From dfdcc2220cf359c492d5d34eb723370e8bd8a19e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 1 Feb 2022 23:37:15 +0000 Subject: upstream: test 'ssh-keygen -Y find-principals' with wildcard principals; from Fabian Stelzer OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40 --- regress/sshsig.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'regress/sshsig.sh') diff --git a/regress/sshsig.sh b/regress/sshsig.sh index f8d85c2f..d4daa5c9 100644 --- a/regress/sshsig.sh +++ b/regress/sshsig.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshsig.sh,v 1.13 2022/01/05 04:56:15 djm Exp $ +# $OpenBSD: sshsig.sh,v 1.14 2022/02/01 23:37:15 djm Exp $ # Placed in the Public Domain. tid="sshsig" @@ -342,6 +342,23 @@ for t in $SIGNKEYS; do -f $OBJ/allowed_signers >/dev/null 2>&1 || \ fail "failed find-principals for $t with ca key" + # CA with wildcard principal + (printf "*@example.com cert-authority " ; + cat $CA_PUB) > $OBJ/allowed_signers + # find-principals CA with wildcard principal + ${SSHKEYGEN} -vvv -Y find-principals -s $sigfile \ + -Overify-time=19850101 \ + -f $OBJ/allowed_signers 2>/dev/null | \ + fgrep "$sig_principal" >/dev/null || \ + fail "failed find-principals for $t with ca key using wildcard principal" + + # verify CA with wildcard principal + ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ + -I $sig_principal -f $OBJ/allowed_signers \ + -Overify-time=19850101 \ + < $DATA >/dev/null 2>&1 || \ + fail "failed signature for $t cert using wildcard principal" + # signing key listed as cert-authority (printf "$sig_principal cert-authority " ; cat $pubkey) > $OBJ/allowed_signers -- cgit v1.2.1