1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
13 "golang.org/x/crypto/ssh"
16 func TestServer(t *testing.T) {
17 c1, c2, err := netPipe()
19 t.Fatalf("netPipe: %v", err)
23 client := NewClient(c1)
25 go ServeAgent(NewKeyring(), c2)
27 testAgentInterface(t, client, testPrivateKeys["rsa"], nil, 0)
30 func TestLockServer(t *testing.T) {
31 testLockAgent(NewKeyring(), t)
34 func TestSetupForwardAgent(t *testing.T) {
35 a, b, err := netPipe()
37 t.Fatalf("netPipe: %v", err)
43 _, socket, cleanup := startAgent(t)
46 serverConf := ssh.ServerConfig{
49 serverConf.AddHostKey(testSigners["rsa"])
50 incoming := make(chan *ssh.ServerConn, 1)
52 conn, _, _, err := ssh.NewServerConn(a, &serverConf)
54 t.Fatalf("Server: %v", err)
59 conf := ssh.ClientConfig{
60 HostKeyCallback: ssh.InsecureIgnoreHostKey(),
62 conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
64 t.Fatalf("NewClientConn: %v", err)
66 client := ssh.NewClient(conn, chans, reqs)
68 if err := ForwardToRemote(client, socket); err != nil {
69 t.Fatalf("SetupForwardAgent: %v", err)
73 ch, reqs, err := server.OpenChannel(channelType, nil)
75 t.Fatalf("OpenChannel(%q): %v", channelType, err)
77 go ssh.DiscardRequests(reqs)
79 agentClient := NewClient(ch)
80 testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
84 func TestV1ProtocolMessages(t *testing.T) {
85 c1, c2, err := netPipe()
87 t.Fatalf("netPipe: %v", err)
93 go ServeAgent(NewKeyring(), c2)
95 testV1ProtocolMessages(t, c.(*client))
98 func testV1ProtocolMessages(t *testing.T, c *client) {
99 reply, err := c.call([]byte{agentRequestV1Identities})
101 t.Fatalf("v1 request all failed: %v", err)
103 if msg, ok := reply.(*agentV1IdentityMsg); !ok || msg.Numkeys != 0 {
104 t.Fatalf("invalid request all response: %#v", reply)
107 reply, err = c.call([]byte{agentRemoveAllV1Identities})
109 t.Fatalf("v1 remove all failed: %v", err)
111 if _, ok := reply.(*successAgentMsg); !ok {
112 t.Fatalf("invalid remove all response: %#v", reply)
116 func verifyKey(sshAgent Agent) error {
117 keys, err := sshAgent.List()
119 return fmt.Errorf("listing keys: %v", err)
123 return fmt.Errorf("bad number of keys found. expected 1, got %d", len(keys))
126 buf := make([]byte, 128)
127 if _, err := rand.Read(buf); err != nil {
128 return fmt.Errorf("rand: %v", err)
131 sig, err := sshAgent.Sign(keys[0], buf)
133 return fmt.Errorf("sign: %v", err)
136 if err := keys[0].Verify(buf, sig); err != nil {
137 return fmt.Errorf("verify: %v", err)
142 func addKeyToAgent(key crypto.PrivateKey) error {
143 sshAgent := NewKeyring()
144 if err := sshAgent.Add(AddedKey{PrivateKey: key}); err != nil {
145 return fmt.Errorf("add: %v", err)
147 return verifyKey(sshAgent)
150 func TestKeyTypes(t *testing.T) {
151 for k, v := range testPrivateKeys {
152 if err := addKeyToAgent(v); err != nil {
153 t.Errorf("error adding key type %s, %v", k, err)
155 if err := addCertToAgentSock(v, nil); err != nil {
156 t.Errorf("error adding key type %s, %v", k, err)
161 func addCertToAgentSock(key crypto.PrivateKey, cert *ssh.Certificate) error {
162 a, b, err := netPipe()
166 agentServer := NewKeyring()
167 go ServeAgent(agentServer, a)
169 agentClient := NewClient(b)
170 if err := agentClient.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
171 return fmt.Errorf("add: %v", err)
173 return verifyKey(agentClient)
176 func addCertToAgent(key crypto.PrivateKey, cert *ssh.Certificate) error {
177 sshAgent := NewKeyring()
178 if err := sshAgent.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
179 return fmt.Errorf("add: %v", err)
181 return verifyKey(sshAgent)
184 func TestCertTypes(t *testing.T) {
185 for keyType, key := range testPublicKeys {
186 cert := &ssh.Certificate{
187 ValidPrincipals: []string{"gopher1"},
189 ValidBefore: ssh.CertTimeInfinity,
192 CertType: ssh.UserCert,
193 SignatureKey: testPublicKeys["rsa"],
194 Permissions: ssh.Permissions{
195 CriticalOptions: map[string]string{},
196 Extensions: map[string]string{},
199 if err := cert.SignCert(rand.Reader, testSigners["rsa"]); err != nil {
200 t.Fatalf("signcert: %v", err)
202 if err := addCertToAgent(testPrivateKeys[keyType], cert); err != nil {
205 if err := addCertToAgentSock(testPrivateKeys[keyType], cert); err != nil {