# Set-up naming and some files.

    name = "mycustom"

    private_key_file = custom_csr_dir.join("%s.key.pem" % name)

    csr_file = custom_csr_dir.join("%s.csr.pem" % name)

    # Generate private key and CSR, and output them.

    csr = gimmecert.crypto.generate_csr(name, private_key)

    gimmecert.storage.write_private_key(private_key, private_key_file.strpath)

    gimmecert.storage.write_csr(csr, csr_file.strpath)

    private_key_pem = private_key_file.read()

    custom_csr_dir = tmpdir.ensure('custom_csr', dir=True)

    # Set-up some custom CSRs.

    for i in range(1, per_type_count + 1):

        # Used in generated samples.

        name = "server-with-csr-%d" % i

        csr = gimmecert.crypto.generate_csr(name, private_key)

        gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)

        gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)

        # Used in generated samples.

        name = "client-with-csr-%d" % i

        csr = gimmecert.crypto.generate_csr(name, private_key)

        gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)

        gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)

    # Initialise one-level deep hierarchy.

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048))

def test_status_reports_server_certificate_information(tmpdir):

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    myserver3_csr_file = tmpdir.join('server3.csr.pem')

    myserver3_csr = gimmecert.crypto.generate_csr('blah', myserver3_private_key)

    gimmecert.storage.write_csr(myserver3_csr, myserver3_csr_file.strpath)

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3, ("rsa", 2048))

def test_status_reports_client_certificate_information(tmpdir):

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    myclient3_csr_file = tmpdir.join('client3.csr.pem')

    myclient3_csr = gimmecert.crypto.generate_csr('blah', myclient3_private_key)

    gimmecert.storage.write_csr(myclient3_csr, myclient3_csr_file.strpath)

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3, ("rsa", 2048))

def test_client_reports_success_and_paths_to_generated_artifacts_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join('mycustom.csr.pem')

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    custom_csr = gimmecert.crypto.generate_csr('blah', private_key)

    gimmecert.storage.write_csr(custom_csr, custom_csr_file.strpath)

    status_code = gimmecert.commands.client(stdout_stream, stderr_stream, gctmpdir.strpath, 'myclient', custom_csr_file.strpath, None)

    stdout = stdout_stream.getvalue()

def test_client_outputs_passed_in_csr_to_file_without_private_key(gctmpdir):

    private_key_file = gctmpdir.join('.gimmecert', 'client', 'myclient.key.pem')

    csr_file = gctmpdir.join('.gimmecert', 'client', 'myclient.csr.pem')

    custom_csr_file = gctmpdir.join('mycustom.csr.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    custom_csr_file_content = custom_csr_file.read()

    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', custom_csr_file.strpath, None)

def test_client_uses_correct_public_key_but_no_naming_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join('customcsr.pem')

    certificate_file = gctmpdir.join('.gimmecert', 'client', 'myclient.cert.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', custom_csr_file.strpath, None)

    certificate = gimmecert.storage.read_certificate(certificate_file.strpath)

def test_server_outputs_passed_in_csr_to_file_without_private_key(gctmpdir):

    private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

    csr_file = gctmpdir.join('.gimmecert', 'server', 'myserver.csr.pem')

    custom_csr_file = gctmpdir.join('mycustom.csr.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    custom_csr_file_content = custom_csr_file.read()

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, custom_csr_file.strpath, None)

def test_server_uses_correct_public_key_but_no_naming_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join('customcsr.pem')

    certificate_file = gctmpdir.join('.gimmecert', 'server', 'myserver.cert.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, custom_csr_file.strpath, None)

    certificate = gimmecert.storage.read_certificate(certificate_file.strpath)

    assert csr.subject != certificate.subject

def test_client_errors_out_if_certificate_already_issued_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join('mycustom.csr.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    assert gctmpdir.join('.gimmecert', 'client', 'myclient.cert.pem').read() == certificate

def test_server_errors_out_if_certificate_already_issued_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join('mycustom.csr.pem')

    csr = gimmecert.crypto.generate_csr('mycustomcsr', private_key)

    gimmecert.storage.write_csr(csr, custom_csr_file.strpath)

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

def test_renew_reports_success_and_paths_to_server_artifacts_with_csr(gctmpdir):

    csr_file = gctmpdir.join("mycustom.csr.pem")

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    csr = gimmecert.crypto.generate_csr("mytest", private_key)

    gimmecert.storage.write_csr(csr, csr_file.strpath)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, csr_file.strpath, None)

    status_code = gimmecert.commands.renew(stdout_stream, stderr_stream, gctmpdir.strpath, 'server', 'myserver', False, None, None, None)

def test_renew_reports_success_and_paths_to_client_artifacts_with_csr(gctmpdir):

    csr_file = gctmpdir.join("mycustom.csr.pem")

