derivepassphrase.git

@@ -864,30 +864,21 @@ class Feature(str, enum.Enum):

         reporting whether this can principally work, or not.

         """

-        import sys  # noqa: PLC0415

-

-        import exceptiongroup  # noqa: PLC0415

-

+        # Because BuiltinSSHAgentSocketProvider.test tests the same

+        # thing, just specific to a certain socket provider, we delegate

+        # to that test... not only out of laziness, but also out of

+        # consistency, avoiding two reimplementations of the same logic.

         from derivepassphrase import ssh_agent  # noqa: PLC0415

-        if sys.version_info < (3, 11):

-            from exceptiongroup import BaseExceptionGroup  # noqa: PLC0415

-

-        ret = True

-

-        def handle_notimplementederror(

-            _exc: BaseExceptionGroup,

-        ) -> None:  # pragma: no cover [unused]

-            nonlocal ret

-            ret = False

-

-        with exceptiongroup.catch({  # noqa: SIM117

-            NotImplementedError: handle_notimplementederror,

-            Exception: lambda _exc: None,

-        }):

-            with ssh_agent.SSHAgentClient.ensure_agent_subcontext():

-                pass

-        return ret

+        for provider_name in ssh_agent.SSHAgentClient.SOCKET_PROVIDERS:

+            try:

+                provider = BuiltinSSHAgentSocketProvider(provider_name)

+            except ValueError:

+                continue

+            else:

+                if provider.test():

+                    return True

+        return False

     def test(self, *_args: Any, **_kwargs: Any) -> bool:  # noqa: ANN401

         """Return true if this feature is enabled."""

@@ -1018,6 +1009,123 @@ class Subcommand(str, enum.Enum):

     __format__ = str.__format__  # type: ignore[assignment]

+class BuiltinSSHAgentSocketProvider(str, enum.Enum):

+    """SSH agent socket providers built into `derivepassphrase`.

+

+    Attributes:

+        SSH_AUTH_SOCK_ON_POSIX:

+            A socket provider (on POSIX) that queries the

+            `SSH_AUTH_SOCK` environment variable.

+        SSH_AUTH_SOCK_ON_WINDOWS:

+            A socket provider (on The Annoying OS, a.k.a. Microsoft

+            Windows) that queries the `SSH_AUTH_SOCK` environment

+            variable.

+        PAGEANT_ON_WINDOWS:

+            A socket provider (on The Annoying OS, a.k.a. Microsoft

+            Windows) that connects to Pageant's standard socket.  The

+            socket address is computed by the socket provider.

+        OPENSSH_ON_WINDOWS:

+            A socket provider (on The Annoying OS, a.k.a. Microsoft

+            Windows) that connects to OpenSSH on Windows's standard

+            socket.  The socket address is hardcoded by the socket

+            provider.

+        STUB_AGENT:

+            A basic fake agent's socket provider that only reacts to

+            known test keys.  Used by the test suite.

+        STUB_AGENT_WITH_ADDRESS:

+            A more orchestratable fake agent's socket provider, compared

+            to [`STUB_AGENT`][], that only reacts to known test keys.

+            Used by the test suite.

+        STUB_AGENT_WITH_ADDRESS_AND_DETERMINISTIC_DSA:

+            An elaborate fake agent's socket provider that only reacts

+            to known test keys.  Used by the test suite.

+        SSH_AUTH_SOCK:

+            A registry alias for [`SSH_AUTH_SOCK_ON_POSIX`][].

+        UNIX_DOMAIN:

+            A registry alias for [`SSH_AUTH_SOCK_ON_POSIX`][].

+        POSIX:

+            A registry alias for [`UNIX_DOMAIN`][].

+        WINDOWS_NAMED_PIPE:

+            A registry alias for [`SSH_AUTH_SOCK_ON_WINDOWS`][].

+        WINDOWS:

+            A registry alias for [`WINDOWS_NAMED_PIPE`][].

+        NATIVE:

+            A registry alias for [`WINDOWS`][] if on The Annoying OS, or

+            for [`POSIX`][] otherwise.

