RubyGems - sonixlabs-net-ssh - Versions diffs - 2.3.0 - Mend

sonixlabs-net-ssh 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

data/CHANGELOG.rdoc +262 -0
data/Manifest +121 -0
data/README.rdoc +184 -0
data/Rakefile +86 -0
data/Rudyfile +96 -0
data/THANKS.rdoc +19 -0
data/lib/net/ssh.rb +223 -0
data/lib/net/ssh/authentication/agent.rb +179 -0
data/lib/net/ssh/authentication/constants.rb +18 -0
data/lib/net/ssh/authentication/key_manager.rb +253 -0
data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
data/lib/net/ssh/authentication/methods/hostbased.rb +75 -0
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +70 -0
data/lib/net/ssh/authentication/methods/password.rb +43 -0
data/lib/net/ssh/authentication/methods/publickey.rb +96 -0
data/lib/net/ssh/authentication/pageant.rb +264 -0
data/lib/net/ssh/authentication/session.rb +146 -0
data/lib/net/ssh/buffer.rb +340 -0
data/lib/net/ssh/buffered_io.rb +198 -0
data/lib/net/ssh/config.rb +207 -0
data/lib/net/ssh/connection/channel.rb +630 -0
data/lib/net/ssh/connection/constants.rb +33 -0
data/lib/net/ssh/connection/session.rb +597 -0
data/lib/net/ssh/connection/term.rb +178 -0
data/lib/net/ssh/errors.rb +88 -0
data/lib/net/ssh/key_factory.rb +102 -0
data/lib/net/ssh/known_hosts.rb +129 -0
data/lib/net/ssh/loggable.rb +61 -0
data/lib/net/ssh/packet.rb +102 -0
data/lib/net/ssh/prompt.rb +93 -0
data/lib/net/ssh/proxy/command.rb +75 -0
data/lib/net/ssh/proxy/errors.rb +14 -0
data/lib/net/ssh/proxy/http.rb +94 -0
data/lib/net/ssh/proxy/socks4.rb +70 -0
data/lib/net/ssh/proxy/socks5.rb +142 -0
data/lib/net/ssh/ruby_compat.rb +43 -0
data/lib/net/ssh/service/forward.rb +298 -0
data/lib/net/ssh/test.rb +89 -0
data/lib/net/ssh/test/channel.rb +129 -0
data/lib/net/ssh/test/extensions.rb +152 -0
data/lib/net/ssh/test/kex.rb +44 -0
data/lib/net/ssh/test/local_packet.rb +51 -0
data/lib/net/ssh/test/packet.rb +81 -0
data/lib/net/ssh/test/remote_packet.rb +38 -0
data/lib/net/ssh/test/script.rb +157 -0
data/lib/net/ssh/test/socket.rb +64 -0
data/lib/net/ssh/transport/algorithms.rb +386 -0
data/lib/net/ssh/transport/cipher_factory.rb +79 -0
data/lib/net/ssh/transport/constants.rb +30 -0
data/lib/net/ssh/transport/hmac.rb +42 -0
data/lib/net/ssh/transport/hmac/abstract.rb +79 -0
data/lib/net/ssh/transport/hmac/md5.rb +12 -0
data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
data/lib/net/ssh/transport/hmac/none.rb +15 -0
data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
data/lib/net/ssh/transport/hmac/sha2_256.rb +15 -0
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +13 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +14 -0
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +13 -0
data/lib/net/ssh/transport/identity_cipher.rb +55 -0
data/lib/net/ssh/transport/kex.rb +17 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +80 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +15 -0
data/lib/net/ssh/transport/key_expander.rb +26 -0
data/lib/net/ssh/transport/openssl.rb +127 -0
data/lib/net/ssh/transport/packet_stream.rb +235 -0
data/lib/net/ssh/transport/server_version.rb +71 -0
data/lib/net/ssh/transport/session.rb +278 -0
data/lib/net/ssh/transport/state.rb +206 -0
data/lib/net/ssh/verifiers/lenient.rb +30 -0
data/lib/net/ssh/verifiers/null.rb +12 -0
data/lib/net/ssh/verifiers/strict.rb +53 -0
data/lib/net/ssh/version.rb +62 -0
data/lib/sonixlabs-net-ssh.rb +1 -0
data/net-ssh.gemspec +145 -0
data/setup.rb +1585 -0
data/support/arcfour_check.rb +20 -0
data/support/ssh_tunnel_bug.rb +65 -0
data/test/authentication/methods/common.rb +28 -0
data/test/authentication/methods/test_abstract.rb +51 -0
data/test/authentication/methods/test_hostbased.rb +114 -0
data/test/authentication/methods/test_keyboard_interactive.rb +100 -0
data/test/authentication/methods/test_password.rb +52 -0
data/test/authentication/methods/test_publickey.rb +148 -0
data/test/authentication/test_agent.rb +205 -0
data/test/authentication/test_key_manager.rb +171 -0
data/test/authentication/test_session.rb +106 -0
data/test/common.rb +107 -0
data/test/configs/eqsign +3 -0
data/test/configs/exact_match +8 -0
data/test/configs/host_plus +10 -0
data/test/configs/multihost +4 -0
data/test/configs/wild_cards +14 -0
data/test/connection/test_channel.rb +467 -0
data/test/connection/test_session.rb +488 -0
data/test/test_all.rb +9 -0
data/test/test_buffer.rb +336 -0
data/test/test_buffered_io.rb +63 -0
data/test/test_config.rb +120 -0
data/test/test_key_factory.rb +79 -0
data/test/transport/hmac/test_md5.rb +39 -0
data/test/transport/hmac/test_md5_96.rb +25 -0
data/test/transport/hmac/test_none.rb +34 -0
data/test/transport/hmac/test_sha1.rb +34 -0
data/test/transport/hmac/test_sha1_96.rb +25 -0
data/test/transport/hmac/test_sha2_256.rb +35 -0
data/test/transport/hmac/test_sha2_256_96.rb +25 -0
data/test/transport/hmac/test_sha2_512.rb +35 -0
data/test/transport/hmac/test_sha2_512_96.rb +25 -0
data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +33 -0
data/test/transport/test_algorithms.rb +308 -0
data/test/transport/test_cipher_factory.rb +213 -0
data/test/transport/test_hmac.rb +34 -0
data/test/transport/test_identity_cipher.rb +40 -0
data/test/transport/test_packet_stream.rb +736 -0
data/test/transport/test_server_version.rb +78 -0
data/test/transport/test_session.rb +315 -0
data/test/transport/test_state.rb +179 -0
metadata +178 -0

