RubyGems - sonixlabs-net-ssh - Versions diffs - 2.3.0 - Mend

sonixlabs-net-ssh 2.3.0

Files changed (123) hide show

data/CHANGELOG.rdoc +262 -0
data/Manifest +121 -0
data/README.rdoc +184 -0
data/Rakefile +86 -0
data/Rudyfile +96 -0
data/THANKS.rdoc +19 -0
data/lib/net/ssh.rb +223 -0
data/lib/net/ssh/authentication/agent.rb +179 -0
data/lib/net/ssh/authentication/constants.rb +18 -0
data/lib/net/ssh/authentication/key_manager.rb +253 -0
data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
data/lib/net/ssh/authentication/methods/hostbased.rb +75 -0
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +70 -0
data/lib/net/ssh/authentication/methods/password.rb +43 -0
data/lib/net/ssh/authentication/methods/publickey.rb +96 -0
data/lib/net/ssh/authentication/pageant.rb +264 -0
data/lib/net/ssh/authentication/session.rb +146 -0
data/lib/net/ssh/buffer.rb +340 -0
data/lib/net/ssh/buffered_io.rb +198 -0
data/lib/net/ssh/config.rb +207 -0
data/lib/net/ssh/connection/channel.rb +630 -0
data/lib/net/ssh/connection/constants.rb +33 -0
data/lib/net/ssh/connection/session.rb +597 -0
data/lib/net/ssh/connection/term.rb +178 -0
data/lib/net/ssh/errors.rb +88 -0
data/lib/net/ssh/key_factory.rb +102 -0
data/lib/net/ssh/known_hosts.rb +129 -0
data/lib/net/ssh/loggable.rb +61 -0
data/lib/net/ssh/packet.rb +102 -0
data/lib/net/ssh/prompt.rb +93 -0
data/lib/net/ssh/proxy/command.rb +75 -0
data/lib/net/ssh/proxy/errors.rb +14 -0
data/lib/net/ssh/proxy/http.rb +94 -0
data/lib/net/ssh/proxy/socks4.rb +70 -0
data/lib/net/ssh/proxy/socks5.rb +142 -0
data/lib/net/ssh/ruby_compat.rb +43 -0
data/lib/net/ssh/service/forward.rb +298 -0
data/lib/net/ssh/test.rb +89 -0
data/lib/net/ssh/test/channel.rb +129 -0
data/lib/net/ssh/test/extensions.rb +152 -0
data/lib/net/ssh/test/kex.rb +44 -0
data/lib/net/ssh/test/local_packet.rb +51 -0
data/lib/net/ssh/test/packet.rb +81 -0
data/lib/net/ssh/test/remote_packet.rb +38 -0
data/lib/net/ssh/test/script.rb +157 -0
data/lib/net/ssh/test/socket.rb +64 -0
data/lib/net/ssh/transport/algorithms.rb +386 -0
data/lib/net/ssh/transport/cipher_factory.rb +79 -0
data/lib/net/ssh/transport/constants.rb +30 -0
data/lib/net/ssh/transport/hmac.rb +42 -0
data/lib/net/ssh/transport/hmac/abstract.rb +79 -0
data/lib/net/ssh/transport/hmac/md5.rb +12 -0
data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
data/lib/net/ssh/transport/hmac/none.rb +15 -0
data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
data/lib/net/ssh/transport/hmac/sha2_256.rb +15 -0
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +13 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +14 -0
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +13 -0
