@ -202,97 +202,6 @@ func TestSSHOptions_Match(t *testing.T) {
}
}
func Test_sshCertPrincipalsModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshCertPrincipalsModifier
cert * ssh . Certificate
expected [ ] string
}
tests := map [ string ] func ( ) test {
"ok" : func ( ) test {
a := [ ] string { "foo" , "bar" }
return test {
modifier : sshCertPrincipalsModifier ( a ) ,
cert : new ( ssh . Certificate ) ,
expected : a ,
}
} ,
}
for name , run := range tests {
t . Run ( name , func ( t * testing . T ) {
tc := run ( )
if assert . Nil ( t , tc . modifier . Modify ( tc . cert , SignSSHOptions { } ) ) {
assert . Equals ( t , tc . cert . ValidPrincipals , tc . expected )
}
} )
}
}
func Test_sshCertKeyIDModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshCertKeyIDModifier
cert * ssh . Certificate
expected string
}
tests := map [ string ] func ( ) test {
"ok" : func ( ) test {
a := "foo"
return test {
modifier : sshCertKeyIDModifier ( a ) ,
cert : new ( ssh . Certificate ) ,
expected : a ,
}
} ,
}
for name , run := range tests {
t . Run ( name , func ( t * testing . T ) {
tc := run ( )
if assert . Nil ( t , tc . modifier . Modify ( tc . cert , SignSSHOptions { } ) ) {
assert . Equals ( t , tc . cert . KeyId , tc . expected )
}
} )
}
}
func Test_sshCertTypeModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshCertTypeModifier
cert * ssh . Certificate
expected uint32
}
tests := map [ string ] func ( ) test {
"ok/user" : func ( ) test {
return test {
modifier : sshCertTypeModifier ( "user" ) ,
cert : new ( ssh . Certificate ) ,
expected : ssh . UserCert ,
}
} ,
"ok/host" : func ( ) test {
return test {
modifier : sshCertTypeModifier ( "host" ) ,
cert : new ( ssh . Certificate ) ,
expected : ssh . HostCert ,
}
} ,
"ok/default" : func ( ) test {
return test {
modifier : sshCertTypeModifier ( "foo" ) ,
cert : new ( ssh . Certificate ) ,
expected : 0 ,
}
} ,
}
for name , run := range tests {
t . Run ( name , func ( t * testing . T ) {
tc := run ( )
if assert . Nil ( t , tc . modifier . Modify ( tc . cert , SignSSHOptions { } ) ) {
assert . Equals ( t , tc . cert . CertType , tc . expected )
}
} )
}
}
func Test_sshCertValidAfterModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshCertValidAfterModifier
@ -318,176 +227,6 @@ func Test_sshCertValidAfterModifier_Modify(t *testing.T) {
}
}
func Test_sshCertDefaultsModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshCertDefaultsModifier
cert * ssh . Certificate
valid func ( * ssh . Certificate )
}
tests := map [ string ] func ( ) test {
"ok/changes" : func ( ) test {
n := time . Now ( )
va := NewTimeDuration ( n . Add ( 1 * time . Minute ) )
vb := NewTimeDuration ( n . Add ( 5 * time . Minute ) )
so := SignSSHOptions {
Principals : [ ] string { "foo" , "bar" } ,
CertType : "host" ,
ValidAfter : va ,
ValidBefore : vb ,
}
return test {
modifier : sshCertDefaultsModifier ( so ) ,
cert : new ( ssh . Certificate ) ,
valid : func ( cert * ssh . Certificate ) {
assert . Equals ( t , cert . ValidPrincipals , so . Principals )
assert . Equals ( t , cert . CertType , uint32 ( ssh . HostCert ) )
assert . Equals ( t , cert . ValidAfter , uint64 ( so . ValidAfter . RelativeTime ( time . Now ( ) ) . Unix ( ) ) )
assert . Equals ( t , cert . ValidBefore , uint64 ( so . ValidBefore . RelativeTime ( time . Now ( ) ) . Unix ( ) ) )
} ,
}
} ,
"ok/no-changes" : func ( ) test {
n := time . Now ( )
so := SignSSHOptions {
Principals : [ ] string { "foo" , "bar" } ,
CertType : "host" ,
ValidAfter : NewTimeDuration ( n . Add ( 15 * time . Minute ) ) ,
