use std::collections::HashMap;
extern crate sshkeys;
#[test]
fn test_rsa_pubkey_1024() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_rsa_1024.pub").unwrap();
assert_eq!(key.key_type.name, "ssh-rsa");
assert_eq!(key.key_type.plain, "ssh-rsa");
assert_eq!(key.key_type.short_name, "RSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(key.bits(), 1024);
assert_eq!(key.comment, None);
match key.kind {
sshkeys::PublicKeyKind::Rsa(_) => {}
_ => panic!("Expected RSA public key"),
}
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "izTlwvAwZNoPhsSHPFvSWBx7mAnX0regyVjXfQTMv6Y");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"dBi3NL7zSWb1zsQob8ROuRggCtkr6n60VbIy+Io4iYil4UIieUvcco03TWpjdv/u"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"0GhrWC58WCwoXXE5mfmKBeLdEjwH2Xzg1Z3K7n5mBtLmcTu+OeIOw9bJJ2FPuskz57Bu2dJvOFkGidw2RW4fvg"
);
}
#[test]
fn test_rsa_pubkey_2048() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_rsa_2048.pub").unwrap();
assert_eq!(key.key_type.name, "ssh-rsa");
assert_eq!(key.key_type.plain, "ssh-rsa");
assert_eq!(key.key_type.short_name, "RSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(key.bits(), 2048);
assert_eq!(key.comment, Some("me@home".to_string()));
match key.kind {
sshkeys::PublicKeyKind::Rsa(_) => {}
_ => panic!("Expected RSA public key"),
};
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "5mDozobgKuNO6/FutOgATBvGfYQbNfBlUY6iBYSdqF0");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"dgNFIE9GNNznHqdnL7Ml1CScn5X/5NAT2tpSqd6NWGhXPU3o1rz3SMKyELzuuArv"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"FDoxtx0ir1FlZUkHjUugzNZE7Qi3lJaUkN9QabPulm6/MXAcXXIhsW5C/mJaCDY1hDbeoo39aqHcTO+MdQiJsQ"
);
}
#[test]
#[should_panic(expected = "Invalid format")]
fn test_rsa_pubkey_2048_invalid_format() {
match sshkeys::PublicKey::from_path("tests/test-keys/id_rsa_2048_invalid_format.pub") {
Ok(v) => panic!("Expected invalid format, got {:?}", v),
Err(e) => panic!("{}", e.to_string()),
}
}
#[test]
#[should_panic(expected = "Unknown key type")]
fn test_rsa_pubkey_2048_unknown_keytype() {
match sshkeys::PublicKey::from_path("tests/test-keys/id_rsa_2048_unknown_keytype.pub") {
Ok(v) => panic!("Expected unknown key type, got {:?}", v),
Err(e) => panic!("{}", e.to_string()),
}
}
#[test]
fn test_rsa_user_cert() {
let cert = sshkeys::Certificate::from_path("tests/test-keys/id_rsa_2048-cert.pub").unwrap();
assert_eq!(cert.key_type.name, "ssh-rsa-cert-v01@openssh.com");
assert_eq!(cert.key_type.plain, "ssh-rsa");
assert_eq!(cert.key_type.short_name, "RSA-CERT");
assert_eq!(cert.key_type.is_cert, true);
assert_eq!(cert.key_type.is_sk, false);
assert_eq!(cert.key_type.kind, sshkeys::KeyTypeKind::RsaCert);
assert_eq!(cert.key.key_type.name, "ssh-rsa-cert-v01@openssh.com");
assert_eq!(cert.key.key_type.plain, "ssh-rsa");
assert_eq!(cert.key.key_type.short_name, "RSA-CERT");
assert_eq!(cert.key.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key.key_type.kind, sshkeys::KeyTypeKind::RsaCert);
assert_eq!(cert.key.bits(), 2048);
assert_eq!(cert.key.comment, None);
