diff --git a/tests/test_crypto.py b/tests/test_crypto.py index f5062aaa319ac66d9020c0453c4b3dfb755cf98a..28eeeaec21772e09c26a8d5c18ea9e1aed43bd72 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -108,7 +108,7 @@ def test_generate_ca_hierarchy_returns_list_with_3_elements_for_depth_3(): base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) assert isinstance(hierarchy, list) assert len(hierarchy) == depth @@ -118,7 +118,7 @@ def test_generate_ca_hierarchy_returns_list_with_1_element_for_depth_1(): base_name = 'My Project' depth = 1 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) assert isinstance(hierarchy, list) assert len(hierarchy) == depth @@ -128,7 +128,7 @@ def test_generate_ca_hierarchy_returns_list_of_private_key_certificate_pairs(): base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) for private_key, certificate in hierarchy: assert isinstance(private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) @@ -138,7 +138,7 @@ def test_generate_ca_hierarchy_returns_list_of_private_key_certificate_pairs(): def test_generate_ca_hierarchy_subject_dns_have_correct_value(): base_name = 'My Project' depth = 3 - key_generator = gimmecert.crypto.KeyGenerator("rsa:2048") + key_generator = gimmecert.crypto.KeyGenerator("rsa", 2048) level1, level2, level3 = [certificate for _, certificate in gimmecert.crypto.generate_ca_hierarchy(base_name, depth, key_generator)] @@ -151,7 +151,7 @@ def test_generate_ca_hierarchy_issuer_dns_have_correct_value(): base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) level1_key, level1_certificate = hierarchy[0] level2_key, level2_certificate = hierarchy[1] @@ -166,7 +166,7 @@ def test_generate_ca_hierarchy_private_keys_match_with_public_keys_in_certificat base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) level1_private_key, level1_certificate = hierarchy[0] level2_private_key, level2_certificate = hierarchy[1] @@ -181,7 +181,7 @@ def test_generate_ca_hierarchy_cas_have_differing_keys(): base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) level1_private_key, _ = hierarchy[0] level2_private_key, _ = hierarchy[1] @@ -200,7 +200,7 @@ def test_generate_ca_hierarchy_certificates_have_same_validity(): base_name = 'My Project' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) _, level1_certificate = hierarchy[0] _, level2_certificate = hierarchy[1] @@ -250,7 +250,7 @@ def test_generate_ca_hierarchy_produces_certificates_with_ca_basic_constraints() base_name = 'My test' depth = 3 - hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa:2048")) + hierarchy = gimmecert.crypto.generate_ca_hierarchy(base_name, depth, gimmecert.crypto.KeyGenerator("rsa", 2048)) for _, certificate in hierarchy: stored_extension = certificate.extensions.get_extension_for_class(cryptography.x509.BasicConstraints) @@ -263,7 +263,7 @@ def test_generate_ca_hierarchy_produces_certificates_with_ca_basic_constraints() def test_issue_server_certificate_returns_certificate(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -274,7 +274,7 @@ def test_issue_server_certificate_returns_certificate(): def test_issue_server_certificate_sets_correct_extensions(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -319,7 +319,7 @@ def test_issue_server_certificate_sets_correct_extensions(): def test_issue_server_certificate_has_correct_issuer_and_subject(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[3] private_key = gimmecert.crypto.generate_private_key() @@ -331,7 +331,7 @@ def test_issue_server_certificate_has_correct_issuer_and_subject(): def test_issue_server_certificate_has_correct_public_key(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -343,7 +343,7 @@ def test_issue_server_certificate_has_correct_public_key(): @freeze_time('2018-01-01 00:15:00') def test_issue_server_certificate_not_before_is_15_minutes_in_past(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -355,7 +355,7 @@ def test_issue_server_certificate_not_before_is_15_minutes_in_past(): def test_issue_server_certificate_not_before_does_not_exceed_ca_validity(): with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -369,7 +369,7 @@ def test_issue_server_certificate_not_before_does_not_exceed_ca_validity(): def test_issue_server_certificate_not_after_does_not_exceed_ca_validity(): with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -382,7 +382,7 @@ def test_issue_server_certificate_not_after_does_not_exceed_ca_validity(): def test_issue_server_certificate_incorporates_additional_dns_subject_alternative_names(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -403,7 +403,7 @@ def test_issue_server_certificate_incorporates_additional_dns_subject_alternativ def test_issue_client_certificate_returns_certificate(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -414,7 +414,7 @@ def test_issue_client_certificate_returns_certificate(): def test_issue_client_certificate_has_correct_issuer_and_subject(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[3] private_key = gimmecert.crypto.generate_private_key() @@ -426,7 +426,7 @@ def test_issue_client_certificate_has_correct_issuer_and_subject(): def