OLD | NEW |
---|---|
1 # Copyright 2016 The Chromium Authors. All rights reserved. | 1 # Copyright 2016 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 '''Generates a test suite from NIST PKITS test descriptions. | 5 '''Generates a test suite from NIST PKITS test descriptions. |
6 | 6 |
7 The output is a set of Type Parameterized Tests which are included by | 7 The output is a set of Type Parameterized Tests which are included by |
8 pkits_unittest.h. See pkits_unittest.h for information on using the tests. | 8 pkits_unittest.h. See pkits_unittest.h for information on using the tests. |
9 GoogleTest has a limit of 50 tests per type parameterized testcase, so the tests | 9 GoogleTest has a limit of 50 tests per type parameterized testcase, so the tests |
10 are split up by section number (this also makes it possible to easily skip | 10 are split up by section number (this also makes it possible to easily skip |
(...skipping 14 matching lines...) Expand all Loading... | |
25 return s.translate(None, ' -') | 25 return s.translate(None, ' -') |
26 | 26 |
27 | 27 |
28 def finalize_test_case(test_case_name, sanitized_test_names, output): | 28 def finalize_test_case(test_case_name, sanitized_test_names, output): |
29 output.write('\nWRAPPED_REGISTER_TYPED_TEST_CASE_P(%s' % test_case_name) | 29 output.write('\nWRAPPED_REGISTER_TYPED_TEST_CASE_P(%s' % test_case_name) |
30 for name in sanitized_test_names: | 30 for name in sanitized_test_names: |
31 output.write(',\n %s' % name) | 31 output.write(',\n %s' % name) |
32 output.write(');\n') | 32 output.write(');\n') |
33 | 33 |
34 | 34 |
35 def generate_test(test_case_name, test_number, raw_test_name, certs, crls, shoul d_validate, | 35 def bool_to_str(b): |
36 output): | 36 return "true" if b else "false" |
37 | |
38 | |
39 def output_test(test_case_name, test_number, raw_test_name, subpart_number, | |
40 info, certs, crls, sanitized_test_names, output): | |
41 '''Writes a test case to |output|, and appends the test name to | |
42 |sanitized_test_names|.''' | |
37 sanitized_test_name = 'Section%s%s' % (test_number.split('.')[1], | 43 sanitized_test_name = 'Section%s%s' % (test_number.split('.')[1], |
38 sanitize_name(raw_test_name)) | 44 sanitize_name(raw_test_name)) |
45 | |
46 if subpart_number is not None: | |
47 sanitized_test_name += "Subpart%d" % (subpart_number) | |
48 | |
49 sanitized_test_names.append(sanitized_test_name) | |
50 | |
39 certs_formatted = ', '.join('"%s"' % n for n in certs) | 51 certs_formatted = ', '.join('"%s"' % n for n in certs) |
40 crls_formatted = ', '.join('"%s"' % n for n in crls) | 52 crls_formatted = ', '.join('"%s"' % n for n in crls) |
41 assert_function = 'ASSERT_TRUE' if should_validate else 'ASSERT_FALSE' | 53 assert_function = 'ASSERT_TRUE' if info.should_validate else 'ASSERT_FALSE' |
54 | |
42 output.write(''' | 55 output.write(''' |
43 // %(test_number)s %(raw_test_name)s | 56 // %(test_number)s %(raw_test_name)s |
44 WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) { | 57 WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) { |
45 const char* const certs[] = { | 58 const char* const certs[] = { |
46 %(certs_formatted)s | 59 %(certs_formatted)s |
47 }; | 60 }; |
48 const char* const crls[] = { | 61 const char* const crls[] = { |
49 %(crls_formatted)s | 62 %(crls_formatted)s |
50 }; | 63 }; |
51 %(assert_function)s(this->Verify(certs, crls)); | 64 ''' % vars()) |
65 | |
66 default_settings = TestInfo(False) | |
67 | |
68 settings_str = '' | |
69 | |
70 # Output any non-default settings. Only settings that differ from | |
71 # the default settings are written, so as to keep the generated | |
72 # file more readable. | |
73 if info.initial_policy_set != default_settings.initial_policy_set: | |
74 settings_str += ''' settings.SetInitialPolicySet("%s"); | |
75 ''' % (','.join(info.initial_policy_set)) | |
76 | |
77 if info.initial_explicit_policy != default_settings.initial_explicit_policy: | |
78 settings_str += ''' settings.initial_explicit_policy = %s; | |
79 ''' % bool_to_str(info.initial_explicit_policy) | |