let sha256fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "5mDozobgKuNO6/FutOgATBvGfYQbNfBlUY6iBYSdqF0");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"dgNFIE9GNNznHqdnL7Ml1CScn5X/5NAT2tpSqd6NWGhXPU3o1rz3SMKyELzuuArv"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"FDoxtx0ir1FlZUkHjUugzNZE7Qi3lJaUkN9QabPulm6/MXAcXXIhsW5C/mJaCDY1hDbeoo39aqHcTO+MdQiJsQ"
);
assert_eq!(cert.serial, 0);
assert_eq!(cert.cert_type, sshkeys::CertType::User);
assert_eq!(cert.key_id, "john.doe");
assert_eq!(cert.valid_principals, vec!["root"]);
assert_eq!(cert.valid_after, 1505374860);
assert_eq!(cert.valid_before, 1536824561);
let mut co = HashMap::new();
co.insert("force-command".to_string(), "/usr/bin/true".to_string());
co.insert("source-address".to_string(), "127.0.0.1".to_string());
assert_eq!(cert.critical_options, co);
let mut extensions = HashMap::new();
extensions.insert("permit-X11-forwarding".to_string(), "".to_string());
extensions.insert("permit-agent-forwarding".to_string(), "".to_string());
extensions.insert("permit-port-forwarding".to_string(), "".to_string());
extensions.insert("permit-pty".to_string(), "".to_string());
extensions.insert("permit-user-rc".to_string(), "".to_string());
assert_eq!(cert.extensions, extensions);
assert_eq!(cert.reserved, Vec::new());
assert_eq!(cert.signature_key.key_type.name, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.plain, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.short_name, "RSA");
assert_eq!(cert.signature_key.key_type.is_cert, false);
assert_eq!(cert.signature_key.key_type.is_sk, false);
assert_eq!(cert.signature_key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(cert.signature_key.bits(), 2048);
assert_eq!(cert.signature_key.comment, None);
let sha256fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "8bEmsdiV2BXhjrzPhp8dPrSLUK3U/YpIXT8NIw6Ym+s");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"7+2ZLPaqbntHUtypie8404NhIIqgo9b6/XWNABjgTphWic38/EDYXYm35SLllIxm"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"BrQgwbsBLlnyiOGITMfl+H2I7HCcCYiy22Hx0j62bWvifyZLyGA5PIoId+846U1P31cMX77l9Ok0qh9meltGCw"
);
assert_eq!(cert.comment, Some("me@home".to_string()));
}
#[test]
#[should_panic(expected = "Not a certificate")]
fn test_rsa_not_cert() {
match sshkeys::Certificate::from_path("tests/test-keys/id_rsa_2048.pub") {
Ok(v) => panic!("Expected public key, got certificate {:?}", v),
Err(e) => panic!("{}", e.to_string()),
}
}
#[test]
fn test_dsa_pubkey_1024() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_dsa_1024.pub").unwrap();
assert_eq!(key.key_type.name, "ssh-dss");
assert_eq!(key.key_type.plain, "ssh-dss");
assert_eq!(key.key_type.short_name, "DSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Dsa);
assert_eq!(key.bits(), 1024);
assert_eq!(key.comment, Some("me@home".to_string()));
match key.kind {
sshkeys::PublicKeyKind::Dsa(_) => {}
_ => panic!("Expected DSA public key"),
}
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "i+5TCv/r9PXHeJMeGbgH8xfpgbGsTFFKapQudFR2aFQ");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"m55cGSOiyn+U2mJX7sLOK/hcwDQmh16YhC5/ibhc2tnn8OOin4sXgpBRY6ZLXL/j"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"nNCtXgIQx+DZTUQPDVEVIl5SObBlD4MiJzBiFUsuNGPnjoF22kQeQkGYCioWfGQBrUR33p9/1jXLHfpHETuYSw"
);
}
#[test]
