Index: net/third_party/nist-pkits/generate_tests.py |
diff --git a/net/third_party/nist-pkits/generate_tests.py b/net/third_party/nist-pkits/generate_tests.py |
index fe9f9b76af6569e0344841d2b735a23014574361..ddf8eeada323d81662dc8e9cabe991342af56402 100644 |
--- a/net/third_party/nist-pkits/generate_tests.py |
+++ b/net/third_party/nist-pkits/generate_tests.py |
@@ -32,13 +32,26 @@ def finalize_test_case(test_case_name, sanitized_test_names, output): |
output.write(');\n') |
-def generate_test(test_case_name, test_number, raw_test_name, certs, crls, should_validate, |
- output): |
+def bool_to_str(b): |
+ return "true" if b else "false" |
+ |
+ |
+def output_test(test_case_name, test_number, raw_test_name, subpart_number, |
+ info, certs, crls, sanitized_test_names, output): |
+ '''Writes a test case to |output|, and appends the test name to |
+ |sanitized_test_names|.''' |
sanitized_test_name = 'Section%s%s' % (test_number.split('.')[1], |
sanitize_name(raw_test_name)) |
+ |
+ if subpart_number is not None: |
+ sanitized_test_name += "Subpart%d" % (subpart_number) |
+ |
+ sanitized_test_names.append(sanitized_test_name) |
+ |
certs_formatted = ', '.join('"%s"' % n for n in certs) |
crls_formatted = ', '.join('"%s"' % n for n in crls) |
- assert_function = 'ASSERT_TRUE' if should_validate else 'ASSERT_FALSE' |
+ assert_function = 'ASSERT_TRUE' if info.should_validate else 'ASSERT_FALSE' |
+ |
output.write(''' |
// %(test_number)s %(raw_test_name)s |
WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) { |
@@ -48,24 +61,74 @@ WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) { |
const char* const crls[] = { |
%(crls_formatted)s |
}; |
- %(assert_function)s(this->Verify(certs, crls)); |
-} |
''' % vars()) |
- return sanitized_test_name |
+ default_settings = TestInfo(False) |
+ |
+ settings_str = '' |
+ |
+ # Output any non-default settings. Only settings that differ from |
+ # the default settings are written, so as to keep the generated |
+ # file more readable. |
+ if info.initial_policy_set != default_settings.initial_policy_set: |
+ settings_str += ''' settings.SetInitialPolicySet("%s"); |
+''' % (','.join(info.initial_policy_set)) |
+ |
+ if info.initial_explicit_policy != default_settings.initial_explicit_policy: |
+ settings_str += ''' settings.initial_explicit_policy = %s; |
+''' % bool_to_str(info.initial_explicit_policy) |
+ |
+ if (info.initial_policy_mapping_inhibit != |
+ default_settings.initial_policy_mapping_inhibit): |
+ settings_str += ''' settings.initial_policy_mapping_inhibit = %s; |
+''' % bool_to_str(info.initial_policy_mapping_inhibit) |
+ |
+ if (info.initial_inhibit_any_policy != |
+ default_settings.initial_inhibit_any_policy): |
+ settings_str += '''settings.initial_inhibit_any_policy = %s; |
+''' % bool_to_str(info.initial_inhibit_any_policy) |
+ |
+ settings_param_str = '{}' |
+ |
+ if settings_str != '': |
+ output.write(''' |
+ // Custom settings |
+ PkitsTestSettings settings; |
+''') |
+ output.write(settings_str) |
+ output.write('\n') |
+ settings_param_str = 'settings' |
+ |
+ output.write(''' %(assert_function)s(this->Verify(certs, crls, %(settings_param_str)s)); |
+} |
+''' % vars()) |
# Matches a section header, ex: "4.1 Signature Verification" |
SECTION_MATCHER = re.compile('^\s*(\d+\.\d+)\s+(.+)\s*$') |
# Matches a test header, ex: "4.1.1 Valid Signatures Test1" |
TEST_MATCHER = re.compile('^\s*(\d+\.\d+.\d+)\s+(.+)\s*$') |
+ |
+# Matches the various headers in a test specification. |
+EXPECTED_HEADER_MATCHER = re.compile('^\s*Expected Result:') |
+PROCEDURE_HEADER_MATCHER = re.compile('^\s*Procedure:') |
+PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:') |
+ |
+# Matches the Procedure text if using default settings. |
+USING_DEFAULT_SETTINGS_MATCHER = re.compile( |
+ '^.*using the \s*default settings.*') |
+ |
+# Matches the description text if using custom settings. |
+CUSTOM_SETTINGS_MATCHER = re.compile( |
+ '.*this\s+test\s+be\s+validated\s+using\s+the\s*following\s+inputs:.*') |
mattm
2017/05/25 22:11:16
why \s* between "the" and "following"?
eroman
2017/05/25 22:42:59
Done (bad translation on my part).