80 | |
81 if (info.initial_policy_mapping_inhibit != | |
82 default_settings.initial_policy_mapping_inhibit): | |
83 settings_str += ''' settings.initial_policy_mapping_inhibit = %s; | |
84 ''' % bool_to_str(info.initial_policy_mapping_inhibit) | |
85 | |
86 if (info.initial_inhibit_any_policy != | |
87 default_settings.initial_inhibit_any_policy): | |
88 settings_str += '''settings.initial_inhibit_any_policy = %s; | |
89 ''' % bool_to_str(info.initial_inhibit_any_policy) | |
90 | |
91 settings_param_str = '{}' | |
92 | |
93 if settings_str != '': | |
94 output.write(''' | |
95 // Custom settings | |
96 PkitsTestSettings settings; | |
97 ''') | |
98 output.write(settings_str) | |
99 output.write('\n') | |
100 settings_param_str = 'settings' | |
101 | |
102 output.write(''' %(assert_function)s(this->Verify(certs, crls, %(settings_par am_str)s)); | |
52 } | 103 } |
53 ''' % vars()) | 104 ''' % vars()) |
54 | 105 |
55 return sanitized_test_name | |
56 | |
57 | 106 |
58 # Matches a section header, ex: "4.1 Signature Verification" | 107 # Matches a section header, ex: "4.1 Signature Verification" |
59 SECTION_MATCHER = re.compile('^\s*(\d+\.\d+)\s+(.+)\s*$') | 108 SECTION_MATCHER = re.compile('^\s*(\d+\.\d+)\s+(.+)\s*$') |
60 # Matches a test header, ex: "4.1.1 Valid Signatures Test1" | 109 # Matches a test header, ex: "4.1.1 Valid Signatures Test1" |
61 TEST_MATCHER = re.compile('^\s*(\d+\.\d+.\d+)\s+(.+)\s*$') | 110 TEST_MATCHER = re.compile('^\s*(\d+\.\d+.\d+)\s+(.+)\s*$') |
111 | |
112 # Matches the various headers in a test specification. | |
113 EXPECTED_HEADER_MATCHER = re.compile('^\s*Expected Result:') | |
114 PROCEDURE_HEADER_MATCHER = re.compile('^\s*Procedure:') | |
115 PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:') | |
116 | |
117 # Matches the Procedure text if using default settings. | |
118 USING_DEFAULT_SETTINGS_MATCHER = re.compile( | |
119 '^.*using the \s*default settings.*') | |
120 | |
121 # Matches the description text if using custom settings. | |
122 CUSTOM_SETTINGS_MATCHER = re.compile( | |
123 '.*this\s+test\s+be\s+validated\s+using\s+the\s*following\s+inputs:.*') | |
mattm
2017/05/25 22:11:16
why \s* between "the" and "following"?
eroman
2017/05/25 22:42:59
Done (bad translation on my part).
I had to gener
| |
124 | |
62 # Match an expected test result. Note that some results in the PDF have a typo | 125 # Match an expected test result. Note that some results in the PDF have a typo |
63 # "path not should validate" instead of "path should not validate". | 126 # "path not should validate" instead of "path should not validate". |
64 TEST_RESULT_MATCHER = re.compile( | 127 TEST_RESULT_MATCHER = re.compile( |
65 '^\s*Expected Result:.*path (should validate|' | 128 '^.*path (should validate|should not validate|not should validate)') |
66 'should not validate|not should validate)') | 129 |
67 PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:') | 130 # Matches a line in the certification path, ex: |
68 # Matches a line in the certification path, ex: "\u2022 Good CA Cert, Good CA CR L" | 131 # "\u2022 Good CA Cert, Good CA CRL" |
69 PATH_MATCHER = re.compile('^\s*\xe2\x80\xa2\s*(.+)\s*$') | 132 PATH_MATCHER = re.compile('^\s*\xe2\x80\xa2\s*(.+)\s*$') |
70 # Matches a page number. These may appear in the middle of multi-line fields and | 133 # Matches a page number. These may appear in the middle of multi-line fields and |
71 # thus need to be ignored. | 134 # thus need to be ignored. |
72 PAGE_NUMBER_MATCHER = re.compile('^\s*\d+\s*$') | 135 PAGE_NUMBER_MATCHER = re.compile('^\s*\d+\s*$') |
73 # Matches if an entry in a certification path refers to a CRL, ex: | 136 # Matches if an entry in a certification path refers to a CRL, ex: |
74 # "onlySomeReasons CA2 CRL1". | 137 # "onlySomeReasons CA2 CRL1". |
75 CRL_MATCHER = re.compile('^.*CRL\d*$') | 138 CRL_MATCHER = re.compile('^.*CRL\d*$') |
76 def parse_test(lines, i, test_case_name, test_number, test_name, output): | 139 |
77 expected_result = None | 140 |
141 class TestSections(object): | |
142 def __init__(self): | |
