Add extra logging in OpenSSHKnownHosts and extra test

* Add EdDSA signature for AndroidConfig.

* Initialize KeyExchange- and FileKeyProviderFactories with registered "bouncyCastle" (in fact, SpongyCastle is registered).

See #308 for discussion.

.bettercodehub.yml

@@ -0,0 +1,8 @@
+exclude:
+- /build-publishing.gradle
+- /build.gradle
+- /settings.gradle
+component_depth: 1
+languages:
+- groovy
+- java

.gitattributes

@@ -0,0 +1 @@
+*.bat text eol=crlf

.gitignore

@@ -0,0 +1,22 @@
+# IntelliJ IDEA
+.idea/
+*.iml
+*.ipr
+*.iws
+
+# Eclipe
+.project
+.classpath
+.settings/
+
+# Output dirs
+out/
+target/
+classes/
+build/
+docs/
+.gradle/
+sshj.jar
+
+# MacOS X
+.DS_Store

.travis.yml

@@ -0,0 +1,30 @@
+language: java
+dist: trusty
+sudo: required
+
+services:
+  - docker
+
+jdk:
+  - oraclejdk8
+  - openjdk8
+  - oraclejdk9
+
+before_cache:
+  - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+
+cache:
+  directories:
+  - $HOME/.gradle/caches/
+  - $HOME/.gradle/wrapper/
+
+before_install:
+  - pip install --user codecov
+
+script:
+  - ./gradlew check
+  - ./gradlew integrationTest
+
+after_success:
+- codecov

CONTRIBUTORS

@@ -0,0 +1 @@
+git log --format='%aN <%aE>' | awk '{arr[$0]++} END{for (i in arr){print arr[i], i;}}' | sort -rn | cut -d\  -f2-

LICENSE_HEADER

@@ -0,0 +1,13 @@
+Copyright (C)2009 - SSHJ Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

NOTICE

@@ -1,5 +1,5 @@
 sshj - SSHv2 library for Java
-Copyright 2010 Shikhar Bhushan
+Copyright 2010-2012 sshj contributors
 
 This product includes code derived from software developed at 
 The Apache Software Foundation (http://www.apache.org/):

README.adoc

@@ -0,0 +1,203 @@
+= sshj - SSHv2 library for Java
+Jeroen van Erp
+:sshj_groupid: com.hierynomus
+:sshj_version: 0.23.0
+:source-highlighter: pygments
+
+image:https://api.bintray.com/packages/hierynomus/maven/sshj/images/download.svg[link="https://bintray.com/hierynomus/maven/sshj/_latestVersion"]
+image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
+image:https://api.codacy.com/project/badge/Grade/14a0a316bb9149739b5ea26dbfa8da8a["Codacy code quality", link="https://www.codacy.com/app/jeroen_2/sshj?utm_source=github.com&utm_medium=referral&utm_content=hierynomus/sshj&utm_campaign=Badge_Grade"]
+image:https://codecov.io/gh/hierynomus/sshj/branch/master/graph/badge.svg["codecov", link="https://codecov.io/gh/hierynomus/sshj"]
+image:http://www.javadoc.io/badge/com.hierynomus/sshj.svg?color=blue["JavaDocs", link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
+image:https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj/badge.svg["Maven Central",link="https://maven-badges.herokuapp.com/maven-central/com.hierynomus/sshj"]
+image:https://javadoc-emblem.rhcloud.com/doc/com.hierynomus/sshj/badge.svg["Javadoc",link="http://www.javadoc.io/doc/com.hierynomus/sshj"]
+
+To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)
+
+== Getting SSHJ
+
+To get SSHJ, you have two options:
+
+. Add a dependency to SSHJ to your project.
+. Build SSHJ yourself.
+
+And, if you want, you can also run the SSHJ examples.
+
+Binary releases of SSHJ are not provided here, but you can download it http://search.maven.org/#artifactdetails%7C{sshj_groupid}%7Csshj%7C{sshj_version}%7Cjar[straight from the Maven Central repository] if you want to.
+
+== Depending on SSHJ
+If you're building your project using Maven, you can add the following dependency to the `pom.xml`:
+
+[source,xml,subs="verbatim,attributes"]
+----
+<dependency>
+  <groupId>{sshj_groupid}</groupId>
+  <artifactId>sshj</artifactId>
+  <version>{sshj_version}</version>
+</dependency>
+----
+
+If your project is built using another build tool that uses the Maven Central repository, translate this dependency into the format used by your build tool.
+
+== Building SSHJ
+. Clone the SSHJ repository.
+. Ensure you have Java6 installed with the http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html[Unlimited strength Java Cryptography Extensions (JCE)].
+. Run the command `./gradlew clean build`.
+
+== Running the examples
+In the `examples` directory, there is a separate Maven project that shows how the library can be used in some sample cases. If you want to run them, follow these guidelines:
+
+. Install http://maven.apache.org/[Maven 2.2.1] or up.
+. Clone the Overthere repository.
+. Go into the `examples` directory and run the command `mvn eclipse:eclipse`.
+. Import the `examples` project into Eclipse.
+. Change the login details in the example classes (address, username and password) and run them!
+
+== Features of the library include:
+
+* reading known_hosts files for host key verification
+* publickey, password and keyboard-interactive authentication
+* command, subsystem and shell channels
+* local and remote port forwarding
+* scp + complete sftp version 0-3 implementation
+
+== Supported algorithms
+Implementations / adapters for the following algorithms are included:
+
+ciphers::
+  `aes{128,192,256}-{cbc,ctr}`, `blowfish-{cbc,ctr}`, `3des-{cbc,ctr}`, `twofish{128,192,256}-{cbc,ctr}`, `twofish-cbc`, `serpent{128,192,256}-{cbc,ctr}`, `idea-{cbc,ctr}`, `cast128-{cbc,ctr}`, `arcfour`, `arcfour{128,256}`
+  SSHJ also supports the following extended (non official) ciphers: `camellia{128,192,256}-{cbc,ctr}`, `camellia{128,192,256}-{cbc,ctr}@openssh.org`
+
+key exchange::
+  `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`,
+  `diffie-hellman-group14-sha256`, `diffie-hellman-group15-sha512`, `diffie-hellman-group16-sha512`, `diffie-hellman-group17-sha512`, `diffie-hellman-group18-sha512`
+  `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`,
+  `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `curve25519-sha256@libssh.org`
+  SSHJ also supports the following extended (non official) key exchange algoriths:
+  `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`,
+  `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com`
+
+signatures::
+  `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519`
+
+mac::
+  `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`
+
+compression::
+  `zlib` and `zlib@openssh.com` (delayed zlib)
+
+private key files::
+   `pkcs5`, `pkcs8`, `openssh-key-v1`, `ssh-rsa-cert-v01@openssh.com`, `ssh-dsa-cert-v01@openssh.com`
+
+If you need something that is not included, it shouldn't be too hard to add (do contribute it!)
+
+== Comparing to other implementations
+http://ssh-comparison.quendi.de/comparison.html[SSH Implementation Comparison]
+
+== Dependencies
+Java 6+. http://www.slf4j.org/download.html[slf4j] is required. http://www.bouncycastle.org/java.html[bouncycastle] is highly recommended and required for using some of the crypto algorithms. http://www.jcraft.com/jzlib/[jzlib] is required for using zlib compression.
+
+== Reporting bugs
+Issue tracker: https://github.com/hierynomus/sshj/issues
+
+== Discussion
+Google Group: http://groups.google.com/group/sshj-users
+
+== Contributing
+Fork away!
+
+== Release history
+SSHJ 0.23.0 (2017-10-13)::
+* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
+* Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
+* Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
+* Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
+* Made SSHJ Java9 compatible
+SSHJ 0.22.0 (2017-08-24)::
+* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
+* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
+* Merged https://github.com/hierynomus/sshj/pulls/336[#336]: Added support for ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 signatures
+* Fixed https://github.com/hierynomus/sshj/issues/331[#331]: Added support for wildcards in known_hosts file
+SSHJ 0.21.1 (2017-04-25)::
+* Merged https://github.com/hierynomus/sshj/pulls/322[#322]: Fix regression from 40f956b (invalid length parameter on outputstream)
+SSHJ 0.21.0 (2017-04-14)::
+* Merged https://github.com/hierynomus/sshj/pulls/319[#319]: Added support for `ssh-rsa-cert-v01@openssh.com` and `ssh-dsa-cert-v01@openssh.com` certificate key files
+* Upgraded Gradle to 3.4.1
+* Merged https://github.com/hierynomus/sshj/pulls/305[#305]: Added support for custom string encoding
+* Fixed https://github.com/hierynomus/sshj/issues/312[#312]: Upgraded BouncyCastle to 1.56
+SSHJ 0.20.0 (2017-02-09)::
+* Merged https://github.com/hierynomus/sshj/pulls/294[#294]: Reference ED25519 by constant instead of name
+* Merged https://github.com/hierynomus/sshj/pulls/293[#293], https://github.com/hierynomus/sshj/pulls/295[#295] and https://github.com/hierynomus/sshj/pulls/301[#301]: Fixed OSGi packaging
+* Added new Diffie Hellman groups 15-18 for stronger KeyExchange algorithms
+SSHJ 0.19.1 (2016-12-30)::
+* Enabled PKCS5 Key files in DefaultConfig
+* Merged https://github.com/hierynomus/sshj/pulls/291[#291]: Fixed sshj.properties loading and chained exception messages
+* Merged https://github.com/hierynomus/sshj/pulls/284[#284]: Correctly catch interrupt in keepalive thread
+* Fixed https://github.com/hierynomus/sshj/issues/292[#292]: Pass the configured RandomFactory to Diffie Hellmann KEX
+* Fixed https://github.com/hierynomus/sshj/issues/256[#256]: SSHJ now builds if no git repository present
+* LocalPortForwarder now correctly interrupts its own thread on close()
+SSHJ 0.19.0 (2016-11-25)::
+* Fixed https://github.com/hierynomus/sshj/issues/276[#276]: Add support for ed-25519 and new OpenSSH key format
+* Fixed https://github.com/hierynomus/sshj/issues/280[#280]: Read version from a generated sshj.properties file to correctly output version during negotiation
+SSHJ 0.18.0 (2016-09-30)::
+* Fixed Android compatibility
+* Upgrade to Gradle 3.0
+* Merged https://github.com/hierynomus/sshj/pulls/271[#271]: Load known_hosts without requiring BouncyCastle
+* Merged https://github.com/hierynomus/sshj/pulls/269[#269]: Brought back Java6 support by popular demand
+* Merged https://github.com/hierynomus/sshj/pulls/267[#267]: Added support for per connection logging (Fixes https://github.com/hierynomus/sshj/issues/264[#264])
+* Merged https://github.com/hierynomus/sshj/pulls/262[#262], https://github.com/hierynomus/sshj/pulls/265[#265] and https://github.com/hierynomus/sshj/pulls/266[#266]: Added PKCS5 key file support
+* Fixed toString of sftp FileAttributes (Fixes https://github.com/hierynomus/sshj/pulls/258[#258])
+* Fixed https://github.com/hierynomus/sshj/issues/255[#255]: No longer depending on 'privately marked' classes in `net.i2p.crypto.eddsa.math` package, fixes OSGI dependencies
+SSHJ 0.17.2 (2016-07-07)::
+* Treating SSH Server identification line ending in '\n' instead of '\r\n' leniently.
+SSHJ 0.17.1 (2016-07-06)::
+* Improved parsing of the SSH Server identification. Too long header lines now no longer break the protocol.
+SSHJ 0.17.0 (2016-07-05)::
+* *Introduced breaking change in SFTP copy behaviour*: Previously an SFTP copy operation would behave differently if both source and target were folders with different names.
+  In this case instead of copying the contents of the source into the target directory, the directory itself was copied as a sub directory of the target directory.
+  This behaviour has been removed in favour of the default behaviour which is to copy the contents of the source into the target. Bringing the behaviour in line with how SCP works.
+* Fixed https://github.com/hierynomus/sshj/issues/252[#252] (via: https://github.com/hierynomus/sshj/pulls/253[#253]): Same name subdirs are no longer merged by accident
+SSHJ 0.16.0 (2016-04-11)::
+* Fixed https://github.com/hierynomus/sshj/issues/239[#239]: Remote port forwards did not work if you used the empty string as address, or a catch-all address.
+* Fixed https://github.com/hierynomus/sshj/issues/242[#242]: Added OSGI headers to sources jar manifest
+* Fixed https://github.com/hierynomus/sshj/issues/236[#236]: Remote Port forwarding with dynamic port allocation fails with BufferUnderflowException
+* Upgraded gradle distribution to 2.12
+* Closed https://github.com/hierynomus/sshj/issues/234[#234]: Dropped Java6 support (0.15.0 was already Java6 incompatible due to Java7 dependency)
+* Fixed https://github.com/hierynomus/sshj/issues/118[#118]: Added configuration switch for waiting on a server ident before sending the client ident.
+* Fixed https://github.com/hierynomus/sshj/issues/114[#114]: Added javadoc that you always need to call close() on a Command before inspecting the exit codes.
+* Fixed https://github.com/hierynomus/sshj/issues/237[#237]: Fixed race condition if a `hostkeys-00@openssh.com` global request is received directly after a successful auth.
+SSHJ 0.15.0 (2015-11-20)::
+* Fixed https://github.com/hierynomus/sshj/issues/220[#220]: Added support for `ssh-ed25519` host keys
+* Fixed https://github.com/hierynomus/sshj/issues/225[#225]: Fixed bug in ECDSA fingerprint calculation that sometimes produced an incorrect fingerprint
+* Added `arcfour` Stream Ciphers from RFC4253 and RFC4345
+* Added all Block Ciphers from RFC4344 and RFC4253
+SSHJ 0.14.0 (2015-11-04)::
+* Fixed https://github.com/hierynomus/sshj/issues/171[#171]: Added support for `curve25519-sha256@libssh.org` key exchange algorithm
+* Added support for `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384` and  `ecdh-sha2-nistp521` key exchange algorithms
+* Fixed https://github.com/hierynomus/sshj/issues/167[#167]: Added support for `diffie-hellman-group-exchange-sha1` and `diffie-hellman-group-exchange-sha256` key exchange methods
+* Fixed https://github.com/hierynomus/sshj/issues/212[#212]: Configure path escaping to enable shell expansion to work correctly
+* Merged https://github.com/hierynomus/sshj/issues/210[#210]: RemoteFileInputStream.skip returns wrong value (Fixes https://github.com/hierynomus/sshj/issues/209[#209])
+* Merged https://github.com/hierynomus/sshj/issues/208[#208]: Added SCP bandwidth limitation support
+* Merged https://github.com/hierynomus/sshj/issues/211[#211]: Made keyfile format detection more robust
+SSHJ 0.13.0 (2015-08-18)::
+* Merged https://github.com/hierynomus/sshj/issues/199[#199]: Fix for IndexOutOfBoundsException in ReadAheadRemoteFileInputStream, fixes https://github.com/hierynomus/sshj/issues/183[#183]
+* Merged https://github.com/hierynomus/sshj/issues/195[#195]: New authentication supported: `gssapi-with-mic`
+* Merged https://github.com/hierynomus/sshj/issues/201[#201]: New option to verify negotiated key exchange algorithms
+* Merged https://github.com/hierynomus/sshj/issues/196[#196]: Fix for looking up complete hostname in known hosts file
+SSHJ 0.12.0 (2015-04-14)::
+* Added support for HTTP proxies when running JDK6 or JDK7, fixes: https://github.com/hierynomus/sshj/issues/170[#170]
+* Merged https://github.com/hierynomus/sshj/issues/186[#186]: Fix for detecting end-of-stream
+* Compiling to JDK6, fixes https://github.com/hierynomus/sshj/issues/179[#179] and https://github.com/hierynomus/sshj/issues/185[#185]
+* Correctly close socket and channel when LocalPortForwarder fails to open and start the channel (Fixes https://github.com/hierynomus/sshj/issues/175[#175] and https://github.com/hierynomus/sshj/issues/176[#176])
+* Merged https://github.com/hierynomus/sshj/issues/181[#181]: Invalid write packet length when reading with offset (Fixes https://github.com/hierynomus/sshj/issues/180[#180])
+SSHJ 0.11.0 (2015-01-23)::
+* New maven coordinates `com.hierynomus:sshj:0.11.0` as https://github.com/hierynomus[@hierynomus] took over as maintainer of SSHJ
+* Migrated build system to Gradle 2.2.1
+* Merged https://github.com/hierynomus/sshj/issues/150[#150]: Fix for incorrect file handle on some SSH servers, fixes: https://github.com/hierynomus/sshj/issues/54[#54], https://github.com/hierynomus/sshj/issues/119[#119], https://github.com/hierynomus/sshj/issues/168[#168], https://github.com/hierynomus/sshj/issues/169[#169]
+* Made `jzlib` optional in OSGi bundling, fixes: https://github.com/hierynomus/sshj/issues/162[#162]
+* Improved some log levels, fixes: https://github.com/hierynomus/sshj/issues/161[#161]
+* Merged https://github.com/hierynomus/sshj/issues/156[#156], https://github.com/hierynomus/sshj/issues/164[#164], https://github.com/hierynomus/sshj/issues/165[#165]: Fixed block sizes for `hmac-sha2-256` and `hmac-sha2-512`
+* Merged https://github.com/hierynomus/sshj/issues/141[#141]: Add proxy support
+* Merged https://github.com/hierynomus/sshj/issues/157[#157], https://github.com/hierynomus/sshj/issues/163[#163]: Doc and build fixes
+* Upgraded BouncyCastle to 1.51, fixes: https://github.com/hierynomus/sshj/issues/142[#142]
+* Implemented keep-alive with connection drop detection, fixes https://github.com/hierynomus/sshj/issues/166[#166]

README.rst

@@ -1,61 +0,0 @@
-sshj - SSHv2 library for Java
-==============================
-
-To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)
-
-Features of the library include:
-
-* reading known_hosts files for host key verification
-* publickey, password and keyboard-interactive authentication
-* command, subsystem and shell channels
-* local and remote port forwarding
-* scp + complete sftp version 0-3 implementation
-
-Implementations of the following algorithms are included:
-
-ciphers
-  ``aes{128,192,256}-{cbc,ctr}``, ``blowfish-cbc``, ``3des-cbc``
-
-key exchange
-  ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``
-
-signatures
-  ``ssh-rsa``, ``ssh-dss``
-
-mac
-  ``hmac-md5``, ``hmac-md5-96``, ``hmac-sha1``, ``hmac-sha1-96``
-
-compression
-  ``zlib`` and ``zlib@openssh.com`` (delayed zlib)
-
-private key files
-   ``pkcs8`` encoded (what openssh uses)
-
-If you need something that is not implemented, it shouldn't be too hard to add (do contribute it!)
-
-
-Dependencies
--------------
-
-Java 6+. slf4j_ is required. bouncycastle_ is highly recommended and required for using some of the crypto algorithms. jzlib_ is required for using zlib compression.
-
-
-Help and discussion
---------------------
-
-There is a `google group`_.
-
-
-Contributing
-------------
-
-Fork away!
-
-
-.. _slf4j: http://www.slf4j.org/download.html
-
-.. _bouncycastle: http://www.bouncycastle.org/java.html
-
-.. _jzlib: http://www.jcraft.com/jzlib/
-
-.. _`google group`: http://groups.google.com/group/sshj

build-publishing.gradle

@@ -0,0 +1,177 @@
+apply plugin: "java"
+apply plugin: "maven-publish"
+apply plugin: "signing"
+
+group = "nl.javadude"
+version = "0.10.1-SNAPSHOT"
+
+repositories {
+  mavenCentral()
+  mavenLocal()
+}
+
+configurations {
+  compile {
+    transitive = false
+  }
+  pom
+}
+
+def bouncycastleVersion = "1.50"
+
+dependencies {
+  compile "org.slf4j:slf4j-api:1.7.7"
+  compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
+  compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
+  compile "com.jcraft:jzlib:1.1.3"
+
+  testCompile "junit:junit:4.11"
+  testCompile "org.mockito:mockito-core:1.9.5"
+  testCompile "org.apache.sshd:sshd-core:0.11.0"
+  testRuntime "ch.qos.logback:logback-classic:1.1.2"
+}
+
+task javadocJar(type: Jar) {
+  classifier = 'javadoc'
+  from javadoc
+}
+
+task sourcesJar(type: Jar) {
+  classifier = 'sources'
+  from sourceSets.main.allSource
+}
+
+task generatePom(type: GenerateMavenPom) {
+  destination = file("$buildDir/generated-pom.xml")
+}
+
+artifacts {
+  archives javadocJar, sourcesJar
+  pom generatePom.destination
+}
+
+signing {
+  sign configurations.archives
+}
+
+task signPom(type: Sign) {
+  sign configurations.pom
+}
+
+def getSignatureFiles = {
+  def allFiles = project.tasks.signArchives.signatureFiles.collect { it }
+  def signedSources = allFiles.find { it.name.contains('-sources') }
+  def signedJavadoc = allFiles.find { it.name.contains('-javadoc') }
+  def signedJar = (allFiles - [signedSources, signedJavadoc])[0]
+  return [
+    [archive: signedSources, classifier: 'sources', extension: 'jar.asc'],
+    [archive: signedJavadoc, classifier: 'javadoc', extension: 'jar.asc'],
+    [archive: signedJar,     classifier: null,      extension: 'jar.asc']
+  ]
+}
+
+def getPomSignature = {
+    return project.tasks.signPom.signatureFiles.collect{it}[0]
+}
+
+
+publishing {
+  publications {
+    gpgJars(MavenPublication) {
+      getSignatureFiles().each {signature ->
+        artifact (signature.archive) {
+          classifier = signature.classifier
+          extension  = signature.extension
+        }
+      }
+    }
+    gpgPom(MavenPublication) {
+      artifact(getPomSignature()) {
+        classifier = null
+        extension = "pom.asc"
+      }
+    }
+    maven(MavenPublication) {
+      from components.java
+      artifact (javadocJar) {
+        classifier = 'javadoc'
+      }
+
+      artifact (sourcesJar) {
+        classifier = 'sources'
+      }
+
+      pom.withXml {
+        asNode().children().last() + {
+          resolveStrategy = Closure.DELEGATE_FIRST
+          name "sshj"
+          description "SSHv2 library for Java"
+          url "https://github.com/hierynomus/sshj"
+          inceptionYear "2009"
+
+          issueManagement {
+            system "github"
+            url "https://github.com/hierynomus/sshj/issues"
+          }
+
+          scm {
+            connection "scm:git:git://github.com/hierynomus/sshj.git"
+            developerConnection "scm:git:git@github.com:hierynomus/sshj.git"
+            url "https://github.com/hierynomus/sshj.git"
+          }
+
+          licenses {
+            license {
+              name "Apache 2"
+              url "http://www.apache.org/licenses/LICENSE-2.0.txt"
+              distribution "repo"
+            }
+          }
+
+          developers {
+            developer {
+              id "hierynomus"
+              name "Jeroen van Erp"
+              email "jeroen@javadude.nl"
+              roles {
+                role "Lead developer"
+              }
+            }
+            developer {
+              id "shikhar"
+              name "Shikhar Bhushan"
+              email "shikhar@schmizz.net"
+              url "http://schmizz.net"
+              roles {
+                role "Previous lead developer"
+              }
+            }
+            developer {
+              id "iterate"
+              name "David Kocher"
+              email "dkocher@iterate.ch"
+              organization "iterage GmbH"
+              organizationUrl "https://iterate.ch"
+              roles {
+                role "Developer"
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+  repositories {
+    maven {
+      url "file:/${project.projectDir}/artifacts"
+    }
+  }
+}
+
+project.afterEvaluate { p ->
+  p.tasks.publishGpgPomPublicationToMavenRepository.dependsOn("generatePom", "signPom")
+}
+
+generatePom.configure {
+  pom = publishing.publications.getByName("maven").pom
+}

build.gradle

@@ -0,0 +1,284 @@
+import java.text.SimpleDateFormat
+import com.bmuschko.gradle.docker.tasks.container.*
+import com.bmuschko.gradle.docker.tasks.image.*
+
+plugins {
+  id "java"
+  id "groovy"
+  id "jacoco"
+  id "osgi"
+  id "maven-publish"
+  id "com.bmuschko.docker-remote-api" version "3.2.1"
+  id 'pl.allegro.tech.build.axion-release' version '1.8.1'
+  id "com.github.hierynomus.license" version "0.12.1"
+  id "com.jfrog.bintray" version "1.7"
+  id 'ru.vyarus.java-lib' version '1.0.5'
+  // id 'ru.vyarus.pom' version '1.0.3'
+  id 'ru.vyarus.github-info' version '1.1.0'
+  id 'ru.vyarus.animalsniffer' version '1.4.2'
+}
+
+group = "com.hierynomus"
+
+defaultTasks "build"
+
+repositories {
+  mavenCentral()
+  maven {
+    url "https://dl.bintray.com/mockito/maven/"
+  }
+}
+
+sourceCompatibility = 1.6
+targetCompatibility = 1.6
+
+configurations.compile.transitive = false
+
+def bouncycastleVersion = "1.57"
+
+dependencies {
+  signature 'org.codehaus.mojo.signature:java16:1.1@signature'
+
+  compile "org.slf4j:slf4j-api:1.7.7"
+  compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
+  compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
+  compile "com.jcraft:jzlib:1.1.3"
+
+  compile "net.i2p.crypto:eddsa:0.2.0"
+
+  testCompile "junit:junit:4.11"
+  testCompile 'org.spockframework:spock-core:1.0-groovy-2.4'
+  testCompile "org.mockito:mockito-core:2.9.2"
+  testCompile "org.apache.sshd:sshd-core:1.2.0"
+  testRuntime "ch.qos.logback:logback-classic:1.1.2"
+  testCompile 'org.glassfish.grizzly:grizzly-http-server:2.3.17'
+  testCompile 'org.apache.httpcomponents:httpclient:4.5.2'
+
+}
+
+license {
+  header rootProject.file('LICENSE_HEADER')
+  strictCheck true
+  mapping {
+    java = 'SLASHSTAR_STYLE'
+  }
+  excludes(['**/djb/Curve25519.java', '**/sshj/common/Base64.java'])
+}
+
+scmVersion {
+  tag {
+    prefix = 'v'
+    versionSeparator = ''
+  }
+  hooks {
+    pre 'fileUpdate', [file: 'README.adoc', pattern: { v, c -> /:sshj_version: .*/}, replacement: { v, c -> ":sshj_version: $v" }]
+    pre 'commit'
+  }
+}
+
+project.version = scmVersion.version
+
+// This disables the pedantic doclint feature of JDK8
+if (JavaVersion.current().isJava8Compatible()) {
+  tasks.withType(Javadoc) {
+    options.addStringOption('Xdoclint:none', '-quiet')
+  }
+}
+
+task writeSshjVersionProperties {
+  doLast {
+    project.file("${project.buildDir}/resources/main").mkdirs()
+    project.file("${project.buildDir}/resources/main/sshj.properties").withWriter { w ->
+      w.append("sshj.version=${version}")
+    }
+  }
+}
+
+jar.dependsOn writeSshjVersionProperties
+jar {
+  manifest {
+    // please see http://bnd.bndtools.org/chapters/390-wrapping.html
+    instruction "Bundle-Description", "SSHv2 library for Java"
+    instruction "Bundle-License", "http://www.apache.org/licenses/LICENSE-2.0.txt"
+    instruction "Import-Package", "!net.schmizz.*"
+    instruction "Import-Package", "!com.hierynomus.sshj.*"
+    instruction "Import-Package", "javax.crypto*"
+    instruction "Import-Package", "!net.i2p.crypto.eddsa.math"
+    instruction "Import-Package", "net.i2p*"
+    instruction "Import-Package", "com.jcraft.jzlib*;version=\"[1.1,2)\";resolution:=optional"
+    instruction "Import-Package", "org.slf4j*;version=\"[1.7,5)\""
+    instruction "Import-Package", "org.bouncycastle*;resolution:=optional"
+    instruction "Import-Package", "org.bouncycastle.jce.provider;resolution:=optional"
+    instruction "Import-Package", "*"
+    instruction "Export-Package", "com.hierynomus.sshj.*;version=\"${project.jar.manifest.version}\""
+    instruction "Export-Package", "net.schmizz.*;version=\"${project.jar.manifest.version}\""
+  }
+}
+
+sourcesJar {
+  manifest {
+    attributes(
+      // Add the needed OSGI attributes
+      "Bundle-ManifestVersion": "2",
+      "Bundle-Name": "${project.jar.manifest.name} Source",
+      "Bundle-Version": project.jar.manifest.version,
+      "Eclipse-SourceBundle": "${project.jar.manifest.symbolicName};version=\"${project.jar.manifest.version}\";roots:=\".\"",
+      "Bundle-SymbolicName": "${project.jar.manifest.symbolicName}.source"
+    )
+  }
+}
+
+configurations {
+  integrationTestCompile.extendsFrom testCompile
+  integrationTestRuntime.extendsFrom testRuntime
+}
+
+sourceSets {
+  integrationTest {
+    groovy {
+      compileClasspath += sourceSets.main.output + sourceSets.test.output
+      runtimeClasspath += sourceSets.main.output + sourceSets.test.output
+      srcDir file('src/itest/groovy')
+    }
+    resources.srcDir file('src/itest/resources')
+  }
+}
+
+task integrationTest(type: Test) {
+  testClassesDirs = sourceSets.integrationTest.output.classesDirs
+  classpath = sourceSets.integrationTest.runtimeClasspath
+}
+
+tasks.withType(Test) {
+  testLogging {
+    exceptionFormat = 'full'
+  }
+  include "**/*Test.*"
+  include "**/*Spec.*"
+  if (!project.hasProperty("allTests")) {
+    useJUnit {
+      excludeCategories 'com.hierynomus.sshj.test.SlowTests'
+      excludeCategories 'com.hierynomus.sshj.test.KnownFailingTests'
+    }
+  }
+
+  afterSuite { descriptor, result ->
+    if (descriptor.className != null) {
+      def indicator = "\u001B[32m✓\u001b[0m"
+      if (result.failedTestCount > 0) {
+        indicator = "\u001B[31m✘\u001b[0m"
+      }
+      logger.lifecycle("$indicator Test ${descriptor.name}; Executed: ${result.testCount}/\u001B[32m${result.successfulTestCount}\u001B[0m/\u001B[31m${result.failedTestCount}\u001B[0m")
+    }
+  }
+}
+
+project.tasks.compileGroovy.onlyIf { false }
+
+github {
+  user 'hierynomus'
+  license 'Apache'
+}
+
+pom {
+  description "SSHv2 library for Java"
+  url "https://github.com/hierynomus/sshj"
+  inceptionYear "2009"
+  developers {
+    developer {
+      id "hierynomus"
+      name "Jeroen van Erp"
+      email "jeroen@javadude.nl"
+      roles {
+        role "Lead developer"
+      }
+    }
+    developer {
+      id "shikhar"
+      name "Shikhar Bhushan"
+      email "shikhar@schmizz.net"
+      url "http://schmizz.net"
+      roles {
+        role "Previous lead developer"
+      }
+    }
+    developer {
+      id "iterate"
+      name "David Kocher"
+      email "dkocher@iterate.ch"
+      organization "iterage GmbH"
+      organizationUrl "https://iterate.ch"
+      roles {
+        role "Developer"
+      }
+    }
+  }
+}
+
+if (project.hasProperty("bintrayUsername") && project.hasProperty("bintrayApiKey")) {
+  bintray {
+    user = project.property("bintrayUsername")
+    key = project.property("bintrayApiKey")
+    publish = true
+    publications = ["maven"]
+    pkg {
+      repo = "maven"
+      name = project.name
+      licenses = ["Apache-2.0"]
+      vcsUrl = "https://github.com/hierynomus/sshj.git"
+      labels = ["ssh", "sftp", "secure-shell", "network", "file-transfer"]
+      githubRepo = "hierynomus/sshj"
+      version {
+        name = project.version.toString()
+        vcsTag = "v${project.version}"
+        released = new SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss.SSSZZ').format(new Date())
+        gpg {
+          sign = true
+          passphrase = project.property("signing.password")
+        }
+        mavenCentralSync {
+          sync = true
+          user = project.property("sonatypeUsername")
+          password = project.property("sonatypePassword")
+          close = 1
+        }
+      }
+    }
+  }
+}
+
+jacocoTestReport {
+    reports {
+        xml.enabled true
+        html.enabled true
+    }
+}
+
+
+task buildItestImage(type: DockerBuildImage) {
+    inputDir = file('src/itest/docker-image')
+    tag = 'sshj/sshd-itest'
+}
+
+task createItestContainer(type: DockerCreateContainer) {
+    dependsOn buildItestImage
+    targetImageId { buildItestImage.getImageId() }
+    portBindings = ['2222:22']
+}
+
+task startItestContainer(type: DockerStartContainer) {
+    dependsOn createItestContainer
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+task stopItestContainer(type: DockerStopContainer) {
+    targetContainerId { createItestContainer.getContainerId() }
+}
+
+project.tasks.integrationTest.dependsOn(startItestContainer)
+project.tasks.integrationTest.finalizedBy(stopItestContainer)
+
+project.tasks.release.dependsOn([project.tasks.integrationTest, project.tasks.build])
+project.tasks.release.finalizedBy(project.tasks.bintrayUpload)
+project.tasks.jacocoTestReport.dependsOn(project.tasks.test)
+project.tasks.check.dependsOn(project.tasks.jacocoTestReport)

examples/pom.xml

@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright 2009 sshj contributors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.hierynomus</groupId>
+    <artifactId>sshj-examples</artifactId>
+    <packaging>jar</packaging>
+    <version>0.19.1</version>
+
+    <name>sshj-examples</name>
+    <description>Examples for SSHv2 library for Java</description>
+    <url>http://github.com/hierynomus/sshj</url>
+
+    <inceptionYear>2015</inceptionYear>
+
+    <issueManagement>
+        <system>github</system>
+        <url>http://github.com/hierynomus/sshj/issues</url>
+    </issueManagement>
+
+    <scm>
+        <connection>scm:git:git://github.com/hierynomus/sshj.git</connection>
+        <developerConnection>scm:git:git@github.com:hierynomus/sshj.git</developerConnection>
+        <url>http://github.com/hierynomus/sshj</url>
+    </scm>
+
+    <licenses>
+        <license>
+            <name>Apache 2</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.hierynomus</groupId>
+            <artifactId>sshj</artifactId>
+            <version>0.19.0</version>
+        </dependency>
+    </dependencies>
+
+
+    <developers>
+        <developer>
+            <id>hierynomus</id>
+            <name>Jeroen van Erp</name>
+            <email>jeroen@hierynomus.com</email>
+        </developer>
+        <developer>
+            <id>shikhar</id>
+            <name>Shikhar Bhushan</name>
+            <email>shikhar@schmizz.net</email>
+            <url>http://schmizz.net</url>
+        </developer>
+        <developer>
+            <id>iterate</id>
+            <name>David Kocher</name>
+            <email>dkocher@iterate.ch</email>
+            <organization>iterate GmbH</organization>
+            <organizationUrl>https://iterate.ch</organizationUrl>
+        </developer>
+    </developers>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

examples/src/main/java/net/schmizz/sshj/examples/Exec.java

@@ -1,25 +1,12 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.IOUtils;
 import net.schmizz.sshj.connection.channel.direct.Session;
 import net.schmizz.sshj.connection.channel.direct.Session.Command;
 
 import java.io.IOException;
+import java.util.concurrent.TimeUnit;
 
 /** This examples demonstrates how a remote command can be executed. */
 public class Exec {
@@ -35,12 +22,12 @@ public class Exec {
             final Session session = ssh.startSession();
             try {
                 final Command cmd = session.exec("ping -c 1 google.com");
-                System.out.print(cmd.getOutputAsString());
+                System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
+                cmd.join(5, TimeUnit.SECONDS);
                 System.out.println("\n** exit status: " + cmd.getExitStatus());
             } finally {
                 session.close();
             }
-
         } finally {
             ssh.disconnect();
         }

examples/src/main/java/net/schmizz/sshj/examples/KeepAlive.java

@@ -0,0 +1,37 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.keepalive.KeepAliveProvider;
+import net.schmizz.sshj.DefaultConfig;
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
+
+import java.io.IOException;
+import java.util.concurrent.CountDownLatch;
+
+/** This examples demonstrates how to setup keep-alive to detect connection dropping. */
+public class KeepAlive {
+
+    public static void main(String... args)
+            throws IOException, InterruptedException {
+        DefaultConfig defaultConfig = new DefaultConfig();
+        defaultConfig.setKeepAliveProvider(KeepAliveProvider.KEEP_ALIVE);
+        final SSHClient ssh = new SSHClient(defaultConfig);
+        try {
+            ssh.addHostKeyVerifier(new PromiscuousVerifier());
+            ssh.connect(args[0]);
+            ssh.getConnection().getKeepAlive().setKeepAliveInterval(5); //every 60sec
+            ssh.authPassword(args[1], args[2]);
+            Session session = ssh.startSession();
+            session.allocateDefaultPTY();
+            new CountDownLatch(1).await();
+            try {
+                session.allocateDefaultPTY();
+            } finally {
+                session.close();
+            }
+        } finally {
+            ssh.disconnect();
+        }
+    }
+}

examples/src/main/java/net/schmizz/sshj/examples/LocalPF.java

@@ -1,24 +1,11 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
+import java.net.ServerSocket;
 
 /**
  * This example demonstrates local port forwarding, i.e. when we listen on a particular address and port; and forward
@@ -41,8 +28,16 @@ public class LocalPF {
             * _We_ listen on localhost:8080 and forward all connections on to server, which then forwards it to
             * google.com:80
             */
-            ssh.newLocalPortForwarder(new InetSocketAddress("localhost", 8080), "google.com", 80)
-                    .listen();
+            final LocalPortForwarder.Parameters params
+                    = new LocalPortForwarder.Parameters("0.0.0.0", 8080, "google.com", 80);
+            final ServerSocket ss = new ServerSocket();
+            ss.setReuseAddress(true);
+            ss.bind(new InetSocketAddress(params.getLocalHost(), params.getLocalPort()));
+            try {
+                ssh.newLocalPortForwarder(params, ss).listen();
+            } finally {
+                ss.close();
+            }
 
