GerritCodeReview
diff --git a/‎org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+3-1 b/‎org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+3-1
diff --git a/‎org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
+5 b/‎org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
+5
diff --git a/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
+20 b/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
+20
diff --git a/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
+14 b/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
+14
diff --git a/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/agent/ConnectorFactoryProvider.java
+51 b/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/agent/ConnectorFactoryProvider.java
+51
diff --git a/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/agent/JGitSshAgentFactory.java
+72 b/‎org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/agent/JGitSshAgentFactory.java
+72
@@ -23,6 +23,7 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="6.0.0";x-inter
    org.apache.sshd.common.signature,
    org.apache.sshd.common.util.buffer,
    org.eclipse.jgit.transport",
+ org.eclipse.jgit.internal.transport.sshd.agent;version="6.0.0";x-internal:=true,
  org.eclipse.jgit.internal.transport.sshd.auth;version="6.0.0";x-internal:=true,
  org.eclipse.jgit.internal.transport.sshd.proxy;version="6.0.0";x-friends:="org.eclipse.jgit.ssh.apache.test",
  org.eclipse.jgit.transport.sshd;version="6.0.0";
@@ -31,7 +32,8 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="6.0.0";x-inter
    org.apache.sshd.common.keyprovider,
    org.eclipse.jgit.util,
    org.apache.sshd.client.session,
-   org.apache.sshd.client.keyverifier"
+   org.apache.sshd.client.keyverifier",
+ org.eclipse.jgit.transport.sshd.agent;version="6.0.0"
 Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
  org.apache.sshd.agent;version="[2.7.0,2.8.0)",
  org.apache.sshd.client;version="[2.7.0,2.8.0)",
 
@@ -19,6 +19,7 @@ identityFileNoKey=No keys found in identity {0}
 identityFileMultipleKeys=Multiple key pairs found in identity {0}
 identityFileNotFound=Skipping identity ''{0}'': file not found
 identityFileUnsupportedFormat=Unsupported format in identity {0}
+invalidSignatureAlgorithm=Signature algorithm ''{0}'' is not valid for a key of type ''{1}''
 kexServerKeyInvalid=Server key did not validate
 keyEncryptedMsg=Key ''{0}'' is encrypted. Enter the passphrase to decrypt it.
 keyEncryptedPrompt=Passphrase
@@ -84,6 +85,10 @@ serverIdTooLong=Server identification is longer than 255 characters (including l
 serverIdWithNul=Server identification contains a NUL character: {0}
 sessionCloseFailed=Closing the session failed
 sessionWithoutUsername=SSH session created without user name; cannot authenticate
+sshAgentReplyLengthError=Invalid SSH agent reply message length {0} after command {1}
+sshAgentReplyUnexpected=Unexpected reply from ssh-agent: {0}
+sshAgentShortReadBuffer=Short read from SSH agent
+sshAgentWrongNumberOfKeys=Invalid number of SSH agent keys: {0}
 sshClosingDown=Apache MINA sshd session factory is closing down; cannot create new ssh sessions on this factory
 sshCommandTimeout={0} timed out after {1} seconds while opening the channel
 sshProcessStillRunning={0} is not yet completed, cannot get exit code
 
@@ -32,8 +32,10 @@
 import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.Objects;
+import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
+import org.apache.sshd.agent.SshAgentFactory;
 import org.apache.sshd.client.SshClient;
 import org.apache.sshd.client.config.hosts.HostConfigEntry;
 import org.apache.sshd.client.future.ConnectFuture;
@@ -100,6 +102,8 @@ public class JGitSshClient extends SshClient {
 
 	private ProxyDataFactory proxyDatabase;
 
+	private Supplier<SshAgentFactory> agentFactorySupplier = () -> null;
+
 	@Override
 	protected SessionFactory createSessionFactory() {
 		// Override the parent's default
@@ -368,6 +372,22 @@ public CredentialsProvider getCredentialsProvider() {
 		return credentialsProvider;
 	}
 
+	@Override
+	public SshAgentFactory getAgentFactory() {
+		return agentFactorySupplier.get();
+	}
+
+	@Override
+	protected void checkConfig() {
+		// The super class requires channel factories for agent forwarding if a
+		// factory for an SSH agent is set. We haven't implemented this yet, and
+		// we don't do SSH agent forwarding for now. Unfortunately, there is no
+		// way to bypass this check in the super class except making
+		// getAgentFactory() return null until after the check.
+		super.checkConfig();
+		agentFactorySupplier = super::getAgentFactory;
+	}
+
 	/**
 	 * A {@link SessionFactory} to create our own specialized
 	 * {@link JGitClientSession}s.
 
