diff --git a/functional_tests/test_key_specification.py b/functional_tests/test_key_specification.py index 7580c17be710e7049b66ab7b45d03b57b83c4c0e..42a21e5107e86658bb04ef00fbd4357d23a8b286 100644 --- a/functional_tests/test_key_specification.py +++ b/functional_tests/test_key_specification.py @@ -363,41 +363,17 @@ def test_renew_command_key_specification_with_rsa(tmpdir): def test_initialisation_with_ecdsa_key_specification(tmpdir): - # John is looking into using ECDSA keys in his latest project. He - # is already aware that Gimmecert supports use of RSA keys, but he - # hasn't tried using it with ECDSA yet. - - # He checks the help for the init command first to see if he can - # somehow request ECDSA keys to be used instead of RSA. - stdout, _, _ = run_command('gimmecert', 'init', '-h') - - # John noticies there is an option to provide a custom key - # specification to the tool, and that he can request ECDSA keys to - # be used with a specific curve. - assert "--key-specification" in stdout - assert " -k" in stdout - assert "rsa:BIT_LENGTH" in stdout - assert "ecdsa:CURVE_NAME" in stdout - - # John can see a number of curves listed as supported. - assert "curves: " in stdout - assert "secp192r1" in stdout - assert "secp224r1" in stdout - assert "secp256k1" in stdout - assert "secp256r1" in stdout - assert "secp384r1" in stdout - assert "secp521r1" in stdout - - # John switches to his project directory. + # John wnats to initialise a CA hierarchy using ECDSA keys. He + # switches to his project directory. tmpdir.chdir() - # After a short deliberation, he opts to use the secp256r1 curve, - # and initialises his CA hierarchy. + # He decides to use the secp256r1 curve, and initialises his CA + # hierarchy by passing-in the key specification. stdout, stderr, exit_code = run_command('gimmecert', 'init', '--key-specification', 'ecdsa:secp256r1') # Command finishes execution with success, and John notices that - # the tool has informed him of what the private key algorithm is - # in use for the CA hierarchy. + # the tool has informed him about the private key algorithm in use + # for the CA hierarchy. assert exit_code == 0 assert stderr == "" assert "CA hierarchy initialised using secp256r1 ECDSA keys." in stdout @@ -407,7 +383,7 @@ def test_initialisation_with_ecdsa_key_specification(tmpdir): stdout, stderr, exit_code = run_command('openssl', 'ec', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem') assert exit_code == 0 - assert stderr == "read EC key\n" # OpenSSL print this out to stderr no matter what. + assert stderr == "read EC key\n" # OpenSSL prints this out to stderr no matter what. # He notices that although he requested secp256r1, the output from # OpenSSL tool uses its older name from RFC3279 - @@ -428,9 +404,9 @@ def test_initialisation_with_ecdsa_key_specification(tmpdir): def test_server_command_default_key_specification_with_ecdsa(tmpdir): # John is setting-up a project to test some functionality - # revolving around X.509 certificates. He has used RSA extensively - # before, but now he wants to switch to using ECDSA private keys - # instead. + # revolving around the use of X.509 certificates. He has used RSA + # extensively before, but now he wants to switch to using ECDSA + # private keys instead. # He switches to his project directory, and initialises the CA # hierarchy, requesting that secp256r1 ECDSA keys should be used. @@ -455,7 +431,7 @@ def test_server_command_default_key_specification_with_ecdsa(tmpdir): def test_server_command_key_specification_with_ecdsa(tmpdir): # John is setting-up a project where he needs to test performance - # when using different ECDSA private key sizes. + # using different curves for ECDSA keys. # He switches to his project directory, and initialises the CA # hierarchy, requesting that secp192r1 ECDSA keys should be used. @@ -464,38 +440,11 @@ def test_server_command_key_specification_with_ecdsa(tmpdir): # Very soon he realizes that he needs to test performance using # different elliptic curve algorithms for proper comparison. He - # starts off by having a look at the help for the server command - # to see if there is an option that will satisfy his needs. - stdout, stderr, exit_code = run_command("gimmecert", "server", "-h") - - # John notices the option for passing-in a key specification, and - # that he can request ECDSA keys to be used with a specific curve. - assert " --key-specification" in stdout - assert " -k" in stdout - assert "rsa:BIT_LENGTH" in stdout - assert "ecdsa:CURVE_NAME" in stdout - - # John can see a number of curves listed as supported. - assert "curves: " in stdout - assert "secp192r1" in stdout - assert "secp224r1" in stdout - assert "secp256k1" in stdout - assert "secp256r1" in stdout - assert "secp384r1" in stdout - assert "secp521r1" in stdout - - # John goes ahead and tries to issue a server certificate using - # key specification option. - stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r11", "myserver1") - - # Unfortunately, the command fails due to John's typo. - assert exit_code != 0 - assert "invalid key_specification" in stderr - - # John tries again, fixing his typo. + # decides to start off with secp224r1, and issues a new server + # certificate, passing-in the necessary key specification. stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r1", "myserver1") - # This time around he succeeds. + # The process finishes with success. assert exit_code == 0 assert stderr == "" @@ -510,9 +459,9 @@ def test_server_command_key_specification_with_ecdsa(tmpdir): def test_client_command_default_key_specification_with_ecdsa(tmpdir): # John is setting-up a project to test some functionality - # revolving around X.509 certificates. He has used RSA extensively - # before, but now he wants to switch to using ECDSA private keys - # instead. + # revolving around the use of X.509 certificates. He has used RSA + # extensively before, but now he wants to switch to using ECDSA + # private keys instead. # He switches to his project directory, and initialises the CA # hierarchy, requesting that secp256r1 ECDSA keys should be used. @@ -546,38 +495,11 @@ def test_client_command_key_specification_with_ecdsa(tmpdir): # Very soon he realizes that he needs to test performance using # different elliptic curve algorithms for proper comparison. He - # starts off by having a look at the help for the client command - # to see if there is an option that will satisfy his needs. - stdout, stderr, exit_code = run_command("gimmecert", "client", "-h") - - # John notices the option for passing-in a key specification, and - # that he can request ECDSA keys to be used with a specific curve. - assert " --key-specification" in stdout - assert " -k" in stdout - assert "rsa:BIT_LENGTH" in stdout - assert "ecdsa:CURVE_NAME" in stdout - - # John can see a number of curves listed as supported. - assert "curves: " in stdout - assert "secp192r1" in stdout - assert "secp224r1" in stdout - assert "secp256k1" in stdout - assert "secp256r1" in stdout - assert "secp384r1" in stdout - assert "secp521r1" in stdout - - # John goes ahead and tries to issue a client certificate using - # key specification option. - stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r11", "myclient1") - - # Unfortunately, the command fails due to John's typo. - assert exit_code != 0 - assert "invalid key_specification" in stderr - - # John tries again, fixing his typo. + # decides to start off with secp224r1, and issues a new server + # certificate, passing-in the necessary key specification. stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r1", "myclient1") - # This time around he succeeds. + # The process finishes with success. assert exit_code == 0 assert stderr == ""