* Added SFTP file transfer resume support on both PUT and GET. Internally SFTPFileTransfer has a few sanity checks to fall back to full replacement even if the resume flag is set.
SCP file transfers have not been changed to support this at this time.
* Added JUnit tests for issue-700
* Throw SCPException when attempting to resume SCP transfers.
* Licensing
* Small bug resuming a completed file was restarting since the bytes were equal.
* Enhanced test cases to validate the expected bytes transferred for each scenario are the actual bytes transferred.
* Removed author info which was pre-filled from company IDE template
* Added "fall through" comment for switch
* Changed the API for requesting a resume from a boolean flag with some internal decisions to be a user-specified long byte offset. This is cleaner but puts the onus on the caller to know exactly what they're asking for in their circumstance, which is ultimately better for a library like sshj.
* Reverted some now-unnecessary changes to SFTPFileTransfer.Uploader.prepareFile()
* Fix gradle exclude path for test files
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
Due to a bug in logic introduced by #769, RemoteFile.ReadAheadRemoteFileInputStream started to send new read ahead requests for file parts that had already been requested.
Every call to read() asked the server to send parts of the file from the point which is already downloaded. Instead, it should have asked to send parts after the last requested part. This commit adds exactly this logic.
The bug didn't cause content corruption. It only affected performance, both on servers and on clients.
There is a contract that FileKeyProvider.readKey throws an IOException if something goes wrong. Throwing an NPE is not expected by API users. Also, it is much more difficult to find out if the NPE is thrown due to a broken key file, or due to an internal bug.
Reported from https://github.com/TeamAmaze/AmazeFileManager/issues/2976, it was found the key uses aes-128-cbc which is currently not supported by sshj. This change adds support for it.
To enable support for this, also eliminated hardcoding byte array size for key and IV, as a result of BCrypt.pbkdf().
If an instance of ReadAheadRemoteFileInputStream before this change is wrapped into a BufferedInputStream with a big buffer, the SSH client requests big packets from the server. It turned out that if the server had sent a response smaller than requested, the client wouldn't have adjusted to decreased window size, and would have read the file incorrectly.
This change detects cases when the server is not able to fulfil client's requests. Since this change, the client adjusts the maximum request length, sends new read-ahead requests, and starts to ignore all read-ahead requests sent earlier.
Just specifying some allegedly small constant buffer size wouldn't have helped in all possible cases. There is no way to explicitly get the maximum request length inside a client. All that limits differ from server to server. For instance, OpenSSH defines SFTP_MAX_MSG_LENGTH as 256 * 1024. Apache SSHD defines MAX_READDATA_PACKET_LENGTH as 63 * 1024, and it allows to redefine that size.
Interestingly, a similar issue #183 was fixed many years ago, but the bug was actually in the code introduced for that fix.
* Removed deprecated proxy connect methods from SocketClient
- Removed custom Jdk7HttpProxySocket class
* Reverted removal of Jdk7HttpProxySocket to retain JDK 7 support for HTTP CONNECT
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Add parameter to limit read ahead to maximum length. Allows to use multiple concurrent threads reading from the same file with an offset without reading too much ahead for a single segment.
* Review and add tests.
Signed-off-by: David Kocher <dkocher@iterate.ch>
Co-authored-by: Yves Langisch <yves@langisch.ch>
- Added ThreadNameProvider to set name based on Thread Class and remote socket address
- Added RemoteAddressProvider to abstract access to Remote Socket Address
- Set Reader Thread name in TransportImpl
- Set SFTP PacketReader Thread name in SFTPEngine
- Set KeepAlive Thread name in SSHClient
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Changed KeepAlive.setKeepAliveInterval() to avoid starting Thread
- Updated SSHClient.onConnect() to start KeepAlive Thread when enabled
- Updated SSHClient.disconnect() to interrupt KeepAlive Thread
- Updated KeepAliveThreadTerminationTest to verify state of KeepAlive Thread
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Adjusted test classes to work with Apache SSHD 2.8.0
- Upgraded Bouncy Castle from 1.69 to 1.70
- Upgraded Apache SSHD from 2.1.0 to 2.8.0
- Upgraded JUnit from 4.12 to 4.13.2
- Upgraded Mockito from 2.28.2 to 4.2.0
- Upgraded Logback from 1.2.6 to 1.2.9
- Upgraded Apache HTTP Client from 4.5.9 to 4.5.14
* Improve SshdContainer: log `docker build` to stdout, don't wait too long if container exited
* Fix#740: Lean on Config.keyAlgorithms choosing between rsa-sha2-* and ssh-rsa
Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key.
OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key.
Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order.
Sorry, this commit mostly reverts changes from #607.
* Introduce ConfigImpl.prioritizeSshRsaKeyAlgorithm to deal with broken backward compatibility
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Fix: if the client knows CA key, it should send host key algo proposal for certificates
* Run specific SSH server in KeyWithCertificateSpec
Required to verify the case with wrong host key algorithm proposals. See #733
* Split KeyWithCertificateSpec into HostKeyWithCertificateSpec and PublicKeyAuthWithCertificateSpec
Prevents from starting unnecessary SSHD containers, making the tests run a bit faster when they are launched separately.
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* full support for encrypted PuTTY v3 files (Argon2 library not included)
* simplified the PuTTYKeyDerivation interface and provided an abstract PuTTYArgon2 class for an easy Argon2 integration
* use Argon2 implementation from Bouncy Castle
* missing license header added
* license header again
* unit tests extended to cover all Argon2 variants and non-standard Argon2 parameters; verify the loaded keys
* Enable renaming with flags
The SFTP protocol allows to rename files by specifying
extra flags:
- OVERWRITE
- ATOMIC
- NATIVE
The flags are exposed through a new RenameFlags enum and
can be passed as parameters to the rename() method in
SFTPClient/SFTPEngine.
Relates to #563
* Update RenameFlags.java
* Update RenameFlags.java
* Align license header with all other files
* Make RenameFlags parameter in line with OpenMode(s)
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys
* Remove unndeeded BC call.
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Prefer known algorithm for known host
(#642, #635... 10? issues)
Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.
If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.
* Add support for multiple matching hostkeys, in configuration order
Co-authored-by: Bernie Day <bday@jvncomm.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Support v3 PuTTY keys
* add test for putty v3 key
* Format PuTTYKeyFile to fix Codacy warnings
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Add key types for ECDSA and ED25519 with certificates to implement publickey auth with that keys.
* Read public key certificates in OpenSSHKeyV1KeyFile.
* Fix ClassCastException in ECDSAVariationsAdapter.isECKeyWithFieldSize.
* Introduce an integration test for publickey auth with certificates.
* Refactor: merge copy-paste from OpenSshKey*File.java into an util class.
* Add the license to KeyWithCertificateSpec.groovy
* Add the license to OpenSSHKeyFileUtil.java
* Support writing unsigned integers to buffer, this is required to support channel ids greater than Integer.MAX_VALUE
fixeshierynomus/sshj#690
* Fix incorrect test
* Fix indentation to make codacy happy
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Added an override for copy method, allowing the user to specify whether preserve flag is used in the SCP command.
- Propagated the preserveTime boolean to process method to skip preserveTimeIfPossible when it's not desired
