41 lines
1.6 KiB
Python
41 lines
1.6 KiB
Python
|
from __future__ import annotations
|
||
|
|
|
||
|
|
import subprocess
|
||
|
|
from pathlib import Path
|
||
|
|
from tempfile import TemporaryDirectory
|
||
|
|
|
||
|
|
from django import forms
|
||
|
|
from django.test import SimpleTestCase
|
||
|
|
|
||
|
|
from pobsync_backend.forms import normalize_private_key, validate_ssh_private_key
|
||
|
|
|
||
|
|
|
||
|
|
class SshCredentialValidationTests(SimpleTestCase):
|
||
|
|
def test_normalize_private_key_repairs_wrapped_openssh_body(self) -> None:
|
||
|
|
with TemporaryDirectory() as tmp:
|
||
|
|
key_path = Path(tmp) / "identity"
|
||
|
|
subprocess.run(
|
||
|
|
["ssh-keygen", "-t", "ed25519", "-N", "", "-C", "test", "-f", str(key_path)],
|
||
|
|
check=True,
|
||
|
|
stdout=subprocess.PIPE,
|
||
|
|
stderr=subprocess.PIPE,
|
||
|
|
text=True,
|
||
|
|
)
|
||
|
|
private_key = key_path.read_text(encoding="utf-8")
|
||
|
|
|
||
|
|
begin_marker = "-----BEGIN OPENSSH PRIVATE KEY-----"
|
||
|
|
end_marker = "-----END OPENSSH PRIVATE KEY-----"
|
||
|
|
body = private_key.split(begin_marker, 1)[1].split(end_marker, 1)[0]
|
||
|
|
damaged_body = " \n ".join(body.split())
|
||
|
|
damaged_key = f"{begin_marker}\n{damaged_body}\n{end_marker}"
|
||
|
|
|
||
|
|
normalized_key = normalize_private_key(damaged_key)
|
||
|
|
|
||
|
|
self.assertEqual(validate_ssh_private_key(normalized_key), validate_ssh_private_key(private_key))
|
||
|
|
|
||
|
|
def test_validate_private_key_rejects_pem_key_with_actionable_message(self) -> None:
|
||
|
|
with self.assertRaises(forms.ValidationError) as exc:
|
||
|
|
validate_ssh_private_key("-----BEGIN RSA PRIVATE KEY-----\nabc\n-----END RSA PRIVATE KEY-----")
|
||
|
|
|
||
|
|
self.assertIn("PEM private keys are not supported", str(exc.exception))
|