gimmecert Changelog /tests/test

Changelog - /tests/test_crypto.py @ 5c9e817249b5 - showing 25 out of 25 revisions

branko	5c9e817249b5	8 months ago	GC-45: Update copyright information: GC-45: Update copyright information: - Changes to code base were previously done in 2020 as well (based on git history).
branko	4f3c2c135344	8 months ago	GC-45: Use non-naive datetime objects that include timezone: GC-45: Use non-naive datetime objects that include timezone: - Newer versions of cryptography prefer/insists on use of UTC-based datetime objects with correctly set timezone.
branko	624d5e9c4b4a	8 months ago	GC-45: Replace freezegun with time-machine for data/time-related tests: GC-45: Replace freezegun with time-machine for data/time-related tests: - The freezegun is no longer maintained, and it also does not handle timezones that well. - The time-machine project seems to be actively maintained, and provides the same functionality.
branko	f6352a538b63	4 years ago	GC-37: Parametrise a number of crypto tests to cover ECDSA as well.
branko	6b45f2059746	4 years ago	GC-37: Refactor test for generating CA hierarchy to cover ECDSA as well.
branko	2713380d89c9	4 years ago	GC-37: Merge KeyGenerator tests for correctness of returned private key based on key specification.
branko	c1e15819a020	4 years ago	GC-37: Drop the deprecated/unused generate_private_key function.
branko	89d391511fdb	4 years ago	GC-37: Use KeyGenerator instead of generate_private_key in unit tests: GC-37: Use KeyGenerator instead of generate_private_key in unit tests: - Replaced all uses of generate_private_key with KeyGenerator invocations that explicitly request 2048-bit RSA.
branko	c3e3f7ebf69d	4 years ago	GC-37: Added ECDSA support for issuing server certificates via server command: GC-37: Added ECDSA support for issuing server certificates via server command: - Added functional test. - Added unit tests. - Updated existing functional test that checks for avertising of curve support for key specification in the init command to be a bit less fragile in case the output gets broken-up into different lines in a slightly different location. - Implement ability to get public key specification out of ECDSA public key. - Expose ECDSA key specification in the server command. - Updated inline documentation.
branko	272ebabc4062	4 years ago	GC-37: Added ECDSA support for initialising CA hierarchy: GC-37: Added ECDSA support for initialising CA hierarchy: - Added functional test. - Added unit tests. - Updated key specification parsing to support ECDSA specification using curve name. - Updated KeyGenerator to handle ECDSA private keys generation. - Updated inline documentation.
branko	d52b62b9a9db	4 years ago	GC-37: Use CA hierarchy issuer's key size when generating RSA private keys.
branko	de1cc2505a56	4 years ago	GC-37: Refactor key specification handling: GC-37: Refactor key specification handling: - Perform the key specification parsing within CLI module itself, don't do it via crypto module. - Pass-in tuple consisting out of algorithm and associated parameters into the init command instead of key generator. - Updated all tests to accomodate the change in init function signature. - Simplify the KeyGenerator class. - Do not test if KeyGenerator class sets the properties via constructor - it is sufficient to test string represenation and key generation.
branko	52d85e47faa0	4 years ago	GC-37: Added support for requesting custom RSA key size when initialising the CA hierarchy: GC-37: Added support for requesting custom RSA key size when initialising the CA hierarchy: - Added functional test. - Added unit tests. - Added new CLI option for specifying the algorithm. - Implemented KeyGenerator factory-like class that can be called to generate a private key with desired specification. - The init init function now accepts a callable that is used to generate private keys. - The generate_ca_hierarchy function now accepts a callable that is used to generate private keys. - Updated existing unit tests to cope with changes to the init and generate_ca_hierarchy function signatures. - Updated existing unit tests to cope with changes to existing functionality. - Updated existing functional tests to cope with changes in command output.
branko	127c506a1427	6 years ago	GC-26: Fix wrong issuer DN in client and server certificates: GC-26: Fix wrong issuer DN in client and server certificates: - Updated tests to generate deeper hierarchy so the issue is more likely to be triggered. - Applied necessary fixes (a simple switch to using subject instead of issuer from the issuer certificate - which should be quite obvious).
