This is an automated email from the ASF dual-hosted git repository. lgoldstein pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 44e390316e97db16078c5ad25181dd8b2b908830 Author: Lyor Goldstein <[email protected]> AuthorDate: Fri Jul 31 19:11:05 2020 +0300 [SSHD-1004] Deprecate SHA-1 based key exchanges from default setup --- CHANGES.md | 1 + README.md | 1 + .../sshd/client/config/hosts/HostConfigEntry.java | 3 +- .../java/org/apache/sshd/common/BaseBuilder.java | 5 +-- .../org/apache/sshd/DefaultSetupTestSupport.java | 43 +++++++++++++++++++--- .../java/org/apache/sshd/KeyReExchangeTest.java | 2 +- .../java/org/apache/sshd/client/kex/KexTest.java | 4 +- .../org/apache/sshd/common/SshBuilderTest.java | 9 ----- .../org/apache/sshd/common/cipher/CipherTest.java | 2 +- .../sshd/common/compression/CompressionTest.java | 2 +- .../common/forward/ApacheServerJSchClientTest.java | 3 +- .../common/forward/PortForwardingLoadTest.java | 2 +- .../sshd/common/forward/PortForwardingTest.java | 2 +- .../sshd/common/mac/MacCompatibilityTest.java | 2 +- .../sshd/server/auth/AsyncAuthInteractiveTest.java | 7 ++++ .../org/apache/sshd/server/auth/AsyncAuthTest.java | 7 ++++ .../apache/sshd/server/auth/AsyncAuthTestBase.java | 5 ++- .../org/apache/sshd/spring/SpringConfigTest.java | 3 +- .../org/apache/sshd/util/test/BaseTestSupport.java | 8 ++++ .../sshd/util/test/CoreTestSupportUtils.java | 27 ++++++++++++++ .../java/org/apache/sshd/scp/client/ScpTest.java | 4 +- .../sftp/client/AbstractSftpClientTestSupport.java | 2 +- .../ApacheSshdSftpSessionFactoryTest.java | 4 +- 23 files changed, 111 insertions(+), 37 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c2a876d..18b1509 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -14,6 +14,7 @@ * [SSHD-506](https://issues.apache.org/jira/browse/SSHD-506) Added support for AES-GCM ciphers. * [SSHD-1004](https://issues.apache.org/jira/browse/SSHD-1004) Deprecate DES, RC4 and Blowfish ciphers from default setup. +* [SSHD-1004](https://issues.apache.org/jira/browse/SSHD-1004) Deprecate SHA-1 based key exchanges and signatures. * [SSHD-1034](https://issues.apache.org/jira/browse/SSHD-1034) Rename `org.apache.sshd.common.ForwardingFilter` to `Forwarder`. * [SSHD-1035](https://issues.apache.org/jira/browse/SSHD-1035) Move property definitions to common locations. * [SSHD-1038](https://issues.apache.org/jira/browse/SSHD-1038) Refactor packages from a module into a cleaner hierarchy. diff --git a/README.md b/README.md index e43adce..2369fb7 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ the unsafe settings must do so **explicitly**. The following settings have been * [RFC 8429 - Deprecate Triple-DES (3DES) and RC4 in Kerberos](https://tools.ietf.org/html/rfc8429) * While it refers to Kerberos, it mentions weaknesses in DES as well. * [OpenSSH release notes](https://www.openssh.com/releasenotes.html) - usually a good indicator of de-facto practices +* SHA-1 based key exchanges and signatures # [Release notes](./CHANGES.md) diff --git a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java index 26f839b..3ae8828 100644 --- a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java +++ b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java @@ -62,7 +62,7 @@ import org.apache.sshd.common.util.io.NoCloseReader; /** * Represents an entry in the client's configuration file as defined by the * <A HREF="https://linux.die.net/man/5/ssh_config";>ssh_config</A> configuration file format - * + * * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> * @see <A HREF="https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/";>OpenSSH Config File * Examples</A> @@ -717,6 +717,7 @@ public class HostConfigEntry extends HostPatternsHolder implements MutableUserHo * @param host The original host name / address * @param port The original port * @param username The original user name + * @param proxyJump And optional proxy jump setting * @return A <U>cloned</U> entry whose values are resolved - including expanding macros in the * identities files * @throws IOException If failed to normalize the entry diff --git a/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java b/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java index 821765a..80b8a1b 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java @@ -89,15 +89,12 @@ public class BaseBuilder<T extends AbstractFactoryManager, S extends BaseBuilder BuiltinDHFactories.ecdhp256, BuiltinDHFactories.dhgex256, - BuiltinDHFactories.dhgex, BuiltinDHFactories.dhg18_512, BuiltinDHFactories.dhg17_512, BuiltinDHFactories.dhg16_512, BuiltinDHFactories.dhg15_512, - BuiltinDHFactories.dhg14_256, - BuiltinDHFactories.dhg14, - BuiltinDHFactories.dhg1)); + BuiltinDHFactories.dhg14_256)); /** * The default {@link BuiltinMacs} setup in order of preference as specified by diff --git a/sshd-core/src/test/java/org/apache/sshd/DefaultSetupTestSupport.java b/sshd-core/src/test/java/org/apache/sshd/DefaultSetupTestSupport.java index bc5ef94..fa3b891 100644 --- a/sshd-core/src/test/java/org/apache/sshd/DefaultSetupTestSupport.java +++ b/sshd-core/src/test/java/org/apache/sshd/DefaultSetupTestSupport.java @@ -31,6 +31,8 @@ import org.apache.sshd.common.NamedResource; import org.apache.sshd.common.cipher.BuiltinCiphers; import org.apache.sshd.common.cipher.Cipher; import org.apache.sshd.common.helpers.AbstractFactoryManager; +import org.apache.sshd.common.kex.BuiltinDHFactories; +import org.apache.sshd.common.kex.KeyExchange; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.util.test.BaseTestSupport; import org.apache.sshd.util.test.NoIoTestCase; @@ -53,30 +55,59 @@ public abstract class DefaultSetupTestSupport<M extends AbstractFactoryManager> @Test public void testDefaultCiphersList() { - assertNamedFactoriesList(Cipher.class.getSimpleName(), BaseBuilder.DEFAULT_CIPHERS_PREFERENCE, + assertSameNamedFactoriesListInstances(Cipher.class.getSimpleName(), BaseBuilder.DEFAULT_CIPHERS_PREFERENCE, factory.getCipherFactories()); } @Test // SSHD-1004 public void testNoDeprecatedCiphers() { - assertNoDeprecatedSettings(Cipher.class.getSimpleName(), + assertNoDeprecatedFactoryInstanceNames(Cipher.class.getSimpleName(), EnumSet.of(BuiltinCiphers.arcfour128, BuiltinCiphers.arcfour256, BuiltinCiphers.tripledescbc, BuiltinCiphers.blowfishcbc), factory.getCipherFactories()); } - protected static <T, F extends NamedFactory<T>> void assertNoDeprecatedSettings( - String hint, Collection<? extends F> unexpected, Collection<? extends F> actual) { + @Test + public void testDefaultKeyExchangeList() { + assertSameNamedResourceListNames(KeyExchange.class.getSimpleName(), + BaseBuilder.DEFAULT_KEX_PREFERENCE, factory.getKeyExchangeFactories()); + } + + @Test // SSHD-1004 + public void testNoDeprecatedKeyExchanges() { + Collection<? extends NamedResource> disallowed = BuiltinDHFactories.VALUES.stream() + .filter(f -> f.getName().endsWith("sha-1")) + .collect(Collectors.toCollection(() -> EnumSet.noneOf(BuiltinDHFactories.class))); + assertNoDeprecatedFactoryInstanceNames( + KeyExchange.class.getSimpleName(), disallowed, factory.getKeyExchangeFactories()); + } + + protected static void assertSameNamedResourceListNames( + String hint, List<? extends NamedResource> expected, List<? extends NamedResource> actual) { + int len = GenericUtils.size(expected); + assertEquals(hint + "[size]", len, GenericUtils.size(actual)); + + for (int index = 0; index < len; index++) { + NamedResource expRes = expected.get(index); + String expName = expRes.getName(); + NamedResource actRes = actual.get(index); + String actName = actRes.getName(); + assertSame(hint + "[" + index + "]", expName, actName); + } + } + + protected static void assertNoDeprecatedFactoryInstanceNames( + String hint, Collection<? extends NamedResource> unexpected, Collection<? extends NamedResource> actual) { Collection<String> disallowedNames = unexpected.stream() .map(NamedResource::getName) .collect(Collectors.toCollection(() -> new TreeSet<>(String.CASE_INSENSITIVE_ORDER))); - for (F namedFactory : actual) { + for (NamedResource namedFactory : actual) { String name = namedFactory.getName(); assertFalse(hint + " - disallowed: " + name, disallowedNames.contains(name)); } } - protected static <T, F extends NamedFactory<T>> void assertNamedFactoriesList( + protected static <T, F extends NamedFactory<T>> void assertSameNamedFactoriesListInstances( String hint, List<? extends F> expected, List<? extends F> actual) { int len = GenericUtils.size(expected); assertEquals(hint + "[size]", len, GenericUtils.size(actual)); diff --git a/sshd-core/src/test/java/org/apache/sshd/KeyReExchangeTest.java