From 5d7e2397226cd4c88a18658d8fc89ca0da58cc49 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Tue, 10 Jan 2017 22:51:28 +0000
Subject: Add critical options support

---
 server/signer/signer_test.go | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

(limited to 'server/signer/signer_test.go')

diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go
index baf00e5..3bbdbf9 100644
--- a/server/signer/signer_test.go
+++ b/server/signer/signer_test.go
@@ -17,9 +17,10 @@ import (
 var (
 	key, _ = ssh.ParsePrivateKey(testdata.Priv)
 	signer = &KeySigner{
-		ca:         key,
-		validity:   12 * time.Hour,
-		principals: []string{"ec2-user"},
+		ca:          key,
+		validity:    12 * time.Hour,
+		principals:  []string{"ec2-user"},
+		permissions: []string{"permit-pty", "force-command=/bin/ls"},
 	}
 )
 
@@ -79,3 +80,28 @@ func TestRevocationList(t *testing.T) {
 		t.Errorf("cert %s should not be revoked", cert2.KeyId)
 	}
 }
+
+func TestPermissions(t *testing.T) {
+	t.Parallel()
+	r := &lib.SignRequest{
+		Key:        string(testdata.Pub),
+		ValidUntil: time.Now().Add(1 * time.Hour),
+	}
+	cert, err := signer.SignUserKey(r, "gopher1")
+	if err != nil {
+		t.Error(err)
+	}
+	want := struct {
+		extensions map[string]string
+		options    map[string]string
+	}{
+		extensions: map[string]string{"permit-pty": ""},
+		options:    map[string]string{"force-command": "/bin/ls"},
+	}
+	if !reflect.DeepEqual(cert.Extensions, want.extensions) {
+		t.Errorf("Wrong permissions: wanted: %v got :%v", cert.Extensions, want.extensions)
+	}
+	if !reflect.DeepEqual(cert.CriticalOptions, want.options) {
+		t.Errorf("Wrong options: wanted: %v got :%v", cert.CriticalOptions, want.options)
+	}
+}
-- 
cgit v1.2.3