         } finally {
             ssh.disconnect();

examples/src/main/java/net/schmizz/sshj/examples/RemotePF.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder.Forward;
@@ -46,11 +31,9 @@ public class RemotePF {
                     // where the server should listen
                     new Forward(8080),
                     // what we do with incoming connections that are forwarded to us
-                    new SocketForwardingConnectListener(new InetSocketAddress("google.com", 80)
-                    ));
+                    new SocketForwardingConnectListener(new InetSocketAddress("google.com", 80)));
 
-            client.getTransport()
-                    .setHeartbeatInterval(30);
+            client.getTransport().setHeartbeatInterval(30);
 
             // Something to hang on to so that the forwarding stays
             client.getTransport().join();

examples/src/main/java/net/schmizz/sshj/examples/RudimentaryPTY.java

@@ -1,19 +1,4 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.common.StreamCopier;
@@ -24,6 +9,7 @@ import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
 
 import java.io.File;
 import java.io.IOException;
+import net.schmizz.sshj.common.LoggerFactory;
 
 /** A very rudimentary psuedo-terminal based on console I/O. */
 class RudimentaryPTY {
@@ -48,18 +34,20 @@ class RudimentaryPTY {
 
                 final Shell shell = session.startShell();
 
-                new StreamCopier("stdout", shell.getInputStream(), System.out)
+                new StreamCopier(shell.getInputStream(), System.out, LoggerFactory.DEFAULT)
                         .bufSize(shell.getLocalMaxPacketSize())
-                        .start();
+                        .spawn("stdout");
 
-                new StreamCopier("stderr", shell.getErrorStream(), System.err)
+                new StreamCopier(shell.getErrorStream(), System.err, LoggerFactory.DEFAULT)
                         .bufSize(shell.getLocalMaxPacketSize())
-                        .start();
+                        .spawn("stderr");
 
                 // Now make System.in act as stdin. To exit, hit Ctrl+D (since that results in an EOF on System.in)
                 // This is kinda messy because java only allows console input after you hit return
                 // But this is just an example... a GUI app could implement a proper PTY
-                StreamCopier.copy(System.in, shell.getOutputStream(), shell.getRemoteMaxPacketSize(), true);
+                new StreamCopier(System.in, shell.getOutputStream(), LoggerFactory.DEFAULT)
+                        .bufSize(shell.getRemoteMaxPacketSize())
+                        .copy();
 
             } finally {
                 session.close();

examples/src/main/java/net/schmizz/sshj/examples/SCPDownload.java

@@ -0,0 +1,25 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.xfer.FileSystemFile;
+
+import java.io.IOException;
+
+/** This example demonstrates downloading of a file over SCP from the SSH server. */
+public class SCPDownload {
+
+    public static void main(String[] args)
+            throws IOException {
+        SSHClient ssh = new SSHClient();
+        // ssh.useCompression(); // Can lead to significant speedup (needs JZlib in classpath)
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSCPFileTransfer().download("test_file", new FileSystemFile("/tmp/"));
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}

examples/src/main/java/net/schmizz/sshj/examples/SCPUpload.java

@@ -1,21 +1,7 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.xfer.FileSystemFile;
 
 import java.io.File;
 import java.io.IOException;
@@ -36,10 +22,9 @@ public class SCPUpload {
             ssh.useCompression();
 
             final String src = System.getProperty("user.home") + File.separator + "test_file";
-            final String target = "/tmp/";
-            ssh.newSCPFileTransfer().upload(src, target);
+            ssh.newSCPFileTransfer().upload(new FileSystemFile(src), "/tmp/");
         } finally {
             ssh.disconnect();
         }
     }
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/SFTPDownload.java

@@ -0,0 +1,30 @@
+package net.schmizz.sshj.examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.sftp.SFTPClient;
+import net.schmizz.sshj.xfer.FileSystemFile;
+
+import java.io.IOException;
+
+/** This example demonstrates downloading of a file over SFTP from the SSH server. */
+public class SFTPDownload {
+
+    public static void main(String[] args)
+            throws IOException {
+        final SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            final SFTPClient sftp = ssh.newSFTPClient();
+            try {
+                sftp.get("test_file", new FileSystemFile("/tmp"));
+            } finally {
+                sftp.close();
+            }
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}

examples/src/main/java/net/schmizz/sshj/examples/SFTPUpload.java

@@ -1,22 +1,8 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.sftp.SFTPClient;
+import net.schmizz.sshj.xfer.FileSystemFile;
 
 import java.io.File;
 import java.io.IOException;
@@ -32,10 +18,9 @@ public class SFTPUpload {
         try {
             ssh.authPublickey(System.getProperty("user.name"));
             final String src = System.getProperty("user.home") + File.separator + "test_file";
-            final String target = "/tmp/";
             final SFTPClient sftp = ssh.newSFTPClient();
             try {
-                sftp.put(src, target);
+                sftp.put(new FileSystemFile(src), "/tmp");
             } finally {
                 sftp.close();
             }
@@ -44,4 +29,4 @@ public class SFTPUpload {
         }
     }
 
-}
+}

examples/src/main/java/net/schmizz/sshj/examples/X11.java

@@ -1,25 +1,11 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
+package net.schmizz.sshj.examples;
 
 import net.schmizz.sshj.SSHClient;
 import net.schmizz.sshj.common.StreamCopier;
 import net.schmizz.sshj.connection.channel.direct.Session;
 import net.schmizz.sshj.connection.channel.direct.Session.Command;
 import net.schmizz.sshj.connection.channel.forwarded.SocketForwardingConnectListener;
+import net.schmizz.sshj.common.LoggerFactory;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -57,8 +43,8 @@ public class X11 {
 
             final Command cmd = sess.exec("/usr/X11/bin/xcalc");
 
-            new StreamCopier("stdout", cmd.getInputStream(), System.out).start();
-            new StreamCopier("stderr", cmd.getErrorStream(), System.err).start();
+            new StreamCopier(cmd.getInputStream(), System.out, LoggerFactory.DEFAULT).spawn("stdout");
+            new StreamCopier(cmd.getErrorStream(), System.err, LoggerFactory.DEFAULT).spawn("stderr");
 
             // Wait for session & X11 channel to get closed
             ssh.getConnection().join();
@@ -67,4 +53,4 @@ public class X11 {
             ssh.disconnect();
         }
     }
-}
+}

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,6 @@
+#Fri Mar 18 11:26:35 CET 2016
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.3-all.zip

gradlew

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+esac
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched.
+if $cygwin ; then
+    [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+fi
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >&-
+APP_HOME="`pwd -P`"
+cd "$SAVED" >&-
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"

gradlew.bat

@@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windowz variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+if "%@eval[2+2]" == "4" goto 4NT_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+goto execute
+
+:4NT_args
+@rem Get arguments from the 4NT Shell from JP Software
+set CMD_LINE_ARGS=%$
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

pom.xml

@@ -1,233 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <groupId>net.schmizz</groupId>
-    <artifactId>sshj</artifactId>
-    <packaging>jar</packaging>
-    <version>0.3.0</version>
-
-    <name>sshj</name>
-    <description>SSHv2 library for Java</description>
-    <url>http://github.com/shikhar/sshj</url>
-
-    <inceptionYear>2009</inceptionYear>
-
-    <issueManagement>
-        <system>github</system>
-        <url>http://github.com/shikhar/sshj/issues</url>
-    </issueManagement>
-
-    <scm>
-        <connection>scm:git:git://github.com/shikhar/sshj.git</connection>
-        <developerConnection>scm:git:git@github.com:shikhar/sshj.git</developerConnection>
-        <url>http://github.com/shikhar/sshj</url>
-    </scm>
-
-    <licenses>
-        <license>
-            <name>Apache 2</name>
-            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-            <distribution>repo</distribution>
-        </license>
-    </licenses>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>1.6.1</version>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk16</artifactId>
-            <version>1.45</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.8.1</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.jcraft</groupId>
-            <artifactId>jzlib</artifactId>
-            <version>1.0.7</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.sshd</groupId>
-            <artifactId>sshd-core</artifactId>
-            <version>0.4.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-core</artifactId>
-            <version>0.9.24</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-classic</artifactId>
-            <version>0.9.24</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-
-    <developers>
-        <developer>
-            <id>shikhar</id>
-            <name>Shikhar Bhushan</name>
-            <email>shikhar@schmizz.net</email>
-            <url>http://schmizz.net</url>
-        </developer>
-    </developers>
-
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <excludes>
-                        <exclude>examples/*.java</exclude>
-                    </excludes>
-                    <source>1.6</source>
-                    <target>1.6</target>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-release-plugin</artifactId>
-                <version>2.0</version>
-            </plugin>
-            <plugin>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <version>2.2-beta-5</version>
-                <configuration>
-                    <descriptors>
-                        <descriptor>src/assemble/examples.xml</descriptor>
-                    </descriptors>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>make-assembly</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>single</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-source-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <configuration>
-                    <encoding>${project.build.sourceEncoding}</encoding>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>attach-javadocs</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-
-    <distributionManagement>
-        <repository>
-            <id>sonatype-nexus-staging</id>
-            <name>Nexus Release Repository</name>
-            <url>http://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-        <snapshotRepository>
-            <id>sonatype-nexus-snapshots</id>
-            <name>Sonatype Nexus Snapshots</name>
-            <url>http://oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-    </distributionManagement>
-
-    <profiles>
-        <profile>
-            <id>full-deps</id>
-            <dependencies>
-                <dependency>
-                    <groupId>org.bouncycastle</groupId>
-                    <artifactId>bcprov-jdk16</artifactId>
-                    <version>1.45</version>
-                </dependency>
-                <dependency>
-                    <groupId>com.jcraft</groupId>
-                    <artifactId>jzlib</artifactId>
-                    <version>1.0.7</version>
-                </dependency>
-                <dependency>
-                    <groupId>ch.qos.logback</groupId>
-                    <artifactId>logback-core</artifactId>
-                    <version>0.9.24</version>
-                </dependency>
-                <dependency>
-                    <groupId>ch.qos.logback</groupId>
-                    <artifactId>logback-classic</artifactId>
-                    <version>0.9.24</version>
-                </dependency>
-            </dependencies>
-        </profile>
-        <profile>
-            <id>release-sign-artifacts</id>
-            <activation>
-                <property>
-                    <name>performRelease</name>
-                    <value>true</value>
-                </property>
-            </activation>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.0</version>
-                        <configuration>
-                            <passphrase>${gpg.passphrase}</passphrase>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <id>sign-artifacts</id>
-                                <phase>verify</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-
-            </build>
-        </profile>
-
-    </profiles>
-
-</project>

settings.gradle

@@ -0,0 +1 @@
+rootProject.name = "sshj"

src/assemble/examples.xml

@@ -1,15 +0,0 @@
-<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-          xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-    <id>examples</id>
-    <formats>
-        <format>zip</format>
-    </formats>
-    <fileSets>
-        <fileSet>
-            <directory>src/main/java/examples</directory>
-            <includes/>
-            <outputDirectory>examples</outputDirectory>
-        </fileSet>
-    </fileSets>
-</assembly>

src/etc/license-header

@@ -0,0 +1,13 @@
+Copyright ${project.inceptionYear} ${owner}
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

src/itest/docker-image/Dockerfile

@@ -0,0 +1,16 @@
+FROM sickp/alpine-sshd:7.5
+
+ADD id_rsa.pub /home/sshj/.ssh/authorized_keys
+
+ADD test-container/ssh_host_ecdsa_key     /etc/ssh/ssh_host_ecdsa_key
+ADD test-container/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
+
+RUN \
+  echo "root:smile" | chpasswd && \
+  adduser -D -s /bin/ash sshj && \
+  passwd -u sshj && \
+  chmod 600 /home/sshj/.ssh/authorized_keys && \
+  chmod 600 /etc/ssh/ssh_host_ecdsa_key && \
+  chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub && \
+  chown -R sshj:sshj /home/sshj
+

src/itest/docker-image/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase

src/itest/docker-image/test-container/ssh_host_ecdsa_key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOpOBFjqe0hjK/hs4WZ3dZqnzanq1L3/JbvV1TCkbe4ToAoGCCqGSM49
+AwEHoUQDQgAEVzkrS7Yj0nXML7A3mE08YDthfBR/ZbyYJDIq1vTzcqs6KTaCT529
+swNXWLHO+mbHviZcRiI57ULXHZ1emom/Jw==
+-----END EC PRIVATE KEY-----

src/itest/docker-image/test-container/ssh_host_ecdsa_key.pub

@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFc5K0u2I9J1zC+wN5hNPGA7YXwUf2W8mCQyKtb083KrOik2gk+dvbMDV1ixzvpmx74mXEYiOe1C1x2dXpqJvyc= root@404b27be2bf4

src/itest/groovy/com/hierynomus/sshj/IntegrationBaseSpec.groovy

@@ -0,0 +1,36 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.verification.PromiscuousVerifier
+import spock.lang.Specification
+
+class IntegrationBaseSpec extends Specification {
+    protected static final int DOCKER_PORT = 2222;
+    protected static final String USERNAME = "sshj";
+    protected final static String SERVER_IP = System.getProperty("serverIP", "127.0.0.1");
+
+    protected static SSHClient getConnectedClient() throws IOException {
+        SSHClient sshClient = new SSHClient(new DefaultConfig());
+        sshClient.addHostKeyVerifier(new PromiscuousVerifier());
+        sshClient.connect(SERVER_IP, DOCKER_PORT);
+
+        return sshClient;
+    }
+
+}

src/itest/groovy/com/hierynomus/sshj/IntegrationSpec.groovy

@@ -0,0 +1,71 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj
+
+import net.schmizz.sshj.DefaultConfig
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.transport.TransportException
+import net.schmizz.sshj.userauth.UserAuthException
+
+class IntegrationSpec extends IntegrationBaseSpec {
+
+    def "should accept correct key"() {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d3:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3") // test-containers/ssh_host_ecdsa_key's fingerprint
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        sshClient.isConnected()
+    }
+
+    def "should decline wrong key"() throws IOException {
+        given:
+        SSHClient sshClient = new SSHClient(new DefaultConfig())
+        sshClient.addHostKeyVerifier("d4:6a:a9:52:05:ab:b5:48:dd:73:60:18:0c:3a:f0:a3")
+
+        when:
+        sshClient.connect(SERVER_IP, DOCKER_PORT)
+
+        then:
+        thrown(TransportException.class)
+    }
+
+    def "should authenticate"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+
+        then:
+        client.isAuthenticated()
+    }
+
+   def "should not authenticate with wrong key"() {
+        given:
+        SSHClient client = getConnectedClient()
+
+        when:
+        client.authPublickey("sshj", "src/test/resources/id_dsa")
+
+        then:
+        thrown(UserAuthException.class)
+        !client.isAuthenticated()
+    }
+}

src/itest/groovy/com/hierynomus/sshj/sftp/FileWriteSpec.groovy

@@ -0,0 +1,68 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.sftp
+
+import com.hierynomus.sshj.IntegrationBaseSpec
+import net.schmizz.sshj.SSHClient
+import net.schmizz.sshj.sftp.OpenMode
+import net.schmizz.sshj.sftp.RemoteFile
+import net.schmizz.sshj.sftp.SFTPClient
+
+import java.nio.charset.StandardCharsets
+
+import static org.codehaus.groovy.runtime.IOGroovyMethods.withCloseable
+
+class FileWriteSpec extends IntegrationBaseSpec {
+
+    def "should append to file (GH issue #390)"() {
+        given:
+        SSHClient client = getConnectedClient()
+        client.authPublickey("sshj", "src/test/resources/id_rsa")
+        SFTPClient sftp = client.newSFTPClient()
+        def file = "/home/sshj/test.txt"
+        def initialText = "This is the initial text.\n".getBytes(StandardCharsets.UTF_16)
+        def appendText = "And here's the appended text.\n".getBytes(StandardCharsets.UTF_16)
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT))) { RemoteFile initial ->
+            initial.write(0, initialText, 0, initialText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length]
+            read.read(0, bytes, 0, bytes.length)
+            bytes == initialText
+        }
+
+        when:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.WRITE, OpenMode.APPEND))) { RemoteFile append ->
+            append.write(0, appendText, 0, appendText.length)
+        }
+
+        then:
+        withCloseable(sftp.open(file, EnumSet.of(OpenMode.READ))) { RemoteFile read ->
+            def bytes = new byte[initialText.length + appendText.length]
+            read.read(0, bytes, 0, bytes.length)
+            Arrays.copyOfRange(bytes, 0, initialText.length) == initialText
+            Arrays.copyOfRange(bytes, initialText.length, initialText.length + appendText.length) == appendText
+        }
+
+        cleanup:
+        sftp.close()
+        client.close()
+    }
+}

src/main/java/com/hierynomus/sshj/backport/JavaVersion.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.backport;
+
+public class JavaVersion {
+    public static boolean isJava7OrEarlier() {
+        String property = System.getProperty("java.specification.version");
+        float diff = Float.parseFloat(property) - 1.7f;
+
+        return diff < 0.01;
+    }
+
+}

src/main/java/com/hierynomus/sshj/backport/Jdk7HttpProxySocket.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.backport;
+
+import net.schmizz.sshj.common.IOUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.*;
+
+public class Jdk7HttpProxySocket extends Socket {
+
+    private Proxy httpProxy = null;
+
+    public Jdk7HttpProxySocket(Proxy proxy) {
+        super(proxy.type() == Proxy.Type.HTTP ? Proxy.NO_PROXY : proxy);
+        if (proxy.type() == Proxy.Type.HTTP) {
+            this.httpProxy = proxy;
+        }
+    }
+
+    @Override
+    public void connect(SocketAddress endpoint, int timeout) throws IOException {
+        if (httpProxy != null) {
+            connectHttpProxy(endpoint, timeout);
+        } else {
+            super.connect(endpoint, timeout);
+        }
+    }
+
+    private void connectHttpProxy(SocketAddress endpoint, int timeout) throws IOException {
+        super.connect(httpProxy.address(), timeout);
+
+        if (!(endpoint instanceof InetSocketAddress)) {
+            throw new SocketException("Expected an InetSocketAddress to connect to, got: " + endpoint);
+        }
+        InetSocketAddress isa = (InetSocketAddress) endpoint;
+        String httpConnect = "CONNECT " + isa.getHostName() + ":" + isa.getPort() + " HTTP/1.0\n\n";
+        getOutputStream().write(httpConnect.getBytes(IOUtils.UTF8));
+        checkAndFlushProxyResponse();
+    }
+
+    private void checkAndFlushProxyResponse()throws IOException {
+        InputStream socketInput = getInputStream();
+        byte[] tmpBuffer = new byte[512];
+        int len = socketInput.read(tmpBuffer, 0, tmpBuffer.length);
+
+        if (len == 0) {
+            throw new SocketException("Empty response from proxy");
+        }
+
+        String proxyResponse = new String(tmpBuffer, 0, len, IOUtils.UTF8);
+
+        // Expecting HTTP/1.x 200 OK
+        if (proxyResponse.contains("200")) {
+            // Flush any outstanding message in buffer
+            if (socketInput.available() > 0) {
+                socketInput.skip(socketInput.available());
+            }
+            // Proxy Connect Successful
+        } else {
+            throw new SocketException("Fail to create Socket\nResponse was:" + proxyResponse);
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/backport/Sockets.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.backport;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.Socket;
+
+public class Sockets {
+
+    /**
+     * Java 7 and up have Socket implemented as Closeable, whereas Java6 did not have this inheritance.
+     * @param socket The socket to wrap as Closeable
+     * @return The (potentially wrapped) Socket as a Closeable.
+     */
+    public static Closeable asCloseable(final Socket socket) {
+        if (Closeable.class.isAssignableFrom(socket.getClass())) {
+            return Closeable.class.cast(socket);
+        } else {
+            return new Closeable() {
+                @Override
+                public void close() throws IOException {
+                    socket.close();
+                }
+            };
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/secg/SecgUtils.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.secg;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+
+import java.math.BigInteger;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+import java.util.Arrays;
+
+public class SecgUtils {
+    /**
+     * SECG 2.3.4 Octet String to ECPoint
+     */
+    public static ECPoint getDecoded(byte[] M, EllipticCurve curve) {
+        int elementSize = getElementSize(curve);
+        if (M.length != 2 * elementSize + 1 || M[0] != 0x04) {
+            throw new SSHRuntimeException("Invalid 'f' for Elliptic Curve " + curve.toString());
+        }
+        byte[] xBytes = new byte[elementSize];
+        byte[] yBytes = new byte[elementSize];
+        System.arraycopy(M, 1, xBytes, 0, elementSize);
+        System.arraycopy(M, 1 + elementSize, yBytes, 0, elementSize);
+        return new ECPoint(new BigInteger(1, xBytes), new BigInteger(1, yBytes));
+    }
+
+    /**
+     * SECG 2.3.3 ECPoint to Octet String
+     */
+    public static byte[] getEncoded(ECPoint point, EllipticCurve curve) {
+        int elementSize = getElementSize(curve);
+        byte[] M = new byte[2 * elementSize + 1];
+        M[0] = 0x04;
+
+        byte[] xBytes = stripLeadingZeroes(point.getAffineX().toByteArray());
+        byte[] yBytes = stripLeadingZeroes(point.getAffineY().toByteArray());
+        System.arraycopy(xBytes, 0, M, 1 + elementSize - xBytes.length, xBytes.length);
+        System.arraycopy(yBytes, 0, M, 1 + 2 * elementSize - yBytes.length, yBytes.length);
+        return M;
+    }
+
+    private static byte[] stripLeadingZeroes(byte[] bytes) {
+        int start = 0;
+        while (bytes[start] == 0x0) {
+            start++;
+        }
+
+        return Arrays.copyOfRange(bytes, start, bytes.length);
+    }
+
+    private static int getElementSize(EllipticCurve curve) {
+        int fieldSize = curve.getField().getFieldSize();
+        return (fieldSize + 7) / 8;
+    }
+
+}

src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature;
+
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+import net.schmizz.sshj.common.SSHRuntimeException;
+
+import java.util.Arrays;
+
+/**
+ * Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
+ * The code uses the equality of the keys as an indicator whether they're the same during host key verification.
+ */
+public class Ed25519PublicKey extends EdDSAPublicKey {
+
+    public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
+        super(spec);
+
+        EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
+        if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
+            throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
+        }
+    }
+
+    @Override
+    public boolean equals(Object other) {
+        if (!(other instanceof Ed25519PublicKey)) {
+            return false;
+        }
+
+        Ed25519PublicKey otherKey = (Ed25519PublicKey) other;
+        return Arrays.equals(getAbyte(), otherKey.getAbyte());
+    }
+
+    @Override
+    public int hashCode() {
+        return getA().hashCode();
+    }
+}

src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.signature;
+
+import net.i2p.crypto.eddsa.EdDSAEngine;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.signature.AbstractSignature;
+import net.schmizz.sshj.signature.Signature;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+
+public class SignatureEdDSA extends AbstractSignature {
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        @Override
+        public String getName() {
+            return KeyType.ED25519.toString();
+        }
+
+        @Override
+        public Signature create() {
+            return new SignatureEdDSA();
+        }
+    }
+
+    SignatureEdDSA() {
+        super(getEngine());
+    }
+
+    private static EdDSAEngine getEngine() {
+        try {
+            return new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
+        } catch (NoSuchAlgorithmException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    @Override
+    public byte[] encode(byte[] signature) {
+        return signature;
+    }
+
+    @Override
+    public boolean verify(byte[] sig) {
+        try {
+            return signature.verify(extractSig(sig, "ssh-ed25519"));
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/transport/IdentificationStringParser.java

@@ -0,0 +1,103 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.LoggerFactory;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+public class IdentificationStringParser {
+    private final Logger log;
+    private final Buffer.PlainBuffer buffer;
+
+    private byte[] EXPECTED_START_BYTES = new byte[] {'S', 'S', 'H', '-'};
+
+    public IdentificationStringParser(Buffer.PlainBuffer buffer) {
+	this(buffer, LoggerFactory.DEFAULT);
+    }
+
+    public IdentificationStringParser(Buffer.PlainBuffer buffer, LoggerFactory loggerFactory) {
+        this.log = loggerFactory.getLogger(IdentificationStringParser.class);
+        this.buffer = buffer;
+    }
+
+    public String parseIdentificationString() throws IOException {
+        for (;;) {
+            Buffer.PlainBuffer lineBuffer = new Buffer.PlainBuffer();
+            int lineStartPos = buffer.rpos();
+            for (;;) {
+                if (buffer.available() == 0) {
+                    buffer.rpos(lineStartPos);
+                    return "";
+                }
+                byte b = buffer.readByte();
+                lineBuffer.putByte(b);
+                if (b == '\n') {
+                    if (checkForIdentification(lineBuffer)) {
+                        return readIdentification(lineBuffer);
+                    } else {
+                        logHeaderLine(lineBuffer);
+                    }
+                    break;
+                }
+            }
+        }
+    }
+
+    private void logHeaderLine(Buffer.PlainBuffer lineBuffer) throws Buffer.BufferException {
+        byte[] bytes = new byte[lineBuffer.available()];
+        lineBuffer.readRawBytes(bytes);
+        String header = new String(bytes, 0, bytes.length - 1);
+        log.debug("Received header: {}", header);
+    }
+
+    private String readIdentification(Buffer.PlainBuffer lineBuffer) throws Buffer.BufferException, TransportException {
+        byte[] bytes = new byte[lineBuffer.available()];
+        lineBuffer.readRawBytes(bytes);
+        if (bytes.length > 255) {
+            log.error("Incorrect identification String received, line was longer than expected: {}", new String(bytes));
+            log.error("Just for good measure, bytes were: {}", ByteArrayUtils.printHex(bytes, 0, bytes.length));
+            throw new TransportException("Incorrect identification: line too long: " + ByteArrayUtils.printHex(bytes, 0, bytes.length));
+        }
+        if (bytes[bytes.length - 2] != '\r') {
+            String ident = new String(bytes, 0, bytes.length - 1);
+            log.warn("Server identification has bad line ending, was expecting a '\\r\\n' however got: '{}' (hex: {})", (char) (bytes[bytes.length - 2] & 0xFF), Integer.toHexString(bytes[bytes.length - 2] & 0xFF));
+            log.warn("Will treat the identification of this server '{}' leniently", ident);
+            return ident;
+            // log.error("Data received up til here was: {}", new String(bytes));
+            // throw new TransportException("Incorrect identification: bad line ending: " + ByteArrayUtils.toHex(bytes, 0, bytes.length));
+        }
+
+        // Strip off the \r\n
+        return new String(bytes, 0, bytes.length - 2);
+    }
+
+    private boolean checkForIdentification(Buffer.PlainBuffer lineBuffer) throws Buffer.BufferException {
+        if (lineBuffer.available() < 4) {
+            return false;
+        }
+        byte[] buf = new byte[4];
+        lineBuffer.readRawBytes(buf);
+        // Reset
+        lineBuffer.rpos(0);
+        return Arrays.equals(EXPECTED_START_BYTES, buf);
+    }
+}

src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java

@@ -0,0 +1,162 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.BlockCipher;
+import net.schmizz.sshj.transport.cipher.Cipher;
+
+/**
+ * All BlockCiphers supported by SSH according to the following RFCs:
+ *
+ * <ul>
+ *   <li>https://tools.ietf.org/html/rfc4344#section-3.1</li>
+ *   <li>https://tools.ietf.org/html/rfc4253#section-6.3</li>
+ *   <li>TODO: https://tools.ietf.org/html/rfc5647</li>
+ * </ul>
+ *
+ * Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are deprecated and scheduled to be removed.
+ */
+@SuppressWarnings("PMD.MethodNamingConventions")
+public class BlockCiphers {
+
+    public static final String COUNTER_MODE = "CTR";
+    public static final String CIPHER_BLOCK_CHAINING_MODE = "CBC";
+
+    public static Factory AES128CTR() {
+        return new Factory(16, 128, "aes128-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES192CTR() {
+        return new Factory(16, 192, "aes192-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES256CTR() {
+        return new Factory(16, 256, "aes256-ctr", "AES", COUNTER_MODE);
+    }
+    public static Factory AES128CBC() {
+        return new Factory(16, 128, "aes128-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory AES192CBC() {
+        return new Factory(16, 192, "aes192-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory AES256CBC() {
+        return new Factory(16, 256, "aes256-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory BlowfishCTR() {
+        return new Factory(8, 256, "blowfish-ctr", "Blowfish", COUNTER_MODE);
+    }
+    public static Factory BlowfishCBC() {
+        return new Factory(8, 128, "blowfish-cbc", "Blowfish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Twofish128CTR() {
+        return new Factory(16, 128, "twofish128-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish192CTR() {
+        return new Factory(16, 192, "twofish192-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish256CTR() {
+        return new Factory(16, 256, "twofish256-ctr", "Twofish", COUNTER_MODE);
+    }
+    public static Factory Twofish128CBC() {
+        return new Factory(16, 128, "twofish128-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Twofish192CBC() {
+        return new Factory(16, 192, "twofish192-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Twofish256CBC() {
+        return new Factory(16, 256, "twofish256-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory TwofishCBC() {
+        return new Factory(16, 256, "twofish-cbc", "Twofish", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent128CTR() {
+        return new Factory(16, 128, "serpent128-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent192CTR() {
+        return new Factory(16, 192, "serpent192-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent256CTR() {
+        return new Factory(16, 256, "serpent256-ctr", "Serpent", COUNTER_MODE);
+    }
+    public static Factory Serpent128CBC() {
+        return new Factory(16, 128, "serpent128-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent192CBC() {
+        return new Factory(16, 192, "serpent192-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Serpent256CBC() {
+        return new Factory(16, 256, "serpent256-cbc", "Serpent", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory IDEACTR() {
+        return new Factory(8, 128, "idea-ctr", "IDEA", COUNTER_MODE);
+    }
+    public static Factory IDEACBC() {
+        return new Factory(8, 128, "idea-cbc", "IDEA", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory Cast128CTR() {
+        return new Factory(8, 128, "cast128-ctr", "CAST5", COUNTER_MODE);
+    }
+    public static Factory Cast128CBC() {
+        return new Factory(8, 128, "cast128-cbc", "CAST5", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static Factory TripleDESCTR() {
+        return new Factory(8, 192, "3des-ctr", "DESede", COUNTER_MODE);
+    }
+    public static Factory TripleDESCBC() {
+        return new Factory(8, 192, "3des-cbc", "DESede", CIPHER_BLOCK_CHAINING_MODE);
+    }
+
+    /** Named factory for BlockCipher */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+
+        private int keysize;
+        private String cipher;
+        private String mode;
+        private String name;
+        private int ivsize;
+
+        /**
+         * @param ivsize
+         * @param keysize The keysize used in bits.
+         * @param name
+         * @param cipher
+         * @param mode
+         */
+        public Factory(int ivsize, int keysize, String name, String cipher, String mode) {
+            this.name = name;
+            this.keysize = keysize;
+            this.cipher = cipher;
+            this.mode = mode;
+            this.ivsize = ivsize;
+        }
+
+        @Override
+        public Cipher create() {
+            return new BlockCipher(ivsize, keysize / 8, cipher, cipher + "/" + mode + "/NoPadding");
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
+    }
+
+
+}

src/main/java/com/hierynomus/sshj/transport/cipher/ExtendedBlockCiphers.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher;
+
+import static com.hierynomus.sshj.transport.cipher.BlockCiphers.CIPHER_BLOCK_CHAINING_MODE;
+import static com.hierynomus.sshj.transport.cipher.BlockCiphers.COUNTER_MODE;
+
+/**
+ * Set of Block Ciphers that are (not yet) part of any of the official RFCs for SSH, but
+ * that are either supported by other SSH implementations, or are being pushed for to be
+ * included in a new RFC.
+ *
+ * - http://tools.ietf.org/id/draft-kanno-secsh-camellia-01.txt
+ */
+@SuppressWarnings("PMD.MethodNamingConventions")
+public class ExtendedBlockCiphers {
+    public static BlockCiphers.Factory Camellia128CTR() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CTR() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CTR() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-ctr", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CTROpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-ctr@openssh.org", "Camellia", COUNTER_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CBC() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia128CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 128, "camellia128-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CBC() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia192CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 192, "camellia192-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CBC() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-cbc", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+    public static BlockCiphers.Factory Camellia256CBCOpenSSHOrg() {
+        return new BlockCiphers.Factory(16, 256, "camellia256-cbc@openssh.org", "Camellia", CIPHER_BLOCK_CHAINING_MODE);
+    }
+
+
+}

src/main/java/com/hierynomus/sshj/transport/cipher/StreamCipher.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.BaseCipher;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+
+public class StreamCipher extends BaseCipher {
+
+    public StreamCipher(int bsize, String algorithm, String transformation) {
+        super(0, bsize, algorithm, transformation);
+    }
+
+    @Override
+    protected void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException {
+        cipher.init(getMode(mode), getKeySpec(key));
+    }
+}

src/main/java/com/hierynomus/sshj/transport/cipher/StreamCiphers.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.cipher;
+
+import net.schmizz.sshj.transport.cipher.Cipher;
+
+/**
+ * Implementations of the Stream Ciphers that are defined in the RFCs
+ *
+ * - https://tools.ietf.org/html/rfc4253#section-6.3
+ * - https://tools.ietf.org/html/rfc4345
+ */
+@SuppressWarnings("PMD.MethodNamingConventions")
+public class StreamCiphers {
+
+    public static Factory Arcfour() {
+        return new Factory(128, "arcfour", "ARCFOUR", "ECB");
+    }
+    public static Factory Arcfour128() {
+        return new Factory(128, "arcfour128", "RC4", "ECB");
+    }
+    public static Factory Arcfour256() {
+        return new Factory(256, "arcfour256", "RC4", "ECB");
+    }
+
+    /** Named factory for BlockCipher */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+
+        private int keysize;
+        private String cipher;
+        private String mode;
+        private String name;
+
+        /**
+         * @param keysize The keysize used in bits.
+         * @param name
+         * @param cipher
+         * @param mode
+         */
+        public Factory(int keysize, String name, String cipher, String mode) {
+            this.name = name;
+            this.keysize = keysize;
+            this.cipher = cipher;
+            this.mode = mode;
+        }
+
+        @Override
+        public Cipher create() {
+            return new StreamCipher(keysize / 8, cipher, cipher + "/" + mode + "/NoPadding");
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public String toString() {
+            return getName();
+        }
+    }
+
+}

src/main/java/com/hierynomus/sshj/transport/kex/DHG.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex;
+
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.kex.AbstractDHG;
+import net.schmizz.sshj.transport.kex.DH;
+import net.schmizz.sshj.transport.kex.DHBase;
+
+import javax.crypto.spec.DHParameterSpec;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+
+/**
+ *
+ */
+public class DHG extends AbstractDHG {
+    private BigInteger group;
+    private BigInteger generator;
+
+    public DHG(BigInteger group, BigInteger generator, Digest digest) {
+        super(new DH(), digest);
+        this.group = group;
+        this.generator = generator;
+    }
+
+    @Override
+    protected void initDH(DHBase dh) throws GeneralSecurityException {
+        dh.init(new DHParameterSpec(group, generator), trans.getConfig().getRandomFactory());
+    }
+}

src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex;
+
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.digest.SHA1;
+import net.schmizz.sshj.transport.digest.SHA256;
+import net.schmizz.sshj.transport.digest.SHA512;
+import net.schmizz.sshj.transport.kex.KeyExchange;
+
+import java.math.BigInteger;
+
+import static net.schmizz.sshj.transport.kex.DHGroupData.*;
+
+/**
+ * Factory methods for Diffie Hellmann KEX algorithms based on MODP groups / Oakley Groups
+ *
+ * - https://tools.ietf.org/html/rfc4253
+ * - https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-01
+ */
+@SuppressWarnings("PMD.MethodNamingConventions")
+public class DHGroups {
+
+    public static DHGroups.Factory Group1SHA1() {
+        return new DHGroups.Factory("diffie-hellman-group1-sha1", P1, G, new SHA1.Factory());
+    }
+
+    public static DHGroups.Factory Group14SHA1() {
+        return new DHGroups.Factory("diffie-hellman-group14-sha1", P14, G, new SHA1.Factory());
+    }
+
+    public static DHGroups.Factory Group14SHA256() {
+        return new DHGroups.Factory("diffie-hellman-group14-sha256", P14, G, new SHA256.Factory());
+    }
+
+    public static DHGroups.Factory Group15SHA512() {
+        return new DHGroups.Factory("diffie-hellman-group15-sha512", P15, G, new SHA512.Factory());
+    }
+
+    public static DHGroups.Factory Group16SHA512() {
+        return new DHGroups.Factory("diffie-hellman-group16-sha512", P16, G, new SHA512.Factory());
+    }
+
+    public static DHGroups.Factory Group17SHA512() {
+        return new DHGroups.Factory("diffie-hellman-group17-sha512", P17, G, new SHA512.Factory());
+    }
+
+    public static DHGroups.Factory Group18SHA512() {
+        return new DHGroups.Factory("diffie-hellman-group18-sha512", P18, G, new SHA512.Factory());
+    }
+
+    /**
+     * Named factory for DHG1 key exchange
+     */
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<KeyExchange> {
+
+        private String name;
+        private BigInteger group;
+        private BigInteger generator;
+        private Factory.Named<Digest> digestFactory;
+
+        public Factory(String name, BigInteger group, BigInteger generator, Named<Digest> digestFactory) {
+            this.name = name;
+            this.group = group;
+            this.generator = generator;
+            this.digestFactory = digestFactory;
+        }
+
+        @Override
+        public KeyExchange create() {
+            return new DHG(group, generator, digestFactory.create());
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+    }
+
+}

src/main/java/com/hierynomus/sshj/transport/kex/ExtendedDHGroups.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.kex;
+
+import net.schmizz.sshj.transport.digest.SHA256;
+import net.schmizz.sshj.transport.digest.SHA384;
+import net.schmizz.sshj.transport.digest.SHA512;
+
+import static net.schmizz.sshj.transport.kex.DHGroupData.*;
+
+/**
+ * Set of KEX methods that are not in official RFCs but are supported by some SSH servers.
+ */
+@SuppressWarnings("PMD.MethodNamingConventions")
+public class ExtendedDHGroups {
+    public static DHGroups.Factory Group14SHA256AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group14-sha256@ssh.com", P14, G, new SHA256.Factory());
+    }
+
+    public static DHGroups.Factory Group15SHA256() {
+        return new DHGroups.Factory("diffie-hellman-group15-sha256", P15, G, new SHA256.Factory());
+    }
+
+    public static DHGroups.Factory Group15SHA256AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group15-sha256@ssh.com", P15, G, new SHA256.Factory());
+    }
+
+    public static DHGroups.Factory Group15SHA384AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group15-sha384@ssh.com", P15, G, new SHA384.Factory());
+    }
+
+    public static DHGroups.Factory Group16SHA256() {
+        return new DHGroups.Factory("diffie-hellman-group16-sha256", P16, G, new SHA256.Factory());
+    }
+
+    public static DHGroups.Factory Group16SHA384AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group16-sha384@ssh.com", P16, G, new SHA384.Factory());
+    }
+
+    public static DHGroups.Factory Group16SHA512AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group16-sha512@ssh.com", P16, G, new SHA512.Factory());
+    }
+
+    public static DHGroups.Factory Group18SHA512AtSSH() {
+        return new DHGroups.Factory("diffie-hellman-group18-sha512@ssh.com", P18, G, new SHA512.Factory());
+    }
+}

src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java

@@ -0,0 +1,151 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.transport.verification;
+
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.transport.mac.HMACSHA1;
+import net.schmizz.sshj.transport.mac.MAC;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+public class KnownHostMatchers {
+
+    public static HostMatcher createMatcher(String hostEntry) throws SSHException {
+        if (hostEntry.contains(",")) {
+            return new AnyHostMatcher(hostEntry);
+        }
+        if (hostEntry.startsWith("!")) {
+            return new NegateHostMatcher(hostEntry);
+        }
+        if (hostEntry.startsWith("|1|")) {
+            return new HashedHostMatcher(hostEntry);
+        }
+        if (hostEntry.contains("*") || hostEntry.contains("?")) {
+            return new WildcardHostMatcher(hostEntry);
+        }
+
+        return new EquiHostMatcher(hostEntry);
+    }
+
+    public interface HostMatcher {
+        boolean match(String hostname) throws IOException;
+    }
+
+    private static class EquiHostMatcher implements HostMatcher {
+        private String host;
+
+        public EquiHostMatcher(String host) {
+            this.host = host;
+        }
+
+        @Override
+        public boolean match(String hostname) {
+            return host.equals(hostname);
+        }
+    }
+
+    private static class HashedHostMatcher implements HostMatcher {
+        private final MAC sha1 = new HMACSHA1();
+        private final String hash;
+        private final String salt;
+        private byte[] saltyBytes;
+
+        HashedHostMatcher(String hash) throws SSHException {
+            this.hash = hash;
+            final String[] hostParts = hash.split("\\|");
+            if (hostParts.length != 4) {
+                throw new SSHException("Unrecognized format for hashed hostname");
+            }
+            salt = hostParts[2];
+        }
+
+        @Override
+        public boolean match(String hostname) throws IOException {
+            return hash.equals(hashHost(hostname));
+        }
+
+        private String hashHost(String host) throws IOException {
+            sha1.init(getSaltyBytes());
+            return "|1|" + salt + "|" + Base64.encodeBytes(sha1.doFinal(host.getBytes(IOUtils.UTF8)));
+        }
+
+        private byte[] getSaltyBytes() throws IOException {
+            if (saltyBytes == null) {
+                saltyBytes = Base64.decode(salt);
+            }
+            return saltyBytes;
+        }
+
+
+    }
+
+    private static class AnyHostMatcher implements HostMatcher {
+        private final List<HostMatcher> matchers;
+
+        AnyHostMatcher(String hostEntry) throws SSHException {
+            matchers = new ArrayList<HostMatcher>();
+            for (String subEntry : hostEntry.split(",")) {
+                matchers.add(KnownHostMatchers.createMatcher(subEntry));
+            }
+        }
+
+        @Override
+        public boolean match(String hostname) throws IOException {
+            for (HostMatcher matcher : matchers) {
+                if (matcher.match(hostname)) {
+                    return true;
+                }
+            }
+            return false;
+        }
+    }
+
+    private static class NegateHostMatcher implements HostMatcher {
+        private final HostMatcher matcher;
+
+        NegateHostMatcher(String hostEntry) throws SSHException {
+            this.matcher = createMatcher(hostEntry.substring(1));
+        }
+
+        @Override
+        public boolean match(String hostname) throws IOException {
+            return !matcher.match(hostname);
+        }
+    }
+
+    private static class WildcardHostMatcher implements HostMatcher {
+        private final Pattern pattern;
+
+        public WildcardHostMatcher(String hostEntry) {
+            this.pattern = Pattern.compile("^" + hostEntry.replace("[", "\\[").replace("]", "\\]").replace(".", "\\.").replace("*", ".*").replace("?", ".") + "$");
+        }
+
+        @Override
+        public boolean match(String hostname) throws IOException {
+            return pattern.matcher(hostname).matches();
+        }
+
+        @Override
+        public String toString() {
+            return "WildcardHostMatcher[" + pattern + ']';
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/userauth/certificate/Certificate.java

