U sĶ@g9Oć@sędZddlZddlZddlZddlZddlmZmZddlm Z m Z ddl m Z e dƒr–e dƒr–ddl mZmZmZmZdd lmZmZmZmZmZnd Zdd lmZdd lmZdd lmZmZm Z m!Z!dd„Z"Gdd„deƒZ#dS)z- Tests for L{twisted.conch.scripts.ckeygen}. éN)ŚBytesIOŚStringIO)ŚunicodeŚ_PY3)Ś requireModuleZ cryptographyZpyasn1)ŚKeyŚ BadKeyErrorŚBadFingerPrintFormatŚFingerprintFormats)ŚchangePassPhraseŚdisplayPublicKeyŚprintFingerprintŚ_saveKeyŚenumrepresentationzBcryptography and pyasn1 required for twisted.conch.scripts.ckeygen)ŚFilePath)ŚTestCase)ŚpublicRSA_opensshŚprivateRSA_opensshŚprivateRSA_openssh_encryptedŚprivateECDSA_opensshcstˆƒ‰‡fdd„}|S)a@ Return a callable to patch C{getpass.getpass}. Yields a passphrase each time called. Use case is to provide an old, then new passphrase(s) as if requested interactively. @param passphrases: The list of passphrases returned, one per each call. @return: A callable to patch C{getpass.getpass}. cstˆƒS©N)Śnext©Ś_©Ś passphrases©śA/usr/lib/python3/dist-packages/twisted/conch/test/test_ckeygen.pyŚ fakeGetpass.sz makeGetpass..fakeGetpass)Śiter)rrrrrŚ makeGetpass"s  r c@seZdZdZdd„Zd?dd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Zd;d<„Z d=d>„Z!dS)@Ś KeyGenTestszN Tests for various functions used to implement the I{ckeygen} script. cCs*trtƒ|_ntƒ|_| td|j”dS)zX Patch C{sys.stdout} so tests can make assertions about what's printed. ŚstdoutN)rrr"rŚpatchŚsys©ŚselfrrrŚsetUp9s zKeyGenTests.setUpNc Csš| ”}|dkr(t dd|d|dg”nt dd|d|dd|g”t |”}t |d”}|dkrt| | ”d”n| | ”| ””| |  ””dS) NŚckeygenś-tś-fz--no-passphrasez-bz.pubŚecdsaZEC) ŚmktempŚ subprocessŚcallrZfromFileŚ assertEqualŚtypeŚupperZ assertTrueZisPublic)r&ZkeyTypeZkeySizeŚfilenameZprivKeyŚpubKeyrrrŚ_testrunEs’ zKeyGenTests._testruncCsF| dd”| d”| dd”| d”| dd”| d”dS)Nr+Z384ZdsaZ2048Zrsa)r4r%rrrŚtest_keygenerationUs      zKeyGenTests.test_keygenerationc CsT| ”}| tj”6ttjdƒ}tjdddd|g|dW5QRXW5QRXdS)NŚrbr(r)Zfoor*)Śstderr)r,Ś assertRaisesr-ZCalledProcessErrorŚopenŚosŚdevnullZ check_call)r&r2r;rrrŚtest_runBadKeytype_s žzKeyGenTests.test_runBadKeytypecCs"tddiƒ}| |dtj”dS)z˜ L{enumrepresentation} takes a dictionary as input and returns a dictionary with its attributes changed to enum representation. Śformatśmd5-hexN)rŚassertIsr ZMD5_HEX©r&ZoptionsrrrŚtest_enumrepresentationis  ’z#KeyGenTests.test_enumrepresentationcCs"tddiƒ}| |dtj”dS)zF Test for format L{FingerprintFormats.SHA256-BASE64}. r=ś sha256-base64N)rr?r Z SHA256_BASE64r@rrrŚtest_enumrepresentationsha256ss  ’z)KeyGenTests.test_enumrepresentationsha256c Cs:| t”}tddiƒW5QRX| d|jjd”dS)z9 Test for unsupported fingerprint format r=ś sha-base64ś*Unsupported fingerprint format: sha-base64rN)r8r rr/Ś exceptionŚargs)r&ŚemrrrŚ test_enumrepresentationBadFormat}s   ’z,KeyGenTests.test_enumrepresentationBadFormatcCs:| ”}t|ƒ t”t|ddœƒ| |j ”d”dS)z¹ L{printFingerprint} writes a line to standard out giving the number of bits of the key, its fingerprint, and the basename of the file from it was read. r>©r2r=z:2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp N©r,rŚ setContentrr r/r"Śgetvalue©r&r2rrrŚtest_printFingerprintˆs’žz!KeyGenTests.test_printFingerprintcCs:| ”}t|ƒ t”t|ddœƒ| |j ”d”dS)zŽ L{printFigerprint} will print key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rBrJz72048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp NrKrNrrrŚtest_printFingerprintsha256—s’žz'KeyGenTests.test_printFingerprintsha256c CsR| ”}t|ƒ t”| t”}t|ddœƒW5QRX| d|jj d”dS)zx L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rDrJrErN) r,rrLrr8r r r/rFrG)r&r2rHrrrŚ)test_printFingerprintBadFingerPrintFormat„s  ’z5KeyGenTests.test_printFingerprintBadFingerPrintFormatcCsšt| ”ƒ}| ”| d”j}t t”}t||dddœƒ|  |j   ”d||f”|  | | d”  ”dd”|”|  t | d”  ””|  ””dS)z– L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Śid_rsaŚ passphraser>©r2Śpassr=zŗYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da Nś id_rsa.pub©rr,ŚmakedirsŚchildŚpathrŚ fromStringrrr/r"rMŚ getContentŚpublic©r&Śbaser2ŚkeyrrrŚ test_saveKey³s6   ’žżž ’żžzKeyGenTests.test_saveKeycCsšt| ”ƒ}| ”| d”j}t t”}t||dddœƒ|  |j   ”d||f”|  | | d”  ”dd”|”|  t | d”  ””|  ””dS)z³ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with ECDSA key. Śid_ecdsarSr>rTzŗYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16 Nz id_ecdsa.pub)rr,rXrYrZrr[rrr/r"rMr\r]r^rrrŚtest_saveKeyECDSAĻs6   ’žżž ’żžzKeyGenTests.test_saveKeyECDSAcCsšt| ”ƒ}| ”| d”j}t t”}t||dddœƒ|  |j   ”d||f”|  | | d”  ”dd”|”|  t | d”  ””|  ””dS)zŠ L{_saveKey} will generate key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rRrSrBrTz½Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= NrVrWr^rrrŚtest_saveKeysha256ģs6   ’žżž ’żžzKeyGenTests.test_saveKeysha256c Csjt| ”ƒ}| ”| d”j}t t”}| t ”}t ||dddœƒW5QRX|  d|j j d”dS)zq L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rRrSrDrTrErN)rr,rXrYrZrr[rr8r rr/rFrG)r&r_r2r`rHrrrŚ test_saveKeyBadFingerPrintformats    ’ ’z,KeyGenTests.test_saveKeyBadFingerPrintformatcCs`t| ”ƒ}| ”| d”j}t t”}t||dddœƒ|  | | d”  ”dd”|”dS)śq L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. rRTr>©r2z no-passphraser=Nó) rr,rXrYrZrr[rrr/r\r^rrrŚtest_saveKeyEmptyPassphrases   ’ ’żz'KeyGenTests.test_saveKeyEmptyPassphrasecCs^t| ”ƒ}| ”| d”j}t t”}t||dddœƒ|  | | d”  ”d”|”dS)rfrbTr>rgN) rr,rXrYrZrr[rrr/r\r^rrrŚ test_saveKeyECDSAEmptyPassphrase)s   ’ ’żz,KeyGenTests.test_saveKeyECDSAEmptyPassphrasecsŒt| ”ƒ}| ”| d”j‰ddl}| |jjj d‡fdd„”t   t ”}t |dddd œƒ| d” ”}|  |dd ”}| ||”dS) zd When