tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added test cases for certificate authentication (#216)

This commit is contained in:
Manoj Ampalam 2017-10-03 12:21:08 -07:00 committed by GitHub
parent cd35668972
commit 72093244f9
5 changed files with 96 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
contrib/win32/openssh/OpenSSHTestHelper.psm1
View File

@ -175,7 +175,7 @@ WARNING: Following changes will be made to OpenSSH configuration
Start-Service ssh-agent
#copy sshtest keys
Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force
Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $script:OpenSSHBinPath -Force
Get-ChildItem "$($script:OpenSSHBinPath)\sshtest*hostkey*"| % {
#workaround for the cariggage new line added by git before copy them
$filePath = "$($_.FullName)"
@ -192,6 +192,17 @@ WARNING: Following changes will be made to OpenSSH configuration
}
}
#copy ca pubkey to SSHD bin path
Copy-Item "$($Script:E2ETestDirectory)\sshtest_ca_userkeys.pub" $script:OpenSSHBinPath -Force
#copy ca private key to test dir
$ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys)
Copy-Item (Join-Path $Script:E2ETestDirectory sshtest_ca_userkeys) $ca_priv_key -Force
$con = (Get-Content $ca_priv_key | Out-String).Replace("`r`n","`n")
Set-Content -Path $ca_priv_key -Value "$con"
Repair-UserSshConfigPermission -FilePath $ca_priv_key -confirm:$false
$Global:OpenSSHTestInfo["CA_Private_Key"] = $ca_priv_key
Restart-Service sshd -Force
#Backup existing known_hosts and replace with test version
@ -241,7 +252,8 @@ WARNING: Following changes will be made to OpenSSH configuration
Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue
Repair-AuthorizedKeyPermission -FilePath $authorizedKeyPath -confirm:$false
$testPriKeypath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519
copy-item (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"]
$testPriKeypath = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_userssokey_ed25519
$con = (Get-Content $testPriKeypath | Out-String).Replace("`r`n","`n")
Set-Content -Path $testPriKeypath -Value "$con"
cmd /c "ssh-add -D 2>&1 >> $Script:TestSetupLogFile"
@ -462,7 +474,9 @@ function Clear-OpenSSHTestEnvironment
Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -ErrorAction SilentlyContinue -Force | Out-Null
}
Remove-Item $sshBinPath\sshtest*hostkey* -Force -ErrorAction SilentlyContinue
Remove-Item "$sshBinPath\sshtest*hostkey*" -Force -ErrorAction SilentlyContinue
Remove-Item "$sshBinPath\sshtest*ca_userkeys*" -Force -ErrorAction SilentlyContinue
#Restore sshd_config
$backupConfigPath = Join-Path $sshBinPath sshd_config.ori
if (Test-Path $backupConfigPath -PathType Leaf) {

70
regress/pesterTests/CertAuth.Tests.ps1 Normal file
View File

@ -0,0 +1,70 @@
If ($PSVersiontable.PSVersion.Major -le 2) {$PSScriptRoot = Split-Path -Parent $MyInvocation.MyCommand.Path}
Import-Module $PSScriptRoot\CommonUtils.psm1 -Force
$tC = 1
$tI = 0
$suite = "certauth"
Describe "E2E scenarios for certificate authentication" -Tags "CI" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{
Throw "`$OpenSSHTestInfo is null. Please run Set-OpenSSHTestEnvironment to set test environments."
}
$server = $OpenSSHTestInfo["Target"]
$port = $OpenSSHTestInfo["Port"]
$pkuser = $OpenSSHTestInfo["PubKeyUser"]
$cakey = $OpenSSHTestInfo["CA_Private_Key"]
$testDir = Join-Path $OpenSSHTestInfo["TestDataPath"] $suite
if(-not (Test-Path $testDir))
{
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
$user_key = Join-Path $testDir "cert_auth_user_key"
$keypassphrase = "testpassword"
$platform = Get-Platform
$skip = ($platform -eq [PlatformType]::Windows) -and ($PSVersionTable.PSVersion.Major -le 2)
}
BeforeEach {
$stderrFile=Join-Path $testDir "$tC.$tI.stderr.txt"
$stdoutFile=Join-Path $testDir "$tC.$tI.stdout.txt"
$logFile = Join-Path $testDir "$tC.$tI.log.txt"
}
AfterEach {$tI++;}
Context "$tC - generate certificates" {
BeforeAll {$tI=1}
AfterAll{$tC++}
It "$tC.$tI - sign user keys" {
Remove-Item "$($user_key)*"
ssh-keygen -t ed25519 -f $user_key -P $keypassphrase
$user_key | Should Exist
$nullFile = join-path $testDir ("$tC.$tI.nullfile")
$null > $nullFile
$user_key_pub = ($user_key + ".pub")
iex "cmd /c `"ssh-keygen -s $cakey -I $pkuser -V -1w:+54w5d -n $pkuser $user_key_pub < $nullFile 2> nul `""
}
}
Context "$tC - ssh with certificate" {
BeforeAll {$tI=1}
AfterAll{$tC++}
It "$tC.$tI - authenticate using certificate" {
#set up SSH_ASKPASS for key passphrase
Add-PasswordSetting -Pass $keypassphrase
$o = ssh -i $user_key -p $port $pkuser@$server echo 1234
$o | Should Be "1234"
Remove-PasswordSetting
}
}
}

1
regress/pesterTests/SSHD_Config
View File

@ -127,3 +127,4 @@ PubkeyAcceptedKeyTypes ssh-ed25519*
#DenyGroups denygroup1 denygr*p2 deny?rou?3
#AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm*
hostkeyagent \\.\pipe\openssh-ssh-agent
TrustedUserCAKeys sshtest_ca_userkeys.pub

7
regress/pesterTests/sshtest_ca_userkeys Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCbSeGZ+6Me6gaSAwK41/QILL6KnNUlem4XUu/Xm7RqYQAAAKCOV5jPjleY
zwAAAAtzc2gtZWQyNTUxOQAAACCbSeGZ+6Me6gaSAwK41/QILL6KnNUlem4XUu/Xm7RqYQ
AAAEBPPuXnlqwvhMYZNKaoMQS0GmtlJwFcctT3aZg1Ib4JaJtJ4Zn7ox7qBpIDArjX9Ags
voqc1SV6bhdS79ebtGphAAAAG21hbm9qYW1wQHJlZG1vbmRAbWFub2otZGV2MwEC
-----END OPENSSH PRIVATE KEY-----

1
regress/pesterTests/sshtest_ca_userkeys.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtJ4Zn7ox7qBpIDArjX9Agsvoqc1SV6bhdS79ebtGph sshtest_ca_userkeys