gimmecert Changeset - b71091db5126

Changeset - b71091db5126

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 5 years ago 2020-06-15 15:47:54
branko@majic.rs

GC-37: Refactor functional tests for server command key specification handling:

- Use separate test for checking use of CA hierarchy default key
specification.
- Use separate test for checking use of --key-specification option.
- Do not check public key size in certificate - this is not relevant
for this particular functional test, and there are already unit
tests that verify correct public key is used.

1 file changed with 21 insertions and 20 deletions:

functional_tests/test_key_specification.py

0 comments (0 inline, 0 general)

functional_tests/test_key_specification.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
+#
 # Copyright (C) 2018 Branko Majic
+#
 # This file is part of Gimmecert.
+#
 # Gimmecert is free software: you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by the Free
 # Software Foundation, either version 3 of the License, or (at your option) any
 # later version.
+#
 # Gimmecert is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 # details.
+#
 # You should have received a copy of the GNU General Public License along with
 # Gimmecert.  If not, see <http://www.gnu.org/licenses/>.
+#
 from .base import run_command
 def test_initialisation_with_rsa_private_key_specification(tmpdir):
     # John is looking into improving the security of one of his
     # projects. Amongst other things, John is interested in using
     # stronger private keys for his TLS services - which he wants to
     # try out in his test envioronment first.
     # John knows that the Gimmecert tool uses 2048-bit RSA keys for
     # the CA hierarchy, but what he would really like to do is specify
     # himself what kind of private key should be generated
     # instead. He checks-out the help for the init command first.
     stdout, _, _ = run_command('gimmecert', 'init', '-h')
     # John noticies there is an option to provide a custom key
     # specification to the tool, that he can specify the length of
     # the RSA private keys, and that the default is "rsa:2048".
     assert "--key-specification" in stdout
     assert " -k" in stdout
     assert "rsa:BIT_LENGTH" in stdout
     assert "Default is rsa:2048" in stdout
     # John switches to his project directory.
     tmpdir.chdir()
     # He initalises the CA hierarchy, requesting to use 4096-bit RSA
     # keys.
     stdout, stderr, exit_code = run_command('gimmecert', 'init', '--key-specification', 'rsa:4096')
     # Command finishes execution with success, and John notices that
     # the tool has informed him of what the private key algorithm is
     # in use for the CA hierarchy.
     assert exit_code == 0
     assert stderr == ""
     assert "CA hierarchy initialised using 4096-bit RSA keys." in stdout
     # John goes ahead and inspects the CA private key to ensure his
     # private key specification has been accepted.
     stdout, stderr, exit_code = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem')
     assert exit_code == 0
     assert stderr == ""
     assert "Private-Key: (4096 bit)" in stdout
     # John also does a quick check on the generated certificate's
     # signing and public key algorithm.
     stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/ca/level1.cert.pem')
     assert exit_code == 0
     assert stderr == ""
     assert "Signature Algorithm: sha256WithRSAEncryption" in stdout
     assert "Public-Key: (4096 bit)" in stdout
 def test_server_command_key_specification(tmpdir):
     # John is setting-up a quick and dirty project to test some
     # functionality revolving around X.509 certificates. Since he does
     # not care much about the strength of private keys for it, he
     # wants to use 1024-bit RSA keys.
 def test_server_command_default_key_specification_with_rsa(tmpdir):
     # John is setting-up a project to test some functionality
     # revolving around X.509 certificates. Since he does not care much
     # about the strength of private keys for it, he wants to use
     # 1024-bit RSA keys for both CA hierarchy and server certificates
     # to speed-up the key generation process.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 1024-bit RSA keys should be used.
     tmpdir.chdir()
     run_command("gimmecert", "init", "--key-specification", "rsa:1024")
-    # John issues a server certificates.
+    # John issues a server certificate.
     stdout, stderr, exit_code = run_command('gimmecert', 'server', 'myserver1')
     # John observes that the process was completed successfully.
     assert exit_code == 0
     assert stderr == ""
     # He runs a command to see details about the generated private
     # key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
     # And indeed, the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
     # He then has a look at the certificate.
     stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/server/myserver1.cert.pem')
     # Likewise with the private key, the certificate is also using the
     # 1024-bit RSA key.
     assert "Public-Key: (1024 bit)" in stdout
 def test_server_command_key_specification_with_rsa(tmpdir):
     # John is setting-up a project where he needs to test performance
     # when using different RSA private key sizes.
     # At some point John realises that to cover all bases, he needs to
     # have a test with a server that uses 2048-bit RSA keys as
