U  W[3ã@spdZddlmZmZddlZddlmZddlmZz ddl Z Wne k rXdZ YnXz ddl Z Wne k r~dZ YnXe rše ršddl m Z mZndZ ZddlmZddlmZmZGd d „d eƒZGd d „d ejƒZGd d„deƒZGdd„deƒZedk rGdd„dejƒZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZ dS)z' Tests for L{twisted.conch.ssh.agent}. é)Úabsolute_importÚdivisionN)Úunittest)Úiosim)ÚkeysÚagent)Úkeydata)Ú ConchErrorÚMissingKeyStoreErrorc@seZdZdZdd„ZdS)Ú StubFactoryzb Mock factory that provides the keys attribute required by the SSHAgentServerProtocol cCs i|_dS©N)r©Úself©rú?/usr/lib/python3/dist-packages/twisted/conch/test/test_agent.pyÚ__init__&szStubFactory.__init__N)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrrrr !sr c@s:eZdZdZedkrdZnedks*edkr.dZdd„ZdS)Ú AgentTestBasez* Tests for SSHAgentServer/Client. Nz,iosim requires SSL, but SSL is not availablez)Cannot run without cryptography or PyASN1cCsjt tjtj¡\|_|_|_tƒ|j_ t j   t j¡|_t j   t j¡|_t j   t j¡|_t j   t j¡|_dSr )rÚconnectedServerAndClientrÚSSHAgentServerÚSSHAgentClientÚclientÚserverÚpumpr ÚfactoryrÚKeyÚ fromStringrZprivateRSA_opensshÚ rsaPrivateZprivateDSA_opensshÚ dsaPrivateZpublicRSA_opensshÚ rsaPublicZpublicDSA_opensshÚ dsaPublicr rrrÚsetUp4sÿ zAgentTestBase.setUp) rrrrrÚskiprrr$rrrrr+s rc@seZdZdZdd„ZdS)Ú&ServerProtocolContractWithFactoryTestszÚ The server protocol is stateful and so uses its factory to track state across requests. This test asserts that the protocol raises if its factory doesn't provide the necessary storage for that state. cCs2t ddtj¡}|jjjd=| t|jj |¡dS)Nz!LBér) ÚstructZpackrZAGENTC_REQUEST_IDENTITIESrrÚ__dict__Z assertRaisesr Z dataReceived)rÚmsgrrrÚ/test_factorySuppliesKeyStorageForServerProtocolLs  ÿzVServerProtocolContractWithFactoryTests.test_factorySuppliesKeyStorageForServerProtocolN)rrrrr+rrrrr&Fsr&c@s(eZdZdZdd„Zdd„Zdd„ZdS) Ú"UnimplementedVersionOneServerTestsa! Tests for methods with no-op implementations on the server. We need these for clients, such as openssh, that try v1 methods before going to v2. Because the client doesn't expose these operations with nice method names, we invoke sendRequest directly with an op code. cs0ˆj tjd¡}ˆj ¡‡fdd„}| |¡S)zV assert that we get the correct op code for an RSA identities request ócsˆ tjt|dd…ƒ¡dS)Nrr')Ú assertEqualrZAGENT_RSA_IDENTITIES_ANSWERÚord)Zpacketr rrÚ_cbdsÿzRUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIES.._cb)rÚ sendRequestrZAGENTC_REQUEST_RSA_IDENTITIESrÚflushÚ addCallback)rÚdr0rr rÚ"test_agentc_REQUEST_RSA_IDENTITIES^s  zEUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIEScCs(|j tjd¡}|j ¡| |jd¡S)z[ assert that we get the correct op code for an RSA remove identity request r-)rr1rZAGENTC_REMOVE_RSA_IDENTITYrr2r3r.