|
@@ -145,11 +145,12 @@ def test_server_command_key_specification_with_rsa(tmpdir):
|
|
|
assert "Private-Key: (2048 bit)" in stdout
|
|
|
|
|
|
|
|
|
def test_client_command_key_specification(tmpdir):
|
|
|
# John is setting-up a quick and dirty project to test some
|
|
|
# functionality revolving around X.509 certificates. Since he does
|
|
|
# not care much about the strength of private keys for it, he
|
|
|
# wants to use 1024-bit RSA keys.
|
|
|
def test_client_command_default_key_specification_with_rsa(tmpdir):
|
|
|
# John is setting-up a project to test some functionality
|
|
|
# revolving around X.509 certificates. Since he does not care much
|
|
|
# about the strength of private keys for it, he wants to use
|
|
|
# 1024-bit RSA keys for both CA hierarchy and client certificates
|
|
|
# to speed-up the key generation process.
|
|
|
|
|
|
# He switches to his project directory, and initialises the CA
|
|
|
# hierarchy, requesting that 1024-bit RSA keys should be used.
|
|
@@ -171,20 +172,20 @@ def test_client_command_key_specification(tmpdir):
|
|
|
# one he specified for the CA hierarchy.
|
|
|
assert "Private-Key: (1024 bit)" in stdout
|
|
|
|
|
|
# He then has a look at the certificate.
|
|
|
stdout, _, _ = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/client/myclient1.cert.pem')
|
|
|
|
|
|
# Likewise with the private key, the certificate is also using the
|
|
|
# 1024-bit RSA key.
|
|
|
assert "Public-Key: (1024 bit)" in stdout
|
|
|
def test_client_command_key_specification_with_rsa(tmpdir):
|
|
|
# John is setting-up a project where he needs to test performance
|
|
|
# when using different RSA private key sizes.
|
|
|
|
|
|
# At some point John realises that to cover all bases, he needs to
|
|
|
# have a test with a client that uses 2048-bit RSA keys as
|
|
|
# well. He does not want to regenerate all of the X.509 artefacts,
|
|
|
# and would like to instead issues a single 2048-bit RSA key for a
|
|
|
# specific client instead.
|
|
|
# He switches to his project directory, and initialises the CA
|
|
|
# hierarchy, requesting that 1024-bit RSA keys should be used.
|
|
|
tmpdir.chdir()
|
|
|
run_command("gimmecert", "init", "--key-specification", "rsa:1024")
|
|
|
|
|
|
# He starts off by having a look at the help for the client command.
|
|
|
# Very soon he realizes that he needs to test performance using
|
|
|
# smaller RSA key sizes for proper comparison. He starts off by
|
|
|
# having a look at the help for the client command to see if there
|
|
|
# is an option that will satisfy his needs.
|
|
|
stdout, stderr, exit_code = run_command("gimmecert", "client", "-h")
|
|
|
|
|
|
# John notices the option for passing-in a key specification.
|
|
@@ -193,14 +194,14 @@ def test_client_command_key_specification(tmpdir):
|
|
|
|
|
|
# John goes ahead and tries to issue a client certificate using
|
|
|
# key specification option.
|
|
|
stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient2")
|
|
|
stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsas:2048", "myclient1")
|
|
|
|
|
|
# Unfortunately, the command fails due to John's typo.
|
|
|
assert exit_code != 0
|
|
|
assert "invalid key_specification" in stderr
|
|
|
|
|
|
# John tries again, fixing his typo.
|
|
|
stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient2")
|
|
|
stdout, stderr, exit_code = run_command("gimmecert", "client", "--key-specification", "rsa:2048", "myclient1")
|
|
|
|
|
|
# This time around he succeeds.
|
|
|
assert exit_code == 0
|
|
@@ -208,7 +209,7 @@ def test_client_command_key_specification(tmpdir):
|
|
|
|
|
|
# He runs a command to see details about the generated private
|
|
|
# key.
|
|
|
stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient2.key.pem')
|
|
|
stdout, _, _ = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/client/myclient1.key.pem')
|
|
|
|
|
|
# He nods with his head, observing that the generated private key
|
|
|
# uses the same key size as he has specified.
|