gimmecert File Diff

@@ -25,6 +25,8 @@ import sys

import gimmecert.cli

import gimmecert.decorators

import cryptography.hazmat.primitives.asymmetric.ec

import pytest

from unittest import mock

@@ -224,10 +226,24 @@ VALID_CLI_INVOCATIONS = [

    ("gimmecert.cli.init", ["gimmecert", "init", "--ca-hierarchy-depth", "3"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-d", "3"]),

    # init, key specification long and short option

    # init, RSA key specification long and short option

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "rsa:4096"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa:4096"]),

    # init, ECDSA key specification long and short option

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp192r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp192r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp224r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp224r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp256k1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp256k1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp256r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp256r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp384r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp384r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp521r1"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp521r1"]),

    # server, no options

    ("gimmecert.cli.server", ["gimmecert", "server", "myserver"]),

@@ -330,7 +346,9 @@ INVALID_CLI_INVOCATIONS = [

    # init, invalid key specification

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa:not_a_number"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "unsupported:algorithm"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:not_a_valid_curve"]),

    ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:BrainpoolP256R1"]),  # Not supported by Gimmecert in spite of being available in Cryptography.

    # server, invalid key specification

    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa", "myserver"]),

@@ -739,6 +757,9 @@ def test_renew_command_fails_if_both_new_private_key_and_csr_options_are_specifi

    "rsa",

    "rsa:not_a_number",

    "unsupported:algorithm",

    "ecdsa",

    "ecdsa:not_a_valid_curve",

    "ecdsa:BrainpoolP256R1",

])

def test_key_specification_raises_exception_for_invalid_specification(key_specification):

@@ -752,6 +773,15 @@ def test_key_specification_raises_exception_for_invalid_specification(key_specif

    ("rsa:1024", ("rsa", 1024)),

    ("rsa:2048", ("rsa", 2048)),

    ("rsa:4096", ("rsa", 4096)),

    ("RSA:4096", ("rsa", 4096)),  # Should ignore case.

    ("RSa:4096", ("rsa", 4096)),  # Should ignore case.

    ("ecdsa:secp192r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP192R1)),

    ("ecdsa:secp224r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP224R1)),

    ("ecdsa:secp256k1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP256K1)),

    ("ecdsa:secp384r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP384R1)),

    ("ecdsa:secp521r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)),

    ("EcDSa:secp521r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)),  # Should ignore case.

    ("EcDSa:sEcP521R1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)),  # Should ignore case.

])

def test_key_specification_returns_algorithm_and_parameters_for_valid_specification(key_specification, expected_return_value):