aboutsummaryrefslogtreecommitdiff
path: root/ssh/certs_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'ssh/certs_test.go')
-rw-r--r--ssh/certs_test.go29
1 files changed, 29 insertions, 0 deletions
diff --git a/ssh/certs_test.go b/ssh/certs_test.go
index 1a4b499..e2a6fed 100644
--- a/ssh/certs_test.go
+++ b/ssh/certs_test.go
@@ -404,3 +404,32 @@ func TestCertSignWithMultiAlgorithmSigner(t *testing.T) {
})
}
}
+
+func TestCertSignWithCertificate(t *testing.T) {
+ cert := &Certificate{
+ Key: testPublicKeys["rsa"],
+ ValidBefore: CertTimeInfinity,
+ CertType: UserCert,
+ }
+ if err := cert.SignCert(rand.Reader, testSigners["ecdsa"]); err != nil {
+ t.Fatalf("SignCert: %v", err)
+ }
+ signer, err := NewSignerWithAlgorithms(testSigners["rsa"].(AlgorithmSigner), []string{KeyAlgoRSASHA256})
+ if err != nil {
+ t.Fatal(err)
+ }
+ certSigner, err := NewCertSigner(cert, signer)
+ if err != nil {
+ t.Fatalf("NewCertSigner: %v", err)
+ }
+
+ cert1 := &Certificate{
+ Key: testPublicKeys["ecdsa"],
+ ValidBefore: CertTimeInfinity,
+ CertType: UserCert,
+ }
+
+ if err := cert1.SignCert(rand.Reader, certSigner); err == nil {
+ t.Fatal("successfully signed a certificate using another certificate, it is expected to fail")
+ }
+}
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 03:38:48 +0000