Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.maven.scm.provider.git.command.checkout;
020
021import java.io.IOException;
022import java.io.OutputStream;
023import java.io.Writer;
024import java.nio.file.FileSystem;
025import java.nio.file.Files;
026import java.nio.file.Path;
027import java.nio.file.attribute.PosixFilePermissions;
028import java.security.GeneralSecurityException;
029import java.security.KeyPair;
030import java.security.PublicKey;
031import java.util.ArrayList;
032import java.util.List;
033
034import org.apache.maven.scm.provider.ScmProviderRepositoryWithHost;
035import org.apache.maven.scm.provider.git.GitScmTestUtils;
036import org.apache.maven.scm.repository.ScmRepository;
037import org.apache.maven.scm.tck.command.checkout.CheckOutCommandTckTest;
038import org.apache.sshd.common.config.keys.KeyUtils;
039import org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyEncryptionContext;
040import org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyPairResourceWriter;
041import org.apache.sshd.git.GitLocationResolver;
042import org.apache.sshd.git.pack.GitPackCommandFactory;
043import org.apache.sshd.server.SshServer;
044import org.apache.sshd.server.auth.pubkey.KeySetPublickeyAuthenticator;
045import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
046import org.apache.sshd.server.session.ServerSession;
047import org.apache.sshd.util.test.CommonTestSupportUtils;
048import org.apache.sshd.util.test.CoreTestSupportUtils;
049import org.bouncycastle.openssl.PKCS8Generator;
050import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
051import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
052import org.bouncycastle.util.io.pem.PemObject;
053import org.junit.Assume;
054import org.junit.Rule;
055import org.junit.Test;
056import org.junit.rules.TemporaryFolder;
057
058/**
059 *
060 */
061public abstract class GitSshCheckOutCommandTckTest extends CheckOutCommandTckTest {
062    protected final SshServer sshServer;
063    protected final KeyPair keyPair;
064    protected final List<PublicKey> acceptedPublicKeys;
065
066    @Rule
067    public TemporaryFolder tmpDirectory = new TemporaryFolder();
068
069    protected GitSshCheckOutCommandTckTest() throws GeneralSecurityException {
070        sshServer = CoreTestSupportUtils.setupTestServer(getClass());
071        keyPair = CommonTestSupportUtils.generateKeyPair(KeyUtils.RSA_ALGORITHM, 2048);
072        acceptedPublicKeys = new ArrayList<>();
073        acceptedPublicKeys.add(keyPair.getPublic());
074        PublickeyAuthenticator authenticator = new KeySetPublickeyAuthenticator("onlykey", acceptedPublicKeys);
075        sshServer.setPublickeyAuthenticator(authenticator);
076    }
077
078    void writePrivateKeyAsPkcs8(Path file, String passphrase) throws IOException, GeneralSecurityException {
079        // encryption only optional
080        if (passphrase != null) {
081            // encryption with format outlined in https://dnaeon.github.io/openssh-private-key-binary-format/
082            OpenSSHKeyPairResourceWriter writer = new OpenSSHKeyPairResourceWriter();
083            OpenSSHKeyEncryptionContext context = new OpenSSHKeyEncryptionContext();
084            context.setCipherType("192");
085            context.setPassword(passphrase);
086            try (OutputStream output = Files.newOutputStream(file)) {
087                writer.writePrivateKey(keyPair, "comment", context, output);
088            }
089        } else {
090            // wrap unencrypted private key as regular PKCS8 private key
091            PKCS8Generator pkcs8Generator = new JcaPKCS8Generator(keyPair.getPrivate(), null);
092            PemObject pemObject = pkcs8Generator.generate();
093
094            try (Writer writer = Files.newBufferedWriter(file);
095                    JcaPEMWriter pw = new JcaPEMWriter(writer)) {
096                pw.writeObject(pemObject);
097            }
098        }
099
100        if (file.getFileSystem().supportedFileAttributeViews().contains("posix")) {
101            // must only be readable/writeable by me
102            Files.setPosixFilePermissions(file, PosixFilePermissions.fromString("rwx------"));
103        }
104    }
105
106    protected abstract String getScmProvider();
107
108    /** {@inheritDoc} */
109    public String getScmUrl() throws Exception {
110        return "scm:" + getScmProvider() + ":ssh://localhost:" + sshServer.getPort() + "/repository";
111    }
112
113    public void configureCredentials(ScmRepository repository, String passphrase) throws Exception {
114        ScmProviderRepositoryWithHost providerRepository =
115                ScmProviderRepositoryWithHost.class.cast(repository.getProviderRepository());
116        // store as file
117        Path privateKeyFile = tmpDirectory.newFile().toPath();
118        writePrivateKeyAsPkcs8(privateKeyFile, passphrase);
119        providerRepository.setPrivateKey(privateKeyFile.toString());
120        providerRepository.setPassphrase(passphrase); // may be null
121    }
122
123    /** {@inheritDoc} */
124    public void initRepo() throws Exception {
125        GitScmTestUtils.initRepo("src/test/resources/repository/", getRepositoryRoot(), getWorkingDirectory());
126
127        GitLocationResolver gitLocationResolver = new GitLocationResolver() {
128            @Override
129            public Path resolveRootDirectory(String command, String[] args, ServerSession session, FileSystem fs)
130                    throws IOException {
131                return getRepositoryRoot().getParentFile().toPath();
132            }
133        };
134        sshServer.setCommandFactory(new GitPackCommandFactory(gitLocationResolver));
135        sshServer.start();
136
137        // as checkout also already happens in setup() make sure to configure credentials here as well
138        configureCredentials(getScmRepository(), null);
139    }
140
141    @Override
142    public void removeRepo() throws Exception {
143        sshServer.stop();
144        super.removeRepo();
145    }
146
147    @Override
148    @Test
149    public void testCheckOutCommandTest() throws Exception {
150        configureCredentials(getScmRepository(), null);
151        super.testCheckOutCommandTest();
152    }
153
154    @Test
155    public void testCheckOutCommandWithPassphraseTest() throws Exception {
156        // TODO: currently no easy way to pass passphrase in gitexe
157        Assume.assumeTrue(
158                "Ignore test with passphrase for provider " + getScmProvider(), "jgit".equals(getScmProvider()));
159        configureCredentials(getScmRepository(), "mySecret");
160        super.testCheckOutCommandTest();
161    }
162}