gimmecert Changeset - a08bc91f2b7d

@@ -33,98 +33,83 @@ from freezegun import freeze_time

def test_init_sets_up_directory_structure(tmpdir):

    base_dir = tmpdir.join('.gimmecert')

    ca_dir = tmpdir.join('.gimmecert', 'ca')

    server_dir = tmpdir.join('.gimmecert', 'server')

    depth = 1

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    assert os.path.exists(base_dir.strpath)

    assert os.path.exists(ca_dir.strpath)

    assert os.path.exists(server_dir.strpath)

def test_init_generates_single_ca_artifact_for_depth_1(tmpdir):

    depth = 1

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level1.key.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').strpath)

def test_init_generates_three_ca_artifacts_for_depth_3(tmpdir):

    depth = 3

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level1.key.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level2.key.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level2.cert.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level3.key.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'level3.cert.pem').strpath)

    assert os.path.exists(tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').strpath)

def test_init_outputs_full_chain_for_depth_1(tmpdir):

    depth = 1

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    level1_certificate = tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').read()

    full_chain = tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').read()

    assert level1_certificate == full_chain

    assert full_chain.replace(level1_certificate, '') == ''

def test_init_outputs_full_chain_for_depth_3(tmpdir):

    depth = 3

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3)

    level1_certificate = tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').read()

    level2_certificate = tmpdir.join('.gimmecert', 'ca', 'level2.cert.pem').read()

    level3_certificate = tmpdir.join('.gimmecert', 'ca', 'level3.cert.pem').read()

    full_chain = tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').read()

    assert level1_certificate in full_chain

    assert level2_certificate in full_chain

    assert level3_certificate in full_chain

    assert full_chain == "%s\n%s\n%s" % (level1_certificate, level2_certificate, level3_certificate)

def test_init_returns_success_if_directory_has_not_been_previously_initialised(tmpdir):

    depth = 1

    status_code = gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    status_code = gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    assert status_code == gimmecert.commands.ExitCode.SUCCESS

def test_init_returns_error_code_if_directory_has_been_previously_initialised(tmpdir):

    depth = 1

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    status_code = gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    status_code = gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    assert status_code == gimmecert.commands.ExitCode.ERROR_ALREADY_INITIALISED

def test_init_does_not_overwrite_artifcats_if_already_initialised(tmpdir):

    depth = 1

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    level1_private_key_before = tmpdir.join('.gimmecert', 'ca', 'level1.key.pem').read()

    level1_certificate_before = tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').read()

    full_chain_before = tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').read()

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

    level1_private_key_after = tmpdir.join('.gimmecert', 'ca', 'level1.key.pem').read()

    level1_certificate_after = tmpdir.join('.gimmecert', 'ca', 'level1.cert.pem').read()

    full_chain_after = tmpdir.join('.gimmecert', 'ca', 'chain-full.cert.pem').read()

    assert level1_private_key_before == level1_private_key_after

@@ -635,19 +620,17 @@ def test_status_reports_uninitialised_directory(tmpdir):

    assert status_code == gimmecert.commands.ExitCode.ERROR_NOT_INITIALISED

    assert stderr == ""

    assert "CA hierarchy has not been initialised in current directory." in stdout

def test_status_reports_ca_hierarchy_information(tmpdir):

    depth = 3

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3)

    with freeze_time('2018-06-01 00:15:00'):

        status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)

    stdout = stdout_stream.getvalue()

    stdout_lines = stdout.split("\n")

@@ -681,24 +664,22 @@ def test_status_reports_ca_hierarchy_information(tmpdir):

    assert ca_3_validity == "    Validity: 2018-01-01 00:00:00 UTC - 2019-01-01 00:15:00 UTC"

    assert ca_3_certificate_path == "    Certificate: .gimmecert/ca/level3.cert.pem"

def test_status_reports_server_certificate_information(tmpdir):

    depth = 3

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    myserver3_csr_file = tmpdir.join('server3.csr.pem')

    myserver3_private_key = gimmecert.crypto.generate_private_key()

    myserver3_csr = gimmecert.crypto.generate_csr('blah', myserver3_private_key)

    gimmecert.storage.write_csr(myserver3_csr, myserver3_csr_file.strpath)

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3)

    with freeze_time('2018-02-01 00:15:00'):

        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver1', None, None)

    with freeze_time('2018-03-01 00:15:00'):

        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver2', ['myservice1.example.com', 'myservice2.example.com'], None)

@@ -751,24 +732,22 @@ def test_status_reports_server_certificate_information(tmpdir):

    assert myserver3_dns == "    DNS: myserver3"

    assert myserver3_csr_path == "    CSR: .gimmecert/server/myserver3.csr.pem"

    assert myserver3_certificate_path == "    Certificate: .gimmecert/server/myserver3.cert.pem"

def test_status_reports_client_certificate_information(tmpdir):

    depth = 3

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    myclient3_csr_file = tmpdir.join('client3.csr.pem')

    myclient3_private_key = gimmecert.crypto.generate_private_key()

    myclient3_csr = gimmecert.crypto.generate_csr('blah', myclient3_private_key)

    gimmecert.storage.write_csr(myclient3_csr, myclient3_csr_file.strpath)

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 3)

    with freeze_time('2018-02-01 00:15:00'):

        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient1', None)

    with freeze_time('2018-03-01 00:15:00'):

        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient2', None)

@@ -815,20 +794,18 @@ def test_status_reports_client_certificate_information(tmpdir):

    assert myclient3_validity == "    Validity: 2018-04-01 00:00:00 UTC - 2019-01-01 00:15:00 UTC"

    assert myclient3_csr_path == "    CSR: .gimmecert/client/myclient3.csr.pem"

    assert myclient3_certificate_path == "    Certificate: .gimmecert/client/myclient3.cert.pem"

def test_status_reports_no_server_certificates_were_issued(tmpdir):

    depth = 1

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    # Just create some sample data, but no server certificates.

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient1', None)

        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient2', None)

    status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)

    stdout = stdout_stream.getvalue()

@@ -838,20 +815,18 @@ def test_status_reports_no_server_certificates_were_issued(tmpdir):

    assert stderr == ""

    assert "Server certificates\n-------------------\n\nNo server certificates have been issued." in stdout, \

        "Missing message about no server certificates being issued:\n%s" % stdout

def test_status_reports_no_client_certificates_were_issued(tmpdir):

    depth = 1

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    # Just create some sample data, but no client certificates.

    with freeze_time('2018-01-01 00:15:00'):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1)

        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver1', None, None)

        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver2', None, None)

    status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)

    stdout = stdout_stream.getvalue()

@@ -879,20 +854,18 @@ def test_certificate_marked_as_not_valid_or_expired_as_appropriate(tmpdir, subje

    valid/invalid in terms of validity dates.

    The test has been parametrised since the pattern is pretty similar

    between these.

"""

    depth = 1

    stdout_stream = io.StringIO()

    stderr_stream = io.StringIO()

    # Perform action on our fixed issuance date.

    with freeze_time(issuance_date):

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, "My Project", depth)

        gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, "My Project", 1)

        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver', None, None)

        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient', None)

    # Move to specific date in future/past for different validity checks.

    with freeze_time(status_date):

        status_code = gimmecert.commands.status(stdout_stream, stderr_stream, tmpdir.strpath)