o >hfk@sdZddlmZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZmZmZmZddlmZdd lmZdd lmZed rkdd lmZmZmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$ndZ%dddZ&GdddeZ'dS)z- Tests for L{twisted.conch.scripts.ckeygen}. ) annotationsN)StringIO)Callable)NoReturn)privateECDSA_opensshprivateEd25519_openssh_newprivateRSA_opensshprivateRSA_openssh_encryptedpublicRSA_openssh)FilePath) requireModule)TestCase cryptography)_getKeyOrDefault_saveKeychangePassPhrasedisplayPublicKeyenumrepresentationprintFingerprint)BadFingerPrintFormat BadKeyErrorFingerprintFormatsKeyz7cryptography required for twisted.conch.scripts.ckeygen passphrasesstrreturnCallable[[object], str]cst|dfdd }|S) a@ Return a callable to patch C{getpass.getpass}. Yields a passphrase each time called. Use case is to provide an old, then new passphrase(s) as if requested interactively. @param passphrases: The list of passphrases returned, one per each call. @return: A callable to patch C{getpass.getpass}. _objectrrcstSN)nextrpassphrasesIter/var/www/vedio/testing/chatpythonscript.ninositsolution.com/env/lib/python3.10/site-packages/twisted/conch/test/test_ckeygen.py fakeGetpass<z makeGetpass..fakeGetpassN)rrrr)iter)rr&r$r"r% makeGetpass0s r)c@seZdZdZdZddZ  d[d\d d ZdZddZdZddZdZddZdZddZ dZddZ dZddZ dZddZ dZddZ dZddZdZd d!ZdZd"d#ZdZd$d%ZdZd&d'ZdZd(d)ZdZd*d+ZdZd,d-ZdZd.d/ZdZd0d1ZdZd2d3ZdZd4d5ZdZd6d7ZdZd8d9ZdZd:d;ZdZdd?ZdZd@dAZdZdBdCZ dZdDdEZ!dZdFdGZ"dZdHdIZ#dZdJdKZ$dZdLdMZ%dZdNdOZ&dZdPdQZ'dZdRdSZ(dZdTdUZ)dZdVdWZ*dZdXdYZ+dS)] KeyGenTestszN Tests for various functions used to implement the I{ckeygen} script. rNonecCst|_|td|jdS)zX Patch C{sys.stdout} so tests can make assertions about what's printed. stdoutN)rr,patchsysselfr$r$r%setUpGszKeyGenTests.setUpNkeyTyperkeySize str | NoneprivateKeySubtypecCs|}dd|d|dg}|dur|d|g|dur"|d|gt|t|}t|d}|dkr@||d n|d krM||d n |||| | dS) Nckeygen-t-fz--no-passphrasez-bz--private-key-subtype.pubecdsaECed25519Ed25519) mktempextend subprocesscallrfromFile assertEqualtypeupper assertTrueisPublic)r0r2r3r5filenameargsprivKeypubKeyr$r$r%_testrunNs  zKeyGenTests._testruncCs|dd|jdddd|d|jddd|d|dd|jdddd|d|jddd|dd|jdddd|d|jddddS) Nr:384v1)r5r<dsa2048rsa)rLr/r$r$r%test_keygenerationes       zKeyGenTests.test_keygenerationcCsN|}|tjtdddd|gWddS1s wYdS)Nr6r7foor8)r> assertRaisesr@CalledProcessError check_callr0rHr$r$r%test_runBadKeytypets"zKeyGenTests.test_runBadKeytypecC"tddi}||dtjdS)z L{enumrepresentation} takes a dictionary as input and returns a dictionary with its attributes changed to enum representation. formatmd5-hexN)rassertIsrMD5_HEXr0optionsr$r$r%test_enumrepresentationys z#KeyGenTests.test_enumrepresentationcCrY)zF Test for format L{FingerprintFormats.SHA256-BASE64}. rZ sha256-base64N)rr\r SHA256_BASE64r^r$r$r%test_enumrepresentationsha256s z)KeyGenTests.test_enumrepresentationsha256cCsN|t}tddiWdn1swY|d|jjddS)z9 Test for unsupported fingerprint format rZ sha-base64N*Unsupported fingerprint format: sha-base64r)rTrrrC exceptionrI)r0emr$r$r% test_enumrepresentationBadFormats  z,KeyGenTests.test_enumrepresentationBadFormatcC:|}t|tt|dd||jddS)z L{printFingerprint} writes a line to standard out giving the number of bits of the key, its fingerprint, and the basename of the file from it was read. r[rHrZz:2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp Nr>r setContentr