fn test_dsa_user_cert() {
let cert = sshkeys::Certificate::from_path("tests/test-keys/id_dsa_1024-cert.pub").unwrap();
assert_eq!(cert.key_type.name, "ssh-dss-cert-v01@openssh.com");
assert_eq!(cert.key_type.plain, "ssh-dss");
assert_eq!(cert.key_type.short_name, "DSA-CERT");
assert_eq!(cert.key_type.is_cert, true);
assert_eq!(cert.key_type.is_sk, false);
assert_eq!(cert.key_type.kind, sshkeys::KeyTypeKind::DsaCert);
assert_eq!(cert.key.key_type.name, "ssh-dss-cert-v01@openssh.com");
assert_eq!(cert.key.key_type.plain, "ssh-dss");
assert_eq!(cert.key.key_type.short_name, "DSA-CERT");
assert_eq!(cert.key.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key.key_type.kind, sshkeys::KeyTypeKind::DsaCert);
assert_eq!(cert.key.bits(), 1024);
assert_eq!(cert.key.comment, None);
let sha256fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "i+5TCv/r9PXHeJMeGbgH8xfpgbGsTFFKapQudFR2aFQ");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"m55cGSOiyn+U2mJX7sLOK/hcwDQmh16YhC5/ibhc2tnn8OOin4sXgpBRY6ZLXL/j"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"nNCtXgIQx+DZTUQPDVEVIl5SObBlD4MiJzBiFUsuNGPnjoF22kQeQkGYCioWfGQBrUR33p9/1jXLHfpHETuYSw"
);
assert_eq!(cert.serial, 0);
assert_eq!(cert.cert_type, sshkeys::CertType::User);
assert_eq!(cert.key_id, "john.doe");
assert_eq!(cert.valid_principals, vec!["root"]);
assert_eq!(cert.valid_after, 1505475180);
assert_eq!(cert.valid_before, 1536924895);
let mut co = HashMap::new();
co.insert("force-command".to_string(), "/usr/bin/true".to_string());
co.insert("source-address".to_string(), "127.0.0.1".to_string());
assert_eq!(cert.critical_options, co);
let mut extensions = HashMap::new();
extensions.insert("permit-X11-forwarding".to_string(), "".to_string());
extensions.insert("permit-agent-forwarding".to_string(), "".to_string());
extensions.insert("permit-port-forwarding".to_string(), "".to_string());
extensions.insert("permit-pty".to_string(), "".to_string());
extensions.insert("permit-user-rc".to_string(), "".to_string());
assert_eq!(cert.extensions, extensions);
assert_eq!(cert.reserved, Vec::new());
assert_eq!(cert.signature_key.key_type.name, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.plain, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.short_name, "RSA");
assert_eq!(cert.signature_key.key_type.is_cert, false);
assert_eq!(cert.signature_key.key_type.is_sk, false);
assert_eq!(cert.signature_key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(cert.signature_key.bits(), 2048);
assert_eq!(cert.signature_key.comment, None);
let sha256fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "8bEmsdiV2BXhjrzPhp8dPrSLUK3U/YpIXT8NIw6Ym+s");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"7+2ZLPaqbntHUtypie8404NhIIqgo9b6/XWNABjgTphWic38/EDYXYm35SLllIxm"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"BrQgwbsBLlnyiOGITMfl+H2I7HCcCYiy22Hx0j62bWvifyZLyGA5PIoId+846U1P31cMX77l9Ok0qh9meltGCw"
);
assert_eq!(cert.comment, Some("me@home".to_string()));
}
#[test]
pub fn test_ecdsa_nistp256_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ecdsa_256.pub").unwrap();
assert_eq!(key.key_type.name, "ecdsa-sha2-nistp256");
assert_eq!(key.key_type.plain, "ecdsa-sha2-nistp256");
