getSessionFactory() instanceof JschConfigSessionFactory) {
return;
}
// Copy the encrypted test key from the bundle.
File encryptedKey = new File(sshDir, "id_dsa_test_key");
copyTestResource("id_dsa_testpass", encryptedKey);
TestCredentialsProvider provider = new TestCredentialsProvider(
"testpass");
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + encryptedKey.getAbsolutePath(),
"IdentityFile " + privateKey1.getAbsolutePath());
assertEquals("CredentialsProvider should have been called once", 1,
provider.getLog().size());
}
@Test
public void testSshEncryptedUsedKeyCached() throws Exception {
// Make sure we are asked for the password only once if we do several
// operations with an encrypted key.
File encryptedKey = new File(sshDir, "id_dsa_test_key");
copyTestResource("id_dsa_testpass", encryptedKey);
File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
server.setTestUserPublicKey(encryptedPublicKey.toPath());
TestCredentialsProvider provider = new TestCredentialsProvider(
"testpass");
pushTo(provider,
cloneWith("ssh://localhost/doesntmatter", //
defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + encryptedKey.getAbsolutePath()));
assertEquals("CredentialsProvider should have been called once", 1,
provider.getLog().size());
}
@Test(expected = TransportException.class)
public void testSshEncryptedUsedKeyWrongPassword() throws Exception {
File encryptedKey = new File(sshDir, "id_dsa_test_key");
copyTestResource("id_dsa_testpass", encryptedKey);
File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
server.setTestUserPublicKey(encryptedPublicKey.toPath());
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass");
cloneWith("ssh://localhost/doesntmatter", //
defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"NumberOfPasswordPrompts 1", //
"IdentityFile " + encryptedKey.getAbsolutePath());
}
@Test
public void testSshEncryptedUsedKeySeveralPassword() throws Exception {
File encryptedKey = new File(sshDir, "id_dsa_test_key");
copyTestResource("id_dsa_testpass", encryptedKey);
File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
server.setTestUserPublicKey(encryptedPublicKey.toPath());
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass", "wrongpass2", "testpass");
cloneWith("ssh://localhost/doesntmatter", //
defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + encryptedKey.getAbsolutePath());
assertEquals("CredentialsProvider should have been called 3 times", 3,
provider.getLog().size());
}
@Test(expected = TransportException.class)
public void testSshWithoutKnownHosts() throws Exception {
assertTrue("Could not delete known_hosts", knownHosts.delete());
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithoutKnownHostsWithProviderAsk()
throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
// The provider will answer "yes" to all questions, so we should be able
// to connect and end up with a new known_hosts file with the host key.
TestCredentialsProvider provider = new TestCredentialsProvider();
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
List<LogEntry> messages = provider.getLog();
assertFalse("Expected user interaction", messages.isEmpty());
if (getSessionFactory() instanceof JschConfigSessionFactory) {
// JSch doesn't create a non-existing file.
assertEquals("Expected to be asked about the key", 1,
messages.size());
return;
}
assertEquals(
"Expected to be asked about the key, and the file creation",
2, messages.size());
assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
// Instead of checking the file contents, let's just clone again
// without provider. If it works, the server host key was written
// correctly.
File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
cloneWith("ssh://localhost/doesntmatter", clonedAgain, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithoutKnownHostsWithProviderAcceptNew()
throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
TestCredentialsProvider provider = new TestCredentialsProvider();
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"StrictHostKeyChecking accept-new", //
"IdentityFile " + privateKey1.getAbsolutePath());
if (getSessionFactory() instanceof JschConfigSessionFactory) {
// JSch doesn't create new files.
assertTrue("CredentialsProvider not called",
provider.getLog().isEmpty());
return;
}
assertEquals("Expected to be asked about the file creation", 1,
provider.getLog().size());
assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
// Instead of checking the file contents, let's just clone again
// without provider. If it works, the server host key was written
// correctly.
File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test(expected = TransportException.class)
public void testSshWithoutKnownHostsDeny() throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"StrictHostKeyChecking yes", //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test(expected = TransportException.class)
public void testSshModifiedHostKeyDeny()
throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
// Now produce a new known_hosts file containing some other key.
createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"StrictHostKeyChecking yes", //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test(expected = TransportException.class)
public void testSshModifiedHostKeyWithProviderDeny() throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
// Now produce a new known_hosts file containing some other key.
createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
TestCredentialsProvider provider = new TestCredentialsProvider();
try {
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"StrictHostKeyChecking yes", //
"IdentityFile " + privateKey1.getAbsolutePath());
} catch (Exception e) {
assertEquals("Expected to be told about the modified key", 1,
provider.getLog().size());
assertTrue("Only messages expected", provider.getLog().stream()
.flatMap(l -> l.getItems().stream()).allMatch(
c -> c instanceof CredentialItem.InformationalMessage));
throw e;
}
}
private void checkKnownHostsModifiedHostKey(File backup, File newFile,
String wrongKey) throws IOException {
List<String> oldLines = Files.readAllLines(backup.toPath(), UTF_8);
// Find the original entry. We should have that again in known_hosts.
