Mirrors/sshj
1
0
Fork 0
mirror of https://github.com/hierynomus/sshj.git synced 2025-12-07 07:40:55 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Mirrors:v0.20.0
Branches Tags
Mirrors:master Mirrors:move-tests Mirrors:proxy-factory Mirrors:issue-812 Mirrors:issue-711 Mirrors:issue-670 Mirrors:issue-588 Mirrors:issue-550 Mirrors:issue-358 Mirrors:java6 Mirrors:issue-88 Mirrors:issue-159 Mirrors:gh-pages
Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.0 Mirrors:v0.30.0 Mirrors:v0.29.0 Mirrors:v0.28.0 Mirrors:v0.27.0 Mirrors:v0.26.0 Mirrors:v0.25.0 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.0 Mirrors:v0.15.0 Mirrors:v0.14.0 Mirrors:v0.13.0 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.9.0 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.0 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.0 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.1 Mirrors:v0.3.0 Mirrors:v0.2.3 Mirrors:v0.2.0 Mirrors:v0.1.1 Mirrors:v0.1.0
...
compare: Mirrors:v0.25.0
Branches Tags
Mirrors:master Mirrors:move-tests Mirrors:proxy-factory Mirrors:issue-812 Mirrors:issue-711 Mirrors:issue-670 Mirrors:issue-588 Mirrors:issue-550 Mirrors:issue-358 Mirrors:java6 Mirrors:issue-88 Mirrors:issue-159 Mirrors:gh-pages
Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.0 Mirrors:v0.30.0 Mirrors:v0.29.0 Mirrors:v0.28.0 Mirrors:v0.27.0 Mirrors:v0.26.0 Mirrors:v0.25.0 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.0 Mirrors:v0.15.0 Mirrors:v0.14.0 Mirrors:v0.13.0 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.9.0 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.0 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.0 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.1 Mirrors:v0.3.0 Mirrors:v0.2.3 Mirrors:v0.2.0 Mirrors:v0.1.1 Mirrors:v0.1.0

99 Commits
v0.20.0 ... v0.25.0

Author SHA1 Message Date
Jeroen van Erp
b5f0d4c9fb Release version: 0.25.0 2018-04-04 13:05:02 +02:00
Jeroen van Erp
c10cb7f138 Fix release plugin? 2018-04-04 13:03:56 +02:00
Jeroen van Erp
81e26f4a7f Release version: 0.24.0 2018-04-04 12:00:30 +02:00
Jeroen van Erp
aa53effce8 Merge branch 'issue-358' 2018-03-22 22:50:51 +01:00
Jeroen van Erp
76e6e572b4 Merge branch 'master' into issue-358 2018-03-22 22:50:37 +01:00
Jeroen van Erp
2003a9f8c9 Add support for verifying multiple host entries (Fixes #405) 2018-03-21 23:54:25 +01:00
Jeroen van Erp
84a7677a62 Add support for hmac-ripemd-160 2018-03-05 13:00:41 +01:00
Jeroen van Erp
3bcd3530cf Renamed test to spec 2018-03-05 13:00:41 +01:00
Jeroen van Erp
a63f9ee8fd New version Base64 class 2018-03-05 13:00:41 +01:00
Jeroen van Erp
4be5a98ea3 Merge pull request #400 from maxd/public_constructor_of_host_entry 
HostEntry constructor must be public
 2018-02-20 23:16:41 +01:00
Maxim Dobryakov
26df2f3c23 HostEntry constructor must be public 
Reasons:

1) SimpleEntry (was replaced to HostEntry) class had public constructor
2) HostEntry class can be used outside of sshj library to add entries to .known_hosts file (i.e. for implementation of interactive HostKeyVerifier)
 2018-02-20 22:59:36 +03:00
Michael Prankl
39b72eed62 Android Compability, again ;-) (#392) 
* Rework SecurityUtils and PKCS8KeyFile for usage with SpongyCastle.

* Specifying providerName for registration is unneccessary.

* Update AndroidConfig, fix imports.

* Workaround for Android 5.0 bug when SpongyCastle is the default JCE provider.

On Android 5.0 reading the version from the jar does throw a SecurityException due to a bug in Android (see https://issuetracker.google.com/issues/36993752). Including that Exception in the catch provides a workaround for that issue.
 2018-01-30 16:22:05 +01:00
Jeroen van Erp
d55eb6d02e Fix build for windows 2018-01-24 21:34:29 +01:00
Jeroen van Erp
265e9d2916 Add extra logging in OpenSSHKnownHosts and extra test 2018-01-24 15:53:12 +01:00
Jeroen van Erp
0b6552654b Fix 'key spec not recognized' exception with ECDSA keys 2018-01-23 19:58:04 +01:00
Jeroen van Erp
dabe43dfdc Fixed headers 2017-12-28 13:18:30 +01:00
Jeroen van Erp
0f67fa2541 Added integration test for append scenario (Fixes #390) 2017-12-28 13:00:49 +01:00
Michael Prankl
54018a4a81 Update AndroidConfig (#389) 
* Add EdDSA signature for AndroidConfig.

* Initialize KeyExchange- and FileKeyProviderFactories with registered "bouncyCastle" (in fact, SpongyCastle is registered).

See #308 for discussion.
 2017-12-28 11:55:36 +01:00
Jeroen van Erp
ca81c2eea4 Added integration test to travis 2017-12-28 10:13:56 +01:00
Jeroen van Erp
048f84b42a Removed docker from travis yml as it is included in gradle build now 2017-12-28 10:10:46 +01:00
Jeroen van Erp
8ca6451d5d Fixed length bug in putString (Fixes #187) 2017-12-27 23:02:41 +01:00
Jeroen van Erp
5e1be8b1b0 Separated out integration tests 2017-12-27 23:01:59 +01:00
Jeroen van Erp
bc4da2ea8e Upgraded gradle to cope with java9 2017-12-27 15:02:42 +01:00
Jeroen van Erp
09fb2b9dc2 Merge pull request #385 from Igerly/ssh-with-docker-tests 
Integration test(s) with OpenSSH server in Docker
 2017-12-04 00:23:44 +01:00
Iger
4045d5a7ef - One more time 2017-12-03 23:10:56 +02:00
Iger
d0daa2c12f - desperation 2017-12-03 23:00:40 +02:00
Iger
64a2a4f779 - orly? 2017-12-03 22:55:18 +02:00
Iger
7cb1f8b11c - switch username back 2017-12-03 22:49:29 +02:00
Iger
73bc785ab4 - eh? 2017-12-03 22:40:41 +02:00
Iger
9d697ede12 - minor improvements 2017-12-03 22:28:02 +02:00
Iger
2b62492caf - grr, ip 2017-12-03 22:11:29 +02:00
Iger
a0f1aa7e2c - Fixed server keys 
- Use sshj branding
 2017-12-03 22:08:06 +02:00
Iger
0e981f7656 - try common format 2017-12-03 20:25:26 +02:00
Iger
a014567c9e - still -d 2017-12-03 20:05:26 +02:00
Iger
8454cf1a0c - double before_install 2017-12-03 19:44:05 +02:00
Iger
663f118d0f - yaml-yaml 2017-12-03 19:36:20 +02:00
Iger
47d73a9381 - account for different working dir 2017-12-03 19:31:31 +02:00
Iger
c4552d5f3d - fix ip for online testing 2017-12-03 19:18:21 +02:00
Iger
7a884d0938 - Experimenting with travis 2017-12-03 19:10:08 +02:00
Jeroen van Erp
661f63eab7 Updated builds to include CodeCov 2017-11-30 11:33:13 +01:00
Jeroen van Erp
a71a7d7d33 Fix escaping in WildcardHostMatcher (#382) 
* Escape '[' and ']' in WildcardHostMatcher

* Anchoring regex to match entire string (Fixes #381)
 2017-11-13 15:49:48 +01:00
Jeroen van Erp
d2e0f50d0c Updated build plugins 2017-11-09 15:22:34 +01:00
Jeroen van Erp
b41f0acd19 Using new release plugin 2017-10-16 12:38:55 +02:00
Jeroen van Erp
a1f501a027 Updated README for v0.23.0 release 2017-10-13 16:19:27 +02:00
Jeroen van Erp
fef9cfaf79 Merge pull request #369 from charlesrgould/migrate-block-ciphers 
Migrate remaining block ciphers
 2017-10-11 23:50:02 +02:00
Charles Gould
c67ae242f2 Migrate remaining block ciphers 2017-10-11 17:34:18 -04:00
charlesrgould
823f1e5759 Log security provider registration failures (#374) 2017-10-11 23:21:49 +02:00
paladox
f046a41750 Update net.i2p.crypto:eddsa to 0.2.0 (#372) 
* Update net.i2p.crypto:eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0
 2017-10-11 21:47:51 +02:00
charlesrgould
c161fe26f6 Extracted ASN.1/DER encoding to method (#368) 2017-10-04 11:06:37 +02:00
Jeroen van Erp
ec46a7a489 Fix decoding signature bytes (Fixes #355, #354) (#361) 
* Fix for signature verify in DSA

* Cleaned up signature verification

* Fixed import

* Ignored erroneous pmd warnings

* Updated JavaDoc
 2017-09-29 13:23:21 +02:00
Jeroen van Erp
762d088388 Added support for new-style fingerprints (#365) 
* Added support for new-style fingerprints

* Fixed codacy warnings
 2017-09-28 14:01:04 +02:00
Jeroen van Erp
99c85672b8 Added 'out/' to gitignore 2017-09-19 17:23:26 -04:00
Jeroen van Erp
28d57840ab Organised imports 2017-09-19 17:22:55 -04:00
Charles Gould
2984291d84 Removed deprecated method 2017-09-07 23:18:46 +02:00
Charles Gould
bdbd9d7eb5 Disambiguated signature initialization 2017-09-07 23:18:46 +02:00
Jeroen van Erp
9ac55de26c Fixed Java9 build? 2017-09-07 21:54:42 +02:00
Jeroen van Erp
a9928c2882 fixed build 2017-09-05 15:58:10 +02:00
Jeroen van Erp
c6c9a3f6a8 Correctly determine KeyType for ECDSA public key (Fixes #356) 2017-09-05 15:23:47 +02:00
Jeroen van Erp
0918bc626f Improved test stability 2017-08-24 13:59:58 +02:00
Jeroen van Erp
aa7748395d Removed build of broken openJDK7 in favour of using animal-sniffer to detect java 1.6 compatibility 2017-08-24 13:18:27 +02:00
Jeroen van Erp
cf077e2a4f Removed use of DataTypeConverter as that is no longer in default JDK9 2017-08-24 11:20:35 +02:00
Jeroen van Erp
c58c7c7c60 Added gradle caching to travis config 2017-08-24 09:32:24 +02:00
Jeroen van Erp
0b548d9d13 Removed oraclejdk7 as that is no longer supported on trusty, added openjdk 2017-08-24 09:30:03 +02:00
Jeroen van Erp
eb1629f250 Updated README release notes 2017-08-24 09:11:58 +02:00
Jeroen van Erp
8856aaea61 Fixed codacy 2017-08-22 19:32:45 +02:00
Jeroen van Erp
1f6615b57a Check whether filename is a child of the current file (Fixes #341) 2017-08-22 19:32:45 +02:00
Matt Dailey
e5084ed8db Removed Builder, and fixed call to checkFormatString 2017-07-10 09:30:10 +02:00
Matt Dailey
3729119e23 Added assertions to testPromptFormat 2017-07-10 09:30:10 +02:00
Matt Dailey
aed3decf1d Upgraded Mockito, and added message and retries to ConsolePasswordFinder 
* Upgraded Mockito to 2.8.47 (latest)
* Added extension to allow mocking final classes
* ConsolePasswordFinder allows custom message and number of retries
* Added builder for ConsolePasswordFinder
* Added more unit tests
 2017-07-10 09:30:10 +02:00
Matt Dailey
303c03061c Add ConsolePasswordFinder to read from Console 
* There was no example `PasswordFinder` to prompt
a user for their password
 2017-07-10 09:30:10 +02:00
Iger
5e3a08a637 - boggle 2017-07-04 10:02:00 +02:00
Iger
d0800058e8 - Test ECDSA signature verifications 2017-07-04 10:02:00 +02:00
Iger
ad9c2d5411 - Test ECDSA fingerprints 2017-07-04 10:02:00 +02:00
Iger
ed65176b68 - Incorrect key format during write 2017-07-04 10:02:00 +02:00
Iger
28f3280a84 - license header 2017-07-04 10:02:00 +02:00
Iger
d69f722908 - Some more indentation fixes 2017-07-04 10:02:00 +02:00
Iger
1d7cb8c2c6 - Some more indentation fixes 2017-07-04 10:02:00 +02:00
Iger
6ad6242ed1 - Ident in spaces 2017-07-04 10:02:00 +02:00
Iger
3310530d42 - cleanup 2017-07-04 10:02:00 +02:00
Iger
3685f9dc36 - Formal generation of ASN.1 encoding for the ecdsa signature 
- Support ecdsa-sha2-nistp521
 2017-07-04 10:02:00 +02:00
Iger
f8cad120a6 - Pretty honed up implementation of -384 2017-07-04 10:02:00 +02:00
Iger
56dd4e4af4 - A separate enum members take with lots of code duplication 2017-07-04 10:02:00 +02:00
Jeroen van Erp
9f8cf1f298 Upgrade to gradle 4.0 2017-06-26 10:01:19 +02:00
Jeroen van Erp
a51270791d Remove deprecated ZLib usage 2017-06-26 09:56:37 +02:00
Jeroen van Erp
d43fc4551e Minor reformatting 2017-06-26 09:51:40 +02:00
Jan Peter Stotz
93bf6c0089 Fixed small exception logging problem 2017-06-09 11:58:24 +02:00
Jeroen van Erp
7b535a8db3 Added support for wildcard host entries in known_hosts (Fixes #331) 2017-05-22 14:43:30 +02:00
Jeroen van Erp
9d4f8fc46a Updated release notes 2017-04-25 15:32:44 +02:00
David Kocher
2b21ec6032 Fix regression from 40f956b. Invalid length parameter. (#322) 
Also Fixes #306
 2017-04-25 15:30:20 +02:00
Jeroen van Erp
8e15a8bd7d Updated README with release notes 2017-04-14 09:54:00 +02:00
Jeroen van Erp
531eb97767 Added log message for early identification termination 2017-04-14 09:14:52 +02:00
chqr
e36fd0fb3d Add support for authentication with DSA & RSA user certificates (#153) (#319) 
* Add support for authentication with DSA & RSA user certificates (#153)

Updates:

- KeyType.java - add support for two certificate key types
    ssh-rsa-cert-v01@openssh.com
    ssh-dsa-cert-v01@openssh.com

- Buffer.java - allow uint64s that overflow Long.MAX_VALUE, otherwise
  we break on certificates with serial numbers greater Long.MAX_VALUE

- OpenSSHKeyFile, KeyProviderUtil - prefer public key files that end
  "-cert.pub" if they exist

Added new class Certificate, which represents certificate key

Reference:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

* Use BigInteger for certificate serial numbers, address Codacy issues

* Address code review concerns
 2017-04-14 08:49:16 +02:00
Jeroen van Erp
382321deca Updated README 2017-04-10 10:13:47 +02:00
Jeroen van Erp
7b75fb3d53 Upgraded Gradle to 3.4.1 2017-04-10 10:13:35 +02:00
Jeroen van Erp
4d84d3f67c Upgraded BouncyCastle (Fixes #312) 2017-04-10 10:08:09 +02:00
Jeroen van Erp
8eb7d1a2ad Update README to point to right repository (Fixes #309) 2017-03-23 14:05:32 +01:00
ISQ-GTT
a03fa9ac63 Added charset support, centralized UTF-8 usage (#305) 
* Added charset support, centralized UTF-8 usage

* Code style, buffer methods with charsets

* assure remote charset isn't null
 2017-03-09 13:58:51 +01:00
Jeroen van Erp
bcb15e6ccd Changed deprecated build notation 2017-03-01 21:53:42 +01:00
Jeroen van Erp
d85b22fe8d Upgrade to Gradle 3.4 2017-03-01 21:51:29 +01:00
112 changed files with 5200 additions and 2255 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -10,6 +10,7 @@
.settings/
# Output dirs
out/
target/
classes/
build/

29
.travis.yml
View File

@@ -1,5 +1,30 @@
language: java
sudo: false
dist: trusty
sudo: required
services:
- docker
jdk:
- oraclejdk7
- oraclejdk8
- openjdk8
- oraclejdk9
before_cache:
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
- rm -fr $HOME/.gradle/caches/*/plugin-resolution/
cache:
directories:
- $HOME/.gradle/caches/
- $HOME/.gradle/wrapper/
before_install:
- pip install --user codecov
script:
- ./gradlew check
- ./gradlew integrationTest
after_success:
- codecov

34
README.adoc
View File

@@ -1,11 +1,14 @@
= sshj - SSHv2 library for Java
Jeroen van Erp
:sshj_groupid: com.hierynomus
:sshj_version: 0.19.0
:sshj_version: 0.25.0
:source-highlighter: pygments
image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8a["Codacy code quality", link="https://www.codacy.com/app/jeroen_2/sshj?utm_source=github.com&utm_medium=referral&utm_content=hierynomus/sshj&utm_campaign=Badge_Grade"]
image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
image:https://javadoc-emblem.rhcloud.com/doc/com.hierynomus/sshj/badge.svg["Javadoc",link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
@@ -37,7 +40,7 @@ If you're building your project using Maven, you can add the following dependenc
If your project is built using another build tool that uses the Maven Central repository, translate this dependency into the format used by your build tool.
== Building SSHJ
. Clone the Overthere repository.
. Clone the SSHJ repository.
. Ensure you have Java6 installed with the http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html[Unlimited strength Java Cryptography Extensions (JCE)].
. Run the command `./gradlew clean build`.
@@ -75,16 +78,16 @@ key exchange::
`diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`
signatures::
`ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ssh-ed25519`
`ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
mac::
`hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
`hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`
compression::
`zlib` and `zlib@openssh.com` (delayed zlib)
private key files::
`pkcs5`, `pkcs8`, `openssh-key-v1`
`pkcs5`, `pkcs8`, `openssh-key-v1`, `ssh-rsa-cert-v01@openssh.com`, `ssh-dsa-cert-v01@openssh.com`
If you need something that is not included, it shouldn't be too hard to add (do contribute it!)
@@ -104,6 +107,27 @@ Google Group: http://groups.google.com/group/sshj-users
Fork away!
== Release history
SSHJ 0.24.0 (2018-??-??)::
* Added support for hmac-ripemd160
SSHJ 0.23.0 (2017-10-13)::
* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
* Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
* Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
* Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
* Made SSHJ Java9 compatible
SSHJ 0.22.0 (2017-08-24)::
* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
* Merged https://github.com/hierynomus/sshj/pulls/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
* Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
SSHJ 0.21.1 (2017-04-25)::
* Merged https://github.com/hierynomus/sshj/pulls/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
SSHJ 0.21.0 (2017-04-14)::
* Merged https://github.com/hierynomus/sshj/pulls/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
* Upgraded Gradle to 3.4.1
* Merged https://github.com/hierynomus/sshj/pulls/305[#305]: Added support for custom string encoding
* Fixed https://github.com/hierynomus/sshj/issues/312[#312]: Upgraded BouncyCastle to 1.56
SSHJ 0.20.0 (2017-02-09)::
* Merged https://github.com/hierynomus/sshj/pulls/294[#294]: Reference ED25519 by constant instead of name
* Merged https://github.com/hierynomus/sshj/pulls/293[#293], https://github.com/hierynomus/sshj/pulls/295[#295] and https://github.com/hierynomus/sshj/pulls/301[#301]: Fixed OSGi packaging

