HEX

File: //usr/lib/python3/dist-packages/twisted/conch/test/__pycache__/test_ckeygen.cpython-38.pyc
U

s�@g9O�@s�dZddlZddlZddlZddlZddlmZmZddlm	Z	m
Z
ddlmZed�r�ed�r�ddl
mZmZmZmZdd	lmZmZmZmZmZnd
ZddlmZddlmZdd
lmZmZm Z m!Z!dd�Z"Gdd�de�Z#dS)z-
Tests for L{twisted.conch.scripts.ckeygen}.
�N)�BytesIO�StringIO)�unicode�_PY3)�
requireModuleZcryptographyZpyasn1)�Key�BadKeyError�BadFingerPrintFormat�FingerprintFormats)�changePassPhrase�displayPublicKey�printFingerprint�_saveKey�enumrepresentationzBcryptography and pyasn1 required for twisted.conch.scripts.ckeygen)�FilePath)�TestCase)�publicRSA_openssh�privateRSA_openssh�privateRSA_openssh_encrypted�privateECDSA_opensshcst����fdd�}|S)a@
    Return a callable to patch C{getpass.getpass}.  Yields a passphrase each
    time called. Use case is to provide an old, then new passphrase(s) as if
    requested interactively.

    @param passphrases: The list of passphrases returned, one per each call.

    @return: A callable to patch C{getpass.getpass}.
    cst��S�N)�next��_��passphrases��A/usr/lib/python3/dist-packages/twisted/conch/test/test_ckeygen.py�fakeGetpass.sz makeGetpass.<locals>.fakeGetpass)�iter)rrrrr�makeGetpass"s
r c@seZdZdZdd�Zd?dd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Z d=d>�Z!dS)@�KeyGenTestszN
    Tests for various functions used to implement the I{ckeygen} script.
    cCs*trt�|_nt�|_|�td|j�dS)zX
        Patch C{sys.stdout} so tests can make assertions about what's printed.
        �stdoutN)rrr"r�patch�sys��selfrrr�setUp9s
zKeyGenTests.setUpNc
Cs�|��}|dkr(t�dd|d|dg�nt�dd|d|dd|g�t�|�}t�|d�}|dkrt|�|��d�n|�|��|���|�|�	��dS)	N�ckeygen�-t�-fz--no-passphrasez-bz.pub�ecdsaZEC)
�mktemp�
subprocess�callrZfromFile�assertEqual�type�upperZ
assertTrueZisPublic)r&ZkeyTypeZkeySize�filenameZprivKey�pubKeyrrr�_testrunEs�
zKeyGenTests._testruncCsF|�dd�|�d�|�dd�|�d�|�dd�|�d�dS)Nr+Z384ZdsaZ2048Zrsa)r4r%rrr�test_keygenerationUs

zKeyGenTests.test_keygenerationc
CsT|��}|�tj��6ttjd��}tjdddd|g|d�W5QRXW5QRXdS)N�rbr(r)Zfoor*)�stderr)r,�assertRaisesr-ZCalledProcessError�open�os�devnullZ
check_call)r&r2r;rrr�test_runBadKeytype_s�zKeyGenTests.test_runBadKeytypecCs"tddi�}|�|dtj�dS)z�
        L{enumrepresentation} takes a dictionary as input and returns a
        dictionary with its attributes changed to enum representation.
        �format�md5-hexN)r�assertIsr
ZMD5_HEX�r&Zoptionsrrr�test_enumrepresentationis
�z#KeyGenTests.test_enumrepresentationcCs"tddi�}|�|dtj�dS)zF
        Test for format L{FingerprintFormats.SHA256-BASE64}.
        r=�
sha256-base64N)rr?r
Z
SHA256_BASE64r@rrr�test_enumrepresentationsha256ss
�z)KeyGenTests.test_enumrepresentationsha256c	Cs:|�t��}tddi�W5QRX|�d|jjd�dS)z9
        Test for unsupported fingerprint format
        r=�
sha-base64�*Unsupported fingerprint format: sha-base64rN)r8r	rr/�	exception�args)r&�emrrr� test_enumrepresentationBadFormat}s

