aboutsummaryrefslogtreecommitdiff
path: root/server/signer
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-04-19 22:53:42 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-04-19 22:53:42 +0100
commitcc3c74ffdbec0b8b411afbbfac56f34d96553015 (patch)
treed42f8f84479a1e22d92432c7bdcd9cbed1669c0c /server/signer
parent93da00c2f28d647cf770758165d4d79a53589f2e (diff)
SSH signer tests
Diffstat (limited to 'server/signer')
-rw-r--r--server/signer/signer_test.go74
1 files changed, 74 insertions, 0 deletions
diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go
new file mode 100644
index 0000000..6ee67ee
--- /dev/null
+++ b/server/signer/signer_test.go
@@ -0,0 +1,74 @@
+package signer
+
+import (
+ "bytes"
+ "reflect"
+ "testing"
+ "time"
+
+ "github.com/nsheridan/cashier/lib"
+ "github.com/nsheridan/cashier/testdata"
+
+ "golang.org/x/crypto/ssh"
+)
+
+var (
+ key, _ = ssh.ParsePrivateKey(testdata.Priv)
+ signer = &KeySigner{
+ ca: key,
+ validity: 12 * time.Hour,
+ principals: []string{"ec2-user"},
+ }
+)
+
+func TestSign(t *testing.T) {
+ s := &lib.SignRequest{
+ Key: string(testdata.Pub),
+ Principal: "gopher1",
+ ValidUntil: time.Now().Add(1 * time.Hour),
+ }
+ ret, err := signer.Sign(s)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret))
+ cert, ok := c.(*ssh.Certificate)
+ if !ok {
+ t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert)
+ }
+}
+
+func TestCert(t *testing.T) {
+ r := &lib.SignRequest{
+ Key: string(testdata.Pub),
+ Principal: "gopher1",
+ ValidUntil: time.Now().Add(1 * time.Hour),
+ }
+ ret, err := signer.Sign(r)
+ if err != nil {
+ t.Fatal(err)
+ }
+ c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret))
+ cert, ok := c.(*ssh.Certificate)
+ if !ok {
+ t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert)
+ }
+ if !bytes.Equal(cert.SignatureKey.Marshal(), signer.ca.PublicKey().Marshal()) {
+ t.Fatal("Cert signer and server signer don't match")
+ }
+ var principals []string
+ principals = append(principals, r.Principal)
+ principals = append(principals, signer.principals...)
+ if !reflect.DeepEqual(cert.ValidPrincipals, principals) {
+ t.Fatalf("Expected %s, got %s", cert.ValidPrincipals, principals)
+ }
+ k1, _, _, _, err := ssh.ParseAuthorizedKey([]byte(r.Key))
+ k2 := cert.Key
+ if !bytes.Equal(k1.Marshal(), k2.Marshal()) {
+ t.Fatal("Cert key doesn't match public key")
+ }
+ if cert.ValidBefore != uint64(r.ValidUntil.Unix()) {
+ t.Fatalf("Invalid validity, expected %d, got %d", r.ValidUntil, cert.ValidBefore)
+ }
+}