I had to gener
|
+ |
# Match an expected test result. Note that some results in the PDF have a typo |
# "path not should validate" instead of "path should not validate". |
TEST_RESULT_MATCHER = re.compile( |
- '^\s*Expected Result:.*path (should validate|' |
- 'should not validate|not should validate)') |
-PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:') |
-# Matches a line in the certification path, ex: "\u2022 Good CA Cert, Good CA CRL" |
+ '^.*path (should validate|should not validate|not should validate)') |
+ |
+# Matches a line in the certification path, ex: |
+# "\u2022 Good CA Cert, Good CA CRL" |
PATH_MATCHER = re.compile('^\s*\xe2\x80\xa2\s*(.+)\s*$') |
# Matches a page number. These may appear in the middle of multi-line fields and |
# thus need to be ignored. |
@@ -73,30 +136,69 @@ PAGE_NUMBER_MATCHER = re.compile('^\s*\d+\s*$') |
# Matches if an entry in a certification path refers to a CRL, ex: |
# "onlySomeReasons CA2 CRL1". |
CRL_MATCHER = re.compile('^.*CRL\d*$') |
-def parse_test(lines, i, test_case_name, test_number, test_name, output): |
- expected_result = None |
- certs = [] |
- crls = [] |
+ |
+class TestSections(object): |
+ def __init__(self): |
+ self.description_lines = [] |
+ self.procedure_lines = [] |
+ self.expected_result_lines = [] |
+ self.cert_path_lines = [] |
+ |
+ |
+def parse_main_test_sections(lines, i): |
+ result = TestSections() |
+ |
+ # Read the description lines (text after test name up until |
+ # "Procedure:"). |
+ result.description_lines = [] |
while i < len(lines): |
- result_match = TEST_RESULT_MATCHER.match(lines[i]) |
- i += 1 |
- if result_match: |
- expected_result = result_match.group(1) == 'should validate' |
+ if PROCEDURE_HEADER_MATCHER.match(lines[i]): |
break |
+ result.description_lines.append(lines[i]) |
+ i += 1 |
+ # Read the procedure lines (text starting at "Procedure:" and up until |
+ # "Expected Result:". |
+ result.procedure_lines = [] |
while i < len(lines): |
- path_match = PATH_HEADER_MATCHER.match(lines[i]) |
+ if EXPECTED_HEADER_MATCHER.match(lines[i]): |
+ break |
+ result.procedure_lines.append(lines[i]) |
i += 1 |
- if path_match: |
+ |
+ # Read the expected result lines (text starting at "Expected Result:" and up |
+ # until "Certification Path:". |
+ result.expected_result_lines = [] |
+ while i < len(lines): |
+ if PATH_HEADER_MATCHER.match(lines[i]): |
break |
+ result.expected_result_lines.append(lines[i]) |
+ i += 1 |
- path_lines = [] |
+ # Read the certification path lines (text starting at "Certification Path:" |
+ # and up until the next test title. |
+ result.cert_path_lines = [] |
while i < len(lines): |
- line = lines[i].strip() |
- if TEST_MATCHER.match(line) or SECTION_MATCHER.match(line): |
+ if TEST_MATCHER.match(lines[i]) or SECTION_MATCHER.match(lines[i]): |
break |
+ result.cert_path_lines.append(lines[i]) |
i += 1 |
+ |
+ return i, result |
+ |
+ |
+def parse_cert_path_lines(lines): |
+ path_lines = [] |
+ crls = [] |
+ certs = [] |
+ |
+ for line in lines[1:]: |
+ line = line.strip() |
+ |
+ if "is composed of the following objects:" in line: |
+ continue |
+ |
if not line or PAGE_NUMBER_MATCHER.match(line): |
continue |
path_match = PATH_MATCHER.match(line) |
@@ -114,13 +216,532 @@ def parse_test(lines, i, test_case_name, test_number, test_name, output): |
else: |
certs.append(path) |
- assert certs |
- assert crls |
- assert expected_result is not None |
- sanitized_test_name = generate_test(test_case_name, test_number, test_name, |
- certs, crls, expected_result, output) |
+ return certs, crls |
+ |
+ |
+ANY_POLICY = 'anyPolicy' |
+TEST_POLICY_1 = 'NIST-test-policy-1' |
+TEST_POLICY_2 = 'NIST-test-policy-2' |
+TEST_POLICY_3 = 'NIST-test-policy-3' |
+TEST_POLICY_6 = 'NIST-test-policy-6' |
+ |
+class TestInfo(object): |
+ """This structure describes a test inputs and outputs""" |
mattm
2017/05/25 22:11:16
add a todo for testing user-constrained-policy-set
eroman
2017/05/25 22:42:58
Done.