data/lib/net/ssh/transport/identity_cipher.rb +55 -0
data/lib/net/ssh/transport/kex.rb +17 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +80 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +15 -0
data/lib/net/ssh/transport/key_expander.rb +26 -0
data/lib/net/ssh/transport/openssl.rb +127 -0
data/lib/net/ssh/transport/packet_stream.rb +235 -0
data/lib/net/ssh/transport/server_version.rb +71 -0
data/lib/net/ssh/transport/session.rb +278 -0
data/lib/net/ssh/transport/state.rb +206 -0
data/lib/net/ssh/verifiers/lenient.rb +30 -0
data/lib/net/ssh/verifiers/null.rb +12 -0
data/lib/net/ssh/verifiers/strict.rb +53 -0
data/lib/net/ssh/version.rb +62 -0
data/lib/sonixlabs-net-ssh.rb +1 -0
data/net-ssh.gemspec +145 -0
data/setup.rb +1585 -0
data/support/arcfour_check.rb +20 -0
data/support/ssh_tunnel_bug.rb +65 -0
data/test/authentication/methods/common.rb +28 -0
data/test/authentication/methods/test_abstract.rb +51 -0
data/test/authentication/methods/test_hostbased.rb +114 -0
data/test/authentication/methods/test_keyboard_interactive.rb +100 -0
data/test/authentication/methods/test_password.rb +52 -0
data/test/authentication/methods/test_publickey.rb +148 -0
data/test/authentication/test_agent.rb +205 -0
data/test/authentication/test_key_manager.rb +171 -0
data/test/authentication/test_session.rb +106 -0
data/test/common.rb +107 -0
data/test/configs/eqsign +3 -0
data/test/configs/exact_match +8 -0
data/test/configs/host_plus +10 -0
data/test/configs/multihost +4 -0
data/test/configs/wild_cards +14 -0
data/test/connection/test_channel.rb +467 -0
data/test/connection/test_session.rb +488 -0
data/test/test_all.rb +9 -0
data/test/test_buffer.rb +336 -0
data/test/test_buffered_io.rb +63 -0
data/test/test_config.rb +120 -0
data/test/test_key_factory.rb +79 -0
data/test/transport/hmac/test_md5.rb +39 -0
data/test/transport/hmac/test_md5_96.rb +25 -0
data/test/transport/hmac/test_none.rb +34 -0
data/test/transport/hmac/test_sha1.rb +34 -0
data/test/transport/hmac/test_sha1_96.rb +25 -0
data/test/transport/hmac/test_sha2_256.rb +35 -0
data/test/transport/hmac/test_sha2_256_96.rb +25 -0
data/test/transport/hmac/test_sha2_512.rb +35 -0
data/test/transport/hmac/test_sha2_512_96.rb +25 -0
data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +33 -0
data/test/transport/test_algorithms.rb +308 -0
data/test/transport/test_cipher_factory.rb +213 -0
data/test/transport/test_hmac.rb +34 -0
data/test/transport/test_identity_cipher.rb +40 -0
data/test/transport/test_packet_stream.rb +736 -0
data/test/transport/test_server_version.rb +78 -0
data/test/transport/test_session.rb +315 -0
data/test/transport/test_state.rb +179 -0
metadata +178 -0

