//! A pure-Rust library to handle OpenSSH public keys.
//!
//! This crate supports parsing, manipulation, and some basic validation of
//! SSH keys. It provides a struct for encapsulation of SSH keys in projects.
//!
//! `openssh-keys` does not have the ability to generate SSH keys. However,
//! it does allow to construct RSA and DSA keys from their components, so if you
//! generate the keys with another library (say, rust-openssl), then you can
//! output the SSH public keys with this library.
//!
//! # Example
//!
//! ```rust
//! use std::{env, fs, io, path};
//! use std::io::BufRead;
//!
//! fn inspect_rsa() {
//! let home = env::home_dir().unwrap_or(path::PathBuf::from("/home/core/"));
//! let pub_path = home.join(".ssh").join("id_rsa.pub");
//! println!("Inspecting '{}':", pub_path.to_string_lossy());
//! let file = fs::File::open(&pub_path).expect("unable to open RSA pubkey");
//! let reader = io::BufReader::new(file);
//!
//! for (i, line) in reader.lines().enumerate() {
//! let line = line.expect(&format!("unable to read key at line {}", i + 1));
//! let pubkey = openssh_keys::PublicKey::parse(&line).expect("unable to parse RSA pubkey");
//! println!(" * Pubkey #{} -> {}", i + 1, pubkey.to_fingerprint_string());
//! }
//! }
mod reader;
mod writer;
pub mod errors {
use thiserror::Error;
pub type Result<T> = std::result::Result<T, OpenSSHKeyError>;
#[derive(Error, Debug)]
pub enum OpenSSHKeyError {
#[error("I/O error")]
IO {
#[from]
source: std::io::Error,
},
#[error("invalid UTF-8")]
InvalidUtf8 {
#[from]
source: std::str::Utf8Error,
},
// keep base64::DecodeError out of the public API
#[error("invalid base64: {detail}")]
InvalidBase64 { detail: String },
#[error("invalid key format")]
InvalidFormat,
#[error("unsupported keytype: {keytype}")]
UnsupportedKeyType { keytype: String },
#[error("unsupported curve: {curve}")]
UnsupportedCurve { curve: String },
}
}
use crate::errors::*;
use base64::{engine::general_purpose::STANDARD as BASE64, Engine};
use md5::Md5;
use sha2::{Digest, Sha256};
use crate::reader::Reader;
use crate::writer::Writer;
use std::fmt;
use std::io::{BufRead, BufReader, Read};
const SSH_RSA: &str = "ssh-rsa";
const SSH_DSA: &str = "ssh-dss";
const SSH_ED25519: &str = "ssh-ed25519";
const SSH_ED25519_SK: &str = "sk-ssh-ed25519@openssh.com";
const SSH_ECDSA_256: &str = "ecdsa-sha2-nistp256";
const SSH_ECDSA_384: &str = "ecdsa-sha2-nistp384";
const SSH_ECDSA_521: &str = "ecdsa-sha2-nistp521";
const SSH_ECDSA_SK: &str = "sk-ecdsa-sha2-nistp256@openssh.com";
const NISTP_256: &str = "nistp256";
const NISTP_384: &str = "nistp384";
const NISTP_521: &str = "nistp521";
/// Curves for ECDSA
#[derive(Clone, Debug, Copy, PartialEq, Eq, Hash)]
pub enum Curve {
Nistp256,
Nistp384,
Nistp521,
}
impl Curve {
/// get converts a curve name of the type in the format described in
/// https://tools.ietf.org/html/rfc5656#section-10 and returns a curve
/// object.
fn get(curve: &str) -> Result<Self> {
Ok(match curve {
NISTP_256 => Curve::Nistp256,
NISTP_384 => Curve::Nistp384,
NISTP_521 => Curve::Nistp521,
_ => {
return Err(OpenSSHKeyError::UnsupportedCurve {
curve: curve.to_string(),
})
}
})
}
/// curvetype gets the curve name in the format described in
/// https://tools.ietf.org/html/rfc5656#section-10
fn curvetype(self) -> &'static str {
match self {
Curve::Nistp256 => NISTP_256,
Curve::Nistp384 => NISTP_384,
Curve::Nistp521 => NISTP_521,
}
}
}
impl fmt::Display for Curve {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{}", self.curvetype())
}
}
/// Data is the representation of the data section of an ssh public key. it is
/// an enum with all the different supported key algorithms.
#[derive(Clone, Debug, PartialEq, Eq)]
pub enum Data {
Rsa {
exponent: Vec<u8>,
modulus: Vec<u8>,
},
Dsa {
p: Vec<u8>,
q: Vec<u8>,
g: Vec<u8>,
pub_key: Vec<u8>,
},
Ed25519 {
key: Vec<u8>,
},
Ed25519Sk {
key: Vec<u8>,
application: Vec<u8>,
},
Ecdsa {
curve: Curve,
key: Vec<u8>,
},
EcdsaSk {
curve: Curve,
key: Vec<u8>,
application: Vec<u8>,
},
}
/// `PublicKey` is the struct representation of an ssh public key.
