Release version: 0.25.0

HostEntry constructor must be public

.travis.yml

@@ -1,13 +1,30 @@
 language: java
-before_cache:
-  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
-cache:
-  directories:
-  - $HOME/.gradle/caches/
-  - $HOME/.gradle/wrapper/
-sudo: false
 dist: trusty
+sudo: required
+
+services:
+  - docker
+
 jdk:
   - oraclejdk8
   - openjdk8
   - oraclejdk9
+
+before_cache:
+  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+
+cache:
+  directories:
+  - $HOME/.gradle/caches/
+  - $HOME/.gradle/wrapper/
+
+before_install:
+  - pip install --user codecov
+
+script:
+  - ./gradlew check
+  - ./gradlew integrationTest
+
+after_success:
+- codecov

README.adoc

@@ -1,11 +1,14 @@
 = sshj - SSHv2 library for Java
 Jeroen van Erp
 :sshj_groupid: com.hierynomus
-:sshj_version: 0.23.0
+:sshj_version: 0.25.0
 :source-highlighter: pygments
 
+image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
 image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
 image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8a["Codacy code quality", link="https://www.codacy.com/app/jeroen_2/sshj?utm_source=github.com&utm_medium=referral&utm_content=hierynomus/sshj&utm_campaign=Badge_Grade"]
+image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
+image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
 image:https://javadoc-emblem.rhcloud.com/doc/com.hierynomus/sshj/badge.svg["Javadoc",link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
 
@@ -78,7 +81,7 @@ signatures::
   `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
 
 mac::
-  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
+  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`
 
 compression::
   `zlib` and `zlib@openssh.com` (delayed zlib)
@@ -104,6 +107,9 @@ Google Group: http://groups.google.com/group/sshj-users
 Fork away!
 
 == Release history
+SSHJ 0.24.0 (2018-??-??)::
+* Added support for hmac-ripemd160
+
 SSHJ 0.23.0 (2017-10-13)::
 * Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
 * Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes

build.gradle

@@ -1,19 +1,38 @@
 import java.text.SimpleDateFormat
+import com.bmuschko.gradle.docker.tasks.container.*
+import com.bmuschko.gradle.docker.tasks.image.*
 
 plugins {
+  id 'pl.allegro.tech.build.axion-release' version '1.9.0'
   id "java"
   id "groovy"
+  id "jacoco"
   id "osgi"
   id "maven-publish"
-  id "org.ajoberstar.release-opinion" version "1.4.2"
+  id "com.bmuschko.docker-remote-api" version "3.2.1"
   id "com.github.hierynomus.license" version "0.12.1"
   id "com.jfrog.bintray" version "1.7"
-  id 'ru.vyarus.pom' version '1.0.3'
+  id 'ru.vyarus.java-lib' version '1.0.5'
+  // id 'ru.vyarus.pom' version '1.0.3'
   id 'ru.vyarus.github-info' version '1.1.0'
   id 'ru.vyarus.animalsniffer' version '1.4.2'
 }
 
 group = "com.hierynomus"
+
+scmVersion {
+  tag {
+    prefix = 'v'
+    versionSeparator = ''
+  }
+  hooks {
+    pre 'fileUpdate', [file: 'README.adoc', pattern: { v, c -> /:sshj_version: .*/}, replacement: { v, c -> ":sshj_version: $v" }]
+    pre 'commit'
+  }
+}
+
+project.version = scmVersion.version
+
 defaultTasks "build"
 
 repositories {
@@ -28,7 +47,7 @@ targetCompatibility = 1.6
 
 configurations.compile.transitive = false
 
-def bouncycastleVersion = "1.56"
+def bouncycastleVersion = "1.57"
 
 dependencies {
   signature 'org.codehaus.mojo.signature:java16:1.1@signature'
@@ -59,14 +78,6 @@ license {
   excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java'])
 }
 
-if (project.file('.git').isDirectory()) {
-  release {
-    grgit = org.ajoberstar.grgit.Grgit.open(project.projectDir)
-  }
-} else {
-  version = "0.0.0-no.git"
-}
-
 // This disables the pedantic doclint feature of JDK8
 if (JavaVersion.current().isJava8Compatible()) {
   tasks.withType(Javadoc) {
@@ -84,7 +95,6 @@ task writeSshjVersionProperties {
 }
 
 jar.dependsOn writeSshjVersionProperties
-
 jar {
   manifest {
     // please see http://bnd.bndtools.org/chapters/390-wrapping.html
@@ -105,14 +115,7 @@ jar {
   }
 }
 
-task javadocJar(type: Jar) {
-  classifier = 'javadoc'
-  from javadoc
-}
-
-task sourcesJar(type: Jar) {
-  classifier = 'sources'
-  from sourceSets.main.allSource
+sourcesJar {
   manifest {
     attributes(
       // Add the needed OSGI attributes
@@ -125,6 +128,27 @@ task sourcesJar(type: Jar) {
   }
 }
 