data/support/arcfour_check.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'net/ssh'
+# ARCFOUR CHECK
+#
+# Usage:
+#     $ ruby support/arcfour_check.rb
+#
+# Expected Output:
+#     arcfour128: [16, 8] OpenSSL::Cipher::Cipher
+#     arcfour256: [32, 8] OpenSSL::Cipher::Cipher
+#     arcfour512: [64, 8] OpenSSL::Cipher::Cipher
+[['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
+  print "#{cipher[0]}: "
+  a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
+  b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
+  puts "#{a} #{b.class}"
+end

data/support/ssh_tunnel_bug.rb ADDED Viewed

@@ -0,0 +1,65 @@
+#!/usr/bin/ruby
+# SSH TUNNEL CONNECTION BUG
+# from: http://net-ssh.lighthouseapp.com/projects/36253/tickets/7-an-existing-connection-was-forcibly-closed-by-the-remote-host#ticket-7-3
+#
+# Steps to reproduce:
+#
+# * Start HTTP Proxy
+#   * If running debian in EC2:
+#     * apt-get install squid
+#     * Add the following to /etc/squid/squid.conf:
+#       acl localnet src 1.2.3.0/255.255.255.0
+#       http_access allow  localnet
+#       icp_access  allow  localnet
+#       visible_hostname netsshtest
+#     * Start squid squid -N -d 1 -D
+# * Run this script
+# * Configure browser proxy to use localhost with LOCAL_PORT.
+# * Load any page, wait for it to load fully. If the page loads
+#   correctly, move on. If not, something needs to be corrected.
+# * Refresh the page several times. This should cause this
+#   script to failed with the error: "closed stream". You may
+#   need to try a few times.
+#
+require 'highline/import'
+require 'net/ssh'
+LOCAL_PORT = 8080
+PROXY_PORT = 3128
+host, user = *ARGV
+abort "Usage: #{$0} host user" unless ARGV.size == 2
+puts "Connecting to #{user}@#{host}..."
+pass = ask("Password: ") { |q| q.echo = "*" }
+puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
+begin
+  session = Net::SSH.start(host, user, :password => pass)
+  session.forward.local(LOCAL_PORT, host, PROXY_PORT)
+  session.loop{true}
+rescue => e
+  puts e.message
+  puts e.backtrace
+end
+__END__
+$ ruby support/ssh_tunnel.rb host user
+Connecting to user@host...
+Password: ******
+Configure your browser proxy to localhost:8080
+closed stream
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/buffered_io.rb:99:in `send'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/buffered_io.rb:99:in `send_pending'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:236:in `block in postprocess'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:235:in `each'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:235:in `postprocess'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:203:in `process'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `block in loop'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `loop'
+/usr/local/lib/ruby/gems/1.9.1/gems/net-ssh-2.0.15/lib/net/ssh/connection/session.rb:161:in `loop'

data/test/authentication/methods/common.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Authentication; module Methods
+  module Common
+    include Net::SSH::Authentication::Constants
+    private
+      def socket(options={})
+        @socket ||= stub("socket", :client_name => "me.ssh.test")
+      end
+      def transport(options={})
+        @transport ||= MockTransport.new(options.merge(:socket => socket))
+      end
+      def session(options={})
+        @session ||= begin
+          sess = stub("auth-session", :logger => nil, :transport => transport(options))
+          def sess.next_message
+            transport.next_message
+          end
+          sess
+        end
+      end
+  end
+end; end

data/test/authentication/methods/test_abstract.rb ADDED Viewed

@@ -0,0 +1,51 @@
+require 'common'
+require 'authentication/methods/common'
+require 'net/ssh/authentication/methods/abstract'
+module Authentication; module Methods
+  class TestAbstract < Test::Unit::TestCase
+    include Common
+    def test_constructor_should_set_defaults
+      assert_nil subject.key_manager
+    end
+    def test_constructor_should_honor_options
+      assert_equal :manager, subject(:key_manager => :manager).key_manager
+    end
+    def test_session_id_should_query_session_id_from_key_exchange
+      transport.stubs(:algorithms).returns(stub("algorithms", :session_id => "abcxyz123"))
+      assert_equal "abcxyz123", subject.session_id
+    end
+    def test_send_message_should_delegate_to_transport
+      transport.expects(:send_message).with("abcxyz123")
+      subject.send_message("abcxyz123")
+    end
+    def test_userauth_request_should_build_well_formed_userauth_packet
+      packet = subject.userauth_request("jamis", "ssh-connection", "password")
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password", packet.to_s
+    end
+    def test_userauth_request_should_translate_extra_booleans_onto_end
+      packet = subject.userauth_request("jamis", "ssh-connection", "password", true, false)
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\1\0", packet.to_s
+    end
+    def test_userauth_request_should_translate_extra_strings_onto_end
+      packet = subject.userauth_request("jamis", "ssh-connection", "password", "foo", "bar")
+      assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\0\0\0\3foo\0\0\0\3bar", packet.to_s
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::Abstract.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_hostbased.rb ADDED Viewed

