def test_mismatched_keypair():
result = False
try:
tmpdir = mkdtemp()
keyfilename = os.path.join(tmpdir, "id_rsa")
pair1 = OpensshKeypair.generate()
pair2 = OpensshKeypair.generate()
with open(keyfilename, "w+b") as keyfile:
keyfile.write(pair1.private_key)
with open(keyfilename + '.pub', "w+b") as pubkeyfile:
pubkeyfile.write(pair2.public_key)
OpensshKeypair.load(path=keyfilename)
except InvalidPublicKeyFileError:
result = True
finally:
if os.path.exists(keyfilename):
remove(keyfilename)
if os.path.exists(keyfilename + '.pub'):
remove(keyfilename + '.pub')
if os.path.exists(tmpdir):
rmdir(tmpdir)
assert result
def test_valid_passphrase_update():
result = False
passphrase = "change_me".encode('UTF-8')
try:
tmpdir = mkdtemp()
keyfilename = os.path.join(tmpdir, "id_rsa")
pair1 = OpensshKeypair.generate()
pair1.update_passphrase(passphrase)
with open(keyfilename, "w+b") as keyfile:
keyfile.write(pair1.private_key)
with open(keyfilename + '.pub', "w+b") as pubkeyfile:
pubkeyfile.write(pair1.public_key)
pair2 = OpensshKeypair.load(path=keyfilename, passphrase=passphrase)
if pair1 == pair2:
result = True
finally:
if os.path.exists(keyfilename):
remove(keyfilename)
if os.path.exists(keyfilename + '.pub'):
remove(keyfilename + '.pub')
if os.path.exists(tmpdir):
rmdir(tmpdir)
assert result
def test_default_key_params(keytype, size, passphrase, comment):
result = True
default_sizes = {
'rsa': 2048,
'dsa': 1024,
'ecdsa': 256,
'ed25519': 256,
}
default_comment = "%s@%s" % (getuser(), gethostname())
pair = OpensshKeypair.generate(keytype=keytype,
size=size,
passphrase=passphrase,
comment=comment)
try:
pair = OpensshKeypair.generate(keytype=keytype,
size=size,
passphrase=passphrase,
comment=comment)
if pair.size != default_sizes[
pair.key_type] or pair.comment != default_comment:
result = False
except Exception as e:
print(e)
result = False
assert result
def _check_pass_protected_or_broken_key(self):
try:
OpensshKeypair.load(
path=self.path,
passphrase=self.passphrase,
no_public_key=True,
)
except (InvalidPrivateKeyFileError, InvalidPassphraseError):
return True
# Cryptography >= 3.0 uses a SSH key loader which does not raise an exception when a passphrase is provided
# when loading an unencrypted key
if self.passphrase:
try:
OpensshKeypair.load(
path=self.path,
passphrase=None,
no_public_key=True,
)
except (InvalidPrivateKeyFileError, InvalidPassphraseError):
return False
else:
return True
return False
def test_invalid_key_sizes(keytype, size, passphrase, comment):
result = False
try:
OpensshKeypair.generate(keytype=keytype,
size=size,
passphrase=passphrase,
comment=comment)
except InvalidKeySizeError:
result = True
except Exception as e:
print(e)
pass
assert result
def test_invalid_user_key_params(keytype, size, passphrase, comment):
result = False
try:
OpensshKeypair.generate(keytype=keytype,
size=size,
passphrase=passphrase,
comment=comment)
except (InvalidCommentError, InvalidKeyTypeError, InvalidPassphraseError):
result = True
except Exception as e:
print(e)
pass
assert result
def _generate_keypair(self):
keypair = OpensshKeypair.generate(
keytype=self.type,
size=self.size,
passphrase=self.passphrase,
comment=self.comment if self.comment else "",
)
with open(self.path, 'w+b') as f:
f.write(
OpensshKeypair.encode_openssh_privatekey(
