net-ssh 4.0.0.alpha1 → 4.0.0.alpha2

data/test/authentication/test_ed25519.rb

@@ -1,77 +0,0 @@
-require 'common'
-require 'net/ssh/authentication/ed25519'
-require 'base64'
-
-module Authentication
-
-  class TestED25519 < Test::Unit::TestCase
-    def test_no_pwd_key
-      pub = Net::SSH::Buffer.new(Base64.decode64(public_key_no_pwd.split(' ')[1]))
-      _type = pub.read_string
-      pub_data = pub.read_string
-      priv = private_key_no_pwd
-
-      pub_key = ED25519::PubKey.new(pub_data)
-      priv_key = ED25519::PrivKey.new(priv,nil)
-
-      shared_secret = "Hello"
-      signed = priv_key.ssh_do_sign(shared_secret)
-      self.assert_equal(true,pub_key.ssh_do_verify(signed,shared_secret))
-      self.assert_equal(priv_key.public_key.fingerprint, pub_key.fingerprint)
-    end
-
-    def test_pwd_key
-      if defined?(JRUBY_VERSION)
-        puts "Skipping password protected ED25519 for JRuby"
-        return
-      end
-      pub = Net::SSH::Buffer.new(Base64.decode64(public_key_pwd.split(' ')[1]))
-      _type = pub.read_string
-      pub_data = pub.read_string
-      priv = private_key_pwd
-
-      pub_key = ED25519::PubKey.new(pub_data)
-      priv_key = ED25519::PrivKey.new(priv,'pwd')
-
-      shared_secret = "Hello"
-      signed = priv_key.ssh_do_sign(shared_secret)
-      self.assert_equal(true,pub_key.ssh_do_verify(signed,shared_secret))
-      self.assert_equal(priv_key.public_key.fingerprint, pub_key.fingerprint)
-    end
-
-    def private_key_pwd
-      @pwd_key = <<-EOF
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABBxwCvr3V
-/8pWhC/xvTnGJhAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAICaHkFaGXqYhUVFc
-aZ10TPUbkIvmaFXwYRoOS5qE8MciAAAAsNUAhbNQKwNcOr0eNq3nhtjoyeVyH8hRrpWsiY
-46vPiECi6R6OdYGSd7W3fdzUDeyOYCY9ZVIjAzENG+9FsygYzMi6XCuw00OuDFLUp4fL4K
-i/coUIVqouB4TPQAmsCVXiIRVTWQtRG0kWfFaV3qRt/bc22ZCvCT6ZZ1UmtulqqfUhSlKM
-oPcTikV1iWH5Xc+GxRFRRGTN/6HvBf0AKDB1kMXlDhGnBnHGeNH1pk44xG
------END OPENSSH PRIVATE KEY-----
-      EOF
-    end
-
-    def public_key_pwd
-      'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaHkFaGXqYhUVFcaZ10TPUbkIvmaFXwYRoOS5qE8Mci vagrant@vagrant-ubuntu-trusty-64'
-    end
-
-    def private_key_no_pwd
-      @anonymous_key = <<-EOF
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACAwdjQYeBiTz1DdZFzzLvG+t913L+eVqCgtzpAYxQG8yQAAAKjlHzLo5R8y
-6AAAAAtzc2gtZWQyNTUxOQAAACAwdjQYeBiTz1DdZFzzLvG+t913L+eVqCgtzpAYxQG8yQ
-AAAEBPrD+n4901Y+NYJ2sry+EWRdltGFhMISvp91TywJ//mTB2NBh4GJPPUN1kXPMu8b63
-3Xcv55WoKC3OkBjFAbzJAAAAIHZhZ3JhbnRAdmFncmFudC11YnVudHUtdHJ1c3R5LTY0AQ
-IDBAU=
------END OPENSSH PRIVATE KEY-----
-      EOF
-    end
-
-    def public_key_no_pwd
-      'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDB2NBh4GJPPUN1kXPMu8b633Xcv55WoKC3OkBjFAbzJ vagrant@vagrant-ubuntu-trusty-64'
-    end
-  end
-
-end

data/test/authentication/test_key_manager.rb

@@ -1,240 +0,0 @@
-require 'common'
-require 'net/ssh/authentication/key_manager'
-
-module Authentication
-
-  class TestKeyManager < Test::Unit::TestCase
-    def test_key_files_and_known_identities_are_empty_by_default
-      assert manager.key_files.empty?