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    csr = gimmecert.crypto.generate_csr("mytest", private_key)

    gimmecert.storage.write_csr(csr, csr_file.strpath)

    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', csr_file.strpath, None)

    status_code = gimmecert.commands.renew(stdout_stream, stderr_stream, gctmpdir.strpath, 'client', 'myclient', False, None, None, None)

def test_renew_reports_success_and_paths_to_server_artifacts_with_csr_when_replacing_private_key(gctmpdir):

    csr_file = gctmpdir.join("mycustom.csr.pem")

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    csr = gimmecert.crypto.generate_csr("mytest", private_key)

    gimmecert.storage.write_csr(csr, csr_file.strpath)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None)

    status_code = gimmecert.commands.renew(stdout_stream, stderr_stream, gctmpdir.strpath, 'server', 'myserver', False, csr_file.strpath, None, None)

def test_renew_replaces_server_private_key_with_csr(gctmpdir):

    custom_csr_file = gctmpdir.join("mycustom.csr.pem")

    csr_file = gctmpdir.join(".gimmecert", "server", "myserver.csr.pem")

    certificate_file = gctmpdir.join(".gimmecert", "server", "myserver.cert.pem")

    private_key_file = gctmpdir.join(".gimmecert", "server", "myserver.key.pem")

    custom_csr = gimmecert.crypto.generate_csr("mycustom", custom_csr_private_key)

    gimmecert.storage.write_csr(custom_csr, custom_csr_file.strpath)

    custom_csr_file_content = custom_csr_file.read()

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None)

    assert certificate_public_numbers == csr_public_numbers

def test_renew_raises_exception_if_both_new_private_key_generation_and_csr_are_passed_in(gctmpdir):

    custom_csr_file = gctmpdir.join("mycustom.csr.pem")

    custom_csr = gimmecert.crypto.generate_csr("mycustom", custom_csr_private_key)

    gimmecert.storage.write_csr(custom_csr, custom_csr_file.strpath)

    with pytest.raises(gimmecert.commands.InvalidCommandInvocation) as e_info:

        gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, custom_csr_file.strpath, None, None)

def test_renew_reports_success_and_paths_to_server_artifacts_with_private_key_when_replacing_csr(gctmpdir):

    custom_csr_file = gctmpdir.join("mycustom.csr.pem")

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    custom_csr = gimmecert.crypto.generate_csr("mytest", custom_private_key)

    gimmecert.storage.write_csr(custom_csr, custom_csr_file.strpath)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, custom_csr_file.strpath, None)

    status_code = gimmecert.commands.renew(stdout_stream, stderr_stream, gctmpdir.strpath, 'server', 'myserver', True, None, None, None)

def test_renew_replaces_server_csr_with_private_key(gctmpdir):

    custom_csr_file = gctmpdir.join("mycustom.csr.pem")

    csr_file = gctmpdir.join(".gimmecert", "server", "myserver.csr.pem")

    certificate_file = gctmpdir.join(".gimmecert", "server", "myserver.cert.pem")

    private_key_file = gctmpdir.join(".gimmecert", "server", "myserver.key.pem")

    custom_csr = gimmecert.crypto.generate_csr("mycustom", custom_csr_private_key)

    gimmecert.storage.write_csr(custom_csr, custom_csr_file.strpath)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, custom_csr_file.strpath, None)

    assert csr_file.check(file=1)

def test_issue_certificate_returns_certificate():

    issuer_dn = gimmecert.crypto.get_dn('My test 1')

    subject_dn = gimmecert.crypto.get_dn('My test 2')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate = gimmecert.crypto.issue_certificate(issuer_dn, subject_dn, issuer_private_key, subject_private_key.public_key(), not_before, not_after)

    assert isinstance(certificate, cryptography.x509.Certificate)

def test_issue_certificate_has_correct_content():

    issuer_dn = gimmecert.crypto.get_dn('My test 1')

    subject_dn = gimmecert.crypto.get_dn('My test 2')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate = gimmecert.crypto.issue_certificate(issuer_dn, subject_dn, issuer_private_key, subject_private_key.public_key(), not_before, not_after)

    assert certificate.issuer == issuer_dn

    assert certificate.subject == subject_dn

    assert level1_certificate.not_valid_before == level2_certificate.not_valid_before == level3_certificate.not_valid_before

    assert level1_certificate.not_valid_after == level2_certificate.not_valid_after == level3_certificate.not_valid_after

def test_issue_certificate_sets_extensions():

    dn = gimmecert.crypto.get_dn('My test 1')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    basic_constraints = cryptography.x509.BasicConstraints(ca=True, path_length=None)

    ocsp_no_check = cryptography.x509.OCSPNoCheck()

