Home Explore Help
Register Sign In
packages
/
crypto
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 34df1ce598
Branches Tags
crypto
/
ssh
/
certs_test.go

certs_test.go 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. // Copyright 2013 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package ssh
    6. 

  6. 

  7. import (
    8. 

  8. 	"bytes"
    9. 

  9. 	"testing"
    10. 

  10. )
    11. 

  11. 

  12. // Cert generated by ssh-keygen 6.0p1 Debian-4.
    13. 

  13. // % ssh-keygen -s ca-key -I test user-key
    14. 

  14. var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
    15. 

  15. 

  16. func TestParseCert(t *testing.T) {
    17. 

  17. 	authKeyBytes := []byte(exampleSSHCert)
    18. 

  18. 

  19. 	key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes)
    20. 

  20. 	if !ok {
    21. 

  21. 		t.Fatalf("could not parse certificate")
    22. 

  22. 	}
    23. 

  23. 	if len(rest) > 0 {
    24. 

  24. 		t.Errorf("rest: got %q, want empty", rest)
    25. 

  25. 	}
    26. 

  26. 

  27. 	if _, ok = key.(*OpenSSHCertV01); !ok {
    28. 

  28. 		t.Fatalf("got %#v, want *OpenSSHCertV01", key)
    29. 

  29. 	}
    30. 

  30. 

  31. 	marshaled := MarshalAuthorizedKey(key)
    32. 

  32. 	// Before comparison, remove the trailing newline that
    33. 

  33. 	// MarshalAuthorizedKey adds.
    34. 

  34. 	marshaled = marshaled[:len(marshaled)-1]
    35. 

  35. 	if !bytes.Equal(authKeyBytes, marshaled) {
    36. 

  36. 		t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, authKeyBytes)
    37. 

  37. 	}
    38. 

  38. }
    39. 

  39. 

  40. func TestVerifyCert(t *testing.T) {
    41. 

  41. 	key, _, _, _, _ := ParseAuthorizedKey([]byte(exampleSSHCert))
    42. 

  42. 	validCert := key.(*OpenSSHCertV01)
    43. 

  43. 	if ok := validateOpenSSHCertV01Signature(validCert); !ok {
    44. 

  44. 		t.Error("Unable to validate certificate!")
    45. 

  45. 	}
    46. 

  46. 

  47. 	invalidCert := &OpenSSHCertV01{
    48. 

  48. 		Key:          rsaKey.PublicKey(),
    49. 

  49. 		SignatureKey: ecdsaKey.PublicKey(),
    50. 

  50. 		Signature:    &signature{},
    51. 

  51. 	}
    52. 

  52. 	if ok := validateOpenSSHCertV01Signature(invalidCert); ok {
    53. 

  53. 		t.Error("Invalid cert signature passed validation!")
    54. 

  54. 	}
    55. 

  55. }
    56.