GC-37: Deduplicate additional tests for validation of CLI arguments:
- Merge the tests for invoking commands without mandatory positional arguments into test for invalid CLI invocations. - Merge the tests for invoking renew commands with conflicting positional arguments into test for invalid CLI invocations.
GC-37: Include ECDSA when testing that commands use correct key specification:
- Updated tests for server, client, and renew commands. - Parametrised the tests so they can cover different sizes of RSA keys, as well as different elliptic curve algorithms.
GC-37: Deduplicate option presence testing from functional tests for ECDSA key specifications:
- Updated the functional tests that cover ECDSA key specifications. - Dropped tests for option presence since those tests already exist in a dedicated functional test. - Dropped testing of invalid invocations - those are better off covered with unit tests already. - Reworded the tests so they make more sense.
GC-37: Deduplicate option presence testing from functional tests for RSA key specifications:
- Updated the functional tests that cover RSA key specifications. - Dropped tests for option presence since those tests already exist in a dedicated functional test. - Dropped testing of invalid invocations - those are better off covered with unit tests already. - Reworded the tests so they make more sense.
GC-37: Update status command to include relevant/correct information about ECDSA algorithms:
- Updated functional test to include case where CA hierarchy has been initialised with the ECDSA keys. - Updated unit tests to include testing of output for entities that use ECDSA keys. - Use the key_specification_from_public_key function to obtain information about key in use (instead of assuming it's RSA).
GC-37: Implement renewals with new private keys for ECDSA when previous certificate was issued using CSR:
- Added functional test that covers the scenario. - Parametrise the unit test used to verify that new key generation follows the same key specification. - Update test for checking if new private key gets generated to use key specification instead of key size.
GC-37: Added ECDSA support for issuing server certificates via server command:
- Added functional test. - Added unit tests. - Updated existing functional test that checks for avertising of curve support for key specification in the init command to be a bit less fragile in case the output gets broken-up into different lines in a slightly different location. - Implement ability to get public key specification out of ECDSA public key. - Expose ECDSA key specification in the server command. - Updated inline documentation.
GC-37: Refactor functional tests or renew command key specification handling:
- Generate the custom private keys at top of the test. - Updated wording. - Rename the function to explicitly reference RSA to be consistent with the remaining tests.
GC-37: Refactor functional tests for client command key specification handling:
- Use separate test for checking use of CA hierarchy default key specification. - Use separate test for checking use of --key-specification option. - Do not check public key size in certificate - this is not relevant for this particular functional test, and there are already unit tests that verify correct public key is used.
GC-37: Refactor functional tests for server command key specification handling:
- Use separate test for checking use of CA hierarchy default key specification. - Use separate test for checking use of --key-specification option. - Do not check public key size in certificate - this is not relevant for this particular functional test, and there are already unit tests that verify correct public key is used.
GC-37: Added support for showing key algorithms to the status command:
- Updated functional test for the status command to include a variety of key algorithms and to test for their representation in the output. - Added unit tests. - Updated the status command to extract key algorithm information from the issued certificates and output the information.
GC-37: Added support for requesting custom RSA key size when renewing:
- Added functional test. - Added unit tests. - Updated existing functional test for renew command help to cope with addition of one more option (output lines from help changed). - Added new CLI option for passing-in key specification, used in combination with the --new-private-key option. - Renew command function now accepts key specification parameter. Updated existing code and tests accordingly for the new function signature. - If key specification is not passed-in and new private key is requested, key size is extracted from existing artefacts (e.g. it does not use CA hierarchy's key size).
GC-37: Added support for requesting custom RSA key size when issuing client certificates:
- Added functional test. - Added unit tests. - Added new CLI option to the client command. - Updated the client command to use the passed-in key specification. - Updated existing tests to cope with changes to the client command function signature. - Fixed small typo in docstring for the server command. - Fixed functional test for client command help that expected positional argument in a specific line.
GC-37: Added support for requesting custom RSA key size when issuing server certificates:
- Added functional test. - Added unit tests. - Added new CLI option to the server command. - Updated the server command to use the passed-in key specification. - Updated existing tests to cope with changes to the server command function signature.
