o >hy@s UdZddlZddlmZddlmZddlmZddlm Z e e e d<zddl Z Wn e y6dZYnwdZdd lmZdd lmZdd lmZmZmZmZdd lmZmZdd lmZddlmZddlm Z m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)e%drdZ*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ndZ*e4edddurdZ5ndZ5Gddde)Z6Gddde)Z7Gd d!d!e)Z8Gd"d#d#e)Z9Gd$d%d%e)Z:Gd&d'd'e)Z;Gd(d)d)e)ZZ?Gd.d/d/e)Z@dS)0z& Tests for L{twisted.conch.checkers}. N) encodebytes) namedtuple)BytesIO)Optional cryptSkipzcannot run without crypt module) verifyObject)'InMemoryUsernamePasswordDatabaseDontUse)ISSHPrivateKeyIUsernamePassword SSHPrivateKeyUsernamePassword)UnauthorizedLoginUnhandledCredentials)Deferred)util)ShadowDatabase UserDatabase)FilePath) requireModule)MockOS)TestCase cryptography)checkers)NotEnoughAuthenticationValidPublicKey)keys)keydatazcan't run without cryptographygeteuidz0Cannot run without effective UIDs (questionable)c@sXeZdZdZep eZddZddZddZ dd Z d d Z d d Z ddZ ddZdS) HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. cCs t|_dSN)rmockosselfr#/var/www/vedio/testing/chatpythonscript.ninositsolution.com/env/lib/python3.10/site-packages/twisted/conch/test/test_checkers.pysetUp@s zHelperTests.setUpcC4d}d}t||}|t||d||dS)z L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. secret stringsaltyz5{!r} supposed to be valid encrypted password for {!r}Ncrypt assertTruerverifyCryptedPasswordformatr"passwordsaltcryptedr#r#r$test_verifyCryptedPasswordC  z&HelperTests.test_verifyCryptedPasswordcCr&)z L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r/z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr)r.r#r#r$test_verifyCryptedPasswordMD5Rr3z)HelperTests.test_verifyCryptedPasswordMD5cCs4d}d}t||}|t||d||dS)z L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretr'z7{!r} not supposed to be valid encrypted password for {}N)r* assertFalserr,r-)r"r/wrongr1r#r#r$test_refuteCryptedPasswordar3z&HelperTests.test_refuteCryptedPasswordc CsFt}|ddddddd|td||td|dd S) z L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. alicesecrit first last/foo/bin/shpwdN)raddUserpatchr assertEqual _pwdGetByNamegetpwnamr"userdbr#r#r$test_pwdGetByNamepszHelperTests.test_pwdGetByNamecCs"|tdd|tddS)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. r?Nr8)rAr assertIsNonerCr!r#r#r$test_pwdGetByNameWithoutPwdzsz'HelperTests.test_pwdGetByNameWithoutPwdc Cst}|ddddddddd |td |d |j_d |j_|td |j|t d| d||jj dd g||jj dd gdS)z L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. bob passphraser:r;spwd) osrN) rr@rArr euidegidrrB_shadowGetByNamegetspnam seteuidCalls setegidCallsrEr#r#r$test_shadowGetByNamesz HelperTests.test_shadowGetByNamecCsB|tdd|td||jjg||jjgdS)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rQNrJ)rArrHrWrBr rYrZr!r#r#r$test_shadowGetByNameWithoutSpwdsz+HelperTests.test_shadowGetByNameWithoutSpwdN)__name__ __module__ __qualname____doc__rdependencySkipskipr%r2r4r7rGrIr[r\r#r#r#r$r8s  rc@sreZdZdZep eZdddZddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZdS)SSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. returnNc Cst|_td|_td|_d|jd|jd|_t|_| t d|jt | |_ t|j j ts8J|j d|_|jt}|dd d d d |j j d ||j_dS)Nfoobareggspamst1 s foo t2 s egg rT.sshuserr/r:r;r< /bin/shell)rSSHPublicKeyDatabasecheckerrkey1key2contentrr rArrmktemppath isinstancestrchildsshDirmakedirsrr@_userdbrEr#r#r$r%s*     zSSHPublicKeyDatabaseTests.setUpcCsL|j|jgd}||ddt||ddd|t|ddS)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )offendingFunctionsrcategorymessageztwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r:N) flushWarningsr%rBDeprecationWarninglen)r" warningsShownr#r#r$test_deprecateds z)SSHPublicKeyDatabaseTests.test_deprecatedcCsj|j||jtdd}d|_||j|d|_||j|d|_| |j|dS)Nuserpasswordrerfs notallowed) rtrs setContentrnr blobr+rkcheckKeyr5)r"filenamerhr#r#r$ _testCheckKeys z'SSHPublicKeyDatabaseTests._testCheckKeycC.