Changeset - 2035f934bb31
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 4 years ago 2020-06-16 15:17:31
branko@majic.rs
GC-37: Refactor functional tests for client command key specification handling:

- Use separate test for checking use of CA hierarchy default key
specification.
- Use separate test for checking use of --key-specification option.
- Do not check public key size in certificate - this is not relevant
for this particular functional test, and there are already unit
tests that verify correct public key is used.
1 file changed with 20 insertions and 19 deletions:
functional_tests/test_key_specification.py
20
19
0 comments (0 inline, 0 general)
functional_tests/test_key_specification.py
Show inline comments
 
@@ -145,11 +145,12 @@ def test_server_command_key_specification_with_rsa(tmpdir):
 
    assert "Private-Key: (2048 bit)" in stdout
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_client_command_key_specification(tmpdir):

			




	
	
	
		
 
    # John is setting-up a quick and dirty project to test some

			




	
	
	
		
 
    # functionality revolving around X.509 certificates. Since he does

			




	
	
	
		
 
    # not care much about the strength of private keys for it, he

			




	
	
	
		
 
    # wants to use 1024-bit RSA keys.

			




	
	
	
		
 
def test_client_command_default_key_specification_with_rsa(tmpdir):

			




	
	
	
		
 
    # John is setting-up a project to test some functionality

			




	
	
	
		
 
    # revolving around X.509 certificates. Since he does not care much

			




	
	
	
		
 
    # about the strength of private keys for it, he wants to use

			




	
	
	
		
 
    # 1024-bit RSA keys for both CA hierarchy and client certificates

			




	
	
	
		
 
    # to speed-up the key generation process.

			




	
	
	
		
 

			




	
	
	
		
 
    # He switches to his project directory, and initialises the CA

			




	
	
	
		
 
    # hierarchy, requesting that 1024-bit RSA keys should be used.

			




	
	
		
 
@@ -171,20 +172,20 @@ def test_client_command_key_specification(tmpdir):

			




	
	
	
		
 
    # one he specified for the CA hierarchy.

			




	
	
	
		
 
    assert "Private-Key: (1024 bit)" in stdout

			




	
	
	
		
 

			




	
	
	
		
 
    # He then has a look at the certificate.

			




	
	
	
		
 
    stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/client/myclient1.cert.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    # Likewise with the private key, the certificate is also using the

			




	
	
	
		
 
    # 1024-bit RSA key.

			




	
	
	
		
 
    assert "Public-Key: (1024 bit)" in stdout

			




	
	
	
		
 
def test_client_command_key_specification_with_rsa(tmpdir):

			




	
	
	
		
 
    # John is setting-up a project where he needs to test performance

			




	
	
	
		
 
    # when using different RSA private key sizes.

			




	
	
	
		
 

			




	
	
	
		
 
    # At some point John realises that to cover all bases, he needs to

			




	
	
	
		
 
    # have a test with a client that uses 2048-bit RSA keys as

			




	
	
	
		
 
    # well. He does not want to regenerate all of the X.509 artefacts,

			




	
	
	
		
 
    # and would like to instead issues a single 2048-bit RSA key for a

			




	
	
	
		
 
    # specific client instead.

			




	
	
	
		
 
    # He switches to his project directory, and initialises the CA

			




	
	
	
		
 
    # hierarchy, requesting that 1024-bit RSA keys should be used.

			




	
	
	
		
 
    tmpdir.chdir()

			




	
	
	
		
 
    run_command("gimmecert", "init", "--key-specification", "rsa:1024")

			




	
	
	
		
 

			




	
	
	
		
 
    # He starts off by having a look at the help for the client command.

			




	
	
	
		
 
    # Very soon he realizes that he needs to test performance using

			




	
	
	
		
 
    # smaller RSA key sizes for proper comparison. He starts off by

			




	
	
	
		
 
    # having a look at the help for the client command to see if there

			




	
	
	
		
 
    # is an option that will satisfy his needs.

			




	
	
	
		
 
    stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")

			




	
	
	
		
 

			




	
	
	
		
 
    # John notices the option for passing-in a key specification.

			




	
	
		
 
@@ -193,14 +194,14 @@ def test_client_command_key_specification(tmpdir):

			




	
	
	
		
 

			




	
	
	
		
 
    # John goes ahead and tries to issue a client certificate using

			




	
	
	
		
 
    # key specification option.

			




	
	
	
		
 
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient2")

			




	
	
	
		
 
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient1")

			




	
	
	
		
 

			




	
	
	
		
 
    # Unfortunately, the command fails due to John's typo.

			




	
	
	
		
 
    assert exit_code != 0

			




	
	
	
		
 
    assert "invalid key_specification" in stderr

			




	
	
	
		
 

			




	
	
	
		
 
    # John tries again, fixing his typo.

			




	
	
	
		
 
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient2")

			




	
	
	
		
 
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient1")

			




	
	
	
		
 

			




	
	
	
		
 
    # This time around he succeeds.

			




	
	
	
		
 
    assert exit_code == 0

			




	
	
		
 
@@ -208,7 +209,7 @@ def test_client_command_key_specification(tmpdir):

			




	
	
	
		
 

			




	
	
	
		
 
    # He runs a command to see details about the generated private

			




	
	
	
		
 
    # key.

			




	
	
	
		
 
    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem')

			




	
	
	
		
 
    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    # He nods with his head, observing that the generated private key

			




	
	
	
		
 
    # uses the same key size as he has specified.

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.