rrCr,getvaluerWr$r$r%test_printFingerprintsz!KeyGenTests.test_printFingerprintcCri)z L{printFigerprint} will print key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rarjz72048 FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= temp NrkrWr$r$r%test_printFingerprintsha256sz'KeyGenTests.test_printFingerprintsha256cCsf|}t|t|t}t|ddWdn1s"wY|d|jj ddS)zx L{printFigerprint} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rdrjNrer) r>r rlr rTrrrCrfrI)r0rHrgr$r$r%)test_printFingerprintBadFingerPrintFormats  z5KeyGenTests.test_printFingerprintBadFingerPrintFormatcCs>|}t|dtt|dd||jddS)zn L{printFingerprint} checks if the filename with the '.pub' suffix exists in ~/.ssh. r9r[rjz>2048 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da temp.pub NrkrWr$r$r%#test_printFingerprintSuffixAppendedsz/KeyGenTests.test_printFingerprintSuffixAppendedcCt|}||dj}tt}t||ddd| |j d||f| ||d dd|| t|d | dS)z L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. id_rsa passphraser[rHpassrZYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 85:25:04:32:58:55:96:9f:57:ee:fb:a8:1a:ea:69:da N id_rsa.pubr r>makedirschildpathr fromStringrrrCr,rm getContentpublicr0baserHkeyr$r$r% test_saveKeys"   zKeyGenTests.test_saveKeycCrr)z L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with ECDSA key. id_ecdsartr[ruzYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: 1e:ab:83:a6:f2:04:22:99:7c:64:14:d2:ab:fa:f5:16 Nz id_ecdsa.pub)r r>rzr{r|rr}rrrCr,rmr~rrr$r$r%test_saveKeyECDSAs"   zKeyGenTests.test_saveKeyECDSAcCrr)z L{_saveKey} writes the private and public parts of a key to two different files and writes a report of this to standard out. Test with Ed25519 key. id_ed25519rtr[ruzYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: ab:ee:c8:ed:e5:01:1b:45:b7:8d:b2:f0:8f:61:1c:14 Nzid_ed25519.pub)r r>rzr{r|rr}rrrCr,rmr~rrr$r$r%test_saveKeyEd25519s$   zKeyGenTests.test_saveKeyEd25519cCrr)z L{_saveKey} will generate key fingerprint in L{FingerprintFormats.SHA256-BASE64} format if explicitly specified. rsrtraruzYour identification has been saved in %s Your public key has been saved in %s.pub The key fingerprint in is: FBTCOoknq0mHy+kpfnY9tDdcAJuWtCpuQMaV3EsvbUI= Nrxryrr$r$r%test_saveKeysha256s&    zKeyGenTests.test_saveKeysha256cCs~t|}||dj}tt}|t }t ||dddWdn1s.wY| d|j j ddS)zq L{_saveKey} raises C{keys.BadFingerprintFormat} when unsupported formats are requested. rsrtrdruNrer)r r>rzr{r|rr}rrTrrrCrfrI)r0rrHrrgr$r$r% test_saveKeyBadFingerPrintformat,s      z,KeyGenTests.test_saveKeyBadFingerPrintformatcCs`t|}||dj}tt}t||ddd| ||d dd|dS)q L{_saveKey} will choose an empty string for the passphrase if no-passphrase is C{True}. rsTr[rHz no-passphraserZN) r r>rzr{r|rr}rrrCr~rr$r$r%test_saveKeyEmptyPassphrase>s    z'KeyGenTests.test_saveKeyEmptyPassphrasecC^t|}||dj}tt}t||ddd| ||d d|dS)rrTr[rN) r r>rzr{r|rr}rrrCr~rr$r$r% test_saveKeyECDSAEmptyPassphraseNs    "z,KeyGenTests.test_saveKeyECDSAEmptyPassphrasecCr)rrTr[rN) r r>rzr{r|rr}rrrCr~rr$r$r%"test_saveKeyEd25519EmptyPassphrase\s    z.KeyGenTests.test_saveKeyEd25519EmptyPassphrasecst|}||djgddl}dfdd }||jjj d fd d t t }t |dd dd||d}| |dd}|||dS)zd When no path is specified, it will ask for the path used to store the key. custom_keyrNrIrrrcddSNappendrI input_promptsr$r% mock_inputx z6KeyGenTests.test_saveKeyNoFilename..mock_input_inputSaveFilecsSrr$r!)keyPathr$r%|z4KeyGenTests.test_saveKeyNoFilename..Tr[rrrIrrr)r