Changeset - b676b564f921
[Not reviewed]
0 1 0
Branko Majic (branko) - 4 years ago 2020-07-13 14:49:31
GC-37: Deduplicate option presence testing from functional tests for ECDSA key specifications:

- Updated the functional tests that cover ECDSA key specifications.
- Dropped tests for option presence since those tests already exist in
a dedicated functional test.
- Dropped testing of invalid invocations - those are better off
covered with unit tests already.
- Reworded the tests so they make more sense.
1 file changed with 20 insertions and 98 deletions:
0 comments (0 inline, 0 general)
Show inline comments
@@ -360,57 +360,33 @@ def test_renew_command_key_specification_with_rsa(tmpdir):
    # also using the same key size as the old private key.
    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem')
    assert "Private-Key: (3072 bit)" in stdout


def test_initialisation_with_ecdsa_key_specification(tmpdir):
    # John is looking into using ECDSA keys in his latest project. He
    # is already aware that Gimmecert supports use of RSA keys, but he
    # hasn't tried using it with ECDSA yet.

    # He checks the help for the init command first to see if he can
    # somehow request ECDSA keys to be used instead of RSA.
    stdout, _, _ = run_command('gimmecert', 'init', '-h')

    # John noticies there is an option to provide a custom key
    # specification to the tool, and that he can request ECDSA keys to
    # be used with a specific curve.
    assert "--key-specification" in stdout
    assert " -k" in stdout
    assert "rsa:BIT_LENGTH" in stdout
    assert "ecdsa:CURVE_NAME" in stdout

    # John can see a number of curves listed as supported.
    assert "curves: " in stdout
    assert "secp192r1" in stdout
    assert "secp224r1" in stdout
    assert "secp256k1" in stdout
    assert "secp256r1" in stdout
    assert "secp384r1" in stdout
    assert "secp521r1" in stdout

    # John switches to his project directory.
    # John wnats to initialise a CA hierarchy using ECDSA keys. He
    # switches to his project directory.

    # After a short deliberation, he opts to use the secp256r1 curve,
    # and initialises his CA hierarchy.
    # He decides to use the secp256r1 curve, and initialises his CA
    # hierarchy by passing-in the key specification.
    stdout, stderr, exit_code = run_command('gimmecert', 'init', '--key-specification', 'ecdsa:secp256r1')

    # Command finishes execution with success, and John notices that
    # the tool has informed him of what the private key algorithm is
    # in use for the CA hierarchy.
    # the tool has informed him about the private key algorithm in use
    # for the CA hierarchy.
    assert exit_code == 0
    assert stderr == ""
    assert "CA hierarchy initialised using secp256r1 ECDSA keys." in stdout

    # John goes ahead and inspects the CA private key to ensure his
    # private key specification has been accepted.
    stdout, stderr, exit_code = run_command('openssl', 'ec', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem')

    assert exit_code == 0
    assert stderr == "read EC key\n"  # OpenSSL print this out to stderr no matter what.
    assert stderr == "read EC key\n"  # OpenSSL prints this out to stderr no matter what.

    # He notices that although he requested secp256r1, the output from
    # OpenSSL tool uses its older name from RFC3279 -
    # prime256v1. However, he understands this is just an alternate
    # name for the curve.
    assert "ASN1 OID: prime256v1" in stdout
@@ -425,15 +401,15 @@ def test_initialisation_with_ecdsa_key_specification(tmpdir):
    assert "Public Key Algorithm: id-ecPublicKey" in stdout
    assert "ASN1 OID: prime256v1" in stdout


def test_server_command_default_key_specification_with_ecdsa(tmpdir):
    # John is setting-up a project to test some functionality
    # revolving around X.509 certificates. He has used RSA extensively
    # before, but now he wants to switch to using ECDSA private keys
    # instead.
    # revolving around the use of X.509 certificates. He has used RSA
    # extensively before, but now he wants to switch to using ECDSA
    # private keys instead.

    # He switches to his project directory, and initialises the CA
    # hierarchy, requesting that secp256r1 ECDSA keys should be used.
    run_command("gimmecert", "init", "--key-specification", "ecdsa:secp384r1")

@@ -452,53 +428,26 @@ def test_server_command_default_key_specification_with_ecdsa(tmpdir):
    # the one he specified for the CA hierarchy.
    assert "ASN1 OID: secp384r1" in stdout


def test_server_command_key_specification_with_ecdsa(tmpdir):
    # John is setting-up a project where he needs to test performance
    # when using different ECDSA private key sizes.
    # using different curves for ECDSA keys.

