o 9Bi4y@s UdZddlZddlmZddlmZddlmZddlm Z e e e d<zddl Z Wn e y6dZYnwdZdd lmZdd lmZdd lmZmZmZmZdd lmZmZdd lmZddlmZddlm Z m!Z!ddl"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)e%drdZ*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ndZ*e4edddurdZ5ndZ5Gddde)Z6Gddde)Z7Gd d!d!e)Z8Gd"d#d#e)Z9Gd$d%d%e)Z:Gd&d'd'e)Z;Gd(d)d)e)ZZ?Gd.d/d/e)Z@dS)0z& Tests for L{twisted.conch.checkers}. N) encodebytes) namedtuple)BytesIO)Optional cryptSkipzcannot run without crypt module) verifyObject)'InMemoryUsernamePasswordDatabaseDontUse)ISSHPrivateKeyIUsernamePassword SSHPrivateKeyUsernamePassword)UnauthorizedLoginUnhandledCredentials)Deferred)util)ShadowDatabase UserDatabase)FilePath) requireModule)MockOS)TestCase cryptography)checkers)NotEnoughAuthenticationValidPublicKey)keys)keydatazcan't run without cryptographygeteuidz0Cannot run without effective UIDs (questionable)c@sXeZdZdZep eZddZddZddZ dd Z d d Z d d Z ddZ ddZdS) HelperTestszl Tests for helper functions L{verifyCryptedPassword}, L{_pwdGetByName} and L{_shadowGetByName}. cCs t|_dSN)rmockosselfr#`/var/www/html/Trade-python/venv/lib/python3.10/site-packages/twisted/conch/test/test_checkers.pysetUp@s zHelperTests.setUpcC4d}d}t||}|t||d||dS)z L{verifyCryptedPassword} returns C{True} if the plaintext password passed to it matches the encrypted password passed to it. secret stringsaltyz5{!r} supposed to be valid encrypted password for {!r}Ncrypt assertTruerverifyCryptedPasswordformatr"passwordsaltcryptedr#r#r$test_verifyCryptedPasswordC  z&HelperTests.test_verifyCryptedPasswordcCr&)z L{verifyCryptedPassword} returns True if the provided cleartext password matches the provided MD5 password hash. r/z$1$saltz3{!r} supposed to be valid encrypted password for {}Nr)r.r#r#r$test_verifyCryptedPasswordMD5Rr3z)HelperTests.test_verifyCryptedPasswordMD5cCs8d}d}d}t||}|t||d||dS)z L{verifyCryptedPassword} returns C{False} if the plaintext password passed to it does not match the encrypted password passed to it. z string secretsomesaltr'z7{!r} not supposed to be valid encrypted password for {}N)r* assertFalserr,r-)r"r/r0wrongr1r#r#r$test_refuteCryptedPasswordas  z&HelperTests.test_refuteCryptedPasswordc CsFt}|ddddddd|td||td|dd S) z L{_pwdGetByName} returns a tuple of items from the UNIX /etc/passwd database if the L{pwd} module is present. alicesecrit first last/foo/bin/shpwdN)raddUserpatchr assertEqual _pwdGetByNamegetpwnamr"userdbr#r#r$test_pwdGetByNameqszHelperTests.test_pwdGetByNamecCs"|tdd|tddS)zW If the C{pwd} module isn't present, L{_pwdGetByName} returns L{None}. r@Nr9)rBr assertIsNonerDr!r#r#r$test_pwdGetByNameWithoutPwd{sz'HelperTests.test_pwdGetByNameWithoutPwdc Cst}|ddddddddd |td |d |j_d |j_|td |j|t d| d||jj dd g||jj dd gdS)z L{_shadowGetByName} returns a tuple of items from the UNIX /etc/shadow database if the L{spwd} is present. bob passphraser;r<spwd) osrN) rrArBrr euidegidrrC_shadowGetByNamegetspnam seteuidCalls