#[derive(Clone, Debug, Eq)]
pub struct PublicKey {
pub options: Option<String>,
pub data: Data,
pub comment: Option<String>,
}
impl fmt::Display for PublicKey {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{}", self.to_key_format())
}
}
/// Two public keys are equivalent if their data sections are equivalent,
/// ignoring their comment section.
impl core::cmp::PartialEq for PublicKey {
fn eq(&self, other: &PublicKey) -> bool {
self.data == other.data
}
}
impl std::str::FromStr for PublicKey {
type Err = OpenSSHKeyError;
fn from_str(s: &str) -> Result<Self> {
PublicKey::parse(s)
}
}
impl PublicKey {
/// parse takes a string and parses it as a public key from an authorized
/// keys file. the format it expects is described here
/// https://tools.ietf.org/html/rfc4253#section-6.6 and here
/// https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT
///
/// sshd describes an additional, optional "options" field for public keys
/// in the authorized_keys file. This field allows for passing of options to
/// sshd that only apply to that particular public key. This means that a
/// public key in an authorized keys file is a strict superset of the public
/// key format described in rfc4253. Another superset of a public key is
/// what is present in the known_hosts file. This file has a hostname as the
/// first thing on the line. This parser treats the hostname the same as an
/// option field. When one of these things is found at the beginning of a
/// line, it is treated as a semi-opaque string that is carried with the
/// public key and reproduced when the key is printed. It is not entirely
/// opaque, since the parser needs to be aware of quoting semantics within
/// the option fields, since options surrounded by double quotes can contain
/// spaces, which are otherwise the main delimiter of the parts of a public
/// key.
///
/// You can parse and output ssh keys like this
///
/// ```
/// let rsa_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcMCOEryBa8IkxXacjIawaQPp08hR5h7+4vZePZ7DByTG3tqKgZYRJ86BaR+4fmdikFoQjvLJVUmwniq3wixhkP7VLCbqip3YHzxXrzxkbPC3w3O1Bdmifwn9cb8RcZXfXncCsSu+h5XCtQ5BOi41Iit3d13gIe/rfXVDURmRanV6R7Voljxdjmp/zyReuzc2/w5SI6Boi4tmcUlxAI7sFuP1kA3pABDhPtc3TDgAcPUIBoDCoY8q2egI197UuvbgsW2qraUcuQxbMvJOMSFg2FQrE2bpEqC4CtBn7+HiJrkVOHjV7bvSv7jd1SuX5XqkwMCRtdMuRpJr7CyZoFL5n demos@anduin";
/// let key = openssh_keys::PublicKey::parse(rsa_key).unwrap();
/// let out = key.to_string();
/// assert_eq!(rsa_key, out);
/// ```
///
/// parse somewhat attempts to keep track of comments, but it doesn't fully
/// comply with the rfc in that regard.
pub fn parse(key: &str) -> Result<Self> {
// trim leading and trailing whitespace
let key = key.trim();
// try just parsing the keys straight up
PublicKey::try_key_parse(key).or_else(|e| {
// remove the preceeding string
let mut key_start = 0;
let mut escape = false;
let mut quote = false;
let mut marker = key.starts_with('@');
for (i, c) in key.chars().enumerate() {
if c == '\\' {
escape = true;
continue;
}
if escape {
escape = false;
continue;
}
if c == '"' {
quote = !quote;
}
if !quote && (c == ' ' || c == '\t') {
if marker {
marker = false;
continue;
} else {
key_start = i + 1;
break;
}
}
}
let mut parsed = PublicKey::try_key_parse(&key[key_start..]).map_err(|_| e)?;
parsed.options = Some(key[..key_start - 1].into());
Ok(parsed)
})
}
fn try_key_parse(key: &str) -> Result<Self> {
// then parse the key according to rfc4253
let (keytype, remaining) = key
.split_once(char::is_whitespace)
.ok_or(OpenSSHKeyError::InvalidFormat)?;
let (data, comment) = remaining
.split_once(char::is_whitespace)
.unwrap_or((remaining, ""));
let comment = comment.trim();
if comment.contains('\n') {
return Err(OpenSSHKeyError::InvalidFormat);
}
let comment = if comment.is_empty() {
None
} else {
Some(comment.to_owned())
};
let buf = BASE64
.decode(data)
.map_err(|e| OpenSSHKeyError::InvalidBase64 {
detail: format!("{}", e),
})?;
let mut reader = Reader::new(&buf);
let data_keytype = reader.read_string()?;
if keytype != data_keytype {
return Err(OpenSSHKeyError::InvalidFormat);
}
let data = match keytype {
SSH_RSA => {
// the data for an rsa key consists of three pieces:
// ssh-rsa public-exponent modulus
// see ssh-rsa format in https://tools.ietf.org/html/rfc4253#section-6.6
let e = reader.read_mpint()?;
let n = reader.read_mpint()?;
Data::Rsa {
exponent: e.into(),
modulus: n.into(),
}
}
SSH_DSA => {
// the data stored for a dsa key is, in order
// ssh-dsa p q g public-key
// p and q are primes
// g = h^((p-1)/q) where 1 < h < p-1
// public-key is the value that is actually generated in
// relation to the secret key
// see https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
// and ssh-dss format in https://tools.ietf.org/html/rfc4253#section-6.6
// and https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L743
let p = reader.read_mpint()?;
let q = reader.read_mpint()?;
let g = reader.read_mpint()?;
let pub_key = reader.read_mpint()?;
Data::Dsa {
p: p.into(),
q: q.into(),
g: g.into(),
pub_key: pub_key.into(),
}
}
SSH_ED25519 => {
// the data stored for an ed25519 is just the point on the curve
// for now the exact specification of the point on that curve is
// a mystery to me, instead of having to compute it, we just
// assume the key we got is correct and copy that verbatim. this
// also means we have to disallow arbitrary construction until
// furthur notice.