@@ -0,0 +1,258 @@
+package com.hierynomus.sshj.userauth.certificate;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Certificate wrapper for public keys, created to help implement
+ * protocol described here:
+ *
+ * https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
+ *
+ * Consumed primarily by net.shmizz.sshj.common.KeyType
+ *
+ * @param <T> inner public key type
+ */
+public class Certificate<T extends PublicKey> implements PublicKey {
+    private static final long serialVersionUID = 1L;
+
+    private final T publicKey;
+    private final byte[] nonce;
+    private final BigInteger serial;
+    private final long type;
+    private final String id;
+    private final List<String> validPrincipals;
+    private final Date validAfter;
+    private final Date validBefore;
+    private final Map<String, String> critOptions;
+    private final Map<String, String> extensions;
+    private final byte[] signatureKey;
+    private final byte[] signature;
+
+    Certificate(Builder<T> builder) {
+        this.publicKey = builder.getPublicKey();
+        this.nonce = builder.getNonce();
+        this.serial = builder.getSerial();
+        this.type = builder.getType();
+        this.id = builder.getId();
+        this.validPrincipals = builder.getValidPrincipals();
+        this.validAfter = builder.getValidAfter();
+        this.validBefore = builder.getValidBefore();
+        this.critOptions = builder.getCritOptions();
+        this.extensions = builder.getExtensions();
+        this.signatureKey = builder.getSignatureKey();
+        this.signature = builder.getSignature();
+    }
+
+    public static <P extends PublicKey> Builder<P> getBuilder() {
+        return new Builder<P>();
+    }
+
+    public byte[] getNonce() {
+        return nonce;
+    }
+
+    public BigInteger getSerial() {
+        return serial;
+    }
+
+    public long getType() {
+        return type;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public List<String> getValidPrincipals() {
+        return validPrincipals;
+    }
+
+    public Date getValidAfter() {
+        return validAfter;
+    }
+
+    public Date getValidBefore() {
+        return validBefore;
+    }
+
+    public Map<String, String> getCritOptions() {
+        return critOptions;
+    }
+
+    public Map<String, String> getExtensions() {
+        return extensions;
+    }
+
+    public byte[] getSignatureKey() {
+        return signatureKey;
+    }
+
+    public byte[] getSignature() {
+        return signature;
+    }
+
+    public T getKey() {
+        return publicKey;
+    }
+
+    @Override
+    public byte[] getEncoded() {
+        return publicKey.getEncoded();
+    }
+
+    @Override
+    public String getAlgorithm() {
+        return publicKey.getAlgorithm();
+    }
+
+    @Override
+    public String getFormat() {
+        return publicKey.getFormat();
+    }
+
+    public static class Builder<T extends PublicKey> {
+        private T publicKey;
+        private byte[] nonce;
+        private BigInteger serial;
+        private long type;
+        private String id;
+        private List<String> validPrincipals;
+        private Date validAfter;
+        private Date validBefore;
+        private Map<String, String> critOptions;
+        private Map<String, String> extensions;
+        private byte[] signatureKey;
+        private byte[] signature;
+
+        public Certificate<T> build() {
+            return new Certificate<T>(this);
+        }
+
+        public T getPublicKey() {
+            return publicKey;
+        }
+
+        public Builder<T> publicKey(T publicKey) {
+            this.publicKey = publicKey;
+            return this;
+        }
+
+        public byte[] getNonce() {
+            return nonce;
+        }
+
+        public Builder<T> nonce(byte[] nonce) {
+            this.nonce = nonce;
+            return this;
+        }
+
+        public BigInteger getSerial() {
+            return serial;
+        }
+
+        public Builder<T> serial(BigInteger serial) {
+            this.serial = serial;
+            return this;
+        }
+
+        public long getType() {
+            return type;
+        }
+
+        public Builder<T> type(long type) {
+            this.type = type;
+            return this;
+        }
+
+        public String getId() {
+            return id;
+        }
+
+        public Builder<T> id(String id) {
+            this.id = id;
+            return this;
+        }
+
+        public List<String> getValidPrincipals() {
+            return validPrincipals;
+        }
+
+        public Builder<T> validPrincipals(List<String> validPrincipals) {
+            this.validPrincipals = validPrincipals;
+            return this;
+        }
+
+        public Date getValidAfter() {
+            return validAfter;
+        }
+
+        public Builder<T> validAfter(Date validAfter) {
+            this.validAfter = validAfter;
+            return this;
+        }
+
+        public Date getValidBefore() {
+            return validBefore;
+        }
+
+        public Builder<T> validBefore(Date validBefore) {
+            this.validBefore = validBefore;
+            return this;
+        }
+
+        public Map<String, String> getCritOptions() {
+            return critOptions;
+        }
+
+        public Builder<T> critOptions(Map<String, String> critOptions) {
+            this.critOptions = critOptions;
+            return this;
+        }
+
+        public Map<String, String> getExtensions() {
+            return extensions;
+        }
+
+        public Builder<T> extensions(Map<String, String> extensions) {
+            this.extensions = extensions;
+            return this;
+        }
+
+        public byte[] getSignatureKey() {
+            return signatureKey;
+        }
+
+        public Builder<T> signatureKey(byte[] signatureKey) {
+            this.signatureKey = signatureKey;
+            return this;
+        }
+
+        public byte[] getSignature() {
+            return signature;
+        }
+
+        public Builder<T> signature(byte[] signature) {
+            this.signature = signature;
+            return this;
+        }
+    }
+}

src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java

@@ -0,0 +1,158 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hierynomus.sshj.userauth.keyprovider;
+
+import net.i2p.crypto.eddsa.EdDSAPrivateKey;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.schmizz.sshj.common.*;
+import net.schmizz.sshj.common.Buffer.PlainBuffer;
+import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PublicKey;
+
+/**
+ * Reads a key file in the new OpenSSH format.
+ * The format is described in the following document: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
+ */
+public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
+    private static final Logger logger = LoggerFactory.getLogger(OpenSSHKeyV1KeyFile.class);
+    private static final String BEGIN = "-----BEGIN ";
+    private static final String END = "-----END ";
+    private static final byte[] AUTH_MAGIC = "openssh-key-v1\0".getBytes();
+    public static final String OPENSSH_PRIVATE_KEY = "OPENSSH PRIVATE KEY-----";
+
+    public static class Factory
+            implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
+
+        @Override
+        public FileKeyProvider create() {
+            return new OpenSSHKeyV1KeyFile();
+        }
+
+        @Override
+        public String getName() {
+            return KeyFormat.OpenSSHv1.name();
+        }
+    }
+
+    @Override
+    protected KeyPair readKeyPair() throws IOException {
+        BufferedReader reader = new BufferedReader(resource.getReader());
+        try {
+            if (!checkHeader(reader)) {
+                throw new IOException("This key is not in 'openssh-key-v1' format");
+            }
+
+            String keyFile = readKeyFile(reader);
+            byte[] decode = Base64.decode(keyFile);
+            PlainBuffer keyBuffer = new PlainBuffer(decode);
+            return readDecodedKeyPair(keyBuffer);
+
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        } finally {
+            IOUtils.closeQuietly(reader);
+        }
+    }
+
+    private KeyPair readDecodedKeyPair(final PlainBuffer keyBuffer) throws IOException, GeneralSecurityException {
+        byte[] bytes = new byte[AUTH_MAGIC.length];
+        keyBuffer.readRawBytes(bytes); // byte[] AUTH_MAGIC
+        if (!ByteArrayUtils.equals(bytes, 0, AUTH_MAGIC, 0, AUTH_MAGIC.length)) {
+            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
+        }
+
+        String cipherName = keyBuffer.readString(); // string ciphername
+        String kdfName = keyBuffer.readString(); // string kdfname
+        String kdfOptions = keyBuffer.readString(); // string kdfoptions
+
+        int nrKeys = keyBuffer.readUInt32AsInt(); // int number of keys N; Should be 1
+        if (nrKeys != 1) {
+            throw new IOException("We don't support having more than 1 key in the file (yet).");
+        }
+        PublicKey publicKey = readPublicKey(new PlainBuffer(keyBuffer.readBytes())); // string publickey1
+        PlainBuffer privateKeyBuffer = new PlainBuffer(keyBuffer.readBytes()); // string (possibly) encrypted, padded list of private keys
+        if ("none".equals(cipherName)) {
+            logger.debug("Reading unencrypted keypair");
+            return readUnencrypted(privateKeyBuffer, publicKey);
+        } else {
+            logger.info("Keypair is encrypted with: " + cipherName + ", " + kdfName + ", " + kdfOptions);
+            throw new IOException("Cannot read encrypted keypair with " + cipherName + " yet.");
+        }
+    }
+
+    private PublicKey readPublicKey(final PlainBuffer plainBuffer) throws Buffer.BufferException, GeneralSecurityException {
+        return KeyType.fromString(plainBuffer.readString()).readPubKeyFromBuffer(plainBuffer);
+    }
+
+    private String readKeyFile(final BufferedReader reader) throws IOException {
+        StringBuilder sb = new StringBuilder();
+        String line = reader.readLine();
+        while (!line.startsWith(END)) {
+            sb.append(line);
+            line = reader.readLine();
+        }
+        return sb.toString();
+    }
+
+    private boolean checkHeader(final BufferedReader reader) throws IOException {
+        String line = reader.readLine();
+        while (line != null && !line.startsWith(BEGIN)) {
+            line = reader.readLine();
+        }
+        line = line.substring(BEGIN.length());
+        return line.startsWith(OPENSSH_PRIVATE_KEY);
+    }
+
+    private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey publicKey) throws IOException, GeneralSecurityException {
+        int privKeyListSize = keyBuffer.available();
+        if (privKeyListSize % 8 != 0) {
+            throw new IOException("The private key section must be a multiple of the block size (8)");
+        }
+        int checkInt1 = keyBuffer.readUInt32AsInt(); // uint32 checkint1
+        int checkInt2 = keyBuffer.readUInt32AsInt(); // uint32 checkint2
+        if (checkInt1 != checkInt2) {
+            throw new IOException("The checkInts differed, the key was not correctly decoded.");
+        }
+        // The private key section contains both the public key and the private key
+        String keyType = keyBuffer.readString(); // string keytype
+        logger.info("Read key type: {}", keyType);
+
+        byte[] pubKey = keyBuffer.readBytes(); // string publickey (again...)
+        keyBuffer.readUInt32();
+        byte[] privKey = new byte[32];
+        keyBuffer.readRawBytes(privKey); // string privatekey
+        keyBuffer.readRawBytes(new byte[32]); // string publickey (again...)
+        String comment = keyBuffer.readString(); // string comment
+        byte[] padding = new byte[keyBuffer.available()];
+        keyBuffer.readRawBytes(padding); // char[] padding
+        for (int i = 0; i < padding.length; i++) {
+            if ((int) padding[i] != i + 1) {
+                throw new IOException("Padding of key format contained wrong byte at position: " + i);
+            }
+        }
+        return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
+    }
+}

src/main/java/djb/Curve25519.java

@@ -0,0 +1,918 @@
+/* Ported from C to Java by Dmitry Skiba [sahn0], 23/02/08.
+ * Original: http://cds.xs4all.nl:8081/ecdh/
+ */
+/* Generic 64-bit integer implementation of Curve25519 ECDH
+ * Written by Matthijs van Duin, 200608242056
+ * Public domain.
+ *
+ * Based on work by Daniel J Bernstein, http://cr.yp.to/ecdh.html
+ */
+package djb;
+
+public class Curve25519 {
+
+	/* key size */
+	public static final int KEY_SIZE = 32;
+	
+	/* 0 */
+	public static final byte[] ZERO = {
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+	};
+	
+	/* the prime 2^255-19 */
+	public static final byte[] PRIME = {
+		(byte)237, (byte)255, (byte)255, (byte)255,
+		(byte)255, (byte)255, (byte)255, (byte)255,
+		(byte)255, (byte)255, (byte)255, (byte)255,
+		(byte)255, (byte)255, (byte)255, (byte)255,
+		(byte)255, (byte)255, (byte)255, (byte)255,
+		(byte)255, (byte)255, (byte)255, (byte)255,
+	    (byte)255, (byte)255, (byte)255, (byte)255,
+	    (byte)255, (byte)255, (byte)255, (byte)127
+	};
+	
+	/* group order (a prime near 2^252+2^124) */
+	public static final byte[] ORDER = {
+		(byte)237, (byte)211, (byte)245, (byte)92,
+		(byte)26,  (byte)99,  (byte)18,  (byte)88,
+		(byte)214, (byte)156, (byte)247, (byte)162,
+		(byte)222, (byte)249, (byte)222, (byte)20,
+		(byte)0,   (byte)0,   (byte)0,   (byte)0, 
+		(byte)0,   (byte)0,   (byte)0,   (byte)0,
+		(byte)0,   (byte)0,   (byte)0,   (byte)0, 
+		(byte)0,   (byte)0,   (byte)0,   (byte)16
+	};
+	
+	/********* KEY AGREEMENT *********/
+	
+	/* Private key clamping
+	 *   k [out] your private key for key agreement
+	 *   k  [in]  32 random bytes
+	 */
+	public static final void clamp(byte[] k) {
+		k[31] &= 0x7F;
+		k[31] |= 0x40;
+		k[ 0] &= 0xF8;
+	}
+	
+	/* Key-pair generation
+	 *   P  [out] your public key
+	 *   s  [out] your private key for signing
+	 *   k  [out] your private key for key agreement
+	 *   k  [in]  32 random bytes
+	 * s may be NULL if you don't care
+	 *
+	 * WARNING: if s is not NULL, this function has data-dependent timing */
+	public static final void keygen(byte[] P, byte[] s, byte[] k) {
+		clamp(k);
+		core(P, s, k, null);
+	}
+
+	/* Key agreement
+	 *   Z  [out] shared secret (needs hashing before use)
+	 *   k  [in]  your private key for key agreement
+	 *   P  [in]  peer's public key
+	 */
+	public static final void curve(byte[] Z, byte[] k, byte[] P) {
+		core(Z, null, k, P);
+	}
+	
+	/********* DIGITAL SIGNATURES *********/
+
+	/* deterministic EC-KCDSA
+	 *
+	 *    s is the private key for signing
+	 *    P is the corresponding public key
+	 *    Z is the context data (signer public key or certificate, etc)
+	 *
+	 * signing:
+	 *
+	 *    m = hash(Z, message)
+	 *    x = hash(m, s)
+	 *    keygen25519(Y, NULL, x);
+	 *    r = hash(Y);
+	 *    h = m XOR r
+	 *    sign25519(v, h, x, s);
+	 *
+	 *    output (v,r) as the signature
+	 *
+	 * verification:
+	 *
+	 *    m = hash(Z, message);
+	 *    h = m XOR r
+	 *    verify25519(Y, v, h, P)
+	 *
+	 *    confirm  r == hash(Y)
+	 *
+	 * It would seem to me that it would be simpler to have the signer directly do 
+	 * h = hash(m, Y) and send that to the recipient instead of r, who can verify 
+	 * the signature by checking h == hash(m, Y).  If there are any problems with 
+	 * such a scheme, please let me know.
+	 *
+	 * Also, EC-KCDSA (like most DS algorithms) picks x random, which is a waste of 
+	 * perfectly good entropy, but does allow Y to be calculated in advance of (or 
+	 * parallel to) hashing the message.
+	 */
+	
+	/* Signature generation primitive, calculates (x-h)s mod q
+	 *   v  [out] signature value
+	 *   h  [in]  signature hash (of message, signature pub key, and context data)
+	 *   x  [in]  signature private key
+	 *   s  [in]  private key for signing
+	 * returns true on success, false on failure (use different x or h)
+	 */
+	public static final boolean sign(byte[] v, byte[] h, byte[] x, byte[] s) {
+		// v = (x - h) s  mod q
+		int w, i;
+		byte[] h1 = new byte[32], x1 = new byte[32];
+		byte[] tmp1 = new byte[64];
+		byte[] tmp2 = new byte[64];
+
+		// Don't clobber the arguments, be nice!
+		cpy32(h1, h);
+		cpy32(x1, x);
+
+		// Reduce modulo group order
+		byte[] tmp3=new byte[32];
+		divmod(tmp3, h1, 32, ORDER, 32);
+		divmod(tmp3, x1, 32, ORDER, 32);
+
+		// v = x1 - h1
+		// If v is negative, add the group order to it to become positive.
+		// If v was already positive we don't have to worry about overflow
+		// when adding the order because v < ORDER and 2*ORDER < 2^256
+		mula_small(v, x1, 0, h1, 32, -1);
+		mula_small(v, v , 0, ORDER, 32, 1);
+
+		// tmp1 = (x-h)*s mod q
+		mula32(tmp1, v, s, 32, 1);
+		divmod(tmp2, tmp1, 64, ORDER, 32);
+
+		for (w = 0, i = 0; i < 32; i++)
+			w |= v[i] = tmp1[i];
+		return w != 0;
+	}
+
+	/* Signature verification primitive, calculates Y = vP + hG
+	 *   Y  [out] signature public key
+	 *   v  [in]  signature value
+	 *   h  [in]  signature hash
+	 *   P  [in]  public key
+	 */
+	public static final void verify(byte[] Y, byte[] v, byte[] h, byte[] P) {
+		/* Y = v abs(P) + h G  */
+		byte[] d=new byte[32];
+	    long10[] 
+	        p=new long10[]{new long10(),new long10()},
+	    	s=new long10[]{new long10(),new long10()},
+		    yx=new long10[]{new long10(),new long10(),new long10()},
+		    yz=new long10[]{new long10(),new long10(),new long10()},
+		    t1=new long10[]{new long10(),new long10(),new long10()},
+		    t2=new long10[]{new long10(),new long10(),new long10()};
+		
+		int vi = 0, hi = 0, di = 0, nvh=0, i, j, k;
+
+		/* set p[0] to G and p[1] to P  */
+
+		set(p[0], 9);
+		unpack(p[1], P);
+
+		/* set s[0] to P+G and s[1] to P-G  */
+
+		/* s[0] = (Py^2 + Gy^2 - 2 Py Gy)/(Px - Gx)^2 - Px - Gx - 486662  */
+		/* s[1] = (Py^2 + Gy^2 + 2 Py Gy)/(Px - Gx)^2 - Px - Gx - 486662  */
+
+		x_to_y2(t1[0], t2[0], p[1]);	/* t2[0] = Py^2  */
+		sqrt(t1[0], t2[0]);	/* t1[0] = Py or -Py  */
+		j = is_negative(t1[0]);		/*      ... check which  */
+		t2[0]._0 += 39420360;		/* t2[0] = Py^2 + Gy^2  */
+		mul(t2[1], BASE_2Y, t1[0]);/* t2[1] = 2 Py Gy or -2 Py Gy  */
+		sub(t1[j], t2[0], t2[1]);	/* t1[0] = Py^2 + Gy^2 - 2 Py Gy  */
+		add(t1[1-j], t2[0], t2[1]);/* t1[1] = Py^2 + Gy^2 + 2 Py Gy  */
+		cpy(t2[0], p[1]);		/* t2[0] = Px  */
+		t2[0]._0 -= 9;			/* t2[0] = Px - Gx  */
+		sqr(t2[1], t2[0]);		/* t2[1] = (Px - Gx)^2  */
+		recip(t2[0], t2[1], 0);	/* t2[0] = 1/(Px - Gx)^2  */
+		mul(s[0], t1[0], t2[0]);	/* s[0] = t1[0]/(Px - Gx)^2  */
+		sub(s[0], s[0], p[1]);	/* s[0] = t1[0]/(Px - Gx)^2 - Px  */
+		s[0]._0 -= 9 + 486662;		/* s[0] = X(P+G)  */
+		mul(s[1], t1[1], t2[0]);	/* s[1] = t1[1]/(Px - Gx)^2  */
+		sub(s[1], s[1], p[1]);	/* s[1] = t1[1]/(Px - Gx)^2 - Px  */
+		s[1]._0 -= 9 + 486662;		/* s[1] = X(P-G)  */
+		mul_small(s[0], s[0], 1);	/* reduce s[0] */
+		mul_small(s[1], s[1], 1);	/* reduce s[1] */
+
+
+		/* prepare the chain  */
+		for (i = 0; i < 32; i++) {
+			vi = (vi >> 8) ^ (v[i] & 0xFF) ^ ((v[i] & 0xFF) << 1);
+			hi = (hi >> 8) ^ (h[i] & 0xFF) ^ ((h[i] & 0xFF) << 1);
+			nvh = ~(vi ^ hi);
+			di = (nvh & (di & 0x80) >> 7) ^ vi;
+			di ^= nvh & (di & 0x01) << 1;
+			di ^= nvh & (di & 0x02) << 1;
+			di ^= nvh & (di & 0x04) << 1;
+			di ^= nvh & (di & 0x08) << 1;
+			di ^= nvh & (di & 0x10) << 1;
+			di ^= nvh & (di & 0x20) << 1;
+			di ^= nvh & (di & 0x40) << 1;
+			d[i] = (byte)di;
+		}
+
+		di = ((nvh & (di & 0x80) << 1) ^ vi) >> 8;
+
+		/* initialize state */
+		set(yx[0], 1);
+		cpy(yx[1], p[di]);
+		cpy(yx[2], s[0]);
+		set(yz[0], 0);
+		set(yz[1], 1);
+		set(yz[2], 1);
+
+		/* y[0] is (even)P + (even)G
+		 * y[1] is (even)P + (odd)G  if current d-bit is 0
+		 * y[1] is (odd)P + (even)G  if current d-bit is 1
+		 * y[2] is (odd)P + (odd)G
+		 */
+
+		vi = 0;
+		hi = 0;
+
+		/* and go for it! */
+		for (i = 32; i--!=0; ) {
+			vi = (vi << 8) | (v[i] & 0xFF);
+			hi = (hi << 8) | (h[i] & 0xFF);
+			di = (di << 8) | (d[i] & 0xFF);
+
+			for (j = 8; j--!=0; ) {
+				mont_prep(t1[0], t2[0], yx[0], yz[0]);
+				mont_prep(t1[1], t2[1], yx[1], yz[1]);
+				mont_prep(t1[2], t2[2], yx[2], yz[2]);
+
+				k = ((vi ^ vi >> 1) >> j & 1)
+				  + ((hi ^ hi >> 1) >> j & 1);
+				mont_dbl(yx[2], yz[2], t1[k], t2[k], yx[0], yz[0]);
+
+				k = (di >> j & 2) ^ ((di >> j & 1) << 1);
+				mont_add(t1[1], t2[1], t1[k], t2[k], yx[1], yz[1],
+						p[di >> j & 1]);
+
+				mont_add(t1[2], t2[2], t1[0], t2[0], yx[2], yz[2],
+						s[((vi ^ hi) >> j & 2) >> 1]);
+			}
+		}
+
+		k = (vi & 1) + (hi & 1);
+		recip(t1[0], yz[k], 0);
+		mul(t1[1], yx[k], t1[0]);
+
+		pack(t1[1], Y);
+	}
+	
+	/////////////////////////////////////////////////////////////////////////// 
+	
+	/* sahn0:
+	 * Using this class instead of long[10] to avoid bounds checks. */
+	private static final class long10 {
+		public long10() {}
+		public long10(
+			long _0, long _1, long _2, long _3, long _4,
+			long _5, long _6, long _7, long _8, long _9)
+		{
+			this._0=_0; this._1=_1; this._2=_2;
+			this._3=_3; this._4=_4; this._5=_5;
+			this._6=_6; this._7=_7; this._8=_8;
+			this._9=_9;
+		}
+		public long _0,_1,_2,_3,_4,_5,_6,_7,_8,_9;
+	}
+	
+	/********************* radix 2^8 math *********************/
+	
+	private static final void cpy32(byte[] d, byte[] s) {
+		int i;
+		for (i = 0; i < 32; i++)
+			d[i] = s[i];
+	}
+	
+	/* p[m..n+m-1] = q[m..n+m-1] + z * x */
+	/* n is the size of x */
+	/* n+m is the size of p and q */
+	private static final int mula_small(byte[] p,byte[] q,int m,byte[] x,int n,int z) {
+		int v=0;
+		for (int i=0;i<n;++i) {
+			v+=(q[i+m] & 0xFF)+z*(x[i] & 0xFF);
+			p[i+m]=(byte)v;
+			v>>=8;
+		}
+		return v;		
+	}
+	
+	/* p += x * y * z  where z is a small integer
+	 * x is size 32, y is size t, p is size 32+t
+	 * y is allowed to overlap with p+32 if you don't care about the upper half  */
+	private static final int mula32(byte[] p, byte[] x, byte[] y, int t, int z) {
+		final int n = 31;
+		int w = 0;
+		int i = 0;
+		for (; i < t; i++) {
+			int zy = z * (y[i] & 0xFF);
+			w += mula_small(p, p, i, x, n, zy) +
+				(p[i+n] & 0xFF) + zy * (x[n] & 0xFF);
+			p[i+n] = (byte)w;
+			w >>= 8;
+		}
+		p[i+n] = (byte)(w + (p[i+n] & 0xFF));
+		return w >> 8;
+	}
+	
+	/* divide r (size n) by d (size t), returning quotient q and remainder r
+	 * quotient is size n-t+1, remainder is size t
+	 * requires t > 0 && d[t-1] != 0
+	 * requires that r[-1] and d[-1] are valid memory locations
+	 * q may overlap with r+t */
+	private static final void divmod(byte[] q, byte[] r, int n, byte[] d, int t) {
+		int rn = 0;
+		int dt = ((d[t-1] & 0xFF) << 8);
+		if (t>1) {
+			dt |= (d[t-2] & 0xFF);
+		}
+		while (n-- >= t) {
+			int z = (rn << 16) | ((r[n] & 0xFF) << 8);
+			if (n>0) {
+				z |= (r[n-1] & 0xFF);
+			}
+			z/=dt;
+			rn += mula_small(r,r, n-t+1, d, t, -z);
+			q[n-t+1] = (byte)((z + rn) & 0xFF); /* rn is 0 or -1 (underflow) */
+			mula_small(r,r, n-t+1, d, t, -rn);
+			rn = (r[n] & 0xFF);
+			r[n] = 0;
+		}
+		r[t-1] = (byte)rn;
+	}
+	
+	private static final int numsize(byte[] x,int n) {
+		while (n--!=0 && x[n]==0)
+			;
+		return n+1;
+	}
+	
+	/* Returns x if a contains the gcd, y if b.
+	 * Also, the returned buffer contains the inverse of a mod b,
+	 * as 32-byte signed.
+	 * x and y must have 64 bytes space for temporary use.
+	 * requires that a[-1] and b[-1] are valid memory locations  */
+	private static final byte[] egcd32(byte[] x,byte[] y,byte[] a,byte[] b) {
+		int an, bn = 32, qn, i;
+		for (i = 0; i < 32; i++)
+			x[i] = y[i] = 0;
+		x[0] = 1;
+		an = numsize(a, 32);
+		if (an==0)
+			return y;	/* division by zero */
+		byte[] temp=new byte[32];
+		while (true) {
+			qn = bn - an + 1;
+			divmod(temp, b, bn, a, an);
+			bn = numsize(b, bn);
+			if (bn==0)
+				return x;
+			mula32(y, x, temp, qn, -1);
+
+			qn = an - bn + 1;
+			divmod(temp, a, an, b, bn);
+			an = numsize(a, an);
+			if (an==0)
+				return y;
+			mula32(x, y, temp, qn, -1);
+		}
+	}
+	
+	/********************* radix 2^25.5 GF(2^255-19) math *********************/	
+	
+	private static final int P25=33554431;	/* (1 << 25) - 1 */
+	private static final int P26=67108863;	/* (1 << 26) - 1 */
+	
+	/* Convert to internal format from little-endian byte format */
+	private static final void unpack(long10 x,byte[] m) {
+		x._0 = ((m[0] & 0xFF))         | ((m[1] & 0xFF))<<8 |
+				(m[2] & 0xFF)<<16      | ((m[3] & 0xFF)& 3)<<24;
+		x._1 = ((m[3] & 0xFF)&~ 3)>>2  | (m[4] & 0xFF)<<6 |
+				(m[5] & 0xFF)<<14 | ((m[6] & 0xFF)& 7)<<22;
+		x._2 = ((m[6] & 0xFF)&~ 7)>>3  | (m[7] & 0xFF)<<5 |
+				(m[8] & 0xFF)<<13 | ((m[9] & 0xFF)&31)<<21;
+		x._3 = ((m[9] & 0xFF)&~31)>>5  | (m[10] & 0xFF)<<3 |
+				(m[11] & 0xFF)<<11 | ((m[12] & 0xFF)&63)<<19;
+		x._4 = ((m[12] & 0xFF)&~63)>>6 | (m[13] & 0xFF)<<2 |
+				(m[14] & 0xFF)<<10 |  (m[15] & 0xFF)    <<18;
+		x._5 =  (m[16] & 0xFF)         | (m[17] & 0xFF)<<8 |
+				(m[18] & 0xFF)<<16 | ((m[19] & 0xFF)& 1)<<24;
+		x._6 = ((m[19] & 0xFF)&~ 1)>>1 | (m[20] & 0xFF)<<7 |
+				(m[21] & 0xFF)<<15 | ((m[22] & 0xFF)& 7)<<23;
+		x._7 = ((m[22] & 0xFF)&~ 7)>>3 | (m[23] & 0xFF)<<5 |
+				(m[24] & 0xFF)<<13 | ((m[25] & 0xFF)&15)<<21;
+		x._8 = ((m[25] & 0xFF)&~15)>>4 | (m[26] & 0xFF)<<4 |
+				(m[27] & 0xFF)<<12 | ((m[28] & 0xFF)&63)<<20;
+		x._9 = ((m[28] & 0xFF)&~63)>>6 | (m[29] & 0xFF)<<2 |
+				(m[30] & 0xFF)<<10 |  (m[31] & 0xFF)    <<18;
+	}
+	
+	/* Check if reduced-form input >= 2^255-19 */
+	private static final boolean is_overflow(long10 x) {
+		return (
+			((x._0 > P26-19)) &&
+			((x._1 & x._3 & x._5 & x._7 & x._9) == P25) &&
+			((x._2 & x._4 & x._6 & x._8) == P26)
+			) || (x._9 > P25);
+	}
+	
+	/* Convert from internal format to little-endian byte format.  The 
+	 * number must be in a reduced form which is output by the following ops:
+	 *     unpack, mul, sqr
+	 *     set --  if input in range 0 .. P25
+	 * If you're unsure if the number is reduced, first multiply it by 1.  */
+	private static final void pack(long10 x,byte[] m) {
+		int ld = 0, ud = 0;
+		long t;
+		ld = (is_overflow(x)?1:0) - ((x._9 < 0)?1:0);
+		ud = ld * -(P25+1);
+		ld *= 19;
+		t = ld + x._0 + (x._1 << 26);
+		m[ 0] = (byte)t;
+		m[ 1] = (byte)(t >> 8);
+		m[ 2] = (byte)(t >> 16);
+		m[ 3] = (byte)(t >> 24);
+		t = (t >> 32) + (x._2 << 19);
+		m[ 4] = (byte)t;
+		m[ 5] = (byte)(t >> 8);
+		m[ 6] = (byte)(t >> 16);
+		m[ 7] = (byte)(t >> 24);
+		t = (t >> 32) + (x._3 << 13);
+		m[ 8] = (byte)t;
+		m[ 9] = (byte)(t >> 8);
+		m[10] = (byte)(t >> 16);
+		m[11] = (byte)(t >> 24);
+		t = (t >> 32) + (x._4 <<  6);
+		m[12] = (byte)t;
+		m[13] = (byte)(t >> 8);
+		m[14] = (byte)(t >> 16);
+		m[15] = (byte)(t >> 24);
+		t = (t >> 32) + x._5 + (x._6 << 25);
+		m[16] = (byte)t;
+		m[17] = (byte)(t >> 8);
+		m[18] = (byte)(t >> 16);
+		m[19] = (byte)(t >> 24);
+		t = (t >> 32) + (x._7 << 19);
+		m[20] = (byte)t;
+		m[21] = (byte)(t >> 8);
+		m[22] = (byte)(t >> 16);
+		m[23] = (byte)(t >> 24);
+		t = (t >> 32) + (x._8 << 12);
+		m[24] = (byte)t;
+		m[25] = (byte)(t >> 8);
+		m[26] = (byte)(t >> 16);
+		m[27] = (byte)(t >> 24);
+		t = (t >> 32) + ((x._9 + ud) << 6);
+		m[28] = (byte)t;
+		m[29] = (byte)(t >> 8);
+		m[30] = (byte)(t >> 16);
+		m[31] = (byte)(t >> 24);
+	}
+
+	/* Copy a number */
+	private static final void cpy(long10 out, long10 in) {
+		out._0=in._0;	out._1=in._1;
+		out._2=in._2;	out._3=in._3;
+		out._4=in._4;	out._5=in._5;
+		out._6=in._6;	out._7=in._7;
+		out._8=in._8;	out._9=in._9;		
+	}
+
+	/* Set a number to value, which must be in range -185861411 .. 185861411 */
+	private static final void set(long10 out, int in) {
+		out._0=in;	out._1=0;
+		out._2=0;	out._3=0;
+		out._4=0;	out._5=0;
+		out._6=0;	out._7=0;
+		out._8=0;	out._9=0;		
+	}
+	
+	/* Add/subtract two numbers.  The inputs must be in reduced form, and the 
+	 * output isn't, so to do another addition or subtraction on the output, 
+	 * first multiply it by one to reduce it. */
+	private static final void add(long10 xy, long10 x, long10 y) {
+		xy._0 = x._0 + y._0;	xy._1 = x._1 + y._1;
+		xy._2 = x._2 + y._2;	xy._3 = x._3 + y._3;
+		xy._4 = x._4 + y._4;	xy._5 = x._5 + y._5;
+		xy._6 = x._6 + y._6;	xy._7 = x._7 + y._7;
+		xy._8 = x._8 + y._8;	xy._9 = x._9 + y._9;
+	}
+	private static final void sub(long10 xy, long10 x, long10 y) {
+		xy._0 = x._0 - y._0;	xy._1 = x._1 - y._1;
+		xy._2 = x._2 - y._2;	xy._3 = x._3 - y._3;
+		xy._4 = x._4 - y._4;	xy._5 = x._5 - y._5;
+		xy._6 = x._6 - y._6;	xy._7 = x._7 - y._7;
+		xy._8 = x._8 - y._8;	xy._9 = x._9 - y._9;
+	}
+	
+	/* Multiply a number by a small integer in range -185861411 .. 185861411.
+	 * The output is in reduced form, the input x need not be.  x and xy may point
+	 * to the same buffer. */
+	private static final long10 mul_small(long10 xy, long10 x, long y) {
+		long t;
+		t = (x._8*y);
+		xy._8 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x._9*y);
+		xy._9 = (t & ((1 << 25) - 1));
+		t = 19 * (t >> 25) + (x._0*y);
+		xy._0 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x._1*y);
+		xy._1 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x._2*y);
+		xy._2 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x._3*y);
+		xy._3 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x._4*y);
+		xy._4 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x._5*y);
+		xy._5 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x._6*y);
+		xy._6 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x._7*y);
+		xy._7 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + xy._8;
+		xy._8 = (t & ((1 << 26) - 1));
+		xy._9 += (t >> 26);
+		return xy;
+	}
+
+	/* Multiply two numbers.  The output is in reduced form, the inputs need not 
+	 * be. */
+	private static final long10 mul(long10 xy, long10 x, long10 y) {
+		/* sahn0:
+		 * Using local variables to avoid class access.
+		 * This seem to improve performance a bit...
+		 */
+		long
+			x_0=x._0,x_1=x._1,x_2=x._2,x_3=x._3,x_4=x._4,
+			x_5=x._5,x_6=x._6,x_7=x._7,x_8=x._8,x_9=x._9;
+		long
+			y_0=y._0,y_1=y._1,y_2=y._2,y_3=y._3,y_4=y._4,
+			y_5=y._5,y_6=y._6,y_7=y._7,y_8=y._8,y_9=y._9;
+		long t;
+		t = (x_0*y_8) + (x_2*y_6) + (x_4*y_4) + (x_6*y_2) +
+			(x_8*y_0) + 2 * ((x_1*y_7) + (x_3*y_5) +
+					(x_5*y_3) + (x_7*y_1)) + 38 *
+			(x_9*y_9);
+		xy._8 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x_0*y_9) + (x_1*y_8) + (x_2*y_7) +
+			(x_3*y_6) + (x_4*y_5) + (x_5*y_4) +
+			(x_6*y_3) + (x_7*y_2) + (x_8*y_1) +
+			(x_9*y_0);
+		xy._9 = (t & ((1 << 25) - 1));
+		t = (x_0*y_0) + 19 * ((t >> 25) + (x_2*y_8) + (x_4*y_6)
+				+ (x_6*y_4) + (x_8*y_2)) + 38 *
+			((x_1*y_9) + (x_3*y_7) + (x_5*y_5) +
+			 (x_7*y_3) + (x_9*y_1));
+		xy._0 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x_0*y_1) + (x_1*y_0) + 19 * ((x_2*y_9)
+				+ (x_3*y_8) + (x_4*y_7) + (x_5*y_6) +
+				(x_6*y_5) + (x_7*y_4) + (x_8*y_3) +
+				(x_9*y_2));
+		xy._1 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x_0*y_2) + (x_2*y_0) + 19 * ((x_4*y_8)
+				+ (x_6*y_6) + (x_8*y_4)) + 2 * (x_1*y_1)
+				+ 38 * ((x_3*y_9) + (x_5*y_7) +
+						(x_7*y_5) + (x_9*y_3));
+		xy._2 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x_0*y_3) + (x_1*y_2) + (x_2*y_1) +
+			(x_3*y_0) + 19 * ((x_4*y_9) + (x_5*y_8) +
+					(x_6*y_7) + (x_7*y_6) +
+					(x_8*y_5) + (x_9*y_4));
+		xy._3 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x_0*y_4) + (x_2*y_2) + (x_4*y_0) + 19 *
+			((x_6*y_8) + (x_8*y_6)) + 2 * ((x_1*y_3) +
+								 (x_3*y_1)) + 38 *
+			((x_5*y_9) + (x_7*y_7) + (x_9*y_5));
+		xy._4 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x_0*y_5) + (x_1*y_4) + (x_2*y_3) +
+			(x_3*y_2) + (x_4*y_1) + (x_5*y_0) + 19 *
+			((x_6*y_9) + (x_7*y_8) + (x_8*y_7) +
+			 (x_9*y_6));
+		xy._5 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x_0*y_6) + (x_2*y_4) + (x_4*y_2) +
+			(x_6*y_0) + 19 * (x_8*y_8) + 2 * ((x_1*y_5) +
+					(x_3*y_3) + (x_5*y_1)) + 38 *
+			((x_7*y_9) + (x_9*y_7));
+		xy._6 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + (x_0*y_7) + (x_1*y_6) + (x_2*y_5) +
+			(x_3*y_4) + (x_4*y_3) + (x_5*y_2) +
+			(x_6*y_1) + (x_7*y_0) + 19 * ((x_8*y_9) +
+					(x_9*y_8));
+		xy._7 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + xy._8;
+		xy._8 = (t & ((1 << 26) - 1));
+		xy._9 += (t >> 26);
+		return xy;
+	}
+
+	/* Square a number.  Optimization of  mul25519(x2, x, x)  */
+	private static final long10 sqr(long10 x2, long10 x) {
+		long
+			x_0=x._0,x_1=x._1,x_2=x._2,x_3=x._3,x_4=x._4,
+			x_5=x._5,x_6=x._6,x_7=x._7,x_8=x._8,x_9=x._9;
+		long t;
+		t = (x_4*x_4) + 2 * ((x_0*x_8) + (x_2*x_6)) + 38 *
+			(x_9*x_9) + 4 * ((x_1*x_7) + (x_3*x_5));
+		x2._8 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + 2 * ((x_0*x_9) + (x_1*x_8) + (x_2*x_7) +
+				(x_3*x_6) + (x_4*x_5));
+		x2._9 = (t & ((1 << 25) - 1));
+		t = 19 * (t >> 25) + (x_0*x_0) + 38 * ((x_2*x_8) +
+				(x_4*x_6) + (x_5*x_5)) + 76 * ((x_1*x_9)
+				+ (x_3*x_7));
+		x2._0 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + 2 * (x_0*x_1) + 38 * ((x_2*x_9) +
+				(x_3*x_8) + (x_4*x_7) + (x_5*x_6));
+		x2._1 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + 19 * (x_6*x_6) + 2 * ((x_0*x_2) +
+				(x_1*x_1)) + 38 * (x_4*x_8) + 76 *
+				((x_3*x_9) + (x_5*x_7));
+		x2._2 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + 2 * ((x_0*x_3) + (x_1*x_2)) + 38 *
+			((x_4*x_9) + (x_5*x_8) + (x_6*x_7));
+		x2._3 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + (x_2*x_2) + 2 * (x_0*x_4) + 38 *
+			((x_6*x_8) + (x_7*x_7)) + 4 * (x_1*x_3) + 76 *
+			(x_5*x_9);
+		x2._4 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + 2 * ((x_0*x_5) + (x_1*x_4) + (x_2*x_3))
+			+ 38 * ((x_6*x_9) + (x_7*x_8));
+		x2._5 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + 19 * (x_8*x_8) + 2 * ((x_0*x_6) +
+				(x_2*x_4) + (x_3*x_3)) + 4 * (x_1*x_5) +
+				76 * (x_7*x_9);
+		x2._6 = (t & ((1 << 26) - 1));
+		t = (t >> 26) + 2 * ((x_0*x_7) + (x_1*x_6) + (x_2*x_5) +
+				(x_3*x_4)) + 38 * (x_8*x_9);
+		x2._7 = (t & ((1 << 25) - 1));
+		t = (t >> 25) + x2._8;
+		x2._8 = (t & ((1 << 26) - 1));
+		x2._9 += (t >> 26);
+		return x2;
+	}
+	
+	/* Calculates a reciprocal.  The output is in reduced form, the inputs need not 
+	 * be.  Simply calculates  y = x^(p-2)  so it's not too fast. */
+	/* When sqrtassist is true, it instead calculates y = x^((p-5)/8) */
+	private static final void recip(long10 y, long10 x, int sqrtassist) {
+		long10
+		    t0=new long10(),
+			t1=new long10(),
+			t2=new long10(),
+			t3=new long10(),
+			t4=new long10();
+		int i;
+		/* the chain for x^(2^255-21) is straight from djb's implementation */
+		sqr(t1, x);	/*  2 == 2 * 1	*/
+		sqr(t2, t1);	/*  4 == 2 * 2	*/
+		sqr(t0, t2);	/*  8 == 2 * 4	*/
+		mul(t2, t0, x);	/*  9 == 8 + 1	*/
+		mul(t0, t2, t1);	/* 11 == 9 + 2	*/
+		sqr(t1, t0);	/* 22 == 2 * 11	*/
+		mul(t3, t1, t2);	/* 31 == 22 + 9
+					== 2^5   - 2^0	*/
+		sqr(t1, t3);	/* 2^6   - 2^1	*/
+		sqr(t2, t1);	/* 2^7   - 2^2	*/
+		sqr(t1, t2);	/* 2^8   - 2^3	*/
+		sqr(t2, t1);	/* 2^9   - 2^4	*/
+		sqr(t1, t2);	/* 2^10  - 2^5	*/
+		mul(t2, t1, t3);	/* 2^10  - 2^0	*/
+		sqr(t1, t2);	/* 2^11  - 2^1	*/
+		sqr(t3, t1);	/* 2^12  - 2^2	*/
+		for (i = 1; i < 5; i++) {
+			sqr(t1, t3);
+			sqr(t3, t1);
+		} /* t3 */		/* 2^20  - 2^10	*/
+		mul(t1, t3, t2);	/* 2^20  - 2^0	*/
+		sqr(t3, t1);	/* 2^21  - 2^1	*/
+		sqr(t4, t3);	/* 2^22  - 2^2	*/
+		for (i = 1; i < 10; i++) {
+			sqr(t3, t4);
+			sqr(t4, t3);
+		} /* t4 */		/* 2^40  - 2^20	*/
+		mul(t3, t4, t1);	/* 2^40  - 2^0	*/
+		for (i = 0; i < 5; i++) {
+			sqr(t1, t3);
+			sqr(t3, t1);
+		} /* t3 */		/* 2^50  - 2^10	*/
+		mul(t1, t3, t2);	/* 2^50  - 2^0	*/
+		sqr(t2, t1);	/* 2^51  - 2^1	*/
+		sqr(t3, t2);	/* 2^52  - 2^2	*/
+		for (i = 1; i < 25; i++) {
+			sqr(t2, t3);
+			sqr(t3, t2);
+		} /* t3 */		/* 2^100 - 2^50 */
+		mul(t2, t3, t1);	/* 2^100 - 2^0	*/
+		sqr(t3, t2);	/* 2^101 - 2^1	*/
+		sqr(t4, t3);	/* 2^102 - 2^2	*/
+		for (i = 1; i < 50; i++) {
+			sqr(t3, t4);
+			sqr(t4, t3);
+		} /* t4 */		/* 2^200 - 2^100 */
+		mul(t3, t4, t2);	/* 2^200 - 2^0	*/
+		for (i = 0; i < 25; i++) {
+			sqr(t4, t3);
+			sqr(t3, t4);
+		} /* t3 */		/* 2^250 - 2^50	*/
+		mul(t2, t3, t1);	/* 2^250 - 2^0	*/
+		sqr(t1, t2);	/* 2^251 - 2^1	*/
+		sqr(t2, t1);	/* 2^252 - 2^2	*/
+		if (sqrtassist!=0) {
+			mul(y, x, t2);	/* 2^252 - 3 */
+		} else {
+			sqr(t1, t2);	/* 2^253 - 2^3	*/
+			sqr(t2, t1);	/* 2^254 - 2^4	*/
+			sqr(t1, t2);	/* 2^255 - 2^5	*/
+			mul(y, t1, t0);	/* 2^255 - 21	*/
+		}
+	}
+	
+	/* checks if x is "negative", requires reduced input */
+	private static final int is_negative(long10 x) {
+		return (int)(((is_overflow(x) || (x._9 < 0))?1:0) ^ (x._0 & 1));
+	}
+	
+	/* a square root */
+	private static final void sqrt(long10 x, long10 u) {
+		long10 v=new long10(), t1=new long10(), t2=new long10();
+		add(t1, u, u);	/* t1 = 2u		*/
+		recip(v, t1, 1);	/* v = (2u)^((p-5)/8)	*/
+		sqr(x, v);		/* x = v^2		*/
+		mul(t2, t1, x);	/* t2 = 2uv^2		*/
+		t2._0--;		/* t2 = 2uv^2-1		*/
+		mul(t1, v, t2);	/* t1 = v(2uv^2-1)	*/
+		mul(x, u, t1);	/* x = uv(2uv^2-1)	*/
+	}
+	
+	/********************* Elliptic curve *********************/
+	
+	/* y^2 = x^3 + 486662 x^2 + x  over GF(2^255-19) */
+	
+	/* t1 = ax + az
+	 * t2 = ax - az  */
+	private static final void mont_prep(long10 t1, long10 t2, long10 ax, long10 az) {
+		add(t1, ax, az);
+		sub(t2, ax, az);
+	}
+	
+	/* A = P + Q   where
+	 *  X(A) = ax/az
+	 *  X(P) = (t1+t2)/(t1-t2)
+	 *  X(Q) = (t3+t4)/(t3-t4)
+	 *  X(P-Q) = dx
+	 * clobbers t1 and t2, preserves t3 and t4  */
+	private static final void mont_add(long10 t1, long10 t2, long10 t3, long10 t4,long10 ax, long10 az, long10 dx) {
+		mul(ax, t2, t3);
+		mul(az, t1, t4);
+		add(t1, ax, az);
+		sub(t2, ax, az);
+		sqr(ax, t1);
+		sqr(t1, t2);
+		mul(az, t1, dx);
+	}
+	
+	/* B = 2 * Q   where
+	 *  X(B) = bx/bz
+	 *  X(Q) = (t3+t4)/(t3-t4)
+	 * clobbers t1 and t2, preserves t3 and t4  */
+	private static final void mont_dbl(long10 t1, long10 t2, long10 t3, long10 t4,long10 bx, long10 bz) {
+		sqr(t1, t3);
+		sqr(t2, t4);
+		mul(bx, t1, t2);
+		sub(t2, t1, t2);
+		mul_small(bz, t2, 121665);
+		add(t1, t1, bz);
+		mul(bz, t1, t2);
+	}
+	
+	/* Y^2 = X^3 + 486662 X^2 + X
+	 * t is a temporary  */
+	private static final void x_to_y2(long10 t, long10 y2, long10 x) {
+		sqr(t, x);
+		mul_small(y2, x, 486662);
+		add(t, t, y2);
+		t._0++;
+		mul(y2, t, x);
+	}
+	
+	/* P = kG   and  s = sign(P)/k  */
+	private static final void core(byte[] Px, byte[] s, byte[] k, byte[] Gx) {
+		long10 
+		    dx=new long10(),
+		    t1=new long10(),
+		    t2=new long10(),
+		    t3=new long10(),
+		    t4=new long10();
+	    long10[] 
+	        x=new long10[]{new long10(),new long10()},
+	    	z=new long10[]{new long10(),new long10()};
+		int i, j;
+
+		/* unpack the base */
+		if (Gx!=null)
+			unpack(dx, Gx);
+		else
+			set(dx, 9);
+
+		/* 0G = point-at-infinity */
+		set(x[0], 1);
+		set(z[0], 0);
+
+		/* 1G = G */
+		cpy(x[1], dx);
+		set(z[1], 1);
+
+		for (i = 32; i--!=0; ) {
+			if (i==0) {
+				i=0;
+			}
+			for (j = 8; j--!=0; ) {
+				/* swap arguments depending on bit */
+				int bit1 = (k[i] & 0xFF) >> j & 1;
+				int bit0 = ~(k[i] & 0xFF) >> j & 1;
+				long10 ax = x[bit0];
+				long10 az = z[bit0];
+				long10 bx = x[bit1];
+				long10 bz = z[bit1];
+
+				/* a' = a + b	*/
+				/* b' = 2 b	*/
+				mont_prep(t1, t2, ax, az);
+				mont_prep(t3, t4, bx, bz);
+				mont_add(t1, t2, t3, t4, ax, az, dx);
+				mont_dbl(t1, t2, t3, t4, bx, bz);
+			}
+		}
+
+		recip(t1, z[0], 0);
+		mul(dx, x[0], t1);
+		pack(dx, Px);
+
+		/* calculate s such that s abs(P) = G  .. assumes G is std base point */
+		if (s!=null) {
+			x_to_y2(t2, t1, dx);	/* t1 = Py^2  */
+			recip(t3, z[1], 0);	/* where Q=P+G ... */
+			mul(t2, x[1], t3);	/* t2 = Qx  */
+			add(t2, t2, dx);	/* t2 = Qx + Px  */
+			t2._0 += 9 + 486662;	/* t2 = Qx + Px + Gx + 486662  */
+			dx._0 -= 9;		/* dx = Px - Gx  */
+			sqr(t3, dx);	/* t3 = (Px - Gx)^2  */
+			mul(dx, t2, t3);	/* dx = t2 (Px - Gx)^2  */
+			sub(dx, dx, t1);	/* dx = t2 (Px - Gx)^2 - Py^2  */
+			dx._0 -= 39420360;	/* dx = t2 (Px - Gx)^2 - Py^2 - Gy^2  */
+			mul(t1, dx, BASE_R2Y);	/* t1 = -Py  */
+			if (is_negative(t1)!=0)	/* sign is 1, so just copy  */
+				cpy32(s, k);
+			else			/* sign is -1, so negate  */
+				mula_small(s, ORDER_TIMES_8, 0, k, 32, -1);
+
+			/* reduce s mod q
+			 * (is this needed?  do it just in case, it's fast anyway) */
+			//divmod((dstptr) t1, s, 32, order25519, 32);
+
+			/* take reciprocal of s mod q */
+			byte[] temp1=new byte[32];
+			byte[] temp2=new byte[64];
+			byte[] temp3=new byte[64];
+			cpy32(temp1, ORDER);
+			cpy32(s, egcd32(temp2, temp3, s, temp1));
+			if ((s[31] & 0x80)!=0)
+				mula_small(s, s, 0, ORDER, 32, 1);
+		}
+	}
+
+	/* smallest multiple of the order that's >= 2^255 */
+	private static final byte[] ORDER_TIMES_8 = {
+		(byte)104, (byte)159, (byte)174, (byte)231,
+		(byte)210, (byte)24,  (byte)147, (byte)192,
+		(byte)178, (byte)230, (byte)188, (byte)23,
+		(byte)245, (byte)206, (byte)247, (byte)166,
+		(byte)0,   (byte)0,   (byte)0,   (byte)0,  
+		(byte)0,   (byte)0,   (byte)0,   (byte)0,
+		(byte)0,   (byte)0,   (byte)0,   (byte)0,  
+		(byte)0,   (byte)0,   (byte)0,   (byte)128
+	};
+	
+	/* constants 2Gy and 1/(2Gy) */
+	private static final long10 BASE_2Y = new long10(
+		39999547, 18689728, 59995525, 1648697, 57546132,
+		24010086, 19059592, 5425144, 63499247, 16420658
+	);
+	private static final long10 BASE_R2Y = new long10(
+		5744, 8160848, 4790893, 13779497, 35730846,
+		12541209, 49101323, 30047407, 40071253, 6226132
+	);
+}

