Home Explore Help
Sign In
baoxu
/
frp
1
0
Fork 0
Files
Branch: dev
Branches Tags
frp
/
vendor
/
golang.org
/
x
/
crypto
/
ssh
/
test
/
cert_test.go

cert_test.go 2.0 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. // Copyright 2014 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. // +build darwin dragonfly freebsd linux netbsd openbsd
    6. 

  6. 

  7. package test
    8. 

  8. 

  9. import (
    10. 

  10. 	"bytes"
    11. 

  11. 	"crypto/rand"
    12. 

  12. 	"testing"
    13. 

  13. 

  14. 	"golang.org/x/crypto/ssh"
    15. 

  15. )
    16. 

  16. 

  17. // Test both logging in with a cert, and also that the certificate presented by an OpenSSH host can be validated correctly
    18. 

  18. func TestCertLogin(t *testing.T) {
    19. 

  19. 	s := newServer(t)
    20. 

  20. 	defer s.Shutdown()
    21. 

  21. 

  22. 	// Use a key different from the default.
    23. 

  23. 	clientKey := testSigners["dsa"]
    24. 

  24. 	caAuthKey := testSigners["ecdsa"]
    25. 

  25. 	cert := &ssh.Certificate{
    26. 

  26. 		Key:             clientKey.PublicKey(),
    27. 

  27. 		ValidPrincipals: []string{username()},
    28. 

  28. 		CertType:        ssh.UserCert,
    29. 

  29. 		ValidBefore:     ssh.CertTimeInfinity,
    30. 

  30. 	}
    31. 

  31. 	if err := cert.SignCert(rand.Reader, caAuthKey); err != nil {
    32. 

  32. 		t.Fatalf("SetSignature: %v", err)
    33. 

  33. 	}
    34. 

  34. 

  35. 	certSigner, err := ssh.NewCertSigner(cert, clientKey)
    36. 

  36. 	if err != nil {
    37. 

  37. 		t.Fatalf("NewCertSigner: %v", err)
    38. 

  38. 	}
    39. 

  39. 

  40. 	conf := &ssh.ClientConfig{
    41. 

  41. 		User: username(),
    42. 

  42. 		HostKeyCallback: (&ssh.CertChecker{
    43. 

  43. 			IsHostAuthority: func(pk ssh.PublicKey, addr string) bool {
    44. 

  44. 				return bytes.Equal(pk.Marshal(), testPublicKeys["ca"].Marshal())
    45. 

  45. 			},
    46. 

  46. 		}).CheckHostKey,
    47. 

  47. 	}
    48. 

  48. 	conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner))
    49. 

  49. 

  50. 	for _, test := range []struct {
    51. 

  51. 		addr    string
    52. 

  52. 		succeed bool
    53. 

  53. 	}{
    54. 

  54. 		{addr: "host.example.com:22", succeed: true},
    55. 

  55. 		{addr: "host.example.com:10000", succeed: true}, // non-standard port must be OK
    56. 

  56. 		{addr: "host.example.com", succeed: false},      // port must be specified
    57. 

  57. 		{addr: "host.ex4mple.com:22", succeed: false},   // wrong host
    58. 

  58. 	} {
    59. 

  59. 		client, err := s.TryDialWithAddr(conf, test.addr)
    60. 

  60. 

  61. 		// Always close client if opened successfully
    62. 

  62. 		if err == nil {
    63. 

  63. 			client.Close()
    64. 

  64. 		}
    65. 

  65. 

  66. 		// Now evaluate whether the test failed or passed
    67. 

  67. 		if test.succeed {
    68. 

  68. 			if err != nil {
    69. 

  69. 				t.Fatalf("TryDialWithAddr: %v", err)
    70. 

  70. 			}
    71. 

  71. 		} else {
    72. 

  72. 			if err == nil {
    73. 

  73. 				t.Fatalf("TryDialWithAddr, unexpected success")
    74. 

  74. 			}
    75. 

  75. 		}
    76. 

  76. 	}
    77. 

  77. }
    78.