tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

E2E tests for ssh key management

Browse Source 
PowerShell/Win32-OpenSSH#613
This commit is contained in:
Manoj Ampalam 2017-05-10 14:47:03 -07:00 committed by GitHub
parent 77cdb7086d
commit 9c0031de34
3 changed files with 187 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
regress/pesterTests/KeyUtils.Tests.ps1 Normal file
View File

@ -0,0 +1,161 @@
$tC = 1
$tI = 0
$suite = "keyutils"
Describe "E2E scenarios for ssh key management" -Tags "CI" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{
Throw "`$OpenSSHTestInfo is null. Please run Setup-OpenSSHTestEnvironment to setup test environment."
}
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\$suite"
if( -not (Test-path $testDir -PathType Container))
{
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
$keypassphrase = "testpassword"
$keytypes = @("rsa","dsa","ecdsa","ed25519")
#only validate owner and ACE of the file
function ValidKeyFile {
param($Path)
$currentUser = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME))
$myACL = Get-ACL $Path
$myACL.Owner.Equals($currentUser.Value) | Should Be $true
$myACL.Access | Should Not Be $null
$myACL.Access.Count | Should Be 1
$myACL.Access[0].IdentityReference.Equals($currentUser) | Should Be $true
$myACL.Access[0].AccessControlType | Should Be ([System.Security.AccessControl.AccessControlType]::Allow)
$myACL.Access[0].FileSystemRights | Should Be ([System.Security.AccessControl.FileSystemRights]::FullControl)
$myACL.Access[0].IsInherited | Should Be $false
$myACL.Access[0].InheritanceFlags | Should Be ([System.Security.AccessControl.InheritanceFlags]::None)
$myACL.Access[0].PropagationFlags | Should Be ([System.Security.AccessControl.PropagationFlags]::None)
}
}
BeforeEach {
$tI++;
}
Context "$tC - ssh-keygen all key types" {
BeforeAll {$tI=1}
AfterAll{$tC++}
It "$tC.$tI - Keygen -A" {
$cd = (pwd).Path
cd $testDir
remove-item ssh_host_*_key* -ErrorAction SilentlyContinue
ssh-keygen -A
Get-ChildItem ssh_host_*_key | % {
ValidKeyFile -Path $_.FullName
}
Get-ChildItem ssh_host_*_key.pub | % {
ValidKeyFile -Path $_.FullName
}
cd $cd
}
It "$tC.$tI - Keygen -t -f" {
foreach($type in $keytypes)
{
$keyPath = Join-Path $testDir "id_$type"
remove-item $keyPath -ErrorAction SilentlyContinue
ssh-keygen -t $type -P $keypassphrase -f $keyPath
ValidKeyFile -Path $keyPath
ValidKeyFile -Path "$keyPath.pub"
}
}
}
# This uses keys generated in above context
Context "$tC - ssh-add test cases" {
BeforeAll {$tI=1}
AfterAll{$tC++}
# Executing ssh-agent will start agent service
# This is to support typical Unix scenarios where
# running ssh-agent will setup the agent for current session
It "$tC.$tI - ssh-agent starts agent service and sshd depends on ssh-agent" {
if ((Get-Service ssh-agent).Status -eq "Running") {
Stop-Service ssh-agent -Force
}
(Get-Service ssh-agent).Status | Should Be "Stopped"
(Get-Service sshd).Status | Should Be "Stopped"
ssh-agent
(Get-Service ssh-agent).Status | Should Be "Running"
Stop-Service ssh-agent -Force
(Get-Service ssh-agent).Status | Should Be "Stopped"
(Get-Service sshd).Status | Should Be "Stopped"
# this should automatically start both the services
Start-Service sshd
(Get-Service ssh-agent).Status | Should Be "Running"
(Get-Service sshd).Status | Should Be "Running"
}
It "$tC.$tI - ssh-add - add and remove all key types" {
#set up SSH_ASKPASS
if (-not($env:DISPLAY)) { $env:DISPLAY = 1 }
$env:SSH_ASKPASS="$($env:ComSpec) /c echo $($keypassphrase)"
$nullFile = join-path $testDir ("$tC.$tI.nullfile")
$null > $nullFile
foreach($type in $keytypes)
{
$keyPath = Join-Path $testDir "id_$type"
# for ssh-add to consume SSh_ASKPASS, stdin should not be TTY
iex "cmd /c `"ssh-add $keyPath < $nullFile 2> nul `""
}
#remove SSH_ASKPASS
if ($env:DISPLAY -eq 1) { Remove-Item env:\DISPLAY }
remove-item "env:SSH_ASKPASS" -ErrorAction SilentlyContinue
#ensure added keys are listed
$allkeys = ssh-add -L
foreach($type in $keytypes)
{
$keyPath = Join-Path $testDir "id_$type"
$pubkeyraw = ((Get-Content "$keyPath.pub").Split(' '))[1]
($allkeys | foreach {$_.Contains($pubkeyraw)}).Contains($true) | Should Be $true
}
#delete added keys
foreach($type in $keytypes)
{
$keyPath = Join-Path $testDir "id_$type"
iex "cmd /c `"ssh-add -d $keyPath 2> nul `""
}
#check keys are deleted
$allkeys = ssh-add -L
foreach($type in $keytypes)
{
$keyPath = Join-Path $testDir "id_$type"
$pubkeyraw = ((Get-Content "$keyPath.pub").Split(' '))[1]
if ($allkeys.Count -eq 1) {
$allkeys.Contains($pubkeyraw) | Should Be $false
}
else {
($allkeys | foreach {$_.Contains($pubkeyraw)}).Contains($true) | Should Be $false
}
}
}
}
}

