update to test authorized keys

JacobBarthelmeh · JacobBarthelmeh · commit 46ad4f1186bb · 2026-01-25T21:56:18.000-07:00
diff --git a/.github/workflows/windows-cert-store-test.yml b/.github/workflows/windows-cert-store-test.yml
@@ -230,6 +230,26 @@ jobs:
         Write-Host "Client cert thumbprint: $($clientCert.Thumbprint)"
         Add-Content -Path $env:GITHUB_ENV -Value "CLIENT_CERT_SUBJECT=$($clientCert.Subject)"
 
+    - name: Create authorized_keys for testuser
+      working-directory: ${{ github.workspace }}\wolfssh
+      shell: pwsh
+      run: |
+        $pubKey = Get-Content "keys\hansel-key-ecc.pub" -Raw
+        if (-not $pubKey) {
+            Write-Host "ERROR: keys\hansel-key-ecc.pub not found"
+            Get-ChildItem keys -ErrorAction SilentlyContinue
+            exit 1
+        }
+        # Use comment 'testuser' so it matches the login user (authorized_keys format: "key-type key-data comment")
+        $pubKey = ($pubKey -replace '\s+hansel\s*$', ' testuser').TrimEnd()
+        $pubKey | Out-File -FilePath authorized_keys_test -Encoding ASCII -NoNewline
+        if ((Get-Item authorized_keys_test).Length -eq 0) {
+            Write-Host "ERROR: authorized_keys_test is empty"
+            exit 1
+        }
+        Write-Host "Created authorized_keys_test with hansel public key (comment=testuser)"
+        Get-Content authorized_keys_test
+
     - name: Create wolfSSHd config file
       working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
@@ -240,6 +260,18 @@ jobs:
         PermitRootLogin yes
         "@
         
+        # AuthorizedKeysFile: path must start with / for wolfsshd to treat as absolute (max 80 chars).
+        $authKeysPath = (Resolve-Path "authorized_keys_test").Path
+        $authKeysPattern = "/" + ($authKeysPath -replace '\\','/')
+        if ($authKeysPattern.Length -gt 78) {
+            Write-Host "WARNING: AuthorizedKeysFile path may exceed MAX_PATH_SZ (80): $($authKeysPattern.Length) chars"
+        }
+        Write-Host "AuthorizedKeysFile: $authKeysPattern"
+        $configContent += @"
+
+        AuthorizedKeysFile $authKeysPattern
+        "@
+        
         if ("${{ matrix.server_key_source }}" -eq "store") {
             # Get server cert subject from environment
             $serverSubject = (Get-Content env:SERVER_CERT_SUBJECT)
@@ -731,8 +763,7 @@ jobs:
             $errOut = Get-Content sftp_error.txt -Raw
         }
         
-        # Success indicators: connection established, key exchange completed
-        # Failure indicators: connection refused, key exchange failed
+        # Failure indicators
         if ($output -match "connection.*refused" -or $errOut -match "connection.*refused") {
             Write-Host "ERROR: Connection refused - server may not be running"
             exit 1
@@ -741,8 +772,16 @@ jobs:
             Write-Host "ERROR: Key exchange failed - cert store key may not be working"
             exit 1
         }
+        if ($output -match "Couldn't connect" -or $errOut -match "Couldn't connect") {
+            Write-Host "ERROR: SFTP could not connect (check authorized_keys, user, or server)"
+            exit 1
+        }
+        if ($process.ExitCode -ne 0) {
+            Write-Host "ERROR: SFTP client exited with code $($process.ExitCode)"
+            exit 1
+        }
         
-        Write-Host "Test completed - key exchange appears to have worked"
+        Write-Host "Test completed - key exchange and SFTP connection succeeded"
 
     - name: Test SSH client connection
       working-directory: ${{ github.workspace }}\wolfssh
