Refactor some certificate verification tests in preparation to adding

net/data/verify_certificate_chain_unittest/common.py

Index: net/data/verify_certificate_chain_unittest/common.py
diff --git a/net/data/verify_certificate_chain_unittest/common.py b/net/data/verify_certificate_chain_unittest/common.py
index 92e84b7bf8d3204e001a624e8ba6ec68f8cd6b3a..2d0419ea6cc4a9b7a272f9666797c6ba5b6183a8 100755
--- a/net/data/verify_certificate_chain_unittest/common.py
+++ b/net/data/verify_certificate_chain_unittest/common.py
@@ -372,31 +372,63 @@ def data_to_pem(block_header, block_data):
           base64.b64encode(block_data), block_header)
 
 
-def write_test_file(description, chain, trusted_certs, utc_time, verify_result,
-                    out_pem=None):
-  """Writes a test file that contains all the inputs necessary to run a
-  verification on a certificate chain"""
-
-  # Prepend the script name that generated the file to the description.
-  test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
-
-  # Write the certificate chain to the output file.
-  for cert in chain:
-    test_data += '\n' + cert.get_cert_pem()
-
-  # Write the trust store.
-  for cert in trusted_certs:
-    cert_data = cert.get_cert_pem()
-    # Use a different block type in the .pem file.
-    cert_data = cert_data.replace('CERTIFICATE', 'TRUSTED_CERTIFICATE')
+class TrustAnchor(object):
+  """Structure that represents a trust anchor."""
+
+  def __init__(self, cert, constrained=False):
+    self.cert = cert
+    self.constrained = constrained
+
+
+class TestData(object):

[eroman, 2016/08/11 01:02:30]

Maybe this isn't idiomatic python.

But it felt a bit easier to encapsulate the variables into a container rather
than adding more.

I can drop some of these other refactors they aren't core to my CL (except for
the TrustAnchor struct above)

[eroman, 2016/08/11 18:59:27]

Quick update: I removed this unnecessary refactor to keep this CL more focused,
so please see latest patchset instead when reviewing.

+  """Structure that represents the parameters of a test file."""
+
+  def __init__(self):
+    # String describing the test.
+    self.description = None
+
+    # Ordered list of DER-encoded certificate bytes.
+    self.chain = None
+
+    # An instance of TrustAnchor.
+    self.trust_anchor = None
+
+    # A time when verification is to take place, encoded as UTCTime.
+    self.utc_time = None
+
+    # Boolean for whether the chain is expected to pass verification.
+    self.verify_result = None
+
+
+  def write_to_file(self, path):
+    """Writes a test file that contains all the inputs necessary to run a
+    verification on a certificate chain"""
+
+    # Prepend the script name that generated the file to the description.
+    test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], self.description)
+
+    # Write the certificate chain to the output file.
+    for cert in self.chain:
+      test_data += '\n' + cert.get_cert_pem()
+
+    # Write the trust anchor. It is basicaly a certificate, but
+    # given a different block name depending on how it is to be
+    # interpreted.
+    cert_data = self.trust_anchor.cert.get_cert_pem()
+    block_name = 'TRUST_ANCHOR_'
+    if self.trust_anchor.constrained:
+      block_name += 'CONSTRAINED'
+    else:
+      block_name += 'UNCONSTRAINED'
+    cert_data = cert_data.replace('CERTIFICATE', 'TRUST_ANCHOR_UNCONSTRAINED')
     test_data += '\n' + cert_data
 
-  test_data += '\n' + data_to_pem('TIME', utc_time)
+    test_data += '\n' + data_to_pem('TIME', self.utc_time)
 
-  verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
-  test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
+    verify_result_string = 'SUCCESS' if self.verify_result else 'FAIL'
+    test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
 
-  write_string_to_file(test_data, out_pem if out_pem else g_out_pem)
+    write_string_to_file(test_data, path)
 
 
 def write_string_to_file(data, path):
@@ -442,4 +474,9 @@ def create_intermediate_certificate(name, issuer):
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
+
+def get_default_pem_path():
+  # TODO(eroman): remove this global.
+  return g_out_pem
+
 init(sys.argv[0])