62
regress/pesterTests/Keygen.Tests.ps1
View File

@ -1,62 +0,0 @@
Describe "Tests for ssh-keygen" -Tags "CI" {
BeforeAll {
if($OpenSSHTestInfo -eq $null)
{
Throw "`$OpenSSHTestInfo is null. Please run Setup-OpenSSHTestEnvironment to setup test environment."
}
$testDir = "$($OpenSSHTestInfo["TestDataPath"])\keygen"
if( -not (Test-path $testDir -PathType Container))
{
$null = New-Item $testDir -ItemType directory -Force -ErrorAction SilentlyContinue
}
#only validate owner and ACE of the file
function ValidKeyFile {
param($Path)
$currentUser = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN), $($env:USERNAME))
$myACL = Get-ACL $Path
$myACL.Owner.Equals($currentUser.Value) | Should Be $true
$myACL.Access | Should Not Be $null
$myACL.Access.Count | Should Be 1
$myACL.Access[0].IdentityReference.Equals($currentUser) | Should Be $true
$myACL.Access[0].AccessControlType | Should Be ([System.Security.AccessControl.AccessControlType]::Allow)
$myACL.Access[0].FileSystemRights | Should Be ([System.Security.AccessControl.FileSystemRights]::FullControl)
$myACL.Access[0].IsInherited | Should Be $false
$myACL.Access[0].InheritanceFlags | Should Be ([System.Security.AccessControl.InheritanceFlags]::None)
$myACL.Access[0].PropagationFlags | Should Be ([System.Security.AccessControl.PropagationFlags]::None)
}
}
Context "Keygen key files" {
BeforeEach {
Remove-Item $testDir\* -Force -ErrorAction ignore
Remove-Item "$PSScriptRoot\ssh_host_*_key*" -Force -ErrorAction ignore
}
It 'Keygen -A' {
ssh-keygen -A
Get-ChildItem "$PSScriptRoot\ssh_host_*_key" | % {
ValidKeyFile -Path $_.FullName
}
Get-ChildItem "$PSScriptRoot\ssh_host_*_key.pub" | % {
ValidKeyFile -Path $_.FullName
}
}
It 'Keygen -t -f' {
$pwd = "testpassword"
foreach($type in @("rsa","dsa","ecdsa","ed25519"))
{
$keyPath = Join-Path $testDir "id_$type"
ssh-keygen -t $type -P $pwd -f $keyPath
ValidKeyFile -Path $keyPath
ValidKeyFile -Path "$keyPath.pub"
}
}
}
}

