1 files changed, 97 insertions, 0 deletions

diff --git a/ldap_test.go b/ldap_test.go
new file mode 100644
index 0000000..e685e38
--- /dev/null
+++ b/ldap_test.go
@@ -0,0 +1,97 @@
+package main
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestVerifySSHKeyOk(t *testing.T) {
+	ok_key_keys := []string{
+		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t markus@comment",
+		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQlYF3LXI/CMX/yPWRboNiUI6qj+K6/kD6tu+di9zRwtN5jzGh5DTJ2ZaQeDIS8cED62jW7KJySoeMMWRA0W//rp8aRKL7cHWVWEkd2maEmwzdUKx18OoDMqT8wNRd9K66lxUv4lHX9mbM1gd1f3uwgUZMSiIq6p/wh2n/GozFocvasq8Bugl2epLxncnKoDqJIUMUpQUmTI9G7b2pLpI8OCKkoF7VKVrH1nt0yvboZ/4sQ/EYoKj/9/Surqnx/VTs3pfs/gKxw53bMVLN6W4i2FjW4EfN8Cs0zjaddjVaCYRnDmCQQZUckS9/E+rhJGAaD6xNxpP93dwkgqQyj2t",
+		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+ markus@test",
+	}
+
+	var err error
+	for _, key := range ok_key_keys {
+		err = validateSSHkey(key)
+		if err != nil {
+			t.Error(err)
+		}
+
+	}
+}
+
+func TestVerifySSHKeyNoSpaces(t *testing.T) {
+	err := validateSSHkey("badkey")
+	if err == nil {
+		t.Error("Key 'badkey' should fail validation")
+	}
+
+	if !strings.Contains(err.Error(), "invalid") {
+		t.Errorf("Error message should include invalid, but was '%s'", err.Error())
+	}
+}
+
+func TestVerifySSHKeyNotBase64(t *testing.T) {
+	b64_missing_padding := "ssh-rsa dGVzdAo"
+	err := validateSSHkey(b64_missing_padding)
+	if err == nil {
+		t.Errorf("'%s' should fail b64 validation", b64_missing_padding)
+	}
+
+	if !strings.Contains(err.Error(), "base64") {
+		t.Errorf("Error message should include base64, but was '%s'", err.Error())
+	}
+}
+
+func TestVerifySSHKeyWrongFormatDSS(t *testing.T) {
+	it := "ssh-dss dGVzdAo="
+	err := validateSSHkey(it)
+	if err == nil {
+		t.Errorf("'%s' should fail key format validation", it)
+	}
+
+	if !strings.Contains(err.Error(), "format") {
+		t.Errorf("Error message should include format, but was '%s'", err.Error())
+	}
+}
+
+func TestVerifySSHKeyWrongFormatECDSA(t *testing.T) {
+	it := "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHeiQG8vUVsIjQdN0O/ovg/NTERdT+KA0JQTNDSNh65Q+XFuw8j0MhbTLHk/yXWJqBp7Vn6eiuPYXJac75P2BJjiQGi0UlfNXpTeYEG48Sdeo4pfguEwbyfnWMDWj4f86k/UjD2bUJBpXVQNs82j0weOG4+SqkA7cFz/E6e7eEfkATVaA== markus@test"
+	err := validateSSHkey(it)
+	if err == nil {
+		t.Errorf("'%s' should fail key format validation", it)
+	}
+
+	if !strings.Contains(err.Error(), "format") {
+		t.Errorf("Error message should include format, but was '%s'", err.Error())
+	}
+}
+
+func TestVerifySSHKeyRSAKeyToSmall(t *testing.T) {
+	short_rsa := "ssh-rsa dGVzdAo="
+	err := validateSSHkey(short_rsa)
+	if err == nil {
+		t.Errorf("'%s' should fail bit length validation", short_rsa)
+	}
+
+	if !strings.Contains(err.Error(), "2048 bit") {
+		t.Errorf("Error message should include 2048 bit, but was '%s'", err.Error())
+	}
+
+	if !strings.Contains(err.Error(), "Was: 32") {
+		t.Errorf("Error message should include original bit length (32), but was '%s'", err.Error())
+	}
+}
+
+func TestCalcFingerprint(t *testing.T) {
+	key := "AAAAC3NzaC1lZDI1NTE5AAAAIKuZUxgv5fOU/HXi9NQDcqec06ut+6CTItzlPmgJHZm+"
+	real_fingerprint := "SHA256:Rw71nETy5eL5J7ZK2QZfCZmp6e940ljBesD2COTG4Us="
+
+	fingerprint := calculateFingerprint(key)
+
+	if fingerprint != real_fingerprint {
+		t.Errorf("Fingerprint is calculated wrong. Expected: %s, Got: %s", real_fingerprint, fingerprint)
+	}
+}