gimmecert Changeset - b676b564f921

Changeset - b676b564f921

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 4 years ago 2020-07-13 14:49:31
branko@majic.rs

GC-37: Deduplicate option presence testing from functional tests for ECDSA key specifications:

- Updated the functional tests that cover ECDSA key specifications.
- Dropped tests for option presence since those tests already exist in
a dedicated functional test.
- Dropped testing of invalid invocations - those are better off
covered with unit tests already.
- Reworded the tests so they make more sense.

1 file changed with 20 insertions and 98 deletions:

functional_tests/test_key_specification.py

0 comments (0 inline, 0 general)

functional_tests/test_key_specification.py

➞

Show inline comments

 def test_initialisation_with_ecdsa_key_specification(tmpdir):
     # John is looking into using ECDSA keys in his latest project. He
     # is already aware that Gimmecert supports use of RSA keys, but he
     # hasn't tried using it with ECDSA yet.
     # He checks the help for the init command first to see if he can
     # somehow request ECDSA keys to be used instead of RSA.
     stdout, _, _ = run_command('gimmecert', 'init', '-h')
     # John noticies there is an option to provide a custom key
     # specification to the tool, and that he can request ECDSA keys to
     # be used with a specific curve.
     assert "--key-specification" in stdout
     assert " -k" in stdout
     assert "rsa:BIT_LENGTH" in stdout
     assert "ecdsa:CURVE_NAME" in stdout
     # John can see a number of curves listed as supported.
     assert "curves: " in stdout
     assert "secp192r1" in stdout
     assert "secp224r1" in stdout
     assert "secp256k1" in stdout
     assert "secp256r1" in stdout
     assert "secp384r1" in stdout
     assert "secp521r1" in stdout
     # John switches to his project directory.
     # John wnats to initialise a CA hierarchy using ECDSA keys. He
     # switches to his project directory.
     tmpdir.chdir()
     # After a short deliberation, he opts to use the secp256r1 curve,
     # and initialises his CA hierarchy.
     # He decides to use the secp256r1 curve, and initialises his CA
     # hierarchy by passing-in the key specification.
     stdout, stderr, exit_code = run_command('gimmecert', 'init', '--key-specification', 'ecdsa:secp256r1')
     # Command finishes execution with success, and John notices that
     # the tool has informed him of what the private key algorithm is
     # in use for the CA hierarchy.
     # the tool has informed him about the private key algorithm in use
     # for the CA hierarchy.
     assert exit_code == 0
     assert stderr == ""
     assert "CA hierarchy initialised using secp256r1 ECDSA keys." in stdout
     stdout, stderr, exit_code = run_command('openssl', 'ec', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem')
     assert exit_code == 0
-    assert stderr == "read EC key\n"  # OpenSSL print this out to stderr no matter what.
+    assert stderr == "read EC key\n"  # OpenSSL prints this out to stderr no matter what.
     # He notices that although he requested secp256r1, the output from
     # OpenSSL tool uses its older name from RFC3279 -
 def test_server_command_default_key_specification_with_ecdsa(tmpdir):
     # John is setting-up a project to test some functionality
     # revolving around X.509 certificates. He has used RSA extensively
     # before, but now he wants to switch to using ECDSA private keys
     # instead.
     # revolving around the use of X.509 certificates. He has used RSA
     # extensively before, but now he wants to switch to using ECDSA
     # private keys instead.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that secp256r1 ECDSA keys should be used.
 def test_server_command_key_specification_with_ecdsa(tmpdir):
     # John is setting-up a project where he needs to test performance
-    # when using different ECDSA private key sizes.
+    # using different curves for ECDSA keys.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that secp192r1 ECDSA keys should be used.
     # Very soon he realizes that he needs to test performance using
     # different elliptic curve algorithms for proper comparison. He
     # starts off by having a look at the help for the server command
     # to see if there is an option that will satisfy his needs.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "-h")
     # John notices the option for passing-in a key specification, and
     # that he can request ECDSA keys to be used with a specific curve.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     assert "rsa:BIT_LENGTH" in stdout
     assert "ecdsa:CURVE_NAME" in stdout
     # John can see a number of curves listed as supported.
     assert "curves: " in stdout
     assert "secp192r1" in stdout
     assert "secp224r1" in stdout
     assert "secp256k1" in stdout
     assert "secp256r1" in stdout
     assert "secp384r1" in stdout
     assert "secp521r1" in stdout
     # John goes ahead and tries to issue a server certificate using
     # key specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r11", "myserver1")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     # John tries again, fixing his typo.
     # decides to start off with secp224r1, and issues a new server
     # certificate, passing-in the necessary key specification.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r1", "myserver1")
-    # This time around he succeeds.
+    # The process finishes with success.
     assert exit_code == 0
     assert stderr == ""
 def test_client_command_default_key_specification_with_ecdsa(tmpdir):
     # John is setting-up a project to test some functionality
     # revolving around X.509 certificates. He has used RSA extensively
     # before, but now he wants to switch to using ECDSA private keys
     # instead.
     # revolving around the use of X.509 certificates. He has used RSA
     # extensively before, but now he wants to switch to using ECDSA
     # private keys instead.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that secp256r1 ECDSA keys should be used.
     # Very soon he realizes that he needs to test performance using
     # different elliptic curve algorithms for proper comparison. He
     # starts off by having a look at the help for the client command
     # to see if there is an option that will satisfy his needs.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")
     # John notices the option for passing-in a key specification, and
     # that he can request ECDSA keys to be used with a specific curve.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     assert "rsa:BIT_LENGTH" in stdout
     assert "ecdsa:CURVE_NAME" in stdout
     # John can see a number of curves listed as supported.
     assert "curves: " in stdout
     assert "secp192r1" in stdout
     assert "secp224r1" in stdout
     assert "secp256k1" in stdout
     assert "secp256r1" in stdout
     assert "secp384r1" in stdout
     assert "secp521r1" in stdout
     # John goes ahead and tries to issue a client certificate using
     # key specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r11", "myclient1")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     # John tries again, fixing his typo.
     # decides to start off with secp224r1, and issues a new server
     # certificate, passing-in the necessary key specification.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r1", "myclient1")
-    # This time around he succeeds.
+    # The process finishes with success.
     assert exit_code == 0
     assert stderr == ""

0 comments (0 inline, 0 general)