setegidCallsrFr#r#r$test_shadowGetByNamesz HelperTests.test_shadowGetByNamecCsB|tdd|td||jjg||jjgdS)zP L{_shadowGetByName} returns L{None} if C{spwd} is not present. rRNrK)rBrrIrXrCr rZr[r!r#r#r$test_shadowGetByNameWithoutSpwdsz+HelperTests.test_shadowGetByNameWithoutSpwdN)__name__ __module__ __qualname____doc__rdependencySkipskipr%r2r4r8rHrJr\r]r#r#r#r$r8s  rc@sreZdZdZep eZdddZddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZdS)SSHPublicKeyDatabaseTestsz, Tests for L{SSHPublicKeyDatabase}. returnNc Cst|_td|_td|_d|jd|jd|_t|_| t d|jt | |_ t|j j ts8J|j d|_|jt}|dd d d d |j j d ||j_dS)Nfoobareggspamst1 s foo t2 s egg rU.sshuserr/r;r<r= /bin/shell)rSSHPublicKeyDatabasecheckerrkey1key2contentrr rBrrmktemppath isinstancestrchildsshDirmakedirsrrA_userdbrFr#r#r$r%s*     zSSHPublicKeyDatabaseTests.setUpcCsL|j|jgd}||ddt||ddd|t|ddS)zJ L{SSHPublicKeyDatabase} is deprecated as of version 15.0 )offendingFunctionsrcategorymessageztwisted.conch.checkers.SSHPublicKeyDatabase was deprecated in Twisted 15.0.0: Please use twisted.conch.checkers.SSHPublicKeyChecker, initialized with an instance of twisted.conch.checkers.UNIXAuthorizedKeysFiles instead.r;N) flushWarningsr%rCDeprecationWarninglen)r" warningsShownr#r#r$test_deprecateds z)SSHPublicKeyDatabaseTests.test_deprecatedcCsj|j||jtdd}d|_||j|d|_||j|d|_| |j|dS)Nuserpasswordrfrgs notallowed) rurt setContentror blobr+rlcheckKeyr6)r"filenamerir#r#r$ _testCheckKeys z'SSHPublicKeyDatabaseTests._testCheckKeycC.|d||jjg||jjgdS)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys file and check the keys against that file. authorized_keysNrrCr rZr[r!r#r#r$ test_checkKey z'SSHPublicKeyDatabaseTests.test_checkKeycCr)z L{SSHPublicKeyDatabase.checkKey} should retrieve the content of the authorized_keys2 file and check the keys against that file. authorized_keys2Nrr!r#r#r$test_checkKey2rz(SSHPublicKeyDatabaseTests.test_checkKey2cs|jd|jd|jd|jjfdd}d|j_d|j_ | |jd|| t d |jt d d }d |_ ||j|||jjgd ||jjddgdS)z If the key file is readable, L{SSHPublicKeyDatabase.checkKey} should switch its uid/gid to the ones of the authenticated user. rrcsd|S)Nr)chmod)rVkeyFile savedSeteuidr#r$seteuids z>SSHPublicKeyDatabaseTests.test_checkKeyAsRoot..seteuidrSrTrrUrrrf)rr;rrSr<N)rurtrror addCleanupr rrVrWrBrr rr+rlrrCrZr[)r"rrir#rr$test_checkKeyAsRoots    z-SSHPublicKeyDatabaseTests.test_checkKeyAsRootcs\dd}jd|tddtjdtjtj d}j |}fdd}| |S) z L{SSHPublicKeyDatabase.requestAvatarId} should return the avatar id passed in if its C{_checkKey} method returns True. cSdSNTr#ignoredr#r#r$ _checkKey zASSHPublicKeyDatabaseTests.test_requestAvatarId.._checkKeyrtestssh-rsafooc|ddSNrrCavatarIdr!r#r$_verifyz?SSHPublicKeyDatabaseTests.test_requestAvatarId.._verify) rBrlr rpublicRSA_opensshrKey fromStringprivateRSA_opensshsignrequestAvatarId addCallback)r"r credentialsdrr#r!r$test_requestAvatarIds   