def test_certs_allowed_as_key_filename_values(self):
# NOTE: giving cert path here, not key path. (Key path test is below.
# They're similar except for which path is given; the expected auth and
# server-side behavior is 100% identical.)
# NOTE: only bothered whipping up one cert per overall class/family.
for type_ in ('rsa', 'dss', 'ecdsa_256', 'ed25519'):
if type_ == 'ed25519' and not Ed25519Key.is_supported():
continue
cert_name = 'test_{}.key-cert.pub'.format(type_)
cert_path = _support(os.path.join('cert_support', cert_name))
self._test_connection(
key_filename=cert_path,
public_blob=PublicBlob.from_file(cert_path),
)
def test_certs_implicitly_loaded_alongside_key_filename_keys(self):
# NOTE: a regular test_connection() w/ test_rsa.key would incidentally
# test this (because test_xxx.key-cert.pub exists) but incidental tests
# stink, so NullServer and friends were updated to allow assertions
# about the server-side key object's public blob. Thus, we can prove
# that a specific cert was found, along with regular authorization
# succeeding proving that the overall flow works.
for type_ in ('rsa', 'dss', 'ecdsa_256', 'ed25519'):
if type_ == 'ed25519' and not Ed25519Key.is_supported():
continue
key_name = 'test_{}.key'.format(type_)
key_path = _support(os.path.join('cert_support', key_name))
self._test_connection(
key_filename=key_path,
public_blob=PublicBlob.from_file(
'{}-cert.pub'.format(key_path)),
)