Chromium Code Reviews Chromium Code Reviews
Issue 2805213004:
Refactor how net/data/verify_certificate_chain_unittest/* (Closed)
| Index: net/data/verify_certificate_chain_unittest/common.py |
| diff --git a/net/data/verify_certificate_chain_unittest/common.py b/net/data/verify_certificate_chain_unittest/common.py |
| index a9b2ed7de78598dcac82a9b9f182aa8e4f7e1f37..21b7f5434a83786634a33ada9b3b1053de8a081b 100755 |
| --- a/net/data/verify_certificate_chain_unittest/common.py |
| +++ b/net/data/verify_certificate_chain_unittest/common.py |
| @@ -52,16 +52,11 @@ DEFAULT_KEY_PURPOSE = KEY_PURPOSE_SERVER_AUTH |
| g_cur_path_id = {} |
| # Output paths used: |
| -# - g_out_dir: where any temporary files (cert req, signing db etc) are |
| +# - g_tmp_dir: where any temporary files (cert req, signing db etc) are |
| # saved to. |
| -# - g_script_name: the name of the invoking script. For instance if this is |
| -# being run by generate-foo.py then g_script_name will be |
| -# 'foo' |
| -# |
| -# See init() for how these are assigned, based on the name of the calling |
| -# script. |
| -g_out_dir = None |
| -g_script_name = None |
| + |
| +# See init() for how these are assigned. |
| +g_tmp_dir = None |
| # The default validity range of generated certificates. Can be modified with |
| # set_default_validity_range(). |
| @@ -95,8 +90,8 @@ def get_unique_path_id(name): |
| return '%s_%d' % (name, path_id) |
| -def get_path_in_output_dir(name, suffix): |
| - return os.path.join(g_out_dir, '%s%s' % (name, suffix)) |
| +def get_path_in_tmp_dir(name, suffix): |
| + return os.path.join(g_tmp_dir, '%s%s' % (name, suffix)) |
| class Key(object): |
| @@ -159,12 +154,8 @@ def create_key_path(base_name): |
| "keys/" directory. If create_key_path(xxx) is called more than once during |
| the script run, a suffix will be added.""" |
| - # Save keys to CWD/keys/<generate-script-name>/*.key |
| - # Hack: if the script name was generate-certs.py, then just save to |
| - # 'keys/*.key' (used by external consumers of common.py) |
| +#Save keys to CWD / keys / < generate - script - name >/*.key |
|
mattm
2017/05/02 06:43:46
indentation, space after #
are the internal space
eroman
2017/05/02 19:20:23
Done.
(I think these lines got messed up by some
|
| keys_dir = 'keys' |
| - if g_script_name != 'certs': |
| - keys_dir = os.path.join(keys_dir, g_script_name) |
| # Create the keys directory if it doesn't exist |
| if not os.path.exists(keys_dir): |
| @@ -259,14 +250,14 @@ class Certificate(object): |
| def get_path(self, suffix): |
| """Forms a path to an output file for this certificate, containing the |
| indicated suffix. The certificate's name will be used as its basis.""" |
| - return os.path.join(g_out_dir, '%s%s' % (self.path_id, suffix)) |
| + return os.path.join(g_tmp_dir, '%s%s' % (self.path_id, suffix)) |
| def get_name_path(self, suffix): |
| """Forms a path to an output file for this CA, containing the indicated |
| suffix. If multiple certificates have the same name, they will use the same |
| path.""" |
| - return get_path_in_output_dir(self.name, suffix) |
| + return get_path_in_tmp_dir(self.name, suffix) |
| def set_key(self, key): |
| @@ -414,7 +405,7 @@ class Certificate(object): |
| section = self.config.get_section('root_ca') |
| section.set_property('certificate', self.get_cert_path()) |
| - section.set_property('new_certs_dir', g_out_dir) |
| + section.set_property('new_certs_dir', g_tmp_dir) |
| section.set_property('serial', self.get_serial_path()) |
| section.set_property('database', self.get_database_path()) |
| section.set_property('unique_subject', 'no') |
| @@ -466,30 +457,8 @@ def text_data_to_pem(block_header, text_data): |
| block_header, base64.b64encode(text_data), block_header) |
| -class TrustAnchor(object): |
| - """Structure that represents a trust anchor.""" |
| - |
| - def __init__(self, cert, constrained=False): |
| - self.cert = cert |
| - self.constrained = constrained |
| - |
| - |
| - def get_pem(self): |
| - """Returns a PEM block string describing this trust anchor.""" |
| - |
| - cert_data = self.cert.get_cert_pem() |
| - block_name = 'TRUST_ANCHOR_UNCONSTRAINED' |
| - if self.constrained: |
| - block_name = 'TRUST_ANCHOR_CONSTRAINED' |
| - |
| - # Use a different block name in the .pem file, depending on the anchor type. |
| - return cert_data.replace('CERTIFICATE', block_name) |
| - |
| - |
| -def write_test_file(description, chain, trust_anchor, utc_time, key_purpose, |
| - verify_result, errors, out_pem=None): |
| - """Writes a test file that contains all the inputs necessary to run a |
| - verification on a certificate chain.""" |
| +def write_chain(description, chain, out_pem): |
| + """Writes the chain to a .pem file as a series of CERTIFICATE blocks""" |
| # Prepend the script name that generated the file to the description. |
| test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description) |
| @@ -498,19 +467,6 @@ def write_test_file(description, chain, trust_anchor, utc_time, key_purpose, |
| for cert in chain: |
| test_data += '\n' + cert.get_cert_pem() |
| - test_data += '\n' + trust_anchor.get_pem() |
| - test_data += '\n' + text_data_to_pem('TIME', utc_time) |
| - |
| - verify_result_string = 'SUCCESS' if verify_result else 'FAIL' |
| - test_data += '\n' + text_data_to_pem('VERIFY_RESULT', verify_result_string) |
| - |
| - test_data += '\n' + text_data_to_pem('KEY_PURPOSE', key_purpose) |
| - |
| - if errors is not None: |
| - test_data += '\n' + text_data_to_pem('ERRORS', errors) |
| - |
| - if not out_pem: |
| - out_pem = g_script_name + '.pem' |
| write_string_to_file(test_data, out_pem) |
| @@ -530,8 +486,7 @@ def init(invoking_script_path): |
| are all based off of the name of the calling script. |
| """ |
| - global g_out_dir |
| - global g_script_name |
| + global g_tmp_dir |
| # The scripts assume to be run from within their containing directory (paths |
| # to things like "keys/" are written relative). |
| @@ -544,22 +499,13 @@ def init(invoking_script_path): |
| % (expected_cwd)) |
| sys.exit(1) |
| - # Base the output name off of the invoking script's name. |
| - out_name = os.path.splitext(os.path.basename(invoking_script_path))[0] |
| - |
| - # Strip the leading 'generate-' |
| - if out_name.startswith('generate-'): |
| - out_name = out_name[9:] |
| - |
| # Use an output directory with the same name as the invoking script. |
| - g_out_dir = os.path.join('out', out_name) |
| + g_tmp_dir = 'out' |
| # Ensure the output directory exists and is empty. |
| - sys.stdout.write('Creating output directory: %s\n' % (g_out_dir)) |
| - shutil.rmtree(g_out_dir, True) |
| - os.makedirs(g_out_dir) |
| - |
| - g_script_name = out_name |
| + sys.stdout.write('Creating output directory: %s\n' % (g_tmp_dir)) |
| + shutil.rmtree(g_tmp_dir, True) |
| + os.makedirs(g_tmp_dir) |
| def create_self_signed_root_certificate(name): |