- Perform the key specification parsing within CLI module itself, don't do it via crypto module. - Pass-in tuple consisting out of algorithm and associated parameters into the init command instead of key generator. - Updated all tests to accomodate the change in init function signature. - Simplify the KeyGenerator class. - Do not test if KeyGenerator class sets the properties via constructor - it is sufficient to test string represenation and key generation.
GC-37: Added support for requesting custom RSA key size when initialising the CA hierarchy:
- Added functional test. - Added unit tests. - Added new CLI option for specifying the algorithm. - Implemented KeyGenerator factory-like class that can be called to generate a private key with desired specification. - The init init function now accepts a callable that is used to generate private keys. - The generate_ca_hierarchy function now accepts a callable that is used to generate private keys. - Updated existing unit tests to cope with changes to the init and generate_ca_hierarchy function signatures. - Updated existing unit tests to cope with changes to existing functionality. - Updated existing functional tests to cope with changes in command output.
GC-37: Introduce gctmpdir fixture for reducing duplication in tests:
- Fixture can be used to initialise the temporary directory with 1-level deep Gimmecert hierarchy. It is very useful for tests that do not care about hierarchy details, while at the same time being much faster than the sample directory one. - Fixture should not be used for testing of init/status commands (since those heavily test what the hierarchy looks like).
- Updated documentation, removing Python 3.4 as supported version. - Updated documentation to include support for Python 3.7 (this was already supported, but documentation did not list it in a couple of places). - Updated Tox configuration with list of supported Python versions. - Build Python 3.5.x for full test against all Python versions in order to make it independent of underlying distribution Python version. - Update package requirements. - Updated release notes.
GC-35: Freeze time when testing status command outputs:
Freezing the time will ensure the tests can be run in future without having to make modifications for issuance dates - otherwise the tests will fail because certificates will be reported as expired.
GC-26: Fix wrong issuer DN in client and server certificates:
- Updated tests to generate deeper hierarchy so the issue is more likely to be triggered. - Applied necessary fixes (a simple switch to using subject instead of issuer from the issuer certificate - which should be quite obvious).
GC-28: Increase timeout for running interactive commands in tests:
- Running the functional tests from within Vagrant machine that involve interactive commands could result in timeout due to slower execution. Double the timeout to avoid such issues. Long-term might be worth it to look into why this happens at all.
GC-28: Build and install supported Python versions with custom script:
- Drops external dependency on pyenv. - Makes the process actually simpler because pyenv does not play nicely with some built-in tools likes virtualenv/virtualenvwrapper.
GC-28: Added initial set-up for running tests within Vagrant machine:
- Added Vagrantfile that deploys Debian 9 Stretch and provisions it. - Added provisioning script that will set-up multiple Python versions. - Updated development instructions to include information on how to use Vagrant to run all the tests. - Ignore Vagrant artifacts in gitignore.
- List supported Python versions a bit more explicitly (improves readibility/stands out better). - Use dashes instead of asterisks for lists of items (just a syntax change). - Added link to documentation (RTD) to README file.
- Updated package requirements for development to include twine (for the release process). - Added initial version of release script. The script takes care of preparing the local git repository (maintenance branches, tags, updates to release notes and setup.py), as well as pushing the changes to both origin git repository and distribution package to PyPI. - Switched to using version 0.0.0 as development version.
GC-23: Updated documentation related to move of --update-dns-option from server to renew command:
- Updated the server command usage instructions to include reference to --update-dns-option in the renew command. - Added relevant documentation on use of the --update-dns-names option to the usage instructions for renew command. - Update the CLI examples.
GC-23: Removed option to update DNS names from server command:
- Removed functional test. - Dropped the option from CLI. - Dropped the option from command function implementation. - Updating code for new command function signature. - Updated existing unit tests. - Removed unneeded unit tests.
GC-23: Implemend option for updating DNS names for renew command:
- Added functional test covering the new functionality. - Implemented ability to accept new DNS names in the renew command. - Updated existing unit tests for new function signature. - Added unit tests covering the new functionality.
