U

��W[!��@s�dZd
dl
Zd
dlmZ
d
dlmZ
d
dlZd
dlm	Z	m
Z

d
dlmZ
d
dl
mZmZ
d
dlmZmZ
d
d	lmZ
d
d
lmZ
d
dlmZ
d
dlmZ
d
d
lmZmZ
d
dlmZm Z 
d
dl!m"Z"m#Z#m$Z$m%Z%
d
dl&m'Z'm(Z(
d
dl)m*Z*
d
dl+m,Z,
d
dl-m.Z.m/Z/
d
dl&m0Z0m1Z1
d
dl2m3Z3
d
dl4m5Z5
d
dl6m7Z7
d
dl8m9Z9m:Z:m;Z;
ed�
�r.ed�
�r.d
dl<m=Z=
d
dl>m?Z?
d
dl@mAZA
d
dlBmCZC
d
dlDmEZE
d
d lFmGZG
d
d!lHmIZI
d
d"lJmKZKmLZL
d
d#lMmNZNmOZO
d
d$lPmQZQ
d
d%lRmSZSmTZTmUZUmVZV
d
d&lWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^
d
d'l_m`Z`
n(d(ZaebZ?ZAZCZEZGZIZKZNZQd
d)l-mcZc
d
d*ldmeZemfZf
Gd+d,�d,ee�ZgGd-d.�d.eG�ZhGd/d0�d0eG�ZiGd1d2�d2eG�ZjGd3d4�d4eb�ZkGd5d6�d6e�ZlGd7d8�d8eb�ZmGd9d:�d:eA�ZnGd;d<�d<e?�Zoee�
Gd=d>�d>eb��
Zpee�
Gd?d@�d@eb��
ZqGdAdB�dBeb�ZrGdCdD�dDe,er�ZsGdEdF�dFe,er�ZtGdGdH�dHe,�ZuGdIdJ�dJeb�ZvGdKdL�dLe,�ZwdS)Mz'
Tests for L{twisted.conch.endpoints}.
�N)
�pack)
�ENOSYS)�verifyObject�verifyClass)
�implementer)�globalLogPublisher�LogLevel)�	iteritems�
networkString)
�Failure)
�FilePath)
�msg)
�
requireModule)�IAddress�IStreamClientEndpoint)�Factory�Protocol)�CancelledError�Deferred�succeed�fail)�ConnectionDone�ConnectionRefusedError)
�IPv4Address)
�TestCase)�EventLoggingObserver�MemoryReactorClock)�ProcessTerminated�ConnectingCancelledError)
�Portal)
�'InMemoryUsernamePasswordDatabaseDontUse)
�
IConchUser)�
ConchError�UserRejectedKey�HostKeyChangedZcryptographyzpyasn1.type)
�common)
�
SSHFactory)
�SSHUserAuthServer)
�
SSHConnection)
�Key)
�
SSHChannel)
�SSHAgentServer)�KnownHostsFile�	ConsoleUI)�SSHPublicKeyChecker�InMemorySSHKeyDB)
�	ConchUser)�publicRSA_openssh�privateRSA_openssh� privateRSA_openssh_encrypted_aes�privateDSA_openssh)�_ISSHConnectionCreator�AuthenticationFailed�SSHCommandAddress�SSHCommandClientEndpoint�	_ReadFile�_NewConnectionHelper�_ExistingConnectionHelper)
�SSHClientTransportz%can't run w/o cryptography and pyasn1)
�StringTransport)�
FakeTransport�connectc@seZ
dZd
ZdZdd�ZdS)�AbortableFakeTransportzC
    A L{FakeTransport} with added C{abortConnection} support.
    Fc

Cs
d
|_dS)z}
        Abort the connection in a fake manner.

        This should really be implemented in the underlying module.
        TN�
�aborted�
�self�rE�C/usr/lib/python3/dist-packages/twisted/conch/test/test_endpoints.py�abortConnectionNsz&AbortableFakeTransport.abortConnectionN)�__name__�
__module__�__qualname__�__doc__rBrGrErErErFr@Gs
r@c@seZ
dZd
Zdd�ZdS)�BrokenExecSessionzO
    L{BrokenExecSession} is a session on which exec requests always fail.
    c
Csd
S)z�
        Fail all exec requests.

        @param data: Information about what is being executed.
        @type data: L{bytes}

        @return: C{0} to indicate failure
        @rtype: L{int}
        r
rE�rD�datarErErF�request_exec\s
zBrokenExecSession.request_execN�rHrIrJrKrOrErErErFrLXs
rLc@seZ
dZd
Zdd�ZdS)�WorkingExecSessionzS
    L{WorkingExecSession} is a session on which exec requests always succeed.
    c
Csd
S)z�
        Succeed all exec requests.

        @param data: Information about what is being executed.
        @type data: L{bytes}

        @return: C{1} to indicate success
        @rtype: L{int}
        �
rErMrErErFrOns
zWorkingExecSession.request_execNrPrErErErFrQjs
rQc@seZ
dZd
Zdd�ZdS)�UnsatisfiedExecSessionz�
    L{UnsatisfiedExecSession} is a session on which exec requests are always
    delayed indefinitely, never succeeding or failing.
    c
Cst�S)
z�
        Delay all exec requests indefinitely.