    extensions = [

        (basic_constraints, True),

        (ocsp_no_check, False),

    assert stored_extension.critical is False

    assert isinstance(stored_extension.value, cryptography.x509.OCSPNoCheck)

def test_issue_certificate_sets_no_extensions_if_none_are_passed():

    dn = gimmecert.crypto.get_dn('My test 1')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate1 = gimmecert.crypto.issue_certificate(dn, dn, private_key, private_key.public_key(), not_before, not_after, None)

    certificate2 = gimmecert.crypto.issue_certificate(dn, dn, private_key, private_key.public_key(), not_before, not_after, [])

    assert len(certificate1.extensions) == 0

def test_issue_server_certificate_returns_certificate():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert isinstance(certificate, cryptography.x509.Certificate)

def test_issue_server_certificate_sets_correct_extensions():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    expected_basic_constraints = cryptography.x509.BasicConstraints(ca=False, path_length=None)

    expected_key_usage = cryptography.x509.KeyUsage(

        digital_signature=True,

        key_encipherment=True,

        content_commitment=False,

def test_issue_server_certificate_has_correct_issuer_and_subject():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[3]

    certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.issuer == issuer_certificate.subject

    assert certificate.subject == gimmecert.crypto.get_dn('myserver')

def test_issue_server_certificate_has_correct_public_key():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.public_key().public_numbers() == private_key.public_key().public_numbers()

@freeze_time('2018-01-01 00:15:00')

def test_issue_server_certificate_not_before_is_15_minutes_in_past():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.not_valid_before == datetime.datetime(2018, 1, 1, 0, 0)

def test_issue_server_certificate_not_before_does_not_exceed_ca_validity():

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)):

        certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate1.not_valid_before == issuer_certificate.not_valid_before

def test_issue_server_certificate_not_after_does_not_exceed_ca_validity():

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)):

        certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate1.not_valid_after == issuer_certificate.not_valid_after

def test_issue_server_certificate_incorporates_additional_dns_subject_alternative_names():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    expected_subject_alternative_name = cryptography.x509.SubjectAlternativeName(

        [

            cryptography.x509.DNSName('myserver'),

            cryptography.x509.DNSName('service.local'),

            cryptography.x509.DNSName('service.example.com')

def test_issue_client_certificate_returns_certificate():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert isinstance(certificate, cryptography.x509.Certificate)

def test_issue_client_certificate_has_correct_issuer_and_subject():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[3]

    certificate = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.issuer == issuer_certificate.subject

    assert certificate.subject == gimmecert.crypto.get_dn('myclient')

def test_issue_client_certificate_sets_correct_extensions():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    expected_basic_constraints = cryptography.x509.BasicConstraints(ca=False, path_length=None)

    expected_key_usage = cryptography.x509.KeyUsage(

        digital_signature=True,

        key_encipherment=True,

        content_commitment=False,

def test_issue_client_certificate_has_correct_public_key():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.public_key().public_numbers() == private_key.public_key().public_numbers()

@freeze_time('2018-01-01 00:15:00')

def test_issue_client_certificate_not_before_is_15_minutes_in_past():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    certificate = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.not_valid_before == datetime.datetime(2018, 1, 1, 0, 0)

def test_issue_client_certificate_not_before_does_not_exceed_ca_validity():

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)):

        certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate1.not_valid_before == issuer_certificate.not_valid_before

def test_issue_client_certificate_not_after_does_not_exceed_ca_validity():

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)):

        certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate1.not_valid_after == issuer_certificate.not_valid_after

def test_renew_certificate_returns_certificate():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    new_certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)

    assert isinstance(new_certificate, cryptography.x509.Certificate)

def test_renew_certificate_has_correct_content():

    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

    issuer_private_key, issuer_certificate = ca_hierarchy[0]

    old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    new_certificate = gimmecert.crypto.renew_certificate(old_certificate, public_key, issuer_private_key, issuer_certificate)

    assert old_certificate != new_certificate  # make sure we didn't get identical certificate.

    assert old_certificate.issuer == new_certificate.issuer

    assert old_certificate.subject == new_certificate.subject

    # Initial server certificate.

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

        issuer_private_key, issuer_certificate = ca_hierarchy[0]

        old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    # Renew certificate.

    with freeze_time('2018-06-01 00:15:00'):

        certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)

    # Initial server certificate.

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

        issuer_private_key, issuer_certificate = ca_hierarchy[0]

        old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    # Renew certificate.

    with freeze_time(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1)):

        certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)

    # Initial server certificate.

    with freeze_time('2018-01-01 00:15:00'):

        ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))

        issuer_private_key, issuer_certificate = ca_hierarchy[0]

        old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)