+

+    """

+

+    SSH_AUTH_SOCK_ON_POSIX = "ssh_auth_sock_on_posix"

+    """"""

+    SSH_AUTH_SOCK_ON_WINDOWS = "ssh_auth_sock_on_windows"

+    """"""

+    PAGEANT_ON_WINDOWS = "pageant_on_windows"

+    """"""

+    OPENSSH_ON_WINDOWS = "openssh_on_windows"

+    """"""

+

+    STUB_AGENT = "stub_agent"

+    """"""

+    STUB_AGENT_WITH_ADDRESS = "stub_agent_with_address"

+    """"""

+    STUB_AGENT_WITH_ADDRESS_AND_DETERMINISTIC_DSA = (

+        "stub_agent_with_address_and_deterministic_dsa"

+    )

+    """"""

+

+    SSH_AUTH_SOCK = "ssh_auth_sock"

+    """"""

+    UNIX_DOMAIN = "unix_domain"

+    """"""

+    POSIX = "posix"

+    """"""

+    WINDOWS_NAMED_PIPE = "windows_named_pipe"

+    """"""

+    WINDOWS = "windows"

+    """"""

+    NATIVE = "native"

+    """"""

+

+    def test(

+        self,

+        *_args: Any,  # noqa: ANN401

+        **_kwargs: Any,  # noqa: ANN401

+    ) -> bool:  # pragma: no cover [external]

+        """Return true if this SSH agent socket provider is available.

+

+        This works by actually attempting to connet to an agent via the

+        socket provider.

+

+        """

+        import sys  # noqa: PLC0415

+

+        import exceptiongroup  # noqa: PLC0415

+

+        from derivepassphrase import ssh_agent  # noqa: PLC0415

+

+        if sys.version_info < (3, 11):

+            from exceptiongroup import BaseExceptionGroup  # noqa: PLC0415

+

+        ret = True

+

+        def handle_notimplementederror(

+            _exc: BaseExceptionGroup,

+        ) -> None:  # pragma: no cover [unused]

+            nonlocal ret

+            ret = False

+

+        with exceptiongroup.catch({  # noqa: SIM117

+            NotImplementedError: handle_notimplementederror,

+            Exception: lambda _exc: None,

+        }):

+            with ssh_agent.SSHAgentClient.ensure_agent_subcontext(conn=[self]):

+                pass

+        return ret

+

+    __str__ = str.__str__

+    __format__ = str.__format__  # type: ignore[assignment]

+

+

 @runtime_checkable

 class SSHAgentSocket(Protocol):

     """An abstract networking socket connected to an SSH agent.

@@ -24,6 +24,8 @@ from ctypes.wintypes import (  # type: ignore[attr-defined]

 )

 from typing import TYPE_CHECKING, cast

+from derivepassphrase import _types

+

 if TYPE_CHECKING:

     from collections.abc import Callable

     from typing import ClassVar

@@ -38,8 +40,6 @@ if TYPE_CHECKING:

         TypeVar,

     )

-    from derivepassphrase import _types

-

     SSHAgentSocketProviderT = TypeVar(

         "SSHAgentSocketProviderT", bound=_types.SSHAgentSocketProvider

     )

@@ -982,20 +982,55 @@ class SocketProvider:

         cls.registry.update(entries.maps[0])

-SocketProvider.registry.update({

-    "ssh_auth_sock_on_posix": SocketProvider.unix_domain_ssh_auth_sock,

-    "pageant_on_windows": SocketProvider.windows_named_pipe_for_pageant,  # noqa: E501

-    "openssh_on_windows": SocketProvider.windows_named_pipe_for_openssh,  # noqa: E501

-    "ssh_auth_sock_on_windows": SocketProvider.windows_named_pipe_ssh_auth_sock,  # noqa: E501

+SocketProvider.registry.update([

+    (

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+        SocketProvider.unix_domain_ssh_auth_sock,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.PAGEANT_ON_WINDOWS,

+        SocketProvider.windows_named_pipe_for_pageant,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.OPENSSH_ON_WINDOWS,

+        SocketProvider.windows_named_pipe_for_openssh,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS,

+        SocketProvider.windows_named_pipe_ssh_auth_sock,

+    ),

     # known instances

-    "stub_agent": None,

-    "stub_agent_with_address": None,

-    "stub_agent_with_address_and_deterministic_dsa": None,

+    (_types.BuiltinSSHAgentSocketProvider.STUB_AGENT, None),

+    (_types.BuiltinSSHAgentSocketProvider.STUB_AGENT_WITH_ADDRESS, None),

+    (

+        _types.BuiltinSSHAgentSocketProvider.STUB_AGENT_WITH_ADDRESS_AND_DETERMINISTIC_DSA,

