def pytest_assertrepr_compare(op, left, right):
if op == '==' and isinstance(left, PKey) and isinstance(right, PKey):
left_key = format_openssh_pubkey(left)
right_key = format_openssh_pubkey(right)
return [
'{!r} == {!r}'.format(left, right),
' {} != {}'.format(left_key, right_key)
]
def fx_authorized_sftp(fx_sftpd, fx_authorized_keys):
port, (thread, path, ev) = fx_sftpd.popitem()
thread.start()
key = RSAKey.generate(1024)
dot_ssh = path.mkdir('.ssh')
with dot_ssh.join('authorized_keys').open('w') as f:
print(format_openssh_pubkey(key), file=f)
for authorized_key in fx_authorized_keys:
print(format_openssh_pubkey(authorized_key), file=f)
transport = Transport(('127.0.0.1', port))
transport.connect(username='******', pkey=key)
sftp_client = SFTPClient.from_transport(transport)
yield sftp_client, path, [key] + fx_authorized_keys
sftp_client.close()
transport.close()
def test_authorized_keys_list_len(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
assert len(key_list) == 6
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
assert len(key_list) == 1
def test_authorized_keys_list_len(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
assert len(key_list) == 6
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
assert len(key_list) == 1
def test_add_public_key_415(fx_app, fx_key_store, fx_authorized_identity,
fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(get_url('add_public_key', token_id=fx_token_id),
data={'key': format_openssh_pubkey(pkey)})
assert response.status_code == 415
error = json.loads(response.get_data())
assert error['error'] == 'unsupported-content-type'
assert pkey not in fx_key_store.list_keys(fx_authorized_identity)
def test_add_public_key_duplicate_key(fx_app, fx_key_store,
fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
fx_key_store.register(fx_authorized_identity, pkey)
with fx_app.test_client() as c:
response = c.post(get_url('add_public_key', token_id=fx_token_id),
content_type='text/plain',
data=format_openssh_pubkey(pkey).encode())
assert response.status_code == 400
error = json.loads(response.get_data())
assert error['error'] == 'duplicate-key'
def test_add_public_key_unsupported_type(fx_app, fx_key_store, fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(
get_url("add_public_key", token_id=fx_token_id),
content_type="text/plain",
data=("invalid-type " + format_openssh_pubkey(pkey)[7:]).encode(),
)
assert response.status_code == 400
error = json.loads(response.data)
assert error["error"] == "unsupported-key-type"
assert pkey not in fx_key_store.list_keys(fx_authorized_identity)
def test_add_public_key_unsupported_type(fx_app, fx_key_store,
fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(get_url('add_public_key', token_id=fx_token_id),
content_type='text/plain',
data=('invalid-type ' +
format_openssh_pubkey(pkey)[7:]).encode())
assert response.status_code == 400
error = json.loads(response.get_data())
assert error['error'] == 'unsupported-key-type'
assert pkey not in fx_key_store.list_keys(fx_authorized_identity)
def test_add_public_key_415(fx_app, fx_key_store,
fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(
get_url('add_public_key', token_id=fx_token_id),
data={'key': format_openssh_pubkey(pkey)}
)
assert response.status_code == 415
error = json.loads(response.data)
assert error['error'] == 'unsupported-content-type'
assert pkey not in fx_key_store.list_keys(fx_authorized_identity)
def test_add_public_key_duplicate_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
fx_key_store.register(fx_authorized_identity, pkey)
with fx_app.test_client() as c:
response = c.post(
get_url("add_public_key", token_id=fx_token_id),
content_type="text/plain",
data=format_openssh_pubkey(pkey).encode(),
)
assert response.status_code == 400
error = json.loads(response.data)
assert error["error"] == "duplicate-key"
def test_add_public_key(fx_app, fx_key_store, fx_authorized_identity,
fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(get_url('add_public_key', token_id=fx_token_id),
content_type='text/plain',
data=format_openssh_pubkey(pkey).encode())
assert response.status_code == 201
key_data = response.get_data()
assert parse_openssh_pubkey(key_data.decode()) == pkey
assert pkey in fx_key_store.list_keys(fx_authorized_identity)
r = c.get(response.location)
assert r.get_data() == key_data
def test_add_public_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id):
pkey = RSAKey.generate(1024)
with fx_app.test_client() as c:
response = c.post(
get_url("add_public_key", token_id=fx_token_id),
content_type="text/plain",
data=format_openssh_pubkey(pkey).encode(),
)
assert response.status_code == 201
key_data = response.data
assert parse_openssh_pubkey(key_data.decode()) == pkey
assert pkey in fx_key_store.list_keys(fx_authorized_identity)