135
build.gradle
View File

@@ -1,22 +1,45 @@
import java.text.SimpleDateFormat
import com.bmuschko.gradle.docker.tasks.container.*
import com.bmuschko.gradle.docker.tasks.image.*
plugins {
id 'pl.allegro.tech.build.axion-release' version '1.9.0'
id "java"
id "groovy"
id "jacoco"
id "osgi"
id "maven-publish"
id "org.ajoberstar.release-opinion" version "1.4.2"
id "com.bmuschko.docker-remote-api" version "3.2.1"
id "com.github.hierynomus.license" version "0.12.1"
id "com.jfrog.bintray" version "1.7"
id 'ru.vyarus.pom' version '1.0.3'
id 'ru.vyarus.java-lib' version '1.0.5'
// id 'ru.vyarus.pom' version '1.0.3'
id 'ru.vyarus.github-info' version '1.1.0'
id 'ru.vyarus.animalsniffer' version '1.4.2'
}
group = "com.hierynomus"
scmVersion {
tag {
prefix = 'v'
versionSeparator = ''
}
hooks {
pre 'fileUpdate', [file: 'README.adoc', pattern: { v, c -> /:sshj_version: .*/}, replacement: { v, c -> ":sshj_version: $v" }]
pre 'commit'
}
}
project.version = scmVersion.version
defaultTasks "build"
repositories {
mavenCentral()
maven {
url "https://dl.bintray.com/mockito/maven/"
}
}
sourceCompatibility = 1.6
@@ -24,19 +47,21 @@ targetCompatibility = 1.6
configurations.compile.transitive = false
def bouncycastleVersion = "1.51"
def bouncycastleVersion = "1.57"
dependencies {
signature 'org.codehaus.mojo.signature:java16:1.1@signature'
compile "org.slf4j:slf4j-api:1.7.7"
compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
compile "com.jcraft:jzlib:1.1.3"
compile "net.i2p.crypto:eddsa:0.1.0"
compile "net.i2p.crypto:eddsa:0.2.0"
testCompile "junit:junit:4.11"
testCompile 'org.spockframework:spock-core:1.0-groovy-2.4'
testCompile "org.mockito:mockito-core:1.9.5"
testCompile "org.mockito:mockito-core:2.9.2"
testCompile "org.apache.sshd:sshd-core:1.2.0"
testRuntime "ch.qos.logback:logback-classic:1.1.2"
testCompile 'org.glassfish.grizzly:grizzly-http-server:2.3.17'
@@ -53,14 +78,6 @@ license {
excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java'])
}
if (project.file('.git').isDirectory()) {
release {
grgit = org.ajoberstar.grgit.Grgit.open(project.projectDir)
}
} else {
version = "0.0.0-no.git"
}
// This disables the pedantic doclint feature of JDK8
if (JavaVersion.current().isJava8Compatible()) {
tasks.withType(Javadoc) {
@@ -68,15 +85,16 @@ if (JavaVersion.current().isJava8Compatible()) {
}
}
task writeSshjVersionProperties << {
project.file("${project.buildDir}/resources/main").mkdirs()
project.file("${project.buildDir}/resources/main/sshj.properties").withWriter { w ->
w.append("sshj.version=${version}")
task writeSshjVersionProperties {
doLast {
project.file("${project.buildDir}/resources/main").mkdirs()
project.file("${project.buildDir}/resources/main/sshj.properties").withWriter { w ->
w.append("sshj.version=${version}")
}
}
}
jar.dependsOn writeSshjVersionProperties
jar {
manifest {
// please see http://bnd.bndtools.org/chapters/390-wrapping.html
@@ -97,14 +115,7 @@ jar {
}
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
sourcesJar {
manifest {
attributes(
// Add the needed OSGI attributes
@@ -117,6 +128,27 @@ task sourcesJar(type: Jar) {
}
}
configurations {
integrationTestCompile.extendsFrom testCompile
integrationTestRuntime.extendsFrom testRuntime
}
sourceSets {
integrationTest {
groovy {
compileClasspath += sourceSets.main.output + sourceSets.test.output
runtimeClasspath += sourceSets.main.output + sourceSets.test.output
srcDir file('src/itest/groovy')
}
resources.srcDir file('src/itest/resources')
}
}
task integrationTest(type: Test) {
testClassesDirs = sourceSets.integrationTest.output.classesDirs
classpath = sourceSets.integrationTest.runtimeClasspath
}
tasks.withType(Test) {
testLogging {
exceptionFormat = 'full'
@@ -183,21 +215,12 @@ pom {
}
}
publishing.publications {
Sshj(MavenPublication) {
from components.java
artifact sourcesJar
artifact javadocJar
}
}
if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey")) {
bintray {
user = project.property("bintrayUsername")
key = project.property("bintrayApiKey")
publish = true
publications = ["Sshj"]
publications = ["maven"]
pkg {
repo = "maven"
name = project.name
@@ -206,8 +229,8 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
labels = ["ssh", "sftp", "secure-shell", "network", "file-transfer"]
githubRepo = "hierynomus/sshj"
version {
name = project.version.toString()
vcsTag = "v${project.version}"
name = "${->project.version}"
vcsTag = "v${->project.version}"
released = new SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss.SSSZZ').format(new Date())
gpg {
sign = true
@@ -224,4 +247,38 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
}
}
project.tasks.release.dependsOn([project.tasks.build, project.tasks.bintrayUpload])
jacocoTestReport {
reports {
xml.enabled true
html.enabled true
}
}
task buildItestImage(type: DockerBuildImage) {
inputDir = file('src/itest/docker-image')
tag = 'sshj/sshd-itest'
}
task createItestContainer(type: DockerCreateContainer) {
dependsOn buildItestImage
targetImageId { buildItestImage.getImageId() }
portBindings = ['2222:22']
}
task startItestContainer(type: DockerStartContainer) {
dependsOn createItestContainer
targetContainerId { createItestContainer.getContainerId() }
}
task stopItestContainer(type: DockerStopContainer) {
targetContainerId { createItestContainer.getContainerId() }
}
project.tasks.integrationTest.dependsOn(startItestContainer)
project.tasks.integrationTest.finalizedBy(stopItestContainer)
project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
project.tasks.release.finalizedBy(project.tasks.bintrayUpload)
project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
project.tasks.check.dependsOn(project.tasks.jacocoTestReport)

2
gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-3.0-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-4.3-all.zip

17
src/itest/docker-image/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM sickp/alpine-sshd:7.5
ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
ADD test-container/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
ADD test-container/sshd_config /etc/ssh/sshd_config
RUN \
echo "root:smile" | chpasswd && \
adduser -D -s /bin/ash sshj && \
passwd -u sshj && \
chmod 600 /home/sshj/.ssh/authorized_keys && \
chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
chown -R sshj:sshj /home/sshj

1
src/itest/docker-image/id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase

5
src/itest/docker-image/test-container/ssh_host_ecdsa_key Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOpOBFjqe0hjK/hs4WZ3dZqnzanq1L3/JbvV1TCkbe4ToAoGCCqGSM49
AwEHoUQDQgAEVzkrS7Yj0nXML7A3mE08YDthfBR/ZbyYJDIq1vTzcqs6KTaCT529
swNXWLHO+mbHviZcRiI57ULXHZ1emom/Jw==
-----END EC PRIVATE KEY-----

1
src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub Normal file
View File

@@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFc5K0u2I9J1zC+wN5hNPGA7YXwUf2W8mCQyKtb083KrOik2gk+dvbMDV1ixzvpmx74mXEYiOe1C1x2dXpqJvyc= root@404b27be2bf4

132
src/itest/docker-image/test-container/sshd_config Normal file
View File

@@ -0,0 +1,132 @@
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
# disable hpn performance boosts
#HPNDisabled no
# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com

42
src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy Normal file
View File

@@ -0,0 +1,42 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj
import net.schmizz.sshj.Config
import net.schmizz.sshj.DefaultConfig
import net.schmizz.sshj.SSHClient
import net.schmizz.sshj.transport.verification.PromiscuousVerifier
import spock.lang.Specification
class IntegrationBaseSpec extends Specification {
protected static final int DOCKER_PORT = 2222
protected static final String USERNAME = "sshj"
protected static final String KEYFILE = "src/test/resources/id_rsa"
protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1")
protected static SSHClient getConnectedClient(Config config) {
SSHClient sshClient = new SSHClient(config)
sshClient.addHostKeyVerifier(new PromiscuousVerifier())
sshClient.connect(SERVER_IP, DOCKER_PORT)
return sshClient
}
protected static SSHClient getConnectedClient() throws IOException {
return getConnectedClient(new DefaultConfig())
}
}

71
src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj
import net.schmizz.sshj.DefaultConfig
import net.schmizz.sshj.SSHClient
import net.schmizz.sshj.transport.TransportException
import net.schmizz.sshj.userauth.UserAuthException
class IntegrationSpec extends IntegrationBaseSpec {
def "should accept correct key"() {
given:
SSHClient sshClient = new SSHClient(new DefaultConfig())
sshClient.addHostKeyVerifier("d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3") // test-containers/ssh_host_ecdsa_key's fingerprint
when:
sshClient.connect(SERVER_IP, DOCKER_PORT)
then:
sshClient.isConnected()
}
def "should decline wrong key"() throws IOException {
given:
SSHClient sshClient = new SSHClient(new DefaultConfig())
sshClient.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3")
when:
sshClient.connect(SERVER_IP, DOCKER_PORT)
then:
thrown(TransportException.class)
}
def "should authenticate"() {
given:
SSHClient client = getConnectedClient()
when:
client.authPublickey(USERNAME, KEYFILE)
then:
client.isAuthenticated()
}
def "should not authenticate with wrong key"() {
given:
SSHClient client = getConnectedClient()
when:
client.authPublickey("sshj", "src/test/resources/id_dsa")
then:
thrown(UserAuthException.class)
!client.isAuthenticated()
}
}

68
src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy Normal file
View File

@@ -0,0 +1,68 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.sftp
import com.hierynomus.sshj.IntegrationBaseSpec
import net.schmizz.sshj.SSHClient
import net.schmizz.sshj.sftp.OpenMode
import net.schmizz.sshj.sftp.RemoteFile
import net.schmizz.sshj.sftp.SFTPClient
import java.nio.charset.StandardCharsets
import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable
class FileWriteSpec extends IntegrationBaseSpec {
def "should append to file (GH issue #390)"() {
given:
SSHClient client = getConnectedClient()
client.authPublickey("sshj", "src/test/resources/id_rsa")
SFTPClient sftp = client.newSFTPClient()
def file = "/home/sshj/test.txt"
def initialText = "This is the initial text.\n".getBytes(StandardCharsets.UTF_16)
def appendText = "And here's the appended text.\n".getBytes(StandardCharsets.UTF_16)
when:
withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT))) { RemoteFile initial ->
initial.write(0, initialText, 0, initialText.length)
}
then:
withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
def bytes = new byte[initialText.length]
read.read(0, bytes, 0, bytes.length)
bytes == initialText
}
when:
withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.APPEND))) { RemoteFile append ->
append.write(0, appendText, 0, appendText.length)
}
then:
withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
def bytes = new byte[initialText.length + appendText.length]
read.read(0, bytes, 0, bytes.length)
Arrays.copyOfRange(bytes, 0, initialText.length) == initialText
Arrays.copyOfRange(bytes, initialText.length, initialText.length + appendText.length) == appendText
}
cleanup:
sftp.close()
client.close()
}
}

43
src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy Normal file
View File

@@ -0,0 +1,43 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.transport.mac
import com.hierynomus.sshj.IntegrationBaseSpec
import net.schmizz.sshj.DefaultConfig
import net.schmizz.sshj.transport.mac.HMACRIPEMD160
import net.schmizz.sshj.transport.mac.HMACSHA2256
import spock.lang.Unroll
class MacSpec extends IntegrationBaseSpec {
@Unroll
def "should correctly connect with #mac MAC"() {
given:
def cfg = new DefaultConfig()
cfg.setMACFactories(macFactory)
def client = getConnectedClient(cfg)
when:
client.authPublickey(USERNAME, KEYFILE)
then:
client.authenticated
where:
macFactory << [new HMACSHA2256.Factory(), new HMACRIPEMD160.Factory()]
mac = macFactory.name
}
}

7
src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java
View File

@@ -15,10 +15,11 @@
*/
package com.hierynomus.sshj.backport;
import net.schmizz.sshj.common.IOUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.*;
import java.nio.charset.Charset;
public class Jdk7HttpProxySocket extends Socket {
@@ -48,7 +49,7 @@ public class Jdk7HttpProxySocket extends Socket {
}
InetSocketAddress isa = (InetSocketAddress) endpoint;
String httpConnect = "CONNECT " + isa.getHostName() + ":" + isa.getPort() + " HTTP/1.0\n\n";
getOutputStream().write(httpConnect.getBytes(Charset.forName("UTF-8")));
getOutputStream().write(httpConnect.getBytes(IOUtils.UTF8));
checkAndFlushProxyResponse();
}
@@ -61,7 +62,7 @@ public class Jdk7HttpProxySocket extends Socket {
throw new SocketException("Empty response from proxy");
}
String proxyResponse = new String(tmpBuffer, 0, len, "UTF-8");
String proxyResponse = new String(tmpBuffer, 0, len, IOUtils.UTF8);
// Expecting HTTP/1.x 200 OK
if (proxyResponse.contains("200")) {

4
src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java
View File

@@ -23,8 +23,6 @@ import net.schmizz.sshj.common.SSHRuntimeException;
import java.util.Arrays;
import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
/**
* Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
* The code uses the equality of the keys as an indicator whether they're the same during host key verification.
@@ -34,7 +32,7 @@ public class Ed25519PublicKey extends EdDSAPublicKey {
public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
super(spec);
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512);
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
}

64
src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java
View File

@@ -16,14 +16,16 @@
package com.hierynomus.sshj.signature;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.signature.AbstractSignature;
import net.schmizz.sshj.signature.Signature;
import java.security.*;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
public class SignatureEdDSA implements Signature {
public class SignatureEdDSA extends AbstractSignature {
public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
@Override
@@ -37,54 +39,18 @@ public class SignatureEdDSA implements Signature {
}
}
final EdDSAEngine engine;
SignatureEdDSA() {
super(getEngine());
}
protected SignatureEdDSA() {
private static EdDSAEngine getEngine() {
try {
engine = new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
return new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
} catch (NoSuchAlgorithmException e) {
throw new SSHRuntimeException(e);
}
}
@Override
public void init(PublicKey pubkey, PrivateKey prvkey) {
try {
if (pubkey != null) {
engine.initVerify(pubkey);
}
if (prvkey != null) {
engine.initSign(prvkey);
}
} catch (InvalidKeyException e) {
throw new SSHRuntimeException(e);
}
}
@Override
public void update(byte[] H) {
update(H, 0, H.length);
}
@Override
public void update(byte[] H, int off, int len) {
try {
engine.update(H, off, len);
} catch (SignatureException e) {
throw new SSHRuntimeException(e);
}
}
@Override
public byte[] sign() {
try {
return engine.sign();
} catch (SignatureException e) {
throw new SSHRuntimeException(e);
}
}
@Override
public byte[] encode(byte[] signature) {
return signature;
@@ -93,17 +59,9 @@ public class SignatureEdDSA implements Signature {
@Override
public boolean verify(byte[] sig) {
try {
Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(sig);
String algo = plainBuffer.readString();
if (!"ssh-ed25519".equals(algo)) {
throw new SSHRuntimeException("Expected 'ssh-ed25519' key algorithm, but was: " + algo);
}
byte[] bytes = plainBuffer.readBytes();
return engine.verify(bytes);
return signature.verify(extractSig(sig, "ssh-ed25519"));
} catch (SignatureException e) {
throw new SSHRuntimeException(e);
} catch (Buffer.BufferException e) {
throw new SSHRuntimeException(e);
}
}
}

37
src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java
View File

@@ -19,14 +19,15 @@ import net.schmizz.sshj.transport.cipher.BlockCipher;
import net.schmizz.sshj.transport.cipher.Cipher;
/**
* All BlockCiphers supported by SSH according to the following RFCs
* All BlockCiphers supported by SSH according to the following RFCs:
*
* - https://tools.ietf.org/html/rfc4344#section-3.1
* - https://tools.ietf.org/html/rfc4253#section-6.3
* <ul>
* <li>https://tools.ietf.org/html/rfc4344#section-3.1</li>
* <li>https://tools.ietf.org/html/rfc4253#section-6.3</li>
* <li>TODO: https://tools.ietf.org/html/rfc5647</li>
* </ul>
*
* TODO: https://tools.ietf.org/html/rfc5647
*
* Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are scheduled to be migrated to here.
* Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are deprecated and scheduled to be removed.
*/
@SuppressWarnings("PMD.MethodNamingConventions")
public class BlockCiphers {
@@ -34,9 +35,30 @@ public class BlockCiphers {
public static final String COUNTER_MODE = "CTR";
public static final String CIPHER_BLOCK_CHAINING_MODE = "CBC";
public static Factory AES128CTR() {
return new Factory(16, 128, "aes128-ctr", "AES", COUNTER_MODE);
}
public static Factory AES192CTR() {
return new Factory(16, 192, "aes192-ctr", "AES", COUNTER_MODE);
}
public static Factory AES256CTR() {
return new Factory(16, 256, "aes256-ctr", "AES", COUNTER_MODE);
}
public static Factory AES128CBC() {
return new Factory(16, 128, "aes128-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
}
public static Factory AES192CBC() {
return new Factory(16, 192, "aes192-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
}
public static Factory AES256CBC() {
return new Factory(16, 256, "aes256-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
}
public static Factory BlowfishCTR() {
return new Factory(8, 256, "blowfish-ctr", "Blowfish", COUNTER_MODE);
}
public static Factory BlowfishCBC() {
return new Factory(8, 128, "blowfish-cbc", "Blowfish", CIPHER_BLOCK_CHAINING_MODE);
}
public static Factory Twofish128CTR() {
return new Factory(16, 128, "twofish128-ctr", "Twofish", COUNTER_MODE);
}
@@ -91,6 +113,9 @@ public class BlockCiphers {
public static Factory TripleDESCTR() {
return new Factory(8, 192, "3des-ctr", "DESede", COUNTER_MODE);
}
public static Factory TripleDESCBC() {
return new Factory(8, 192, "3des-cbc", "DESede", CIPHER_BLOCK_CHAINING_MODE);
}
/** Named factory for BlockCipher */
public static class Factory

7
src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java
View File

@@ -15,14 +15,15 @@
*/
package com.hierynomus.sshj.transport.kex;
import net.schmizz.sshj.transport.digest.*;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.digest.SHA1;
import net.schmizz.sshj.transport.digest.SHA256;
import net.schmizz.sshj.transport.digest.SHA512;
import net.schmizz.sshj.transport.kex.KeyExchange;
import java.math.BigInteger;
import static net.schmizz.sshj.transport.kex.DHGroupData.*;
import static net.schmizz.sshj.transport.kex.DHGroupData.P16;
import static net.schmizz.sshj.transport.kex.DHGroupData.P18;
/**
* Factory methods for Diffie Hellmann KEX algorithms based on MODP groups / Oakley Groups

151
src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java Normal file
View File

@@ -0,0 +1,151 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.transport.verification;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.transport.mac.HMACSHA1;
import net.schmizz.sshj.transport.mac.MAC;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
public class KnownHostMatchers {
public static HostMatcher createMatcher(String hostEntry) throws SSHException {
if (hostEntry.contains(",")) {
return new AnyHostMatcher(hostEntry);
}
if (hostEntry.startsWith("!")) {
return new NegateHostMatcher(hostEntry);
}
if (hostEntry.startsWith("|1|")) {
return new HashedHostMatcher(hostEntry);
}
if (hostEntry.contains("*") || hostEntry.contains("?")) {
return new WildcardHostMatcher(hostEntry);
}
return new EquiHostMatcher(hostEntry);
}
public interface HostMatcher {
boolean match(String hostname) throws IOException;
}
private static class EquiHostMatcher implements HostMatcher {
private String host;
public EquiHostMatcher(String host) {
this.host = host;
}
@Override
public boolean match(String hostname) {
return host.equals(hostname);
}
}
private static class HashedHostMatcher implements HostMatcher {
private final MAC sha1 = new HMACSHA1();
private final String hash;
private final String salt;
private byte[] saltyBytes;
HashedHostMatcher(String hash) throws SSHException {
this.hash = hash;
final String[] hostParts = hash.split("\\|");
if (hostParts.length != 4) {
throw new SSHException("Unrecognized format for hashed hostname");
}
salt = hostParts[2];
}
@Override
public boolean match(String hostname) throws IOException {
return hash.equals(hashHost(hostname));
}
private String hashHost(String host) throws IOException {
sha1.init(getSaltyBytes());
return "|1|" + salt + "|" + Base64.encodeBytes(sha1.doFinal(host.getBytes(IOUtils.UTF8)));
}
private byte[] getSaltyBytes() throws IOException {
if (saltyBytes == null) {
saltyBytes = Base64.decode(salt);
}
return saltyBytes;
}
}
private static class AnyHostMatcher implements HostMatcher {
private final List<HostMatcher> matchers;
AnyHostMatcher(String hostEntry) throws SSHException {
matchers = new ArrayList<HostMatcher>();
for (String subEntry : hostEntry.split(",")) {
matchers.add(KnownHostMatchers.createMatcher(subEntry));
}
}
@Override
public boolean match(String hostname) throws IOException {
for (HostMatcher matcher : matchers) {
if (matcher.match(hostname)) {
return true;
}
}
return false;
}
}
private static class NegateHostMatcher implements HostMatcher {
private final HostMatcher matcher;
NegateHostMatcher(String hostEntry) throws SSHException {
this.matcher = createMatcher(hostEntry.substring(1));
}
@Override
public boolean match(String hostname) throws IOException {
return !matcher.match(hostname);
}
}
private static class WildcardHostMatcher implements HostMatcher {
private final Pattern pattern;
public WildcardHostMatcher(String hostEntry) {
this.pattern = Pattern.compile("^" + hostEntry.replace("[", "\\[").replace("]", "\\]").replace(".", "\\.").replace("*", ".*").replace("?", ".") + "$");
}
@Override
public boolean match(String hostname) throws IOException {
return pattern.matcher(hostname).matches();
}
@Override
public String toString() {
return "WildcardHostMatcher[" + pattern + ']';
}
}
}

258
src/main/java/com/hierynomus/sshj/userauth/certificate/Certificate.java Normal file
View File

@@ -0,0 +1,258 @@
package com.hierynomus.sshj.userauth.certificate;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Date;
import java.util.List;
import java.util.Map;
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Certificate wrapper for public keys, created to help implement
* protocol described here:
*
* https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
*
* Consumed primarily by net.shmizz.sshj.common.KeyType
*
* @param <T> inner public key type
*/
public class Certificate<T extends PublicKey> implements PublicKey {
private static final long serialVersionUID = 1L;
private final T publicKey;
private final byte[] nonce;
private final BigInteger serial;
private final long type;
private final String id;
private final List<String> validPrincipals;
private final Date validAfter;
private final Date validBefore;
private final Map<String, String> critOptions;
private final Map<String, String> extensions;
private final byte[] signatureKey;
private final byte[] signature;
Certificate(Builder<T> builder) {
this.publicKey = builder.getPublicKey();
this.nonce = builder.getNonce();
this.serial = builder.getSerial();
this.type = builder.getType();
this.id = builder.getId();
this.validPrincipals = builder.getValidPrincipals();
this.validAfter = builder.getValidAfter();
this.validBefore = builder.getValidBefore();
this.critOptions = builder.getCritOptions();
this.extensions = builder.getExtensions();
this.signatureKey = builder.getSignatureKey();
this.signature = builder.getSignature();
}
public static <P extends PublicKey> Builder<P> getBuilder() {
return new Builder<P>();
}
public byte[] getNonce() {
return nonce;
}
public BigInteger getSerial() {
return serial;
}
public long getType() {
return type;
}
public String getId() {
return id;
}
public List<String> getValidPrincipals() {
return validPrincipals;
}
public Date getValidAfter() {
return validAfter;
}
public Date getValidBefore() {
return validBefore;
}
public Map<String, String> getCritOptions() {
return critOptions;
}
public Map<String, String> getExtensions() {
return extensions;
}
public byte[] getSignatureKey() {
return signatureKey;
}
public byte[] getSignature() {
return signature;
}
public T getKey() {
return publicKey;
}
@Override
public byte[] getEncoded() {
return publicKey.getEncoded();
}
@Override
public String getAlgorithm() {
return publicKey.getAlgorithm();
}
@Override
public String getFormat() {
return publicKey.getFormat();
}
public static class Builder<T extends PublicKey> {
private T publicKey;
private byte[] nonce;
private BigInteger serial;
private long type;
private String id;
private List<String> validPrincipals;
private Date validAfter;
private Date validBefore;
private Map<String, String> critOptions;
private Map<String, String> extensions;
private byte[] signatureKey;
private byte[] signature;
public Certificate<T> build() {
return new Certificate<T>(this);
}
public T getPublicKey() {
return publicKey;
}
public Builder<T> publicKey(T publicKey) {
this.publicKey = publicKey;
return this;
}
public byte[] getNonce() {
return nonce;
}
public Builder<T> nonce(byte[] nonce) {
this.nonce = nonce;
return this;
}
public BigInteger getSerial() {
return serial;
}
public Builder<T> serial(BigInteger serial) {
this.serial = serial;
return this;
}
public long getType() {
return type;
}
public Builder<T> type(long type) {
this.type = type;
return this;
}
public String getId() {
return id;
}
public Builder<T> id(String id) {
this.id = id;
return this;
}
public List<String> getValidPrincipals() {
return validPrincipals;
}
public Builder<T> validPrincipals(List<String> validPrincipals) {
this.validPrincipals = validPrincipals;
return this;
}
public Date getValidAfter() {
return validAfter;
}
public Builder<T> validAfter(Date validAfter) {
this.validAfter = validAfter;
return this;
}
public Date getValidBefore() {
return validBefore;
}
public Builder<T> validBefore(Date validBefore) {
this.validBefore = validBefore;
return this;
}
public Map<String, String> getCritOptions() {
return critOptions;
}
public Builder<T> critOptions(Map<String, String> critOptions) {
this.critOptions = critOptions;
return this;
}
public Map<String, String> getExtensions() {
return extensions;
}
public Builder<T> extensions(Map<String, String> extensions) {
this.extensions = extensions;
return this;
}
public byte[] getSignatureKey() {
return signatureKey;
}
public Builder<T> signatureKey(byte[] signatureKey) {
this.signatureKey = signatureKey;
return this;
}
public byte[] getSignature() {
return signature;
}
public Builder<T> signature(byte[] signature) {
this.signature = signature;
return this;
}
}
}

18
src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
View File

@@ -15,14 +15,6 @@
*/
package com.hierynomus.sshj.userauth.keyprovider;
import java.io.BufferedReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
@@ -31,8 +23,14 @@ import net.schmizz.sshj.common.Buffer.PlainBuffer;
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
import java.io.BufferedReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
/**
* Reads a key file in the new OpenSSH format.
@@ -155,6 +153,6 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
throw new IOException("Padding of key format contained wrong byte at position: " + i);
}
}
return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512))));
return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
}
}

4
src/main/java/net/schmizz/concurrent/Event.java
View File

@@ -15,11 +15,11 @@
*/
package net.schmizz.concurrent;
import net.schmizz.sshj.common.LoggerFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import net.schmizz.sshj.common.LoggerFactory;
/**
* An event can be set, cleared, or awaited, similar to Python's {@code threading.event}. The key difference is that a
* waiter may be delivered an exception of parameterized type {@code T}.