src/main/java/examples/SCPDownload.java

@@ -1,41 +0,0 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
-
-import net.schmizz.sshj.SSHClient;
-
-import java.io.IOException;
-
-/** This example demonstrates downloading of a file over SCP from the SSH server. */
-public class SCPDownload {
-
-    public static void main(String[] args)
-            throws IOException {
-        SSHClient ssh = new SSHClient();
-        // ssh.useCompression(); // Can lead to significant speedup (needs JZlib in classpath)
-        ssh.loadKnownHosts();
-        ssh.connect("localhost");
-        try {
-            ssh.authPublickey(System.getProperty("user.name"));
-            final String src = "test_file";
-            final String target = "/tmp/";
-            ssh.newSCPFileTransfer().download(src, target);
-        } finally {
-            ssh.disconnect();
-        }
-    }
-
-}

src/main/java/examples/SFTPDownload.java

@@ -1,46 +0,0 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package examples;
-
-import net.schmizz.sshj.SSHClient;
-import net.schmizz.sshj.sftp.SFTPClient;
-
-import java.io.IOException;
-
-/** This example demonstrates downloading of a file over SFTP from the SSH server. */
-public class SFTPDownload {
-
-    public static void main(String[] args)
-            throws IOException {
-        final SSHClient ssh = new SSHClient();
-        ssh.loadKnownHosts();
-        ssh.connect("localhost");
-        try {
-            ssh.authPublickey(System.getProperty("user.name"));
-            final String src = "test_file";
-            final String target = "/tmp/";
-            final SFTPClient sftp = ssh.newSFTPClient();
-            try {
-                sftp.get(src, target);
-            } finally {
-                sftp.close();
-            }
-        } finally {
-            ssh.disconnect();
-        }
-    }
-
-}

src/main/java/net/schmizz/concurrent/ErrorDeliveryUtil.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+import java.util.Collection;
+
+public class ErrorDeliveryUtil {
+
+    public static void alertPromises(Throwable x, Promise... promises) {
+        for (Promise p : promises)
+            p.deliverError(x);
+    }
+
+    public static void alertPromises(Throwable x, Collection<? extends Promise> promises) {
+        for (Promise p : promises)
+            p.deliverError(x);
+    }
+
+    public static void alertEvents(Throwable x, Event... events) {
+        for (Event e : events)
+            e.deliverError(x);
+    }
+
+    public static void alertEvents(Throwable x, Collection<? extends Event> events) {
+        for (Event e : events)
+            e.deliverError(x);
+    }
+
+}

src/main/java/net/schmizz/concurrent/Event.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,24 +15,27 @@
  */
 package net.schmizz.concurrent;
 
+import net.schmizz.sshj.common.LoggerFactory;
+
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
 
-/*
- * Syntactic sugar around Future
- */
-
 /**
- * A kind of {@link Future} that caters to boolean values.
- * <p/>
  * An event can be set, cleared, or awaited, similar to Python's {@code threading.event}. The key difference is that a
- * waiter may be delivered an exception of parameterized type {@code T}. Furthermore, an event {@link #isSet()} when it
- * is not {@code null} i.e. it can be either {@code true} or {@code false} when set.
- *
- * @see Future
+ * waiter may be delivered an exception of parameterized type {@code T}.
+ * <p/>
+ * Uses {@link Promise} under the hood.
  */
-public class Event<T extends Throwable>
-        extends Future<Boolean, T> {
+public class Event<T extends Throwable> {
+
+    private static final Object SOME = new Object() {
+        @Override
+        public String toString() {
+            return "SOME";
+        }
+    };
+
+    private final Promise<Object, T> promise;
 
     /**
      * Creates this event with given {@code name} and exception {@code chainer}. Allocates a new {@link
@@ -41,8 +44,8 @@ public class Event<T extends Throwable>
      * @param name    name of this event
      * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
      */
-    public Event(String name, ExceptionChainer<T> chainer) {
-        super(name, chainer);
+    public Event(String name, ExceptionChainer<T> chainer, LoggerFactory loggerFactory) {
+        promise = new Promise<Object, T>(name, chainer, loggerFactory);
     }
 
     /**
@@ -52,13 +55,31 @@ public class Event<T extends Throwable>
      * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
      * @param lock    lock to use
      */
-    public Event(String name, ExceptionChainer<T> chainer, ReentrantLock lock) {
-        super(name, chainer, lock);
+    public Event(String name, ExceptionChainer<T> chainer, ReentrantLock lock, LoggerFactory loggerFactory) {
+        promise = new Promise<Object, T>(name, chainer, lock, loggerFactory);
     }
 
     /** Sets this event to be {@code true}. Short for {@code set(true)}. */
     public void set() {
-        super.set(true);
+        promise.deliver(SOME);
+    }
+
+    /** Clear this event. A cleared event {@code !isSet()}. */
+    public void clear() {
+        promise.clear();
+    }
+
+    /** Deliver the error {@code t} (after chaining) to any present or future waiters. */
+    public void deliverError(Throwable t) {
+        promise.deliverError(t);
+    }
+
+    /**
+     * @return whether this event is in a 'set' state. An event is set by a call to {@link #set} or {@link
+     *         #deliverError}
+     */
+    public boolean isSet() {
+        return promise.isDelivered();
     }
 
     /**
@@ -68,7 +89,7 @@ public class Event<T extends Throwable>
      */
     public void await()
             throws T {
-        super.get();
+        promise.retrieve();
     }
 
     /**
@@ -81,7 +102,47 @@ public class Event<T extends Throwable>
      */
     public void await(long timeout, TimeUnit unit)
             throws T {
-        super.get(timeout, unit);
+        promise.retrieve(timeout, unit);
     }
 
-}
+    /**
+     * Await this event to have a definite {@code true} or {@code false} value, for {@code timeout} duration.
+     * <p/>
+     * If the definite value is not available when the timeout expires, returns {@code false}.
+     *
+     * @param timeout timeout
+     * @param unit    the time unit for the timeout
+     *
+     * @throws T if another thread meanwhile informs this event of an error
+     */
+    public boolean tryAwait(long timeout, TimeUnit unit)
+            throws T {
+        return promise.tryRetrieve(timeout, unit) != null;
+    }
+
+    /** @return whether there are any threads waiting on this event to be set. */
+    public boolean hasWaiters() {
+        return promise.hasWaiters();
+    }
+
+    /** @return whether this event is in an error state i.e. has been delivered an error. */
+    public boolean inError() {
+        return promise.inError();
+    }
+
+    /** Acquire the lock associated with this event. */
+    public void lock() {
+        promise.lock();
+    }
+
+    /** Release the lock associated with this event. */
+    public void unlock() {
+        promise.unlock();
+    }
+
+    @Override
+    public String toString() {
+        return promise.toString();
+    }
+
+}

src/main/java/net/schmizz/concurrent/ExceptionChainer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,4 +37,4 @@ public interface ExceptionChainer<Z extends Throwable> {
 
     Z chain(Throwable t);
 
-}
+}

src/main/java/net/schmizz/concurrent/Future.java

@@ -1,207 +0,0 @@
-/*
- * Copyright 2010 Shikhar Bhushan
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package net.schmizz.concurrent;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import java.util.concurrent.locks.Condition;
-import java.util.concurrent.locks.ReentrantLock;
-
-/**
- * Represents future data of the parameterized type {@code V} and allows waiting on it. An exception may also be
- * delivered to a waiter, and will be of the parameterized type {@code T}.
- * <p/>
- * For atomic operations on a future, e.g. checking if a value is set and if it is not then setting it - in other words,
- * Compare-And-Set type operations - the associated lock for the future should be acquired while doing so.
- */
-public class Future<V, T extends Throwable> {
-
-    private final Logger log = LoggerFactory.getLogger(getClass());
-
-    private final String name;
-    private final ExceptionChainer<T> chainer;
-    private final ReentrantLock lock;
-    private final Condition cond;
-
-    private V val;
-    private T pendingEx;
-
-    /**
-     * Creates this future with given {@code name} and exception {@code chainer}. Allocates a new {@link
-     * java.util.concurrent.locks.Lock lock} object for this future.
-     *
-     * @param name    name of this future
-     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
-     */
-    public Future(String name, ExceptionChainer<T> chainer) {
-        this(name, chainer, null);
-    }
-
-    /**
-     * Creates this future with given {@code name}, exception {@code chainer}, and associated {@code lock}.
-     *
-     * @param name    name of this future
-     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
-     * @param lock    lock to use
-     */
-    public Future(String name, ExceptionChainer<T> chainer, ReentrantLock lock) {
-        this.name = name;
-        this.chainer = chainer;
-        this.lock = lock == null ? new ReentrantLock() : lock;
-        this.cond = this.lock.newCondition();
-    }
-
-    /**
-     * Set this future's value to {@code val}. Any waiters will be delivered this value.
-     *
-     * @param val the value
-     */
-    public void set(V val) {
-        lock();
-        try {
-            log.debug("Setting <<{}>> to `{}`", name, val);
-            this.val = val;
-            cond.signalAll();
-        } finally {
-            unlock();
-        }
-    }
-
-    /**
-     * Queues error that will be thrown in any waiting thread or any thread that attempts to wait on this future
-     * hereafter.
-     *
-     * @param e the error
-     */
-    public void error(Throwable e) {
-        lock();
-        try {
-            pendingEx = chainer.chain(e);
-            cond.signalAll();
-        } finally {
-            unlock();
-        }
-    }
-
-    /** Clears this future by setting its value and queued exception to {@code null}. */
-    public void clear() {
-        lock();
-        try {
-            pendingEx = null;
-            set(null);
-        } finally {
-            unlock();
-        }
-    }
-
-    /**
-     * Wait indefinitely for this future's value to be set.
-     *
-     * @return the value
-     *
-     * @throws T in case another thread informs the future of an error meanwhile
-     */
-    public V get()
-            throws T {
-        return get(0, TimeUnit.SECONDS);
-    }
-
-    /**
-     * Wait for {@code timeout} duration for this future's value to be set.
-     *
-     * @param timeout the timeout
-     * @param unit    time unit for the timeout
-     *
-     * @return the value
-     *
-     * @throws T in case another thread informs the future of an error meanwhile, or the timeout expires
-     */
-    public V get(long timeout, TimeUnit unit)
-            throws T {
-        lock();
-        try {
-            if (pendingEx != null)
-                throw pendingEx;
-            if (val != null)
-                return val;
-            log.debug("Awaiting <<{}>>", name);
-            while (val == null && pendingEx == null)
-                if (timeout == 0)
-                    cond.await();
-                else if (!cond.await(timeout, unit))
-                    throw chainer.chain(new TimeoutException("Timeout expired"));
-            if (pendingEx != null) {
-                log.error("<<{}>> woke to: {}", name, pendingEx.toString());
-                throw pendingEx;
-            }
-            return val;
-        } catch (InterruptedException ie) {
-            throw chainer.chain(ie);
-        } finally {
-            unlock();
-        }
-    }
-
-    /** @return whether this future has a value set, and no error waiting to pop. */
-    public boolean isSet() {
-        lock();
-        try {
-            return pendingEx == null && val != null;
-        } finally {
-            unlock();
-        }
-    }
-
-    /** @return whether this future currently has an error set. */
-    public boolean hasError() {
-        lock();
-        try {
-            return pendingEx != null;
-        } finally {
-            unlock();
-        }
-    }
-
-    /** @return whether this future has threads waiting on it. */
-    public boolean hasWaiters() {
-        lock();
-        try {
-            return lock.hasWaiters(cond);
-        } finally {
-            unlock();
-        }
-    }
-
-    /**
-     * Lock using the associated lock. Use as part of a {@code try-finally} construct in conjunction with {@link
-     * #unlock()}.
-     */
-    public void lock() {
-        lock.lock();
-    }
-
-    /**
-     * Unlock using the associated lock. Use as part of a {@code try-finally} construct in conjunction with {@link
-     * #lock()}.
-     */
-    public void unlock() {
-        lock.unlock();
-    }
-
-}

src/main/java/net/schmizz/concurrent/Promise.java

@@ -0,0 +1,240 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+import net.schmizz.sshj.common.LoggerFactory;
+import org.slf4j.Logger;
+
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * Represents promised data of the parameterized type {@code V} and allows waiting on it. An exception may also be
+ * delivered to a waiter, and will be of the parameterized type {@code T}.
+ * <p/>
+ * For atomic operations on a promise, e.g. checking if a value is delivered and if it is not then setting it, the
+ * associated lock for the promise should be acquired while doing so.
+ */
+public class Promise<V, T extends Throwable> {
+
+    private final Logger log;
+    private final String name;
+    private final ExceptionChainer<T> chainer;
+    private final ReentrantLock lock;
+    private final Condition cond;
+
+    private V val;
+    private T pendingEx;
+
+    /**
+     * Creates this promise with given {@code name} and exception {@code chainer}. Allocates a new {@link
+     * java.util.concurrent.locks.Lock lock} object for this promise.
+     *
+     * @param name    name of this promise
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     */
+    public Promise(String name, ExceptionChainer<T> chainer, LoggerFactory loggerFactory) {
+        this(name, chainer, null, loggerFactory);
+    }
+
+    /**
+     * Creates this promise with given {@code name}, exception {@code chainer}, and associated {@code lock}.
+     *
+     * @param name    name of this promise
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     * @param lock    lock to use
+     */
+    public Promise(String name, ExceptionChainer<T> chainer, ReentrantLock lock, LoggerFactory loggerFactory) {
+        this.name = name;
+        this.chainer = chainer;
+        this.lock = lock == null ? new ReentrantLock() : lock;
+        this.log = loggerFactory.getLogger(getClass());
+        this.cond = this.lock.newCondition();
+    }
+
+    /**
+     * Set this promise's value to {@code val}. Any waiters will be delivered this value.
+     *
+     * @param val the value
+     */
+    public void deliver(V val) {
+        lock.lock();
+        try {
+            log.debug("Setting <<{}>> to `{}`", name, val);
+            this.val = val;
+            cond.signalAll();
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /**
+     * Queues error that will be thrown in any waiting thread or any thread that attempts to wait on this promise
+     * hereafter.
+     *
+     * @param e the error
+     */
+    public void deliverError(Throwable e) {
+        lock.lock();
+        try {
+            pendingEx = chainer.chain(e);
+            cond.signalAll();
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** Clears this promise by setting its value and queued exception to {@code null}. */
+    public void clear() {
+        lock.lock();
+        try {
+            pendingEx = null;
+            deliver(null);
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /**
+     * Wait indefinitely for this promise's value to be deliver.
+     *
+     * @return the value
+     *
+     * @throws T in case another thread informs the promise of an error meanwhile
+     */
+    public V retrieve()
+            throws T {
+        return tryRetrieve(0, TimeUnit.SECONDS);
+    }
+
+    /**
+     * Wait for {@code timeout} duration for this promise's value to be deliver.
+     *
+     * @param timeout the timeout
+     * @param unit    time unit for the timeout
+     *
+     * @return the value
+     *
+     * @throws T in case another thread informs the promise of an error meanwhile, or the timeout expires
+     */
+    public V retrieve(long timeout, TimeUnit unit)
+            throws T {
+        final V value = tryRetrieve(timeout, unit);
+        if (value == null)
+            throw chainer.chain(new TimeoutException("Timeout expired"));
+        else
+            return value;
+    }
+
+    /**
+     * Wait for {@code timeout} duration for this promise's value to be deliver.
+     * <p/>
+     * If the value is not deliver by the time the timeout expires, returns {@code null}.
+     *
+     * @param timeout the timeout
+     * @param unit    time unit for the timeout
+     *
+     * @return the value or {@code null}
+     *
+     * @throws T in case another thread informs the promise of an error meanwhile
+     */
+    public V tryRetrieve(long timeout, TimeUnit unit)
+            throws T {
+        lock.lock();
+        try {
+            if (pendingEx != null)
+                throw pendingEx;
+            if (val != null)
+                return val;
+            log.debug("Awaiting <<{}>>", name);
+            if (timeout == 0) {
+                while (val == null && pendingEx == null) {
+                    cond.await();
+                }
+            } else {
+                if (!cond.await(timeout, unit))
+                    return null;
+            }
+            if (pendingEx != null) {
+                log.error("<<{}>> woke to: {}", name, pendingEx.toString());
+                throw pendingEx;
+            }
+            return val;
+        } catch (InterruptedException ie) {
+            throw chainer.chain(ie);
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** @return whether this promise has a value delivered, and no error waiting to pop. */
+    public boolean isDelivered() {
+        lock.lock();
+        try {
+            return pendingEx == null && val != null;
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** @return whether this promise has been delivered an error. */
+    public boolean inError() {
+        lock.lock();
+        try {
+            return pendingEx != null;
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** @return whether this promise was fulfilled with either a value or an error. */
+    public boolean isFulfilled() {
+        lock.lock();
+        try {
+            return pendingEx != null || val != null;
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** @return whether this promise has threads waiting on it. */
+    public boolean hasWaiters() {
+        lock.lock();
+        try {
+            return lock.hasWaiters(cond);
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    /** Acquire the lock associated with this promise. */
+    public void lock() {
+        lock.lock();
+    }
+
+    /** Release the lock associated with this promise. */
+    public void unlock() {
+        lock.unlock();
+    }
+
+    @Override
+    public String toString() {
+        return name;
+    }
+
+}

src/main/java/net/schmizz/keepalive/Heartbeater.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.keepalive;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.ConnectionImpl;
+import net.schmizz.sshj.transport.TransportException;
+
+final class Heartbeater
+        extends KeepAlive {
+
+    Heartbeater(ConnectionImpl conn) {
+        super(conn, "heartbeater");
+    }
+
+    @Override
+    protected void doKeepAlive() throws TransportException {
+        conn.getTransport().write(new SSHPacket(Message.IGNORE));
+    }
+}

src/main/java/net/schmizz/keepalive/KeepAlive.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.keepalive;
+
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.ConnectionImpl;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+
+public abstract class KeepAlive extends Thread {
+    protected final Logger log;
+    protected final ConnectionImpl conn;
+
+    protected int keepAliveInterval = 0;
+
+    protected KeepAlive(ConnectionImpl conn, String name) {
+        this.conn = conn;
+        log = conn.getTransport().getConfig().getLoggerFactory().getLogger(getClass());
+        setName(name);
+    }
+
+    public synchronized int getKeepAliveInterval() {
+        return keepAliveInterval;
+    }
+
+    public synchronized void setKeepAliveInterval(int keepAliveInterval) {
+        this.keepAliveInterval = keepAliveInterval;
+        if (keepAliveInterval > 0 && getState() == State.NEW) {
+            start();
+        }
+        notify();
+    }
+
+    synchronized protected int getPositiveInterval()
+            throws InterruptedException {
+        while (keepAliveInterval <= 0) {
+            wait();
+        }
+        return keepAliveInterval;
+    }
+
+    @Override
+    public void run() {
+        log.debug("Starting {}, sending keep-alive every {} seconds", getClass().getSimpleName(), keepAliveInterval);
+        try {
+            while (!isInterrupted()) {
+                final int hi = getPositiveInterval();
+                if (conn.getTransport().isRunning()) {
+                    log.debug("Sending keep-alive since {} seconds elapsed", hi);
+                    doKeepAlive();
+                }
+                Thread.sleep(hi * 1000);
+            }
+        } catch (InterruptedException e) {
+            // Interrupt signal may be catched when sleeping.      
+        } catch (Exception e) {
+            // If we weren't interrupted, kill the transport, then this exception was unexpected.
+            // Else we're in shutdown-mode already, so don't forcibly kill the transport.
+            if (!isInterrupted()) {
+                conn.getTransport().die(e);
+            }
+        }
+
+        log.debug("Stopping {}", getClass().getSimpleName());
+
+    }
+
+    protected abstract void doKeepAlive() throws TransportException, ConnectionException;
+}

src/main/java/net/schmizz/keepalive/KeepAliveProvider.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.keepalive;
+
+import net.schmizz.sshj.connection.ConnectionImpl;
+
+public abstract class KeepAliveProvider {
+
+    public static final KeepAliveProvider HEARTBEAT = new KeepAliveProvider() {
+        @Override
+        public KeepAlive provide(ConnectionImpl connection) {
+            return new Heartbeater(connection);
+        }
+    };
+
+    public static final KeepAliveProvider KEEP_ALIVE = new KeepAliveProvider() {
+        @Override
+        public KeepAlive provide(ConnectionImpl connection) {
+            return new KeepAliveRunner(connection);
+        }
+    };
+
+    public abstract KeepAlive provide(ConnectionImpl connection);
+
+
+}

src/main/java/net/schmizz/keepalive/KeepAliveRunner.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.keepalive;
+
+import net.schmizz.concurrent.Promise;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.ConnectionImpl;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.util.LinkedList;
+import java.util.Queue;
+
+import static java.lang.String.format;
+import static net.schmizz.sshj.common.DisconnectReason.CONNECTION_LOST;
+
+public class KeepAliveRunner extends KeepAlive {
+
+    /** The max number of keep-alives that should be unanswered before killing the connection. */
+    private int maxAliveCount = 5;
+
+    /** The queue of promises. */
+    private final Queue<Promise<SSHPacket, ConnectionException>> queue =
+            new LinkedList<Promise<SSHPacket, ConnectionException>>();
+
+    KeepAliveRunner(ConnectionImpl conn) {
+        super(conn, "keep-alive");
+    }
+
+    synchronized public int getMaxAliveCount() {
+        return maxAliveCount;
+    }
+
+    synchronized public void setMaxAliveCount(int maxAliveCount) {
+        this.maxAliveCount = maxAliveCount;
+    }
+
+    @Override
+    protected void doKeepAlive() throws TransportException, ConnectionException {
+        // Ensure the service is set... This means that the key exchange is done and the connection is up.
+        if (conn.equals(conn.getTransport().getService())) {
+            emptyQueue(queue);
+            checkMaxReached(queue);
+            queue.add(conn.sendGlobalRequest("keepalive@openssh.com", true, new byte[0]));
+        }
+    }
+
+    private void checkMaxReached(Queue<Promise<SSHPacket, ConnectionException>> queue) throws ConnectionException {
+        if (queue.size() >= maxAliveCount) {
+            throw new ConnectionException(CONNECTION_LOST,
+                    format("Did not receive any keep-alive response for %s seconds", maxAliveCount * keepAliveInterval));
+        }
+    }
+
+    private void emptyQueue(Queue<Promise<SSHPacket, ConnectionException>> queue) {
+        Promise<SSHPacket, ConnectionException> peek = queue.peek();
+        while (peek != null && peek.isFulfilled()) {
+            log.debug("Received response from server to our keep-alive.");
+            queue.remove();
+            peek = queue.peek();
+        }
+    }
+}

src/main/java/net/schmizz/sshj/AbstractService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,26 +22,23 @@ import net.schmizz.sshj.common.SSHPacket;
 import net.schmizz.sshj.transport.Transport;
 import net.schmizz.sshj.transport.TransportException;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /** An abstract class for {@link Service} that implements common or default functionality. */
 public abstract class AbstractService
         implements Service {
 
