From 73e4c61dc22aacbfd2d5c3e2b474d1964e2caaca Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 19 Dec 2022 17:21:13 +0000
Subject: [PATCH] Add a test for backwards compatibility with clients lacking
 session IDs

---
 server/keystore_test.go | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/server/keystore_test.go b/server/keystore_test.go
index 9b4ed223..00b49496 100644
--- a/server/keystore_test.go
+++ b/server/keystore_test.go
@@ -144,6 +144,46 @@ func TestKeystore_OpenAndGet(t *testing.T) {
 	}
 }
 
+func TestKeystore_OpenAndGet_BackwardsCompatibility(t *testing.T) {
+	c, keystore, cleanup := newTestContext(t)
+	defer cleanup()
+
+	// Decrypt the private key with the right password. Do not set a session ID.
+	err := keystore.Open(context.Background(), "testuser", string(pw), "", 60)
+	if err != nil {
+		t.Fatal("keystore.Open():", err)
+	}
+
+	// Call expire() now to make sure we don't wipe data that is
+	// not expired yet.
+	keystore.expire(time.Now())
+
+	// Sign a valid SSO ticket and use it to obtain the private
+	// key we just stored.
+	ssoTicket := c.sign("testuser", "keystore/", "domain")
+	result, err := keystore.Get("testuser", ssoTicket)
+	if err != nil {
+		t.Fatal("keystore.Get():", err)
+	}
+
+	expectedPEM, _ := privKey.PEM()
+	if !bytes.Equal(result, expectedPEM) {
+		t.Fatalf("keystore.Get() returned bad key: got %v, expected %v", result, expectedPEM)
+	}
+
+	// Verify user namespace isolation
+	keystore.Close("otheruser", "")
+	if _, err := keystore.Get("testuser", ssoTicket); err != nil {
+		t.Fatalf("keystore.Get() returned error after Close(otheruser): %v", err)
+	}
+
+	// Call Close() and forget the key.
+	keystore.Close("testuser", "")
+	if _, err := keystore.Get("testuser", ssoTicket); err == nil {
+		t.Fatal("keystore.Get() returned no error after Close()")
+	}
+}
+
 func TestKeystore_OpenAndGet_MultipleSessions(t *testing.T) {
 	c, keystore, cleanup := newTestContext(t)
 	defer cleanup()
-- 
GitLab