gimmecert File Diff

@@ -1489,62 +1489,104 @@ def test_renew_client_reads_csr_from_stdin(mock_read_input, sample_project_direc

    assert certificate.subject != key_with_csr.csr.subject

def test_server_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir):

@pytest.mark.parametrize("key_specification", [

    ("rsa", 1024),

    ("rsa", 2048),

    ("ecdsa", ec.SECP192R1),

    ("ecdsa", ec.SECP384R1),

])

def test_server_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir, key_specification):

    private_key_file = tmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 1024))

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, key_specification)

    gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myserver', None, None, None)

    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

    public_key = private_key.public_key()

    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

    assert private_key.key_size == 1024

    assert public_key_specification == key_specification

def test_server_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir):

@pytest.mark.parametrize("key_specification", [

    ("rsa", 1024),

    ("rsa", 2048),

    ("ecdsa", ec.SECP192R1),

    ("ecdsa", ec.SECP384R1),

])

def test_server_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir, key_specification):

    private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, ("rsa", 1024))

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, key_specification)

    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

    public_key = private_key.public_key()

    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

    assert private_key.key_size == 1024

    assert public_key_specification == key_specification

def test_client_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir):

@pytest.mark.parametrize("key_specification", [

    ("rsa", 1024),

    ("rsa", 2048),

    ("ecdsa", ec.SECP192R1),

    ("ecdsa", ec.SECP384R1),

])

def test_client_uses_same_private_key_algorithm_and_parameters_as_issuer_when_generating_private_key(tmpdir, key_specification):

    private_key_file = tmpdir.join('.gimmecert', 'client', 'myclient.key.pem')

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 1024))

    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, key_specification)

    gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, 'myclient', None, None)

    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

    public_key = private_key.public_key()

    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

    assert private_key.key_size == 1024

    assert public_key_specification == key_specification

    assert public_key_specification == key_specification

def test_client_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir):

@pytest.mark.parametrize("key_specification", [

    ("rsa", 1024),

    ("rsa", 2048),

    ("ecdsa", ec.SECP192R1),

    ("ecdsa", ec.SECP384R1),

])

def test_client_uses_passed_in_private_key_algorithm_and_parameters_when_generating_private_key(gctmpdir, key_specification):

    private_key_file = gctmpdir.join('.gimmecert', 'client', 'myclient.key.pem')

    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', None, ("rsa", 1024))

    gimmecert.commands.client(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myclient', None, key_specification)

    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

    public_key = private_key.public_key()

    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

    assert private_key.key_size == 1024

    assert public_key_specification == key_specification

def test_renew_generates_new_private_key_with_different_size_if_requested(gctmpdir):

@pytest.mark.parametrize("key_specification", [

    ("rsa", 1024),

    ("rsa", 3072),

    ("ecdsa", ec.SECP192R1),

    ("ecdsa", ec.SECP384R1),

])

def test_renew_generates_new_private_key_with_passed_in_algorithm_if_requested(gctmpdir, key_specification):

    private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem')

    # Should produce 2048-bit RSA key (default from hierarchy).

    gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None)

    gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, ("rsa", 1024))

    private_key_size_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).key_size

    gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, key_specification)

    private_key = gimmecert.storage.read_private_key(private_key_file.strpath)

    public_key = private_key.public_key()

    public_key_specification = gimmecert.crypto.key_specification_from_public_key(public_key)

    assert private_key_size_after_renewal == 1024

    assert public_key_specification == key_specification

@pytest.mark.parametrize("key_specification", [