DO NOT MERGE: Clients

.gitignore

@@ -0,0 +1,2 @@
+/target/
+/.idea/

SSH-Docker-Library.iml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_11">
+    <output url="file://$MODULE_DIR$/target/classes" />
+    <output-test url="file://$MODULE_DIR$/target/test-classes" />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+      <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+      <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+      <excludeFolder url="file://$MODULE_DIR$/target" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-iostreams:2.11.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.sshd:sshd-core:2.9.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.sshd:sshd-common:2.9.1" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.32" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.32" level="project" />
+    <orderEntry type="library" name="Maven: org.pcap4j:pcap4j-core:2.0.0-alpha.6" level="project" />
+    <orderEntry type="library" name="Maven: net.java.dev.jna:jna:5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.github.docker-java:docker-java-core:3.2.5" level="project" />
+    <orderEntry type="library" name="Maven: com.github.docker-java:docker-java-api:3.2.5" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.10.3" level="project" />
+    <orderEntry type="library" name="Maven: com.github.docker-java:docker-java-transport:3.2.5" level="project" />
+    <orderEntry type="library" name="Maven: commons-io:commons-io:2.6" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-compress:1.20" level="project" />
+    <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.6" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.10.3" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.10.3" level="project" />
+    <orderEntry type="library" name="Maven: org.bouncycastle:bcpkix-jdk15on:1.64" level="project" />
+    <orderEntry type="library" name="Maven: org.bouncycastle:bcprov-jdk15on:1.64" level="project" />
+    <orderEntry type="library" name="Maven: com.github.docker-java:docker-java-transport-httpclient5:3.2.5" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents.client5:httpclient5:5.0" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents.core5:httpcore5:5.0" level="project" />
+    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.13" level="project" />
+    <orderEntry type="library" name="Maven: com.codepoetics:protonpack:1.15" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-slf4j-impl:2.11.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
+    <orderEntry type="library" name="Maven: com.google.guava:guava:27.1-jre" level="project" />
+    <orderEntry type="library" name="Maven: com.google.guava:failureaccess:1.0.1" level="project" />
+    <orderEntry type="library" name="Maven: com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava" level="project" />
+    <orderEntry type="library" name="Maven: com.google.code.findbugs:jsr305:3.0.2" level="project" />
+    <orderEntry type="library" name="Maven: org.checkerframework:checker-qual:2.5.2" level="project" />
+    <orderEntry type="library" name="Maven: com.google.errorprone:error_prone_annotations:2.2.0" level="project" />
+    <orderEntry type="library" name="Maven: com.google.j2objc:j2objc-annotations:1.1" level="project" />
+    <orderEntry type="library" name="Maven: org.codehaus.mojo:animal-sniffer-annotations:1.17" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.11" level="project" />
+    <orderEntry type="library" name="Maven: org.reflections:reflections:0.10.2" level="project" />
+    <orderEntry type="library" name="Maven: org.javassist:javassist:3.28.0-GA" level="project" />
+    <orderEntry type="library" name="Maven: org.glassfish.jaxb:jaxb-runtime:2.3.3" level="project" />
+    <orderEntry type="library" name="Maven: org.glassfish.jaxb:txw2:2.3.3" level="project" />
+    <orderEntry type="library" name="Maven: com.sun.istack:istack-commons-runtime:3.0.11" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: com.sun.activation:jakarta.activation:1.2.2" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+  </component>
+</module>

certs/.gitignore

@@ -0,0 +1 @@
+out/

certs/Dockerfile

@@ -0,0 +1,14 @@
+FROM debian:stretch
+
+RUN apt-get update 
+RUN apt-get install software-properties-common -y
+RUN apt-add-repository 'deb http://security.debian.org/debian-security stretch/updates main'
+RUN apt-get update && apt-get install -y \
+    openssl \
+    libnss3-tools \
+    openjdk-8-jdk \
+    curl
+
+WORKDIR /certs
+COPY generateCerts.sh cert.cfg /run/
+RUN /run/generateCerts.sh

certs/Readme.md

@@ -0,0 +1,16 @@
+After running setup.sh, you have a docker volume with keys and certificate data.
+You can add this volume to the container with: 
+```bash
+-v cert-data:/cert/:ro,nocopy
+```
+
+The volume conains the following files and certificates:
+- /cert/ec256key.pem and /cert/ec256cert.pem (alias is cert)
+- /cert/rsa2048key.pem and /cert/rsa2048cert.pem (alias is cert)
+- /cert/keys.jks (aliases are ec256 and rsa2048)
+All passwords are password
+
+For example, you can run a TLS server with the following command:
+```bash
+docker run -it -v cert-data:/cert/:ro,nocopy --rm openssl-server -key /cert/ec256key.pem -cert /cert/ec256cert.pem
+```

certs/cert.cfg

@@ -0,0 +1,47 @@
+[ca]
+default_ca = CA_default
+
+[CA_default]
+dir = ./ca
+database = $dir/index.txt
+new_certs_dir = $dir/newcerts
+serial = $dir/serial
+private_key = ./ca_key.pem
+certificate = ./ca.pem
+default_days = 1024
+default_md = sha256
+policy = policy_anything
+copy_extensions = copyall
+
+[policy_anything]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[req]
+prompt = no
+distinguished_name = dn
+req_extensions = req_ext
+
+[dn]
+C=DE
+ST=NRW
+L=Bochum
+O=RUB
+OU=NDS
+CN=example.com
+
+[req_ext]
+basicConstraints = CA:FALSE
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = example.com
+DNS.2 = 192.168.0.20.xip.io
+DNS.3 = *.192.168.0.20.xip.io
+DNS.4 = 192.168.65.2.xip.io
+DNS.5 = *.192.168.65.2.xip.io

certs/generateCerts.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -eu
+
+WARN='\033[0;31m'
+NO_COLOR='\033[0m'
+
+CFG_PATH=/run/cert.cfg
+if [ ! -f "$CFG_PATH" ]; then
+    echo "\nWARNING: Config file $CFG_PATH does not exist. This script is intended to be run by the Dockerfile.\n"
+fi
+
+mkdir ./ca ./ca/newcerts
+touch ./ca/index.txt
+echo "unique_subject = no" > ./ca/index.txt.attr
+echo "Generating Root CA Key"
+openssl genrsa -out ca_key.pem 2048
+echo "Generating Root CA Certificate"
+openssl req -new -nodes -x509 -subj "/C=DE/ST=NRW/L=Bochum/O=RUB/OU=NDS/CN=NDS CA" -key ca_key.pem -out ca.pem -days 1024
+echo "Generating RSA keys"
+openssl genpkey -algorithm RSA -out rsa2048key.pem -pkeyopt rsa_keygen_bits:2048
+openssl req -new -config $CFG_PATH -nodes -key rsa2048key.pem -out rsa2048cert.csr
+openssl ca -config $CFG_PATH -create_serial -batch -in rsa2048cert.csr -out rsa2048cert.pem
+cat rsa2048key.pem rsa2048cert.pem > rsa2048combined.pem
+echo "Generating EC keys"
+openssl genpkey -algorithm EC -out ec256key.pem -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve
+openssl req -new -config $CFG_PATH -nodes -key ec256key.pem -out ec256cert.csr
+openssl ca -config $CFG_PATH -create_serial -batch -in ec256cert.csr -out ec256cert.pem
+cat ec256key.pem ec256cert.pem > ec256combined.pem
+echo "Creating DH parameters"
+openssl dhparam -out dh.pem 2048
+echo "Creating db"
+mkdir db
+openssl pkcs12 -export -in rsa2048cert.pem -inkey rsa2048key.pem -out rsa2048.p12 -name cert -passin pass:password -passout pass:password
+echo "Importing RSA key"
+pk12util -i rsa2048.p12 -d db -K password -W password
+openssl pkcs12 -export -in ec256cert.pem -inkey ec256key.pem -out ec256.p12 -name cert -passin pass:password -passout pass:password
+echo "Importing EC key"
+pk12util -i ec256.p12 -d db -K password -W password
+echo "Creating Java keystore"
+keytool -importkeystore -srckeystore rsa2048.p12 -srcstoretype pkcs12 -destkeystore keys.jks -deststoretype jks -alias cert -destalias rsa2048 -srcstorepass password -deststorepass password
+keytool -importkeystore -srckeystore ec256.p12 -srcstoretype pkcs12 -destkeystore keys.jks -deststoretype jks -alias cert -destalias ec256 -srcstorepass password -deststorepass password
+#use test-ca from rustls
+curl -L https://github.com/ctz/rustls/tarball/master | tar zx --wildcards  --strip-components=1 '*/test-ca/'

certs/setup.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+cd "$(dirname "$0")" || exit 1
+set -eu
+
+docker build -t certs -f Dockerfile .
+
+docker volume remove cert-data || true
+docker volume create cert-data
+docker run --rm -v cert-data:/cert/ certs cp -r ./. /cert/
+
+echo "Copying Root CA Certificate to relevant image folders"
+docker run --rm -d -v cert-data:/cert/ --name tmp-certs certs sleep 10
+docker cp tmp-certs:/cert/ca.pem ../images/baseimage/
+docker cp tmp-certs:/cert/ca.pem ../images/firefox/
+
+if [ -d ./out ]
+then
+    rm -r ./out
+fi
+docker cp tmp-certs:/cert/ ./out
+docker cp tmp-certs:/cert/keys.jks ./keys.jks
+docker kill tmp-certs

