address feedback from @ptoomey3
This commit is contained in:
Родитель
8ee17d2716
Коммит
78dbb1b2d6
|
@ -1,6 +1,5 @@
|
|||
require "openssl"
|
||||
require "base64"
|
||||
require "securerandom"
|
||||
|
||||
module SSHData
|
||||
# Break down a key in OpenSSH authorized_keys format (see sshd(8) manual
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
require "securerandom"
|
||||
|
||||
module SSHData
|
||||
class Certificate
|
||||
# Special values for valid_before and valid_after.
|
||||
FOREVER = Time.at(0)
|
||||
ALWAYS = Time.at((2**64)-1)
|
||||
BEGINNING_OF_TIME = Time.at(0)
|
||||
END_OF_TIME = Time.at((2**64)-1)
|
||||
|
||||
# Integer certificate types
|
||||
TYPE_USER = 1
|
||||
|
@ -95,7 +97,7 @@ module SSHData
|
|||
# signature: - The certificate's String signature field.
|
||||
#
|
||||
# Returns nothing.
|
||||
def initialize(public_key:, key_id:, algo: nil, nonce: nil, serial: 0, type: TYPE_USER, valid_principals: [], valid_after: FOREVER, valid_before: ALWAYS, critical_options: {}, extensions: {}, reserved: "", ca_key: nil, signature: "")
|
||||
def initialize(public_key:, key_id:, algo: nil, nonce: nil, serial: 0, type: TYPE_USER, valid_principals: [], valid_after: BEGINNING_OF_TIME, valid_before: END_OF_TIME, critical_options: {}, extensions: {}, reserved: "", ca_key: nil, signature: "")
|
||||
@algo = algo || Encoding::CERT_ALGO_BY_PUBLIC_KEY_ALGO[public_key.algo]
|
||||
@nonce = nonce || SecureRandom.random_bytes(32)
|
||||
@public_key = public_key
|
||||
|
|
|
@ -137,8 +137,8 @@ describe SSHData::Certificate do
|
|||
expect(subject.type).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(subject.key_id).to eq("my-ident")
|
||||
expect(subject.valid_principals).to eq(["p1", "p2"])
|
||||
expect(subject.valid_after).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(subject.valid_before).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(subject.valid_after).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(subject.valid_before).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(subject.critical_options).to eq({"foo" => "bar"})
|
||||
expect(subject.extensions).to eq({"permit-X11-forwarding" => true, "baz" => "qwer"})
|
||||
expect(subject.reserved).to eq("")
|
||||
|
|
|
@ -378,8 +378,8 @@ describe SSHData::Encoding do
|
|||
expect(rsa_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(rsa_data[:key_id]).to eq("my-ident")
|
||||
expect(rsa_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(rsa_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(rsa_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(rsa_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(rsa_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(rsa_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(rsa_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(rsa_data[:reserved]).to eq("")
|
||||
|
@ -406,8 +406,8 @@ describe SSHData::Encoding do
|
|||
expect(dsa_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(dsa_data[:key_id]).to eq("my-ident")
|
||||
expect(dsa_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(dsa_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(dsa_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(dsa_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(dsa_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(dsa_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(dsa_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(dsa_data[:reserved]).to eq("")
|
||||
|
@ -432,8 +432,8 @@ describe SSHData::Encoding do
|
|||
expect(ecdsa_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(ecdsa_data[:key_id]).to eq("my-ident")
|
||||
expect(ecdsa_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(ecdsa_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(ecdsa_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(ecdsa_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(ecdsa_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(ecdsa_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(ecdsa_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(ecdsa_data[:reserved]).to eq("")
|
||||
|
@ -457,8 +457,8 @@ describe SSHData::Encoding do
|
|||
expect(ed25519_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(ed25519_data[:key_id]).to eq("my-ident")
|
||||
expect(ed25519_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(ed25519_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(ed25519_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(ed25519_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(ed25519_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(ed25519_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(ed25519_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(ed25519_data[:reserved]).to eq("")
|
||||
|
@ -483,8 +483,8 @@ describe SSHData::Encoding do
|
|||
expect(rsa_ca_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(rsa_ca_data[:key_id]).to eq("my-ident")
|
||||
expect(rsa_ca_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(rsa_ca_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(rsa_ca_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(rsa_ca_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(rsa_ca_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(rsa_ca_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(rsa_ca_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(rsa_ca_data[:reserved]).to eq("")
|
||||
|
@ -509,8 +509,8 @@ describe SSHData::Encoding do
|
|||
expect(dsa_ca_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(dsa_ca_data[:key_id]).to eq("my-ident")
|
||||
expect(dsa_ca_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(dsa_ca_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(dsa_ca_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(dsa_ca_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(dsa_ca_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(dsa_ca_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(dsa_ca_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(dsa_ca_data[:reserved]).to eq("")
|
||||
|
@ -533,8 +533,8 @@ describe SSHData::Encoding do
|
|||
expect(ecdsa_ca_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(ecdsa_ca_data[:key_id]).to eq("my-ident")
|
||||
expect(ecdsa_ca_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(ecdsa_ca_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(ecdsa_ca_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(ecdsa_ca_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(ecdsa_ca_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(ecdsa_ca_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(ecdsa_ca_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(ecdsa_ca_data[:reserved]).to eq("")
|
||||
|
@ -557,8 +557,8 @@ describe SSHData::Encoding do
|
|||
expect(ed25519_ca_data[:type]).to eq(SSHData::Certificate::TYPE_USER)
|
||||
expect(ed25519_ca_data[:key_id]).to eq("my-ident")
|
||||
expect(ed25519_ca_data[:valid_principals]).to eq(["p1", "p2"])
|
||||
expect(ed25519_ca_data[:valid_after]).to eq(SSHData::Certificate::FOREVER)
|
||||
expect(ed25519_ca_data[:valid_before]).to eq(SSHData::Certificate::ALWAYS)
|
||||
expect(ed25519_ca_data[:valid_after]).to eq(SSHData::Certificate::BEGINNING_OF_TIME)
|
||||
expect(ed25519_ca_data[:valid_before]).to eq(SSHData::Certificate::END_OF_TIME)
|
||||
expect(ed25519_ca_data[:critical_options]).to eq({"foo"=>"bar"})
|
||||
expect(ed25519_ca_data[:extensions]).to eq({"permit-X11-forwarding"=>true, "baz"=>"qwer"})
|
||||
expect(ed25519_ca_data[:reserved]).to eq("")
|
||||
|
|
Загрузка…
Ссылка в новой задаче