©rr4rrrÚtest_agentc_REMOVE_RSA_IDENTITYjs zBUnimplementedVersionOneServerTests.test_agentc_REMOVE_RSA_IDENTITYcCs(|j tjd¡}|j ¡| |jd¡S)zj assert that we get the correct op code for an RSA remove all identities request. r-)rr1rZ AGENTC_REMOVE_ALL_RSA_IDENTITIESrr2r3r.r6rrrÚ%test_agentc_REMOVE_ALL_RSA_IDENTITIESss zHUnimplementedVersionOneServerTests.test_agentc_REMOVE_ALL_RSA_IDENTITIESN)rrrrr5r7r8rrrrr,Us  r,c@s eZdZdZdd„Zdd„ZdS)Ú CorruptServerzº A misbehaving server that returns bogus response op codes so that we can verify that our callbacks that deal with these op codes handle such miscreants. cCs| dd¡dS©Néþr-©Z sendResponse©rÚdatarrrÚagentc_REQUEST_IDENTITIES…sz'CorruptServer.agentc_REQUEST_IDENTITIEScCs| dd¡dSr:r<r=rrrÚagentc_SIGN_REQUEST‰sz!CorruptServer.agentc_SIGN_REQUESTN)rrrrr?r@rrrrr9sr9c@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚClientWithBrokenServerTestszM verify error handling code in the client using a misbehaving server cCs2t |¡t ttj¡\|_|_|_ t ƒ|j_ dSr ) rr$rrr9rrrrrr rr rrrr$“s  ÿz!ClientWithBrokenServerTests.setUpcCs*|j |j ¡d¡}|j ¡| |t¡S)zÄ Assert that L{SSHAgentClient.signData} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for data signing requests. ó John Hancock)rÚsignDatar"Úblobrr2Ú assertFailurer r6rrrÚ"test_signDataCallbackErrorHandlingœs z>ClientWithBrokenServerTests.test_signDataCallbackErrorHandlingcCs |j ¡}|j ¡| |t¡S)zÉ Assert that L{SSHAgentClient.requestIdentities} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for identity requests. )rÚrequestIdentitiesrr2rEr r6rrrÚ+test_requestIdentitiesCallbackErrorHandling§s  zGClientWithBrokenServerTests.test_requestIdentitiesCallbackErrorHandlingN)rrrrr$rFrHrrrrrAŽs  rAc@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) ÚAgentKeyAdditionTestsz< Test adding different flavors of keys to an agent. cs2ˆj ˆj ¡¡}ˆj ¡‡fdd„}| |¡S)á@ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that omitting the comment produces an empty string for the comment on the server. cs:ˆjjjˆj ¡}ˆ ˆj|d¡ˆ d|d¡dS©Nrr-r'©rrrr rDr.©ÚignoredZ serverKeyr rrÚ_checkÃszBAgentKeyAdditionTests.test_addRSAIdentityNoComment.._check©rÚ addIdentityr Ú privateBlobrr2r3©rr4rOrr rÚtest_addRSAIdentityNoComment¸s   z2AgentKeyAdditionTests.test_addRSAIdentityNoCommentcs2ˆj ˆj ¡¡}ˆj ¡‡fdd„}| |¡S)rJcs:ˆjjjˆj ¡}ˆ ˆj|d¡ˆ d|d¡dSrK©rrrr!rDr.rMr rrrOÕszBAgentKeyAdditionTests.test_addDSAIdentityNoComment.._check©rrQr!rRrr2r3rSrr rÚtest_addDSAIdentityNoCommentÊs   z2AgentKeyAdditionTests.test_addDSAIdentityNoCommentcs6ˆjjˆj ¡dd}ˆj ¡‡fdd„}| |¡S)á1 L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that the server receives/stores the comment as sent by the client. óMy special key©Zcommentcs:ˆjjjˆj ¡}ˆ ˆj|d¡ˆ d|d¡dS©NrrYr'rLrMr rrrOèszDAgentKeyAdditionTests.test_addRSAIdentityWithComment.._checkrPrSrr rÚtest_addRSAIdentityWithCommentÜs ÿ  z4AgentKeyAdditionTests.test_addRSAIdentityWithCommentcs6ˆjjˆj ¡dd}ˆj ¡‡fdd„}| |¡S)rXrYrZcs:ˆjjjˆj ¡}ˆ ˆj|d¡ˆ d|d¡dSr[rUrMr rrrOûszDAgentKeyAdditionTests.test_addDSAIdentityWithComment.._checkrVrSrr rÚtest_addDSAIdentityWithCommentïs ÿ  z4AgentKeyAdditionTests.test_addDSAIdentityWithCommentN)rrrrrTrWr\r]rrrrrI³s rIc@seZdZdd„ZdS)ÚAgentClientFailureTestscCs$|j dd¡}|j ¡| |t¡S)zK verify that the client raises