def test_parse_openssh_unsupported(): with raises(KeyTypeError): parse_openssh_pubkey( 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyN' 'TYAAABBBDs0y6X8UquYBtTvDjbK+RZIAWduMbfWfUmh2MRtWpo2ZqEyQiyeTRDJ/4' '1A5heiONtm7QhUJoBF5VBUjsxiIFk= dahlia@hongminhee-thinkpad-e435' )
def test_parse_openssh_unsupported(): with raises(KeyTypeError): parse_openssh_pubkey( 'ssh-unsupported ' 'AAAAC3NzaC1lZDI1NTE5AAAAIBtfC/x6Bm' 'h0Y2BHGSSdRyMBpX2m3C7Fw3qSNWrzK3GP ' 'key-type-error-test' )
def test_parse_openssh_pubkey_rsa(fx_id_rsa_pub): pkey = parse_openssh_pubkey('ssh-rsa ' + fx_id_rsa_pub) assert isinstance(pkey, RSAKey) assert pkey.get_name() == 'ssh-rsa' assert pkey.get_base64() == fx_id_rsa_pub pkey = parse_openssh_pubkey('ssh-rsa ' + fx_id_rsa_pub + ' comment') assert isinstance(pkey, RSAKey) assert pkey.get_name() == 'ssh-rsa' assert pkey.get_base64() == fx_id_rsa_pub
def test_authorized_keys_list_extend(fx_authorized_sftp): sftp_client, path, keys = fx_authorized_sftp key_list = AuthorizedKeyList(sftp_client) new_keys = [RSAKey.generate(1024) for _ in range(3)] key_list.extend(new_keys) with path.join('.ssh', 'authorized_keys').open() as f: for i in range(6): assert parse_openssh_pubkey(f.readline().strip()) == keys[i] for i in range(3): assert parse_openssh_pubkey(f.readline().strip()) == new_keys[i] assert not f.readline().strip()
def test_authorized_keys_list_insert(fx_authorized_sftp): sftp_client, path, keys = fx_authorized_sftp key_list = AuthorizedKeyList(sftp_client) new_key = RSAKey.generate(1024) key_list.insert(2, new_key) with path.join('.ssh', 'authorized_keys').open() as f: assert parse_openssh_pubkey(f.readline().strip()) == keys[0] assert parse_openssh_pubkey(f.readline().strip()) == keys[1] assert parse_openssh_pubkey(f.readline().strip()) == new_key for i in range(2, 6): assert parse_openssh_pubkey(f.readline().strip()) == keys[i] assert not f.readline().strip()
def test_parse_openssh_pubkey_ecdsa(): id_ecdsa_pub = ('AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAA' 'ABBBDs0y6X8UquYBtTvDjbK+RZIAWduMbfWfUmh2MRtWpo2Zq' 'EyQiyeTRDJ/41A5heiONtm7QhUJoBF5VBUjsxiIFk=') pkey = parse_openssh_pubkey('ecdsa-sha2-nistp256 ' + id_ecdsa_pub) assert isinstance(pkey, ECDSAKey) assert pkey.get_name() == 'ecdsa-sha2-nistp256' assert pkey.get_base64() == id_ecdsa_pub pkey = parse_openssh_pubkey('ecdsa-sha2-nistp256 ' + id_ecdsa_pub + ' cmt') assert isinstance(pkey, ECDSAKey) assert pkey.get_name() == 'ecdsa-sha2-nistp256' assert pkey.get_base64() == id_ecdsa_pub
def test_parse_openssh_pubkey_ecdsa(): id_ecdsa_pub = ( 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAA' 'ABBBDs0y6X8UquYBtTvDjbK+RZIAWduMbfWfUmh2MRtWpo2Zq' 'EyQiyeTRDJ/41A5heiONtm7QhUJoBF5VBUjsxiIFk=' ) pkey = parse_openssh_pubkey('ecdsa-sha2-nistp256 ' + id_ecdsa_pub) assert isinstance(pkey, ECDSAKey) assert pkey.get_name() == 'ecdsa-sha2-nistp256' assert pkey.get_base64() == id_ecdsa_pub pkey = parse_openssh_pubkey('ecdsa-sha2-nistp256 ' + id_ecdsa_pub + ' cmt') assert isinstance(pkey, ECDSAKey) assert pkey.get_name() == 'ecdsa-sha2-nistp256' assert pkey.get_base64() == id_ecdsa_pub