@@ -1,3 +1,12 @@
+/*
+ * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0 which is available at
+ * https://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
 package org.eclipse.jgit.internal.transport.sshd;
 
 import org.eclipse.jgit.nls.NLS;
@@ -39,6 +48,7 @@ public static SshdText get() {
 	/***/ public String identityFileMultipleKeys;
 	/***/ public String identityFileNotFound;
 	/***/ public String identityFileUnsupportedFormat;
+	/***/ public String invalidSignatureAlgorithm;
 	/***/ public String kexServerKeyInvalid;
 	/***/ public String keyEncryptedMsg;
 	/***/ public String keyEncryptedPrompt;
@@ -96,6 +106,10 @@ public static SshdText get() {
 	/***/ public String serverIdWithNul;
 	/***/ public String sessionCloseFailed;
 	/***/ public String sessionWithoutUsername;
+	/***/ public String sshAgentReplyLengthError;
+	/***/ public String sshAgentReplyUnexpected;
+	/***/ public String sshAgentShortReadBuffer;
+	/***/ public String sshAgentWrongNumberOfKeys;
 	/***/ public String sshClosingDown;
 	/***/ public String sshCommandTimeout;
 	/***/ public String sshProcessStillRunning;
 
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2021, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0 which is available at
+ * https://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+package org.eclipse.jgit.internal.transport.sshd.agent;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import org.eclipse.jgit.transport.sshd.agent.ConnectorFactory;
+
+/**
+ * Provides a {@link ConnectorFactory} obtained via the {@link ServiceLoader}.
+ */
+public final class ConnectorFactoryProvider {
+
+	private static final ConnectorFactory FACTORY = loadDefaultFactory();
+
+	private static ConnectorFactory loadDefaultFactory() {
+		ServiceLoader<ConnectorFactory> loader = ServiceLoader
+				.load(ConnectorFactory.class);
+		Iterator<ConnectorFactory> iter = loader.iterator();
+		while (iter.hasNext()) {
+			ConnectorFactory candidate = iter.next();
+			if (candidate.isSupported()) {
+				return candidate;
+			}
+		}
+		return null;
+
+	}
+
+	private ConnectorFactoryProvider() {
+		// No instantiation
+	}
+
+	/**
+	 * Retrieves the default {@link ConnectorFactory} obtained via the
+	 * {@link ServiceLoader}.
+	 *
+	 * @return the {@link ConnectorFactory}, or {@code null} if none.
+	 */
+	public static ConnectorFactory getDefaultFactory() {
+		return FACTORY;
+	}
+}
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2021, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0 which is available at
+ * https://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+package org.eclipse.jgit.internal.transport.sshd.agent;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.sshd.agent.SshAgent;
+import org.apache.sshd.agent.SshAgentFactory;
+import org.apache.sshd.agent.SshAgentServer;
+import org.apache.sshd.common.FactoryManager;
+import org.apache.sshd.common.channel.ChannelFactory;
+import org.apache.sshd.common.session.ConnectionService;
+import org.eclipse.jgit.annotations.NonNull;
+import org.eclipse.jgit.transport.sshd.agent.ConnectorFactory;
+
+/**
+ * A factory for creating {@link SshAgentClient}s.
+ */
+public class JGitSshAgentFactory implements SshAgentFactory {
+
+	private final @NonNull ConnectorFactory factory;
+
+	private final File homeDir;
+
+	/**
+	 * Creates a new {@link JGitSshAgentFactory}.
+	 *
+	 * @param factory
+	 *            {@link JGitSshAgentFactory} to wrap
+	 * @param homeDir
+	 *            for obtaining the current local user's home directory
+	 */
+	public JGitSshAgentFactory(@NonNull ConnectorFactory factory,
+			File homeDir) {
+		this.factory = factory;
+		this.homeDir = homeDir;
+	}
+
+	@Override
+	public List<ChannelFactory> getChannelForwardingFactories(
+			FactoryManager manager) {
+		// No agent forwarding supported yet.
+		return Collections.emptyList();
+	}
+
+	@Override
+	public SshAgent createClient(FactoryManager manager) throws IOException {
+		// sshd 2.8.0 will pass us the session here. At that point, we can get
+		// the HostConfigEntry and extract and handle the IdentityAgent setting.
+		// For now, pass null to let the ConnectorFactory do its default
+		// behavior (Pageant on Windows, SSH_AUTH_SOCK on Unixes with the
+		// jgit-builtin factory).
+		return new SshAgentClient(factory.create(null, homeDir));
+	}
+
+	@Override
+	public SshAgentServer createServer(ConnectionService service)
+			throws IOException {
+		// This should be called in a server only.
+		return null;
+	}
+}