diff --git a/functional_tests/test_key_specification.py b/functional_tests/test_key_specification.py index 06094cdd48f1ed6ae8a72c29564ad74b3a839dd7..7580c17be710e7049b66ab7b45d03b57b83c4c0e 100644 --- a/functional_tests/test_key_specification.py +++ b/functional_tests/test_key_specification.py @@ -130,26 +130,8 @@ def test_commands_report_key_specification_option_as_available(): def test_initialisation_with_rsa_private_key_specification(tmpdir): - # John is looking into improving the security of one of his - # projects. Amongst other things, John is interested in using - # stronger private keys for his TLS services - which he wants to - # try out in his test envioronment first. - - # John knows that the Gimmecert tool uses 2048-bit RSA keys for - # the CA hierarchy, but what he would really like to do is specify - # himself what kind of private key should be generated - # instead. He checks-out the help for the init command first. - stdout, _, _ = run_command('gimmecert', 'init', '-h') - - # John noticies there is an option to provide a custom key - # specification to the tool, that he can specify the length of - # the RSA private keys, and that the default is "rsa:2048". - assert "--key-specification" in stdout - assert " -k" in stdout - assert "rsa:BIT_LENGTH" in stdout - assert "Default is rsa:2048" in stdout - - # John switches to his project directory. + # John wants to initialise CA hierarchy using stronger RSA + # keys. He switches to his project directory. tmpdir.chdir() # He initalises the CA hierarchy, requesting to use 4096-bit RSA @@ -182,11 +164,11 @@ def test_initialisation_with_rsa_private_key_specification(tmpdir): def test_server_command_default_key_specification_with_rsa(tmpdir): - # John is setting-up a project to test some functionality - # revolving around X.509 certificates. Since he does not care much - # about the strength of private keys for it, he wants to use - # 1024-bit RSA keys for both CA hierarchy and server certificates - # to speed-up the key generation process. + # John needs to perform some quick tests revolving around the use + # of X.509 certificates, but he does not care about the generated + # private key strength. He primarily needs to deal with + # certificate validation. For this reason, he wants to increase + # the test speed by generating smaller RSA private keys. # He switches to his project directory, and initialises the CA # hierarchy, requesting that 1024-bit RSA keys should be used. @@ -204,42 +186,23 @@ def test_server_command_default_key_specification_with_rsa(tmpdir): # key. stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem') - # And indeed, the generated private key uses the same size as the + # He can see that the generated private key uses the same size as the # one he specified for the CA hierarchy. assert "Private-Key: (1024 bit)" in stdout def test_server_command_key_specification_with_rsa(tmpdir): - # John is setting-up a project where he needs to test performance - # when using different RSA private key sizes. - - # He switches to his project directory, and initialises the CA - # hierarchy, requesting that 3072-bit RSA keys should be used. + # John is working on a project where he has already initialised CA + # hierarchy using strong RSA keys. However, now he has a need to + # issue a couple of weaker RSA keys for performance testing. tmpdir.chdir() run_command("gimmecert", "init", "--key-specification", "rsa:3072") - # Very soon he realizes that he needs to test performance using - # smaller RSA key sizes for proper comparison. He starts off by - # having a look at the help for the server command to see if there - # is an option that will satisfy his needs. - stdout, stderr, exit_code = run_command("gimmecert", "server", "-h") - - # John notices the option for passing-in a key specification. - assert " --key-specification" in stdout - assert " -k" in stdout - - # John goes ahead and tries to issue a server certificate using - # key specification option. - stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsas:2048", "myserver1") - - # Unfortunately, the command fails due to John's typo. - assert exit_code != 0 - assert "invalid key_specification" in stderr - - # John tries again, fixing his typo. + # John goes ahead and issues a server certificate using key + # specification option. stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsa:2048", "myserver1") - # This time around he succeeds. + # The run finishes without any errors. assert exit_code == 0 assert stderr == "" @@ -248,16 +211,16 @@ def test_server_command_key_specification_with_rsa(tmpdir): stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem') # He nods with his head, observing that the generated private key - # uses the same key size as he has specified. + # uses the same key size as he has requested. assert "Private-Key: (2048 bit)" in stdout def test_client_command_default_key_specification_with_rsa(tmpdir): - # John is setting-up a project to test some functionality - # revolving around X.509 certificates. Since he does not care much - # about the strength of private keys for it, he wants to use - # 1024-bit RSA keys for both CA hierarchy and client certificates - # to speed-up the key generation process. + # John needs to perform some quick tests revolving around the use + # of X.509 certificates, but he does not care about the generated + # private key strength. He primarily needs to deal with + # certificate validation. For this reason, he wants to increase + # the test speed by generating smaller RSA private keys. # He switches to his project directory, and initialises the CA # hierarchy, requesting that 1024-bit RSA keys should be used. @@ -275,42 +238,23 @@ def test_client_command_default_key_specification_with_rsa(tmpdir): # key. stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem') - # And indeed, the generated private key uses the same size as the + # He can see that the generated private key uses the same size as the # one he specified for the CA hierarchy. assert "Private-Key: (1024 bit)" in stdout def test_client_command_key_specification_with_rsa(tmpdir): - # John is setting-up a project where he needs to test performance - # when using different RSA private key sizes. - - # He switches to his project directory, and initialises the CA - # hierarchy, requesting that 1024-bit RSA keys should be used. + # John is working on a project where he has already initialised CA + # hierarchy using strong RSA keys. However, now he has a need to + # issue a couple of weaker RSA keys for performance testing. tmpdir.chdir() - run_command("gimmecert", "init", "--key-specification", "rsa:1024") - - # Very soon he realizes that he needs to test performance using - # smaller RSA key sizes for proper comparison. He starts off by - # having a look at the help for the client command to see if there - # is an option that will satisfy his needs. - stdout, stderr, exit_code = run_command("gimmecert", "client", "-h") - - # John notices the option for passing-in a key specification. - assert " --key-specification" in stdout - assert " -k" in stdout - - # John goes ahead and tries to issue a client certificate using - # key specification option. - stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient1") - - # Unfortunately, the command fails due to John's typo. - assert exit_code != 0 - assert "invalid key_specification" in stderr + run_command("gimmecert", "init", "--key-specification", "rsa:3072") - # John tries again, fixing his typo. + # John goes ahead and issues a client certificate using key + # specification option. stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient1") - # This time around he succeeds. + # The run finishes without any errors. assert exit_code == 0 assert stderr == "" @@ -343,26 +287,9 @@ def test_renew_command_key_specification_with_rsa(tmpdir): run_command("gimmecert", "client", "--csr", "myclient2.csr.pem", "myclient2") # After some testing he realises that he needs to perform some - # tests using a different RSA key size. John has a look at the - # renew command options to see if he can request new private keys - # to be generated with different key sizes. - stdout, stderr, exit_code = run_command("gimmecert", "renew", "-h") - - # John notices the option for passing-in custom key specification. - assert " --key-specification" in stdout - assert " -k" in stdout - - # He tries to renew the server certificate, specifying the desired - # RSA key size. - stdout, stderr, exit_code = run_command("gimmecert", "renew", "server", "--key-specification", "rsa:1024", "myserver1") - - # Gimmecert informs him that the key specification option can only - # be used when requesting a new private key to be generated as - # well. - assert exit_code != 0 - assert "argument --key-specification/-k: must be used with --new-private-key/-p" in stderr + # tests using a different RSA key size. - # John updates his command to include the additional option. + # He renews the server certificate first. stdout, stderr, exit_code = run_command("gimmecert", "renew", "server", "--new-private-key", "--key-specification", "rsa:1024", "-p", "myserver1") # Command suceeds. @@ -396,8 +323,8 @@ def test_renew_command_key_specification_with_rsa(tmpdir): assert exit_code == 0 assert stderr == "" - # John is unsure if the same key specification has been used, - # however. So he goes ahead and has a look at the server key. + # John is unsure if the same key specification has been used. So + # he goes ahead and has a look at the server key. stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem') # The renew command has used the same key specification for the