143 self.description_lines = [] | |
144 self.procedure_lines = [] | |
145 self.expected_result_lines = [] | |
146 self.cert_path_lines = [] | |
147 | |
148 | |
149 def parse_main_test_sections(lines, i): | |
150 result = TestSections() | |
151 | |
152 # Read the description lines (text after test name up until | |
153 # "Procedure:"). | |
154 result.description_lines = [] | |
155 while i < len(lines): | |
156 if PROCEDURE_HEADER_MATCHER.match(lines[i]): | |
157 break | |
158 result.description_lines.append(lines[i]) | |
159 i += 1 | |
160 | |
161 # Read the procedure lines (text starting at "Procedure:" and up until | |
162 # "Expected Result:". | |
163 result.procedure_lines = [] | |
164 while i < len(lines): | |
165 if EXPECTED_HEADER_MATCHER.match(lines[i]): | |
166 break | |
167 result.procedure_lines.append(lines[i]) | |
168 i += 1 | |
169 | |
170 # Read the expected result lines (text starting at "Expected Result:" and up | |
171 # until "Certification Path:". | |
172 result.expected_result_lines = [] | |
173 while i < len(lines): | |
174 if PATH_HEADER_MATCHER.match(lines[i]): | |
175 break | |
176 result.expected_result_lines.append(lines[i]) | |
177 i += 1 | |
178 | |
179 # Read the certification path lines (text starting at "Certification Path:" | |
180 # and up until the next test title. | |
181 result.cert_path_lines = [] | |
182 while i < len(lines): | |
183 if TEST_MATCHER.match(lines[i]) or SECTION_MATCHER.match(lines[i]): | |
184 break | |
185 result.cert_path_lines.append(lines[i]) | |
186 i += 1 | |
187 | |
188 return i, result | |
189 | |
190 | |
191 def parse_cert_path_lines(lines): | |
192 path_lines = [] | |
193 crls = [] | |
78 certs = [] | 194 certs = [] |
79 crls = [] | |
80 | 195 |
81 while i < len(lines): | 196 for line in lines[1:]: |
82 result_match = TEST_RESULT_MATCHER.match(lines[i]) | 197 line = line.strip() |
83 i += 1 | |
84 if result_match: | |
85 expected_result = result_match.group(1) == 'should validate' | |
86 break | |
87 | 198 |
88 while i < len(lines): | 199 if "is composed of the following objects:" in line: |
89 path_match = PATH_HEADER_MATCHER.match(lines[i]) | 200 continue |
90 i += 1 | |
91 if path_match: | |
92 break | |
93 | 201 |
94 path_lines = [] | |
95 while i < len(lines): | |
96 line = lines[i].strip() | |
97 if TEST_MATCHER.match(line) or SECTION_MATCHER.match(line): | |
98 break | |
99 i += 1 | |
100 if not line or PAGE_NUMBER_MATCHER.match(line): | 202 if not line or PAGE_NUMBER_MATCHER.match(line): |
101 continue | 203 continue |
102 path_match = PATH_MATCHER.match(line) | 204 path_match = PATH_MATCHER.match(line) |
103 if path_match: | 205 if path_match: |
104 path_lines.append(path_match.group(1)) | 206 path_lines.append(path_match.group(1)) |
105 continue | 207 continue |
106 # Continuation of previous path line. | 208 # Continuation of previous path line. |
107 path_lines[-1] += ' ' + line | 209 path_lines[-1] += ' ' + line |
108 | 210 |
109 for path_line in path_lines: | 211 for path_line in path_lines: |
110 for path in path_line.split(','): | 212 for path in path_line.split(','): |
111 path = sanitize_name(path.strip()) | 213 path = sanitize_name(path.strip()) |
112 if CRL_MATCHER.match(path): | 214 if CRL_MATCHER.match(path): |
113 crls.append(path) | 215 crls.append(path) |
114 else: | 216 else: |
115 certs.append(path) | 217 certs.append(path) |
116 | 218 |
117 assert certs | 219 return certs, crls |
118 assert crls | 220 |
119 assert expected_result is not None | 221 |
120 sanitized_test_name = generate_test(test_case_name, test_number, test_name, | 222 ANY_POLICY = 'anyPolicy' |
121 certs, crls, expected_result, output) | 223 TEST_POLICY_1 = 'NIST-test-policy-1' |
122 | 224 TEST_POLICY_2 = 'NIST-test-policy-2' |
123 return i, sanitized_test_name | 225 TEST_POLICY_3 = 'NIST-test-policy-3' |
226 TEST_POLICY_6 = 'NIST-test-policy-6' | |
227 | |
228 class TestInfo(object): | |
229 """This structure describes a test inputs and outputs""" | |
mattm
2017/05/25 22:11:16
add a todo for testing user-constrained-policy-set
eroman
2017/05/25 22:42:58
Done.