def test_master_key(fx_app, fx_master_key, fx_authorized_identity, fx_token_id): with fx_app.test_client() as c: response = c.get(get_url('master_key', token_id=fx_token_id)) assert response.status_code == 200 assert response.mimetype == 'text/plain' assert parse_openssh_pubkey(response.data.decode()) == fx_master_key
def test_get_key_fingerprint(fx_id_rsa_pub): pkey = parse_openssh_pubkey('ssh-rsa ' + fx_id_rsa_pub) assert (get_key_fingerprint(pkey) == 'f5:6e:03:1c:cd:2c:84:64:d7:94:18:8b:79:60:11:df') assert (get_key_fingerprint(pkey, '-') == 'f5-6e-03-1c-cd-2c-84-64-d7-94-18-8b-79-60-11-df') assert get_key_fingerprint(pkey, '') == 'f56e031ccd2c8464d794188b796011df'
def test_parse_openssh_pubkey_ed25519(): id_ed25519_pub = ('AAAAC3NzaC1lZDI1NTE5AAAAIBtfC/x6Bm' 'h0Y2BHGSSdRyMBpX2m3C7Fw3qSNWrzK3GP') pkey = parse_openssh_pubkey('ssh-ed25519 ' + id_ed25519_pub) assert isinstance(pkey, Ed25519Key) assert pkey.get_name() == 'ssh-ed25519' assert pkey.get_base64() == id_ed25519_pub
def test_public_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): key = RSAKey.generate(1024) fx_key_store.register(fx_authorized_identity, key) with fx_app.test_client() as client: response = client.get( get_url( 'public_key', token_id=fx_token_id, fingerprint=key.get_fingerprint() ) ) assert response.status_code == 200 assert response.mimetype == 'text/plain' assert parse_openssh_pubkey(response.data.decode()) == key with fx_app.test_client() as client: response = client.get( get_url( 'public_key', token_id=fx_token_id, fingerprint=os.urandom(16) ) ) assert response.status_code == 404 assert response.mimetype == 'application/json' error = json.loads(response.data.decode('utf-8')) assert error['error'] == 'not-found'
def test_get_key_fingerprint(fx_id_rsa_pub): pkey = parse_openssh_pubkey('ssh-rsa ' + fx_id_rsa_pub) assert (get_key_fingerprint(pkey) == 'f5:6e:03:1c:cd:2c:84:64:d7:94:18:8b:79:60:11:df') assert (get_key_fingerprint( pkey, '-') == 'f5-6e-03-1c-cd-2c-84-64-d7-94-18-8b-79-60-11-df') assert get_key_fingerprint(pkey, '') == 'f56e031ccd2c8464d794188b796011df'
def get_key_pair(self, name): try: key_material = self.key_pairs[name] except KeyError: raise KeyPairDoesNotExistError(name, self) return KeyPair(name, key_material, get_key_fingerprint(parse_openssh_pubkey(key_material)), self)
def test_cloud_master_public_key_store(): driver = KeyPairSupportedDummyNodeDriver("") actual_store = MemoryMasterKeyStore() store = CloudMasterPublicKeyStore(driver, "geofront-masterkey", actual_store) for _ in range(2): master_key = RSAKey.generate(1024) store.save(master_key) assert actual_store.load() == store.load() == master_key assert parse_openssh_pubkey(driver.get_key_pair("geofront-masterkey").public_key) == master_key
def test_parse_openssh_pubkey_dsa(): id_dsa_pub = ( 'AAAAB3NzaC1kc3MAAACBALTeFi9rlCkORWTj2sznDx2p/nUDFGZY0j9ynIioho0vlNfgj' '4U9/3SCq4JjhXhH7OB6h0NyUSNEVe9bbe7mHFTpQWwy1bmXEBaJALv1IqIBme1ZJcdUbe' 'ZM3PCLmbPTE7sjgUwk98hT3TI8CI5hLkJmsV1nFckEONgIG9IPjnmnAAAAFQCb72U4lNY' '2DsZ+e2TaxTtT8i996QAAAIEAlO7/8Vypf5bgAkeHGJ15cfiuR1X/gkSUj+sAhJYJ7pyB' 'h7vnJbBPztgxVvuHxELFcCufFyps7sibUq4MifqBPrVwLiK4PiNNcK8M2hjDJmWrqo/Bw' 'LRXkc1LWWxLr/PCBVeqAe2OTFEtu4ZLaqlex+WI2Ezgn4pItAH9lIACBlcAAACAa5GI36' 'nWqU89z07Pdh7q8gZHR9KXHMS3T6dGxkOhLb+XSATV14+udjqtrULs552d+d7Pdq+0KBm' '+6lC/YRn6ETsJ2AJzWxlG+sJ/eTFEWw9Q2uTWOBRbAqL2VJG5DG+K+lhgRRNNKHMtUF1j' '1MeJb71HT7amaOcE+dNEgKS0xi4=') pkey = parse_openssh_pubkey('ssh-dss ' + id_dsa_pub) assert isinstance(pkey, DSSKey) assert pkey.get_name() == 'ssh-dss' assert pkey.get_base64() == id_dsa_pub pkey = parse_openssh_pubkey('ssh-dss ' + id_dsa_pub + ' comment') assert isinstance(pkey, DSSKey) assert pkey.get_name() == 'ssh-dss' assert pkey.get_base64() == id_dsa_pub