// see https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L772
let key = reader.read_bytes()?;
Data::Ed25519 { key: key.into() }
}
SSH_ED25519_SK => {
// same as above
let key = reader.read_bytes()?;
let application = reader.read_bytes()?;
Data::Ed25519Sk {
key: key.into(),
application: application.into(),
}
}
SSH_ECDSA_256 | SSH_ECDSA_384 | SSH_ECDSA_521 => {
// ecdsa is of the form
// ecdsa-sha2-[identifier] [identifier] [data]
// the identifier is one of nistp256, nistp384, nistp521
// the data is some weird thing described in section 2.3.4 and
// 2.3.4 of https://www.secg.org/sec1-v2.pdf so for now we
// aren't going to bother actually computing it and instead we
// will just not let you construct them.
//
// see the data definition at
// https://tools.ietf.org/html/rfc5656#section-3.1
// and the openssh output
// https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L753
// and the openssh buffer writer implementation
// https://github.com/openssh/openssh-portable/blob/master/sshbuf-getput-crypto.c#L192
// and the openssl point2oct implementation
// https://github.com/openssl/openssl/blob/aa8f3d76fcf1502586435631be16faa1bef3cdf7/crypto/ec/ec_oct.c#L82
let curve = reader.read_string()?;
let key = reader.read_bytes()?;
Data::Ecdsa {
curve: Curve::get(curve)?,
key: key.into(),
}
}
SSH_ECDSA_SK => {
// same as above (like there, we don't assert that the curve matches what was specified in the keytype)
let curve = reader.read_string()?;
let key = reader.read_bytes()?;
let application = reader.read_bytes()?;
Data::EcdsaSk {
curve: Curve::get(curve)?,
key: key.into(),
application: application.into(),
}
}
_ => {
return Err(OpenSSHKeyError::UnsupportedKeyType {
keytype: keytype.to_string(),
})
}
};
Ok(PublicKey {
options: None,
data,
comment,
})
}
/// read_keys takes a reader and parses it as an authorized_keys file. it
/// returns an error if it can't read or parse any of the public keys in the
/// list.
pub fn read_keys<R>(r: R) -> Result<Vec<Self>>
where
R: Read,
{
let keybuf = BufReader::new(r);
// authorized_keys files are newline-separated lists of public keys
let mut keys = vec![];
for key in keybuf.lines() {
let key = key?;
// skip any empty lines and any comment lines (prefixed with '#')
if !key.is_empty() && !(key.trim().starts_with('#')) {
keys.push(PublicKey::parse(&key)?);
}
}
Ok(keys)
}
/// get an ssh public key from rsa components
pub fn from_rsa(e: Vec<u8>, n: Vec<u8>) -> Self {
PublicKey {
options: None,
data: Data::Rsa {
exponent: e,
modulus: n,
},
comment: None,
}
}
/// get an ssh public key from dsa components
pub fn from_dsa(p: Vec<u8>, q: Vec<u8>, g: Vec<u8>, pkey: Vec<u8>) -> Self {
PublicKey {
options: None,
data: Data::Dsa {
p,
q,
g,
pub_key: pkey,
},
comment: None,
}
}
/// keytype returns the type of key in the format described by rfc4253
/// The output will be ssh-{type} where type is [rsa,ed25519,ecdsa,dsa]
pub fn keytype(&self) -> &'static str {
match self.data {
Data::Rsa { .. } => SSH_RSA,
Data::Dsa { .. } => SSH_DSA,
Data::Ed25519 { .. } => SSH_ED25519,
Data::Ed25519Sk { .. } => SSH_ED25519_SK,
Data::Ecdsa { ref curve, .. } => match *curve {
Curve::Nistp256 => SSH_ECDSA_256,
Curve::Nistp384 => SSH_ECDSA_384,
Curve::Nistp521 => SSH_ECDSA_521,
},
Data::EcdsaSk { .. } => SSH_ECDSA_SK,
}
}
/// data returns the data section of the key in the format described by rfc4253
/// the contents of the data section depend on the keytype. For RSA keys it
/// contains the keytype, exponent, and modulus in that order. Other types
/// have other data sections. This function doesn't base64 encode the data,
/// that task is left to the consumer of the output.
