mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-18 08:26:45 +02:00
56 lines
2.3 KiB
Go
56 lines
2.3 KiB
Go
// Copyright 2013 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"bytes"
|
|
"testing"
|
|
)
|
|
|
|
// Cert generated by ssh-keygen 6.0p1 Debian-4.
|
|
// % ssh-keygen -s ca-key -I test user-key
|
|
var exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
|
|
|
|
func TestParseCert(t *testing.T) {
|
|
authKeyBytes := []byte(exampleSSHCert)
|
|
|
|
key, _, _, rest, ok := ParseAuthorizedKey(authKeyBytes)
|
|
if !ok {
|
|
t.Fatalf("could not parse certificate")
|
|
}
|
|
if len(rest) > 0 {
|
|
t.Errorf("rest: got %q, want empty", rest)
|
|
}
|
|
|
|
if _, ok = key.(*OpenSSHCertV01); !ok {
|
|
t.Fatalf("got %#v, want *OpenSSHCertV01", key)
|
|
}
|
|
|
|
marshaled := MarshalAuthorizedKey(key)
|
|
// Before comparison, remove the trailing newline that
|
|
// MarshalAuthorizedKey adds.
|
|
marshaled = marshaled[:len(marshaled)-1]
|
|
if !bytes.Equal(authKeyBytes, marshaled) {
|
|
t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, authKeyBytes)
|
|
}
|
|
}
|
|
|
|
func TestVerifyCert(t *testing.T) {
|
|
key, _, _, _, _ := ParseAuthorizedKey([]byte(exampleSSHCert))
|
|
validCert := key.(*OpenSSHCertV01)
|
|
if ok := validateOpenSSHCertV01Signature(validCert); !ok {
|
|
t.Error("Unable to validate certificate!")
|
|
}
|
|
|
|
invalidCert := &OpenSSHCertV01{
|
|
Key: rsaKey.PublicKey(),
|
|
SignatureKey: ecdsaKey.PublicKey(),
|
|
Signature: &signature{},
|
|
}
|
|
if ok := validateOpenSSHCertV01Signature(invalidCert); ok {
|
|
t.Error("Invalid cert signature passed validation!")
|
|
}
|
|
}
|