I don't think those are too important as fa
mattm
2017/05/25 23:28:22
sgtm. (I think user-constrained-policy-set is act
| |
230 def __init__(self, should_validate, | |
231 # These defaults come from section 3 of PKITS.pdf | |
232 initial_policy_set = [ANY_POLICY], | |
233 initial_explicit_policy = False, | |
234 initial_policy_mapping_inhibit = False, | |
235 initial_inhibit_any_policy = False): | |
236 self.should_validate = should_validate | |
237 self.initial_policy_set = initial_policy_set | |
238 self.initial_explicit_policy = initial_explicit_policy | |
239 self.initial_policy_mapping_inhibit = initial_policy_mapping_inhibit | |
240 self.initial_inhibit_any_policy = initial_inhibit_any_policy | |
241 | |
242 | |
243 TEST_OVERRIDES = { | |
244 '4.8.1': [ | |
245 # 1. default settings, but with initial-explicit-policy set. The path | |
246 # should validate successfully | |
247 TestInfo(True, initial_explicit_policy=True), | |
248 | |
249 # 2. default settings, but with initial-explicit-policy set and | |
250 # initial-policy-set = {NIST-test-policy-1}. The path should validate | |
251 # successfully. | |
252 TestInfo(True, initial_explicit_policy=True, | |
253 initial_policy_set=[TEST_POLICY_1]), | |
254 | |
255 # 3. default settings, but with initial-explicit-policy set and | |
256 # initial-policy-set = {NIST-test-policy-2}. The path should not validate | |
257 # successfully. | |
258 TestInfo(False, initial_explicit_policy=True, | |
259 initial_policy_set=[TEST_POLICY_2]), | |
mattm
2017/05/25 22:11:16
what about 4.8.1 "4. default settings, but with in
eroman
2017/05/25 22:42:59
Done.
Wow, not sure how that got missed! Thanks f
eroman
2017/05/26 00:01:46
FTR: I reviewed all of the manual expectations, an
| |
260 ], | |
261 | |
262 '4.8.2': [ | |
263 # 1. default settings. The path should validate successfully. | |
264 TestInfo(True), | |
265 | |
266 # 2. default settings, but with initial-explicit-policy set. The path | |
267 # should not validate successfully | |
268 TestInfo(False, initial_explicit_policy=True), | |
269 ], | |
270 | |
271 '4.8.3': [ | |
272 # 1. default settings. The path should validate successfully. | |
273 TestInfo(True), | |
274 | |
275 # 2. default settings, but with initial-explicit-policy set. The path | |
276 # should not validate successfully. | |
277 TestInfo(False, initial_explicit_policy=True), | |
278 | |
279 # 3. default settings, but with initial-explicit-policy set and | |
280 # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path | |
281 # should not validate successfully. | |
282 TestInfo(False, initial_explicit_policy=True, | |
283 initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2]), | |
284 ], | |
285 | |
286 '4.8.4': [ | |
287 # If the application can process the policyConstraints extension then the | |
288 # path should not validate successfully. If the application can not process | |
289 # the policyConstraints extension, then the path should validate | |
290 # successfully | |
291 TestInfo(False), | |
292 ], | |
293 | |
294 '4.8.5': [ | |
295 # If the application can process the policyConstraints extension then the | |
296 # path should not validate successfully. If the application can not process | |
297 # the policyConstraints extension, then the path should validate | |
298 # successfully. | |
299 TestInfo(False), | |
300 ], | |
301 | |
302 '4.8.6': [ | |
303 # 1. default settings. The path should validate successfully. | |
304 TestInfo(True), | |
305 | |
306 # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
307 # The path should validate successfully. | |
308 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
309 | |
310 # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
311 # The path should not validate successfully. | |
312 TestInfo(False, initial_policy_set=[TEST_POLICY_2]), | |
313 ], | |
314 | |
315 '4.8.7': [ | |
316 # If the application can process the policyConstraints extension, then the | |
317 # path should not validate successfully. If the application can not | |
318 # process the policyConstraints extension, then the path should | |
319 # validate successfully. | |
320 TestInfo(False), | |
321 ], | |
322 | |
323 '4.8.8': [ | |
324 # If the application can process the policyConstraints extension then the | |
325 # path should not validate successfully. If the application can not process | |
326 # the policyConstraints extension, then the path should validate | |
327 # successfully. | |
328 TestInfo(False), | |
329 ], | |
330 | |
331 '4.8.9': [ | |
332 # If the application can process the policyConstraints extension, then the | |
333 # path should not validate successfully. If the application can not | |
334 # process the policyConstraints extension, then the path should validate | |
335 # successfully. | |
336 TestInfo(False), | |
