From 24455a475b737234cfc1ab4f7cc2d7c8af2111c3 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Sat, 27 Sep 2014 15:22:42 +0200
Subject: testcase1: Added certificate fetching

---
 tools/testcase1.py | 125 +++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 88 insertions(+), 37 deletions(-)

diff --git a/tools/testcase1.py b/tools/testcase1.py
index 63dddc7..f78faa3 100755
--- a/tools/testcase1.py
+++ b/tools/testcase1.py
@@ -21,14 +21,30 @@ cc4 = get_certs_from_file(certfiles[3])
 cc5 = get_certs_from_file(certfiles[4])
 
 failures = 0
+indentation = ""
 
-def assert_equal(actual, expected, name):
+def testgroup(name):
+    global indentation
+    print name + ":"
+    indentation = "    "
+
+def print_error(message, *args):
+    global failures, indentation
+    print indentation + "ERROR:", message % args
+    failures += 1
+
+def print_success(message, *args):
+    print indentation + message % args
+
+def assert_equal(actual, expected, name, quiet=False, nodata=False):
     global failures
     if actual != expected:
-        print "ERROR:", name, "expected", expected, "got", actual
-        failures += 1
-    else:
-        print name, "was correct"
+        if nodata:
+            print_error("%s differs", name)
+        else:
+            print_error("%s expected %s got %s", name, expected, actual)
+    elif not quiet:
+        print_success("%s was correct", name)
 
 def print_and_check_tree_size(expected):
     global failures
@@ -36,46 +52,73 @@ def print_and_check_tree_size(expected):
     try:
         check_sth_signature(baseurl, sth)
     except AssertionError, e:
-        print "ERROR:", e
-        failures += 1
+        print_error("%s", e)
     except ecdsa.keys.BadSignatureError, e:
-        print "ERROR: bad STH signature"
-        failures += 1
+        print_error("bad STH signature")
     tree_size = sth["tree_size"]
-    if tree_size == expected:
-        print "tree size", tree_size
-    else:
-        print "ERROR: tree size", tree_size, "expected", expected
-        failures += 1
+    assert_equal(tree_size, expected, "tree size")
 
 def do_add_chain(chain):
     global failures
     try:
         result = add_chain(baseurl, {"chain":map(base64.b64encode, chain)})
     except ValueError, e:
-        print "ERROR:", e
-        failures += 1
+        print_error("%s", e)
     try:
         check_sct_signature(baseurl, chain[0], result)
     except AssertionError, e:
-        print "ERROR:", e
-        failures += 1
+        print_error("%s", e)
     except ecdsa.keys.BadSignatureError, e:
-        print "ERROR: bad SCT signature"
-        failures += 1
-    print "signature check succeeded"
+        print_error("bad SCT signature")
+    print_success("signature check succeeded")
     return result
 
-def get_and_validate_proof(timestamp, cert, leaf_index, nentries):
+def get_and_validate_proof(timestamp, chain, leaf_index, nentries):
+    cert = chain[0]
     merkle_tree_leaf = pack_mtl(timestamp, cert)
     leaf_hash = get_leaf_hash(merkle_tree_leaf)
     sth = get_sth(baseurl)
     proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"])
     assert_equal(proof["leaf_index"], leaf_index, "leaf_index")
     assert_equal(len(proof["audit_path"]), nentries, "audit_path length")
+    get_and_check_entry(timestamp, chain, leaf_index)
+
+def get_and_check_entry(timestamp, chain, leaf_index):
+    entries = get_entries(baseurl, leaf_index, leaf_index)
+    assert_equal(len(entries), 1, "get_entries", quiet=True)
+    fetched_entry = entries["entries"][0]
+    merkle_tree_leaf = pack_mtl(timestamp, chain[0])
+    leaf_input =  base64.decodestring(fetched_entry["leaf_input"])
+    assert_equal(leaf_input, merkle_tree_leaf, "entry", nodata=True)
+    extra_data = base64.decodestring(fetched_entry["extra_data"])
+    certchain = decode_certificate_chain(extra_data)
+
+    submittedcertchain = chain[1:]
+
+    for (submittedcert, fetchedcert, i) in zip(submittedcertchain,
+                                               certchain, itertools.count(1)):
+        assert_equal(fetchedcert, submittedcert, "cert %d in chain" % (i,))
+
+    if len(certchain) == len(submittedcertchain) + 1:
+        last_issuer = get_cert_info(certs[-1])["issuer"]
+        root_subject = get_cert_info(certchain[-1])["subject"]
+        if last_issuer == root_subject:
+            print_success("fetched chain has an appended root cert")
+        else:
+            print_error("fetched chain has an extra entry")
+            failures += 1
+    elif len(certchain) == len(submittedcertchain):
+        print_success("cert chains are the same length")
+    else:
+        print_error("cert chain length %d expected %d or %d",
+                    len(certchain),
+                    len(submittedcertchain),
+                    len(submittedcertchain))
 
 print_and_check_tree_size(0)
 
+testgroup("cert1")
+
 result1 = do_add_chain(cc1)
 
 print_and_check_tree_size(1)
@@ -89,41 +132,49 @@ print_and_check_tree_size(1)
 # TODO: add invalid cert and check that it generates an error
 #       and that treesize still is 1
 
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 0)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 0)
+
+testgroup("cert2")
 
 result3 = do_add_chain(cc2)
 
 print_and_check_tree_size(2)
 
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 1)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 1)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 1)
+
+testgroup("cert3")
 
 result4 = do_add_chain(cc3)
 
 print_and_check_tree_size(3)
 
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 2)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 2)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 2)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 2)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 1)
+
+testgroup("cert4")
 
 result5 = do_add_chain(cc4)
 
 print_and_check_tree_size(4)
 
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 2)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 2)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 2)
-get_and_validate_proof(result5["timestamp"], cc4[0], 3, 2)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 2)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 2)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 2)
+get_and_validate_proof(result5["timestamp"], cc4, 3, 2)
+
+testgroup("cert5")
 
 result6 = do_add_chain(cc5)
 
 print_and_check_tree_size(5)
 
-get_and_validate_proof(result1["timestamp"], cc1[0], 0, 3)
-get_and_validate_proof(result3["timestamp"], cc2[0], 1, 3)
-get_and_validate_proof(result4["timestamp"], cc3[0], 2, 3)
-get_and_validate_proof(result5["timestamp"], cc4[0], 3, 3)
-get_and_validate_proof(result6["timestamp"], cc5[0], 4, 1)
+get_and_validate_proof(result1["timestamp"], cc1, 0, 3)
+get_and_validate_proof(result3["timestamp"], cc2, 1, 3)
+get_and_validate_proof(result4["timestamp"], cc3, 2, 3)
+get_and_validate_proof(result5["timestamp"], cc4, 3, 3)
+get_and_validate_proof(result6["timestamp"], cc5, 4, 1)
 
 print "-------"
 if failures:
-- 
cgit v1.1