assert_eq!(key.key_type.short_name, "ECDSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ecdsa);
assert_eq!(key.bits(), 256);
assert_eq!(key.comment, Some("me@home".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "RiRAmX+9kOD9dgFhocPtQi726sZXbQ2RmrkXevu6Avg");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"fM0Czmf55Od4g4zbLZueLFnbwFr0DmJQytpB7Xb2kjG6diar/7CskhVUkfX43fh6"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"8qXVmeSbYWN6D79reref2iz+tadg68qpkJDG0Z6B6u4U7XK0C3vYrDQVHg38FUKxvzAkw0c2gOYXqhP1RYo+Fw"
);
let ecdsa = match key.kind {
sshkeys::PublicKeyKind::Ecdsa(ref k) => k,
_ => panic!("Expected ECDSA public key"),
};
assert_eq!(ecdsa.curve.identifier, "nistp256");
assert_eq!(ecdsa.curve.kind, sshkeys::CurveKind::Nistp256);
}
#[test]
pub fn test_ecdsa_nistp256_comments_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ecdsa_256_comments.pub").unwrap();
assert_eq!(key.key_type.name, "ecdsa-sha2-nistp256");
assert_eq!(key.key_type.plain, "ecdsa-sha2-nistp256");
assert_eq!(key.key_type.short_name, "ECDSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ecdsa);
assert_eq!(key.bits(), 256);
assert_eq!(
key.comment,
Some("key comments may have spaces in them".to_string())
);
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "bh2k30ub4oFtYkuunDUwE+PhYcNIFL9xGZ4ebnzV0pQ");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"d/LHFvqkPVvDKHqrmBoU8ImjFISsMkXSnM+O5ulEO2sWhLmhi+pC4XG9UgeJ/7yT"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"tZEZPMSjUYd3hl5905l1WPniViYy+6srjW9cljXRV2fn/Rr6/q8CZnrJKYMkTdsccObe3cRoIs4BcuJJ2rktaQ"
);
let ecdsa = match key.kind {
sshkeys::PublicKeyKind::Ecdsa(ref k) => k,
_ => panic!("Expected ECDSA public key"),
};
assert_eq!(ecdsa.curve.identifier, "nistp256");
assert_eq!(ecdsa.curve.kind, sshkeys::CurveKind::Nistp256);
}
#[test]
pub fn test_ecdsa_nistp384_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ecdsa_384.pub").unwrap();
assert_eq!(key.key_type.name, "ecdsa-sha2-nistp384");
assert_eq!(key.key_type.plain, "ecdsa-sha2-nistp384");
assert_eq!(key.key_type.short_name, "ECDSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ecdsa);
assert_eq!(key.bits(), 384);
assert_eq!(key.comment, Some("me@home".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "XyWmNHs59uQcNJBv6Iq6sbDAa5/u2GD1Nyu2YHcS2jQ");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"YXnQ8c1kDAQirgRgHSwswvT6zOFmvbvwL8au771Ska7+arFQgMe5Se9LPXeKmIWR"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"p73av0cbNsWXLexTQNpUxjGE4k+on8IrwsmIJP7xUhf7s1irVTBCpLA0wJ44IbMzUvMLuIj/FtoV1nTilYpb3w"
);
let ecdsa = match key.kind {
sshkeys::PublicKeyKind::Ecdsa(ref k) => k,
_ => panic!("Expected ECDSA public key"),
};
assert_eq!(ecdsa.curve.identifier, "nistp384");
assert_eq!(ecdsa.curve.kind, sshkeys::CurveKind::Nistp384);
}
#[test]
pub fn test_ecdsa_nistp521_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ecdsa_521.pub").unwrap();
assert_eq!(key.key_type.name, "ecdsa-sha2-nistp521");
assert_eq!(key.key_type.plain, "ecdsa-sha2-nistp521");
assert_eq!(key.key_type.short_name, "ECDSA");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ecdsa);
assert_eq!(key.bits(), 521);
