Ϫf3dZddlZddlmZddlmZ ddlZeZ ddl m Z m Z e e cZ Z ddlmZmZddlmZGdd ZGd d ej(ZGd d eZGddeZe Gdde j0ZGddeZGddeZGddeZGddeZGddeZy#e$rdZYwxYw#e$rdxZ Z YwxYw)z' Tests for L{twisted.conch.ssh.agent}. N)iosim)unittest)agentkeys) ConchErrorMissingKeyStoreError)keydataceZdZdZdZy) StubFactoryzb Mock factory that provides the keys attribute required by the SSHAgentServerProtocol ci|_yN)rselfs ?/usr/lib/python3/dist-packages/twisted/conch/test/test_agent.py__init__zStubFactory.__init__%s  N)__name__ __module__ __qualname____doc__rrrr r s  rr c"eZdZdZeedZdZy) AgentTestBasez* Tests for SSHAgentServer/Client. NzCannot run without cryptographycPtjtjtj\|_|_|_t|j _ tjjtj|_tjjtj |_tjjtj$|_tjjtj(|_yr )rconnectedServerAndClientrSSHAgentServerSSHAgentClientclientserverpumpr factoryrKey fromStringr privateRSA_openssh rsaPrivateprivateDSA_openssh dsaPrivatepublicRSA_openssh rsaPublicpublicDSA_openssh dsaPublicrs rsetUpzAgentTestBase.setUp1s.3.L.L  %"6"6/ + T[$) *m ((--g.H.HI((--g.H.HI,,W-F-FG,,W-F-FGr)rrrrrrskipr,rrrrr)s } 0HrrceZdZdZdZy)&ServerProtocolContractWithFactoryTestsz The server protocol is stateful and so uses its factory to track state across requests. This test asserts that the protocol raises if its factory doesn't provide the necessary storage for that state. ctjddtj}|jj j d=|jt|jj|y)Nz!LBr) structpackrAGENTC_REQUEST_IDENTITIESrr!__dict__ assertRaisesr dataReceived)rmsgs r/test_factorySuppliesKeyStorageForServerProtocolzVServerProtocolContractWithFactoryTests.test_factorySuppliesKeyStorageForServerProtocolJsOkk%E$C$CD KK   ( ( 0 . 0H0H#NrN)rrrrr9rrrr/r/Cs  Orr/c"eZdZdZdZdZdZy)"UnimplementedVersionOneServerTestsa! Tests for methods with no-op implementations on the server. We need these for clients, such as openssh, that try v1 methods before going to v2. Because the client doesn't expose these operations with nice method names, we invoke sendRequest directly with an op code. cjjtjd}jj fd}|j |S)zV assert that we get the correct op code for an RSA identities request rc^jtjt|ddy)Nrr1) assertEqualrAGENT_RSA_IDENTITIES_ANSWERord)packetrs r_cbzRUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIES.._cbas$   U>>F1QK@P Qr)r sendRequestrAGENTC_REQUEST_RSA_IDENTITIESr flush addCallback)rdrBs` r"test_agentc_REQUEST_RSA_IDENTITIESzEUnimplementedVersionOneServerTests.test_agentc_REQUEST_RSA_IDENTITIESZsF KK # #E$G$G M  R}}S!!rc|jjtjd}|jj |j |jdS)z[ assert that we get the correct op code for an RSA remove identity request r)rrCrAGENTC_REMOVE_RSA_IDENTITYr rErFr>rrGs rtest_agentc_REMOVE_RSA_IDENTITYzBUnimplementedVersionOneServerTests.test_agentc_REMOVE_RSA_IDENTITYfsE KK # #E$D$Dc J }}T--s33rc|jjtjd}|jj |j |jdS)zj assert that we get the correct op code for an RSA remove all identities request. r)rrCr AGENTC_REMOVE_ALL_RSA_IDENTITIESr rErFr>rKs r%test_agentc_REMOVE_ALL_RSA_IDENTITIESzHUnimplementedVersionOneServerTests.test_agentc_REMOVE_ALL_RSA_IDENTITIESnsE KK # #E$J$JC P }}T--s33rN)rrrrrHrLrOrrrr;r;Qs "44rr;ceZdZdZdZdZy) CorruptServerz A misbehaving server that returns bogus response