data/support/arcfour_check.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'net/ssh'
+# ARCFOUR CHECK
+#
+# Usage:
+#     $ ruby support/arcfour_check.rb
+#
+# Expected Output:
+#     arcfour128: [16, 8] OpenSSL::Cipher::Cipher
+#     arcfour256: [32, 8] OpenSSL::Cipher::Cipher
+#     arcfour512: [64, 8] OpenSSL::Cipher::Cipher
+[['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
+  print "#{cipher[0]}: "
+  a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
+  b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
+  puts "#{a} #{b.class}"
+end

data/support/ssh_tunnel_bug.rb ADDED Viewed

@@ -0,0 +1,65 @@
+#!/usr/bin/ruby
+# SSH TUNNEL CONNECTION BUG
+# from: http://net-ssh.lighthouseapp.com/projects/36253/tickets/7-an-existing-connection-was-forcibly-closed-by-the-remote-host#ticket-7-3
+#
+# Steps to reproduce:
+#
+# * Start HTTP Proxy
+#   * If running debian in EC2:
+#     * apt-get install squid
+#     * Add the following to /etc/squid/squid.conf:
+#       acl localnet src 1.2.3.0/255.255.255.0
+#       http_access allow  localnet
+#       icp_access  allow  localnet
+#       visible_hostname netsshtest
+#     * Start squid squid -N -d 1 -D
+# * Run this script
+# * Configure browser proxy to use localhost with LOCAL_PORT.
+# * Load any page, wait for it to load fully. If the page loads
+#   correctly, move on. If not, something needs to be corrected.
+# * Refresh the page several times. This should cause this
+#   script to failed with the error: "closed stream". You may
+#   need to try a few times.
+#
+require 'highline/import'
+require 'net/ssh'
+LOCAL_PORT = 8080
+PROXY_PORT = 3128
+host, user = *ARGV
+abort "Usage: #{$0} host user" unless ARGV.size == 2
+puts "Connecting to #{user}@#{host}..."
+pass = ask("Password: ") { |q| q.echo = "*" }
+puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
+begin
+  session = Net::SSH.start(host, user, :password => pass)
+  session.forward.local(LOCAL_PORT, host, PROXY_PORT)
+  session.loop{true}
+rescue => e
+  puts e.message
+  puts e.backtrace
+end
+__END__
+$ ruby support/ssh_tunnel.rb host user
+Connecting to user@host...
+Password: ******
+Configure your browser proxy to localhost:8080
+closed stream
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/buffered_io.rb:99:in `send'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/buffered_io.rb:99:in `send_pending'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:236:in `block in postprocess'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:235:in `each'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:235:in `postprocess'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:203:in `process'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `block in loop'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `loop'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `loop'

