From d5f7e595959229f7e4dee42adc518e14d05fed48 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 10 Jun 2016 15:12:46 +0200 Subject: Implement CATLFISH-74 --- test/catlfish-test-local-1.cfg | 9 ++++++--- tools/compileconfig.py | 21 +++++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/test/catlfish-test-local-1.cfg b/test/catlfish-test-local-1.cfg index cbe04d8..a4a0859 100644 --- a/test/catlfish-test-local-1.cfg +++ b/test/catlfish-test-local-1.cfg @@ -2,13 +2,16 @@ localnodes: - frontend-1 - storage-1 -addresses: +frontendaddresses: frontend-1: 127.0.0.1:8082 - storage-1: 127.0.0.1:8081 -publicaddresses: +ctapiaddresses: frontend-1: 127.0.0.1:8080 +storageaddresses: + storage-1: 127.0.0.1:8081 + + #publichttpaddresses: # frontend-1: 127.0.0.1:8090 diff --git a/tools/compileconfig.py b/tools/compileconfig.py index 25518ee..777a12f 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -88,7 +88,7 @@ def get_address(bind_address, nodeconfig): host = "0.0.0.0" return (host, port) -def gen_http_servers(nodetype, nodeconfig, bind_address, bind_publicaddress, bind_publichttpaddress): +def gen_http_servers(nodetype, nodeconfig, bind_addresses, bind_publicaddress, bind_publichttpaddress): http_servers = [] https_servers = [] @@ -97,7 +97,7 @@ def gen_http_servers(nodetype, nodeconfig, bind_address, bind_publicaddress, bin sys.exit(1) if "frontendnodes" in nodetype: - (host, port) = get_address(bind_address, nodeconfig["frontendnodes"]) + (host, port) = get_address(bind_addresses["frontend"], nodeconfig["frontendnodes"]) if bind_publicaddress: (publichost, publicport) = parse_address(bind_publicaddress) else: @@ -110,13 +110,13 @@ def gen_http_servers(nodetype, nodeconfig, bind_address, bind_publicaddress, bin https_servers.append((Symbol("external_https_api"), publichost, publicport, Symbol("v1"))) https_servers.append((Symbol("frontend_https_api"), host, port, Symbol("frontend"))) if "storagenodes" in nodetype: - (host, port) = get_address(bind_address, nodeconfig["storagenodes"]) + (host, port) = get_address(bind_addresses["storage"], nodeconfig["storagenodes"]) https_servers.append((Symbol("storage_https_api"), host, port, Symbol("storage"))) if "signingnodes" in nodetype: - (host, port) = get_address(bind_address, nodeconfig["signingnodes"]) + (host, port) = get_address(bind_addresses["signing"], nodeconfig["signingnodes"]) https_servers.append((Symbol("signing_https_api"), host, port, Symbol("signing"))) if "mergenodes" in nodetype: - (host, port) = get_address(bind_address, nodeconfig["mergenodes"]) + (host, port) = get_address(bind_addresses["merge"], nodeconfig["mergenodes"]) https_servers.append((Symbol("frontend_https_api"), host, port, Symbol("frontend"))) if nodetype - set(["frontendnodes", "storagenodes", "signingnodes", "mergenodes"]): print >>sys.stderr, "unknown nodetype", nodetype @@ -196,8 +196,13 @@ def parse_ratelimit((type, description)): def gen_config(nodename, config, localconfig): print "generating config for", nodename paths = localconfig["paths"] - bind_address = localconfig.get("addresses", {}).get(nodename) - bind_publicaddress = localconfig.get("publicaddresses", {}).get(nodename) + bind_addresses = { + "frontend": localconfig.get("frontendaddresses", {}).get(nodename), + "storage": localconfig.get("storageaddresses", {}).get(nodename), + "signing": localconfig.get("signingaddresses", {}).get(nodename), + "merge": localconfig.get("mergeaddresses", {}).get(nodename), + } + bind_publicaddress = localconfig.get("ctapiaddresses", {}).get(nodename) bind_publichttpaddress = localconfig.get("publichttpaddresses", {}).get(nodename) options = localconfig.get("options", []) @@ -205,7 +210,7 @@ def gen_config(nodename, config, localconfig): print >>configfile, "%% catlfish configuration file (-*- erlang -*-)" (nodetype, nodeconfig) = get_node_config(nodename, config) - (http_servers, https_servers) = gen_http_servers(nodetype, nodeconfig, bind_address, bind_publicaddress, bind_publichttpaddress=bind_publichttpaddress) + (http_servers, https_servers) = gen_http_servers(nodetype, nodeconfig, bind_addresses, bind_publicaddress, bind_publichttpaddress=bind_publichttpaddress) catlfishconfig = [] plopconfig = [] -- cgit v1.1 From ed94e0682912a8ee16cb5a1427166c3e77b51b50 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 8 Jul 2016 13:21:31 +0200 Subject: Fix bugs in old tests. Add tests for merge takeover. submitcert.py was not exiting with error code when cert submission failed. compileconfig.py was generating duplicate node names when Erlang nodes have several servers --- Makefile | 52 +++++++++++++++++++++++++++++++++++++++++++++++--- tools/compileconfig.py | 14 +++++++------- tools/submitcert.py | 10 ++++++++++ 3 files changed, 66 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 5435c43..d69e5ab 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,6 @@ tests-prepare: mkdir $(INSTDIR)/tests/mergedb/chains touch $(INSTDIR)/tests/mergedb/logorder mkdir $(INSTDIR)/tests/mergedb-secondary - mkdir $(INSTDIR)/tests/mergedb-secondary/chains touch $(INSTDIR)/tests/mergedb-secondary/logorder printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize mkdir $(INSTDIR)/tests/known_roots @@ -76,7 +75,7 @@ tests-start: tests-run: @(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem tests/httpsca/demoCA/cacert.pem) || (echo "Tests failed" ; false) - @diff -r -x nursery -x verifiedsize -x fetched -x sth -x verified.\* catlfish/tests/mergedb catlfish/tests/mergedb-secondary || (echo "Merge databases not matching" ; false) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false) @(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false) @(cd $(INSTDIR) && rm -f submittedcerts) @@ -90,7 +89,7 @@ tests-run: @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) - @diff -r -x nursery -x verifiedsize -x fetched -x sth -x verified.\* catlfish/tests/mergedb catlfish/tests/mergedb-secondary || (echo "Merge databases not matching" ; false) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) @(cd $(INSTDIR) && python ../tools/check-sth.py --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem https://localhost:8080/) || (echo "Check failed" ; false) @(cd $(INSTDIR) && rm -r fetchcertstore || true) @(cd $(INSTDIR) && mkdir fetchcertstore) @@ -110,6 +109,7 @@ tests-run: @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \ test "$$treesize" = "7" || (echo "Tree size $$treesize != expected 7" ; false)) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) @(cd $(INSTDIR) && bin/run_erl -daemon ../test/nodes/merge-2/ ../test/nodes/merge-2/log/ "exec bin/erl -config merge-2") @for i in 1 2 3 4 5 6 7 8 9 10; do \ echo "waiting for system to start" ; \ @@ -119,8 +119,42 @@ tests-run: @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) @(cd $(INSTDIR) && treesize=$$(../tools/loginfo.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg --treesize https://localhost:8080/) ; \ test "$$treesize" = "8" || (echo "Tree size $$treesize != expected 8" ; false)) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) + tests-run2: @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) + @(cd $(INSTDIR) && python ../tools/storagegc.