From 3c4b5f367022a0467e4daf024e71f2ed94b2d8e1 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sat, 29 Jul 2023 13:47:03 -0600 Subject: [PATCH] ssh-key: fix `certificate::Builder::new_with_validity_times` (#143) It previously had the `valid_after` and `valid_before` arguments swapped, which would've caused errors with expected usage. This commit adds a test that confirmed the certificate builder initializes successfully after swapping the arguments back. Closes #142 --- ssh-key/src/certificate/builder.rs | 2 +- ssh-key/tests/certificate_builder.rs | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ssh-key/src/certificate/builder.rs b/ssh-key/src/certificate/builder.rs index 651e8a0..3d00b9c 100644 --- a/ssh-key/src/certificate/builder.rs +++ b/ssh-key/src/certificate/builder.rs @@ -145,7 +145,7 @@ impl Builder { let valid_before = UnixTime::try_from(valid_before).map_err(|_| Field::ValidBefore.invalid_error())?; - Self::new(nonce, public_key, valid_before.into(), valid_after.into()) + Self::new(nonce, public_key, valid_after.into(), valid_before.into()) } /// Create a new certificate builder, generating a random nonce using the diff --git a/ssh-key/tests/certificate_builder.rs b/ssh-key/tests/certificate_builder.rs index 7527c8e..3c45335 100644 --- a/ssh-key/tests/certificate_builder.rs +++ b/ssh-key/tests/certificate_builder.rs @@ -16,6 +16,9 @@ use ssh_key::EcdsaCurve; #[cfg(all(feature = "ed25519", feature = "rsa"))] use std::str::FromStr; +#[cfg(all(feature = "ed25519", feature = "std"))] +use std::time::{Duration, SystemTime}; + /// Example Unix timestamp when a certificate was issued (2020-09-13 12:26:40 UTC). const ISSUED_AT: u64 = 1600000000; @@ -183,3 +186,24 @@ R6qbyo6hPuCiV9cAAAAAAQID let ca_fingerprint = ca_key.fingerprint(Default::default()); assert!(cert.validate_at(VALID_AT, &[ca_fingerprint]).is_ok()); } + +#[cfg(all(feature = "ed25519", feature = "std"))] +#[test] +fn new_with_validity_times() { + let mut rng = ChaCha8Rng::from_seed(PRNG_SEED); + let subject_key = PrivateKey::random(&mut rng, Algorithm::Ed25519).unwrap(); + + // NOTE: use a random nonce, not an all-zero one! + let nonce = [0u8; certificate::Builder::RECOMMENDED_NONCE_SIZE]; + + let issued_at = SystemTime::now(); + let expires_at = issued_at + Duration::from_secs(3600); + + assert!(certificate::Builder::new_with_validity_times( + nonce, + subject_key.public_key(), + issued_at, + expires_at + ) + .is_ok()); +}