-      assert manager.known_identities.empty?
-    end
-
-    def test_assume_agent_is_available_by_default
-      assert manager.use_agent?
-    end
-
-    def test_add_ensures_list_is_unique
-      manager.add "/first"
-      manager.add "/second"
-      manager.add "/third"
-      manager.add "/second"
-      assert_equal 3, manager.key_files.length
-      final_files = manager.key_files.map {|item| item.split('/').last}
-      assert_equal %w(first second third), final_files
-    end
-
-    def test_use_agent_should_be_set_to_false_if_agent_could_not_be_found
-      Net::SSH::Authentication::Agent.expects(:connect).raises(Net::SSH::Authentication::AgentNotAvailable)
-      assert manager.use_agent?
-      assert_nil manager.agent
-      assert !manager.use_agent?
-    end
-
-    def test_agent_should_be_used_by_default
-      assert manager().use_agent?
-    end
-
-    def test_agent_should_not_be_used_with_no_agent
-      assert !manager(:use_agent => false).use_agent?
-    end
-
-    def test_each_identity_should_load_from_key_files
-      manager.stubs(:agent).returns(nil)
-      first = File.expand_path("/first")
-      second = File.expand_path("/second")
-      stub_file_private_key first, rsa
-      stub_file_private_key second, dsa
-
-      identities = []
-      manager.each_identity { |identity| identities << identity }
-
-      assert_equal 2, identities.length
-      assert_equal rsa.to_blob, identities.first.to_blob
-      assert_equal dsa.to_blob, identities.last.to_blob
-
-      assert_equal({:from => :file, :file => first, :key => rsa}, manager.known_identities[rsa])
-      assert_equal({:from => :file, :file => second, :key => dsa}, manager.known_identities[dsa])
-    end
-
-    def test_each_identity_should_not_prompt_for_passphrase_in_non_interactive_mode
-      manager(:non_interactive => true).stubs(:agent).returns(nil)
-      first = File.expand_path("/first")
-      stub_file_private_key first, rsa, :passphrase => :should_not_be_asked
-      identities = []
-      manager.each_identity { |identity| identities << identity }
-      assert_equal(identities, [])
-    end
-
-    def test_identities_should_load_from_agent
-      manager.stubs(:agent).returns(agent)
-
-      identities = []
-      manager.each_identity { |identity| identities << identity }
-
-      assert_equal 2, identities.length
-      assert_equal rsa.to_blob, identities.first.to_blob
-      assert_equal dsa.to_blob, identities.last.to_blob
-
-      assert_equal({:from => :agent}, manager.known_identities[rsa])
-      assert_equal({:from => :agent}, manager.known_identities[dsa])
-    end
-
-    if defined?(OpenSSL::PKey::EC)
-      def test_identities_with_ecdsa_should_load_from_agent
-        manager.stubs(:agent).returns(agent_with_ecdsa_keys)
-
-        identities = []
-        manager.each_identity { |identity| identities << identity }
-        assert_equal 5, identities.length
-
-        assert_equal rsa.to_blob, identities[0].to_blob
-        assert_equal dsa.to_blob, identities[1].to_blob
-        assert_equal ecdsa_sha2_nistp256.to_blob, identities[2].to_blob
-        assert_equal ecdsa_sha2_nistp384.to_blob, identities[3].to_blob
-        assert_equal ecdsa_sha2_nistp521.to_blob, identities[4].to_blob
-
-        assert_equal({:from => :agent}, manager.known_identities[rsa])
-        assert_equal({:from => :agent}, manager.known_identities[dsa])
-        assert_equal({:from => :agent}, manager.known_identities[ecdsa_sha2_nistp256])
-        assert_equal({:from => :agent}, manager.known_identities[ecdsa_sha2_nistp384])
-        assert_equal({:from => :agent}, manager.known_identities[ecdsa_sha2_nistp521])
-      end
-    end
-
-    def test_only_identities_with_key_files_should_load_from_agent_of_keys_only_set
-      manager(:keys_only => true).stubs(:agent).returns(agent)
-
-      first = File.expand_path("/first")
-      stub_file_private_key first, rsa
-
-      identities = []
-      manager.each_identity { |identity| identities << identity }
-
-      assert_equal 1, identities.length
-      assert_equal rsa.to_blob, identities.first.to_blob
-
-      assert_equal({:from => :agent}, manager.known_identities[rsa])
-      assert manager.use_agent?
