135 lines
3.3 KiB
Go
135 lines
3.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"net"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
var testAddr = &net.TCPAddr{
|
|
IP: net.ParseIP("127.1.2.3"),
|
|
Port: 22,
|
|
}
|
|
|
|
type testConnMetadata struct {
|
|
user string
|
|
sessionID []byte
|
|
clientVersion string
|
|
serverVersion string
|
|
laddr, raddr net.Addr
|
|
}
|
|
|
|
func (t testConnMetadata) User() string { return t.user }
|
|
func (t testConnMetadata) SessionID() []byte { return t.sessionID }
|
|
func (t testConnMetadata) ClientVersion() []byte { return []byte(t.clientVersion) }
|
|
func (t testConnMetadata) ServerVersion() []byte { return []byte(t.serverVersion) }
|
|
func (t testConnMetadata) RemoteAddr() net.Addr { return t.raddr }
|
|
func (t testConnMetadata) LocalAddr() net.Addr { return t.laddr }
|
|
|
|
var _ ssh.ConnMetadata = (*testConnMetadata)(nil)
|
|
|
|
func TestPasswordFile(t *testing.T) {
|
|
a, err := PasswordFile(filepath.Join("testdata", "passwd"))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
tests := []struct {
|
|
Username string
|
|
Password string
|
|
}{
|
|
{"example", "example"},
|
|
{"bcrypt", "example"},
|
|
}
|
|
for _, test := range tests {
|
|
t.Run(test.Username, func(it *testing.T) {
|
|
p, err := a.VerifyPassword(testConnMetadata{user: test.Username}, test.Password)
|
|
if err != nil {
|
|
it.Error(err)
|
|
} else {
|
|
it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPublicKeyFile(t *testing.T) {
|
|
a, err := PublicKeyFile(filepath.Join("testdata", "pubkey"))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
tests := []struct {
|
|
Name string
|
|
Username string
|
|
PublicKey string
|
|
}{
|
|
{"single/ed25519", "test_a", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFo1lt6lEk+1VUrMbhlaVpkI0p1TFUGujHaKKn7+VoGb"},
|
|
{"dual/ed25519", "test_b", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA9dQjNeX3eBvkOXJN+nJm1C2W9UtRiLbK9O87Mjkir"},
|
|
{"dual/rsa", "test_b", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFq82Pfsg7KjTU5LN4jikxITDQhCWB3TFxQdXTgYtKt40+gv88hZkemM1MYTzR30bUX/zcRsioUSwr3u7/2La7ti+BoilsHjrEx4w+nxNGCCe8D3M6K5Xi8MPL2AqbXFqkPSEpX+psrs+qILfNhs1lWAsN7GLP0cTIxPynFNECwJnUlleN0hsn8N8bQCoUInZQGmHwIHq62H+3IPbv7Vko3J0Zrqqo4OqfeV5BA0By7ZP+2Jd9ZsLJ2efaiALcs6oTk0v95wVQ36wp605x9ePYg6zHzIZDfpA400RqeuiZF5jpiG7q3eb0+CysfMbU0BpfeHmCq15PFYqre8HKAJZ3"},
|
|
}
|
|
for _, test := range tests {
|
|
t.Run(test.Username, func(it *testing.T) {
|
|
k, _, _, _, err := ssh.ParseAuthorizedKey([]byte(test.PublicKey))
|
|
if err != nil {
|
|
it.Fatal(err)
|
|
}
|
|
|
|
p, err := a.VerifyPublicKey(testConnMetadata{
|
|
user: test.Username,
|
|
laddr: testAddr,
|
|
raddr: testAddr,
|
|
}, k)
|
|
if err != nil {
|
|
it.Error(err)
|
|
} else {
|
|
it.Logf("%s: %s (%T)", p.Type(), p.Identity(), p)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func BenchmarkPasswordFileHits(b *testing.B) {
|
|
a, err := PasswordFile(filepath.Join("testdata", "passwd"))
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
|
|
c := testConnMetadata{user: "example"}
|
|
|
|
b.ResetTimer()
|
|
for b.Loop() {
|
|
a.VerifyPassword(c, "example")
|
|
}
|
|
}
|
|
|
|
func BenchmarkPasswordFileMissPassword(b *testing.B) {
|
|
a, err := PasswordFile(filepath.Join("testdata", "passwd"))
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
|
|
c := testConnMetadata{user: "example"}
|
|
|
|
b.ResetTimer()
|
|
for b.Loop() {
|
|
a.VerifyPassword(c, "invalid")
|
|
}
|
|
}
|
|
|
|
func BenchmarkPasswordFileMissPrincipal(b *testing.B) {
|
|
a, err := PasswordFile(filepath.Join("testdata", "passwd"))
|
|
if err != nil {
|
|
b.Fatal(err)
|
|
}
|
|
|
|
c := testConnMetadata{user: "invalid"}
|
|
|
|
b.ResetTimer()
|
|
for b.Loop() {
|
|
a.VerifyPassword(c, "example")
|
|
}
|
|
}
|