|
@@ -76,13 +76,13 @@ def test_status_on_initialised_directory(tmpdir):
|
|
|
|
|
|
run_command('gimmecert', 'init', '-d', '3', '-b', 'My Project')
|
|
|
|
|
|
run_command('gimmecert', 'server', 'myserver1')
|
|
|
run_command('gimmecert', 'server', 'myserver1', '-k', 'rsa:1024')
|
|
|
run_command('gimmecert', 'server', 'myserver2', 'myservice.example.com', 'myotherservice.example.com')
|
|
|
run_command("openssl", "req", "-new", "-newkey", "rsa:2048", "-nodes", "-keyout", "myserver3.key.pem",
|
|
|
"-subj", "/CN=myserver3", "-out", "myserver3.csr.pem")
|
|
|
run_command('gimmecert', 'server', '--csr', 'myserver3.csr.pem', 'myserver3')
|
|
|
|
|
|
run_command('gimmecert', 'client', 'myclient1')
|
|
|
run_command('gimmecert', 'client', 'myclient1', '-k', 'rsa:1024')
|
|
|
run_command('gimmecert', 'client', 'myclient2')
|
|
|
run_command("openssl", "req", "-new", "-newkey", "rsa:2048", "-nodes", "-keyout", "myclient3.key.pem",
|
|
|
"-subj", "/CN=myclient3", "-out", "myclient3.csr.pem")
|
|
@@ -108,14 +108,18 @@ def test_status_on_initialised_directory(tmpdir):
|
|
|
assert "Client certificates" in stdout
|
|
|
|
|
|
# John first has a look at information about the CA
|
|
|
# hierarchy. Hierarchy tree is presented using indentation. Each
|
|
|
# CA is listed with its full subject DN, as well as not before and
|
|
|
# not after dates. In addition, the final CA in chain is marked as
|
|
|
# end entity issuing CA.
|
|
|
# hierarchy. First thing he can see is information about the
|
|
|
# default key algorithm in use. This is followed by the hierarchy
|
|
|
# tree presented using indentation. Each CA is listed with its
|
|
|
# full subject DN, as well as not before and not after dates. In
|
|
|
# addition, the final CA in chain is marked as end entity issuing
|
|
|
# CA.
|
|
|
index_default_key_algorithm = stdout_lines.index("Default key algorithm: 2048-bit RSA") # Should not raise
|
|
|
index_ca_1 = stdout_lines.index("CN=My Project Level 1 CA") # Should not raise
|
|
|
index_ca_2 = stdout_lines.index("CN=My Project Level 2 CA") # Should not raise
|
|
|
index_ca_3 = stdout_lines.index("CN=My Project Level 3 CA [END ENTITY ISSUING CA]") # Should not raise
|
|
|
|
|
|
assert index_default_key_algorithm < index_ca_1
|
|
|
assert index_ca_1 < index_ca_2
|
|
|
assert index_ca_2 < index_ca_3
|
|
|
|
|
@@ -135,41 +139,49 @@ def test_status_on_initialised_directory(tmpdir):