-    end
-
-    def test_identities_without_public_key_files_should_not_be_touched_if_identity_loaded_from_agent
-      manager.stubs(:agent).returns(agent)
-
-      first = File.expand_path("/first")
-      stub_file_public_key  first, rsa
-      second = File.expand_path("/second")
-      stub_file_private_key second, dsa, :passphrase => :should_not_be_asked
-
-      identities = []
-      manager.each_identity do |identity|
-        identities << identity
-        break if manager.known_identities[identity][:from] == :agent
-      end
-
-      assert_equal 1, identities.length
-      assert_equal rsa.to_blob, identities.first.to_blob
-    end
-
-    def test_sign_with_agent_originated_key_should_request_signature_from_agent
-      manager.stubs(:agent).returns(agent)
-      manager.each_identity { |identity| } # preload the known_identities
-      agent.expects(:sign).with(rsa, "hello, world").returns("abcxyz123")
-      assert_equal "abcxyz123", manager.sign(rsa, "hello, world")
-    end
-
-    def test_sign_with_file_originated_key_should_load_private_key_and_sign_with_it
-      manager.stubs(:agent).returns(nil)
-      first = File.expand_path("/first")
-      stub_file_private_key first, rsa(512)
-      rsa.expects(:ssh_do_sign).with("hello, world").returns("abcxyz123")
-      manager.each_identity { |identity| } # preload the known_identities
-      assert_equal "\0\0\0\assh-rsa\0\0\0\011abcxyz123", manager.sign(rsa, "hello, world")
-    end
-
-    def test_sign_with_file_originated_key_should_raise_key_manager_error_if_unloadable
-      manager.known_identities[rsa] = { :from => :file, :file => "/first" }
-
-      Net::SSH::KeyFactory.expects(:load_private_key).raises(OpenSSL::PKey::RSAError)
-
-      assert_raises Net::SSH::Authentication::KeyManagerError do
-        manager.sign(rsa, "hello, world")
-      end
-    end
-
-    private
-
-      def stub_file_private_key(name, key, options = {})
-        manager.add(name)
-        File.stubs(:file?).with(name).returns(true)
-        File.stubs(:readable?).with(name).returns(true)
-        File.stubs(:file?).with(name + ".pub").returns(true)
-        File.stubs(:readable?).with(name + ".pub").returns(false)
-
-        case options.fetch(:passphrase, :indifferently)
-        when :should_be_asked
-          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, false).raises(OpenSSL::PKey::RSAError).at_least_once
-          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, true).returns(key).at_least_once
-        when :should_not_be_asked
-          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, false).raises(OpenSSL::PKey::RSAError).at_least_once
-          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, true).never
-        else # :indifferently
-          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, any_of(true, false)).returns(key).at_least_once
-        end
-
-        # do not override OpenSSL::PKey::EC#public_key
-        # (it will be called in transport/openssl.rb.)