I don't think those are too important as fa
mattm
2017/05/25 23:28:22
sgtm. (I think user-constrained-policy-set is act
|
+ def __init__(self, should_validate, |
+ # These defaults come from section 3 of PKITS.pdf |
+ initial_policy_set = [ANY_POLICY], |
+ initial_explicit_policy = False, |
+ initial_policy_mapping_inhibit = False, |
+ initial_inhibit_any_policy = False): |
+ self.should_validate = should_validate |
+ self.initial_policy_set = initial_policy_set |
+ self.initial_explicit_policy = initial_explicit_policy |
+ self.initial_policy_mapping_inhibit = initial_policy_mapping_inhibit |
+ self.initial_inhibit_any_policy = initial_inhibit_any_policy |
+ |
+ |
+TEST_OVERRIDES = { |
+ '4.8.1': [ |
+ # 1. default settings, but with initial-explicit-policy set. The path |
+ # should validate successfully |
+ TestInfo(True, initial_explicit_policy=True), |
+ |
+ # 2. default settings, but with initial-explicit-policy set and |
+ # initial-policy-set = {NIST-test-policy-1}. The path should validate |
+ # successfully. |
+ TestInfo(True, initial_explicit_policy=True, |
+ initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 3. default settings, but with initial-explicit-policy set and |
+ # initial-policy-set = {NIST-test-policy-2}. The path should not validate |
+ # successfully. |
+ TestInfo(False, initial_explicit_policy=True, |
+ initial_policy_set=[TEST_POLICY_2]), |
mattm
2017/05/25 22:11:16
what about 4.8.1 "4. default settings, but with in
eroman
2017/05/25 22:42:59
Done.
Wow, not sure how that got missed! Thanks f
eroman
2017/05/26 00:01:46
FTR: I reviewed all of the manual expectations, an
|
+ ], |
+ |
+ '4.8.2': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-explicit-policy set. The path |
+ # should not validate successfully |
+ TestInfo(False, initial_explicit_policy=True), |
+ ], |
+ |
+ '4.8.3': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-explicit-policy set. The path |
+ # should not validate successfully. |
+ TestInfo(False, initial_explicit_policy=True), |
+ |
+ # 3. default settings, but with initial-explicit-policy set and |
+ # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path |
+ # should not validate successfully. |
+ TestInfo(False, initial_explicit_policy=True, |
+ initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2]), |
+ ], |
+ |
+ '4.8.4': [ |
+ # If the application can process the policyConstraints extension then the |
+ # path should not validate successfully. If the application can not process |
+ # the policyConstraints extension, then the path should validate |
+ # successfully |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.5': [ |
+ # If the application can process the policyConstraints extension then the |
+ # path should not validate successfully. If the application can not process |
+ # the policyConstraints extension, then the path should validate |
+ # successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.6': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.8.7': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. If the application can not |
+ # process the policyConstraints extension, then the path should |
+ # validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.8': [ |
+ # If the application can process the policyConstraints extension then the |
+ # path should not validate successfully. If the application can not process |
+ # the policyConstraints extension, then the path should validate |
+ # successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.9': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. If the application can not |
+ # process the policyConstraints extension, then the path should validate |
+ # successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.10': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.8.11': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ ], |
+ |
+ '4.8.12': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. If the application can not |
+ # process the policyConstraints extension, then the path should |
+ # validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.8.13': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_2]), |
+ |
+ # 3. default settings, but with initial-policy-set = {NIST-test-policy-3}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_3]), |
+ ], |
+ |
+ '4.8.14': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.8.15': [ |
+ # If the path validates successfully, then the application should display |
+ # the user notice. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.8.16': [ |
+ # If the path validates successfully, then the application should display |
+ # the user notice associated with NIST-test-policy-1. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.8.17': [ |
+ # If the path validates successfully, then the application should display |
+ # the user notice associated with anyPolicy |
+ TestInfo(True), |
+ ], |
+ |
+ '4.8.18': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully and the qualifier associated with |
+ # NIST-test-policy-1 in the end entity certificate should be displayed. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should validate successfully and the qualifier associated with |
+ # anyPolicy in the end entity certificate should be displayed. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.8.19': [ |