r>rzr{r|twisted.conch.scripts.ckeygenr-conchscriptsr6rr}rrr~rC)r0rtwistedrrpersistedKeyContent persistedKeyr$)rrr%test_saveKeyNoFilenamels    z"KeyGenTests.test_saveKeyNoFilenamecCsjddd}t|}||dj}|tjdd d tt }|d d d }| t t |||dS)zs When the specified file exists, it will ask the user for confirmation before overwriting. rIrr list[str]cWsdgS)Nnr$rr$r$r%rsz6KeyGenTests.test_saveKeyFileExists..mock_inputrexistscSdS)NTr$r!r$r$r%rrz4KeyGenTests.test_saveKeyFileExists..Tr[rN)rIrrr) r r>rzr{r|r-osrr}rrT SystemExitr)r0rrrrr_r$r$r%test_saveKeyFileExistss     z"KeyGenTests.test_saveKeyFileExistscCst|}||dj}tt}t||dddd| |j d||f|d }| ||dd|| |d| t|d  |dS) zi L{_saveKey} can be told to write the new private key file in OpenSSH v1 format. rsrtr[rN)rHrvrZprivate-key-subtyperwN$-----BEGIN OPENSSH PRIVATE KEY----- rx)r r>rzr{r|rr}rrrCr,rmr~rF startswithr)r0rrHrprivateKeyContentr$r$r%test_saveKeySubtypeV1s4    z!KeyGenTests.test_saveKeySubtypeV1cCsX|}tt}t|ttd|i|j d d}| || ddS)zl L{displayPublicKey} prints out the public key associated with a given private key. rH asciiopensshN)r>rr}r r rlrrr,rmstripencoderCtoStringr0rHrK displayedr$r$r%test_displayPublicKeys   z!KeyGenTests.test_displayPublicKeycCsZ|}tt}t|tt|dd|j d d}| || ddS)z L{displayPublicKey} prints out the public key associated with a given private key using the given passphrase when it's encrypted. encryptedrHrvrrrN)r>rr}r r rlr rr,rmrrrCrrr$r$r%test_displayPublicKeyEncrypteds  z*KeyGenTests.test_displayPublicKeyEncryptedcCsj|}tt}t|t|tdddt d|i|j d d}|||ddS) z L{displayPublicKey} prints out the public key associated with a given private key, asking for the passphrase when it's encrypted. getpasscSr)Nrr$)xr$r$r%rrzLKeyGenTests.test_displayPublicKeyEncryptedPassphrasePrompt..rHrrrN)r>rr}r r rlr r-rrr,rmrrrCrrr$r$r%.test_displayPublicKeyEncryptedPassphrasePrompts  z:KeyGenTests.test_displayPublicKeyEncryptedPassphrasePromptcCs.|}t|t|tt|dddS)z L{displayPublicKey} fails with a L{BadKeyError} when trying to decrypt an encrypted key with the wrong password. wrongrN)r>r rlr rTrrrWr$r$r%$test_displayPublicKeyWrongPassphrases  z0KeyGenTests.test_displayPublicKeyWrongPassphrasecCsltddd}|td||}t|ttd|i||j dd| tt| dS)zt L{changePassPhrase} allows a user to change the passphrase of a private key interactively. rnewpassrrHr;Your identification has been saved with the new passphrase.Nr)r-rr>r rlr rrCr,rmrassertNotEqualr~)r0 oldNewConfirmrHr$r$r%test_changePassphrases   z!KeyGenTests.test_changePassphrasecCsltdd}|td||}t|tt|dd||j dd| tt| dS)z L{changePassPhrase} allows a user to change the passphrase of a private key, providing the old passphrase and prompting for new one. rrrrrrNr)r0 newConfirmrHr$r$r%test_changePassphraseWithOlds  z(KeyGenTests.test_changePassphraseWithOldcCsV|}t|tt|ddd||jdd| tt| dS)z L{changePassPhrase} allows a user to change the passphrase of a private key by providing both old and new passphrases without prompting. r newencrypt)rHrvrrrN) r>r rlr rrCr,rmrrr~rWr$r$r%test_changePassphraseWithBoths  z)KeyGenTests.test_changePassphraseWithBothcCR|}t|t|tt|dd}|dt||tt| dS)z L{changePassPhrase} exits if passed an invalid old passphrase when trying to change the passphrase of a private key. rrz1Could not change passphrase: old passphrase errorN) r>r rlr rTrrrCrr~r0rHerrorr$r$r%$test_changePassphraseWrongPassphrase's z0KeyGenTests.test_changePassphraseWrongPassphrasecCsb|tdtd|}t|t|tt