+configurations {
+  integrationTestCompile.extendsFrom testCompile
+  integrationTestRuntime.extendsFrom testRuntime
+}
+
+sourceSets {
+  integrationTest {
+    groovy {
+      compileClasspath += sourceSets.main.output + sourceSets.test.output
+      runtimeClasspath += sourceSets.main.output + sourceSets.test.output
+      srcDir file('src/itest/groovy')
+    }
+    resources.srcDir file('src/itest/resources')
+  }
+}
+
+task integrationTest(type: Test) {
+  testClassesDirs = sourceSets.integrationTest.output.classesDirs
+  classpath = sourceSets.integrationTest.runtimeClasspath
+}
+
 tasks.withType(Test) {
   testLogging {
     exceptionFormat = 'full'
@@ -191,21 +215,12 @@ pom {
   }
 }
 
-publishing.publications {
-  Sshj(MavenPublication) {
-    from components.java
-    artifact sourcesJar
-    artifact javadocJar
-  }
-}
-
-
 if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey")) {
   bintray {
     user = project.property("bintrayUsername")
     key = project.property("bintrayApiKey")
     publish = true
-    publications = ["Sshj"]
+    publications = ["maven"]
     pkg {
       repo = "maven"
       name = project.name
@@ -214,8 +229,8 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
       labels = ["ssh", "sftp", "secure-shell", "network", "file-transfer"]
       githubRepo = "hierynomus/sshj"
       version {
-        name = project.version.toString()
-        vcsTag = "v${project.version}"
+        name = "${->project.version}"
+        vcsTag = "v${->project.version}"
         released = new SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss.SSSZZ').format(new Date())
         gpg {
           sign = true
@@ -232,4 +247,38 @@ if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey
   }
 }
 
-project.tasks.release.dependsOn([project.tasks.build, project.tasks.bintrayUpload])
+jacocoTestReport {
+    reports {
+        xml.enabled true
+        html.enabled true
+    }
+}
+
+
+task buildItestImage(type: DockerBuildImage) {
+    inputDir = file('src/itest/docker-image')
+    tag = 'sshj/sshd-itest'
+}
+
+task createItestContainer(type: DockerCreateContainer) {
+    dependsOn buildItestImage
+    targetImageId { buildItestImage.getImageId() }
+    portBindings = ['2222:22']
+}
+
+task startItestContainer(type: DockerStartContainer) {
+    dependsOn createItestContainer
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+task stopItestContainer(type: DockerStopContainer) {
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+project.tasks.integrationTest.dependsOn(startItestContainer)
+project.tasks.integrationTest.finalizedBy(stopItestContainer)
+
+project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
+project.tasks.release.finalizedBy(project.tasks.bintrayUpload)
+project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
+project.tasks.check.dependsOn(project.tasks.jacocoTestReport)

gradle/wrapper/gradle-wrapper.properties

@@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.3-all.zip

src/itest/docker-image/Dockerfile

@@ -0,0 +1,17 @@
+FROM sickp/alpine-sshd:7.5
+
+ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
+
+ADD test-container/ssh_host_ecdsa_key     /etc/ssh/ssh_host_ecdsa_key
+ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+ADD test-container/sshd_config /etc/ssh/sshd_config
+
+RUN \
+  echo "root:smile" | chpasswd && \
+  adduser -D -s /bin/ash sshj && \
+  passwd -u sshj && \
+  chmod 600 /home/sshj/.ssh/authorized_keys && \
+  chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
+  chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
+  chown -R sshj:sshj /home/sshj
+

src/itest/docker-image/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase

src/itest/docker-image/test-container/ssh_host_ecdsa_key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOpOBFjqe0hjK/hs4WZ3dZqnzanq1L3/JbvV1TCkbe4ToAoGCCqGSM49
+AwEHoUQDQgAEVzkrS7Yj0nXML7A3mE08YDthfBR/ZbyYJDIq1vTzcqs6KTaCT529
+swNXWLHO+mbHviZcRiI57ULXHZ1emom/Jw==
+-----END EC PRIVATE KEY-----

src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFc5K0u2I9J1zC+wN5hNPGA7YXwUf2W8mCQyKtb083KrOik2gk+dvbMDV1ixzvpmx74mXEYiOe1C1x2dXpqJvyc= root@404b27be2bf4

src/itest/docker-image/test-container/sshd_config

@@ -0,0 +1,132 @@
+#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
+
+
+macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com

src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.Config
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier
+import spock.lang.Specification
+
+class IntegrationBaseSpec extends Specification {
+    protected static final int DOCKER_PORT = 2222
+    protected static final String USERNAME = "sshj"
+    protected static final String KEYFILE = "src/test/resources/id_rsa"
+    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1")
+
+    protected static SSHClient getConnectedClient(Config config) {
+        SSHClient sshClient = new SSHClient(config)
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier())
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        return sshClient
+    }
+
+    protected static SSHClient getConnectedClient() throws IOException {
+        return getConnectedClient(new DefaultConfig())
+    }
+
+}

src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy

@@ -0,0 +1,71 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.TransportException
+import net.schmizz.sshj.userauth.UserAuthException
+
+class IntegrationSpec extends IntegrationBaseSpec {
+
+    def "should accept correct key"() {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3") // test-containers/ssh_host_ecdsa_key's fingerprint
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        sshClient.isConnected()
+    }
+
+    def "should decline wrong key"() throws IOException {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3")
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        thrown(TransportException.class)
+    }
+
+    def "should authenticate"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.isAuthenticated()
+    }
+
+   def "should not authenticate with wrong key"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey("sshj", "src/test/resources/id_dsa")
+
+        then:
+        thrown(UserAuthException.class)
+        !client.isAuthenticated()
+    }
+}

