summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Emakefile2
-rw-r--r--Makefile4
-rw-r--r--src/catlfish.erl31
-rw-r--r--src/catlfish.hrl4
-rw-r--r--src/catlfish_app.erl10
-rw-r--r--src/x509.erl15
-rwxr-xr-xtest/check.erl11
-rw-r--r--test/config/check.config4
8 files changed, 52 insertions, 29 deletions
diff --git a/Emakefile b/Emakefile
index f6cea09..a3de317 100644
--- a/Emakefile
+++ b/Emakefile
@@ -1,5 +1,5 @@
%% erl -make (-*- erlang -*-)
-{["src/*", "test/*"],
+{["src/*"],
[debug_info,
{i, "include/"},
{outdir, "ebin/"},
diff --git a/Makefile b/Makefile
index 2650806..9f50bd9 100644
--- a/Makefile
+++ b/Makefile
@@ -56,3 +56,7 @@ tests-stop:
echo "halt()." | ./rel/bin/to_erl test/nodes/storage-1/
tests: tests-prepare tests-start tests-run tests-stop
+
+# Unit testing.
+check: all
+ test/check.erl
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 83ca3db..765a8a6 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -4,8 +4,8 @@
-module(catlfish).
-export([add_chain/2, entries/2, entry_and_proof/2]).
-export([known_roots/0, update_known_roots/0]).
+-export([init_cache_table/0]).
-include_lib("eunit/include/eunit.hrl").
--include("catlfish.hrl").
-define(PROTOCOL_VERSION, 0).
@@ -133,6 +133,14 @@ entry_and_proof(Index, TreeSize) ->
{error_message, list_to_binary(Msg)}]}
end.
+-define(CACHE_TABLE, catlfish_cache).
+init_cache_table() ->
+ case ets:info(?CACHE_TABLE) of
+ undefined -> ok;
+ _ -> ets:delete(?CACHE_TABLE)
+ end,
+ ets:new(?CACHE_TABLE, [set, public, named_table]).
+
%% Private functions.
unpack_entry(Entry) ->
<<Timestamp:64, LogEntry/binary>> = Entry,
@@ -183,28 +191,30 @@ known_roots(Directory, CacheUsage) ->
use_cache ->
case ets:lookup(?CACHE_TABLE, ?ROOTS_CACHE_KEY) of
[] ->
- read_files_and_udpate_table(Directory);
+ read_files_and_update_table(Directory);
[{roots, DerList}] ->
DerList
end;
update_tab ->
- read_files_and_udpate_table(Directory)
+ read_files_and_update_table(Directory)
end.
-read_files_and_udpate_table(Directory) ->
+read_files_and_update_table(Directory) ->
L = x509:read_pemfiles_from_dir(Directory),
true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, L}),
L.
%%%%%%%%%%%%%%%%%%%%
%% Testing internal functions.
--define(PEMFILES_DIR_OK, "../test/testdata/known-roots").
--define(PEMFILES_DIR_NONEXISTENT, "../test/testdata/nonexistent-dir").
+-define(PEMFILES_DIR_OK, "test/testdata/known_roots").
+-define(PEMFILES_DIR_NONEXISTENT, "test/testdata/nonexistent-dir").
read_pemfiles_test_() ->
{setup,
- fun() -> {known_roots(?PEMFILES_DIR_OK, use_cache),
- known_roots(?PEMFILES_DIR_OK, use_cache)}
+ fun() ->
+ init_cache_table(),
+ {known_roots(?PEMFILES_DIR_OK, update_tab),
+ known_roots(?PEMFILES_DIR_OK, use_cache)}
end,
fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end,
fun({L, LCached}) ->
@@ -214,6 +224,9 @@ read_pemfiles_test_() ->
read_pemfiles_fail_test_() ->
{setup,
- fun() -> known_roots(?PEMFILES_DIR_NONEXISTENT, use_cache) end,
+ fun() ->
+ init_cache_table(),
+ known_roots(?PEMFILES_DIR_NONEXISTENT, update_tab)
+ end,
fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end,
fun(Empty) -> [?_assertMatch([], Empty)] end}.
diff --git a/src/catlfish.hrl b/src/catlfish.hrl
deleted file mode 100644
index 46e882b..0000000
--- a/src/catlfish.hrl
+++ /dev/null
@@ -1,4 +0,0 @@
-%%% Copyright (c) 2014, NORDUnet A/S.