pub fn data(&self) -> Vec<u8> {
let mut writer = Writer::new();
writer.write_string(self.keytype());
match self.data {
Data::Rsa {
ref exponent,
ref modulus,
} => {
// the data for an rsa key consists of three pieces:
// ssh-rsa public-exponent modulus
// see ssh-rsa format in https://tools.ietf.org/html/rfc4253#section-6.6
writer.write_mpint(exponent.clone());
writer.write_mpint(modulus.clone());
}
Data::Dsa {
ref p,
ref q,
ref g,
ref pub_key,
} => {
writer.write_mpint(p.clone());
writer.write_mpint(q.clone());
writer.write_mpint(g.clone());
writer.write_mpint(pub_key.clone());
}
Data::Ed25519 { ref key } => {
writer.write_bytes(key.clone());
}
Data::Ed25519Sk {
ref key,
ref application,
} => {
writer.write_bytes(key.clone());
writer.write_bytes(application.clone());
}
Data::Ecdsa { ref curve, ref key } => {
writer.write_string(curve.curvetype());
writer.write_bytes(key.clone());
}
Data::EcdsaSk {
ref curve,
ref key,
ref application,
} => {
writer.write_string(curve.curvetype());
writer.write_bytes(key.clone());
writer.write_bytes(application.clone());
}
}
writer.into_vec()
}
pub fn set_comment(&mut self, comment: &str) {
self.comment = Some(comment.to_string());
}
/// to_key_format returns a string representation of the ssh key. this string
/// output is appropriate to use as a public key file. it adheres to the
/// format described in https://tools.ietf.org/html/rfc4253#section-6.6
///
/// an ssh key consists of four pieces:
///
/// [options] ssh-keytype data comment
///
/// the output of the data section is described in the documentation for the
/// data function. the options section is optional, and is not part of the
/// spec. rather, it is a field present in authorized_keys files or
/// known_hosts files.
pub fn to_key_format(&self) -> String {
let key = format!(
"{} {} {}",
self.keytype(),
BASE64.encode(self.data()),
self.comment.clone().unwrap_or_default()
);
if let Some(ref options) = self.options {
format!("{} {}", options, key)
} else {
key
}
}
/// size returns the size of the stored ssh key. for rsa keys this is
/// determined by the number of bits in the modulus. for dsa keys it's the
/// number of bits in the prime p.
///
/// see https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L261
/// for more details
pub fn size(&self) -> usize {
match self.data {
Data::Rsa { ref modulus, .. } => modulus.len() * 8,
Data::Dsa { ref p, .. } => p.len() * 8,
Data::Ed25519 { .. } | Data::Ed25519Sk { .. } => 256, // ??
Data::Ecdsa { ref curve, .. } | Data::EcdsaSk { ref curve, .. } => match *curve {
Curve::Nistp256 => 256,
Curve::Nistp384 => 384,
Curve::Nistp521 => 521,
},
}
}
/// fingerprint returns a string representing the fingerprint of the ssh key
/// the format of the fingerprint is described tersely in
/// https://tools.ietf.org/html/rfc4716#page-6. This uses the ssh-keygen
/// defaults of a base64 encoded SHA256 hash.
pub fn fingerprint(&self) -> String {
let data = self.data();
let mut hasher = Sha256::new();
hasher.update(&data);
let hashed = hasher.finalize();
let mut fingerprint = BASE64.encode(hashed);
// trim padding characters off the end. I'm not clear on exactly what
// this is doing but they do it here and the test fails without it
// https://github.com/openssh/openssh-portable/blob/643c2ad82910691b2240551ea8b14472f60b5078/sshkey.c#L918
if let Some(l) = fingerprint.find('=') {
fingerprint.truncate(l);
};
fingerprint
}
/// to_fingerprint_string prints out the fingerprint in the same format used
/// by `ssh-keygen -l -f key`, specifically the implementation here -
/// https://github.com/openssh/openssh-portable/blob/master/ssh-keygen.c#L842
/// right now it just sticks with the defaults of a base64 encoded SHA256
/// hash.
pub fn to_fingerprint_string(&self) -> String {
let keytype = match self.data {
Data::Rsa { .. } => "RSA",
Data::Dsa { .. } => "DSA",
Data::Ed25519 { .. } => "ED25519",
Data::Ed25519Sk { .. } => "ED25519_SK",
Data::Ecdsa { .. } => "ECDSA",
Data::EcdsaSk { .. } => "ECDSA_SK",
};
let comment = self
.comment
.clone()
.unwrap_or_else(|| "no comment".to_string());
format!(
"{} SHA256:{} {} ({})",
self.size(),
self.fingerprint(),
comment,
keytype
)
}
/// fingerprint_m5 returns a string representing the fingerprint of the ssh key
/// the format of the fingerprint is MD5, and the output looks like,
/// `fb:a0:5b:a0:21:01:47:33:3b:8d:9e:14:1a:4c:db:6d` .
pub fn fingerprint_md5(&self) -> String {
let mut sh = Md5::default();
sh.update(self.data());
let md5: Vec<String> = sh.finalize().iter().map(|n| format!("{:02x}", n)).collect();
md5.join(":")
}
/// to_fingerprint_m5_string prints out the fingerprint in the in hex format used
/// by `ssh-keygen -l -E md5 -f key`, and the output looks like,
/// `2048 MD5:fb:a0:5b:a0:21:01:47:33:3b:8d:9e:14:1a:4c:db:6d demos@anduin (RSA)` .
