Acasă Explorează Ajutor
Autentificare
yosoyhendrix
/
psiphon-tunnel-core
oglindă de https://github.com/Psiphon-Labs/psiphon-tunnel-core
1
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: v2.0.33
Ramuri Etichete
psiphon-tunnel-...
/
psiphon
/
common
/
crypto
/
ssh
/
test
/
cert_test.go

cert_test.go 2.1 KB
Permalink Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. // Copyright 2014 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
    6. 

  6. 

  7. package test
    8. 

  8. 

  9. import (
    10. 

  10. 	"bytes"
    11. 

  11. 	"crypto/rand"
    12. 

  12. 	"testing"
    13. 

  13. 

  14. 	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh"
    15. 

  15. )
    16. 

  16. 

  17. // Test both logging in with a cert, and also that the certificate presented by an OpenSSH host can be validated correctly
    18. 

  18. func TestCertLogin(t *testing.T) {
    19. 

  19. 	s := newServer(t)
    20. 

  20. 

  21. 	// Use a key different from the default.
    22. 

  22. 	clientKey := testSigners["ed25519"]
    23. 

  23. 	caAuthKey := testSigners["ecdsa"]
    24. 

  24. 	cert := &ssh.Certificate{
    25. 

  25. 		Key:             clientKey.PublicKey(),
    26. 

  26. 		ValidPrincipals: []string{username()},
    27. 

  27. 		CertType:        ssh.UserCert,
    28. 

  28. 		ValidBefore:     ssh.CertTimeInfinity,
    29. 

  29. 	}
    30. 

  30. 	if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
    31. 

  31. 		t.Fatalf("SetSignature: %v", err)
    32. 

  32. 	}
    33. 

  33. 

  34. 	certSigner, err := ssh.NewCertSigner(cert, clientKey)
    35. 

  35. 	if err != nil {
    36. 

  36. 		t.Fatalf("NewCertSigner: %v", err)
    37. 

  37. 	}
    38. 

  38. 

  39. 	conf := &ssh.ClientConfig{
    40. 

  40. 		User: username(),
    41. 

  41. 		HostKeyCallback: (&ssh.CertChecker{
    42. 

  42. 			IsHostAuthority: func(pk ssh.PublicKey, addr string) bool {
    43. 

  43. 				return bytes.Equal(pk.Marshal(), testPublicKeys["ca"].Marshal())
    44. 

  44. 			},
    45. 

  45. 		}).CheckHostKey,
    46. 

  46. 	}
    47. 

  47. 	conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
    48. 

  48. 

  49. 	for _, test := range []struct {
    50. 

  50. 		addr    string
    51. 

  51. 		succeed bool
    52. 

  52. 	}{
    53. 

  53. 		{addr: "host.example.com:22", succeed: true},
    54. 

  54. 		{addr: "host.example.com:10000", succeed: true}, // non-standard port must be OK
    55. 

  55. 		{addr: "host.example.com", succeed: false},      // port must be specified
    56. 

  56. 		{addr: "host.ex4mple.com:22", succeed: false},   // wrong host
    57. 

  57. 	} {
    58. 

  58. 		client, err := s.TryDialWithAddr(conf, test.addr)
    59. 

  59. 

  60. 		// Always close client if opened successfully
    61. 

  61. 		if err == nil {
    62. 

  62. 			client.Close()
    63. 

  63. 		}
    64. 

  64. 

  65. 		// Now evaluate whether the test failed or passed
    66. 

  66. 		if test.succeed {
    67. 

  67. 			if err != nil {
    68. 

  68. 				t.Fatalf("TryDialWithAddr: %v", err)
    69. 

  69. 			}
    70. 

  70. 		} else {
    71. 

  71. 			if err == nil {
    72. 

  72. 				t.Fatalf("TryDialWithAddr, unexpected success")
    73. 

  73. 			}
    74. 

  74. 		}
    75. 

  75. 	}
    76. 

  76. }
    77.