3
src/main/java/net/schmizz/concurrent/Promise.java
View File

@@ -15,6 +15,7 @@
*/
package net.schmizz.concurrent;
import net.schmizz.sshj.common.LoggerFactory;
import org.slf4j.Logger;
import java.util.concurrent.TimeUnit;
@@ -22,8 +23,6 @@ import java.util.concurrent.TimeoutException;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
import net.schmizz.sshj.common.LoggerFactory;
/**
* Represents promised data of the parameterized type {@code V} and allows waiting on it. An exception may also be
* delivered to a waiter, and will be of the parameterized type {@code T}.

9
src/main/java/net/schmizz/sshj/AndroidConfig.java
View File

@@ -15,12 +15,17 @@
*/
package net.schmizz.sshj;
import com.hierynomus.sshj.signature.SignatureEdDSA;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.signature.SignatureDSA;
import net.schmizz.sshj.signature.SignatureRSA;
import net.schmizz.sshj.transport.random.JCERandom;
import net.schmizz.sshj.transport.random.SingletonRandomFactory;
/**
* Registers SpongyCastle as JCE provider.
*/
public class AndroidConfig
extends DefaultConfig {
@@ -30,7 +35,9 @@ public class AndroidConfig
// don't add ECDSA
protected void initSignatureFactories() {
setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory());
setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory(),
// but add EdDSA
new SignatureEdDSA.Factory());
}
@Override

2
src/main/java/net/schmizz/sshj/ConfigImpl.java
View File

@@ -16,8 +16,8 @@
package net.schmizz.sshj;
import net.schmizz.keepalive.KeepAliveProvider;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.signature.Signature;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;

26
src/main/java/net/schmizz/sshj/DefaultConfig.java
View File

@@ -53,9 +53,7 @@ import java.util.*;
* <p/>
* <ul>
* <li>{@link net.schmizz.sshj.ConfigImpl#setKeyExchangeFactories Key exchange}: {@link net.schmizz.sshj.transport.kex.DHG14}*, {@link net.schmizz.sshj.transport.kex.DHG1}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers} [1]: {@link net.schmizz.sshj.transport.cipher.AES128CTR}, {@link net.schmizz.sshj.transport.cipher.AES192CTR}, {@link net.schmizz.sshj.transport.cipher.AES256CTR},
* {@link
* net.schmizz.sshj.transport.cipher.AES128CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.AES256CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.TripleDESCBC}, {@link net.schmizz.sshj.transport.cipher.BlowfishCBC}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers}: {@link BlockCiphers}, {@link StreamCiphers} [1]</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setMACFactories MAC}: {@link net.schmizz.sshj.transport.mac.HMACSHA1}, {@link net.schmizz.sshj.transport.mac.HMACSHA196}, {@link net.schmizz.sshj.transport.mac.HMACMD5}, {@link
* net.schmizz.sshj.transport.mac.HMACMD596}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
@@ -94,7 +92,7 @@ public class DefaultConfig
properties.load(DefaultConfig.class.getClassLoader().getResourceAsStream("sshj.properties"));
String property = properties.getProperty("sshj.version");
return "SSHJ_" + property.replace('-', '_'); // '-' is a disallowed character, see RFC-4253#section-4.2
} catch (IOException e) {
} catch (Exception e) {
log.error("Could not read the sshj.properties file, returning an 'unknown' version as fallback.");
return "SSHJ_VERSION_UNKNOWN";
}
@@ -153,14 +151,13 @@ public class DefaultConfig
protected void initCipherFactories() {
List<Factory.Named<Cipher>> avail = new LinkedList<Factory.Named<Cipher>>(Arrays.<Factory.Named<Cipher>>asList(
new AES128CTR.Factory(),
new AES192CTR.Factory(),
new AES256CTR.Factory(),
new AES128CBC.Factory(),
new AES192CBC.Factory(),
new AES256CBC.Factory(),
new TripleDESCBC.Factory(),
new BlowfishCBC.Factory(),
BlockCiphers.AES128CBC(),
BlockCiphers.AES128CTR(),
BlockCiphers.AES192CBC(),
BlockCiphers.AES192CTR(),
BlockCiphers.AES256CBC(),
BlockCiphers.AES256CTR(),
BlockCiphers.BlowfishCBC(),
BlockCiphers.BlowfishCTR(),
BlockCiphers.Cast128CBC(),
BlockCiphers.Cast128CTR(),
@@ -172,6 +169,7 @@ public class DefaultConfig
BlockCiphers.Serpent192CTR(),
BlockCiphers.Serpent256CBC(),
BlockCiphers.Serpent256CTR(),
BlockCiphers.TripleDESCBC(),
BlockCiphers.TripleDESCTR(),
BlockCiphers.Twofish128CBC(),
BlockCiphers.Twofish128CTR(),
@@ -210,7 +208,9 @@ public class DefaultConfig
protected void initSignatureFactories() {
setSignatureFactories(
new SignatureECDSA.Factory(),
new SignatureECDSA.Factory256(),
new SignatureECDSA.Factory384(),
new SignatureECDSA.Factory521(),
new SignatureRSA.Factory(),
new SignatureDSA.Factory(),
new SignatureEdDSA.Factory()

49
src/main/java/net/schmizz/sshj/SSHClient.java
View File

@@ -15,10 +15,7 @@
*/
package net.schmizz.sshj;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.common.*;
import net.schmizz.sshj.connection.Connection;
import net.schmizz.sshj.connection.ConnectionException;
import net.schmizz.sshj.connection.ConnectionImpl;
@@ -41,6 +38,7 @@ import net.schmizz.sshj.transport.compression.DelayedZlibCompression;
import net.schmizz.sshj.transport.compression.NoneCompression;
import net.schmizz.sshj.transport.compression.ZlibCompression;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.FingerprintVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
import net.schmizz.sshj.userauth.UserAuth;
@@ -61,6 +59,7 @@ import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.net.ServerSocket;
import java.nio.charset.Charset;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.*;
@@ -128,6 +127,9 @@ public class SSHClient
private final List<LocalPortForwarder> forwarders = new ArrayList<LocalPortForwarder>();
/** character set of the remote machine */
protected Charset remoteCharset = IOUtils.UTF8;
/** Default constructor. Initializes this object using {@link DefaultConfig}. */
public SSHClient() {
this(new DefaultConfig());
@@ -168,19 +170,23 @@ public class SSHClient
/**
* Add a {@link HostKeyVerifier} that will verify any host that's able to claim a host key with the given {@code
* fingerprint}, e.g. {@code "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"}
* fingerprint}.
*
* The fingerprint can be specified in either an MD5 colon-delimited format (16 hexadecimal octets, delimited by a colon),
* or in a Base64 encoded format for SHA-1 or SHA-256 fingerprints.
* Valid examples are:
*
* <ul><li>"SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak="</li>
* <li>"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs="</li>
* <li>"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li>
* <li>"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li></ul>
*
* @param fingerprint expected fingerprint in colon-delimited format (16 octets in hex delimited by a colon)
*
* @see SecurityUtils#getFingerprint
*/
public void addHostKeyVerifier(final String fingerprint) {
addHostKeyVerifier(new HostKeyVerifier() {
@Override
public boolean verify(String h, int p, PublicKey k) {
return SecurityUtils.getFingerprint(k).equals(fingerprint);
}
});
addHostKeyVerifier(FingerprintVerifier.getInstance(fingerprint));
}
// FIXME: there are way too many auth... overrides. Better API needed.
@@ -440,6 +446,15 @@ public class SSHClient
return conn;
}
/**
* Returns the character set used to communicate with the remote machine for certain strings (like paths).
*
* @return remote character set
*/
public Charset getRemoteCharset() {
return remoteCharset;
}
/** @return a {@link RemotePortForwarder} that allows requesting remote forwarding over this connection. */
public RemotePortForwarder getRemotePortForwarder() {
synchronized (conn) {
@@ -708,12 +723,22 @@ public class SSHClient
doKex();
}
/**
* Sets the character set used to communicate with the remote machine for certain strings (like paths)
*
* @param remoteCharset
* remote character set or {@code null} for default
*/
public void setRemoteCharset(Charset remoteCharset) {
this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8;
}
@Override
public Session startSession()
throws ConnectionException, TransportException {
checkConnected();
checkAuthenticated();
final SessionChannel sess = new SessionChannel(conn);
final SessionChannel sess = new SessionChannel(conn, remoteCharset);
sess.open();
return sess;
}

3273
src/main/java/net/schmizz/sshj/common/Base64.java
View File

File diff suppressed because it is too large Load Diff

62
src/main/java/net/schmizz/sshj/common/Buffer.java
View File

@@ -15,8 +15,8 @@
*/
package net.schmizz.sshj.common;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
@@ -57,6 +57,11 @@ public class Buffer<T extends Buffer<T>> {
/** The maximum valid size of buffer (i.e. biggest power of two that can be represented as an int - 2^30) */
public static final int MAX_SIZE = (1 << 30);
/** Maximum size of a uint64 */
private static final BigInteger MAX_UINT64_VALUE = BigInteger.ONE
.shiftLeft(64)
.subtract(BigInteger.ONE);
protected static int getNextPowerOf2(int i) {
int j = 1;
while (j < i) {
@@ -241,7 +246,7 @@ public class Buffer<T extends Buffer<T>> {
* @return this
*/
public T putBytes(byte[] b, int off, int len) {
return putUInt32(len - off).putRawBytes(b, off, len);
return putUInt32(len).putRawBytes(b, off, len);
}
public void readRawBytes(byte[] buf)
@@ -343,10 +348,29 @@ public class Buffer<T extends Buffer<T>> {
return uint64;
}
@SuppressWarnings("unchecked")
public BigInteger readUInt64AsBigInteger()
throws BufferException {
byte[] magnitude = new byte[8];
readRawBytes(magnitude);
return new BigInteger(1, magnitude);
}
public T putUInt64(long uint64) {
if (uint64 < 0)
throw new IllegalArgumentException("Invalid value: " + uint64);
return putUInt64Unchecked(uint64);
}
public T putUInt64(BigInteger uint64) {
if (uint64.compareTo(MAX_UINT64_VALUE) > 0 ||
uint64.compareTo(BigInteger.ZERO) < 0) {
throw new IllegalArgumentException("Invalid value: " + uint64);
}
return putUInt64Unchecked(uint64.longValue());
}
@SuppressWarnings("unchecked")
private T putUInt64Unchecked(long uint64) {
data[wpos++] = (byte) (uint64 >> 56);
data[wpos++] = (byte) (uint64 >> 48);
data[wpos++] = (byte) (uint64 >> 40);
@@ -361,24 +385,31 @@ public class Buffer<T extends Buffer<T>> {
/**
* Reads an SSH string
*
* @param cs the charset to use for decoding
*
* @return the string as a Java {@code String}
*/
public String readString()
public String readString(Charset cs)
throws BufferException {
int len = readUInt32AsInt();
if (len < 0 || len > 32768)
throw new BufferException("Bad item length: " + len);
ensureAvailable(len);
String s;
try {
s = new String(data, rpos, len, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new SSHRuntimeException(e);
}
String s = new String(data, rpos, len, cs);
rpos += len;
return s;
}
/**
* Reads an SSH string using {@code UTF8}
*
* @return the string as a Java {@code String}
*/
public String readString()
throws BufferException {
return readString(IOUtils.UTF8);
}
/**
* Reads an SSH string
*
@@ -397,8 +428,12 @@ public class Buffer<T extends Buffer<T>> {
return putBytes(str, offset, len);
}
public T putString(String string, Charset cs) {
return putString(string.getBytes(cs));
}
public T putString(String string) {
return putString(string.getBytes(IOUtils.UTF8));
return putString(string, IOUtils.UTF8);
}
/**
@@ -425,10 +460,13 @@ public class Buffer<T extends Buffer<T>> {
public PublicKey readPublicKey()
throws BufferException {
KeyType keyType = KeyType.fromString(readString());
try {
return KeyType.fromString(readString()).readPubKeyFromBuffer(this);
return keyType.readPubKeyFromBuffer(this);
} catch (GeneralSecurityException e) {
throw new SSHRuntimeException(e);
} catch (UnsupportedOperationException uoe) {
throw new BufferException("Could not decode keytype " + keyType);
}
}

30
src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
View File

@@ -94,4 +94,34 @@ public class ByteArrayUtils {
return sb.toString();
}
public static byte[] parseHex(String hex) {
if (hex == null) {
throw new IllegalArgumentException("Hex string is null");
}
if (hex.length() % 2 != 0) {
throw new IllegalArgumentException("Hex string '" + hex + "' should have even length.");
}
byte[] result = new byte[hex.length() / 2];
for (int i = 0; i < result.length; i++) {
int hi = parseHexDigit(hex.charAt(i * 2)) << 4;
int lo = parseHexDigit(hex.charAt(i * 2 + 1));
result[i] = (byte) (hi + lo);
}
return result;
}
private static int parseHexDigit(char c) {
if (c >= '0' && c <= '9') {
return c - '0';
}
if (c >= 'a' && c <= 'f') {
return c - 'a' + 10;
}
if (c >= 'A' && c <= 'F') {
return c - 'A' + 10;
}
throw new IllegalArgumentException("Digit '" + c + "' out of bounds [0-9a-fA-F]");
}
}

113
src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java Normal file
View File

@@ -0,0 +1,113 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
import com.hierynomus.sshj.secg.SecgUtils;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
class ECDSAVariationsAdapter {
private final static String BASE_ALGORITHM_NAME = "ecdsa-sha2-nistp";
private final static Logger log = LoggerFactory.getLogger(ECDSAVariationsAdapter.class);
public final static Map<String, String> SUPPORTED_CURVES = new HashMap<String, String>();
public final static Map<String, String> NIST_CURVES_NAMES = new HashMap<String, String>();
static {
NIST_CURVES_NAMES.put("256", "p-256");
NIST_CURVES_NAMES.put("384", "p-384");
NIST_CURVES_NAMES.put("521", "p-521");
SUPPORTED_CURVES.put("256", "nistp256");
SUPPORTED_CURVES.put("384", "nistp384");
SUPPORTED_CURVES.put("521", "nistp521");
}
static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
String algorithm = BASE_ALGORITHM_NAME + variation;
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new GeneralSecurityException("BouncyCastle is required to read a key of type " + algorithm);
}
try {
// final String algo = buf.readString(); it has been already read
final String curveName = buf.readString();
final int keyLen = buf.readUInt32AsInt();
final byte x04 = buf.readByte(); // it must be 0x04, but don't think
// we need that check
final byte[] x = new byte[(keyLen - 1) / 2];
final byte[] y = new byte[(keyLen - 1) / 2];
buf.readRawBytes(x);
buf.readRawBytes(y);
if (log.isDebugEnabled()) {
log.debug(String.format("Key algo: %s, Key curve: %s, Key Len: %s, 0x04: %s\nx: %s\ny: %s",
algorithm, curveName, keyLen, x04, Arrays.toString(x), Arrays.toString(y)));
}
if (!SUPPORTED_CURVES.values().contains(curveName)) {
throw new GeneralSecurityException(String.format("Unknown curve %s", curveName));
}
BigInteger bigX = new BigInteger(1, x);
BigInteger bigY = new BigInteger(1, y);
String name = NIST_CURVES_NAMES.get(variation);
X9ECParameters ecParams = NISTNamedCurves.getByName(name);
ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
ECPoint p = new ECPoint(bigX, bigY);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(p, ecCurveSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
return keyFactory.generatePublic(publicKeySpec);
} catch (Exception ex) {
throw new GeneralSecurityException(ex);
}
}
static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
final ECPublicKey ecdsa = (ECPublicKey) pk;
byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
buf.putString("nistp" + Integer.toString(fieldSizeFromKey(ecdsa)))
.putBytes(encoded);
}
static boolean isECKeyWithFieldSize(Key key, int fieldSize) {
return "ECDSA".equals(key.getAlgorithm())
&& fieldSizeFromKey((ECKey) key) == fieldSize;
}
private static int fieldSizeFromKey(ECKey ecPublicKey) {
return ecPublicKey.getParams().getCurve().getField().getFieldSize();
}
}