pub fn to_fingerprint_md5_string(&self) -> String {
let keytype = match self.data {
Data::Rsa { .. } => "RSA",
Data::Dsa { .. } => "DSA",
Data::Ed25519 { .. } => "ED25519",
Data::Ed25519Sk { .. } => "ED25519_SK",
Data::Ecdsa { .. } => "ECDSA",
Data::EcdsaSk { .. } => "ECDSA_SK",
};
let comment = self
.comment
.clone()
.unwrap_or_else(|| "no comment".to_string());
format!(
"{} MD5:{} {} ({})",
self.size(),
self.fingerprint_md5(),
comment,
keytype
)
}
}
#[cfg(test)]
mod tests {
use super::*;
const TEST_RSA_KEY: &str = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYH3vPUJThzriVlVKmKOg71EOVYm274oRa5KLWEoK0HmjMc9ru0j4ofouoeW/AVmRVujxfaIGR/8en/lUPkiv5DSeM6aXnDz5cExNptrAy/sMPLQhVALRrqQ+dkS9Ct/YA+A1Le5LPh4MJu79hCDLTwqSdKqDuUcYQzR0M7APslaDCR96zY+VUL4lKObUUd4wsP3opdTQ6G20qXEer14EPGr9N53S/u+JJGLoPlb1uPIH96oKY4t/SeLIRQsocdViRaiF/Aq7kPzWd/yCLVdXJSRt3CftboV4kLBHGteTS551J32MJoqjEi4Q/DucWYrQfx5H3qXVB+/G2HurKPIHL demos@siril";
const TEST_RSA_COMMENT_KEY: &str = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYH3vPUJThzriVlVKmKOg71EOVYm274oRa5KLWEoK0HmjMc9ru0j4ofouoeW/AVmRVujxfaIGR/8en/lUPkiv5DSeM6aXnDz5cExNptrAy/sMPLQhVALRrqQ+dkS9Ct/YA+A1Le5LPh4MJu79hCDLTwqSdKqDuUcYQzR0M7APslaDCR96zY+VUL4lKObUUd4wsP3opdTQ6G20qXEer14EPGr9N53S/u+JJGLoPlb1uPIH96oKY4t/SeLIRQsocdViRaiF/Aq7kPzWd/yCLVdXJSRt3CftboV4kLBHGteTS551J32MJoqjEi4Q/DucWYrQfx5H3qXVB+/G2HurKPIHL test";
const TEST_DSA_KEY: &str = "ssh-dss AAAAB3NzaC1kc3MAAACBAIkd9CkqldM2St8f53rfJT7kPgiA8leZaN7hdZd48hYJyKzVLoPdBMaGFuOwGjv0Im3JWqWAewANe0xeLceQL0rSFbM/mZV+1gc1nm1WmtVw4KJIlLXl3gS7NYfQ9Ith4wFnZd/xhRz9Q+MBsA1DgXew1zz4dLYI46KmFivJ7XDzAAAAFQC8z4VIhI4HlHTvB7FdwAfqWsvcOwAAAIBEqPIkW3HHDTSEhUhhV2AlIPNwI/bqaCXy2zYQ6iTT3oUh+N4xlRaBSvW+h2NC97U8cxd7Y0dXIbQKPzwNzRX1KA1F9WAuNzrx9KkpCg2TpqXShhp+Sseb+l6uJjthIYM6/0dvr9cBDMeExabPPgBo3Eii2NLbFSqIe86qav8hZAAAAIBk5AetZrG8varnzv1khkKh6Xq/nX9r1UgIOCQos2XOi2ErjlB9swYCzReo1RT7dalITVi7K9BtvJxbutQEOvN7JjJnPJs+M3OqRMMF+anXPdCWUIBxZUwctbkAD5joEjGDrNXHQEw9XixZ9p3wudbISnPFgZhS1sbS9Rlw5QogKg== demos@siril";
const TEST_ED25519_KEY: &str = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril";
const TEST_ED25519_SK_KEY: &str = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEX/dQ0v4127bEo8eeG1EV0ApO2lWbSnN6RWusn/NjqIAAAABHNzaDo= demos@siril";
const TEST_ECDSA256_KEY: &str = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIhfLQrww4DlhYzbSWXoX3ctOQ0jVosvfHfW+QWVotksbPzM2YgkIikTpoHUfZrYpJKWx7WYs5aqeLkdCDdk+jk= demos@siril";
const TEST_ECDSA_SK_KEY: &str = "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDZ+f5tSRhlB7EN39f93SscTN5PUvbD3UQsNrlE1ZdbwPMMRul2zlPiUvwAvnJitW0jlD/vwZOW2YN+q+iZ5c0MAAAAEc3NoOg== demos@siril";
#[test]
fn rsa_parse_to_string() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_RSA_KEY, out);
}
#[test]
fn rsa_size() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!(2048, key.size());
}
#[test]
fn rsa_keytype() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!("ssh-rsa", key.keytype());
}
#[test]
fn rsa_fingerprint() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!(
"YTw/JyJmeAAle1/7zuZkPP0C73BQ+6XrFEt2/Wy++2o",
key.fingerprint()
);
}
#[test]
fn rsa_fingerprint_string() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!(
"2048 SHA256:YTw/JyJmeAAle1/7zuZkPP0C73BQ+6XrFEt2/Wy++2o demos@siril (RSA)",
key.to_fingerprint_string()
);
}
#[test]
fn rsa_fingerprint_md5() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!(
"e9:a1:5b:cd:a3:69:d2:d9:17:cb:09:3e:78:e1:0d:dd",
key.fingerprint_md5()
);
}
#[test]
fn rsa_fingerprint_md5_string() {
let key = PublicKey::parse(TEST_RSA_KEY).unwrap();
assert_eq!(
"2048 MD5:e9:a1:5b:cd:a3:69:d2:d9:17:cb:09:3e:78:e1:0d:dd demos@siril (RSA)",
key.to_fingerprint_md5_string()
);
}
#[test]
fn rsa_set_comment() {
let mut key = PublicKey::parse(TEST_RSA_KEY).unwrap();
key.set_comment("test");
let out = key.to_string();
assert_eq!(TEST_RSA_COMMENT_KEY, out);