clientImages/asyncSSH/Dockerfile

@@ -0,0 +1,15 @@
+ARG VERSION_PYTHON=3.9
+
+FROM python:${VERSION_PYTHON} AS asyncssh-client
+ARG VERSION
+WORKDIR /usr/local/bin
+COPY asyncssh-client-script.py /usr/local/bin
+COPY start.sh /usr/local/bin
+RUN /usr/local/bin/python -m pip install --upgrade pip
+RUN pip install asyncssh==${VERSION}
+RUN pip install click
+COPY --from=entrypoint /bin/client-entrypoint /usr/local/bin/
+LABEL "ssh_implementation"="asyncssh"
+LABEL "ssh_implementation_version"="${VERSION}"
+LABEL "ssh_implementation_connectionRole"="client"
+ENTRYPOINT ["client-entrypoint", "start.sh"]

clientImages/asyncSSH/asyncssh-client-script.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+import click
+import asyncio
+import asyncssh
+import sys
+
+
+@click.command()
+@click.option('-H', '--host', help='hostname or ip', default='172.17.0.1"')
+@click.option('-P', '--port', help='port', default=3022, type=int)
+@click.option('-u', '--username', help='username', default='demo')
+@click.option('-p', '--password', help='password', default='password')
+@click.option('-c', '--command', help='command', default='pwd')
+@click.option('-o', '--output',  is_flag=True, show_default=True, default=False, help='print output')
+@click.option('-e', '--error',  is_flag=True, show_default=True, default=False, help='print error')
+def client_start(host, port, username, password, command, output, error):
+    print(f'host {host}\n')
+    print(f'port {port}\n')
+    print(f'username {username}\n')
+
+    try:
+        asyncio.get_event_loop().run_until_complete(run_client(host, port, username, password, command, output, error))
+    except (OSError, asyncssh.Error) as exc:
+        sys.exit('SSH connection failed: ' + str(exc))
+
+
+async def run_client(host, port, username, password, command, output, error):
+    async with asyncssh.connect(host=host,port=port, username=username,password=password,known_hosts=None) as conn:
+        result = await conn.run(command, check=True)
+        print(result.stdout, end='')
+
+
+if __name__ == '__main__':
+    client_start()
+
+

clientImages/asyncSSH/asyncssh_build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+cd "$(dirname "$0")" || exit 1
+source ../helper-functions.sh
+
+versions=(${versions="2.12.0" "2.11.0" "2.10.0" "2.9.0" "2.8.1" "2.8.0" "2.7.2" "2.7.1" "2.7.0" "2.6.0" "2.5.0" "2.4.2" "2.4.1" "2.4.0" "2.3.0"  "2.2.1"  "2.2.0" "2.1.0" "2.0.1" "2.0.0" "1.18.0" "1.17.1" "1.17.0" "1.16.1"})
+for i in "${versions[@]}"; do
+  _docker build --build-arg VERSION=${i} -t ${DOCKER_REPOSITORY}asyncssh-client:${i} -f Dockerfile --target asyncssh-client .
+done
+
+exit "$EXITCODE"

clientImages/asyncSSH/start.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+host=$1
+port=$2
+user=$3
+password=$4
+command=$5
+print_output=$6
+print_error=$7
+
+if [ -z "$host" ]
+then
+      host="172.17.0.1"
+fi
+
+if [ -z "$port" ]
+then
+      port=3022
+fi
+
+if [ -z "$user" ]
+then
+      user="demo"
+fi
+
+if [ -z "$passtord" ]
+then
+      password="none"
+fi
+
+
+if [ -z "$command" ]
+then
+      command="pwd"
+fi
+
+parameter="--host $host -P $port -u $user -p $password -c $command"
+
+if [ "$print_output" == "true"  ]
+then
+      parameter+=" -o"
+fi
+
+if [ "$print_error" == "true"  ]
+then
+      parameter+=" -e"
+fi
+
+echo | python "asyncssh-client-script.py" $parameter
+
+exit 0

clientImages/base/Dockerfile

@@ -0,0 +1,11 @@
+ARG VERSION=latest
+
+FROM alpine:${VERSION}
+RUN apk add --no-cache build-base \
+  git \
+  curl \
+  wget \
+  bash \
+  openssl-dev \
+  zlib-dev
+WORKDIR /src

clientImages/base/Dockerfile_debian

@@ -0,0 +1,16 @@
+ARG VERSION=latest
+
+FROM debian:${VERSION}
+ARG LIBSSL_VERSION
+RUN apt-get update && apt-get install -y \
+  build-essential \
+  cmake \
+  git \
+  curl \
+  wget \
+  bash \
+  libssl${LIBSSL_VERSION}-dev \
+  zlib1g-dev \
+  python3 \
+  && rm -rf /var/lib/apt/lists/*
+WORKDIR /src

clientImages/base/build-base-image.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+cd "$(dirname "$0")" || exit 1
+source "../helper-functions.sh"
+
+#_docker build --build-arg VERSION=3.14 -t alpine-build:3.14 .
+#
+#_docker build --build-arg VERSION=bullseye -f Dockerfile_debian -t debian-build:bullseye .
+_docker build --build-arg VERSION=stretch --build-arg LIBSSL_VERSION=1.0 -f Dockerfile_debian -t debian-build:stretch-libssl1.0 .
+
+exit "$EXITCODE"