Refactor some certificate verification tests in preparation to adding

net/data/verify_certificate_chain_unittest/common.py

 #!/usr/bin/python
 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Set of helpers to generate signed X.509v3 certificates.
 
 This works by shelling out calls to the 'openssl req' and 'openssl ca'
 commands, and passing the appropriate command line flags and configuration file
 (.cnf).
@@ skipping 354 matching lines @@
     section = self.config.get_section('crl_ext')
     section.set_property('authorityKeyIdentifier', 'keyid:always')
     section.set_property('authorityInfoAccess', '@issuer_info')
 
 
 def data_to_pem(block_header, block_data):
   return '-----BEGIN %s-----\n%s\n-----END %s-----\n' % (block_header,
           base64.b64encode(block_data), block_header)
 
 
-def write_test_file(description, chain, trusted_certs, utc_time, verify_result,
-                    out_pem=None):
-  """Writes a test file that contains all the inputs necessary to run a
-  verification on a certificate chain"""
+class TrustAnchor(object):
+  """Structure that represents a trust anchor."""
 
-  # Prepend the script name that generated the file to the description.
-  test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
+  def __init__(self, cert, constrained=False):
+    self.cert = cert
+    self.constrained = constrained
 
-  # Write the certificate chain to the output file.
-  for cert in chain:
-    test_data += '\n' + cert.get_cert_pem()
 
-  # Write the trust store.
-  for cert in trusted_certs:
-    cert_data = cert.get_cert_pem()
-    # Use a different block type in the .pem file.
-    cert_data = cert_data.replace('CERTIFICATE', 'TRUSTED_CERTIFICATE')
+class TestData(object):

[eroman, 2016/08/11 01:02:30]

Maybe this isn't idiomatic python.

But it felt a bit easier to encapsulate the variables into a container rather
than adding more.

I can drop some of these other refactors they aren't core to my CL (except for
the TrustAnchor struct above)

[eroman, 2016/08/11 18:59:27]

Quick update: I removed this unnecessary refactor to keep this CL more focused,
so please see latest patchset instead when reviewing.

+  """Structure that represents the parameters of a test file."""
+
+  def __init__(self):
+    # String describing the test.
+    self.description = None
+
+    # Ordered list of DER-encoded certificate bytes.
+    self.chain = None
+
+    # An instance of TrustAnchor.
+    self.trust_anchor = None
+
+    # A time when verification is to take place, encoded as UTCTime.
+    self.utc_time = None
+
+    # Boolean for whether the chain is expected to pass verification.
+    self.verify_result = None
+
+
+  def write_to_file(self, path):
+    """Writes a test file that contains all the inputs necessary to run a
+    verification on a certificate chain"""
+
+    # Prepend the script name that generated the file to the description.
+    test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], self.description)
+
+    # Write the certificate chain to the output file.
+    for cert in self.chain:
+      test_data += '\n' + cert.get_cert_pem()
+
+    # Write the trust anchor. It is basicaly a certificate, but
+    # given a different block name depending on how it is to be
+    # interpreted.
+    cert_data = self.trust_anchor.cert.get_cert_pem()
+    block_name = 'TRUST_ANCHOR_'
+    if self.trust_anchor.constrained:
+      block_name += 'CONSTRAINED'
+    else:
+      block_name += 'UNCONSTRAINED'
+    cert_data = cert_data.replace('CERTIFICATE', 'TRUST_ANCHOR_UNCONSTRAINED')
     test_data += '\n' + cert_data
 
-  test_data += '\n' + data_to_pem('TIME', utc_time)
+    test_data += '\n' + data_to_pem('TIME', self.utc_time)
 
-  verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
-  test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
+    verify_result_string = 'SUCCESS' if self.verify_result else 'FAIL'
+    test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
 
-  write_string_to_file(test_data, out_pem if out_pem else g_out_pem)
+    write_string_to_file(test_data, path)
 
 
 def write_string_to_file(data, path):
   with open(path, 'w') as f:
     f.write(data)
 
 
 def init(invoking_script_path):
   """Creates an output directory to contain all the temporary files that may be
   created, as well as determining the path for the final output. These paths
@@ skipping 25 matching lines @@
   return Certificate(name, TYPE_CA, None)
 
 
 def create_intermediate_certificate(name, issuer):
   return Certificate(name, TYPE_CA, issuer)
 
 
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
+
+def get_default_pem_path():
+  # TODO(eroman): remove this global.
+  return g_out_pem
+
 init(sys.argv[0])