server_test.go 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
  1. // Copyright 2012 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package agent
  5. import (
  6. "crypto"
  7. "crypto/rand"
  8. "fmt"
  9. "testing"
  10. "golang.org/x/crypto/ssh"
  11. )
  12. func TestServer(t *testing.T) {
  13. c1, c2, err := netPipe()
  14. if err != nil {
  15. t.Fatalf("netPipe: %v", err)
  16. }
  17. defer c1.Close()
  18. defer c2.Close()
  19. client := NewClient(c1)
  20. go ServeAgent(NewKeyring(), c2)
  21. testAgentInterface(t, client, testPrivateKeys["rsa"], nil, 0)
  22. }
  23. func TestLockServer(t *testing.T) {
  24. testLockAgent(NewKeyring(), t)
  25. }
  26. func TestSetupForwardAgent(t *testing.T) {
  27. a, b, err := netPipe()
  28. if err != nil {
  29. t.Fatalf("netPipe: %v", err)
  30. }
  31. defer a.Close()
  32. defer b.Close()
  33. _, socket, cleanup := startAgent(t)
  34. defer cleanup()
  35. serverConf := ssh.ServerConfig{
  36. NoClientAuth: true,
  37. }
  38. serverConf.AddHostKey(testSigners["rsa"])
  39. incoming := make(chan *ssh.ServerConn, 1)
  40. go func() {
  41. conn, _, _, err := ssh.NewServerConn(a, &serverConf)
  42. if err != nil {
  43. t.Fatalf("Server: %v", err)
  44. }
  45. incoming <- conn
  46. }()
  47. conf := ssh.ClientConfig{
  48. HostKeyCallback: ssh.InsecureIgnoreHostKey(),
  49. }
  50. conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
  51. if err != nil {
  52. t.Fatalf("NewClientConn: %v", err)
  53. }
  54. client := ssh.NewClient(conn, chans, reqs)
  55. if err := ForwardToRemote(client, socket); err != nil {
  56. t.Fatalf("SetupForwardAgent: %v", err)
  57. }
  58. server := <-incoming
  59. ch, reqs, err := server.OpenChannel(channelType, nil)
  60. if err != nil {
  61. t.Fatalf("OpenChannel(%q): %v", channelType, err)
  62. }
  63. go ssh.DiscardRequests(reqs)
  64. agentClient := NewClient(ch)
  65. testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
  66. conn.Close()
  67. }
  68. func TestV1ProtocolMessages(t *testing.T) {
  69. c1, c2, err := netPipe()
  70. if err != nil {
  71. t.Fatalf("netPipe: %v", err)
  72. }
  73. defer c1.Close()
  74. defer c2.Close()
  75. c := NewClient(c1)
  76. go ServeAgent(NewKeyring(), c2)
  77. testV1ProtocolMessages(t, c.(*client))
  78. }
  79. func testV1ProtocolMessages(t *testing.T, c *client) {
  80. reply, err := c.call([]byte{agentRequestV1Identities})
  81. if err != nil {
  82. t.Fatalf("v1 request all failed: %v", err)
  83. }
  84. if msg, ok := reply.(*agentV1IdentityMsg); !ok || msg.Numkeys != 0 {
  85. t.Fatalf("invalid request all response: %#v", reply)
  86. }
  87. reply, err = c.call([]byte{agentRemoveAllV1Identities})
  88. if err != nil {
  89. t.Fatalf("v1 remove all failed: %v", err)
  90. }
  91. if _, ok := reply.(*successAgentMsg); !ok {
  92. t.Fatalf("invalid remove all response: %#v", reply)
  93. }
  94. }
  95. func verifyKey(sshAgent Agent) error {
  96. keys, err := sshAgent.List()
  97. if err != nil {
  98. return fmt.Errorf("listing keys: %v", err)
  99. }
  100. if len(keys) != 1 {
  101. return fmt.Errorf("bad number of keys found. expected 1, got %d", len(keys))
  102. }
  103. buf := make([]byte, 128)
  104. if _, err := rand.Read(buf); err != nil {
  105. return fmt.Errorf("rand: %v", err)
  106. }
  107. sig, err := sshAgent.Sign(keys[0], buf)
  108. if err != nil {
  109. return fmt.Errorf("sign: %v", err)
  110. }
  111. if err := keys[0].Verify(buf, sig); err != nil {
  112. return fmt.Errorf("verify: %v", err)
  113. }
  114. return nil
  115. }
  116. func addKeyToAgent(key crypto.PrivateKey) error {
  117. sshAgent := NewKeyring()
  118. if err := sshAgent.Add(AddedKey{PrivateKey: key}); err != nil {
  119. return fmt.Errorf("add: %v", err)
  120. }
  121. return verifyKey(sshAgent)
  122. }
  123. func TestKeyTypes(t *testing.T) {
  124. for k, v := range testPrivateKeys {
  125. if err := addKeyToAgent(v); err != nil {
  126. t.Errorf("error adding key type %s, %v", k, err)
  127. }
  128. if err := addCertToAgentSock(v, nil); err != nil {
  129. t.Errorf("error adding key type %s, %v", k, err)
  130. }
  131. }
  132. }
  133. func addCertToAgentSock(key crypto.PrivateKey, cert *ssh.Certificate) error {
  134. a, b, err := netPipe()
  135. if err != nil {
  136. return err
  137. }
  138. agentServer := NewKeyring()
  139. go ServeAgent(agentServer, a)
  140. agentClient := NewClient(b)
  141. if err := agentClient.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
  142. return fmt.Errorf("add: %v", err)
  143. }
  144. return verifyKey(agentClient)
  145. }
  146. func addCertToAgent(key crypto.PrivateKey, cert *ssh.Certificate) error {
  147. sshAgent := NewKeyring()
  148. if err := sshAgent.Add(AddedKey{PrivateKey: key, Certificate: cert}); err != nil {
  149. return fmt.Errorf("add: %v", err)
  150. }
  151. return verifyKey(sshAgent)
  152. }
  153. func TestCertTypes(t *testing.T) {
  154. for keyType, key := range testPublicKeys {
  155. cert := &ssh.Certificate{
  156. ValidPrincipals: []string{"gopher1"},
  157. ValidAfter: 0,
  158. ValidBefore: ssh.CertTimeInfinity,
  159. Key: key,
  160. Serial: 1,
  161. CertType: ssh.UserCert,
  162. SignatureKey: testPublicKeys["rsa"],
  163. Permissions: ssh.Permissions{
  164. CriticalOptions: map[string]string{},
  165. Extensions: map[string]string{},
  166. },
  167. }
  168. if err := cert.SignCert(rand.Reader, testSigners["rsa"]); err != nil {
  169. t.Fatalf("signcert: %v", err)
  170. }
  171. if err := addCertToAgent(testPrivateKeys[keyType], cert); err != nil {
  172. t.Fatalf("%v", err)
  173. }
  174. if err := addCertToAgentSock(testPrivateKeys[keyType], cert); err != nil {
  175. t.Fatalf("%v", err)
  176. }
  177. }
  178. }