diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rwxr-xr-x | tools/comparecert.py | 73 |
2 files changed, 48 insertions, 28 deletions
@@ -98,8 +98,7 @@ tests-run: @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert3.txt fetchcertstore/00000002) || (echo "Verification failed" ; false) @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert4.txt fetchcertstore/00000003) || (echo "Verification failed" ; false) @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/cert5.txt fetchcertstore/00000004) || (echo "Verification failed" ; false) - @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt fetchcertstore/00000005) || (echo "Verification failed" ; false) - @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre2.txt fetchcertstore/00000006) || (echo "Verification failed" ; false) + @(cd $(INSTDIR) && python ../tools/comparecert.py ../tools/testcerts/pre1.txt:../tools/testcerts/pre2.txt fetchcertstore/00000005:fetchcertstore/00000006) || (echo "Verification failed" ; false) tests-run2: @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" diff --git a/tools/comparecert.py b/tools/comparecert.py index 6d2bbf2..81893f7 100755 --- a/tools/comparecert.py +++ b/tools/comparecert.py @@ -20,38 +20,59 @@ import signal import select import zipfile +def readfile(filename): + contents = open(filename).read() + certchain = get_certs_from_string(contents) + precerts = get_precerts_from_string(contents) + return (certchain, precerts) + +def testcerts(template, test): + (certchain1, precerts1) = template + (certchain2, precerts2) = test + + if precerts1 != precerts2: + return (False, "precerts are different") + + if certchain1 == certchain2: + return (True, "") + + if len(certchain2) == len(certchain1) + 1: + if certchain2[:-1] != certchain1: + return (False, "certchains are different") + last_issuer = get_cert_info(certchain1[-1])["issuer"] + root_subject = get_cert_info(certchain2[-1])["subject"] + if last_issuer == root_subject: + return (True, "fetched chain has an appended root cert") + else: + return (False, "fetched chain has an extra entry") + + return (False, "certchains are different") + parser = argparse.ArgumentParser(description='') parser.add_argument('templates', help="Test templates, separated with colon") parser.add_argument('test', help="Files to test, separated with colon") args = parser.parse_args() -file1contents = open(args.templates).read() -certchain1 = get_certs_from_string(file1contents) -precerts1 = get_precerts_from_string(file1contents) - -file2contents = open(args.test).read() -certchain2 = get_certs_from_string(file2contents) -precerts2 = get_precerts_from_string(file2contents) +templates = [readfile(filename) for filename in args.templates.split(":")] -if precerts1 != precerts2: - print "precerts are different" - sys.exit(1) +tests = [readfile(filename) for filename in args.test.split(":")] -if certchain1 == certchain2: - sys.exit(0) -if len(certchain2) == len(certchain1) + 1: - if certchain2[:-1] != certchain1: - print "certchains are different" +for test in tests: + found = False + errors = [] + for template in templates: + (result, message) = testcerts(template, test) + if result: + print message + found = True + templates.remove(template) + break + else: + errors.append(message) + if not found: + print "Matching template not found for test" + for error in errors: + print error sys.exit(1) - last_issuer = get_cert_info(certchain1[-1])["issuer"] - root_subject = get_cert_info(certchain2[-1])["subject"] - if last_issuer == root_subject: - print "fetched chain has an appended root cert" - sys.exit(0) - else: - print "fetched chain has an extra entry" - sys.exit(1) - -print "certchains are different" -sys.exit(1) +sys.exit(0) |