* Fix: if the client knows CA key, it should send host key algo proposal for certificates
* Run specific SSH server in KeyWithCertificateSpec
Required to verify the case with wrong host key algorithm proposals. See #733
* Split KeyWithCertificateSpec into HostKeyWithCertificateSpec and PublicKeyAuthWithCertificateSpec
Prevents from starting unnecessary SSHD containers, making the tests run a bit faster when they are launched separately.
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* full support for encrypted PuTTY v3 files (Argon2 library not included)
* simplified the PuTTYKeyDerivation interface and provided an abstract PuTTYArgon2 class for an easy Argon2 integration
* use Argon2 implementation from Bouncy Castle
* missing license header added
* license header again
* unit tests extended to cover all Argon2 variants and non-standard Argon2 parameters; verify the loaded keys
* Enable renaming with flags
The SFTP protocol allows to rename files by specifying
extra flags:
- OVERWRITE
- ATOMIC
- NATIVE
The flags are exposed through a new RenameFlags enum and
can be passed as parameters to the rename() method in
SFTPClient/SFTPEngine.
Relates to #563
* Update RenameFlags.java
* Update RenameFlags.java
* Align license header with all other files
* Make RenameFlags parameter in line with OpenMode(s)
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys
* Remove unndeeded BC call.
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Prefer known algorithm for known host
(#642, #635... 10? issues)
Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.
If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.
* Add support for multiple matching hostkeys, in configuration order
Co-authored-by: Bernie Day <bday@jvncomm.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Support v3 PuTTY keys
* add test for putty v3 key
* Format PuTTYKeyFile to fix Codacy warnings
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Add key types for ECDSA and ED25519 with certificates to implement publickey auth with that keys.
* Read public key certificates in OpenSSHKeyV1KeyFile.
* Fix ClassCastException in ECDSAVariationsAdapter.isECKeyWithFieldSize.
* Introduce an integration test for publickey auth with certificates.
* Refactor: merge copy-paste from OpenSshKey*File.java into an util class.
* Add the license to KeyWithCertificateSpec.groovy
* Add the license to OpenSSHKeyFileUtil.java
* Support writing unsigned integers to buffer, this is required to support channel ids greater than Integer.MAX_VALUE
fixeshierynomus/sshj#690
* Fix incorrect test
* Fix indentation to make codacy happy
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Added an override for copy method, allowing the user to specify whether preserve flag is used in the SCP command.
- Propagated the preserveTime boolean to process method to skip preserveTimeIfPossible when it's not desired
* Support ED25519 PuTTY keys.
Fix#659
* PuTTYKeyFile: Use net.schmizz.sshj.common.Buffer instead of own KeyReader.
A tiny refactoring made in order to allow usage of other utility methods which require Buffer.
* Support ECDSA PuTTY keys.
* Some code cleanup
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
