gimmecert Changeset - 79eb64a8ef2a

Changeset - 79eb64a8ef2a

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 6 years ago 2018-04-07 12:12:32
branko@majic.rs

GC-20: Updated status command to mark certificates as expired/not yet valid.

2 files changed with 84 insertions and 6 deletions:

gimmecert/commands.py

tests/test_commands.py

0 comments (0 inline, 0 general)

gimmecert/commands.py

➞

Show inline comments

@@ @@ -19,6 +19,7 @@ @@
+#
 import os
 import datetime
 import gimmecert.crypto
 import gimmecert.storage
@@ @@ -342,6 +343,8 @@ def status(stdout, stderr, project_directory): @@
     :rtype: int
     """
     now = datetime.datetime.now()
     if not gimmecert.storage.is_initialised(project_directory):
         print("CA hierarchy has not been initialised in current directory.", file=stdout)
         return ExitCode.ERROR_NOT_INITIALISED
@@ @@ -367,7 +370,16 @@ def status(stdout, stderr, project_directory): @@
         else:
             print(gimmecert.utils.dn_to_str(certificate.subject), file=stdout)
         print("    Validity: %s" % gimmecert.utils.date_range_to_str(certificate.not_valid_before, certificate.not_valid_after), file=stdout)
         if certificate.not_valid_before > now:
             validity_status = " [NOT VALID YET]"
         elif certificate.not_valid_after < now:
             validity_status = " [EXPIRED]"
         else:
             validity_status = ""
         print("    Validity: %s%s" % (gimmecert.utils.date_range_to_str(certificate.not_valid_before,
                                                                         certificate.not_valid_after),
                                       validity_status), file=stdout)
         print("    Certificate: .gimmecert/ca/level%d.cert.pem" % i, file=stdout)
     # Separator.
@@ @@ -389,8 +401,17 @@ def status(stdout, stderr, project_directory): @@
             # Separator.
             print("", file=stdout)
             if certificate.not_valid_before > now:
                 validity_status = " [NOT VALID YET]"
             elif certificate.not_valid_after < now:
                 validity_status = " [EXPIRED]"
             else:
                 validity_status = ""
             print(gimmecert.utils.dn_to_str(certificate.subject), file=stdout)
             print("    Validity: %s" % gimmecert.utils.date_range_to_str(certificate.not_valid_before, certificate.not_valid_after), file=stdout)
             print("    Validity: %s%s" % (gimmecert.utils.date_range_to_str(certificate.not_valid_before,
                                                                             certificate.not_valid_after),
                                           validity_status), file=stdout)
             print("    DNS: %s" % ", ".join(gimmecert.utils.get_dns_names(certificate)), file=stdout)
             print("    Private key: .gimmecert/server/%s" % certificate_file.replace('.cert.pem', '.key.pem'), file=stdout)
             print("    Certificate: .gimmecert/server/%s" % certificate_file, file=stdout)
@@ @@ -413,8 +434,17 @@ def status(stdout, stderr, project_directory): @@
             # Separator.
             print("", file=stdout)
             if certificate.not_valid_before > now:
                 validity_status = " [NOT VALID YET]"
             elif certificate.not_valid_after < now:
                 validity_status = " [EXPIRED]"
             else:
                 validity_status = ""
             print(gimmecert.utils.dn_to_str(certificate.subject), file=stdout)
             print("    Validity: %s" % gimmecert.utils.date_range_to_str(certificate.not_valid_before, certificate.not_valid_after), file=stdout)
             print("    Validity: %s%s" % (gimmecert.utils.date_range_to_str(certificate.not_valid_before,
                                                                             certificate.not_valid_after),
                                           validity_status), file=stdout)
             print("    Private key: .gimmecert/client/%s" % certificate_file.replace('.cert.pem', '.key.pem'), file=stdout)
             print("    Certificate: .gimmecert/client/%s" % certificate_file, file=stdout)
     else:

tests/test_commands.py

➞

Show inline comments

@@ @@ -25,6 +25,7 @@ import os @@
 import gimmecert.commands
 from freezegun import freeze_time
 import pytest
 def test_init_sets_up_directory_structure(tmpdir):
     status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)
     stdout = stdout_stream.getvalue()
     stdout_lines = stdout.split("\n")
     stderr = stderr_stream.getvalue()
     assert status_code == gimmecert.commands.ExitCode.SUCCESS
     assert stderr == ""
     assert "Server certificates\n-------------------\n\nNo server certificates have been issued." in stdout, "Missing message about no server certificates being issued:\n%s" % stdout
     assert "Server certificates\n-------------------\n\nNo server certificates have been issued." in stdout, \
         "Missing message about no server certificates being issued:\n%s" % stdout
 def test_status_reports_no_client_certificates_were_issued(tmpdir):
     status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)
     stdout = stdout_stream.getvalue()
     stderr = stderr_stream.getvalue()
     assert status_code == gimmecert.commands.ExitCode.SUCCESS
     assert stderr == ""
     assert "Client certificates\n-------------------\n\nNo client certificates have been issued." in stdout, \
         "Missing message about no client certificates being issued:\n%s" % stdout
 @pytest.mark.parametrize("subject_dn_line", [
     "CN=My Project Level 1 CA [END ENTITY ISSUING CA]",
     "CN=myserver",
     "CN=myclient",
 ])
 @pytest.mark.parametrize("issuance_date, status_date, validity_status", [
     ("2018-01-01 00:15:00", "2018-06-01 00:00:00", ""),
     ("2018-01-01 00:15:00", "2017-01-01 00:15:00", " [NOT VALID YET]"),
     ("2018-01-01 00:15:00", "2020-01-01 00:15:00", " [EXPIRED]"),
 ])
 def test_certificate_marked_as_not_valid_or_expired_as_appropriate(tmpdir, subject_dn_line, issuance_date, status_date, validity_status):
     """
     Tests if various certificates (CA, server, client) are marked and
     valid/invalid in terms of validity dates.
     The test has been parametrised since the pattern is pretty similar
     between these.
     """
     depth = 1
     stdout_stream = io.StringIO()
     stderr_stream = io.StringIO()
     # Perform action on our fixed issuance date.
     with freeze_time(issuance_date):
         gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, "My Project", depth)
         gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver', None)
         gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient')
     # Move to specific date in future/past for different validity checks.
     with freeze_time(status_date):
         status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)
     stdout = stdout_stream.getvalue()
     stdout_lines = stdout.split("\n")
     stderr = stderr_stream.getvalue()
     assert status_code == gimmecert.commands.ExitCode.SUCCESS
     assert stderr == ""
     assert "Client certificates\n-------------------\n\nNo client certificates have been issued." in stdout, "Missing message about no client certificates being issued:\n%s" % stdout
     index_dn = stdout_lines.index(subject_dn_line)  # Should not raise
     validity = stdout_lines[index_dn + 1]
     assert validity.endswith(validity_status)

0 comments (0 inline, 0 general)