     # well. He does not want to regenerate all of the X.509 artefacts,
     # and would like to instead issues a single 2048-bit RSA key for a
     # specific server instead.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 3072-bit RSA keys should be used.
     tmpdir.chdir()
     run_command("gimmecert", "init", "--key-specification", "rsa:3072")
     # He starts off by having a look at the help for the server command.
     # Very soon he realizes that he needs to test performance using
     # smaller RSA key sizes for proper comparison. He starts off by
     # having a look at the help for the server command to see if there
     # is an option that will satisfy his needs.
     stdout, stderr, exit_code = run_command("gimmecert", "server", "-h")
     # John notices the option for passing-in a key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # John goes ahead and tries to issue a server certificate using
     # key specification option.
-    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsas:2048", "myserver2")
+    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsas:2048", "myserver1")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     # John tries again, fixing his typo.
-    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsa:2048", "myserver2")
+    stdout, stderr, exit_code = run_command("gimmecert", "server", "--key-specification", "rsa:2048", "myserver1")
     # This time around he succeeds.
     assert exit_code == 0
     assert stderr == ""
     # He runs a command to see details about the generated private
     # key.
-    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver2.key.pem')
+    stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/server/myserver1.key.pem')
     # He nods with his head, observing that the generated private key
     # uses the same key size as he has specified.
     assert "Private-Key: (2048 bit)" in stdout
 def test_client_command_key_specification(tmpdir):
     # John is setting-up a quick and dirty project to test some
     # functionality revolving around X.509 certificates. Since he does
     # not care much about the strength of private keys for it, he
     # wants to use 1024-bit RSA keys.
     # He switches to his project directory, and initialises the CA
     # hierarchy, requesting that 1024-bit RSA keys should be used.
     tmpdir.chdir()
     run_command("gimmecert", "init", "--key-specification", "rsa:1024")
     # John issues a client certificate.
     stdout, stderr, exit_code = run_command('gimmecert', 'client', 'myclient1')
     # John observes that the process was completed successfully.
     assert exit_code == 0
     assert stderr == ""
     # He runs a command to see details about the generated private
     # key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
     # And indeed, the generated private key uses the same size as the
     # one he specified for the CA hierarchy.
     assert "Private-Key: (1024 bit)" in stdout
     # He then has a look at the certificate.
     stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/client/myclient1.cert.pem')
     # Likewise with the private key, the certificate is also using the
     # 1024-bit RSA key.
     assert "Public-Key: (1024 bit)" in stdout
     # At some point John realises that to cover all bases, he needs to
     # have a test with a client that uses 2048-bit RSA keys as
     # well. He does not want to regenerate all of the X.509 artefacts,
     # and would like to instead issues a single 2048-bit RSA key for a
     # specific client instead.
     # He starts off by having a look at the help for the client command.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")
     # John notices the option for passing-in a key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # John goes ahead and tries to issue a client certificate using
     # key specification option.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient2")
     # Unfortunately, the command fails due to John's typo.
     assert exit_code != 0
     assert "invalid key_specification" in stderr
     # John tries again, fixing his typo.
     stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient2")
     # This time around he succeeds.
     assert exit_code == 0
     assert stderr == ""
     # He runs a command to see details about the generated private
     # key.
     stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem')
     # He nods with his head, observing that the generated private key
     # uses the same key size as he has specified.
     assert "Private-Key: (2048 bit)" in stdout
 def test_renew_command_key_specification(tmpdir):
     # John has set-up a project where he has issued a couple of
     # certificates.
     tmpdir.chdir()
     run_command("gimmecert", "init")
     run_command('gimmecert', 'server', 'myserver1')
     run_command('gimmecert', 'client', 'myclient1')
     # However, soon he realizes that he needs to perform some tests
     # using a different RSA key size. John knows that Gimmecert comes
     # with a renew command, so he has a quick look at its help.
     stdout, stderr, exit_code = run_command("gimmecert", "renew", "-h")
     # John notices the option for passing-in custom key specification.
     assert " --key-specification" in stdout
     assert " -k" in stdout
     # He goes ahead and tries to renew his server certificate.
     stdout, stderr, exit_code = run_command("gimmecert", "renew", "server", "-k", "rsa:1024", "myserver1")

0 comments (0 inline, 0 general)