337 ], | |
338 | |
339 '4.8.10': [ | |
340 # 1. default settings. The path should validate successfully. | |
341 TestInfo(True), | |
342 | |
343 # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
344 # The path should validate successfully. | |
345 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
346 | |
347 # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
348 # The path should validate successfully. | |
349 TestInfo(True, initial_policy_set=[TEST_POLICY_2]), | |
350 ], | |
351 | |
352 '4.8.11': [ | |
353 # 1. default settings. The path should validate successfully. | |
354 TestInfo(True), | |
355 | |
356 # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
357 # The path should validate successfully. | |
358 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
359 ], | |
360 | |
361 '4.8.12': [ | |
362 # If the application can process the policyConstraints extension, then the | |
363 # path should not validate successfully. If the application can not | |
364 # process the policyConstraints extension, then the path should | |
365 # validate successfully. | |
366 TestInfo(False), | |
367 ], | |
368 | |
369 '4.8.13': [ | |
370 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
371 # The path should validate successfully. | |
372 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
373 | |
374 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
375 # The path should validate successfully. | |
376 TestInfo(True, initial_policy_set=[TEST_POLICY_2]), | |
377 | |
378 # 3. default settings, but with initial-policy-set = {NIST-test-policy-3}. | |
379 # The path should validate successfully. | |
380 TestInfo(True, initial_policy_set=[TEST_POLICY_3]), | |
381 ], | |
382 | |
383 '4.8.14': [ | |
384 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
385 # The path should validate successfully. | |
386 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
387 | |
388 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
389 # The path should not validate successfully. | |
390 TestInfo(False, initial_policy_set=[TEST_POLICY_2]), | |
391 ], | |
392 | |
393 '4.8.15': [ | |
394 # If the path validates successfully, then the application should display | |
395 # the user notice. | |
396 TestInfo(True), | |
397 ], | |
398 | |
399 '4.8.16': [ | |
400 # If the path validates successfully, then the application should display | |
401 # the user notice associated with NIST-test-policy-1. | |
402 TestInfo(True), | |
403 ], | |
404 | |
405 '4.8.17': [ | |
406 # If the path validates successfully, then the application should display | |
407 # the user notice associated with anyPolicy | |
408 TestInfo(True), | |
409 ], | |
410 | |
411 '4.8.18': [ | |
412 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
413 # The path should validate successfully and the qualifier associated with | |
414 # NIST-test-policy-1 in the end entity certificate should be displayed. | |
415 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
416 | |
417 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
418 # The path should validate successfully and the qualifier associated with | |
419 # anyPolicy in the end entity certificate should be displayed. | |
420 TestInfo(True, initial_policy_set=[TEST_POLICY_2]), | |
421 ], | |
422 | |
423 '4.8.19': [ | |
424 # Since the explicitText exceeds the maximum size of 200 characters, | |
425 # the application may choose to reject the certificate. If the application | |
426 # accepts the certificate, display of the user notice is optional. | |
427 TestInfo(True), | |
428 ], | |
429 | |
430 '4.8.20': [ | |
431 # If possible, it is recommended that this test be run with the | |
432 # initial-explicit-policy indicator set | |
433 # ... | |
434 # If the initial-explicit-policy indicator is set | |
435 # and the initial-policy-set does not include NIST-test-policy-1, then the | |
436 # path should be rejected, otherwise it should validate successfully | |
437 TestInfo(True, initial_explicit_policy=True, | |
438 initial_policy_set=[TEST_POLICY_1]), | |
439 ], | |
440 | |
441 '4.10.1': [ | |
442 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
443 # The path should validate successfully. | |
444 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
445 | |
446 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
447 # The path should not validate successfully. | |
448 TestInfo(False, initial_policy_set=[TEST_POLICY_2]), | |
449 | |
450 # 3. default settings, but with initial-policy-mapping-inhibit set. The | |
451 # path should not validate successfully. | |
452 TestInfo(False, initial_policy_mapping_inhibit=True), | |
453 ], | |
454 | |
455 '4.10.2': [ | |
456 # 1. default settings. The path should not validate successfully. | |
457 TestInfo(False), | |
458 | |