        @param data: Information about what is being executed.
        @type data: L{bytes}

        @return: A L{Deferred} which will never fire.
        @rtype: L{Deferred}
        )
rrMrErErFrO�s
z#UnsatisfiedExecSession.request_execNrPrErErErFrS|s
rSc@seZ
dZd
d�Zdd�ZdS)�TrivialRealmc

Cs
i|_dS�
N)
�
channelLookuprCrErErF�__init__�s
zTrivialRealm.__init__cGst�}|j
|_
t|d
d�fS)Nc
SsdSrUrErErErErF�<lambda>��z,TrivialRealm.requestAvatar.<locals>.<lambda>)r0rVr!)rDZavatarIdZmindZ
interfacesZavatarrErErF�
requestAvatar�s


zTrivialRealm.requestAvatarN)rHrIrJrWrZrErErErFrT�s
rTc@seZ
dZd
Zdd�Zd
S)�AddressSpyFactoryNcCs|
|_t
�||
�SrU)�addressr�
buildProtocol)rDr\rErErFr]�s

zAddressSpyFactory.buildProtocol)rHrIrJr\r]rErErErFr[�s
r[c@s$eZ
dZd
d�Zdd�Zdd�ZdS)�FixedResponseUIcCs
|
|_dSrU�
�result)rDr`rErErFrW�s
zFixedResponseUI.__init__cCs
t|j
�
SrU)rr`�rD�textrErErF�prompt�s
zFixedResponseUI.promptc
CsdSrUrErarErErF�warn�s
zFixedResponseUI.warnN)rHrIrJrWrcrdrErErErFr^�s
r^c@s$eZ
dZed
d��
Zedd��
ZdS)�FakeClockSSHUserAuthServerc


Cs
|jj
jS)
zy
        Use the C{attemptsBeforeDisconnect} value defined by the factory to make
        it easier to override.
        )�	transport�factory�attemptsBeforeDisconnectrCrErErFrh�sz3FakeClockSSHUserAuthServer.attemptsBeforeDisconnectc


Cs
|jj
jS)
z�
        Use the reactor defined by the factory, rather than the default global
        reactor, to simplify testing (by allowing an alternate implementation
        to be supplied by tests).
        )rfrg�reactorrCrErErF�clock�sz FakeClockSSHUserAuthServer.clockN)rHrIrJ�propertyrhrjrErErErFre�s


rec@s2eZ
dZed
d��
Zedd��
Zeed�ZdZ	dS)�CommandFactoryc

Csd
tj
td�
i
S�N�ssh-rsa)
rN)r)�
fromStringr1rCrErErF�
publicKeys�s
�zCommandFactory.publicKeysc

Csd
tj
td�
i
Srm)r)ror2rCrErErF�privateKeys�s
�zCommandFactory.privateKeys)sssh-userauthsssh-connectionr
N)
rHrIrJrkrprqrer(�servicesrhrErErErFrl�s





�	rlc
@seZ
dZd
S)�
MemoryAddressN)rHrIrJrErErErFrs�srsc@s eZ
dZd
Zdd�Zdd�ZdS)�SingleUseMemoryEndpointa]

    L{SingleUseMemoryEndpoint} is a client endpoint which allows one connection
    to be set up and then exposes an API for moving around bytes related to
    that connection.

    @ivar pump: L{None} until a connection is attempted, then a L{IOPump}
        instance associated with the protocol which is connected.
    @type pump: L{IOPump}
    cCsd
|_|
|_
d
S)z�
        @param server: An L{IProtocol} provider to which the client will be
            connected.
        @type server: L{IProtocol} provider
        N)�pump�_server)rD�serverrErErFrW�s
z SingleUseMemoryEndpoint.__init__cCsf|jdk	rt
d
�
�
z|
�t��
}Wn


t�YSXt|jt|jdd�|t|dd��|_t|�
SdS)Nz(SingleUseMemoryEndpoint was already usedT�
�isServerF)	ru�	Exceptionr]rsrr?rvr@r)rDrg�protocolrErErFr?�s 







�
�zSingleUseMemoryEndpoint.connectN)rHrIrJrKrWr?rErErErFrt�s	
rtc@s�eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd*d#d$�
Zd%d&�Zd'd(�Zd)S)+�"SSHCommandClientEndpointTestsMixina�

    Tests for L{SSHCommandClientEndpoint}, an L{IStreamClientEndpoint}
    implementations which connects a protocol with the stdin and stdout of a
    command running in an SSH session.

    These tests apply to L{SSHCommandClientEndpoint} whether it is constructed
    using L{SSHCommandClientEndpoint.existingConnection} or
    L{SSHCommandClientEndpoint.newConnection}.

    Subclasses must override L{create}, L{assertClientTransportState}, and
    L{finishConnection}.
    c

Cs�d
|_d|_
d|_d|_t�|_t�|_t|j�
|_	t
�|_|j�|j|j�
|j	�
|j�

t�|_|j|j_|j	|j_	|j��
|�|jj�

tddd�|_tddd	�|_dS)
Nsssh.example.comi&�suserspasswordZTCPz10.0.0.1i90z192.168.100.200i1�)�hostname�port�user�passwordrrirT�realmr�portalr ZpasswdDBZaddUser�registerCheckerrlrgZdoStart�
addCleanupZdoStopr�
clientAddress�
serverAddressrCrErErF�setUp
s"


















z(SSHCommandClientEndpointTestsMixin.setUpc

Cstd
|j
jf
�
�
dS)z�
        Create and return a new L{SSHCommandClientEndpoint} to be tested.
        Override this to implement creation in an interesting way the endpoint.
        z%r did not implement createN��NotImplementedError�	__class__rHrCrErErF�create2
s
�z)SSHCommandClientEndpointTestsMixin.createcCstd
|j
jf
�
�
dS)a�

        Make an assertion about the connectedness of the given protocol's
        transport.  Override this to implement either a check for the
        connection still being open or having been closed as appropriate.

        @param client: The client whose state is being checked.

