def test_3_simple(self):
"""
verify that we can establish an ssh link with ourselves across the
loopback sockets. this is hardly "simple" but it's simpler than the
later tests. :)
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.assertEquals(None, self.tc.get_username())
self.assertEquals(None, self.ts.get_username())
self.assertEquals(False, self.tc.is_authenticated())
self.assertEquals(False, self.ts.is_authenticated())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('slowdive', self.tc.get_username())
self.assertEquals('slowdive', self.ts.get_username())
self.assertEquals(True, self.tc.is_authenticated())
self.assertEquals(True, self.ts.is_authenticated())
def test_3_simple(self):
"""
verify that we can establish an ssh link with ourselves across the
loopback sockets. this is hardly "simple" but it's simpler than the
later tests. :)
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.assertEquals(None, self.tc.get_username())
self.assertEquals(None, self.ts.get_username())
self.assertEquals(False, self.tc.is_authenticated())
self.assertEquals(False, self.ts.is_authenticated())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('slowdive', self.tc.get_username())
self.assertEquals('slowdive', self.ts.get_username())
self.assertEquals(True, self.tc.is_authenticated())
self.assertEquals(True, self.ts.is_authenticated())
def test_6_compare_rsa(self):
# verify that the private & public keys compare equal
key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.assertEquals(key, key)
pub = RSAKey(data=str(key))
self.assert_(key.can_sign())
self.assert_(not pub.can_sign())
self.assertEquals(key, pub)
def get_public_rsa_fingerprint(pubkey_location):
try:
k = RSAKey.from_private_key_file(pubkey_location)
except ssh.SSHException:
raise exception.SSHError("Invalid RSA private key file: %s" %
pubkey_location)
md5digest = hashlib.md5(str(k)).hexdigest()
return insert_char_every_n_chars(md5digest, ':', 2)
def get_public_rsa_fingerprint(pubkey_location):
try:
k = RSAKey.from_private_key_file(pubkey_location)
except ssh.SSHException:
raise exception.SSHError("Invalid RSA private key file: %s" %
pubkey_location)
md5digest = hashlib.md5(str(k)).hexdigest()
return insert_char_every_n_chars(md5digest, ':', 2)
def test_3_load_rsa_password(self):
key = RSAKey.from_private_key_file("tests/test_rsa_password.key", b"television")
self.assertEquals(b"ssh-rsa", key.get_name())
exp_rsa = FINGER_RSA.split()[1].replace(b":", b"")
my_rsa = hexlify(key.get_fingerprint())
self.assertEquals(exp_rsa, my_rsa)
self.assertEquals(PUB_RSA.split()[1], key.get_base64())
self.assertEquals(1024, key.get_bits())
def test_6_compare_rsa(self):
# verify that the private & public keys compare equal
key = RSAKey.from_private_key_file("tests/test_rsa.key")
self.assertEquals(key, key)
pub = RSAKey(data=bytes(key))
self.assert_(key.can_sign())
self.assert_(not pub.can_sign())
self.assertEquals(key, pub)
def start_server(self):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
self.event = threading.Event()
self.server = NullServer()
self.assert_(not self.event.isSet())
self.ts.start_server(self.event, self.server)
def start_server(self):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
self.event = threading.Event()
self.server = NullServer()
self.assert_(not self.event.isSet())
self.ts.start_server(self.event, self.server)
def test_3_load_rsa_password(self):
key = RSAKey.from_private_key_file('tests/test_rsa_password.key',
'television')
self.assertEquals('ssh-rsa', key.get_name())
exp_rsa = FINGER_RSA.split()[1].replace(':', '')
my_rsa = hexlify(key.get_fingerprint())
self.assertEquals(exp_rsa, my_rsa)
self.assertEquals(PUB_RSA.split()[1], key.get_base64())
self.assertEquals(1024, key.get_bits())
def getIdentityKey(self):
keyfile = self.identityfile
if not os.path.exists(keyfile):
key = RSAKey.generate(1024)
key.write_private_key_file(keyfile)
else:
try:
key = DSAKey.from_private_key_file(keyfile)
except:
key = RSAKey.from_private_key_file(keyfile)
return keyfile, "ssh-rsa %s hostout@hostout" % key.get_base64()
def test_8_sign_rsa(self):
# verify that the rsa private key can sign and verify
key = RSAKey.from_private_key_file("tests/test_rsa.key")
msg = key.sign_ssh_data(rng, b"ice weasels")
self.assert_(type(msg) is Message)
msg.rewind()
self.assertEquals(b"ssh-rsa", msg.get_string())
sig = b"".join([chr(int(x, 16)).encode("latin-1") for x in SIGNED_RSA.split(b":")])
self.assertEquals(sig, msg.get_string())
msg.rewind()
pub = RSAKey(data=bytes(key))
self.assert_(pub.verify_ssh_sig(b"ice weasels", msg))
def getIdentityKey(self):
keyfile = os.path.abspath(os.path.join(self.getLocalBuildoutPath(),'hostout_rsa'))