459 # 2. default settings, but with initial-policy-mapping-inhibit set. The | |
460 # path should not validate successfully. | |
461 TestInfo(False, initial_policy_mapping_inhibit=True), | |
462 ], | |
463 | |
464 '4.10.3': [ | |
465 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
466 # The path should not validate successfully. | |
467 TestInfo(False, initial_policy_set=[TEST_POLICY_1]), | |
468 | |
469 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
470 # The path should validate successfully. | |
471 TestInfo(True, initial_policy_set=[TEST_POLICY_2]), | |
472 ], | |
473 | |
474 '4.10.4': [ | |
475 # If the application can process the policyConstraints extension, then the | |
476 # path should be rejected, otherwise it should validate successfully | |
477 TestInfo(False), | |
478 ], | |
479 | |
480 '4.10.5': [ | |
481 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
482 # The path should validate successfully. | |
483 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
484 | |
485 # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. | |
486 # The path should not validate successfully. | |
487 TestInfo(False, initial_policy_set=[TEST_POLICY_6]), | |
488 ], | |
489 | |
490 '4.10.6': [ | |
491 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
492 # The path should validate successfully. | |
493 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
494 | |
495 # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. | |
496 # The path should not validate successfully. | |
497 TestInfo(False, initial_policy_set=[TEST_POLICY_6]), | |
498 ], | |
499 | |
500 '4.10.7': [ | |
501 # The path should not validate successfully since the intermediate | |
502 # certificate includes a policy mapping extension in which anyPolicy | |
503 # appears as an issuerDomainPolicy. | |
504 TestInfo(False), | |
505 ], | |
506 | |
507 '4.10.8': [ | |
508 # The path should not validate successfully since the intermediate | |
509 # certificate includes a policy mapping extension in which anyPolicy | |
510 # appears as an subjectDomainPolicy | |
511 TestInfo(False), | |
512 ], | |
513 | |
514 '4.10.9': [ | |
515 # If the initial-policy-set does not include NIST-test-policy-1 (and the | |
516 # application can process the policyConstraints extension), then the path | |
517 # should be rejected, otherwise it should validate successfully. | |
518 TestInfo(True), | |
519 ], | |
520 | |
521 '4.10.10': [ | |
522 # If the application can process the policyConstraints extension, then the | |
523 # path should be rejected, otherwise it should validate successfully | |
524 TestInfo(False), | |
525 ], | |
526 | |
527 '4.10.11': [ | |
528 # If the initial-policy-set does not include NIST-test-policy-1 (and the | |
529 # application can process the policyConstraints extension), then the path | |
530 # should be rejected, otherwise it should validate successfully. | |
531 TestInfo(True), | |
532 ], | |
533 | |
534 '4.10.12': [ | |
535 # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. | |
536 # The path should validate successfully and the application should display | |
537 # the user notice associated with NIST-test-policy-3 in the end entity | |
538 # certificate. | |
539 TestInfo(True, initial_policy_set=[TEST_POLICY_1]), | |
540 | |
541 # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. | |
542 # The path should validate successfully and the application should display | |
543 # the user notice associated with anyPolicy in the end entity certificate. | |
544 TestInfo(True, initial_policy_set=[TEST_POLICY_2]), | |
545 ], | |
546 | |
547 '4.10.13': [ | |
548 # If the initial-policy-set does not include NIST-test-policy-1 (and the | |
549 # application can process the policyConstraints extension), then the path | |
550 # should be rejected, otherwise it should validate successfully. If the | |
551 # path is accepted, the application should display the user notice | |
552 # associated with NIST-testpolicy-1 in the intermediate certificate. | |
553 TestInfo(True), | |
554 ], | |
555 | |
556 '4.10.14': [ | |
557 # If the initial-policy-set does not include NIST-test-policy-1 (and the | |
558 # application can process the policyConstraints extension), then the path | |
559 # should be rejected, otherwise it should validate successfully. If the | |
560 # path is accepted, the application should display the user notice | |
561 # associated with anyPolicy in the intermediate certificate. | |
562 TestInfo(True), | |
563 ], | |
564 | |
565 '4.11.1': [ | |
566 # The path should not validate successfully. | |
567 TestInfo(False), | |
568 ], | |
569 | |
570 '4.11.2': [ | |
571 # If the initial-policy-set is any-policy or otherwise includes | |
572 # NIST-test-policy-1, then the path should validate successfully. | |
573 TestInfo(True), | |
574 ], | |
575 | |
