unit testing completed

.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "python.linting.pylintEnabled": true,
+    "python.linting.enabled": true
+}

back/back.go

@@ -63,6 +63,11 @@ func (b *Backend) Auth(user, response *remote.User) (err error) {
 	return
 }
 
+func (b *Backend) IssueHostCertificate(req *remote.HostCertificateRequest, resp *remote.CertificateResponse) error {
+	err := getCAClient().Call("CA.IssueHostCertificate", req, resp)
+	return err
+}
+
 func (b *Backend) IssueCertificate(req *remote.CertificateRequest, resp *remote.CertificateResponse) error {
 	err := getCAClient().Call("CA.GetNewCertificate", req, resp)
 	//So far we just relaying the request to the ca

ca/ca.go

@@ -13,6 +13,7 @@ import (
 
 const (
 	CAPRIVATEFILE = "SHREE_CAPRIVATE"
+	CAHOSTPRIKEY  = "SHREE_CAHOSTPRIVATE"
 )
 
 func main() {
@@ -31,7 +32,7 @@ func initCA() {
 }
 
 var onceLock *sync.Once
-var privateKeySigner ssh.Signer
+var hostPrivatekey, privateKeySigner ssh.Signer
 var marshaledHostPublicKey, marshaledUserPublicKey []byte
 
 //getCAUserPubliKey loads ca user public key
@@ -54,6 +55,20 @@ func getCAHostPubliKey() {
 	marshaledHostPublicKey = b
 }
 
+//Get Hosts private key
+func getCAHostPrivateKey() {
+	p := os.Getenv(CAHOSTPRIKEY)
+	b, err := ioutil.ReadFile(p)
+	if err != nil {
+		log.Fatal("Couldn't load host private key\t", err)
+	}
+	pr, err := ssh.ParsePrivateKey(b)
+	if err != nil {
+		log.Fatal("Couldn't parse host private key")
+	}
+	hostPrivatekey = pr
+}
+
 //getCAPrivateKey loads ca private key memory
 //to be used with sync.Once
 func getCAPrivateKey() {
@@ -78,18 +93,24 @@ func panicErr(err error) {
 
 //getCertificate signes the certificate with validity of 1 yr
 //it only return non nil if any problem occured in signing process
-func getCertificate(username string, tobesigned ssh.PublicKey) (*ssh.Certificate, error) {
+func getCertificate(username string, tobesigned ssh.PublicKey, certType uint32) (*ssh.Certificate, error) {
 	cert := new(ssh.Certificate)
 	cert.Key = tobesigned
 	cert.ValidPrincipals = []string{username} //Valid  principal is the username of the user
 	now := time.Now()
 	cert.Serial = uint64(now.Unix())
-	cert.CertType = ssh.UserCert //Sets certificate type
+	cert.CertType = certType //Sets certificate type
 	//Valid for a year
 	cert.ValidBefore = uint64(now.Add(time.Hour * 24 * 365).Unix())
 	//Permits only port forwarding
 	cert.Extensions = map[string]string{"permit-port-forwarding": ""}
-	err := cert.SignCert(rand.Reader, privateKeySigner)
+	var signer ssh.Signer
+	if certType == ssh.HostCert {
+		signer = hostPrivatekey
+	} else {
+		signer = privateKeySigner
+	}
+	err := cert.SignCert(rand.Reader, signer)
 	if err != nil {
 		return nil, err
 	}

ca/ca_service.go

@@ -18,7 +18,7 @@ func (c *CA) GetNewCertificate(req *remote.CertificateRequest, resp *remote.Cert
 	if err != nil {
 		return err
 	}
-	cert, err := getCertificate(req.User.Username, pubkey)
+	cert, err := getCertificate(req.User.Username, pubkey, ssh.UserCert)
 	if err != nil {
 		return err
 	}
@@ -37,3 +37,18 @@ func (c *CA) GetCAHostPublicKey(req *remote.CertificateRequest, cert *remote.Cer
 	cert.Bytes = marshaledHostPublicKey
 	return nil
 }
+
+func (c *CA) IssueHostCertificate(req *remote.HostCertificateRequest, resp *remote.CertificateResponse) (err error) {
+
+	pubkey, _, _, _, err := ssh.ParseAuthorizedKey(req.PublicKey)
+	if err != nil {
+		return err
+	}
+	cert, err := getCertificate(req.Principal, pubkey, ssh.HostCert)
+	if err != nil {
+		return err
+	}
+	resp.Bytes = ssh.MarshalAuthorizedKey(cert)
+
+	return
+}

ca/ca_test.go

@@ -13,7 +13,7 @@ const homedir = "/home/devansh42"
 func TestGetCertificate(t *testing.T) {
 	initTestEnviroment()
 	ca := new(CA)
-	b, _ := ioutil.ReadFile("./id_user.pub")
+	b, _ := ioutil.ReadFile("../../keys/id_user.pub")
 
 	user := new(remote.User)
 	user.Uid = 1
@@ -51,9 +51,9 @@ func TestGetUserPublicKey(t *testing.T) {
 }
 
 func initTestEnviroment() {
-	os.Setenv(CAUSERPUBKEY, "./ca_user_key.pub")
-	os.Setenv(CAHOSTPUBKEY, "./ca_host_key.pub")
-	os.Setenv(CAPRIVATEFILE, "./ca_user_key")
+	os.Setenv(CAUSERPUBKEY, "../../keys/ca_user_key.pub")
+	os.Setenv(CAHOSTPUBKEY, "../../keys/ca_host_key.pub")
+	os.Setenv(CAPRIVATEFILE, "../../keys/ca_user_key")
 
 	initCA()
 

exe/cli/app_test.go

@@ -1,12 +1,8 @@
 package main
 
 import (
-	"log"
-	"net/http"
 	"os"
 	"testing"
-
-	"github.com/devansh42/shree/exe"
 )
 
 func TestHomeDirectory(t *testing.T) {
@@ -18,17 +14,3 @@ func TestHomeDirectory(t *testing.T) {
 }
 
 const testingHttpServerPort = 9090
-
-//starts testing http server on given port
-func startTestHttpServer(port int) {
-
-	http.HandleFunc("/"+sprint(port), func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte("Hello world\n"))
-		w.Write([]byte("Here is the remote addr\n"))
-		w.Write([]byte(r.RemoteAddr))
-		w.WriteHeader(200)
-	})
-	log.Println("Testing server is listening at ", port)
-	go http.ListenAndServe(exe.JoinHost("", port), nil)
-
-}

exe/cli/auth_test.go

@@ -116,7 +116,7 @@ func (b *Backend) IssueCertificate(req *remote.CertificateRequest, resp *remote.
 	cert.ValidPrincipals = []string{req.User.Username}
 	cert.CertType = ssh.UserCert
 	cert.ValidBefore = uint64(time.Now().Add(time.Minute * 60 * 24 * 365).Unix())
-	prvb, err := ioutil.ReadFile("./ca_user_key")
+	prvb, err := ioutil.ReadFile("../../keys/ca_user_key")
 	if err != nil {
 		return err
 	}