318
src/main/java/net/schmizz/sshj/common/KeyType.java
View File

@@ -15,17 +15,13 @@
*/
package net.schmizz.sshj.common;
import com.hierynomus.sshj.secg.SecgUtils;
import com.hierynomus.sshj.signature.Ed25519PublicKey;
import com.hierynomus.sshj.userauth.certificate.Certificate;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECPoint;
import net.schmizz.sshj.common.Buffer.BufferException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,15 +30,17 @@ import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.interfaces.*;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.*;
/** Type of key e.g. rsa, dsa */
public enum KeyType {
/** SSH identifier for RSA keys */
RSA("ssh-rsa") {
@Override
@@ -60,18 +58,16 @@ public enum KeyType {
}
@Override
public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
final RSAPublicKey rsaKey = (RSAPublicKey) pk;
buf.putString(sType)
.putMPInt(rsaKey.getPublicExponent()) // e
.putMPInt(rsaKey.getModulus()); // n
buf.putMPInt(rsaKey.getPublicExponent()) // e
.putMPInt(rsaKey.getModulus()); // n
}
@Override
protected boolean isMyType(Key key) {
return (key instanceof RSAPublicKey || key instanceof RSAPrivateKey);
}
},
/** SSH identifier for DSA keys */
@@ -93,13 +89,12 @@ public enum KeyType {
}
@Override
public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
final DSAPublicKey dsaKey = (DSAPublicKey) pk;
buf.putString(sType)
.putMPInt(dsaKey.getParams().getP()) // p
.putMPInt(dsaKey.getParams().getQ()) // q
.putMPInt(dsaKey.getParams().getG()) // g
.putMPInt(dsaKey.getY()); // y
buf.putMPInt(dsaKey.getParams().getP()) // p
.putMPInt(dsaKey.getParams().getQ()) // q
.putMPInt(dsaKey.getParams().getG()) // g
.putMPInt(dsaKey.getY()); // y
}
@Override
@@ -109,70 +104,66 @@ public enum KeyType {
},
/** SSH identifier for ECDSA keys */
ECDSA("ecdsa-sha2-nistp256") {
private final Logger log = LoggerFactory.getLogger(getClass());
/** SSH identifier for ECDSA-256 keys */
ECDSA256("ecdsa-sha2-nistp256") {
@Override
public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new GeneralSecurityException("BouncyCastle is required to read a key of type " + sType);
}
try {
// final String algo = buf.readString(); it has been already read
final String curveName = buf.readString();
final int keyLen = buf.readUInt32AsInt();
final byte x04 = buf.readByte(); // it must be 0x04, but don't think we need that check
final byte[] x = new byte[(keyLen - 1) / 2];
final byte[] y = new byte[(keyLen - 1) / 2];
buf.readRawBytes(x);
buf.readRawBytes(y);
if(log.isDebugEnabled()) {
log.debug(String.format("Key algo: %s, Key curve: %s, Key Len: %s, 0x04: %s\nx: %s\ny: %s",
sType,
curveName,
keyLen,
x04,
Arrays.toString(x),
Arrays.toString(y))
);
}
if (!NISTP_CURVE.equals(curveName)) {
throw new GeneralSecurityException(String.format("Unknown curve %s", curveName));
}
BigInteger bigX = new BigInteger(1, x);
BigInteger bigY = new BigInteger(1, y);
X9ECParameters ecParams = NISTNamedCurves.getByName("p-256");
ECPoint pPublicPoint = ecParams.getCurve().createPoint(bigX, bigY);
ECParameterSpec spec = new ECParameterSpec(ecParams.getCurve(),
ecParams.getG(), ecParams.getN());
ECPublicKeySpec publicSpec = new ECPublicKeySpec(pPublicPoint, spec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
return keyFactory.generatePublic(publicSpec);
} catch (Exception ex) {
throw new GeneralSecurityException(ex);
}
return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "256");
}
@Override
public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
final ECPublicKey ecdsa = (ECPublicKey) pk;
byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
buf.putString(sType)
.putString(NISTP_CURVE)
.putBytes(encoded);
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
}
@Override
protected boolean isMyType(Key key) {
return ("ECDSA".equals(key.getAlgorithm()));
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 256);
}
},
/** SSH identifier for ECDSA-384 keys */
ECDSA384("ecdsa-sha2-nistp384") {
@Override
public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException {
return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "384");
}
@Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
}
@Override
protected boolean isMyType(Key key) {
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 384);
}
},
/** SSH identifier for ECDSA-521 keys */
ECDSA521("ecdsa-sha2-nistp521") {
@Override
public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException {
return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "521");
}
@Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
}
@Override
protected boolean isMyType(Key key) {
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 521);
}
},
@@ -192,7 +183,7 @@ public enum KeyType {
);
}
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.CURVE_ED25519_SHA512);
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(p, ed25519);
return new Ed25519PublicKey(publicSpec);
@@ -202,9 +193,9 @@ public enum KeyType {
}
@Override
public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
EdDSAPublicKey key = (EdDSAPublicKey) pk;
buf.putString(sType).putBytes(key.getAbyte());
buf.putBytes(key.getAbyte());
}
@Override
@@ -213,6 +204,44 @@ public enum KeyType {
}
},
/** Signed rsa certificate */
RSA_CERT("ssh-rsa-cert-v01@openssh.com") {
@Override
public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException {
return CertUtils.readPubKey(buf, RSA);
}
@Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
CertUtils.writePubKeyContentsIntoBuffer(pk, RSA, buf);
}
@Override
protected boolean isMyType(Key key) {
return CertUtils.isCertificateOfType(key, RSA);
}
},
/** Signed dsa certificate */
DSA_CERT("ssh-dss-cert-v01@openssh.com") {
@Override
public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException {
return CertUtils.readPubKey(buf, DSA);
}
@Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
CertUtils.writePubKeyContentsIntoBuffer(pk, DSA, buf);
}
@Override
protected boolean isMyType(Key key) {
return CertUtils.isCertificateOfType(key, DSA);
}
},
/** Unrecognized */
UNKNOWN("unknown") {
@Override
@@ -226,15 +255,17 @@ public enum KeyType {
throw new UnsupportedOperationException("Don't know how to encode key: " + pk);
}
@Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
throw new UnsupportedOperationException("Don't know how to encode key: " + pk);
}
@Override
protected boolean isMyType(Key key) {
return false;
}
};
private static final String NISTP_CURVE = "nistp256";
protected final String sType;
private KeyType(String type) {
@@ -244,7 +275,11 @@ public enum KeyType {
public abstract PublicKey readPubKeyFromBuffer(Buffer<?> buf)
throws GeneralSecurityException;
public abstract void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf);
protected abstract void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf);
public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
writePubKeyContentsIntoBuffer(pk, buf.putString(sType));
}
protected abstract boolean isMyType(Key key);
@@ -266,4 +301,129 @@ public enum KeyType {
public String toString() {
return sType;
}
static class CertUtils {
@SuppressWarnings("unchecked")
static <T extends PublicKey> Certificate<T> readPubKey(Buffer<?> buf, KeyType innerKeyType) throws GeneralSecurityException {
Certificate.Builder<T> builder = Certificate.getBuilder();
try {
builder.nonce(buf.readBytes());
builder.publicKey((T) innerKeyType.readPubKeyFromBuffer(buf));
builder.serial(buf.readUInt64AsBigInteger());
builder.type(buf.readUInt32());
builder.id(buf.readString());
builder.validPrincipals(unpackList(buf.readBytes()));
builder.validAfter(dateFromEpoch(buf.readUInt64()));
builder.validBefore(dateFromEpoch(buf.readUInt64()));
builder.critOptions(unpackMap(buf.readBytes()));
builder.extensions(unpackMap(buf.readBytes()));
buf.readString(); // reserved
builder.signatureKey(buf.readBytes());
builder.signature(buf.readBytes());
} catch (Buffer.BufferException be) {
throw new GeneralSecurityException(be);
}
return builder.build();
}
static void writePubKeyContentsIntoBuffer(PublicKey publicKey, KeyType innerKeyType, Buffer<?> buf) {
Certificate<PublicKey> certificate = toCertificate(publicKey);
buf.putBytes(certificate.getNonce());
innerKeyType.writePubKeyContentsIntoBuffer(certificate.getKey(), buf);
buf.putUInt64(certificate.getSerial())
.putUInt32(certificate.getType())
.putString(certificate.getId())
.putBytes(packList(certificate.getValidPrincipals()))
.putUInt64(epochFromDate(certificate.getValidAfter()))
.putUInt64(epochFromDate(certificate.getValidBefore()))
.putBytes(packMap(certificate.getCritOptions()))
.putBytes(packMap(certificate.getExtensions()))
.putString("") // reserved
.putBytes(certificate.getSignatureKey())
.putBytes(certificate.getSignature());
}
static boolean isCertificateOfType(Key key, KeyType innerKeyType) {
if (!(key instanceof Certificate)) {
return false;
}
@SuppressWarnings("unchecked")
Key innerKey = ((Certificate<PublicKey>) key).getKey();
return innerKeyType.isMyType(innerKey);
}
@SuppressWarnings("unchecked")
static Certificate<PublicKey> toCertificate(PublicKey key) {
if (!(key instanceof Certificate)) {
throw new UnsupportedOperationException("Can't convert non-certificate key " +
key.getAlgorithm() + " to certificate");
}
return ((Certificate<PublicKey>) key);
}
private static Date dateFromEpoch(long seconds) {
return new Date(seconds * 1000);
}
private static long epochFromDate(Date date) {
return date.getTime() / 1000;
}
private static String unpackString(byte[] packedString) throws BufferException {
if (packedString.length == 0) {
return "";
}
return new Buffer.PlainBuffer(packedString).readString();
}
private static List<String> unpackList(byte[] packedString) throws BufferException {
List<String> list = new ArrayList<String>();
Buffer<?> buf = new Buffer.PlainBuffer(packedString);
while (buf.available() > 0) {
list.add(buf.readString());
}
return list;
}
private static Map<String, String> unpackMap(byte[] packedString) throws BufferException {
Map<String, String> map = new LinkedHashMap<String, String>();
Buffer<?> buf = new Buffer.PlainBuffer(packedString);
while (buf.available() > 0) {
String name = buf.readString();
String data = unpackString(buf.readStringAsBytes());
map.put(name, data);
}
return map;
}
private static byte[] packString(String data) {
if (data == null || data.isEmpty()) {
return "".getBytes();
}
return new Buffer.PlainBuffer().putString(data).getCompactData();
}
private static byte[] packList(Iterable<String> strings) {
Buffer<?> buf = new Buffer.PlainBuffer();
for (String string : strings) {
buf.putString(string);
}
return buf.getCompactData();
}
private static byte[] packMap(Map<String, String> map) {
Buffer<?> buf = new Buffer.PlainBuffer();
List<String> keys = new ArrayList<String>(map.keySet());
Collections.sort(keys);
for (String key : keys) {
buf.putString(key);
String value = map.get(key);
buf.putString(packString(value));
}
return buf.getCompactData();
}
}
}

38
src/main/java/net/schmizz/sshj/common/SecurityUtils.java
View File

@@ -15,13 +15,24 @@
*/
package net.schmizz.sshj.common;
import java.security.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static java.lang.String.format;
@@ -36,12 +47,17 @@ public class SecurityUtils {
*/
public static final String BOUNCY_CASTLE = "BC";
/**
* Identifier for the BouncyCastle JCE provider
*/
public static final String SPONGY_CASTLE = "SC";
/*
* Security provider identifier. null = default JCE
*/
private static String securityProvider = null;
// relate to BC registration
// relate to BC registration (or SpongyCastle on Android)
private static Boolean registerBouncyCastle;
private static boolean registrationDone;
@@ -68,19 +84,21 @@ public class SecurityUtils {
}
if (securityProvider == null) {
MessageDigest.getInstance("MD5", provider.getName());
KeyAgreement.getInstance("DH", provider.getName());
MessageDigest.getInstance("MD5", provider);
KeyAgreement.getInstance("DH", provider);
setSecurityProvider(provider.getName());
return true;
}
} catch (NoSuchAlgorithmException e) {
LOG.info(format("Security Provider '%s' does not support necessary algorithm", providerClassName), e);
} catch (NoSuchProviderException e) {
LOG.info("Registration of Security Provider '{}' unexpectedly failed", providerClassName);
} catch (Exception e) {
LOG.info(format("Registration of Security Provider '%s' unexpectedly failed", providerClassName), e);
}
return false;
}
public static synchronized Cipher getCipher(String transformation)
throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
register();
@@ -221,11 +239,11 @@ public class SecurityUtils {
* Attempts registering BouncyCastle as security provider if it has not been previously attempted and returns
* whether the registration succeeded.
*
* @return whether BC registered
* @return whether BC (or SC on Android) registered
*/
public static synchronized boolean isBouncyCastleRegistered() {
register();
return BOUNCY_CASTLE.equals(securityProvider);
return BOUNCY_CASTLE.equals(securityProvider) || SPONGY_CASTLE.equals(securityProvider);
}
public static synchronized void setRegisterBouncyCastle(boolean registerBouncyCastle) {

12
src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java
View File

@@ -26,6 +26,7 @@ import org.slf4j.Logger;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.util.LinkedList;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
@@ -51,6 +52,8 @@ public abstract class AbstractChannel
private final int id;
/** Remote recipient ID */
private int recipient;
/** Remote character set */
private final Charset remoteCharset;
private boolean eof = false;
@@ -78,12 +81,16 @@ public abstract class AbstractChannel
private volatile boolean autoExpand = false;
protected AbstractChannel(Connection conn, String type) {
this(conn, type, null);
}
protected AbstractChannel(Connection conn, String type, Charset remoteCharset) {
this.conn = conn;
this.loggerFactory = conn.getTransport().getConfig().getLoggerFactory();
this.type = type;
this.log = loggerFactory.getLogger(getClass());
this.trans = conn.getTransport();
this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8;
id = conn.nextID();
lwin = new Window.Local(conn.getWindowSize(), conn.getMaxPacketSize(), loggerFactory);
@@ -135,6 +142,11 @@ public abstract class AbstractChannel
return recipient;
}
@Override
public Charset getRemoteCharset() {
return remoteCharset;
}
@Override
public int getRemoteMaxPacketSize() {
return rwin.getMaxPacketSize();

4
src/main/java/net/schmizz/sshj/connection/channel/Channel.java
View File

@@ -24,6 +24,7 @@ import net.schmizz.sshj.transport.TransportException;
import java.io.Closeable;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.util.concurrent.TimeUnit;
/**
@@ -123,6 +124,9 @@ public interface Channel extends Closeable, SSHPacketHandler, ErrorNotifiable {
*/
int getRecipient();
/** @return the character set used to communicate with the remote machine for certain strings (like paths). */
Charset getRemoteCharset();
/**
* @return the maximum packet size as specified by the remote end.
*/

8
src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java
View File

@@ -138,7 +138,7 @@ public final class ChannelOutputStream extends OutputStream implements ErrorNoti
int length = len;
int offset = off;
while (length > 0) {
final int n = buffer.write(data, offset, len);
final int n = buffer.write(data, offset, length);
offset += n;
length -= n;
}
@@ -149,8 +149,7 @@ public final class ChannelOutputStream extends OutputStream implements ErrorNoti
this.error = error;
}
private void checkClose()
throws SSHException {
private void checkClose() throws SSHException {
if (closed) {
if (error != null)
throw error;
@@ -160,8 +159,7 @@ public final class ChannelOutputStream extends OutputStream implements ErrorNoti
}
@Override
public synchronized void close()
throws IOException {
public synchronized void close() throws IOException {
if (!closed) {
try {
buffer.flush(false);

3
src/main/java/net/schmizz/sshj/connection/channel/Window.java
View File

@@ -77,8 +77,7 @@ public abstract class Window {
super(initialWinSize, maxPacketSize, loggerFactory);
}
public long awaitExpansion(long was)
throws ConnectionException {
public long awaitExpansion(long was) throws ConnectionException {
synchronized (lock) {
while (size <= was) {
log.debug("Waiting, need size to grow from {} bytes", was);

10
src/main/java/net/schmizz/sshj/connection/channel/direct/AbstractDirectChannel.java
View File

@@ -25,6 +25,7 @@ import net.schmizz.sshj.connection.channel.Channel;
import net.schmizz.sshj.connection.channel.OpenFailException;
import net.schmizz.sshj.transport.TransportException;
import java.nio.charset.Charset;
import java.util.concurrent.TimeUnit;
/** Base class for direct channels whose open is initated by the client. */
@@ -41,6 +42,15 @@ public abstract class AbstractDirectChannel
conn.attach(this);
}
protected AbstractDirectChannel(Connection conn, String type, Charset remoteCharset) {
super(conn, type, remoteCharset);
/*
* We expect to receive channel open confirmation/rejection and want to be able to next this packet.
*/
conn.attach(this);
}
@Override
public void open()
throws ConnectionException, TransportException {

9
src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
View File

@@ -137,6 +137,15 @@ public class LocalPortForwarder {
listen(Thread.currentThread());
}
/**
* Returns whether this listener is running (ie. whether a thread is attached to it).
*
* @return
*/
public boolean isRunning() {
return this.runningThread != null && !serverSocket.isClosed();
}
/**
* Start listening for incoming connections and forward to remote host as a channel and ensure that the thread is registered.
* This is useful if for instance {@link #close() is called from another thread}

7
src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java
View File

@@ -22,6 +22,7 @@ import net.schmizz.sshj.connection.channel.ChannelInputStream;
import net.schmizz.sshj.transport.TransportException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@@ -47,6 +48,10 @@ public class SessionChannel
super(conn, "session");
}
public SessionChannel(Connection conn, Charset remoteCharset) {
super(conn, "session", remoteCharset);
}
@Override
public void allocateDefaultPTY()
throws ConnectionException, TransportException {
@@ -93,7 +98,7 @@ public class SessionChannel
throws ConnectionException, TransportException {
checkReuse();
log.debug("Will request to exec `{}`", command);
sendChannelRequest("exec", true, new Buffer.PlainBuffer().putString(command))
sendChannelRequest("exec", true, new Buffer.PlainBuffer().putString(command, getRemoteCharset()))
.await(conn.getTimeoutMs(), TimeUnit.MILLISECONDS);
usedUp = true;
return this;

2
src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java
View File

@@ -42,7 +42,7 @@ public class RemoteDirectory
case NAME:
final int count = res.readUInt32AsInt();
for (int i = 0; i < count; i++) {
final String name = res.readString();
final String name = res.readString(requester.sub.getRemoteCharset());
res.readString(); // long name - IGNORED - shdve never been in the protocol
final FileAttributes attrs = res.readFileAttributes();
final PathComponents comps = requester.getPathHelper().getComponents(path, name);

4
src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
View File

@@ -82,9 +82,7 @@ public class RemoteFile
throws IOException {
return requester.request(newRequest(PacketType.WRITE)
.putUInt64(fileOffset)
// TODO The SFTP spec claims this field is unneeded...? See #187
.putUInt32(len)
.putRawBytes(data, off, len)
.putString(data, off, len)
);
}

44
src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java
View File

@@ -16,6 +16,7 @@
package net.schmizz.sshj.sftp;
import net.schmizz.concurrent.Promise;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.connection.channel.direct.Session;
@@ -25,6 +26,7 @@ import org.slf4j.Logger;
import java.io.Closeable;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
@@ -137,7 +139,7 @@ public class SFTPEngine
public RemoteFile open(String path, Set<OpenMode> modes, FileAttributes fa)
throws IOException {
final byte[] handle = doRequest(
newRequest(PacketType.OPEN).putString(path).putUInt32(OpenMode.toMask(modes)).putFileAttributes(fa)
newRequest(PacketType.OPEN).putString(path, sub.getRemoteCharset()).putUInt32(OpenMode.toMask(modes)).putFileAttributes(fa)
).ensurePacketTypeIs(PacketType.HANDLE).readBytes();
return new RemoteFile(this, path, handle);
}
@@ -155,7 +157,7 @@ public class SFTPEngine
public RemoteDirectory openDir(String path)
throws IOException {
final byte[] handle = doRequest(
newRequest(PacketType.OPENDIR).putString(path)
newRequest(PacketType.OPENDIR).putString(path, sub.getRemoteCharset())
).ensurePacketTypeIs(PacketType.HANDLE).readBytes();
return new RemoteDirectory(this, path, handle);
}
@@ -163,7 +165,7 @@ public class SFTPEngine
public void setAttributes(String path, FileAttributes attrs)
throws IOException {
doRequest(
newRequest(PacketType.SETSTAT).putString(path).putFileAttributes(attrs)
newRequest(PacketType.SETSTAT).putString(path, sub.getRemoteCharset()).putFileAttributes(attrs)
).ensureStatusPacketIsOK();
}
@@ -173,13 +175,13 @@ public class SFTPEngine
throw new SFTPException("READLINK is not supported in SFTPv" + operativeVersion);
return readSingleName(
doRequest(
newRequest(PacketType.READLINK).putString(path)
));
newRequest(PacketType.READLINK).putString(path, sub.getRemoteCharset())
), sub.getRemoteCharset());
}
public void makeDir(String path, FileAttributes attrs)
throws IOException {
doRequest(newRequest(PacketType.MKDIR).putString(path).putFileAttributes(attrs)).ensureStatusPacketIsOK();
doRequest(newRequest(PacketType.MKDIR).putString(path, sub.getRemoteCharset()).putFileAttributes(attrs)).ensureStatusPacketIsOK();
}
public void makeDir(String path)
@@ -192,21 +194,21 @@ public class SFTPEngine
if (operativeVersion < 3)
throw new SFTPException("SYMLINK is not supported in SFTPv" + operativeVersion);
doRequest(
newRequest(PacketType.SYMLINK).putString(linkpath).putString(targetpath)
newRequest(PacketType.SYMLINK).putString(linkpath, sub.getRemoteCharset()).putString(targetpath, sub.getRemoteCharset())
).ensureStatusPacketIsOK();
}
public void remove(String filename)
throws IOException {
doRequest(
newRequest(PacketType.REMOVE).putString(filename)
newRequest(PacketType.REMOVE).putString(filename, sub.getRemoteCharset())
).ensureStatusPacketIsOK();
}
public void removeDir(String path)
throws IOException {
doRequest(
newRequest(PacketType.RMDIR).putString(path)
newRequest(PacketType.RMDIR).putString(path, sub.getRemoteCharset())
).ensureStatusIs(Response.StatusCode.OK);
}
@@ -225,7 +227,7 @@ public class SFTPEngine
if (operativeVersion < 1)
throw new SFTPException("RENAME is not supported in SFTPv" + operativeVersion);
doRequest(
newRequest(PacketType.RENAME).putString(oldPath).putString(newPath)
newRequest(PacketType.RENAME).putString(oldPath, sub.getRemoteCharset()).putString(newPath, sub.getRemoteCharset())
).ensureStatusPacketIsOK();
}
@@ -233,8 +235,8 @@ public class SFTPEngine
throws IOException {
return readSingleName(
doRequest(
newRequest(PacketType.REALPATH).putString(path)
));
newRequest(PacketType.REALPATH).putString(path, sub.getRemoteCharset())
), sub.getRemoteCharset());
}
public void setTimeoutMs(int timeoutMs) {
@@ -258,20 +260,32 @@ public class SFTPEngine
protected FileAttributes stat(PacketType pt, String path)
throws IOException {
return doRequest(newRequest(pt).putString(path))
return doRequest(newRequest(pt).putString(path, sub.getRemoteCharset()))
.ensurePacketTypeIs(PacketType.ATTRS)
.readFileAttributes();
}
protected static String readSingleName(Response res)
private static byte[] readSingleNameAsBytes(Response res)
throws IOException {
res.ensurePacketTypeIs(PacketType.NAME);
if (res.readUInt32AsInt() == 1)
return res.readString();
return res.readStringAsBytes();
else
throw new SFTPException("Unexpected data in " + res.getType() + " packet");
}
/** Using UTF-8 */
protected static String readSingleName(Response res)
throws IOException {
return readSingleName(res, IOUtils.UTF8);
}
/** Using any character set */
protected static String readSingleName(Response res, Charset charset)
throws IOException {
return new String(readSingleNameAsBytes(res), charset);
}
protected synchronized void transmit(SFTPPacket<Request> payload)
throws IOException {
final int len = payload.available();

79
src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
View File

@@ -15,34 +15,48 @@
*/
package net.schmizz.sshj.signature;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.*;
/** An abstract class for {@link Signature} that implements common functionality. */
/**
* An abstract class for {@link Signature} that implements common functionality.
*/
public abstract class AbstractSignature
implements Signature {
protected final String algorithm;
protected java.security.Signature signature;
@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
protected final java.security.Signature signature;
protected AbstractSignature(String algorithm) {
this.algorithm = algorithm;
try {
this.signature = SecurityUtils.getSignature(algorithm);
} catch (GeneralSecurityException e) {
throw new SSHRuntimeException(e);
}
}
protected AbstractSignature(@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
java.security.Signature signatureEngine) {
this.signature = signatureEngine;
}
@Override
public void init(PublicKey publicKey, PrivateKey privateKey) {
public void initVerify(PublicKey publicKey) {
try {
signature = SecurityUtils.getSignature(algorithm);
if (publicKey != null)
signature.initVerify(publicKey);
if (privateKey != null)
signature.initSign(privateKey);
} catch (GeneralSecurityException e) {
signature.initVerify(publicKey);
} catch (InvalidKeyException e) {
throw new SSHRuntimeException(e);
}
}
@Override
public void initSign(PrivateKey privateKey) {
try {
signature.initSign(privateKey);
} catch (InvalidKeyException e) {
throw new SSHRuntimeException(e);
}
}
@@ -70,23 +84,24 @@ public abstract class AbstractSignature
}
}
protected byte[] extractSig(byte[] sig) {
if (sig[0] == 0 && sig[1] == 0 && sig[2] == 0) {
int i = 0;
int j = sig[i++] << 24 & 0xff000000
| sig[i++] << 16 & 0x00ff0000
| sig[i++] << 8 & 0x0000ff00
| sig[i++] & 0x000000ff;
i += j;
j = sig[i++] << 24 & 0xff000000
| sig[i++] << 16 & 0x00ff0000
| sig[i++] << 8 & 0x0000ff00
| sig[i++] & 0x000000ff;
byte[] newSig = new byte[j];
System.arraycopy(sig, i, newSig, 0, j);
return newSig;
/**
* Check whether the signature is generated using the expected algorithm, and if so, return the signature blob
*
* @param sig The full signature
* @param expectedKeyAlgorithm The expected key algorithm
* @return The blob part of the signature
*/
protected byte[] extractSig(byte[] sig, String expectedKeyAlgorithm) {
Buffer.PlainBuffer buffer = new Buffer.PlainBuffer(sig);
try {
String algo = buffer.readString();
if (!expectedKeyAlgorithm.equals(algo)) {
throw new SSHRuntimeException("Expected '" + expectedKeyAlgorithm + "' key algorithm, but got: " + algo);
}
return buffer.readBytes();
} catch (Buffer.BufferException e) {
throw new SSHRuntimeException(e);
}
return sig;
}
}
}