576 '4.11.3': [ | |
577 # The path should not validate successfully. | |
578 TestInfo(False), | |
579 ], | |
580 | |
581 '4.11.4': [ | |
582 # If the initial-policy-set is any-policy or otherwise includes | |
583 # NIST-test-policy-2, then the path should validate successfully. | |
584 TestInfo(True), | |
585 ], | |
586 | |
587 '4.11.5': [ | |
588 # The path should not validate successfully. | |
589 TestInfo(False), | |
590 ], | |
591 | |
592 '4.11.6': [ | |
593 # The path should not validate successfully. | |
594 TestInfo(False), | |
595 ], | |
596 | |
597 '4.11.7': [ | |
598 # If the initial-policy-set is any-policy or otherwise includes | |
599 # NIST-test-policy-1, then the path should validate successfully. | |
600 TestInfo(True), | |
601 ], | |
602 | |
603 '4.11.8': [ | |
604 # The path should not validate successfully. | |
605 TestInfo(False), | |
606 ], | |
607 | |
608 '4.11.9': [ | |
609 # The path should not validate successfully. | |
610 TestInfo(False), | |
611 ], | |
612 | |
613 '4.11.10': [ | |
614 # The path should not validate successfully. | |
615 TestInfo(False), | |
616 ], | |
617 | |
618 '4.11.11': [ | |
619 # The path should not validate successfully. | |
620 TestInfo(False), | |
621 ], | |
622 | |
623 '4.12.1': [ | |
624 # If the application can process the policyConstraints extension, then the | |
625 # path should not validate successfully. | |
626 TestInfo(False), | |
627 ], | |
628 | |
629 '4.12.2': [ | |
630 # If the initial-policy-set is any-policy or otherwise includes | |
631 # NIST-test-policy-1, then the userconstrained-policy-set will be | |
632 # {NIST-test-policy-1}and the path should validate successfully. | |
633 TestInfo(True), | |
634 ], | |
635 | |
636 '4.12.3': [ | |
637 # 1. default settings. The path should validate successfully. | |
638 TestInfo(True), | |
639 | |
640 # 2. default settings, but with initial-inhibit-any-policy set. The path | |
641 # should not validate successfully. | |
642 TestInfo(False, initial_inhibit_any_policy=True), | |
643 ], | |
644 | |
645 '4.12.4': [ | |
646 # If the application can process the policyConstraints extension, then the | |
647 # path should not validate successfully. | |
648 TestInfo(False), | |
649 ], | |
650 | |
651 '4.12.5': [ | |
652 # If the application can process the policyConstraints extension, then the | |
653 # path should not validate successfully. | |
654 TestInfo(False), | |
655 ], | |
656 | |
657 '4.12.6': [ | |
658 # If the application can process the policyConstraints extension, then the | |
659 # path should not validate successfully. | |
660 TestInfo(False), | |
661 ], | |
662 | |
663 '4.12.7': [ | |
664 # If the initial-policy-set is any-policy or otherwise includes | |
665 # NIST-test-policy-1, then the user-constrained-policy-set will be | |
666 # {NIST-test-policy-1} and the path should validate successfully | |
667 TestInfo(True), | |
668 ], | |
669 | |
670 '4.12.8': [ | |
671 # If the application can process the policyConstraints extension, then the | |
672 # path should not validate successfully. | |
673 TestInfo(False), | |
674 ], | |
675 | |
676 '4.12.9': [ | |
677 # If the initial-policy-set is any-policy or otherwise includes | |
678 # NIST-test-policy-1, then the user-constrained-policy-set will be | |
679 # {NIST-test-policy-1}and the path should validate successfully. | |
680 TestInfo(True), | |
681 ], | |
682 | |
683 '4.12.10': [ | |
684 # If the application can process the policyConstraints extension, then the | |
685 # path should not validate successfully. | |
686 TestInfo(False), | |
687 ], | |
688 } | |
689 | |
690 | |
691 def parse_test(lines, i, test_case_name, test_number, test_name, | |
692 sanitized_test_names, output): | |
693 # Start by doing a coarse level of parsing that separates out the lines for | |
694 # the main sections. | |
695 i, test_sections = parse_main_test_sections(lines, i) | |
696 | |
697 certs, crls = parse_cert_path_lines(test_sections.cert_path_lines) | |
698 | |
699 # Most tests have a formulaic specification: they use the default | |
700 # settings, and have one expectation. These are easily parsed and are handled | |
701 # programmatically. In contrast, many of the policies tests have a more | |
702 # complicated specification which involves multiple subtests having various | |
703 # settings, as well as expectations described in terms of supported | |
704 # extensions. Rather than try to handle all the nuanced language, these are | |
705 # handled manually via "overrides". | |
706 overrides = TEST_OVERRIDES.get(test_number, None) | |
707 | |
708 if overrides is None: | |
709 # Verify that the test description doesn't include numbered subparts (those | |
710 # are not handled here). | |
711 if CUSTOM_SETTINGS_MATCHER.match(" ".join(test_sections.description_lines)): | |
