diff --git a/setup.py b/setup.py index b2b5a277ad7c90669124f1ec45d1e88a9f685e98..03591a64bffa92e6b4943b5a8295eec63fc68e96 100755 --- a/setup.py +++ b/setup.py @@ -40,7 +40,7 @@ test_lint_requirements = [ ] test_requirements = [ - 'freezegun>=1.3,<1.4', + 'time-machine>=2.13,<2.14', 'pytest>=8.0,<8.1', 'pytest-cov>=4.1,<4.2', 'tox>=4.13,<4.14', diff --git a/tests/test_commands.py b/tests/test_commands.py index 5d85800e0504d5123f126175337bec9d0f128e46..7dbdedc52026995aaaa3d7a4f8b652064f8a309d 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -19,6 +19,7 @@ # import argparse +import datetime import io import os import sys @@ -31,7 +32,7 @@ import gimmecert.crypto import pytest from unittest import mock -from freezegun import freeze_time +from time_machine import travel def test_init_sets_up_directory_structure(tmpdir): @@ -646,10 +647,10 @@ def test_status_reports_ca_hierarchy_information(tmpdir, ca_key_specification, c stdout_stream = io.StringIO() stderr_stream = io.StringIO() - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3, ca_key_specification) - with freeze_time('2018-06-01 00:15:00'): + with travel(datetime.datetime(2018, 6, 1, 0, 15, 0), tick=False): status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath) stdout = stdout_stream.getvalue() @@ -696,22 +697,22 @@ def test_status_reports_server_certificate_information(tmpdir): myserver3_csr = gimmecert.crypto.generate_csr('blah', myserver3_private_key) gimmecert.storage.write_csr(myserver3_csr, myserver3_csr_file.strpath) - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3, ("rsa", 2048)) - with freeze_time('2018-02-01 00:15:00'): + with travel(datetime.datetime(2018, 2, 1, 0, 15, 0), tick=False): gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver1', None, None, ("rsa", 1024)) - with freeze_time('2018-03-01 00:15:00'): + with travel(datetime.datetime(2018, 3, 1, 0, 15, 0), tick=False): gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver2', ['myservice1.example.com', 'myservice2.example.com'], None, None) - with freeze_time('2018-04-01 00:15:00'): + with travel(datetime.datetime(2018, 4, 1, 0, 15, 0), tick=False): gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver3', None, myserver3_csr_file.strpath, None) - with freeze_time('2018-05-01 00:15:00'): + with travel(datetime.datetime(2018, 5, 1, 0, 15, 0), tick=False): gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver4', None, None, ("ecdsa", ec.SECP256R1)) - with freeze_time('2018-06-01 00:15:00'): + with travel(datetime.datetime(2018, 6, 1, 0, 15, 0), tick=False): status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath) stdout = stdout_stream.getvalue() @@ -786,22 +787,22 @@ def test_status_reports_client_certificate_information(tmpdir): myclient3_csr = gimmecert.crypto.generate_csr('blah', myclient3_private_key) gimmecert.storage.write_csr(myclient3_csr, myclient3_csr_file.strpath) - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3, ("rsa", 2048)) - with freeze_time('2018-02-01 00:15:00'): + with travel(datetime.datetime(2018, 2, 1, 0, 15, 0), tick=False): gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient1', None, ("rsa", 1024)) - with freeze_time('2018-03-01 00:15:00'): + with travel(datetime.datetime(2018, 3, 1, 0, 15, 0), tick=False): gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient2', None, None) - with freeze_time('2018-04-01 00:15:00'): + with travel(datetime.datetime(2018, 4, 1, 0, 15, 0), tick=False): gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient3', myclient3_csr_file.strpath, None) - with freeze_time('2018-05-01 00:15:00'): + with travel(datetime.datetime(2018, 5, 1, 0, 15, 0), tick=False): gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient4', None, ("ecdsa", ec.SECP384R1)) - with freeze_time('2018-06-01 00:15:00'): + with travel(datetime.datetime(2018, 6, 1, 0, 15, 0), tick=False): status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath) stdout = stdout_stream.getvalue() @@ -864,7 +865,7 @@ def test_status_reports_no_server_certificates_were_issued(tmpdir): stderr_stream = io.StringIO() # Just create some sample data, but no server certificates. - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048)) gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient1', None, None) gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient2', None, None) @@ -885,7 +886,7 @@ def test_status_reports_no_client_certificates_were_issued(tmpdir): stderr_stream = io.StringIO() # Just create some sample data, but no client certificates. - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048)) gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver1', None, None, None) gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver2', None, None, None) @@ -924,13 +925,13 @@ def test_certificate_marked_as_not_valid_or_expired_as_appropriate(tmpdir, subje stderr_stream = io.StringIO() # Perform action on our fixed issuance date. - with freeze_time(issuance_date): + with travel(issuance_date, tick=False): gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, "My Project", 1, ("rsa", 2048)) gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver', None, None, None) gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient', None, None) # Move to specific date in future/past for different validity checks. - with freeze_time(status_date): + with travel(status_date, tick=False): status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath) stdout = stdout_stream.getvalue() diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 820e73d1bf69e60e4e0745b26afd7579036c1369..f0830666cbeaa6d2c4ef0037bfbe88bac12690d6 