Files @ 5e176c2a3067
Branch filter:

Location: gimmecert/tests/conftest.py

5e176c2a3067 8.4 KiB text/x-python Show Annotation Show as Raw Download as Raw
branko
GC-37: Parametrise a couple of storage test functions to cover ECDSA as well.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# -*- coding: utf-8 -*-
#
# Copyright (C) 2018 Branko Majic
#
# This file is part of Gimmecert.
#
# Gimmecert is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option) any
# later version.
#
# Gimmecert is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# Gimmecert.  If not, see <http://www.gnu.org/licenses/>.
#


import collections
import io

import gimmecert
import gimmecert.crypto
import gimmecert.storage

import pytest


@pytest.fixture
def key_with_csr(tmpdir):
    """
    Fixture that generates a private key and CSR within tmpdir, and
    provides information about them.

    The following artefacts are generated in the directory:

        - custom_csr/mycustom.key.pem (private key in OpenSSL-style PEM format)
        - custom_csr/mycustom.csr.pem (CSR in OpenSSL-style PEM format)

    :param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
    :type tmpdir: py.path.local

    :returns: Named tuple that describes the generated private key and CSR. The following properties are made available:
      private_key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) - private key object.
      private_key_path (str) - path to generated private key.
      private_key_pem (str) - private key in OpenSSL-style PEM format.
      csr (cryptography.x509.CertificateSigningRequest) - CSR object.
      csr_path (str) - path to generated CSR.
      csr_pem (str) - CSR in OpenSSL-style PEM format.
    :rtype: collections.namedtuple
    """

    # Convenience named tuple for accessing generated artefacts.
    TestKeyWithCSR = collections.namedtuple('TestKeyWithCSR', 'private_key, private_key_path, private_key_pem, csr, csr_path, csr_pem')

    # Set-up directory for holding custom CSRs.
    custom_csr_dir = tmpdir.ensure('custom_csr', dir=True)

    # Set-up naming and some files.
    name = "mycustom"
    private_key_file = custom_csr_dir.join("%s.key.pem" % name)
    csr_file = custom_csr_dir.join("%s.csr.pem" % name)

    # Generate private key and CSR, and output them.
    private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
    csr = gimmecert.crypto.generate_csr(name, private_key)

    gimmecert.storage.write_private_key(private_key, private_key_file.strpath)
    gimmecert.storage.write_csr(csr, csr_file.strpath)

    private_key_pem = private_key_file.read()
    csr_pem = csr_file.read()

    return TestKeyWithCSR(private_key, private_key_file.strpath, private_key_pem, csr, csr_file.strpath, csr_pem)


@pytest.fixture
def sample_project_directory(tmpdir):
    """
    Fixture that initialises a sample Gimmecert project within tmpdir,
    and issues a couple of client and server certificates using
    different methods (internal private key generation + issuance via
    CSR).

    Initialised CA hierarchy is 1 level deep, with basename used being
    identical to temporary directory base name, and it uses 2048-bit
    RSA keys.

    The following server certificates are issued:

        - server-with-csr-1 (server certificate, issued using custom CSR)
        - server-with-csr-2 (server certificate, issued using custom CSR)
        - server-with-privkey-1 (server certificate, Gimmecert-generated private key)
        - server-with-privkey-2 (server certificate, Gimmecert-generated private key)
        - client-with-csr-1 (client certificate, issued using custom CSR)
        - client-with-csr-2 (client certificate, issued using custom CSR)
        - client-with-privkey-1 (client certificate, Gimmecert-generated private key)
        - client-with-privkey-2 (client certificate, Gimmecert-generated private key)

    The following artefacts are created "external" to Gimmecert
    standard usage, mainly for the purpose of issuing certificates
    using CSR:

        - custom_csr/server-with-csr-1.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing server-with-csr-1 certificate)
        - custom_csr/server-with-csr-1.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-1 certificate)
        - custom_csr/server-with-csr-2.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing server-with-csr-2 certificate)
        - custom_csr/server-with-csr-2.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-2 certificate)
        - custom_csr/client-with-csr-1.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing client-with-csr-1 certificate)
        - custom_csr/client-with-csr-1.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-1 certificate)
        - custom_csr/client-with-csr-2.key.pem (private key in OpenSSL-style PEM format, generated for creating CSR for issuing client-with-csr-2 certificate)
        - custom_csr/client-with-csr-2.csr.pem (CSR in OpenSSL-style PEM format, used for issuing sever-with-csr-2 certificate)

    :param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
    :type tmpdir: py.path.local

    :returs: Parent directory where Gimmecert has been initialised. Essentially the tmpdir fixture.
    :rtype: py.path.local
    """

    # Total amount of each type certificate to issue.
    per_type_count = 2

    # Set-up directory for holding custom CSRs.
    custom_csr_dir = tmpdir.ensure('custom_csr', dir=True)

    # Set-up some custom CSRs.
    for i in range(1, per_type_count + 1):
        # Used in generated samples.
        name = "server-with-csr-%d" % i
        private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
        csr = gimmecert.crypto.generate_csr(name, private_key)
        gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)
        gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)

        # Used in generated samples.
        name = "client-with-csr-%d" % i
        private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
        csr = gimmecert.crypto.generate_csr(name, private_key)
        gimmecert.storage.write_private_key(private_key, custom_csr_dir.join("%s.key.pem" % name).strpath)
        gimmecert.storage.write_csr(csr, custom_csr_dir.join("%s.csr.pem" % name).strpath)

    # Initialise one-level deep hierarchy.
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048))

    # Issue a bunch of certificates.
    for i in range(1, per_type_count + 1):
        entity_name = "server-with-privkey-%d" % i
        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, None, None)

        entity_name = "server-with-csr-%d" % i
        custom_csr_path = custom_csr_dir.join("server-with-csr-%d.csr.pem" % i).strpath
        gimmecert.commands.server(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, custom_csr_path, None)

        entity_name = "client-with-privkey-%d" % i
        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, None, None)

        entity_name = "client-with-csr-%d" % i
        custom_csr_path = custom_csr_dir.join("client-with-csr-%d.csr.pem" % i).strpath
        gimmecert.commands.client(io.StringIO(), io.StringIO(), tmpdir.strpath, entity_name, custom_csr_path, None)

    return tmpdir


@pytest.fixture
def gctmpdir(tmpdir):
    """
    Fixture that initialises Gimmecert project within tmpdir with a
    simple CA hierarchy.

    Initialised CA hierarchy is 1 level deep, with basename used being
    identical to temporary directory base name, and it uses 2048-bit
    RSA keys.

    The fixture is useful in testing of commands where the CA
    hierarchy does not matter (almost anything except init/status
    commands).

    :param tmpdir: Temporary directory (normally pytest tmpdir fixture) created for running the test.
    :type tmpdir: py.path.local

    :returs: Parent directory where Gimmecert has been initialised. Essentially the tmpdir fixture.
    :rtype: py.path.local
    """

    # Initialise one-level deep hierarchy.
    gimmecert.commands.init(io.StringIO(), io.StringIO(), tmpdir.strpath, tmpdir.basename, 1, ("rsa", 2048))

    return tmpdir
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.