@@ -0,0 +1,114 @@
+require 'common'
+require 'net/ssh/authentication/methods/hostbased'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestHostbased < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_return_false_when_no_key_manager_has_been_set
+      assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_when_key_manager_has_no_keys
+      assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_if_no_keys_can_authenticate
+      ENV.stubs(:[]).with('USER').returns(nil)
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first)
+        assert_equal "sig-one", packet.read_string
+        t.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        t.expect do |t2, packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.last)
+          assert_equal "sig-two", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_true_if_any_key_can_authenticate
+      ENV.stubs(:[]).with('USER').returns(nil)
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first)
+        assert_equal "sig-one", packet.read_string
+        t.return(USERAUTH_SUCCESS)
+      end
+      assert subject.authenticate("ssh-connection", "jamis")
+    end
+    private
+      def signature_parameters(key)
+        Proc.new do |given_key, data|
+          next false unless given_key.to_blob == key.to_blob
+          buffer = Net::SSH::Buffer.new(data)
+          buffer.read_string == "abcxyz123"      && # session-id
+          buffer.read_byte   == USERAUTH_REQUEST && # type
+          verify_userauth_request_packet(buffer, key)
+        end
+      end
+      def verify_userauth_request_packet(packet, key)
+        packet.read_string == "jamis"          && # user-name
+        packet.read_string == "ssh-connection" && # next service
+        packet.read_string == "hostbased"      && # auth-method
+        packet.read_string == key.ssh_type     && # key type
+        packet.read_buffer.read_key.to_blob == key.to_blob && # key
+        packet.read_string == "me.ssh.test."   && # client hostname
+        packet.read_string == "jamis"             # client username
+      end
+      @@keys = nil
+      def keys
+        @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
+      end
+      def key_manager(options={})
+        @key_manager ||= begin
+          manager = stub("key_manager")
+          manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
+          manager
+        end
+      end
+      def subject(options={})
+        options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
+        @subject ||= Net::SSH::Authentication::Methods::Hostbased.new(session(options), options)
+      end
+      def socket(options={})
+        @socket ||= stub("socket", :client_name => "me.ssh.test")
+      end
+      def transport(options={})
+        @transport ||= MockTransport.new(options.merge(:socket => socket))
+      end
+      def session(options={})
+        @session ||= begin
+          sess = stub("auth-session", :logger => nil, :transport => transport(options))
+          def sess.next_message
+            transport.next_message
+          end
+          sess
+        end
+      end
+  end
+end; end

data/test/authentication/methods/test_keyboard_interactive.rb ADDED Viewed

@@ -0,0 +1,100 @@
+require 'common'
+require 'net/ssh/authentication/methods/keyboard_interactive'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestKeyboardInteractive < Test::Unit::TestCase
+    include Common
+    USERAUTH_INFO_REQUEST  = 60
+    USERAUTH_INFO_RESPONSE = 61
+    def test_authenticate_should_raise_if_keyboard_interactive_disallowed
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "jamis", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "keyboard-interactive", packet.read_string
+        assert_equal "", packet.read_string # language tags
+        assert_equal "", packet.read_string # submethods
+        t.return(USERAUTH_FAILURE, :string, "password")
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
+    end
+    def test_authenticate_should_be_false_if_given_password_is_not_accepted
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 1, packet2.read_long
+          assert_equal "the-password", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "keyboard-interactive")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_be_true_if_given_password_is_accepted
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_duplicate_password_as_needed_to_fill_request
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Password:", :bool, false, :string, "Again:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 2, packet2.read_long
+          assert_equal "the-password", packet2.read_string
+          assert_equal "the-password", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_prompt_for_input_when_password_is_not_given
+      subject.expects(:prompt).with("Name:", true).returns("name")
+      subject.expects(:prompt).with("Password:", false).returns("password")
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_INFO_RESPONSE, packet2.type
+          assert_equal 2, packet2.read_long
+          assert_equal "name", packet2.read_string
+          assert_equal "password", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis", nil)
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::KeyboardInteractive.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_password.rb ADDED Viewed