ValidBefore : NewTimeDuration ( n . Add ( 25 * time . Minute ) ) ,
}
return test {
modifier : sshCertDefaultsModifier ( so ) ,
cert : & ssh . Certificate {
CertType : uint32 ( ssh . UserCert ) ,
ValidPrincipals : [ ] string { "zap" , "zoop" } ,
ValidAfter : 15 ,
ValidBefore : 25 ,
} ,
valid : func ( cert * ssh . Certificate ) {
assert . Equals ( t , cert . ValidPrincipals , [ ] string { "zap" , "zoop" } )
assert . Equals ( t , cert . CertType , uint32 ( ssh . UserCert ) )
assert . Equals ( t , cert . ValidAfter , uint64 ( 15 ) )
assert . Equals ( t , cert . ValidBefore , uint64 ( 25 ) )
} ,
}
} ,
}
for name , run := range tests {
t . Run ( name , func ( t * testing . T ) {
tc := run ( )
if assert . Nil ( t , tc . modifier . Modify ( tc . cert , SignSSHOptions { } ) ) {
tc . valid ( tc . cert )
}
} )
}
}
func Test_sshDefaultExtensionModifier_Modify ( t * testing . T ) {
type test struct {
modifier sshDefaultExtensionModifier
cert * ssh . Certificate
valid func ( * ssh . Certificate )
err error
}
tests := map [ string ] func ( ) test {
"fail/unexpected-cert-type" : func ( ) test {
cert := & ssh . Certificate { CertType : 3 }
return test {
modifier : sshDefaultExtensionModifier { } ,
cert : cert ,
err : errors . New ( "ssh certificate has an unknown type '3'" ) ,
}
} ,
"ok/host" : func ( ) test {
cert := & ssh . Certificate { CertType : ssh . HostCert }
return test {
modifier : sshDefaultExtensionModifier { } ,
cert : cert ,
valid : func ( cert * ssh . Certificate ) {
assert . Len ( t , 0 , cert . Extensions )
} ,
}
} ,
"ok/user/extensions-exists" : func ( ) test {
cert := & ssh . Certificate { CertType : ssh . UserCert , Permissions : ssh . Permissions { Extensions : map [ string ] string {
"foo" : "bar" ,
} } }
return test {
modifier : sshDefaultExtensionModifier { } ,
cert : cert ,
valid : func ( cert * ssh . Certificate ) {
val , ok := cert . Extensions [ "foo" ]
assert . True ( t , ok )
assert . Equals ( t , val , "bar" )
val , ok = cert . Extensions [ "permit-X11-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-agent-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-port-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-pty" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-user-rc" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
} ,
}
} ,
"ok/user/no-extensions" : func ( ) test {
return test {
modifier : sshDefaultExtensionModifier { } ,
cert : & ssh . Certificate { CertType : ssh . UserCert } ,
valid : func ( cert * ssh . Certificate ) {
_ , ok := cert . Extensions [ "foo" ]
assert . False ( t , ok )
val , ok := cert . Extensions [ "permit-X11-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-agent-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-port-forwarding" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-pty" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
val , ok = cert . Extensions [ "permit-user-rc" ]
assert . True ( t , ok )
assert . Equals ( t , val , "" )
} ,
}
} ,
}
for name , run := range tests {
t . Run ( name , func ( t * testing . T ) {
tc := run ( )
if err := tc . modifier . Modify ( tc . cert , SignSSHOptions { } ) ; err != nil {
if assert . NotNil ( t , tc . err ) {
assert . HasPrefix ( t , err . Error ( ) , tc . err . Error ( ) )
}
} else {
if assert . Nil ( t , tc . err ) {
tc . valid ( tc . cert )
}
}
} )
}
}
func Test_sshCertDefaultValidator_Valid ( t * testing . T ) {
pub , _ , err := keyutil . GenerateDefaultKeyPair ( )
assert . FatalError ( t , err )