Add support for SSH certs

Signed-off-by: Wiktor Kwapisiewicz <[email protected]>
wiktor-k · Apr 4, 2024 · 2bb7482 · 2bb7482
1 parent e44431d
commit 2bb7482
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/src/agent.rs b/src/agent.rs
@@ -41,7 +41,9 @@ impl Decoder for MessageCodec {
         }
 
         //use std::io::Write;
-        //let mut file = std::fs::File::create(uuid::Uuid::new_v4().to_string())?;
+        //let name = uuid::Uuid::new_v4().to_string();
+        //eprintln!("Capturing request into {name}");
+        //let mut file = std::fs::File::create(&name)?;
         //file.write_all(bytes)?;
         //drop(file);
 

diff --git a/src/proto/message.rs b/src/proto/message.rs
@@ -100,9 +100,12 @@ impl Decode for AddIdentity {
     type Error = Error;
 
     fn decode(reader: &mut impl Reader) -> Result<Self> {
+        eprintln!("before add identity decode");
         let privkey = KeypairData::decode(reader)?;
+        eprintln!("after add identity decode: {privkey:?}");
         let comment = String::decode(reader)?;
 
+        eprintln!("after comment {comment:?}");
         Ok(Self { privkey, comment })
     }
 }
@@ -129,10 +132,14 @@ impl Decode for AddIdentityConstrained {
     type Error = Error;
 
     fn decode(reader: &mut impl Reader) -> Result<Self> {
+        eprintln!("XX");
+
         let identity = AddIdentity::decode(reader)?;
+        eprintln!("found identity: {identity:?}");
         let mut constraints = vec![];
 
         while !reader.is_finished() {
+            eprintln!("constraint");
             constraints.push(KeyConstraint::decode(reader)?);
         }
 

diff --git a/tests/messages/req-add-identity-with-cert.bin b/tests/messages/req-add-identity-with-cert.bin
diff --git a/tests/sign-and-verify.sh b/tests/sign-and-verify.sh
@@ -2,9 +2,8 @@
 
 set -euxo pipefail
 
-rm -rf ssh-agent.sock Cargo.toml.sig id_rsa id_rsa.pub agent.pub
-
-cargo run --example key_storage &
+rm -rf ssh-agent.socks Cargo.toml.sig id_rsa id_rsa.pub agent.pub ca_user_key ca_user_key.pub id_rsa-cert.pub
+#cargo run --example key_storage &
 
 while [ ! -e ssh-agent.sock ]; do
   echo "Waiting for ssh-agent.sock"
@@ -18,7 +17,7 @@ ssh-add -L | tee agent.pub
 ssh-keygen -Y sign -f agent.pub -n file < Cargo.toml > Cargo.toml.sig
 ssh-keygen -Y check-novalidate -n file -f agent.pub -s Cargo.toml.sig < Cargo.toml
 
-rm -rf Cargo.toml.sig id_rsa.pub agent.pub
+rm -rf Cargo.toml.sig agent.pub
 
 # Test other commands:
 export SSH_ASKPASS=`pwd`/tests/pwd-test.sh
@@ -33,5 +32,15 @@ echo | ssh-add -X
 # AddIdConstrained
 ssh-add -t 2 id_rsa
 
+rm -rf id_rsa id_rsa.pub
+
+# Create and sign SSH user certificate
+# see: https://cottonlinux.com/ssh-certificates/
+echo | ssh-keygen -f ca_user_key
+ssh-keygen -t rsa -f id_rsa -N ""
+echo | ssh-keygen -s ca_user_key -I darren -n darren -V +1h -z 1 id_rsa.pub
+# Add the key with the cert
+ssh-add -t 2 id_rsa
+
 # clean up the only leftover
-rm -rf id_rsa
+rm -rf id_rsa id_rsa.pub id_rsa-cert.pub ca_user_key ca_user_key.pub