assert_eq!(key.comment, Some("me@home".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "kEdMLsbAeJPDv3mEwIchjSxkcL/+XFzI9u1NHCWbsT8");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"ZD2U1VncXLttbPAEMtUX/rCl4JtgxI1XJOYPXeP7EzzBeXr3KVVb4Wn/u/Qp4i0Q"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"4EI3hnZ0KhIa0Sp8Z1CWWL8I0t8DaSs4+E8jiLFRAZ+EUeFYPysy6SrCbMDgSk5sfo3+2UA5SVqnZtBdmVQeIg"
);
let ecdsa = match key.kind {
sshkeys::PublicKeyKind::Ecdsa(ref k) => k,
_ => panic!("Expected ECDSA public key"),
};
assert_eq!(ecdsa.curve.identifier, "nistp521");
assert_eq!(ecdsa.curve.kind, sshkeys::CurveKind::Nistp521);
}
#[test]
fn test_ecdsa_user_cert() {
let cert = sshkeys::Certificate::from_path("tests/test-keys/id_ecdsa_521-cert.pub").unwrap();
assert_eq!(
cert.key_type.name,
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
);
assert_eq!(cert.key_type.plain, "ecdsa-sha2-nistp521");
assert_eq!(cert.key_type.short_name, "ECDSA-CERT");
assert_eq!(cert.key_type.is_cert, true);
assert_eq!(cert.key_type.is_sk, false);
assert_eq!(cert.key_type.kind, sshkeys::KeyTypeKind::EcdsaCert);
assert_eq!(
cert.key.key_type.name,
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
);
assert_eq!(cert.key.key_type.plain, "ecdsa-sha2-nistp521");
assert_eq!(cert.key.key_type.short_name, "ECDSA-CERT");
assert_eq!(cert.key.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key.key_type.kind, sshkeys::KeyTypeKind::EcdsaCert);
assert_eq!(cert.key.bits(), 521);
assert_eq!(cert.key.comment, None);
let sha256fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "kEdMLsbAeJPDv3mEwIchjSxkcL/+XFzI9u1NHCWbsT8");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"ZD2U1VncXLttbPAEMtUX/rCl4JtgxI1XJOYPXeP7EzzBeXr3KVVb4Wn/u/Qp4i0Q"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"4EI3hnZ0KhIa0Sp8Z1CWWL8I0t8DaSs4+E8jiLFRAZ+EUeFYPysy6SrCbMDgSk5sfo3+2UA5SVqnZtBdmVQeIg"
);
assert_eq!(cert.serial, 0);
assert_eq!(cert.cert_type, sshkeys::CertType::User);
assert_eq!(cert.key_id, "john.doe");
assert_eq!(cert.valid_principals, vec!["root"]);
assert_eq!(cert.valid_after, 1506340920);
assert_eq!(cert.valid_before, 1537790635);
let mut co = HashMap::new();
co.insert("source-address".to_string(), "127.0.0.1".to_string());
assert_eq!(cert.critical_options, co);
let mut extensions = HashMap::new();
extensions.insert("permit-X11-forwarding".to_string(), "".to_string());
extensions.insert("permit-agent-forwarding".to_string(), "".to_string());
extensions.insert("permit-port-forwarding".to_string(), "".to_string());
extensions.insert("permit-pty".to_string(), "".to_string());
extensions.insert("permit-user-rc".to_string(), "".to_string());
assert_eq!(cert.extensions, extensions);
assert_eq!(cert.reserved, Vec::new());
assert_eq!(cert.signature_key.key_type.name, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.plain, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.short_name, "RSA");
assert_eq!(cert.signature_key.key_type.is_cert, false);
assert_eq!(cert.signature_key.key_type.is_sk, false);
assert_eq!(cert.signature_key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(cert.signature_key.bits(), 2048);
assert_eq!(cert.signature_key.comment, None);
