def test_ed25519(self):
key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key'))
key2 = Ed25519Key.from_private_key_file(
test_path('test_ed25519_password.key'), b'abc123'
)
self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_nonbytes_password(self):
# https://github.com/paramiko/paramiko/issues/1039
Ed25519Key.from_private_key_file(
_support("test_ed25519_password.key"),
# NOTE: not a bytes. Amusingly, the test above for same key DOES
# explicitly cast to bytes...code smell!
"abc123",
)
def test_ed25519(self):
key1 = Ed25519Key.from_private_key_file(_support('test_ed25519.key'))
self.assert_key_values(key1, 'ssh-ed25519', 256, PUB_ED25519,
FINGER_ED25519, FINGER_SHA256_ED25519)
key2 = Ed25519Key.from_private_key_file(
_support('test_ed25519_password.key'), b'abc123')
self.assertNotEqual(key1.asbytes(), key2.asbytes())
self.assertTrue(key1.can_sign())
self.assertTrue(key2.can_sign())
def test_certificates(self):
# NOTE: we also test 'live' use of cert auth for all key types in
# test_client.py; this and nearby cert tests are more about the gritty
# details.
# PKey.load_certificate
key_path = _support(os.path.join('cert_support', 'test_rsa.key'))
key = RSAKey.from_private_key_file(key_path)
self.assertTrue(key.public_blob is None)
cert_path = _support(
os.path.join('cert_support', 'test_rsa.key-cert.pub')
)
key.load_certificate(cert_path)
self.assertTrue(key.public_blob is not None)
self.assertEqual(key.public_blob.key_type, '*****@*****.**')
self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub')
# Delve into blob contents, for test purposes
msg = Message(key.public_blob.key_blob)
self.assertEqual(msg.get_text(), '*****@*****.**')
nonce = msg.get_string()
e = msg.get_mpint()
n = msg.get_mpint()
self.assertEqual(e, key.public_numbers.e)
self.assertEqual(n, key.public_numbers.n)
# Serial number
self.assertEqual(msg.get_int64(), 1234)
# Prevented from loading certificate that doesn't match
key_path = _support(os.path.join('cert_support', 'test_ed25519.key'))
key1 = Ed25519Key.from_private_key_file(key_path)
self.assertRaises(
ValueError,
key1.load_certificate,
_support('test_rsa.key-cert.pub'),
)
def test_certificates(self):
# PKey.load_certificate
key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
self.assertTrue(key.public_blob is None)
key.load_certificate(test_path('test_rsa.key-cert.pub'))
self.assertTrue(key.public_blob is not None)
self.assertEqual(key.public_blob.key_type, '*****@*****.**')
self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub')
# Delve into blob contents, for test purposes
msg = Message(key.public_blob.key_blob)
self.assertEqual(msg.get_text(), '*****@*****.**')
nonce = msg.get_string()
e = msg.get_mpint()
n = msg.get_mpint()
self.assertEqual(e, key.public_numbers.e)
self.assertEqual(n, key.public_numbers.n)
# Serial number
self.assertEqual(msg.get_int64(), 1234)
# Prevented from loading certificate that doesn't match
key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key'))
self.assertRaises(
ValueError,
key1.load_certificate,
test_path('test_rsa.key-cert.pub'),
)
def test_certificates(self):