r = c.get(response.location)
assert r.data == key_data
def test_authorized_keys_list_iter(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
it = iter(key_list)
assert next(it) == keys[0]
assert next(it) == keys[1]
assert next(it) == keys[2]
assert next(it) == keys[3]
assert next(it) == keys[4]
assert next(it) == keys[5]
with raises(StopIteration):
next(it)
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
it = iter(key_list)
assert next(it) == keys[0]
with raises(StopIteration):
next(it)
def test_authorized_keys_list_iter(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
it = iter(key_list)
assert next(it) == keys[0]
assert next(it) == keys[1]
assert next(it) == keys[2]
assert next(it) == keys[3]
assert next(it) == keys[4]
assert next(it) == keys[5]
with raises(StopIteration):
next(it)
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
it = iter(key_list)
assert next(it) == keys[0]
with raises(StopIteration):
next(it)
def test_authorize(fx_sftpd):
port, (thread, path, ev) = fx_sftpd.popitem()
thread.start()
master_key = RSAKey.generate(1024)
public_keys = {RSAKey.generate(1024), RSAKey.generate(1024)}
authorized_keys_path = path.mkdir('.ssh').join('authorized_keys')
with authorized_keys_path.open('w') as f:
print(format_openssh_pubkey(master_key), file=f)
expires_at = authorize(public_keys,
master_key,
Remote('user', '127.0.0.1', port),
timeout=datetime.timedelta(seconds=5))
with authorized_keys_path.open() as f:
saved_keys = map(parse_openssh_pubkey, f)
assert frozenset(saved_keys) == (public_keys | {master_key})
while datetime.datetime.now(datetime.timezone.utc) <= expires_at:
time.sleep(1)
time.sleep(1)
with authorized_keys_path.open() as f:
saved_keys = map(parse_openssh_pubkey, f)
assert frozenset(saved_keys) == {master_key}
def test_authorized_keys_list_getitem(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
for i in range(-6, 6):
assert key_list[i] == keys[i]
assert key_list[i:] == keys[i:]
assert key_list[:i] == keys[:i]
assert key_list[i:i + 3] == keys[i:i + 3]
with raises(IndexError):
assert key_list[-7]
with raises(IndexError):
assert key_list[6]
with raises(TypeError):
key_list['key']
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
assert key_list[0] == key_list[-1] == keys[0]
with raises(IndexError):
key_list[1]
with raises(IndexError):
key_list[-2]
def test_authorized_keys_list_getitem(fx_authorized_sftp):
sftp_client, path, keys = fx_authorized_sftp
key_list = AuthorizedKeyList(sftp_client)
for i in range(-6, 6):
assert key_list[i] == keys[i]
assert key_list[i:] == keys[i:]
assert key_list[:i] == keys[:i]
assert key_list[i:i + 3] == keys[i:i + 3]
with raises(IndexError):
assert key_list[-7]
with raises(IndexError):
assert key_list[6]
with raises(TypeError):
key_list['key']
# It's lazily evaluated; changes should reflect
with path.join('.ssh', 'authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(keys[0]))
assert key_list[0] == key_list[-1] == keys[0]
with raises(IndexError):
key_list[1]
with raises(IndexError):
key_list[-2]
def test_authorize(fx_sftpd):
port, (thread, path, ev) = fx_sftpd.popitem()
thread.start()
master_key = RSAKey.generate(1024)
public_keys = {RSAKey.generate(1024), RSAKey.generate(1024)}
authorized_keys_path = path.mkdir('.ssh').join('authorized_keys')
with authorized_keys_path.open('w') as f:
print(format_openssh_pubkey(master_key), file=f)
expires_at = authorize(
public_keys,
master_key,
Remote('user', '127.0.0.1', port),
timeout=datetime.timedelta(seconds=5)
)
with authorized_keys_path.open() as f:
saved_keys = map(parse_openssh_pubkey, f)
assert frozenset(saved_keys) == (public_keys | {master_key})
while datetime.datetime.now(datetime.timezone.utc) <= expires_at:
time.sleep(1)
time.sleep(1)
with authorized_keys_path.open() as f:
saved_keys = map(parse_openssh_pubkey, f)
assert frozenset(saved_keys) == {master_key}
def test_format_openssh_pubkey():
rsakey = RSAKey.generate(1024)
assert parse_openssh_pubkey(format_openssh_pubkey(rsakey)) == rsakey
dsskey = DSSKey.generate(1024)
assert parse_openssh_pubkey(format_openssh_pubkey(dsskey)) == dsskey
def test_format_openssh_pubkey():
rsakey = RSAKey.generate(1024)
assert parse_openssh_pubkey(format_openssh_pubkey(rsakey)) == rsakey
dsskey = DSSKey.generate(1024)
assert parse_openssh_pubkey(format_openssh_pubkey(dsskey)) == dsskey
def fx_authorized_servers(fx_sftpd, fx_master_key):
for port, (thread, path, ev) in fx_sftpd.items():
with path.mkdir('.ssh').join('authorized_keys').open('w') as f:
f.write(format_openssh_pubkey(fx_master_key))
thread.start()
return fx_sftpd
def create_key_pair(self, name):
self.import_key_pair_from_string(
name,
format_openssh_pubkey(RSAKey.generate(1024))
)
def create_key_pair(self, name):
self.import_key_pair_from_string(
name, format_openssh_pubkey(RSAKey.generate(1024)))