    # He switches to his project directory, and initialises the CA
    # hierarchy, requesting that secp192r1 ECDSA keys should be used.
    run_command("gimmecert", "init", "--key-specification", "ecdsa:secp192r1")

    # Very soon he realizes that he needs to test performance using
    # different elliptic curve algorithms for proper comparison. He
    # starts off by having a look at the help for the server command
    # to see if there is an option that will satisfy his needs.
    stdout, stderr, exit_code = run_command("gimmecert", "server", "-h")

    # John notices the option for passing-in a key specification, and
    # that he can request ECDSA keys to be used with a specific curve.
    assert " --key-specification" in stdout
    assert " -k" in stdout
    assert "rsa:BIT_LENGTH" in stdout
    assert "ecdsa:CURVE_NAME" in stdout

    # John can see a number of curves listed as supported.
    assert "curves: " in stdout
    assert "secp192r1" in stdout
    assert "secp224r1" in stdout
    assert "secp256k1" in stdout
    assert "secp256r1" in stdout
    assert "secp384r1" in stdout
    assert "secp521r1" in stdout

    # John goes ahead and tries to issue a server certificate using
    # key specification option.
    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r11", "myserver1")

    # Unfortunately, the command fails due to John's typo.
    assert exit_code != 0
    assert "invalid key_specification" in stderr

    # John tries again, fixing his typo.
    # decides to start off with secp224r1, and issues a new server
    # certificate, passing-in the necessary key specification.
    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "ecdsa:secp224r1", "myserver1")

    # This time around he succeeds.
    # The process finishes with success.
    assert exit_code == 0
    assert stderr == ""

    # He runs a command to see details about the generated private
    # key.
    stdout, _, _ = run_command('openssl', 'ec', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
@@ -507,15 +456,15 @@ def test_server_command_key_specification_with_ecdsa(tmpdir):
    # uses the same algorithm as he has specified.
    assert "ASN1 OID: secp224r1" in stdout


def test_client_command_default_key_specification_with_ecdsa(tmpdir):
    # John is setting-up a project to test some functionality
    # revolving around X.509 certificates. He has used RSA extensively
    # before, but now he wants to switch to using ECDSA private keys
    # instead.
    # revolving around the use of X.509 certificates. He has used RSA
    # extensively before, but now he wants to switch to using ECDSA
    # private keys instead.

    # He switches to his project directory, and initialises the CA
    # hierarchy, requesting that secp256r1 ECDSA keys should be used.
    run_command("gimmecert", "init", "--key-specification", "ecdsa:secp521r1")

@@ -543,44 +492,17 @@ def test_client_command_key_specification_with_ecdsa(tmpdir):
    # hierarchy, requesting that secp192r1 ECDSA keys should be used.
    run_command("gimmecert", "init", "--key-specification", "ecdsa:secp192r1")

    # Very soon he realizes that he needs to test performance using
    # different elliptic curve algorithms for proper comparison. He
    # starts off by having a look at the help for the client command
    # to see if there is an option that will satisfy his needs.
    stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")

    # John notices the option for passing-in a key specification, and
    # that he can request ECDSA keys to be used with a specific curve.
    assert " --key-specification" in stdout
    assert " -k" in stdout
    assert "rsa:BIT_LENGTH" in stdout
    assert "ecdsa:CURVE_NAME" in stdout

    # John can see a number of curves listed as supported.
    assert "curves: " in stdout
    assert "secp192r1" in stdout
    assert "secp224r1" in stdout
    assert "secp256k1" in stdout
    assert "secp256r1" in stdout
    assert "secp384r1" in stdout
    assert "secp521r1" in stdout

    # John goes ahead and tries to issue a client certificate using
    # key specification option.
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r11", "myclient1")

    # Unfortunately, the command fails due to John's typo.
    assert exit_code != 0
    assert "invalid key_specification" in stderr

    # John tries again, fixing his typo.
    # decides to start off with secp224r1, and issues a new server
    # certificate, passing-in the necessary key specification.
    stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "ecdsa:secp224r1", "myclient1")

    # This time around he succeeds.
    # The process finishes with success.
    assert exit_code == 0
    assert stderr == ""

    # He runs a command to see details about the generated private
    # key.
    stdout, _, _ = run_command('openssl', 'ec', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
0 comments (0 inline, 0 general)