Refactor how net/data/verify_certificate_chain_unittest/*

net/data/verify_certificate_chain_unittest/common.py

 #!/usr/bin/python
 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Set of helpers to generate signed X.509v3 certificates.
 
 This works by shelling out calls to the 'openssl req' and 'openssl ca'
 commands, and passing the appropriate command line flags and configuration file
 (.cnf).
@@ skipping 34 matching lines @@
 KEY_PURPOSE_ANY = 'anyExtendedKeyUsage'
 KEY_PURPOSE_SERVER_AUTH = 'serverAuth'
 KEY_PURPOSE_CLIENT_AUTH = 'clientAuth'
 
 DEFAULT_KEY_PURPOSE = KEY_PURPOSE_SERVER_AUTH
 
 # Counters used to generate unique (but readable) path names.
 g_cur_path_id = {}
 
 # Output paths used:
-#   - g_out_dir: where any temporary files (cert req, signing db etc) are
+#   - g_tmp_dir: where any temporary files (cert req, signing db etc) are
 #                saved to.
-#   - g_script_name: the name of the invoking script. For instance if this is
-#                    being run by generate-foo.py then g_script_name will be
-#                    'foo'
-#
-# See init() for how these are assigned, based on the name of the calling
-# script.
-g_out_dir = None
-g_script_name = None
+
+# See init() for how these are assigned.
+g_tmp_dir = None
 
 # The default validity range of generated certificates. Can be modified with
 # set_default_validity_range().
 g_default_start_date = JANUARY_1_2015_UTC
 g_default_end_date = JANUARY_1_2016_UTC
 
 
 def set_default_validity_range(start_date, end_date):
   """Sets the validity range that will be used for certificates created with
   Certificate"""
@@ skipping 13 matching lines @@
   g_cur_path_id[lowercase_name] = path_id + 1
 
   # Use a short and clean name for the first use of this name.
   if path_id == 0:
     return name
 
   # Otherwise append the count to make it unique.
   return '%s_%d' % (name, path_id)
 
 
-def get_path_in_output_dir(name, suffix):
-  return os.path.join(g_out_dir, '%s%s' % (name, suffix))
+def get_path_in_tmp_dir(name, suffix):
+  return os.path.join(g_tmp_dir, '%s%s' % (name, suffix))
 
 
 class Key(object):
   """Describes a public + private key pair. It is a dumb wrapper around an
   on-disk key."""
 
   def __init__(self, path):
     self.path = path
 
 
@@ skipping 42 matching lines @@
   path."""
   return get_or_generate_key(['openssl', 'ecparam', '-name', named_curve,
                               '-genkey'], path)
 
 
 def create_key_path(base_name):
   """Generates a name that contains |base_name| in it, and is relative to the
   "keys/" directory. If create_key_path(xxx) is called more than once during
   the script run, a suffix will be added."""
 
-  # Save keys to CWD/keys/<generate-script-name>/*.key
-  # Hack: if the script name was generate-certs.py, then just save to
-  # 'keys/*.key' (used by external consumers of common.py)
+#Save keys to CWD / keys / < generate - script - name >/*.key

[mattm, 2017/05/02 06:43:46]

indentation, space after #

are the internal spaces intentional?

[eroman, 2017/05/02 19:20:23]

Done. 
(I think these lines got messed up by some formatter)

   keys_dir = 'keys'
-  if g_script_name != 'certs':
-    keys_dir = os.path.join(keys_dir, g_script_name)
 
   # Create the keys directory if it doesn't exist
   if not os.path.exists(keys_dir):
     os.makedirs(keys_dir)
 
   return get_unique_path_id(os.path.join(keys_dir, base_name)) + '.key'
 
 
 class Certificate(object):
   """Helper for building an X.509 certificate."""
@@ skipping 74 matching lines @@
     self.md_flags = ['-md', md]
 
 
   def get_extensions(self):
     return self.config.get_section('req_ext')
 
 
   def get_path(self, suffix):
     """Forms a path to an output file for this certificate, containing the
     indicated suffix. The certificate's name will be used as its basis."""
-    return os.path.join(g_out_dir, '%s%s' % (self.path_id, suffix))
+    return os.path.join(g_tmp_dir, '%s%s' % (self.path_id, suffix))
 
 
   def get_name_path(self, suffix):
     """Forms a path to an output file for this CA, containing the indicated
     suffix. If multiple certificates have the same name, they will use the same
     path."""
-    return get_path_in_output_dir(self.name, suffix)
+    return get_path_in_tmp_dir(self.name, suffix)
 
 
   def set_key(self, key):
     assert self.finalized is False
     self.set_key_internal(key)
 
 
   def set_key_internal(self, key):
     self.key = key
 
@@ skipping 127 matching lines @@
 
     # --------------------------------------
     # 'ca' section
     # --------------------------------------
 
     section = self.config.get_section('ca')
     section.set_property('default_ca', 'root_ca')
 
     section = self.config.get_section('root_ca')
     section.set_property('certificate', self.get_cert_path())
-    section.set_property('new_certs_dir', g_out_dir)
+    section.set_property('new_certs_dir', g_tmp_dir)
     section.set_property('serial', self.get_serial_path())
     section.set_property('database', self.get_database_path())
     section.set_property('unique_subject', 'no')
 