branko	647208f5016b	6 years ago	GC-22: Implemented issuance of client certificates using passed-in CSR: GC-22: Implemented issuance of client certificates using passed-in CSR: - Added functional test covering the issuance of client certificate using CSR. - Updated default value for the CSR client command option to be explicitly None. - Updated the client command to take in the CSR as an argument and process it accordingly. - Added helpers for generating CSR, as well as writing and reading them to/from file. - Updated existing tests to use new signature for the client command. - Added new unit tests for implemented functionality.
branko	66963b46b7b6	7 years ago	GC-18: Added option for generating a new private key during certificate renewal: GC-18: Added option for generating a new private key during certificate renewal: - Implemented functional test for the new scenario. - Fixed incorrect check for client certificate validity in existing functional test for client certificate renewal. - Updated documentation to include information about generating a new private key during certificate renewal. - Added option of generating a new private key to the renewal command. - Updated existing code to use new signature for renewal command and function. - Added inline function documentation for the renew command code. - Implemented relevant unti tests that cover new option.
branko	861fc9c9d668	7 years ago	GC-18: Added functional renew command implementation: GC-18: Added functional renew command implementation: - Added functional test covering the use of renew command for server and client certificates. - Added new crypto function for renewing a certificate based on existing certificate, issuer private key, and issuer certificate. - Fixed use of incorrect output stream in one of the existing tests for the renew command. - Added unit tests covering new functionality.
branko	a6b448968a50	7 years ago	GC-16: Implemented issuance of client certificates: GC-16: Implemented issuance of client certificates: - Added functional test covering basic issuance of client certificates. - Replaced the dummy command implementation. - Added new crypto function that can be used for issuing TLS client certificates. - Implemented relevant unit tests.
branko	1d67951da5af	7 years ago	GC-15: Implemented functionality for including extra DNS names in server certificates: GC-15: Implemented functionality for including extra DNS names in server certificates: - Added functional test covering the new scenario. - Updated invocations of relevant commands in existing code to pass-in the list of extra DNS names where appropriate. - Updated server command and high-level function for issuing server certificates to accept list of additional DNS subject alternative names to include in certificate. - Fixed existing unit tests. - Added additional unit tests that cover the new function.
branko	080c430be55b	7 years ago	GC-15: Updated server issuance implementation to not exceed the CA validity for server certificates.
branko	7a2919409da2	7 years ago	GC-15: Implemented functionality for issuing a server certificate: GC-15: Implemented functionality for issuing a server certificate: - Added functional test covering the user scenario. - Updated CLI implementation to show user message about issued server artifacts. - Implemented functionality in the server command. - Fixed a small typo in docstring for issue_certificate function. - Implemented high-level crypto function for issuing server certificates. - Implemented additional storage functions for reading an entire CA hierarchy, individual private keys, and individual certificates. - Implemented the necessary unit tests covering newly implemented code.
branko	c033bb4b0a05	7 years ago	GC-3: Updated naming convention for CAs (append CA at end for usability purposes).
branko	11712c273c16	7 years ago	GC-3: Implement option for specifying CA hierarchy depth during initialisation: GC-3: Implement option for specifying CA hierarchy depth during initialisation: - Minor fix for option checks to make the more reliable (for short flags). - Added functional test for initialising a CA hierarchy with custom depth. - Added option for specifying the CA hierarchy depth (defaults to 1). - Updated the init command to accept and process the CA hierarchy depth option correctly. - Updated function used for issuing certificates to accept list of extensions to be added to certificate. - Updated function used for generating the CA hierarchy to add the CA basic constraint extension.
branko	3d36ca733887	7 years ago	GC-3: Implemented function for generating an entire CA hierarchy, provided a base name and depth is passed-in.
branko	9f09715ce550	7 years ago	GC-3: Implemented CA hierarchy initialisation: GC-3: Implemented CA hierarchy initialisation: - Added functional test for initialising hierarchy on a fresh directory. - Implemented the init command. - Added two new modules for working with storage and crypto. - Added cryptography (for certificate issuance and crypto) and python-dateutil (for better handling of certificate validities) as installation dependencies. - Added freezegun as test dependency (helps with testing validity dates). - Implemented necessary unit tests.