Skip to content

Commit

Permalink
ssh-key: fix certificate::Builder::new_with_validity_times (#143)
Browse files Browse the repository at this point in the history
It previously had the `valid_after` and `valid_before` arguments
swapped, which would've caused errors with expected usage.

This commit adds a test that confirmed the certificate builder
initializes successfully after swapping the arguments back.

Closes #142
  • Loading branch information
tarcieri authored Jul 29, 2023
1 parent 330673b commit 3c4b5f3
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
2 changes: 1 addition & 1 deletion ssh-key/src/certificate/builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ impl Builder {
let valid_before =
UnixTime::try_from(valid_before).map_err(|_| Field::ValidBefore.invalid_error())?;

Self::new(nonce, public_key, valid_before.into(), valid_after.into())
Self::new(nonce, public_key, valid_after.into(), valid_before.into())
}

/// Create a new certificate builder, generating a random nonce using the
Expand Down
24 changes: 24 additions & 0 deletions ssh-key/tests/certificate_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ use ssh_key::EcdsaCurve;
#[cfg(all(feature = "ed25519", feature = "rsa"))]
use std::str::FromStr;

#[cfg(all(feature = "ed25519", feature = "std"))]
use std::time::{Duration, SystemTime};

/// Example Unix timestamp when a certificate was issued (2020-09-13 12:26:40 UTC).
const ISSUED_AT: u64 = 1600000000;

Expand Down Expand Up @@ -183,3 +186,24 @@ R6qbyo6hPuCiV9cAAAAAAQID
let ca_fingerprint = ca_key.fingerprint(Default::default());
assert!(cert.validate_at(VALID_AT, &[ca_fingerprint]).is_ok());
}

#[cfg(all(feature = "ed25519", feature = "std"))]
#[test]
fn new_with_validity_times() {
let mut rng = ChaCha8Rng::from_seed(PRNG_SEED);
let subject_key = PrivateKey::random(&mut rng, Algorithm::Ed25519).unwrap();

// NOTE: use a random nonce, not an all-zero one!
let nonce = [0u8; certificate::Builder::RECOMMENDED_NONCE_SIZE];

let issued_at = SystemTime::now();
let expires_at = issued_at + Duration::from_secs(3600);

assert!(certificate::Builder::new_with_validity_times(
nonce,
subject_key.public_key(),
issued_at,
expires_at
)
.is_ok());
}

0 comments on commit 3c4b5f3

Please sign in to comment.