b/sshd-core/src/test/java/org/apache/sshd/KeyReExchangeTest.java index c067e99..18bef92 100644 --- a/sshd-core/src/test/java/org/apache/sshd/KeyReExchangeTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/KeyReExchangeTest.java @@ -101,7 +101,7 @@ public class KeyReExchangeTest extends BaseTestSupport { } protected void setUp(long bytesLimit, Duration timeLimit, long packetsLimit) throws Exception { - sshd = setupTestServer(); + sshd = setupTestFullSupportServer(); sshd.setSubsystemFactories(Collections.singletonList(new TestSubsystemFactory())); if (bytesLimit > 0L) { CoreModuleProperties.REKEY_BYTES_LIMIT.set(sshd, bytesLimit); diff --git a/sshd-core/src/test/java/org/apache/sshd/client/kex/KexTest.java b/sshd-core/src/test/java/org/apache/sshd/client/kex/KexTest.java index 75f2151..9cf4ad0 100644 --- a/sshd-core/src/test/java/org/apache/sshd/client/kex/KexTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/kex/KexTest.java @@ -81,11 +81,11 @@ public class KexTest extends BaseTestSupport { @BeforeClass public static void setupClientAndServer() throws Exception { - sshd = CoreTestSupportUtils.setupTestServer(KexTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(KexTest.class); sshd.start(); port = sshd.getPort(); - client = CoreTestSupportUtils.setupTestClient(KexTest.class); + client = CoreTestSupportUtils.setupTestFullSupportClient(KexTest.class); client.start(); } diff --git a/sshd-core/src/test/java/org/apache/sshd/common/SshBuilderTest.java b/sshd-core/src/test/java/org/apache/sshd/common/SshBuilderTest.java index 8f23ba0..4de6a13 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/SshBuilderTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/SshBuilderTest.java @@ -25,7 +25,6 @@ import java.util.Set; import org.apache.sshd.common.cipher.BuiltinCiphers; import org.apache.sshd.common.cipher.Cipher; -import org.apache.sshd.common.kex.BuiltinDHFactories; import org.apache.sshd.common.mac.BuiltinMacs; import org.apache.sshd.common.signature.BuiltinSignatures; import org.apache.sshd.common.util.GenericUtils; @@ -64,14 +63,6 @@ public class SshBuilderTest extends BaseTestSupport { testAllInstancesListed(BuiltinSignatures.VALUES, ServerBuilder.DEFAULT_SIGNATURE_PREFERENCE); } - /** - * Make sure that all values in {@link BuiltinDHFactories} are listed in {@link BaseBuilder#DEFAULT_KEX_PREFERENCE} - */ - @Test - public void testAllBuiltinDHFactoriesListed() { - testAllInstancesListed(BuiltinDHFactories.VALUES, BaseBuilder.DEFAULT_KEX_PREFERENCE); - } - private static < E extends Enum<E>> void testAllInstancesListed(Set<? extends E> expValues, Collection<? extends E> actValues) { assertEquals("Mismatched actual values size", expValues.size(), actValues.size()); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/cipher/CipherTest.java b/sshd-core/src/test/java/org/apache/sshd/common/cipher/CipherTest.java index 0cfd960..04a3d4c 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/cipher/CipherTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/cipher/CipherTest.java @@ -110,7 +110,7 @@ public class CipherTest extends BaseTestSupport { @BeforeClass public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(CipherTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(CipherTest.class); sshd.start(); port = sshd.getPort(); } diff --git a/sshd-core/src/test/java/org/apache/sshd/common/compression/CompressionTest.java b/sshd-core/src/test/java/org/apache/sshd/common/compression/CompressionTest.java index e6934ab..49c15d3 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/compression/CompressionTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/compression/CompressionTest.java @@ -96,7 +96,7 @@ public class CompressionTest extends BaseTestSupport { public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(MacCompatibilityTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(MacCompatibilityTest.class); sshd.setKeyPairProvider(CommonTestSupportUtils.createTestHostKeyProvider(MacCompatibilityTest.class)); sshd.start(); port = sshd.getPort(); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/forward/ApacheServerJSchClientTest.java b/sshd-core/src/test/java/org/apache/sshd/common/forward/ApacheServerJSchClientTest.java index 1afc721..9d24acc 