1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
package main
import (
"strings"
"testing"
)
func TestVerifySSHKeyOk(t *testing.T) {
ok_key_keys := []string{
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t markus@comment",
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+ markus@test",
}
var err error
for _, key := range ok_key_keys {
err = validateSSHkey(key)
if err != nil {
t.Error(err)
}
}
}
func TestVerifySSHKeyNoSpaces(t *testing.T) {
err := validateSSHkey("badkey")
if err == nil {
t.Error("Key 'badkey' should fail validation")
}
if !strings.Contains(err.Error(), "invalid") {
t.Errorf("Error message should include invalid, but was '%s'", err.Error())
}
}
func TestVerifySSHKeyNotBase64(t *testing.T) {
b64_missing_padding := "ssh-rsa dGVzdAo"
err := validateSSHkey(b64_missing_padding)
if err == nil {
t.Errorf("'%s' should fail b64 validation", b64_missing_padding)
}
if !strings.Contains(err.Error(), "base64") {
t.Errorf("Error message should include base64, but was '%s'", err.Error())
}
}
func TestVerifySSHKeyWrongFormatDSS(t *testing.T) {
it := "ssh-dss dGVzdAo="
err := validateSSHkey(it)
if err == nil {
t.Errorf("'%s' should fail key format validation", it)
}
if !strings.Contains(err.Error(), "format") {
t.Errorf("Error message should include format, but was '%s'", err.Error())
}
}
func TestVerifySSHKeyWrongFormatECDSA(t *testing.T) {
it := "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHeiQG8vUVsIjQdN0O/ovg/NTERdT+KA0JQTNDSNh65Q+XFuw8j0MhbTLHk/yXWJqBp7Vn6eiuPYXJac75P2BJjiQGi0UlfNXpTeYEG48Sdeo4pfguEwbyfnWMDWj4f86k/UjD2bUJBpXVQNs82j0weOG4+SqkA7cFz/E6e7eEfkATVaA== markus@test"
err := validateSSHkey(it)
if err == nil {
t.Errorf("'%s' should fail key format validation", it)
}
if !strings.Contains(err.Error(), "format") {
t.Errorf("Error message should include format, but was '%s'", err.Error())
}
}
func TestVerifySSHKeyRSAKeyToSmall(t *testing.T) {
short_rsa := "ssh-rsa dGVzdAo="
err := validateSSHkey(short_rsa)
if err == nil {
t.Errorf("'%s' should fail bit length validation", short_rsa)
}
if !strings.Contains(err.Error(), "2048 bit") {
t.Errorf("Error message should include 2048 bit, but was '%s'", err.Error())
}
if !strings.Contains(err.Error(), "Was: 32") {
t.Errorf("Error message should include original bit length (32), but was '%s'", err.Error())
}
}
func TestCalcFingerprint(t *testing.T) {
key := "AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+"
real_fingerprint := "SHA256:Rw71nETy5eL5J7ZK2QZfCZmp6e940ljBesD2COTG4Us="
fingerprint := calculateFingerprint(key)
if fingerprint != real_fingerprint {
t.Errorf("Fingerprint is calculated wrong. Expected: %s, Got: %s", real_fingerprint, fingerprint)
}
}
|
