diff --git a/tests/test_cli.py b/tests/test_cli.py index 12992016ef5609cc5c6399d281d8471e7e7b6dc8..6f7172dee1009827cc38d8800f42b44d1c79797c 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -25,6 +25,8 @@ import sys import gimmecert.cli import gimmecert.decorators +import cryptography.hazmat.primitives.asymmetric.ec + import pytest from unittest import mock @@ -224,10 +226,24 @@ VALID_CLI_INVOCATIONS = [ ("gimmecert.cli.init", ["gimmecert", "init", "--ca-hierarchy-depth", "3"]), ("gimmecert.cli.init", ["gimmecert", "init", "-d", "3"]), - # init, key specification long and short option + # init, RSA key specification long and short option ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "rsa:4096"]), ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa:4096"]), + # init, ECDSA key specification long and short option + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp192r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp192r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp224r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp224r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp256k1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp256k1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp256r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp256r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp384r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp384r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "--key-specification", "ecdsa:secp521r1"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:secp521r1"]), + # server, no options ("gimmecert.cli.server", ["gimmecert", "server", "myserver"]), @@ -330,7 +346,9 @@ INVALID_CLI_INVOCATIONS = [ # init, invalid key specification ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa"]), ("gimmecert.cli.init", ["gimmecert", "init", "-k", "rsa:not_a_number"]), - ("gimmecert.cli.init", ["gimmecert", "init", "-k", "unsupported:algorithm"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:not_a_valid_curve"]), + ("gimmecert.cli.init", ["gimmecert", "init", "-k", "ecdsa:BrainpoolP256R1"]), # Not supported by Gimmecert in spite of being available in Cryptography. # server, invalid key specification ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa", "myserver"]), @@ -739,6 +757,9 @@ def test_renew_command_fails_if_both_new_private_key_and_csr_options_are_specifi "rsa", "rsa:not_a_number", "unsupported:algorithm", + "ecdsa", + "ecdsa:not_a_valid_curve", + "ecdsa:BrainpoolP256R1", ]) def test_key_specification_raises_exception_for_invalid_specification(key_specification): @@ -752,6 +773,15 @@ def test_key_specification_raises_exception_for_invalid_specification(key_specif ("rsa:1024", ("rsa", 1024)), ("rsa:2048", ("rsa", 2048)), ("rsa:4096", ("rsa", 4096)), + ("RSA:4096", ("rsa", 4096)), # Should ignore case. + ("RSa:4096", ("rsa", 4096)), # Should ignore case. + ("ecdsa:secp192r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP192R1)), + ("ecdsa:secp224r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP224R1)), + ("ecdsa:secp256k1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP256K1)), + ("ecdsa:secp384r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP384R1)), + ("ecdsa:secp521r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)), + ("EcDSa:secp521r1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)), # Should ignore case. + ("EcDSa:sEcP521R1", ("ecdsa", cryptography.hazmat.primitives.asymmetric.ec.SECP521R1)), # Should ignore case. ]) def test_key_specification_returns_algorithm_and_parameters_for_valid_specification(key_specification, expected_return_value):