712 sys.stderr.write('Unexpected custom settings for %s\n' % test_number) | |
713 sys.exit(1) | |
714 | |
715 # Verify that the test is using only default settings. | |
716 if not USING_DEFAULT_SETTINGS_MATCHER.match( | |
717 " ".join(test_sections.procedure_lines)): | |
718 sys.stderr.write('Unexpected procedure for %s: %s\n' % | |
719 (test_number, " ".join(test_section.procedure_lines))) | |
720 sys.exit(1) | |
721 | |
722 # Check whether expected result is validation success or failure. | |
723 result_match = TEST_RESULT_MATCHER.match( | |
724 test_sections.expected_result_lines[0]) | |
725 if not result_match: | |
726 sys.stderr.write('Unknown expectation for %s:\n%s\n' % ( | |
727 test_number, " ".join(test_sections.expected_result_lines))) | |
728 sys.exit(1) | |
729 # Initializes with default settings. | |
730 info = TestInfo(result_match.group(1) == 'should validate') | |
731 | |
732 output_test(test_case_name, test_number, test_name, None, info, certs, | |
733 crls, sanitized_test_names, output) | |
734 else: | |
735 # The overrides may have a series of inputs (settings) and outputs | |
736 # (success/failure) for this test. Output each as a separate test case. | |
737 for subpart_i in range(len(overrides)): | |
738 info = overrides[subpart_i] | |
739 # If the test has only 1 subpart, don't number it. | |
740 subpart_number = subpart_i + 1 if len(overrides) > 1 else None | |
741 output_test(test_case_name, test_number, test_name, subpart_number, info, | |
742 certs, crls, sanitized_test_names, output) | |
743 | |
744 return i | |
124 | 745 |
125 | 746 |
126 def main(): | 747 def main(): |
127 pkits_pdf_path, output_path = sys.argv[1:] | 748 pkits_pdf_path, output_path = sys.argv[1:] |
128 | 749 |
129 pkits_txt_file = tempfile.NamedTemporaryFile() | 750 pkits_txt_file = tempfile.NamedTemporaryFile() |
130 | 751 |
131 subprocess.check_call(['pdftotext', '-layout', '-nopgbrk', '-eol', 'unix', | 752 subprocess.check_call(['pdftotext', '-layout', '-nopgbrk', '-eol', 'unix', |
132 pkits_pdf_path, pkits_txt_file.name]) | 753 pkits_pdf_path, pkits_txt_file.name]) |
133 | 754 |
(...skipping 23 matching lines...) Expand all Loading... | |
157 while i < len(lines): | 778 while i < len(lines): |
158 section_match = SECTION_MATCHER.match(lines[i]) | 779 section_match = SECTION_MATCHER.match(lines[i]) |
159 match = TEST_MATCHER.match(lines[i]) | 780 match = TEST_MATCHER.match(lines[i]) |
160 i += 1 | 781 i += 1 |
161 | 782 |
162 if section_match: | 783 if section_match: |
163 if test_case_name: | 784 if test_case_name: |
164 finalize_test_case(test_case_name, sanitized_test_names, output) | 785 finalize_test_case(test_case_name, sanitized_test_names, output) |
165 sanitized_test_names = [] | 786 sanitized_test_names = [] |
166 | 787 |
167 # TODO(mattm): Handle certificate policies tests. | |
168 if section_match.group(1) in ('4.8', '4.9', '4.10', '4.11', '4.12'): | |
169 test_case_name = None | |
170 output.write('\n// Skipping section %s\n' % section_match.group(1)) | |
171 continue | |
172 | |
173 test_case_name = 'PkitsTest%02d%s' % ( | 788 test_case_name = 'PkitsTest%02d%s' % ( |
174 int(section_match.group(1).split('.')[-1]), | 789 int(section_match.group(1).split('.')[-1]), |
175 sanitize_name(section_match.group(2))) | 790 sanitize_name(section_match.group(2))) |
176 output.write('\ntemplate <typename PkitsTestDelegate>\n') | 791 output.write('\ntemplate <typename PkitsTestDelegate>\n') |
177 output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' % test _case_name) | 792 output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' % |
793 test_case_name) | |
178 output.write('TYPED_TEST_CASE_P(%s);\n' % test_case_name) | 794 output.write('TYPED_TEST_CASE_P(%s);\n' % test_case_name) |
179 | 795 |
180 if match: | 796 if match: |
181 test_number = match.group(1) | 797 test_number = match.group(1) |
182 test_name = match.group(2) | 798 test_name = match.group(2) |
183 if not test_case_name: | 799 if not test_case_name: |
184 output.write('// Skipped %s %s\n' % (test_number, test_name)) | 800 output.write('// Skipped %s %s\n' % (test_number, test_name)) |
185 continue | 801 continue |
186 i, sanitized_test_name = parse_test(lines, i, test_case_name, test_number, | 802 i, parse_test(lines, i, test_case_name, test_number, |
187 test_name, output) | 803 test_name, sanitized_test_names, output) |
188 if sanitized_test_name: | |
189 sanitized_test_names.append(sanitized_test_name) | |
190 | 804 |
191 if test_case_name: | 805 if test_case_name: |
192 finalize_test_case(test_case_name, sanitized_test_names, output) | 806 finalize_test_case(test_case_name, sanitized_test_names, output) |
193 | 807 |
194 | 808 |
195 if __name__ == '__main__': | 809 if __name__ == '__main__': |
196 main() | 810 main() |
OLD | NEW |