diff --git a/cmd/cashier/client_test.go b/cmd/cashier/client_test.go
index b82d78fe865dce6be6d96e06ca0c2ed997b9e16a..dcf674b294429cfea050884c86b87160c8484a67 100644
--- a/cmd/cashier/client_test.go
+++ b/cmd/cashier/client_test.go
@@ -9,6 +9,7 @@ import (
"net/http"
"net/http/httptest"
"testing"
+ "time"
"github.com/nsheridan/cashier/lib"
"github.com/nsheridan/cashier/testdata"
@@ -22,6 +23,7 @@ func TestLoadCert(t *testing.T) {
key := priv.(*rsa.PrivateKey)
pub, _ := ssh.NewPublicKey(&key.PublicKey)
c := &ssh.Certificate{
+ KeyId: "test_key_12345",
Key: pub,
CertType: ssh.UserCert,
ValidBefore: ssh.CertTimeInfinity,
@@ -46,6 +48,13 @@ func TestLoadCert(t *testing.T) {
if !bytes.Equal(listedKeys[0].Marshal(), c.Marshal()) {
t.Fatal("Certs not equal")
}
+ for _, k := range listedKeys {
+ exp := time.Unix(int64(c.ValidBefore), 0).String()
+ want := fmt.Sprintf("%s [Expires %s]", c.KeyId, exp)
+ if k.Comment != want {
+ t.Errorf("key comment:\nwanted:%s\ngot: %s", want, k.Comment)
+ }
+ }
}
func TestSignGood(t *testing.T) {
diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go
index 047c13e24d96f786b8463f3e1517cca2acbf782d..72355e321b2610ac8257199501981c3546d8098f 100644
--- a/cmd/cashier/main.go
+++ b/cmd/cashier/main.go
@@ -32,11 +32,13 @@ var (
)
func installCert(a agent.Agent, cert *ssh.Certificate, key key) error {
- lifetime := time.Unix(int64(cert.ValidBefore), 0).Sub(time.Now()).Seconds()
+ t := time.Unix(int64(cert.ValidBefore), 0)
+ lifetime := t.Sub(time.Now()).Seconds()
+ comment := fmt.Sprintf("%s [Expires %s]", cert.KeyId, t)
pubcert := agent.AddedKey{
PrivateKey: key,
Certificate: cert,
- Comment: cert.KeyId,
+ Comment: comment,
LifetimeSecs: uint32(lifetime),
}
if err := a.Add(pubcert); err != nil {
@@ -44,7 +46,7 @@ func installCert(a agent.Agent, cert *ssh.Certificate, key key) error {
}
privkey := agent.AddedKey{
PrivateKey: key,
- Comment: cert.KeyId,
+ Comment: comment,
LifetimeSecs: uint32(lifetime),
}
if err := a.Add(privkey); err != nil {