�z,KeyGenTests.test_enumrepresentationBadFormatcCs:|��}t|��t�t|dd��|�|j��d�dS)z�
        L{printFingerprint} writes a line to standard out giving the number of
        bits of the key, its fingerprint, and the basename of the file from it
        was read.
        r>�r2r=z:2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp
N�r,r�
setContentrr
r/r"�getvalue�r&r2rrr�test_printFingerprint�s��z!KeyGenTests.test_printFingerprintcCs:|��}t|��t�t|dd��|�|j��d�dS)z�
        L{printFigerprint} will print key fingerprint in
        L{FingerprintFormats.SHA256-BASE64} format if explicitly specified.
        rBrJz72048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp
NrKrNrrr�test_printFingerprintsha256�s��z'KeyGenTests.test_printFingerprintsha256c	CsR|��}t|��t�|�t��}t|dd��W5QRX|�d|jj	d�dS)zx
        L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported
        formats are requested.
        rDrJrErN)
r,rrLrr8r	r
r/rFrG)r&r2rHrrr�)test_printFingerprintBadFingerPrintFormat�s
�z5KeyGenTests.test_printFingerprintBadFingerPrintFormatcCs�t|���}|��|�d�j}t�t�}t||ddd��|�	|j
��d||f�|�	|�|�d���dd�|�|�	t�|�d����|�
��dS)z�
        L{_saveKey} writes the private and public parts of a key to two
        different files and writes a report of this to standard out.
        �id_rsa�
passphraser>�r2�passr=z�Your identification has been saved in %s
Your public key has been saved in %s.pub
The key fingerprint in <FingerprintFormats=MD5_HEX> is:
85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da
N�
id_rsa.pub�rr,�makedirs�child�pathr�
fromStringrrr/r"rM�
getContent�public�r&�baser2�keyrrr�test_saveKey�s6
�������zKeyGenTests.test_saveKeycCs�t|���}|��|�d�j}t�t�}t||ddd��|�	|j
��d||f�|�	|�|�d���dd�|�|�	t�|�d����|�
��dS)z�
        L{_saveKey} writes the private and public parts of a key to two
        different files and writes a report of this to standard out.
        Test with ECDSA key.
        �id_ecdsarSr>rTz�Your identification has been saved in %s
Your public key has been saved in %s.pub
The key fingerprint in <FingerprintFormats=MD5_HEX> is:
1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16
Nzid_ecdsa.pub)rr,rXrYrZrr[rrr/r"rMr\r]r^rrr�test_saveKeyECDSA�s6
�������zKeyGenTests.test_saveKeyECDSAcCs�t|���}|��|�d�j}t�t�}t||ddd��|�	|j
��d||f�|�	|�|�d���dd�|�|�	t�|�d����|�
��dS)z�
        L{_saveKey} will generate key fingerprint in
        L{FingerprintFormats.SHA256-BASE64} format if explicitly specified.
        rRrSrBrTz�Your identification has been saved in %s
Your public key has been saved in %s.pub
The key fingerprint in <FingerprintFormats=SHA256_BASE64> is:
FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI=
NrVrWr^rrr�test_saveKeysha256�s6
�������zKeyGenTests.test_saveKeysha256c	Csjt|���}|��|�d�j}t�t�}|�t	��}t
||ddd��W5QRX|�d|jj
d�dS)zq
        L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported
        formats are requested.
        rRrSrDrTrErN)rr,rXrYrZrr[rr8r	rr/rFrG)r&r_r2r`rHrrr� test_saveKeyBadFingerPrintformats
�
�z,KeyGenTests.test_saveKeyBadFingerPrintformatcCs`t|���}|��|�d�j}t�t�}t||ddd��|�	|�|�d��
�dd�|�dS)�q
        L{_saveKey} will choose an empty string for the passphrase if
        no-passphrase is C{True}.
        rRTr>�r2z
no-passphraser=N�)rr,rXrYrZrr[rrr/r\r^rrr�test_saveKeyEmptyPassphrases
���z'KeyGenTests.test_saveKeyEmptyPassphrasecCs^t|���}|��|�d�j}t�t�}t||ddd��|�	|�|�d��
�d�|�dS)rfrbTr>rgN)rr,rXrYrZrr[rrr/r\r^rrr� test_saveKeyECDSAEmptyPassphrase)s
���z,KeyGenTests.test_saveKeyECDSAEmptyPassphrasecs�t|���}|��|�d�j�ddl}|�|jjj	d�fdd��t
�t�}t
|dddd	��|�d���}|�|dd
�}|�||�dS)zd
        When no path is specified, it will ask for the path used to store the
        key.
        Z
custom_keyrNZ	raw_inputcs�Srrr�ZkeyPathrr�<lambda>Erhz4KeyGenTests.test_saveKeyNoFilename.<locals>.<lambda>Tr>rgrh)rr,rXrYrZ�twisted.conch.scripts.ckeygenr#ZconchZscriptsr(rr[rrr\r/)r&r_Ztwistedr`ZpersistedKeyContentZpersistedKeyrrkr�test_saveKeyNoFilename;s
�z"KeyGenTests.test_saveKeyNoFilenamecCsf|��}t�t�}t|��t�td|i�|j�	��
d�}t|t�rP|�
d�}|�||�d��dS)zl
        L{displayPublicKey} prints out the public key associated with a given
        private key.
        r2�
�ascii�opensshN)r,rr[rrrLrrr"rM�strip�
isinstancer�encoder/�toString�r&r2r3Z	displayedrrr�test_displayPublicKeyOs