}
#[test]
fn dsa_parse_to_string() {
let key = PublicKey::parse(TEST_DSA_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_DSA_KEY, out);
}
#[test]
fn dsa_size() {
let key = PublicKey::parse(TEST_DSA_KEY).unwrap();
assert_eq!(1024, key.size());
}
#[test]
fn dsa_keytype() {
let key = PublicKey::parse(TEST_DSA_KEY).unwrap();
assert_eq!("ssh-dss", key.keytype());
}
#[test]
fn dsa_fingerprint() {
let key = PublicKey::parse(TEST_DSA_KEY).unwrap();
assert_eq!(
"/Pyxrjot1Hs5PN2Dpg/4pK2wxxtP9Igc3sDTAWIEXT4",
key.fingerprint()
);
}
#[test]
fn dsa_fingerprint_string() {
let key = PublicKey::parse(TEST_DSA_KEY).unwrap();
assert_eq!(
"1024 SHA256:/Pyxrjot1Hs5PN2Dpg/4pK2wxxtP9Igc3sDTAWIEXT4 demos@siril (DSA)",
key.to_fingerprint_string()
);
}
#[test]
fn ed25519_parse_to_string() {
let key = PublicKey::parse(TEST_ED25519_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_ED25519_KEY, out);
}
#[test]
fn ed25519_size() {
let key = PublicKey::parse(TEST_ED25519_KEY).unwrap();
assert_eq!(256, key.size());
}
#[test]
fn ed25519_keytype() {
let key = PublicKey::parse(TEST_ED25519_KEY).unwrap();
assert_eq!("ssh-ed25519", key.keytype());
}
#[test]
fn ed25519_fingerprint() {
let key = PublicKey::parse(TEST_ED25519_KEY).unwrap();
assert_eq!(
"A/lHzXxsgbp11dcKKfSDyNQIdep7EQgZEoRYVDBfNdI",
key.fingerprint()
);
}
#[test]
fn ed25519_fingerprint_string() {
let key = PublicKey::parse(TEST_ED25519_KEY).unwrap();
assert_eq!(
"256 SHA256:A/lHzXxsgbp11dcKKfSDyNQIdep7EQgZEoRYVDBfNdI demos@siril (ED25519)",
key.to_fingerprint_string()
);
}
#[test]
fn ed25519_sk_parse_to_string() {
let key = PublicKey::parse(TEST_ED25519_SK_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_ED25519_SK_KEY, out);
}
#[test]
fn ed25519_sk_size() {
let key = PublicKey::parse(TEST_ED25519_SK_KEY).unwrap();
assert_eq!(256, key.size());
}
#[test]
fn ed25519_sk_keytype() {
let key = PublicKey::parse(TEST_ED25519_SK_KEY).unwrap();
assert_eq!("sk-ssh-ed25519@openssh.com", key.keytype());
}
#[test]
fn ed25519_sk_fingerprint() {
let key = PublicKey::parse(TEST_ED25519_SK_KEY).unwrap();
assert_eq!(
"U8IKRkIHed6vFMTflwweA3HhIf2DWgZ8EFTm9fgwOUk",
key.fingerprint()
);
}
#[test]
fn ed25519_sk_fingerprint_string() {
let key = PublicKey::parse(TEST_ED25519_SK_KEY).unwrap();
assert_eq!(
"256 SHA256:U8IKRkIHed6vFMTflwweA3HhIf2DWgZ8EFTm9fgwOUk demos@siril (ED25519_SK)",
key.to_fingerprint_string()
);
}
#[test]
fn ecdsa256_parse_to_string() {
let key = PublicKey::parse(TEST_ECDSA256_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_ECDSA256_KEY, out);
}
#[test]
fn ecdsa256_size() {
let key = PublicKey::parse(TEST_ECDSA256_KEY).unwrap();
assert_eq!(256, key.size());
}
#[test]
fn ecdsa256_keytype() {
let key = PublicKey::parse(TEST_ECDSA256_KEY).unwrap();
assert_eq!("ecdsa-sha2-nistp256", key.keytype());
}
#[test]
fn ecdsa256_fingerprint() {
let key = PublicKey::parse(TEST_ECDSA256_KEY).unwrap();
assert_eq!(
"BzS5YXMW/d2vFk8Oqh+nKmvKr8X/FTLBfJgDGLu5GAs",
key.fingerprint()
);
}
#[test]
fn ecdsa256_fingerprint_string() {
let key = PublicKey::parse(TEST_ECDSA256_KEY).unwrap();
assert_eq!(
"256 SHA256:BzS5YXMW/d2vFk8Oqh+nKmvKr8X/FTLBfJgDGLu5GAs demos@siril (ECDSA)",
key.to_fingerprint_string()
);
}
#[test]
fn ecdsa_sk_parse_to_string() {
let key = PublicKey::parse(TEST_ECDSA_SK_KEY).unwrap();
let out = key.to_string();
assert_eq!(TEST_ECDSA_SK_KEY, out);
}
#[test]
fn ecdsa_sk_size() {
let key = PublicKey::parse(TEST_ECDSA_SK_KEY).unwrap();
assert_eq!(256, key.size());
}
#[test]
fn ecdsa_sk_keytype() {
let key = PublicKey::parse(TEST_ECDSA_SK_KEY).unwrap();
assert_eq!("sk-ecdsa-sha2-nistp256@openssh.com", key.keytype());
}
#[test]
fn ecdsa_sk_fingerprint() {
let key = PublicKey::parse(TEST_ECDSA_SK_KEY).unwrap();
assert_eq!(
"N0sNKBgWKK8usPuPegtgzHQQA9vQ/dRhAEhwFDAnLA4",
key.fingerprint()
);
}
#[test]
fn ecdsa_sk_fingerprint_string() {
