From 2035f934bb31a5afdbc4562b4109cfb9c0f4174f 2020-06-16 15:17:31 From: Branko Majic Date: 2020-06-16 15:17:31 Subject: [PATCH] GC-37: Refactor functional tests for client command key specification handling: - Use separate test for checking use of CA hierarchy default key specification. - Use separate test for checking use of --key-specification option. - Do not check public key size in certificate - this is not relevant for this particular functional test, and there are already unit tests that verify correct public key is used. --- diff --git a/functional_tests/test_key_specification.py b/functional_tests/test_key_specification.py index 9df4b535c0a937e6802e334f689096cfcae47e4f..635807715dacca9e1d8b531266596196e2e25776 100644 --- a/functional_tests/test_key_specification.py +++ b/functional_tests/test_key_specification.py @@ -145,11 +145,12 @@ def test_server_command_key_specification_with_rsa(tmpdir): assert "Private-Key: (2048 bit)" in stdout -def test_client_command_key_specification(tmpdir): - # John is setting-up a quick and dirty project to test some - # functionality revolving around X.509 certificates. Since he does - # not care much about the strength of private keys for it, he - # wants to use 1024-bit RSA keys. +def test_client_command_default_key_specification_with_rsa(tmpdir): + # John is setting-up a project to test some functionality + # revolving around X.509 certificates. Since he does not care much + # about the strength of private keys for it, he wants to use + # 1024-bit RSA keys for both CA hierarchy and client certificates + # to speed-up the key generation process. # He switches to his project directory, and initialises the CA # hierarchy, requesting that 1024-bit RSA keys should be used. @@ -171,20 +172,20 @@ def test_client_command_key_specification(tmpdir): # one he specified for the CA hierarchy. assert "Private-Key: (1024 bit)" in stdout - # He then has a look at the certificate. - stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/client/myclient1.cert.pem') - # Likewise with the private key, the certificate is also using the - # 1024-bit RSA key. - assert "Public-Key: (1024 bit)" in stdout +def test_client_command_key_specification_with_rsa(tmpdir): + # John is setting-up a project where he needs to test performance + # when using different RSA private key sizes. - # At some point John realises that to cover all bases, he needs to - # have a test with a client that uses 2048-bit RSA keys as - # well. He does not want to regenerate all of the X.509 artefacts, - # and would like to instead issues a single 2048-bit RSA key for a - # specific client instead. + # He switches to his project directory, and initialises the CA + # hierarchy, requesting that 1024-bit RSA keys should be used. + tmpdir.chdir() + run_command("gimmecert", "init", "--key-specification", "rsa:1024") - # He starts off by having a look at the help for the client command. + # Very soon he realizes that he needs to test performance using + # smaller RSA key sizes for proper comparison. He starts off by + # having a look at the help for the client command to see if there + # is an option that will satisfy his needs. stdout, stderr, exit_code = run_command("gimmecert", "client", "-h") # John notices the option for passing-in a key specification. @@ -193,14 +194,14 @@ def test_client_command_key_specification(tmpdir): # John goes ahead and tries to issue a client certificate using # key specification option. - stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient2") + stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient1") # Unfortunately, the command fails due to John's typo. assert exit_code != 0 assert "invalid key_specification" in stderr # John tries again, fixing his typo. - stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient2") + stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient1") # This time around he succeeds. assert exit_code == 0 @@ -208,7 +209,7 @@ def test_client_command_key_specification(tmpdir): # He runs a command to see details about the generated private # key. - stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem') + stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem') # He nods with his head, observing that the generated private key # uses the same key size as he has specified.