        @param immediateClose: Boolean indicating whether the connection was
            closed immediately or not.
        z/%r did not implement assertClientTransportStateNr��rD�clientZimmediateCloserErErF�assertClientTransportState;
s


��z=SSHCommandClientEndpointTestsMixin.assertClientTransportStatec

Cstd
|j
jf
�
�
dS)z�
        Do any remaining work necessary to complete an in-memory connection
        attempted initiated using C{self.reactor}.
        z%%r did not implement finishConnectionNr�rCrErErF�finishConnectionK
s


��z3SSHCommandClientEndpointTestsMixin.finishConnectioncCsT|�d
�
}|
�d
�
}t
|d|j|jd�}t
|d|j|jd�}t||||�}|||fS)aw

        Set up an in-memory connection between protocols created by
        C{serverFactory} and C{clientFactory}.

        @return: A three-tuple.  The first element is the protocol created by
            C{serverFactory}.  The second element is the protocol created by
            C{clientFactory}.  The third element is the L{IOPump} connecting
            them.
        NF)ryZhostAddressZpeerAddressT)r]r@r�r�r?)rDZ
serverFactoryZ
clientFactoryZclientProtocolZserverProtocolZclientTransportZserverTransportrurErErF�connectedServerAndClientU
s*





�

�
�z;SSHCommandClientEndpointTestsMixin.connectedServerAndClientc
	Cs�|��}
t
�}t|_|
�|�
}|��\}}}|�t�
}|�d
|dj	j
|dj	j	f�
|�dt|�
�
|�
|�
}|�t�

|�d|j	j	�
|�|d�
dS)z�
        If a channel cannot be opened on the authenticated SSH connection, the
        L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with
        a L{Failure} wrapping the reason given by the server.
        �unknown channelr
rR�unknown channelFN)r�rrr{r?r��flushLoggedErrorsr"�assertIn�valuerN�assertEqual�len�failureResultOf�trapr�)	rD�endpointrg�	connectedrwr�ru�errors�
frErErF�test_channelOpenFailuren
s





�



z:SSHCommandClientEndpointTestsMixin.test_channelOpenFailurec
Cslt|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}|�
t�

|�d|j
j
�
|�|d�
dS)z�
        If execution of the command fails, the L{Deferred} returned by
        L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping
        the reason given by the server.
        �sessionzchannel request failedFN)rLr�rVr�rrr{r?r�r�r�r"r�r�r��rDr�rgr�rwr�rur�rErErF�test_execFailure�
s







z3SSHCommandClientEndpointTestsMixin.test_execFailurec
Csdt|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	�
|�
|�
}|�t�

|�
|d�
dS)z�
        If execution of the command is cancelled via the L{Deferred} returned
        by L{SSHCommandClientEndpoint.connect}, the connection is closed
        immediately.
        r�TN)rSr�rVr�rrr{r?r��cancelr�r�rr�r�rErErF�test_execCancelled�
s







z5SSHCommandClientEndpointTestsMixin.test_execCancelledc
Cs�t|j
jd
<|��}
t�}t|_|
�|�

|��\}}}|�	|j
t�
|�|j
��|j
j�
|�|j|j
j�
|�d|j
j�
dS)aD

        Once the necessary SSH actions have completed successfully,
        L{SSHCommandClientEndpoint.connect} uses the factory passed to it to
        construct a protocol instance by calling its C{buildProtocol} method
        with an address object representing the SSH connection and command
        executed.
        r��
/bin/ls -lN)rQr�rVr�r[rr{r?r��assertIsInstancer\r7r�rfZgetHostrwrZusernameZcommand)rDr�rgrwr�rurErErF�test_buildProtocol�
s





z5SSHCommandClientEndpointTestsMixin.test_buildProtocolc
CsRt|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}|�
|j�

dS)a

        L{SSHCommandClientEndpoint} establishes an SSH connection, creates a
        channel in it, runs a command in that channel, and uses the protocol's
        C{makeConnection} to associate it with a protocol representing that
        command's stdin and stdout.
        r�N)rQr�rVr�rrr{r?r��successResultOf�assertIsNotNonerf�rDr�rgr�rwr�rur{rErErF�test_makeConnection�
s





z6SSHCommandClientEndpointTestsMixin.test_makeConnectionc

Cs�t|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}g}|j
|_|jj
}	|jj|	�d�

|��
|�dd�|�
�
dS)z�
        After establishing the connection, when the command on the SSH server
        produces output, it is delivered to the protocol's C{dataReceived}
        method.
        r��hello, worldrYN)rQr�rVr�rrr{r?r�r��append�dataReceivedrf�id�service�channels�writerur��join)
rDr�rgr�rwr�rur{r��	channelIdrErErF�test_dataReceived�
s








z4SSHCommandClientEndpointTestsMixin.test_dataReceivedc

Cs�t|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}g}|j
|_|jj
}	|jj|	��
|��
|d�t�

|�|d�
dS)zq
        When the command closes the channel, the protocol's C{connectionLost}
        method is called.
        r�r
FN)rQr�rVr�rrr{r?r�r�r��connectionLostrfr�r�r��loseConnectionrur�rr�)
rDr�rgr�rwr�rur{r�r�rErErF�test_connectionLost�
s








z6SSHCommandClientEndpointTestsMixin.test_connectionLostc
Cs�t|j
jd
<|��}t�}t|_|�|�
}|��\}}}|�	|�
}	g}
|
j
|	_|	jj
}|jj|}|j�||
|�
|��
|��
|�|d�
|
dS)zJ
        Test handling of non-zero exit statuses or exit signals.
        r�Fr
)rQr�rVr�rrr{r?r�r�r�r�rfr�r�r�ZsendRequestr�rur�)
rDZrequestZ
requestArgr�rgr�rwr�rur{r�r�ZchannelrErErF�_exitStatusTests 











z2SSHCommandClientEndpointTestsMixin._exitStatusTestc
Cs$d
}
|�dt
d|
��}|�t�

dS)��
        When the command exits with a non-zero status, the protocol's
        C{connectionLost} method is called with a L{Failure} wrapping an
        exception which encapsulates that status.
        r
�exit-status�>LN)r�rr�r)rD�exitCode�excrErErF�test_zeroExitCode9s