z.SSHPublicKeyDatabaseTests.test_requestAvatarIdcCsBdd}||jd|tddtjdd}|j|}||tS)a( L{SSHPublicKeyDatabase.requestAvatarId} should raise L{ValidPublicKey} if the credentials represent a valid key without a signature. This tells the user that the key is valid for login, but does not actually allow that user to do so without a signature. cSrrr#rr#r#r$r&rzQSSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignature.._checkKeyrrrN)rBrlr rrr assertFailurerr"rrrr#r#r$$test_requestAvatarIdWithoutSignatures   z>SSHPublicKeyDatabaseTests.test_requestAvatarIdWithoutSignaturecCs0dd}||jd||jd}||tS)z If L{SSHPublicKeyDatabase.checkKey} returns False, C{_cbRequestAvatarId} should raise L{UnauthorizedLogin}. cSrNFr#rr#r#r$r6rzKSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKey.._checkKeyrN)rBrlrrr )r"rrr#r#r$test_requestAvatarIdInvalidKey0s  z8SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidKeycCsRdd}||jd|tddtjdtjtj d}|j |}| |t S)z Valid keys with invalid signatures should cause L{SSHPublicKeyDatabase.requestAvatarId} to return a {UnauthorizedLogin} failure cSrrr#rr#r#r$rDrzQSSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignature.._checkKeyrrrr) rBrlr rrrrrprivateDSA_opensshrrrr rr#r#r$$test_requestAvatarIdInvalidSignature=s  z>SSHPublicKeyDatabaseTests.test_requestAvatarIdInvalidSignaturecsVdd}jd|tddddd}j|}fd d }|||tS) z~ Exceptions raised while verifying the key should be normalized into an C{UnauthorizedLogin} failure. cSrrr#rr#r#r$rXrzSSSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._checkKeyrrNsblobssigDatassigcs tj}t|d|S)Nr;)flushLoggedErrorsr BadKeyErrorrCr})failureerrorsr!r#r$_verifyLoggedException_ z`SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeException.._verifyLoggedException)rBrlr r addErrbackrr )r"rrrrr#r!r$&test_requestAvatarIdNormalizeExceptionRs    z@SSHPublicKeyDatabaseTests.test_requestAvatarIdNormalizeExceptionreN)r^r_r`raeuidSkiprbrcr%rrrrrrrrrrr#r#r#r$rds     rdc@sDeZdZdZeZddZddZddZdd Z d d Z d d Z dS)SSHProtocolCheckerTestsz* Tests for L{SSHProtocolChecker}. cCsLt}||jg|t||jtg||jttjdS)z L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. N)rSSHProtocolCheckerrCcredentialInterfacesregisterCheckerrkr assertIsInstancer"rlr#r#r$test_registerCheckeros z,SSHProtocolCheckerTests.test_registerCheckercCsNt}||jg|tt||jtg||jttjdS)z If a specific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. N)rrrCrrrkr rrr#r#r$!test_registerCheckerWithInterface~s z9SSHProtocolCheckerTests.test_registerCheckerWithInterfacecsJt}t}|dd|||tdd}fdd}||S)z L{SSHProtocolChecker.requestAvatarId} should defer to one if its registered checkers to authenticate a user. rcrrrrr!r#r$ _callbackrz?SSHProtocolCheckerTests.test_requestAvatarId.._callback)rrrrArrr r)r"rlpasswordDatabaserrr#r!r$rs    z,SSHProtocolCheckerTests.test_requestAvatarIdcCsVt}dd}||d|t}|dd|||tdd}||t S)z If the client indicates that it is never satisfied, by always returning False from _areDone, then L{SSHProtocolChecker} should