21
src/main/java/net/schmizz/sshj/signature/Signature.java
View File

@@ -22,13 +22,24 @@ import java.security.PublicKey;
public interface Signature {
/**
* Initialize this signature with the given public key and private key. If the private key is null, only signature
* verification can be performed.
* Initialize this signature with the given public key for signature verification.
*
* @param pubkey (null-ok) specify in case verification is needed
* @param prvkey (null-ok) specify in case signing is needed
* Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
* overwrite prior initialization.
*
* @param pubkey the public key to use for signature verification
*/
void init(PublicKey pubkey, PrivateKey prvkey);
void initVerify(PublicKey pubkey);
/**
* Initialize this signature with the given private key for signing.
*
* Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
* overwrite prior initialization.
*
* @param prvkey the private key to use for signing
*/
void initSign(PrivateKey prvkey);
/**
* Convenience method, same as calling {@link #update(byte[], int, int)} with offset as {@code 0} and {@code

59
src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
View File

@@ -17,14 +17,23 @@ package net.schmizz.sshj.signature;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import org.bouncycastle.asn1.*;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.SignatureException;
import java.util.Arrays;
/** DSA {@link Signature} */
/**
* DSA {@link Signature}
*/
public class SignatureDSA
extends AbstractSignature {
/** A named factory for DSA signature */
/**
* A named factory for DSA signature
*/
public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Signature> {
@@ -74,33 +83,33 @@ public class SignatureDSA
@Override
public boolean verify(byte[] sig) {
sig = extractSig(sig);
// ASN.1
int frst = (sig[0] & 0x80) != 0 ? 1 : 0;
int scnd = (sig[20] & 0x80) != 0 ? 1 : 0;
int length = sig.length + 6 + frst + scnd;
byte[] tmp = new byte[length];
tmp[0] = (byte) 0x30;
tmp[1] = (byte) 0x2c;
tmp[1] += frst;
tmp[1] += scnd;
tmp[2] = (byte) 0x02;
tmp[3] = (byte) 0x14;
tmp[3] += frst;
System.arraycopy(sig, 0, tmp, 4 + frst, 20);
tmp[4 + tmp[3]] = (byte) 0x02;
tmp[5 + tmp[3]] = (byte) 0x14;
tmp[5 + tmp[3]] += scnd;
System.arraycopy(sig, 20, tmp, 6 + tmp[3] + scnd, 20);
sig = tmp;
try {
return signature.verify(sig);
byte[] sigBlob = extractSig(sig, "ssh-dss");
return signature.verify(asnEncode(sigBlob));
} catch (SignatureException e) {
throw new SSHRuntimeException(e);
} catch (IOException e) {
throw new SSHRuntimeException(e);
}
}
/**
* Encodes the signature as a DER sequence (ASN.1 format).
*/
private byte[] asnEncode(byte[] sigBlob) throws IOException {
byte[] r = new BigInteger(1, Arrays.copyOfRange(sigBlob, 0, 20)).toByteArray();
byte[] s = new BigInteger(1, Arrays.copyOfRange(sigBlob, 20, 40)).toByteArray();
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(new ASN1Integer(r));
vector.add(new ASN1Integer(s));
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ASN1OutputStream asnOS = new ASN1OutputStream(baos);
asnOS.writeObject(new DERSequence(vector));
asnOS.flush();
return baos.toByteArray();
}
}

141
src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
View File

@@ -18,32 +18,69 @@ package net.schmizz.sshj.signature;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.DERSequence;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.SignatureException;
/** ECDSA {@link Signature} */
public class SignatureECDSA
extends AbstractSignature {
public class SignatureECDSA extends AbstractSignature {
/** A named factory for ECDSA signature */
public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Signature> {
/** A named factory for ECDSA-256 signature */
public static class Factory256 implements net.schmizz.sshj.common.Factory.Named<Signature> {
@Override
public Signature create() {
return new SignatureECDSA();
return new SignatureECDSA("SHA256withECDSA", KeyType.ECDSA256.toString());
}
@Override
public String getName() {
return KeyType.ECDSA.toString();
return KeyType.ECDSA256.toString();
}
}
public SignatureECDSA() {
super("SHA256withECDSA");
/** A named factory for ECDSA-384 signature */
public static class Factory384 implements net.schmizz.sshj.common.Factory.Named<Signature> {
@Override
public Signature create() {
return new SignatureECDSA("SHA384withECDSA", KeyType.ECDSA384.toString());
}
@Override
public String getName() {
return KeyType.ECDSA384.toString();
}
}
/** A named factory for ECDSA-521 signature */
public static class Factory521 implements net.schmizz.sshj.common.Factory.Named<Signature> {
@Override
public Signature create() {
return new SignatureECDSA("SHA512withECDSA", KeyType.ECDSA521.toString());
}
@Override
public String getName() {
return KeyType.ECDSA521.toString();
}
}
private String keyTypeName;
public SignatureECDSA(String algorithm, String keyTypeName) {
super(algorithm);
this.keyTypeName = keyTypeName;
}
@Override
@@ -61,7 +98,7 @@ public class SignatureECDSA
System.arraycopy(sig, 4, r, 0, rLen);
System.arraycopy(sig, 6 + rLen, s, 0, sLen);
Buffer buf = new Buffer.PlainBuffer();
Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
buf.putMPInt(new BigInteger(r));
buf.putMPInt(new BigInteger(s));
@@ -70,68 +107,34 @@ public class SignatureECDSA
@Override
public boolean verify(byte[] sig) {
byte[] r;
byte[] s;
try {
Buffer sigbuf = new Buffer.PlainBuffer(sig);
final String algo = new String(sigbuf.readBytes());
if (!"ecdsa-sha2-nistp256".equals(algo)) {
throw new SSHRuntimeException(String.format("Signature :: ecdsa-sha2-nistp256 expected, got %s", algo));
}
final int rsLen = sigbuf.readUInt32AsInt();
if (sigbuf.available() != rsLen) {
throw new SSHRuntimeException("Invalid key length");
}
r = sigbuf.readBytes();
s = sigbuf.readBytes();
} catch (Exception e) {
throw new SSHRuntimeException(e);
}
int rLen = r.length;
int sLen = s.length;
/* We can't have the high bit set, so add an extra zero at the beginning if so. */
if ((r[0] & 0x80) != 0) {
rLen++;
}
if ((s[0] & 0x80) != 0) {
sLen++;
}
/* Calculate total output length */
int length = 6 + rLen + sLen;
byte[] asn1 = new byte[length];
/* ASN.1 SEQUENCE tag */
asn1[0] = (byte) 0x30;
/* Size of SEQUENCE */
asn1[1] = (byte) (4 + rLen + sLen);
/* ASN.1 INTEGER tag */
asn1[2] = (byte) 0x02;
/* "r" INTEGER length */
asn1[3] = (byte) rLen;
/* Copy in the "r" INTEGER */
System.arraycopy(r, 0, asn1, 4, rLen);
/* ASN.1 INTEGER tag */
asn1[rLen + 4] = (byte) 0x02;
/* "s" INTEGER length */
asn1[rLen + 5] = (byte) sLen;
/* Copy in the "s" INTEGER */
System.arraycopy(s, 0, asn1, (6 + rLen), sLen);
try {
return signature.verify(asn1);
byte[] sigBlob = extractSig(sig, keyTypeName);
return signature.verify(asnEncode(sigBlob));
} catch (SignatureException e) {
throw new SSHRuntimeException(e);
} catch (IOException e) {
throw new SSHRuntimeException(e);
}
}
/**
* Encodes the signature as a DER sequence (ASN.1 format).
*/
private byte[] asnEncode(byte[] sigBlob) throws IOException {
Buffer.PlainBuffer sigbuf = new Buffer.PlainBuffer(sigBlob);
byte[] r = sigbuf.readBytes();
byte[] s = sigbuf.readBytes();
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(new ASN1Integer(r));
vector.add(new ASN1Integer(s));
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ASN1OutputStream asnOS = new ASN1OutputStream(baos);
asnOS.writeObject(new DERSequence(vector));
asnOS.flush();
return baos.toByteArray();
}
}

2
src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
View File

@@ -51,7 +51,7 @@ public class SignatureRSA
@Override
public boolean verify(byte[] sig) {
sig = extractSig(sig);
sig = extractSig(sig, "ssh-rsa");
try {
return signature.verify(sig);
} catch (SignatureException e) {

6
src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
View File

@@ -197,6 +197,12 @@ final class KeyExchanger
if (hkv.verify(transport.getRemoteHost(), transport.getRemotePort(), key))
return;
}
log.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}",
hostVerifiers,
KeyType.fromKey(key),
SecurityUtils.getFingerprint(key),
transport.getRemoteHost(),
transport.getRemotePort());
throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE,
"Could not verify `" + KeyType.fromKey(key)

7
src/main/java/net/schmizz/sshj/transport/TransportImpl.java
View File

@@ -196,8 +196,11 @@ public final class TransportImpl
final Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
while ((serverID = readIdentification(buf)).isEmpty()) {
int b = connInfo.in.read();
if (b == -1)
if (b == -1) {
log.error("Received end of connection, but no identification received. ");
throw new TransportException("Server closed connection during identification exchange");
}
buf.putByte((byte) b);
}
}
@@ -587,7 +590,7 @@ public final class TransportImpl
try {
if (!close.isSet()) {
log.error("Dying because - {}", ex);
log.error("Dying because - {}", ex.getMessage(), ex);
final SSHException causeOfDeath = SSHException.chainer.chain(ex);

14
src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes128-cbc} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes128-cbc} cipher
*
* @deprecated Use {@link BlockCiphers#AES128CBC()}
*/
@Deprecated
public class AES128CBC
extends BlockCipher {
@@ -32,6 +39,11 @@ public class AES128CBC
public String getName() {
return "aes128-cbc";
}
@Override
public String toString() {
return getName();
}
}
public AES128CBC() {

16
src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
View File

@@ -15,11 +15,18 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes128-ctr} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes128-ctr} cipher
*
* @deprecated Use {@link BlockCiphers#AES128CTR()}
*/
@Deprecated
public class AES128CTR
extends BlockCipher {
/** Named factory for AES128CBC Cipher */
/** Named factory for AES128CTR Cipher */
public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Cipher> {
@@ -32,6 +39,11 @@ public class AES128CTR
public String getName() {
return "aes128-ctr";
}
@Override
public String toString() {
return getName();
}
}
public AES128CTR() {

14
src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes192-cbc} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes192-cbc} cipher
*
* @deprecated Use {@link BlockCiphers#AES192CBC()}
*/
@Deprecated
public class AES192CBC
extends BlockCipher {
@@ -32,6 +39,11 @@ public class AES192CBC
public String getName() {
return "aes192-cbc";
}
@Override
public String toString() {
return getName();
}
}
public AES192CBC() {

14
src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes192-ctr} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes192-ctr} cipher
*
* @deprecated Use {@link BlockCiphers#AES192CTR()}
*/
@Deprecated
public class AES192CTR
extends BlockCipher {
@@ -32,6 +39,11 @@ public class AES192CTR
public String getName() {
return "aes192-ctr";
}
@Override
public String toString() {
return getName();
}
}
public AES192CTR() {

14
src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes256-ctr} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes256-cbc} cipher
*
* @deprecated Use {@link BlockCiphers#AES256CBC()}
*/
@Deprecated
public class AES256CBC
extends BlockCipher {
@@ -32,6 +39,11 @@ public class AES256CBC
public String getName() {
return "aes256-cbc";
}
@Override
public String toString() {
return getName();
}
}
public AES256CBC() {

16
src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
View File

@@ -15,11 +15,18 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code aes256-ctr} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code aes256-ctr} cipher
*
* @deprecated Use {@link BlockCiphers#AES256CTR()}
*/
@Deprecated
public class AES256CTR
extends BlockCipher {
/** Named factory for AES256CBC Cipher */
/** Named factory for AES256CTR Cipher */
public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Cipher> {
@@ -32,6 +39,11 @@ public class AES256CTR
public String getName() {
return "aes256-ctr";
}
@Override
public String toString() {
return getName();
}
}
public AES256CTR() {

14
src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code blowfish-ctr} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code blowfish-bcb} cipher
*
* @deprecated Use {@link BlockCiphers#BlowfishCBC()}
*/
@Deprecated
public class BlowfishCBC
extends BlockCipher {
@@ -32,6 +39,11 @@ public class BlowfishCBC
public String getName() {
return "blowfish-cbc";
}
@Override
public String toString() {
return getName();
}
}
public BlowfishCBC() {

14
src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
View File

@@ -15,7 +15,14 @@
*/
package net.schmizz.sshj.transport.cipher;
/** {@code 3des-cbc} cipher */
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
/**
* {@code 3des-cbc} cipher
*
* @deprecated Use {@link BlockCiphers#TripleDESCBC()}
*/
@Deprecated
public class TripleDESCBC
extends BlockCipher {
@@ -32,6 +39,11 @@ public class TripleDESCBC
public String getName() {
return "3des-cbc";
}
@Override
public String toString() {
return getName();
}
}
public TripleDESCBC() {

67
src/main/java/net/schmizz/sshj/transport/compression/ZlibCompression.java
View File

@@ -15,8 +15,10 @@
*/
package net.schmizz.sshj.transport.compression;
import com.jcraft.jzlib.Deflater;
import com.jcraft.jzlib.GZIPException;
import com.jcraft.jzlib.Inflater;
import com.jcraft.jzlib.JZlib;
import com.jcraft.jzlib.ZStream;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.SSHRuntimeException;
@@ -45,20 +47,24 @@ public class ZlibCompression
private final byte[] tempBuf = new byte[BUF_SIZE];
private ZStream stream;
private Deflater deflater;
private Inflater inflater;
@Override
public void init(Mode mode) {
stream = new ZStream();
switch (mode) {
case DEFLATE:
stream.deflateInit(JZlib.Z_DEFAULT_COMPRESSION);
break;
case INFLATE:
stream.inflateInit();
break;
default:
assert false;
try {
switch (mode) {
case DEFLATE:
deflater = new Deflater(JZlib.Z_DEFAULT_COMPRESSION);
break;
case INFLATE:
inflater = new Inflater();
break;
default:
assert false;
}
} catch (GZIPException gze) {
}
}
@@ -69,44 +75,43 @@ public class ZlibCompression
@Override
public void compress(Buffer buffer) {
stream.next_in = buffer.array();
stream.next_in_index = buffer.rpos();
stream.avail_in = buffer.available();
deflater.setNextIn(buffer.array());
deflater.setNextInIndex(buffer.rpos());
deflater.setAvailIn(buffer.available());
buffer.wpos(buffer.rpos());
do {
stream.next_out = tempBuf;
stream.next_out_index = 0;
stream.avail_out = BUF_SIZE;
final int status = stream.deflate(JZlib.Z_PARTIAL_FLUSH);
deflater.setNextOut(tempBuf);
deflater.setNextOutIndex(0);
deflater.setAvailOut(BUF_SIZE);
final int status = deflater.deflate(JZlib.Z_PARTIAL_FLUSH);
if (status == JZlib.Z_OK) {
buffer.putRawBytes(tempBuf, 0, BUF_SIZE - stream.avail_out);
buffer.putRawBytes(tempBuf, 0, BUF_SIZE - deflater.getAvailOut());
} else {
throw new SSHRuntimeException("compress: deflate returned " + status);
}
} while (stream.avail_out == 0);
} while (deflater.getAvailOut() == 0);
}
@Override
public void uncompress(Buffer from, Buffer to)
throws TransportException {
stream.next_in = from.array();
stream.next_in_index = from.rpos();
stream.avail_in = from.available();
inflater.setNextIn(from.array());
inflater.setNextInIndex(from.rpos());
inflater.setAvailIn(from.available());
while (true) {
stream.next_out = tempBuf;
stream.next_out_index = 0;
stream.avail_out = BUF_SIZE;
final int status = stream.inflate(JZlib.Z_PARTIAL_FLUSH);
inflater.setNextOut(tempBuf);
inflater.setNextOutIndex(0);
inflater.setAvailOut(BUF_SIZE);
final int status = inflater.inflate(JZlib.Z_PARTIAL_FLUSH);
switch (status) {
case JZlib.Z_OK:
to.putRawBytes(tempBuf, 0, BUF_SIZE - stream.avail_out);
to.putRawBytes(tempBuf, 0, BUF_SIZE - inflater.getAvailOut());
break;
case JZlib.Z_BUF_ERROR:
return;
default:
throw new TransportException(DisconnectReason.COMPRESSION_ERROR, "uncompress: inflate returned "
+ status);
throw new TransportException(DisconnectReason.COMPRESSION_ERROR, "uncompress: inflate returned " + status);
}
}
}

2
src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
View File

@@ -80,7 +80,7 @@ public abstract class AbstractDHG extends AbstractDH
Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
KeyType.fromKey(hostKey).toString());
signature.init(hostKey, null);
signature.initVerify(hostKey);
signature.update(H, 0, H.length);
if (!signature.verify(sig))
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,

2
src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
View File

@@ -86,7 +86,7 @@ public abstract class AbstractDHGex extends AbstractDH {
H = digest.digest();
Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
KeyType.fromKey(hostKey).toString());
signature.init(hostKey, null);
signature.initVerify(hostKey);
signature.update(H, 0, H.length);
if (!signature.verify(sig))
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,

12
src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java
View File

@@ -15,16 +15,16 @@
*/
package net.schmizz.sshj.transport.kex;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.transport.random.Random;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.jce.spec.ECParameterSpec;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.transport.random.Random;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
public class Curve25519DH extends DHBase {

38
src/main/java/net/schmizz/sshj/transport/mac/HMACRIPEMD160.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.mac;
public class HMACRIPEMD160 extends BaseMAC {
/** Named factory for the HMAC-SHA1 <code>MAC</code> */
public static class Factory
implements net.schmizz.sshj.common.Factory.Named<MAC> {
@Override
public MAC create() {
return new HMACRIPEMD160();
}
@Override
public String getName() {
return "hmac-ripemd160";
}
}
public HMACRIPEMD160() {
super("HMACRIPEMD160", 20, 20);
}
}

3
src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
View File

@@ -15,10 +15,11 @@
*/
package net.schmizz.sshj.transport.random;
import java.security.SecureRandom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.SecureRandom;
/** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */
public class JCERandom
implements Random {

6
src/main/java/net/schmizz/sshj/transport/verification/ConsoleKnownHostsVerifier.java
View File

@@ -41,14 +41,14 @@ public class ConsoleKnownHostsVerifier
protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
final KeyType type = KeyType.fromKey(key);
console.printf("The authenticity of host '%s' can't be established.\n" +
"%s key fingerprint is %s.\n", hostname, type, SecurityUtils.getFingerprint(key));
"%s key fingerprint is %s.\n", hostname, type, SecurityUtils.getFingerprint(key));
String response = console.readLine("Are you sure you want to continue connecting (yes/no)? ");
while (!(response.equalsIgnoreCase(YES) || response.equalsIgnoreCase(NO))) {
response = console.readLine("Please explicitly enter yes/no: ");
}
if (response.equalsIgnoreCase(YES)) {
try {
entries().add(new SimpleEntry(null, hostname, KeyType.fromKey(key), key));
entries().add(new HostEntry(null, hostname, KeyType.fromKey(key), key));
write();
console.printf("Warning: Permanently added '%s' (%s) to the list of known hosts.\n", hostname, type);
} catch (IOException e) {
@@ -60,7 +60,7 @@ public class ConsoleKnownHostsVerifier
}
@Override
protected boolean hostKeyChangedAction(HostEntry entry, String hostname, PublicKey key) {
protected boolean hostKeyChangedAction(String hostname, PublicKey key) {
final KeyType type = KeyType.fromKey(key);
final String fp = SecurityUtils.getFingerprint(key);
final String path = getFile().getAbsolutePath();

124
src/main/java/net/schmizz/sshj/transport/verification/FingerprintVerifier.java Normal file
View File

@@ -0,0 +1,124 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.verification;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.regex.Pattern;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
public class FingerprintVerifier implements HostKeyVerifier {
private static final Pattern MD5_FINGERPRINT_PATTERN = Pattern.compile("[0-9a-f]{2}+(:[0-9a-f]{2}+){15}+");
/**
* Valid examples:
*
* <ul>
* <li><code>4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
* <li><code>MD5:4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
* <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU</code></li>
* <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU=</code></li>
* <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo</code></li>
* <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo=</code></li>
* </ul>
*
*
* @param fingerprint of an SSH fingerprint in MD5 (hex), SHA-1 (base64) or SHA-256(base64) format
*
* @return
*/
public static HostKeyVerifier getInstance(String fingerprint) {
try {
if (fingerprint.startsWith("SHA1:")) {
return new FingerprintVerifier("SHA-1", fingerprint.substring(5));
}
if (fingerprint.startsWith("SHA256:")) {
return new FingerprintVerifier("SHA-256", fingerprint.substring(7));
}
final String md5;
if (fingerprint.startsWith("MD5:")) {
md5 = fingerprint.substring(4); // remove the MD5: prefix
} else {
md5 = fingerprint;
}
if (!MD5_FINGERPRINT_PATTERN.matcher(md5).matches()) {
throw new SSHRuntimeException("Invalid MD5 fingerprint: " + fingerprint);
}
// Use the old default fingerprint verifier for md5 fingerprints
return (new HostKeyVerifier() {
@Override
public boolean verify(String h, int p, PublicKey k) {
return SecurityUtils.getFingerprint(k).equals(md5);
}
});
} catch (SSHRuntimeException e) {
throw e;
} catch (IOException e) {
throw new SSHRuntimeException(e);
}
}
private final String digestAlgorithm;
private final byte[] fingerprintData;
/**
*
* @param digestAlgorithm
* the used digest algorithm
* @param base64Fingerprint
* base64 encoded fingerprint data
*
* @throws IOException
*/
private FingerprintVerifier(String digestAlgorithm, String base64Fingerprint) throws IOException {
this.digestAlgorithm = digestAlgorithm;
// if the length is not padded with "=" chars at the end so that it is divisible by 4 the SSHJ Base64 implementation does not work correctly
StringBuilder base64FingerprintBuilder = new StringBuilder(base64Fingerprint);
while (base64FingerprintBuilder.length() % 4 != 0) {
base64FingerprintBuilder.append("=");
}
fingerprintData = Base64.decode(base64FingerprintBuilder.toString());
}
@Override
public boolean verify(String hostname, int port, PublicKey key) {
MessageDigest digest;
try {
digest = SecurityUtils.getMessageDigest(digestAlgorithm);
} catch (GeneralSecurityException e) {
throw new SSHRuntimeException(e);
}
digest.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
byte[] digestData = digest.digest();
return Arrays.equals(fingerprintData, digestData);
}
}