|d||jjg||jjgdS)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. authorized_keysNrrBr rYrZr!r#r#r$ test_checkKey z'SSHPublicKeyDatabaseTests.test_checkKeycCr)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. authorized_keys2Nrr!r#r#r$test_checkKey2rz(SSHPublicKeyDatabaseTests.test_checkKey2cs|jd|jd|jd|jjfdd}d|j_d|j_ | |jd|| t d |jt d d }d |_ ||j|||jjgd ||jjddgdS)z If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. rrcsd|S)Nr)chmod)rUkeyFile savedSeteuidr#r$seteuids z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuidrRrSrrTrrre)rr:rrRr;N)rtrsrrnr addCleanupr rrUrVrArr rr+rkrrBrYrZ)r"rrhr#rr$test_checkKeyAsRoots    z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootcs\dd}jd|tddtjdtjtj d}j |}fdd}| |S) z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cSdSNTr#ignoredr#r#r$ _checkKey zASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKeyrtestssh-rsafooc|ddSNrrBavatarIdr!r#r$_verifyz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify) rArkr rpublicRSA_opensshrKey fromStringprivateRSA_opensshsignrequestAvatarId addCallback)r"r credentialsdrr#r!r$test_requestAvatarIds   z.SSHPublicKeyDatabaseTests.test_requestAvatarIdcCsBdd}||jd|tddtjdd}|j|}||tS)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cSrrr#rr#r#r$r%rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKeyrrrN)rArkr rrr assertFailurerr"rrrr#r#r$$test_requestAvatarIdWithoutSignatures   z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturecCs0dd}||jd||jd}||tS)z If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cSrNFr#rr#r#r$r5rzKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKeyrN)rArkrrr )r"rrr#r#r$test_requestAvatarIdInvalidKey/s  z8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeycCsRdd}||jd|tddtjdtjtj d}|j |}| |t S)z Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cSrrr#rr#r#r$rCrzQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyrrrr) rArkr rrrrrprivateDSA_opensshrrrr rr#r#r$$test_requestAvatarIdInvalidSignature<s  z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturecsVdd}jd|tddddd}j|}fd d }|||tS) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cSrrr#rr#r#r$rWrzSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyrrNsblobssigDatassigcs tj}t|d|S)Nr:)flushLoggedErrorsr BadKeyErrorrBr|)failureerrorsr!r#r$_verifyLoggedException^ z`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException)rArkr r addErrbackrr )r"rrrrr#r!r$&test_requestAvatarIdNormalizeExceptionQs    z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionrdN)r]r^r_r`euidSkiprarbr%r~rrrrrrrrrr#r#r#r$rcs     rcc@sDeZdZdZeZddZddZddZdd Z d d Z d d Z dS)SSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cCsLt}||jg|t||jtg||jttjdS)z L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rSSHProtocolCheckerrBcredentialInterfacesregisterCheckerrjr assertIsInstancer"rkr#r#r$test_registerCheckerns z,SSHProtocolCheckerTests.test_registerCheckercCsNt}||jg|tt||jtg||jttjdS)z If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rrrBrrrjr rrr#r#r$!test_registerCheckerWithInterface}s z9SSHProtocolCheckerTests.test_registerCheckerWithInterfacecsJt}t}|dd|||tdd}fdd}||S)z L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. rcrrrrr!r#r$ _callbackrz?SSHProtocolCheckerTests.test_requestAvatarId.._callback)rrrr@rrr r)r"rkpasswordDatabaserrr#r!r$rs    z,SSHProtocolCheckerTests.test_requestAvatarIdcCsVt}dd}||d|t}|dd|||tdd}||t S)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cSrrr#rr#r#r$_areDonerzYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDoneareDoner) rrrArr@rrr rr)r"rkrrrr#r#r$/test_requestAvatarIdWithNotEnoughAuthentications   zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationcCs$t}|tdd}||tS)z If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r)rrrr rr)r"rkrr#r#r$%test_requestAvatarIdInvalidCredentials z=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialcCs|tddS)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r+rrrr!r#r#r$ test_areDonesz$SSHProtocolCheckerTests.test_areDoneN) r]r^r_r`rarbrrrrrrr#r#r#r$rgs rc@sreZdZdZep eZdeededdfddZ dd Z d d Z d d Z ddZ ddZddZddZddZdS)UNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. rusernamerdNcCs||||dS)z Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. N)rBsuccessResultOf)r"rrr#r#r$assertLoggedInsz(UNIXPasswordDatabaseTests.assertLoggedInc Cs<t}dd}t}|d|ddddddd |d d ddd d d t}|ddddddddd |d |d dddddddd |td||td|t}|td|d|_d|_ t d d!