o ‹Íf_ã@sÖdZddlZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZddlmZddlmZedƒr[ed ƒr[dd lmZmZmZmZmZdd lmZmZmZmZnd Zd d„ZGdd„deƒZ dS)z- Tests for L{twisted.conch.scripts.ckeygen}. éN)ÚStringIO)ÚprivateECDSA_opensshÚprivateEd25519_openssh_newÚprivateRSA_opensshÚprivateRSA_openssh_encryptedÚpublicRSA_openssh)ÚFilePath)Ú requireModule)ÚTestCaseÚ cryptographyÚpyasn1)Ú_saveKeyÚchangePassPhraseÚdisplayPublicKeyÚenumrepresentationÚprintFingerprint)ÚBadFingerPrintFormatÚ BadKeyErrorÚFingerprintFormatsÚKeyzBcryptography and pyasn1 required for twisted.conch.scripts.ckeygencstˆƒ‰‡fdd„}|S)a@ Return a callable to patch C{getpass.getpass}. Yields a passphrase each time called. Use case is to provide an old, then new passphrase(s) as if requested interactively. @param passphrases: The list of passphrases returned, one per each call. @return: A callable to patch C{getpass.getpass}. cstˆƒS©N)Únext©Ú_©Ú passphrases©úA/usr/lib/python3/dist-packages/twisted/conch/test/test_ckeygen.pyÚ fakeGetpass7óz makeGetpass..fakeGetpass)Úiter)rrrrrÚ makeGetpass+s r!c@s"eZdZdZdd„ZdGdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Zd;d<„Z d=d>„Z!d?d@„Z"dAdB„Z#dCdD„Z$dEdF„Z%dS)HÚ KeyGenTestszN Tests for various functions used to implement the I{ckeygen} script. cCstƒ|_| td|j¡dS)zX Patch C{sys.stdout} so tests can make assertions about what's printed. ÚstdoutN)rr#ÚpatchÚsys©ÚselfrrrÚsetUpBszKeyGenTests.setUpNcCsê| ¡}dd|d|dg}|dur| d|g¡|dur"| d|g¡zt |¡Wnty;d|d<t |¡Ynwt |¡}t |d ¡}|d krU| | ¡d ¡n|d krb| | ¡d ¡n | | ¡|  ¡¡|  |  ¡¡dS)NÚckeygenú-tú-fz--no-passphrasez-bz--private-key-subtypeÚckeygen3rz.pubÚecdsaÚECÚed25519ÚEd25519) ÚmktempÚextendÚ subprocessÚcallÚFileNotFoundErrorrÚfromFileÚ assertEqualÚtypeÚupperÚ assertTrueÚisPublic)r'ÚkeyTypeÚkeySizeÚprivateKeySubtypeÚfilenameÚargsÚprivKeyÚpubKeyrrrÚ_testrunIs( þ zKeyGenTests._testruncCsª| dd¡|jdddd| d¡|jddd| d¡| dd¡|jdddd| d¡|jddd| dd¡|jdddd| d¡|jddddS) Nr-Ú384Úv1)r>r/ÚdsaÚ2048Úrsa)rCr&rrrÚtest_keygeneration_s       zKeyGenTests.test_keygenerationc Cs¾| ¡}| tj¡Kttjdƒ,}ztjdddd|g|dWnty5tjdddd|g|dYnwWdƒn1s@wYWdƒdSWdƒdS1sXwYdS)NÚrbr)r*Úfoor+)Ústderrr,) r1Ú assertRaisesr3ÚCalledProcessErrorÚopenÚosÚdevnullÚ check_callr5)r'r?rQrrrÚtest_runBadKeytypens&  þ   þÿ€ûÿ"ÿzKeyGenTests.test_runBadKeytypecCó"tddiƒ}| |dtj¡dS)z˜ L{enumrepresentation} takes a dictionary as input and returns a dictionary with its attributes changed to enum representation. Úformatúmd5-hexN)rÚassertIsrÚMD5_HEX©r'ÚoptionsrrrÚtest_enumrepresentation{s z#KeyGenTests.test_enumrepresentationcCrT)zF Test for format L{FingerprintFormats.SHA256-BASE64}. rUú sha256-base64N)rrWrÚ SHA256_BASE64rYrrrÚtest_enumrepresentationsha256ƒs z)KeyGenTests.test_enumrepresentationsha256cCsN| t¡}tddiƒWdƒn1swY| d|jjd¡dS)z9 Test for unsupported fingerprint format rUú sha-base64Nú*Unsupported fingerprint format: sha-base64r)rMrrr7Ú exceptionr@)r'ÚemrrrÚ test_enumrepresentationBadFormatŠs ÿ ÿz,KeyGenTests.test_enumrepresentationBadFormatcCó:| ¡}t|ƒ t¡t|ddœƒ| |j ¡d¡dS)z¹ L{printFingerprint} writes a line to standard out giving the number of bits of the key, its fingerprint, and the basename of the file from it was read. rV©r?rUz:2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp N©r1rÚ setContentrrr7r#Úgetvalue©r'r?rrrÚtest_printFingerprint”sþz!KeyGenTests.test_printFingerprintcCrd)zŽ L{printFigerprint} will print key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. r\rez72048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp NrfrirrrÚtest_printFingerprintsha256¢sþz'KeyGenTests.test_printFingerprintsha256cCsf| ¡}t|ƒ t¡| t¡}t|ddœƒWdƒn1s"wY| d|jj d¡dS)zx L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. r_reNr`r) r1rrgrrMrrr7rar@)r'r?rbrrrÚ)test_printFingerprintBadFingerPrintFormat¯s ÿ ÿz5KeyGenTests.test_printFingerprintBadFingerPrintFormatcCóšt| ¡ƒ}| ¡| d¡j}t t¡}t||dddœƒ|  |j   ¡d||f¡|  | | d¡  ¡dd¡|¡|  t | d¡  ¡¡|  ¡¡dS)z– L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Úid_rsaÚ passphraserV©r?ÚpassrUúºYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da Nú id_rsa.pub©rr1ÚmakedirsÚchildÚpathrÚ fromStringrr r7r#rhÚ getContentÚpublic©r'Úbaser?ÚkeyrrrÚ test_saveKey¼s"   ýþÿÿzKeyGenTests.test_saveKeycCrm)z³ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with ECDSA key. Úid_ecdsarorVrpzºYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16 Nz id_ecdsa.pub)rr1rurvrwrrxrr r7r#rhryrzr{rrrÚtest_saveKeyECDSAÔs"   ýþÿÿzKeyGenTests.test_saveKeyECDSAcCrm)zµ L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with Ed25519 key. Ú id_ed25519rorVrpzºYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: ab:ee:c8:ed:e5:01:1b:45:b7:8d:b2:f0:8f:61:1c:14 Nzid_ed25519.pub)rr1rurvrwrrxrr r7r#rhryrzr{rrrÚtest_saveKeyEd25519ís$   ýþþÿzKeyGenTests.test_saveKeyEd25519cCrm)zŠ L{_saveKey} will generate key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rnror\rpz½Your identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= Nrsrtr{rrrÚtest_saveKeysha256s&    ÿýþÿÿzKeyGenTests.test_saveKeysha256cCs~t| ¡ƒ}| ¡| d¡j}t t¡}| t ¡}t ||dddœƒWdƒn1s.wY|  d|j j d¡dS)zq L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rnror_rpNr`r)rr1rurvrwrrxrrMrr r7rar@)r'r|r?r}rbrrrÚ test_saveKeyBadFingerPrintformat!s     þÿ ÿz,KeyGenTests.test_saveKeyBadFingerPrintformatcCs`t| ¡ƒ}| ¡| d¡j}t t¡}t||dddœƒ|  | | d¡  ¡dd¡|¡dS)úq L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. rnTrV©r?z no-passphraserUNó) rr1rurvrwrrxrr r7ryr{rrrÚtest_saveKeyEmptyPassphrase3s    ÿÿz'KeyGenTests.test_saveKeyEmptyPassphrasecCó^t| ¡ƒ}| ¡| d¡j}t t¡}t||dddœƒ|  | | d¡  ¡d¡|¡dS)r…rTrVr†N) rr1rurvrwrrxrr r7ryr{rrrÚ test_saveKeyECDSAEmptyPassphraseCs    ÿ"z,KeyGenTests.test_saveKeyECDSAEmptyPassphrasecCr‰)r…rTrVr†N) rr1rurvrwrrxrr r7ryr{rrrÚ"test_saveKeyEd25519EmptyPassphraseQs    ÿÿz.KeyGenTests.test_saveKeyEd25519EmptyPassphrasecsŒt| ¡ƒ}| ¡| d¡j‰ddl}| |jjj d‡fdd„¡t   t ¡}t |dddd œƒ| d¡ ¡}|  |dd ¡}| ||¡dS) zd When no path is specified, it will ask for the path used to store the key. Ú custom_keyrNÚ_inputSaveFilecsˆSrrr©ÚkeyPathrrÚlóz4KeyGenTests.test_saveKeyNoFilename..TrVr†r‡)rr1rurvrwÚtwisted.conch.scripts.ckeygenr$ÚconchÚscriptsr)rrxrr ryr7)r'r|Útwistedr}ÚpersistedKeyContentÚ persistedKeyrrŽrÚtest_saveKeyNoFilenameas   z"KeyGenTests.test_saveKeyNoFilenamecCs°t| ¡ƒ}| ¡| d¡j}t t¡}t||ddddœƒ|  |j   ¡d||f¡| d¡  ¡}|  | |dd¡|¡|  | d¡¡|  t | d ¡  ¡¡| ¡¡dS) zi L{_saveKey} can be told to write the new private key file in OpenSSH v1 format. rnrorVrE)r?rqrUúprivate-key-subtyperrNó$-----BEGIN OPENSSH PRIVATE KEY----- rs)rr1rurvrwrrxrr r7r#rhryr:Ú startswithrz)r'r|r?r}ÚprivateKeyContentrrrÚtest_saveKeySubtypeV1ts4   üþ ýþÿÿz!KeyGenTests.test_saveKeySubtypeV1cCsf| ¡}t t¡}t|ƒ t¡td|iƒ|j  ¡  d¡}t |t ƒr(|  d¡}| || d¡¡dS)zl L{displayPublicKey} prints out the public key associated with a given private key. r?Ú ÚasciiÚopensshN)r1rrxrrrgrrr#rhÚstripÚ isinstanceÚstrÚencoder7ÚtoString©r'r?rBÚ displayedrrrÚtest_displayPublicKey–s    z!KeyGenTests.test_displayPublicKeycCsh| ¡}t t¡}t|ƒ t¡t|ddœƒ|j  ¡  d¡}t |t ƒr)|  d¡}| || d¡¡dS)z› L{displayPublicKey} prints out the public key associated with a given private key using the given passphrase when it's encrypted. Ú encrypted©r?rqržrŸr N)r1rrxrrrgrrr#rhr¡r¢r£r¤r7r¥r¦rrrÚtest_displayPublicKeyEncrypted¤s   z*KeyGenTests.test_displayPublicKeyEncryptedcCsx| ¡}t t¡}t|ƒ t¡| tddd„¡t d|iƒ|j   ¡  d¡}t |tƒr1| d¡}| || d¡¡dS) z› L{displayPublicKey} prints out the public key associated with a given private key, asking for the passphrase when it's encrypted. ÚgetpasscSódS)Nr©r)Úxrrrrºr‘zLKeyGenTests.test_displayPublicKeyEncryptedPassphrasePrompt..r?ržrŸr N)r1rrxrrrgrr$r¬rr#rhr¡r¢r£r¤r7r¥r¦rrrÚ.test_displayPublicKeyEncryptedPassphrasePrompt²s    z:KeyGenTests.test_displayPublicKeyEncryptedPassphrasePromptcCs.| ¡}t|ƒ t¡| tt|ddœ¡dS)zŠ L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt an encrypted key with the wrong password. ÚwrongrªN)r1rrgrrMrrrirrrÚ$test_displayPublicKeyWrongPassphraseÁs  ÿz0KeyGenTests.test_displayPublicKeyWrongPassphrasecCsltdddƒ}| td|¡| ¡}t|ƒ t¡td|iƒ| |j   ¡  d¡d¡|  tt|ƒ  ¡¡dS)zt L{changePassPhrase} allows a user to change the passphrase of a private key interactively. r©Únewpassr¬r?ržú;Your identification has been saved with the new passphrase.N©r!r$r¬r1rrgrrr7r#rhr¡ÚassertNotEqualry)r'Ú oldNewConfirmr?rrrÚtest_changePassphraseÌs  þ ÿz!KeyGenTests.test_changePassphrasecCsltddƒ}| td|¡| ¡}t|ƒ t¡t|ddœƒ| |j   ¡  d¡d¡|  tt|ƒ  ¡¡dS)zž L{changePassPhrase} allows a user to change the passphrase of a private key, providing the old passphrase and prompting for new one. r²r¬r©rªržr³Nr´)r'Ú newConfirmr?rrrÚtest_changePassphraseWithOldàs þ ÿz(KeyGenTests.test_changePassphraseWithOldcCsV| ¡}t|ƒ t¡t|dddœƒ| |j ¡ d¡d¡|  tt|ƒ  ¡¡dS)z¢ L{changePassPhrase} allows a user to change the passphrase of a private key by providing both old and new passphrases without prompting. r©Ú newencrypt)r?rqr²ržr³N) r1rrgrrr7r#rhr¡rµryrirrrÚtest_changePassphraseWithBothôs ÿþ ÿz)KeyGenTests.test_changePassphraseWithBothcCóR| ¡}t|ƒ t¡| tt|ddœ¡}| dt|ƒ¡| tt|ƒ  ¡¡dS)zŽ L{changePassPhrase} exits if passed an invalid old passphrase when trying to change the passphrase of a private key. r°rªz1Could not change passphrase: old passphrase errorN) r1rrgrrMÚ SystemExitrr7r£ry©r'r?