Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2013 The Go Authors. All rights reserved. | 1 // Copyright 2013 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "bytes" | 8 "bytes" |
9 "testing" | 9 "testing" |
10 ) | 10 ) |
11 | 11 |
12 // Cert generated by ssh-keygen 6.0p1 Debian-4. | 12 // Cert generated by ssh-keygen 6.0p1 Debian-4. |
13 // % ssh-keygen -s ca-key -I test user-key | 13 // % ssh-keygen -s ca-key -I test user-key |
14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb 3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6 aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/ tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y 9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow 0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=` | 14 var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb 3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCko R51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6 aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAA AAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJta XQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVyb Wl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAA ABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/ tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y 9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow 0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=` |
15 | |
16 /* Structure of the base64 section of exampleSSHCert is as follows: | |
hanwen-google
2013/10/16 20:45:24
this can go now?
jmpittman
2013/10/16 20:51:08
Done.
| |
17 Field Position Length Value | |
18 | |
19 AlgoLen 0 4 | |
20 Algo 4 28 "ssh-rsa-cert-v01@openss h.com" | |
21 Certificate 32 564 | |
22 | |
23 The below field positions are all relative to the start of the certificate to | |
24 match how we parse the certificate. | |
25 NonceLen 0 4 | |
26 Nonce 4 32 | |
27 PublicExponentLen 36 4 | |
28 PublicExponent 40 3 | |
29 ModulusLen 43 4 | |
30 Modulus 47 97 | |
31 Serial 144 8 | |
32 CertType 152 4 | |
33 KeyIdLen 156 4 | |
34 KeyId 160 4 "test" | |
35 ValidPrincipalsLen 164 4 | |
36 ValidPrincipals 0 (none) | |
37 ValidAfter 168 8 | |
38 ValidBefore 176 8 | |
39 CriticalOptionsLen 184 4 | |
40 CriticalOptions 0 (none) | |
41 ExtensionsLength 188 4 | |
42 Extensions 192 130 | |
43 Extension1 | |
44 NameLen 192 4 | |
45 Name 196 21 "permit-X11-forwarding" | |
46 DataLen 217 4 | |
47 Data 0 | |
48 Extension2 | |
49 NameLen 221 4 | |
50 Name 225 23 "permit-agent-forwarding " | |
51 DataLen 248 4 | |
52 Data 0 | |
53 Extension3 | |
54 NameLen 252 4 | |
55 Name 256 22 "permit-port-forwarding" | |
56 DataLen 278 4 | |
57 Data 0 | |
58 Extension4 | |
59 NameLen 282 4 | |
60 Name 286 10 "permit-pty" | |
61 DataLen 296 4 | |
62 Data 0 | |
63 Extension5 | |
64 NameLen 300 4 | |
65 Name 304 14 "permit-user-rc" | |
66 DataLen 318 4 | |
67 Data 0 | |
68 ReservedLen 322 4 | |
69 Reserved 0 | |
70 SignatureKeyLen 326 4 | |
71 SignatureKey 330 119 | |
72 AlgoLen 330 4 | |
73 Algo 334 7 "ssh-rsa" | |
74 PublicExponentLen 341 4 | |
75 PublicExponent 345 3 | |
76 ModulusLen 348 4 | |
77 Modulus 352 97 | |
78 SignatureLen 449 4 | |
79 Signature 453 111 | |
80 FormatLen 453 4 | |
81 Format 457 7 "ssh-rsa" | |
82 BlobLen 464 4 | |
83 Blob 468 96 | |
84 */ | |
85 | 15 |
86 func TestParseCert(t *testing.T) { | 16 func TestParseCert(t *testing.T) { |
87 authKeyBytes := []byte(exampleSSHCert) | 17 authKeyBytes := []byte(exampleSSHCert) |
88 | 18 |
89 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes) | 19 key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes) |
90 if !ok { | 20 if !ok { |
91 t.Fatalf("could not parse certificate") | 21 t.Fatalf("could not parse certificate") |
92 } | 22 } |
93 if len(rest) > 0 { | 23 if len(rest) > 0 { |
94 t.Errorf("rest: got %q, want empty", rest) | 24 t.Errorf("rest: got %q, want empty", rest) |
(...skipping 21 matching lines...) Expand all Loading... | |
116 | 46 |
117 invalidCert := &OpenSSHCertV01{ | 47 invalidCert := &OpenSSHCertV01{ |
118 Key: rsaKey.PublicKey(), | 48 Key: rsaKey.PublicKey(), |
119 SignatureKey: ecdsaKey.PublicKey(), | 49 SignatureKey: ecdsaKey.PublicKey(), |
120 Signature: &signature{}, | 50 Signature: &signature{}, |
121 } | 51 } |
122 if ok := validateOpenSSHCertV01Signature(invalidCert); ok { | 52 if ok := validateOpenSSHCertV01Signature(invalidCert); ok { |
123 t.Error("Invalid cert signature passed validation!") | 53 t.Error("Invalid cert signature passed validation!") |
124 } | 54 } |
125 } | 55 } |
LEFT | RIGHT |