}| | |d | |jg| |jgd"|_| | |d"| |jd#dg| |jd#dgd$S)%z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cSs t||}t|d|}|S)Nz$1$)r*)rr/r0r1r#r#r$r1rz?UNIXPasswordDatabaseTests.test_defaultCheckers..cryptedr8r/r:r;foor=r>rJxbar/barr6rLrMrNrOrP r?rQrTrRrSalicerbobrN)rUNIXPasswordDatabaserr@rrArrrUrVr rrrBrYrZr)r"rkr1r?rQr credr#r#r$test_defaultCheckerss0  z.UNIXPasswordDatabaseTests.test_defaultCheckerscCs||tjdS)a Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} N)failureResultOfrr r"rr#r#r$assertUnauthorizedLogins z1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc CsRtdd}t}|d|dddddt|jg}||tdd dd S) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. secretanybodyr:r;rrr>sanybodyssecretN) r*rr@rrrDrrr )r"r/rFrkr#r#r$test_passInCheckerss z-UNIXPasswordDatabaseTests.test_passInCheckerscCsJdd}dd}|td|t|g}tdd}|||ddS)z If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. cS||kSrr#r1pwr#r#r$r,zLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPasswordcSs||gSrr#rr#r#r$rDrz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnamr,usernameNrArrr rrr"r,rDrk credentialr#r#r$test_verifyPasswords   z-UNIXPasswordDatabaseTests.test_verifyPasswordcCs2dd}t|g}tdd}|||dS)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. cSst|r)KeyErrorrr#r#r$rD+rz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnamrrN)rrr rr)r"rDrkrr#r#r$test_failOnKeyError%s  z-UNIXPasswordDatabaseTests.test_failOnKeyErrorcCsHdd}dd}|td|t|g}tdd}|||dS) z If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. cSrrr#rr#r#r$r,8rzOUNIXPasswordDatabaseTests.test_failOnBadPassword..verifyCryptedPasswordcS|dgS)Nrr#rr#r#r$rD;rzBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnamr,rrN)rArrr rrrr#r#r$test_failOnBadPassword2s   z0UNIXPasswordDatabaseTests.test_failOnBadPasswordcCsTdd}dd}dd}|td|t||g}tdd }|||dd S) a UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. cSrrr#rr#r#r$r,KrzRUNIXPasswordDatabaseTests.test_loopThroughFunctions..verifyCryptedPasswordcSr)Nznot the passwordr#rr#r#r$ getpwnam1NrzFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1cSr)Nr/r#rr#r#r$ getpwnam2QrzFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2r,rrNr)r"r,rrrkrr#r#r$test_loopThroughFunctionsCs z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc Cst}|ddddddd|ddddddd|d d ddddd|td |ttjg}td d }|||tdd}|||tdd}|||dS)z If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r8r:r;rrrJrcarol*r?rrxscarol*N) rr@rArrrCr rr)r"r?rkrr#r#r$test_failOnSpecialYs   z,UNIXPasswordDatabaseTests.test_failOnSpecial)r]r^r_r`rrarbrbytesrrrrrrrrrr#r#r#r$rs (   rc@,eZdZdZeZddZddZddZdS) AuthorizedKeyFileReaderTestsz5 Tests for L{checkers.readAuthorizedKeyFile} cCs0td}t|dd}|ddgt|dS)zg L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys sE# this comment is ignored this is not # this is again and this is notcS|Srr#rr#r#r$zCAuthorizedKeyFileReaderTests.test_ignoresComments..s this is notsand this is notNrrreadAuthorizedKeyFilerBlistr"fileobjresultr#r#r$test_ignoresCommentsvs z1AuthorizedKeyFileReaderTests.test_ignoresCommentscCs0td}tj|ddd}|dgt|dS)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored cSrrr#rr#r#r$rrzYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..parseKeys not ignoredNrr r#r#r$*test_ignoresLeadingWhitespaceAndEmptyLiness zGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinescCs4dd}td}tj||d}|dgt|dS)z L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cSs|dr td|S)Nfzfailed to parse) startswithrr)liner#r#r$ failOnSomes  zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomesfailed key good keyrsgood keyNr)r"rr r r#r#r$test_ignoresUnparsableKeyssz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN) r]r^r_r`rarbrrrr#r#r#r$ros  rc@r) InMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} cCs tddgi}ttj|dS)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rskeyN)rInMemorySSHKeyDBrIAuthorizedKeysDBr"keydbr#r#r$test_implementsInterfacesz.InMemorySSHKeyDBTests.test_implementsInterfacecCs*tddgi}|gt|ddS)z