+ # Since the explicitText exceeds the maximum size of 200 characters, |
+ # the application may choose to reject the certificate. If the application |
+ # accepts the certificate, display of the user notice is optional. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.8.20': [ |
+ # If possible, it is recommended that this test be run with the |
+ # initial-explicit-policy indicator set |
+ # ... |
+ # If the initial-explicit-policy indicator is set |
+ # and the initial-policy-set does not include NIST-test-policy-1, then the |
+ # path should be rejected, otherwise it should validate successfully |
+ TestInfo(True, initial_explicit_policy=True, |
+ initial_policy_set=[TEST_POLICY_1]), |
+ ], |
+ |
+ '4.10.1': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_2]), |
+ |
+ # 3. default settings, but with initial-policy-mapping-inhibit set. The |
+ # path should not validate successfully. |
+ TestInfo(False, initial_policy_mapping_inhibit=True), |
+ ], |
+ |
+ '4.10.2': [ |
+ # 1. default settings. The path should not validate successfully. |
+ TestInfo(False), |
+ |
+ # 2. default settings, but with initial-policy-mapping-inhibit set. The |
+ # path should not validate successfully. |
+ TestInfo(False, initial_policy_mapping_inhibit=True), |
+ ], |
+ |
+ '4.10.3': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.10.4': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should be rejected, otherwise it should validate successfully |
+ TestInfo(False), |
+ ], |
+ |
+ '4.10.5': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_6]), |
+ ], |
+ |
+ '4.10.6': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}. |
+ # The path should not validate successfully. |
+ TestInfo(False, initial_policy_set=[TEST_POLICY_6]), |
+ ], |
+ |
+ '4.10.7': [ |
+ # The path should not validate successfully since the intermediate |
+ # certificate includes a policy mapping extension in which anyPolicy |
+ # appears as an issuerDomainPolicy. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.10.8': [ |
+ # The path should not validate successfully since the intermediate |
+ # certificate includes a policy mapping extension in which anyPolicy |
+ # appears as an subjectDomainPolicy |
+ TestInfo(False), |
+ ], |
+ |
+ '4.10.9': [ |
+ # If the initial-policy-set does not include NIST-test-policy-1 (and the |
+ # application can process the policyConstraints extension), then the path |
+ # should be rejected, otherwise it should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.10.10': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should be rejected, otherwise it should validate successfully |
+ TestInfo(False), |
+ ], |
+ |
+ '4.10.11': [ |
+ # If the initial-policy-set does not include NIST-test-policy-1 (and the |
+ # application can process the policyConstraints extension), then the path |
+ # should be rejected, otherwise it should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.10.12': [ |
+ # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}. |
+ # The path should validate successfully and the application should display |
+ # the user notice associated with NIST-test-policy-3 in the end entity |
+ # certificate. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_1]), |
+ |
+ # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}. |
+ # The path should validate successfully and the application should display |
+ # the user notice associated with anyPolicy in the end entity certificate. |
+ TestInfo(True, initial_policy_set=[TEST_POLICY_2]), |
+ ], |
+ |
+ '4.10.13': [ |
+ # If the initial-policy-set does not include NIST-test-policy-1 (and the |
+ # application can process the policyConstraints extension), then the path |
+ # should be rejected, otherwise it should validate successfully. If the |
+ # path is accepted, the application should display the user notice |
+ # associated with NIST-testpolicy-1 in the intermediate certificate. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.10.14': [ |
+ # If the initial-policy-set does not include NIST-test-policy-1 (and the |
+ # application can process the policyConstraints extension), then the path |
+ # should be rejected, otherwise it should validate successfully. If the |
+ # path is accepted, the application should display the user notice |
+ # associated with anyPolicy in the intermediate certificate. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.11.1': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.2': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-1, then the path should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.11.3': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.4': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-2, then the path should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.11.5': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.6': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.7': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-1, then the path should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.11.8': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.9': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.10': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.11.11': [ |