     /** Logger */
-    protected final Logger log = LoggerFactory.getLogger(getClass());
+    protected final Logger log;
 
     /** Assigned name of this service */
     protected final String name;
     /** Transport layer */
     protected final Transport trans;
-    /** Timeout for blocking operations */
-    protected int timeout;
 
     public AbstractService(String name, Transport trans) {
         this.name = name;
         this.trans = trans;
-        timeout = trans.getTimeout();
+	log = trans.getConfig().getLoggerFactory().getLogger(getClass());
     }
 
     @Override
@@ -57,7 +54,7 @@ public abstract class AbstractService
 
     @Override
     public void notifyError(SSHException error) {
-        log.debug("Was notified of {}", error.toString());
+        log.debug("Notified of {}", error.toString());
     }
 
     @Override
@@ -66,12 +63,6 @@ public abstract class AbstractService
         throw new SSHException(DisconnectReason.PROTOCOL_ERROR, "Unexpected: SSH_MSG_UNIMPLEMENTED");
     }
 
-    @Override
-    public void notifyDisconnect()
-            throws SSHException {
-        log.debug("Was notified of disconnect");
-    }
-
     @Override
     public void request()
             throws TransportException {
@@ -83,12 +74,6 @@ public abstract class AbstractService
                 trans.reqService(this);
     }
 
-    public int getTimeout() {
-        return this.timeout;
-    }
 
-    public void setTimeout(int timeout) {
-        this.timeout = timeout;
-    }
 
 }

src/main/java/net/schmizz/sshj/AndroidConfig.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj;
+
+import com.hierynomus.sshj.signature.SignatureEdDSA;
+
+import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.signature.SignatureDSA;
+import net.schmizz.sshj.signature.SignatureRSA;
+import net.schmizz.sshj.transport.random.JCERandom;
+import net.schmizz.sshj.transport.random.SingletonRandomFactory;
+
+public class AndroidConfig
+        extends DefaultConfig {
+
+    static {
+        SecurityUtils.registerSecurityProvider("org.spongycastle.jce.provider.BouncyCastleProvider");
+    }
+
+    public AndroidConfig(){
+        super();
+        initKeyExchangeFactories(true);
+        initRandomFactory(true);
+        initFileKeyProviderFactories(true);
+    }
+
+    // don't add ECDSA
+    protected void initSignatureFactories() {
+        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory(),
+                // but add EdDSA
+                new SignatureEdDSA.Factory());
+    }
+
+    @Override
+    protected void initRandomFactory(boolean ignored) {
+        setRandomFactory(new SingletonRandomFactory(new JCERandom.Factory()));
+    }
+
+}

src/main/java/net/schmizz/sshj/Config.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,9 @@
  */
 package net.schmizz.sshj;
 
+import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.signature.Signature;
 import net.schmizz.sshj.transport.cipher.Cipher;
 import net.schmizz.sshj.transport.compression.Compression;
@@ -31,6 +33,7 @@ import java.util.List;
  * {@link Compression}, {@link MAC}, {@link Signature}, {@link Random}, and {@link FileKeyProvider}.
  */
 public interface Config {
+
     /**
      * Retrieve the list of named factories for {@code Cipher}.
      *
@@ -53,16 +56,16 @@ public interface Config {
     List<Factory.Named<FileKeyProvider>> getFileKeyProviderFactories();
 
     /**
-     * Retrieve the list of named factories for <code>KeyExchange</code>.
+     * Retrieve the list of named factories for {@code KeyExchange}.
      *
-     * @return a list of named <code>KeyExchange</code> factories
+     * @return a list of named {@code KeyExchange} factories
      */
     List<Factory.Named<KeyExchange>> getKeyExchangeFactories();
 
     /**
-     * Retrieve the list of named factories for <code>MAC</code>.
+     * Retrieve the list of named factories for {@code MAC}.
      *
-     * @return a list of named <code>MAC</code> factories
+     * @return a list of named {@code MAC} factories
      */
     List<Factory.Named<MAC>> getMACFactories();
 
@@ -143,4 +146,44 @@ public interface Config {
      */
     void setVersion(String version);
 
+    /**
+     * @return The provider that creates the keep-alive implementation of choice.
+     */
+    KeepAliveProvider getKeepAliveProvider();
+
+    /**
+     * Set the provider that provides the keep-alive implementation.
+     * @param keepAliveProvider keep-alive provider
+     */
+    void setKeepAliveProvider(KeepAliveProvider keepAliveProvider);
+
+    /**
+     * Gets whether the client should first wait for a received server ident, before sending the client ident.
+     * <p/>
+     * <stong>NB:</stong> This is non-standard behaviour, and can potentially deadlock if the server also waits on the client ident.
+     *
+     * The default value is set to false.
+     *
+     * @return Whether to first wait for the server ident.
+     */
+    boolean isWaitForServerIdentBeforeSendingClientIdent();
+
+    /**
+     * Sets whether the SSH client should wait for a received server ident, before sending the client ident.
+     * <p/>
+     * <stong>NB:</stong> This is non-standard behaviour, and can potentially deadlock if the server also waits on the client ident.
+
+     * @param waitForServerIdentBeforeSendingClientIdent Whether to wait for the server ident.
+     */
+    void setWaitForServerIdentBeforeSendingClientIdent(boolean waitForServerIdentBeforeSendingClientIdent);
+
+    /**
+     * Sets the LoggerFactory to use.
+     */
+    void setLoggerFactory(LoggerFactory loggerFactory);
+
+    /**
+     * @return The LoggerFactory the SSHClient will use.
+     */
+    LoggerFactory getLoggerFactory();
 }

src/main/java/net/schmizz/sshj/ConfigImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,30 +12,12 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj;
 
+import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.signature.Signature;
 import net.schmizz.sshj.transport.cipher.Cipher;
 import net.schmizz.sshj.transport.compression.Compression;
@@ -54,6 +36,7 @@ public class ConfigImpl
     private String version;
 
     private Factory<Random> randomFactory;
+    private KeepAliveProvider keepAliveProvider;
 
     private List<Factory.Named<KeyExchange>> kexFactories;
     private List<Factory.Named<Cipher>> cipherFactories;
@@ -62,6 +45,9 @@ public class ConfigImpl
     private List<Factory.Named<Signature>> signatureFactories;
     private List<Factory.Named<FileKeyProvider>> fileKeyProviderFactories;
 
+    private boolean waitForServerIdentBeforeSendingClientIdent = false;
+    private LoggerFactory loggerFactory;
+
     @Override
     public List<Factory.Named<Cipher>> getCipherFactories() {
         return cipherFactories;
@@ -166,4 +152,33 @@ public class ConfigImpl
         this.version = version;
     }
 
-}
+    @Override
+    public KeepAliveProvider getKeepAliveProvider() {
+        return keepAliveProvider;
+    }
+
+    @Override
+    public void setKeepAliveProvider(KeepAliveProvider keepAliveProvider) {
+        this.keepAliveProvider = keepAliveProvider;
+    }
+
+    @Override
+    public boolean isWaitForServerIdentBeforeSendingClientIdent() {
+        return waitForServerIdentBeforeSendingClientIdent;
+    }
+
+    @Override
+    public void setWaitForServerIdentBeforeSendingClientIdent(boolean waitForServerIdentBeforeSendingClientIdent) {
+        this.waitForServerIdentBeforeSendingClientIdent = waitForServerIdentBeforeSendingClientIdent;
+    }
+
+    @Override
+    public LoggerFactory getLoggerFactory() {
+        return loggerFactory;
+    }
+
+    @Override
+    public void setLoggerFactory(LoggerFactory loggerFactory) {
+        this.loggerFactory = loggerFactory;
+    }
+}

src/main/java/net/schmizz/sshj/DefaultConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,76 +12,57 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
-
 package net.schmizz.sshj;
 
+import com.hierynomus.sshj.signature.SignatureEdDSA;
+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+import com.hierynomus.sshj.transport.cipher.StreamCiphers;
+import com.hierynomus.sshj.transport.kex.DHGroups;
+import com.hierynomus.sshj.transport.kex.ExtendedDHGroups;
+import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
+import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.common.SecurityUtils;
 import net.schmizz.sshj.signature.SignatureDSA;
+import net.schmizz.sshj.signature.SignatureECDSA;
 import net.schmizz.sshj.signature.SignatureRSA;
-import net.schmizz.sshj.transport.cipher.AES128CBC;
-import net.schmizz.sshj.transport.cipher.AES128CTR;
-import net.schmizz.sshj.transport.cipher.AES192CBC;
-import net.schmizz.sshj.transport.cipher.AES192CTR;
-import net.schmizz.sshj.transport.cipher.AES256CBC;
-import net.schmizz.sshj.transport.cipher.AES256CTR;
-import net.schmizz.sshj.transport.cipher.BlowfishCBC;
-import net.schmizz.sshj.transport.cipher.Cipher;
-import net.schmizz.sshj.transport.cipher.TripleDESCBC;
+import net.schmizz.sshj.transport.cipher.*;
 import net.schmizz.sshj.transport.compression.NoneCompression;
-import net.schmizz.sshj.transport.kex.DHG1;
-import net.schmizz.sshj.transport.kex.DHG14;
-import net.schmizz.sshj.transport.mac.HMACMD5;
-import net.schmizz.sshj.transport.mac.HMACMD596;
-import net.schmizz.sshj.transport.mac.HMACSHA1;
-import net.schmizz.sshj.transport.mac.HMACSHA196;
+import net.schmizz.sshj.transport.kex.Curve25519SHA256;
+import net.schmizz.sshj.transport.kex.DHGexSHA1;
+import net.schmizz.sshj.transport.kex.DHGexSHA256;
+import net.schmizz.sshj.transport.kex.ECDHNistP;
+import net.schmizz.sshj.transport.mac.*;
 import net.schmizz.sshj.transport.random.BouncyCastleRandom;
 import net.schmizz.sshj.transport.random.JCERandom;
 import net.schmizz.sshj.transport.random.SingletonRandomFactory;
 import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
+import net.schmizz.sshj.userauth.keyprovider.PKCS5KeyFile;
 import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
+import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.io.IOException;
+import java.util.*;
 
 /**
- * A {@link Config} that is initialized as follows. Items marked with an asterisk are added to the config only if
+ * A {@link net.schmizz.sshj.Config} that is initialized as follows. Items marked with an asterisk are added to the config only if
  * BouncyCastle is in the classpath.
  * <p/>
- * <ul> <li>{@link ConfigImpl#setKeyExchangeFactories Key exchange}: {@link DHG14}*, {@link DHG1}</li> <li>{@link
- * ConfigImpl#setCipherFactories Ciphers} [1]: {@link AES128CTR}, {@link AES192CTR}, {@link AES256CTR}, {@link
- * AES128CBC}, {@link AES192CBC}, {@link AES256CBC}, {@link AES192CBC}, {@link TripleDESCBC}, {@link BlowfishCBC}</li>
- * <li>{@link ConfigImpl#setMACFactories MAC}: {@link HMACSHA1}, {@link HMACSHA196}, {@link HMACMD5}, {@link
- * HMACMD596}</li> <li>{@link ConfigImpl#setCompressionFactories Compression}: {@link NoneCompression}</li> <li>{@link
- * ConfigImpl#setSignatureFactories Signature}: {@link SignatureRSA}, {@link SignatureDSA}</li> <li>{@link
- * ConfigImpl#setRandomFactory PRNG}: {@link BouncyCastleRandom}* or {@link JCERandom}</li> <li>{@link
- * ConfigImpl#setFileKeyProviderFactories Key file support}: {@link PKCS8KeyFile}*, {@link OpenSSHKeyFile}*</li>
- * <li>{@link ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li> </ul>
+ * <ul>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setKeyExchangeFactories Key exchange}: {@link net.schmizz.sshj.transport.kex.DHG14}*, {@link net.schmizz.sshj.transport.kex.DHG1}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers}: {@link BlockCiphers}, {@link StreamCiphers} [1]</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setMACFactories MAC}: {@link net.schmizz.sshj.transport.mac.HMACSHA1}, {@link net.schmizz.sshj.transport.mac.HMACSHA196}, {@link net.schmizz.sshj.transport.mac.HMACMD5}, {@link
+ * net.schmizz.sshj.transport.mac.HMACMD596}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setSignatureFactories Signature}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory PRNG}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setFileKeyProviderFactories Key file support}: {@link net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile}*, {@link
+ * net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile}*</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li>
+ * </ul>
  * <p/>
  * [1] It is worth noting that Sun's JRE does not have the unlimited cryptography extension enabled by default. This
  * prevents using ciphers with strength greater than 128.
@@ -89,12 +70,11 @@ import java.util.List;
 public class DefaultConfig
         extends ConfigImpl {
 
-    private final Logger log = LoggerFactory.getLogger(getClass());
-
-    private static final String VERSION = "SSHJ_0_3";
+    private Logger log;
 
     public DefaultConfig() {
-        setVersion(VERSION);
+        setLoggerFactory(LoggerFactory.DEFAULT);
+        setVersion(readVersionFromProperties());
         final boolean bouncyCastleRegistered = SecurityUtils.isBouncyCastleRegistered();
         initKeyExchangeFactories(bouncyCastleRegistered);
         initRandomFactory(bouncyCastleRegistered);
@@ -103,41 +83,110 @@ public class DefaultConfig
         initCompressionFactories();
         initMACFactories();
         initSignatureFactories();
+        setKeepAliveProvider(KeepAliveProvider.HEARTBEAT);
+    }
+
+    private String readVersionFromProperties() {
+        try {
+            Properties properties = new Properties();
+            properties.load(DefaultConfig.class.getClassLoader().getResourceAsStream("sshj.properties"));
+            String property = properties.getProperty("sshj.version");
+            return "SSHJ_" + property.replace('-', '_'); // '-' is a disallowed character, see RFC-4253#section-4.2
+        } catch (IOException e) {
+            log.error("Could not read the sshj.properties file, returning an 'unknown' version as fallback.");
+            return "SSHJ_VERSION_UNKNOWN";
+        }
+    }
+
+    @Override
+    public void setLoggerFactory(LoggerFactory loggerFactory) {
+	super.setLoggerFactory(loggerFactory);
+	log = loggerFactory.getLogger(getClass());
     }
 
     protected void initKeyExchangeFactories(boolean bouncyCastleRegistered) {
-        if (bouncyCastleRegistered)
-            setKeyExchangeFactories(new DHG14.Factory(), new DHG1.Factory());
-        else
-            setKeyExchangeFactories(new DHG1.Factory());
+        if (bouncyCastleRegistered) {
+            setKeyExchangeFactories(new Curve25519SHA256.Factory(),
+                    new DHGexSHA256.Factory(),
+                    new ECDHNistP.Factory521(),
+                    new ECDHNistP.Factory384(),
+                    new ECDHNistP.Factory256(),
+                    new DHGexSHA1.Factory(),
+                    DHGroups.Group1SHA1(),
+                    DHGroups.Group14SHA1(),
+                    DHGroups.Group14SHA256(),
+                    DHGroups.Group15SHA512(),
+                    DHGroups.Group16SHA512(),
+                    DHGroups.Group17SHA512(),
+                    DHGroups.Group18SHA512(),
+                    ExtendedDHGroups.Group14SHA256AtSSH(),
+                    ExtendedDHGroups.Group15SHA256(),
+                    ExtendedDHGroups.Group15SHA256AtSSH(),
+                    ExtendedDHGroups.Group15SHA384AtSSH(),
+                    ExtendedDHGroups.Group16SHA256(),
+                    ExtendedDHGroups.Group16SHA384AtSSH(),
+                    ExtendedDHGroups.Group16SHA512AtSSH(),
+                    ExtendedDHGroups.Group18SHA512AtSSH());
+        } else {
+            setKeyExchangeFactories(DHGroups.Group1SHA1(), new DHGexSHA1.Factory());
+        }
     }
 
     protected void initRandomFactory(boolean bouncyCastleRegistered) {
-        setRandomFactory(new SingletonRandomFactory(bouncyCastleRegistered ? new BouncyCastleRandom.Factory() : new JCERandom.Factory()));
+        setRandomFactory(new SingletonRandomFactory(bouncyCastleRegistered
+                ? new BouncyCastleRandom.Factory() : new JCERandom.Factory()));
     }
 
     protected void initFileKeyProviderFactories(boolean bouncyCastleRegistered) {
         if (bouncyCastleRegistered) {
-            setFileKeyProviderFactories(new PKCS8KeyFile.Factory(), new OpenSSHKeyFile.Factory());
+            setFileKeyProviderFactories(
+                    new OpenSSHKeyV1KeyFile.Factory(),
+                    new PKCS8KeyFile.Factory(),
+                    new PKCS5KeyFile.Factory(),
+                    new OpenSSHKeyFile.Factory(),
+                    new PuTTYKeyFile.Factory());
         }
     }
 
 
     protected void initCipherFactories() {
         List<Factory.Named<Cipher>> avail = new LinkedList<Factory.Named<Cipher>>(Arrays.<Factory.Named<Cipher>>asList(
-                new AES128CTR.Factory(),
-                new AES192CTR.Factory(),
-                new AES256CTR.Factory(),
-                new AES128CBC.Factory(),
-                new AES192CBC.Factory(),
-                new AES256CBC.Factory(),
-                new TripleDESCBC.Factory(),
-                new BlowfishCBC.Factory()));
+                BlockCiphers.AES128CBC(),
+                BlockCiphers.AES128CTR(),
+                BlockCiphers.AES192CBC(),
+                BlockCiphers.AES192CTR(),
+                BlockCiphers.AES256CBC(),
+                BlockCiphers.AES256CTR(),
+                BlockCiphers.BlowfishCBC(),
+                BlockCiphers.BlowfishCTR(),
+                BlockCiphers.Cast128CBC(),
+                BlockCiphers.Cast128CTR(),
+                BlockCiphers.IDEACBC(),
+                BlockCiphers.IDEACTR(),
+                BlockCiphers.Serpent128CBC(),
+                BlockCiphers.Serpent128CTR(),
+                BlockCiphers.Serpent192CBC(),
+                BlockCiphers.Serpent192CTR(),
+                BlockCiphers.Serpent256CBC(),
+                BlockCiphers.Serpent256CTR(),
+                BlockCiphers.TripleDESCBC(),
+                BlockCiphers.TripleDESCTR(),
+                BlockCiphers.Twofish128CBC(),
+                BlockCiphers.Twofish128CTR(),
+                BlockCiphers.Twofish192CBC(),
+                BlockCiphers.Twofish192CTR(),
+                BlockCiphers.Twofish256CBC(),
+                BlockCiphers.Twofish256CTR(),
+                BlockCiphers.TwofishCBC(),
+                StreamCiphers.Arcfour(),
+                StreamCiphers.Arcfour128(),
+                StreamCiphers.Arcfour256())
+        );
 
         boolean warn = false;
         // Ref. https://issues.apache.org/jira/browse/SSHD-24
         // "AES256 and AES192 requires unlimited cryptography extension"
-        for (Iterator<Factory.Named<Cipher>> i = avail.iterator(); i.hasNext();) {
+        for (Iterator<Factory.Named<Cipher>> i = avail.iterator(); i.hasNext(); ) {
             final Factory.Named<Cipher> f = i.next();
             try {
                 final Cipher c = f.create();
@@ -146,6 +195,7 @@ public class DefaultConfig
                 c.init(Cipher.Mode.Encrypt, key, iv);
             } catch (Exception e) {
                 warn = true;
+                log.warn(e.getCause().getMessage());
                 i.remove();
             }
         }
@@ -153,20 +203,32 @@ public class DefaultConfig
             log.warn("Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy");
 
         setCipherFactories(avail);
+        log.debug("Available cipher factories: {}", avail);
     }
 
     protected void initSignatureFactories() {
-        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory());
+        setSignatureFactories(
+                new SignatureECDSA.Factory256(),
+                new SignatureECDSA.Factory384(),
+                new SignatureECDSA.Factory521(),
+                new SignatureRSA.Factory(),
+                new SignatureDSA.Factory(),
+                new SignatureEdDSA.Factory()
+        );
     }
 
     protected void initMACFactories() {
-        setMACFactories(new HMACSHA1.Factory(), new HMACSHA196.Factory(), new HMACMD5.Factory(),
-                        new HMACMD596.Factory());
+        setMACFactories(
+                new HMACSHA1.Factory(),
+                new HMACSHA196.Factory(),
+                new HMACMD5.Factory(),
+                new HMACMD596.Factory(),
+                new HMACSHA2256.Factory(),
+                new HMACSHA2512.Factory()
+        );
     }
 
     protected void initCompressionFactories() {
         setCompressionFactories(new NoneCompression.Factory());
     }
-
-
 }

src/main/java/net/schmizz/sshj/SSHClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,13 +13,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package net.schmizz.sshj;
 
-import net.schmizz.sshj.common.DisconnectReason;
-import net.schmizz.sshj.common.Factory;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.Connection;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.connection.ConnectionImpl;
@@ -41,35 +37,32 @@ import net.schmizz.sshj.transport.TransportImpl;
 import net.schmizz.sshj.transport.compression.DelayedZlibCompression;
 import net.schmizz.sshj.transport.compression.NoneCompression;
 import net.schmizz.sshj.transport.compression.ZlibCompression;
+import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
+import net.schmizz.sshj.transport.verification.FingerprintVerifier;
 import net.schmizz.sshj.transport.verification.HostKeyVerifier;
 import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
 import net.schmizz.sshj.userauth.UserAuth;
 import net.schmizz.sshj.userauth.UserAuthException;
 import net.schmizz.sshj.userauth.UserAuthImpl;
-import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
-import net.schmizz.sshj.userauth.keyprovider.KeyPairWrapper;
-import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
-import net.schmizz.sshj.userauth.keyprovider.KeyProviderUtil;
-import net.schmizz.sshj.userauth.method.AuthKeyboardInteractive;
-import net.schmizz.sshj.userauth.method.AuthMethod;
-import net.schmizz.sshj.userauth.method.AuthPassword;
-import net.schmizz.sshj.userauth.method.AuthPublickey;
-import net.schmizz.sshj.userauth.method.PasswordResponseProvider;
+import net.schmizz.sshj.userauth.keyprovider.*;
+import net.schmizz.sshj.userauth.method.*;
 import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.PasswordUpdateProvider;
 import net.schmizz.sshj.userauth.password.PasswordUtils;
 import net.schmizz.sshj.userauth.password.Resource;
 import net.schmizz.sshj.xfer.scp.SCPFileTransfer;
+import org.ietf.jgss.Oid;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
+import javax.security.auth.login.LoginContext;
+import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
-import java.net.SocketAddress;
+import java.net.ServerSocket;
+import java.nio.charset.Charset;
 import java.security.KeyPair;
 import java.security.PublicKey;
-import java.util.Arrays;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.*;
 
 /**
  * Secure SHell client API.
@@ -92,19 +85,20 @@ import java.util.List;
  * <em>A simple example:</em>
  * <p/>
  * <pre>
- * client = new SSHClient();
- * client.initUserKnownHosts();
+ * final SSHClient client = new SSHClient();
+ * client.loadKnownHosts();
  * client.connect(&quot;hostname&quot;);
  * try {
  *     client.authPassword(&quot;username&quot;, &quot;password&quot;);
  *     final Session session = client.startSession();
  *     try {
- *          session.exec(&quot;true&quot;);
- *          client.getConnection().join();
+ *          final Command cmd = session.exec(&quot;true&quot;);
+ *          cmd.join(1, TimeUnit.SECONDS);
  *     } finally {
  *          session.close();
- *    } finally {
- *     client.disconnect();
+ *     }
+ * } finally {
+ *      client.disconnect();
  * }
  * </pre>
  * <p/>
@@ -113,13 +107,14 @@ import java.util.List;
  */
 public class SSHClient
         extends SocketClient
-        implements SessionFactory {
+        implements Closeable, SessionFactory {
 
     /** Default port for SSH */
     public static final int DEFAULT_PORT = 22;
 
     /** Logger */
-    protected final Logger log = LoggerFactory.getLogger(getClass());
+    protected final LoggerFactory loggerFactory;
+    protected final Logger log;
 
     /** Transport layer */
     protected final Transport trans;
@@ -130,6 +125,11 @@ public class SSHClient
     /** {@code ssh-connection} service */
     protected final Connection conn;
 
+    private final List<LocalPortForwarder> forwarders = new ArrayList<LocalPortForwarder>();
+
+    /** character set of the remote machine */
+    protected Charset remoteCharset = IOUtils.UTF8;
+
     /** Default constructor. Initializes this object using {@link DefaultConfig}. */
     public SSHClient() {
         this(new DefaultConfig());
@@ -142,38 +142,55 @@ public class SSHClient
      */
     public SSHClient(Config config) {
         super(DEFAULT_PORT);
-        this.trans = new TransportImpl(config);
+	loggerFactory = config.getLoggerFactory();
+	log = loggerFactory.getLogger(getClass());
+        this.trans = new TransportImpl(config, this);
         this.auth = new UserAuthImpl(trans);
-        this.conn = new ConnectionImpl(trans);
+        this.conn = new ConnectionImpl(trans, config.getKeepAliveProvider());
     }
 
     /**
      * Add a {@link HostKeyVerifier} which will be invoked for verifying host key during connection establishment and
      * future key exchanges.
      *
-     * @param hostKeyVerifier {@link HostKeyVerifier} instance
+     * @param verifier {@link HostKeyVerifier} instance
      */
-    public void addHostKeyVerifier(HostKeyVerifier hostKeyVerifier) {
-        trans.addHostKeyVerifier(hostKeyVerifier);
+    public void addHostKeyVerifier(HostKeyVerifier verifier) {
+        trans.addHostKeyVerifier(verifier);
+    }
+
+    /**
+     * Add a {@link AlgorithmsVerifier} which will be invoked for verifying negotiated algorithms.
+     *
+     * @param verifier {@link AlgorithmsVerifier} instance
+     */
+    public void addAlgorithmsVerifier(AlgorithmsVerifier verifier) {
+        trans.addAlgorithmsVerifier(verifier);
     }
 
     /**
      * Add a {@link HostKeyVerifier} that will verify any host that's able to claim a host key with the given {@code
-     * fingerprint}, e.g. {@code "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"}
+     * fingerprint}.
+     *
+     * The fingerprint can be specified in either an MD5 colon-delimited format (16 hexadecimal octets, delimited by a colon),
+     * or in a Base64 encoded format for SHA-1 or SHA-256 fingerprints.
+     * Valid examples are:
+     *
+     * <ul><li>"SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak="</li>
+     * <li>"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs="</li>
+     * <li>"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li>
+     * <li>"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li></ul>
      *
      * @param fingerprint expected fingerprint in colon-delimited format (16 octets in hex delimited by a colon)
      *
      * @see SecurityUtils#getFingerprint
      */
     public void addHostKeyVerifier(final String fingerprint) {
-        addHostKeyVerifier(new HostKeyVerifier() {
-            @Override
-            public boolean verify(String h, int p, PublicKey k) {
-                return SecurityUtils.getFingerprint(k).equals(fingerprint);
-            }
-        });
+        addHostKeyVerifier(FingerprintVerifier.getInstance(fingerprint));
     }
 
+    // FIXME: there are way too many auth... overrides. Better API needed.
+
     /**
      * Authenticate {@code username} using the supplied {@code methods}.
      *
@@ -185,7 +202,7 @@ public class SSHClient
      */
     public void auth(String username, AuthMethod... methods)
             throws UserAuthException, TransportException {
-        assert isConnected();
+        checkConnected();
         auth(username, Arrays.<AuthMethod>asList(methods));
     }
 
@@ -200,8 +217,18 @@ public class SSHClient
      */
     public void auth(String username, Iterable<AuthMethod> methods)
             throws UserAuthException, TransportException {
-        assert isConnected();
-        auth.authenticate(username, (Service) conn, methods);
+        checkConnected();
+        final Deque<UserAuthException> savedEx = new LinkedList<UserAuthException>();
+        for (AuthMethod method: methods) {
+            method.setLoggerFactory(loggerFactory);
+            try {
+                if (auth.authenticate(username, (Service) conn, method, trans.getTimeoutMs()))
+                    return;
+            } catch (UserAuthException e) {
+                savedEx.push(e);
+            }
+        }
+        throw new UserAuthException("Exhausted available authentication methods", savedEx.peek());
     }
 
     /**
@@ -265,6 +292,22 @@ public class SSHClient
         auth(username, new AuthPassword(pfinder), new AuthKeyboardInteractive(new PasswordResponseProvider(pfinder)));
     }
 
+    /**
+     * Authenticate {@code username} using the {@code "password"} authentication method and as a fallback basic
+     * challenge-response authentication.
+     *
+     * @param username user to authenticate
+     * @param pfinder  the {@link PasswordFinder} to use for authentication
+     * @param newPasswordProvider  the {@link PasswordUpdateProvider} to use when a new password is being requested from the user.
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPassword(String username, PasswordFinder pfinder, PasswordUpdateProvider newPasswordProvider)
+            throws UserAuthException, TransportException {
+        auth(username, new AuthPassword(pfinder, newPasswordProvider), new AuthKeyboardInteractive(new PasswordResponseProvider(pfinder)));
+    }
+
     /**
      * Authenticate {@code username} using the {@code "publickey"} authentication method, with keys from some common
      * locations on the file system. This method relies on {@code ~/.ssh/id_rsa} and {@code ~/.ssh/id_dsa}.
@@ -279,7 +322,7 @@ public class SSHClient
     public void authPublickey(String username)
             throws UserAuthException, TransportException {
         final String base = System.getProperty("user.home") + File.separator + ".ssh" + File.separator;
-        authPublickey(username, base + "id_rsa", base + "id_dsa");
+        authPublickey(username, base + "id_rsa", base + "id_dsa", base + "id_ed25519", base + "id_ecdsa");
     }
 
     /**
@@ -296,8 +339,7 @@ public class SSHClient
      * @throws TransportException if there was a transport-layer error
      */
     public void authPublickey(String username, Iterable<KeyProvider> keyProviders)
-            throws UserAuthException,
-                   TransportException {
+            throws UserAuthException, TransportException {
         final List<AuthMethod> am = new LinkedList<AuthMethod>();
         for (KeyProvider kp : keyProviders)
             am.add(new AuthPublickey(kp));
@@ -342,16 +384,41 @@ public class SSHClient
     public void authPublickey(String username, String... locations)
             throws UserAuthException, TransportException {
         final List<KeyProvider> keyProviders = new LinkedList<KeyProvider>();
-        for (String loc : locations)
+        for (String loc : locations) {
             try {
                 log.debug("Attempting to load key from: {}", loc);
                 keyProviders.add(loadKeys(loc));
             } catch (IOException logged) {
-                log.warn("Could not load keys due to: {}", logged);
+                log.info("Could not load keys from {} due to: {}", loc, logged.getMessage());
             }
+        }
         authPublickey(username, keyProviders);
     }
 
+    /**
+     * Authenticate {@code username} using the {@code "gssapi-with-mic"} authentication method, given a login context
+     * for the peer GSS machine and a list of supported OIDs.
+     * <p/>
+     * Supported OIDs should be ordered by preference as the SSH server will choose the first OID that it also
+     * supports. At least one OID is required
+     *
+     * @param username      user to authenticate
+     * @param context       {@code LoginContext} for the peer GSS machine
+     * @param supportedOid  first supported OID
+     * @param supportedOids other supported OIDs
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authGssApiWithMic(String username, LoginContext context, Oid supportedOid, Oid... supportedOids)
+            throws UserAuthException, TransportException {
+        // insert supportedOid to the front of the list since ordering matters
+        List<Oid> oids = new ArrayList<Oid>(Arrays.asList(supportedOids));
+        oids.add(0, supportedOid);
+
+        auth(username, new AuthGssApiWithMic(context, oids));
+    }
+
     /**
      * Disconnects from the connected SSH server. {@code SSHClient} objects are not reusable therefore it is incorrect
      * to attempt connection after this method has been called.
@@ -362,10 +429,16 @@ public class SSHClient
     @Override
     public void disconnect()
             throws IOException {
-        assert isConnected();
+        for (LocalPortForwarder forwarder : forwarders) {
+            try {
+                forwarder.close();
+            } catch (IOException e) {
+                log.warn("Error closing forwarder", e);
+            }
+        }
+        forwarders.clear();
         trans.disconnect();
         super.disconnect();
-        assert !isConnected();
     }
 
     /** @return the associated {@link Connection} instance. */
@@ -373,6 +446,15 @@ public class SSHClient
         return conn;
     }
 
+    /**
+     * Returns the character set used to communicate with the remote machine for certain strings (like paths).
+     *
+     * @return remote character set
+     */
+    public Charset getRemoteCharset() {
+        return remoteCharset;
+    }
+
     /** @return a {@link RemotePortForwarder} that allows requesting remote forwarding over this connection. */
     public RemotePortForwarder getRemotePortForwarder() {
         synchronized (conn) {
@@ -391,8 +473,7 @@ public class SSHClient
     /**
      * @return the associated {@link UserAuth} instance. This allows access to information like the {@link
      *         UserAuth#getBanner() authentication banner}, whether authentication was at least {@link
-     *         UserAuth#hadPartialSuccess() partially successful}, and any {@link UserAuth#getSavedExceptions() saved
-     *         exceptions} that were ignored because there were more authentication method that could be tried.
+     *         UserAuth#hadPartialSuccess() partially successful}.
      */
     public UserAuth getUserAuth() {
         return auth;
@@ -441,7 +522,7 @@ public class SSHClient
     /**
      * Utility function for createing a {@link KeyProvider} instance from given location on the file system. Creates a
      * one-off {@link PasswordFinder} using {@link PasswordUtils#createOneOff(char[])}, and calls {@link
-     * #loadKeys(String,PasswordFinder)}.
+     * #loadKeys(String, PasswordFinder)}.
      *
      * @param location   location of the key file
      * @param passphrase passphrase as a char-array
@@ -458,8 +539,13 @@ public class SSHClient
     }
 
