package auth import ( "net" "path/filepath" "testing" "golang.org/x/crypto/ssh" ) var testAddr = &net.TCPAddr{ IP: net.ParseIP("127.1.2.3"), Port: 22, } type testConnMetadata struct { user string sessionID []byte clientVersion string serverVersion string laddr, raddr net.Addr } func (t testConnMetadata) User() string { return t.user } func (t testConnMetadata) SessionID() []byte { return t.sessionID } func (t testConnMetadata) ClientVersion() []byte { return []byte(t.clientVersion) } func (t testConnMetadata) ServerVersion() []byte { return []byte(t.serverVersion) } func (t testConnMetadata) RemoteAddr() net.Addr { return t.raddr } func (t testConnMetadata) LocalAddr() net.Addr { return t.laddr } var _ ssh.ConnMetadata = (*testConnMetadata)(nil) func TestPasswordFile(t *testing.T) { a, err := PasswordFile(filepath.Join("testdata", "passwd")) if err != nil { t.Fatal(err) } tests := []struct { Username string Password string }{ {"example", "example"}, {"bcrypt", "example"}, } for _, test := range tests { t.Run(test.Username, func(it *testing.T) { p, err := a.VerifyPassword(testConnMetadata{user: test.Username}, test.Password) if err != nil { it.Error(err) } else { it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p) } }) } } func TestPublicKeyFile(t *testing.T) { a, err := PublicKeyFile(filepath.Join("testdata", "pubkey")) if err != nil { t.Fatal(err) } tests := []struct { Name string Username string PublicKey string }{ {"single/ed25519", "test_a", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFo1lt6lEk+1VUrMbhlaVpkI0p1TFUGujHaKKn7+VoGb"}, {"dual/ed25519", "test_b", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA9dQjNeX3eBvkOXJN+nJm1C2W9UtRiLbK9O87Mjkir"}, {"dual/rsa", "test_b", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFq82Pfsg7KjTU5LN4jikxITDQhCWB3TFxQdXTgYtKt40+gv88hZkemM1MYTzR30bUX/zcRsioUSwr3u7/2La7ti+BoilsHjrEx4w+nxNGCCe8D3M6K5Xi8MPL2AqbXFqkPSEpX+psrs+qILfNhs1lWAsN7GLP0cTIxPynFNECwJnUlleN0hsn8N8bQCoUInZQGmHwIHq62H+3IPbv7Vko3J0Zrqqo4OqfeV5BA0By7ZP+2Jd9ZsLJ2efaiALcs6oTk0v95wVQ36wp605x9ePYg6zHzIZDfpA400RqeuiZF5jpiG7q3eb0+CysfMbU0BpfeHmCq15PFYqre8HKAJZ3"}, } for _, test := range tests { t.Run(test.Username, func(it *testing.T) { k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(test.PublicKey)) if err != nil { it.Fatal(err) } p, err := a.VerifyPublicKey(testConnMetadata{ user: test.Username, laddr: testAddr, raddr: testAddr, }, k) if err != nil { it.Error(err) } else { it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p) } }) } } func BenchmarkPasswordFileHits(b *testing.B) { a, err := PasswordFile(filepath.Join("testdata", "passwd")) if err != nil { b.Fatal(err) } c := testConnMetadata{user: "example"} b.ResetTimer() for b.Loop() { a.VerifyPassword(c, "example") } } func BenchmarkPasswordFileMissPassword(b *testing.B) { a, err := PasswordFile(filepath.Join("testdata", "passwd")) if err != nil { b.Fatal(err) } c := testConnMetadata{user: "example"} b.ResetTimer() for b.Loop() { a.VerifyPassword(c, "invalid") } } func BenchmarkPasswordFileMissPrincipal(b *testing.B) { a, err := PasswordFile(filepath.Join("testdata", "passwd")) if err != nil { b.Fatal(err) } c := testConnMetadata{user: "invalid"} b.ResetTimer() for b.Loop() { a.VerifyPassword(c, "example") } }