summaryrefslogtreecommitdiffhomepage
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/_support/ecdsa-256.key-cert.pub (renamed from tests/_support/ecdsa_256.key-cert.pub)0
-rw-r--r--tests/_support/ecdsa_256.key5
-rw-r--r--tests/agent.py13
-rw-r--r--tests/conftest.py14
-rw-r--r--tests/test_client.py4
5 files changed, 26 insertions, 10 deletions
diff --git a/tests/_support/ecdsa_256.key-cert.pub b/tests/_support/ecdsa-256.key-cert.pub
index f2c93ccf..f2c93ccf 100644
--- a/tests/_support/ecdsa_256.key-cert.pub
+++ b/tests/_support/ecdsa-256.key-cert.pub
diff --git a/tests/_support/ecdsa_256.key b/tests/_support/ecdsa_256.key
deleted file mode 100644
index 42d44734..00000000
--- a/tests/_support/ecdsa_256.key
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIKB6ty3yVyKEnfF/zprx0qwC76MsMlHY4HXCnqho2eKioAoGCCqGSM49
-AwEHoUQDQgAElI9mbdlaS+T9nHxY/59lFnn80EEecZDBHq4gLpccY8Mge5ZTMiMD
-ADRvOqQ5R98Sxst765CAqXmRtz8vwoD96g==
------END EC PRIVATE KEY-----
diff --git a/tests/agent.py b/tests/agent.py
index 8e859289..fdc80eba 100644
--- a/tests/agent.py
+++ b/tests/agent.py
@@ -76,6 +76,19 @@ class AgentKey_:
key = AgentKey(agent=None, blob=keys.pkey.asbytes())
assert key.get_bits() == keys.pkey.get_bits()
+ class asbytes:
+ def defaults_to_owned_blob(self):
+ blob = Mock()
+ assert _BareAgentKey(name=None, blob=blob).asbytes() is blob
+
+ def defers_to_inner_key_when_present(self, keys):
+ key = AgentKey(agent=None, blob=keys.pkey_with_cert.asbytes())
+ # Artificially make outer key blob != inner key blob; comment in
+ # AgentKey.asbytes implies this can sometimes really happen but I
+ # no longer recall when that could be?
+ key.blob = b"nope"
+ assert key.asbytes() == key.inner_key.asbytes()
+
@mark.parametrize(
"kwargs,expectation",
[
diff --git a/tests/conftest.py b/tests/conftest.py
index 6824ff0d..b56f5353 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -15,6 +15,7 @@ from paramiko import (
RSAKey,
Ed25519Key,
ECDSAKey,
+ PKey,
)
from ._loop import LoopSocket
@@ -132,6 +133,7 @@ key_data = [
],
]
for datum in key_data:
+ # Add true first member with human-facing short algo name
short = datum[0].replace("ssh-", "").replace("sha2-nistp", "")
datum.insert(0, short)
@@ -145,8 +147,8 @@ def keys(request):
- ``full_type``: the "message style" key identifier, eg ``ssh-rsa``, or
``ecdsa-sha2-nistp256``.
- ``path``: a pathlib Path object to the fixture key file
- - ``pkey``: an instantiated PKey subclass object
- - ``fingerprint``: the expected fingerprint of said key
+ - ``pkey``: PKey object, which may or may not also have a cert loaded
+ - ``expected_fp``: the expected fingerprint of said key
"""
short_type, key_type, key_class, fingerprint = request.param
bag = Lexicon()
@@ -155,5 +157,11 @@ def keys(request):
bag.path = Path(_support(f"{short_type}.key"))
with bag.path.open() as fd:
bag.pkey = key_class.from_private_key(fd)
- bag.fingerprint = fingerprint
+ bag.expected_fp = fingerprint
+ # Also tack on the cert-bearing variant for some tests
+ cert = bag.path.with_suffix(".key-cert.pub")
+ if cert.exists():
+ bag.pkey_with_cert = PKey.from_path(cert)
+ # Safety checks
+ assert bag.pkey.fingerprint == fingerprint
yield bag
diff --git a/tests/test_client.py b/tests/test_client.py
index 5ce6f0a2..1c0c6c84 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -327,7 +327,7 @@ class SSHClientTest(ClientTest):
# They're similar except for which path is given; the expected auth and
# server-side behavior is 100% identical.)
# NOTE: only bothered whipping up one cert per overall class/family.
- for type_ in ("rsa", "dss", "ecdsa_256", "ed25519"):
+ for type_ in ("rsa", "dss", "ecdsa-256", "ed25519"):
key_path = _support(f"{type_}.key")
self._test_connection(
key_filename=key_path,
@@ -342,7 +342,7 @@ class SSHClientTest(ClientTest):
# about the server-side key object's public blob. Thus, we can prove
# that a specific cert was found, along with regular authorization
# succeeding proving that the overall flow works.
- for type_ in ("rsa", "dss", "ecdsa_256", "ed25519"):
+ for type_ in ("rsa", "dss", "ecdsa-256", "ed25519"):
key_path = _support(f"{type_}.key")
self._test_connection(
key_filename=key_path,