(t *testing.T)
| 41 | } |
| 42 | |
| 43 | func TestInspectSSHCert(t *testing.T) { |
| 44 | tests := []struct { |
| 45 | name string |
| 46 | keyType KeyType |
| 47 | }{ |
| 48 | { |
| 49 | name: "ECDSA Certificate", |
| 50 | keyType: ECDSA, |
| 51 | }, |
| 52 | { |
| 53 | name: "ED25519 Certificate", |
| 54 | keyType: ED25519, |
| 55 | }, |
| 56 | } |
| 57 | for _, tt := range tests { |
| 58 | t.Run(tt.name, func(t *testing.T) { |
| 59 | pkt, signer, _ := Mocks(t, tt.keyType) |
| 60 | principals := []string{"guest", "dev"} |
| 61 | |
| 62 | sshCertBytes, signKeyBytes, err := createSSHCert(pkt, signer, principals) |
| 63 | require.NoError(t, err) |
| 64 | require.NotNil(t, sshCertBytes) |
| 65 | require.NotNil(t, signKeyBytes) |
| 66 | |
| 67 | buf := new(bytes.Buffer) |
| 68 | inspect := NewInspectCmd(string(sshCertBytes), buf) |
| 69 | |
| 70 | err = inspect.Run() |
| 71 | require.NoError(t, err, "Unexpected error") |
| 72 | |
| 73 | output := buf.String() |
| 74 | |
| 75 | // Verify all four section headers appear in order |
| 76 | sections := []string{ |
| 77 | "--- SSH Certificate Information ---", |
| 78 | "--- PKToken Structure ---", |
| 79 | "--- Signature Information ---", |
| 80 | "--- Token Metadata ---", |
| 81 | } |
| 82 | lastIdx := -1 |
| 83 | for _, section := range sections { |
| 84 | idx := strings.Index(output, section) |
| 85 | require.Greater(t, idx, lastIdx, |
| 86 | "section %q not found or out of order in output", section) |
| 87 | lastIdx = idx |
| 88 | } |
| 89 | |
| 90 | // Split into lines for line-by-line verification |
| 91 | lines := strings.Split(output, "\n") |
| 92 | |
| 93 | // --- Verify SSH Certificate Information section --- |
| 94 | requireLineEquals(t, lines, 0, "--- SSH Certificate Information ---") |
| 95 | requireLineMatches(t, lines, 1, `^Serial:\s+0$`) |
| 96 | requireLineMatches(t, lines, 2, `^Type:\s+User Certificate$`) |
| 97 | requireLineMatches(t, lines, 3, `^Key ID:\s+arthur\.aardvark@example\.com$`) |
| 98 | requireLineMatches(t, lines, 4, `^Principals:\s+\[guest dev\]$`) |
| 99 | requireLineMatches(t, lines, 5, `^Valid After:\s+Not set$`) |
| 100 | requireLineMatches(t, lines, 6, `^Valid Before:\s+Forever$`) |
nothing calls this directly
no test coverage detected