src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy

@@ -0,0 +1,68 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.sftp
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.sftp.OpenMode
+import net.schmizz.sshj.sftp.RemoteFile
+import net.schmizz.sshj.sftp.SFTPClient
+
+import java.nio.charset.StandardCharsets
+
+import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable
+
+class FileWriteSpec extends IntegrationBaseSpec {
+
+    def "should append to file (GH issue #390)"() {
+        given:
+        SSHClient client = getConnectedClient()
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+        SFTPClient sftp = client.newSFTPClient()
+        def file = "/home/sshj/test.txt"
+        def initialText = "This is the initial text.\n".getBytes(StandardCharsets.UTF_16)
+        def appendText = "And here's the appended text.\n".getBytes(StandardCharsets.UTF_16)
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT))) { RemoteFile initial ->
+            initial.write(0, initialText, 0, initialText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length]
+            read.read(0, bytes, 0, bytes.length)
+            bytes == initialText
+        }
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.APPEND))) { RemoteFile append ->
+            append.write(0, appendText, 0, appendText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length + appendText.length]
+            read.read(0, bytes, 0, bytes.length)
+            Arrays.copyOfRange(bytes, 0, initialText.length) == initialText
+            Arrays.copyOfRange(bytes, initialText.length, initialText.length + appendText.length) == appendText
+        }
+
+        cleanup:
+        sftp.close()
+        client.close()
+    }
+}

src/itest/groovy/com/hierynomus/sshj/transport/mac/MacSpec.groovy

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.mac
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.transport.mac.HMACRIPEMD160
+import net.schmizz.sshj.transport.mac.HMACSHA2256
+import spock.lang.Unroll
+
+class MacSpec extends IntegrationBaseSpec {
+
+    @Unroll
+    def "should correctly connect with #mac MAC"() {
+        given:
+        def cfg = new DefaultConfig()
+        cfg.setMACFactories(macFactory)
+        def client = getConnectedClient(cfg)
+
+        when:
+        client.authPublickey(USERNAME, KEYFILE)
+
+        then:
+        client.authenticated
+
+        where:
+        macFactory << [new HMACSHA2256.Factory(), new HMACRIPEMD160.Factory()]
+        mac = macFactory.name
+    }
+}

src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java

@@ -135,7 +135,7 @@ public class KnownHostMatchers {
         private final Pattern pattern;
 
         public WildcardHostMatcher(String hostEntry) {
-            this.pattern = Pattern.compile(hostEntry.replace(".", "\\.").replace("*", ".*").replace("?", "."));
+            this.pattern = Pattern.compile("^" + hostEntry.replace("[", "\\[").replace("]", "\\]").replace(".", "\\.").replace("*", ".*").replace("?", ".") + "$");
         }
 
         @Override

src/main/java/net/schmizz/sshj/AndroidConfig.java

@@ -15,12 +15,17 @@
  */
 package net.schmizz.sshj;
 
+import com.hierynomus.sshj.signature.SignatureEdDSA;
+
 import net.schmizz.sshj.common.SecurityUtils;
 import net.schmizz.sshj.signature.SignatureDSA;
 import net.schmizz.sshj.signature.SignatureRSA;
 import net.schmizz.sshj.transport.random.JCERandom;
 import net.schmizz.sshj.transport.random.SingletonRandomFactory;
 
+/**
+ * Registers SpongyCastle as JCE provider.
+ */
 public class AndroidConfig
         extends DefaultConfig {
 
@@ -30,7 +35,9 @@ public class AndroidConfig
 
     // don't add ECDSA
     protected void initSignatureFactories() {
-        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory());
+        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory(),
+                // but add EdDSA
+                new SignatureEdDSA.Factory());
     }
 
     @Override

src/main/java/net/schmizz/sshj/DefaultConfig.java

@@ -92,7 +92,7 @@ public class DefaultConfig
             properties.load(DefaultConfig.class.getClassLoader().getResourceAsStream("sshj.properties"));
             String property = properties.getProperty("sshj.version");
             return "SSHJ_" + property.replace('-', '_'); // '-' is a disallowed character, see RFC-4253#section-4.2
-        } catch (IOException e) {
+        } catch (Exception e) {
             log.error("Could not read the sshj.properties file, returning an 'unknown' version as fallback.");
             return "SSHJ_VERSION_UNKNOWN";
         }

src/main/java/net/schmizz/sshj/common/Buffer.java

@@ -246,7 +246,7 @@ public class Buffer<T extends Buffer<T>> {
      * @return this
      */
     public T putBytes(byte[] b, int off, int len) {
-        return putUInt32(len - off).putRawBytes(b, off, len);
+        return putUInt32(len).putRawBytes(b, off, len);
     }
 
     public void readRawBytes(byte[] buf)
@@ -460,10 +460,13 @@ public class Buffer<T extends Buffer<T>> {
 