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/forward/ApacheServerJSchClientTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/forward/ApacheServerJSchClientTest.java @@ -27,6 +27,7 @@ import com.jcraft.jsch.Session; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.forward.AcceptAllForwardingFilter; import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; +import org.apache.sshd.util.test.CoreTestSupportUtils; import org.apache.sshd.util.test.JSchLogger; import org.apache.sshd.util.test.SimpleUserInfo; import org.junit.After; @@ -67,7 +68,7 @@ public class ApacheServerJSchClientTest extends AbstractServerCloseTestSupport { @BeforeClass public static void startSshServer() throws IOException { LOG.info("Starting SSHD..."); - server = SshServer.setUpDefaultServer(); + server = CoreTestSupportUtils.setupTestFullSupportServer(SshServer.setUpDefaultServer()); server.setPasswordAuthenticator((u, p, s) -> true); server.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE); server.setKeyPairProvider(new SimpleGeneratorHostKeyProvider()); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingLoadTest.java b/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingLoadTest.java index 67b1529..8b1e535 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingLoadTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingLoadTest.java @@ -156,7 +156,7 @@ public class PortForwardingLoadTest extends BaseTestSupport { @Before public void setUp() throws Exception { - sshd = setupTestServer(); + sshd = setupTestFullSupportServer(); sshd.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE); sshd.addPortForwardingEventListener(serverSideListener); sshd.start(); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingTest.java b/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingTest.java index 864ccf1..1210e59 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/forward/PortForwardingTest.java @@ -166,7 +166,7 @@ public class PortForwardingTest extends BaseTestSupport { @BeforeClass public static void setUpTestEnvironment() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(PortForwardingTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(PortForwardingTest.class); CoreModuleProperties.WINDOW_SIZE.set(sshd, 2048L); CoreModuleProperties.MAX_PACKET_SIZE.set(sshd, 256L); sshd.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE); diff --git a/sshd-core/src/test/java/org/apache/sshd/common/mac/MacCompatibilityTest.java b/sshd-core/src/test/java/org/apache/sshd/common/mac/MacCompatibilityTest.java index a327897..31d6b42 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/mac/MacCompatibilityTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/mac/MacCompatibilityTest.java @@ -119,7 +119,7 @@ public class MacCompatibilityTest extends BaseTestSupport { public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(MacCompatibilityTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(MacCompatibilityTest.class); sshd.setKeyPairProvider(CommonTestSupportUtils.createTestHostKeyProvider(MacCompatibilityTest.class)); sshd.start(); port = sshd.getPort(); diff --git a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthInteractiveTest.java b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthInteractiveTest.java index 86e32a8..241d0fb 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthInteractiveTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthInteractiveTest.java @@ -24,6 +24,8 @@ import com.jcraft.jsch.JSchException; import com.jcraft.jsch.Session; import com.jcraft.jsch.UserInfo; import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.util.test.JSchLogger; +import org.junit.BeforeClass; import org.junit.FixMethodOrder; import org.junit.runners.MethodSorters; @@ -36,6 +38,11 @@ public class AsyncAuthInteractiveTest extends AsyncAuthTestBase { super(); } + @BeforeClass + public static void jschInit() { + JSchLogger.init(); + } + @Override protected boolean authenticate() throws Exception { JSch jsch = new JSch(); diff --git a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTest.java b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTest.java index a8963d2..ac748a7 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTest.java @@ -26,6 +26,8 @@ import com.jcraft.jsch.JSchException; import com.jcraft.jsch.Session; import com.jcraft.jsch.UserInfo; import