diff options
| -rw-r--r-- | tests/_support/ecdsa-256.key-cert.pub (renamed from tests/_support/ecdsa_256.key-cert.pub) | 0 | ||||
| -rw-r--r-- | tests/_support/ecdsa_256.key | 5 | ||||
| -rw-r--r-- | tests/agent.py | 13 | ||||
| -rw-r--r-- | tests/conftest.py | 14 | ||||
| -rw-r--r-- | tests/test_client.py | 4 |
5 files changed, 26 insertions, 10 deletions
diff --git a/tests/_support/ecdsa_256.key-cert.pub b/tests/_support/ecdsa-256.key-cert.pub index f2c93ccf..f2c93ccf 100644 --- a/tests/_support/ecdsa_256.key-cert.pub +++ b/tests/_support/ecdsa-256.key-cert.pub diff --git a/tests/_support/ecdsa_256.key b/tests/_support/ecdsa_256.key deleted file mode 100644 index 42d44734..00000000 --- a/tests/_support/ecdsa_256.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIKB6ty3yVyKEnfF/zprx0qwC76MsMlHY4HXCnqho2eKioAoGCCqGSM49 -AwEHoUQDQgAElI9mbdlaS+T9nHxY/59lFnn80EEecZDBHq4gLpccY8Mge5ZTMiMD -ADRvOqQ5R98Sxst765CAqXmRtz8vwoD96g== ------END EC PRIVATE KEY----- diff --git a/tests/agent.py b/tests/agent.py index 8e859289..fdc80eba 100644 --- a/tests/agent.py +++ b/tests/agent.py @@ -76,6 +76,19 @@ class AgentKey_: key = AgentKey(agent=None, blob=keys.pkey.asbytes()) assert key.get_bits() == keys.pkey.get_bits() + class asbytes: + def defaults_to_owned_blob(self): + blob = Mock() + assert _BareAgentKey(name=None, blob=blob).asbytes() is blob + + def defers_to_inner_key_when_present(self, keys): + key = AgentKey(agent=None, blob=keys.pkey_with_cert.asbytes()) + # Artificially make outer key blob != inner key blob; comment in + # AgentKey.asbytes implies this can sometimes really happen but I + # no longer recall when that could be? + key.blob = b"nope" + assert key.asbytes() == key.inner_key.asbytes() + @mark.parametrize( "kwargs,expectation", [ diff --git a/tests/conftest.py b/tests/conftest.py index 6824ff0d..b56f5353 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -15,6 +15,7 @@ from paramiko import ( RSAKey, Ed25519Key, ECDSAKey, + PKey, ) from ._loop import LoopSocket @@ -132,6 +133,7 @@ key_data = [ ], ] for datum in key_data: + # Add true first member with human-facing short algo name short = datum[0].replace("ssh-", "").replace("sha2-nistp", "") datum.insert(0, short) @@ -145,8 +147,8 @@ def keys(request): - ``full_type``: the "message style" key identifier, eg ``ssh-rsa``, or ``ecdsa-sha2-nistp256``. - ``path``: a pathlib Path object to the fixture key file - - ``pkey``: an instantiated PKey subclass object - - ``fingerprint``: the expected fingerprint of said key + - ``pkey``: PKey object, which may or may not also have a cert loaded + - ``expected_fp``: the expected fingerprint of said key """ short_type, key_type, key_class, fingerprint = request.param bag = Lexicon() @@ -155,5 +157,11 @@ def keys(request): bag.path = Path(_support(f"{short_type}.key")) with bag.path.open() as fd: bag.pkey = key_class.from_private_key(fd) - bag.fingerprint = fingerprint + bag.expected_fp = fingerprint + # Also tack on the cert-bearing variant for some tests + cert = bag.path.with_suffix(".key-cert.pub") + if cert.exists(): + bag.pkey_with_cert = PKey.from_path(cert) + # Safety checks + assert bag.pkey.fingerprint == fingerprint yield bag diff --git a/tests/test_client.py b/tests/test_client.py index 5ce6f0a2..1c0c6c84 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -327,7 +327,7 @@ class SSHClientTest(ClientTest): # They're similar except for which path is given; the expected auth and # server-side behavior is 100% identical.) # NOTE: only bothered whipping up one cert per overall class/family. - for type_ in ("rsa", "dss", "ecdsa_256", "ed25519"): + for type_ in ("rsa", "dss", "ecdsa-256", "ed25519"): key_path = _support(f"{type_}.key") self._test_connection( key_filename=key_path, @@ -342,7 +342,7 @@ class SSHClientTest(ClientTest): # about the server-side key object's public blob. Thus, we can prove # that a specific cert was found, along with regular authorization # succeeding proving that the overall flow works. - for type_ in ("rsa", "dss", "ecdsa_256", "ed25519"): + for type_ in ("rsa", "dss", "ecdsa-256", "ed25519"): key_path = _support(f"{type_}.key") self._test_connection( key_filename=key_path, |