�z!KeyGenTests.test_displayPublicKeycCsh|��}t�t�}t|��t�t|dd��|j�	��
d�}t|t�rR|�
d�}|�||�d��dS)z�
        L{displayPublicKey} prints out the public key associated with a given
        private key using the given passphrase when it's encrypted.
        �	encrypted�r2rUrorprqN)r,rr[rrrLrrr"rMrrrsrrtr/rurvrrr�test_displayPublicKeyEncrypted`s


�z*KeyGenTests.test_displayPublicKeyEncryptedcCsx|��}t�t�}t|��t�|�tddd��t	d|i�|j
���d�}t
|t�rb|�d�}|�||�d��dS)	z�
        L{displayPublicKey} prints out the public key associated with a given
        private key, asking for the passphrase when it's encrypted.
        �getpasscSsdS)Nrxr)�xrrrrlyrhzLKeyGenTests.test_displayPublicKeyEncryptedPassphrasePrompt.<locals>.<lambda>r2rorprqN)r,rr[rrrLrr#r{rr"rMrrrsrrtr/rurvrrr�.test_displayPublicKeyEncryptedPassphrasePromptqs


�z:KeyGenTests.test_displayPublicKeyEncryptedPassphrasePromptcCs.|��}t|��t�|�tt|dd��dS)z�
        L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt
        an encrypted key with the wrong password.
        �wrongryN)r,rrLrr8rrrNrrr�$test_displayPublicKeyWrongPassphrase�s�z0KeyGenTests.test_displayPublicKeyWrongPassphrasecCsltddd�}|�td|�|��}t|��t�td|i�|�|j	�
��d�d�|�tt|��
��dS)zt
        L{changePassPhrase} allows a user to change the passphrase of a
        private key interactively.
        rx�newpassr{r2ro�;Your identification has been saved with the new passphrase.N�r r#r{r,rrLrrr/r"rMrr�assertNotEqualr\)r&Z
oldNewConfirmr2rrr�test_changePassphrase�s�
�z!KeyGenTests.test_changePassphrasecCsltdd�}|�td|�|��}t|��t�t|dd��|�|j	�
��d�d�|�tt|��
��dS)z�
        L{changePassPhrase} allows a user to change the passphrase of a
        private key, providing the old passphrase and prompting for new one.
        r�r{rxryror�Nr�)r&Z
newConfirmr2rrr�test_changePassphraseWithOld�s
�
�z(KeyGenTests.test_changePassphraseWithOldcCsV|��}t|��t�t|ddd��|�|j���d�d�|�	tt|��
��dS)z�
        L{changePassPhrase} allows a user to change the passphrase of a private
        key by providing both old and new passphrases without prompting.
        rx�
newencrypt)r2rUr�ror�N)r,rrLrrr/r"rMrrr�r\rNrrr�test_changePassphraseWithBoth�s���
�z)KeyGenTests.test_changePassphraseWithBothcCsR|��}t|��t�|�tt|dd��}|�dt|��|�tt|��	��dS)z�
        L{changePassPhrase} exits if passed an invalid old passphrase when
        trying to change the passphrase of a private key.
        r~ryz1Could not change passphrase: old passphrase errorN)
r,rrLrr8�
SystemExitrr/�strr\�r&r2�errorrrr�$test_changePassphraseWrongPassphrase�s��
�z0KeyGenTests.test_changePassphraseWrongPassphrasecCsb|�tdtd��|��}t|��t�|�tt	d|i�}|�
dt|��|�
tt|����dS)z�
        L{changePassPhrase} exits if no passphrase is specified for the
        C{getpass} call and the key is encrypted.
        r{�r2zMCould not change passphrase: Passphrase must be provided for an encrypted keyN)
r#r{r r,rrLrr8r�rr/r�r\r�rrr�!test_changePassphraseEmptyGetPass�s��
�z-KeyGenTests.test_changePassphraseEmptyGetPasscCs^|��}t|��d�|�ttd|i�}tr2d}nd}|�|t|��|�dt|��	��dS)zc
        L{changePassPhrase} exits if the file specified points to an invalid
        key.
        sfoobarr2z?Could not change passphrase: cannot guess the type of b'foobar'z>Could not change passphrase: cannot guess the type of 'foobar'N)
r,rrLr8r�rrr/r�r\)r&r2r��expectedrrr�test_changePassphraseBadKey�s�z'KeyGenTests.test_changePassphraseBadKeycCsh|��}t|��t�dd�}|�td|�|�tt|dd��}|�	dt
|��|�	tt|����dS)z�
        L{changePassPhrase} doesn't modify the key file if an unexpected error
        happens when trying to create the key with the new passphrase.
        c_std��dS)NZoops)�RuntimeError�rG�kwargsrrrrusz>KeyGenTests.test_changePassphraseCreateError.<locals>.toStringrur��r2r�z!Could not change passphrase: oopsN)r,rrLrr#rr8r�rr/r�r\)r&r2rur�rrr� test_changePassphraseCreateError�s ���z,KeyGenTests.test_changePassphraseCreateErrorcCsv|��}t|��t�dd�}|�td|�|�tt|dd��}t	rJd}nd}|�
|t|��|�
tt|����dS)	zq
        L{changePassPhrase} doesn't modify the key file if C{toString} returns
        an empty string.
        c_sdS)Nr�rr�rrrruszCKeyGenTests.test_changePassphraseEmptyStringError.<locals>.toStringrur�r�z9Could not change passphrase: cannot guess the type of b''z8Could not change passphrase: cannot guess the type of ''N)
r,rrLrr#rr8r�rrr/r�r\)r&r2rur�r�rrr�%test_changePassphraseEmptyStringErrors ���z1KeyGenTests.test_changePassphraseEmptyStringErrorcCsR|��}t|��t�|�tt|dd��}|�dt|��|�tt|��	��dS)z�
        L{changePassPhrase} exits when trying to change the passphrase on a
        public key, and doesn't change the file.
        rUr�z.Could not change passphrase: key not encryptedN)
r,rrLrr8r�rr/r�r\r�rrr�test_changePassphrasePublicKey/s��z*KeyGenTests.test_changePassphrasePublicKey)N)"�__name__�
__module__�__qualname__�__doc__r'r4r5r<rArCrIrOrPrQrarcrdrerirjrnrwrzr}rr�r�r�r�r�r�r�r�r�rrrrr!5s>




r!)$r�r{r$r:r-�iorrZtwisted.python.compatrrZtwisted.python.reflectrZtwisted.conch.ssh.keysrrr	r
rmrrr
rr�skipZtwisted.python.filepathrZtwisted.trial.unittestrZtwisted.conch.test.keydatarrrrr r!rrrr�<module>s