-        unless defined?(OpenSSL::PKey::EC) && key.public_key.kind_of?(OpenSSL::PKey::EC::Point)
-          key.stubs(:public_key).returns(key)
-        end
-      end
-
-      def stub_file_public_key(name, key)
-        manager.add(name)
-        File.stubs(:file?).with(name).returns(true)
-        File.stubs(:readable?).with(name).returns(true)
-        File.stubs(:file?).with(name + ".pub").returns(true)
-        File.stubs(:readable?).with(name + ".pub").returns(true)
-
-        Net::SSH::KeyFactory.expects(:load_public_key).with(name + ".pub").returns(key).at_least_once
-      end
-
-      def rsa(size=512)
-        @rsa ||= OpenSSL::PKey::RSA.new(size)
-      end
-
-      def dsa
-        @dsa ||= OpenSSL::PKey::DSA.new(512)
-      end
-
-      if defined?(OpenSSL::PKey::EC)
-        def ecdsa_sha2_nistp256
-          @ecdsa_sha2_nistp256 ||= OpenSSL::PKey::EC.new("prime256v1").generate_key
-        end
-
-        def ecdsa_sha2_nistp384
-          @ecdsa_sha2_nistp384 ||= OpenSSL::PKey::EC.new("secp384r1").generate_key
-        end
-
-        def ecdsa_sha2_nistp521
-          @ecdsa_sha2_nistp521 ||= OpenSSL::PKey::EC.new("secp521r1").generate_key
-        end
-      end
-
-      def agent
-        @agent ||= stub("agent", :identities => [rsa, dsa])
-      end
-
-      def agent_with_ecdsa_keys
-        @agent ||= stub("agent", :identities => [rsa, dsa,
-                                                 ecdsa_sha2_nistp256,
-                                                 ecdsa_sha2_nistp384,
-                                                 ecdsa_sha2_nistp521])
-      end
-
-      def manager(options = {})
-        @manager ||= Net::SSH::Authentication::KeyManager.new(nil, options)
-      end
-
-  end
-
-end

data/test/authentication/test_session.rb

@@ -1,107 +0,0 @@
-require 'common'
-require 'net/ssh/authentication/session'
-
-module Authentication
-
-  class TestSession < Test::Unit::TestCase
-    include Net::SSH::Transport::Constants
-    include Net::SSH::Authentication::Constants
-
-    def test_constructor_should_set_defaults
-      assert_equal %w(none publickey password keyboard-interactive), session.auth_methods
-      assert_equal session.auth_methods, session.allowed_auth_methods
-    end
-
-    def test_authenticate_should_continue_if_method_disallowed
-      transport.expect do |t, packet|
-        assert_equal SERVICE_REQUEST, packet.type
-        assert_equal "ssh-userauth", packet.read_string
-        t.return(SERVICE_ACCEPT)
-      end
-
-      Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").raises(Net::SSH::Authentication::DisallowedMethod)
-      Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
-      Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-
-      assert session.authenticate("next service", "username", "password")
-    end
-
-    def test_authenticate_should_raise_error_if_service_request_fails
-      transport.expect do |t, packet|
-        assert_equal SERVICE_REQUEST, packet.type
-        assert_equal "ssh-userauth", packet.read_string
-        t.return(255)
-      end
-
-      assert_raises(Net::SSH::Exception) { session.authenticate("next service", "username", "password") }
-    end
-
-    def test_authenticate_should_return_false_if_all_auth_methods_fail
-      transport.expect do |t, packet|
-        assert_equal SERVICE_REQUEST, packet.type
-        assert_equal "ssh-userauth", packet.read_string
-        t.return(SERVICE_ACCEPT)
-      end
-
-      Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-      Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-      Net::SSH::Authentication::Methods::KeyboardInteractive.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-      Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-      
-      assert_equal false, session.authenticate("next service", "username", "password")
-    end
-
-    def test_next_message_should_silently_handle_USERAUTH_BANNER_packets
-      transport.return(USERAUTH_BANNER, :string, "Howdy, folks!")
