From 6904422f3e8ca95ece5a309ef121a6cd6159e0a8 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Thu, 6 Aug 2015 15:35:22 +0200 Subject: Add tests for precerts. --- Makefile | 7 +++++ tools/comparecert.py | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100755 tools/comparecert.py diff --git a/Makefile b/Makefile index f7f27a9..4cc0330 100644 --- a/Makefile +++ b/Makefile @@ -92,6 +92,13 @@ tests-run: @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false) @(cd $(INSTDIR) && mkdir fetchcertstore) @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false) + @(cd $(INSTDIR)/fetchcertstore && unzip 0000.zip) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert1.txt fetchcertstore/00000000) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert2.txt fetchcertstore/00000001) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt fetchcertstore/00000002) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt fetchcertstore/00000003) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt fetchcertstore/00000004) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt:../tools/testcerts/pre2.txt fetchcertstore/00000005:fetchcertstore/00000006) || (echo "Verification failed" ; false) tests-run2: @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" diff --git a/tools/comparecert.py b/tools/comparecert.py new file mode 100755 index 0000000..81893f7 --- /dev/null +++ b/tools/comparecert.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python + +# Copyright (c) 2014, NORDUnet A/S. +# See LICENSE for licensing information. + +import argparse +import urllib2 +import urllib +import json +import base64 +import sys +import struct +import hashlib +import itertools +from certtools import * +from certtools import * +from precerttools import * +import os +import signal +import select +import zipfile + +def readfile(filename): + contents = open(filename).read() + certchain = get_certs_from_string(contents) + precerts = get_precerts_from_string(contents) + return (certchain, precerts) + +def testcerts(template, test): + (certchain1, precerts1) = template + (certchain2, precerts2) = test + + if precerts1 != precerts2: + return (False, "precerts are different") + + if certchain1 == certchain2: + return (True, "") + + if len(certchain2) == len(certchain1) + 1: + if certchain2[:-1] != certchain1: + return (False, "certchains are different") + last_issuer = get_cert_info(certchain1[-1])["issuer"] + root_subject = get_cert_info(certchain2[-1])["subject"] + if last_issuer == root_subject: + return (True, "fetched chain has an appended root cert") + else: + return (False, "fetched chain has an extra entry") + + return (False, "certchains are different") + +parser = argparse.ArgumentParser(description='') +parser.add_argument('templates', help="Test templates, separated with colon") +parser.add_argument('test', help="Files to test, separated with colon") +args = parser.parse_args() + +templates = [readfile(filename) for filename in args.templates.split(":")] + +tests = [readfile(filename) for filename in args.test.split(":")] + + +for test in tests: + found = False + errors = [] + for template in templates: + (result, message) = testcerts(template, test) + if result: + print message + found = True + templates.remove(template) + break + else: + errors.append(message) + if not found: + print "Matching template not found for test" + for error in errors: + print error + sys.exit(1) +sys.exit(0) -- cgit v1.1