def test_failure_getting_authorized_keys(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(_):
raise _DummyException()
self.keydb = _KeyDB(fail)
self.checker = SSHPublicKeyChecker(self.keydb)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def test_failure_getting_authorized_keys(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(_):
raise _DummyException()
self.keydb = _KeyDB(fail)
self.checker = SSHPublicKeyChecker(self.keydb)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def makeService(self, options):
"""
Construct a TCPServer from a factory defined in myproject.
"""
_portal = portal.Portal(
essftp.EssFTPRealm(essftp.FilePath(options['root']).path),
options.get('credCheckers',
[SSHPublicKeyChecker(UNIXAuthorizedKeysFiles())]))
if options['keyDirectory']:
factory = OpenSSHFactory()
factory.portal = _portal
factory.dataRoot = options['keyDirectory']
factory.moduliRoot = options['moduli']
else:
factory = ConchFactory(_portal)
return internet.TCPServer(int(options["port"]), factory)
def setUp(self):
self.credentials = SSHPrivateKey(
'alice', 'ssh-rsa', publicRSA_openssh, 'foo',
Key.fromString(privateRSA_openssh).sign('foo'))
self.keydb = _KeyDB(lambda _: [Key.fromString(publicRSA_openssh)])
self.checker = SSHPublicKeyChecker(self.keydb)
class SSHPublicKeyCheckerTestCase(TestCase):
"""
Tests for L{SSHPublicKeyChecker}
"""
def setUp(self):
self.credentials = SSHPrivateKey(
'alice', 'ssh-rsa', publicRSA_openssh, 'foo',
Key.fromString(privateRSA_openssh).sign('foo'))
self.keydb = _KeyDB(lambda _: [Key.fromString(publicRSA_openssh)])
self.checker = SSHPublicKeyChecker(self.keydb)
def test_credentials_without_signature(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
do not have a signature fails with L{ValidPublicKey}
"""
self.credentials.signature = None
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
ValidPublicKey)
def test_credentials_with_bad_key(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
have a bad key fails with L{BadKeyError}
"""
self.credentials.blob = ''
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
BadKeyError)
def test_failure_getting_authorized_keys(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(_):
raise _DummyException()
self.keydb = _KeyDB(fail)
self.checker = SSHPublicKeyChecker(self.keydb)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def test_credentials_no_matching_key(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match
the credentials, L{SSHPublicKeyChecker.requestAvatarId} fails with
L{UnauthorizedLogin}
"""
self.credentials.blob = publicDSA_openssh
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
def test_credentials_invalid_signature(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
are incorrectly signed fails with L{UnauthorizedLogin}
"""
self.credentials.signature = (
Key.fromString(privateDSA_openssh).sign('foo'))
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
def test_failure_verifying_key(self):
"""
If L{Key.verify} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(*args, **kwargs):
raise _DummyException()
self.patch(Key, 'verify', fail)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def test_username_returned_on_success(self):
"""
L{SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with
the username
"""
d = self.checker.requestAvatarId(self.credentials)
self.assertEqual('alice', self.successResultOf(d))
def setUp(self):
self.credentials = SSHPrivateKey(
'alice', 'ssh-rsa', publicRSA_openssh, 'foo',
Key.fromString(privateRSA_openssh).sign('foo'))
self.keydb = _KeyDB(lambda _: [Key.fromString(publicRSA_openssh)])
self.checker = SSHPublicKeyChecker(self.keydb)
class SSHPublicKeyCheckerTestCase(TestCase):
"""
Tests for L{SSHPublicKeyChecker}
"""
def setUp(self):
self.credentials = SSHPrivateKey(
'alice', 'ssh-rsa', publicRSA_openssh, 'foo',
Key.fromString(privateRSA_openssh).sign('foo'))
self.keydb = _KeyDB(lambda _: [Key.fromString(publicRSA_openssh)])
self.checker = SSHPublicKeyChecker(self.keydb)
def test_credentials_without_signature(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
do not have a signature fails with L{ValidPublicKey}
"""
self.credentials.signature = None
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
ValidPublicKey)
def test_credentials_with_bad_key(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
have a bad key fails with L{BadKeyError}
"""
self.credentials.blob = ''
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
BadKeyError)
def test_failure_getting_authorized_keys(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(_):
raise _DummyException()
self.keydb = _KeyDB(fail)
self.checker = SSHPublicKeyChecker(self.keydb)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def test_credentials_no_matching_key(self):
"""
If L{IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match
the credentials, L{SSHPublicKeyChecker.requestAvatarId} fails with
L{UnauthorizedLogin}
"""
self.credentials.blob = publicDSA_openssh
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
def test_credentials_invalid_signature(self):
"""
Calling L{SSHPublicKeyChecker.requestAvatarId} with credentials that
are incorrectly signed fails with L{UnauthorizedLogin}
"""
self.credentials.signature = (
Key.fromString(privateDSA_openssh).sign('foo'))
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
def test_failure_verifying_key(self):
"""
If L{Key.verify} raises an exception,
L{SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}
"""
def fail(*args, **kwargs):
raise _DummyException()
self.patch(Key, 'verify', fail)
self.failureResultOf(self.checker.requestAvatarId(self.credentials),
UnauthorizedLogin)
self.flushLoggedErrors(_DummyException)
def test_username_returned_on_success(self):
"""
L{SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with
the username
"""
d = self.checker.requestAvatarId(self.credentials)
self.assertEqual('alice', self.successResultOf(d))