45
regress/pesterTests/SSH.Tests.ps1
View File

@ -1,6 +1,6 @@
#todo: -i -q -v -l -c -C #todo: -i -q -v -l -c -C
#todo: -S -F -V -e #todo: -S -F -V -e
$tB = 1 $tC = 1
$tI = 0 $tI = 0
Describe "ssh client tests" -Tags "CI" { Describe "ssh client tests" -Tags "CI" {
@ -73,60 +73,65 @@ Describe "ssh client tests" -Tags "CI" {
BeforeEach { BeforeEach {
$tI++; $tI++;
$tFile=Join-Path $testDir "$tB.$tI.txt" $tFile=Join-Path $testDir "$tC.$tI.txt"
} }
Context "$tB - Basic Scenarios" { Context "$tC - Basic Scenarios" {
BeforeAll {$tI=1} BeforeAll {$tI=1}
AfterAll{$tB++} AfterAll{$tC++}
<# these 2 tests dont work on AppVeyor that sniffs stderr channel It "$tC.$tI - test version" {
It "$tB.$tI - test version" { iex "cmd /c `"ssh -V 2> $tFile`""
iex "ssh -V 2> $tFile"
$tFile | Should Contain "OpenSSH_" $tFile | Should Contain "OpenSSH_"
} }
It "$tB.$tI - test help" { It "$tC.$tI - test help" {
iex "ssh -? 2> $tFile" iex "cmd /c `"ssh -? 2> $tFile`""
$tFile | Should Contain "usage: ssh" $tFile | Should Contain "usage: ssh"
} }
#>
It "$tB.$tI - remote echo command" { It "$tC.$tI - remote echo command" {
iex "$sshDefaultCmd echo 1234" | Should Be "1234" iex "$sshDefaultCmd echo 1234" | Should Be "1234"
} }
It "$tC.$tI - exit code" {
ssh -p $port $ssouser@$server exit 0
$LASTEXITCODE | Should Be 0
ssh -p $port $ssouser@$server exit 21
$LASTEXITCODE | Should Be 21
}
} }
Context "$tB - Redirection Scenarios" { Context "$tC - Redirection Scenarios" {
BeforeAll {$tI=1} BeforeAll {$tI=1}
AfterAll{$tB++} AfterAll{$tC++}
It "$tB.$tI - stdout to file" { It "$tC.$tI - stdout to file" {
iex "$sshDefaultCmd powershell get-process > $tFile" iex "$sshDefaultCmd powershell get-process > $tFile"
$tFile | Should Contain "ProcessName" $tFile | Should Contain "ProcessName"
} }
It "$tB.$tI - stdout to PS object" { It "$tC.$tI - stdout to PS object" {
$o = iex "$sshDefaultCmd echo 1234" $o = iex "$sshDefaultCmd echo 1234"
$o | Should Be "1234" $o | Should Be "1234"
} }
<#It "$tB.$tI - stdin from PS object" { <#It "$tC.$tI - stdin from PS object" {
#if input redirection doesn't work, this would hang #if input redirection doesn't work, this would hang
0 | ssh -p $port $ssouser@$server pause 0 | ssh -p $port $ssouser@$server pause
$true | Should Be $true $true | Should Be $true
}#> }#>
} }
Context "$tB - cmdline parameters" { Context "$tC - cmdline parameters" {
BeforeAll {$tI=1} BeforeAll {$tI=1}
AfterAll{$tB++} AfterAll{$tC++}
It "$tB.$tI - verbose to file" { It "$tC.$tI - verbose to file" {
$logFile = Join-Path $testDir "$tB.$tI.log.txt" $logFile = Join-Path $testDir "$tC.$tI.log.txt"
$o = ssh -p $port -v -E $logFile $ssouser@$server echo 1234 $o = ssh -p $port -v -E $logFile $ssouser@$server echo 1234
$o | Should Be "1234" $o | Should Be "1234"
#TODO - checks below are very inefficient (time taking). #TODO - checks below are very inefficient (time taking).