summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2014-09-27 15:22:42 +0200
committerMagnus Ahltorp <map@kth.se>2014-09-27 15:22:42 +0200
commit3847607ce64a715993df3eaa42d9c4ea42064678 (patch)
treef6bb9026a373d9a84db9cf3923dff654a1df06c7
parent8a40d214037d6a9169a262d14016e8b44d898b04 (diff)
testcase1: Added certificate fetchingtesttools4
-rwxr-xr-xtools/testcase1.py125
1 files changed, 88 insertions, 37 deletions
diff --git a/tools/testcase1.py b/tools/testcase1.py
index 63dddc7..f78faa3 100755
--- a/tools/testcase1.py
+++ b/tools/testcase1.py
@@ -21,14 +21,30 @@ cc4 = get_certs_from_file(certfiles[3])
cc5 = get_certs_from_file(certfiles[4])
failures = 0
+indentation = ""
-def assert_equal(actual, expected, name):
+def testgroup(name):
+ global indentation
+ print name + ":"
+ indentation = " "
+
+def print_error(message, *args):
+ global failures, indentation
+ print indentation + "ERROR:", message % args
+ failures += 1
+
+def print_success(message, *args):
+ print indentation + message % args
+
+def assert_equal(actual, expected, name, quiet=False, nodata=False):
global failures
if actual != expected:
- print "ERROR:", name, "expected", expected, "got", actual
- failures += 1
- else:
- print name, "was correct"
+ if nodata:
+ print_error("%s differs", name)
+ else:
+ print_error("%s expected %s got %s", name, expected, actual)
+ elif not quiet:
+ print_success("%s was correct", name)
def print_and_check_tree_size(expected):
global failures
@@ -36,46 +52,73 @@ def print_and_check_tree_size(expected):
try:
check_sth_signature(baseurl, sth)
except AssertionError, e:
- print "ERROR:", e
- failures += 1
+ print_error("%s", e)
except ecdsa.keys.BadSignatureError, e:
- print "ERROR: bad STH signature"
- failures += 1
+ print_error("bad STH signature")
tree_size = sth["tree_size"]
- if tree_size == expected:
- print "tree size", tree_size
- else:
- print "ERROR: tree size", tree_size, "expected", expected
- failures += 1
+ assert_equal(tree_size, expected, "tree size")
def do_add_chain(chain):
global failures
try:
result = add_chain(baseurl, {"chain":map(base64.b64encode, chain)})
except ValueError, e:
- print "ERROR:", e
- failures += 1
+ print_error("%s", e)
try:
check_sct_signature(baseurl, chain[0], result)
except AssertionError, e:
- print "ERROR:", e
- failures += 1
+ print_error("%s", e)
except ecdsa.keys.BadSignatureError, e:
- print "ERROR: bad SCT signature"
- failures += 1
- print "signature check succeeded"
+ print_error("bad SCT signature")
+ print_success("signature check succeeded")
return result
-def get_and_validate_proof(timestamp, cert, leaf_index, nentries):
+def get_and_validate_proof(timestamp, chain, leaf_index, nentries):
+ cert = chain[0]
merkle_tree_leaf = pack_mtl(timestamp, cert)
leaf_hash = get_leaf_hash(merkle_tree_leaf)
sth = get_sth(baseurl)
proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
assert_equal(proof["leaf_index"], leaf_index, "leaf_index")
assert_equal(len(proof["audit_path"]), nentries, "audit_path length")
+ get_and_check_entry(timestamp, chain, leaf_index)
+
+def get_and_check_entry(timestamp, chain, leaf_index):
+ entries = get_entries(baseurl, leaf_index, leaf_index)
+ assert_equal(len(entries), 1, "get_entries", quiet=True)
+ fetched_entry = entries["entries"][0]
+ merkle_tree_leaf = pack_mtl(timestamp, chain[0])
+ leaf_input = base64.decodestring(fetched_entry["leaf_input"])
+ assert_equal(leaf_input, merkle_tree_leaf, "entry", nodata=True)
+ extra_data = base64.decodestring(fetched_entry["extra_data"])
+ certchain = decode_certificate_chain(extra_data)
+
+ submittedcertchain = chain[1:]
+
+ for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+ certchain, itertools.count(1)):
+ assert_equal(fetchedcert, submittedcert, "cert %d in chain" % (i,))
+
+ if len(certchain) == len(submittedcertchain) + 1:
+ last_issuer = get_cert_info(certs[-1])["issuer"]
+ root_subject = get_cert_info(certchain[-1])["subject"]
+ if last_issuer == root_subject:
+ print_success("fetched chain has an appended root cert")
+ else:
+ print_error("fetched chain has an extra entry")
+ failures += 1
+ elif len(certchain) == len(submittedcertchain):
+ print_success("cert chains are the same length")
+ else:
+ print_error("cert chain length %d expected %d or %d",
+ len(certchain),
+ len(submittedcertchain),
+ len(submittedcertchain))
print_and_check_tree_size(0)
+testgroup("cert1")
+
result1 = do_add_chain(cc1)
print_and_check_tree_size(1)
@@ -89,41 +132,49 @@ print_and_check_tree_size(1)
# TODO: add invalid cert and check that it generates an error
# and that treesize still is 1
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 0)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 0)
+
+testgroup("cert2")
result3 = do_add_chain(cc2)
print_and_check_tree_size(2)
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 1)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 1)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 1)
+
+testgroup("cert3")
result4 = do_add_chain(cc3)
print_and_check_tree_size(3)
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 2)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 2)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 2)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 2)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 1)
+
+testgroup("cert4")
result5 = do_add_chain(cc4)
print_and_check_tree_size(4)
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 2)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 2)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 2)
-get_and_validate_proof(result5["timestamp"], cc4[0], 3, 2)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 2)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 2)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 2)
+get_and_validate_proof(result5["timestamp"], cc4, 3, 2)
+
+testgroup("cert5")
result6 = do_add_chain(cc5)
print_and_check_tree_size(5)
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 3)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 3)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 3)
-get_and_validate_proof(result5["timestamp"], cc4[0], 3, 3)
-get_and_validate_proof(result6["timestamp"], cc5[0], 4, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 3)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 3)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 3)
+get_and_validate_proof(result5["timestamp"], cc4, 3, 3)
+get_and_validate_proof(result6["timestamp"], cc5, 4, 1)
print "-------"
if failures: