-
Notifications
You must be signed in to change notification settings - Fork 0
/
hostkeys_test.go
101 lines (80 loc) · 2.13 KB
/
hostkeys_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package hostkeys
import (
"bytes"
"crypto/elliptic"
"fmt"
"io"
"os"
"os/exec"
"path"
"testing"
"github.com/fasmide/hostkeys/generator"
"golang.org/x/crypto/ssh"
)
func TestManager(t *testing.T) {
dir, err := os.MkdirTemp("", "")
if err != nil {
t.Fatalf("could not create tempdir: %s", err)
}
t.Logf("using %s", dir)
m := &Manager{
Directory: dir,
}
err = m.Manage(&ssh.ServerConfig{})
if err != nil {
t.Fatalf("broken manager: %s", err)
}
t.Run("sshkeytest", SshKeyTest(dir))
}
func TestStrongerKeys(t *testing.T) {
dir, err := os.MkdirTemp("", "")
if err != nil {
t.Fatalf("could not create tempdir: %s", err)
}
t.Logf("stronger keys using %s", dir)
m := &Manager{
Directory: dir,
Keys: []Generator{
&generator.RSA{BitSize: 4096},
&generator.ECDSA{Curve: elliptic.P521()},
},
}
err = m.Manage(&ssh.ServerConfig{})
if err != nil {
t.Fatalf("broken manager: %s", err)
}
t.Run("sshkeytest", SshKeyTest(dir))
}
func SshKeyTest(dir string) func(*testing.T) {
return func(t *testing.T) {
m := &Manager{
Directory: dir,
}
// manage a dummy config to make it roll
m.Manage(&ssh.ServerConfig{})
// for every key, check to see if ssh-keygen is able to parse it
// and produce a public-key from it, then compare the public keys
for _, v := range m.Keys {
cmd := exec.Command("ssh-keygen", "-y", "-f", path.Join(dir, fmt.Sprintf(m.NamingScheme, v.Name())))
publicKey, err := cmd.Output()
if err != nil {
e := err.(*exec.ExitError)
t.Logf("Stderr from ssh-keygen: %s", e.Stderr)
t.Fatalf("command failed %+v: %s", cmd, err)
}
// check if this public key is exactly like the hostkeys produced one
fd, err := os.Open(fmt.Sprint(path.Join(dir, fmt.Sprintf(m.NamingScheme, v.Name())), ".pub"))
if err != nil {
t.Fatalf("unable to open hostkeys managed public key: %s", err)
}
defer fd.Close()
hostkeysPublicKey, err := io.ReadAll(io.LimitReader(fd, 1024*64))
if err != nil {
t.Fatalf("unable to read hostkeys managed public key: %s", err)
}
if !bytes.Equal(hostkeysPublicKey, publicKey) {
t.Fatalf("public keys did not match")
}
}
}
}