def test_periodical_renewal(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
p = PeriodicalRenewal(remote_set, store, datetime.timedelta(seconds=3))
assert store.load() == fx_master_key
for t, path, ev in fx_authorized_servers.values():
assert fx_master_key in authorized_key_set(path)
wait_for(20, lambda: store.load() != fx_master_key)
second_key = store.load()
assert second_key != fx_master_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert second_key in key_set
wait_for(20, lambda: store.load() != second_key)
third_key = store.load()
assert third_key != fx_master_key
assert third_key != second_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert third_key in key_set
p.terminate()
last_key = store.load()
time.sleep(10)
assert store.load() == last_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {last_key}
def test_periodical_renewal(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
p = PeriodicalRenewal(remote_set, store, datetime.timedelta(seconds=3))
assert store.load() == fx_master_key
for t, path, ev in fx_authorized_servers.values():
assert fx_master_key in authorized_key_set(path)
wait_for(20, lambda: store.load() != fx_master_key)
second_key = store.load()
assert second_key != fx_master_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert second_key in key_set
wait_for(20, lambda: store.load() != second_key)
third_key = store.load()
assert third_key != fx_master_key
assert third_key != second_key
for t, path, ev in fx_authorized_servers.values():
key_set = authorized_key_set(path)
assert third_key in key_set
p.terminate()
last_key = store.load()
time.sleep(10)
assert store.load() == last_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {last_key}
def test_fs_master_key_store_save(tmpdir):
path = tmpdir.join('id_rsa')
s = FileSystemMasterKeyStore(str(path))
with raises(EmptyStoreError):
s.load()
key = RSAKey.generate(1024)
s.save(key)
stored_key = s.load()
assert isinstance(stored_key, RSAKey)
assert stored_key.get_base64() == stored_key.get_base64()
def test_fs_master_key_store_save(tmpdir):
path = tmpdir.join('id_rsa')
s = FileSystemMasterKeyStore(str(path))
with raises(EmptyStoreError):
s.load()
key = RSAKey.generate(1024)
s.save(key)
stored_key = s.load()
assert isinstance(stored_key, RSAKey)
assert stored_key.get_base64() == stored_key.get_base64()
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir,
key_type: Type[PKey], bits: int):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store, key_type, bits)
assert new_key.get_bits() == bits or bits is None
assert isinstance(new_key, key_type)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir,
key_type: Type[PKey], bits: int):
remote_set = {
Remote('user', '127.0.0.1', port)
for port in fx_authorized_servers
}
store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa')))
store.save(fx_master_key)
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {fx_master_key}
new_key = renew_master_key(remote_set, store, key_type, bits)
assert new_key.get_bits() == bits or bits is None
assert isinstance(new_key, key_type)
assert new_key != fx_master_key
assert store.load() == new_key
for t, path, ev in fx_authorized_servers.values():
assert authorized_key_set(path) == {new_key}
