diff --git a/tests/test_crypto.py b/tests/test_crypto.py new file mode 100644 index 0000000000000000000000000000000000000000..85139c40c0d3df70820fb870e367de8cbf9551ec --- /dev/null +++ b/tests/test_crypto.py @@ -0,0 +1,102 @@ +# -*- coding: utf-8 -*- +# +# Copyright (C) 2018 Branko Majic +# +# This file is part of Gimmecert. +# +# Gimmecert is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) any +# later version. +# +# Gimmecert is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# Gimmecert. If not, see . +# + + +import datetime + +import cryptography.hazmat.primitives.asymmetric.rsa +from dateutil.relativedelta import relativedelta + +import gimmecert.crypto + +from freezegun import freeze_time + + +def test_generate_private_key_returns_private_key(): + private_key = gimmecert.crypto.generate_private_key() + + assert isinstance(private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) + + +def test_get_dn(): + dn = gimmecert.crypto.get_dn('My test') + assert isinstance(dn, cryptography.x509.Name) + assert len(dn) == 1 + assert isinstance(list(dn)[0], cryptography.x509.NameAttribute) + assert list(dn)[0].oid == cryptography.x509.oid.NameOID.COMMON_NAME + assert list(dn)[0].value == 'My test' + + +def test_get_validity_range_returns_datetime_tuple(): + not_before, not_after = gimmecert.crypto.get_validity_range() + + assert isinstance(not_before, datetime.datetime) + assert isinstance(not_after, datetime.datetime) + + +@freeze_time('2018-01-01 00:15:00') +def test_get_validity_range_not_before_is_within_15_minutes_of_now(): + not_before, _ = gimmecert.crypto.get_validity_range() + + assert not_before == datetime.datetime(2018, 1, 1, 0, 0) + + +@freeze_time('2018-01-01 00:15:00') +def test_get_validity_range_is_one_year_and_15_minutes(): + not_before, not_after = gimmecert.crypto.get_validity_range() + difference = relativedelta(not_after, not_before) + + assert difference == relativedelta(years=1, minutes=15) + + +@freeze_time('2018-01-01 00:15:00.100') +def test_get_validity_range_drops_microseconds(): + not_before, not_after = gimmecert.crypto.get_validity_range() + + assert not_before.microsecond == 0 + assert not_after.microsecond == 0 + + +def test_issue_certificate_returns_certificate(): + + issuer_dn = gimmecert.crypto.get_dn('My test 1') + subject_dn = gimmecert.crypto.get_dn('My test 2') + issuer_private_key = gimmecert.crypto.generate_private_key() + subject_private_key = gimmecert.crypto.generate_private_key() + not_before, not_after = gimmecert.crypto.get_validity_range() + + certificate = gimmecert.crypto.issue_certificate(issuer_dn, subject_dn, issuer_private_key, subject_private_key.public_key(), not_before, not_after) + + assert isinstance(certificate, cryptography.x509.Certificate) + + +def test_issue_certificate_has_correct_content(): + issuer_dn = gimmecert.crypto.get_dn('My test 1') + subject_dn = gimmecert.crypto.get_dn('My test 2') + issuer_private_key = gimmecert.crypto.generate_private_key() + subject_private_key = gimmecert.crypto.generate_private_key() + not_before, not_after = gimmecert.crypto.get_validity_range() + + certificate = gimmecert.crypto.issue_certificate(issuer_dn, subject_dn, issuer_private_key, subject_private_key.public_key(), not_before, not_after) + + assert certificate.issuer == issuer_dn + assert certificate.subject == subject_dn + assert certificate.not_valid_before == not_before + assert certificate.not_valid_after == not_after