z4SSHCommandClientEndpointTestsMixin.test_zeroExitCodec
CsHd
}
d}|�dt
d|
��}|�t�

|�|
|jj�
|�||jj�
dS)r��{Nr�r�)r�rr�rr�r�r��signal)rDr�r�r�rErErF�test_nonZeroExitStatusDs





z9SSHCommandClientEndpointTestsMixin.test_nonZeroExitStatusc
Cs�t�}
t
�|
�

|�t
j|
�
d
}d}d�t�d�
dt�d�
t�d�
g�
}|�d|�}|�	t
�

|�||jj
�
|�||jj�
d	}t�|
t�t�t�tj�
|dd
ddd��
�
�
d
S)
a

        When the command exits with a non-zero signal, the protocol's
        C{connectionLost} method is called with a L{Failure} wrapping an
        exception which encapsulates that status.

        Additional packet contents are logged at the C{info} level.
        N�rYsTERM�

smessagesen-USsexit-signalz'twisted.conch.endpoints._CommandChannelT�message)Z	log_levelZ
log_namespaceZshortSignalNameZ
coreDumpedZerrorMessageZlanguageTag)rrZaddObserverr�ZremoveObserverr�r%ZNSr�r�rr�r�r�r��hamcrestZassert_thatZhas_itemZhas_entriesZequal_tor�info)rDZlogObserverr�r�Zpacketr�ZlogNamespacerErErF�test_nonZeroExitSignalRs<






�













����z9SSHCommandClientEndpointTestsMixin.test_nonZeroExitSignalFcs<|jj
}g�|r�f
d
d�}n�j}t|
jj|||�
�S)a

        Hook into and record events which happen to C{protocol}.

        @param server: The SSH server protocol over which C{protocol} is
            running.
        @type server: L{IProtocol} provider

        @param protocol:

        @param event:

        @param noArgs:
        cs
��d�
SrU)
r�rE�
ZrecorderrErFrX�rYz;SSHCommandClientEndpointTestsMixin.record.<locals>.<lambda>)rfr�r��setattrr�r�)rDrwr{Zevent�noArgsr�r�rEr�rF�record}s


z)SSHCommandClientEndpointTestsMixin.recordc
	Cszt|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}|�
||d�}|j�d�

|�
�
|�dd�|�
�
dS)z�
        The transport connected to the protocol has a C{write} method which
        sends bytes to the input of the command executing on the SSH server.
        r�r�r�rYN)rQr�rVr�rrr{r?r�r�r�rfr�rur�r��	rDr�rgr�rwr�rur{r�rErErF�
test_write�s







z-SSHCommandClientEndpointTestsMixin.test_writec
	Cs|t|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}|�
||d�}|j�dg
�

|�
�
|�dd�|�
�
dS)z�
        The transport connected to the protocol has a C{writeSequence} method which
        sends bytes to the input of the command executing on the SSH server.
        r�r�r�rYN)rQr�rVr�rrr{r?r�r�r�rfZ
writeSequencerur�r�r�rErErF�test_writeSequence�s







z5SSHCommandClientEndpointTestsMixin.test_writeSequenceN)
F)rHrIrJrKr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rErErErFr|
s(
	
+
r|c@s�eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)1�NewConnectionTestsz`
    Tests for L{SSHCommandClientEndpoint} when using the C{newConnection}
    constructor.
    c

Csht�
|�

t|���
|_t|j�
|_|j�|j|j	j
d
�
|j�t|jj
�
|j	j
d
�
|j��
dS)�
        Configure an SSH server with password authentication enabled for a
        well-known (to the tests) account.
        rnN)r|r�r�mktempZhostKeyPathr,�
knownHosts�
addHostKeyr}rgrpr
r��host�saverCrErErFr��s




�



�zNewConnectionTests.setUpc


Cs*tj
|jd
|j|j|j|j|jtd�
d�S)zu
        Create and return a new L{SSHCommandClientEndpoint} using the
        C{newConnection} constructor.
        r�F�r�r��ui)	r8�
newConnectionrirr}r~r�r�r^rCrErErFr��s


�zNewConnectionTests.createc

Cs|�|j
|jjd
d�S)z}
        Establish the first attempted TCP connection using the SSH server which
        C{self.factory} can create.
        r
�)r�rgri�
tcpClientsrCrErErFr��s
�z#NewConnectionTests.finishConnectioncCsH|j|
|d
dd�}|j
��
|��
|�dg
|�
|��
|j
��
dS)a�
        Lose the connection to a server and pump the L{IOPump} sufficiently for
        the client to handle the lost connection. Asserts that the client
        disconnects its transport.

        @param server: The SSH server protocol over which C{protocol} is
            running.
        @type server: L{IProtocol} provider

        @param client: The SSH client protocol over which C{protocol} is
            running.
        @type client: L{IProtocol} provider

        @param protocol: The protocol created by calling connect on the ssh
            endpoint under test.
        @type protocol: L{IProtocol} provider

        @param pump: The L{IOPump} connecting client to server.
        @type pump: L{IOPump}
        �closedT)
r�N)r�rfr�rur�ZreportDisconnect)rDrwr�r{rur�rErErF�loseConnectionToServer�s



z)NewConnectionTests.loseConnectionToServercCs&|r|�|
j
j�

n|�|
j
j�

d
S)z�
        Assert that the transport for the given protocol has been disconnected.
        L{SSHCommandClientEndpoint.newConnection} creates a new dedicated SSH
        connection and cleans it up after the command exits.
        N)�
assertTruerfrB�
disconnectingr�rErErFr�s
z-NewConnectionTests.assertClientTransportStatec
Cs,t�
|jd
d|j|j�}
|�tt|
��

dS)zY
        L{SSHCommandClientEndpoint} instances provide L{IStreamClientEndpoint}.
        �
dummy command�
dummy userN)r8r�rir}r~r�rr�rDr�rErErF�test_interface"s

