Skip to content

Commit

Permalink
Improve tests
Browse files Browse the repository at this point in the history
  • Loading branch information
dainnilsson committed Apr 24, 2024
1 parent bae1083 commit e834296
Show file tree
Hide file tree
Showing 29 changed files with 1,322 additions and 740 deletions.
44 changes: 44 additions & 0 deletions tests/device/cli/piv/conftest.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,53 @@
from yubikit.management import CAPABILITY
from ... import condition
from .util import DEFAULT_PIN, DEFAULT_PUK, DEFAULT_MANAGEMENT_KEY
from typing import NamedTuple
import pytest


@pytest.fixture(autouse=True)
@condition.capability(CAPABILITY.PIV)
def ensure_piv(ykman_cli):
ykman_cli("piv", "reset", "-f")


class Keys(NamedTuple):
pin: str
puk: str
mgmt: str


@pytest.fixture
def default_keys():
yield Keys(DEFAULT_PIN, DEFAULT_PUK, DEFAULT_MANAGEMENT_KEY)


@pytest.fixture
def keys(ykman_cli, info, default_keys):
if CAPABILITY.PIV in info.fips_capable:
new_keys = Keys(
"12345679",
"12345670",
"010203040506070801020304050607080102030405060709",
)

ykman_cli(
"piv", "access", "change-pin", "-P", default_keys.pin, "-n", new_keys.pin
)
ykman_cli(
"piv", "access", "change-puk", "-p", default_keys.puk, "-n", new_keys.puk
)
ykman_cli(
"piv",
"access",
"change-management-key",
"-m",
default_keys.mgmt,
"-n",
new_keys.mgmt,
"-f",
)

yield new_keys
else:
yield default_keys
162 changes: 81 additions & 81 deletions tests/device/cli/piv/test_generate_cert_and_csr.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec, rsa, padding
from .util import DEFAULT_PIN, DEFAULT_MANAGEMENT_KEY, NON_DEFAULT_MANAGEMENT_KEY
from .util import NON_DEFAULT_MANAGEMENT_KEY
from ... import condition
import pytest

Expand Down Expand Up @@ -33,20 +33,20 @@ def not_roca(version):

class TestNonDefaultMgmKey:
@pytest.fixture(autouse=True)
def set_mgmt_key(self, ykman_cli):
def set_mgmt_key(self, ykman_cli, keys):
ykman_cli(
"piv",
"access",
"change-management-key",
"-P",
DEFAULT_PIN,
keys.pin,
"-m",
DEFAULT_MANAGEMENT_KEY,
keys.mgmt,
"-n",
NON_DEFAULT_MANAGEMENT_KEY,
)

def _test_generate_self_signed(self, ykman_cli, slot, algo):
def _test_generate_self_signed(self, ykman_cli, keys, slot, algo):
pubkey_output = ykman_cli(
"piv",
"keys",
Expand All @@ -68,7 +68,7 @@ def _test_generate_self_signed(self, ykman_cli, slot, algo):
"-s",
"subject-" + algo,
"-P",
DEFAULT_PIN,
keys.pin,
"-",
input=pubkey_output,
)
Expand All @@ -82,37 +82,37 @@ def _test_generate_self_signed(self, ykman_cli, slot, algo):

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9a_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9a", "RSA1024")
def test_generate_self_signed_slot_9a_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9a", "RSA2048")

def test_generate_self_signed_slot_9a_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9a", "ECCP256")
def test_generate_self_signed_slot_9a_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9a", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9c_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9c", "RSA1024")
def test_generate_self_signed_slot_9c_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9c", "RSA2048")

def test_generate_self_signed_slot_9c_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9c", "ECCP256")
def test_generate_self_signed_slot_9c_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9c", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9d_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9d", "RSA1024")
def test_generate_self_signed_slot_9d_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9d", "RSA2048")

def test_generate_self_signed_slot_9d_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9d", "ECCP256")
def test_generate_self_signed_slot_9d_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9d", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9e_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9e", "RSA1024")
def test_generate_self_signed_slot_9e_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9e", "RSA2048")

def test_generate_self_signed_slot_9e_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9e", "ECCP256")
def test_generate_self_signed_slot_9e_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9e", "ECCP256")

def _test_generate_csr(self, ykman_cli, slot, algo):
def _test_generate_csr(self, ykman_cli, keys, slot, algo):
subject_input = "subject-" + algo
pubkey_output = ykman_cli(
"piv",
Expand All @@ -131,7 +131,7 @@ def _test_generate_csr(self, ykman_cli, slot, algo):
"request",
slot,
"-P",
DEFAULT_PIN,
keys.pin,
"-",
"-",
"-s",
Expand All @@ -147,62 +147,62 @@ def _test_generate_csr(self, ykman_cli, slot, algo):

