# -*- coding: utf-8 -*-

#

# Copyright (C) 2018 Branko Majic

#

# This file is part of Gimmecert.

#

# Gimmecert is free software: you can redistribute it and/or modify it

# under the terms of the GNU General Public License as published by the Free

# Software Foundation, either version 3 of the License, or (at your option) any

# later version.

#

# Gimmecert is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more

# details.

#

# You should have received a copy of the GNU General Public License along with

# Gimmecert.  If not, see <http://www.gnu.org/licenses/>.

#

from .base import run_command

def test_initialisation_with_rsa_private_key_specification(tmpdir):

    # John is looking into improving the security of one of his

    # projects. Amongst other things, John is interested in using

    # stronger private keys for his TLS services - which he wants to

    # try out in his test envioronment first.

    # John knows that the Gimmecert tool uses 2048-bit RSA keys for

    # the CA hierarchy, but what he would really like to do is specify

    # himself what kind of private key should be generated

    # instead. He checks-out the help for the init command first.

    stdout, _, _ = run_command('gimmecert', 'init', '-h')

    # John noticies there is an option to provide a custom key

    # specification to the tool, that he can specify the length of

    # the RSA private keys, and that the default is "rsa:2048".

    assert "--key-specification" in stdout

    assert " -k" in stdout

    assert "rsa:BIT_LENGTH" in stdout

    assert "Default is rsa:2048" in stdout

    # John switches to his project directory.

    tmpdir.chdir()

    # He initalises the CA hierarchy, requesting to use 4096-bit RSA

    # keys.

    stdout, stderr, exit_code = run_command('gimmecert', 'init', '--key-specification', 'rsa:4096')

    # Command finishes execution with success, and John notices that

    # the tool has informed him of what the private key algorithm is

    # in use for the CA hierarchy.

    assert exit_code == 0

    assert stderr == ""

    assert "CA hierarchy initialised using 4096-bit RSA keys." in stdout

    # John goes ahead and inspects the CA private key to ensure his

    # private key specification has been accepted.

    stdout, stderr, exit_code = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem')

    assert exit_code == 0

    assert stderr == ""

    assert "Private-Key: (4096 bit)" in stdout

    # John also does a quick check on the generated certificate's

    # signing and public key algorithm.

    stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/ca/level1.cert.pem')

    assert exit_code == 0

    assert stderr == ""

    assert "Signature Algorithm: sha256WithRSAEncryption" in stdout

    assert "Public-Key: (4096 bit)" in stdout

def test_server_command_key_specification(tmpdir):

    # John is setting-up a quick and dirty project to test some

    # functionality revolving around X.509 certificates. Since he does

    # not care much about the strength of private keys for it, he

    # wants to use 1024-bit RSA keys.

    # He switches to his project directory, and initialises the CA

    # hierarchy, requesting that 1024-bit RSA keys should be used.

    tmpdir.chdir()

    run_command("gimmecert", "init", "--key-specification", "rsa:1024")

    # John issues a server certificates.

    stdout, stderr, exit_code = run_command('gimmecert', 'server', 'myserver1')

    # John observes that the process was completed successfully.

    assert exit_code == 0

    assert stderr == ""

    # He runs a command to see details about the generated private

    # key.

    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')

    # And indeed, the generated private key uses the same size as the

    # one he specified for the CA hierarchy.

    assert "Private-Key: (1024 bit)" in stdout

    # He then has a look at the certificate.

    stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/server/myserver1.cert.pem')

    # Likewise with the private key, the certificate is also using the

    # 1024-bit RSA key.

    assert "Public-Key: (1024 bit)" in stdout

    # At some point John realises that to cover all bases, he needs to

    # have a test with a server that uses 2048-bit RSA keys as

    # well. He does not want to regenerate all of the X.509 artefacts,

    # and would like to instead issues a single 2048-bit RSA key for a

    # specific server instead.

    # He starts off by having a look at the help for the server command.

    stdout, stderr, exit_code = run_command("gimmecert", "server", "-h")

    # John notices the option for passing-in a key specification.

    assert " --key-specification" in stdout

    assert " -k" in stdout

    # John goes ahead and tries to issue a server certificate using

    # key specification option.

    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsas:2048", "myserver2")

    # Unfortunately, the command fails due to John's typo.

    assert exit_code != 0

    assert "invalid key_specification" in stderr

    # John tries again, fixing his typo.

    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsa:2048", "myserver2")

    # This time around he succeeds.

    assert exit_code == 0

    assert stderr == ""

    # He runs a command to see details about the generated private

    # key.

    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver2.key.pem')

    # He nods with his head, observing that the generated private key

    # uses the same key size as he has specified.

    assert "Private-Key: (2048 bit)" in stdout