�z!NewConnectionTests.test_interfacec
Cs(t�
|jd
d|j�}
|�d|
jj�
dS)z�
        L{SSHCommandClientEndpoint} uses the default port number for SSH when
        the C{port} argument is not specified.
        r�r��N�r8r�rir}r�Z_creatorr~r�rErErF�test_defaultPort,s
�z#NewConnectionTests.test_defaultPortc
Cs,tj
|jd
d|jdd�}
|�d|
jj�
dS)zU
        L{SSHCommandClientEndpoint} uses the C{port} argument if specified.
        r�r�i�)
r~Nr�r�rErErF�test_specifiedPort6s

�z%NewConnectionTests.test_specifiedPortc

Cs�tj
|jd
|j|j|j|j|jtd�
d�}
t	�}t
|_|
�|�

|jj
d\}}}}}|�|jt|�
�
|�|j|�
|�dt|jj
�
�
dS)z�
        L{SSHCommandClientEndpoint} uses the L{IReactorTCP} passed to it to
        attempt a connection to the host/port address also passed to it.
        r�Fr�r
rRN)r8r�rirr}r~r�r�r^rrr{r?r�r�r
r�)rDr�rgr�r~ZtimeoutZbindAddressrErErF�test_destination@s"


�





z#NewConnectionTests.test_destinationc
	Csptj
|jd
d|j|j|jtd�
d�}
t�}t|_	|
�
|�
}|jjdd}|�dt
t��
�
|�|�
�t�

dS)z�
        If a connection cannot be established, the L{Deferred} returned by
        L{SSHCommandClientEndpoint.connect} fires with a L{Failure}
        representing the reason for the connection setup failure.
        r�r�F�r�r�r
r�N)r8r�rir}r~r�r^rrr{r?r�ZclientConnectionFailedrrr�r��rDr�rg�
drErErF�test_connectionFailedSs


�



z(NewConnectionTests.test_connectionFailedc
	Csxtj
|jd
d|j|jt|���
td�
d�}
t�}t	|_
|
�|�
}|�|j
|jjdd�\}}}|�|�
}|�t�

dS)a"

        If the L{KnownHostsFile} instance used to construct
        L{SSHCommandClientEndpoint} rejects the SSH public key presented by the
        server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect}
        fires with a L{Failure} wrapping L{UserRejectedKey}.
        r�r�Fr�r
r�N)r8r�rir}r~r,r�r^rrr{r?r�rgr�r�r�r#r�rErErF�test_userRejectedHostKeygs$



�



�


z+NewConnectionTests.test_userRejectedHostKeyc

Cs�t�
t�
��}
tt|���
�
}|�t|j	j
�
|
�
tj
td
d���}|�|j|�
t
d�
}tj|jdd|j|jd||d�}t�}t|_|�|�
}|�|j|jjdd	�\}}	}
|�|�
}|�t�

d
S)ac

        If the SSH public key presented by the SSH server does not match the
        previously remembered key, as reported by the L{KnownHostsFile}
        instance use to construct the endpoint, for that server, the
        L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with
        a L{Failure} wrapping L{HostKeyChanged}.
        stestxp)
Z
passphraseTr�r��dummy passwordr�r
r�N)r)ror2�publicr,rr�r�r
r�r�r3r}r^r8r�rir~rrr{r?r�rgr�r�r�r$)rDZfirstKeyr�ZdifferentKeyr�r�rgr�rwr�rur�rErErF�test_mismatchedHostKey~s<



�
�



�



�


z)NewConnectionTests.test_mismatchedHostKeyc
	Cs�tj
|jd
d|j|j|jtd�
d�}
t�}t|_	|
�
|�
}t�}|jjdd}|�
d�
}|�|�

|�tt��
�

|�|�
�t�

dS)aU

        If the connection closes at any point before the SSH transport layer
        has finished key exchange (ie, gotten to the point where we may attempt
        to authenticate), the L{Deferred} returned by
        L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping
        the reason for the lost connection.
        r�r�Fr�r
r�N)r8r�rir}r~r�r^rrr{r?r=r�r]�makeConnectionr�rrr�r��rDr�rgr�rfr�rErErF�!test_connectionClosedBeforeSecure�s$


�








z4NewConnectionTests.test_connectionClosedBeforeSecurec
	Cs�tj
|jd
d|j|j|jtd�
d�}
t�}t|_	|
�
|�
}tddd�}|jjdd}|�
d�
}|�|�

|��
|�|�
�t�

|�|j�

|�tt��
�

dS)	a[

        If the connection is cancelled before the SSH transport layer has
        finished key exchange (ie, gotten to the point where we may attempt to
        authenticate), the L{Deferred} returned by
        L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping
        L{CancelledError} and the connection is aborted.
        r�r�Fr�Nrxr
r�)r8r�rir}r~r�r^rrr{r?r@r�r]r�r�r�r�rr�rBr�rrr�rErErF�$test_connectionCancelledBeforeSecure�s(


�









z7NewConnectionTests.test_connectionCancelledBeforeSecurec
	Csjtj
|jd
d|j|j|jtd�
d�}
t�}t|_	|
�
|�
}|��
|�|�
�
t�

|�|jjdj�

dS)zz
        If the connection is cancelled before it finishes connecting, the
        connection attempt is stopped.
        r�r�Fr�r
N)r8r�rir}r~r�r^rrr{r?r�r�r�rr�Z
connectorsZstoppedConnectingr�rErErF�'test_connectionCancelledBeforeConnected�s


