From a30d6403f723765b8f9b7609e7eb3ade0f5434a0 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Sat, 10 Sep 2016 17:40:23 +0100
Subject: Make client a top-level package for consistency

---
 client/client_test.go | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 client/client_test.go

(limited to 'client/client_test.go')

diff --git a/client/client_test.go b/client/client_test.go
new file mode 100644
index 0000000..b7df3fd
--- /dev/null
+++ b/client/client_test.go
@@ -0,0 +1,117 @@
+package client
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/nsheridan/cashier/lib"
+	"github.com/nsheridan/cashier/testdata"
+
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/agent"
+)
+
+func TestLoadCert(t *testing.T) {
+	t.Parallel()
+	priv, _ := ssh.ParseRawPrivateKey(testdata.Priv)
+	key := priv.(*rsa.PrivateKey)
+	pub, _ := ssh.NewPublicKey(&key.PublicKey)
+	c := &ssh.Certificate{
+		KeyId:       "test_key_12345",
+		Key:         pub,
+		CertType:    ssh.UserCert,
+		ValidBefore: ssh.CertTimeInfinity,
+		ValidAfter:  0,
+	}
+	signer, err := ssh.NewSignerFromKey(key)
+	if err != nil {
+		t.Error(err)
+	}
+	c.SignCert(rand.Reader, signer)
+	a := agent.NewKeyring()
+	if err := InstallCert(a, c, key); err != nil {
+		t.Error(err)
+	}
+	listedKeys, err := a.List()
+	if err != nil {
+		t.Errorf("Error reading from agent: %v", err)
+	}
+	if len(listedKeys) != 2 {
+		t.Errorf("Expected 2 keys, got %d", len(listedKeys))
+	}
+	if !bytes.Equal(listedKeys[0].Marshal(), c.Marshal()) {
+		t.Error("Certs not equal")
+	}
+	for _, k := range listedKeys {
+		exp := time.Unix(int64(c.ValidBefore), 0).String()
+		want := fmt.Sprintf("%s [Expires %s]", c.KeyId, exp)
+		if k.Comment != want {
+			t.Errorf("key comment:\nwanted:%s\ngot: %s", want, k.Comment)
+		}
+	}
+}
+
+func TestSignGood(t *testing.T) {
+	t.Parallel()
+	res := &lib.SignResponse{
+		Status:   "ok",
+		Response: string(testdata.Cert),
+	}
+	j, _ := json.Marshal(res)
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, string(j))
+	}))
+	defer ts.Close()
+	_, err := send([]byte(`{}`), "token", ts.URL, true)
+	if err != nil {
+		t.Error(err)
+	}
+	k, _, _, _, err := ssh.ParseAuthorizedKey(testdata.Pub)
+	if err != nil {
+		t.Error(err)
+	}
+	c := &Config{
+		CA:       ts.URL,
+		Validity: "24h",
+	}
+	cert, err := Sign(k, "token", c)
+	if cert == nil && err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSignBad(t *testing.T) {
+	t.Parallel()
+	res := &lib.SignResponse{
+		Status:   "error",
+		Response: `{"response": "error"}`,
+	}
+	j, _ := json.Marshal(res)
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, string(j))
+	}))
+	defer ts.Close()
+	_, err := send([]byte(`{}`), "token", ts.URL, true)
+	if err != nil {
+		t.Error(err)
+	}
+	k, _, _, _, err := ssh.ParseAuthorizedKey(testdata.Pub)
+	if err != nil {
+		t.Error(err)
+	}
+	c := &Config{
+		CA:       ts.URL,
+		Validity: "24h",
+	}
+	cert, err := Sign(k, "token", c)
+	if cert != nil && err == nil {
+		t.Error(err)
+	}
+}
-- 
cgit v1.2.3