     /**
-     * Creates a {@link KeyProvider} instance from given location on the file system. Currently only PKCS8 format
-     * private key files are supported (OpenSSH uses this format).
+     * Creates a {@link KeyProvider} instance from given location on the file system. Currently the following private key files are supported:
+     * <ul>
+     *     <li>PKCS8 (OpenSSH uses this format)</li>
+     *     <li>PKCS5</li>
+     *     <li>Putty keyfile</li>
+     *     <li>openssh-key-v1 (New OpenSSH keyfile format)</li>
+     * </ul>
      * <p/>
      *
      * @param location       the location of the key file
@@ -475,9 +561,9 @@ public class SSHClient
     public KeyProvider loadKeys(String location, PasswordFinder passwordFinder)
             throws IOException {
         final File loc = new File(location);
-        final FileKeyProvider.Format format = KeyProviderUtil.detectKeyFileFormat(loc);
-        final FileKeyProvider fkp = Factory.Named.Util.create(trans.getConfig().getFileKeyProviderFactories(), format
-                .toString());
+        final KeyFormat format = KeyProviderUtil.detectKeyFileFormat(loc);
+        final FileKeyProvider fkp =
+                Factory.Named.Util.create(trans.getConfig().getFileKeyProviderFactories(), format.toString());
         if (fkp == null)
             throw new SSHException("No provider available for " + format + " key file");
         fkp.init(loc, passwordFinder);
@@ -501,6 +587,33 @@ public class SSHClient
         return loadKeys(location, passphrase.toCharArray());
     }
 
+    /**
+     * Creates a {@link KeyProvider} instance from passed strings. Currently only PKCS8 format private key files are
+     * supported (OpenSSH uses this format).
+     * <p/>
+     *
+     * @param privateKey     the private key as a string
+     * @param publicKey      the public key as a string if it's not included with the private key
+     * @param passwordFinder the {@link PasswordFinder} that can supply the passphrase for decryption (may be {@code
+     *                       null} in case keyfile is not encrypted)
+     *
+     * @return the key provider ready for use in authentication
+     *
+     * @throws SSHException if there was no suitable key provider available for the file format; typically because
+     *                      BouncyCastle is not in the classpath
+     * @throws IOException  if the key file format is not known, etc.
+     */
+    public KeyProvider loadKeys(String privateKey, String publicKey, PasswordFinder passwordFinder)
+            throws IOException {
+        final KeyFormat format = KeyProviderUtil.detectKeyFileFormat(privateKey, publicKey != null);
+        final FileKeyProvider fkp =
+                Factory.Named.Util.create(trans.getConfig().getFileKeyProviderFactories(), format.toString());
+        if (fkp == null)
+            throw new SSHException("No provider available for " + format + " key file");
+        fkp.init(privateKey, publicKey, passwordFinder);
+        return fkp;
+    }
+
     /**
      * Attempts loading the user's {@code known_hosts} file from the default locations, i.e. {@code ~/.ssh/known_hosts}
      * and {@code ~/.ssh/known_hosts2} on most platforms. Adds the resulting {@link OpenSSHKnownHosts} object as a host
@@ -537,27 +650,27 @@ public class SSHClient
      */
     public void loadKnownHosts(File location)
             throws IOException {
-        addHostKeyVerifier(new OpenSSHKnownHosts(location));
+        addHostKeyVerifier(new OpenSSHKnownHosts(location, loggerFactory));
     }
 
     /**
-     * Create a {@link LocalPortForwarder} that will listen on {@code address} and forward incoming connections to the
-     * server; which will further forward them to {@code host:port}.
+     * Create a {@link LocalPortForwarder} that will listen based on {@code parameters} using the bound
+     * {@code serverSocket} and forward incoming connections to the server; which will further forward them to
+     * {@code host:port}.
      * <p/>
      * The returned forwarder's {@link LocalPortForwarder#listen() listen()} method should be called to actually start
      * listening, this method just creates an instance.
      *
-     * @param address defines where the {@link LocalPortForwarder} listens
-     * @param host    hostname to which the server will forward
-     * @param port    the port at {@code hostname} to which the server wil forward
+     * @param parameters   parameters for the forwarding setup
+     * @param serverSocket bound server socket
      *
      * @return a {@link LocalPortForwarder}
-     *
-     * @throws IOException if there is an error opening a local server socket
      */
-    public LocalPortForwarder newLocalPortForwarder(SocketAddress address, String host, int port)
-            throws IOException {
-        return new LocalPortForwarder(getServerSocketFactory(), conn, address, host, port);
+    public LocalPortForwarder newLocalPortForwarder(LocalPortForwarder.Parameters parameters,
+                                                    ServerSocket serverSocket) {
+        LocalPortForwarder forwarder = new LocalPortForwarder(conn, parameters, serverSocket, loggerFactory);
+        forwarders.add(forwarder);
+        return forwarder;
     }
 
     /**
@@ -582,8 +695,9 @@ public class SSHClient
 
     /** @return Instantiated {@link SCPFileTransfer} implementation. */
     public SCPFileTransfer newSCPFileTransfer() {
-        assert isConnected() && isAuthenticated();
-        return new SCPFileTransfer(this);
+        checkConnected();
+        checkAuthenticated();
+        return new SCPFileTransfer(this, loggerFactory);
     }
 
     /**
@@ -594,7 +708,8 @@ public class SSHClient
      */
     public SFTPClient newSFTPClient()
             throws IOException {
-        assert isConnected() && isAuthenticated();
+        checkConnected();
+        checkAuthenticated();
         return new SFTPClient(new SFTPEngine(this).init());
     }
 
@@ -608,13 +723,23 @@ public class SSHClient
         doKex();
     }
 
+    /**
+     * Sets the character set used to communicate with the remote machine for certain strings (like paths)
+     *
+     * @param remoteCharset
+     *        remote character set or {@code null} for default
+     */
+    public void setRemoteCharset(Charset remoteCharset) {
+        this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8;
+    }
+
     @Override
     public Session startSession()
             throws ConnectionException, TransportException {
-        assert isConnected() && isAuthenticated();
-        final SessionChannel sess = new SessionChannel(conn);
+        checkConnected();
+        checkAuthenticated();
+        final SessionChannel sess = new SessionChannel(conn, remoteCharset);
         sess.open();
-        assert sess.isOpen();
         return sess;
     }
 
@@ -654,18 +779,33 @@ public class SSHClient
      */
     protected void doKex()
             throws TransportException {
-        assert trans.isRunning();
-
+        checkConnected();
         final long start = System.currentTimeMillis();
-
-        try {
-            trans.doKex();
-        } catch (TransportException te) {
-            trans.disconnect(DisconnectReason.KEY_EXCHANGE_FAILED);
-            throw te;
-        }
-
-        log.info("Key exchange took {} seconds", (System.currentTimeMillis() - start) / 1000.0);
+        trans.doKex();
+        log.debug("Key exchange took {} seconds", (System.currentTimeMillis() - start) / 1000.0);
     }
 
-}
+    /**
+     * Same as {@link #disconnect()}.
+     *
+     * @throws IOException
+     */
+    @Override
+    public void close()
+            throws IOException {
+        disconnect();
+    }
+
+    private void checkConnected() {
+        if (!isConnected()) {
+            throw new IllegalStateException("Not connected");
+        }
+    }
+
+    private void checkAuthenticated() {
+        if (!isAuthenticated()) {
+            throw new IllegalStateException("Not authenticated");
+        }
+    }
+
+}

src/main/java/net/schmizz/sshj/Service.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,4 @@ public interface Service
     void request()
             throws TransportException;
 
-    void notifyDisconnect()
-            throws SSHException;
-
 }

src/main/java/net/schmizz/sshj/SocketClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,40 +12,22 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file incorporates work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj;
 
-import javax.net.ServerSocketFactory;
+import com.hierynomus.sshj.backport.JavaVersion;
+import com.hierynomus.sshj.backport.Jdk7HttpProxySocket;
+
 import javax.net.SocketFactory;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.Proxy;
 import java.net.Socket;
 
-
-abstract class SocketClient {
+public abstract class SocketClient {
 
     private final int defaultPort;
 
@@ -54,7 +36,6 @@ abstract class SocketClient {
     private OutputStream output;
 
     private SocketFactory socketFactory = SocketFactory.getDefault();
-    private ServerSocketFactory serverSocketFactory = ServerSocketFactory.getDefault();
 
     private static final int DEFAULT_CONNECT_TIMEOUT = 0;
     private int connectTimeout = DEFAULT_CONNECT_TIMEOUT;
@@ -67,21 +48,109 @@ abstract class SocketClient {
         this.defaultPort = defaultPort;
     }
 
-    public void connect(InetAddress host, int port)
-            throws IOException {
+    /**
+     * Connect to a host via a proxy.
+     * @param hostname The host name to connect to.
+     * @param proxy The proxy to connect via.
+     * @deprecated This method will be removed after v0.12.0. If you want to connect via a proxy, you can do this by injecting a {@link javax.net.SocketFactory}
+     *             into the SocketClient. The SocketFactory should create sockets using the {@link java.net.Socket#Socket(java.net.Proxy)} constructor.
+     */
+    @Deprecated
+    public void connect(String hostname, Proxy proxy) throws IOException {
+        connect(hostname, defaultPort, proxy);
+    }
+
+    /**
+     * Connect to a host via a proxy.
+     * @param hostname The host name to connect to.
+     * @param port The port to connect to.
+     * @param proxy The proxy to connect via.
+     * @deprecated This method will be removed after v0.12.0. If you want to connect via a proxy, you can do this by injecting a {@link javax.net.SocketFactory}
+     *             into the SocketClient. The SocketFactory should create sockets using the {@link java.net.Socket#Socket(java.net.Proxy)} constructor.
+     */
+    @Deprecated
+    public void connect(String hostname, int port, Proxy proxy) throws IOException {
+        this.hostname = hostname;
+        if (JavaVersion.isJava7OrEarlier() && proxy.type() == Proxy.Type.HTTP) {
+            // Java7 and earlier have no support for HTTP Connect proxies, return our custom socket.
+            socket = new Jdk7HttpProxySocket(proxy);
+        } else {
+            socket = new Socket(proxy);
+        }
+        socket.connect(new InetSocketAddress(hostname, port), connectTimeout);
+        onConnect();
+    }
+
+    /**
+     * Connect to a host via a proxy.
+     * @param host The host address to connect to.
+     * @param proxy The proxy to connect via.
+     * @deprecated This method will be removed after v0.12.0. If you want to connect via a proxy, you can do this by injecting a {@link javax.net.SocketFactory}
+     *             into the SocketClient. The SocketFactory should create sockets using the {@link java.net.Socket#Socket(java.net.Proxy)} constructor.
+     */
+    @Deprecated
+    public void connect(InetAddress host, Proxy proxy) throws IOException {
+        connect(host, defaultPort, proxy);
+    }
+
+    /**
+     * Connect to a host via a proxy.
+     * @param host The host address to connect to.
+     * @param port The port to connect to.
+     * @param proxy The proxy to connect via.
+     * @deprecated This method will be removed after v0.12.0. If you want to connect via a proxy, you can do this by injecting a {@link javax.net.SocketFactory}
+     *             into the SocketClient. The SocketFactory should create sockets using the {@link java.net.Socket#Socket(java.net.Proxy)} constructor.
+     */
+    @Deprecated
+    public void connect(InetAddress host, int port, Proxy proxy) throws IOException {
+        if (JavaVersion.isJava7OrEarlier() && proxy.type() == Proxy.Type.HTTP) {
+            // Java7 and earlier have no support for HTTP Connect proxies, return our custom socket.
+            socket = new Jdk7HttpProxySocket(proxy);
+        } else {
+            socket = new Socket(proxy);
+        }
+        socket.connect(new InetSocketAddress(host, port), connectTimeout);
+        onConnect();
+    }
+
+    public void connect(String hostname) throws IOException {
+        connect(hostname, defaultPort);
+    }
+
+    public void connect(String hostname, int port) throws IOException {
+        if (hostname == null) {
+            connect(InetAddress.getByName(null), port);
+        } else {
+            this.hostname = hostname;
+            socket = socketFactory.createSocket();
+            socket.connect(new InetSocketAddress(hostname, port), connectTimeout);
+            onConnect();
+        }
+    }
+
+    public void connect(String hostname, int port, InetAddress localAddr, int localPort) throws IOException {
+        if (hostname == null) {
+            connect(InetAddress.getByName(null), port, localAddr, localPort);
+        } else {
+            this.hostname = hostname;
+            socket = socketFactory.createSocket();
+            socket.bind(new InetSocketAddress(localAddr, localPort));
+            socket.connect(new InetSocketAddress(hostname, port), connectTimeout);
+            onConnect();
+        }
+    }
+
+    public void connect(InetAddress host) throws IOException {
+        connect(host, defaultPort);
+    }
+
+    public void connect(InetAddress host, int port) throws IOException {
         socket = socketFactory.createSocket();
         socket.connect(new InetSocketAddress(host, port), connectTimeout);
         onConnect();
     }
 
-    public void connect(String hostname, int port)
-            throws IOException {
-        this.hostname = hostname;
-        connect(InetAddress.getByName(hostname), port);
-    }
-
-    public void connect(InetAddress host, int port,
-                        InetAddress localAddr, int localPort)
+    public void connect(InetAddress host, int port, InetAddress localAddr, int localPort)
             throws IOException {
         socket = socketFactory.createSocket();
         socket.bind(new InetSocketAddress(localAddr, localPort));
@@ -89,25 +158,7 @@ abstract class SocketClient {
         onConnect();
     }
 
-    public void connect(String hostname, int port,
-                        InetAddress localAddr, int localPort)
-            throws IOException {
-        this.hostname = hostname;
-        connect(InetAddress.getByName(hostname), port, localAddr, localPort);
-    }
-
-    public void connect(InetAddress host)
-            throws IOException {
-        connect(host, defaultPort);
-    }
-
-    public void connect(String hostname)
-            throws IOException {
-        connect(hostname, defaultPort);
-    }
-
-    public void disconnect()
-            throws IOException {
+    public void disconnect() throws IOException {
         if (socket != null) {
             socket.close();
             socket = null;
@@ -130,7 +181,6 @@ abstract class SocketClient {
         return socket.getLocalPort();
     }
 
-
     public InetAddress getLocalAddress() {
         return socket.getLocalAddress();
     }
@@ -148,27 +198,17 @@ abstract class SocketClient {
     }
 
     public void setSocketFactory(SocketFactory factory) {
-        if (factory == null)
+        if (factory == null) {
             socketFactory = SocketFactory.getDefault();
-        else
+        } else {
             socketFactory = factory;
+        }
     }
 
     public SocketFactory getSocketFactory() {
         return socketFactory;
     }
 
-    public void setServerSocketFactory(ServerSocketFactory factory) {
-        if (factory == null)
-            serverSocketFactory = ServerSocketFactory.getDefault();
-        else
-            serverSocketFactory = factory;
-    }
-
-    public ServerSocketFactory getServerSocketFactory() {
-        return serverSocketFactory;
-    }
-
     public int getConnectTimeout() {
         return connectTimeout;
     }
@@ -197,11 +237,10 @@ abstract class SocketClient {
         return output;
     }
 
-    void onConnect()
-            throws IOException {
+    void onConnect() throws IOException {
         socket.setSoTimeout(timeout);
         input = socket.getInputStream();
         output = socket.getOutputStream();
     }
 
-}
+}

src/main/java/net/schmizz/sshj/common/Base64.java

@@ -32,7 +32,8 @@ public class Base64 {
      * @see Base64
      * @since 1.3
      */
-    public static class InputStream extends java.io.FilterInputStream {
+    public static class InputStream
+            extends java.io.FilterInputStream {
 
         private final boolean encode; // Encoding or decoding
         private int position; // Current position in the buffer
@@ -99,7 +100,8 @@ public class Base64 {
          * @since 1.3
          */
         @Override
-        public int read() throws java.io.IOException {
+        public int read()
+                throws java.io.IOException {
 
             // Do we need to get data?
             if (position < 0)
@@ -197,7 +199,8 @@ public class Base64 {
          * @since 1.3
          */
         @Override
-        public int read(byte[] dest, int off, int len) throws java.io.IOException {
+        public int read(byte[] dest, int off, int len)
+                throws java.io.IOException {
             int i;
             int b;
             for (i = 0; i < len; i++) {
@@ -222,7 +225,8 @@ public class Base64 {
      * @see Base64
      * @since 1.3
      */
-    public static class OutputStream extends java.io.FilterOutputStream {
+    public static class OutputStream
+            extends java.io.FilterOutputStream {
 
         private final boolean encode;
         private int position;
@@ -289,7 +293,8 @@ public class Base64 {
          * @since 1.3
          */
         @Override
-        public void close() throws java.io.IOException {
+        public void close()
+                throws java.io.IOException {
             // 1. Ensure that pending characters are written
             flush();
 
@@ -308,7 +313,8 @@ public class Base64 {
          * @since 2.3
          */
         @Override
-        public void flush() throws java.io.IOException {
+        public void flush()
+                throws java.io.IOException {
             flushBase64();
             super.flush();
         }
@@ -318,7 +324,8 @@ public class Base64 {
          *
          * @throws java.io.IOException if there's an error.
          */
-        public void flushBase64() throws java.io.IOException {
+        public void flushBase64()
+                throws java.io.IOException {
             if (position > 0)
                 if (encode) {
                     out.write(encode3to4(b4, buffer, position, options));
@@ -346,7 +353,8 @@ public class Base64 {
          * @throws java.io.IOException if there's an error flushing
          * @since 1.5.1
          */
-        public void suspendEncoding() throws java.io.IOException {
+        public void suspendEncoding()
+                throws java.io.IOException {
             flushBase64();
             suspendEncoding = true;
         } // end suspendEncoding
@@ -361,7 +369,8 @@ public class Base64 {
          * @since 1.3
          */
         @Override
-        public void write(byte[] theBytes, int off, int len) throws java.io.IOException {
+        public void write(byte[] theBytes, int off, int len)
+                throws java.io.IOException {
             // Encoding suspended?
             if (suspendEncoding) {
                 super.out.write(theBytes, off, len);
@@ -383,7 +392,8 @@ public class Base64 {
          * @since 1.3
          */
         @Override
-        public void write(int theByte) throws java.io.IOException {
+        public void write(int theByte)
+                throws java.io.IOException {
             // Encoding suspended?
             if (suspendEncoding) {
                 super.out.write(theByte);
@@ -673,7 +683,8 @@ public class Base64 {
      * @throws java.io.IOException If bogus characters exist in source data
      * @since 1.3
      */
-    public static byte[] decode(byte[] source, int off, int len, int options) throws java.io.IOException {
+    public static byte[] decode(byte[] source, int off, int len, int options)
+            throws java.io.IOException {
 
         // Lots of error checking and exception throwing
         if (source == null)
@@ -725,7 +736,7 @@ public class Base64 {
             else
                 // There's a bad input character in the Base64 stream.
                 throw new java.io.IOException(String.format("Bad Base64 input character '%c' in array position %d",
-                        source[i], i));
+                                                            source[i], i));
         } // each input character
 
         byte[] out = new byte[outBuffPosn];
@@ -743,7 +754,8 @@ public class Base64 {
      * @throws java.io.IOException If there is a problem
      * @since 1.4
      */
-    public static byte[] decode(String s) throws java.io.IOException {
+    public static byte[] decode(String s)
+            throws java.io.IOException {
         return decode(s, NO_OPTIONS);
     }
 
@@ -759,7 +771,8 @@ public class Base64 {
      * @throws NullPointerException if <tt>s</tt> is null
      * @since 1.4
      */
-    public static byte[] decode(String s, int options) throws java.io.IOException {
+    public static byte[] decode(String s, int options)
+            throws java.io.IOException {
 
         if (s == null)
             throw new NullPointerException("Input string was null.");
@@ -833,7 +846,8 @@ public class Base64 {
      * @throws java.io.IOException if there is an error
      * @since 2.2
      */
-    public static void decodeFileToFile(String infile, String outfile) throws java.io.IOException {
+    public static void decodeFileToFile(String infile, String outfile)
+            throws java.io.IOException {
 
         byte[] decoded = Base64.decodeFromFile(infile);
         java.io.OutputStream out = null;
@@ -864,7 +878,8 @@ public class Base64 {
      * @throws java.io.IOException if there is an error
      * @since 2.1
      */
-    public static byte[] decodeFromFile(String filename) throws java.io.IOException {
+    public static byte[] decodeFromFile(String filename)
+            throws java.io.IOException {
 
         byte[] decodedData = null;
         Base64.InputStream bis = null;
@@ -878,12 +893,12 @@ public class Base64 {
             // Check for size of file
             if (file.length() > Integer.MAX_VALUE)
                 throw new java.io.IOException("File is too big for this convenience method (" + file.length()
-                        + " bytes).");
+                                                      + " bytes).");
             buffer = new byte[(int) file.length()];
 
             // Open a stream
             bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)),
-                    Base64.DECODE);
+                                         Base64.DECODE);
 
             // Read until done
             while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
@@ -918,7 +933,8 @@ public class Base64 {
      * @throws java.io.IOException if there is an error
      * @since 2.1
      */
-    public static void decodeToFile(String dataToDecode, String filename) throws java.io.IOException {
+    public static void decodeToFile(String dataToDecode, String filename)
+            throws java.io.IOException {
 
         Base64.OutputStream bos = null;
         try {
@@ -950,8 +966,9 @@ public class Base64 {
      * @throws ClassNotFoundException if the decoded object is of a class that cannot be found by the JVM
      * @since 1.5
      */
-    public static Object decodeToObject(String encodedObject) throws java.io.IOException,
-            java.lang.ClassNotFoundException {
+    public static Object decodeToObject(String encodedObject)
+            throws java.io.IOException,
+                   java.lang.ClassNotFoundException {
 
         // Decode and gunzip if necessary
         byte[] objBytes = decode(encodedObject);
@@ -1078,7 +1095,8 @@ public class Base64 {
      * @see Base64#DO_BREAK_LINES
      * @since 2.0
      */
-    public static String encodeBytes(byte[] source, int options) throws java.io.IOException {
+    public static String encodeBytes(byte[] source, int options)
+            throws java.io.IOException {
         return encodeBytes(source, 0, source.length, options);
     } // end encodeBytes
 
@@ -1137,7 +1155,8 @@ public class Base64 {
      * @see Base64#DO_BREAK_LINES
      * @since 2.0
      */
-    public static String encodeBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+    public static String encodeBytes(byte[] source, int off, int len, int options)
+            throws java.io.IOException {
         byte[] encoded = encodeBytesToBytes(source, off, len, options);
 
         // Return value according to relevant encoding.
@@ -1189,7 +1208,8 @@ public class Base64 {
      * @see Base64#DO_BREAK_LINES
      * @since 2.3.1
      */
-    public static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+    public static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options)
+            throws java.io.IOException {
 
         if (source == null)
             throw new NullPointerException("Cannot serialize a null array.");
@@ -1302,7 +1322,8 @@ public class Base64 {
      * @throws java.io.IOException if there is an error
      * @since 2.2
      */
-    public static void encodeFileToFile(String infile, String outfile) throws java.io.IOException {
+    public static void encodeFileToFile(String infile, String outfile)
+            throws java.io.IOException {
 
         String encoded = Base64.encodeFromFile(infile);
         java.io.OutputStream out = null;
@@ -1333,7 +1354,8 @@ public class Base64 {
      * @throws java.io.IOException if there is an error
      * @since 2.1
      */
-    public static String encodeFromFile(String filename) throws java.io.IOException {
+    public static String encodeFromFile(String filename)
+            throws java.io.IOException {
 
         String encodedData = null;
         Base64.InputStream bis = null;
@@ -1348,7 +1370,7 @@ public class Base64 {
 
             // Open a stream
             bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)),
-                    Base64.ENCODE);
+                                         Base64.ENCODE);
 
             // Read until done
             while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
@@ -1387,7 +1409,8 @@ public class Base64 {
      * @throws NullPointerException if serializedObject is null
      * @since 1.4
      */
-    public static String encodeObject(java.io.Serializable serializableObject) throws java.io.IOException {
+    public static String encodeObject(java.io.Serializable serializableObject)
+            throws java.io.IOException {
         return encodeObject(serializableObject, NO_OPTIONS);
     } // end encodeObject
 
@@ -1420,7 +1443,8 @@ public class Base64 {
      * @see Base64#DO_BREAK_LINES
      * @since 2.0
      */
-    public static String encodeObject(java.io.Serializable serializableObject, int options) throws java.io.IOException {
+    public static String encodeObject(java.io.Serializable serializableObject, int options)
+            throws java.io.IOException {
 
         if (serializableObject == null)
             throw new NullPointerException("Cannot serialize a null object.");
@@ -1481,7 +1505,8 @@ public class Base64 {
      * @throws NullPointerException if dataToEncode is null
      * @since 2.1
      */
-    public static void encodeToFile(byte[] dataToEncode, String filename) throws java.io.IOException {
+    public static void encodeToFile(byte[] dataToEncode, String filename)
+            throws java.io.IOException {
 
         if (dataToEncode == null)
             throw new NullPointerException("Data to encode was null.");
@@ -1702,4 +1727,4 @@ public class Base64 {
     private Base64() {
     }
 
-} // end class Base64
+} // end class Base64

src/main/java/net/schmizz/sshj/common/Buffer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,31 +12,11 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
-import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.util.Arrays;
@@ -44,13 +24,14 @@ import java.util.Arrays;
 public class Buffer<T extends Buffer<T>> {
 
     public static class BufferException
-            extends SSHRuntimeException {
+            extends SSHException {
+
         public BufferException(String message) {
             super(message);
         }
     }
 
-    public static class PlainBuffer
+    public static final class PlainBuffer
             extends Buffer<PlainBuffer> {
 
         public PlainBuffer() {
@@ -73,10 +54,20 @@ public class Buffer<T extends Buffer<T>> {
     /** The default size for a {@code Buffer} (256 bytes) */
     public static final int DEFAULT_SIZE = 256;
 
+    /** The maximum valid size of buffer (i.e. biggest power of two that can be represented as an int - 2^30) */
+    public static final int MAX_SIZE = (1 << 30); 
+
+    /** Maximum size of a uint64 */
+    private static final BigInteger MAX_UINT64_VALUE = BigInteger.ONE
+                                                            .shiftLeft(64)
+                                                            .subtract(BigInteger.ONE);
+
     protected static int getNextPowerOf2(int i) {
         int j = 1;
-        while (j < i)
+        while (j < i) {
             j <<= 1;
+            if (j <= 0) throw new IllegalArgumentException("Cannot get next power of 2; "+i+" is too large"); 
+        }
         return j;
     }
 
@@ -139,7 +130,8 @@ public class Buffer<T extends Buffer<T>> {
         this.wpos = wpos;
     }
 
-    protected void ensureAvailable(int a) {
+    protected void ensureAvailable(int a)
+            throws BufferException {
         if (available() < a)
             throw new BufferException("Underflow");
     }
@@ -177,7 +169,8 @@ public class Buffer<T extends Buffer<T>> {
      *
      * @return the {@code true} or {@code false} value read
      */
-    public boolean readBoolean() {
+    public boolean readBoolean()
+            throws BufferException {
         return readByte() != 0;
     }
 
@@ -197,7 +190,8 @@ public class Buffer<T extends Buffer<T>> {
      *
      * @return the byte read
      */
-    public byte readByte() {
+    public byte readByte()
+            throws BufferException {
         ensureAvailable(1);
         return data[rpos++];
     }
@@ -221,8 +215,9 @@ public class Buffer<T extends Buffer<T>> {
      *
      * @return the byte-array read
      */
-    public byte[] readBytes() {
-        int len = readInt();
+    public byte[] readBytes()
+            throws BufferException {
+        int len = readUInt32AsInt();
         if (len < 0 || len > 32768)
             throw new BufferException("Bad item length: " + len);
         byte[] b = new byte[len];
@@ -251,14 +246,16 @@ public class Buffer<T extends Buffer<T>> {
      * @return this
      */
     public T putBytes(byte[] b, int off, int len) {
-        return putInt(len - off).putRawBytes(b, off, len);
+        return putUInt32(len).putRawBytes(b, off, len);
     }
 
-    public void readRawBytes(byte[] buf) {
+    public void readRawBytes(byte[] buf)
+            throws BufferException {
         readRawBytes(buf, 0, buf.length);
     }
 
-    public void readRawBytes(byte[] buf, int off, int len) {
+    public void readRawBytes(byte[] buf, int off, int len)
+            throws BufferException {
         ensureAvailable(len);
         System.arraycopy(data, rpos, buf, off, len);
         rpos += len;
@@ -294,16 +291,18 @@ public class Buffer<T extends Buffer<T>> {
         return (T) this;
     }
 
-    public int readInt() {
-        return (int) readLong();
+    public int readUInt32AsInt()
+            throws BufferException {
+        return (int) readUInt32();
     }
 
-    public long readLong() {
+    public long readUInt32()
+            throws BufferException {
         ensureAvailable(4);
         return data[rpos++] << 24 & 0xff000000L |
-               data[rpos++] << 16 & 0x00ff0000L |
-               data[rpos++] << 8 & 0x0000ff00L |
-               data[rpos++] & 0x000000ffL;
+                data[rpos++] << 16 & 0x00ff0000L |
+                data[rpos++] << 8 & 0x0000ff00L |
+                data[rpos++] & 0x000000ffL;
     }
 
     /**
@@ -314,10 +313,10 @@ public class Buffer<T extends Buffer<T>> {
      * @return this
      */
     @SuppressWarnings("unchecked")
-    public T putInt(long uint32) {
+    public T putUInt32(long uint32) {
         ensureCapacity(4);
         if (uint32 < 0 || uint32 > 0xffffffffL)
-            throw new BufferException("Invalid value: " + uint32);
+            throw new IllegalArgumentException("Invalid value: " + uint32);
         data[wpos++] = (byte) (uint32 >> 24);
         data[wpos++] = (byte) (uint32 >> 16);
         data[wpos++] = (byte) (uint32 >> 8);
@@ -330,54 +329,48 @@ public class Buffer<T extends Buffer<T>> {
      *
      * @return the MP integer as a {@code BigInteger}
      */
-    public BigInteger readMPInt() {
-        return new BigInteger(readMPIntAsBytes());
+    public BigInteger readMPInt()
+            throws BufferException {
+        return new BigInteger(readBytes());
     }
 
-    /**
-     * Writes an SSH multiple-precision integer from a {@code BigInteger}
-     *
-     * @param bi {@code BigInteger} to write
-     *
-     * @return this
-     */
     public T putMPInt(BigInteger bi) {
-        return putMPInt(bi.toByteArray());
+        final byte[] asBytes = bi.toByteArray();
+        putUInt32(asBytes.length);
+        return putRawBytes(asBytes);
     }
 
-    /**
-     * Writes an SSH multiple-precision integer from a Java byte-array
-     *
-     * @param foo byte-array
-     *
-     * @return this
-     */
-    public T putMPInt(byte[] foo) {
-        int i = foo.length;
-        if ((foo[0] & 0x80) != 0) {
-            i++;
-            putInt(i);
-            putByte((byte) 0);
-        } else
-            putInt(i);
-        return putRawBytes(foo);
-    }
-
-    public byte[] readMPIntAsBytes() {
-        return readBytes();
-    }
-
-    public long readUINT64() {
-        long uint64 = (readLong() << 32) + (readLong() & 0xffffffffL);
+    public long readUInt64()
+            throws BufferException {
+        long uint64 = (readUInt32() << 32) + (readUInt32() & 0xffffffffL);
         if (uint64 < 0)
             throw new BufferException("Cannot handle values > Long.MAX_VALUE");
         return uint64;
     }
 
-    @SuppressWarnings("unchecked")
-    public T putUINT64(long uint64) {
+    public BigInteger readUInt64AsBigInteger()
+            throws BufferException {
+        byte[] magnitude = new byte[8];
+        readRawBytes(magnitude);
+        return new BigInteger(1, magnitude);
+    }
+
+    public T putUInt64(long uint64) {
         if (uint64 < 0)
-            throw new BufferException("Invalid value: " + uint64);
+            throw new IllegalArgumentException("Invalid value: " + uint64);
+        return putUInt64Unchecked(uint64);
+    }
+
+    public T putUInt64(BigInteger uint64) {
+        if (uint64.compareTo(MAX_UINT64_VALUE) > 0 ||
+                uint64.compareTo(BigInteger.ZERO) < 0) {
+            throw new IllegalArgumentException("Invalid value: " + uint64);
+        }
+        return putUInt64Unchecked(uint64.longValue());
+    }
+
+    @SuppressWarnings("unchecked")
+    private T putUInt64Unchecked(long uint64) {
         data[wpos++] = (byte) (uint64 >> 56);
         data[wpos++] = (byte) (uint64 >> 48);
         data[wpos++] = (byte) (uint64 >> 40);
@@ -392,29 +385,38 @@ public class Buffer<T extends Buffer<T>> {
     /**
      * Reads an SSH string
      *
+     * @param cs the charset to use for decoding
+     *
      * @return the string as a Java {@code String}
      */
-    public String readString() {
-        int len = readInt();
+    public String readString(Charset cs)
+            throws BufferException {
+        int len = readUInt32AsInt();
         if (len < 0 || len > 32768)
             throw new BufferException("Bad item length: " + len);
         ensureAvailable(len);
-        String s;
-        try {
-            s = new String(data, rpos, len, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new SSHRuntimeException(e);
-        }
+        String s = new String(data, rpos, len, cs);
         rpos += len;
         return s;
     }
 
+    /**
+     * Reads an SSH string using {@code UTF8}
+     *
+     * @return the string as a Java {@code String}
+     */
+    public String readString()
+            throws BufferException {
+        return readString(IOUtils.UTF8);
+    }
+
     /**
      * Reads an SSH string
      *
      * @return the string as a byte-array
      */
-    public byte[] readStringAsBytes() {
+    public byte[] readStringAsBytes()
+            throws BufferException {
         return readBytes();
     }
 
@@ -426,21 +428,21 @@ public class Buffer<T extends Buffer<T>> {
         return putBytes(str, offset, len);
     }
 
+    public T putString(String string, Charset cs) {
+        return putString(string.getBytes(cs));
+    }
+
     public T putString(String string) {
-        try {
-            return putString(string.getBytes("UTF-8"));
-        } catch (UnsupportedEncodingException e) {
-            throw new SSHRuntimeException(e);
-        }
+        return putString(string, IOUtils.UTF8);
     }
 
     /**
      * Writes a char-array as an SSH string and then blanks it out.
      * <p/>
-     * This is useful when a plaintext password needs to be sent. If {@code passwd} is {@code null}, an empty string is
+     * This is useful when a plaintext password needs to be sent. If {@code str} is {@code null}, an empty string is
      * written.
      *
-     * @param str (null-ok) the password as a character array
+     * @param str (null-ok) the string as a character array
      *
      * @return this
      */
@@ -448,7 +450,7 @@ public class Buffer<T extends Buffer<T>> {
     public T putSensitiveString(char[] str) {
         if (str == null)
             return putString("");
-        putInt(str.length);
+        putUInt32(str.length);
         ensureCapacity(str.length);
         for (char c : str)
             data[wpos++] = (byte) c;
@@ -456,10 +458,10 @@ public class Buffer<T extends Buffer<T>> {
         return (T) this;
     }
 
-    public PublicKey readPublicKey() {
+    public PublicKey readPublicKey()
+            throws BufferException {
         try {
-            final String type = readString();
-            return KeyType.fromString(type).readPubKeyFromBuffer(type, this);
+            return KeyType.fromString(readString()).readPubKeyFromBuffer(this);
         } catch (GeneralSecurityException e) {
             throw new SSHRuntimeException(e);
         }

src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,48 +12,14 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
-import java.util.Arrays;
-
 /** Utility functions for byte arrays. */
 public class ByteArrayUtils {
 
     final static char[] digits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
 
-    /**
-     * Check whether two byte arrays are the equal.
-     *
-     * @param a1
-     * @param a2
-     *
-     * @return <code>true</code> or <code>false</code>
-     */
-    public static boolean equals(byte[] a1, byte[] a2) {
-        return (a1.length != a2.length && equals(a1, 0, a2, 0, a1.length));
-    }
-
     /**
      * Check whether some part or whole of two byte arrays is equal, for <code>length</code> bytes starting at some
      * offset.
@@ -75,17 +41,6 @@ public class ByteArrayUtils {
         return true;
     }
 
-    /**
-     * Get a hexadecimal representation of <code>array</code>, with each octet separated by a space.
-     *
-     * @param array
-     *
-     * @return hex string, each octet delimited by a space
-     */
-    public static String printHex(byte[] array) {
-        return printHex(array, 0, array.length);
-    }
-
     /**
      * Get a hexadecimal representation of a byte array starting at <code>offset</code> index for <code>len</code>
      * bytes, with each octet separated by a space.
@@ -139,8 +94,34 @@ public class ByteArrayUtils {
         return sb.toString();
     }
 
-    public static byte[] copyOf(byte[] array) {
-        return Arrays.copyOf(array, array.length);
+
+    public static byte[] parseHex(String hex) {
+        if (hex == null) {
+            throw new IllegalArgumentException("Hex string is null");
+        }
+        if (hex.length() % 2 != 0) {
+            throw new IllegalArgumentException("Hex string '" + hex + "' should have even length.");
+        }
+
+        byte[] result = new byte[hex.length() / 2];
+        for (int i = 0; i < result.length; i++) {
+            int hi = parseHexDigit(hex.charAt(i * 2)) << 4;
+            int lo = parseHexDigit(hex.charAt(i * 2 + 1));
+            result[i] = (byte) (hi + lo);
+        }
+        return result;
     }
 
