summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-08-06 15:35:22 +0200
committerMagnus Ahltorp <map@kth.se>2015-08-06 15:35:22 +0200
commitf15ef19df80a54caa5ddbc7eea5a978bd2bfd109 (patch)
treecffd898416e6b497476f74252d34f43e936b44ef
parent7f4f3e0cf8e6a8ec996fd179aba92c63ef9b0236 (diff)
Tentative tests for precerts
-rw-r--r--Makefile8
-rwxr-xr-xtools/comparecert.py57
2 files changed, 65 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index f7f27a9..ad3cb8a 100644
--- a/Makefile
+++ b/Makefile
@@ -92,6 +92,14 @@ tests-run:
@(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false)
@(cd $(INSTDIR) && mkdir fetchcertstore)
@(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --store fetchcertstore --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR)/fetchcertstore && unzip 0000.zip)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert1.txt fetchcertstore/00000000) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert2.txt fetchcertstore/00000001) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt fetchcertstore/00000002) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt fetchcertstore/00000003) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt fetchcertstore/00000004) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt fetchcertstore/00000005) || (echo "Verification failed" ; false)
+ @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre2.txt fetchcertstore/00000006) || (echo "Verification failed" ; false)
tests-run2:
@(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"
diff --git a/tools/comparecert.py b/tools/comparecert.py
new file mode 100755
index 0000000..6d2bbf2
--- /dev/null
+++ b/tools/comparecert.py
@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+
+# Copyright (c) 2014, NORDUnet A/S.
+# See LICENSE for licensing information.
+
+import argparse
+import urllib2
+import urllib
+import json
+import base64
+import sys
+import struct
+import hashlib
+import itertools
+from certtools import *
+from certtools import *
+from precerttools import *
+import os
+import signal
+import select
+import zipfile
+
+parser = argparse.ArgumentParser(description='')
+parser.add_argument('templates', help="Test templates, separated with colon")
+parser.add_argument('test', help="Files to test, separated with colon")
+args = parser.parse_args()
+
+file1contents = open(args.templates).read()
+certchain1 = get_certs_from_string(file1contents)
+precerts1 = get_precerts_from_string(file1contents)
+
+file2contents = open(args.test).read()
+certchain2 = get_certs_from_string(file2contents)
+precerts2 = get_precerts_from_string(file2contents)
+
+if precerts1 != precerts2:
+ print "precerts are different"
+ sys.exit(1)
+
+if certchain1 == certchain2:
+ sys.exit(0)
+
+if len(certchain2) == len(certchain1) + 1:
+ if certchain2[:-1] != certchain1:
+ print "certchains are different"
+ sys.exit(1)
+ last_issuer = get_cert_info(certchain1[-1])["issuer"]
+ root_subject = get_cert_info(certchain2[-1])["subject"]
+ if last_issuer == root_subject:
+ print "fetched chain has an appended root cert"
+ sys.exit(0)
+ else:
+ print "fetched chain has an extra entry"
+ sys.exit(1)
+
+print "certchains are different"
+sys.exit(1)