LEFT | RIGHT |
(no file at all) | |
| 1 // Copyright 2013 The Go Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style |
| 3 // license that can be found in the LICENSE file. |
| 4 |
| 5 package ssh |
| 6 |
| 7 import ( |
| 8 "bytes" |
| 9 "testing" |
| 10 ) |
| 11 |
| 12 // Cert generated by ssh-keygen 6.0p1 Debian-4. |
| 13 // % ssh-keygen -s ca-key -I test user-key |
| 14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb
3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko
R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6
aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA
AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta
XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb
Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA
ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/
tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y
9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow
0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=` |
| 15 |
| 16 func TestParseCert(t *testing.T) { |
| 17 authKeyBytes := []byte(exampleSSHCert) |
| 18 |
| 19 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes) |
| 20 if !ok { |
| 21 t.Fatalf("could not parse certificate") |
| 22 } |
| 23 if len(rest) > 0 { |
| 24 t.Errorf("rest: got %q, want empty", rest) |
| 25 } |
| 26 |
| 27 if _, ok = key.(*OpenSSHCertV01); !ok { |
| 28 t.Fatalf("got %#v, want *OpenSSHCertV01", key) |
| 29 } |
| 30 |
| 31 marshaled := MarshalAuthorizedKey(key) |
| 32 // Before comparison, remove the trailing newline that |
| 33 // MarshalAuthorizedKey adds. |
| 34 marshaled = marshaled[:len(marshaled)-1] |
| 35 if !bytes.Equal(authKeyBytes, marshaled) { |
| 36 t.Errorf("marshaled certificate does not match original: got %q,
want %q", marshaled, authKeyBytes) |
| 37 } |
| 38 } |
| 39 |
| 40 func TestVerifyCert(t *testing.T) { |
| 41 key, _, _, _, _ := ParseAuthorizedKey([]byte(exampleSSHCert)) |
| 42 validCert := key.(*OpenSSHCertV01) |
| 43 if ok := validateOpenSSHCertV01Signature(validCert); !ok { |
| 44 t.Error("Unable to validate certificate!") |
| 45 } |
| 46 |
| 47 invalidCert := &OpenSSHCertV01{ |
| 48 Key: rsaKey.PublicKey(), |
| 49 SignatureKey: ecdsaKey.PublicKey(), |
| 50 Signature: &signature{}, |
| 51 } |
| 52 if ok := validateOpenSSHCertV01Signature(invalidCert); ok { |
| 53 t.Error("Invalid cert signature passed validation!") |
| 54 } |
| 55 } |
LEFT | RIGHT |