raise L{NotEnoughAuthentication}. cSrrr#rr#r#r$_areDonerzYSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthentication.._areDoneareDoner) rrrBrrArrr rr)r"rlrrrr#r#r$/test_requestAvatarIdWithNotEnoughAuthentications   zGSSHProtocolCheckerTests.test_requestAvatarIdWithNotEnoughAuthenticationcCs$t}|tdd}||tS)z If the passed credentials aren't handled by any registered checker, L{SSHProtocolChecker} should raise L{UnhandledCredentials}. r)rrrr rr)r"rlrr#r#r$%test_requestAvatarIdInvalidCredentials z=SSHProtocolCheckerTests.test_requestAvatarIdInvalidCredentialcCs|tddS)zV The default L{SSHProcotolChecker.areDone} should simply return True. N)r+rrrr!r#r#r$ test_areDonesz$SSHProtocolCheckerTests.test_areDoneN) r^r_r`rarbrcrrrrrrr#r#r#r$rhs rc@sreZdZdZep eZdeededdfddZ dd Z d d Z d d Z ddZ ddZddZddZddZdS)UNIXPasswordDatabaseTestsz, Tests for L{UNIXPasswordDatabase}. rusernamereNcCs||||dS)z Assert that the L{Deferred} passed in is called back with the value 'username'. This represents a valid login for this TestCase. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. N)rCsuccessResultOf)r"rrr#r#r$assertLoggedInsz(UNIXPasswordDatabaseTests.assertLoggedInc Cs<t}dd}t}|d|ddddddd |d d ddd d d t}|ddddddddd |d |d dddddddd |td||td|t}|td|d|_d|_ t d d!}| | |d | |jg| |jgd"|_| | |d"| |jd#dg| |jd#dgd$S)%z L{UNIXPasswordDatabase} with no arguments has checks the C{pwd} database and then the C{spwd} database. cSs t||}t|d|}|S)Nz$1$)r*)rr/r0r1r#r#r$r1rz?UNIXPasswordDatabaseTests.test_defaultCheckers..cryptedr9r/r;r<foor>r?rKxbar/barr7rMrNrOrPrQ r@rRrUrSrTalicerbobrN)rUNIXPasswordDatabaserrArrBrrrVrWr rrrCrZr[r)r"rlr1r@rRr credr#r#r$test_defaultCheckerss0  z.UNIXPasswordDatabaseTests.test_defaultCheckerscCs||tjdS)a Asserts that the L{Deferred} passed in is erred back with an L{UnauthorizedLogin} L{Failure}. This reprsents an invalid login for this TestCase. NOTE: To work, this method's return value must be returned from the test method, or otherwise hooked up to the test machinery. @param d: a L{Deferred} from an L{IChecker.requestAvatarId} method. @type d: L{Deferred} @rtype: L{None} N)failureResultOfrr r"rr#r#r$assertUnauthorizedLogins z1UNIXPasswordDatabaseTests.assertUnauthorizedLoginc CsRtdd}t}|d|dddddt|jg}||tdd dd S) zo L{UNIXPasswordDatabase} takes a list of functions to check for UNIX user information. secretanybodyr;r<rrr?sanybodyssecretN) r*rrArrrErrr )r"r/rGrlr#r#r$test_passInCheckerss z-UNIXPasswordDatabaseTests.test_passInCheckerscCsJdd}dd}|td|t|g}tdd}|||ddS)z If the encrypted password provided by the getpwnam function is valid (verified by the L{verifyCryptedPassword} function), we callback the C{requestAvatarId} L{Deferred} with the username. cS||kSrr#r1pwr#r#r$r,zLUNIXPasswordDatabaseTests.test_verifyPassword..verifyCryptedPasswordcSs||gSrr#rr#r#r$rErz?UNIXPasswordDatabaseTests.test_verifyPassword..getpwnamr,usernameNrBrrr rrr"r,rErl