minmb-net-ssh 2.5.1

data/test/test_config.rb

@@ -0,0 +1,120 @@
+require 'common'
+require 'net/ssh/config'
+
+class TestConfig < Test::Unit::TestCase
+  def test_load_for_non_existant_file_should_return_empty_hash
+    bogus_file = File.expand_path("/bogus/file")
+    File.expects(:readable?).with(bogus_file).returns(false)
+    assert_equal({}, Net::SSH::Config.load(bogus_file, "host.name"))
+  end
+
+  def test_load_should_expand_path
+    expected = File.expand_path("~/.ssh/config")
+    File.expects(:readable?).with(expected).returns(false)
+    Net::SSH::Config.load("~/.ssh/config", "host.name")
+  end
+
+  def test_load_with_exact_host_match_should_load_that_section
+    config = Net::SSH::Config.load(config(:exact_match), "test.host")
+    assert config['compression']
+    assert config['forwardagent']
+    assert_equal 1234, config['port']
+  end
+
+  def test_load_with_wild_card_matches_should_load_all_matches_with_first_match_taking_precedence
+    config = Net::SSH::Config.load(config(:wild_cards), "test.host")
+    assert_equal 1234, config['port']
+    assert !config['compression']
+    assert config['forwardagent']
+    assert_equal %w(~/.ssh/id_dsa), config['identityfile']
+    assert !config.key?('rekeylimit')
+  end
+
+  def test_for_should_load_all_files_and_translate_to_net_ssh_options
+    config = Net::SSH::Config.for("test.host", [config(:exact_match), config(:wild_cards)])
+    assert_equal 1234, config[:port]
+    assert config[:compression]
+    assert config[:forward_agent]
+    assert_equal %w(~/.ssh/id_dsa), config[:keys]
+    assert !config.key?(:rekey_limit)
+  end
+  
+  def test_load_with_no_host
+    config = Net::SSH::Config.load(config(:nohost), "test.host")
+    assert_equal %w(~/.ssh/id_dsa ~/.ssh/id_rsa), config['identityfile']
+    assert_equal 1985, config['port']
+  end
+  
+  def test_load_with_multiple_hosts
+    config = Net::SSH::Config.load(config(:multihost), "test.host")
+    assert config['compression']
+    assert_equal '2G', config['rekeylimit']
+    assert_equal 1980, config['port']
+  end
+  
+  def test_load_with_multiple_hosts_and_config_should_match_for_both
+    aconfig = Net::SSH::Config.load(config(:multihost), "test.host")
+    bconfig = Net::SSH::Config.load(config(:multihost), "other.host")
+    assert_equal aconfig['port'], bconfig['port']
+    assert_equal aconfig['compression'], bconfig['compression']
+    assert_equal aconfig['rekeylimit'], bconfig['rekeylimit']
+  end
+  
+  def test_load_should_parse_equal_sign_delimiters
+    config = Net::SSH::Config.load(config(:eqsign), "test.test")
+    assert config['compression']
+    assert_equal 1234, config['port']
+  end
+
+  def test_translate_should_correctly_translate_from_openssh_to_net_ssh_names
+    open_ssh = {
+      'bindaddress'             => "127.0.0.1",
+      'ciphers'                 => "a,b,c",
+      'compression'             => true,
+      'compressionlevel'        => 6,
+      'connecttimeout'          => 100,
+      'forwardagent'            => true,
+      'hostbasedauthentication' => true,
+      'hostkeyalgorithms'       => "d,e,f",
+      'identityfile'            => %w(g h i),
+      'macs'                    => "j,k,l",
+      'passwordauthentication'  => true,
+      'port'                    => 1234,
+      'pubkeyauthentication'    => true,
+      'rekeylimit'              => 1024
+    }
+
+    net_ssh = Net::SSH::Config.translate(open_ssh)
+
+    assert_equal %w(a b c), net_ssh[:encryption]
+    assert_equal true,      net_ssh[:compression]
+    assert_equal 6,         net_ssh[:compression_level]
+    assert_equal 100,       net_ssh[:timeout]
+    assert_equal true,      net_ssh[:forward_agent]
+    assert_equal %w(hostbased password publickey), net_ssh[:auth_methods].sort
+    assert_equal %w(d e f), net_ssh[:host_key]
+    assert_equal %w(g h i), net_ssh[:keys]
+    assert_equal %w(j k l), net_ssh[:hmac]
+    assert_equal 1234,      net_ssh[:port]
+    assert_equal 1024,      net_ssh[:rekey_limit]
+    assert_equal "127.0.0.1", net_ssh[:bind_address]
+  end
+  
+  def test_load_with_plus_sign_hosts
+    config = Net::SSH::Config.load(config(:host_plus), "test.host")
+    assert config['compression']
+  end
+  
+  def test_load_with_numeric_host
+    config = Net::SSH::Config.load(config(:numeric_host), "1234")
+    assert config['compression']
+    assert_equal '2G', config['rekeylimit']
+    assert_equal 1980, config['port']
+  end
+  
+  private
+
+    def config(name)
+      "test/configs/#{name}"
+    end
+end