     public PublicKey readPublicKey()
             throws BufferException {
+        KeyType keyType = KeyType.fromString(readString());
         try {
-            return KeyType.fromString(readString()).readPubKeyFromBuffer(this);
+            return keyType.readPubKeyFromBuffer(this);
         } catch (GeneralSecurityException e) {
             throw new SSHRuntimeException(e);
+        } catch (UnsupportedOperationException uoe) {
+            throw new BufferException("Could not decode keytype " + keyType);
         }
     }
 

src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java

@@ -18,9 +18,7 @@ package net.schmizz.sshj.common;
 import com.hierynomus.sshj.secg.SecgUtils;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,6 +29,8 @@ import java.security.KeyFactory;
 import java.security.PublicKey;
 import java.security.interfaces.ECKey;
 import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
@@ -81,13 +81,14 @@ class ECDSAVariationsAdapter {
             BigInteger bigX = new BigInteger(1, x);
             BigInteger bigY = new BigInteger(1, y);
 
-            X9ECParameters ecParams = NISTNamedCurves.getByName(NIST_CURVES_NAMES.get(variation));
-            ECPoint pPublicPoint = ecParams.getCurve().createPoint(bigX, bigY);
-            ECParameterSpec spec = new ECParameterSpec(ecParams.getCurve(), ecParams.getG(), ecParams.getN());
-            ECPublicKeySpec publicSpec = new ECPublicKeySpec(pPublicPoint, spec);
+            String name = NIST_CURVES_NAMES.get(variation);
+            X9ECParameters ecParams = NISTNamedCurves.getByName(name);
+            ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
+            ECPoint p = new ECPoint(bigX, bigY);
+            ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(p, ecCurveSpec);
 
             KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
-            return keyFactory.generatePublic(publicSpec);
+            return keyFactory.generatePublic(publicKeySpec);
         } catch (Exception ex) {
             throw new GeneralSecurityException(ex);
         }

src/main/java/net/schmizz/sshj/common/SecurityUtils.java

@@ -18,11 +18,21 @@ package net.schmizz.sshj.common;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+
 import javax.crypto.Cipher;
 import javax.crypto.KeyAgreement;
 import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
-import java.security.*;
 
 import static java.lang.String.format;
 
@@ -37,12 +47,17 @@ public class SecurityUtils {
      */
     public static final String BOUNCY_CASTLE = "BC";
 
+    /**
+     * Identifier for the BouncyCastle JCE provider
+     */
+    public static final String SPONGY_CASTLE = "SC";
+
     /*
     * Security provider identifier. null = default JCE
     */
     private static String securityProvider = null;
 
-    // relate to BC registration
+    // relate to BC registration (or SpongyCastle on Android)
     private static Boolean registerBouncyCastle;
     private static boolean registrationDone;
 
@@ -82,6 +97,8 @@ public class SecurityUtils {
         return false;
     }
 
+
+
     public static synchronized Cipher getCipher(String transformation)
             throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
         register();
@@ -222,11 +239,11 @@ public class SecurityUtils {
      * Attempts registering BouncyCastle as security provider if it has not been previously attempted and returns
      * whether the registration succeeded.
      *
-     * @return whether BC registered
+     * @return whether BC (or SC on Android) registered
      */
     public static synchronized boolean isBouncyCastleRegistered() {
         register();
-        return BOUNCY_CASTLE.equals(securityProvider);
+        return BOUNCY_CASTLE.equals(securityProvider) || SPONGY_CASTLE.equals(securityProvider);
     }
 
     public static synchronized void setRegisterBouncyCastle(boolean registerBouncyCastle) {

src/main/java/net/schmizz/sshj/sftp/RemoteFile.java

@@ -82,9 +82,7 @@ public class RemoteFile
             throws IOException {
         return requester.request(newRequest(PacketType.WRITE)
                 .putUInt64(fileOffset)
-                // TODO The SFTP spec claims this field is unneeded...? See #187
-                .putUInt32(len)
-                .putRawBytes(data, off, len)
+                .putString(data, off, len)
         );
     }
 

src/main/java/net/schmizz/sshj/transport/KeyExchanger.java

@@ -197,6 +197,12 @@ final class KeyExchanger
             if (hkv.verify(transport.getRemoteHost(), transport.getRemotePort(), key))
                 return;
         }
+        log.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}",
+                hostVerifiers,
+                KeyType.fromKey(key),
+                SecurityUtils.getFingerprint(key),
+                transport.getRemoteHost(),
+                transport.getRemotePort());
 
         throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE,
                                      "Could not verify `" + KeyType.fromKey(key)

src/main/java/net/schmizz/sshj/transport/mac/HMACRIPEMD160.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+public class HMACRIPEMD160 extends BaseMAC {
+    /** Named factory for the HMAC-SHA1 <code>MAC</code> */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<MAC> {
+
+        @Override
+        public MAC create() {
+            return new HMACRIPEMD160();
+        }
+
+        @Override
+        public String getName() {
+            return "hmac-ripemd160";
+        }
+    }
+
+
+    public HMACRIPEMD160() {
+        super("HMACRIPEMD160", 20, 20);
+    }
+}

src/main/java/net/schmizz/sshj/transport/verification/ConsoleKnownHostsVerifier.java