206
src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
View File

@@ -15,9 +15,8 @@
*/
package net.schmizz.sshj.transport.verification;
import com.hierynomus.sshj.transport.verification.KnownHostMatchers;
import net.schmizz.sshj.common.*;
import net.schmizz.sshj.transport.mac.HMACSHA1;
import net.schmizz.sshj.transport.mac.MAC;
import org.slf4j.Logger;
import java.io.*;
@@ -26,7 +25,6 @@ import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
@@ -40,7 +38,7 @@ public class OpenSSHKnownHosts
protected final Logger log;
protected final File khFile;
protected final List<HostEntry> entries = new ArrayList<HostEntry>();
protected final List<KnownHostEntry> entries = new ArrayList<KnownHostEntry>();
public OpenSSHKnownHosts(File khFile)
throws IOException {
@@ -59,7 +57,7 @@ public class OpenSSHKnownHosts
String line;
while ((line = br.readLine()) != null) {
try {
HostEntry entry = entryFactory.parseEntry(line);
KnownHostEntry entry = entryFactory.parseEntry(line);
if (entry != null) {
entries.add(entry);
}
@@ -83,19 +81,29 @@ public class OpenSSHKnownHosts
public boolean verify(final String hostname, final int port, final PublicKey key) {
final KeyType type = KeyType.fromKey(key);
if (type == KeyType.UNKNOWN)
if (type == KeyType.UNKNOWN) {
return false;
}
final String adjustedHostname = (port != 22) ? "[" + hostname + "]:" + port : hostname;
for (HostEntry e : entries) {
boolean foundApplicableHostEntry = false;
for (KnownHostEntry e : entries) {
try {
if (e.appliesTo(type, adjustedHostname))
return e.verify(key) || hostKeyChangedAction(e, adjustedHostname, key);
if (e.appliesTo(type, adjustedHostname)) {
foundApplicableHostEntry = true;
if (e.verify(key)) {
return true;
}
}
} catch (IOException ioe) {
log.error("Error with {}: {}", e, ioe);
return false;
}
}
if (foundApplicableHostEntry) {
return hostKeyChangedAction(adjustedHostname, key);
}
return hostKeyUnverifiableAction(adjustedHostname, key);
@@ -105,12 +113,12 @@ public class OpenSSHKnownHosts
return false;
}
protected boolean hostKeyChangedAction(HostEntry entry, String hostname, PublicKey key) {
protected boolean hostKeyChangedAction(String hostname, PublicKey key) {
log.warn("Host key for `{}` has changed!", hostname);
return false;
}
public List<HostEntry> entries() {
public List<KnownHostEntry> entries() {
return entries;
}
@@ -120,7 +128,7 @@ public class OpenSSHKnownHosts
throws IOException {
final BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(khFile));
try {
for (HostEntry entry : entries)
for (KnownHostEntry entry : entries)
bos.write((entry.getLine() + LS).getBytes(IOUtils.UTF8));
} finally {
bos.close();
@@ -130,7 +138,7 @@ public class OpenSSHKnownHosts
/**
* Append a single entry
*/
public void write(HostEntry entry)
public void write(KnownHostEntry entry)
throws IOException {
final BufferedWriter writer = new BufferedWriter(new FileWriter(khFile, true));
try {
@@ -185,7 +193,7 @@ public class OpenSSHKnownHosts
EntryFactory() {
}
public HostEntry parseEntry(String line)
public KnownHostEntry parseEntry(String line)
throws IOException {
if (isComment(line)) {
return new CommentEntry(line);
@@ -200,7 +208,7 @@ public class OpenSSHKnownHosts
}
if(split.length < 3) {
log.error("Error reading entry `{}`", line);
return null;
return new BadHostEntry(line);
}
final String hostnames = split[i++];
final String sType = split[i++];
@@ -210,7 +218,13 @@ public class OpenSSHKnownHosts
if (type != KeyType.UNKNOWN) {
final String sKey = split[i++];
key = new Buffer.PlainBuffer(Base64.decode(sKey)).readPublicKey();
try {
byte[] keyBytes = Base64.decode(sKey);
key = new Buffer.PlainBuffer(keyBytes).readPublicKey();
} catch (IOException ioe) {
log.warn("Error decoding Base64 key bytes", ioe);
return new BadHostEntry(line);
}
} else if (isBits(sType)) {
type = KeyType.RSA;
// int bits = Integer.valueOf(sType);
@@ -221,18 +235,14 @@ public class OpenSSHKnownHosts
key = keyFactory.generatePublic(new RSAPublicKeySpec(n, e));
} catch (Exception ex) {
log.error("Error reading entry `{}`, could not create key", line, ex);
return null;
return new BadHostEntry(line);
}
} else {
log.error("Error reading entry `{}`, could not determine type", line);
return null;
return new BadHostEntry(line);
}
if (isHashed(hostnames)) {
return new HashedEntry(marker, hostnames, type, key);
} else {
return new SimpleEntry(marker, hostnames, type, key);
}
return new HostEntry(marker, hostnames, type, key);
}
private boolean isBits(String type) {
@@ -254,25 +264,22 @@ public class OpenSSHKnownHosts
}
public interface HostEntry {
public interface KnownHostEntry {
KeyType getType();
String getFingerprint();
boolean appliesTo(String host)
throws IOException;
boolean appliesTo(String host) throws IOException;
boolean appliesTo(KeyType type, String host)
throws IOException;
boolean appliesTo(KeyType type, String host) throws IOException;
boolean verify(PublicKey key)
throws IOException;
boolean verify(PublicKey key) throws IOException;
String getLine();
}
public static class CommentEntry
implements HostEntry {
implements KnownHostEntry {
private final String comment;
public CommentEntry(String comment) {
@@ -290,8 +297,7 @@ public class OpenSSHKnownHosts
}
@Override
public boolean appliesTo(String host)
throws IOException {
public boolean appliesTo(String host) throws IOException {
return false;
}
@@ -311,17 +317,20 @@ public class OpenSSHKnownHosts
}
}
public static abstract class AbstractEntry
implements HostEntry {
public static class HostEntry implements KnownHostEntry {
protected final OpenSSHKnownHosts.Marker marker;
final OpenSSHKnownHosts.Marker marker;
private final String hostPart;
protected final KeyType type;
protected final PublicKey key;
private final KnownHostMatchers.HostMatcher matcher;
public AbstractEntry(Marker marker, KeyType type, PublicKey key) {
public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException {
this.marker = marker;
this.hostPart = hostPart;
this.type = type;
this.key = key;
this.matcher = KnownHostMatchers.createMatcher(hostPart);
}
@Override
@@ -335,9 +344,18 @@ public class OpenSSHKnownHosts
}
@Override
public boolean verify(PublicKey key)
throws IOException {
return key.equals(this.key) && marker != Marker.REVOKED;
public boolean appliesTo(String host) throws IOException {
return matcher.match(host);
}
@Override
public boolean appliesTo(KeyType type, String host) throws IOException {
return this.type == type && matcher.match(host);
}
@Override
public boolean verify(PublicKey key) throws IOException {
return getKeyString(key).equals(getKeyString(this.key)) && marker != Marker.REVOKED;
}
public String getLine() {
@@ -347,97 +365,55 @@ public class OpenSSHKnownHosts
line.append(getHostPart());
line.append(" ").append(type.toString());
line.append(" ").append(getKeyString());
line.append(" ").append(getKeyString(key));
return line.toString();
}
private String getKeyString() {
final Buffer.PlainBuffer buf = new Buffer.PlainBuffer().putPublicKey(key);
private String getKeyString(PublicKey pk) {
final Buffer.PlainBuffer buf = new Buffer.PlainBuffer().putPublicKey(pk);
return Base64.encodeBytes(buf.array(), buf.rpos(), buf.available());
}
protected abstract String getHostPart();
}
public static class SimpleEntry
extends AbstractEntry {
private final List<String> hosts;
private final String hostnames;
public SimpleEntry(Marker marker, String hostnames, KeyType type, PublicKey key) {
super(marker, type, key);
this.hostnames = hostnames;
hosts = Arrays.asList(hostnames.split(","));
}
@Override
protected String getHostPart() {
return hostnames;
}
@Override
public boolean appliesTo(String host)
throws IOException {
return hosts.contains(host);
}
@Override
public boolean appliesTo(KeyType type, String host)
throws IOException {
return type == this.type && hosts.contains(host);
return hostPart;
}
}
public static class HashedEntry
extends AbstractEntry {
private final MAC sha1 = new HMACSHA1();
public static class BadHostEntry implements KnownHostEntry {
private String line;
private final String hashedHost;
private final String salt;
private byte[] saltyBytes;
public HashedEntry(Marker marker, String hash, KeyType type, PublicKey key)
throws SSHException {
super(marker, type, key);
this.hashedHost = hash;
{
final String[] hostParts = hashedHost.split("\\|");
if (hostParts.length != 4)
throw new SSHException("Unrecognized format for hashed hostname");
salt = hostParts[2];
}
public BadHostEntry(String line) {
this.line = line;
}
@Override
public boolean appliesTo(String host)
throws IOException {
return hashedHost.equals(hashHost(host));
public KeyType getType() {
return KeyType.UNKNOWN;
}
@Override
public boolean appliesTo(KeyType type, String host)
throws IOException {
return this.type == type && hashedHost.equals(hashHost(host));
}
private String hashHost(String host)
throws IOException {
sha1.init(getSaltyBytes());
return "|1|" + salt + "|" + Base64.encodeBytes(sha1.doFinal(host.getBytes(IOUtils.UTF8)));
}
private byte[] getSaltyBytes()
throws IOException {
if (saltyBytes == null) {
saltyBytes = Base64.decode(salt);
}
return saltyBytes;
public String getFingerprint() {
return null;
}
@Override
protected String getHostPart() {
return hashedHost;
public boolean appliesTo(String host) throws IOException {
return false;
}
@Override
public boolean appliesTo(KeyType type, String host) throws IOException {
return false;
}
@Override
public boolean verify(PublicKey key) throws IOException {
return false;
}
@Override
public String getLine() {
return line;
}
}
@@ -456,12 +432,12 @@ public class OpenSSHKnownHosts
}
public static Marker fromString(String str) {
for (Marker m: values())
if (m.sMarker.equals(str))
for (Marker m: values()) {
if (m.sMarker.equals(str)) {
return m;
}
}
return null;
}
}
}

6
src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java
View File

@@ -15,6 +15,9 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.*;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
@@ -22,9 +25,6 @@ import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.*;
public abstract class BaseFileKeyProvider implements FileKeyProvider {
protected Resource<?> resource;
protected PasswordFinder pwdf;

4
src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
View File

@@ -15,10 +15,10 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import net.schmizz.sshj.common.IOUtils;
import java.io.*;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
public class KeyProviderUtil {
@@ -34,7 +34,7 @@ public class KeyProviderUtil {
public static KeyFormat detectKeyFileFormat(File location)
throws IOException {
return detectKeyFileFormat(new FileReader(location),
new File(location + ".pub").exists());
new File(location + ".pub").exists() || new File(location + "-cert.pub").exists());
}
/**

10
src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java
View File

@@ -57,10 +57,14 @@ public class OpenSSHKeyFile
@Override
public void init(File location) {
final File f = new File(location + ".pub");
if (f.exists())
// try cert key location first
File pubKey = new File(location + "-cert.pub");
if (!pubKey.exists()) {
pubKey = new File(location + ".pub");
}
if (pubKey.exists())
try {
initPubKey(new FileReader(f));
initPubKey(new FileReader(pubKey));
} catch (IOException e) {
// let super provide both public & private key
log.warn("Error reading public key file: {}", e.toString());

27
src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS5KeyFile.java
View File

@@ -15,6 +15,15 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.transport.cipher.*;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.digest.MD5;
import java.io.BufferedReader;
import java.io.EOFException;
import java.io.IOException;
@@ -24,14 +33,6 @@ import java.nio.CharBuffer;
import java.security.*;
import java.security.spec.*;
import java.util.Arrays;
import javax.xml.bind.DatatypeConverter;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.transport.cipher.*;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.digest.MD5;
/**
* Represents a PKCS5-encoded key file. This is the format typically used by OpenSSH, OpenSSL, Amazon, etc.
@@ -116,17 +117,17 @@ public class PKCS5KeyFile extends BaseFileKeyProvider {
} else {
String algorithm = line.substring(10, ptr);
if ("DES-EDE3-CBC".equals(algorithm)) {
cipher = new TripleDESCBC();
cipher = BlockCiphers.TripleDESCBC().create();
} else if ("AES-128-CBC".equals(algorithm)) {
cipher = new AES128CBC();
cipher = BlockCiphers.AES128CBC().create();
} else if ("AES-192-CBC".equals(algorithm)) {
cipher = new AES192CBC();
cipher = BlockCiphers.AES192CBC().create();
} else if ("AES-256-CBC".equals(algorithm)) {
cipher = new AES256CBC();
cipher = BlockCiphers.AES256CBC().create();
} else {
throw new FormatException("Not a supported algorithm: " + algorithm);
}
iv = Arrays.copyOfRange(DatatypeConverter.parseHexBinary(line.substring(ptr + 1)), 0, cipher.getIVSize());
iv = Arrays.copyOfRange(ByteArrayUtils.parseHex(line.substring(ptr + 1)), 0, cipher.getIVSize());
}
} else if (line.length() > 0) {
sb.append(line);

13
src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
View File

@@ -15,8 +15,9 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
import java.io.IOException;
import java.security.KeyPair;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
@@ -26,8 +27,8 @@ import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import java.io.IOException;
import java.security.KeyPair;
/** Represents a PKCS8-encoded key file. This is the format used by (old-style) OpenSSH and OpenSSL. */
public class PKCS8KeyFile extends BaseFileKeyProvider {
@@ -62,12 +63,12 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
final Object o = r.readObject();
final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
pemConverter.setProvider(SecurityUtils.getSecurityProvider());
if (o instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
decryptorBuilder.setProvider("BC");
decryptorBuilder.setProvider(SecurityUtils.getSecurityProvider());
try {
passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));

18
src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
View File

@@ -15,21 +15,21 @@
*/
package net.schmizz.sshj.userauth.keyprovider;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.util.encoders.Hex;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Hex;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.PasswordUtils;
/**
* <h2>Sample PuTTY file format</h2>

2
src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
View File

@@ -66,7 +66,7 @@ public abstract class KeyedAuthMethod
if (signature == null)
throw new UserAuthException("Could not create signature instance for " + kt + " key");
signature.init(null, key);
signature.initSign(key);
signature.update(new Buffer.PlainBuffer()
.putString(params.getTransport().getSessionID())
.putBuffer(reqBuf) // & rest of the data for sig

71
src/main/java/net/schmizz/sshj/userauth/password/ConsolePasswordFinder.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.password;
import java.io.Console;
import java.util.IllegalFormatException;
/** A PasswordFinder that reads a password from a console */
public class ConsolePasswordFinder implements PasswordFinder {
public static final String DEFAULT_FORMAT = "Enter passphrase for %s:";
private final Console console;
private final String promptFormat;
private final int maxTries;
private int numTries;
public ConsolePasswordFinder() {
this(System.console());
}
public ConsolePasswordFinder(Console console) {
this(console, DEFAULT_FORMAT, 3);
}
public ConsolePasswordFinder(Console console, String promptFormat, int maxTries) {
checkFormatString(promptFormat);
this.console = console;
this.promptFormat = promptFormat;
this.maxTries = maxTries;
this.numTries = 0;
}
@Override
public char[] reqPassword(Resource<?> resource) {
numTries++;
if (console == null) {
// the request cannot be serviced
return null;
}
return console.readPassword(promptFormat, resource.toString());
}
@Override
public boolean shouldRetry(Resource<?> resource) {
return numTries < maxTries;
}
private static void checkFormatString(String promptFormat) {
try {
String.format(promptFormat, "");
} catch (IllegalFormatException e) {
throw new IllegalArgumentException("promptFormat must have no more than one %s and no other markers", e);
}
}
}

1
src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
View File

@@ -16,7 +16,6 @@
package net.schmizz.sshj.xfer;
import net.schmizz.sshj.common.LoggerFactory;
import org.slf4j.Logger;
public abstract class AbstractFileTransfer {

46
src/main/java/net/schmizz/sshj/xfer/FileSystemFile.java
View File

@@ -21,6 +21,7 @@ import org.slf4j.LoggerFactory;
import java.io.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Stack;
public class FileSystemFile
implements LocalSourceFile, LocalDestFile {
@@ -83,8 +84,9 @@ public class FileSystemFile
}
});
if (childFiles == null)
if (childFiles == null) {
throw new IOException("Error listing files in directory: " + this);
}
final List<FileSystemFile> children = new ArrayList<FileSystemFile>();
for (File f : childFiles) {
@@ -113,12 +115,13 @@ public class FileSystemFile
@Override
public int getPermissions()
throws IOException {
if (isDirectory())
if (isDirectory()) {
return 0755;
else if (isFile())
} else if (isFile()) {
return 0644;
else
} else {
throw new IOException("Unsupported file type");
}
}
@Override
@@ -130,8 +133,9 @@ public class FileSystemFile
@Override
public void setLastModifiedTime(long t)
throws IOException {
if (!file.setLastModified(t * 1000))
if (!file.setLastModified(t * 1000)) {
log.warn("Could not set last modified time for {} to {}", file, t);
}
}
@Override
@@ -143,22 +147,41 @@ public class FileSystemFile
!(FilePermission.OTH_W.isIn(perms) || FilePermission.GRP_W.isIn(perms)));
final boolean x = file.setExecutable(FilePermission.USR_X.isIn(perms),
!(FilePermission.OTH_X.isIn(perms) || FilePermission.GRP_X.isIn(perms)));
if (!(r && w && x))
if (!(r && w && x)) {
log.warn("Could not set permissions for {} to {}", file, Integer.toString(perms, 16));
}
}
@Override
public FileSystemFile getChild(String name) {
validateIsChildPath(name);
return new FileSystemFile(new File(file, name));
}
private void validateIsChildPath(String name) {
String[] split = name.split("/");
Stack<String> s = new Stack<String>();
for (String component : split) {
if (component == null || component.isEmpty() || ".".equals(component)) {
continue;
} else if ("..".equals(component) && !s.isEmpty()) {
s.pop();
continue;
} else if ("..".equals(component)) {
throw new IllegalArgumentException("Cannot traverse higher than " + file + " to get child " + name);
}
s.push(component);
}
}
@Override
public FileSystemFile getTargetFile(String filename)
throws IOException {
FileSystemFile f = this;
if (f.isDirectory())
if (f.isDirectory()) {
f = f.getChild(filename);
}
if (!f.getFile().exists()) {
if (!f.getFile().createNewFile())
@@ -174,12 +197,15 @@ public class FileSystemFile
throws IOException {
FileSystemFile f = this;
if (f.getFile().exists())
if (f.getFile().exists()) {
if (f.isDirectory()) {
if (!f.getName().equals(dirname))
if (!f.getName().equals(dirname)) {
f = f.getChild(dirname);
} else
}
} else {
throw new IOException(f + " - already exists as a file; directory required");
}
}
if (!f.getFile().exists() && !f.getFile().mkdir())
throw new IOException("Failed to create directory: " + f);

17
src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
View File

@@ -75,9 +75,9 @@ public class SCPDownloadClient extends AbstractSCPClient {
engine.signal("Start status OK");
String msg = engine.readMessage();
do
do {
process(engine.getTransferListener(), null, msg, targetFile);
while (!(msg = engine.readMessage()).isEmpty());
} while (!(msg = engine.readMessage()).isEmpty());
}
private long parseLong(String longString, String valType)
@@ -93,15 +93,17 @@ public class SCPDownloadClient extends AbstractSCPClient {
private int parsePermissions(String cmd)
throws SCPException {
if (cmd.length() != 5)
if (cmd.length() != 5) {
throw new SCPException("Could not parse permissions from `" + cmd + "`");
}
return Integer.parseInt(cmd.substring(1), 8);
}
private boolean process(TransferListener listener, String bufferedTMsg, String msg, LocalDestFile f)
throws IOException {
if (msg.length() < 1)
if (msg.length() < 1) {
throw new SCPException("Could not parse message `" + msg + "`");
}
switch (msg.charAt(0)) {
@@ -139,8 +141,9 @@ public class SCPDownloadClient extends AbstractSCPClient {
final List<String> dMsgParts = tokenize(dMsg, 3, true); // D<perms> 0 <dirname>
final long length = parseLong(dMsgParts.get(1), "dir length");
final String dirname = dMsgParts.get(2);
if (length != 0)
if (length != 0) {
throw new IOException("Remote SCP command sent strange directory length: " + length);
}
final TransferListener dirListener = listener.directory(dirname);
{
@@ -186,9 +189,9 @@ public class SCPDownloadClient extends AbstractSCPClient {
private static List<String> tokenize(String msg, int totalParts, boolean consolidateTail)
throws IOException {
List<String> parts = Arrays.asList(msg.split(" "));
if (parts.size() < totalParts ||
(!consolidateTail && parts.size() != totalParts))
if (parts.size() < totalParts || (!consolidateTail && parts.size() != totalParts)) {
throw new IOException("Could not parse message received from remote SCP: " + msg);
}
if (consolidateTail && totalParts < parts.size()) {
final StringBuilder sb = new StringBuilder(parts.get(totalParts - 1));

