HGKeeper

// Convey

// This program is free software: you can redistribute it and/or modify

// it under the terms of the GNU General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.

// This program is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License

// along with this program. If not, see <http://www.gnu.org/licenses/>.

package ssh

import (

"crypto/ecdsa"

"crypto/elliptic"

"crypto/rand"

"net"

"github.com/aphistic/sweet"

. "github.com/onsi/gomega"

"golang.org/x/crypto/ssh"

"golang.org/x/crypto/ssh/agent"

)

func (s *sshSuite) setupAgent(keys []agent.AddedKey) net.Conn {

a := agent.NewKeyring()

for _, key := range keys {

err := a.Add(key)

if err != nil {

panic(err)

}

c1, c2 := net.Pipe()

go func() {

defer c2.Close()

err := agent.ServeAgent(a, c2)

if err != nil {

panic(err)

}

}()

return c1

}

func (s *sshSuite) generateKey() *ecdsa.PrivateKey {

priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)

if err != nil {

panic(err)

}

return priv

}

func (s *sshSuite) TestKeysAvailableEmpty(t sweet.T) {

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{}),

[]string{},

)

Expect(avail).To(BeFalse())

Expect(err).To(Not(BeNil()))

}

func (s *sshSuite) TestKeysAvailableWildcardNoKeys(t sweet.T) {

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{}),

[]string{"*"},

)

Expect(avail).To(BeFalse())

Expect(err).To(Not(BeNil()))

}

func (s *sshSuite) TestKeysAvailableWildcardWithKeys(t sweet.T) {

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: s.generateKey()},

}),

[]string{"*"},

)

Expect(avail).To(BeTrue())

Expect(err).To(BeNil())

}

func (s *sshSuite) TestKeysAvailableUnknownFingerprint(t sweet.T) {

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: s.generateKey()},

}),

[]string{"SHA256:01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"},

)

Expect(avail).To(BeFalse())

Expect(err).To(Not(BeNil()))

}

func (s *sshSuite) TestKeysAvailableFingerprintMD5NoPrefix(t sweet.T) {

key := s.generateKey()

pub := key.Public()

sshPub, err := ssh.NewPublicKey(pub)

if err != nil {

panic(err)

}

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: key},

}),

[]string{ssh.FingerprintLegacyMD5(sshPub)},

)

Expect(err).To(BeNil())

Expect(avail).To(BeTrue())

}

func (s *sshSuite) TestKeysAvailableFingerprintMD5Prefix(t sweet.T) {

key := s.generateKey()

pub := key.Public()

sshPub, err := ssh.NewPublicKey(pub)

if err != nil {

panic(err)

}

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: key},

}),

[]string{"MD5:" + ssh.FingerprintLegacyMD5(sshPub)},

)

Expect(err).To(BeNil())

Expect(avail).To(BeTrue())

}

func (s *sshSuite) TestKeysAvailableFingerprintSHA256Prefix(t sweet.T) {

key := s.generateKey()

pub := key.Public()

sshPub, err := ssh.NewPublicKey(pub)

if err != nil {

panic(err)

}

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: key},

}),

[]string{ssh.FingerprintSHA256(sshPub)},

)

Expect(err).To(BeNil())

Expect(avail).To(BeTrue())

}

func (s *sshSuite) TestKeysAvailableFingerprintSHA256NoPrefix(t sweet.T) {

key := s.generateKey()

pub := key.Public()

sshPub, err := ssh.NewPublicKey(pub)

if err != nil {

panic(err)

}

// FingerprintSHA256 always has the prefix so we strip it off for testing

avail, err := keysAvailable(

s.setupAgent([]agent.AddedKey{

{PrivateKey: key},

}),

[]string{ssh.FingerprintSHA256(sshPub)[7:]},

)

Expect(err).To(BeNil())

Expect(avail).To(BeTrue())

}

grim/convey