def test_periodical_renewal(fx_authorized_servers, fx_master_key, tmpdir): remote_set = { Remote('user', '127.0.0.1', port) for port in fx_authorized_servers } store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa'))) store.save(fx_master_key) for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {fx_master_key} p = PeriodicalRenewal(remote_set, store, datetime.timedelta(seconds=3)) assert store.load() == fx_master_key for t, path, ev in fx_authorized_servers.values(): assert fx_master_key in authorized_key_set(path) wait_for(20, lambda: store.load() != fx_master_key) second_key = store.load() assert second_key != fx_master_key for t, path, ev in fx_authorized_servers.values(): key_set = authorized_key_set(path) assert second_key in key_set wait_for(20, lambda: store.load() != second_key) third_key = store.load() assert third_key != fx_master_key assert third_key != second_key for t, path, ev in fx_authorized_servers.values(): key_set = authorized_key_set(path) assert third_key in key_set p.terminate() last_key = store.load() time.sleep(10) assert store.load() == last_key for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {last_key}
def test_fs_master_key_store_save(tmpdir): path = tmpdir.join('id_rsa') s = FileSystemMasterKeyStore(str(path)) with raises(EmptyStoreError): s.load() key = RSAKey.generate(1024) s.save(key) stored_key = s.load() assert isinstance(stored_key, RSAKey) assert stored_key.get_base64() == stored_key.get_base64()
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir): remote_set = { Remote('user', '127.0.0.1', port) for port in fx_authorized_servers } store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa'))) store.save(fx_master_key) for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {fx_master_key} new_key = renew_master_key(remote_set, store) assert new_key != fx_master_key assert store.load() == new_key for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {new_key}
def test_renew_master_key(fx_authorized_servers, fx_master_key, tmpdir, key_type: Type[PKey], bits: int): remote_set = { Remote('user', '127.0.0.1', port) for port in fx_authorized_servers } store = FileSystemMasterKeyStore(str(tmpdir.join('id_rsa'))) store.save(fx_master_key) for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {fx_master_key} new_key = renew_master_key(remote_set, store, key_type, bits) assert new_key.get_bits() == bits or bits is None assert isinstance(new_key, key_type) assert new_key != fx_master_key assert store.load() == new_key for t, path, ev in fx_authorized_servers.values(): assert authorized_key_set(path) == {new_key}