-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathsshcert_test.go
145 lines (131 loc) · 3.41 KB
/
sshcert_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package sshcert
import (
"fmt"
"io/ioutil"
"log"
"strings"
"testing"
)
func TestCreatePrivateKey(t *testing.T) {
key, err := createPrivateKey()
if err != nil {
t.Fatalf("Could not generate private key: %s", err)
}
if key == nil {
t.Fatalf("key is nil")
}
}
func ExampleNewCA() {
// Your CA is has sensitive fields. It contains a PrivateKey
// that is the root of all trust in your infrastructure.
ca, err := NewCA()
if err != nil {
log.Fatalf("Could not create new ca: %s", err)
}
// This will print the public key of your certificate authority
// in a format that can be used by the `TrustedUserCAKeys` sshd
// config directive.
fmt.Println(ca)
}
func TestNewCA(t *testing.T) {
_, err := NewCA()
if err != nil {
t.Fatalf("Could not create ca: %s", err)
}
}
func TestPublicKeyString(t *testing.T) {
ca, _ := NewCA()
_, err := ParsePublicKey(ca.String())
if err != nil {
t.Fatalf("Could not parse public key: %s", err)
}
}
func TestParsePublicKey(t *testing.T) {
pubBytes, _ := ioutil.ReadFile("testfiles/testkeys.pub")
_, err := ParsePublicKey(string(pubBytes))
if err != nil {
t.Fatalf("Could not parse public key: %s", err)
}
}
func ExampleParsePublicKey() {
// To parse ssh public keys
pubBytes, _ := ioutil.ReadFile("example.pub")
pubKey, err := ParsePublicKey(string(pubBytes))
if err != nil {
log.Fatalf("Could not parse public key: %s", err)
}
fmt.Println(pubKey)
}
func TestSignCert(t *testing.T) {
tests := []struct {
algo string
fileName string
}{
{algo: "ecdsa-sha2-nistp256-cert-v01@openssh.com", fileName: "testkeys.pub"},
{algo: "ssh-ed25519-cert-v01@openssh.com", fileName: "ed25519_test_key.pub"},
}
for _, tc := range tests {
ca, _ := NewCA()
pubBytes, _ := ioutil.ReadFile(fmt.Sprintf("testfiles/%s", tc.fileName))
pub, _ := ParsePublicKey(string(pubBytes))
signArgs := NewSigningArguments([]string{"root"})
c, err := ca.SignCert(pub, signArgs)
if err != nil {
t.Fatalf("Could not sign cert: %s", err)
}
if c.Type() != tc.algo {
t.Fatalf("Certificate and public key type do not match: %s != %s", c.Type(), tc.algo)
}
}
}
func TestGenerateNonce(t *testing.T) {
r := randomHex()
if len(r) != 32 {
t.Fatalf("Invalid nonce generated: %s", r)
}
}
func TestToBytesAndBack(t *testing.T) {
ca, _ := NewCA()
buf, err := ca.Bytes()
if err != nil {
t.Fatalf("Could not marshal ca: %s", err)
}
var ca2 CA
err = ca2.FromBytes(buf)
if err != nil {
t.Fatalf("Could not unmarshal ca: %s", err)
}
if ca.PrivateKey.D.Cmp(ca2.PrivateKey.D) != 0 {
t.Fatal("The private keys are different after marshal/unmarshal")
}
}
func TestSetCAName(t *testing.T) {
ca, _ := NewCA()
ca.SetName("mycahello")
s := ca.String()
if !strings.Contains(s, "mycahello") {
t.Fatal("CA pub key does not contain the proper name")
}
if strings.Contains(s, "ejj.io") {
t.Fatal("CA pub key contains the default name")
}
}
func TestPrivateString(t *testing.T) {
ca, _ := NewCA()
priv, err := ca.PrivateString()
if err != nil {
t.Fatalf("Could not PEM encode private key: %s", err)
}
if !strings.Contains(priv, pemHeader) {
t.Fatal("Could not find SSHCert header in PEM private key")
}
// Now we need to attempt to parse it.
var ca2 CA
err = ca2.ParsePrivateString([]byte(priv))
if err != nil {
t.Fatalf("Could not parse PEM encoded syntax: %s", err)
}
if ca.PrivateKey.D.Cmp(ca2.PrivateKey.D) != 0 {
t.Fatal("The private keys are different pem encode decode")
}
}