-%%% See LICENSE for licensing information.
-
--define(CACHE_TABLE, catlfish_cache).
diff --git a/src/catlfish_app.erl b/src/catlfish_app.erl
index e24a1bb..56f6cc2 100644
--- a/src/catlfish_app.erl
+++ b/src/catlfish_app.erl
@@ -8,20 +8,12 @@
%% Application callbacks
-export([start/2, stop/1]).
--include("catlfish.hrl").
-
%% ===================================================================
%% Application callbacks
%% ===================================================================
start(normal, Args) ->
- case ets:info(?CACHE_TABLE) of
- undefined ->
- ok;
- _ ->
- ets:delete(?CACHE_TABLE)
- end,
- ets:new(?CACHE_TABLE, [set, public, named_table]),
+ catlfish:init_cache_table(),
catlfish_sup:start_link(Args).
stop(_State) ->
diff --git a/src/x509.erl b/src/x509.erl
index b0363cd..32ade83 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -31,7 +31,6 @@ normalise_chain(AcceptableRootCerts, CertChain) ->
%% an acceptable root cert. Order of certificates in second argument
%% is: leaf cert in head, chain in tail. Order of first argument is
%% irrelevant.
-
-spec valid_chain_p([binary()], [binary()], integer()) ->
{false, reason()} | {true, list()}.
valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 ->
@@ -279,8 +278,8 @@ sign_test_() ->
valid_cert_test_() ->
{setup,
- fun() -> {read_pemfiles_from_dir("../test/testdata/known_roots"),
- read_certs("../test/testdata/chains")} end,
+ fun() -> {read_pemfiles_from_dir("test/testdata/known_roots"),
+ read_certs("test/testdata/chains")} end,
fun(_) -> ok end,
fun({KnownRoots, Chains}) ->
[
@@ -298,7 +297,13 @@ valid_cert_test_() ->
%% leaf signed by known CA
?_assertMatch({true, _},
valid_chain_p(KnownRoots,
- lists:nth(3, Chains), 10))
+ lists:nth(3, Chains), 10)),
+ %% bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
+ %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
+ %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
+ ?_assertMatch({true, _},
+ valid_chain_p(lists:nth(4, Chains),
+ lists:nth(4, Chains), 10))
] end}.
chain_test_() ->
@@ -320,8 +325,6 @@ chain_test(C0, C1) ->
?_assertMatch({false, chain_too_long}, valid_chain_p([C1], [C0, C1], 1)),
%% Root not in trust store.
?_assertMatch({false, root_unknown}, valid_chain_p([], [C0, C1], 10)),
- %% Invalid signer.
- ?_assertMatch({false, chain_broken}, valid_chain_p([C0], [C1, C0], 10)),
%% Selfsigned. Actually OK.
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 10)),
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 1)),
diff --git a/test/check.erl b/test/check.erl
new file mode 100755
index 0000000..b538346
--- /dev/null
+++ b/test/check.erl
@@ -0,0 +1,11 @@
+#! /usr/bin/env escript
+%% -*- erlang -*- mode
+%%! -pa ebin -pa ../lager/ebin -pa ../lager/deps/goldrush/ebin -pa ../mochiweb/ebin -config test/config/check.config
+
+%% To enable logging, pass `-s lager' by adding it to the line above.
+%% Tweak the amount of logging by changing `lager_console_backend' in
+%% config/check.config.
+
+main(_) ->
+ ok = x509:test(),
+ ok = catlfish:test().
diff --git a/test/config/check.config b/test/config/check.config
new file mode 100644
index 0000000..fa84f34
--- /dev/null
+++ b/test/config/check.config
@@ -0,0 +1,4 @@
+%% -*- erlang -*-
+[{lager,
+ [{handlers,
+ [{lager_console_backend, debug}]}]}].