op codes so that we can verify that our callbacks that deal with these op codes handle such miscreants. c(|jddyNr sendResponserdatas ragentc_REQUEST_IDENTITIESz'CorruptServer.agentc_REQUEST_IDENTITIES   c3 'rc(|jddyrSrUrWs ragentc_SIGN_REQUESTz!CorruptServer.agentc_SIGN_REQUESTrZrN)rrrrrYr\rrrrQrQzs  ( (rrQc"eZdZdZdZdZdZy)ClientWithBrokenServerTestszM verify error handling code in the client using a misbehaving server ctj|tjtt j \|_|_|_ t|j_ yr ) rr,rrrQrrrrr r r!rs rr,z!ClientWithBrokenServerTests.setUpsHD!.3.L.L 5/// + T[$) *m rc|jj|jjd}|jj |j |tS)z Assert that L{SSHAgentClient.signData} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for data signing requests. John Hancock)rsignDatar)blobr rE assertFailurerrKs r"test_signDataCallbackErrorHandlingz>ClientWithBrokenServerTests.test_signDataCallbackErrorHandlingsH KK !4!4!6 H !!!Z00rc|jj}|jj|j |t S)z Assert that L{SSHAgentClient.requestIdentities} raises a ConchError if we get a response from the server whose opcode doesn't match the protocol for identity requests. )rrequestIdentitiesr rErdrrKs r+test_requestIdentitiesCallbackErrorHandlingzGClientWithBrokenServerTests.test_requestIdentitiesCallbackErrorHandlings7 KK ) ) + !!!Z00rN)rrrrr,rerhrrrr^r^s,11rr^c(eZdZdZdZdZdZdZy)AgentKeyAdditionTestsz< Test adding different flavors of keys to an agent. cjjjj}jj fd}|j |S)@ L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that omitting the comment produces an empty string for the comment on the server. cjjjjj }j j|dj d|dyNrrr1rr!rr%rcr>ignored serverKeyrs r_checkzBAgentKeyAdditionTests.test_addRSAIdentityNoComment.._checkV ++001E1E1GHI   T__il ;   S)A, /rr addIdentityr% privateBlobr rErFrrGrss` rtest_addRSAIdentityNoCommentz2AgentKeyAdditionTests.test_addRSAIdentityNoCommentJ KK # #DOO$?$?$A B  0 }}V$$rcjjjj}jj fd}|j |S)rlcjjjjj }j j|dj d|dyrnrr!rr'rcr>rps rrszBAgentKeyAdditionTests.test_addDSAIdentityNoComment.._checkrtrrrvr'rwr rErFrxs` rtest_addDSAIdentityNoCommentz2AgentKeyAdditionTests.test_addDSAIdentityNoCommentrzrcjjjjd}jj fd}|j |S)1 L{SSHAgentClient.addIdentity} adds the private key it is called with to the SSH agent server to which it is connected, associating it with the comment it is called with. This test asserts that the server receives/stores the comment as sent by the client. My special keycommentcjjjjj }j j|dj d|dyNrrr1rorps rrszDAgentKeyAdditionTests.test_addRSAIdentityWithComment.._checkW ++001E1E1GHI   T__il ;   . ! =rrurxs` rtest_addRSAIdentityWithCommentz4AgentKeyAdditionTests.test_addRSAIdentityWithCommentW KK # # OO ' ' )3D $   > }}V$$rcjjjjd}jj fd}|j |S)rrrcjjjjj }j j|dj d|dyrr}rps rrszDAgentKeyAdditionTests.test_addDSAIdentityWithComment.._checkrrr~rxs` rtest_addDSAIdentityWithCommentz4AgentKeyAdditionTests.test_addDSAIdentityWithCommentrrN)rrrrryrrrrrrrjrjs%&%&%*%rrjceZdZdZy)AgentClientFailureTestsc|jjdd}|jj|j |t S)zK verify that the client raises ConchError on AGENT_FAILURE rTr)rrCr rErdrrKs rtest_agentFailurez)AgentClientFailureTests.test_agentFailures; KK # #C - !!!Z00rN)rrrrrrrrrs1rrc.eZdZdZdZdZdZdZdZy)AgentIdentityRequestsTestszJ Test operations against a server with identities already loaded. cJtj||jdf|jjj |jj <|jdf|jjj |jj <yN a commentanother commentrr,r'rr!rrcr%rs rr,z AgentIdentityRequestsTests.setUpxD! OO <    !5!5!78 OO <    !5!5!78rcr|jj|jjd}|jj |j |}|jjd}|j|||j|jj|dy)zc Sign data with an RSA private key and then verify it with the public key. raN) rrbr)rcr rEsuccessResultOfr%signr> assertTrueverify)rrG signatureexpecteds rtest_signDataRSAz+AgentIdentityRequestsTests.test_signDataRSAs KK !4!4!6 H ((+ ??''8 9- --iIJrcjjjjd}jj fd}|j |S)zb Sign data with a DSA private key and then verify it with the public key. rac\jjj|dy)Nra)rr+r)sigrs rrsz;AgentIdentityRequestsTests.test_signDataDSA.._check0s" OODNN11#G Hr)rrbr+rcr rErFrxs` rtest_signDataDSAz+AgentIdentityRequestsTests.test_signDataDSA(sM KK !4!4!6 H  I }}V$$rc<|jjj|jj =|j j |jj d}|jj|j|tS)zm Assert that we get an errback if we try to sign data using a key that wasn't added. ra) rr!rr)rcrrbr rErdrrKs r$test_signDataRSAErrbackOnUnknownBlobz?AgentIdentityRequestsTests.test_signDataRSAErrbackOnUnknownBlob8sm KK   $ $T^^%8%8%: ; KK !4!4!6 H !!!Z00rcjj}jjfd}|j |S)z} Assert that we get all of the keys/comments that we add when we issue a request for all identities. c$i}d|jj<d|jj<i}|D]:}|d|tjj |ddj<<j ||y)Nrrr1rrc)type)r+rcr)rr"r#r>)keytrreceivedkrs rrszAAgentIdentityRequestsTests.test_requestIdentities.._checkJsH.:HT^^((* +.@HT^^((* +H OJKA$,,QqT,?DDFG O   Xx 0r)rrgr rErFrxs` rtest_requestIdentitiesz1AgentIdentityRequestsTests.test_requestIdentitiesBs; KK ) ) +  1}}V$$rN) rrrrr,rrrrrrrrr s!   K% 1%rrc(eZdZdZdZdZdZdZy)AgentKeyRemovalTestsz< Test support for removing keys in a remote server. cJtj||jdf|jjj |jj <|jdf|jjj |jj <yrrrs rr,zAgentKeyRemovalTests.setUp\rrcjjjj}jj fd}|j |S)z< Assert that we can remove an RSA identity. cjdtjjjj j jjjjjjjjjjyNr1) r>lenrr!rassertInr'rc assertNotInr%rqrs rrsz;AgentKeyRemovalTests.test_removeRSAIdentity.._checkos   QDKK$7$7$<$< = > MM$//..0$++2E2E2J2J K   T__113T[[5H5H5M5M Nr)rremoveIdentityr%rcr rErFrxs` rtest_removeRSAIdentityz+AgentKeyRemovalTests.test_removeRSAIdentitygsK KK & &t';';'= >  O }}V$$rcjjjj}jj fd}|j |S)z; Assert that we can remove a DSA identity. cjdtjjjj j jjjjyr)r>rrr!rrr%rcrs rrsz;AgentKeyRemovalTests.test_removeDSAIdentity.._check~sS   QDKK$7$7$<$< = > MM$//..0$++2E2E2J2J Kr)rrr'rcr rErFrxs` rtest_removeDSAIdentityz+AgentKeyRemovalTests.test_removeDSAIdentityvsK KK & &t';';'= >  L}}V$$rcjj}jjfd}|j |S)z; Assert that we can remove all identities. cxjdtjjjy)Nr)r>rrr!rrs rrsz=AgentKeyRemovalTests.test_removeAllIdentities.._checks(   QDKK$7$7$<$< = >r)rremoveAllIdentitiesr rErFrxs` rtest_removeAllIdentitiesz-AgentKeyRemovalTests.test_removeAllIdentitiess; KK + + -  ?}}V$$rN)rrrrr,rrrrrrrrWs   % % %rr)rr2 twisted.testr twisted.trialr cryptography _cryptography ImportErrortwisted.conch.sshr_agentr_keystwisted.conch.errorrrtwisted.conch.testr r TestCaserr/r;rrQr^rjrrrrrrrs"!(!L @KD%@&HH%%H4 O] O$4$4N  (,, ( 1- 1FS%MS%l1m1I%I%X7%=7%Q LD5s"B:C:CC CC