grim/convey

closing merged branch
hostnames
2017-10-13, Gary Kramlich
33eae19fcbbe
closing merged branch
/*
* Convey
* Copyright 2016-2017 Gary Kramlich <grim@reaperworld.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package ssh
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"net"
"github.com/aphistic/sweet"
. "github.com/onsi/gomega"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)
func (s *sshSuite) setupAgent(keys []agent.AddedKey) net.Conn {
a := agent.NewKeyring()
for _, key := range keys {
err := a.Add(key)
if err != nil {
panic(err)
}
}
c1, c2 := net.Pipe()
go func() {
defer c2.Close()
err := agent.ServeAgent(a, c2)
if err != nil {
panic(err)
}
}()
return c1
}
func (s *sshSuite) generateKey() *ecdsa.PrivateKey {
priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
if err != nil {
panic(err)
}
return priv
}
func (s *sshSuite) TestKeysAvailableEmpty(t sweet.T) {
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{}),
[]string{},
)
Expect(avail).To(BeFalse())
Expect(err).To(Not(BeNil()))
}
func (s *sshSuite) TestKeysAvailableWildcardNoKeys(t sweet.T) {
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{}),
[]string{"*"},
)
Expect(avail).To(BeFalse())
Expect(err).To(Not(BeNil()))
}
func (s *sshSuite) TestKeysAvailableWildcardWithKeys(t sweet.T) {
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: s.generateKey()},
}),
[]string{"*"},
)
Expect(avail).To(BeTrue())
Expect(err).To(BeNil())
}
func (s *sshSuite) TestKeysAvailableUnknownFingerprint(t sweet.T) {
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: s.generateKey()},
}),
[]string{"SHA256:01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"},
)
Expect(avail).To(BeFalse())
Expect(err).To(Not(BeNil()))
}
func (s *sshSuite) TestKeysAvailableFingerprintMD5NoPrefix(t sweet.T) {
key := s.generateKey()
pub := key.Public()
sshPub, err := ssh.NewPublicKey(pub)
if err != nil {
panic(err)
}
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: key},
}),
[]string{ssh.FingerprintLegacyMD5(sshPub)},
)
Expect(err).To(BeNil())
Expect(avail).To(BeTrue())
}
func (s *sshSuite) TestKeysAvailableFingerprintMD5Prefix(t sweet.T) {
key := s.generateKey()
pub := key.Public()
sshPub, err := ssh.NewPublicKey(pub)
if err != nil {
panic(err)
}
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: key},
}),
[]string{"MD5:" + ssh.FingerprintLegacyMD5(sshPub)},
)
Expect(err).To(BeNil())
Expect(avail).To(BeTrue())
}
func (s *sshSuite) TestKeysAvailableFingerprintSHA256Prefix(t sweet.T) {
key := s.generateKey()
pub := key.Public()
sshPub, err := ssh.NewPublicKey(pub)
if err != nil {
panic(err)
}
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: key},
}),
[]string{ssh.FingerprintSHA256(sshPub)},
)
Expect(err).To(BeNil())
Expect(avail).To(BeTrue())
}
func (s *sshSuite) TestKeysAvailableFingerprintSHA256NoPrefix(t sweet.T) {
key := s.generateKey()
pub := key.Public()
sshPub, err := ssh.NewPublicKey(pub)
if err != nil {
panic(err)
}
// FingerprintSHA256 always has the prefix so we strip it off for testing
avail, err := keysAvailable(
s.setupAgent([]agent.AddedKey{
agent.AddedKey{PrivateKey: key},
}),
[]string{ssh.FingerprintSHA256(sshPub)[7:]},
)
Expect(err).To(BeNil())
Expect(avail).To(BeTrue())
}