�





z:NewConnectionTests.test_connectionCancelledBeforeConnectedc

Cs�tj
|jd
d|j|jd|jtd�
d�}
t�}t|_	|
�
|�
}|�|j|jj
dd�\}}}|j�|jj�

|��
|�|�
}|�t�

|�|d�
dS)	z�
        If the SSH server rejects the password presented during authentication,
        the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires
        with a L{Failure} wrapping L{AuthenticationFailed}.
        r�r�r�Fr�r
r�N)r8r�rir}r~r�r^rrr{r?r�rgr�Zadvancer�Z
passwordDelay�flushr�r�r6r�r�rErErF�"test_passwordAuthenticationFailure�s,


�



�



z5NewConnectionTests.test_passwordAuthenticationFailurecCs0td
d�t
|�
D�
�
}tt|�
�
}|
�|�

dS)a�

        Create an L{ISSHPrivateKey} checker which recognizes C{users} and add it
        to C{portal}.

        @param portal: A L{Portal} to which to add the checker.
        @type portal: L{Portal}

        @param users: The users and their keys the checker will recognize.  Keys
            are byte strings giving user names.  Values are byte strings giving
            OpenSSH-formatted private keys.
        @type users: L{dict}
        c
Ss$g|]\}
}|
t�
|�
��g
f�qSrE)r)ror�)�.0�
k�
vrErErF�
<listcomp>s
�z6NewConnectionTests.setupKeyChecker.<locals>.<listcomp>N)�dictr	r.r/r�)rDr�Zusers�mappingZcheckerrErErF�setupKeyCheckers


�
z"NewConnectionTests.setupKeyCheckerc
	
Cs�t�
t�
}
|�|j|jti
�
tj|j	d
|j|j
|j|
g
|jt
d�
d�}t�}t|_|�|�
}|�|j|j	jdd�\}}}|�|�
}|�t�

|�|jj�

dS)z�
        If the SSH server rejects the key pair presented during authentication,
        the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires
        with a L{Failure} wrapping L{AuthenticationFailed}.
        r�F��keysr�r�r
r�N)r)ror2r�r�rr4r8r�rir}r~r�r^rrr{r?r�rgr�r�r�r6r�rfr�)	rD�badKeyr�rgr�rwr�rur�rErErF�#test_publicKeyAuthenticationFailure#s,




�



�



z6NewConnectionTests.test_publicKeyAuthenticationFailurec

Cs

t�
t�
}
|�|j|jti
�
tj|j	d
|j|j
|j|
g
|j|j
td�
d�	}t�}t|_|�|�
}|jjd7_|�|j|j	jdd�\}}}|��
|�t�
}|�d|djj|djjf�
|�dt|�
�
|�|�
}	|	� t�

|�d|	jj�
|�!|j"j#�

d	S)
z{
        If the SSH server does not accept any of the specified SSH keys, the
        specified password is tried.
        r�F)r�r�r�r�rRr
r�r�r�N)$r)ror2r�r�rr4r8r�rir}r~r�r�r^rrr{r?rgrhr�r�rur�r"r�r�rNr�r�r�r�r�rfr�)
rDr
r�rgr�rwr�rur�r�rErErF�test_authenticationFallbackBs@




�



�



�



z.NewConnectionTests.test_authenticationFallbackc
	
Cs�t�
t�
}
|�|j|jti
�
t|jjd
<t	j
|jd|j|j|j
|
g
|jtd�
d�}t�}t|_|�|�
}|�|j|jjdd�\}}}|�|�
}|�|j�

dS)z�
        If L{SSHCommandClientEndpoint} is initialized with any private keys, it
        will try to use them to authenticate with the SSH server.
        r�r�Fr�r
r�N)r)ror4r�r�rrQr�rVr8r�rir}r~r�r^rrr{r?r�rgr�r�r�rf)	rD�keyr�rgr�rwr�rur{rErErF�test_publicKeyAuthenticationls,




�



�


z/NewConnectionTests.test_publicKeyAuthenticationc
	Cs�tj
|jd
|j|j|j|jtd�
d�}
t�}t	|_
|
�|�
}|�|j
|jjdd�\}}}|��
|�|�
}|�t�

|�|jj�

dS)z�
        If the password is not specified, L{SSHCommandClientEndpoint} doesn't
        try it as an authentication mechanism.
        r�Fr�r
r�N)r8r�rirr}r~r�r^rrr{r?r�rgr�rur�r�r6r�rfr�r�rErErF�test_skipPasswordAuthentication�s(

�



�



z2NewConnectionTests.test_skipPasswordAuthenticationc

Cs
t�
t�
}
t�}t�|_|
��|
d
fi
|j_|�|j	|j
ti
�
t|�
}tj
|jd|j
|j|j|jtd�
|d�}t|jjd<t�}t|_|�|�
}|�|j|jjdd�\}}}	td�
D]}
|j��
|	��
q�|�|�
}|�|j�

|� ||||	�
|�!|jj"�

|�!|jj#j"�

d	S)
a


        If L{SSHCommandClientEndpoint} is initialized with an
        L{SSHAgentClient}, the agent is used to authenticate with the SSH
        server. Once the connection with the SSH server has concluded, the
        connection to the agent is disconnected.
        rYr�F)r�r��
agentEndpointr�r
r��N)$r)ror2r+rrgZblobr�r�r�rrtr8r�rir}r~r�r^rQr�rVrr{r?r�r��rangerur�r�rfr�r�r�ZclientIO)rDr
ZagentServerr
r�rgr�rwr�ru�
ir{rErErF�test_agentAuthentication�s@







