GitVita
New repositoryImport repositoryNew issue
Your repositories Your dashboard Sign in

cloudflare/cloudflared

Public

mirrored from https://github.com/cloudflare/cloudflaredAvailable

Watch0Fork0Star0
CodeCommitsIssuesPull requestsActionsInsightsSecurity
2019.5.0

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

cloudflared/sshgen

sshgen/sshgen_test.go

112lines · modecode

RawDownload
Latest commit unavailable.
1package sshgen
2
3import (
4 "crypto/rand"
5 "crypto/rsa"
6 "encoding/json"
7 "fmt"
8 "io"
9 "io/ioutil"
10 "net/http"
11 "net/http/httptest"
12 "net/url"
13 "os"
14 "testing"
15 "time"
16
17 "github.com/cloudflare/cloudflared/cmd/cloudflared/config"
18 cfpath "github.com/cloudflare/cloudflared/cmd/cloudflared/path"
19 "github.com/coreos/go-oidc/jose"
20 "github.com/stretchr/testify/assert"
21)
22
23const (
24 audTest = "cf-test-aud"
25 nonceTest = "asfd"
26)
27
28type signingArguments struct {
29 Principals []string `json:"principals"`
30 ClientPubKey string `json:"public_key"`
31 Duration string `json:"duration"`
32}
33
34func TestCertGenSuccess(t *testing.T) {
35 url, _ := url.Parse("https://cf-test-access.com/testpath")
36 token := tokenGenerator()
37
38 fullName, err := cfpath.GenerateFilePathFromURL(url, keyName)
39 assert.NoError(t, err)
40
41 pubKeyName := fullName + ".pub"
42 certKeyName := fullName + "-cert.pub"
43
44 defer func() {
45 os.Remove(fullName)
46 os.Remove(pubKeyName)
47 os.Remove(certKeyName)
48 }()
49
50 resp := signingArguments{
51 Principals: []string{"dalton"},
52 ClientPubKey: "ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg+0rYq4mNGIAHiH1xPOJXfmOpTEwFIcyXzGJieTOhRs8AAAAIbmlzdHAyNTYAAABBBJIcsq02e8ZaofJXOZKp7yQdKW/JIouJ90lybr76hHIRrZBL1t4JEimfLvNDphPrTW9VDQaIcBSKNaxRqHOS8jezoJbhFGWhqQAAAAEAAAAgZWU5OTliNGRkZmFmNjgxNDEwMTVhMDJiY2ZhMTdiN2UAAAAKAAAABmF1c3RpbgAAAABc1KFoAAAAAFzUohwAAAAAAAAARwAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEEeAuYR56XaxvH5Z1p0hDCTQ7wC4dbj0Gc+LOKu1f94og2ilZTv9tutg8cZrqAT97REmGH6j9KIOVLGsPVjajSKAAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhAORY9ZO3TQsrUm6ajnVW+arbnVfTkxYBYFlVoeOEXKZuAAAAIG96A8nQnTuprWXLSemWL68RXC1NVKnBOIPD2Z7UIOB1",
53 Duration: "3m",
54 }
55 w := httptest.NewRecorder()
56 respJson, err := json.Marshal(resp)
57 assert.NoError(t, err)
58 w.Write(respJson)
59 mockRequest = func(url, contentType string, body io.Reader) (*http.Response, error) {
60 assert.Contains(t, "/cdn-cgi/access/cert_sign", url)
61 assert.Equal(t, "application/json", contentType)
62 buf, err := ioutil.ReadAll(body)
63 assert.NoError(t, err)
64 assert.NotEmpty(t, buf)
65 return w.Result(), nil
66 }
67
68 err = GenerateShortLivedCertificate(url, token)
69 assert.NoError(t, err)
70
71 exist, err := config.FileExists(fullName)
72 assert.NoError(t, err)
73 if !exist {
74 assert.FailNow(t, fmt.Sprintf("key should exist at: %s", fullName), fullName)
75 return
76 }
77
78 exist, err = config.FileExists(pubKeyName)
79 assert.NoError(t, err)
80 if !exist {
81 assert.FailNow(t, fmt.Sprintf("key should exist at: %s", pubKeyName), pubKeyName)
82 return
83 }
84
85 exist, err = config.FileExists(certKeyName)
86 assert.NoError(t, err)
87 if !exist {
88 assert.FailNow(t, fmt.Sprintf("key should exist at: %s", certKeyName), certKeyName)
89 return
90 }
91}
92
93func tokenGenerator() string {
94 iat := time.Now().Unix()
95 exp := time.Now().Add(time.Minute * 5).Unix()
96 claims := jose.Claims{}
97 claims.Add("aud", audTest)
98 claims.Add("iat", iat)
99 claims.Add("nonce", nonceTest)
100 claims.Add("exp", exp)
101
102 k, err := rsa.GenerateKey(rand.Reader, 512)
103 if err != nil {
104 return ""
105 }
106 signer := jose.NewSignerRSA("asdf", *k)
107 token, terr := jose.NewSignedJWT(claims, signer)
108 if terr != nil {
109 return ""
110 }
111 return token.Encode()
112}
113