test_issue_client_certificate_sets_correct_extensions(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -463,7 +463,7 @@ def test_issue_client_certificate_sets_correct_extensions(): def test_issue_client_certificate_has_correct_public_key(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -475,7 +475,7 @@ def test_issue_client_certificate_has_correct_public_key(): @freeze_time('2018-01-01 00:15:00') def test_issue_client_certificate_not_before_is_15_minutes_in_past(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -487,7 +487,7 @@ def test_issue_client_certificate_not_before_is_15_minutes_in_past(): def test_issue_client_certificate_not_before_does_not_exceed_ca_validity(): with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -501,7 +501,7 @@ def test_issue_client_certificate_not_before_does_not_exceed_ca_validity(): def test_issue_client_certificate_not_after_does_not_exceed_ca_validity(): with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] @@ -514,7 +514,7 @@ def test_issue_client_certificate_not_after_does_not_exceed_ca_validity(): def test_renew_certificate_returns_certificate(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -526,7 +526,7 @@ def test_renew_certificate_returns_certificate(): def test_renew_certificate_has_correct_content(): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -546,7 +546,7 @@ def test_renew_certificate_not_before_is_15_minutes_in_past(): # Initial server certificate. with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -563,7 +563,7 @@ def test_renew_certificate_not_before_does_not_exceed_ca_validity(): # Initial server certificate. with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -580,7 +580,7 @@ def test_renew_certificate_not_after_does_not_exceed_ca_validity(): # Initial server certificate. with freeze_time('2018-01-01 00:15:00'): - ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa:2048")) + ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1, gimmecert.crypto.KeyGenerator("rsa", 2048)) issuer_private_key, issuer_certificate = ca_hierarchy[0] private_key = gimmecert.crypto.generate_private_key() @@ -618,67 +618,31 @@ def test_generate_csr_returns_csr_with_passed_in_name(): assert csr.subject == expected_subject_dn -@pytest.mark.parametrize("key_specification", [ - "", - "rsa", - "rsa:not_a_number", - "unsupported:algorithm", +@pytest.mark.parametrize("algorithm, parameters, string_representation", [ + ("rsa", 1024, "1024-bit RSA"), + ("rsa", 2048, "2048-bit RSA"), + ("rsa", 4096, "4096-bit RSA"), ]) -def test_KeyGenerator_raises_exception_for_invalid_specification(key_specification): +def test_KeyGenerator_string_representation(algorithm, parameters, string_representation): - with pytest.raises(ValueError) as e_info: - gimmecert.crypto.KeyGenerator(key_specification) - - assert str(e_info.value) == "Invalid key specification: '%s'" % key_specification - - -@pytest.mark.parametrize("key_specification", [ - "rsa:1024", - "rsa:2048", - "rsa:4096", -]) -def test_KeyGenerator_accepts_valid_specifications(key_specification): - - gimmecert.crypto.KeyGenerator(key_specification) # should not raise - - -def test_KeyGenerator_stores_specification(): - - key_generator = gimmecert.crypto.KeyGenerator("rsa:2048") - - assert key_generator._algorithm == "rsa" - assert key_generator._parameters == 2048 - - -@pytest.mark.parametrize("key_specification, string_representation", [ - ("rsa:1024", "1024-bit RSA"), - ("rsa:2048", "2048-bit RSA"), - ("rsa:4096", "4096-bit RSA"), -]) -def test_KeyGenerator_string_representation(key_specification, string_representation): - - key_generator = gimmecert.crypto.KeyGenerator(key_specification) + key_generator = gimmecert.crypto.KeyGenerator(algorithm, parameters) assert str(key_generator) == string_representation -def test_KeyGenerator_instance_returns_rsa_private_key(): - - key_generator_1 = gimmecert.crypto.KeyGenerator("rsa:1024") - key_generator_2 = gimmecert.crypto.KeyGenerator("rsa:2048") +@pytest.mark.parametrize("key_size", [1024, 2048, 4096]) +def test_KeyGenerator_instance_returns_rsa_private_key_of_correct_size(key_size): - private_key_1 = key_generator_1() - private_key_2 = key_generator_2() + key_generator = gimmecert.crypto.KeyGenerator("rsa", key_size) - assert isinstance(private_key_1, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) - assert isinstance(private_key_2, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) + private_key = key_generator() - assert private_key_1.key_size == 1024 - assert private_key_2.key_size == 2048 + assert isinstance(private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) + assert private_key.key_size == key_size @pytest.mark.parametrize("key_generator, expected_bit_size", [ - (gimmecert.crypto.KeyGenerator("rsa:1024"), 1024), - (gimmecert.crypto.KeyGenerator("rsa:2048"), 2048), + (gimmecert.crypto.KeyGenerator("rsa", 1024), 1024), + (gimmecert.crypto.KeyGenerator("rsa", 2048), 2048), ]) def test_generate_ca_hierarchy_uses_correct_rsa_bit_size(key_generator, expected_bit_size): base_name = "My Test"