data/test/test_key_factory.rb

@@ -0,0 +1,121 @@
+require 'common'
+require 'net/ssh/key_factory'
+
+class TestKeyFactory < Test::Unit::TestCase
+  def setup
+    @key_file = File.expand_path("/key-file")
+  end
+  
+  def test_load_unencrypted_private_RSA_key_should_return_key
+    File.expects(:read).with(@key_file).returns(rsa_key.export)
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_unencrypted_private_DSA_key_should_return_key
+    File.expects(:read).with(@key_file).returns(dsa_key.export)
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_RSA_key_should_prompt_for_password_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for #{@key_file}:", false).returns("password")
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_RSA_key_with_password_should_not_prompt_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    assert_equal rsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file, "password").to_der
+  end
+
+  def test_load_encrypted_private_DSA_key_should_prompt_for_password_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(dsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).with("Enter passphrase for #{@key_file}:", false).returns("password")
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+  end
+
+  def test_load_encrypted_private_DSA_key_with_password_should_not_prompt_and_return_key
+    File.expects(:read).with(@key_file).returns(encrypted(dsa_key, "password"))
+    assert_equal dsa_key.to_der, Net::SSH::KeyFactory.load_private_key(@key_file, "password").to_der
+  end
+
+  def test_load_encrypted_private_key_should_give_three_tries_for_the_password_and_then_raise_exception
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).times(3).with("Enter passphrase for #{@key_file}:", false).returns("passwod","passphrase","passwd")
+    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file) }
+  end
+
+  def test_load_encrypted_private_key_should_raise_exception_without_asking_passphrase
+    File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
+    Net::SSH::KeyFactory.expects(:prompt).never
+    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file, nil, false) }
+  end
+
+  def test_load_public_rsa_key_should_return_key
+    File.expects(:read).with(@key_file).returns(public(rsa_key))
+    assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
+  end
+
+  if defined?(OpenSSL::PKey::EC)
+    def test_load_unencrypted_private_ecdsa_sha2_nistp256_key_should_return_key
+      File.expects(:read).with("/key-file").returns(ecdsa_sha2_nistp256_key.to_pem)
+      assert_equal ecdsa_sha2_nistp256_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
+    end
+    def test_load_unencrypted_private_ecdsa_sha2_nistp384_key_should_return_key
+      File.expects(:read).with("/key-file").returns(ecdsa_sha2_nistp384_key.to_pem)
+      assert_equal ecdsa_sha2_nistp384_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
+    end
+    def test_load_unencrypted_private_ecdsa_sha2_nistp521_key_should_return_key
+      File.expects(:read).with("/key-file").returns(ecdsa_sha2_nistp521_key.to_pem)
+      assert_equal ecdsa_sha2_nistp521_key.to_der, Net::SSH::KeyFactory.load_private_key("/key-file").to_der
+    end
+
+    def test_load_public_ecdsa_sha2_nistp256_key_should_return_key
+      File.expects(:read).with("/key-file").returns(public(ecdsa_sha2_nistp256_key))
+      assert_equal ecdsa_sha2_nistp256_key.to_blob, Net::SSH::KeyFactory.load_public_key("/key-file").to_blob
+    end
+    def test_load_public_ecdsa_sha2_nistp384_key_should_return_key
+      File.expects(:read).with("/key-file").returns(public(ecdsa_sha2_nistp384_key))
+      assert_equal ecdsa_sha2_nistp384_key.to_blob, Net::SSH::KeyFactory.load_public_key("/key-file").to_blob