let key = PublicKey::parse(TEST_ECDSA_SK_KEY).unwrap();
assert_eq!(
"256 SHA256:N0sNKBgWKK8usPuPegtgzHQQA9vQ/dRhAEhwFDAnLA4 demos@siril (ECDSA_SK)",
key.to_fingerprint_string()
);
}
#[test]
fn option_parse() {
let key = PublicKey::parse("agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril").unwrap();
assert_eq!(Some("agent-forwarding".into()), key.options);
assert_eq!("agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril", key.to_string());
let key = PublicKey::parse("from=\"*.sales.example.net,!pc.sales.example.net\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril").unwrap();
assert_eq!(
Some("from=\"*.sales.example.net,!pc.sales.example.net\"".into()),
key.options
);
assert_eq!("from=\"*.sales.example.net,!pc.sales.example.net\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril", key.to_string());
let key = PublicKey::parse("permitopen=\"192.0.2.1:80\",permitopen=\"192.0.2.2:25\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril").unwrap();
assert_eq!(
Some("permitopen=\"192.0.2.1:80\",permitopen=\"192.0.2.2:25\"".into()),
key.options
);
assert_eq!("permitopen=\"192.0.2.1:80\",permitopen=\"192.0.2.2:25\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril", key.to_string());
let key = PublicKey::parse("command=\"echo \\\"holy shell escaping batman\\\"\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril").unwrap();
assert_eq!(
Some("command=\"echo \\\"holy shell escaping batman\\\"\"".into()),
key.options
);
assert_eq!("command=\"echo \\\"holy shell escaping batman\\\"\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril", key.to_string());
let key = PublicKey::parse("command=\"dump /home\",no-pty,no-port-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril").unwrap();
assert_eq!(
Some("command=\"dump /home\",no-pty,no-port-forwarding".into()),
key.options
);
assert_eq!("command=\"dump /home\",no-pty,no-port-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril", key.to_string());
}
#[test]
fn hostname_parse() {
let key = PublicKey::parse("ec2-52-53-211-129.us-west-1.compute.amazonaws.com,52.53.211.129 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFHnC16I49ccjBo68lvN1+zpnAuTGbZjHFi2JRgPZK5o02UDCrFYCUhuS3oCh75+6YmVyReLZAyAM7S/5wjMzTY=").unwrap();
assert_eq!(
Some("ec2-52-53-211-129.us-west-1.compute.amazonaws.com,52.53.211.129".into()),
key.options
);
assert_eq!("ec2-52-53-211-129.us-west-1.compute.amazonaws.com,52.53.211.129 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFHnC16I49ccjBo68lvN1+zpnAuTGbZjHFi2JRgPZK5o02UDCrFYCUhuS3oCh75+6YmVyReLZAyAM7S/5wjMzTY=", key.to_string().trim());
let key = PublicKey::parse("[fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==").unwrap();
assert_eq!(
Some("[fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090".into()),
key.options
);
assert_eq!("[fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==", key.to_string().trim());
let key = PublicKey::parse("@revoked [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==").unwrap();
assert_eq!(
Some("@revoked [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090".into()),
key.options
);
assert_eq!("@revoked [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==", key.to_string().trim());
let key = PublicKey::parse("@cert-authority [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==").unwrap();
assert_eq!(
Some("@cert-authority [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090".into()),
key.options
);
assert_eq!("@cert-authority [fangorn.csh.rit.edu]:9090,[129.21.50.131]:9090 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAopjUBQqif5ILeoMHjJ9wGlGs2eNHEv3+OAiiEDHCapNm3guNa+T/ZMtedaC/0P8bLBCXMiyNQU04N/IRyN3Mp/SGhtGJl1PDENXzPB9aoxsB2HHc8s8P7mxal1G4BtCT/fJM5XywEHWAcHkzW91iTK+ApAdqt6AHj35ogil9maFlUNKcXz2aW27hdbDtC0fautvWd9RIITHPq00rdvaHjRcc2msv8LddhBkStP8FrB39RPu9M+ikBkTwdQTSGcIBDYJgt3la2KMwmU1F81cq17wb21lPriBwr626lBiir/WdrBsoAsANeZfyzpAm8K4ssI3eu9eklxpEKdAdNRJbpQ==", key.to_string().trim());
