diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/catlfish.erl | 31 | ||||
-rw-r--r-- | src/catlfish.hrl | 4 | ||||
-rw-r--r-- | src/catlfish_app.erl | 10 | ||||
-rw-r--r-- | src/x509.erl | 15 |
4 files changed, 32 insertions, 28 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 83ca3db..765a8a6 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -4,8 +4,8 @@ -module(catlfish). -export([add_chain/2, entries/2, entry_and_proof/2]). -export([known_roots/0, update_known_roots/0]). +-export([init_cache_table/0]). -include_lib("eunit/include/eunit.hrl"). --include("catlfish.hrl"). -define(PROTOCOL_VERSION, 0). @@ -133,6 +133,14 @@ entry_and_proof(Index, TreeSize) -> {error_message, list_to_binary(Msg)}]} end. +-define(CACHE_TABLE, catlfish_cache). +init_cache_table() -> + case ets:info(?CACHE_TABLE) of + undefined -> ok; + _ -> ets:delete(?CACHE_TABLE) + end, + ets:new(?CACHE_TABLE, [set, public, named_table]). + %% Private functions. unpack_entry(Entry) -> <<Timestamp:64, LogEntry/binary>> = Entry, @@ -183,28 +191,30 @@ known_roots(Directory, CacheUsage) -> use_cache -> case ets:lookup(?CACHE_TABLE, ?ROOTS_CACHE_KEY) of [] -> - read_files_and_udpate_table(Directory); + read_files_and_update_table(Directory); [{roots, DerList}] -> DerList end; update_tab -> - read_files_and_udpate_table(Directory) + read_files_and_update_table(Directory) end. -read_files_and_udpate_table(Directory) -> +read_files_and_update_table(Directory) -> L = x509:read_pemfiles_from_dir(Directory), true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, L}), L. %%%%%%%%%%%%%%%%%%%% %% Testing internal functions. --define(PEMFILES_DIR_OK, "../test/testdata/known-roots"). --define(PEMFILES_DIR_NONEXISTENT, "../test/testdata/nonexistent-dir"). +-define(PEMFILES_DIR_OK, "test/testdata/known_roots"). +-define(PEMFILES_DIR_NONEXISTENT, "test/testdata/nonexistent-dir"). read_pemfiles_test_() -> {setup, - fun() -> {known_roots(?PEMFILES_DIR_OK, use_cache), - known_roots(?PEMFILES_DIR_OK, use_cache)} + fun() -> + init_cache_table(), + {known_roots(?PEMFILES_DIR_OK, update_tab), + known_roots(?PEMFILES_DIR_OK, use_cache)} end, fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end, fun({L, LCached}) -> @@ -214,6 +224,9 @@ read_pemfiles_test_() -> read_pemfiles_fail_test_() -> {setup, - fun() -> known_roots(?PEMFILES_DIR_NONEXISTENT, use_cache) end, + fun() -> + init_cache_table(), + known_roots(?PEMFILES_DIR_NONEXISTENT, update_tab) + end, fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end, fun(Empty) -> [?_assertMatch([], Empty)] end}. diff --git a/src/catlfish.hrl b/src/catlfish.hrl deleted file mode 100644 index 46e882b..0000000 --- a/src/catlfish.hrl +++ /dev/null @@ -1,4 +0,0 @@ -%%% Copyright (c) 2014, NORDUnet A/S. -%%% See LICENSE for licensing information. - --define(CACHE_TABLE, catlfish_cache). diff --git a/src/catlfish_app.erl b/src/catlfish_app.erl index e24a1bb..56f6cc2 100644 --- a/src/catlfish_app.erl +++ b/src/catlfish_app.erl @@ -8,20 +8,12 @@ %% Application callbacks -export([start/2, stop/1]). --include("catlfish.hrl"). - %% =================================================================== %% Application callbacks %% =================================================================== start(normal, Args) -> - case ets:info(?CACHE_TABLE) of - undefined -> - ok; - _ -> - ets:delete(?CACHE_TABLE) - end, - ets:new(?CACHE_TABLE, [set, public, named_table]), + catlfish:init_cache_table(), catlfish_sup:start_link(Args). stop(_State) -> diff --git a/src/x509.erl b/src/x509.erl index b0363cd..32ade83 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -31,7 +31,6 @@ normalise_chain(AcceptableRootCerts, CertChain) -> %% an acceptable root cert. Order of certificates in second argument %% is: leaf cert in head, chain in tail. Order of first argument is %% irrelevant. - -spec valid_chain_p([binary()], [binary()], integer()) -> {false, reason()} | {true, list()}. valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 -> @@ -279,8 +278,8 @@ sign_test_() -> valid_cert_test_() -> {setup, - fun() -> {read_pemfiles_from_dir("../test/testdata/known_roots"), - read_certs("../test/testdata/chains")} end, + fun() -> {read_pemfiles_from_dir("test/testdata/known_roots"), + read_certs("test/testdata/chains")} end, fun(_) -> ok end, fun({KnownRoots, Chains}) -> [ @@ -298,7 +297,13 @@ valid_cert_test_() -> %% leaf signed by known CA ?_assertMatch({true, _}, valid_chain_p(KnownRoots, - lists:nth(3, Chains), 10)) + lists:nth(3, Chains), 10)), + %% bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken + %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1 + %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr + ?_assertMatch({true, _}, + valid_chain_p(lists:nth(4, Chains), + lists:nth(4, Chains), 10)) ] end}. chain_test_() -> @@ -320,8 +325,6 @@ chain_test(C0, C1) -> ?_assertMatch({false, chain_too_long}, valid_chain_p([C1], [C0, C1], 1)), %% Root not in trust store. ?_assertMatch({false, root_unknown}, valid_chain_p([], [C0, C1], 10)), - %% Invalid signer. - ?_assertMatch({false, chain_broken}, valid_chain_p([C0], [C1, C0], 10)), %% Selfsigned. Actually OK. ?_assertMatch({true, []}, valid_chain_p([C0], [C0], 10)), ?_assertMatch({true, []}, valid_chain_p([C0], [C0], 1)), |