Главная Обзор Помощь
Вход
yosoyhendrix
/
psiphon-tunnel-core
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: v2.0.29
Ветки Метки
psiphon-tunnel-...
/
psiphon
/
common
/
crypto
/
ssh
/
test
/
cert_test.go

cert_test.go 2.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. // Copyright 2014 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
    6. 

  6. // +build aix darwin dragonfly freebsd linux netbsd openbsd
    7. 

  7. 

  8. package test
    9. 

  9. 

  10. import (
    11. 

  11. 	"bytes"
    12. 

  12. 	"crypto/rand"
    13. 

  13. 	"testing"
    14. 

  14. 

  15. 	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh"
    16. 

  16. )
    17. 

  17. 

  18. // Test both logging in with a cert, and also that the certificate presented by an OpenSSH host can be validated correctly
    19. 

  19. func TestCertLogin(t *testing.T) {
    20. 

  20. 	s := newServer(t)
    21. 

  21. 	defer s.Shutdown()
    22. 

  22. 

  23. 	// Use a key different from the default.
    24. 

  24. 	clientKey := testSigners["dsa"]
    25. 

  25. 	caAuthKey := testSigners["ecdsa"]
    26. 

  26. 	cert := &ssh.Certificate{
    27. 

  27. 		Key:             clientKey.PublicKey(),
    28. 

  28. 		ValidPrincipals: []string{username()},
    29. 

  29. 		CertType:        ssh.UserCert,
    30. 

  30. 		ValidBefore:     ssh.CertTimeInfinity,
    31. 

  31. 	}
    32. 

  32. 	if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
    33. 

  33. 		t.Fatalf("SetSignature: %v", err)
    34. 

  34. 	}
    35. 

  35. 

  36. 	certSigner, err := ssh.NewCertSigner(cert, clientKey)
    37. 

  37. 	if err != nil {
    38. 

  38. 		t.Fatalf("NewCertSigner: %v", err)
    39. 

  39. 	}
    40. 

  40. 

  41. 	conf := &ssh.ClientConfig{
    42. 

  42. 		User: username(),
    43. 

  43. 		HostKeyCallback: (&ssh.CertChecker{
    44. 

  44. 			IsHostAuthority: func(pk ssh.PublicKey, addr string) bool {
    45. 

  45. 				return bytes.Equal(pk.Marshal(), testPublicKeys["ca"].Marshal())
    46. 

  46. 			},
    47. 

  47. 		}).CheckHostKey,
    48. 

  48. 	}
    49. 

  49. 	conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
    50. 

  50. 

  51. 	for _, test := range []struct {
    52. 

  52. 		addr    string
    53. 

  53. 		succeed bool
    54. 

  54. 	}{
    55. 

  55. 		{addr: "host.example.com:22", succeed: true},
    56. 

  56. 		{addr: "host.example.com:10000", succeed: true}, // non-standard port must be OK
    57. 

  57. 		{addr: "host.example.com", succeed: false},      // port must be specified
    58. 

  58. 		{addr: "host.ex4mple.com:22", succeed: false},   // wrong host
    59. 

  59. 	} {
    60. 

  60. 		client, err := s.TryDialWithAddr(conf, test.addr)
    61. 

  61. 

  62. 		// Always close client if opened successfully
    63. 

  63. 		if err == nil {
    64. 

  64. 			client.Close()
    65. 

  65. 		}
    66. 

  66. 

  67. 		// Now evaluate whether the test failed or passed
    68. 

  68. 		if test.succeed {
    69. 

  69. 			if err != nil {
    70. 

  70. 				t.Fatalf("TryDialWithAddr: %v", err)
    71. 

  71. 			}
    72. 

  72. 		} else {
    73. 

  73. 			if err == nil {
    74. 

  74. 				t.Fatalf("TryDialWithAddr, unexpected success")
    75. 

  75. 			}
    76. 

  76. 		}
    77. 

  77. 	}
    78. 

  78. }
    79.