credentialr#r#r$test_verifyPasswords   z-UNIXPasswordDatabaseTests.test_verifyPasswordcCs2dd}t|g}tdd}|||dS)z} If the getpwnam function raises a KeyError, the login fails with an L{UnauthorizedLogin} exception. cSst|r)KeyErrorrr#r#r$rE,rz?UNIXPasswordDatabaseTests.test_failOnKeyError..getpwnamrrN)rrr rr)r"rErlrr#r#r$test_failOnKeyError&s  z-UNIXPasswordDatabaseTests.test_failOnKeyErrorcCsHdd}dd}|td|t|g}tdd}|||dS) z If the verifyCryptedPassword function doesn't verify the password, the login fails with an L{UnauthorizedLogin} exception. cSrrr#rr#r#r$r,9rzOUNIXPasswordDatabaseTests.test_failOnBadPassword..verifyCryptedPasswordcS|dgS)Nrr#rr#r#r$rE<rzBUNIXPasswordDatabaseTests.test_failOnBadPassword..getpwnamr,rrN)rBrrr rrrr#r#r$test_failOnBadPassword3s   z0UNIXPasswordDatabaseTests.test_failOnBadPasswordcCsTdd}dd}dd}|td|t||g}tdd }|||dd S) a UNIXPasswordDatabase.requestAvatarId loops through each getpwnam function associated with it and returns a L{Deferred} which fires with the result of the first one which returns a value other than None. ones do not verify the password. cSrrr#rr#r#r$r,LrzRUNIXPasswordDatabaseTests.test_loopThroughFunctions..verifyCryptedPasswordcSr)Nznot the passwordr#rr#r#r$ getpwnam1OrzFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam1cSr)Nr/r#rr#r#r$ getpwnam2RrzFUNIXPasswordDatabaseTests.test_loopThroughFunctions..getpwnam2r,rrNr)r"r,rrrlrr#r#r$test_loopThroughFunctionsDs z3UNIXPasswordDatabaseTests.test_loopThroughFunctionsc Cst}|ddddddd|ddddddd|d d ddddd|td |ttjg}td d }|||tdd}|||tdd}|||dS)z If the password returned by any function is C{""}, C{"x"}, or C{"*"} it is not compared against the supplied password. Instead it is skipped. r9r;r<rrrKrcarol*r@rrxscarol*N) rrArBrrrDr rr)r"r@rlrr#r#r$test_failOnSpecialZs   z,UNIXPasswordDatabaseTests.test_failOnSpecial)r^r_r`rarrbrcrbytesrrrrrrrrrr#r#r#r$rs (   rc@,eZdZdZeZddZddZddZdS) AuthorizedKeyFileReaderTestsz5 Tests for L{checkers.readAuthorizedKeyFile} cCs0td}t|dd}|ddgt|dS)zg L{checkers.readAuthorizedKeyFile} does not attempt to turn comments into keys sE# this comment is ignored this is not # this is again and this is notcS|Srr#rr#r#r$zCAuthorizedKeyFileReaderTests.test_ignoresComments..s this is notsand this is notNrrreadAuthorizedKeyFilerClistr"fileobjresultr#r#r$test_ignoresCommentsws z1AuthorizedKeyFileReaderTests.test_ignoresCommentscCs0td}tj|ddd}|dgt|dS)zw L{checkers.readAuthorizedKeyFile} ignores leading whitespace in lines, as well as empty lines sg # ignore not ignored cSrrr#rr#r#r$rrzYAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLines..parseKeys not ignoredNr r r#r#r$*test_ignoresLeadingWhitespaceAndEmptyLiness zGAuthorizedKeyFileReaderTests.test_ignoresLeadingWhitespaceAndEmptyLinescCs4dd}td}tj||d}|dgt|dS)z L{checkers.readAuthorizedKeyFile} does not raise an exception when a key fails to parse (raises a L{twisted.conch.ssh.keys.BadKeyError}), but rather just keeps