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-1.cfg) || (echo "GC failed" ; false) + +tests-prepare-merge-takeover: + @echo $@ + mv $(INSTDIR)/tests/mergedb catlfish/tests/mergedb-down + mv $(INSTDIR)/tests/mergedb-secondary catlfish/tests/mergedb + mkdir $(INSTDIR)/tests/mergedb-secondary + touch $(INSTDIR)/tests/mergedb-secondary/logorder + printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize + +tests-run3: + @echo $@ + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) + @(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert7.txt --check-sct --sct-file=submittedcerts-7 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false) + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed" + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) + + +tests-prepare-redistribute-frontend: + @echo $@ + mv $(INSTDIR)/tests/machine/machine-1 $(INSTDIR)/tests/machine/machine-1-down && \ + mkdir -p $(INSTDIR)/tests/machine/machine-1/db && \ + touch $(INSTDIR)/tests/machine/machine-1/db/index && \ + touch $(INSTDIR)/tests/machine/machine-1/db/newentries ; \ + +tests-run4: + @echo $@ + @(cd $(INSTDIR) && ../tools/merge --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false) + @(cd $(INSTDIR) && ../tools/verifysth.py $(BASEURL) --publickey=tests/keys/logkey.pem --cur-sth=stored-sth --cafile tests/httpsca/demoCA/cacert.pem) tests-stop: @for node in $(NODES); do \ @@ -188,6 +222,18 @@ tests: @make tests-run2 || (sleep 5; make tests-stop ; false) @make tests-wait @make tests-stop + @make tests-wait + @make tests-prepare-merge-takeover + @make tests-start + @make tests-run3 || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop + @make tests-wait + @make tests-prepare-redistribute-frontend + @make tests-start + @make tests-run4 || (sleep 5; make tests-stop ; false) + @make tests-wait + @make tests-stop tests-formatupgrade: @make tests-makemk diff --git a/tools/compileconfig.py b/tools/compileconfig.py index 777a12f..d9ac740 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -350,19 +350,19 @@ def gen_config(nodename, config, localconfig): def gen_testmakefile(config, testmakefile, machines): configfile = open(testmakefile, "w") - frontendnodenames = [node["name"] for node in config["frontendnodes"]] - storagenodenames = [node["name"] for node in config["storagenodes"]] - signingnodenames = [node["name"] for node in config["signingnodes"]] - mergenodenames = [node["name"] for node in config["mergenodes"]] - erlangnodenames = frontendnodenames + storagenodenames + signingnodenames + \ - filter(lambda name: name != config["primarymergenode"], mergenodenames) + frontendnodenames = set([node["name"] for node in config["frontendnodes"]]) + storagenodenames = set([node["name"] for node in config["storagenodes"]]) + signingnodenames = set([node["name"] for node in config["signingnodes"]]) + mergenodenames = set([node["name"] for node in config["mergenodes"]]) + erlangnodenames = frontendnodenames | storagenodenames | signingnodenames | \ + set(filter(lambda name: name != config["primarymergenode"], mergenodenames)) frontendnodeaddresses = [node["publicaddress"] for node in config["frontendnodes"]] storagenodeaddresses = [node["address"] for node in config["storagenodes"]] signingnodeaddresses = [node["address"] for node in config["signingnodes"]] mergenodeaddresses = [node["address"] for node in config["mergenodes"] if node["name"] != config["primarymergenode"]] - print >>configfile, "NODES=" + " ".join(frontendnodenames+storagenodenames+signingnodenames+mergenodenames) + print >>configfile, "NODES=" + " ".join(frontendnodenames|storagenodenames|signingnodenames|mergenodenames) print >>configfile, "ERLANGNODES=" + " ".join(erlangnodenames) print >>configfile, "MACHINES=" + " ".join([str(e) for e in range(1, machines+1)]) print >>configfile, "TESTURLS=" + " ".join(frontendnodeaddresses+storagenodeaddresses+signingnodeaddresses+mergenodeaddresses) diff --git a/tools/submitcert.py b/tools/submitcert.py index 3b14912..66d5126 100755 --- a/tools/submitcert.py +++ b/tools/submitcert.py @@ -183,11 +183,15 @@ print ncerts, "certs" certs = get_all_certificates(certfiles) +errors = 0 + (result, timing) = submitcert(certs.next()) if result != None: nsubmitted += 1 (leafcert, issuer_key_hash, sct) = result save_sct(sct, sth, leafcert, issuer_key_hash) +else: + errors += 1 if args.pre_warm: select.select([], [], [], 3.0) @@ -206,6 +210,8 @@ try: nsubmitted += 1 (leafcert, issuer_key_hash, sct) = result save_sct(sct, sth, leafcert, issuer_key_hash) + else: + errors += 1 deltatime = datetime.datetime.now() - starttime deltatime_f = deltatime.seconds + deltatime.microseconds / 1000000.0 rate = nsubmitted / deltatime_f @@ -217,3 +223,7 @@ try: except KeyboardInterrupt: p.terminate() p.join() + +if errors: + print >> sys.stderr, errors, "errors encountered, exiting with error code" + sys.exit(1) -- cgit v1.1 From 9039104a2203e3467a2420348e5cee43eb5bd5af Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 8 Jul 2016 16:51:55 +0200 Subject: Added permdb support to merge --- Makefile | 1 - tools/merge_backup.py | 8 ++++---- tools/merge_dist.py | 6 +++--- tools/merge_fetch.py | 9 +++++---- tools/mergetools.py | 31 +++++++++++++++++++++++++++++++ 5 files changed, 43 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index d69e5ab..af8a82e 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,6 @@ tests-prepare: (cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey) openssl pkcs8 -topk8 -nocrypt -in $(INSTDIR)/tests/keys/logkey-private.pem -out $(INSTDIR)/tests/keys/logkey-private.pkcs8 mkdir $(INSTDIR)/tests/mergedb - mkdir $(INSTDIR)/tests/mergedb/chains touch $(INSTDIR)/tests/mergedb/logorder mkdir $(INSTDIR)/tests/mergedb-secondary touch $(INSTDIR)/tests/mergedb-secondary/logorder diff --git a/tools/merge_backup.py b/tools/merge_backup.py index 48ac133..ab2625d 100755 --- a/tools/merge_backup.py +++ b/tools/merge_backup.py @@ -12,9 +12,9 @@ from time import sleep from certtools import timing_point, build_merkle_tree, write_file, \ create_ssl_context from mergetools import chunks, backup_sendlog, get_logorder, \ - get_verifiedsize, get_missingentriesforbackup, read_chain, \ + get_verifiedsize, get_missingentriesforbackup, \ hexencode, setverifiedsize, sendentries_merge, verifyroot, \ - get_nfetched, parse_args + get_nfetched, parse_args, perm def backup_loop(nodename, nodeaddress, own_key, paths, verifiedsize, chunk): for trynumber in range(5, 0, -1): @@ -37,7 +37,7 @@ def merge_backup(args, config, localconfig, secondaries): "%s/%s-private.pem" % (paths["privatekeys"], localconfig["nodename"])) mergedb = paths["mergedb"] - chainsdir = mergedb + "/chains" + chainsdb = perm(localconfig.get("dbbackend", "filedb"), mergedb + "/chains") logorderfile = mergedb + "/logorder" currentsizefile = mergedb + "/fetched" timing = timing_point() @@ -119,7 +119,7 @@ def merge_backup(args, config, localconfig, secondaries): with