|
|
|
# John then has a look at server certificates. These are presented
|
|
|
# in a list, and for each certificate is listed with subject DN,
|
|
|
# not before, not after, and included DNS names. Information for
|
|
|
# each server is followed by paths to private key and certificate.
|
|
|
# each server is followed by key algorithm information, and paths
|
|
|
# to private key and certificate.
|
|
|
index_myserver1 = stdout_lines.index("CN=myserver1") # Should not raise
|
|
|
index_myserver2 = stdout_lines.index("CN=myserver2") # Should not raise
|
|
|
index_myserver3 = stdout_lines.index("CN=myserver3") # Should not raise
|
|
|
|
|
|
assert stdout_lines[index_myserver1+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myserver1+2] == " DNS: myserver1"
|
|
|
assert stdout_lines[index_myserver1+3] == " Private key: .gimmecert/server/myserver1.key.pem"
|
|
|
assert stdout_lines[index_myserver1+4] == " Certificate: .gimmecert/server/myserver1.cert.pem"
|
|
|
assert stdout_lines[index_myserver1+3] == " Key algorithm: 1024-bit RSA"
|
|
|
assert stdout_lines[index_myserver1+4] == " Private key: .gimmecert/server/myserver1.key.pem"
|
|
|
assert stdout_lines[index_myserver1+5] == " Certificate: .gimmecert/server/myserver1.cert.pem"
|
|
|
|
|
|
assert stdout_lines[index_myserver2+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myserver2+2] == " DNS: myserver2, myservice.example.com, myotherservice.example.com"
|
|
|
assert stdout_lines[index_myserver2+3] == " Private key: .gimmecert/server/myserver2.key.pem"
|
|
|
assert stdout_lines[index_myserver2+4] == " Certificate: .gimmecert/server/myserver2.cert.pem"
|
|
|
assert stdout_lines[index_myserver2+3] == " Key algorithm: 2048-bit RSA"
|
|
|
assert stdout_lines[index_myserver2+4] == " Private key: .gimmecert/server/myserver2.key.pem"
|
|
|
assert stdout_lines[index_myserver2+5] == " Certificate: .gimmecert/server/myserver2.cert.pem"
|
|
|
|
|
|
assert stdout_lines[index_myserver3+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myserver3+2] == " DNS: myserver3"
|
|
|
assert stdout_lines[index_myserver3+3] == " CSR: .gimmecert/server/myserver3.csr.pem"
|
|
|
assert stdout_lines[index_myserver3+4] == " Certificate: .gimmecert/server/myserver3.cert.pem"
|
|
|
assert stdout_lines[index_myserver3+3] == " Key algorithm: 2048-bit RSA"
|
|
|
assert stdout_lines[index_myserver3+4] == " CSR: .gimmecert/server/myserver3.csr.pem"
|
|
|
assert stdout_lines[index_myserver3+5] == " Certificate: .gimmecert/server/myserver3.cert.pem"
|
|
|
|
|
|
# For client certificates, John can see that for each certificate
|
|
|
# he can see its subject DN and validity. Information for each
|
|
|
# server is followed by paths to private key and certificate.
|
|
|
# client is followed by key algorithm and paths to private key and
|
|
|
# certificate.
|
|
|
index_myclient1 = stdout_lines.index("CN=myclient1") # Should not raise
|
|
|
index_myclient2 = stdout_lines.index("CN=myclient2") # Should not raise
|
|
|
index_myclient3 = stdout_lines.index("CN=myclient3") # Should not raise
|
|
|
|
|
|
assert stdout_lines[index_myclient1+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myclient1+2] == " Private key: .gimmecert/client/myclient1.key.pem"
|
|
|
assert stdout_lines[index_myclient1+3] == " Certificate: .gimmecert/client/myclient1.cert.pem"
|
|
|
assert stdout_lines[index_myclient1+2] == " Key algorithm: 1024-bit RSA"
|
|
|
assert stdout_lines[index_myclient1+3] == " Private key: .gimmecert/client/myclient1.key.pem"
|
|
|
assert stdout_lines[index_myclient1+4] == " Certificate: .gimmecert/client/myclient1.cert.pem"
|
|
|
|
|
|
assert stdout_lines[index_myclient2+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myclient2+2] == " Private key: .gimmecert/client/myclient2.key.pem"
|
|
|
assert stdout_lines[index_myclient2+3] == " Certificate: .gimmecert/client/myclient2.cert.pem"
|
|
|
assert stdout_lines[index_myclient2+2] == " Key algorithm: 2048-bit RSA"
|
|
|
assert stdout_lines[index_myclient2+3] == " Private key: .gimmecert/client/myclient2.key.pem"
|
|
|
assert stdout_lines[index_myclient2+4] == " Certificate: .gimmecert/client/myclient2.cert.pem"
|
|
|
|
|
|
assert stdout_lines[index_myclient3+1].startswith(" Validity: ")
|
|
|
assert stdout_lines[index_myclient3+2] == " CSR: .gimmecert/client/myclient3.csr.pem"
|
|
|
assert stdout_lines[index_myclient3+3] == " Certificate: .gimmecert/client/myclient3.cert.pem"
|
|
|
assert stdout_lines[index_myclient3+2] == " Key algorithm: 2048-bit RSA"
|
|
|
assert stdout_lines[index_myclient3+3] == " CSR: .gimmecert/client/myclient3.csr.pem"
|
|
|
assert stdout_lines[index_myclient3+4] == " Certificate: .gimmecert/client/myclient3.cert.pem"
|