Add error information to VerifyCertificateChain().

net/data/verify_certificate_chain_unittest/common.py

 #!/usr/bin/python
 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Set of helpers to generate signed X.509v3 certificates.
 
 This works by shelling out calls to the 'openssl req' and 'openssl ca'
 commands, and passing the appropriate command line flags and configuration file
 (.cnf).
@@ skipping 392 matching lines @@
                         'http://url-for-aia/%s.cer' % (self.name))
 
     section = self.config.get_section('crl_info')
     section.set_property('URI.0', 'http://url-for-crl/%s.crl' % (self.name))
 
     section = self.config.get_section('crl_ext')
     section.set_property('authorityKeyIdentifier', 'keyid:always')
     section.set_property('authorityInfoAccess', '@issuer_info')
 
 
-def data_to_pem(block_header, block_data):
-  return '-----BEGIN %s-----\n%s\n-----END %s-----\n' % (block_header,
-          base64.b64encode(block_data), block_header)
+def text_data_to_pem(block_header, text_data):
+  return '%s\n-----BEGIN %s-----\n%s\n-----END %s-----\n' % (text_data,
+          block_header, base64.b64encode(text_data), block_header)
 
 
 class TrustAnchor(object):
   """Structure that represents a trust anchor."""
 
   def __init__(self, cert, constrained=False):
     self.cert = cert
     self.constrained = constrained
 
 
   def get_pem(self):
     """Returns a PEM block string describing this trust anchor."""
 
     cert_data = self.cert.get_cert_pem()
     block_name = 'TRUST_ANCHOR_UNCONSTRAINED'
     if self.constrained:
       block_name = 'TRUST_ANCHOR_CONSTRAINED'
 
     # Use a different block name in the .pem file, depending on the anchor type.
     return cert_data.replace('CERTIFICATE', block_name)
 
 
 def write_test_file(description, chain, trust_anchor, utc_time, verify_result,
-                    out_pem=None):
+                    errors, out_pem=None):
   """Writes a test file that contains all the inputs necessary to run a
   verification on a certificate chain"""
 
   # Prepend the script name that generated the file to the description.
   test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
 
   # Write the certificate chain to the output file.
   for cert in chain:
     test_data += '\n' + cert.get_cert_pem()
 
   test_data += '\n' + trust_anchor.get_pem()
-  test_data += '\n' + data_to_pem('TIME', utc_time)
+  test_data += '\n' + text_data_to_pem('TIME', utc_time)
 
   verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
-  test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
+  test_data += '\n' + text_data_to_pem('VERIFY_RESULT', verify_result_string)
+
+  if errors is not None:
+    test_data += '\n' + text_data_to_pem('ERRORS', '\n'.join(errors))
 
   write_string_to_file(test_data, out_pem if out_pem else g_out_pem)
 
 
 def write_string_to_file(data, path):
   with open(path, 'w') as f:
     f.write(data)
 
 
 def init(invoking_script_path):
@@ skipping 28 matching lines @@
 
 
 def create_intermediate_certificate(name, issuer):
   return Certificate(name, TYPE_CA, issuer)
 
 
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
 init(sys.argv[0])