going cSs|dr td|S)Nfzfailed to parse) startswithrr)liner#r#r$ failOnSomes  zKAuthorizedKeyFileReaderTests.test_ignoresUnparsableKeys..failOnSomesfailed key good keyrsgood keyNr )r"rr rr#r#r$test_ignoresUnparsableKeyssz7AuthorizedKeyFileReaderTests.test_ignoresUnparsableKeysN) r^r_r`rarbrcrrrr#r#r#r$rps  rc@r) InMemorySSHKeyDBTestsz0 Tests for L{checkers.InMemorySSHKeyDB} cCs tddgi}ttj|dS)z_ L{checkers.InMemorySSHKeyDB} implements L{checkers.IAuthorizedKeysDB} rskeyN)rInMemorySSHKeyDBrIAuthorizedKeysDBr"keydbr#r#r$test_implementsInterfacesz.InMemorySSHKeyDBTests.test_implementsInterfacecCs*tddgi}|gt|ddS)z If the user is not in the mapping provided to L{checkers.InMemorySSHKeyDB}, an empty iterator is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rskeysrNrrrCr getAuthorizedKeysrr#r#r$test_noKeysForUnauthorizedUsersz4InMemorySSHKeyDBTests.test_noKeysForUnauthorizedUsercCs0tdddgi}|ddgt|ddS)z If the user is in the mapping provided to L{checkers.InMemorySSHKeyDB}, an iterator with all the keys is returned by L{checkers.InMemorySSHKeyDB.getAuthorizedKeys} rabNrrr#r#r$test_allKeysForAuthorizedUsersz3InMemorySSHKeyDBTests.test_allKeysForAuthorizedUserN) r^r_r`rarbrcrr r#r#r#r#r$rs  rc@sFeZdZdZeZdddZddZdd Zd d Z d d Z ddZ dS)UNIXAuthorizedKeysFilesTestsz8 Tests for L{checkers.UNIXAuthorizedKeysFiles}. reNc Cst||_t|jjtsJ|jt|_|jddddd|jjd|j d|_ |j |j d}| d d d g|_ dS) Nr9r/r;r<zalice lastnamerjrhrs key 1 key 2skey 1skey 2) rrprqrrrsrvrrGrArtrur expectedKeys)r"authorizedKeysr#r#r$r%s$    z"UNIXAuthorizedKeysFilesTests.setUpcCst|j}ttj|dS)zg L{checkers.UNIXAuthorizedKeysFiles} implements L{checkers.IAuthorizedKeysDB}. N)rUNIXAuthorizedKeysFilesrGrrrr#r#r$rs z5UNIXAuthorizedKeysFilesTests.test_implementsInterfacecCs.tj|jddd}|gt|ddS)z If the user is not in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an empty iterator is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. cSrrr#rr#r#r$rrzMUNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUser..rrN)rr'rGrCr rrr#r#r$r sz;UNIXAuthorizedKeysFilesTests.test_noKeysForUnauthorizedUsercCsH|jddtj|jddd}||jdgt| ddS)a If the user is in the user database provided to L{checkers.UNIXAuthorizedKeysFiles}, an iterator with all the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} is returned by L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys}. rskey 3cSrrr#rr#r#r$rrz`UNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUser..rrN) rurtrrr'rGrCr%r rrr#r#r$1test_allKeysInAllAuthorizedFilesForAuthorizedUsers zNUNIXAuthorizedKeysFilesTests.test_allKeysInAllAuthorizedFilesForAuthorizedUsercCs0tj|jddd}||jt|ddS)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they exist. cSrrr#rr#r#r$rrzJUNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFile..rrN)rr'rGrCr%r rrr#r#r$test_ignoresNonexistantFilesz8UNIXAuthorizedKeysFilesTests.test_ignoresNonexistantFilecCs@|jdtj|jddd}||jt| ddS)z