keyfile = self.options.get('identity-file', keyfile)
if not os.path.exists(keyfile):
key = RSAKey.generate(1024)
key.write_private_key_file(keyfile)
else:
try:
key = DSAKey.from_private_key_file(keyfile)
except:
key = RSAKey.from_private_key_file(keyfile)
return keyfile, "ssh-rsa %s hostout@hostout" % key.get_base64()
def test_8_sign_rsa(self):
# verify that the rsa private key can sign and verify
key = RSAKey.from_private_key_file('tests/test_rsa.key')
msg = key.sign_ssh_data(rng, 'ice weasels')
self.assert_(type(msg) is Message)
msg.rewind()
self.assertEquals('ssh-rsa', msg.get_string())
sig = ''.join([chr(int(x, 16)) for x in SIGNED_RSA.split(':')])
self.assertEquals(sig, msg.get_string())
msg.rewind()
pub = RSAKey(data=str(key))
self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def test_2_load_rsa(self):
key = RSAKey.from_private_key_file("tests/test_rsa.key")
self.assertEquals(b"ssh-rsa", key.get_name())
exp_rsa = FINGER_RSA.split()[1].replace(b":", b"")
my_rsa = hexlify(key.get_fingerprint())
self.assertEquals(exp_rsa, my_rsa)
self.assertEquals(PUB_RSA.split()[1], key.get_base64())
self.assertEquals(1024, key.get_bits())
s = io.BytesIO()
key.write_private_key(s)
self.assertEquals(RSA_PRIVATE_OUT, s.getvalue())
s.seek(0)
key2 = RSAKey.from_private_key(s)
self.assertEquals(key, key2)
def test_2_load_rsa(self):
key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.assertEquals('ssh-rsa', key.get_name())
exp_rsa = FINGER_RSA.split()[1].replace(':', '')
my_rsa = hexlify(key.get_fingerprint())
self.assertEquals(exp_rsa, my_rsa)
self.assertEquals(PUB_RSA.split()[1], key.get_base64())
self.assertEquals(1024, key.get_bits())
s = StringIO.StringIO()
key.write_private_key(s)
self.assertEquals(RSA_PRIVATE_OUT, s.getvalue())
s.seek(0)
key2 = RSAKey.from_private_key(s)
self.assertEquals(key, key2)
def test_3a_long_banner(self):
"""
verify that a long banner doesn't mess up the handshake.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.socks.send(LONG_BANNER)
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_3a_long_banner(self):
"""
verify that a long banner doesn't mess up the handshake.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.socks.send(LONG_BANNER)
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def get_private_rsa_fingerprint(key_location):
"""
Returns the fingerprint of a private RSA key as a 59-character string (40
characters separated every 2 characters by a ':'). The fingerprint is
computed using a SHA1 digest of the DER encoded RSA private key.
"""
try:
k = RSAKey.from_private_key_file(key_location)
except ssh.SSHException:
raise exception.SSHError("Invalid RSA private key file: %s" %
key_location)
params = dict(invq=util.mod_inverse(k.q, k.p), dp=k.d % (k.p - 1),
dq=k.d % (k.q - 1), d=k.d, n=k.n, p=k.p, q=k.q, e=k.e)
assert len(params) == 8
# must convert from pkcs1 to pkcs8 and then DER encode
pkcs8der = export_rsa_to_pkcs8(params)
sha1digest = hashlib.sha1(pkcs8der).hexdigest()
return insert_char_every_n_chars(sha1digest, ':', 2)
def setup_test_server(self, client_options=None, server_options=None):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
if client_options is not None:
client_options(self.tc.get_security_options())
if server_options is not None:
server_options(self.ts.get_security_options())
event = threading.Event()
self.server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, self.server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def setup_test_server(self, client_options=None, server_options=None):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
if client_options is not None:
client_options(self.tc.get_security_options())
if server_options is not None:
server_options(self.ts.get_security_options())
event = threading.Event()
self.server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, self.server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def get_private_rsa_fingerprint(key_location):
"""
Returns the fingerprint of a private RSA key as a 59-character string (40
characters separated every 2 characters by a ':'). The fingerprint is
computed using a SHA1 digest of the DER encoded RSA private key.
"""
try:
k = RSAKey.from_private_key_file(key_location)
except ssh.SSHException:
raise exception.SSHError("Invalid RSA private key file: %s" %
key_location)
params = dict(invq=util.mod_inverse(k.q, k.p),
dp=k.d % (k.p - 1),
dq=k.d % (k.q - 1),
d=k.d,
n=k.n,
p=k.p,
q=k.q,
e=k.e)
assert len(params) == 8
# must convert from pkcs1 to pkcs8 and then DER encode
pkcs8der = export_rsa_to_pkcs8(params)
sha1digest = hashlib.sha1(pkcs8der).hexdigest()
return insert_char_every_n_chars(sha1digest, ':', 2)