# NOTE: we also test 'live' use of cert auth for all key types in
# test_client.py; this and nearby cert tests are more about the gritty
# details.
# PKey.load_certificate
key_path = _support(os.path.join("cert_support", "test_rsa.key"))
key = RSAKey.from_private_key_file(key_path)
self.assertTrue(key.public_blob is None)
cert_path = _support(
os.path.join("cert_support", "test_rsa.key-cert.pub"))
key.load_certificate(cert_path)
self.assertTrue(key.public_blob is not None)
self.assertEqual(key.public_blob.key_type,
"*****@*****.**")
self.assertEqual(key.public_blob.comment, "test_rsa.key.pub")
# Delve into blob contents, for test purposes
msg = Message(key.public_blob.key_blob)
self.assertEqual(msg.get_text(), "*****@*****.**")
msg.get_string()
e = msg.get_mpint()
n = msg.get_mpint()
self.assertEqual(e, key.public_numbers.e)
self.assertEqual(n, key.public_numbers.n)
# Serial number
self.assertEqual(msg.get_int64(), 1234)
# Prevented from loading certificate that doesn't match
key_path = _support(os.path.join("cert_support", "test_ed25519.key"))
key1 = Ed25519Key.from_private_key_file(key_path)
self.assertRaises(
ValueError,
key1.load_certificate,
_support("test_rsa.key-cert.pub"),
)
def test_ed25519_compare(self):
# verify that the private & public keys compare equal
key = Ed25519Key.from_private_key_file(test_path('test_ed25519.key'))
self.assertEqual(key, key)
pub = Ed25519Key(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def test_ed25519_nonbytes_password(self):
# https://github.com/paramiko/paramiko/issues/1039
key = Ed25519Key.from_private_key_file(
_support("test_ed25519_password.key"),
# NOTE: not a bytes. Amusingly, the test above for same key DOES
# explicitly cast to bytes...code smell!
"abc123",
)
def test_ed25519_compare(self):
# verify that the private & public keys compare equal
key = Ed25519Key.from_private_key_file(_support("test_ed25519.key"))
self.assertEqual(key, key)
pub = Ed25519Key(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def test_sign_ed25519(self):
private = Ed25519Key.from_private_key_file(
_support("test_ed25519.key"))
msg = private.sign_ssh_data(b"ice weasels")
msg.rewind()
self.assertEqual(msg.get_text(), "ssh-ed25519")
self.assertEqual(msg.get_binary(), base64.b64decode(SIGNED_ED25519))
msg.rewind()
pub = Ed25519Key(data=base64.b64decode(PUB_ED25519.split()[1]))
self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg))
def get_private_key(self):
"""Returns the private key.
If the key doesn't exist, None is returned.
Returns:
object -- The key.
"""
if self.private_key_exists:
if platform == "linux" or platform == "linux2" or platform == "darwin":
return RSAKey.from_private_key_file(Paths.private_key_file)
elif platform == "win32":
return Ed25519Key.from_private_key_file(Paths.private_key_file)
else:
return None
def test_ed25519_nonbytes_password(self):
key = Ed25519Key.from_private_key_file(
_support('test_ed25519_password.key'), 'abc123')
self.assert_key_values(key, 'ssh-ed25519', 256, None,
FINGER_ED25519_PASS, FINGER_SHA256_ED25519_PASS)
def test_ed25519(self):
key1 = Ed25519Key.from_private_key_file(_support("test_ed25519.key"))
key2 = Ed25519Key.from_private_key_file(
_support("test_ed25519_password.key"), b"abc123"
)
self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519(self):
key1 = Ed25519Key.from_private_key_file(_support("test_ed25519.key"))
key2 = Ed25519Key.from_private_key_file(
_support("test_ed25519_password.key"), b"abc123"
)
self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_nopad(self):
Ed25519Key.from_private_key_file(_support("test_ed25519_nopad.key"))
def test_ed25519_funky_padding_with_passphrase(self):
# Proves #1306 by just not exploding with 'Invalid key'.
Ed25519Key.from_private_key_file(
_support("test_ed25519-funky-padding_password.key"), b"asdf")
def test_ed25519_funky_padding(self):
# Proves #1306 by just not exploding with 'Invalid key'.
Ed25519Key.from_private_key_file(
_support("test_ed25519-funky-padding.key"))
def test_ed25519(self):
key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key'))
key2 = Ed25519Key.from_private_key_file(
test_path('test_ed25519_password.key'), b'abc123')
self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_nopad(self):
key = Ed25519Key.from_private_key_file(
_support("test_ed25519_nopad.key"))
self.assert_key_values(key, 'ssh-ed25519', 256, None,
FINGER_ED25519_NOPAD,
FINGER_SHA256_ED25519_NOPAD)