�



�








z+NewConnectionTests.test_agentAuthenticationc
Csdt|j
jd
<|��}
t�}t|_|
�|�
}|��\}}}|�	|�
}|�
||||�
|�|jj
�

dS)z�
        The transport connected to the protocol has a C{loseConnection} method
        which causes the channel in which the command is running to close and
        the overall connection to be closed.
        r�N)rQr�rVr�rrr{r?r�r�r�r�rfr�r�rErErF�test_loseConnection�s





z&NewConnectionTests.test_loseConnectionN)rHrIrJrKr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r

r
r
r
r

r
rErErErFr��s0
	$


&"*-r�c@s0eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
S)�ExistingConnectionTestsze
    Tests for L{SSHCommandClientEndpoint} when using the C{existingConnection}
    constructor.
    c

Cszt�
|�

tt|���
�
}
|
�|j|jjd
�
|
�t	|j
j�
|jjd
�
tj
|jd|j|j|j|j|
td�
d�|_dS)r�rnr�Fr�N)r|r�r,rr�r�r}rgrpr
r�r�r8r�rirr~r�r^r�)rDr�rErErFr��s(



�



�


�zExistingConnectionTests.setUpc
		Cs�t�}
t
|
_|j�|
�
}|jj��}z0t
|jjd
<|�|j|j
jdd�\}}}W5|jj��
|jj�	|�

X||_||_||_|�|�
}|jj}t�|d�S)zz
        Create and return a new L{SSHCommandClientEndpoint} using the
        C{existingConnection} constructor.
        r�r
r�r�)rrr{r�r?r�rV�copy�clear�updaterQr�rgrir�rv�_client�_pumpr�rfZconnr8ZexistingConnection)	rDrgr�rVrwr�rur{�
connectionrErErFr��s*




�






�zExistingConnectionTests.createc

Cs8|j�
�
|j�
�
|j�
�
|j�
�
|j|j|jfS)
z�
        Give back the connection established in L{create} over which the new
        command channel being tested will exchange data.
        )r
rurvr
rCrErErFr�s








z(ExistingConnectionTests.finishConnectioncCs |�|
j
j�

|�|
j
j�

d
S)a

        Assert that the transport for the given protocol is still connected.
        L{SSHCommandClientEndpoint.existingConnection} re-uses an SSH connected
        created by some other code, so other code is responsible for cleaning
        it up.
        N)�assertFalserfr�rBr�rErErFr�+s
z2ExistingConnectionTests.assertClientTransportStateN)rHrIrJrKr�r�r�r�rErErErFr
�s

r
c@s0eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
S)�ExistingConnectionHelperTestsz1
    Tests for L{_ExistingConnectionHelper}.
    c

Cs|�t
tt��

d
S)zT
        L{_ExistingConnectionHelper} implements L{_ISSHConnectionCreator}.
        N)r�rr5r;rCrErErFr�;s
�z,ExistingConnectionHelperTests.test_interfacec
Cs(t�}
t
|
�
}|�|
|�|���
�
d
S)z�
        L{_ExistingConnectionHelper.secureConnection} returns a L{Deferred}
        which fires with whatever object was fed to
        L{_ExistingConnectionHelper.__init__}.
        N)�objectr;�assertIsr�ZsecureConnection)rDr`�helperrErErF�test_secureConnectionCs


�z3ExistingConnectionHelperTests.test_secureConnectionc
Cstt
��
}
|
�t
�d
�
dS)z�
        L{_ExistingConnectionHelper.cleanupConnection} does nothing to the
        existing connection if called with C{immediate} set to C{False}.
        FN�r;r
�cleanupConnection�rDr
rErErF�$test_cleanupConnectionNotImmediatelyOs
zBExistingConnectionHelperTests.test_cleanupConnectionNotImmediatelyc
Cstt
��
}
|
�t
�d
�
dS)z�
        L{_ExistingConnectionHelper.cleanupConnection} does nothing to the
        existing connection if called with C{immediate} set to C{True}.
        TNr
r
rErErF�!test_cleanupConnectionImmediately[s
z?ExistingConnectionHelperTests.test_cleanupConnectionImmediatelyN)rHrIrJrKr�r
r
r
rErErErFr
7s

r
c@s eZ
dZd
Zdd�Zdd�ZdS)�_PTYPathzk
    A L{FilePath}-like object which can be opened to create a L{_ReadFile} with
    certain contents.
    cCs
|
|_d
S)zz
        @param contents: L{bytes} which will be the contents of the
            L{_ReadFile} this path can open.
        N)
�contents)rDr
rErErFrWmsz_PTYPath.__init__cCs |
d
krt|j
�
Sttd��
dS)z�
        If the mode is r+, return a L{_ReadFile} with the contents given to
        this path's initializer.

        @raise OSError: If the mode is unsupported.

        @return: A L{_ReadFile} instance
        zrb+zFunction not implementedN)r9r
�OSErrorr)rD�moderErErF�openus	


z
_PTYPath.openN)rHrIrJrKrWr"
rErErErFr
hs
r
c@s`eZ
dZd
Zdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dS)�NewConnectionHelperTestsz,
    Tests for L{_NewConnectionHelper}.
    c

Cs|�t
tt��

d
S)zO
        L{_NewConnectionHelper} implements L{_ISSHConnectionCreator}.
        N)r�rr5r:rCrErErFr��s
�z'NewConnectionHelperTests.test_interfacec

Cs|�d
t
j�
dS)zK
        The default I{known_hosts} path is I{~/.ssh/known_hosts}.
        z~/.ssh/known_hostsN)r�r:�_KNOWN_HOSTSrCrErErF�test_defaultPath�s
�z)NewConnectionHelperTests.test_defaultPathc
sHt��|�
td
�f
dd��
tdddddddddd�
}
|��|
j�
dS)z�
        L{_NewConnectionHelper._knownHosts} is used to create a
        L{KnownHostsFile} if one is not passed to the initializer.
        �_knownHostsc


s�SrUrE)
�clsr_rErFrX�rYzANewConnectionHelperTests.test_defaultKnownHosts.<locals>.<lambda>N)r
�patchr:r
r�r
rEr_rF�test_defaultKnownHosts�s