@@ -41,7 +41,7 @@ public class ConsoleKnownHostsVerifier
     protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
         final KeyType type = KeyType.fromKey(key);
         console.printf("The authenticity of host '%s' can't be established.\n" +
-                               "%s key fingerprint is %s.\n", hostname, type, SecurityUtils.getFingerprint(key));
+                "%s key fingerprint is %s.\n", hostname, type, SecurityUtils.getFingerprint(key));
         String response = console.readLine("Are you sure you want to continue connecting (yes/no)? ");
         while (!(response.equalsIgnoreCase(YES) || response.equalsIgnoreCase(NO))) {
             response = console.readLine("Please explicitly enter yes/no: ");
@@ -60,7 +60,7 @@ public class ConsoleKnownHostsVerifier
     }
 
     @Override
-    protected boolean hostKeyChangedAction(KnownHostEntry entry, String hostname, PublicKey key) {
+    protected boolean hostKeyChangedAction(String hostname, PublicKey key) {
         final KeyType type = KeyType.fromKey(key);
         final String fp = SecurityUtils.getFingerprint(key);
         final String path = getFile().getAbsolutePath();

src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java

@@ -87,14 +87,23 @@ public class OpenSSHKnownHosts
 
         final String adjustedHostname = (port != 22) ? "[" + hostname + "]:" + port : hostname;
 
+        boolean foundApplicableHostEntry = false;
         for (KnownHostEntry e : entries) {
             try {
-                if (e.appliesTo(type, adjustedHostname))
-                    return e.verify(key) || hostKeyChangedAction(e, adjustedHostname, key);
+                if (e.appliesTo(type, adjustedHostname)) {
+                    foundApplicableHostEntry = true;
+                    if (e.verify(key)) {
+                        return true;
+                    }
+                }
             } catch (IOException ioe) {
                 log.error("Error with {}: {}", e, ioe);
                 return false;
             }
+
+        }
+        if (foundApplicableHostEntry) {
+            return hostKeyChangedAction(adjustedHostname, key);
         }
 
         return hostKeyUnverifiableAction(adjustedHostname, key);
@@ -104,7 +113,7 @@ public class OpenSSHKnownHosts
         return false;
     }
 
-    protected boolean hostKeyChangedAction(KnownHostEntry entry, String hostname, PublicKey key) {
+    protected boolean hostKeyChangedAction(String hostname, PublicKey key) {
         log.warn("Host key for `{}` has changed!", hostname);
         return false;
     }
@@ -199,7 +208,7 @@ public class OpenSSHKnownHosts
             }
             if(split.length < 3) {
                 log.error("Error reading entry `{}`", line);
-                return null;
+                return new BadHostEntry(line);
             }
             final String hostnames = split[i++];
             final String sType = split[i++];
@@ -209,7 +218,13 @@ public class OpenSSHKnownHosts
 
             if (type != KeyType.UNKNOWN) {
                 final String sKey = split[i++];
-                key = new Buffer.PlainBuffer(Base64.decode(sKey)).readPublicKey();
+                try {
+                    byte[] keyBytes = Base64.decode(sKey);
+                    key = new Buffer.PlainBuffer(keyBytes).readPublicKey();
+                } catch (IOException ioe) {
+                    log.warn("Error decoding Base64 key bytes", ioe);
+                    return new BadHostEntry(line);
+                }
             } else if (isBits(sType)) {
                 type = KeyType.RSA;
                 // int bits = Integer.valueOf(sType);
@@ -220,11 +235,11 @@ public class OpenSSHKnownHosts
                     key = keyFactory.generatePublic(new RSAPublicKeySpec(n, e));
                 } catch (Exception ex) {
                     log.error("Error reading entry `{}`, could not create key", line, ex);
-                    return null;
+                    return new BadHostEntry(line);
                 }
             } else {
                 log.error("Error reading entry `{}`, could not determine type", line);
-                return null;
+                return new BadHostEntry(line);
             }
 
             return new HostEntry(marker, hostnames, type, key);
@@ -310,7 +325,7 @@ public class OpenSSHKnownHosts
         protected final PublicKey key;
         private final KnownHostMatchers.HostMatcher matcher;
 
-        HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException {
+        public HostEntry(Marker marker, String hostPart, KeyType type, PublicKey key) throws SSHException {
             this.marker = marker;
             this.hostPart = hostPart;
             this.type = type;
@@ -340,7 +355,7 @@ public class OpenSSHKnownHosts
 
         @Override
         public boolean verify(PublicKey key) throws IOException {
-            return key.equals(this.key) && marker != Marker.REVOKED;
+            return getKeyString(key).equals(getKeyString(this.key)) && marker != Marker.REVOKED;
         }
 
         public String getLine() {
@@ -350,17 +365,55 @@ public class OpenSSHKnownHosts
 
             line.append(getHostPart());
             line.append(" ").append(type.toString());
-            line.append(" ").append(getKeyString());
+            line.append(" ").append(getKeyString(key));
             return line.toString();
         }
 
