U


W[3�@sp
dZd
dl
mZmZ
d
dlZd
dlmZ
d
dlmZ
zd
dl	Z	Wne
k
rX


dZ	YnXzd
dlZWne
k
r~


dZYnXe	r�er�d
dlm
Z
mZ
ndZ
Zd
dlmZ
d
dlmZmZ
Gd	d
�d
e�ZGdd�dej�ZGd
d�de�ZGdd�de�Zedk	�
rGdd�dej�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�Z dS)z'
Tests for L{twisted.conch.ssh.agent}.
�)�absolute_import�divisionN)
�unittest)
�iosim)�keys�agent)
�keydata)�
ConchError�MissingKeyStoreErrorc@seZ
dZd
Zdd�ZdS)�StubFactoryzb
    Mock factory that provides the keys attribute required by the
    SSHAgentServerProtocol
    c

Cs
i|_dS�
N)
r�
�self�r�?/usr/lib/python3/dist-packages/twisted/conch/test/test_agent.py�__init__&s
zStubFactory.__init__N)�__name__�
__module__�__qualname__�__doc__rrrrrr!s
rc@s:eZ
dZd
ZedkrdZnedks*edkr.dZdd�ZdS)�
AgentTestBasez*
    Tests for SSHAgentServer/Client.
    Nz,iosim requires SSL, but SSL is not availablez)Cannot run without cryptography or PyASN1c

Csjt�
tjtj�\|_|_|_t�|j_	t
j�t
j�
|_t
j�t
j�
|_t
j�t
j�
|_t
j�t
j�
|_dSr)r�connectedServerAndClientr�SSHAgentServer�SSHAgentClient�client�server�pumpr�factoryr�Key�
fromStringrZprivateRSA_openssh�
rsaPrivateZprivateDSA_openssh�
dsaPrivateZpublicRSA_openssh�	rsaPublicZpublicDSA_openssh�	dsaPublicr
rrr�setUp4s
�


zAgentTestBase.setUp)	rrrrr�skiprrr$rrrrr+s



rc@seZ
dZd
Zdd�ZdS)�&ServerProtocolContractWithFactoryTestsz�
    The server protocol is stateful and so uses its factory to track state
    across requests.  This test asserts that the protocol raises if its factory
    doesn't provide the necessary storage for that state.
    c
Cs2t�
d
dtj�}
|jjjd=|�t|jj	|
�
dS)Nz!LB�
r)
�structZpackrZAGENTC_REQUEST_IDENTITIESrr�__dict__ZassertRaisesr
ZdataReceived)r�msgrrr�/test_factorySuppliesKeyStorageForServerProtocolLs


�zVServerProtocolContractWithFactoryTests.test_factorySuppliesKeyStorageForServerProtocolN)rrrrr+rrrrr&Fs
r&c@s(eZ
dZd
Zdd�Zdd�Zdd�ZdS)	�"UnimplementedVersionOneServerTestsa!

    Tests for methods with no-op implementations on the server. We need these
    for clients, such as openssh, that try v1 methods before going to v2.

    Because the client doesn't expose these operations with nice method names,
    we invoke sendRequest directly with an op code.
    c
s0�j�
tjd
�}
�j��
�f
dd�}|
�|�
S)zV
        assert that we get the correct op code for an RSA identities request
        �c

s��t
jt|d
d��
�
dS)Nr
r')�assertEqualrZAGENT_RSA_IDENTITIES_ANSWER�ord)
Zpacketr
rr�_cbds

�zRUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIES.<locals>._cb)r�sendRequestrZAGENTC_REQUEST_RSA_IDENTITIESr�flush�addCallback)r�
dr0rr
r�"test_agentc_REQUEST_RSA_IDENTITIES^s


zEUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIESc
Cs(|j�
tjd
�}
|j��
|
�|jd
�S)z[
        assert that we get the correct op code for an RSA remove identity request
        r-)rr1rZAGENTC_REMOVE_RSA_IDENTITYrr2r3r.�rr4rrr�test_agentc_REMOVE_RSA_IDENTITYjs


zBUnimplementedVersionOneServerTests.test_agentc_REMOVE_RSA_IDENTITYc
Cs(|j�
tjd
�}
|j��
|
�|jd
�S)zj
        assert that we get the correct op code for an RSA remove all identities
        request.
        r-)rr1rZ AGENTC_REMOVE_ALL_RSA_IDENTITIESrr2r3r.r6rrr�%test_agentc_REMOVE_ALL_RSA_IDENTITIESss


zHUnimplementedVersionOneServerTests.test_agentc_REMOVE_ALL_RSA_IDENTITIESN)rrrrr5r7r8rrrrr,Us
	r,c@s eZ
dZd
Zdd�Zdd�ZdS)�
CorruptServerz�
        A misbehaving server that returns bogus response op codes so that we can
        verify that our callbacks that deal with these op codes handle such
        miscreants.
        cCs|�d
d�
dS�N�r-�
ZsendResponse�r�datarrr�agentc_REQUEST_IDENTITIES�s
z'CorruptServer.agentc_REQUEST_IDENTITIEScCs|�d
d�
dSr:r<r=rrr�agentc_SIGN_REQUEST�s
z!CorruptServer.agentc_SIGN_REQUESTN)rrrrr?r@rrrrr9s
r9c@s(eZ
dZd
Zdd�Zdd�Zdd�ZdS)	�ClientWithBrokenServerTestszM
    verify error handling code in the client using a misbehaving server
    c

