rpki/tests/test_rtr_debug_client_ssh_cli.rs

use std::process::Command;

fn run_client(args: &[&str]) -> std::process::Output {
    Command::new(env!("CARGO_BIN_EXE_rtr_debug_client"))
        .args(args)
        .output()
        .expect("failed to run rtr_debug_client")
}

#[test]
fn ssh_requires_user() {
    let output = run_client(&[
        "--ssh",
        "--ssh-key",
        "tests/fixtures/ssh/client.key",
        "--ssh-server-key",
        "tests/fixtures/ssh/server.pub",
    ]);
    assert!(!output.status.success());
    let stderr = String::from_utf8_lossy(&output.stderr);
    assert!(stderr.contains("SSH mode requires --ssh-user <name>"));
}

#[test]
fn ssh_requires_key() {
    let output = run_client(&[
        "--ssh",
        "--ssh-user",
        "rpki-rtr",
        "--ssh-server-key",
        "tests/fixtures/ssh/server.pub",
    ]);
    assert!(!output.status.success());
    let stderr = String::from_utf8_lossy(&output.stderr);
    assert!(stderr.contains("SSH mode requires --ssh-key <path>"));
}

#[test]
fn ssh_requires_host_key_verification() {
    let output = run_client(&[
        "--ssh",
        "--ssh-user",
        "rpki-rtr",
        "--ssh-key",
        "tests/fixtures/ssh/client.key",
    ]);
    assert!(!output.status.success());
    let stderr = String::from_utf8_lossy(&output.stderr);
    assert!(
        stderr.contains("SSH mode requires host key verification")
            && stderr.contains("--ssh-known-hosts")
            && stderr.contains("--ssh-server-key")
    );
}

#[test]
fn ssh_rejects_multiple_host_key_verification_sources() {
    let output = run_client(&[
        "--ssh",
        "--ssh-user",
        "rpki-rtr",
        "--ssh-key",
        "tests/fixtures/ssh/client.key",
        "--ssh-known-hosts",
        "tests/fixtures/ssh/known_hosts",
        "--ssh-server-key",
        "tests/fixtures/ssh/server.pub",
    ]);
    assert!(!output.status.success());
    let stderr = String::from_utf8_lossy(&output.stderr);
    assert!(stderr.contains("must choose one"));
}

#[test]
fn ssh_conflicts_with_tls() {
    let output = run_client(&["--ssh", "--tls"]);
    assert!(!output.status.success());
    let stderr = String::from_utf8_lossy(&output.stderr);
    assert!(stderr.contains("--tls cannot be used together with --ssh"));
}