From edc07fef736ef3f4880cce7fa0a51fa8f3464f82 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Sat, 27 Nov 2021 07:20:58 +0000
Subject: [PATCH] regression test for match-principals. Mostly by Fabian
 Stelzer

---
 regress/usr.bin/ssh/sshsig.sh | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/regress/usr.bin/ssh/sshsig.sh b/regress/usr.bin/ssh/sshsig.sh
index 6ff932ead41..d4aee54ca71 100644
--- a/regress/usr.bin/ssh/sshsig.sh
+++ b/regress/usr.bin/ssh/sshsig.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshsig.sh,v 1.9 2021/11/18 03:53:48 djm Exp $
+#	$OpenBSD: sshsig.sh,v 1.10 2021/11/27 07:20:58 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshsig"
@@ -410,6 +410,32 @@ for t in $SIGNKEYS; do
 
 done
 
+# Test key independant match-principals
+(
+	printf "principal1 " ; cat $pubkey;
+	printf "princi* " ; cat $pubkey;
+	printf "unique " ; cat $pubkey;
+) > $OBJ/allowed_signers
+
+verbose "$tid: match principals"
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "unique" | \
+    fgrep "unique" >/dev/null || \
+	fail "faild to match static principal"
+
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "princip" | \
+    fgrep "princi*" >/dev/null || \
+	fail "faild to match wildcard principal"
+
+${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers -I "principal1" | \
+    fgrep -e "principal1" -e "princi*" >/dev/null || \
+	fail "faild to match static and wildcard principal"
+verbose "$tid: nomatch principals"
+for x in princ prince unknown ; do 
+	${SSHKEYGEN} -Y match-principals -f $OBJ/allowed_signers \
+	    -I $x >/dev/null 2>&1 && \
+		fail "succeeded to match unknown principal \"$x\""
+done
+
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null
 
-- 
2.20.1