let sha256fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "8bEmsdiV2BXhjrzPhp8dPrSLUK3U/YpIXT8NIw6Ym+s");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"7+2ZLPaqbntHUtypie8404NhIIqgo9b6/XWNABjgTphWic38/EDYXYm35SLllIxm"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"BrQgwbsBLlnyiOGITMfl+H2I7HCcCYiy22Hx0j62bWvifyZLyGA5PIoId+846U1P31cMX77l9Ok0qh9meltGCw"
);
assert_eq!(cert.comment, Some("me@home".to_string()));
}
#[test]
pub fn test_ed25519_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ed25519.pub").unwrap();
assert_eq!(key.key_type.name, "ssh-ed25519");
assert_eq!(key.key_type.plain, "ssh-ed25519");
assert_eq!(key.key_type.short_name, "ED25519");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, false);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ed25519);
assert_eq!(key.bits(), 256);
assert_eq!(key.comment, Some("me@home".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "ppYFPx0k4Ogs230n6eX9vGPpnNsTB0LPrDWXh1YjClA");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"B4spD+NiA6esYoqr6dx+w0wBI3p3rQJsTku1rXIWGXTO87W1vvTKMFpwUOdNST2h"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"ljOfAT2lmNZbMDGNwNiLH/dPFIu+euUdXHP+5m0IobCBFYdg7mv8ltqtDBP2vP9vUcOWOow90EQoTPR4oZR1Nw"
);
let ed25519 = match key.kind {
sshkeys::PublicKeyKind::Ed25519(ref k) => k,
_ => panic!("Expected ED25519 public key"),
};
assert_eq!(ed25519.key.len(), 32);
}
#[test]
pub fn test_ed25519_user_cert() {
let cert = sshkeys::Certificate::from_path("tests/test-keys/id_ed25519-cert.pub").unwrap();
assert_eq!(cert.key_type.name, "ssh-ed25519-cert-v01@openssh.com");
assert_eq!(cert.key_type.plain, "ssh-ed25519");
assert_eq!(cert.key_type.short_name, "ED25519-CERT");
assert_eq!(cert.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key_type.kind, sshkeys::KeyTypeKind::Ed25519Cert);
assert_eq!(cert.key.key_type.name, "ssh-ed25519-cert-v01@openssh.com");
assert_eq!(cert.key.key_type.plain, "ssh-ed25519");
assert_eq!(cert.key.key_type.short_name, "ED25519-CERT");
assert_eq!(cert.key.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key.key_type.kind, sshkeys::KeyTypeKind::Ed25519Cert);
assert_eq!(cert.key.bits(), 256);
assert_eq!(cert.key.comment, None);
let sha256fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "ppYFPx0k4Ogs230n6eX9vGPpnNsTB0LPrDWXh1YjClA");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"B4spD+NiA6esYoqr6dx+w0wBI3p3rQJsTku1rXIWGXTO87W1vvTKMFpwUOdNST2h"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"ljOfAT2lmNZbMDGNwNiLH/dPFIu+euUdXHP+5m0IobCBFYdg7mv8ltqtDBP2vP9vUcOWOow90EQoTPR4oZR1Nw"
);
assert_eq!(cert.serial, 0);
assert_eq!(cert.cert_type, sshkeys::CertType::User);
assert_eq!(cert.key_id, "john.doe");
assert_eq!(cert.valid_principals, vec!["root"]);
assert_eq!(cert.valid_after, 1506934140);
assert_eq!(cert.valid_before, 1538383841);
let mut co = HashMap::new();
co.insert("force-command".to_string(), "/usr/bin/true".to_string());
assert_eq!(cert.critical_options, co);
let mut extensions = HashMap::new();
extensions.insert("permit-X11-forwarding".to_string(), "".to_string());
extensions.insert("permit-agent-forwarding".to_string(), "".to_string());
extensions.insert("permit-port-forwarding".to_string(), "".to_string());