4
src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java
View File

@@ -29,7 +29,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/** @see <a href="http://blogs.sun.com/janp/entry/how_the_scp_protocol_works">SCP Protocol</a> */
/** @see <a href="https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works">SCP Protocol</a> */
class SCPEngine {
@@ -128,7 +128,7 @@ class SCPEngine {
void sendMessage(String msg) throws IOException {
log.debug("Sending message: {}", msg);
scp.getOutputStream().write((msg + LF).getBytes(IOUtils.UTF8));
scp.getOutputStream().write((msg + LF).getBytes(scp.getRemoteCharset()));
scp.getOutputStream().flush();
check("Message ACK received");
}

45
src/test/groovy/com/hierynomus/sshj/common/KeyTypeSpec.groovy Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.common
import net.schmizz.sshj.common.KeyType
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile
import spock.lang.Specification
import spock.lang.Unroll
class KeyTypeSpec extends Specification {
@Unroll
def "should determine correct keytype for #type key"() {
given:
OpenSSHKeyFile kf = new OpenSSHKeyFile()
kf.init(privKey, pubKey)
expect:
KeyType.fromKey(kf.getPublic()) == type
KeyType.fromKey(kf.getPrivate()) == type
where:
privKey << ["""-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGhcvG8anyHew/xZJfozh5XIc1kmZZs6o2f0l3KFs4jgoAoGCCqGSM49
AwEHoUQDQgAEDUA1JYVD7URSoOGdwPxjea+ETD6IABMD9CWfk3NVTNkdu/Ksn7uX
cLTQhx4N16z1IgW2bRbSbsmM++UKXmeWyg==
-----END EC PRIVATE KEY-----"""]
pubKey << ["""ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1ANSWFQ+1EUqDhncD8Y3mvhEw+iAATA/Qln5NzVUzZHbvyrJ+7l3C00IceDdes9SIFtm0W0m7JjPvlCl5nlso= SSH Key"""]
type << [KeyType.ECDSA256]
}
}

4
src/test/groovy/com/hierynomus/sshj/connection/channel/direct/LocalPortForwarderSpec.groovy
View File

@@ -19,6 +19,7 @@ import com.hierynomus.sshj.test.SshFixture
import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder
import org.junit.Rule
import spock.lang.Specification
import spock.util.concurrent.PollingConditions
class LocalPortForwarderSpec extends Specification {
@Rule
@@ -44,6 +45,9 @@ class LocalPortForwarderSpec extends Specification {
thread.start()
then:
new PollingConditions().eventually {
lpf.isRunning()
}
thread.isAlive()
when:

59
src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersSpec.groovy Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.transport.verification
import spock.lang.Specification
import spock.lang.Unroll
class KnownHostMatchersSpec extends Specification {
@Unroll
def "should #yesno match host #host with pattern #pattern"() {
given:
def matcher = KnownHostMatchers.createMatcher(pattern)
expect:
match == matcher.match(host)
where:
pattern | host | match
"aaa.bbb.com" | "aaa.bbb.com" | true
"aaa.bbb.com" | "aaa.ccc.com" | false
"*.bbb.com" | "aaa.bbb.com" | true
"*.bbb.com" | "aaa.ccc.com" | false
"aaa.*.com" | "aaa.bbb.com" | true
"aaa.*.com" | "aaa.ccc.com" | true
"aaa.bbb.*" | "aaa.bbb.com" | true
"aaa.bbb.*" | "aaa.ccc.com" | false
"!*.bbb.com" | "aaa.bbb.com" | false
"!*.bbb.com" | "aaa.ccc.com" | true
"aaa.bbb.com,!*.ccc.com" | "xxx.yyy.com" | true
"aaa.bbb.com,!*.ccc.com" | "aaa.bbb.com" | true
"aaa.bbb.com,!*.ccc.com" | "aaa.ccc.com" | false
"aaa.b??.com" | "aaa.bbb.com" | true
"aaa.b??.com" | "aaa.bcd.com" | true
"aaa.b??.com" | "aaa.ccd.com" | false
"aaa.b??.com" | "aaa.bccd.com" | false
"|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.1.61" | true
"|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.2.61" | false
"[aaa.bbb.com]:2222" | "aaa.bbb.com" | false
"[aaa.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
"[aaa.?bb.com]:2222" | "[aaa.dbb.com]:2222" | true
"[aaa.?xb.com]:2222" | "[aaa.dbb.com]:2222" | false
"[*.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
yesno = match ? "" : "no"
}
}

140
src/test/groovy/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsSpec.groovy Normal file
View File

@@ -0,0 +1,140 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.transport.verification
import net.schmizz.sshj.common.Base64
import net.schmizz.sshj.common.Buffer
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts
import net.schmizz.sshj.util.KeyUtil
import org.junit.Rule
import org.junit.rules.TemporaryFolder
import spock.lang.Specification
import spock.lang.Unroll
import java.security.PublicKey
class OpenSSHKnownHostsSpec extends Specification {
@Rule
public TemporaryFolder temp = new TemporaryFolder();
def "should parse and verify hashed host entry"() {
given:
def f = knownHosts("|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==");
final PublicKey key = KeyUtil
.newRSAPublicKey(
"e8ff4797075a861db9d2319960a836b2746ada3da514955d2921f2c6a6c9895cbd557f604e43772b6303e3cab2ad82d83b21acdef4edb72524f9c2bef893335115acacfe2989bcbb2e978e4fedc8abc090363e205d975c1fdc35e55ba4daa4b5d5ab7a22c40f547a4a0fd1c683dfff10551c708ff8c34ea4e175cb9bf2313865308fa23601e5a610e2f76838be7ded3b4d3a2c49d2d40fa20db51d1cc8ab20d330bb0dadb88b1a12853f0ecb7c7632947b098dcf435a54566bcf92befd55e03ee2a57d17524cd3d59d6e800c66059067e5eb6edb81946b3286950748240ec9afa4389f9b62bc92f94ec0fba9e64d6dc2f455f816016a4c5f3d507382ed5d3365",
"23");
when:
OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(f)
then:
openSSHKnownHosts.verify("192.168.1.61", 22, key)
!openSSHKnownHosts.verify("192.168.1.2", 22, key)
}
def "should parse and verify v1 host entry"() {
given:
def f = knownHosts("test.com,1.1.1.1 2048 35 22017496617994656680820635966392838863613340434802393112245951008866692373218840197754553998457793202561151141246686162285550121243768846314646395880632789308110750881198697743542374668273149584280424505890648953477691795864456749782348425425954366277600319096366690719901119774784695056100331902394094537054256611668966698242432417382422091372756244612839068092471592121759862971414741954991375710930168229171638843329213652899594987626853020377726482288618521941129157643483558764875338089684351824791983007780922947554898825663693324944982594850256042689880090306493029526546183035567296830604572253312294059766327")
def key = KeyUtil.newRSAPublicKey("ae6983ed63a33afc69fe0b88b4ba14393120a0b66e1460916a8390ff109139cd14f4e1701ab5c5feeb479441fe2091d04c0ba7d3fa1756b80ed103657ab53b5d7daa38af22f59f9cbfc16892d4ef1f8fd3ae49663c295be1f568a160d54328fbc2c0598f48d32296b1b9942336234952c440cda1bfac904e3391db98e52f9b1de229adc18fc34a9a569717aa9a5b1145e73b8a8394354028d02054ca760243fb8fc1575490607dd098e698e02b5d8bdf22d55ec958245222ef4c65b8836b9f13674a2d2895a587bfd4423b4eeb6d3ef98451640e3d63d2fc6a761ffd34446abab028494caf36d67ffd65298d69f19f2d90bae4c207b671db563a08f1bb9bf237",
"23")
when:
OpenSSHKnownHosts knownHosts = new OpenSSHKnownHosts(f)
then:
knownHosts.verify("test.com", 22, key)
}
def "should check all host entries for key"() {
given:
def f = knownHosts("""
host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiYp2IDgzDFhl8T4TRLIhEljvEixz1YN0XWh4dYh0REGK9T4QKiyb28EztPMdcOtz1uyX5rUGYXX9hj99S4SiU=
host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=
""")
def pk = new Buffer.PlainBuffer(Base64.decode("AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=")).readPublicKey()
when:
def knownhosts = new OpenSSHKnownHosts(f)
then:
knownhosts.verify("host1", 22, pk)
}
def "should not fail on bad base64 entry"() {
given:
def f = knownHosts("""
host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIDgzDFhl8T4TRLIhEljvEixz1YN0XWh4dYh0REGK9T4QKiyb28EztPMdcOtz1uyX5rUGYXX9hj99S4SiU=
host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=
""")
def pk = new Buffer.PlainBuffer(Base64.decode("AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=")).readPublicKey()
when:
def knownhosts = new OpenSSHKnownHosts(f)
then:
knownhosts.verify("host1", 22, pk)
}
def "should mark bad line and not fail"() {
given:
def f = knownHosts("M36Lo+Ik5ukNugvvoNFlpnyiHMmtKxt3FpyEfYuryXjNqMNWHn/ARVnpUIl5jRLTB7WBzyLYMG7X5nuoFL9zYqKGtHxChbDunxMVbspw5WXI9VN+qxcLwmITmpEvI9ApyS/Ox2ZyN7zw==\n")
when:
def knownhosts = new OpenSSHKnownHosts(f)
then:
knownhosts.entries().size() == 1
knownhosts.entries().get(0) instanceof OpenSSHKnownHosts.BadHostEntry
}
@Unroll
def "should add comment for #type line"() {
given:
def f = knownHosts(s)
when:
def knownHosts = new OpenSSHKnownHosts(f)
then:
knownHosts.entries().size() == 1
knownHosts.entries().get(0) instanceof OpenSSHKnownHosts.CommentEntry
where:
type << ["newline", "comment"]
s << ["\n", "#comment\n"]
}
@Unroll
def "should match any host name from multi-host line"() {
given:
def f = knownHosts("schmizz.net,69.163.155.180 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==")
def pk = new Buffer.PlainBuffer(Base64.decode("AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==")).readPublicKey()
when:
def knownHosts = new OpenSSHKnownHosts(f)
then:
knownHosts.verify(h, 22, pk)
where:
h << ["schmizz.net", "69.163.155.180"]
}
def knownHosts(String s) {
def f = temp.newFile("known_hosts")
f.write(s)
return f
}
}

116
src/test/groovy/net/schmizz/sshj/signature/SignatureDSASpec.groovy Normal file
View File

@@ -0,0 +1,116 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.signature
import spock.lang.Unroll;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import spock.lang.Specification
class SignatureDSASpec extends Specification {
def keyFactory = KeyFactory.getInstance("DSA")
private PublicKey createPublicKey(final byte[] y, final byte[] p, final byte[] q, final byte[] g) throws Exception {
final BigInteger publicKey = new BigInteger(y);
final BigInteger prime = new BigInteger(p);
final BigInteger subPrime = new BigInteger(q);
final BigInteger base = new BigInteger(g);
final DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(publicKey, prime, subPrime, base);
return keyFactory.generatePublic(dsaPubKeySpec);
}
@Unroll
def "should verify signature"() {
given:
def signatureDSA = new SignatureDSA()
def publicKey = createPublicKey(y, p, q, g)
signatureDSA.initVerify(publicKey)
when:
signatureDSA.update(H)
then:
signatureDSA.verify(H_sig)
where:
y << [[103, 23, -102, -4, -110, -90, 66, -52, -14, 125, -16, -76, -110, 33, -111, -113, -46, 27, -118, -73, 0, -19, -48, 43, -102, 56, -49, -84, 118, -10, 76, 84, -5, 84, 55, 72, -115, -34, 95, 80, 32, -120, 57, 101, -64, 111, -37, -26, 96, 55, -98, -24, -99, -81, 60, 22, 5, -55, 119, -95, -28, 114, -40, 13, 97, 65, 22, 33, 117, -59, 22, 81, -56, 98, -112, 103, -62, 90, -12, 81, 61, -67, 104, -24, 67, -18, -60, 78, -127, 44, 13, 11, -117, -118, -69, 89, -25, 26, 103, 72, -83, 114, -40, -124, -10, -31, -34, -49, -54, -15, 92, 79, -40, 14, -12, 58, -112, -30, 11, 48, 26, 121, 105, -68, 92, -93, 99, -78] as byte[],
[0, -92, 59, 5, 72, 124, 101, 124, -18, 114, 7, 100, 98, -61, 73, -104, 120, -98, 54, 118, 17, -62, 91, -110, 29, 98, 50, -101, -41, 99, -116, 101, 107, -123, 124, -97, 62, 119, 88, -109, -110, -1, 109, 119, -51, 69, -98, -105, 2, -69, -121, -82, -118, 23, -6, 96, -61, -65, 102, -58, -74, 32, -104, 116, -6, -35, -83, -10, -88, -68, 106, -112, 72, -2, 35, 38, 15, -11, -22, 30, -114, -46, -47, -18, -17, -71, 24, -25, 28, 13, 29, -40, 101, 18, 81, 45, -120, -67, -53, -41, 11, 50, -89, -33, 50, 54, -14, -91, -35, 12, -42, 13, -84, -19, 100, -3, -85, -18, 74, 99, -49, 64, -49, 51, -83, -82, -127, 116, 64] as byte[]]
p << [[0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
-97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[],
[0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
-97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[]]
q << [[0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[],
[0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[]]
g << [[0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
-22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
-128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
-117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[],
[0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
-22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
-128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
-117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[]]
H << [[-13, 20, 103, 73, 115, -68, 113, 74, -25, 12, -90, 19, 56, 73, -7, -49, -118, 107, -69, -39, -6, 82, -123,
54, -10, -43, 16, -117, -59, 36, -49, 27] as byte[],
[-4, 111, -103, 111, 72, -106, 105, -19, 81, -123, 84, -13, -40, -53, -3, -97, -8, 43, -22, -2, -23, -15, 28,
116, -63, 96, -79, -127, -84, 63, -6, -94] as byte[]]
H_sig << [[0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, -113, -52, 88, -117, 80, -105, -92, -124, -49,
56, -35, 90, -9, -128, 31, -33, -18, 13, -5, 7, 108, -2, 92, 108, 85, 58, 39, 99, 122, -118, 125, -121, 21,
-37, 2, 55, 109, -23, -125, 4] as byte[],
[0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 0, 79, 84, 118, -50, 11, -117, -112, 52, -25,
-78, -50, -20, 6, -69, -26, 7, 90, -34, -124, 80, 76, -32, -23, -8, 43, 38, -48, -89, -17, -60, -1, -78,
112, -88, 14, -39, -78, -98, -80] as byte[]]
}
}

58
src/test/groovy/net/schmizz/sshj/transport/verification/FingerprintVerifierSpec.groovy Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.verification
import net.schmizz.sshj.common.Base64
import net.schmizz.sshj.common.Buffer
import spock.lang.Specification
import spock.lang.Unroll
class FingerprintVerifierSpec extends Specification {
@Unroll
def "should accept #digest fingerprints"() {
given:
def verifier = FingerprintVerifier.getInstance(fingerprint)
expect:
verifier.verify("", 0, getPublicKey())
where:
digest << ["SHA-1", "SHA-256", "MD5", "old style"]
fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak=",
"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs=",
"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32",
"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"]
}
@Unroll
def "should accept too short #digest fingerprints"() {
given:
def verifier = FingerprintVerifier.getInstance(fingerprint)
expect:
verifier.verify("", 0, getPublicKey())
where:
digest << ["SHA-1", "SHA-256"]
fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak",
"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs"]
}
def getPublicKey() {
def lines = new File("src/test/resources/keytypes/test_ed25519.pub").readLines()
def keystring = lines[0].split(" ")[1]
return new Buffer.PlainBuffer(Base64.decode(keystring)).readPublicKey()
}
}

37
src/test/groovy/net/schmizz/sshj/userauth/password/ConsolePasswordFinderSpec.groovy Normal file
View File

@@ -0,0 +1,37 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.password
import spock.lang.Specification
class ConsolePasswordFinderSpec extends Specification {
// def "should read password from console"() {
// given:
// def console = Mock(Console) {
// readPassword(*_) >> "password".toCharArray()
// }
// def cpf = new ConsolePasswordFinder(console)
// def resource = new AccountResource("test", "localhost")
//
// when:
// def password = cpf.reqPassword(resource)
//
// then:
// password == "password".toCharArray()
//
// }
}

54
src/test/groovy/net/schmizz/sshj/xfer/FileSystemFileSpec.groovy Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.xfer
import spock.lang.Specification
class FileSystemFileSpec extends Specification {
def "should get child path"() {
given:
def file = new FileSystemFile("foo")
when:
def child = file.getChild("bar")
then:
child.getName() == "bar"
}
def "should not traverse higher than original path when getChild is called"() {
given:
def file = new FileSystemFile("foo")
when:
file.getChild("bar/.././foo/../../")
then:
thrown(IllegalArgumentException.class)
}
def "should ignore double slash (empty path component)"() {
given:
def file = new FileSystemFile("foo")
when:
def child = file.getChild("bar//etc/passwd")
then:
child.getFile().getPath().replace('\\', '/') endsWith "foo/bar/etc/passwd"
}
}

39
src/test/java/com/hierynomus/sshj/IntegrationTest.java
View File

@@ -1,39 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj;
import java.io.File;
import java.io.IOException;
import org.junit.Ignore;
import org.junit.Test;
import net.schmizz.sshj.DefaultConfig;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
import static org.hamcrest.MatcherAssert.assertThat;
public class IntegrationTest {
@Test @Ignore // Should only be enabled for testing against VM
public void shouldConnect() throws IOException {
SSHClient sshClient = new SSHClient(new DefaultConfig());
sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(new File("/Users/ajvanerp/.ssh/known_hosts")));
sshClient.connect("172.16.37.147");
sshClient.authPublickey("jeroen");
assertThat("Is connected", sshClient.isAuthenticated());
}
}

2
src/test/java/com/hierynomus/sshj/test/util/FileUtil.java
View File

@@ -34,7 +34,7 @@ public class FileUtil {
FileInputStream fileInputStream = new FileInputStream(f);
try {
ByteArrayOutputStream byteArrayOutputStream = IOUtils.readFully(fileInputStream);
return byteArrayOutputStream.toString("UTF-8");
return byteArrayOutputStream.toString(IOUtils.UTF8.displayName());
} finally {
IOUtils.closeQuietly(fileInputStream);
}

104
src/test/java/net/schmizz/sshj/common/BufferTest.java
View File

@@ -15,10 +15,13 @@
*/
package net.schmizz.sshj.common;
import net.schmizz.sshj.common.Buffer.BufferException;
import net.schmizz.sshj.common.Buffer.PlainBuffer;
import org.junit.Test;
import static org.junit.Assert.fail;
import java.math.BigInteger;
import static org.junit.Assert.*;
public class BufferTest {
@@ -44,4 +47,103 @@ public class BufferTest {
// success
}
}
@Test
public void shouldThrowOnPutNegativeLongUInt64() {
try {
new PlainBuffer().putUInt64(-1l);
fail("Added negative uint64 to buffer?");
} catch (IllegalArgumentException e) {
// success
}
}
@Test
public void shouldThrowOnReadNegativeLongUInt64() {
byte[] negativeLong = new byte[] { (byte) 0x80,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x01 };
Buffer<?> buff = new PlainBuffer(negativeLong);
try {
buff.readUInt64();
fail("Read negative uint64 from buffer?");
} catch (BufferException e) {
// success
}
}
@Test
public void shouldThrowOnPutNegativeBigIntegerUInt64() {
try {
new PlainBuffer().putUInt64(new BigInteger("-1"));
fail("Added negative uint64 to buffer?");
} catch (IllegalArgumentException e) {
// success
}
}
@Test
public void shouldHaveCorrectValueForMaxUInt64() {
byte[] maxUInt64InBytes = new byte[] { (byte) 0xFF, (byte) 0xFF,
(byte) 0xFF, (byte) 0xFF,
(byte) 0xFF, (byte) 0xFF,
(byte) 0xFF, (byte) 0xFF };
BigInteger maxUInt64 = new BigInteger(1, maxUInt64InBytes);
new PlainBuffer().putUInt64(maxUInt64); // no exception
BigInteger tooBig = maxUInt64.add(BigInteger.ONE);
try {
new PlainBuffer().putUInt64(tooBig);
fail("Added 2^64 (too big) as uint64 to buffer?");
} catch (IllegalArgumentException e) {
// success
}
}
@Test
public void shouldCorrectlyEncodeAndDecodeUInt64Types() throws BufferException {
// This number fits into a unsigned 64 bit integer but not a signed one.
BigInteger bigUint64 = BigInteger.valueOf(Long.MAX_VALUE).add(BigInteger.ONE).add(BigInteger.ONE);
assertEquals(0x8000000000000001l, bigUint64.longValue());
Buffer<PlainBuffer> buff = new PlainBuffer();
buff.putUInt64(bigUint64);
byte[] data = buff.getCompactData();
assertEquals(8, data.length);
assertEquals((byte) 0x80, data[0]);
assertEquals((byte) 0x00, data[1]);
assertEquals((byte) 0x00, data[2]);
assertEquals((byte) 0x00, data[3]);
assertEquals((byte) 0x00, data[4]);
assertEquals((byte) 0x00, data[5]);
assertEquals((byte) 0x00, data[6]);
assertEquals((byte) 0x01, data[7]);
byte[] asBinary = new byte[] { (byte) 0x80,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x01 };
buff = new PlainBuffer(asBinary);
assertEquals(bigUint64, buff.readUInt64AsBigInteger());
}
@Test
public void shouldHaveSameUInt64EncodingForBigIntegerAndLong() {
long[] values = { 0l, 1l, 232634978082517765l, Long.MAX_VALUE - 1, Long.MAX_VALUE };
for (long value : values) {
byte[] bytesBigInt = new PlainBuffer().putUInt64(BigInteger.valueOf(value)).getCompactData();
byte[] bytesLong = new PlainBuffer().putUInt64(value).getCompactData();
assertArrayEquals("Value: " + value, bytesLong, bytesBigInt);
}
}
}

6
src/test/java/net/schmizz/sshj/keyprovider/KeyProviderUtilTest.java
View File

@@ -57,4 +57,10 @@ public class KeyProviderUtilTest {
KeyFormat format = KeyProviderUtil.detectKeyFileFormat(new File(ROOT, "pkcs8-blanks"));
assertEquals(KeyFormat.PKCS8, format);
}
@Test
public void testOpenSshSigned() throws IOException {
KeyFormat format = KeyProviderUtil.detectKeyFileFormat(new File(ROOT, "signed"));
assertEquals(KeyFormat.OpenSSH, format);
}
}

