(t *testing.T)
| 444 | } |
| 445 | |
| 446 | func TestRemoteSSH(t *testing.T) { |
| 447 | t.Parallel() |
| 448 | pubKeyUsername := "testuser" |
| 449 | |
| 450 | hostPrivKey, err := rsa.GenerateKey(rand.Reader, 512) |
| 451 | if err != nil { |
| 452 | t.Fatalf("Failed to generate the host RSA private key: %v", err) |
| 453 | } |
| 454 | hostSigner, err := ssh.NewSignerFromKey(hostPrivKey) |
| 455 | if err != nil { |
| 456 | t.Fatalf("Failed to generate SSH hostSigner: %v", err) |
| 457 | } |
| 458 | |
| 459 | privKey, err := rsa.GenerateKey(rand.Reader, 512) |
| 460 | if err != nil { |
| 461 | t.Fatalf("Failed to generate the user RSA private key: %v", err) |
| 462 | } |
| 463 | signer, err := ssh.NewSignerFromKey(privKey) |
| 464 | if err != nil { |
| 465 | t.Fatalf("Failed to generate SSH signer: %v", err) |
| 466 | } |
| 467 | // This is in the format "xx:xx:xx:...", so we remove the colons so that it |
| 468 | // matches the fmt.Sprintf() below. |
| 469 | // Note that not all libssh2 implementations support the SHA256 fingerprint, |
| 470 | // so we use MD5 here for testing. |
| 471 | publicKeyFingerprint := strings.Replace(ssh.FingerprintLegacyMD5(hostSigner.PublicKey()), ":", "", -1) |
| 472 | |
| 473 | listener := startSSHServer(t, hostSigner, []ssh.PublicKey{signer.PublicKey()}) |
| 474 | defer listener.Close() |
| 475 | |
| 476 | repo := createTestRepo(t) |
| 477 | defer cleanupTestRepo(t, repo) |
| 478 | |
| 479 | certificateCheckCallbackCalled := false |
| 480 | fetchOpts := FetchOptions{ |
| 481 | RemoteCallbacks: RemoteCallbacks{ |
| 482 | CertificateCheckCallback: func(cert *Certificate, valid bool, hostname string) error { |
| 483 | hostkeyFingerprint := fmt.Sprintf("%x", cert.Hostkey.HashMD5[:]) |
| 484 | if hostkeyFingerprint != publicKeyFingerprint { |
| 485 | return fmt.Errorf("server hostkey %q, want %q", hostkeyFingerprint, publicKeyFingerprint) |
| 486 | } |
| 487 | certificateCheckCallbackCalled = true |
| 488 | return nil |
| 489 | }, |
| 490 | CredentialsCallback: func(url, username string, allowedTypes CredentialType) (*Credential, error) { |
| 491 | if allowedTypes&(CredentialTypeSSHKey|CredentialTypeSSHCustom|CredentialTypeSSHMemory) != 0 { |
| 492 | return NewCredentialSSHKeyFromSigner(pubKeyUsername, signer) |
| 493 | } |
| 494 | if (allowedTypes & CredentialTypeUsername) != 0 { |
| 495 | return NewCredentialUsername(pubKeyUsername) |
| 496 | } |
| 497 | return nil, fmt.Errorf("unknown credential type %+v", allowedTypes) |
| 498 | }, |
| 499 | }, |
| 500 | } |
| 501 | |
| 502 | remote, err := repo.Remotes.Create( |
| 503 | "origin", |
nothing calls this directly
no test coverage detected
searching dependent graphs…