data/test/authentication/methods/common.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Authentication; module Methods
+  module Common
+    include Net::SSH::Authentication::Constants
+    private
+      def socket(options={})
+        @socket ||= stub("socket", :client_name => "me.ssh.test")
+      end
+      def transport(options={})
+        @transport ||= MockTransport.new(options.merge(:socket => socket))
+      end
+      def session(options={})
+        @session ||= begin
+          sess = stub("auth-session", :logger => nil, :transport => transport(options))
+          def sess.next_message
+            transport.next_message
+          end
+          sess
+        end
+      end
+  end
+end; end

data/test/authentication/methods/test_abstract.rb ADDED Viewed

@@ -0,0 +1,51 @@
+require 'common'
+require 'authentication/methods/common'
+require 'net/ssh/authentication/methods/abstract'
+module Authentication; module Methods
+  class TestAbstract < Test::Unit::TestCase
+    include Common
+    def test_constructor_should_set_defaults
+      assert_nil subject.key_manager
+    end
+    def test_constructor_should_honor_options
+      assert_equal :manager, subject(:key_manager => :manager).key_manager
+    end
+    def test_session_id_should_query_session_id_from_key_exchange
+      transport.stubs(:algorithms).returns(stub("algorithms", :session_id => "abcxyz123"))
+      assert_equal "abcxyz123", subject.session_id
+    end
+    def test_send_message_should_delegate_to_transport
+      transport.expects(:send_message).with("abcxyz123")
+      subject.send_message("abcxyz123")
+    end
+    def test_userauth_request_should_build_well_formed_userauth_packet
+      packet = subject.userauth_request("jamis", "ssh-connection", "password")
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password", packet.to_s
+    end
+    def test_userauth_request_should_translate_extra_booleans_onto_end
+      packet = subject.userauth_request("jamis", "ssh-connection", "password", true, false)
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\1\0", packet.to_s
+    end
+    def test_userauth_request_should_translate_extra_strings_onto_end
+      packet = subject.userauth_request("jamis", "ssh-connection", "password", "foo", "bar")
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\0\0\0\3foo\0\0\0\3bar", packet.to_s
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::Abstract.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_hostbased.rb ADDED Viewed

@@ -0,0 +1,114 @@
+require 'common'
+require 'net/ssh/authentication/methods/hostbased'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestHostbased < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_return_false_when_no_key_manager_has_been_set
+      assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_when_key_manager_has_no_keys
+      assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_if_no_keys_can_authenticate
+      ENV.stubs(:[]).with('USER').returns(nil)
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first)
+        assert_equal "sig-one", packet.read_string
+        t.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        t.expect do |t2, packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.last)
+          assert_equal "sig-two", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_true_if_any_key_can_authenticate
+      ENV.stubs(:[]).with('USER').returns(nil)
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first)
+        assert_equal "sig-one", packet.read_string
+        t.return(USERAUTH_SUCCESS)
+      end
+      assert subject.authenticate("ssh-connection", "jamis")
+    end
+    private
+      def signature_parameters(key)
+        Proc.new do |given_key, data|
+          next false unless given_key.to_blob == key.to_blob
+          buffer = Net::SSH::Buffer.new(data)
+          buffer.read_string == "abcxyz123"      && # session-id
+          buffer.read_byte   == USERAUTH_REQUEST && # type
+          verify_userauth_request_packet(buffer, key)
+        end
+      end
+      def verify_userauth_request_packet(packet, key)
+        packet.read_string == "jamis"          && # user-name
+        packet.read_string == "ssh-connection" && # next service
+        packet.read_string == "hostbased"      && # auth-method
+        packet.read_string == key.ssh_type     && # key type
+        packet.read_buffer.read_key.to_blob == key.to_blob && # key
+        packet.read_string == "me.ssh.test."   && # client hostname
+        packet.read_string == "jamis"             # client username
+      end
+      @@keys = nil
+      def keys
+        @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
+      end
+      def key_manager(options={})
+        @key_manager ||= begin
+          manager = stub("key_manager")
+          manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
+          manager
+        end
+      end
+      def subject(options={})
+        options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
+        @subject ||= Net::SSH::Authentication::Methods::Hostbased.new(session(options), options)
+      end
+      def socket(options={})
+        @socket ||= stub("socket", :client_name => "me.ssh.test")
+      end
+      def transport(options={})
+        @transport ||= MockTransport.new(options.merge(:socket => socket))
+      end
+      def session(options={})
+        @session ||= begin
+          sess = stub("auth-session", :logger => nil, :transport => transport(options))
+          def sess.next_message
+            transport.next_message
+          end
+          sess
+        end
+      end
+  end
+end; end

