Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_invalid_key_request():
with pytest.raises(TypeError):
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, RSA_CA_PRIVATE_KEY_PASSWORD)
get_ssh_certificate_builder(ca, SSHCertificateType.USER, 'bogus')
def test_valid_key_missing_password():
with pytest.raises(TypeError):
get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY)
def test_valid_key_valid_password():
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, RSA_CA_PRIVATE_KEY_PASSWORD)
assert isinstance(ca, RSACertificateAuthority)
assert SSHPublicKeyType.RSA == ca.public_key_type
assert 65537 == ca.e
assert ca.get_signature_key() == RSA_CA_SSH_PUBLIC_KEY
def test_valid_key_not_encrypted_invalid_pass():
with pytest.raises(TypeError):
get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY_NOT_ENCRYPTED, b'bogus')
def test_valid_rsa_request():
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, RSA_CA_PRIVATE_KEY_PASSWORD)
cert_builder = get_ssh_certificate_builder(ca, SSHCertificateType.USER, EXAMPLE_RSA_PUBLIC_KEY)
cert = cert_builder.get_cert_file()
assert isinstance(cert_builder, RSACertificateBuilder)
assert cert.startswith(SSHCertifiedKeyType.RSA)
def test_invalid_key():
with pytest.raises(TypeError):
get_ssh_certificate_authority(b'bogus')
def test_valid_ed25519_request():
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, RSA_CA_PRIVATE_KEY_PASSWORD)
cert_builder = get_ssh_certificate_builder(ca, SSHCertificateType.USER, EXAMPLE_ED25519_PUBLIC_KEY)
cert = cert_builder.get_cert_file()
assert isinstance(cert_builder, ED25519CertificateBuilder)
assert cert.startswith(SSHCertifiedKeyType.ED25519)
def test_valid_key_invalid_password():
with pytest.raises(ValueError):
get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY, b'bogus')
def test_valid_key_not_encrypted():
ca = get_ssh_certificate_authority(RSA_CA_PRIVATE_KEY_NOT_ENCRYPTED)
assert SSHPublicKeyType.RSA == ca.public_key_type
assert 65537 == ca.e
config.getkmsauthkeyids(),
config.get(KMSAUTH_SECTION, KMSAUTH_SERVICE_ID_OPTION),
region
)
# decrypt_token will raise a TokenValidationError if token doesn't match
validator.decrypt_token(
"2/user/{}".format(request.bastion_user),
request.kmsauth_token
)
except TokenValidationError as e:
return error_response('KMSAuthValidationError', str(e))
else:
return error_response('InputValidationError', 'Invalid request, missing kmsauth token')
# Build the cert
ca = get_ssh_certificate_authority(ca_private_key, ca_private_key_password)
cert_builder = get_ssh_certificate_builder(ca, SSHCertificateType.USER,
request.public_key_to_sign)
for username in request.remote_usernames.split(','):
cert_builder.add_valid_principal(username)
cert_builder.set_valid_before(valid_before)
cert_builder.set_valid_after(valid_after)
if certificate_extensions:
for e in certificate_extensions.split(','):
if e:
cert_builder.add_extension(e)
else:
cert_builder.clear_extensions()
# cert_builder is needed to obtain the SSH public key's fingerprint