}
#[test]
fn read_keys() {
let authorized_keys = "# authorized keys
command=\"echo \\\"holy shell escaping batman\\\"\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril
agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril
ssh-dss AAAAB3NzaC1kc3MAAACBAIkd9CkqldM2St8f53rfJT7kPgiA8leZaN7hdZd48hYJyKzVLoPdBMaGFuOwGjv0Im3JWqWAewANe0xeLceQL0rSFbM/mZV+1gc1nm1WmtVw4KJIlLXl3gS7NYfQ9Ith4wFnZd/xhRz9Q+MBsA1DgXew1zz4dLYI46KmFivJ7XDzAAAAFQC8z4VIhI4HlHTvB7FdwAfqWsvcOwAAAIBEqPIkW3HHDTSEhUhhV2AlIPNwI/bqaCXy2zYQ6iTT3oUh+N4xlRaBSvW+h2NC97U8cxd7Y0dXIbQKPzwNzRX1KA1F9WAuNzrx9KkpCg2TpqXShhp+Sseb+l6uJjthIYM6/0dvr9cBDMeExabPPgBo3Eii2NLbFSqIe86qav8hZAAAAIBk5AetZrG8varnzv1khkKh6Xq/nX9r1UgIOCQos2XOi2ErjlB9swYCzReo1RT7dalITVi7K9BtvJxbutQEOvN7JjJnPJs+M3OqRMMF+anXPdCWUIBxZUwctbkAD5joEjGDrNXHQEw9XixZ9p3wudbISnPFgZhS1sbS9Rlw5QogKg==
";
let key1 = "command=\"echo \\\"holy shell escaping batman\\\"\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril";
let key2 = "agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ demos@siril";
let key3 = "ssh-dss AAAAB3NzaC1kc3MAAACBAIkd9CkqldM2St8f53rfJT7kPgiA8leZaN7hdZd48hYJyKzVLoPdBMaGFuOwGjv0Im3JWqWAewANe0xeLceQL0rSFbM/mZV+1gc1nm1WmtVw4KJIlLXl3gS7NYfQ9Ith4wFnZd/xhRz9Q+MBsA1DgXew1zz4dLYI46KmFivJ7XDzAAAAFQC8z4VIhI4HlHTvB7FdwAfqWsvcOwAAAIBEqPIkW3HHDTSEhUhhV2AlIPNwI/bqaCXy2zYQ6iTT3oUh+N4xlRaBSvW+h2NC97U8cxd7Y0dXIbQKPzwNzRX1KA1F9WAuNzrx9KkpCg2TpqXShhp+Sseb+l6uJjthIYM6/0dvr9cBDMeExabPPgBo3Eii2NLbFSqIe86qav8hZAAAAIBk5AetZrG8varnzv1khkKh6Xq/nX9r1UgIOCQos2XOi2ErjlB9swYCzReo1RT7dalITVi7K9BtvJxbutQEOvN7JjJnPJs+M3OqRMMF+anXPdCWUIBxZUwctbkAD5joEjGDrNXHQEw9XixZ9p3wudbISnPFgZhS1sbS9Rlw5QogKg== ";
let keys = PublicKey::read_keys(authorized_keys.as_bytes()).unwrap();
assert_eq!(key1, keys[0].to_string());
assert_eq!(key2, keys[1].to_string());
assert_eq!(key3, keys[2].to_string());
}
#[test]
fn comment_should_be_none_when_absent() {
let key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/";
let key = PublicKey::parse(key).unwrap();
assert!(key.comment.is_none());
}
#[test]
fn comment_should_be_none_when_empty_string() {
let key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ ";
let key = PublicKey::parse(key).unwrap();
assert!(key.comment.is_none());
}
#[test]
fn comment_should_preserve_special_characters() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ !@#$%^&*()_+-={}|[]\\:\";'<>?,./";
let key = PublicKey::parse(key).unwrap();
assert_eq!(key.comment.unwrap(), "!@#$%^&*()_+-={}|[]\\:\";'<>?,./");
}
#[test]
fn comment_should_preserve_multiple_spaces() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ comment with multiple spaces";
let key = PublicKey::parse(key).unwrap();
assert_eq!(key.comment.unwrap(), "comment with multiple spaces");
}
#[test]
fn comment_should_remove_leading_and_trailing_spaces_while_keeping_body_intact() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ leading and trailing spaces are trimmed ";
let key = PublicKey::parse(key).unwrap();
assert_eq!(
key.comment.unwrap(),
"leading and trailing spaces are trimmed"
);
}
#[test]
fn comment_should_not_preserve_newlines() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ comment with\nnewlines";
let key = PublicKey::parse(key);
assert!(key.is_err());
}
#[test]
fn comment_should_preserve_mixed_whitespace() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ mixed white\t space";
let key = PublicKey::parse(key).unwrap();
assert_eq!(key.comment.unwrap(), "mixed white\t space");
}
#[test]
fn comment_should_preserve_unicode_characters() {
let key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhBr6++FQXB8kkgOMbdxBuyrHzuX5HkElswrN6DQoN/ comment with unicode: 中文, русский, عربى";
let key = PublicKey::parse(key).unwrap();
assert_eq!(
key.comment.unwrap(),
"comment with unicode: 中文, русский, عربى"
);
}
}