|
|
@ -49,14 +49,14 @@ func TestSSHOptions_Modify(t *testing.T) {
|
|
|
|
return test{
|
|
|
|
return test{
|
|
|
|
so: SignSSHOptions{CertType: "foo"},
|
|
|
|
so: SignSSHOptions{CertType: "foo"},
|
|
|
|
cert: new(ssh.Certificate),
|
|
|
|
cert: new(ssh.Certificate),
|
|
|
|
err: errors.Errorf("ssh certificate has an unknown type - foo"),
|
|
|
|
err: errors.Errorf("ssh certificate has an unknown type 'foo'"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"fail/validAfter-greater-validBefore": func() test {
|
|
|
|
"fail/validAfter-greater-validBefore": func() test {
|
|
|
|
return test{
|
|
|
|
return test{
|
|
|
|
so: SignSSHOptions{CertType: "user"},
|
|
|
|
so: SignSSHOptions{CertType: "user"},
|
|
|
|
cert: &ssh.Certificate{ValidAfter: uint64(15), ValidBefore: uint64(10)},
|
|
|
|
cert: &ssh.Certificate{ValidAfter: uint64(15), ValidBefore: uint64(10)},
|
|
|
|
err: errors.Errorf("ssh certificate valid after cannot be greater than valid before"),
|
|
|
|
err: errors.Errorf("ssh certificate validAfter cannot be greater than validBefore"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"ok/user-cert": func() test {
|
|
|
|
"ok/user-cert": func() test {
|
|
|
@ -136,14 +136,14 @@ func TestSSHOptions_Match(t *testing.T) {
|
|
|
|
return test{
|
|
|
|
return test{
|
|
|
|
so: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(1 * time.Minute))},
|
|
|
|
so: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(1 * time.Minute))},
|
|
|
|
cmp: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(5 * time.Minute))},
|
|
|
|
cmp: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(5 * time.Minute))},
|
|
|
|
err: errors.Errorf("ssh certificate valid after does not match"),
|
|
|
|
err: errors.Errorf("ssh certificate validAfter does not match"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"fail/validBefore": func() test {
|
|
|
|
"fail/validBefore": func() test {
|
|
|
|
return test{
|
|
|
|
return test{
|
|
|
|
so: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(1 * time.Minute))},
|
|
|
|
so: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(1 * time.Minute))},
|
|
|
|
cmp: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(5 * time.Minute))},
|
|
|
|
cmp: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(5 * time.Minute))},
|
|
|
|
err: errors.Errorf("ssh certificate valid before does not match"),
|
|
|
|
err: errors.Errorf("ssh certificate validBefore does not match"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"ok/original-empty": func() test {
|
|
|
|
"ok/original-empty": func() test {
|
|
|
@ -394,7 +394,7 @@ func Test_sshDefaultExtensionModifier_Modify(t *testing.T) {
|
|
|
|
return test{
|
|
|
|
return test{
|
|
|
|
modifier: sshDefaultExtensionModifier{},
|
|
|
|
modifier: sshDefaultExtensionModifier{},
|
|
|
|
cert: cert,
|
|
|
|
cert: cert,
|
|
|
|
err: errors.New("ssh certificate type has not been set or is invalid"),
|
|
|
|
err: errors.New("ssh certificate has an unknown type '3'"),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"ok/host": func() test {
|
|
|
|
"ok/host": func() test {
|
|
|
@ -518,7 +518,7 @@ func Test_sshCertDefaultValidator_Valid(t *testing.T) {
|
|
|
|
"fail/unexpected-cert-type",
|
|
|
|
"fail/unexpected-cert-type",
|
|
|
|
// UserCert = 1, HostCert = 2
|
|
|
|
// UserCert = 1, HostCert = 2
|
|
|
|
&ssh.Certificate{Nonce: []byte("foo"), Key: sshPub, CertType: 3, Serial: 1},
|
|
|
|
&ssh.Certificate{Nonce: []byte("foo"), Key: sshPub, CertType: 3, Serial: 1},
|
|
|
|
errors.New("ssh certificate has an unknown type: 3"),
|
|
|
|
errors.New("ssh certificate has an unknown type '3'"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
"fail/empty-cert-key-id",
|
|
|
|
"fail/empty-cert-key-id",
|
|
|
@ -725,7 +725,7 @@ func Test_sshCertValidityValidator(t *testing.T) {
|
|
|
|
ValidBefore: uint64(now().Add(10 * time.Minute).Unix()),
|
|
|
|
ValidBefore: uint64(now().Add(10 * time.Minute).Unix()),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
SignSSHOptions{},
|
|
|
|
SignSSHOptions{},
|
|
|
|
errors.New("unknown ssh certificate type 3"),
|
|
|
|
errors.New("ssh certificate has an unknown type '3'"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
"fail/duration<min",
|
|
|
|
"fail/duration<min",
|
|
|
|