-        private String getKeyString() {
-            final Buffer.PlainBuffer buf = new Buffer.PlainBuffer().putPublicKey(key);
+        private String getKeyString(PublicKey pk) {
+            final Buffer.PlainBuffer buf = new Buffer.PlainBuffer().putPublicKey(pk);
             return Base64.encodeBytes(buf.array(), buf.rpos(), buf.available());
         }
 
         protected String getHostPart() {
-            return  hostPart;
+            return hostPart;
+        }
+    }
+
+    public static class BadHostEntry implements KnownHostEntry {
+        private String line;
+
+        public BadHostEntry(String line) {
+            this.line = line;
+        }
+
+        @Override
+        public KeyType getType() {
+            return KeyType.UNKNOWN;
+        }
+
+        @Override
+        public String getFingerprint() {
+            return null;
+        }
+
+        @Override
+        public boolean appliesTo(String host) throws IOException {
+            return false;
+        }
+
+        @Override
+        public boolean appliesTo(KeyType type, String host) throws IOException {
+            return false;
+        }
+
+        @Override
+        public boolean verify(PublicKey key) throws IOException {
+            return false;
+        }
+
+        @Override
+        public String getLine() {
+            return line;
         }
     }
 

src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java

@@ -16,6 +16,7 @@
 package net.schmizz.sshj.userauth.keyprovider;
 
 import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SecurityUtils;
 import net.schmizz.sshj.userauth.password.PasswordUtils;
 import org.bouncycastle.openssl.EncryptionException;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
@@ -62,12 +63,12 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
                 final Object o = r.readObject();
 
                 final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
-                pemConverter.setProvider("BC");
+                pemConverter.setProvider(SecurityUtils.getSecurityProvider());
 
                 if (o instanceof PEMEncryptedKeyPair) {
                     final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
                     JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
-                    decryptorBuilder.setProvider("BC");
+                    decryptorBuilder.setProvider(SecurityUtils.getSecurityProvider());
                     try {
                         passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
                         kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));

src/test/groovy/com/hierynomus/sshj/transport/verification/KnownHostMatchersSpec.groovy

@@ -49,6 +49,11 @@ class KnownHostMatchersSpec extends Specification {
         "aaa.b??.com" | "aaa.bccd.com" | false
         "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.1.61" | true
         "|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg=" | "192.168.2.61" | false
+        "[aaa.bbb.com]:2222" | "aaa.bbb.com" | false
+        "[aaa.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
+        "[aaa.?bb.com]:2222" | "[aaa.dbb.com]:2222" | true
+        "[aaa.?xb.com]:2222" | "[aaa.dbb.com]:2222" | false
+        "[*.bbb.com]:2222" | "[aaa.bbb.com]:2222" | true
         yesno = match ? "" : "no"
     }
 }

src/test/groovy/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsSpec.groovy

