def get_key(self, username):
if username == 'noa':
return rsa.RSAPublicKey(s)
elif username == 'test':
return rsa.RSAPublicKey(t_pubkey)
else:
raise exceptions.CrtAuthError("Unknown username: %s" % username)
def get_key(self, username):
if "/" in username:
raise exceptions.CrtAuthError("Don't trick me into opening files "
"by having slash in username!")
fn = "%s/%s_id_rsa.pub" % (self.dir, username)
if not os.path.exists(fn):
raise exceptions.NoSuchUserException()
with open(fn, "r") as f:
return rsa.RSAPublicKey(f.read())
def __find_key(self, key_fingerprint):
write_field(self.sock, SSH2_AGENTC_REQUEST_IDENTITIES)
length, response_code, count = struct.unpack("!IBI", self.sock.recv(9))
assert response_code == SSH2_AGENT_IDENTITIES_ANSWER
resp = self.sock.recv(length - 5)
fields = rsa.read_fields(resp)
for i in xrange(count):
try:
key = rsa.RSAPublicKey(fields.next())
except exceptions.KeyError:
fields.next()
continue
fields.next() # ignore filename for key
if key.fingerprint() == key_fingerprint:
return key
def get_key(self, username):
"""
Returns a PubKey instance based on LDAP lookup. If group is specified
in the constructor, the user needs to be a member for the lookup to
succeed.
Throws NoSuchUserException, InsufficientPrivilegesException,
MissingKeyException when appropriate.
"""
user = filter.escape_filter_chars(username)
f = ("(|(&(uid=%s)(objectClass=posixAccount))"
"(&(memberUid=%s)(objectClass=posixGroup)))" % (user, user))
# We don't care about looking for a group if self.group is not set
group_dn = None
if self.group:
group_dn = "cn=%s,cn=groups,%s" % (self.group, self.base_dn)
result = dict(
self.conn.search_s(self.base_dn, ldap.SCOPE_SUBTREE, f,
['sshPublicKey']))
attributes = result.get("uid=%s,cn=users,%s" % (user, self.base_dn))
if attributes is None:
raise exceptions.NoSuchUserException("User '%s' not found" % user)
key_list = attributes.get("sshPublicKey")
if key_list is None:
raise exceptions.MissingKeyException("User '%s' does not have "
"her key in LDAP" % user)
if len(key_list) > 1:
raise RuntimeError("Can't handle multiple sshPublicKey values "
"for an LDAP user")
if group_dn and group_dn not in result:
s = ("User '%s' not member of required group '%s'" %
(user, self.group))
raise exceptions.InsufficientPrivilegesException(s)
return rsa.RSAPublicKey(key_list[0])
def test_deserialize_response(self):
r = msgpack_protocol.Response.deserialize(SERIALIZED_RESPONSE)
public_key = rsa.RSAPublicKey(rsa_test.public_key)
self.assertTrue(public_key.verify_signature(r.signature, r.challenge))
def test_read_binary_key(self):
key = rsa.RSAPublicKey(ssh.base64url_decode(s.split(" ")[1]))
self.assertEqual(key.fingerprint(), "\xfb\xa1\xeao\xd3y")
self.assertEqual(key.decoded, inner_s)
self.assertEqual(key.encoded[:15], "\x00\x00\x00\x07ssh-rsa"
"\x00\x00\x00\x01")
def test_read_base64_key(self):
key = rsa.RSAPublicKey(s)
self.assertEqual(key.fingerprint(), "\xfb\xa1\xeao\xd3y")
self.assertEqual(key.decoded, inner_s)
self.assertEqual(key.encoded[:15], "\x00\x00\x00\x07ssh-rsa"
"\x00\x00\x00\x01")
def __init__(self, *args, **kwargs):
TestCase.__init__(self, *args, **kwargs)
self.private_key = rsa.RSAPrivateKey(private_key)
self.public_key = rsa.RSAPublicKey(public_key)
