Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(360)

Delta Between Two Patch Sets: ssh/certs_test.go

Issue 14540051: code review 14540051: go.crypto/ssh: Add certificate verification, step up su... (Closed)
Left Patch Set: diff -r 7fb39a59524c https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Right Patch Set: diff -r 5ff5636e18c9 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « ssh/certs.go ('k') | ssh/keys.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 // Copyright 2013 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package ssh
6
7 import (
8 "bytes"
9 "testing"
10 )
11
12 // Cert generated by ssh-keygen 6.0p1 Debian-4.
13 // % ssh-keygen -s ca-key -I test user-key
14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb 3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6 aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/ tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y 9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow 0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
15
16 func TestParseCert(t *testing.T) {
17 authKeyBytes := []byte(exampleSSHCert)
18
19 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes)
20 if !ok {
21 t.Fatalf("could not parse certificate")
22 }
23 if len(rest) > 0 {
24 t.Errorf("rest: got %q, want empty", rest)
25 }
26
27 if _, ok = key.(*OpenSSHCertV01); !ok {
28 t.Fatalf("got %#v, want *OpenSSHCertV01", key)
29 }
30
31 marshaled := MarshalAuthorizedKey(key)
32 // Before comparison, remove the trailing newline that
33 // MarshalAuthorizedKey adds.
34 marshaled = marshaled[:len(marshaled)-1]
35 if !bytes.Equal(authKeyBytes, marshaled) {
36 t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, authKeyBytes)
37 }
38 }
39
40 func TestVerifyCert(t *testing.T) {
41 key, _, _, _, _ := ParseAuthorizedKey([]byte(exampleSSHCert))
42 validCert := key.(*OpenSSHCertV01)
43 if ok := validateOpenSSHCertV01Signature(validCert); !ok {
44 t.Error("Unable to validate certificate!")
45 }
46
47 invalidCert := &OpenSSHCertV01{
48 Key: rsaKey.PublicKey(),
49 SignatureKey: ecdsaKey.PublicKey(),
50 Signature: &signature{},
51 }
52 if ok := validateOpenSSHCertV01Signature(invalidCert); ok {
53 t.Error("Invalid cert signature passed validation!")
54 }
55 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b