def test_periodical_renewal(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
p = PeriodicalRenewal(remote_set, store, datetime.timedelta(seconds=3))
assert store.load() == fx_master_key
for t, path, ev in fx_authorized_servers.values():
assert fx_master_key in authorized_key_set(path)
wait_for(20, lambda: store.load() != fx_master_key)
second_key = store.load()
assert second_key != fx_master_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert second_key in key_set
wait_for(20, lambda: store.load() != second_key)
third_key = store.load()
assert third_key != fx_master_key
assert third_key != second_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert third_key in key_set
p.terminate()
last_key = store.load()
time.sleep(10)
assert store.load() == last_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {last_key}
def test_fs_master_key_store_load():
path = os.path.join(os.path.dirname(__file__), 'test_id_rsa')
s = FileSystemMasterKeyStore(path)
key = s.load()
assert isinstance(key, RSAKey)
assert key.get_base64() == (
'AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fDpQ9sQKIdzXvqT3TzrPp2OpUCOJtUW3k0oi'
'trqqHe1XiCke++DSpAv56poCppTj9qo3N1HyhZhSv/jH7/ejZ8NZdtvLIZGOCQZVdKNy0'
'cg7jlimrWA2s8X201Yn3hYpUrYJYbhAAuQM5flvbyBtn5/miONQ8NVimgjG6UVANVqX4W'
'H9kqdr4SBf45/+BAdenf2j5DC3xceOOW8wZfe2rOJpQ0msVxMeXExGqF9DS2E3bqOwE1C'
'MPEGYr5KZCx7IeJ/4udBuKc/gOXb8tPiTTNxtYXEBcqhBdCa/M6pEdW5LiHxxoF5b6xY9'
'q0nmi7Rn0weXK0SufhGgKrpSH+B')
def test_fs_master_key_store_load():
path = os.path.join(os.path.dirname(__file__), 'test_id_rsa')
s = FileSystemMasterKeyStore(path)
key = s.load()
assert isinstance(key, RSAKey)
assert key.get_base64() == (
'AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fDpQ9sQKIdzXvqT3TzrPp2OpUCOJtUW3k0oi'
'trqqHe1XiCke++DSpAv56poCppTj9qo3N1HyhZhSv/jH7/ejZ8NZdtvLIZGOCQZVdKNy0'
'cg7jlimrWA2s8X201Yn3hYpUrYJYbhAAuQM5flvbyBtn5/miONQ8NVimgjG6UVANVqX4W'
'H9kqdr4SBf45/+BAdenf2j5DC3xceOOW8wZfe2rOJpQ0msVxMeXExGqF9DS2E3bqOwE1C'
'MPEGYr5KZCx7IeJ/4udBuKc/gOXb8tPiTTNxtYXEBcqhBdCa/M6pEdW5LiHxxoF5b6xY9'
'q0nmi7Rn0weXK0SufhGgKrpSH+B'
)
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir,
key_type: Type[PKey], bits: int):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store, key_type, bits)
assert new_key.get_bits() == bits or bits is None
assert isinstance(new_key, key_type)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir,
key_type: Type[PKey], bits: int):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store, key_type, bits)
assert new_key.get_bits() == bits or bits is None
assert isinstance(new_key, key_type)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_fs_master_key_store_save(tmpdir):
path = tmpdir.join('id_rsa')
s = FileSystemMasterKeyStore(str(path))
with raises(EmptyStoreError):
s.load()
key = RSAKey.generate(1024)
s.save(key)
stored_key = s.load()
assert isinstance(stored_key, RSAKey)
assert stored_key.get_base64() == stored_key.get_base64()
def test_fs_master_key_store_save(tmpdir):
path = tmpdir.join('id_rsa')
s = FileSystemMasterKeyStore(str(path))
with raises(EmptyStoreError):
s.load()
key = RSAKey.generate(1024)
s.save(key)
stored_key = s.load()
assert isinstance(stored_key, RSAKey)
assert stored_key.get_base64() == stored_key.get_base64()
def test_periodical_renewal(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
p = PeriodicalRenewal(remote_set, store, datetime.timedelta(seconds=3))
assert store.load() == fx_master_key
for t, path, ev in fx_authorized_servers.values():
assert fx_master_key in authorized_key_set(path)
wait_for(20, lambda: store.load() != fx_master_key)
second_key = store.load()
assert second_key != fx_master_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert second_key in key_set
wait_for(20, lambda: store.load() != second_key)
third_key = store.load()
assert third_key != fx_master_key
assert third_key != second_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert third_key in key_set
p.terminate()
last_key = store.load()
time.sleep(10)
assert store.load() == last_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {last_key}
