def test_create_paramiko_ssh_client_valid(mocker, cipher_arg, key_arg,
server_ciphers,
server_key_algorithms):
"""
Given:
- Parameters to create SSH client.
When:
- Given parameters are valid.
Cases:
- Case a: No ciphers and no key algorithms to be used have been given by the user.
- Case b: No ciphers to be used, but key algorithm to be used which is supported by server where given by the user.
- Case c: Cipher to be used that is supported by server, but no key algorithm were given by the user.
- Case d: Both cipher and key algorithm have been requested by the user, both are supported by server.
Then:
- Ensure SSH client is created.
"""
from RemoteAccessv2 import create_paramiko_ssh_client
mocker.patch('paramiko.SSHClient.connect')
if server_ciphers:
mocker.patch('RemoteAccessv2.get_available_ciphers',
return_value=server_ciphers)
if server_key_algorithms:
mocker.patch('RemoteAccessv2.get_available_key_algorithms',
return_value=server_key_algorithms)
create_paramiko_ssh_client('host', 'user', 'password', cipher_arg, key_arg)
def test_create_paramiko_ssh_client_with_valid_ssh_certificate(mocker):
""""
Given:
- valid SSH certificate.
When:
- trying to connect to an SSH client.
Then:
- Ensure that creating SSH connection was successful.
"""
from RemoteAccessv2 import create_paramiko_ssh_client
ssh_connect_mock = mocker.patch('paramiko.SSHClient.connect')
valid_private_key = '1234\n1234'
mocker.patch('paramiko.RSAKey.from_private_key',
return_value=RSAKey(key=valid_private_key))
create_paramiko_ssh_client('host',
'user',
None,
set(),
set(),
private_key=valid_private_key)
assert type(ssh_connect_mock.call_args.kwargs.get('pkey')) == RSAKey
assert not ssh_connect_mock.call_args.kwargs.get('password')
def test_create_paramiko_ssh_client_invalid(mocker, cipher_arg, key_arg,
server_ciphers,
server_key_algorithms):
"""
Given:
- Parameters to create SSH client.
When:
- Given ciphers do not match the server ciphers.
Cases:
Case a: Cipher which is not supported by server was given by the user.
Case b: Key algorithm which is not supported by server was given by the user.
Then:
- Ensure DemistoException is thrown as expected.
"""
from RemoteAccessv2 import create_paramiko_ssh_client
server_ciphers = {'diffie-hellman-group14-sha512'}
expected_err_msg: str = ''
if server_ciphers:
expected_err_msg = f'Given ciphers are not available in server.\n' \
f'Ciphers available in server are: {server_ciphers}'
mocker.patch('RemoteAccessv2.get_available_ciphers',
return_value=server_ciphers)
if server_key_algorithms:
expected_err_msg = f'Given key algorithms are not available in server.\n' \
f'Key algorithms available in server are: {server_key_algorithms}'
mocker.patch('RemoteAccessv2.get_available_key_algorithms',
return_value=server_key_algorithms)
with pytest.raises(DemistoException, match=expected_err_msg):
create_paramiko_ssh_client('host', 'user', 'password', cipher_arg,
key_arg)
def test_create_paramiko_ssh_client_with_invalid_ssh_certificate(
invalid_private_key):
"""
Given:
- invalid SSH certificate structure.
When:
- trying to connect to an SSH client.
Then:
- Ensure that SSHException is raised.
"""
from RemoteAccessv2 import create_paramiko_ssh_client
with pytest.raises(SSHException):
create_paramiko_ssh_client('host',
'user',
'password',
set(),
set(),
private_key=invalid_private_key)