Cs2t�
|�

t�ttj�\|_|_|_	t
�|j_dSr)rr$rrr9rrrrrrrr
rrrr$�s



�z!ClientWithBrokenServerTests.setUpc
Cs*|j�
|j��d
�}
|j��
|�|
t�S)z�
        Assert that L{SSHAgentClient.signData} raises a ConchError
        if we get a response from the server whose opcode doesn't match
        the protocol for data signing requests.
        �John Hancock)r�signDatar"�blobrr2�
assertFailurer	r6rrr�"test_signDataCallbackErrorHandling�s


z>ClientWithBrokenServerTests.test_signDataCallbackErrorHandlingc
Cs |j�
�}
|j��
|�|
t�S)
z�
        Assert that L{SSHAgentClient.requestIdentities} raises a ConchError
        if we get a response from the server whose opcode doesn't match
        the protocol for identity requests.
        )r�requestIdentitiesrr2rEr	r6rrr�+test_requestIdentitiesCallbackErrorHandling�s



zGClientWithBrokenServerTests.test_requestIdentitiesCallbackErrorHandlingN)rrrrr$rFrHrrrrrA�s
	rAc@s0eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
S)�AgentKeyAdditionTestsz<
    Test adding different flavors of keys to an agent.
    c
s2�j�
�j���
}
�j��
�f
d
d�}|
�|�
S)�@

        L{SSHAgentClient.addIdentity} adds the private key it is called
        with to the SSH agent server to which it is connected, associating
        it with the comment it is called with.

        This test asserts that omitting the comment produces an
        empty string for the comment on the server.
        c
s:�jj
j�j��}
���j|
d
�
��d|
d�
dS�Nr
r-r'�rrrr rDr.��ignoredZ	serverKeyr
rr�_check�s


zBAgentKeyAdditionTests.test_addRSAIdentityNoComment.<locals>._check�r�addIdentityr �privateBlobrr2r3�rr4rOrr
r�test_addRSAIdentityNoComment�s	


z2AgentKeyAdditionTests.test_addRSAIdentityNoCommentc
s2�j�
�j���
}
�j��
�f
d
d�}|
�|�
S)rJc
s:�jj
j�j��}
���j|
d
�
��d|
d�
dSrK�rrrr!rDr.rMr
rrrO�s


zBAgentKeyAdditionTests.test_addDSAIdentityNoComment.<locals>._check�rrQr!rRrr2r3rSrr
r�test_addDSAIdentityNoComment�s	


z2AgentKeyAdditionTests.test_addDSAIdentityNoCommentc
s6�jj
�j��d
d�}
�j��
�f
dd�}|
�|�
S)�1

        L{SSHAgentClient.addIdentity} adds the private key it is called
        with to the SSH agent server to which it is connected, associating
        it with the comment it is called with.

        This test asserts that the server receives/stores the comment
        as sent by the client.
        �My special key�
Zcommentc
s:�jj
j�j��}
���j|
d
�
��d|
d�
dS�Nr
rYr'rLrMr
rrrO�s


zDAgentKeyAdditionTests.test_addRSAIdentityWithComment.<locals>._checkrPrSrr
r�test_addRSAIdentityWithComment�s	
�

z4AgentKeyAdditionTests.test_addRSAIdentityWithCommentc
s6�jj
�j��d
d�}
�j��
�f
dd�}|
�|�
S)rXrYrZc
s:�jj
j�j��}
���j|
d
�
��d|
d�
dSr[rUrMr
rrrO�s


zDAgentKeyAdditionTests.test_addDSAIdentityWithComment.<locals>._checkrVrSrr
r�test_addDSAIdentityWithComment�s	
�

z4AgentKeyAdditionTests.test_addDSAIdentityWithCommentN)rrrrrTrWr\r]rrrrrI�s

rIc@seZ
dZd
d�ZdS)�AgentClientFailureTestsc
Cs$|j�
d
d�}
|j��
|�|
t�S)zK
        verify that the client raises ConchError on AGENT_FAILURE
        r;r-)rr1rr2rEr	r6rrr�test_agentFailure
s


z)AgentClientFailureTests.test_agentFailureN)rrrr_rrrrr^
s
r^c@s8eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
d�ZdS)
�AgentIdentityRequestsTestszJ
    Test operations against a server with identities already loaded.
    c