def test_authorized_keys_list_delitem(fx_authorized_sftp): sftp_client, path, keys = fx_authorized_sftp key_list = AuthorizedKeyList(sftp_client) # Slice deletion del key_list[3:] with path.join('.ssh', 'authorized_keys').open() as f: for i in range(3): assert parse_openssh_pubkey(f.readline().strip()) == keys[i] assert not f.readline().strip() # Positive index del key_list[2] with path.join('.ssh', 'authorized_keys').open() as f: assert parse_openssh_pubkey(f.readline().strip()) == keys[0] assert parse_openssh_pubkey(f.readline().strip()) == keys[1] assert not f.readline().strip() # Negative index del key_list[-1] with path.join('.ssh', 'authorized_keys').open() as f: assert parse_openssh_pubkey(f.readline().strip()) == keys[0] assert not f.readline().strip()
def test_cloud_master_public_key_store(): driver = KeyPairSupportedDummyNodeDriver('') actual_store = MemoryMasterKeyStore() store = CloudMasterPublicKeyStore(driver, 'geofront-masterkey', actual_store) for _ in range(2): master_key = RSAKey.generate(1024) store.save(master_key) assert actual_store.load() == store.load() == master_key assert parse_openssh_pubkey( driver.get_key_pair('geofront-masterkey').public_key) == master_key
def test_parse_openssh_pubkey_dsa(): id_dsa_pub = ( 'AAAAB3NzaC1kc3MAAACBALTeFi9rlCkORWTj2sznDx2p/nUDFGZY0j9ynIioho0vlNfgj' '4U9/3SCq4JjhXhH7OB6h0NyUSNEVe9bbe7mHFTpQWwy1bmXEBaJALv1IqIBme1ZJcdUbe' 'ZM3PCLmbPTE7sjgUwk98hT3TI8CI5hLkJmsV1nFckEONgIG9IPjnmnAAAAFQCb72U4lNY' '2DsZ+e2TaxTtT8i996QAAAIEAlO7/8Vypf5bgAkeHGJ15cfiuR1X/gkSUj+sAhJYJ7pyB' 'h7vnJbBPztgxVvuHxELFcCufFyps7sibUq4MifqBPrVwLiK4PiNNcK8M2hjDJmWrqo/Bw' 'LRXkc1LWWxLr/PCBVeqAe2OTFEtu4ZLaqlex+WI2Ezgn4pItAH9lIACBlcAAACAa5GI36' 'nWqU89z07Pdh7q8gZHR9KXHMS3T6dGxkOhLb+XSATV14+udjqtrULs552d+d7Pdq+0KBm' '+6lC/YRn6ETsJ2AJzWxlG+sJ/eTFEWw9Q2uTWOBRbAqL2VJG5DG+K+lhgRRNNKHMtUF1j' '1MeJb71HT7amaOcE+dNEgKS0xi4=' ) pkey = parse_openssh_pubkey('ssh-dss ' + id_dsa_pub) assert isinstance(pkey, DSSKey) assert pkey.get_name() == 'ssh-dss' assert pkey.get_base64() == id_dsa_pub pkey = parse_openssh_pubkey('ssh-dss ' + id_dsa_pub + ' comment') assert isinstance(pkey, DSSKey) assert pkey.get_name() == 'ssh-dss' assert pkey.get_base64() == id_dsa_pub
def test_add_public_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): pkey = RSAKey.generate(1024) with fx_app.test_client() as c: response = c.post(get_url('add_public_key', token_id=fx_token_id), content_type='text/plain', data=format_openssh_pubkey(pkey).encode()) assert response.status_code == 201 key_data = response.get_data() assert parse_openssh_pubkey(key_data.decode()) == pkey assert pkey in fx_key_store.list_keys(fx_authorized_identity) r = c.get(response.location) assert r.get_data() == key_data
