gimmecert Changeset - 672732432ca4

Changeset - 672732432ca4

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 4 years ago 2020-07-13 14:32:52
branko@majic.rs

GC-37: Deduplicate option presence testing from functional tests for RSA key specifications:

- Updated the functional tests that cover RSA key specifications.
- Dropped tests for option presence since those tests already exist in
a dedicated functional test.
- Dropped testing of invalid invocations - those are better off
covered with unit tests already.
- Reworded the tests so they make more sense.

1 file changed with 32 insertions and 105 deletions:

functional_tests/test_key_specification.py

105

0 comments (0 inline, 0 general)

functional_tests/test_key_specification.py

➞

Show inline comments

 def test_initialisation_with_rsa_private_key_specification(tmpdir):
     # John is looking into improving the security of one of his
     # projects. Amongst other things, John is interested in using
     # stronger private keys for his TLS services - which he wants to
     # try out in his test envioronment first.
     # John knows that the Gimmecert tool uses 2048-bit RSA keys for
     # the CA hierarchy, but what he would really like to do is specify
     # himself what kind of private key should be generated
     # instead. He checks-out the help for the init command first.
     stdout, _, _ = run_command('gimmecert', 'init', '-h')
     # John noticies there is an option to provide a custom key
     # specification to the tool, that he can specify the length of
     # the RSA private keys, and that the default is "rsa:2048".
     assert "--key-specification" in stdout
     assert " -k" in stdout
     assert "rsa:BIT_LENGTH" in stdout
     assert "Default is rsa:2048" in stdout
     # John switches to his project directory.
     # John wants to initialise CA hierarchy using stronger RSA
     # keys. He switches to his project directory.
     tmpdir.chdir()
     # He initalises the CA hierarchy, requesting to use 4096-bit RSA
 def test_server_command_default_key_specification_with_rsa(tmpdir):
     # John is setting-up a project to test some functionality
     # revolving around X.509 certificates. Since he does not care much
     # about the strength of private keys for it, he wants to use
     # 1024-bit RSA keys for both CA hierarchy and server certificates
     # to speed-up the key generation process.
     # John needs to perform some quick tests revolving around the use
     # of X.509 certificates, but he does not care about the generated
     # private key strength. He primarily needs to deal with
     # certificate validation. For this reason, he wants to increase
     # the test speed by generating smaller RSA private keys.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 1024-bit RSA keys should be used.
     # key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
-    # And indeed, the generated private key uses the same size as the
+    # He can see that the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
 def test_server_command_key_specification_with_rsa(tmpdir):
     # John is setting-up a project where he needs to test performance
     # when using different RSA private key sizes.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 3072-bit RSA keys should be used.
     # John is working on a project where he has already initialised CA
     # hierarchy using strong RSA keys. However, now he has a need to
     # issue a couple of weaker RSA keys for performance testing.
     tmpdir.chdir()
     run_command("gimmecert", "init", "--key-specification", "rsa:3072")
     # Very soon he realizes that he needs to test performance using
     # smaller RSA key sizes for proper comparison. He starts off by
     # having a look at the help for the server command to see if there
     # is an option that will satisfy his needs.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "-h")
     # John notices the option for passing-in a key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # John goes ahead and tries to issue a server certificate using
     # key specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsas:2048", "myserver1")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     # John tries again, fixing his typo.
     # John goes ahead and issues a server certificate using key
     # specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsa:2048", "myserver1")
-    # This time around he succeeds.
+    # The run finishes without any errors.
     assert exit_code == 0
     assert stderr == ""
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
     # He nods with his head, observing that the generated private key
-    # uses the same key size as he has specified.
+    # uses the same key size as he has requested.
     assert "Private-Key: (2048 bit)" in stdout
 def test_client_command_default_key_specification_with_rsa(tmpdir):
     # John is setting-up a project to test some functionality
     # revolving around X.509 certificates. Since he does not care much
     # about the strength of private keys for it, he wants to use
     # 1024-bit RSA keys for both CA hierarchy and client certificates
     # to speed-up the key generation process.
     # John needs to perform some quick tests revolving around the use
     # of X.509 certificates, but he does not care about the generated
     # private key strength. He primarily needs to deal with
     # certificate validation. For this reason, he wants to increase
     # the test speed by generating smaller RSA private keys.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 1024-bit RSA keys should be used.
     # key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
-    # And indeed, the generated private key uses the same size as the
+    # He can see that the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
 def test_client_command_key_specification_with_rsa(tmpdir):
     # John is setting-up a project where he needs to test performance
     # when using different RSA private key sizes.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 1024-bit RSA keys should be used.
     # John is working on a project where he has already initialised CA
     # hierarchy using strong RSA keys. However, now he has a need to
     # issue a couple of weaker RSA keys for performance testing.
     tmpdir.chdir()
     run_command("gimmecert", "init", "--key-specification", "rsa:1024")
     # Very soon he realizes that he needs to test performance using
     # smaller RSA key sizes for proper comparison. He starts off by
     # having a look at the help for the client command to see if there
     # is an option that will satisfy his needs.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")
     # John notices the option for passing-in a key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # John goes ahead and tries to issue a client certificate using
     # key specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient1")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     run_command("gimmecert", "init", "--key-specification", "rsa:3072")
     # John tries again, fixing his typo.
     # John goes ahead and issues a client certificate using key
     # specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient1")
-    # This time around he succeeds.
+    # The run finishes without any errors.
     assert exit_code == 0
     assert stderr == ""
@@ @@ -343,26 +287,9 @@ def test_renew_command_key_specification_with_rsa(tmpdir): @@
     run_command("gimmecert", "client", "--csr", "myclient2.csr.pem", "myclient2")
     # After some testing he realises that he needs to perform some
     # tests using a different RSA key size. John has a look at the
     # renew command options to see if he can request new private keys
     # to be generated with different key sizes.
     stdout, stderr, exit_code = run_command("gimmecert", "renew", "-h")
     # John notices the option for passing-in custom key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # He tries to renew the server certificate, specifying the desired
     # RSA key size.
     stdout, stderr, exit_code = run_command("gimmecert", "renew", "server", "--key-specification", "rsa:1024", "myserver1")
     # Gimmecert informs him that the key specification option can only
     # be used when requesting a new private key to be generated as
     # well.
     assert exit_code != 0
     assert "argument --key-specification/-k: must be used with --new-private-key/-p" in stderr
     # tests using a different RSA key size.
-    # John updates his command to include the additional option.
+    # He renews the server certificate first.
     stdout, stderr, exit_code = run_command("gimmecert", "renew", "server", "--new-private-key", "--key-specification", "rsa:1024", "-p", "myserver1")
     # Command suceeds.
@@ @@ -396,8 +323,8 @@ def test_renew_command_key_specification_with_rsa(tmpdir): @@
     assert exit_code == 0
     assert stderr == ""
     # John is unsure if the same key specification has been used,
     # however. So he goes ahead and has a look at the server key.
     # John is unsure if the same key specification has been used. So
     # he goes ahead and has a look at the server key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
     # The renew command has used the same key specification for the

0 comments (0 inline, 0 general)