CsBt�
|�

|jd
f|jjj|j��<|jdf|jjj|j��<dS�N�	a comment�another comment�rr$r!rrrrDr r
rrrr$
s

��z AgentIdentityRequestsTests.setUpc
CsX|j�
|j��d
�}
|j��
|�|
�
}|j�d
�
}|�	||�
|�
|j�|d
��

dS)zc
        Sign data with an RSA private key and then verify it with the public
        key.
        rBN)rrCr"rDrr2ZsuccessResultOfr Zsignr.�
assertTrue�verify)rr4Z	signature�expectedrrr�test_signDataRSA
s





z+AgentIdentityRequestsTests.test_signDataRSAc
s4�j�
�j��d
�}
�j��
�f
dd�}|
�|�
S)zb
        Sign data with a DSA private key and then verify it with the public
        key.
        rBc

s���j
�|d
��

dS)NrB)rer#rf)
Zsigr
rrrO0
sz;AgentIdentityRequestsTests.test_signDataDSA.<locals>._check)rrCr#rDrr2r3rSrr
r�test_signDataDSA)
s


z+AgentIdentityRequestsTests.test_signDataDSAc
Cs<|jj
j|j��=|j�|j��d
�}
|j��
|�	|
t
�S)zm
        Assert that we get an errback if we try to sign data using a key that
        wasn't added.
        rB)rrrr"rDrrCrr2rEr	r6rrr�$test_signDataRSAErrbackOnUnknownBlob8
s



z?AgentIdentityRequestsTests.test_signDataRSAErrbackOnUnknownBlobc
s*�j�
�}
�j��
�f
d
d�}|
�|�
S)z}
        Assert that we get all of the keys/comments that we add when we issue a
        request for all identities.
        c
s^i}
d
|
�j�
�<d|
�j�
�<i}|D]$}|d|tjj|ddd��
�<q(��|
|�
dS)Nrbrcr'r
rD)
�type)r#rDr"rrrr.)ZkeytrgZreceived�
kr
rrrOJ
s




"
zAAgentIdentityRequestsTests.test_requestIdentities.<locals>._check)rrGrr2r3rSrr
r�test_requestIdentitiesC
s



	z1AgentIdentityRequestsTests.test_requestIdentitiesN)	rrrrr$rhrirjrmrrrrr`
s
r`c@s0eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
S)�AgentKeyRemovalTestsz<
    Test support for removing keys in a remote server.
    c

CsBt�
|�

|jd
f|jjj|j��<|jdf|jjj|j��<dSrardr
rrrr$\
s

��zAgentKeyRemovalTests.setUpc
s2�j�
�j���
}
�j��
�f
d
d�}|
�|�
S)z<
        Assert that we can remove an RSA identity.
        c

sJ��d
t
�jjj�
�
���j���jjj�
���j	���jjj�
dS�Nr')
r.�lenrrr�assertInr!rDZassertNotInr �
rNr
rrrOl
s


z;AgentKeyRemovalTests.test_removeRSAIdentity.<locals>._check)r�removeIdentityr rDrr2r3rSrr
r�test_removeRSAIdentityd
s

z+AgentKeyRemovalTests.test_removeRSAIdentityc
s2�j�
�j���
}
�j��
�f
d
d�}|
�|�
S)z;
        Assert that we can remove a DSA identity.
        c

s2��d
t
�jjj�
�
���j���jjj�
dSro)r.rprrrrqr rDrrr
rrrO{
s

z;AgentKeyRemovalTests.test_removeDSAIdentity.<locals>._check)rrsr!rDrr2r3rSrr
r�test_removeDSAIdentitys
s

z+AgentKeyRemovalTests.test_removeDSAIdentityc
s*�j�
�}
�j��
�f
d
d�}|
�|�
S)z;
        Assert that we can remove all identities.
        c

s��d
t
�jjj�
�
dS)Nr
)r.rprrrrrr
rrrO�
s
z=AgentKeyRemovalTests.test_removeAllIdentities.<locals>._check)rZremoveAllIdentitiesrr2r3rSrr
r�test_removeAllIdentities�
s


z-AgentKeyRemovalTests.test_removeAllIdentitiesN)rrrrr$rtrurvrrrrrnW
s

rn)!rZ
__future__rrr(Z
twisted.trialrZtwisted.testrZcryptography�ImportErrorZpyasn1Ztwisted.conch.sshrrZtwisted.conch.testrZtwisted.conch.errorr	r
�objectrZTestCaserr&r,rr9rArIr^r`rnrrrr�<module>s8











)

%PI