org.apache.sshd.common.channel.Channel; +import org.apache.sshd.util.test.JSchLogger; +import org.junit.BeforeClass; import org.junit.FixMethodOrder; import org.junit.runners.MethodSorters; @@ -38,6 +40,11 @@ public class AsyncAuthTest extends AsyncAuthTestBase { super(); } + @BeforeClass + public static void jschInit() { + JSchLogger.init(); + } + @Override protected boolean authenticate() throws Exception { JSch jsch = new JSch(); diff --git a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTestBase.java b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTestBase.java index fdc0f66..46286ec 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTestBase.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/auth/AsyncAuthTestBase.java @@ -28,6 +28,7 @@ import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.password.PasswordAuthenticator; import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; import org.apache.sshd.util.test.BaseTestSupport; +import org.apache.sshd.util.test.CoreTestSupportUtils; import org.apache.sshd.util.test.EchoShellFactory; import org.junit.After; import org.junit.Test; @@ -41,7 +42,7 @@ public abstract class AsyncAuthTestBase extends BaseTestSupport { private PasswordAuthenticator authenticator; - public AsyncAuthTestBase() { + protected AsyncAuthTestBase() { super(); } @@ -53,7 +54,7 @@ public abstract class AsyncAuthTestBase extends BaseTestSupport { if (server != null) { fail("Server already started"); } - server = SshServer.setUpDefaultServer(); + server = CoreTestSupportUtils.setupTestFullSupportServer(SshServer.setUpDefaultServer()); if (timeout != null) { CoreModuleProperties.AUTH_TIMEOUT.set(server, timeout); } diff --git a/sshd-core/src/test/java/org/apache/sshd/spring/SpringConfigTest.java b/sshd-core/src/test/java/org/apache/sshd/spring/SpringConfigTest.java index 688e980..31b9080 100644 --- a/sshd-core/src/test/java/org/apache/sshd/spring/SpringConfigTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/spring/SpringConfigTest.java @@ -27,6 +27,7 @@ import com.jcraft.jsch.JSch; import org.apache.sshd.common.util.OsUtils; import org.apache.sshd.server.SshServer; import org.apache.sshd.util.test.BaseTestSupport; +import org.apache.sshd.util.test.CoreTestSupportUtils; import org.apache.sshd.util.test.JSchLogger; import org.apache.sshd.util.test.SimpleUserInfo; import org.junit.After; @@ -73,7 +74,7 @@ public class SpringConfigTest extends BaseTestSupport { @Test public void testSpringConfig() throws Exception { - SshServer server = context.getBean(SshServer.class); + SshServer server = CoreTestSupportUtils.setupTestFullSupportServer(context.getBean(SshServer.class)); int port = server.getPort(); JSch sch = new JSch(); diff --git a/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java b/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java index 1c1c9ad..69b2614 100644 --- a/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java +++ b/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java @@ -125,10 +125,18 @@ public abstract class BaseTestSupport extends JUnitTestSupport { return CoreTestSupportUtils.setupTestServer(getClass()); } + protected SshServer setupTestFullSupportServer() { + return CoreTestSupportUtils.setupTestFullSupportServer(setupTestServer()); + } + protected SshClient setupTestClient() { return CoreTestSupportUtils.setupTestClient(getClass()); } + protected SshClient setupTestFullSupportClient() { + return CoreTestSupportUtils.setupTestFullSupportClient(setupTestClient()); + } + protected void assumeNotIoServiceProvider( Collection<BuiltinIoServiceFactoryFactories> excluded) { assumeNotIoServiceProvider(getCurrentTestName(), excluded); diff --git a/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java b/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java index 7d2b9b9..1621405 100644 --- a/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java +++ b/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java @@ -22,10 +22,14 @@ import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.ServerSocket; +import org.apache.sshd.client.ClientBuilder; import org.apache.sshd.client.SshClient; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier; +import org.apache.sshd.common.NamedFactory; +import org.apache.sshd.common.kex.BuiltinDHFactories; import org.apache.sshd.common.keyprovider.KeyIdentityProvider; +import org.apache.sshd.server.ServerBuilder; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.pubkey.AcceptAllPublickeyAuthenticator; import org.apache.sshd.server.shell.UnknownCommandFactory; @@ -51,6 +55,17 @@ public final class CoreTestSupportUtils { return client; } + public static SshClient setupTestFullSupportClient(Class<?