String oldKeyPart = null;
for (String oldLine : oldLines) {
if (oldLine.contains("[localhost]:")) {
String[] parts = oldLine.split("\\s+");
if (parts.length > 2) {
oldKeyPart = parts[parts.length - 2] + ' '
+ parts[parts.length - 1];
break;
}
}
}
assertNotNull("Old key not found", oldKeyPart);
List<String> newLines = Files.readAllLines(newFile.toPath(), UTF_8);
assertFalse("Old host key still found in known_hosts file" + newFile,
hasHostKey("localhost", testPort, wrongKey, newLines));
assertTrue("New host key not found in known_hosts file" + newFile,
hasHostKey("localhost", testPort, oldKeyPart, newLines));
}
@Test
public void testSshModifiedHostKeyAllow() throws Exception {
assertTrue("Failed to delete known_hosts", knownHosts.delete());
createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
File backup = new File(getTemporaryDirectory(), "backupKnownHosts");
Files.copy(knownHosts.toPath(), backup.toPath());
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"StrictHostKeyChecking no", //
"IdentityFile " + privateKey1.getAbsolutePath());
// File should not have been updated!
String[] oldLines = Files
.readAllLines(backup.toPath(), UTF_8)
.toArray(new String[0]);
String[] newLines = Files
.readAllLines(knownHosts.toPath(), UTF_8)
.toArray(new String[0]);
assertArrayEquals("Known hosts file should not be modified", oldLines,
newLines);
}
@Test
public void testSshModifiedHostKeyAsk() throws Exception {
File copiedHosts = new File(knownHosts.getParentFile(),
"copiedKnownHosts");
assertTrue("Failed to rename known_hosts",
knownHosts.renameTo(copiedHosts));
String wrongKeyPart = createKnownHostsFile(knownHosts, "localhost",
testPort, publicKey1);
TestCredentialsProvider provider = new TestCredentialsProvider();
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
checkKnownHostsModifiedHostKey(copiedHosts, knownHosts, wrongKeyPart);
assertEquals("Expected to be asked about the modified key", 1,
provider.getLog().size());
}
@Test
public void testSshCloneWithConfigAndPush() throws Exception {
pushTo(cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath()));
}
@Test
public void testSftpWithConfig() throws Exception {
cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSftpCloneWithConfigAndPush() throws Exception {
pushTo(cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath()));
}
@Test(expected = TransportException.class)
public void testSshWithConfigWrongKey() throws Exception {
cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey2.getAbsolutePath());
}
@Test
public void testSshWithWrongUserNameInConfig() throws Exception {
// Bug 526778
cloneWith(
"ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter",
defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"User sombody_else", //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithWrongPortInConfig() throws Exception {
// Bug 526778
cloneWith(
"ssh://" + TEST_USER + "@localhost:" + testPort
+ "/doesntmatter",
defaultCloneDir, null, //
"Host localhost", //
"HostName localhost", //
"Port 22", //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testSshWithAliasInConfig() throws Exception {
// Bug 531118
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), "", //
"Host localhost", //
"HostName localhost", //
"Port 22", //
"User someone_else", //
"IdentityFile " + privateKey2.getAbsolutePath());
}
@Test
public void testSshWithUnknownCiphersInConfig() throws Exception {
// Bug 535672
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr");
}
@Test
public void testSshWithUnknownHostKeyAlgorithmsInConfig()
throws Exception {
// Bug 535672
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"HostKeyAlgorithms foobar,ssh-rsa,ssh-dss");
}
@Test
public void testSshWithUnknownKexAlgorithmsInConfig()
throws Exception {
// Bug 535672
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"KexAlgorithms foobar,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521");
}
@Test
public void testSshWithMinimalHostKeyAlgorithmsInConfig()
throws Exception {
// Bug 537790
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"HostKeyAlgorithms ssh-rsa,ssh-dss");
}
@Test
public void testSshWithUnknownAuthInConfig() throws Exception {
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"PreferredAuthentications gssapi-with-mic,hostbased,publickey,keyboard-interactive,password");
}
@Test(expected = TransportException.class)
public void testSshWithNoMatchingAuthInConfig() throws Exception {
// Server doesn't do password, and anyway we set no password.