+        None,

+    ),

     # aliases

-    "ssh_auth_sock": "ssh_auth_sock_on_posix",

-    "unix_domain": "ssh_auth_sock_on_posix",

-    "posix": "unix_domain",

-    "windows_named_pipe": "ssh_auth_sock_on_windows",

-    "windows": "windows_named_pipe",

-    "native": "windows" if os.name == "nt" else "posix",

-})

+    (

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK,

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN,

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.POSIX,

+        _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE,

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS,

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE,

+    ),

+    (

+        _types.BuiltinSSHAgentSocketProvider.NATIVE,

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS

+        if os.name == "nt"

+        else _types.BuiltinSSHAgentSocketProvider.POSIX,

+    ),

+])

@@ -354,8 +354,10 @@ class VaultTestConfig(NamedTuple):

 ssh_auth_sock_on_posix_entry = _types.SSHAgentSocketProviderEntry(

-    socketprovider.SocketProvider.resolve("ssh_auth_sock_on_posix"),

-    "ssh_auth_sock_on_posix",

+    socketprovider.SocketProvider.resolve(

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX

+    ),

+    _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

     (),

 )

 """

@@ -364,8 +366,10 @@ domain socket handler on POSIX systems.

 """

 ssh_auth_sock_on_windows_entry = _types.SSHAgentSocketProviderEntry(

-    socketprovider.SocketProvider.resolve("ssh_auth_sock_on_windows"),

-    "ssh_auth_sock_on_windows",

+    socketprovider.SocketProvider.resolve(

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS

+    ),

+    _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS,

     (),

 )

 """

@@ -384,7 +388,11 @@ is not a callable.

 """

 faulty_entry_name_exists = _types.SSHAgentSocketProviderEntry(

-    socketprovider.SocketProvider.resolve("windows"), "posix", ()

+    socketprovider.SocketProvider.resolve(

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS

+    ),

+    _types.BuiltinSSHAgentSocketProvider.POSIX,

+    (),

 )

 """

 A faulty [`_types.SSHAgentSocketProviderEntry`][]: the indicated handler

@@ -392,9 +400,14 @@ is already registered with a different callable.

 """

 faulty_entry_alias_exists = _types.SSHAgentSocketProviderEntry(

-    socketprovider.SocketProvider.resolve("ssh_auth_sock_on_posix"),

-    "ssh_auth_sock_on_posix",

-    ("unix_domain", "windows_named_pipes"),

+    socketprovider.SocketProvider.resolve(

+        _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX

+    ),

+    _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+    (

+        _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN,

+        _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE,

+    ),

 )

 """

 A faulty [`_types.SSHAgentSocketProviderEntry`][]: the alias is already

@@ -334,7 +334,7 @@ class SystemSupportAction(str, enum.Enum):

             )

         elif self in {self.UNSET_NATIVE, self.UNSET_NATIVE_AND_ENSURE_USE}:

             self.check_or_ensure_use(

-                "native",

+                _types.BuiltinSSHAgentSocketProvider.NATIVE,

                 monkeypatch=monkeypatch,

                 ensure_use=(self == self.UNSET_NATIVE_AND_ENSURE_USE),

             )

@@ -343,14 +343,14 @@ class SystemSupportAction(str, enum.Enum):

             monkeypatch.delattr(ctypes, "windll", raising=False)

         elif self in {self.UNSET_AF_UNIX, self.UNSET_AF_UNIX_AND_ENSURE_USE}:

             self.check_or_ensure_use(

-                "posix",

+                _types.BuiltinSSHAgentSocketProvider.POSIX,

                 monkeypatch=monkeypatch,

                 ensure_use=(self == self.UNSET_AF_UNIX_AND_ENSURE_USE),

             )

             monkeypatch.delattr(socket, "AF_UNIX", raising=False)

         elif self in {self.UNSET_WINDLL, self.UNSET_WINDLL_AND_ENSURE_USE}:

             self.check_or_ensure_use(

-                "windows",

+                _types.BuiltinSSHAgentSocketProvider.WINDOWS,

                 monkeypatch=monkeypatch,

                 ensure_use=(self == self.UNSET_WINDLL_AND_ENSURE_USE),

             )

