-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement certified public key client auth #64
Implement certified public key client auth #64
Conversation
ada5843
to
2d79e4d
Compare
140b8cd
to
2cf4d21
Compare
XCTAssertNoThrow(try self.beginAuthentication(stateMachine: &stateMachine)) | ||
stateMachine.sendServiceRequest(.init(service: "ssh-userauth")) | ||
|
||
let dataToSign = UserAuthSignablePayload(sessionIdentifier: self.sessionID, userName: "foo", serviceName: "ssh-connection", publicKey: delegate.key.publicKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't look like it'll compile. Is there a key
member on InfinitePrivateKey
delegate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm using the wrong delegate type 🤦🏻♂️ give me a minute
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed!
@@ -720,4 +730,27 @@ final class UserAuthenticationStateMachineTests: XCTestCase { | |||
// Let's say we got a success. Happy path! | |||
XCTAssertNoThrow(try stateMachine.receiveUserAuthSuccess()) | |||
} | |||
|
|||
func testCertificateClientAuthFlow() throws { | |||
let delegate = InfinitePrivateKeyDelegate() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test is wrong: you aren't using your new delegate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, fixed!
Motivation: Right now there is no way to use certified public keys for user auth. Modifications: 1. Adds new init to PrivateKey 2. Updates UserAuthRequestMessage to support public key 3. Adds a test Result: Closes apple#63
2cf4d21
to
545cf28
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! This LGTM.
Motivation:
Right now there is no way to use certified public keys for user auth.
Modifications:
Result:
Closes #63