def test_invalid_rsa_key(): invalid_key = TEST_SSH_KEY_DATA.replace('-----END', '----END') with pytest.raises(ValidationError): validate_private_key(invalid_key) with pytest.raises(ValidationError): validate_certificate(invalid_key) with pytest.raises(ValidationError): validate_ssh_private_key(invalid_key)
def test_valid_rsa1_key(): valid_key = TEST_SSH_RSA1_KEY_DATA pem_objects = validate_ssh_private_key(valid_key) assert pem_objects[0]['key_type'] == 'rsa1' assert not pem_objects[0]['key_enc'] with pytest.raises(ValidationError): validate_certificate(valid_key) pem_objects = validate_ssh_private_key(valid_key) assert pem_objects[0]['key_type'] == 'rsa1' assert not pem_objects[0]['key_enc']
def test_invalid_keys(): invalid_keys = [ "---BEGIN FOO -----foobar-----END FOO----", "-----BEGIN FOO---foobar-----END FOO----", "-----BEGIN FOO-----foobar---END FOO----", "----- BEGIN FOO ----- foobar ----- FAIL FOO ----", "----- FAIL FOO ----- foobar ----- END FOO ----", "----BEGIN FOO----foobar----END BAR----", ] for invalid_key in invalid_keys: with pytest.raises(ValidationError): validate_private_key(invalid_key) with pytest.raises(ValidationError): validate_certificate(invalid_key) with pytest.raises(ValidationError): validate_ssh_private_key(invalid_key)
def format_ssh_private_key(value): # Sanity check: GCE, in particular, provides JSON-encoded private # keys, which developers will be tempted to copy and paste rather # than JSON decode. # # These end in a unicode-encoded final character that gets double # escaped due to being in a Python 2 bytestring, and that causes # Python's key parsing to barf. Detect this issue and correct it. if not value or value == '$encrypted$': return True if r'\u003d' in value: value = value.replace(r'\u003d', '=') try: validate_ssh_private_key(value) except django_exceptions.ValidationError as e: raise jsonschema.exceptions.FormatError(e.message) return True
def test_cert_with_key(): cert_with_key = TEST_SSH_CERT_KEY with pytest.raises(ValidationError): validate_private_key(cert_with_key) with pytest.raises(ValidationError): validate_certificate(cert_with_key) pem_objects = validate_ssh_private_key(cert_with_key) assert pem_objects[0]['type'] == 'CERTIFICATE' assert pem_objects[1]['key_type'] == 'rsa' assert not pem_objects[1]['key_enc']
def test_valid_locked_openssh_key(): valid_key = TEST_OPENSSH_KEY_DATA_LOCKED pem_objects = validate_private_key(valid_key) assert pem_objects[0]['key_type'] == 'ed25519' assert pem_objects[0]['key_enc'] with pytest.raises(ValidationError): validate_certificate(valid_key) pem_objects = validate_ssh_private_key(valid_key) assert pem_objects[0]['key_type'] == 'ed25519' assert pem_objects[0]['key_enc']
def has_encrypted_ssh_key_data(self): if self.pk: ssh_key_data = decrypt_field(self, 'ssh_key_data') else: ssh_key_data = self.ssh_key_data try: pem_objects = validate_ssh_private_key(ssh_key_data) for pem_object in pem_objects: if pem_object.get('key_enc', False): return True except ValidationError: pass return False
def has_encrypted_ssh_key_data(self): try: ssh_key_data = self.get_input('ssh_key_data') except AttributeError: return False try: pem_objects = validate_ssh_private_key(ssh_key_data) for pem_object in pem_objects: if pem_object.get('key_enc', False): return True except ValidationError: pass return False