�z/NewConnectionHelperTests.test_defaultKnownHostsc
Cs�t�j
d
}
t|���
}t|�
}|�d|
�
|��
td|jf
�

t	j�
d�
}|j�|d�}|�t
d|�
td|f
�

t
��}|�|�d|
��

dS)z�
        Existing entries in the I{known_hosts} file are reflected by the
        L{KnownHostsFile} created by L{_NewConnectionHelper} when none is
        supplied to it.
        rns	127.0.0.1zCreated known_hosts file at %rz~/r$
zPatched _KNOWN_HOSTS with %rN)rlrprr�r,r�r�r
�path�os�
expanduser�replacer(
r:r&
r�Z
hasHostKey)rDr
r*
r��home�defaultZloadedrErErF�test_readExisting�s







z*NewConnectionHelperTests.test_readExistingc
Cs,td
d
d
d
d
d
d
d
d
d
�
}
|�
|
jt�
d
S)zz
        If L{None} is passed for the C{ui} parameter to
        L{_NewConnectionHelper}, a L{ConsoleUI} is used.
        N)r:r�r�r-r
rErErF�test_defaultConsoleUI�s
�z.NewConnectionHelperTests.test_defaultConsoleUIc
CsDtd
�
}
t
dddddddddd|
�}|�|j�d�
�
}|�|�

dS)z�
        If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper}
        and /dev/tty is available, the L{ConsoleUI} used is associated with
        /dev/tty.
        syesNsdoes this work?)r
r:r�r�rcr��rD�ttyr
r`rErErF�test_ttyConsoleUI�s 

�
z*NewConnectionHelperTests.test_ttyConsoleUIc
CsHt|�
��
}
td
d
d
d
d
d
d
d
d
d
|
�}|�|j�d�
�
}|�|�

d
S)z�
        If L{None} is passed for the C{ui} parameter to L{_NewConnectionHelper}
        and /dev/tty is not available, the L{ConsoleUI} used is associated with
        some file which always produces a C{b"no"} response.
        Nsdid this break?)rr�r:r�r�rcr
r2
rErErF�test_nottyUI�s 

�
z%NewConnectionHelperTests.test_nottyUIc
Cs0td
d
d
d
d
d
d
d
d
d
�
}
|�
td�
|
j�
d
S)zy
        If not passed the name of a tty in the filesystem,
        L{_NewConnectionHelper} uses C{b"/dev/tty"}.
        Ns/dev/tty)r:r�rr3
r
rErErF�test_defaultTTYFilename�s
�z0NewConnectionHelperTests.test_defaultTTYFilenamec
CsFtd
d
d
d
d
d
d
d
d
d
�
}
t
�}t�|_|
�|d�
|�|jj�

d
S)z�
        L{_NewConnectionHelper.cleanupConnection} closes the transport cleanly
        if called with C{immediate} set to C{False}.
        NF)r:r(r=rfr
r�r�)rDr
r
rErErFr
�s 
�


z=NewConnectionHelperTests.test_cleanupConnectionNotImmediatelyc
Cs`Gd
d�d�}
tdddddddddd�
}t
�}t�|_|
�|j_|�|d�
|�|jjj�

dS)z�
        L{_NewConnectionHelper.cleanupConnection} closes the transport with
        C{abortConnection} if called with C{immediate} set to C{True}.
        c@seZ
dZd
Zdd�ZdS)zMNewConnectionHelperTests.test_cleanupConnectionImmediately.<locals>.AbortableFc

Ss
d
|_dS)z7
                Abort the connection.
                TNrArCrErErFrGsz]NewConnectionHelperTests.test_cleanupConnectionImmediately.<locals>.Abortable.abortConnectionN)rHrIrJrBrGrErErErF�	Abortable�s

r7
NT)r:r(r<rfr
r�rB)rDr7
r
r
rErErFr
�s$
�




z:NewConnectionHelperTests.test_cleanupConnectionImmediatelyN)rHrIrJrKr�r%
r)
r0
r1
r4
r5
r6
r
r
rErErErFr#
�s





r#
)xrK�os.pathr+
Zstructr�errnorr�Zzope.interface.verifyrrZzope.interfacerZtwisted.loggerrrZtwisted.python.compatr	r
Ztwisted.python.failurerZtwisted.python.filepathrZtwisted.python.logr
Ztwisted.python.reflectrZtwisted.internet.interfacesrrZtwisted.internet.protocolrrZtwisted.internet.deferrrrrZtwisted.internet.errorrrZtwisted.internet.addressrZtwisted.trial.unittestrZtwisted.test.proto_helpersrrrrZtwisted.cred.portalrZtwisted.cred.checkersr Ztwisted.conch.interfacesr!Ztwisted.conch.errorr"r#r$Ztwisted.conch.sshr%Ztwisted.conch.ssh.factoryr&Ztwisted.conch.ssh.userauthr'Ztwisted.conch.ssh.connectionr(Ztwisted.conch.ssh.keysr)Ztwisted.conch.ssh.channelr*Ztwisted.conch.ssh.agentr+Ztwisted.conch.client.knownhostsr,r-Ztwisted.conch.checkersr.r/Ztwisted.conch.avatarr0Ztwisted.conch.test.keydatar1r2r3r4Ztwisted.conch.endpointsr5r6r7r8r9r:r;Ztwisted.conch.ssh.transportr<�skipr
r=Ztwisted.test.iosimr>r?r@rLrQrSrTr[r^rerlrsrtr|r�r
r
r
r#
rErErErF�<module>s�



























$�
�
�

	

%9"S1