From f4898f746d03ff5dcf57d3967c594d98a9da7fe0 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Tue, 3 Mar 2026 10:06:32 +0200
Subject: feat(ssh-server): check auth key cache in public key callback

---
 internal/ssh/server/publickeycallback_test.go | 41 +++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 internal/ssh/server/publickeycallback_test.go

(limited to 'internal/ssh/server/publickeycallback_test.go')

diff --git a/internal/ssh/server/publickeycallback_test.go b/internal/ssh/server/publickeycallback_test.go
new file mode 100644
index 0000000..7ded4f3
--- /dev/null
+++ b/internal/ssh/server/publickeycallback_test.go
@@ -0,0 +1,41 @@
+package server
+
+import (
+	"testing"
+	"time"
+
+	gossh "golang.org/x/crypto/ssh"
+)
+
+func TestAuthKeyStorePermissions(t *testing.T) {
+	previousStore := authKeyStore
+	authKeyStore = NewAuthKeyStore(time.Hour, 5)
+	t.Cleanup(func() {
+		authKeyStore = previousStore
+	})
+
+	key := testPublicKey(t, 21)
+
+	if permissions := authKeyStorePermissions("alice", key); permissions != nil {
+		t.Fatalf("Expected nil permissions when no key is cached")
+	}
+
+	authKeyStore.Add("alice", key)
+
+	permissions := authKeyStorePermissions("alice", key)
+	if permissions == nil {
+		t.Fatalf("Expected permissions when key is cached")
+	}
+	if fingerprint := permissions.Extensions["pubkey-fp"]; fingerprint != gossh.FingerprintSHA256(key) {
+		t.Fatalf("Unexpected fingerprint: %s", fingerprint)
+	}
+
+	if permissions := authKeyStorePermissions("bob", key); permissions != nil {
+		t.Fatalf("Expected nil permissions for different user")
+	}
+
+	unknownKey := testPublicKey(t, 22)
+	if permissions := authKeyStorePermissions("alice", unknownKey); permissions != nil {
+		t.Fatalf("Expected nil permissions for unknown key")
+	}
+}
-- 
cgit v1.2.3