def test_list_public_keys(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): with fx_app.test_client() as c: response = c.get(get_url("list_public_keys", token_id=fx_token_id)) assert response.status_code == 200 assert response.mimetype == "application/json" assert response.data == b"{}" key = RSAKey.generate(1024) fx_key_store.register(fx_authorized_identity, key) with fx_app.test_client() as c: response = c.get(get_url("list_public_keys", token_id=fx_token_id)) assert response.status_code == 200 assert response.mimetype == "application/json" data = {f: parse_openssh_pubkey(k) for f, k in json.loads(response.data).items()} assert data == {get_key_fingerprint(key): key}
def test_add_public_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): pkey = RSAKey.generate(1024) with fx_app.test_client() as c: response = c.post( get_url("add_public_key", token_id=fx_token_id), content_type="text/plain", data=format_openssh_pubkey(pkey).encode(), ) assert response.status_code == 201 key_data = response.data assert parse_openssh_pubkey(key_data.decode()) == pkey assert pkey in fx_key_store.list_keys(fx_authorized_identity) r = c.get(response.location) assert r.data == key_data
def test_list_public_keys(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): with fx_app.test_client() as c: response = c.get(get_url('list_public_keys', token_id=fx_token_id)) assert response.status_code == 200 assert response.mimetype == 'application/json' assert response.get_data() == b'{}' key = RSAKey.generate(1024) fx_key_store.register(fx_authorized_identity, key) with fx_app.test_client() as c: response = c.get(get_url('list_public_keys', token_id=fx_token_id)) assert response.status_code == 200 assert response.mimetype == 'application/json' data = { f: parse_openssh_pubkey(k) for f, k in json.loads(response.get_data()).items() } assert data == {get_key_fingerprint(key): key}
def test_public_key(fx_app, fx_key_store, fx_authorized_identity, fx_token_id): key = RSAKey.generate(1024) fx_key_store.register(fx_authorized_identity, key) with fx_app.test_client() as client: response = client.get( get_url('public_key', token_id=fx_token_id, fingerprint=key.get_fingerprint())) assert response.status_code == 200 assert response.mimetype == 'text/plain' assert parse_openssh_pubkey(response.get_data(as_text=True)) == key with fx_app.test_client() as client: response = client.get( get_url('public_key', token_id=fx_token_id, fingerprint=os.urandom(16))) assert response.status_code == 404 assert response.mimetype == 'application/json' error = json.loads(response.get_data(as_text=True)) assert error['error'] == 'not-found'
def test_authorize(fx_sftpd): port, (thread, path, ev) = fx_sftpd.popitem() thread.start() master_key = RSAKey.generate(1024) public_keys = {RSAKey.generate(1024), RSAKey.generate(1024)} authorized_keys_path = path.mkdir('.ssh').join('authorized_keys') with authorized_keys_path.open('w') as f: print(format_openssh_pubkey(master_key), file=f) expires_at = authorize(public_keys, master_key, Remote('user', '127.0.0.1', port), timeout=datetime.timedelta(seconds=5)) with authorized_keys_path.open() as f: saved_keys = frozenset(parse_openssh_pubkey(l) for l in f if l.strip()) assert saved_keys == (public_keys | {master_key}) while datetime.datetime.now(datetime.timezone.utc) <= expires_at: time.sleep(1) time.sleep(1) with authorized_keys_path.open() as f: saved_keys = map(parse_openssh_pubkey, f) assert frozenset(saved_keys) == {master_key}