requests.sessions.Session() as session: for missingentry_chunk in chunks(missingentries, 100): missingentry_hashes = [base64.b64decode(missingentry) for missingentry in missingentry_chunk] - hashes_and_entries = [(hash, read_chain(chainsdir, hash)) for hash in missingentry_hashes] + hashes_and_entries = [(hash, chainsdb.get(hash)) for hash in missingentry_hashes] sendentryresult = sendentries_merge(nodename, nodeaddress, own_key, paths, hashes_and_entries, session) diff --git a/tools/merge_dist.py b/tools/merge_dist.py index 9831f97..2af1d6c 100755 --- a/tools/merge_dist.py +++ b/tools/merge_dist.py @@ -11,7 +11,7 @@ from base64 import b64encode, b64decode from certtools import timing_point, \ create_ssl_context from mergetools import get_curpos, get_logorder, chunks, get_missingentries, \ - sendsth, sendlog, sendentry, read_chain, parse_args + sendsth, sendlog, sendentry, parse_args, perm def merge_dist(args, localconfig, frontendnodes, timestamp): paths = localconfig["paths"] @@ -19,7 +19,7 @@ def merge_dist(args, localconfig, frontendnodes, timestamp): "%s/%s-private.pem" % (paths["privatekeys"], localconfig["nodename"])) mergedb = paths["mergedb"] - chainsdir = mergedb + "/chains" + chainsdb = perm(localconfig.get("dbbackend", "filedb"), mergedb + "/chains") logorderfile = mergedb + "/logorder" sthfile = mergedb + "/sth" create_ssl_context(cafile=paths["https_cacertfile"]) @@ -92,7 +92,7 @@ def merge_dist(args, localconfig, frontendnodes, timestamp): for missingentry in missingentries: ehash = b64decode(missingentry) sendentryresult = sendentry(nodename, nodeaddress, own_key, paths, - read_chain(chainsdir, ehash), ehash) + chainsdb.get(ehash), ehash) if sendentryresult["result"] != "ok": print >>sys.stderr, "sendentry:", sendentryresult sys.exit(1) diff --git a/tools/merge_fetch.py b/tools/merge_fetch.py index bb1e17e..b77dea6 100755 --- a/tools/merge_fetch.py +++ b/tools/merge_fetch.py @@ -9,8 +9,8 @@ import struct import subprocess from time import sleep from mergetools import get_logorder, verify_entry, get_new_entries, \ - chunks, fsync_logorder, get_entries, write_chain, add_to_logorder, \ - hexencode, parse_args + chunks, fsync_logorder, get_entries, add_to_logorder, \ + hexencode, parse_args, perm from certtools import timing_point, write_file, create_ssl_context def merge_fetch(args, config, localconfig): @@ -18,7 +18,7 @@ def merge_fetch(args, config, localconfig): storagenodes = config["storagenodes"] mergedb = paths["mergedb"] logorderfile = mergedb + "/logorder" - chainsdir = mergedb + "/chains" + chainsdb = perm(localconfig.get("dbbackend", "filedb"), mergedb + "/chains") own_key = (localconfig["nodename"], "%s/%s-private.pem" % (paths["privatekeys"], localconfig["nodename"])) @@ -70,7 +70,7 @@ def merge_fetch(args, config, localconfig): for ehash in chunk: entry = entries[ehash] verify_entry(verifycert, entry, ehash) - write_chain(ehash, entry, chainsdir) + chainsdb.add(ehash, entry) add_to_logorder(logorderfile, ehash) logorder.append(ehash) certsinlog.add(ehash) @@ -79,6 +79,7 @@ def merge_fetch(args, config, localconfig): sys.stderr.flush() print >>sys.stderr sys.stderr.flush() + chainsdb.commit() fsync_logorder(logorderfile) timing_point(timing, "add entries") print >>sys.stderr, "added", added_entries, "entries" diff --git a/tools/mergetools.py b/tools/mergetools.py index ec4fd2a..80fbf0b 100644 --- a/tools/mergetools.py +++ b/tools/mergetools.py @@ -10,6 +10,10 @@ import json import yaml import argparse import requests +try: + import permdb +except