+    private static int parseHexDigit(char c) {
+        if (c >= '0' && c <= '9') {
+            return c - '0';
+        }
+        if (c >= 'a' && c <= 'f') {
+            return c - 'a' + 10;
+        }
+        if (c >= 'A' && c <= 'F') {
+            return c - 'A' + 10;
+        }
+        throw new IllegalArgumentException("Digit '" + c + "' out of bounds [0-9a-fA-F]");
+    }
 }

src/main/java/net/schmizz/sshj/common/DisconnectReason.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+import com.hierynomus.sshj.secg.SecgUtils;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+class ECDSAVariationsAdapter {
+
+    private final static String BASE_ALGORITHM_NAME = "ecdsa-sha2-nistp";
+
+    private final static Logger log = LoggerFactory.getLogger(ECDSAVariationsAdapter.class);
+
+    public final static Map<String, String> SUPPORTED_CURVES = new HashMap<String, String>();
+    public final static Map<String, String> NIST_CURVES_NAMES = new HashMap<String, String>();
+
+    static {
+        NIST_CURVES_NAMES.put("256", "p-256");
+        NIST_CURVES_NAMES.put("384", "p-384");
+        NIST_CURVES_NAMES.put("521", "p-521");
+
+        SUPPORTED_CURVES.put("256", "nistp256");
+        SUPPORTED_CURVES.put("384", "nistp384");
+        SUPPORTED_CURVES.put("521", "nistp521");
+    }
+
+    static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
+        String algorithm = BASE_ALGORITHM_NAME + variation;
+        if (!SecurityUtils.isBouncyCastleRegistered()) {
+            throw new GeneralSecurityException("BouncyCastle is required to read a key of type " + algorithm);
+        }
+        try {
+            // final String algo = buf.readString(); it has been already read
+            final String curveName = buf.readString();
+            final int keyLen = buf.readUInt32AsInt();
+            final byte x04 = buf.readByte(); // it must be 0x04, but don't think
+            // we need that check
+            final byte[] x = new byte[(keyLen - 1) / 2];
+            final byte[] y = new byte[(keyLen - 1) / 2];
+            buf.readRawBytes(x);
+            buf.readRawBytes(y);
+            if (log.isDebugEnabled()) {
+                log.debug(String.format("Key algo: %s, Key curve: %s, Key Len: %s, 0x04: %s\nx: %s\ny: %s", 
+                        algorithm, curveName, keyLen, x04, Arrays.toString(x), Arrays.toString(y)));
+            }
+
+            if (!SUPPORTED_CURVES.values().contains(curveName)) {
+                throw new GeneralSecurityException(String.format("Unknown curve %s", curveName));
+            }
+
+            BigInteger bigX = new BigInteger(1, x);
+            BigInteger bigY = new BigInteger(1, y);
+
+            String name = NIST_CURVES_NAMES.get(variation);
+            X9ECParameters ecParams = NISTNamedCurves.getByName(name);
+            ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
+            ECPoint p = new ECPoint(bigX, bigY);
+            ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(p, ecCurveSpec);
+
+            KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
+            return keyFactory.generatePublic(publicKeySpec);
+        } catch (Exception ex) {
+            throw new GeneralSecurityException(ex);
+        }
+    }
+
+    static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+        final ECPublicKey ecdsa = (ECPublicKey) pk;
+        byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
+
+        buf.putString("nistp" + Integer.toString(fieldSizeFromKey(ecdsa)))
+            .putBytes(encoded);
+    }
+
+    static boolean isECKeyWithFieldSize(Key key, int fieldSize) {
+        return "ECDSA".equals(key.getAlgorithm())
+                && fieldSizeFromKey((ECKey) key) == fieldSize;
+    }
+
+    private static int fieldSizeFromKey(ECKey ecPublicKey) {
+        return ecPublicKey.getParams().getCurve().getField().getFieldSize();
+    }
+}

src/main/java/net/schmizz/sshj/common/ErrorNotifiable.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@ public interface ErrorNotifiable {
 
     /** Utility functions. */
     class Util {
+
         /** Notify all {@code notifiables} of given {@code error}. */
         public static void alertAll(SSHException error, ErrorNotifiable... notifiables) {
             for (ErrorNotifiable notifiable : notifiables)

src/main/java/net/schmizz/sshj/common/Factory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,26 +12,6 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 

src/main/java/net/schmizz/sshj/common/IOUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,47 +12,44 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
+import java.io.ByteArrayOutputStream;
 import java.io.Closeable;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.Charset;
 
 public class IOUtils {
 
-    private static final Logger LOG = LoggerFactory.getLogger(IOUtils.class);
+    public static final Charset UTF8 = Charset.forName("UTF-8");
 
     public static void closeQuietly(Closeable... closeables) {
-        for (Closeable c : closeables)
+        closeQuietly(LoggerFactory.DEFAULT, closeables);
+    }
+
+    public static ByteArrayOutputStream readFully(InputStream stream)
+            throws IOException {
+        return readFully(stream, LoggerFactory.DEFAULT);
+    }
+
+    public static void closeQuietly(LoggerFactory loggerFactory, Closeable... closeables) {
+        for (Closeable c : closeables) {
             try {
                 if (c != null)
                     c.close();
             } catch (IOException logged) {
-                LOG.warn("Error closing {} - {}", c, logged);
+		loggerFactory.getLogger(IOUtils.class).warn("Error closing {} - {}", c, logged);
             }
+        }
+    }
+
+    public static ByteArrayOutputStream readFully(InputStream stream, LoggerFactory loggerFactory)
+            throws IOException {
+        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        new StreamCopier(stream, baos, loggerFactory).copy();
+        return baos;
     }
 
 }

src/main/java/net/schmizz/sshj/common/KeyType.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,16 @@
  */
 package net.schmizz.sshj.common;
 
+import com.hierynomus.sshj.signature.Ed25519PublicKey;
+import com.hierynomus.sshj.userauth.certificate.Certificate;
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+import net.schmizz.sshj.common.Buffer.BufferException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Key;
@@ -26,59 +36,65 @@ import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.DSAPublicKeySpec;
 import java.security.spec.RSAPublicKeySpec;
+import java.util.*;
 
 /** Type of key e.g. rsa, dsa */
 public enum KeyType {
 
     /** SSH identifier for RSA keys */
     RSA("ssh-rsa") {
-
         @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                 throws GeneralSecurityException {
-            final BigInteger e = buf.readMPInt();
-            final BigInteger n = buf.readMPInt();
+            final BigInteger e, n;
+            try {
+                e = buf.readMPInt();
+                n = buf.readMPInt();
+            } catch (Buffer.BufferException be) {
+                throw new GeneralSecurityException(be);
+            }
             final KeyFactory keyFactory = SecurityUtils.getKeyFactory("RSA");
             return keyFactory.generatePublic(new RSAPublicKeySpec(n, e));
         }
 
         @Override
-        public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
             final RSAPublicKey rsaKey = (RSAPublicKey) pk;
-            buf.putString(sType)
-                    .putMPInt(rsaKey.getPublicExponent()) // e
-                    .putMPInt(rsaKey.getModulus()); // n
+            buf.putMPInt(rsaKey.getPublicExponent()) // e
+                .putMPInt(rsaKey.getModulus()); // n
         }
 
         @Override
         protected boolean isMyType(Key key) {
             return (key instanceof RSAPublicKey || key instanceof RSAPrivateKey);
         }
-
     },
 
     /** SSH identifier for DSA keys */
     DSA("ssh-dss") {
-
         @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                 throws GeneralSecurityException {
-            final BigInteger p = buf.readMPInt();
-            final BigInteger q = buf.readMPInt();
-            final BigInteger g = buf.readMPInt();
-            final BigInteger y = buf.readMPInt();
+            BigInteger p, q, g, y;
+            try {
+                p = buf.readMPInt();
+                q = buf.readMPInt();
+                g = buf.readMPInt();
+                y = buf.readMPInt();
+            } catch (Buffer.BufferException be) {
+                throw new GeneralSecurityException(be);
+            }
             final KeyFactory keyFactory = SecurityUtils.getKeyFactory("DSA");
             return keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g));
         }
 
         @Override
-        public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
             final DSAPublicKey dsaKey = (DSAPublicKey) pk;
-            buf.putString(sType)
-                    .putMPInt(dsaKey.getParams().getP()) // p
-                    .putMPInt(dsaKey.getParams().getQ()) // q
-                    .putMPInt(dsaKey.getParams().getG()) // g
-                    .putMPInt(dsaKey.getY()); // y
+            buf.putMPInt(dsaKey.getParams().getP()) // p
+                .putMPInt(dsaKey.getParams().getQ()) // q
+                .putMPInt(dsaKey.getParams().getG()) // g
+                .putMPInt(dsaKey.getY()); // y
         }
 
         @Override
@@ -88,13 +104,150 @@ public enum KeyType {
 
     },
 
-    /** Unrecognized */
-    UNKNOWN("unknown") {
+    /** SSH identifier for ECDSA-256 keys */
+    ECDSA256("ecdsa-sha2-nistp256") {
 
         @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                 throws GeneralSecurityException {
-            throw new UnsupportedOperationException("Don't know how to decode key:" + type);
+            return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "256");
+        }
+
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 256);
+        }
+    },
+
+    /** SSH identifier for ECDSA-384 keys */
+    ECDSA384("ecdsa-sha2-nistp384") {
+
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
+                throws GeneralSecurityException {
+            return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "384");
+        }
+
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 384);
+        }
+    },
+
+    /** SSH identifier for ECDSA-521 keys */
+    ECDSA521("ecdsa-sha2-nistp521") {
+
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
+                throws GeneralSecurityException {
+            return ECDSAVariationsAdapter.readPubKeyFromBuffer(buf, "521");
+        }
+
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            ECDSAVariationsAdapter.writePubKeyContentsIntoBuffer(pk, buf);
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 521);
+        }
+    },
+
+    ED25519("ssh-ed25519") {
+        private final Logger log = LoggerFactory.getLogger(KeyType.class);
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf) throws GeneralSecurityException {
+            try {
+                final int keyLen = buf.readUInt32AsInt();
+                final byte[] p = new byte[keyLen];
+                buf.readRawBytes(p);
+                if (log.isDebugEnabled()) {
+                    log.debug(String.format("Key algo: %s, Key curve: 25519, Key Len: %s\np: %s",
+                            sType,
+                            keyLen,
+                            Arrays.toString(p))
+                    );
+                }
+
+                EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
+                EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(p, ed25519);
+                return new Ed25519PublicKey(publicSpec);
+
+            } catch (Buffer.BufferException be) {
+                throw new SSHRuntimeException(be);
+            }
+        }
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            EdDSAPublicKey key = (EdDSAPublicKey) pk;
+            buf.putBytes(key.getAbyte());
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return "EdDSA".equals(key.getAlgorithm());
+        }
+    },
+
+    /** Signed rsa certificate */
+    RSA_CERT("ssh-rsa-cert-v01@openssh.com") {
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
+                throws GeneralSecurityException {
+            return CertUtils.readPubKey(buf, RSA);
+        }
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            CertUtils.writePubKeyContentsIntoBuffer(pk, RSA, buf);
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return CertUtils.isCertificateOfType(key, RSA);
+        }
+    },
+
+    /** Signed dsa certificate */
+    DSA_CERT("ssh-dss-cert-v01@openssh.com") {
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
+                throws GeneralSecurityException {
+            return CertUtils.readPubKey(buf, DSA);
+        }
+
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            CertUtils.writePubKeyContentsIntoBuffer(pk, DSA, buf);
+        }
+
+        @Override
+        protected boolean isMyType(Key key) {
+            return CertUtils.isCertificateOfType(key, DSA);
+        }
+    },
+
+    /** Unrecognized */
+    UNKNOWN("unknown") {
+        @Override
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
+                throws GeneralSecurityException {
+            throw new UnsupportedOperationException("Don't know how to decode key:" + sType);
         }
 
         @Override
@@ -102,24 +255,31 @@ public enum KeyType {
             throw new UnsupportedOperationException("Don't know how to encode key: " + pk);
         }
 
+        @Override
+        protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
+            throw new UnsupportedOperationException("Don't know how to encode key: " + pk);
+        }
+
         @Override
         protected boolean isMyType(Key key) {
             return false;
         }
-
     };
 
-
     protected final String sType;
 
     private KeyType(String type) {
         this.sType = type;
     }
 
-    public abstract PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+    public abstract PublicKey readPubKeyFromBuffer(Buffer<?> buf)
             throws GeneralSecurityException;
 
-    public abstract void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf);
+    protected abstract void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf);
+
+    public void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf) {
+        writePubKeyContentsIntoBuffer(pk, buf.putString(sType));
+    }
 
     protected abstract boolean isMyType(Key key);
 
@@ -142,4 +302,128 @@ public enum KeyType {
         return sType;
     }
 
-}
+    static class CertUtils {
+
+        @SuppressWarnings("unchecked")
+        static <T extends PublicKey> Certificate<T> readPubKey(Buffer<?> buf, KeyType innerKeyType) throws GeneralSecurityException {
+            Certificate.Builder<T> builder = Certificate.getBuilder();
+
+            try {
+                builder.nonce(buf.readBytes());
+                builder.publicKey((T) innerKeyType.readPubKeyFromBuffer(buf));
+                builder.serial(buf.readUInt64AsBigInteger());
+                builder.type(buf.readUInt32());
+                builder.id(buf.readString());
+                builder.validPrincipals(unpackList(buf.readBytes()));
+                builder.validAfter(dateFromEpoch(buf.readUInt64()));
+                builder.validBefore(dateFromEpoch(buf.readUInt64()));
+                builder.critOptions(unpackMap(buf.readBytes()));
+                builder.extensions(unpackMap(buf.readBytes()));
+                buf.readString(); // reserved
+                builder.signatureKey(buf.readBytes());
+                builder.signature(buf.readBytes());
+            } catch (Buffer.BufferException be) {
+                throw new GeneralSecurityException(be);
+            }
+
+            return builder.build();
+        }
+
+        static void writePubKeyContentsIntoBuffer(PublicKey publicKey, KeyType innerKeyType, Buffer<?> buf) {
+            Certificate<PublicKey> certificate = toCertificate(publicKey);
+            buf.putBytes(certificate.getNonce());
+            innerKeyType.writePubKeyContentsIntoBuffer(certificate.getKey(), buf);
+            buf.putUInt64(certificate.getSerial())
+                .putUInt32(certificate.getType())
+                .putString(certificate.getId())
+                .putBytes(packList(certificate.getValidPrincipals()))
+                .putUInt64(epochFromDate(certificate.getValidAfter()))
+                .putUInt64(epochFromDate(certificate.getValidBefore()))
+                .putBytes(packMap(certificate.getCritOptions()))
+                .putBytes(packMap(certificate.getExtensions()))
+                .putString("") // reserved
+                .putBytes(certificate.getSignatureKey())
+                .putBytes(certificate.getSignature());
+        }
+
+        static boolean isCertificateOfType(Key key, KeyType innerKeyType) {
+            if (!(key instanceof Certificate)) {
+                return false;
+            }
+            @SuppressWarnings("unchecked")
+            Key innerKey = ((Certificate<PublicKey>) key).getKey();
+            return innerKeyType.isMyType(innerKey);
+        }
+
+        @SuppressWarnings("unchecked")
+        static Certificate<PublicKey> toCertificate(PublicKey key) {
+            if (!(key instanceof Certificate)) {
+                throw new UnsupportedOperationException("Can't convert non-certificate key " +
+                        key.getAlgorithm() + " to certificate");
+            }
+            return ((Certificate<PublicKey>) key);
+        }
+
+        private static Date dateFromEpoch(long seconds) {
+            return new Date(seconds * 1000);
+        }
+
+        private static long epochFromDate(Date date) {
+            return date.getTime() / 1000;
+        }
+
+        private static String unpackString(byte[] packedString) throws BufferException {
+            if (packedString.length == 0) {
+                return "";
+            }
+            return new Buffer.PlainBuffer(packedString).readString();
+        }
+
+        private static List<String> unpackList(byte[] packedString) throws BufferException {
+            List<String> list = new ArrayList<String>();
+            Buffer<?> buf = new Buffer.PlainBuffer(packedString);
+            while (buf.available() > 0) {
+                list.add(buf.readString());
+            }
+            return list;
+        }
+
+        private static Map<String, String> unpackMap(byte[] packedString) throws BufferException {
+            Map<String, String> map = new LinkedHashMap<String, String>();
+            Buffer<?> buf = new Buffer.PlainBuffer(packedString);
+            while (buf.available() > 0) {
+                String name = buf.readString();
+                String data = unpackString(buf.readStringAsBytes());
+                map.put(name, data);
+            }
+            return map;
+        }
+
+        private static byte[] packString(String data) {
+            if (data == null || data.isEmpty()) {
+                return "".getBytes();
+            }
+            return new Buffer.PlainBuffer().putString(data).getCompactData();
+        }
+
+        private static byte[] packList(Iterable<String> strings) {
+            Buffer<?> buf = new Buffer.PlainBuffer();
+            for (String string : strings) {
+                buf.putString(string);
+            }
+            return buf.getCompactData();
+        }
+
+        private static byte[] packMap(Map<String, String> map) {
+            Buffer<?> buf = new Buffer.PlainBuffer();
+            List<String> keys = new ArrayList<String>(map.keySet());
+            Collections.sort(keys);
+            for (String key : keys) {
+                buf.putString(key);
+                String value = map.get(key);
+                buf.putString(packString(value));
+            }
+            return buf.getCompactData();
+        }
+    }
+}

src/main/java/net/schmizz/sshj/common/LoggerFactory.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+import org.slf4j.Logger;
+
+public interface LoggerFactory {
+    Logger getLogger(String name);
+    Logger getLogger(Class<?> clazz);
+
+    /**
+     * Default SLF4J-based implementation of the SSHJ LoggerFactory.
+     */
+    LoggerFactory DEFAULT = new LoggerFactory() {
+        @Override
+        public Logger getLogger(String name) {
+            return org.slf4j.LoggerFactory.getLogger(name);
+        }
+
+        @Override
+        public Logger getLogger(Class<?> clazz) {
+            return org.slf4j.LoggerFactory.getLogger(clazz);
+        }
+    };
+}

src/main/java/net/schmizz/sshj/common/Message.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@ public enum Message {
 
     KEXDH_INIT(30),
 
-    /** { KEXDH_REPLY, KEXDH_GEX_GROUP } */
+    /** { KEXDH_REPLY, KEXDH_GEX_GROUP, SSH_MSG_KEX_ECDH_REPLY } */
     KEXDH_31(31),
 
     KEX_DH_GEX_INIT(32),
@@ -46,6 +46,9 @@ public enum Message {
     USERAUTH_60(60),
     USERAUTH_INFO_RESPONSE(61),
 
+    USERAUTH_GSSAPI_EXCHANGE_COMPLETE(63),
+    USERAUTH_GSSAPI_MIC(66),
+
     GLOBAL_REQUEST(80),
     REQUEST_SUCCESS(81),
     REQUEST_FAILURE(82),

src/main/java/net/schmizz/sshj/common/SSHException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,26 +12,6 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 

src/main/java/net/schmizz/sshj/common/SSHPacket.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,32 +12,12 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
 import java.util.Arrays;
 
-public class SSHPacket
+public final class SSHPacket
         extends Buffer<SSHPacket> {
 
     public SSHPacket() {
@@ -75,7 +55,8 @@ public class SSHPacket
      *
      * @return the message identifier
      */
-    public Message readMessageID() {
+    public Message readMessageID()
+            throws BufferException {
         return Message.fromByte(readByte());
     }
 

src/main/java/net/schmizz/sshj/common/SSHPacketHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/net/schmizz/sshj/common/SSHRuntimeException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,26 +12,6 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
@@ -54,7 +34,7 @@ public class SSHRuntimeException
     }
 
     public SSHRuntimeException(Throwable cause) {
-        this(null, cause);
+        this(cause.getMessage(), cause);
     }
 
 }

src/main/java/net/schmizz/sshj/common/SecurityUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,30 +12,9 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.common;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,38 +22,19 @@ import javax.crypto.Cipher;
 import javax.crypto.KeyAgreement;
 import javax.crypto.Mac;
 import javax.crypto.NoSuchPaddingException;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Signature;
+import java.security.*;
 
-// TODO refactor
+import static java.lang.String.format;
 
-/** Static utility method relating to security facilities. */
+/**
+ * Static utility method relating to security facilities.
+ */
 public class SecurityUtils {
-
-    private static class BouncyCastleRegistration {
-        public void run()
-                throws Exception {
-            if (java.security.Security.getProvider(BOUNCY_CASTLE) == null) {
-                LOG.info("Trying to register BouncyCastle as a JCE provider");
-                java.security.Security.addProvider(new BouncyCastleProvider());
-                MessageDigest.getInstance("MD5", BOUNCY_CASTLE);
-                KeyAgreement.getInstance("DH", BOUNCY_CASTLE);
-                LOG.info("Registration succeeded");
-            } else
-                LOG.info("BouncyCastle already registered as a JCE provider");
-            securityProvider = BOUNCY_CASTLE;
-        }
-    }
-
     private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class);
 
-    /** Identifier for the BouncyCastle JCE provider */
+    /**
+     * Identifier for the BouncyCastle JCE provider
+     */
     public static final String BOUNCY_CASTLE = "BC";
 
     /*
@@ -86,6 +46,42 @@ public class SecurityUtils {
     private static Boolean registerBouncyCastle;
     private static boolean registrationDone;
 
+    public static boolean registerSecurityProvider(String providerClassName) {
+        Provider provider = null;
+        try {
+            Class<?> name = Class.forName(providerClassName);
+            provider = (Provider) name.newInstance();
+        } catch (ClassNotFoundException e) {
+            LOG.info("Security Provider class '{}' not found", providerClassName);
+        } catch (InstantiationException e) {
+            LOG.info("Security Provider class '{}' could not be created", providerClassName);
+        } catch (IllegalAccessException e) {
+            LOG.info("Security Provider class '{}' could not be accessed", providerClassName);
+        }
+
+        if (provider == null) {
+            return false;
+        }
+
+        try {
+            if (Security.getProvider(provider.getName()) == null) {
+                Security.addProvider(provider);
+            }
+
+            if (securityProvider == null) {
+                MessageDigest.getInstance("MD5", provider);
+                KeyAgreement.getInstance("DH", provider);
+                setSecurityProvider(provider.getName());
+                return true;
+            }
+        } catch (NoSuchAlgorithmException e) {
+            LOG.info(format("Security Provider '%s' does not support necessary algorithm", providerClassName), e);
+        } catch (Exception e) {
+            LOG.info(format("Registration of Security Provider '%s' unexpectedly failed", providerClassName), e);
+        }
+        return false;
+    }
+
     public static synchronized Cipher getCipher(String transformation)
             throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
         register();
@@ -99,9 +95,7 @@ public class SecurityUtils {
      * Computes the fingerprint for a public key, in the standard SSH format, e.g. "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"
      *
      * @param key the public key
-     *
      * @return the fingerprint
-     *
      * @see <a href="http://tools.ietf.org/html/draft-friedl-secsh-fingerprint-00">specification</a>
      */
     public static String getFingerprint(PublicKey key) {
@@ -124,9 +118,7 @@ public class SecurityUtils {
      * Creates a new instance of {@link KeyAgreement} with the given algorithm.
      *
      * @param algorithm key agreement algorithm
-     *
      * @return new instance
-     *
      * @throws NoSuchAlgorithmException
      * @throws NoSuchProviderException
      */
@@ -143,9 +135,7 @@ public class SecurityUtils {
      * Creates a new instance of {@link KeyFactory} with the given algorithm.
      *
      * @param algorithm key factory algorithm e.g. RSA, DSA
-     *
      * @return new instance
-     *
      * @throws NoSuchAlgorithmException
      * @throws NoSuchProviderException
      */
@@ -162,9 +152,7 @@ public class SecurityUtils {
      * Creates a new instance of {@link KeyPairGenerator} with the given algorithm.
      *
      * @param algorithm key pair generator algorithm
-     *
      * @return new instance
-     *
      * @throws NoSuchAlgorithmException
      * @throws NoSuchProviderException
      */
@@ -181,9 +169,7 @@ public class SecurityUtils {
      * Create a new instance of {@link Mac} with the given algorithm.
      *
      * @param algorithm MAC algorithm
-     *
      * @return new instance
-     *
      * @throws NoSuchAlgorithmException
      * @throws NoSuchProviderException
      */
@@ -200,9 +186,7 @@ public class SecurityUtils {
      * Create a new instance of {@link MessageDigest} with the given algorithm.
      *
      * @param algorithm MessageDigest algorithm name
-     *
      * @return new instance
-     *
      * @throws NoSuchAlgorithmException
      * @throws NoSuchProviderException
      */
@@ -262,20 +246,16 @@ public class SecurityUtils {
 
     private static void register() {
         if (!registrationDone) {
-            if (securityProvider == null && (registerBouncyCastle == null || registerBouncyCastle))
-                // Use an inner class to avoid a strong dependency on BouncyCastle
-                try {
-                    new BouncyCastleRegistration().run();
-                } catch (Throwable t) {
-                    if (registerBouncyCastle == null)
-                        LOG.info("BouncyCastle not registered, using the default JCE provider");
-                    else {
-                        LOG.error("Failed to register BouncyCastle as the defaut JCE provider");
-                        throw new SSHRuntimeException("Failed to register BouncyCastle as the defaut JCE provider", t);
-                    }
+            if (securityProvider == null && (registerBouncyCastle == null || registerBouncyCastle)) {
+                registerSecurityProvider("org.bouncycastle.jce.provider.BouncyCastleProvider");
+                if (securityProvider == null && registerBouncyCastle == null) {
+                    LOG.info("BouncyCastle not registered, using the default JCE provider");
+                } else if (securityProvider == null) {
+                    LOG.error("Failed to register BouncyCastle as the defaut JCE provider");
+                    throw new SSHRuntimeException("Failed to register BouncyCastle as the defaut JCE provider");
                 }
+            }
             registrationDone = true;
         }
     }
-
-}
+}

src/main/java/net/schmizz/sshj/common/StreamCopier.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,127 +15,148 @@
  */
 package net.schmizz.sshj.common;
 
+import net.schmizz.concurrent.Event;
+import net.schmizz.concurrent.ExceptionChainer;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
-import java.io.Closeable;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
-public class StreamCopier
-        extends Thread {
-
-    private static final Logger LOG = LoggerFactory.getLogger(StreamCopier.class);
-
-    public interface ErrorCallback {
-        void onError(IOException ioe);
-    }
-
-    public static ErrorCallback closeOnErrorCallback(final Closeable... toClose) {
-        return new ErrorCallback() {
-            @Override
-            public void onError(IOException ioe) {
-                IOUtils.closeQuietly(toClose);
-            }
-        };
-    }
+public class StreamCopier {
 
     public interface Listener {
-        void reportProgress(long transferred);
+
+        void reportProgress(long transferred)
+                throws IOException;
+
     }
 
-    public static long copy(InputStream in, OutputStream out, int bufSize, boolean keepFlushing, Listener listener)
-            throws IOException {
-        long count = 0;
+    private static final Listener NULL_LISTENER = new Listener() {
+        @Override
+        public void reportProgress(long transferred) {
+        }
+    };
+
+    private final LoggerFactory loggerFactory;
+    private final Logger log;
+    private final InputStream in;
+    private final OutputStream out;
+
+    private Listener listener = NULL_LISTENER;
+
+    private int bufSize = 1;
+    private boolean keepFlushing = true;
+    private long length = -1;
+
+    public StreamCopier(InputStream in, OutputStream out, LoggerFactory loggerFactory) {
+        this.in = in;
+        this.out = out;
+        this.loggerFactory = loggerFactory;
+        this.log = loggerFactory.getLogger(getClass());
+    }
+
+    public StreamCopier bufSize(int bufSize) {
+        this.bufSize = bufSize;
+        return this;
+    }
+
+    public StreamCopier keepFlushing(boolean keepFlushing) {
+        this.keepFlushing = keepFlushing;
+        return this;
+    }
+
+    public StreamCopier listener(Listener listener) {
+        if (listener == null) {
+            this.listener = NULL_LISTENER;
+        } else {
+            this.listener = listener;
+        }
+        return this;
+    }
+
+    public StreamCopier length(long length) {
+        this.length = length;
+        return this;
+    }
+
+    public Event<IOException> spawn(String name) {
+        return spawn(name, false);
+    }
+
+    public Event<IOException> spawnDaemon(String name) {
+        return spawn(name, true);
+    }
+
+    private Event<IOException> spawn(final String name, final boolean daemon) {
+        final Event<IOException> doneEvent =
+                new Event<IOException>("copyDone", new ExceptionChainer<IOException>() {
+                    @Override
+                    public IOException chain(Throwable t) {
+                        return (t instanceof IOException) ? (IOException) t : new IOException(t);
+                    }
+                }, loggerFactory);
+
+        new Thread() {
+            {
+                setName(name);
+                setDaemon(daemon);
+            }
+
+            @Override
+            public void run() {
+                try {
+                    log.debug("Will copy from {} to {}", in, out);
+                    copy();
+                    log.debug("Done copying from {}", in);
+                    doneEvent.set();
+                } catch (IOException ioe) {
+                    log.error(String.format("In pipe from %1$s to %2$s", in.toString(), out.toString()), ioe);
+                    doneEvent.deliverError(ioe);
+                }
+            }
+        }.start();
+        return doneEvent;
+    }
+
+    public long copy()
+            throws IOException {
+        final byte[] buf = new byte[bufSize];
+        long count = 0;
+        int read = 0;
 
-        final boolean reportProgress = listener != null;
         final long startTime = System.currentTimeMillis();
 
-        final byte[] buf = new byte[bufSize];
-        int read;
-        while ((read = in.read(buf)) != -1) {
-            out.write(buf, 0, read);
-            count += read;
-            if (keepFlushing)
-                out.flush();
-            if (reportProgress)
-                listener.reportProgress(count);
+        if (length == -1) {
+            while ((read = in.read(buf)) != -1) {
+                count += write(buf, count, read);
+            }
+        } else {
+            while (count < length && (read = in.read(buf, 0, (int) Math.min(bufSize, length - count))) != -1) {
+                count += write(buf, count, read);
+            }
         }
+
         if (!keepFlushing)
             out.flush();
 
-        final double sizeKiB = count / 1024.0;
         final double timeSeconds = (System.currentTimeMillis() - startTime) / 1000.0;
-        LOG.info(sizeKiB + " KiB transferred  in {} seconds ({} KiB/s)", timeSeconds, (sizeKiB / timeSeconds));
+        final double sizeKiB = count / 1024.0;
+        log.debug(String.format("%1$,.1f KiB transferred in %2$,.1f seconds (%3$,.2f KiB/s)", sizeKiB, timeSeconds, (sizeKiB / timeSeconds)));
+
+        if (length != -1 && read == -1)
+            throw new IOException("Encountered EOF, could not transfer " + length + " bytes");
 
         return count;
     }
 
-    public static long copy(InputStream in, OutputStream out, int bufSize, boolean keepFlushing)
+    private long write(byte[] buf, long curPos, int len)
             throws IOException {
-        return copy(in, out, bufSize, keepFlushing, null);
+        out.write(buf, 0, len);
+        if (keepFlushing)
+            out.flush();
+        listener.reportProgress(curPos + len);
+        return len;
     }
 
-    public static String copyStreamToString(InputStream stream)
-            throws IOException {
-        final StringBuilder sb = new StringBuilder();
-        int read;
-        while ((read = stream.read()) != -1)
-            sb.append((char) read);
-        return sb.toString();
-    }
-
-    private final Logger log = LoggerFactory.getLogger(getClass());
-
-    private final InputStream in;
-    private final OutputStream out;
-
-    private int bufSize = 1;
-    private boolean keepFlushing = true;
-
-    private ErrorCallback errCB = new ErrorCallback() {
-        @Override
-        public void onError(IOException ioe) {
-        }
-    }; // Default null cb
-
-    public StreamCopier(String name, InputStream in, OutputStream out) {
-        this.in = in;
-        this.out = out;
-        setName(name);
-    }
-
-    public StreamCopier bufSize(int size) {
-        bufSize = size;
-        return this;
-    }
-
-    public StreamCopier keepFlushing(boolean choice) {
-        keepFlushing = choice;
-        return this;
-    }
-
-    public StreamCopier daemon(boolean choice) {
-        setDaemon(choice);
-        return this;
-    }
-
-    public StreamCopier errorCallback(ErrorCallback errCB) {
-        this.errCB = errCB;
-        return this;
-    }
-
-    @Override
-    public void run() {
-        try {
-            log.debug("Wil pipe from {} to {}", in, out);
-            copy(in, out, bufSize, keepFlushing);
-            log.debug("EOF on {}", in);
-        } catch (IOException ioe) {
-            log.error("In pipe from {} to {}: " + ioe.toString(), in, out);
-            errCB.onError(ioe);
-        }
-    }
-
-}
+}

src/main/java/net/schmizz/sshj/connection/Connection.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,8 @@
  */
 package net.schmizz.sshj.connection;
 
-import net.schmizz.concurrent.Future;
+import net.schmizz.concurrent.Promise;
+import net.schmizz.keepalive.KeepAlive;
 import net.schmizz.sshj.common.SSHPacket;
 import net.schmizz.sshj.connection.channel.Channel;
 import net.schmizz.sshj.connection.channel.OpenFailException;
@@ -89,13 +90,13 @@ public interface Connection {
      * @param wantReply whether a reply is requested
      * @param specifics {@link SSHPacket} containing fields specific to the request
      *
-     * @return a {@link Future} for the reply data (in case {@code wantReply} is true) which allows waiting on the
-     *         reply, or {@code null} if a reply is not requested.
+     * @return a {@link net.schmizz.concurrent.Promise} for the reply data (in case {@code wantReply} is true) which
+     *         allows waiting on the reply, or {@code null} if a reply is not requested.
      *
      * @throws TransportException if there is an error sending the request
      */
-    public Future<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
-                                                                    byte[] specifics)
+    public Promise<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
+                                                                     byte[] specifics)
             throws TransportException;
 
     /**
@@ -125,29 +126,34 @@ public interface Connection {
     void setMaxPacketSize(int maxPacketSize);
 
     /** @return the size for the local window this connection recommends to any {@link Channel}'s that ask for it. */
-    int getWindowSize();
+    long getWindowSize();
 
     /**
      * Set the size for the local window this connection recommends to any {@link Channel}'s that ask for it.
      *
      * @param windowSize window size in bytes
      */
-    void setWindowSize(int windowSize);
+    void setWindowSize(long windowSize);
 
     /** @return the associated {@link Transport}. */
     Transport getTransport();
 
     /**
-     * @return the {@code timeout} in seconds that this connection uses for blocking operations and recommends to any
-     *         {@link Channel other} {@link ForwardedChannelOpener classes} that ask for it.
+     * @return the {@code timeout} in milliseconds that this connection uses for blocking operations and recommends to
+     *         any {@link Channel other} {@link ForwardedChannelOpener classes} that ask for it.
      */
-    int getTimeout();
+    int getTimeoutMs();
 
     /**
      * Set the {@code timeout} this connection uses for blocking operations and recommends to any {@link Channel other}
      * {@link ForwardedChannelOpener classes} that ask for it.
      *
-     * @param timeout timeout in seconds
+     * @param timeout timeout in milliseconds
      */
-    void setTimeout(int timeout);
-}
+    void setTimeoutMs(int timeout);
+
+    /**
+     * @return The configured {@link net.schmizz.keepalive.KeepAlive} mechanism.
+     */
+    KeepAlive getKeepAlive();
+}

src/main/java/net/schmizz/sshj/connection/ConnectionException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/net/schmizz/sshj/connection/ConnectionImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,22 +15,18 @@
  */
 package net.schmizz.sshj.connection;
 
-import net.schmizz.concurrent.Future;
-import net.schmizz.concurrent.FutureUtils;
+import net.schmizz.concurrent.ErrorDeliveryUtil;
+import net.schmizz.concurrent.Promise;
+import net.schmizz.keepalive.KeepAlive;
+import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.AbstractService;
-import net.schmizz.sshj.common.DisconnectReason;
-import net.schmizz.sshj.common.ErrorNotifiable;
-import net.schmizz.sshj.common.Message;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.channel.Channel;
-import net.schmizz.sshj.connection.channel.OpenFailException;
 import net.schmizz.sshj.connection.channel.OpenFailException.Reason;
 import net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener;
 import net.schmizz.sshj.transport.Transport;
 import net.schmizz.sshj.transport.TransportException;
 
-import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.Map;
 import java.util.Queue;
@@ -50,23 +46,31 @@ public class ConnectionImpl
 
     private final Map<String, ForwardedChannelOpener> openers = new ConcurrentHashMap<String, ForwardedChannelOpener>();
 
-    private final Queue<Future<SSHPacket, ConnectionException>> globalReqFutures = new LinkedList<Future<SSHPacket, ConnectionException>>();
+    private final Queue<Promise<SSHPacket, ConnectionException>> globalReqPromises = new LinkedList<Promise<SSHPacket, ConnectionException>>();
 
-    private int windowSize = 2048 * 1024;
+    /** {@code keep-alive} mechanism */
+    private final KeepAlive keepAlive;
+
+    private long windowSize = 2048 * 1024;
     private int maxPacketSize = 32 * 1024;
 
+    private volatile int timeoutMs;
+
     /**
      * Create with an associated {@link Transport}.
      *
      * @param trans transport layer
+     * @param keepAlive the keep alive provider
      */
-    public ConnectionImpl(Transport trans) {
+    public ConnectionImpl(Transport trans, KeepAliveProvider keepAlive) {
         super("ssh-connection", trans);
+        timeoutMs = trans.getTimeoutMs();
+        this.keepAlive = keepAlive.provide(this);
     }
 
     @Override
     public void attach(Channel chan) {
-        log.info("Attaching `{}` channel (#{})", chan.getType(), chan.getID());
+        log.debug("Attaching `{}` channel (#{})", chan.getType(), chan.getID());
         channels.put(chan.getID(), chan);
     }
 
@@ -82,7 +86,7 @@ public class ConnectionImpl
 
     @Override
     public void forget(Channel chan) {
-        log.info("Forgetting `{}` channel (#{})", chan.getType(), chan.getID());
+        log.debug("Forgetting `{}` channel (#{})", chan.getType(), chan.getID());
         channels.remove(chan.getID());
         synchronized (internalSynchronizer) {
             if (channels.isEmpty())
@@ -92,36 +96,39 @@ public class ConnectionImpl
 
     @Override
     public void forget(ForwardedChannelOpener opener) {
-        log.info("Forgetting opener for `{}` channels: {}", opener.getChannelType(), opener);
+        log.debug("Forgetting opener for `{}` channels: {}", opener.getChannelType(), opener);
         openers.remove(opener.getChannelType());
     }
 
