Files
@ f2df385b1493
Branch filter:
Location: gimmecert/functional_tests/test_init.py
f2df385b1493
6.9 KiB
text/x-python
GC-3: Added ability to provide custom CA base name to init command:
- Added functional test to cover the new scenario (providing CA base
name).
- Updated init command to accept the CA base name to be used when
constructing the CA subject DN.
- Updated the existing tests to pass-in the CA base name explicitly.
- Updated the CLI code to allow for user to pass-in the CA base name
via option (both short and long form available).
- Added functional test to cover the new scenario (providing CA base
name).
- Updated init command to accept the CA base name to be used when
constructing the CA subject DN.
- Updated the existing tests to pass-in the CA base name explicitly.
- Updated the CLI code to allow for user to pass-in the CA base name
via option (both short and long form available).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 | # -*- coding: utf-8 -*-
#
# Copyright (C) 2018 Branko Majic
#
# This file is part of Gimmecert.
#
# Gimmecert is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option) any
# later version.
#
# Gimmecert is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# Gimmecert. If not, see <http://www.gnu.org/licenses/>.
#
from .base import run_command
def test_init_command_available_with_help():
# John has decided it is time to try out the tool. He starts off
# by running the short usage help.
stdout, stderr, returncode = run_command("gimmecert", "-h")
# Looking at output, John notices the init command.
assert returncode == 0
assert stderr == ""
assert 'init' in stdout
# John decides to look at a more detailed description of this
# command before proceeding.
stdout, stderr, returncode = run_command("gimmecert", "init", "-h")
# John notices that this command has some useful usage
# instructions, which allows him to study the available arguments.
assert returncode == 0
assert stderr == ""
assert stdout.startswith("usage: gimmecert init")
def test_initialisation_on_fresh_directory(tmpdir):
# After reading the help, John decides it's time to initialise the
# CA hierarchy so he can use it for issuing server and client
# certificates in his project.
# John switches to his project directory.
tmpdir.chdir()
# He runs the initialisation command.
stdout, stderr, exit_code = run_command('gimmecert', 'init')
# The tool exits without any errors, and shows some informative
# text to John that the directory has been initialised.
assert exit_code == 0
assert stderr == ""
assert "CA hierarchy initialised" in stdout
# The tool also points John to generated key and certificate material.
assert ".gimmecert/ca/level1.key.pem" in stdout
assert ".gimmecert/ca/level1.cert.pem" in stdout
assert ".gimmecert/ca/chain-full.cert.pem" in stdout
# Happy that he didn't have to enter long commands, John inspects
# the CA key first using the OpenSSL CLI.
stdout, stderr, exit_code = run_command('openssl', 'rsa', '-noout', '-text', '-in', '.gimmecert/ca/level1.key.pem')
# No errors are reported, and John is able ot see some details
# about the generated key.
assert exit_code == 0
assert stderr == ""
assert "Private-Key: (2048 bit)" in stdout
# John then has a look at the generated certificate file.
stdout, stderr, exit_code = run_command('openssl', 'x509', '-noout', '-text', '-in', '.gimmecert/ca/level1.cert.pem')
# With no errors again, he can see some of the details in
# certificate.
assert 'Certificate:' in stdout
# John runs reads the issuer and subject DN stored in certificate.
issuer_dn, _, _ = run_command('openssl', 'x509', '-noout', '-issuer', '-in', '.gimmecert/ca/level1.cert.pem')
subject_dn, _, _ = run_command('openssl', 'x509', '-noout', '-subject', '-in', '.gimmecert/ca/level1.cert.pem')
issuer_dn = issuer_dn.replace('issuer=', '', 1)
subject_dn = subject_dn.replace('subject=', '', 1)
# He notices that the issuer and subject DN are identical (since
# it's a root CA certificate), and can also see that the subject
# DN has just the CN with working directory's name in it.
assert issuer_dn == subject_dn
assert subject_dn.rstrip() == 'CN = %s Level 1' % tmpdir.basename
# John has a quick look at generated certificate and chain, only
# to realise they are identical.
with open(".gimmecert/ca/level1.cert.pem") as cert_file, open(".gimmecert/ca/chain-full.cert.pem") as chain_file:
assert cert_file.read() == chain_file.read()
def test_initialisation_on_existing_directory(tmpdir):
# After a wild weekend out, John comes back to the office on
# Monday morning, still a bit hangover. Back on Friday, John has
# already initialised the CA hierarchy for one of his projects.
tmpdir.chdir()
run_command('gimmecert', 'init')
# Unfortunately, John has forgot that he has done so. Therefore he
# switches to his project directory and runs the command again.
tmpdir.chdir()
stdout, stderr, exit_code = run_command('gimmecert', 'init')
# Instead of viewing information about his CA hierarchy
# initialised, John is (somewhat pleasantly) surprised to see that
# the tool has informed him the initialisation has already been
# run.
assert exit_code == 0
assert stderr == ""
assert "CA hierarchy has already been initialised." in stdout
def test_initialisation_with_custom_base_name(tmpdir):
# John has been using the tool for a while now in a number of test
# environments. Unfortunately, he has started to mix-up
# certificates coming from different envioronments where the
# project directories have the same name. What he would like to do
# is to be able to specify the base name explicitly, instead of
# letting the tool pick it for him.
# John decides to check the command help from CLI.
stdout, _, _ = run_command('gimmecert', 'init', '-h')
# Amongst the different options, he notices one in particular that
# draws his attention. The option seems to be usable for
# specifying the base name for the CAs - exactly what he needed.
assert "--ca-base-name" in stdout
assert "-b" in stdout
# John switches to his project directory.
tmpdir.chdir()
# This time around he runs the command using the newly-found
# option.
stdout, stderr, exit_code = run_command('gimmecert', 'init', '--ca-base-name', 'My Project')
# Command finishes execution with success, and he is informed that
# his CA hierarchy has been initialised..
assert exit_code == 0
assert stderr == ""
assert "CA hierarchy initialised." in stdout
# Just before he starts using the CA certificates further, he
# decides to double-check the results. He runs a couple of
# commands to get the issuer and subject DN from generated
# certificate.
issuer_dn, _, _ = run_command('openssl', 'x509', '-noout', '-issuer', '-in', '.gimmecert/ca/level1.cert.pem')
subject_dn, _, _ = run_command('openssl', 'x509', '-noout', '-subject', '-in', '.gimmecert/ca/level1.cert.pem')
issuer_dn = issuer_dn.replace('issuer=', '', 1)
subject_dn = subject_dn.replace('subject=', '', 1)
# To his delight, both the issuer and subject DN are identical,
# and now they are based on his custom-provided name instead of
# project name.
assert issuer_dn.rstrip() == subject_dn.rstrip() == "CN = My Project Level 1"
assert tmpdir.basename not in issuer_dn
|