@@ -0,0 +1,140 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.verification
+
+import net.schmizz.sshj.common.Base64
+import net.schmizz.sshj.common.Buffer
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts
+import net.schmizz.sshj.util.KeyUtil
+import org.junit.Rule
+import org.junit.rules.TemporaryFolder
+import spock.lang.Specification
+import spock.lang.Unroll
+
+import java.security.PublicKey
+
+class OpenSSHKnownHostsSpec extends Specification {
+
+    @Rule
+    public TemporaryFolder temp = new TemporaryFolder();
+
+    def "should parse and verify hashed host entry"() {
+        given:
+        def f = knownHosts("|1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==");
+        final PublicKey key = KeyUtil
+                .newRSAPublicKey(
+                "e8ff4797075a861db9d2319960a836b2746ada3da514955d2921f2c6a6c9895cbd557f604e43772b6303e3cab2ad82d83b21acdef4edb72524f9c2bef893335115acacfe2989bcbb2e978e4fedc8abc090363e205d975c1fdc35e55ba4daa4b5d5ab7a22c40f547a4a0fd1c683dfff10551c708ff8c34ea4e175cb9bf2313865308fa23601e5a610e2f76838be7ded3b4d3a2c49d2d40fa20db51d1cc8ab20d330bb0dadb88b1a12853f0ecb7c7632947b098dcf435a54566bcf92befd55e03ee2a57d17524cd3d59d6e800c66059067e5eb6edb81946b3286950748240ec9afa4389f9b62bc92f94ec0fba9e64d6dc2f455f816016a4c5f3d507382ed5d3365",
+                "23");
+
+        when:
+        OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(f)
+
+        then:
+        openSSHKnownHosts.verify("192.168.1.61", 22, key)
+        !openSSHKnownHosts.verify("192.168.1.2", 22, key)
+    }
+
+    def "should parse and verify v1 host entry"() {
+        given:
+        def f = knownHosts("test.com,1.1.1.1 2048 35 22017496617994656680820635966392838863613340434802393112245951008866692373218840197754553998457793202561151141246686162285550121243768846314646395880632789308110750881198697743542374668273149584280424505890648953477691795864456749782348425425954366277600319096366690719901119774784695056100331902394094537054256611668966698242432417382422091372756244612839068092471592121759862971414741954991375710930168229171638843329213652899594987626853020377726482288618521941129157643483558764875338089684351824791983007780922947554898825663693324944982594850256042689880090306493029526546183035567296830604572253312294059766327")
+        def key = KeyUtil.newRSAPublicKey("ae6983ed63a33afc69fe0b88b4ba14393120a0b66e1460916a8390ff109139cd14f4e1701ab5c5feeb479441fe2091d04c0ba7d3fa1756b80ed103657ab53b5d7daa38af22f59f9cbfc16892d4ef1f8fd3ae49663c295be1f568a160d54328fbc2c0598f48d32296b1b9942336234952c440cda1bfac904e3391db98e52f9b1de229adc18fc34a9a569717aa9a5b1145e73b8a8394354028d02054ca760243fb8fc1575490607dd098e698e02b5d8bdf22d55ec958245222ef4c65b8836b9f13674a2d2895a587bfd4423b4eeb6d3ef98451640e3d63d2fc6a761ffd34446abab028494caf36d67ffd65298d69f19f2d90bae4c207b671db563a08f1bb9bf237",
+                    "23")
+        when:
+        OpenSSHKnownHosts knownHosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownHosts.verify("test.com", 22, key)
+    }
+
+    def "should check all host entries for key"() {
+        given:
+        def f = knownHosts("""
+host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiYp2IDgzDFhl8T4TRLIhEljvEixz1YN0XWh4dYh0REGK9T4QKiyb28EztPMdcOtz1uyX5rUGYXX9hj99S4SiU=
+host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=
+""")
+        def pk = new Buffer.PlainBuffer(Base64.decode("AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=")).readPublicKey()
+        when:
+        def knownhosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownhosts.verify("host1", 22, pk)
+    }
+
+    def "should not fail on bad base64 entry"() {
+        given:
+        def f = knownHosts("""
+host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIDgzDFhl8T4TRLIhEljvEixz1YN0XWh4dYh0REGK9T4QKiyb28EztPMdcOtz1uyX5rUGYXX9hj99S4SiU=
+host1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=
+""")
+        def pk = new Buffer.PlainBuffer(Base64.decode("AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck=")).readPublicKey()
+        when:
+        def knownhosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownhosts.verify("host1", 22, pk)
+    }
+
+    def "should mark bad line and not fail"() {
+        given:
+        def f = knownHosts("M36Lo+Ik5ukNugvvoNFlpnyiHMmtKxt3FpyEfYuryXjNqMNWHn/ARVnpUIl5jRLTB7WBzyLYMG7X5nuoFL9zYqKGtHxChbDunxMVbspw5WXI9VN+qxcLwmITmpEvI9ApyS/Ox2ZyN7zw==\n")
+
+        when:
+        def knownhosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownhosts.entries().size() == 1
+        knownhosts.entries().get(0) instanceof OpenSSHKnownHosts.BadHostEntry
+    }
+
+    @Unroll
+    def "should add comment for #type line"() {
+        given:
+        def f = knownHosts(s)
+
+        when:
+        def knownHosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownHosts.entries().size() == 1
+        knownHosts.entries().get(0) instanceof OpenSSHKnownHosts.CommentEntry
+
+        where:
+        type << ["newline", "comment"]
+        s << ["\n", "#comment\n"]
+    }
+
+    @Unroll
+    def "should match any host name from multi-host line"() {
+        given:
+        def f = knownHosts("schmizz.net,69.163.155.180 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==")
+        def pk = new Buffer.PlainBuffer(Base64.decode("AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==")).readPublicKey()
+
+        when:
+        def knownHosts = new OpenSSHKnownHosts(f)
+
+        then:
+        knownHosts.verify(h, 22, pk)
+
+        where:
+        h << ["schmizz.net", "69.163.155.180"]
+    }
+
+    def knownHosts(String s) {
+        def f = temp.newFile("known_hosts")
+        f.write(s)
+        return f
+    }
+}

src/test/groovy/net/schmizz/sshj/xfer/FileSystemFileSpec.groovy

@@ -49,6 +49,6 @@ class FileSystemFileSpec extends Specification {
         def child = file.getChild("bar//etc/passwd")
 
         then:
-        child.getFile().getPath() endsWith "foo/bar/etc/passwd"
+        child.getFile().getPath().replace('\\', '/') endsWith "foo/bar/etc/passwd"
     }
 }

src/test/java/com/hierynomus/sshj/IntegrationTest.java

@@ -1,39 +0,0 @@
-/*
- * Copyright (C)2009 - SSHJ Contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.hierynomus.sshj;
-
-import net.schmizz.sshj.DefaultConfig;
-import net.schmizz.sshj.SSHClient;
-import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.IOException;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class IntegrationTest {
-
-    @Test @Ignore // Should only be enabled for testing against VM
-    public void shouldConnect() throws IOException {
-        SSHClient sshClient = new SSHClient(new DefaultConfig());
-        sshClient.addHostKeyVerifier(new OpenSSHKnownHosts(new File("/Users/ajvanerp/.ssh/known_hosts")));
-        sshClient.connect("172.16.37.147");
-        sshClient.authPublickey("jeroen");
-        assertThat("Is connected", sshClient.isAuthenticated());
-    }
-}