extensions.insert("permit-pty".to_string(), "".to_string());
extensions.insert("permit-user-rc".to_string(), "".to_string());
assert_eq!(cert.extensions, extensions);
assert_eq!(cert.reserved, Vec::new());
assert_eq!(cert.signature_key.key_type.name, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.plain, "ssh-rsa");
assert_eq!(cert.signature_key.key_type.short_name, "RSA");
assert_eq!(cert.signature_key.key_type.is_cert, false);
assert_eq!(cert.signature_key.key_type.is_sk, false);
assert_eq!(cert.signature_key.key_type.kind, sshkeys::KeyTypeKind::Rsa);
assert_eq!(cert.signature_key.bits(), 2048);
assert_eq!(cert.signature_key.comment, None);
let sha256fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "8bEmsdiV2BXhjrzPhp8dPrSLUK3U/YpIXT8NIw6Ym+s");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"7+2ZLPaqbntHUtypie8404NhIIqgo9b6/XWNABjgTphWic38/EDYXYm35SLllIxm"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"BrQgwbsBLlnyiOGITMfl+H2I7HCcCYiy22Hx0j62bWvifyZLyGA5PIoId+846U1P31cMX77l9Ok0qh9meltGCw"
);
assert_eq!(cert.comment, Some("me@home".to_string()));
}
#[test]
fn test_ed25519_host_cert() {
let cert = sshkeys::Certificate::from_path("tests/test-keys/id_ed25519_host-cert.pub").unwrap();
assert_eq!(cert.key_type.name, "ssh-ed25519-cert-v01@openssh.com");
assert_eq!(cert.key_type.plain, "ssh-ed25519");
assert_eq!(cert.key_type.short_name, "ED25519-CERT");
assert_eq!(cert.key_type.is_cert, true);
assert_eq!(cert.key_type.is_sk, false);
assert_eq!(cert.key_type.kind, sshkeys::KeyTypeKind::Ed25519Cert);
assert_eq!(cert.key.key_type.name, "ssh-ed25519-cert-v01@openssh.com");
assert_eq!(cert.key.key_type.plain, "ssh-ed25519");
assert_eq!(cert.key.key_type.short_name, "ED25519-CERT");
assert_eq!(cert.key.key_type.is_cert, true);
assert_eq!(cert.key.key_type.is_sk, false);
assert_eq!(cert.key.key_type.kind, sshkeys::KeyTypeKind::Ed25519Cert);
assert_eq!(cert.key.bits(), 256);
assert_eq!(cert.key.comment, None);
let sha256fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert.key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "kkaqMnJz4XAhwz7n7Ov8RbHEYIJ8sxyGQWDmM5Ckot0");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"vGjciz1R26zOHfZ8Vv8m2O7Cz7HxHKWbfuev/LbznWlOWuAqLl1QuuDk/oqhSxKr"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"NCUwuFl6hLiLLX9TUVwmaLjD5q4ql1ayGciFBklt3GYdQzLpX8sLMMBEgcrUgEfZjQtF18d3mNWbEx/okW6Vqw"
);
assert_eq!(cert.serial, 0);
assert_eq!(cert.cert_type, sshkeys::CertType::Host);
assert_eq!(cert.key_id, "host01");
assert_eq!(cert.valid_principals, vec!["host01.example.com"]);
assert_eq!(cert.valid_after, 1506936000);
assert_eq!(cert.valid_before, 1538385716);
let co = HashMap::new();
assert_eq!(cert.critical_options, co);
let extensions = HashMap::new();
assert_eq!(cert.extensions, extensions);
assert_eq!(cert.reserved, Vec::new());
assert_eq!(cert.signature_key.key_type.name, "ssh-ed25519");
assert_eq!(cert.signature_key.key_type.plain, "ssh-ed25519");
assert_eq!(cert.signature_key.key_type.short_name, "ED25519");
assert_eq!(cert.signature_key.key_type.is_cert, false);
assert_eq!(cert.signature_key.key_type.is_sk, false);
assert_eq!(