ImportError: + pass from certtools import get_leaf_hash, http_request, get_leaf_hash def parselogrow(row): @@ -409,3 +413,30 @@ def parse_args(): localconfig = yaml.load(open(args.localconfig)) return (args, config, localconfig) + +def perm(dbtype, path): + if dbtype == "filedb": + return FileDB(path) + elif dbtype == "permdb": + return PermDB(path) + assert False + +class FileDB: + def __init__(self, path): + self.path = path + def get(self, key): + return read_chain(self.path, key) + def add(self, key, value): + return write_chain(key, value, self.path) + def commit(self): + pass + +class PermDB: + def __init__(self, path): + self.permdbobj = permdb.alloc(path) + def get(self, key): + return permdb.getvalue(self.permdbobj, key) + def add(self, key, value): + return permdb.addvalue(self.permdbobj, key, value) + def commit(self): + permdb.committree(self.permdbobj) -- cgit v1.1 From 0c324cb99362e5915860a915291ba287138f3bcf Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Tue, 12 Jul 2016 17:15:21 +0200 Subject: Cert7 --- tools/testcerts/cert7.txt | 88 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 tools/testcerts/cert7.txt diff --git a/tools/testcerts/cert7.txt b/tools/testcerts/cert7.txt new file mode 100644 index 0000000..0cd5fc7 --- /dev/null +++ b/tools/testcerts/cert7.txt @@ -0,0 +1,88 @@ +depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA +verify return:1 +depth=1 C = NL, ST = Noord-Holland, L = Amsterdam, O = TERENA, CN = TERENA SSL High Assurance CA 3 +verify return:1 +depth=0 businessCategory = Government Entity, jurisdictionC = SE, serialNumber = Government Entity, street = Brinellv\C3\A4gen 8, postalCode = 114 28, C = SE, ST = Stockholm, L = Stockholm, O = Kungliga Tekniska h\C3\B6gskolan, OU = ITA, CN = ns-vip-01.sys.kth.se +verify return:1 +--- +Certificate chain + 0 s:/businessCategory=Government Entity/jurisdictionC=SE/serialNumber=Government Entity/street=Brinellv\xC3\xA4gen 8/postalCode=114 28/C=SE/ST=Stockholm/L=Stockholm/O=Kungliga Tekniska h\xC3\xB6gskolan/OU=ITA/CN=ns-vip-01.sys.kth.se + i:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL High Assurance CA 3 + 1 s:/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL High Assurance CA 3 + i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIHgzCCBmugAwIBAgIQCdqT9/QmgQ7tXQLSVpiJbjANBgkqhkiG9w0BAQsFADBz +MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ +QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExJzAlBgNVBAMTHlRFUkVOQSBTU0wg +SGlnaCBBc3N1cmFuY2UgQ0EgMzAeFw0xNTAyMDIwMDAwMDBaFw0xNzAyMDYxMjAw +MDBaMIIBATEaMBgGA1UEDwwRR292ZXJubWVudCBFbnRpdHkxEzARBgsrBgEEAYI3 +PAIBAxMCU0UxGjAYBgNVBAUTEUdvdmVybm1lbnQgRW50aXR5MRgwFgYDVQQJDA9C +cmluZWxsdsOkZ2VuIDgxDzANBgNVBBETBjExNCAyODELMAkGA1UEBhMCU0UxEjAQ +BgNVBAgTCVN0b2NraG9sbTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYDVQQKDBxL +dW5nbGlnYSBUZWtuaXNrYSBow7Znc2tvbGFuMQwwCgYDVQQLEwNJVEExHTAbBgNV +BAMTFG5zLXZpcC0wMS5zeXMua3RoLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEApiFDIvE+jH/pLv4e3dG2LIvP6Cskik6ZEq83gG7lDYZp0/lUzL29 +sOd/CnDypzoRRhURdy832tY+9Lyri1m3y6kBzl2tGKtM25r1TRR/VLYbaZr+7o+a +PLiu5E0jRdhc2lp5t4IOkHJMWAAEtXhvcI0b30kksM28NHv8t7b4Tfr8Xq82V/KI +mOHRVprZj0X/cRNfC5ELrONQCTyx/uEgl26biZ+FaN5E5K2adjGaOG2ejwf8tuex +aMDTqJJEBv0IOsDl/vVlv8xwo/EaqH2hIZqYLVcjpJYCZA0yzfGfPOvWaPjbdk3g +8j1ka/iMRUlWQlwJxC9KgjGA6xwM2SiZAwIDAQABo4IDgTCCA30wHwYDVR0jBBgw +FoAUwriF1+G5E73RSLz9Xtx9kEJ6iqkwHQYDVR0OBBYEFNwVQHULuYn87IccKDOy +8WXztypxMDMGA1UdEQQsMCqCFG5zLXZpcC0wMS5zeXMua3RoLnNlggZrdGguc2WC +Cnd3dy5rdGguc2UwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjCBhQYDVR0fBH4wfDA8oDqgOIY2aHR0cDovL2NybDMuZGlnaWNl +cnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMuY3JsMDygOqA4hjZodHRw +Oi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMSGlnaEFzc3VyYW5jZUNBMy5j +cmwwQgYDVR0gBDswOTA3BglghkgBhv1sAgEwKjAoBggrBgEFBQcCARYcaHR0cHM6 +Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUH +MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDov +L2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTEhpZ2hBc3N1cmFuY2VDQTMu +Y3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5 +CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABS0m3DSsAAAQDAEcwRQIh +AK5X6zyg4itvaiHvX52Dzt1KZXZtsSyPyvJ5TvIKYgnWAiAliRErIfDHWGJSc3QA +QFtFIO78h3CFE2VIaXG3a/OShQB1AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0Qpn +rLtPT/vEAAABS0m3DNEAAAQDAEYwRAIgSxsxeRIEyG17W2Hm3gkoP+g0VRSBIYwm +cd3SkyUkM28CIE6kyWZw0ArCssseNtNi0nZO3UUCDNCmQwnnzXn2dw1zAHcAVhQG +mi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFLSbcOpwAABAMASDBGAiEA ++HptsTKBs/T9KWMn0MaFjdyTOvAAcp6s6iFd84naRRMCIQCD4bxdQEP1Fls7VXZl +kewlHIUo4aQqKhypPMCOGkRQDzANBgkqhkiG9w0BAQsFAAOCAQEAH3jW+5hZJ14a +EuCTAZXfrCsXmopbHLWuI/pjWYJLyqGcWLVBZD2c/WqHpptQEPcJQF8/oPjA/DT0 +TKKIh0DZcQ6XoZTz7o02dBvkKsnBu9Vhoz78EQNNRcgyEgmU7DPXjdfMuBKre0ia +qPYEllzZLF0EXeap4SLXxdYh0XpLVjFnQDEYFeUcqbYX2r7AAqG/1476Vx/PtX4x +SGu7Q9RUt+wq7WOxRxzT+IorJ9zPqETr6ywqjfPXvWGzpoxeDgPKNh3pDKm4v160 +aYuM6Ar4zueUYRTNbdNCvQXg1o8a9S6pZSh/YkY64pHGsZ95taBcIw3Gn4CBAboS +rw36n9nb1g== +-----END CERTIFICATE----- +subject=/businessCategory=Government Entity/jurisdictionC=SE/serialNumber=Government Entity/street=Brinellv\xC3\xA4gen 8/postalCode=114 28/C=SE/ST=Stockholm/L=Stockholm/O=Kungliga Tekniska h\xC3\xB6gskolan/OU=ITA/CN=ns-vip-01.sys.kth.se +issuer=/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL High Assurance CA 3 +-----BEGIN CERTIFICATE----- +MIIE4DCCA8igAwIBAgIQC1w0NWdbJGfA1zI3+Q1flDANBgkqhkiG9w0BAQsFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTE0MTExODEyMDAwMFoXDTI0MTExODEyMDAwMFowczEL +MAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFt +c3RlcmRhbTEPMA0GA1UEChMGVEVSRU5BMScwJQYDVQQDEx5URVJFTkEgU1NMIEhp +Z2ggQXNzdXJhbmNlIENBIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQChNsmK4gfxr6c9j2OMBRo3gOA7z5keoaPHiX4rUX+1fF1Brmvf7Uo83sRiXRYQ +RJrD79hzJrulDtdihxgS5HgvIQHqGrp3NRRDUlq/4bItLTp9QCHzLhRQSrSYaFkI +zztYezwb3ABzNiVciqQFk7WR9ebh9ZaCxaXfebcg7LodgQQ4XDvkW2Aknkb1J8NV +nlbKen6PLlNSL4+MLV+uF1e87aTgOxbM9sxZ1/1LRqrOu28z9WA8qUZn2Av+hcP2 +TQIBoMPMQ8dT+6Yx/0Y+2J702OU//dS0pi8gMe7FtYVcZrlcSy/C40I7EFYHEjTm +zH4EGvG6t9wZua2atFKvP/7HAgMBAAGjggF1MIIBcTASBgNVHRMBAf8ECDAGAQH/ +AgEAMA4GA1UdDwEB/wQEAwIBhjB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUHMAGG +GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDovL2Nh +Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENB +LmNydDBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v +RGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYE +VR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT +MB0GA1UdDgQWBBTCuIXX4bkTvdFIvP1e3H2QQnqKqTAfBgNVHSMEGDAWgBSxPsNp +A/i/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAsCq7NTey6NjZHqT4 +kjZBNU3sItnD+RYAMWx4ZyaELcy7XhndQzX88TYSCYxl/YWB6lCjxx0dL3wTZUbX +r+WRDzz5xX+98kdYrwNCT7fmT4eenv6cCS1sC9hc4sIl5dkb1pguY3ViV5D8/yEB +hadOpw3TwI8xkqe2j/H5fp4Oaf9cFdpf9C85mQgZJwsvtvmmDTQTPcGPRFTgdGtY +2xbWxDah6HjKpX6iI4BTBQhhpX6TJl6/GEaYK07s2Kr8BFPhrgmep9vrepWv61x7 +dnnqz5SeAs6cbSm551qG7Dj8+6f/8e33oqLC5Ldnbt0Ou6PjtZ4O02dN9cnicemR +1B0/YQ== +-----END CERTIFICATE----- -- cgit v1.1