data/test/authentication/methods/test_keyboard_interactive.rb ADDED Viewed

@@ -0,0 +1,100 @@
+require 'common'
+require 'net/ssh/authentication/methods/keyboard_interactive'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestKeyboardInteractive < Test::Unit::TestCase
+    include Common
+    USERAUTH_INFO_REQUEST  = 60
+    USERAUTH_INFO_RESPONSE = 61
+    def test_authenticate_should_raise_if_keyboard_interactive_disallowed
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "jamis", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "keyboard-interactive", packet.read_string
+        assert_equal "", packet.read_string # language tags
+        assert_equal "", packet.read_string # submethods
+        t.return(USERAUTH_FAILURE, :string, "password")
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
+    end
+    def test_authenticate_should_be_false_if_given_password_is_not_accepted
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 1, packet2.read_long
+          assert_equal "the-password", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "keyboard-interactive")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_be_true_if_given_password_is_accepted
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_duplicate_password_as_needed_to_fill_request
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Password:", :bool, false, :string, "Again:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 2, packet2.read_long
+          assert_equal "the-password", packet2.read_string
+          assert_equal "the-password", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_prompt_for_input_when_password_is_not_given
+      subject.expects(:prompt).with("Name:", true).returns("name")
+      subject.expects(:prompt).with("Password:", false).returns("password")
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 2, packet2.read_long
+          assert_equal "name", packet2.read_string
+          assert_equal "password", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", nil)
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::KeyboardInteractive.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_password.rb ADDED Viewed

@@ -0,0 +1,52 @@
+require 'common'
+require 'net/ssh/authentication/methods/password'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestPassword < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_raise_if_password_disallowed
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "jamis", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "password", packet.read_string
+        assert_equal false, packet.read_bool
+        assert_equal "the-password", packet.read_string
+        t.return(USERAUTH_FAILURE, :string, "publickey")
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis", "the-password")
+      end
+    end
+    def test_authenticate_when_password_is_acceptible_should_return_true
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_SUCCESS)
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_return_false_if_password_change_request_is_received
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_PASSWD_CHANGEREQ, :string, "Change your password:", :string, "")
+      end
+      assert !subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::Password.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_publickey.rb ADDED Viewed

@@ -0,0 +1,148 @@
+require 'common'
+require 'net/ssh/authentication/methods/publickey'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestPublickey < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_return_false_when_no_key_manager_has_been_set
+      assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_when_key_manager_has_no_keys
+      assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_if_no_keys_can_authenticate
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        t.expect do |t2, packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.last, false)
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_raise_if_publickey_disallowed
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
+    end
+    def test_authenticate_should_return_false_if_signature_exchange_fails
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "publickey")
+          t2.expect do |t3, packet3|
+            assert_equal USERAUTH_REQUEST, packet3.type
+            assert verify_userauth_request_packet(packet3, keys.last, false)
+            t3.return(USERAUTH_PK_OK, :string, keys.last.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.last))
+            t3.expect do |t4,packet4|
+              assert_equal USERAUTH_REQUEST, packet4.type
+              assert verify_userauth_request_packet(packet4, keys.last, true)
+              assert_equal "sig-two", packet4.read_string
+              t4.return(USERAUTH_FAILURE, :string, "publickey")
+            end
+          end
+        end
+      end
+      assert !subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_true_if_any_key_can_authenticate
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis")
+    end
+    private
+      def signature_parameters(key)
+        Proc.new do |given_key, data|
+          next false unless given_key.to_blob == key.to_blob
+          buffer = Net::SSH::Buffer.new(data)
+          buffer.read_string == "abcxyz123"      && # session-id
+          buffer.read_byte   == USERAUTH_REQUEST && # type
+          verify_userauth_request_packet(buffer, key, true)
+        end
+      end
+      def verify_userauth_request_packet(packet, key, has_sig)
+        packet.read_string == "jamis"          && # user-name
+        packet.read_string == "ssh-connection" && # next service
+        packet.read_string == "publickey"      && # auth-method
+        packet.read_bool   == has_sig          && # whether a signature is appended
+        packet.read_string == key.ssh_type     && # ssh key type
+        packet.read_buffer.read_key.to_blob == key.to_blob # key
+      end
+      @@keys = nil
+      def keys
+        @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
+      end
+      def key_manager(options={})
+        @key_manager ||= begin
+          manager = stub("key_manager")
+          manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
+          manager
+        end
+      end
+      def subject(options={})
+        options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
+        @subject ||= Net::SSH::Authentication::Methods::Publickey.new(session(options), options)
+      end
+  end
+end; end