ConchError on AGENT_FAILURE r;r-)rr1rr2rEr r6rrrÚtest_agentFailures z)AgentClientFailureTests.test_agentFailureN)rrrr_rrrrr^sr^c@s8eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd S) ÚAgentIdentityRequestsTestszJ Test operations against a server with identities already loaded. cCsBt |¡|jdf|jjj|j ¡<|jdf|jjj|j ¡<dS©Nó a commentóanother comment©rr$r!rrrrDr r rrrr$s ÿÿz AgentIdentityRequestsTests.setUpcCsX|j |j ¡d¡}|j ¡| |¡}|j d¡}|  ||¡|  |j  |d¡¡dS)zc Sign data with an RSA private key and then verify it with the public key. rBN) rrCr"rDrr2ZsuccessResultOfr Zsignr.Ú assertTrueÚverify)rr4Z signatureÚexpectedrrrÚtest_signDataRSAs     z+AgentIdentityRequestsTests.test_signDataRSAcs4ˆj ˆj ¡d¡}ˆj ¡‡fdd„}| |¡S)zb Sign data with a DSA private key and then verify it with the public key. rBcsˆ ˆj |d¡¡dS)NrB)rer#rf)Zsigr rrrO0sz;AgentIdentityRequestsTests.test_signDataDSA.._check)rrCr#rDrr2r3rSrr rÚtest_signDataDSA)s  z+AgentIdentityRequestsTests.test_signDataDSAcCs<|jjj|j ¡=|j |j ¡d¡}|j ¡|  |t ¡S)zm Assert that we get an errback if we try to sign data using a key that wasn't added. rB) rrrr"rDrrCrr2rEr r6rrrÚ$test_signDataRSAErrbackOnUnknownBlob8s z?AgentIdentityRequestsTests.test_signDataRSAErrbackOnUnknownBlobcs*ˆj ¡}ˆj ¡‡fdd„}| |¡S)z} Assert that we get all of the keys/comments that we add when we issue a request for all identities. cs^i}d|ˆj ¡<d|ˆj ¡<i}|D]$}|d|tjj|ddd ¡<q(ˆ ||¡dS)Nrbrcr'rrD)Útype)r#rDr"rrrr.)ZkeytrgZreceivedÚkr rrrOJs"zAAgentIdentityRequestsTests.test_requestIdentities.._check)rrGrr2r3rSrr rÚtest_requestIdentitiesCs   z1AgentIdentityRequestsTests.test_requestIdentitiesN) rrrrr$rhrirjrmrrrrr`s  r`c@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) ÚAgentKeyRemovalTestsz< Test support for removing keys in a remote server. cCsBt |¡|jdf|jjj|j ¡<|jdf|jjj|j ¡<dSrardr rrrr$\s ÿÿzAgentKeyRemovalTests.setUpcs2ˆj ˆj ¡¡}ˆj ¡‡fdd„}| |¡S)z< Assert that we can remove an RSA identity. csJˆ dtˆjjjƒ¡ˆ ˆj ¡ˆjjj¡ˆ ˆj  ¡ˆjjj¡dS©Nr') r.ÚlenrrrÚassertInr!rDZ assertNotInr ©rNr rrrOlsz;AgentKeyRemovalTests.test_removeRSAIdentity.._check)rÚremoveIdentityr rDrr2r3rSrr rÚtest_removeRSAIdentityds  z+AgentKeyRemovalTests.test_removeRSAIdentitycs2ˆj ˆj ¡¡}ˆj ¡‡fdd„}| |¡S)z; Assert that we can remove a DSA identity. cs2ˆ dtˆjjjƒ¡ˆ ˆj ¡ˆjjj¡dSro)r.rprrrrqr rDrrr rrrO{sz;AgentKeyRemovalTests.test_removeDSAIdentity.._check)rrsr!rDrr2r3rSrr rÚtest_removeDSAIdentityss  z+AgentKeyRemovalTests.test_removeDSAIdentitycs*ˆj ¡}ˆj ¡‡fdd„}| |¡S)z; Assert that we can remove all identities. csˆ dtˆjjjƒ¡dS)Nr)r.rprrrrrr rrrOˆsz=AgentKeyRemovalTests.test_removeAllIdentities.._check)rZremoveAllIdentitiesrr2r3rSrr rÚtest_removeAllIdentitiess   z-AgentKeyRemovalTests.test_removeAllIdentitiesN)rrrrr$rtrurvrrrrrnWs rn)!rZ __future__rrr(Z twisted.trialrZ twisted.testrZ cryptographyÚ ImportErrorZpyasn1Ztwisted.conch.sshrrZtwisted.conch.testrZtwisted.conch.errorr r Úobjectr ZTestCaserr&r,rr9rArIr^r`rnrrrrÚs8        ) %P I