Skip to content
Permalink
Browse files

[JENKINS-42959] Return host algorithms if in known_host and we suppor…

…t them (#11)

[JENKINS-42959] Return host algorithms if they're in known hosts and we support them

* Update test following latest merges
  • Loading branch information
mc1arke committed Apr 10, 2017
1 parent 3aaec83 commit 4e0e9e110adb1101bd9c8f0712e0d427cb020349
Showing with 76 additions and 4 deletions.
  1. +4 −4 src/com/trilead/ssh2/KnownHosts.java
  2. +72 −0 test/com/trilead/ssh2/KnownHostsTest.java
@@ -508,12 +508,12 @@ private boolean pseudoRegex(char[] pattern, int i, char[] match, int j)
if (preferredAlgo != null) {
/* If we find different key types, then return null */

if (preferredAlgo.compareTo(thisAlgo) != 0)
if (!preferredAlgo.equals(thisAlgo)) {
return null;
}

/* OK, we found the same algo again, optimize */

continue;
} else {
preferredAlgo = thisAlgo;
}
}

@@ -0,0 +1,72 @@
package com.trilead.ssh2;

import com.trilead.ssh2.signature.DSAKeyAlgorithm;
import com.trilead.ssh2.signature.ECDSAKeyAlgorithm;
import com.trilead.ssh2.signature.RSAKeyAlgorithm;
import org.junit.Test;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;

import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertNull;

/**
* @author Michael Clarke
*/
public class KnownHostsTest {

@Test
public void testKnownHostsPreferredAlgorithmsSshDssOnly() throws IOException, NoSuchAlgorithmException {
KnownHosts testCase = new KnownHosts();
KeyPairGenerator dsaGenerator = KeyPairGenerator.getInstance("DSA");
testCase.addHostkey(new String[]{"localhost"}, "ssh-dss", new DSAKeyAlgorithm().encodePublicKey((DSAPublicKey) dsaGenerator.generateKeyPair().getPublic()));
assertArrayEquals(new String[]{"ssh-dss", "ssh-ed25519", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ssh-rsa"}, testCase.getPreferredServerHostkeyAlgorithmOrder("localhost"));
}

@Test
public void testKnownHostsPreferredAlgorithmsSshRsaOnly() throws IOException, NoSuchAlgorithmException {
KnownHosts testCase = new KnownHosts();
KeyPairGenerator rsaGenerator = KeyPairGenerator.getInstance("RSA");
testCase.addHostkey(new String[]{"localhost"}, "ssh-rsa", new RSAKeyAlgorithm().encodePublicKey((RSAPublicKey) rsaGenerator.generateKeyPair().getPublic()));
assertArrayEquals(new String[]{"ssh-rsa", "ssh-ed25519", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ssh-dss"}, testCase.getPreferredServerHostkeyAlgorithmOrder("localhost"));
}


@Test
public void testKnownHostsPreferredAlgorithmsEcdsaOnly() throws IOException, NoSuchAlgorithmException {
KnownHosts testCase = new KnownHosts();
KeyPairGenerator ecGenerator = KeyPairGenerator.getInstance("EC");
testCase.addHostkey(new String[]{"localhost"}, "ecdsa-sha2-nistp256", new ECDSAKeyAlgorithm.ECDSASha2Nistp256().encodePublicKey((ECPublicKey) ecGenerator.generateKeyPair().getPublic()));
assertArrayEquals(new String[]{"ecdsa-sha2-nistp256", "ssh-ed25519", "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ssh-rsa", "ssh-dss"}, testCase.getPreferredServerHostkeyAlgorithmOrder("localhost"));
}

@Test
public void testKnownHostsPreferredAlgorithmsNoKnownHosts() throws IOException {
KnownHosts testCase = new KnownHosts();
assertNull(testCase.getPreferredServerHostkeyAlgorithmOrder("localhost"));
}


/**
* The Known Hosts implementation currently expects multiple known hosts entries for the same hosts to result in
* a null value being returned for the preferred algorithms, rather than a list of all those known algorithms. This
* seems an odd choice, but I'll protect that feature for now.
* @throws IOException if failing to add the test keys
*/
@Test
public void testKnownHostsPreferredAlgorithmsRsaAndDssHosts() throws IOException, GeneralSecurityException {
KnownHosts testCase = new KnownHosts();
KeyPairGenerator dsaGenerator = KeyPairGenerator.getInstance("DSA");
testCase.addHostkey(new String[]{"localhost"}, "ssh-dss", new DSAKeyAlgorithm().encodePublicKey((DSAPublicKey) dsaGenerator.generateKeyPair().getPublic()));
KeyPairGenerator rsaGenerator = KeyPairGenerator.getInstance("RSA");
testCase.addHostkey(new String[]{"localhost"}, "ssh-rsa", new RSAKeyAlgorithm().encodePublicKey((RSAPublicKey) rsaGenerator.generateKeyPair().getPublic()));
assertNull(testCase.getPreferredServerHostkeyAlgorithmOrder("localhost"));
}

}

0 comments on commit 4e0e9e1

Please sign in to comment.
You can’t perform that action at this time.