     # These will get overridden via command line flags.
     section.set_property('default_days', '365')
     section.set_property('default_md', 'sha256')
 
     section.set_property('policy', 'policy_anything')
     section.set_property('email_in_dn', 'no')
@@ skipping 31 matching lines @@
     section = self.config.get_section('crl_ext')
     section.set_property('authorityKeyIdentifier', 'keyid:always')
     section.set_property('authorityInfoAccess', '@issuer_info')
 
 
 def text_data_to_pem(block_header, text_data):
   return '%s\n-----BEGIN %s-----\n%s\n-----END %s-----\n' % (text_data,
           block_header, base64.b64encode(text_data), block_header)
 
 
-class TrustAnchor(object):
-  """Structure that represents a trust anchor."""
-
-  def __init__(self, cert, constrained=False):
-    self.cert = cert
-    self.constrained = constrained
-
-
-  def get_pem(self):
-    """Returns a PEM block string describing this trust anchor."""
-
-    cert_data = self.cert.get_cert_pem()
-    block_name = 'TRUST_ANCHOR_UNCONSTRAINED'
-    if self.constrained:
-      block_name = 'TRUST_ANCHOR_CONSTRAINED'
-
-    # Use a different block name in the .pem file, depending on the anchor type.
-    return cert_data.replace('CERTIFICATE', block_name)
-
-
-def write_test_file(description, chain, trust_anchor, utc_time, key_purpose,
-                    verify_result, errors, out_pem=None):
-  """Writes a test file that contains all the inputs necessary to run a
-  verification on a certificate chain."""
+def write_chain(description, chain, out_pem):
+  """Writes the chain to a .pem file as a series of CERTIFICATE blocks"""
 
   # Prepend the script name that generated the file to the description.
   test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
 
   # Write the certificate chain to the output file.
   for cert in chain:
     test_data += '\n' + cert.get_cert_pem()
 
-  test_data += '\n' + trust_anchor.get_pem()
-  test_data += '\n' + text_data_to_pem('TIME', utc_time)
-
-  verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
-  test_data += '\n' + text_data_to_pem('VERIFY_RESULT', verify_result_string)
-
-  test_data += '\n' + text_data_to_pem('KEY_PURPOSE', key_purpose)
-
-  if errors is not None:
-    test_data += '\n' + text_data_to_pem('ERRORS', errors)
-
-  if not out_pem:
-    out_pem = g_script_name + '.pem'
   write_string_to_file(test_data, out_pem)
 
 
 def write_string_to_file(data, path):
   with open(path, 'w') as f:
     f.write(data)
 
 
 def read_file_to_string(path):
   with open(path, 'r') as f:
     return f.read()
 
 
 def init(invoking_script_path):
   """Creates an output directory to contain all the temporary files that may be
   created, as well as determining the path for the final output. These paths
   are all based off of the name of the calling script.
   """
 
-  global g_out_dir
-  global g_script_name
+  global g_tmp_dir
 
   # The scripts assume to be run from within their containing directory (paths
   # to things like "keys/" are written relative).
   expected_cwd = os.path.realpath(os.path.dirname(invoking_script_path))
   actual_cwd = os.path.realpath(os.getcwd())
   if actual_cwd != expected_cwd:
     sys.stderr.write(
         ('Your current working directory must be that containing the python '
          'scripts:\n%s\nas the script may reference paths relative to this\n')
         % (expected_cwd))
     sys.exit(1)
 
-  # Base the output name off of the invoking script's name.
-  out_name = os.path.splitext(os.path.basename(invoking_script_path))[0]
-
-  # Strip the leading 'generate-'
-  if out_name.startswith('generate-'):
-    out_name = out_name[9:]
-
   # Use an output directory with the same name as the invoking script.
-  g_out_dir = os.path.join('out', out_name)
+  g_tmp_dir = 'out'
 
   # Ensure the output directory exists and is empty.
-  sys.stdout.write('Creating output directory: %s\n' % (g_out_dir))
-  shutil.rmtree(g_out_dir, True)
-  os.makedirs(g_out_dir)
-
-  g_script_name = out_name
+  sys.stdout.write('Creating output directory: %s\n' % (g_tmp_dir))
+  shutil.rmtree(g_tmp_dir, True)
+  os.makedirs(g_tmp_dir)
 
 
 def create_self_signed_root_certificate(name):
   return Certificate(name, TYPE_CA, None)
 
 
 def create_intermediate_certificate(name, issuer):
   return Certificate(name, TYPE_CA, issuer)
 
 
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
 init(sys.argv[0])