@@ -0,0 +1,52 @@
+require 'common'
+require 'net/ssh/authentication/methods/password'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestPassword < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_raise_if_password_disallowed
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "jamis", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "password", packet.read_string
+        assert_equal false, packet.read_bool
+        assert_equal "the-password", packet.read_string
+        t.return(USERAUTH_FAILURE, :string, "publickey")
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis", "the-password")
+      end
+    end
+    def test_authenticate_when_password_is_acceptible_should_return_true
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_SUCCESS)
+      end
+      assert subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    def test_authenticate_should_return_false_if_password_change_request_is_received
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        t.return(USERAUTH_PASSWD_CHANGEREQ, :string, "Change your password:", :string, "")
+      end
+      assert !subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+    private
+      def subject(options={})
+        @subject ||= Net::SSH::Authentication::Methods::Password.new(session(options), options)
+      end
+  end
+end; end

data/test/authentication/methods/test_publickey.rb ADDED Viewed

@@ -0,0 +1,148 @@
+require 'common'
+require 'net/ssh/authentication/methods/publickey'
+require 'authentication/methods/common'
+module Authentication; module Methods
+  class TestPublickey < Test::Unit::TestCase
+    include Common
+    def test_authenticate_should_return_false_when_no_key_manager_has_been_set
+      assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_when_key_manager_has_no_keys
+      assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_false_if_no_keys_can_authenticate
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        t.expect do |t2, packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.last, false)
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_equal false, subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_raise_if_publickey_disallowed
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
+    end
+    def test_authenticate_should_return_false_if_signature_exchange_fails
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "publickey")
+          t2.expect do |t3, packet3|
+            assert_equal USERAUTH_REQUEST, packet3.type
+            assert verify_userauth_request_packet(packet3, keys.last, false)
+            t3.return(USERAUTH_PK_OK, :string, keys.last.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.last))
+            t3.expect do |t4,packet4|
+              assert_equal USERAUTH_REQUEST, packet4.type
+              assert verify_userauth_request_packet(packet4, keys.last, true)
+              assert_equal "sig-two", packet4.read_string
+              t4.return(USERAUTH_FAILURE, :string, "publickey")
+            end
+          end
+        end
+      end
+      assert !subject.authenticate("ssh-connection", "jamis")
+    end
+    def test_authenticate_should_return_true_if_any_key_can_authenticate
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_SUCCESS)
+        end
+      end
+      assert subject.authenticate("ssh-connection", "jamis")
+    end
+    private
+      def signature_parameters(key)
+        Proc.new do |given_key, data|
+          next false unless given_key.to_blob == key.to_blob
+          buffer = Net::SSH::Buffer.new(data)
+          buffer.read_string == "abcxyz123"      && # session-id
+          buffer.read_byte   == USERAUTH_REQUEST && # type
+          verify_userauth_request_packet(buffer, key, true)
+        end
+      end
+      def verify_userauth_request_packet(packet, key, has_sig)
+        packet.read_string == "jamis"          && # user-name
+        packet.read_string == "ssh-connection" && # next service
+        packet.read_string == "publickey"      && # auth-method
+        packet.read_bool   == has_sig          && # whether a signature is appended
+        packet.read_string == key.ssh_type     && # ssh key type
+        packet.read_buffer.read_key.to_blob == key.to_blob # key
+      end
+      @@keys = nil
+      def keys
+        @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
+      end
+      def key_manager(options={})
+        @key_manager ||= begin
+          manager = stub("key_manager")
+          manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
+          manager
+        end
+      end
+      def subject(options={})
+        options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
+        @subject ||= Net::SSH::Authentication::Methods::Publickey.new(session(options), options)
+      end
+  end
+end; end