If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rskeysrNrrrBr getAuthorizedKeysrr#r#r$test_noKeysForUnauthorizedUsersz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsercCs0tdddgi}|ddgt|ddS)z If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rabNrrr#r#r$test_allKeysForAuthorizedUsersz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN) r]r^r_r`rarbrrr"r#r#r#r$rs  rc@sFeZdZdZeZdddZddZdd Zd d Z d d Z ddZ dS)UNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. rdNc Cst||_t|jjtsJ|jt|_|jddddd|jjd|j d|_ |j |j d}| d d d g|_ dS) Nr8r/r:r;zalice lastnamerirgrs key 1 key 2skey 1skey 2) rrorprqrrrurrFr@rsrtr expectedKeys)r"authorizedKeysr#r#r$r%s$    z"UNIXAuthorizedKeysFilesTests.setUpcCst|j}ttj|dS)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rUNIXAuthorizedKeysFilesrFrrrr#r#r$rs z5UNIXAuthorizedKeysFilesTests.test_implementsInterfacecCs.tj|jddd}|gt|ddS)z If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. cSrrr#rr#r#r$rrzMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..rrN)rr&rFrBr rrr#r#r$rsz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsercCsH|jddtj|jddd}||jdgt| ddS)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rskey 3cSrrr#rr#r#r$rrz`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..rrN) rtrsrrr&rFrBr$r rrr#r#r$1test_allKeysInAllAuthorizedFilesForAuthorizedUsers zNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsercCs0tj|jddd}||jt|ddS)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. cSrrr#rr#r#r$rrzJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..rrN)rr&rFrBr$r rrr#r#r$test_ignoresNonexistantFilesz8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilecCs@|jdtj|jddd}||jt| ddS)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rcSrrr#rr#r#r$rrzIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..rrN) rtrsrurr&rFrBr$r rrr#r#r$test_ignoresUnreadableFile sz7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFiler) r]r^r_r`rarbr%rrr'r(r)r#r#r#r$r#s   r#_KeyDBrc@seZdZdZdS)_DummyExceptionz0 Fake exception to be used for testing. N)r]r^r_r`r#r#r#r$r+sr+c@sLeZdZdZeZddZddZddZdd Z d d Z d d Z ddZ dS)SSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. cCsDtddtjdtjtjd|_t dd|_ t |j |_ dS)NrrrcSstjtjgSr)rrrrr)_r#r#r$r/sz0SSHPublicKeyCheckerTests.setUp..)r rrrrrrrrr*rrSSHPublicKeyCheckerrkr!r#r#r$r%'szSSHPublicKeyCheckerTests.setUpcCs"d|j_||j|jtdS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r signaturerrkrrr!r#r#r$ test_credentialsWithoutSignature2sz9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturecCs$d|j_||j|jtjdS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. rN)rrrrkrrrr!r#r#r$test_credentialsWithBadKey<sz3SSHPublicKeyCheckerTests.test_credentialsWithBadKeycCs$tj|j_||j|jtdS)z If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. N)rpublicDSA_opensshrrrrkrr r!r#r#r$test_credentialsNoMatchingKeyFs z6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeycCs2tjtjd|j_||j |jt dS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. rN) rrrrrrrr/rrkrr r!r#r#r$ test_credentialsInvalidSignatureRsz9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturecCs<dd}|tjd|||j|jt|t dS)z If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. c_str)r+)argskwargsr#r#r$failfsz?SSHPublicKeyCheckerTests.test_failureVerifyingKey..failverifyN) rArrrrkrrr rr+)r"r7r#r#r$test_failureVerifyingKey_s z1SSHPublicKeyCheckerTests.test_failureVerifyingKeycCs$|j|j}|d||dS)zu L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. rN)rkrrrBrrr#r#r$test_usernameReturnedOnSuccesspsz7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN) r]r^r_r`rarbr%r0r1r3r4r9r:r#r#r#r$r, s     r,)Ar`rTbase64r collectionsriortypingrrr__annotations__r* ImportErrorrzope.interface.verifyrtwisted.cred.checkersrtwisted.cred.credentialsr r r r twisted.cred.errorr rtwisted.internet.deferrtwisted.pythonrtwisted.python.fakepwdrrtwisted.python.filepathrtwisted.python.reflectrtwisted.test.test_processrtwisted.trial.unittestrra twisted.conchrtwisted.conch.errorrrtwisted.conch.sshrtwisted.conch.testrgetattrrrrcrrrrr#r* Exceptionr+r,r#r#r#r$s\                 eKX14" P