no path is specified, it will ask for the path used to store the key. Z custom_keyrNZ raw_inputcsˆSrrr©ZkeyPathrrŚErhz4KeyGenTests.test_saveKeyNoFilename..Tr>rgrh)rr,rXrYrZŚtwisted.conch.scripts.ckeygenr#ZconchZscriptsr(rr[rrr\r/)r&r_Ztwistedr`ZpersistedKeyContentZ persistedKeyrrkrŚtest_saveKeyNoFilename;s   ’z"KeyGenTests.test_saveKeyNoFilenamecCsf| ”}t t”}t|ƒ t”td|iƒ|j  ”  d”}t |t ƒrP|  d”}| || d””dS)zl L{displayPublicKey} prints out the public key associated with a given private key. r2Ś ŚasciiŚopensshN)r,rr[rrrLrr r"rMŚstripŚ isinstancerŚencoder/ŚtoString©r&r2r3Z displayedrrrŚtest_displayPublicKeyOs    žz!KeyGenTests.test_displayPublicKeycCsh| ”}t t”}t|ƒ t”t|ddœƒ|j  ”  d”}t |t ƒrR|  d”}| || d””dS)z› L{displayPublicKey} prints out the public key associated with a given private key using the given passphrase when it's encrypted. Ś encrypted©r2rUrorprqN)r,rr[rrrLrr r"rMrrrsrrtr/rurvrrrŚtest_displayPublicKeyEncrypted`s   žz*KeyGenTests.test_displayPublicKeyEncryptedcCsx| ”}t t”}t|ƒ t”| tddd„”t d|iƒ|j   ”  d”}t |tƒrb| d”}| || d””dS) z› L{displayPublicKey} prints out the public key associated with a given private key, asking for the passphrase when it's encrypted. ŚgetpasscSsdS)Nrxr)ŚxrrrrlyrhzLKeyGenTests.test_displayPublicKeyEncryptedPassphrasePrompt..r2rorprqN)r,rr[rrrLrr#r{r r"rMrrrsrrtr/rurvrrrŚ.test_displayPublicKeyEncryptedPassphrasePromptqs    žz:KeyGenTests.test_displayPublicKeyEncryptedPassphrasePromptcCs.| ”}t|ƒ t”| tt|ddœ”dS)zŠ L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt an encrypted key with the wrong password. ŚwrongryN)r,rrLrr8rr rNrrrŚ$test_displayPublicKeyWrongPassphraseƒsžz0KeyGenTests.test_displayPublicKeyWrongPassphrasecCsltdddƒ}| td|”| ”}t|ƒ t”td|iƒ| |j   ”  d”d”|  tt|ƒ  ””dS)zt L{changePassPhrase} allows a user to change the passphrase of a private key interactively. rxŚnewpassr{r2roś;Your identification has been saved with the new passphrase.N©r r#r{r,rrLrr r/r"rMrrŚassertNotEqualr\)r&Z oldNewConfirmr2rrrŚtest_changePassphrases  ž ’z!KeyGenTests.test_changePassphrasecCsltddƒ}| td|”| ”}t|ƒ t”t|ddœƒ| |j   ”  d”d”|  tt|ƒ  ””dS)zž L{changePassPhrase} allows a user to change the passphrase of a private key, providing the old passphrase and prompting for new one. r€r{rxryrorNr‚)r&Z newConfirmr2rrrŚtest_changePassphraseWithOld¢s ž ’z(KeyGenTests.test_changePassphraseWithOldcCsV| ”}t|ƒ t”t|dddœƒ| |j ” d”d”|  tt|ƒ  ””dS)z¢ L{changePassPhrase} allows a user to change the passphrase of a private key by providing both old and new passphrases without prompting. rxŚ newencrypt)r2rUr€rorN) r,rrLrr r/r"rMrrrƒr\rNrrrŚtest_changePassphraseWithBothµs’’ž ’z)KeyGenTests.test_changePassphraseWithBothcCsR| ”}t|ƒ t”| tt|ddœ”}| dt|ƒ”| tt|ƒ  ””dS)zŽ L{changePassPhrase} exits if passed an invalid old passphrase when trying to change the passphrase of a private key. r~ryz1Could not change passphrase: old passphrase errorN) r,rrLrr8Ś SystemExitr r/Śstrr\©r&r2ŚerrorrrrŚ$test_changePassphraseWrongPassphraseĒsž’ ’z0KeyGenTests.test_changePassphraseWrongPassphrasecCsb| tdtdƒ”| ”}t|ƒ t”| tt d|i”}|  dt |ƒ”|  tt|ƒ  ””dS)zƒ L{changePassPhrase} exits if no passphrase is specified for the C{getpass} call and the key is encrypted. r{Śr2zMCould not change passphrase: Passphrase must be provided for an encrypted keyN) r#r{r r,rrLrr8rˆr r/r‰r\rŠrrrŚ!test_changePassphraseEmptyGetPass×s’ż ’z-KeyGenTests.test_changePassphraseEmptyGetPasscCs^| ”}t|ƒ d”| ttd|i”}tr2d}nd}| |t|ƒ”| dt|ƒ  ””dS)zc L{changePassPhrase} exits if the file specified points to an invalid key. sfoobarr2z?Could not change passphrase: cannot guess the type of b'foobar'z>Could not change passphrase: cannot guess the type of 'foobar'N) r,rrLr8rˆr rr/r‰r\)r&r2r‹ŚexpectedrrrŚtest_changePassphraseBadKeyés’z'KeyGenTests.test_changePassphraseBadKeycCsh| ”}t|ƒ t”dd„}| td|”| tt|ddœ”}|  dt |ƒ”|  tt|ƒ  ””dS)zŸ L{changePassPhrase} doesn't modify the key file if an unexpected error happens when trying to create the key with the new passphrase. c_s tdƒ‚dS)NZoops)Ś RuntimeError©rGŚkwargsrrrrusz>KeyGenTests.test_changePassphraseCreateError..toStringrur†©r2r€z!Could not change passphrase: oopsN) r,rrLrr#rr8rˆr r/r‰r\)r&r2rur‹rrrŚ test_changePassphraseCreateErrorūs ’ž’z,KeyGenTests.test_changePassphraseCreateErrorcCsv| ”}t|ƒ t”dd„}| td|”| tt|ddœ”}t rJd}nd}|  |t |ƒ”|  tt|ƒ  ””dS) zq L{changePassPhrase} doesn't modify the key file if C{toString} returns an empty string. c_sdS)Nrrr’rrrruszCKeyGenTests.test_changePassphraseEmptyStringError..toStringrur†r”z9Could not change passphrase: cannot guess the type of b''z8Could not change passphrase: cannot guess the type of ''N) r,rrLrr#rr8rˆr rr/r‰r\)r&r2rur‹rrrrŚ%test_changePassphraseEmptyStringErrors ž’’z1KeyGenTests.test_changePassphraseEmptyStringErrorcCsR| ”}t|ƒ t”| tt|ddœ”}| dt|ƒ”| tt|ƒ  ””dS)z† L{changePassPhrase} exits when trying to change the passphrase on a public key, and doesn't change the file. rUr”z.Could not change passphrase: key not encryptedN) r,rrLrr8rˆr r/r‰r\rŠrrrŚtest_changePassphrasePublicKey/sž’z*KeyGenTests.test_changePassphrasePublicKey)N)"Ś__name__Ś __module__Ś __qualname__Ś__doc__r'r4r5r<rArCrIrOrPrQrarcrdrerirjrnrwrzr}rr„r…r‡rŒrŽrr•r–r—rrrrr!5s>       r!)$r›r{r$r:r-ŚiorrZtwisted.python.compatrrZtwisted.python.reflectrZtwisted.conch.ssh.keysrrr r rmr r r rrŚskipZtwisted.python.filepathrZtwisted.trial.unittestrZtwisted.conch.test.keydatarrrrr r!rrrrŚs