tomaswolf commented on code in PR #907:
URL: https://github.com/apache/mina-sshd/pull/907#discussion_r3525052414


##########
sshd-core/src/test/java/org/apache/sshd/server/auth/AuthorizedKeyEntriesPublickeyAuthenticatorTest.java:
##########
@@ -68,4 +75,133 @@ void testMatch(String first, String second) throws 
Exception {
                 Collections.singletonList(entry), 
PublicKeyEntryResolver.FAILING);
         assertTrue(auth.authenticate("user", pubKey, null));
     }
+
+    @Test
+    void fromAllowsMatchingAddress() throws Exception {
+        KeyPair pair = generateKeyPair();
+        ServerSession session = session(new InetSocketAddress("127.0.0.1", 
12345));
+
+        assertTrue(authenticate("from=\"127.0.0.1\"", pair, session));
+    }
+
+    @Test
+    void fromRejectsDifferentAddress() throws Exception {
+        KeyPair pair = generateKeyPair();
+        ServerSession session = session(new InetSocketAddress("203.0.113.10", 
12345));
+
+        assertFalse(authenticate("from=\"127.0.0.1\"", pair, session));
+    }
+
+    @Test
+    void fromAllowsMatchingCidr() throws Exception {
+        KeyPair pair = generateKeyPair();
+        ServerSession session = session(new InetSocketAddress("192.0.2.25", 
12345));
+
+        assertTrue(authenticate("from=\"192.0.2.0/24\"", pair, session));
+    }
+
+    @Test
+    void fromRejectsNegatedAddress() throws Exception {
+        KeyPair pair = generateKeyPair();
+        ServerSession session = session(new InetSocketAddress("203.0.113.10", 
12345));
+
+        assertFalse(authenticate("from=\"*,!203.0.113.10\"", pair, session));
+    }
+
+    @Test
+    void fromRejectsInvalidPattern() throws Exception {
+        KeyPair pair = generateKeyPair();
+        ServerSession session = session(new InetSocketAddress("203.0.113.10", 
12345));
+
+        assertFalse(authenticate("from=\"203.0.113.0/33\"", pair, session));
+    }
+
+    @Test
+    void expiryTimeAllowsFutureTime() throws Exception {
+        KeyPair pair = generateKeyPair();
+
+        assertTrue(authenticate("expiry-time=\"29991231235959Z\"", pair, 
null));
+    }
+
+    @Test
+    void expiryTimeRejectsPastTime() throws Exception {
+        KeyPair pair = generateKeyPair();
+
+        assertFalse(authenticate("expiry-time=\"19700101000000Z\"", pair, 
null));
+    }
+
+    private static boolean authenticate(String options, KeyPair pair, 
ServerSession session) throws Exception {
+        String line = options;
+        if (!line.isEmpty()) {
+            line += ' ';
+        }
+        line += PublicKeyEntry.toString(pair.getPublic());
+        AuthorizedKeyEntry entry = 
AuthorizedKeyEntry.parseAuthorizedKeyEntry(line);
+        AuthorizedKeyEntriesPublickeyAuthenticator auth = new 
AuthorizedKeyEntriesPublickeyAuthenticator("test", session,
+                Collections.singletonList(entry), 
PublicKeyEntryResolver.FAILING);
+        return auth.authenticate("user", pair.getPublic(), session);
+    }
+
+    private static KeyPair generateKeyPair() throws Exception {
+        KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
+        gen.initialize(256);
+        return gen.generateKeyPair();
+    }
+
+    private static ServerSession session(InetSocketAddress remote) {

Review Comment:
   Use Mockito for this. Simply
   ```
       private static ServerSession session(InetSocketAddress remote) {
           ServerSession session = Mockito.mock(ServerSession.class);
           Mockito.when(session.getClientAddress()).thenReturn(remote);
           Mockito.when(session.getRemoteAddress()).thenReturn(remote);
           return session;
       }
   ```
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to