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath(), //
"PreferredAuthentications password");
}
@Test
public void testRsaHostKeySecond() throws Exception {
// See https://git.eclipse.org/r/#/c/130402/ : server has EcDSA
// (preferred), RSA, we have RSA in known_hosts: client and server
// should agree on RSA.
File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
copyTestResource("id_ecdsa_256", newHostKey);
server.addHostKey(newHostKey.toPath(), true);
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testEcDsaHostKey() throws Exception {
// See https://git.eclipse.org/r/#/c/130402/ : server has RSA
// (preferred), EcDSA, we have EcDSA in known_hosts: client and server
// should agree on EcDSA.
File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
copyTestResource("id_ecdsa_256", newHostKey);
server.addHostKey(newHostKey.toPath(), false);
File newHostKeyPub = new File(getTemporaryDirectory(),
"newhostkey.pub");
copyTestResource("id_ecdsa_256.pub", newHostKeyPub);
createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey1.getAbsolutePath());
}
@Test
public void testPasswordAuth() throws Exception {
server.enablePasswordAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications password");
}
@Test
public void testPasswordAuthSeveralTimes() throws Exception {
server.enablePasswordAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications password");
}
@Test(expected = TransportException.class)
public void testPasswordAuthWrongPassword() throws Exception {
server.enablePasswordAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass");
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications password");
}
@Test(expected = TransportException.class)
public void testPasswordAuthNoPassword() throws Exception {
server.enablePasswordAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider();
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications password");
}
@Test(expected = TransportException.class)
public void testPasswordAuthCorrectPasswordTooLate() throws Exception {
server.enablePasswordAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass", "wrongpass", "wrongpass",
TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications password");
}
@Test
public void testKeyboardInteractiveAuth() throws Exception {
server.enableKeyboardInteractiveAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications keyboard-interactive");
}
@Test
public void testKeyboardInteractiveAuthSeveralTimes() throws Exception {
server.enableKeyboardInteractiveAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass", "wrongpass", TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications keyboard-interactive");
}
@Test(expected = TransportException.class)
public void testKeyboardInteractiveAuthWrongPassword() throws Exception {
server.enableKeyboardInteractiveAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass");
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications keyboard-interactive");
}
@Test(expected = TransportException.class)
public void testKeyboardInteractiveAuthNoPassword() throws Exception {
server.enableKeyboardInteractiveAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider();
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications keyboard-interactive");
}
@Test(expected = TransportException.class)
public void testKeyboardInteractiveAuthCorrectPasswordTooLate()
throws Exception {
server.enableKeyboardInteractiveAuthentication();
TestCredentialsProvider provider = new TestCredentialsProvider(
"wrongpass", "wrongpass", "wrongpass",
TEST_USER.toUpperCase(Locale.ROOT));
cloneWith("ssh://git/doesntmatter", defaultCloneDir, provider, //
"Host git", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"PreferredAuthentications keyboard-interactive");
}
@Theory
public void testSshKeys(String keyName) throws Exception {
// JSch fails on ECDSA 384/521 keys. Compare
// https://sourceforge.net/p/jsch/patches/10/
assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
&& (keyName.contains("ed25519")
|| keyName.startsWith("id_ecdsa_384")
|| keyName.startsWith("id_ecdsa_521"))));
File cloned = new File(getTemporaryDirectory(), "cloned");
String keyFileName = keyName + "_key";
File privateKey = new File(sshDir, keyFileName);
copyTestResource(keyName, privateKey);
File publicKey = new File(sshDir, keyFileName + ".pub");
copyTestResource(keyName + ".pub", publicKey);
server.setTestUserPublicKey(publicKey.toPath());
TestCredentialsProvider provider = new TestCredentialsProvider(
"testpass");
pushTo(provider,
cloneWith("ssh://localhost/doesntmatter", //
cloned, provider, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey.getAbsolutePath()));
int expectedCalls = keyName.endsWith("testpass") ? 1 : 0;
assertEquals("Unexpected calls to CredentialsProvider", expectedCalls,
provider.getLog().size());
// Should now also work without credentials provider, even if the key
// was encrypted.
cloned = new File(getTemporaryDirectory(), "cloned2");
pushTo(null,
cloneWith("ssh://localhost/doesntmatter", //
cloned, null, //
"Host localhost", //
"HostName localhost", //
"Port " + testPort, //
"User " + TEST_USER, //
"IdentityFile " + privateKey.getAbsolutePath()));
}
}