Add support for Let's Encrypt http-01 challenge

2025-09-15 18:57:04 +00:00 · 2018-02-04 18:05:45 -08:00 · 2018-02-04 18:05:45 -08:00 · 12ff562d31
commit 12ff562d31
parent 3884a33b36
32 changed files with 2049 additions and 293 deletions
--- a/vendor/golang.org/x/crypto/ssh/certs_test.go
+++ b/vendor/golang.org/x/crypto/ssh/certs_test.go
@ -6,10 +6,15 @@ package ssh

 import (
 	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
+	"net"
 	"reflect"
 	"testing"
 	"time"
+
+	"golang.org/x/crypto/ssh/testdata"
 )

 // Cert generated by ssh-keygen 6.0p1 Debian-4.
@ -220,3 +225,111 @@ func TestHostKeyCert(t *testing.T) {
 		}
 	}
 }
+
+func TestCertTypes(t *testing.T) {
+	var testVars = []struct {
+		name string
+		keys func() Signer
+	}{
+		{
+			name: CertAlgoECDSA256v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap256"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoECDSA384v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap384"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoECDSA521v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap521"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoED25519v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ed25519"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoRSAv01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["rsa"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoDSAv01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["dsa"])
+				return s
+			},
+		},
+	}
+
+	k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("error generating host key: %v", err)
+	}
+
+	signer, err := NewSignerFromKey(k)
+	if err != nil {
+		t.Fatalf("error generating signer for ssh listener: %v", err)
+	}
+
+	conf := &ServerConfig{
+		PublicKeyCallback: func(c ConnMetadata, k PublicKey) (*Permissions, error) {
+			return new(Permissions), nil
+		},
+	}
+	conf.AddHostKey(signer)
+
+	for _, m := range testVars {
+		t.Run(m.name, func(t *testing.T) {
+
+			c1, c2, err := netPipe()
+			if err != nil {
+				t.Fatalf("netPipe: %v", err)
+			}
+			defer c1.Close()
+			defer c2.Close()
+
+			go NewServerConn(c1, conf)
+
+			priv := m.keys()
+			if err != nil {
+				t.Fatalf("error generating ssh pubkey: %v", err)
+			}
+
+			cert := &Certificate{
+				CertType: UserCert,
+				Key:      priv.PublicKey(),
+			}
+			cert.SignCert(rand.Reader, priv)
+
+			certSigner, err := NewCertSigner(cert, priv)
+			if err != nil {
+				t.Fatalf("error generating cert signer: %v", err)
+			}
+
+			config := &ClientConfig{
+				User:            "user",
+				HostKeyCallback: func(h string, r net.Addr, k PublicKey) error { return nil },
+				Auth:            []AuthMethod{PublicKeys(certSigner)},
+			}
+
+			_, _, _, err = NewClientConn(c2, "", config)
+			if err != nil {
+				t.Fatalf("error connecting: %v", err)
+			}
+		})
+	}
+}