+ # The path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.1': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.2': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-1, then the userconstrained-policy-set will be |
+ # {NIST-test-policy-1}and the path should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.12.3': [ |
+ # 1. default settings. The path should validate successfully. |
+ TestInfo(True), |
+ |
+ # 2. default settings, but with initial-inhibit-any-policy set. The path |
+ # should not validate successfully. |
+ TestInfo(False, initial_inhibit_any_policy=True), |
+ ], |
+ |
+ '4.12.4': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.5': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.6': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.7': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-1, then the user-constrained-policy-set will be |
+ # {NIST-test-policy-1} and the path should validate successfully |
+ TestInfo(True), |
+ ], |
+ |
+ '4.12.8': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+ |
+ '4.12.9': [ |
+ # If the initial-policy-set is any-policy or otherwise includes |
+ # NIST-test-policy-1, then the user-constrained-policy-set will be |
+ # {NIST-test-policy-1}and the path should validate successfully. |
+ TestInfo(True), |
+ ], |
+ |
+ '4.12.10': [ |
+ # If the application can process the policyConstraints extension, then the |
+ # path should not validate successfully. |
+ TestInfo(False), |
+ ], |
+} |
+ |
- return i, sanitized_test_name |
+def parse_test(lines, i, test_case_name, test_number, test_name, |
+ sanitized_test_names, output): |
+ # Start by doing a coarse level of parsing that separates out the lines for |
+ # the main sections. |
+ i, test_sections = parse_main_test_sections(lines, i) |
+ |
+ certs, crls = parse_cert_path_lines(test_sections.cert_path_lines) |
+ |
+ # Most tests have a formulaic specification: they use the default |
+ # settings, and have one expectation. These are easily parsed and are handled |
+ # programmatically. In contrast, many of the policies tests have a more |
+ # complicated specification which involves multiple subtests having various |
+ # settings, as well as expectations described in terms of supported |
+ # extensions. Rather than try to handle all the nuanced language, these are |
+ # handled manually via "overrides". |
+ overrides = TEST_OVERRIDES.get(test_number, None) |
+ |
+ if overrides is None: |
+ # Verify that the test description doesn't include numbered subparts (those |
+ # are not handled here). |
+ if CUSTOM_SETTINGS_MATCHER.match(" ".join(test_sections.description_lines)): |
+ sys.stderr.write('Unexpected custom settings for %s\n' % test_number) |
+ sys.exit(1) |
+ |
+ # Verify that the test is using only default settings. |
+ if not USING_DEFAULT_SETTINGS_MATCHER.match( |
+ " ".join(test_sections.procedure_lines)): |
+ sys.stderr.write('Unexpected procedure for %s: %s\n' % |
+ (test_number, " ".join(test_section.procedure_lines))) |
+ sys.exit(1) |
+ |
+ # Check whether expected result is validation success or failure. |
+ result_match = TEST_RESULT_MATCHER.match( |
+ test_sections.expected_result_lines[0]) |
+ if not result_match: |
+ sys.stderr.write('Unknown expectation for %s:\n%s\n' % ( |
+ test_number, " ".join(test_sections.expected_result_lines))) |
+ sys.exit(1) |
+ # Initializes with default settings. |
+ info = TestInfo(result_match.group(1) == 'should validate') |
+ |
+ output_test(test_case_name, test_number, test_name, None, info, certs, |
+ crls, sanitized_test_names, output) |
+ else: |
+ # The overrides may have a series of inputs (settings) and outputs |
+ # (success/failure) for this test. Output each as a separate test case. |
+ for subpart_i in range(len(overrides)): |
+ info = overrides[subpart_i] |
+ # If the test has only 1 subpart, don't number it. |
+ subpart_number = subpart_i + 1 if len(overrides) > 1 else None |
+ output_test(test_case_name, test_number, test_name, subpart_number, info, |
+ certs, crls, sanitized_test_names, output) |
+ |
+ return i |
def main(): |
@@ -164,17 +785,12 @@ def main(): |
finalize_test_case(test_case_name, sanitized_test_names, output) |
sanitized_test_names = [] |
- # TODO(mattm): Handle certificate policies tests. |
- if section_match.group(1) in ('4.8', '4.9', '4.10', '4.11', '4.12'): |
- test_case_name = None |
- output.write('\n// Skipping section %s\n' % section_match.group(1)) |
- continue |
- |
test_case_name = 'PkitsTest%02d%s' % ( |
int(section_match.group(1).split('.')[-1]), |
sanitize_name(section_match.group(2))) |
output.write('\ntemplate <typename PkitsTestDelegate>\n') |
- output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' % test_case_name) |
+ output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' % |
+ test_case_name) |
output.write('TYPED_TEST_CASE_P(%s);\n' % test_case_name) |
if match: |
@@ -183,10 +799,8 @@ def main(): |
if not test_case_name: |
output.write('// Skipped %s %s\n' % (test_number, test_name)) |
continue |
- i, sanitized_test_name = parse_test(lines, i, test_case_name, test_number, |
- test_name, output) |
- if sanitized_test_name: |
- sanitized_test_names.append(sanitized_test_name) |
+ i, parse_test(lines, i, test_case_name, test_number, |
+ test_name, sanitized_test_names, output) |
if test_case_name: |
finalize_test_case(test_case_name, sanitized_test_names, output) |