keypair.asymmetric_keypair, self.private_key_format))
# ssh-keygen defaults private key permissions to 0600 octal
os.chmod(self.path, stat.S_IWUSR + stat.S_IRUSR)
with open(self.path + '.pub', 'w+b') as f:
f.write(keypair.public_key)
# ssh-keygen defaults public key permissions to 0644 octal
os.chmod(self.path + ".pub",
stat.S_IWUSR + stat.S_IRUSR + stat.S_IRGRP + stat.S_IROTH)
def test_invalid_passphrase_update():
result = False
passphrase = [1, 2, 3]
pair = OpensshKeypair.generate()
try:
pair.update_passphrase(passphrase)
except InvalidPassphraseError:
result = True
assert result
def test_invalid_comment_update():
result = False
pair = OpensshKeypair.generate()
new_comment = [1, 2, 3]
try:
pair.comment = new_comment
except InvalidCommentError:
result = True
assert result
def test_valid_comment_update():
pair = OpensshKeypair.generate()
new_comment = "comment"
try:
pair.comment = new_comment
except Exception as e:
print(e)
pass
assert pair.comment == new_comment and pair.public_key.split(
b' ', 2)[2].decode() == new_comment
def test_valid_user_key_params(keytype, size, passphrase, comment):
result = True
try:
pair = OpensshKeypair.generate(keytype=keytype,
size=size,
passphrase=passphrase,
comment=comment)
if pair.key_type != keytype or pair.size != size or pair.comment != comment:
result = False
except Exception as e:
print(e)
result = False
assert result
def test_keypair_comparison():
assert OpensshKeypair.generate() != OpensshKeypair.generate()
assert OpensshKeypair.generate() != OpensshKeypair.generate(keytype='dsa')
assert OpensshKeypair.generate() != OpensshKeypair.generate(
keytype='ed25519')
assert OpensshKeypair.generate(
keytype='ed25519') != OpensshKeypair.generate(keytype='ed25519')
try:
tmpdir = mkdtemp()
keys = {
'rsa': {
'pair': OpensshKeypair.generate(),
'filename': os.path.join(tmpdir, "id_rsa"),
},
'dsa': {
'pair':
OpensshKeypair.generate(
keytype='dsa', passphrase='change_me'.encode('UTF-8')),
'filename':
os.path.join(tmpdir, "id_dsa"),
},
'ed25519': {
'pair': OpensshKeypair.generate(keytype='ed25519'),
'filename': os.path.join(tmpdir, "id_ed25519"),
}
}
for v in keys.values():
with open(v['filename'], "w+b") as keyfile:
keyfile.write(v['pair'].private_key)
with open(v['filename'] + '.pub', "w+b") as pubkeyfile:
pubkeyfile.write(v['pair'].public_key)
assert keys['rsa']['pair'] == OpensshKeypair.load(
path=keys['rsa']['filename'])
loaded_dsa_key = OpensshKeypair.load(
path=keys['dsa']['filename'],
passphrase='change_me'.encode('UTF-8'))
assert keys['dsa']['pair'] == loaded_dsa_key
loaded_dsa_key.update_passphrase('change_me_again'.encode('UTF-8'))
assert keys['dsa']['pair'] != loaded_dsa_key
loaded_dsa_key.update_passphrase('change_me'.encode('UTF-8'))
assert keys['dsa']['pair'] == loaded_dsa_key
loaded_dsa_key.comment = "comment"
assert keys['dsa']['pair'] != loaded_dsa_key
assert keys['ed25519']['pair'] == OpensshKeypair.load(
path=keys['ed25519']['filename'])
finally:
for v in keys.values():
if os.path.exists(v['filename']):
remove(v['filename'])
if os.path.exists(v['filename'] + '.pub'):
remove(v['filename'] + '.pub')
if os.path.exists(tmpdir):
rmdir(tmpdir)
assert OpensshKeypair.generate() != []
def _load_privatekey(self):
return OpensshKeypair.load(path=self.path,
passphrase=self.passphrase,
no_public_key=True)