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -29,7 +29,7 @@ from dateutil.relativedelta import relativedelta import gimmecert.crypto import pytest -from freezegun import freeze_time +from time_machine import travel def test_get_dn(): @@ -48,14 +48,14 @@ def test_get_validity_range_returns_datetime_tuple(): assert isinstance(not_after, datetime.datetime) -@freeze_time('2018-01-01 00:15:00') +@travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False) def test_get_validity_range_not_before_is_within_15_minutes_of_now(): not_before, _ = gimmecert.crypto.get_validity_range() assert not_before == datetime.datetime(2018, 1, 1, 0, 0) -@freeze_time('2018-01-01 00:15:00') +@travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False) def test_get_validity_range_is_one_year_and_15_minutes(): not_before, not_after = gimmecert.crypto.get_validity_range() difference = relativedelta(not_after, not_before) @@ -63,7 +63,7 @@ def test_get_validity_range_is_one_year_and_15_minutes(): assert difference == relativedelta(years=1, minutes=15) -@freeze_time('2018-01-01 00:15:00.100') +@travel(datetime.datetime(2018, 1, 1, 0, 15, 0, 100), tick=False) def test_get_validity_range_drops_microseconds(): not_before, not_after = gimmecert.crypto.get_validity_range() @@ -352,7 +352,7 @@ def test_issue_server_certificate_has_correct_public_key(key_specification): assert certificate.public_key().public_numbers() == private_key.public_key().public_numbers() -@freeze_time('2018-01-01 00:15:00') +@travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False) def test_issue_server_certificate_not_before_is_15_minutes_in_past(): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -365,28 +365,28 @@ def test_issue_server_certificate_not_before_is_15_minutes_in_past(): def test_issue_server_certificate_not_before_does_not_exceed_ca_validity(): - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)() - with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False): certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate1.not_valid_before == issuer_certificate.not_valid_before def test_issue_server_certificate_not_after_does_not_exceed_ca_validity(): - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)() - with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False): certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate1.not_valid_after == issuer_certificate.not_valid_after @@ -488,7 +488,7 @@ def test_issue_client_certificate_has_correct_public_key(key_specification): assert certificate.public_key().public_numbers() == private_key.public_key().public_numbers() -@freeze_time('2018-01-01 00:15:00') +@travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False) def test_issue_client_certificate_not_before_is_15_minutes_in_past(): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -501,28 +501,28 @@ def test_issue_client_certificate_not_before_is_15_minutes_in_past(): def test_issue_client_certificate_not_before_does_not_exceed_ca_validity(): - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)() - with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False): certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate1.not_valid_before == issuer_certificate.not_valid_before def test_issue_client_certificate_not_after_does_not_exceed_ca_validity(): - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)() - with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False): certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate1.not_valid_after == issuer_certificate.not_valid_after @@ -564,7 +564,7 @@ def test_renew_certificate_has_correct_content(key_specification): def test_renew_certificate_not_before_is_15_minutes_in_past(): # Initial server certificate. - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -572,7 +572,7 @@ def test_renew_certificate_not_before_is_15_minutes_in_past(): old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate) # Renew certificate. - with freeze_time('2018-06-01 00:15:00'): + with travel(datetime.datetime(2018, 6, 1, 0, 15, 0), tick=False): certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate.not_valid_before == datetime.datetime(2018, 6, 1, 0, 0) @@ -581,7 +581,7 @@ def test_renew_certificate_not_before_is_15_minutes_in_past(): def test_renew_certificate_not_before_does_not_exceed_ca_validity(): # Initial server certificate. - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -589,7 +589,7 @@ def test_renew_certificate_not_before_does_not_exceed_ca_validity(): old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate) # Renew certificate. - with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False): certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate.not_valid_before == issuer_certificate.not_valid_before @@ -598,7 +598,7 @@ def test_renew_certificate_not_before_does_not_exceed_ca_validity(): def test_renew_certificate_not_after_does_not_exceed_ca_validity(): # Initial server certificate. - with freeze_time('2018-01-01 00:15:00'): + with travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False): ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -606,7 +606,7 @@ def test_renew_certificate_not_after_does_not_exceed_ca_validity(): old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate) # Renew certificate. - with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)): + with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False): certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate) assert certificate.not_valid_after == issuer_certificate.not_valid_after