+    end
+    def test_load_public_ecdsa_sha2_nistp521_key_should_return_key
+      File.expects(:read).with("/key-file").returns(public(ecdsa_sha2_nistp521_key))
+      assert_equal ecdsa_sha2_nistp521_key.to_blob, Net::SSH::KeyFactory.load_public_key("/key-file").to_blob
+    end
+  end
+
+  private
+
+    def rsa_key
+      # 512 bits
+      @rsa_key ||= OpenSSL::PKey::RSA.new("0\202\001;\002\001\000\002A\000\235\236\374N\e@2E\321\3757\003\354c\276N\f\003\3479Ko\005\317\0027\a\255=\345!\306\220\340\211;\027u\331\260\362\2063x\332\301y4\353\v%\032\214v\312\304\212\271GJ\353\2701\031\002\003\001\000\001\002@\022Y\306*\031\306\031\224Cde\231QV3{\306\256U\2477\377\017\000\020\323\363R\332\027\351\034\224OU\020\227H|pUS\n\263+%\304\341\321\273/\271\e\004L\250\273\020&,\t\304By\002!\000\311c\246%a\002\305\277\262R\266\244\250\025V_\351]\264\016\265\341\355\305\223\347Z$8\205#\023\002!\000\310\\\367|\243I\363\350\020\307\246\302\365\ed\212L\273\2158M\223w\a\367 C\t\224A4\243\002!\000\262]+}\327\231\331\002\2331^\312\036\204'g\363\f&\271\020\245\365-\024}\306\374e\202\2459\002 }\231\341\276\3551\277\307{5\\\361\233\353G\024wS\237\fk}\004\302&\205\277\340rb\211\327\002!\000\223\307\025I:\215_\260\370\252\3757\256Y&X\364\354\342\215\350\203E8\227|\f\237M\375D|")
+    end
+
+    def dsa_key
+      # 512 bits
+      @dsa_key ||= OpenSSL::PKey::DSA.new("0\201\367\002\001\000\002A\000\203\316/\037u\272&J\265\003l3\315d\324h\372{\t8\252#\331_\026\006\035\270\266\255\343\353Z\302\276\335\336\306\220\375\202L\244\244J\206>\346\b\315\211\302L\246x\247u\a\376\366\345\302\016#\002\025\000\244\274\302\221Og\275/\302+\356\346\360\024\373wI\2573\361\002@\027\215\270r*\f\213\350C\245\021:\350 \006\\\376\345\022`\210b\262\3643\023XLKS\320\370\002\276\347A\nU\204\276\324\256`=\026\240\330\306J\316V\213\024\e\030\215\355\006\037q\337\356ln\002@\017\257\034\f\260\333'S\271#\237\230E\321\312\027\021\226\331\251Vj\220\305\316\036\v\266+\000\230\270\177B\003?t\a\305]e\344\261\334\023\253\323\251\223M\2175)a(\004\"lI8\312\303\307\a\002\024_\aznW\345\343\203V\326\246ua\203\376\201o\350\302\002")
+    end
+
+    if defined?(OpenSSL::PKey::EC)
+      def ecdsa_sha2_nistp256_key
+        @ecdsa_sha2_nistp256_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINv6pPVLlkqvT1v5MJlWgaSWGwqupISG4U79bUXQDNCaoAoGCCqGSM49\nAwEHoUQDQgAElqubvi/GkSme+bwtncU1NiE0dWQ0EO07VufUQg8lUJ5+Fi6f96qa\n95T1zwOMQhY1h8PP9rQIZr4S48vN/ZnQLw==\n-----END EC PRIVATE KEY-----\n")
+      end
+
+      def ecdsa_sha2_nistp384_key
+        @ecdsa_sha2_nistp384_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDBxwkmydCn4mP4KMhlMpeBvIroQolWKVNoRPXpG7brFgK+Yiikqw8wd\nIZW5OlL4y3mgBwYFK4EEACKhZANiAARkoIR1oABi+aQJbKcmvzeYSKURQOyXM0HU\nR4T68v4hd/lJE4fFQRczj3wAaECe9u3CWI/oDlow4Vr0vab82ZGjIoblxblKQWYl\nyzENgzl226waGg1bLBo8Auilyf1B5yI=\n-----END EC PRIVATE KEY-----\n")
+      end
+
+      def ecdsa_sha2_nistp521_key
+        @ecdsa_sha2_nistp521_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIHbAgEBBEHQ2i7kjEGQHQB4pUQW9a2eCLWR2S5Go8U3CDyfbRCrYEp/pTSgI8uu\nMXyR3bf3SjqFQgZ6MZk5lkyrissJuwmvZKAHBgUrgQQAI6GBiQOBhgAEAN14FACK\nbs/KTqw4rxijeozGTVJTh1hNzBl2XaIhM4Fv8o3fE/pvogymyFu53GCng6gC4dmx\n/hycF41iIM29xVKPAeBnRNl6MdFBjuthOmE8eCRezgk1Bak8aBDUrzNT8OQssscw\npvQK4nc6ga/wTDaQGy5kV8tCOHNs2wKH+p2LpWTJ\n-----END EC PRIVATE KEY-----\n")
+      end
+    end
+
+    def encrypted(key, password)
+      key.export(OpenSSL::Cipher::Cipher.new("des-ede3-cbc"), password)
+    end
+
+    def public(key)
+      result = "#{key.ssh_type} "
+      result << [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").strip.tr("\n\r\t ", "")
+      result << " joe@host.test"
+    end
+end