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9a_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9a", "RSA1024")
def test_generate_csr_slot_9a_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9a", "RSA2048")

def test_generate_csr_slot_9a_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9a", "ECCP256")
def test_generate_csr_slot_9a_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9a", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9c_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9c", "RSA1024")
def test_generate_csr_slot_9c_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9c", "RSA2048")

def test_generate_csr_slot_9c_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9c", "ECCP256")
def test_generate_csr_slot_9c_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9c", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9d_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9d", "RSA1024")
def test_generate_csr_slot_9d_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9d", "RSA2048")

def test_generate_csr_slot_9d_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9d", "ECCP256")
def test_generate_csr_slot_9d_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9d", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9e_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9e", "RSA1024")
def test_generate_csr_slot_9e_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9e", "RSA2048")

def test_generate_csr_slot_9e_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9e", "ECCP256")
def test_generate_csr_slot_9e_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9e", "ECCP256")


class TestProtectedMgmKey:
@pytest.fixture(autouse=True)
def protect_mgmt_key(self, ykman_cli):
def protect_mgmt_key(self, ykman_cli, keys):
ykman_cli(
"piv",
"access",
"change-management-key",
"-p",
"-P",
DEFAULT_PIN,
keys.pin,
"-m",
DEFAULT_MANAGEMENT_KEY,
keys.mgmt,
)

def _test_generate_self_signed(self, ykman_cli, slot, algo):
def _test_generate_self_signed(self, ykman_cli, keys, slot, algo):
pubkey_output = ykman_cli(
"piv", "keys", "generate", slot, "-a", algo, "-P", DEFAULT_PIN, "-"
"piv", "keys", "generate", slot, "-a", algo, "-P", keys.pin, "-"
).output
ykman_cli(
"piv",
"certificates",
"generate",
slot,
"-P",
DEFAULT_PIN,
keys.pin,
"-s",
"subject-" + algo,
"-",
Expand All @@ -218,48 +218,48 @@ def _test_generate_self_signed(self, ykman_cli, slot, algo):

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9a_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9a", "RSA1024")
def test_generate_self_signed_slot_9a_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9a", "RSA2048")

def test_generate_self_signed_slot_9a_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9a", "ECCP256")
def test_generate_self_signed_slot_9a_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9a", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9c_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9c", "RSA1024")
def test_generate_self_signed_slot_9c_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9c", "RSA2048")

def test_generate_self_signed_slot_9c_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9c", "ECCP256")
def test_generate_self_signed_slot_9c_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9c", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9d_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9d", "RSA1024")
def test_generate_self_signed_slot_9d_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9d", "RSA2048")

def test_generate_self_signed_slot_9d_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9d", "ECCP256")
def test_generate_self_signed_slot_9d_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9d", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_self_signed_slot_9e_rsa1024(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9e", "RSA1024")
def test_generate_self_signed_slot_9e_rsa2048(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9e", "RSA2048")

def test_generate_self_signed_slot_9e_eccp256(self, ykman_cli):
self._test_generate_self_signed(ykman_cli, "9e", "ECCP256")
def test_generate_self_signed_slot_9e_eccp256(self, ykman_cli, keys):
self._test_generate_self_signed(ykman_cli, keys, "9e", "ECCP256")

def _test_generate_csr(self, ykman_cli, slot, algo):
def _test_generate_csr(self, ykman_cli, keys, slot, algo):
subject_input = "subject-" + algo
pubkey_output = ykman_cli(
"piv", "keys", "generate", slot, "-a", algo, "-P", DEFAULT_PIN, "-"
"piv", "keys", "generate", slot, "-a", algo, "-P", keys.pin, "-"
).output
csr_output = ykman_cli(
"piv",
"certificates",
"request",
slot,
"-P",
DEFAULT_PIN,
keys.pin,
"-",
"-",
"-s",
Expand All @@ -275,32 +275,32 @@ def _test_generate_csr(self, ykman_cli, slot, algo):

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9a_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9a", "RSA1024")
def test_generate_csr_slot_9a_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9a", "RSA2048")

def test_generate_csr_slot_9a_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9a", "ECCP256")
def test_generate_csr_slot_9a_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9a", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9c_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9c", "RSA1024")
def test_generate_csr_slot_9c_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9c", "RSA2048")

def test_generate_csr_slot_9c_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9c", "ECCP256")
def test_generate_csr_slot_9c_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9c", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9d_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9d", "RSA1024")
def test_generate_csr_slot_9d_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9d", "RSA2048")

def test_generate_csr_slot_9d_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9d", "ECCP256")
def test_generate_csr_slot_9d_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9d", "ECCP256")

@condition.yk4_fips(False)
@condition.check(not_roca)
def test_generate_csr_slot_9e_rsa1024(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9e", "RSA1024")
def test_generate_csr_slot_9e_rsa2048(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9e", "RSA2048")

def test_generate_csr_slot_9e_eccp256(self, ykman_cli):
self._test_generate_csr(ykman_cli, "9e", "ECCP256")
def test_generate_csr_slot_9e_eccp256(self, ykman_cli, keys):
self._test_generate_csr(ykman_cli, keys, "9e", "ECCP256")
Loading

0 comments on commit e834296

Please sign in to comment.