Changeset - a7243b9f6fd7
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 4 years ago 2020-07-13 16:19:38
branko@majic.rs
GC-37: Include ECDSA when testing that commands use correct key specification:

- Updated tests for server, client, and renew commands.
- Parametrised the tests so they can cover different sizes of RSA
keys, as well as different elliptic curve algorithms.
1 file changed with 58 insertions and 16 deletions:
tests/test_commands.py
58
16
0 comments (0 inline, 0 general)
tests/test_commands.py
Show inline comments
 
@@ -1489,62 +1489,104 @@ def test_renew_client_reads_csr_from_stdin(mock_read_input, sample_project_direc
 
    assert certificate.subject != key_with_csr.csr.subject
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_server_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir):

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




	
	
	
		
 
    ("rsa", 1024),

			




	
	
	
		
 
    ("rsa", 2048),

			




	
	
	
		
 
    ("ecdsa", ec.SECP192R1),

			




	
	
	
		
 
    ("ecdsa", ec.SECP384R1),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_server_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir, key_specification):

			




	
	
	
		
 

			




	
	
	
		
 
    private_key_file = tmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 1024))

			




	
	
	
		
 
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, key_specification)

			




	
	
	
		
 
    gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver', None, None, None)

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

			




	
	
	
		
 
    public_key = private_key.public_key()

			




	
	
	
		
 
    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

			




	
	
	
		
 

			




	
	
	
		
 
    assert private_key.key_size == 1024

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_server_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir):

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




	
	
	
		
 
    ("rsa", 1024),

			




	
	
	
		
 
    ("rsa", 2048),

			




	
	
	
		
 
    ("ecdsa", ec.SECP192R1),

			




	
	
	
		
 
    ("ecdsa", ec.SECP384R1),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_server_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir, key_specification):

			




	
	
	
		
 

			




	
	
	
		
 
    private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, ("rsa", 1024))

			




	
	
	
		
 
    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, key_specification)

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

			




	
	
	
		
 
    public_key = private_key.public_key()

			




	
	
	
		
 
    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

			




	
	
	
		
 

			




	
	
	
		
 
    assert private_key.key_size == 1024

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_client_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir):

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




	
	
	
		
 
    ("rsa", 1024),

			




	
	
	
		
 
    ("rsa", 2048),

			




	
	
	
		
 
    ("ecdsa", ec.SECP192R1),

			




	
	
	
		
 
    ("ecdsa", ec.SECP384R1),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_client_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir, key_specification):

			




	
	
	
		
 

			




	
	
	
		
 
    private_key_file = tmpdir.join('.gimmecert', 'client', 'myclient.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 1024))

			




	
	
	
		
 
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, key_specification)

			




	
	
	
		
 
    gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient', None, None)

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

			




	
	
	
		
 
    public_key = private_key.public_key()

			




	
	
	
		
 
    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

			




	
	
	
		
 

			




	
	
	
		
 
    assert private_key.key_size == 1024

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_client_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir):

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




	
	
	
		
 
    ("rsa", 1024),

			




	
	
	
		
 
    ("rsa", 2048),

			




	
	
	
		
 
    ("ecdsa", ec.SECP192R1),

			




	
	
	
		
 
    ("ecdsa", ec.SECP384R1),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_client_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir, key_specification):

			




	
	
	
		
 

			




	
	
	
		
 
    private_key_file = gctmpdir.join('.gimmecert', 'client', 'myclient.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', None, ("rsa", 1024))

			




	
	
	
		
 
    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', None, key_specification)

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

			




	
	
	
		
 
    public_key = private_key.public_key()

			




	
	
	
		
 
    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

			




	
	
	
		
 

			




	
	
	
		
 
    assert private_key.key_size == 1024

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_renew_generates_new_private_key_with_different_size_if_requested(gctmpdir):

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




	
	
	
		
 
    ("rsa", 1024),

			




	
	
	
		
 
    ("rsa", 3072),

			




	
	
	
		
 
    ("ecdsa", ec.SECP192R1),

			




	
	
	
		
 
    ("ecdsa", ec.SECP384R1),

			




	
	
	
		
 
])

			




	
	
	
		
 
def test_renew_generates_new_private_key_with_passed_in_algorithm_if_requested(gctmpdir, key_specification):

			




	
	
	
		
 
    private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

			




	
	
	
		
 

			




	
	
	
		
 
    # Should produce 2048-bit RSA key (default from hierarchy).

			




	
	
	
		
 
    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None)

			




	
	
	
		
 

			




	
	
	
		
 
    gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, ("rsa", 1024))

			




	
	
	
		
 
    private_key_size_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).key_size

			




	
	
	
		
 
    gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, key_specification)

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

			




	
	
	
		
 
    public_key = private_key.public_key()

			




	
	
	
		
 
    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

			




	
	
	
		
 

			




	
	
	
		
 
    assert private_key_size_after_renewal == 1024

			




	
	
	
		
 
    assert public_key_specification == key_specification

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.mark.parametrize("key_specification", [

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.