     @Override
     public void attach(ForwardedChannelOpener opener) {
-        log.info("Attaching opener for `{}` channels: {}", opener.getChannelType(), opener);
+        log.debug("Attaching opener for `{}` channels: {}", opener.getChannelType(), opener);
         openers.put(opener.getChannelType(), opener);
     }
 
     private Channel getChannel(SSHPacket buffer)
             throws ConnectionException {
-        int recipient = buffer.readInt();
-        Channel channel = get(recipient);
-        if (channel != null)
-            return channel;
-        else {
-            buffer.rpos(buffer.rpos() - 5);
-            throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Received " + buffer.readMessageID()
-                                                                           + " on unknown channel #" + recipient);
+        try {
+            final int recipient = buffer.readUInt32AsInt();
+            final Channel channel = get(recipient);
+            if (channel != null)
+                return channel;
+            else {
+                buffer.rpos(buffer.rpos() - 5);
+                throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR,
+                                              "Received " + buffer.readMessageID() + " on unknown channel #" + recipient);
+            }
+        } catch (Buffer.BufferException be) {
+            throw new ConnectionException(be);
         }
     }
 
     @Override
     public void handle(Message msg, SSHPacket buf)
             throws SSHException {
-        if (msg.in(91, 100))
+        if (msg.in(91, 100)) {
             getChannel(buf).handle(msg, buf);
-
-        else if (msg.in(80, 90))
+        } else if (msg.in(80, 90)) {
             switch (msg) {
                 case REQUEST_SUCCESS:
                     gotGlobalReqResponse(buf);
@@ -134,23 +141,11 @@ public class ConnectionImpl
                     break;
                 default:
                     super.handle(msg, buf);
+                    break;
             }
-
-        else
+        } else {
             super.handle(msg, buf);
-    }
-
-    @Override
-    public void notifyError(SSHException error) {
-        super.notifyError(error);
-
-        synchronized (globalReqFutures) {
-            FutureUtils.alertAll(error, globalReqFutures);
-            globalReqFutures.clear();
         }
-
-        ErrorNotifiable.Util.alertAll(error, channels.values());
-        channels.clear();
     }
 
     @Override
@@ -169,21 +164,21 @@ public class ConnectionImpl
     }
 
     @Override
-    public int getWindowSize() {
+    public long getWindowSize() {
         return windowSize;
     }
 
     @Override
-    public void setWindowSize(int windowSize) {
+    public void setWindowSize(long windowSize) {
         this.windowSize = windowSize;
     }
 
     @Override
-    public void join()
-            throws InterruptedException {
+    public void join() throws InterruptedException {
         synchronized (internalSynchronizer) {
-            while (!channels.isEmpty())
+            while (!channels.isEmpty()) {
                 internalSynchronizer.wait();
+            }
         }
     }
 
@@ -193,46 +188,53 @@ public class ConnectionImpl
     }
 
     @Override
-    public Future<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
-                                                                    byte[] specifics)
+    public Promise<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
+                                                                     byte[] specifics)
             throws TransportException {
-        synchronized (globalReqFutures) {
-            log.info("Making global request for `{}`", name);
+        synchronized (globalReqPromises) {
+            log.debug("Making global request for `{}`", name);
             trans.write(new SSHPacket(Message.GLOBAL_REQUEST).putString(name)
-                    .putBoolean(wantReply).putRawBytes(specifics));
+                                                             .putBoolean(wantReply)
+                                                             .putRawBytes(specifics));
 
-            Future<SSHPacket, ConnectionException> future = null;
+            Promise<SSHPacket, ConnectionException> promise = null;
             if (wantReply) {
-                future = new Future<SSHPacket, ConnectionException>("global req for " + name, ConnectionException.chainer);
-                globalReqFutures.add(future);
+                promise = new Promise<SSHPacket, ConnectionException>("global req for " + name, ConnectionException.chainer, trans.getConfig().getLoggerFactory());
+                globalReqPromises.add(promise);
             }
-            return future;
+            return promise;
         }
     }
 
     private void gotGlobalReqResponse(SSHPacket response)
             throws ConnectionException {
-        synchronized (globalReqFutures) {
-            Future<SSHPacket, ConnectionException> gr = globalReqFutures.poll();
-            if (gr == null)
+        synchronized (globalReqPromises) {
+            Promise<SSHPacket, ConnectionException> gr = globalReqPromises.poll();
+            if (gr == null) {
                 throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR,
-                                              "Got a global request response when none was requested");
-            else if (response == null)
-                gr.error(new ConnectionException("Global request [" + gr + "] failed"));
-            else
-                gr.set(response);
+                        "Got a global request response when none was requested");
+            } else if (response == null) {
+                gr.deliverError(new ConnectionException("Global request [" + gr + "] failed"));
+            } else {
+                // To prevent a race condition, copy the packet before delivering, as it will be handled in a different thread.
+                gr.deliver(new SSHPacket(response));
+            }
         }
     }
 
     private void gotChannelOpen(SSHPacket buf)
             throws ConnectionException, TransportException {
-        final String type = buf.readString();
-        log.debug("Received CHANNEL_OPEN for `{}` channel", type);
-        if (openers.containsKey(type))
-            openers.get(type).handleOpen(buf);
-        else {
-            log.warn("No opener found for `{}` CHANNEL_OPEN request -- rejecting", type);
-            sendOpenFailure(buf.readInt(), OpenFailException.Reason.UNKNOWN_CHANNEL_TYPE, "");
+        try {
+            final String type = buf.readString();
+            log.debug("Received CHANNEL_OPEN for `{}` channel", type);
+            if (openers.containsKey(type))
+                openers.get(type).handleOpen(buf);
+            else {
+                log.warn("No opener found for `{}` CHANNEL_OPEN request -- rejecting", type);
+                sendOpenFailure(buf.readUInt32AsInt(), Reason.UNKNOWN_CHANNEL_TYPE, "");
+            }
+        } catch (Buffer.BufferException be) {
+            throw new ConnectionException(be);
         }
     }
 
@@ -240,18 +242,36 @@ public class ConnectionImpl
     public void sendOpenFailure(int recipient, Reason reason, String message)
             throws TransportException {
         trans.write(new SSHPacket(Message.CHANNEL_OPEN_FAILURE)
-                .putInt(recipient)
-                .putInt(reason.getCode())
-                .putString(message));
+                            .putUInt32(recipient)
+                            .putUInt32(reason.getCode())
+                            .putString(message));
     }
 
     @Override
-    public void notifyDisconnect()
-            throws SSHException {
-        super.notifyDisconnect();
-        final ConnectionException ex = new ConnectionException("Disconnected.");
-        FutureUtils.alertAll(ex, globalReqFutures);
-        ErrorNotifiable.Util.alertAll(ex, new HashSet<Channel>(channels.values()));
+    public void notifyError(SSHException error) {
+        super.notifyError(error);
+        synchronized (globalReqPromises) {
+            ErrorDeliveryUtil.alertPromises(error, globalReqPromises);
+            globalReqPromises.clear();
+        }
+        keepAlive.interrupt();
+        ErrorNotifiable.Util.alertAll(error, channels.values());
+        channels.clear();
     }
 
-}
+    @Override
+    public void setTimeoutMs(int timeoutMs) {
+        this.timeoutMs = timeoutMs;
+    }
+
+    @Override
+    public int getTimeoutMs() {
+        return timeoutMs;
+    }
+
+    @Override
+    public KeepAlive getKeepAlive() {
+        return keepAlive;
+    }
+
+}

src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,47 +12,21 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.connection.channel;
 
+import net.schmizz.concurrent.ErrorDeliveryUtil;
 import net.schmizz.concurrent.Event;
-import net.schmizz.concurrent.FutureUtils;
-import net.schmizz.sshj.common.Buffer;
-import net.schmizz.sshj.common.ByteArrayUtils;
-import net.schmizz.sshj.common.DisconnectReason;
-import net.schmizz.sshj.common.IOUtils;
-import net.schmizz.sshj.common.Message;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.Connection;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.transport.Transport;
 import net.schmizz.sshj.transport.TransportException;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.Charset;
 import java.util.LinkedList;
 import java.util.Queue;
 import java.util.concurrent.TimeUnit;
@@ -61,8 +35,11 @@ import java.util.concurrent.locks.ReentrantLock;
 public abstract class AbstractChannel
         implements Channel {
 
+    private static final int REMOTE_MAX_PACKET_SIZE_CEILING = 1024 * 1024;
+
     /** Logger */
-    protected final Logger log = LoggerFactory.getLogger(getClass());
+    protected final LoggerFactory loggerFactory;
+    protected final Logger log;
 
     /** Transport layer */
     protected final Transport trans;
@@ -75,19 +52,20 @@ public abstract class AbstractChannel
     private final int id;
     /** Remote recipient ID */
     private int recipient;
+    /** Remote character set */
+    private final Charset remoteCharset;
+
+    private boolean eof = false;
 
     private final Queue<Event<ConnectionException>> chanReqResponseEvents = new LinkedList<Event<ConnectionException>>();
 
     /* The lock used by to create the open & close events */
-    private final ReentrantLock lock = new ReentrantLock();
+    private final ReentrantLock openCloseLock = new ReentrantLock();
     /** Channel open event */
-    protected final Event<ConnectionException> open;
+    protected final Event<ConnectionException> openEvent;
     /** Channel close event */
-    protected final Event<ConnectionException> close;
-
-    /* Access to these fields should be synchronized using this object */
-    private boolean eofSent;
-    private boolean eofGot;
+    protected final Event<ConnectionException> closeEvent;
+    /** Whether we have already sent a CHANNEL_CLOSE request to the server */
     private boolean closeRequested;
 
     /** Local window */
@@ -103,24 +81,30 @@ public abstract class AbstractChannel
     private volatile boolean autoExpand = false;
 
     protected AbstractChannel(Connection conn, String type) {
+        this(conn, type, null);
+    }
+    protected AbstractChannel(Connection conn, String type, Charset remoteCharset) {
         this.conn = conn;
+        this.loggerFactory = conn.getTransport().getConfig().getLoggerFactory();
         this.type = type;
+        this.log = loggerFactory.getLogger(getClass());
         this.trans = conn.getTransport();
 
+        this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8;
         id = conn.nextID();
 
-        lwin = new Window.Local(conn.getWindowSize(), conn.getMaxPacketSize());
+        lwin = new Window.Local(conn.getWindowSize(), conn.getMaxPacketSize(), loggerFactory);
         in = new ChannelInputStream(this, trans, lwin);
 
-        open = new Event<ConnectionException>("chan#" + id + " / " + "open", ConnectionException.chainer, lock);
-        close = new Event<ConnectionException>("chan#" + id + " / " + "close", ConnectionException.chainer, lock);
+        openEvent = new Event<ConnectionException>("chan#" + id + " / " + "open", ConnectionException.chainer, openCloseLock, loggerFactory);
+        closeEvent = new Event<ConnectionException>("chan#" + id + " / " + "close", ConnectionException.chainer, openCloseLock, loggerFactory);
     }
 
-    protected void init(int recipient, int remoteWinSize, int remoteMaxPacketSize) {
+    protected void init(int recipient, long remoteWinSize, long remoteMaxPacketSize) {
         this.recipient = recipient;
-        rwin = new Window.Remote(remoteWinSize, remoteMaxPacketSize);
+        rwin = new Window.Remote(remoteWinSize, (int) Math.min(remoteMaxPacketSize, REMOTE_MAX_PACKET_SIZE_CEILING), loggerFactory);
         out = new ChannelOutputStream(this, trans, rwin);
-        log.info("Initialized - {}", this);
+        log.debug("Initialized - {}", this);
     }
 
     @Override
@@ -144,7 +128,7 @@ public abstract class AbstractChannel
     }
 
     @Override
-    public int getLocalWinSize() {
+    public long getLocalWinSize() {
         return lwin.getSize();
     }
 
@@ -158,13 +142,18 @@ public abstract class AbstractChannel
         return recipient;
     }
 
+    @Override
+    public Charset getRemoteCharset() {
+        return remoteCharset;
+    }
+
     @Override
     public int getRemoteMaxPacketSize() {
         return rwin.getMaxPacketSize();
     }
 
     @Override
-    public int getRemoteWinSize() {
+    public long getRemoteWinSize() {
         return rwin.getSize();
     }
 
@@ -183,11 +172,11 @@ public abstract class AbstractChannel
                 break;
 
             case CHANNEL_EXTENDED_DATA:
-                gotExtendedData(buf.readInt(), buf);
+                gotExtendedData(buf);
                 break;
 
             case CHANNEL_WINDOW_ADJUST:
-                gotWindowAdjustment(buf.readInt());
+                gotWindowAdjustment(buf);
                 break;
 
             case CHANNEL_REQUEST:
@@ -212,13 +201,23 @@ public abstract class AbstractChannel
 
             default:
                 gotUnknown(msg, buf);
-
+                break;
         }
     }
 
+    @Override
+    public boolean isEOF() {
+        return eof;
+    }
+
+    @Override
+    public LoggerFactory getLoggerFactory() {
+        return loggerFactory;
+    }
+
     private void gotClose()
             throws TransportException {
-        log.info("Got close");
+        log.debug("Got close");
         try {
             closeAllStreams();
             sendClose();
@@ -236,11 +235,12 @@ public abstract class AbstractChannel
     public void notifyError(SSHException error) {
         log.debug("Channel #{} got notified of {}", getID(), error.toString());
 
-        FutureUtils.alertAll(error, open, close);
-        FutureUtils.alertAll(error, chanReqResponseEvents);
+        ErrorDeliveryUtil.alertEvents(error, openEvent, closeEvent);
+        ErrorDeliveryUtil.alertEvents(error, chanReqResponseEvents);
 
         in.notifyError(error);
-        out.notifyError(error);
+        if (out != null)
+            out.notifyError(error);
 
         finishOff();
     }
@@ -253,73 +253,96 @@ public abstract class AbstractChannel
     @Override
     public void close()
             throws ConnectionException, TransportException {
-        lock.lock();
+        openCloseLock.lock();
         try {
-            try {
-                sendClose();
-            } catch (TransportException e) {
-                if (!close.hasError())
-                    throw e;
+            if (isOpen()) {
+                try {
+                    sendClose();
+                } catch (TransportException e) {
+                    if (!closeEvent.inError())
+                        throw e;
+                }
+                closeEvent.await(conn.getTimeoutMs(), TimeUnit.MILLISECONDS);
             }
-            close.await(conn.getTimeout(), TimeUnit.SECONDS);
         } finally {
-            lock.unlock();
+            openCloseLock.unlock();
         }
     }
 
     public void join()
             throws ConnectionException {
-        close.await();
+        closeEvent.await();
     }
 
-    protected synchronized void sendClose()
+    public void join(long timeout, TimeUnit unit)
+            throws ConnectionException {
+        closeEvent.await(timeout, unit);
+    }
+
+    protected void sendClose()
             throws TransportException {
+        openCloseLock.lock();
         try {
             if (!closeRequested) {
-                log.info("Sending close");
+                log.debug("Sending close");
                 trans.write(newBuffer(Message.CHANNEL_CLOSE));
             }
         } finally {
             closeRequested = true;
+            openCloseLock.unlock();
         }
     }
 
     @Override
-    public synchronized boolean isOpen() {
-        lock.lock();
+    public boolean isOpen() {
+        openCloseLock.lock();
         try {
-            return open.isSet() && !close.isSet() && !closeRequested;
+            return openEvent.isSet() && !closeEvent.isSet() && !closeRequested;
         } finally {
-            lock.unlock();
+            openCloseLock.unlock();
         }
     }
 
     private void gotChannelRequest(SSHPacket buf)
             throws ConnectionException, TransportException {
-        final String reqType = buf.readString();
-        buf.readBoolean(); // We don't care about the 'want-reply' value
-        log.info("Got chan request for `{}`", reqType);
+        final String reqType;
+        try {
+            reqType = buf.readString();
+            buf.readBoolean(); // We don't care about the 'want-reply' value
+        } catch (Buffer.BufferException be) {
+            throw new ConnectionException(be);
+        }
+        log.debug("Got chan request for `{}`", reqType);
         handleRequest(reqType, buf);
     }
 
-    private void gotWindowAdjustment(int howMuch) {
-        log.info("Received window adjustment for {} bytes", howMuch);
+    private void gotWindowAdjustment(SSHPacket buf)
+            throws ConnectionException {
+        final long howMuch;
+        try {
+            howMuch = buf.readUInt32();
+        } catch (Buffer.BufferException be) {
+            throw new ConnectionException(be);
+        }
+        log.debug("Received window adjustment for {} bytes", howMuch);
         rwin.expand(howMuch);
     }
 
     protected void finishOff() {
         conn.forget(this);
-        close.set();
+        closeEvent.set();
     }
 
-    protected void gotExtendedData(int dataTypeCode, SSHPacket buf)
+    protected void gotExtendedData(SSHPacket buf)
             throws ConnectionException, TransportException {
-        throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Extended data not supported on " + type
-                                                                       + " channel");
+        throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR,
+                                      "Extended data not supported on " + type + " channel");
     }
 
     protected void gotUnknown(Message msg, SSHPacket buf)
             throws ConnectionException, TransportException {
+        log.warn("Got unknown packet with type {}", msg);
+
     }
 
     protected void handleRequest(String reqType, SSHPacket buf)
@@ -328,12 +351,17 @@ public abstract class AbstractChannel
     }
 
     protected SSHPacket newBuffer(Message cmd) {
-        return new SSHPacket(cmd).putInt(recipient);
+        return new SSHPacket(cmd).putUInt32(recipient);
     }
 
     protected void receiveInto(ChannelInputStream stream, SSHPacket buf)
             throws ConnectionException, TransportException {
-        final int len = buf.readInt();
+        final int len;
+        try {
+            len = buf.readUInt32AsInt();
+        } catch (Buffer.BufferException be) {
+            throw new ConnectionException(be);
+        }
         if (len < 0 || len > getLocalMaxPacketSize() || len > buf.available())
             throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Bad item length: " + len);
         if (log.isTraceEnabled())
@@ -341,74 +369,60 @@ public abstract class AbstractChannel
         stream.receive(buf.array(), buf.rpos(), len);
     }
 
-    protected synchronized Event<ConnectionException> sendChannelRequest(String reqType, boolean wantReply,
-                                                                         Buffer.PlainBuffer reqSpecific)
+    protected Event<ConnectionException> sendChannelRequest(String reqType, boolean wantReply,
+                                                            Buffer.PlainBuffer reqSpecific)
             throws TransportException {
-        log.info("Sending channel request for `{}`", reqType);
-        trans.write(
-                newBuffer(Message.CHANNEL_REQUEST)
-                        .putString(reqType)
-                        .putBoolean(wantReply)
-                        .putBuffer(reqSpecific)
-        );
+        log.debug("Sending channel request for `{}`", reqType);
+        synchronized (chanReqResponseEvents) {
+            trans.write(
+                    newBuffer(Message.CHANNEL_REQUEST)
+                            .putString(reqType)
+                            .putBoolean(wantReply)
+                            .putBuffer(reqSpecific)
+            );
 
-        Event<ConnectionException> responseEvent = null;
-        if (wantReply) {
-            responseEvent = new Event<ConnectionException>("chan#" + id + " / " + "chanreq for " + reqType, ConnectionException.chainer, lock);
-            chanReqResponseEvents.add(responseEvent);
+            Event<ConnectionException> responseEvent = null;
+            if (wantReply) {
+                responseEvent = new Event<ConnectionException>("chan#" + id + " / " + "chanreq for " + reqType,
+                                                               ConnectionException.chainer, loggerFactory);
+                chanReqResponseEvents.add(responseEvent);
+            }
+            return responseEvent;
         }
-        return responseEvent;
     }
 
-    private synchronized void gotResponse(boolean success)
+    private void gotResponse(boolean success)
             throws ConnectionException {
-        final Event<ConnectionException> responseEvent = chanReqResponseEvents.poll();
-        if (responseEvent != null) {
-            if (success)
-                responseEvent.set();
-            else
-                responseEvent.error(new ConnectionException("Request failed"));
-        } else
-            throw new ConnectionException(
-                    DisconnectReason.PROTOCOL_ERROR,
-                    "Received response to channel request when none was requested");
+        synchronized (chanReqResponseEvents) {
+            final Event<ConnectionException> responseEvent = chanReqResponseEvents.poll();
+            if (responseEvent != null) {
+                if (success)
+                    responseEvent.set();
+                else
+                    responseEvent.deliverError(new ConnectionException("Request failed"));
+            } else
+                throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR,
+                                              "Received response to channel request when none was requested");
+        }
     }
 
-    private synchronized void gotEOF()
+    private void gotEOF()
             throws TransportException {
-        log.info("Got EOF");
-        eofGot = true;
+        log.debug("Got EOF");
         eofInputStreams();
-        if (eofSent)
-            sendClose();
     }
 
     /** Called when EOF has been received. Subclasses can override but must call super. */
     protected void eofInputStreams() {
         in.eof();
-    }
-
-    @Override
-    public synchronized void sendEOF()
-            throws TransportException {
-        try {
-            if (!closeRequested && !eofSent) {
-                log.info("Sending EOF");
-                trans.write(newBuffer(Message.CHANNEL_EOF));
-                if (eofGot)
-                    sendClose();
-            }
-        } finally {
-            eofSent = true;
-            out.setClosed();
-        }
+        eof = true;
     }
 
     @Override
     public String toString() {
         return "< " + type + " channel: id=" + id + ", recipient=" + recipient + ", localWin=" + lwin + ", remoteWin="
-               + rwin + " >";
+                + rwin + " >";
     }
 
 
-}
+}

src/main/java/net/schmizz/sshj/connection/channel/Channel.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 package net.schmizz.sshj.connection.channel;
 
 import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.common.SSHPacketHandler;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.transport.TransportException;
@@ -23,14 +24,19 @@ import net.schmizz.sshj.transport.TransportException;
 import java.io.Closeable;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.util.concurrent.TimeUnit;
 
-/** A channel is the basic medium for application-layer data on top of an SSH transport. */
-public interface Channel
-        extends Closeable, SSHPacketHandler, ErrorNotifiable {
+/**
+ * A channel is the basic medium for application-layer data on top of an SSH transport.
+ */
+public interface Channel extends Closeable, SSHPacketHandler, ErrorNotifiable {
+
+    /**
+     * Direct channels are those that are initiated by us.
+     */
+    interface Direct extends Channel {
 
-    /** Direct channels are those that are initiated by us. */
-    interface Direct
-            extends Channel {
         /**
          * Request opening this channel from remote end.
          *
@@ -38,27 +44,30 @@ public interface Channel
          * @throws ConnectionException other connection-layer error
          * @throws TransportException  error writing packets etc.
          */
-        void open()
-                throws ConnectionException, TransportException;
+        void open() throws ConnectionException, TransportException;
 
     }
 
-    /** Forwarded channels are those that are initiated by the server. */
-    interface Forwarded
-            extends Channel {
+    /**
+     * Forwarded channels are those that are initiated by the server.
+     */
+    interface Forwarded extends Channel {
 
         /**
          * Confirm {@code CHANNEL_OPEN} request.
          *
          * @throws TransportException error sending confirmation packet
          */
-        void confirm()
-                throws TransportException;
+        void confirm() throws TransportException;
 
-        /** @return the IP of where the forwarded connection originates. */
+        /**
+         * @return the IP of where the forwarded connection originates.
+         */
         String getOriginatorIP();
 
-        /** @return port from which the forwarded connection originates. */
+        /**
+         * @return port from which the forwarded connection originates.
+         */
         int getOriginatorPort();
 
         /**
@@ -66,65 +75,77 @@ public interface Channel
          *
          * @param reason  indicate {@link OpenFailException.Reason reason} for rejection of the request
          * @param message indicate a message for why the request is rejected
-         *
          * @throws TransportException error sending rejection packet
          */
-        void reject(OpenFailException.Reason reason, String message)
-                throws TransportException;
+        void reject(OpenFailException.Reason reason, String message) throws TransportException;
 
     }
 
 
-    /** Close this channel. */
+    /**
+     * Close this channel.
+     */
     @Override
-    void close()
-            throws TransportException, ConnectionException;
+    void close() throws TransportException, ConnectionException;
 
     /**
      * @return whether auto-expansion of local window is set.
-     *
      * @see #setAutoExpand(boolean)
      */
     boolean getAutoExpand();
 
-    /** @return the channel ID */
+    /**
+     * @return the channel ID
+     */
     int getID();
 
-    /** @return the {@code InputStream} for this channel. */
+    /**
+     * @return the {@code InputStream} for this channel.
+     */
     InputStream getInputStream();
 
-    /** @return the maximum packet size that we have specified. */
+    /**
+     * @return the maximum packet size that we have specified.
+     */
     int getLocalMaxPacketSize();
 
-    /** @return the current local window size. */
-    int getLocalWinSize();
-
-    /** @return an {@code OutputStream} for this channel. */
-    OutputStream getOutputStream();
-
-    /** @return the channel ID at the remote end. */
-    int getRecipient();
-
-    /** @return the maximum packet size as specified by the remote end. */
-    int getRemoteMaxPacketSize();
-
-    /** @return the current remote window size. */
-    int getRemoteWinSize();
-
-    /** @return the channel type identifier. */
-    String getType();
-
-    /** @return whether the channel is open. */
-    boolean isOpen();
+    /**
+     * @return the current local window size.
+     */
+    long getLocalWinSize();
 
     /**
-     * Sends an EOF message to the server for this channel; indicating that no more data will be sent by us. The {@code
-     * OutputStream} for this channel will be closed and no longer usable.
-     *
-     * @throws TransportException if there is an error sending the EOF message
+     * @return an {@code OutputStream} for this channel.
      */
-    void sendEOF()
-            throws TransportException;
+    OutputStream getOutputStream();
+
+    /**
+     * @return the channel ID at the remote end.
+     */
+    int getRecipient();
+
+    /** @return the character set used to communicate with the remote machine for certain strings (like paths). */
+    Charset getRemoteCharset();
+
+    /**
+     * @return the maximum packet size as specified by the remote end.
+     */
+    int getRemoteMaxPacketSize();
+
+    /**
+     * @return the current remote window size.
+     */
+    long getRemoteWinSize();
+
+    /**
+     * @return the channel type identifier.
+     */
+    String getType();
+
+    /**
+     * @return whether the channel is open.
+     */
+    boolean isOpen();
 
     /**
      * Set whether local window should automatically expand when data is received, irrespective of whether data has been
@@ -135,7 +156,17 @@ public interface Channel
      */
     void setAutoExpand(boolean autoExpand);
 
-    void join()
-            throws ConnectionException;
+    void join() throws ConnectionException;
 
+    void join(long timeout, TimeUnit unit) throws ConnectionException;
+
+    /**
+     * Returns whether EOF has been received.
+     */
+    boolean isEOF();
+
+    /**
+     * Get the LoggerFactory associated with the SSH client.
+     */
+    LoggerFactory getLoggerFactory();
 }

src/main/java/net/schmizz/sshj/connection/channel/ChannelInputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,40 +12,14 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
-
 package net.schmizz.sshj.connection.channel;
 
-import net.schmizz.sshj.common.Buffer;
-import net.schmizz.sshj.common.ErrorNotifiable;
-import net.schmizz.sshj.common.Message;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.transport.Transport;
 import net.schmizz.sshj.transport.TransportException;
 import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -59,7 +33,7 @@ public final class ChannelInputStream
         extends InputStream
         implements ErrorNotifiable {
 
-    private final Logger log = LoggerFactory.getLogger(getClass());
+    private final Logger log;
 
     private final Channel chan;
     private final Transport trans;
@@ -72,6 +46,7 @@ public final class ChannelInputStream
 
     public ChannelInputStream(Channel chan, Transport trans, Window.Local win) {
         this.chan = chan;
+        log = chan.getLoggerFactory().getLogger(getClass());
         this.trans = trans;
         this.win = win;
         buf = new Buffer.PlainBuffer(chan.getLocalMaxPacketSize());
@@ -116,7 +91,7 @@ public final class ChannelInputStream
     public int read(byte[] b, int off, int len)
             throws IOException {
         synchronized (buf) {
-            for (; ;) {
+            for (; ; ) {
                 if (buf.available() > 0)
                     break;
                 if (eof)
@@ -151,7 +126,12 @@ public final class ChannelInputStream
             buf.putRawBytes(data, offset, len);
             buf.notifyAll();
         }
-        win.consume(len);
+        // Potential fix for #203 (window consumed below 0).
+        // This seems to be a race condition if we receive more data, while we're already sending a SSH_MSG_CHANNEL_WINDOW_ADJUST
+        // And the window has not expanded yet.
+        synchronized (win) {
+            win.consume(len);
+        }
         if (chan.getAutoExpand())
             checkWindow();
     }
@@ -159,11 +139,11 @@ public final class ChannelInputStream
     private void checkWindow()
             throws TransportException {
         synchronized (win) {
-            final int adjustment = win.neededAdjustment();
+            final long adjustment = win.neededAdjustment();
             if (adjustment > 0) {
-                log.info("Sending SSH_MSG_CHANNEL_WINDOW_ADJUST to #{} for {} bytes", chan.getRecipient(), adjustment);
+                log.debug("Sending SSH_MSG_CHANNEL_WINDOW_ADJUST to #{} for {} bytes", chan.getRecipient(), adjustment);
                 trans.write(new SSHPacket(Message.CHANNEL_WINDOW_ADJUST)
-                        .putInt(chan.getRecipient()).putInt(adjustment));
+                                    .putUInt32(chan.getRecipient()).putUInt32(adjustment));
                 win.expand(adjustment);
             }
         }
@@ -174,4 +154,4 @@ public final class ChannelInputStream
         return "< ChannelInputStream for Channel #" + chan.getID() + " >";
     }
 
-}
+}

src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -12,35 +12,13 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
- * This file may incorporate work covered by the following copyright and
- * permission notice:
- *
- *     Licensed to the Apache Software Foundation (ASF) under one
- *     or more contributor license agreements.  See the NOTICE file
- *     distributed with this work for additional information
- *     regarding copyright ownership.  The ASF licenses this file
- *     to you under the Apache License, Version 2.0 (the
- *     "License"); you may not use this file except in compliance
- *     with the License.  You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- *      Unless required by applicable law or agreed to in writing,
- *      software distributed under the License is distributed on an
- *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *      KIND, either express or implied.  See the License for the
- *      specific language governing permissions and limitations
- *      under the License.
  */
 package net.schmizz.sshj.connection.channel;
 
-import net.schmizz.sshj.common.ErrorNotifiable;
-import net.schmizz.sshj.common.Message;
-import net.schmizz.sshj.common.SSHException;
-import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.connection.ConnectionException;
 import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
 
 import java.io.IOException;
 import java.io.OutputStream;
@@ -49,33 +27,101 @@ import java.io.OutputStream;
  * {@link OutputStream} for channels. Buffers data upto the remote window's maximum packet size. Data can also be
  * flushed via {@link #flush()} and is also flushed on {@link #close()}.
  */
-public final class ChannelOutputStream
-        extends OutputStream
-        implements ErrorNotifiable {
+public final class ChannelOutputStream extends OutputStream implements ErrorNotifiable {
 
     private final Channel chan;
     private final Transport trans;
     private final Window.Remote win;
-    private final SSHPacket buffer = new SSHPacket();
+
+    private final DataBuffer buffer = new DataBuffer();
     private final byte[] b = new byte[1];
-    private int bufferLength;
+
     private boolean closed;
     private SSHException error;
 
+    private final class DataBuffer {
+
+        private final int headerOffset;
+        private final int dataOffset;
+
+        private final SSHPacket packet = new SSHPacket(Message.CHANNEL_DATA);
+        private final Buffer.PlainBuffer leftOvers = new Buffer.PlainBuffer();
+
+        DataBuffer() {
+            headerOffset = packet.rpos();
+            packet.putUInt32(0); // recipient
+            packet.putUInt32(0); // data length
+            dataOffset = packet.wpos();
+        }
+
+        int write(byte[] data, int off, int len) throws TransportException, ConnectionException {
+            final int bufferSize = packet.wpos() - dataOffset;
+            if (bufferSize >= win.getMaxPacketSize()) {
+                flush(bufferSize, true);
+                return 0;
+            } else {
+                final int n = Math.min(len, win.getMaxPacketSize() - bufferSize);
+                packet.putRawBytes(data, off, n);
+                return n;
+            }
+        }
+
+        boolean flush(boolean canAwaitExpansion) throws TransportException, ConnectionException {
+            return flush(packet.wpos() - dataOffset, canAwaitExpansion);
+        }
+
+        boolean flush(int bufferSize, boolean canAwaitExpansion) throws TransportException, ConnectionException {
+            int dataLeft = bufferSize;
+            while (dataLeft > 0) {
+                long remoteWindowSize = win.getSize();
+                if (remoteWindowSize == 0) {
+                    if (canAwaitExpansion) {
+                        remoteWindowSize = win.awaitExpansion(remoteWindowSize);
+                    } else {
+                        return false;
+                    }
+                }
+
+                // We can only write the min. of
+                // a) how much data we have
+                // b) the max packet size
+                // c) what the current window size will allow
+                final int writeNow = Math.min(dataLeft, (int) Math.min(win.getMaxPacketSize(), remoteWindowSize));
+
+                packet.wpos(headerOffset);
+                packet.putMessageID(Message.CHANNEL_DATA);
+                packet.putUInt32(chan.getRecipient());
+                packet.putUInt32(writeNow);
+                packet.wpos(dataOffset + writeNow);
+
+                final int leftOverBytes = dataLeft - writeNow;
+                if (leftOverBytes > 0) {
+                    leftOvers.putRawBytes(packet.array(), packet.wpos(), leftOverBytes);
+                }
+
+                trans.write(packet);
+                win.consume(writeNow);
+
+                packet.rpos(headerOffset);
+                packet.wpos(dataOffset);
+
+                if (leftOverBytes > 0) {
+                    packet.putBuffer(leftOvers);
+                    leftOvers.clear();
+                }
+
+                dataLeft = leftOverBytes;
+            }
+
+            return true;
+        }
+
+    }
+
     public ChannelOutputStream(Channel chan, Transport trans, Window.Remote win) {
         this.chan = chan;
         this.trans = trans;
         this.win = win;
-        prepBuffer();
-    }
-
-    private void prepBuffer() {
-        bufferLength = 0;
-        buffer.rpos(5);
-        buffer.wpos(5);
-        buffer.putMessageID(Message.CHANNEL_DATA);
-        buffer.putInt(0); // meant to be recipient
-        buffer.putInt(0); // meant to be data length
     }
 
     @Override
@@ -86,19 +132,15 @@ public final class ChannelOutputStream
     }
 
     @Override
-    public synchronized void write(byte[] data, int off, int len)
+    public synchronized void write(final byte[] data, int off, int len)
             throws IOException {
         checkClose();
-        while (len > 0) {
-            final int x = Math.min(len, win.getMaxPacketSize() - bufferLength);
-            if (x <= 0) {
-                flush();
-                continue;
-            }
-            buffer.putRawBytes(data, off, x);
-            bufferLength += x;
-            off += x;
-            len -= x;
+        int length = len;
+        int offset = off;
+        while (length > 0) {
+            final int n = buffer.write(data, offset, length);
+            offset += n;
+            length -= n;
         }
     }
 
@@ -107,55 +149,37 @@ public final class ChannelOutputStream
         this.error = error;
     }
 
-    private synchronized void checkClose()
-            throws SSHException {
-        if (closed)
+    private void checkClose() throws SSHException {
+        if (closed) {
             if (error != null)
                 throw error;
             else
                 throw new ConnectionException("Stream closed");
-    }
-
-    @Override
-    public synchronized void close()
-            throws IOException {
-        if (!closed)
-            try {
-                flush();
-                chan.sendEOF();
-            } finally {
-                setClosed();
-            }
-    }
-
-    public synchronized void setClosed() {
-        closed = true;
-    }
-
-    @Override
-    public synchronized void flush()
-            throws IOException {
-        checkClose();
-
-        if (bufferLength <= 0) // No data to send
-            return;
-
-        putRecipientAndLength();
-
-        try {
-            win.waitAndConsume(bufferLength);
-            trans.write(buffer);
-        } finally {
-            prepBuffer();
         }
     }
 
-    private void putRecipientAndLength() {
-        final int origPos = buffer.wpos();
-        buffer.wpos(6);
-        buffer.putInt(chan.getRecipient());
-        buffer.putInt(bufferLength);
-        buffer.wpos(origPos);
+    @Override
+    public synchronized void close() throws IOException {
+        if (!closed) {
+            try {
+                buffer.flush(false);
+//                trans.write(new SSHPacket(Message.CHANNEL_EOF).putUInt32(chan.getRecipient()));
+            } finally {
+                closed = true;
+            }
+        }
+    }
+
+    /**
+     * Send all data currently buffered. If window space is exhausted in the process, this will block
+     * until it is expanded by the server.
+     *
+     * @throws IOException
+     */
+    @Override
+    public synchronized void flush() throws IOException {
+        checkClose();
+        buffer.flush(true);
     }
 
     @Override
@@ -163,4 +187,4 @@ public final class ChannelOutputStream
         return "< ChannelOutputStream for Channel #" + chan.getID() + " >";
     }
 
-}
+}

src/main/java/net/schmizz/sshj/connection/channel/OpenFailException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010 Shikhar Bhushan
+ * Copyright (C)2009 - SSHJ Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/net/schmizz/sshj/connection/channel/SocketStreamCopyMonitor.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (C)2009 - SSHJ Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.concurrent.Event;
+import net.schmizz.sshj.common.IOUtils;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.util.concurrent.TimeUnit;
+
+import static com.hierynomus.sshj.backport.Sockets.asCloseable;
+
+public class SocketStreamCopyMonitor
+        extends Thread {
+
+    private SocketStreamCopyMonitor(Runnable r) {
+        super(r);
+        setName("sockmon");
+        setDaemon(true);
+    }
+
+    public static void monitor(final int frequency, final TimeUnit unit,
+                               final Event<IOException> x, final Event<IOException> y,
+                               final Channel channel, final Socket socket) {
+        new SocketStreamCopyMonitor(new Runnable() {
+            public void run() {
+                try {
+                    for (Event<IOException> ev = x;
+                         !ev.tryAwait(frequency, unit);
+                         ev = (ev == x) ? y : x) {
+                    }
+                } catch (IOException ignored) {
+                } finally {
+                    IOUtils.closeQuietly(channel, asCloseable(socket));
+                }
+            }
+        }).start();
+    }
+
+}