d|i}| dt || tt| dS)z L{changePassPhrase} exits if no passphrase is specified for the C{getpass} call and the key is encrypted. rrrHzMCould not change passphrase: Passphrase must be provided for an encrypted keyN) r-rr)r>r rlr rTrrrCrr~rr$r$r%!test_changePassphraseEmptyGetPass6sz-KeyGenTests.test_changePassphraseEmptyGetPasscCsT|}t|d|ttd|i}d}||t||dt|dS)zc L{changePassPhrase} exits if the file specified points to an invalid key. sfoobarrHz?Could not change passphrase: cannot guess the type of b'foobar'N) r>r rlrTrrrCrr~)r0rHrexpectedr$r$r%test_changePassphraseBadKeyFs z'KeyGenTests.test_changePassphraseBadKeycCsj|}t|td dd}|td||tt|d d }| d t || tt| d S)z L{changePassPhrase} doesn't modify the key file if an unexpected error happens when trying to create the key with the new passphrase. rIrkwargsrrc_std)Noops) RuntimeErrorrIrr$r$r%r[r'z>KeyGenTests.test_changePassphraseCreateError..toStringrrrHrz!Could not change passphrase: oopsN)rIrrrrr r>r rlrr-rrTrrrCrr~)r0rHrrr$r$r% test_changePassphraseCreateErrorSs z,KeyGenTests.test_changePassphraseCreateErrorcCsn|}t|td dd}|td||tt|d d }d }| |t || tt| d S)zq L{changePassPhrase} doesn't modify the key file if C{toString} returns an empty string. rIrrrrc_rrr$rr$r$r%rrszCKeyGenTests.test_changePassphraseEmptyStringError..toStringrrrz9Could not change passphrase: cannot guess the type of b''N)rIrrrrrr)r0rHrrrr$r$r%%test_changePassphraseEmptyStringErrorjs z1KeyGenTests.test_changePassphraseEmptyStringErrorcCr)z L{changePassPhrase} exits when trying to change the passphrase on a public key, and doesn't change the file. rvrz.Could not change passphrase: key not encryptedN) r>r rlr rTrrrCrr~rr$r$r%test_changePassphrasePublicKeys z*KeyGenTests.test_changePassphrasePublicKeycCstddd}|td||}t|tt|dd||j ddt| }| t|||dd S) zq L{changePassPhrase} can be told to write the new private key file in OpenSSH v1 format. rrrrN)rHrrrrN)r)r-rr>r rlr rrCr,rmrr~rrFr)r0rrHrr$r$r%test_changePassphraseSubtypeV1s   z*KeyGenTests.test_changePassphraseSubtypeV1cspgd fdd }ddi}t||}||dd||tjd d |d t|dgd S)zg L{options} will default to "~/.ssh/id_rsa" if the user doesn't specify a key. rIrrrcrrrrrr$r%rrz5KeyGenTests.test_useDefaultForKey..mock_inputrHrz.sshrsNr)rrCrFendswithrr|joinlen)r0rr_rHr$rr%test_useDefaultForKeys z!KeyGenTests.test_useDefaultForKeycC,ddi}|tt|}|d|jddS)z Ensure FileNotFoundError is handled, whether the user has supplied a bad path, or has no key at the default path. rH/foo/bar+could not be opened, please specify a file.rN)rTrrassertInrIr0r_excr$r$r%'test_displayPublicKeyHandleFileNotFoundsz3KeyGenTests.test_displayPublicKeyHandleFileNotFoundcCr)N Ensure FileNotFoundError is handled for an invalid filename. rHrrrN)rTrrrrIrr$r$r%'test_changePassPhraseHandleFileNotFoundsz3KeyGenTests.test_changePassPhraseHandleFileNotFoundcCs.ddd}|tt|}|d|jddS)rrr[rjrrN)rTrrrrIrr$r$r%'test_printFingerprintHandleFileNotFounds z3KeyGenTests.test_printFingerprintHandleFileNotFound)rr+)NN)r2rr3r4r5r4rr+),__name__ __module__ __qualname____doc__r1rLrRrXr`rcrhrnrorprqrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr$r$r$r%r*BsX                   "          r*)rrrr)(r __future__rrrr@r.iortypingrtyping_extensionsrtwisted.conch.test.keydatarrrr r twisted.python.filepathr twisted.python.reflectr twisted.trial.unittestr rrrrrrrtwisted.conch.ssh.keysrrrrskipr)r*r$r$r$r%s&