data/test/test_known_hosts.rb

@@ -0,0 +1,13 @@
+require 'common'
+
+class TestKnownHosts < Test::Unit::TestCase
+
+  def test_key_for_when_all_hosts_are_recognized
+    source = File.join(File.dirname(__FILE__),"known_hosts/github")
+    kh = Net::SSH::KnownHosts.new(source)
+    keys = kh.keys_for("github.com")
+    assert_equal(1, keys.count)
+    assert_equal("ssh-rsa", keys[0].ssh_type)
+  end
+
+end

data/test/transport/hmac/test_md5.rb

@@ -0,0 +1,39 @@
+require 'common'
+require 'net/ssh/transport/hmac/md5'
+
+module Transport; module HMAC
+
+  class TestMD5 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::MD5, subject.digest_class
+      assert_equal OpenSSL::Digest::MD5, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 16, subject.key_length
+      assert_equal 16, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 16, subject.mac_length
+      assert_equal 16, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\275\345\006\307y~Oi\035<.\341\031\250<\257", hmac.digest("hello world")
+    end
+
+    def test_key_should_be_truncated_to_required_length
+      hmac = subject.new("12345678901234567890")
+      assert_equal "1234567890123456", hmac.key
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::MD5
+      end
+  end
+
+end; end

data/test/transport/hmac/test_md5_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_md5'
+require 'net/ssh/transport/hmac/md5_96'
+
+module Transport; module HMAC
+
+  class TestMD5_96 < TestMD5
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\275\345\006\307y~Oi\035<.\341", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::MD5_96
+      end
+  end
+
+end; end

data/test/transport/hmac/test_none.rb

@@ -0,0 +1,34 @@
+require 'common'
+require 'net/ssh/transport/hmac/none'
+
+module Transport; module HMAC
+
+  class TestNone < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal nil, subject.digest_class
+      assert_equal nil, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 0, subject.key_length
+      assert_equal 0, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 0, subject.mac_length
+      assert_equal 0, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::None
+      end
+  end
+
+end; end

data/test/transport/hmac/test_ripemd160.rb

@@ -0,0 +1,34 @@
+require 'common'
+require 'net/ssh/transport/hmac/ripemd160'
+
+module Transport; module HMAC
+
+  class TestRipemd160 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::RIPEMD160, subject.digest_class
+      assert_equal OpenSSL::Digest::RIPEMD160, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 20, subject.key_length
+      assert_equal 20, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 20, subject.mac_length
+      assert_equal 20, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\xE4\x10\t\xB3\xD8,\x14\xA0k\x10\xB5\x0F?\x0E\x96q\x02\x16;E", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::RIPEMD160
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha1.rb

@@ -0,0 +1,34 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha1'
+
+module Transport; module HMAC
+
+  class TestSHA1 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA1, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA1, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 20, subject.key_length
+      assert_equal 20, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 20, subject.mac_length
+      assert_equal 20, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\000\004W\202\204+&\335\311\251P\266\250\214\276\206;\022U\365", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA1
+      end
+  end
+
+end; end

data/test/transport/hmac/test_sha1_96.rb

@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha1'
+require 'net/ssh/transport/hmac/sha1_96'
+
+module Transport; module HMAC
+
+  class TestSHA1_96 < TestSHA1
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\000\004W\202\204+&\335\311\251P\266", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA1_96
+      end
+  end
+
+end; end