cert.signature_key.key_type.kind,
sshkeys::KeyTypeKind::Ed25519
);
assert_eq!(cert.signature_key.bits(), 256);
assert_eq!(cert.signature_key.comment, None);
let sha256fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = cert
.signature_key
.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "elYqUIgEUqMyc8AdNNk+IeI+2l1vWEh4K4n03hqhoD8");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"XPQbeB2kZcG3AUIjIq2wtUDMQYS/Iy0G6trb4XH97zzi4MK+YUqEdx7BAKkZYs0u"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"nIa7CBs7SST41mSeHA7/69y7yy9y3Ec7W6JQKWJsgsBNbY3hq8WiPaa00z5q0AEgC+TO4MK56MoYY2PsE997zw"
);
assert_eq!(cert.comment, Some("me@home".to_string()));
}
#[test]
pub fn test_ecdsa_sk_sha2_nistp256_pubkey() {
let key =
sshkeys::PublicKey::from_path("tests/test-keys/id_ecdsa_sk_sha2_nistp256.pub").unwrap();
assert_eq!(key.key_type.name, "sk-ecdsa-sha2-nistp256@openssh.com");
assert_eq!(key.key_type.plain, "sk-ecdsa-sha2-nistp256@openssh.com");
assert_eq!(key.key_type.short_name, "ECDSA-SK");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, true);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::EcdsaSk);
assert_eq!(key.bits(), 256);
assert_eq!(key.comment, Some("yubikey-5c-test-wbrown".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "lJ9TEvCO2FVQ443DnK7UQsA0sR44xXikW9p8gzH/q7s");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"AqhOsPFQcdju8x42C9PMXP3wJiiR1EEkkxQIug8U6g/fdkAayCCaoHplws9j5Bci"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"cQ8670XPoWANc1OjqLcd8kVSvpQGwFy6TufEvZTVJAcvoagSdOyWDwCUBdByVNA1wC5M1iRud32YjH5cNZDReQ"
);
let ecdsa = match key.kind {
sshkeys::PublicKeyKind::Ecdsa(ref k) => k,
_ => panic!("Expected ECDSA public key"),
};
assert_eq!(ecdsa.curve.identifier, "nistp256");
assert_eq!(ecdsa.curve.kind, sshkeys::CurveKind::Nistp256);
}
#[test]
pub fn test_ed25519_sk_pubkey() {
let key = sshkeys::PublicKey::from_path("tests/test-keys/id_ed25519_sk.pub").unwrap();
assert_eq!(key.key_type.name, "sk-ssh-ed25519@openssh.com");
assert_eq!(key.key_type.plain, "sk-ssh-ed25519@openssh.com");
assert_eq!(key.key_type.short_name, "ED25519-SK");
assert_eq!(key.key_type.is_cert, false);
assert_eq!(key.key_type.is_sk, true);
assert_eq!(key.key_type.kind, sshkeys::KeyTypeKind::Ed25519Sk);
assert_eq!(key.bits(), 256);
assert_eq!(key.comment, Some("yubikey-test".to_string()));
let sha256fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha256);
let sha384fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha384);
let sha512fp = key.fingerprint_with(sshkeys::FingerprintKind::Sha512);
assert_eq!(sha256fp.kind, sshkeys::FingerprintKind::Sha256);
assert_eq!(sha256fp.hash, "SeRUPq2byTg+3B7rlHh+UBoiVET8yG9UJyeG3g3ul2c");
assert_eq!(sha384fp.kind, sshkeys::FingerprintKind::Sha384);
assert_eq!(
sha384fp.hash,
"DCgIRkLNG6UIVdyd3NGeKoP3CZh49BYCyyjvPOfb2ItOTOZDaI87lSuhXLWhcN6N"
);
assert_eq!(sha512fp.kind, sshkeys::FingerprintKind::Sha512);
assert_eq!(
sha512fp.hash,
"Se8yFxdmPxL7JtDgUPx71z+xZ8iP9G0cufzQ9rxILApVoN8dpAW8wkd4br+OEjuvzJzzolMUOkia+8Kt6NULeg"
);
let ed25519 = match key.kind {
sshkeys::PublicKeyKind::Ed25519(ref k) => k,
_ => panic!("Expected ED25519 public key"),
};
assert_eq!(ed25519.key.len(), 32);
}