ÚerrorrrrÚ$test_changePassphraseWrongPassphrases ÿÿz0KeyGenTests.test_changePassphraseWrongPassphrasecCsb| tdtdƒ¡| ¡}t|ƒ t¡| tt d|i¡}|  dt |ƒ¡|  tt|ƒ  ¡¡dS)zƒ L{changePassPhrase} exits if no passphrase is specified for the C{getpass} call and the key is encrypted. r¬Úr?zMCould not change passphrase: Passphrase must be provided for an encrypted keyN) r$r¬r!r1rrgrrMr½rr7r£ryr¾rrrÚ!test_changePassphraseEmptyGetPasssýz-KeyGenTests.test_changePassphraseEmptyGetPasscCsT| ¡}t|ƒ d¡| ttd|i¡}d}| |t|ƒ¡| dt|ƒ ¡¡dS)zc L{changePassPhrase} exits if the file specified points to an invalid key. sfoobarr?z?Could not change passphrase: cannot guess the type of b'foobar'N) r1rrgrMr½rr7r£ry)r'r?r¿ÚexpectedrrrÚtest_changePassphraseBadKey&s z'KeyGenTests.test_changePassphraseBadKeycCsh| ¡}t|ƒ t¡dd„}| td|¡| tt|ddœ¡}|  dt |ƒ¡|  tt|ƒ  ¡¡dS)zŸ L{changePassPhrase} doesn't modify the key file if an unexpected error happens when trying to create the key with the new passphrase. c_stdƒ‚)NÚoops)Ú RuntimeError©r@Úkwargsrrrr¥;rz>KeyGenTests.test_changePassphraseCreateError..toStringr¥rº©r?r²z!Could not change passphrase: oopsN© r1rrgrr$rrMr½rr7r£ry)r'r?r¥r¿rrrÚ test_changePassphraseCreateError3sýz,KeyGenTests.test_changePassphraseCreateErrorcCsl| ¡}t|ƒ t¡dd„}| td|¡| tt|ddœ¡}d}|  |t |ƒ¡|  tt|ƒ  ¡¡dS)zq L{changePassPhrase} doesn't modify the key file if C{toString} returns an empty string. c_r­)NrÁrrÇrrrr¥RszCKeyGenTests.test_changePassphraseEmptyStringError..toStringr¥rºrÉz9Could not change passphrase: cannot guess the type of b''NrÊ)r'r?r¥r¿rÃrrrÚ%test_changePassphraseEmptyStringErrorJsýz1KeyGenTests.test_changePassphraseEmptyStringErrorcCr¼)z† L{changePassPhrase} exits when trying to change the passphrase on a public key, and doesn't change the file. rqrÉz.Could not change passphrase: key not encryptedN) r1rrgrrMr½rr7r£ryr¾rrrÚtest_changePassphrasePublicKeybs ÿz*KeyGenTests.test_changePassphrasePublicKeycCs‚tdddƒ}| td|¡| ¡}t|ƒ t¡t|ddœƒ| |j   ¡  d¡d¡t|ƒ  ¡}|  t|¡| | d¡¡d S) zq L{changePassPhrase} can be told to write the new private key file in OpenSSH v1 format. r©r²r¬rE)r?r™ržr³ršN)r!r$r¬r1rrgrrr7r#rhr¡ryrµr:r›)r'r¶r?rœrrrÚtest_changePassphraseSubtypeV1os þ  ÿz*KeyGenTests.test_changePassphraseSubtypeV1)NN)&Ú__name__Ú __module__Ú __qualname__Ú__doc__r(rCrIrSr[r^rcrjrkrlr~r€r‚rƒr„rˆrŠr‹r˜rr¨r«r¯r±r·r¹r»rÀrÂrÄrËrÌrÍrÎrrrrr"=sH     "   r")!rÒr¬r3r%rPÚiorÚtwisted.conch.test.keydatarrrrrÚtwisted.python.filepathrÚtwisted.python.reflectr Útwisted.trial.unittestr r’r rrrrÚtwisted.conch.ssh.keysrrrrÚskipr!r"rrrrÚs