-      transport.return(SERVICE_ACCEPT)
-      assert_equal SERVICE_ACCEPT, session.next_message.type
-    end
-
-    def test_next_message_should_understand_USERAUTH_FAILURE
-      transport.return(USERAUTH_FAILURE, :string, "a,b,c", :bool, false)
-      packet = session.next_message
-      assert_equal USERAUTH_FAILURE, packet.type
-      assert_equal %w(a b c), session.allowed_auth_methods
-    end
-
-    (60..79).each do |type|
-      define_method("test_next_message_should_return_packets_of_type_#{type}") do
-        transport.return(type)
-        assert_equal type, session.next_message.type
-      end
-    end
-
-    def test_next_message_should_understand_USERAUTH_SUCCESS
-      transport.return(USERAUTH_SUCCESS)
-      assert !transport.hints[:authenticated]
-      assert_equal USERAUTH_SUCCESS, session.next_message.type
-      assert transport.hints[:authenticated]
-    end
-
-    def test_next_message_should_raise_error_on_unrecognized_packet_types
-      transport.return(1)
-      assert_raises(Net::SSH::Exception) { session.next_message }
-    end
-
-    def test_expect_message_should_raise_exception_if_next_packet_is_not_expected_type
-      transport.return(SERVICE_ACCEPT)
-      assert_raises(Net::SSH::Exception) { session.expect_message(USERAUTH_BANNER) }
-    end
-
-    def test_expect_message_should_return_packet_if_next_packet_is_expected_type
-      transport.return(SERVICE_ACCEPT)
-      assert_equal SERVICE_ACCEPT, session.expect_message(SERVICE_ACCEPT).type
-    end
-
-    private
-
-      def session(options={})
-        @session ||= Net::SSH::Authentication::Session.new(transport(options), options)
-      end
-
-      def transport(options={})
-        @transport ||= MockTransport.new(options)
-      end
-  end
-
-end

data/test/common.rb

@@ -1,109 +0,0 @@
-$LOAD_PATH.unshift "#{File.dirname(__FILE__)}/../lib"
-gem "test-unit" # http://rubyforge.org/pipermail/test-unit-tracker/2009-July/000075.html
-gem 'mocha'
-require 'test/unit'
-require 'mocha/setup'
-require 'net/ssh/buffer'
-require 'net/ssh/config'
-require 'net/ssh/loggable'
-require 'net/ssh/packet'
-require 'net/ssh/transport/session'
-require 'ostruct'
-
-# clear the default files out so that tests don't get confused by existing
-# SSH config files.
-$original_config_default_files = Net::SSH::Config.default_files.dup
-Net::SSH::Config.default_files.clear
-
-def P(*args)
-  Net::SSH::Packet.new(Net::SSH::Buffer.from(*args))
-end
-
-class MockTransport < Net::SSH::Transport::Session
-  class BlockVerifier
-    def initialize(block)
-      @block = block
-    end
-
-    def verify(data)
-      @block.call(data)
-    end
-  end
-
-  attr_reader :host_key_verifier
-  attr_accessor :host_as_string
-  attr_accessor :server_version
-
-  attr_reader :client_options
-  attr_reader :server_options
-  attr_reader :hints, :queue
-
-  attr_accessor :mock_enqueue
-
-  def initialize(options={})
-    @options = options
-    self.logger = options[:logger]
-    self.host_as_string = "net.ssh.test,127.0.0.1"
-    self.server_version = OpenStruct.new(:version => "SSH-2.0-Ruby/Net::SSH::Test")
-    @expectation = nil
-    @queue = []
-    @hints = {}
-    @socket = options[:socket]
-    @algorithms = OpenStruct.new(:session_id => "abcxyz123")
-    verifier { |data| true }
-  end
-
-  def send_message(message)
-    buffer = Net::SSH::Buffer.new(message.to_s)
-    if @expectation.nil?
-      raise "got #{message.to_s.inspect} but was not expecting anything"
-    else
-      block, @expectation = @expectation, nil
-      block.call(self, Net::SSH::Packet.new(buffer))
-    end
-  end
-
-  def enqueue_message(message)
-    if mock_enqueue
-      send_message(message)
-    else
-      super
-    end
-  end
-
-  def poll_message
-    @queue.shift
-  end
-
-  def next_message
-    @queue.shift or raise "expected a message from the server but nothing was ready to send"
-  end
-
-  def return(type, *args)
-    @queue << P(:byte, type, *args)
-  end
-
-  def expect(&block)
-    @expectation = block
-  end
-
-  def expect!
-    expect {}
-  end
-
-  def verifier(&block)
-    @host_key_verifier = BlockVerifier.new(block)
-  end
-
-  def configure_client(options)
-    @client_options = options
-  end
-
-  def configure_server(options)
-    @server_options = options
-  end
-
-  def hint(name, value=true)
-    @hints[name] = value
-  end
-end