@@ -110,7 +110,12 @@ class Parametrize(types.SimpleNamespace):

         ],

     )

     EXISTING_REGISTRY_ENTRIES = pytest.mark.parametrize(

-        "existing", ["ssh_auth_sock_on_posix", "ssh_auth_sock_on_windows"]

+        "existing",

+        [

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS,

+        ],

+        ids=str,

     )

     SSH_STRING_EXCEPTIONS = pytest.mark.parametrize(

         ["input", "exc_type", "exc_pattern"],

@@ -809,7 +814,10 @@ class TestSSHAgentSocketProviderRegistry:

         # entry ultimately resolves to a different provider.  They needn't

         # technically be leaves of the socket provider forest, but "leaves"

         # emphasizes the quality we are looking for.

-        leaves = ["posix", "windows"]

+        leaves = [

+            _types.BuiltinSSHAgentSocketProvider.POSIX,

+            _types.BuiltinSSHAgentSocketProvider.WINDOWS,

+        ]

         assert all([isinstance(registry.get(leaf), str) for leaf in leaves]), (

             "Registry is shaped incompatibly; cannot determine base entries"

         )

@@ -887,14 +895,14 @@ class TestSSHAgentSocketProviderRegistry:

         provider = socketprovider.SocketProvider.resolve(existing)

         new_registry = {

-            "ssh_auth_sock_on_posix": socketprovider.SocketProvider.resolve(

-                "ssh_auth_sock_on_posix"

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX: socketprovider.SocketProvider.resolve(

+                _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX

             ),

-            "ssh_auth_sock_on_windows": socketprovider.SocketProvider.resolve(

-                "ssh_auth_sock_on_windows"

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS: socketprovider.SocketProvider.resolve(

+                _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS

             ),

-            "unix_domain": "ssh_auth_sock_on_posix",

-            "windows_named_pipe": "ssh_auth_sock_on_windows",

+            _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN: _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX,

+            _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE: _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS,

         }

         names = [

             k

@@ -7,17 +7,14 @@

 from __future__ import annotations

 import contextlib

-from typing import TYPE_CHECKING

 import pytest

 from hypothesis import stateful, strategies

+from derivepassphrase import _types

 from derivepassphrase.ssh_agent import socketprovider

 from tests.machinery import pytest as pytest_machinery

-if TYPE_CHECKING:

-    from derivepassphrase import _types

-

 # All tests in this module are heavy-duty tests.

 pytestmark = [pytest_machinery.heavy_duty]

@@ -151,19 +148,30 @@ class SSHAgentSocketProviderRegistryStateMachine(

         self.registry: dict[

             str, _types.SSHAgentSocketProvider | str | None

         ] = {

-            "ssh_auth_sock_on_posix": self.orig_registry[

-                "ssh_auth_sock_on_posix"

-            ],

-            "ssh_auth_sock_on_windows": self.orig_registry[

-                "ssh_auth_sock_on_windows"

-            ],

-            "native": (

-                "windows_named_pipe"

-                if self.orig_registry["native"] == "windows"

-                else "unix_domain"

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX: (

+                self.orig_registry[

+                    _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX

+                ]

+            ),

+            _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS: (

+                self.orig_registry[

+                    _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS

+                ]

+            ),

+            _types.BuiltinSSHAgentSocketProvider.NATIVE: (

+                _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE

+                if self.orig_registry[

+                    _types.BuiltinSSHAgentSocketProvider.NATIVE

+                ]

+                == _types.BuiltinSSHAgentSocketProvider.WINDOWS

+                else _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN

+            ),

+            _types.BuiltinSSHAgentSocketProvider.UNIX_DOMAIN: (

+                _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_POSIX

+            ),

+            _types.BuiltinSSHAgentSocketProvider.WINDOWS_NAMED_PIPE: (

+                _types.BuiltinSSHAgentSocketProvider.SSH_AUTH_SOCK_ON_WINDOWS

             ),

-            "unix_domain": "ssh_auth_sock_on_posix",

-            "windows_named_pipe": "windows_named_pipe",

         }

         self.monkeypatch.setattr(

             socketprovider.SocketProvider, "registry", self.registry