def test_authorize(fx_sftpd): port, (thread, path, ev) = fx_sftpd.popitem() thread.start() master_key = RSAKey.generate(1024) public_keys = {RSAKey.generate(1024), RSAKey.generate(1024)} authorized_keys_path = path.mkdir('.ssh').join('authorized_keys') with authorized_keys_path.open('w') as f: print(format_openssh_pubkey(master_key), file=f) expires_at = authorize( public_keys, master_key, Remote('user', '127.0.0.1', port), timeout=datetime.timedelta(seconds=5) ) with authorized_keys_path.open() as f: saved_keys = frozenset(parse_openssh_pubkey(l) for l in f if l.strip()) assert saved_keys == (public_keys | {master_key}) while datetime.datetime.now(datetime.timezone.utc) <= expires_at: time.sleep(1) time.sleep(1) with authorized_keys_path.open() as f: saved_keys = map(parse_openssh_pubkey, f) assert frozenset(saved_keys) == {master_key}
def test_authorized_keys_list_setitem(fx_authorized_sftp): sftp_client, path, keys = fx_authorized_sftp key_list = AuthorizedKeyList(sftp_client) # Slice assignment key_list[3:] = [] with path.join('.ssh', 'authorized_keys').open() as f: for i in range(3): assert parse_openssh_pubkey(get_next_line(f)) == keys[i] assert not get_next_line(f) # Positive index key_list[2] = keys[3] with path.join('.ssh', 'authorized_keys').open() as f: assert parse_openssh_pubkey(get_next_line(f)) == keys[0] assert parse_openssh_pubkey(get_next_line(f)) == keys[1] assert parse_openssh_pubkey(get_next_line(f)) == keys[3] assert not get_next_line(f) # Negative index key_list[-1] = keys[4] with path.join('.ssh', 'authorized_keys').open() as f: assert parse_openssh_pubkey(get_next_line(f)) == keys[0] assert parse_openssh_pubkey(get_next_line(f)) == keys[1] assert parse_openssh_pubkey(get_next_line(f)) == keys[4] assert not get_next_line(f)
def authorized_keys(self): list_file = os.path.join(self.path, '.ssh', 'authorized_keys') with open(list_file) as f: for line in f.readlines(): yield parse_openssh_pubkey(line.strip())
def test_format_openssh_pubkey(): rsakey = RSAKey.generate(1024) assert parse_openssh_pubkey(format_openssh_pubkey(rsakey)) == rsakey dsskey = DSSKey.generate(1024) assert parse_openssh_pubkey(format_openssh_pubkey(dsskey)) == dsskey
def authorized_key_set(path): dotssh = path.join('.ssh') if not dotssh.isdir(): dotssh = path.mkdir('.ssh') with dotssh.join('authorized_keys').open() as f: return {parse_openssh_pubkey(line.strip()) for line in f}
def test_parse_openssh_unsupported(): with raises(KeyTypeError): parse_openssh_pubkey('ssh-unsupported ' 'AAAAC3NzaC1lZDI1NTE5AAAAIBtfC/x6Bm' 'h0Y2BHGSSdRyMBpX2m3C7Fw3qSNWrzK3GP ' 'key-type-error-test')
def test_parse_openssh_unsupported(): with raises(KeyTypeError): parse_openssh_pubkey( 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMI9M959cz5sY823QX8W0oBRZuMe' '4QYclVQPIDRfETh [email protected]')
def test_parse_openssh_unsupported(): with raises(KeyTypeError): parse_openssh_pubkey( 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMI9M959cz5sY823QX8W0oBRZuMe' '4QYclVQPIDRfETh [email protected]' )