106
src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
View File

@@ -15,10 +15,11 @@
*/
package net.schmizz.sshj.keyprovider;
import com.hierynomus.sshj.userauth.certificate.Certificate;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import net.schmizz.sshj.userauth.password.Resource;
@@ -30,17 +31,23 @@ import org.junit.Test;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import java.util.Scanner;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.*;
public class OpenSSHKeyFileTest {
@@ -134,7 +141,7 @@ public class OpenSSHKeyFileTest {
}
@Test
public void shouldHaveCorrectFingerprintForECDSA() throws IOException, GeneralSecurityException {
public void shouldHaveCorrectFingerprintForECDSA256() throws IOException, GeneralSecurityException {
OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
keyFile.init(new File("src/test/resources/keytypes/test_ecdsa_nistp256"));
String expected = "256 MD5:53:ae:db:ed:8f:2d:02:d4:d5:6c:24:bc:a4:66:88:79 root@itgcpkerberosstack-cbgateway-0-20151117031915 (ECDSA)\n";
@@ -143,6 +150,26 @@ public class OpenSSHKeyFileTest {
assertThat(expected, containsString(sshjFingerprintSshjKey));
}
@Test
public void shouldHaveCorrectFingerprintForECDSA384() throws IOException, GeneralSecurityException {
OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
keyFile.init(new File("src/test/resources/keytypes/test_ecdsa_nistp384"));
String expected = "384 MD5:ee:9b:82:d1:47:01:16:1b:27:da:f5:27:fd:b2:eb:e2";
PublicKey aPublic = keyFile.getPublic();
String sshjFingerprintSshjKey = net.schmizz.sshj.common.SecurityUtils.getFingerprint(aPublic);
assertThat(expected, containsString(sshjFingerprintSshjKey));
}
@Test
public void shouldHaveCorrectFingerprintForECDSA521() throws IOException, GeneralSecurityException {
OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
keyFile.init(new File("src/test/resources/keytypes/test_ecdsa_nistp521"));
String expected = "521 MD5:22:e2:f4:3c:61:ae:e9:85:a1:4d:d9:6c:13:aa:eb:00";
PublicKey aPublic = keyFile.getPublic();
String sshjFingerprintSshjKey = net.schmizz.sshj.common.SecurityUtils.getFingerprint(aPublic);
assertThat(expected, containsString(sshjFingerprintSshjKey));
}
@Test
public void shouldHaveCorrectFingerprintForED25519() throws IOException {
OpenSSHKeyV1KeyFile keyFile = new OpenSSHKeyV1KeyFile();
@@ -161,6 +188,68 @@ public class OpenSSHKeyFileTest {
assertThat(aPrivate.getAlgorithm(), equalTo("EdDSA"));
}
@Test
public void shouldSuccessfullyLoadSignedRSAPublicKey() throws IOException {
FileKeyProvider keyFile = new OpenSSHKeyFile();
keyFile.init(new File("src/test/resources/keytypes/certificate/test_rsa"),
PasswordUtils.createOneOff(correctPassphrase));
assertNotNull(keyFile.getPrivate());
PublicKey pubKey = keyFile.getPublic();
assertEquals("RSA", pubKey.getAlgorithm());
@SuppressWarnings("unchecked")
Certificate<RSAPublicKey> certificate = (Certificate<RSAPublicKey>) pubKey;
assertEquals(new BigInteger("9223372036854775809"), certificate.getSerial());
assertEquals("testrsa", certificate.getId());
assertEquals(2, certificate.getValidPrincipals().size());
assertTrue(certificate.getValidPrincipals().contains("jeroen"));
assertTrue(certificate.getValidPrincipals().contains("nobody"));
assertEquals(parseDate("2017-04-11 17:38:00 -0400"), certificate.getValidAfter());
assertEquals(parseDate("2017-04-11 18:09:27 -0400"), certificate.getValidBefore());
assertEquals(0, certificate.getCritOptions().size());
Map<String, String> extensions = certificate.getExtensions();
assertEquals(5, extensions.size());
assertEquals("", extensions.get("permit-X11-forwarding"));
assertEquals("", extensions.get("permit-agent-forwarding"));
assertEquals("", extensions.get("permit-port-forwarding"));
assertEquals("", extensions.get("permit-pty"));
assertEquals("", extensions.get("permit-user-rc"));
}
@Test
public void shouldSuccessfullyLoadSignedDSAPublicKey() throws IOException {
FileKeyProvider keyFile = new OpenSSHKeyFile();
keyFile.init(new File("src/test/resources/keytypes/certificate/test_dsa"),
PasswordUtils.createOneOff(correctPassphrase));
assertNotNull(keyFile.getPrivate());
PublicKey pubKey = keyFile.getPublic();
assertEquals("DSA", pubKey.getAlgorithm());
@SuppressWarnings("unchecked")
Certificate<RSAPublicKey> certificate = (Certificate<RSAPublicKey>) pubKey;
assertEquals(new BigInteger("123"), certificate.getSerial());
assertEquals("testdsa", certificate.getId());
assertEquals(1, certificate.getValidPrincipals().size());
assertTrue(certificate.getValidPrincipals().contains("jeroen"));
assertEquals(parseDate("2017-04-11 17:37:00 -0400"), certificate.getValidAfter());
assertEquals(parseDate("2017-04-12 03:38:49 -0400"), certificate.getValidBefore());
assertEquals(1, certificate.getCritOptions().size());
assertEquals("10.0.0.0/8", certificate.getCritOptions().get("source-address"));
assertEquals(1, certificate.getExtensions().size());
assertEquals("", certificate.getExtensions().get("permit-pty"));
}
@Before
public void setup()
throws UnsupportedEncodingException, GeneralSecurityException {
@@ -182,4 +271,13 @@ public class OpenSSHKeyFileTest {
scanner.close();
}
}
private Date parseDate(String date) {
DateFormat f = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
try {
return f.parse(date);
} catch (ParseException e) {
return null;
}
}
}

3
src/test/java/net/schmizz/sshj/sftp/SFTPClientTest.java
View File

@@ -15,13 +15,12 @@
*/
package net.schmizz.sshj.sftp;
import net.schmizz.sshj.common.LoggerFactory;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
import net.schmizz.sshj.common.LoggerFactory;
import static net.schmizz.sshj.sftp.PathHelper.DEFAULT_PATH_SEPARATOR;
import static org.mockito.Mockito.*;

68
src/test/java/net/schmizz/sshj/signature/SignatureDSATest.java Normal file
View File

@@ -0,0 +1,68 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.signature;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.util.Arrays;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.IOUtils;
public class SignatureDSATest {
private KeyFactory keyFactory;
@Before
public void setUp() throws NoSuchAlgorithmException {
keyFactory = KeyFactory.getInstance("DSA");
}
@Test
public void testSignAndVerify() throws Exception {
BigInteger x = new BigInteger(new byte[] { 58, 19, -71, -30, 89, -111, 75, 98, 110, 38, -56, -23, 68, 74, -40, 17, -30, 37, 50, 35 });
BigInteger y = new BigInteger(new byte[] { 32, -91, -39, 54, 19, 14, 26, 113, -109, -92, -45, 83, -86, 23, -103, 108, 102, 86, 110, 78, -45, -41, -37, 38, -94, -92, -124, -36, -93, 92, 127, 113, 97, -119, -10, -73, -41, -45, 98, -104, -54, -9, -92, 66, 15, 31, 68, -32, 32, -121, -51, 68, 29, 100, 59, 60, 109, 111, -81, 80, 7, 127, 116, -107, 88, -114, -114, -69, 41, -15, 59, 81, 70, 9, -113, 36, 119, 28, 16, -127, -65, 32, -19, 109, -27, 24, -48, -80, 84, 47, 119, 25, 57, -118, -66, -22, -105, -11, 112, 16, -91, -127, 62, 23, 89, -17, -43, -105, -4, -43, 60, 42, -81, -95, -27, -8, 98, -37, 120, 80, -76, 93, -24, -104, -117, 38, -56, -68 });
BigInteger p = new BigInteger(new byte[] { 0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57 });
BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 });
BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 });
byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(IOUtils.UTF8);
// A previously signed and verified signature using the data and DSA key parameters above.
byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 };
SignatureDSA signatureForSigning = new SignatureDSA();
signatureForSigning.initSign(keyFactory.generatePrivate(new DSAPrivateKeySpec(x, p, q, g)));
signatureForSigning.update(data);
byte[] sigBlob = signatureForSigning.encode(signatureForSigning.sign());
byte[] sigFull = new Buffer.PlainBuffer().putString("ssh-dss").putBytes(sigBlob).getCompactData();
SignatureDSA signatureForVerifying = new SignatureDSA();
signatureForVerifying.initVerify(keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g)));
signatureForVerifying.update(data);
Assert.assertTrue("Failed to verify signature: " + Arrays.toString(sigFull), signatureForVerifying.verify(sigFull));
signatureForVerifying.update(data);
Assert.assertTrue("Failed to verify signature: " + Arrays.toString(dataSig), signatureForVerifying.verify(dataSig));
}
}

81
src/test/java/net/schmizz/sshj/signature/SignatureECDSATest.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.signature;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.Buffer.BufferException;
import org.junit.Assert;
import org.junit.Test;
import java.security.PublicKey;
public class SignatureECDSATest {
@Test
public void testECDSA256Verifies() throws BufferException {
byte[] K_S = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 8, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 65, 4, -8, 35, 96, -97, 65, -33, -128, -58, -64, -73, -51, 10, -28, 20, -59, 86, -88, -24, 126, 29, 115, 26, -88, 31, -115, 87, -109, -4, 61, 108, 28, 31, -66, 79, 107, 17, 24, 93, 114, -25, 121, 57, -58, 10, 26, -36, -100, -120, -7, -103, 86, 72, -109, -82, 111, 73, 4, -98, 58, 28, -3, -91, 28, 84");
byte[] H = fromString("61, 55, -62, -122, -93, 82, -63, 25, -52, -13, -41, -29, 78, 101, 22, -75, 113, 59, -72, -92, -2, 39, -52, -89, 127, 80, -77, -82, 67, 3, -21, -53");
byte[] sig = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 50, 53, 54, 0, 0, 0, 73, 0, 0, 0, 33, 0, -19, 50, -123, -35, 93, 50, 3, 40, -79, 110, -99, 6, -78, 40, -31, -26, -119, 113, -101, 109, -27, 12, 47, -119, -83, 107, -7, 116, 2, 97, 84, 32, 0, 0, 0, 32, 69, -44, 52, -119, 22, -60, -33, -105, -41, 45, 36, 112, -59, 49, -90, -110, -13, -114, 115, -86, 29, 30, 127, -44, 96, 57, -49, 39, -83, 50, -8, 123");
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
Signature signature = new SignatureECDSA.Factory256().create();
signature.initVerify(hostKey);
signature.update(H, 0, H.length);
Assert.assertTrue("ECDSA256 signature verifies", signature.verify(sig));
}
@Test
public void testECDSA384Verifies() throws BufferException {
byte[] K_S = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 51, 56, 52, 0, 0, 0, 8, 110, 105, 115, 116, 112, 51, 56, 52, 0, 0, 0, 97, 4, 105, 52, -67, 89, 21, 53, -125, -26, -23, -125, 48, 119, -63, -66, 30, -46, -110, 21, 14, -96, -28, 40, -108, 60, 120, 110, 58, 30, -56, 37, 6, -17, -25, 109, 84, 67, -19, 0, -30, -33, 54, 94, -121, 49, 68, -66, 14, 6, 76, -51, 102, -123, 59, -24, -34, 79, -51, 64, -48, -45, 21, -42, -96, -123, -27, -21, 15, 56, -96, -12, 73, -10, 113, -20, -22, 38, 100, 38, -85, -113, 46, 36, 17, -30, 89, 40, 16, 104, 123, 50, 8, 122, 49, -41, -97, 95");
byte[] H = fromString("-46, 22, -52, 62, -100, -43, -68, -88, 98, 31, 116, -77, 27, -92, 127, 25, -43, -63, -42, -106, -53, 26, -61, 69, -38, -73, 94, -70, -99, -6, -78, 61");
byte[] sig = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 51, 56, 52, 0, 0, 0, 105, 0, 0, 0, 48, 58, -5, -53, 17, -127, -32, 74, 123, -84, -1, 80, 96, 49, -77, -109, 22, -90, 115, -111, 40, 2, 4, 56, 51, 92, -30, 39, -61, -92, -76, -105, 45, 52, -31, 116, 44, -32, -65, 57, 44, 26, 45, 59, -115, 95, 113, 114, -89, 0, 0, 0, 49, 0, -56, 65, 59, 111, -26, -72, 127, 47, -15, 14, -34, 56, 5, 34, 28, -78, -13, 26, -22, -41, -86, -36, -112, 10, 91, 48, -77, -84, 93, 111, -84, 59, 42, -128, -22, 91, -4, -31, -89, -37, 107, -27, 28, -119, -36, 93, 25, -49");
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
Signature signature = new SignatureECDSA.Factory384().create();
signature.initVerify(hostKey);
signature.update(H, 0, H.length);
Assert.assertTrue("ECDSA384 signature verifies", signature.verify(sig));
}
@Test
public void testECDSA521Verifies() throws BufferException {
byte[] K_S = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 53, 50, 49, 0, 0, 0, 8, 110, 105, 115, 116, 112, 53, 50, 49, 0, 0, 0, -123, 4, 1, -56, 55, 64, -73, -109, 95, 94, -107, -116, -46, -16, 119, -66, -68, 41, -103, -66, 102, -123, -69, 59, -8, 106, 72, 75, 7, 56, -79, 109, -88, 77, 12, -97, -109, -32, -60, 64, -75, -48, 50, -51, -68, -81, 75, 110, -7, -79, -32, -36, -73, -7, -65, -24, 40, -74, 58, 43, -26, -5, -55, 125, -32, -89, -54, -111, 0, 81, 37, -73, 60, 69, 107, -108, 115, 60, -61, 22, 6, -128, -69, -28, 122, -26, -37, -117, 121, -106, -126, 23, -90, 127, 73, -58, -113, -61, 105, 68, 116, 85, -115, -47, 90, 122, 109, -21, 127, 39, -75, -58, -109, 73, -82, -122, -11, -44, -87, 85, -100, -4, -123, -31, 126, -94, 127, 96, 9, -30, 70, -113, -42, 28");
byte[] H = fromString("-36, -107, -95, 2, 93, -111, -19, -107, 118, -7, 116, -33, 58, -90, -63, -60, -5, -23, 7, 56, -128, -22, -15, 26, -97, 2, 50, -93, 21, -21, 69, 105");
byte[] sig = fromString("0, 0, 0, 19, 101, 99, 100, 115, 97, 45, 115, 104, 97, 50, 45, 110, 105, 115, 116, 112, 53, 50, 49, 0, 0, 0, -117, 0, 0, 0, 66, 1, 31, -111, 69, -37, 33, 24, -95, 53, -124, -33, 41, 65, -96, -112, -102, -33, 123, 30, -108, 102, 127, -27, 72, 101, -108, -123, 6, 107, 83, -72, -121, 87, -86, 75, 114, 50, -60, -75, -46, 7, -63, 84, -114, -91, 113, 52, 26, 102, -11, 76, 99, 9, 19, -73, -42, -3, 57, 41, -42, 13, -81, 18, -3, -49, -50, 0, 0, 0, 65, 102, 60, -2, 123, 91, -8, 120, 42, 118, 118, -9, -112, 72, 8, 61, -49, -45, 63, 112, 61, -55, -122, -109, 4, -39, 95, 3, -4, -43, 98, 39, 4, 63, 78, 78, 51, 77, 75, -23, 19, -46, 117, -115, -95, 90, -43, 108, -47, -90, 84, 98, 50, -97, -37, -14, -115, -76, 14, -61, 91, 107, 23, -112, 22, -15");
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
Signature signature = new SignatureECDSA.Factory521().create();
signature.initVerify(hostKey);
signature.update(H, 0, H.length);
Assert.assertTrue("ECDSA521 signature verifies", signature.verify(sig));
}
private byte[] fromString(String string) {
String[] split = string.split(", ");
byte[] res = new byte[split.length];
for (int i = 0; i < split.length; i++)
res[i] = Byte.parseByte(split[i]);
return res;
}
}

88
src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java
View File

@@ -1,88 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.verification;
import net.schmizz.sshj.util.KeyUtil;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.junit.Assert.*;
public class OpenSSHKnownHostsTest {
@Rule
public TemporaryFolder temp = new TemporaryFolder();
public File writeKnownHosts(String line)
throws IOException {
File known_hosts = temp.newFile("known_hosts");
FileWriter fileWriter = new FileWriter(known_hosts);
BufferedWriter writer = new BufferedWriter(fileWriter);
writer.write(line);
writer.write("\r\n");
writer.flush();
writer.close();
return known_hosts;
}
@Test
public void shouldAddCommentForEmptyLine()
throws IOException {
File file = writeKnownHosts("");
OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(file);
assertThat(openSSHKnownHosts.entries().size(), equalTo(1));
assertThat(openSSHKnownHosts.entries().get(0), instanceOf(OpenSSHKnownHosts.CommentEntry.class));
}
@Test
public void shouldAddCommentForCommentLine()
throws IOException {
File file = writeKnownHosts("# this is a comment");
OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(file);
assertThat(openSSHKnownHosts.entries().size(), equalTo(1));
assertThat(openSSHKnownHosts.entries().get(0), instanceOf(OpenSSHKnownHosts.CommentEntry.class));
}
@Test
public void testSchmizzEntry()
throws IOException, GeneralSecurityException {
OpenSSHKnownHosts kh = new OpenSSHKnownHosts(new File("src/test/resources/known_hosts"));
final PublicKey key = KeyUtil
.newRSAPublicKey(
"e8ff4797075a861db9d2319960a836b2746ada3da514955d2921f2c6a6c9895cbd557f604e43772b6303e3cab2ad82d83b21acdef4edb72524f9c2bef893335115acacfe2989bcbb2e978e4fedc8abc090363e205d975c1fdc35e55ba4daa4b5d5ab7a22c40f547a4a0fd1c683dfff10551c708ff8c34ea4e175cb9bf2313865308fa23601e5a610e2f76838be7ded3b4d3a2c49d2d40fa20db51d1cc8ab20d330bb0dadb88b1a12853f0ecb7c7632947b098dcf435a54566bcf92befd55e03ee2a57d17524cd3d59d6e800c66059067e5eb6edb81946b3286950748240ec9afa4389f9b62bc92f94ec0fba9e64d6dc2f455f816016a4c5f3d507382ed5d3365",
"23");
assertTrue(kh.verify("schmizz.net", 22, key));
assertTrue(kh.verify("69.163.155.180", 22, key));
assertFalse(kh.verify("69.163.155.18", 22, key));
}
@Test
public void testVerifyIndexError() throws Exception {
final OpenSSHKnownHosts v = new OpenSSHKnownHosts(new File("src/test/resources/known_hosts.invalid"));
assertTrue(v.entries().isEmpty());
}
}

83
src/test/java/net/schmizz/sshj/userauth/password/TestConsolePasswordFinder.java Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.password;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import java.io.Console;
public class TestConsolePasswordFinder {
private static final String FORMAT = "%s";
@Test
public void testReqPassword() {
char[] expectedPassword = "password".toCharArray();
Console console = Mockito.mock(Console.class);
Mockito.when(console.readPassword(Mockito.anyString(), Mockito.any()))
.thenReturn(expectedPassword);
Resource resource = Mockito.mock(Resource.class);
char[] password = new ConsolePasswordFinder(console).reqPassword(resource);
Assert.assertArrayEquals("Password should match mocked return value",
expectedPassword, password);
Mockito.verifyNoMoreInteractions(resource);
}
@Test
public void testReqPasswordNullConsole() {
Resource<?> resource = Mockito.mock(Resource.class);
char[] password = new ConsolePasswordFinder(null, FORMAT, 1).reqPassword(resource);
Assert.assertNull("Password should be null with null console", password);
Mockito.verifyNoMoreInteractions(resource);
}
@Test
public void testShouldRetry() {
Resource<String> resource = new PrivateKeyStringResource("");
ConsolePasswordFinder finder = new ConsolePasswordFinder(null, FORMAT, 1);
Assert.assertTrue("Should allow a retry at first", finder.shouldRetry(resource));
finder.reqPassword(resource);
Assert.assertFalse("Should stop allowing retries after one interaction", finder.shouldRetry(resource));
}
@Test
public void testPromptFormat() {
Assert.assertNotNull(
"Empty format should create valid ConsolePasswordFinder",
new ConsolePasswordFinder(null, "", 1));
Assert.assertNotNull(
"Single-string format should create valid ConsolePasswordFinder",
new ConsolePasswordFinder(null, FORMAT, 1));
}
@Test(expected = IllegalArgumentException.class)
public void testPromptFormatTooManyMarkers() {
new ConsolePasswordFinder(null, "%s%s", 1);
}
@Test(expected = IllegalArgumentException.class)
public void testPromptFormatWrongMarkerType() {
new ConsolePasswordFinder(null, "%d", 1);
}
}

3
src/test/java/net/schmizz/sshj/util/BufferTest.java
View File

@@ -31,6 +31,7 @@
package net.schmizz.sshj.util;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.IOUtils;
import org.junit.Before;
import org.junit.Test;
@@ -51,7 +52,7 @@ public class BufferTest {
public void setUp()
throws UnsupportedEncodingException, GeneralSecurityException {
// for position test
byte[] data = "Hello".getBytes("UTF-8");
byte[] data = "Hello".getBytes(IOUtils.UTF8);
posBuf = new Buffer.PlainBuffer(data);
handyBuf = new Buffer.PlainBuffer();
}

4
src/test/java/net/schmizz/sshj/util/gss/BogusGSSContext.java
View File

@@ -15,13 +15,13 @@
*/
package net.schmizz.sshj.util.gss;
import net.schmizz.sshj.common.IOUtils;
import org.ietf.jgss.*;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.util.Arrays;
import static net.schmizz.sshj.util.gss.BogusGSSManager.unavailable;
@@ -34,7 +34,7 @@ public class BogusGSSContext
private static final byte[] MIC = fromString("LGTM");
private static byte[] fromString(String s) {
return s.getBytes(Charset.forName("UTF-8"));
return s.getBytes(IOUtils.UTF8);
}
private boolean initialized = false;

Some files were not shown because too many files have changed in this diff Show More