src/test/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHostsTest.java

@@ -1,88 +0,0 @@
-/*
- * Copyright (C)2009 - SSHJ Contributors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package net.schmizz.sshj.transport.verification;
-
-import net.schmizz.sshj.util.KeyUtil;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.TemporaryFolder;
-
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-
-import static org.hamcrest.CoreMatchers.equalTo;
-import static org.hamcrest.CoreMatchers.instanceOf;
-import static org.junit.Assert.*;
-
-public class OpenSSHKnownHostsTest {
-
-    @Rule
-    public TemporaryFolder temp = new TemporaryFolder();
-
-    public File writeKnownHosts(String line)
-            throws IOException {
-        File known_hosts = temp.newFile("known_hosts");
-        FileWriter fileWriter = new FileWriter(known_hosts);
-        BufferedWriter writer = new BufferedWriter(fileWriter);
-        writer.write(line);
-        writer.write("\r\n");
-        writer.flush();
-        writer.close();
-        return known_hosts;
-    }
-
-    @Test
-    public void shouldAddCommentForEmptyLine()
-            throws IOException {
-        File file = writeKnownHosts("");
-        OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(file);
-        assertThat(openSSHKnownHosts.entries().size(), equalTo(1));
-        assertThat(openSSHKnownHosts.entries().get(0), instanceOf(OpenSSHKnownHosts.CommentEntry.class));
-    }
-
-    @Test
-    public void shouldAddCommentForCommentLine()
-            throws IOException {
-        File file = writeKnownHosts("# this is a comment");
-        OpenSSHKnownHosts openSSHKnownHosts = new OpenSSHKnownHosts(file);
-        assertThat(openSSHKnownHosts.entries().size(), equalTo(1));
-        assertThat(openSSHKnownHosts.entries().get(0), instanceOf(OpenSSHKnownHosts.CommentEntry.class));
-    }
-
-    @Test
-    public void testSchmizzEntry()
-            throws IOException, GeneralSecurityException {
-        OpenSSHKnownHosts kh = new OpenSSHKnownHosts(new File("src/test/resources/known_hosts"));
-        final PublicKey key = KeyUtil
-                .newRSAPublicKey(
-                        "e8ff4797075a861db9d2319960a836b2746ada3da514955d2921f2c6a6c9895cbd557f604e43772b6303e3cab2ad82d83b21acdef4edb72524f9c2bef893335115acacfe2989bcbb2e978e4fedc8abc090363e205d975c1fdc35e55ba4daa4b5d5ab7a22c40f547a4a0fd1c683dfff10551c708ff8c34ea4e175cb9bf2313865308fa23601e5a610e2f76838be7ded3b4d3a2c49d2d40fa20db51d1cc8ab20d330bb0dadb88b1a12853f0ecb7c7632947b098dcf435a54566bcf92befd55e03ee2a57d17524cd3d59d6e800c66059067e5eb6edb81946b3286950748240ec9afa4389f9b62bc92f94ec0fba9e64d6dc2f455f816016a4c5f3d507382ed5d3365",
-                        "23");
-
-        assertTrue(kh.verify("schmizz.net", 22, key));
-        assertTrue(kh.verify("69.163.155.180", 22, key));
-        assertFalse(kh.verify("69.163.155.18", 22, key));
-    }
-
-    @Test
-    public void testVerifyIndexError() throws Exception {
-        final OpenSSHKnownHosts v = new OpenSSHKnownHosts(new File("src/test/resources/known_hosts.invalid"));
-        assertTrue(v.entries().isEmpty());
-    }
-}

src/test/resources/known_hosts

@@ -1,4 +0,0 @@
-schmizz.net,69.163.155.180 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==
-# Above we have a plain line, Below we have a hashed line, Last is a v1 line, This is a garbage line.
-|1|dy7xSefq6NmJms6AzANG3w45W28=|SSCTlHs4pZbc2uaRoPvjyEAHE1g= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu64GJcCkdtckPGt8uKTyhG1ShT1Np1kh10eE49imQ4Nh9Y/IrSPzDtYUAazQ88ABc2NffuOKkdn2qtUwZ1ulfcdNfN3oTim3BiVHqa041pKG0L+onQe8Bo+CaG5KBLy/C24eNGM9EcfQvDQOnq1eD3lnR/l8fFckldzjfxZgar0yT9Bb3pwp50oN+1wSEINJEHOgMIW8kZBQmyNr/B+b7yX+Y1s1vuYIP/i4WimCVmkdi9G87Ga8w7GxKalRD2QOG6Xms2YWRQDN6M/MOn4tda3EKolbWkctEWcQf/PcVJffTH4Wv5f0RjVyrQv4ha4FZcNAv6RkRd9WkiCsiTKioQ==
-test.com,1.1.1.1 2048 35 22017496617994656680820635966392838863613340434802393112245951008866692373218840197754553998457793202561151141246686162285550121243768846314646395880632789308110750881198697743542374668273149584280424505890648953477691795864456749782348425425954366277600319096366690719901119774784695056100331902394094537054256611668966698242432417382422091372756244612839068092471592121759862971414741954991375710930168229171638843329213652899594987626853020377726482288618521941129157643483558764875338089684351824791983007780922947554898825663693324944982594850256042689880090306493029526546183035567296830604572253312294059766327

src/test/resources/known_hosts.invalid

@@ -1 +0,0 @@
-M36Lo+Ik5ukNugvvoNFlpnyiHMmtKxt3FpyEfYuryXjNqMNWHn/ARVnpUIl5jRLTB7WBzyLYMG7X5nuoFL9zYqKGtHxChbDunxMVbspw5WXI9VN+qxcLwmITmpEvI9ApyS/Ox2ZyN7zw==