> anchor) { + SshClient client = setupTestClient(anchor); + return setupTestFullSupportClient(client); + } + + public static SshClient setupTestFullSupportClient(SshClient client) { + client.setKeyExchangeFactories( + NamedFactory.setUpTransformedFactories(false, BuiltinDHFactories.VALUES, ClientBuilder.DH2KEX)); + return client; + } + public static SshServer setupTestServer(Class<?> anchor) { SshServer sshd = SshServer.setUpDefaultServer(); sshd.setKeyPairProvider(CommonTestSupportUtils.createTestHostKeyProvider(anchor)); @@ -60,4 +75,16 @@ public final class CoreTestSupportUtils { sshd.setCommandFactory(UnknownCommandFactory.INSTANCE); return sshd; } + + // Adds deprecated / insecure settings + public static SshServer setupTestFullSupportServer(Class<?> anchor) { + SshServer sshd = setupTestServer(anchor); + return setupTestFullSupportServer(sshd); + } + + public static SshServer setupTestFullSupportServer(SshServer sshd) { + sshd.setKeyExchangeFactories( + NamedFactory.setUpTransformedFactories(false, BuiltinDHFactories.VALUES, ServerBuilder.DH2KEX)); + return sshd; + } } diff --git a/sshd-scp/src/test/java/org/apache/sshd/scp/client/ScpTest.java b/sshd-scp/src/test/java/org/apache/sshd/scp/client/ScpTest.java index f740459..2cc5972 100644 --- a/sshd-scp/src/test/java/org/apache/sshd/scp/client/ScpTest.java +++ b/sshd-scp/src/test/java/org/apache/sshd/scp/client/ScpTest.java @@ -148,14 +148,14 @@ public class ScpTest extends BaseTestSupport { @BeforeClass public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(ScpTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(ScpTest.class); ScpCommandFactory factory = new ScpCommandFactory(); sshd.setCommandFactory(factory); sshd.setShellFactory(factory); sshd.start(); port = sshd.getPort(); - client = CoreTestSupportUtils.setupTestClient(ScpTest.class); + client = CoreTestSupportUtils.setupTestFullSupportClient(ScpTest.class); client.start(); } diff --git a/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/AbstractSftpClientTestSupport.java b/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/AbstractSftpClientTestSupport.java index b625409..efaf753 100644 --- a/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/AbstractSftpClientTestSupport.java +++ b/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/AbstractSftpClientTestSupport.java @@ -55,7 +55,7 @@ public abstract class AbstractSftpClientTestSupport extends BaseTestSupport { @BeforeClass public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(AbstractSftpClientTestSupport.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(AbstractSftpClientTestSupport.class); sshd.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory())); sshd.start(); port = sshd.getPort(); diff --git a/sshd-spring-sftp/src/test/java/org/apache/sshd/sftp/spring/integration/ApacheSshdSftpSessionFactoryTest.java b/sshd-spring-sftp/src/test/java/org/apache/sshd/sftp/spring/integration/ApacheSshdSftpSessionFactoryTest.java index 774ee03..e4bf4c5 100644 --- a/sshd-spring-sftp/src/test/java/org/apache/sshd/sftp/spring/integration/ApacheSshdSftpSessionFactoryTest.java +++ b/sshd-spring-sftp/src/test/java/org/apache/sshd/sftp/spring/integration/ApacheSshdSftpSessionFactoryTest.java @@ -110,12 +110,12 @@ public class ApacheSshdSftpSessionFactoryTest extends BaseTestSupport { @BeforeClass public static void setupClientAndServer() throws Exception { JSchLogger.init(); - sshd = CoreTestSupportUtils.setupTestServer(ApacheSshdSftpSessionFactoryTest.class); + sshd = CoreTestSupportUtils.setupTestFullSupportServer(ApacheSshdSftpSessionFactoryTest.class); sshd.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory())); sshd.start(); port = sshd.getPort(); - client = CoreTestSupportUtils.setupTestClient(ApacheSshdSftpSessionFactoryTest.class); + client = CoreTestSupportUtils.setupTestFullSupportClient(ApacheSshdSftpSessionFactoryTest.class); client.start(); }
