Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
publics
/
crypto
0
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

x/crypto/ssh: set constraints when adding certs to the agent

Fixes golang/go#15953

Change-Id: Ia36b5422bef14609d512c3f5055a3bffad18ce0f
Reviewed-on: https://go-review.googlesource.com/23752
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Niall Sheridan há 9 anos atrás
pai
5bcd134fee
commit
89d9e62992
2 ficheiros alterados com 56 adições e 13 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 16 13
      ssh/agent/client.go
  2. 40 0
      ssh/agent/client_test.go

+ 16 - 13
ssh/agent/client.go
Ver Ficheiro 

@@ -580,25 +580,28 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 
 		})
 
 	case *dsa.PrivateKey:
 
 		req = ssh.Marshal(dsaCertMsg{
 
-			Type:      cert.Type(),
 
-			CertBytes: cert.Marshal(),
 
-			X:         k.X,
 
-			Comments:  comment,
 
+			Type:        cert.Type(),
 
+			CertBytes:   cert.Marshal(),
 
+			X:           k.X,
 
+			Comments:    comment,
 
+			Constraints: constraints,
 
 		})
 
 	case *ecdsa.PrivateKey:
 
 		req = ssh.Marshal(ecdsaCertMsg{
 
-			Type:      cert.Type(),
 
-			CertBytes: cert.Marshal(),
 
-			D:         k.D,
 
-			Comments:  comment,
 
+			Type:        cert.Type(),
 
+			CertBytes:   cert.Marshal(),
 
+			D:           k.D,
 
+			Comments:    comment,
 
+			Constraints: constraints,
 
 		})
 
 	case ed25519.PrivateKey:
 
 		req = ssh.Marshal(ed25519CertMsg{
 
-			Type:      cert.Type(),
 
-			CertBytes: cert.Marshal(),
 
-			Pub:       []byte(k)[32:],
 
-			Priv:      []byte(k),
 
-			Comments:  comment,
 
+			Type:        cert.Type(),
 
+			CertBytes:   cert.Marshal(),
 
+			Pub:         []byte(k)[32:],
 
+			Priv:        []byte(k),
 
+			Comments:    comment,
 
+			Constraints: constraints,
 
 		})
 
 	default:
 
 		return fmt.Errorf("agent: unsupported key type %T", s)

+ 40 - 0
ssh/agent/client_test.go
Ver Ficheiro 

@@ -14,6 +14,7 @@ import (
 
 	"path/filepath"
 
 	"strconv"
 
 	"testing"
 
+	"time"
 
 
 	"golang.org/x/crypto/ssh"
 
 )
 
@@ -285,3 +286,42 @@ func testLockAgent(agent Agent, t *testing.T) {
 
 		t.Errorf("Want 1 keys, got %v", keys)
 
 	}
 
 }
 
+
 
+func TestAgentLifetime(t *testing.T) {
 
+	agent, _, cleanup := startAgent(t)
 
+	defer cleanup()
 
+
 
+	for _, keyType := range []string{"rsa", "dsa", "ecdsa"} {
 
+		// Add private keys to the agent.
 
+		err := agent.Add(AddedKey{
 
+			PrivateKey:   testPrivateKeys[keyType],
 
+			Comment:      "comment",
 
+			LifetimeSecs: 1,
 
+		})
 
+		if err != nil {
 
+			t.Fatalf("add: %v", err)
 
+		}
 
+		// Add certs to the agent.
 
+		cert := &ssh.Certificate{
 
+			Key:         testPublicKeys[keyType],
 
+			ValidBefore: ssh.CertTimeInfinity,
 
+			CertType:    ssh.UserCert,
 
+		}
 
+		cert.SignCert(rand.Reader, testSigners[keyType])
 
+		err = agent.Add(AddedKey{
 
+			PrivateKey:   testPrivateKeys[keyType],
 
+			Certificate:  cert,
 
+			Comment:      "comment",
 
+			LifetimeSecs: 1,
 
+		})
 
+		if err != nil {
 
+			t.Fatalf("add: %v", err)
 
+		}
 
+	}
 
+	time.Sleep(1100 * time.Millisecond)
 
+	if keys, err := agent.List(); err != nil {
 
+		t.Errorf("List: %v", err)
 
+	} else if len(keys) != 0 {
 
+		t.Errorf("Want 0 keys, got %v", len(keys))
 
+	}
 
+}