Skip to content
Snippets Groups Projects
Select Git revision
  • cc3c74ffdbec0b8b411afbbfac56f34d96553015
  • ballinvoher default protected
  • client-http-server-for-token
  • master
  • gitlab-auth-issue
  • windows
  • microsoft
  • message
  • azure_auth
  • prometheus
  • permission-templates
  • no-datastore
  • save-public-keys
  • gitlab-group-level-start
  • v1.1.0
  • v1.0.0
  • v0.1
17 results

signer_test.go

Blame
  • signer_test.go 1.81 KiB
    package signer
    
    import (
    	"bytes"
    	"reflect"
    	"testing"
    	"time"
    
    	"github.com/nsheridan/cashier/lib"
    	"github.com/nsheridan/cashier/testdata"
    
    	"golang.org/x/crypto/ssh"
    )
    
    var (
    	key, _ = ssh.ParsePrivateKey(testdata.Priv)
    	signer = &KeySigner{
    		ca:         key,
    		validity:   12 * time.Hour,
    		principals: []string{"ec2-user"},
    	}
    )
    
    func TestSign(t *testing.T) {
    	s := &lib.SignRequest{
    		Key:        string(testdata.Pub),
    		Principal:  "gopher1",
    		ValidUntil: time.Now().Add(1 * time.Hour),
    	}
    	ret, err := signer.Sign(s)
    	if err != nil {
    		t.Fatal(err)
    	}
    
    	c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret))
    	cert, ok := c.(*ssh.Certificate)
    	if !ok {
    		t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert)
    	}
    }
    
    func TestCert(t *testing.T) {
    	r := &lib.SignRequest{
    		Key:        string(testdata.Pub),
    		Principal:  "gopher1",
    		ValidUntil: time.Now().Add(1 * time.Hour),
    	}
    	ret, err := signer.Sign(r)
    	if err != nil {
    		t.Fatal(err)
    	}
    	c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret))
    	cert, ok := c.(*ssh.Certificate)
    	if !ok {
    		t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert)
    	}
    	if !bytes.Equal(cert.SignatureKey.Marshal(), signer.ca.PublicKey().Marshal()) {
    		t.Fatal("Cert signer and server signer don't match")
    	}
    	var principals []string
    	principals = append(principals, r.Principal)
    	principals = append(principals, signer.principals...)
    	if !reflect.DeepEqual(cert.ValidPrincipals, principals) {
    		t.Fatalf("Expected %s, got %s", cert.ValidPrincipals, principals)
    	}
    	k1, _, _, _, err := ssh.ParseAuthorizedKey([]byte(r.Key))
    	k2 := cert.Key
    	if !bytes.Equal(k1.Marshal(), k2.Marshal()) {
    		t.Fatal("Cert key doesn't match public key")
    	}
    	if cert.ValidBefore != uint64(r.ValidUntil.Unix()) {
    		t.Fatalf("Invalid validity, expected %d, got %d", r.ValidUntil, cert.ValidBefore)
    	}
    }