- Fixed invocation of pexepect.spawnu to convert the passed-in arguments explicitly into a list. Necessary since Python 3.4 can't use the *args construct outside of assignment. - Updated the certificate_to_pem function to return str instead of bytes. Necessary since Python 3.4 does not support things like b"%s" % mybytes. - Fixed test for existence of help CLI command. Previous code was referencing a wrong/non-existent function help (the actual name has to be help_ in order not to shadow the built-in function). - Updated unit test invocations that use the read_certificate function. - Updated tests for the read_certificate function.
GC-22: Updated CLI and regular documentation for the new CSR options:
- Updated quick usage instructions to give an example of issuing a server certificate using CSR. - Updated documentation for server, client, and renew commands. - Updated CLI examples to include some usage of the --csr option. - Updated CLI CSR documentation to emphasize that only the public key is taken from the CSR.
GC-22: Updated status command to display path to CSR if certificate was issued using CSR:
- Updated the existing functional test for validating output from the status command on an initialised directory. - Updated status command to check for existence or private key or CSR, and display appropriate message and path to it. - Updated unit tests covering the status command output.
GC-22: Updated renew command to allow reading of CSR from stdin:
- Implemented functional test covering reading of CSR from stdin for the renew command. - Updated renew command CLI help. - Updated renew command to read CSR from stdin if passed-in path is set to '-'. - Implemented relevant unit tests.
GC-22: Updated client command to allow reading of CSR from stdin:
- Implemented functional test covering reading of CSR from stdin for the client command. - Updated client command CLI help. - Updated client command to read CSR from stdin if passed-in path is set to '-'. - Implemented relevant unit tests.
GC-22: Updated server command to allow reading of CSR from stdin:
- Implemented an additional helper for functional tests for running interactive commands. - Implemented functional test covering passing-in CSR to the server command via stdin (interactively). - Updated server command implementation. - Implemented utility function for reading input from user. - Implemented utility function for reading CSR from string in (in OpenSSL-style PEM format) - Fixed some missing imports in the custom pytest fixture. - Implemented relevant unit tests.
GC-22: Server command should refuse to update DNS names if custom CSR was passed-in as well:
- Passing-in the custom CSR means the user wants to create a new entity. Therefore, the case where update of DNS name has been requested in conjunction with passing the CSR, and certificate has already been issued, we need to fail.
GC-22: Refactored server command tests for testing output on success:
- Introduced custom pytest fixture that sets-up a small Gimmecert project. - Introduced custom pytest fixture that sets-up private key with CSR. - Replaced all server command tests that check the resulting output with a parametrised test. One test should actually fail, but this is a bug in implementation. Will fix in subsequent commit. - Introduced separate tests that ensure the server private key or CSR do no get overwritten in case DNS name update is requested.
GC-22: Updated renew command to replace existing private key with CSR if passed-in:
- Added functional test which covers renewal of server and client certificates by generating new private key when previous certificate was issued using custom CSR. - Replace the CSR with generate private key when renewing certificate in case where previous certificate was issued with CSR. - Added unit tests covering new functionality.
GC-22: Updated renew command to replace existing private key with CSR if passed-in:
- Added functional test which covers renewal of server and client certificates using CSR when previous certificate was issued using private key. - Replaced the private key with CSR when renewing certificate using CSR in case where previous certificate was issued with private key. - Updated signature for renew command to accept path to custom CSR. - Updated existing unit tests for new renew command signature. - Added unit tests covering new functionality.
GC-22: Updated renew command to report correct artefact if CSR was originally used for issuing certificate:
- Added functional test for covering the scenario. - Updated printout from the command to display path to CSR if CSR artefact was used for initial (previous) certificate issuance. - Updated existing unit tests and implemented new ones.
GC-22: Implemented issuance of server certificates using passed-in CSR:
- Added functional test. - Expanded server command to accept path to custom CSR file and handle it appropriatelly. - Updated existing unit tests to fix command server invocation. - Added new unit tests.