L{checkers.UNIXAuthorizedKeysFiles.getAuthorizedKeys} returns only the keys in C{~/.ssh/authorized_keys} and C{~/.ssh/authorized_keys2} if they are readable. rcSrrr#rr#r#r$rrzIUNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFile..rrN) rurtrvrr'rGrCr%r rrr#r#r$test_ignoresUnreadableFile sz7UNIXAuthorizedKeysFilesTests.test_ignoresUnreadableFiler) r^r_r`rarbrcr%rr r(r)r*r#r#r#r$r$s   r$_KeyDBrc@seZdZdZdS)_DummyExceptionz0 Fake exception to be used for testing. N)r^r_r`rar#r#r#r$r,sr,c@sLeZdZdZeZddZddZddZdd Z d d Z d d Z ddZ dS)SSHPublicKeyCheckerTestsz4 Tests for L{checkers.SSHPublicKeyChecker}. cCsDtddtjdtjtjd|_t dd|_ t |j |_ dS)NrrrcSstjtjgSr)rrrrr)_r#r#r$r0sz0SSHPublicKeyCheckerTests.setUp..)r rrrrrrrrr+rrSSHPublicKeyCheckerrlr!r#r#r$r%(szSSHPublicKeyCheckerTests.setUpcCs"d|j_||j|jtdS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that do not have a signature fails with L{ValidPublicKey}. N)r signaturerrlrrr!r#r#r$ test_credentialsWithoutSignature3sz9SSHPublicKeyCheckerTests.test_credentialsWithoutSignaturecCs$d|j_||j|jtjdS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that have a bad key fails with L{keys.BadKeyError}. rN)rrrrlrrrr!r#r#r$test_credentialsWithBadKey=sz3SSHPublicKeyCheckerTests.test_credentialsWithBadKeycCs$tj|j_||j|jtdS)z If L{checkers.IAuthorizedKeysDB.getAuthorizedKeys} returns no keys that match the credentials, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. N)rpublicDSA_opensshrrrrlrr r!r#r#r$test_credentialsNoMatchingKeyGs z6SSHPublicKeyCheckerTests.test_credentialsNoMatchingKeycCs2tjtjd|j_||j |jt dS)z Calling L{checkers.SSHPublicKeyChecker.requestAvatarId} with credentials that are incorrectly signed fails with L{UnauthorizedLogin}. rN) rrrrrrrr0rrlrr r!r#r#r$ test_credentialsInvalidSignatureSsz9SSHPublicKeyCheckerTests.test_credentialsInvalidSignaturecCs<dd}|tjd|||j|jt|t dS)z If L{keys.Key.verify} raises an exception, L{checkers.SSHPublicKeyChecker.requestAvatarId} fails with L{UnauthorizedLogin}. c_str)r,)argskwargsr#r#r$failgsz?SSHPublicKeyCheckerTests.test_failureVerifyingKey..failverifyN) rBrrrrlrrr rr,)r"r8r#r#r$test_failureVerifyingKey`s z1SSHPublicKeyCheckerTests.test_failureVerifyingKeycCs$|j|j}|d||dS)zu L{checker.SSHPublicKeyChecker.requestAvatarId}, if successful, callbacks with the username. rN)rlrrrCrrr#r#r$test_usernameReturnedOnSuccessqsz7SSHPublicKeyCheckerTests.test_usernameReturnedOnSuccessN) r^r_r`rarbrcr%r1r2r4r5r:r;r#r#r#r$r-!s     r-)ArarUbase64r collectionsriortypingrrs__annotations__r* ImportErrorrzope.interface.verifyrtwisted.cred.checkersrtwisted.cred.credentialsr r r r twisted.cred.errorr rtwisted.internet.deferrtwisted.pythonrtwisted.python.fakepwdrrtwisted.python.filepathrtwisted.python.reflectrtwisted.test.test_processrtwisted.trial.unittestrrb twisted.conchrtwisted.conch.errorrrtwisted.conch.sshrtwisted.conch.testrgetattrrrrdrrrrr$r+ Exceptionr,r-r#r#r#r$s\                 fKX14" P