Files
@ 5e176c2a3067
Branch filter:
Location: gimmecert/tests/conftest.py - annotation
5e176c2a3067
8.4 KiB
text/x-python
GC-37: Parametrise a couple of storage test functions to cover ECDSA as well.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 | fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff a1219ebc2188 a1219ebc2188 fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff 89d391511fdb fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff 52d85e47faa0 52d85e47faa0 fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff 89d391511fdb fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff 89d391511fdb fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff de1cc2505a56 fec20b53b9ff fec20b53b9ff fec20b53b9ff fec20b53b9ff 70b0277c55dc fec20b53b9ff fec20b53b9ff fec20b53b9ff 70b0277c55dc fec20b53b9ff fec20b53b9ff 1ef5f76a8224 fec20b53b9ff fec20b53b9ff fec20b53b9ff 1ef5f76a8224 fec20b53b9ff fec20b53b9ff 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 52d85e47faa0 52d85e47faa0 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 0ee05781e722 de1cc2505a56 0ee05781e722 0ee05781e722 | # -*- coding: utf-8 -*-
#
# Copyright (C) 2018 Branko Majic
#
# This file is part of Gimmecert.
#
# Gimmecert is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option) any
# later version.
#
# Gimmecert is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# Gimmecert. If not, see <http://www.gnu.org/licenses/>.
#
import collections
import io
import gimmecert
import gimmecert.crypto
import gimmecert.storage
import pytest
@pytest.fixture
def key_with_csr(tmpdir):
"""
Fixture that generates a private key and CSR within tmpdir, and
provides information about them.
The following artefacts are generated in the directory:
- custom_csr/mycustom.key.pem (private key in OpenSSL-style PEM format)
- custom_csr/mycustom.csr.pem (CSR in OpenSSL-style PEM format)
:param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
:type tmpdir: py.path.local
:returns: Named tuple that describes the generated private key and CSR. The following properties are made available:
private_key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) - private key object.
private_key_path (str) - path to generated private key.
private_key_pem (str) - private key in OpenSSL-style PEM format.
csr (cryptography.x509.CertificateSigningRequest) - CSR object.
csr_path (str) - path to generated CSR.
csr_pem (str) - CSR in OpenSSL-style PEM format.
:rtype: collections.namedtuple
"""
# Convenience named tuple for accessing generated artefacts.
TestKeyWithCSR = collections.namedtuple('TestKeyWithCSR', 'private_key, private_key_path, private_key_pem, csr, csr_path, csr_pem')
# Set-up directory for holding custom CSRs.
custom_csr_dir = tmpdir.ensure('custom_csr', dir=True)
# Set-up naming and some files.
name = "mycustom"
private_key_file = custom_csr_dir.join("%s.key.pem" % name)
csr_file = custom_csr_dir.join("%s.csr.pem" % name)
# Generate private key and CSR, and output them.
private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
csr = gimmecert.crypto.generate_csr(name, private_key)
gimmecert.storage.write_private_key(private_key, private_key_file.strpath)
gimmecert.storage.write_csr(csr, csr_file.strpath)
private_key_pem = private_key_file.read()
csr_pem = csr_file.read()
return TestKeyWithCSR(private_key, private_key_file.strpath, private_key_pem, csr, csr_file.strpath, csr_pem)
@pytest.fixture
def sample_project_directory(tmpdir):
"""
Fixture that initialises a sample Gimmecert project within tmpdir,
and issues a couple of client and server certificates using
different methods (internal private key generation + issuance via
CSR).
Initialised CA hierarchy is 1 level deep, with basename used being
identical to temporary directory base name, and it uses 2048-bit
RSA keys.
The following server certificates are issued:
- server-with-csr-1 (server certificate, issued using custom CSR)
- server-with-csr-2 (server certificate, issued using custom CSR)
- server-with-privkey-1 (server certificate, Gimmecert-generated private key)
- server-with-privkey-2 (server certificate, Gimmecert-generated private key)
- client-with-csr-1 (client certificate, issued using custom CSR)
- client-with-csr-2 (client certificate, issued using custom CSR)
- client-with-privkey-1 (client certificate, Gimmecert-generated private key)
- client-with-privkey-2 (client certificate, Gimmecert-generated private key)
The following artefacts are created "external" to Gimmecert
standard usage, mainly for the purpose of issuing certificates
using CSR:
- custom_csr/server-with-csr-1.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing server-with-csr-1 certificate)
- custom_csr/server-with-csr-1.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-1 certificate)
- custom_csr/server-with-csr-2.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing server-with-csr-2 certificate)
- custom_csr/server-with-csr-2.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-2 certificate)
- custom_csr/client-with-csr-1.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing client-with-csr-1 certificate)
- custom_csr/client-with-csr-1.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-1 certificate)
- custom_csr/client-with-csr-2.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing client-with-csr-2 certificate)
- custom_csr/client-with-csr-2.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-2 certificate)
:param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
:type tmpdir: py.path.local
:returs: Parent directory where Gimmecert has been initialised. Essentially the tmpdir fixture.
:rtype: py.path.local
"""
# Total amount of each type certificate to issue.
per_type_count = 2
# Set-up directory for holding custom CSRs.
custom_csr_dir = tmpdir.ensure('custom_csr', dir=True)
# Set-up some custom CSRs.
for i in range(1, per_type_count + 1):
# Used in generated samples.
name = "server-with-csr-%d" % i
private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
csr = gimmecert.crypto.generate_csr(name, private_key)
gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)
gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)
# Used in generated samples.
name = "client-with-csr-%d" % i
private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
csr = gimmecert.crypto.generate_csr(name, private_key)
gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)
gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)
# Initialise one-level deep hierarchy.
gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048))
# Issue a bunch of certificates.
for i in range(1, per_type_count + 1):
entity_name = "server-with-privkey-%d" % i
gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, None, None)
entity_name = "server-with-csr-%d" % i
custom_csr_path = custom_csr_dir.join("server-with-csr-%d.csr.pem" % i).strpath
gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, custom_csr_path, None)
entity_name = "client-with-privkey-%d" % i
gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, None)
entity_name = "client-with-csr-%d" % i
custom_csr_path = custom_csr_dir.join("client-with-csr-%d.csr.pem" % i).strpath
gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, custom_csr_path, None)
return tmpdir
@pytest.fixture
def gctmpdir(tmpdir):
"""
Fixture that initialises Gimmecert project within tmpdir with a
simple CA hierarchy.
Initialised CA hierarchy is 1 level deep, with basename used being
identical to temporary directory base name, and it uses 2048-bit
RSA keys.
The fixture is useful in testing of commands where the CA
hierarchy does not matter (almost anything except init/status
commands).
:param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
:type tmpdir: py.path.local
:returs: Parent directory where Gimmecert has been initialised. Essentially the tmpdir fixture.
:rtype: py.path.local
"""
# Initialise one-level deep hierarchy.
gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048))
return tmpdir
|