    # Renew certificate.

    with freeze_time(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1)):

        certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)

    assert certificate.not_valid_after == issuer_certificate.not_valid_after

def test_generate_csr_returns_csr_with_passed_in_dn():

    subject_dn = gimmecert.crypto.get_dn('testcsr')

    csr = gimmecert.crypto.generate_csr(subject_dn, private_key)

    assert isinstance(csr, cryptography.x509.CertificateSigningRequest)

    assert csr.public_key().public_numbers() == private_key.public_key().public_numbers()

    assert csr.subject == subject_dn

def test_generate_csr_returns_csr_with_passed_in_name():

    name = 'testcsr'

    expected_subject_dn = gimmecert.crypto.get_dn('testcsr')

    csr = gimmecert.crypto.generate_csr(name, private_key)

    assert os.path.exists(tmpdir.join('.gimmecert', 'client').strpath)

def test_write_private_key(tmpdir):

    tmpdir.chdir()

    key_path = tmpdir.join('test.key.pem').strpath

    gimmecert.storage.write_private_key(private_key, key_path)

    assert os.path.exists(key_path)

def test_write_certificate(tmpdir):

    tmpdir.chdir()

    issuer_dn = gimmecert.crypto.get_dn('My test 1')

    subject_dn = gimmecert.crypto.get_dn('My test 2')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate = gimmecert.crypto.issue_certificate(issuer_dn, subject_dn, issuer_private_key, subject_private_key.public_key(), not_before, not_after)

    certificate_path = tmpdir.join('test.key.pem').strpath

    gimmecert.storage.write_certificate(certificate, certificate_path)

    assert isinstance(private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey)

    assert isinstance(certificate, cryptography.x509.Certificate)

def test_read_private_key_returns_private_key(tmpdir):

    private_key_path = tmpdir.join('private.key.pem').strpath

    gimmecert.storage.write_private_key(private_key, private_key_path)

    my_private_key = gimmecert.storage.read_private_key(private_key_path)

    assert isinstance(my_private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey)

    assert my_private_key.public_key().public_numbers() == private_key.public_key().public_numbers()  # Can't compare private keys directly.

def test_read_certificate_returns_certificate(tmpdir):

    certificate_path = tmpdir.join('certificate.cert.pem').strpath

    dn = gimmecert.crypto.get_dn('mycertificate')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate = gimmecert.crypto.issue_certificate(dn, dn, private_key, private_key.public_key(), not_before, not_after)

    gimmecert.storage.write_certificate(certificate, certificate_path)

    my_certificate = gimmecert.storage.read_certificate(certificate_path)

    assert isinstance(my_certificate, cryptography.x509.Certificate)

    assert certificate_4.subject == gimmecert.crypto.get_dn("My Project Level 4 CA")

def test_write_csr(tmpdir):

    csr_file = tmpdir.join('test.csr.pem')

    csr = gimmecert.crypto.generate_csr('test', private_key)

    gimmecert.storage.write_csr(csr, csr_file.strpath)

    csr_file_content = csr_file.read()

    assert csr_file_content.endswith('-----END CERTIFICATE REQUEST-----\n')

def test_read_csr(tmpdir):

    csr_file = tmpdir.join('mycsr.csr.pem')

    original_csr = gimmecert.crypto.generate_csr('mycsr', private_key)

    gimmecert.storage.write_csr(original_csr, csr_file.strpath)

    csr = gimmecert.storage.read_csr(csr_file.strpath)

import pytest

def test_certificate_to_pem_returns_valid_pem():

    dn = gimmecert.crypto.get_dn('My test 1')

    not_before, not_after = gimmecert.crypto.get_validity_range()

    certificate = gimmecert.crypto.issue_certificate(dn, dn, private_key, private_key.public_key(), not_before, not_after)

    certificate_pem = gimmecert.utils.certificate_to_pem(certificate)

    assert isinstance(certificate_pem, str)

    assert isinstance(representation, str)

    assert representation == "2017-01-02 03:04:05 UTC - 2018-06-07 08:09:10 UTC"

def test_get_dns_names_returns_empty_list_if_no_dns_names():

    issuer_private_key, issuer_certificate = gimmecert.crypto.generate_ca_hierarchy('My Test', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))[0]

    certificate = gimmecert.crypto.issue_client_certificate(

        'myclient', private_key.public_key(),

        issuer_private_key, issuer_certificate

    )

    assert dns_names == []

def test_get_dns_names_returns_list_of_dns_names():

    issuer_private_key, issuer_certificate = gimmecert.crypto.generate_ca_hierarchy('My Test', 1, gimmecert.crypto.KeyGenerator("rsa", 2048))[0]

    certificate = gimmecert.crypto.issue_server_certificate(

        'myserver', private_key.public_key(),

        issuer_private_key, issuer_certificate,

        extra_dns_names=['myservice1.example.com', 'myservice2.example.com']

    )