vendor/golang.org/x/crypto/ssh/test/cert_test.go

   1 // Copyright 2014 The Go Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style
   3 // license that can be found in the LICENSE file.
   4
   5 // +build darwin dragonfly freebsd linux netbsd openbsd
   6
   7 package test
   8
   9 import (
  10         "bytes"
  11         "crypto/rand"
  12         "testing"
  13
  14         "golang.org/x/crypto/ssh"
  15 )
  16
  17 // Test both logging in with a cert, and also that the certificate presented by an OpenSSH host can be validated correctly
  18 func TestCertLogin(t *testing.T) {
  19         s := newServer(t)
  20         defer s.Shutdown()
  21
  22         // Use a key different from the default.
  23         clientKey := testSigners["dsa"]
  24         caAuthKey := testSigners["ecdsa"]
  25         cert := &ssh.Certificate{
  26                 Key:             clientKey.PublicKey(),
  27                 ValidPrincipals: []string{username()},
  28                 CertType:        ssh.UserCert,
  29                 ValidBefore:     ssh.CertTimeInfinity,
  30         }
  31         if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
  32                 t.Fatalf("SetSignature: %v", err)
  33         }
  34
  35         certSigner, err := ssh.NewCertSigner(cert, clientKey)
  36         if err != nil {
  37                 t.Fatalf("NewCertSigner: %v", err)
  38         }
  39
  40         conf := &ssh.ClientConfig{
  41                 User: username(),
  42                 HostKeyCallback: (&ssh.CertChecker{
  43                         IsHostAuthority: func(pk ssh.PublicKey, addr string) bool {
  44                                 return bytes.Equal(pk.Marshal(), testPublicKeys["ca"].Marshal())
  45                         },
  46                 }).CheckHostKey,
  47         }
  48         conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
  49
  50         for _, test := range []struct {
  51                 addr    string
  52                 succeed bool
  53         }{
  54                 {addr: "host.example.com:22", succeed: true},
  55                 {addr: "host.example.com:10000", succeed: true}, // non-standard port must be OK
  56                 {addr: "host.example.com", succeed: false},      // port must be specified
  57                 {addr: "host.ex4mple.com:22", succeed: false},   // wrong host
  58         } {
  59                 client, err := s.TryDialWithAddr(conf, test.addr)
  60
  61                 // Always close client if opened successfully
  62                 if err == nil {
  63                         client.Close()
  64                 }
  65
  66                 // Now evaluate whether the test failed or passed
  67                 if test.succeed {
  68                         if err != nil {
  69                                 t.Fatalf("TryDialWithAddr: %v", err)
  70                         }
  71                 } else {
  72                         if err == nil {
  73                                 t.Fatalf("TryDialWithAddr, unexpected success")
  74                         }
  75                 }
  76         }
  77 }