| Index: net/third_party/nist-pkits/generate_tests.py
|
| diff --git a/net/third_party/nist-pkits/generate_tests.py b/net/third_party/nist-pkits/generate_tests.py
|
| index fe9f9b76af6569e0344841d2b735a23014574361..ac83c6f06fe9fe3a95ab5a5f152113bcac78cde8 100644
|
| --- a/net/third_party/nist-pkits/generate_tests.py
|
| +++ b/net/third_party/nist-pkits/generate_tests.py
|
| @@ -32,13 +32,26 @@ def finalize_test_case(test_case_name, sanitized_test_names, output):
|
| output.write(');\n')
|
|
|
|
|
| -def generate_test(test_case_name, test_number, raw_test_name, certs, crls, should_validate,
|
| - output):
|
| +def bool_to_str(b):
|
| + return "true" if b else "false"
|
| +
|
| +
|
| +def output_test(test_case_name, test_number, raw_test_name, subpart_number,
|
| + info, certs, crls, sanitized_test_names, output):
|
| + '''Writes a test case to |output|, and appends the test name to
|
| + |sanitized_test_names|.'''
|
| sanitized_test_name = 'Section%s%s' % (test_number.split('.')[1],
|
| sanitize_name(raw_test_name))
|
| +
|
| + if subpart_number is not None:
|
| + sanitized_test_name += "Subpart%d" % (subpart_number)
|
| +
|
| + sanitized_test_names.append(sanitized_test_name)
|
| +
|
| certs_formatted = ', '.join('"%s"' % n for n in certs)
|
| crls_formatted = ', '.join('"%s"' % n for n in crls)
|
| - assert_function = 'ASSERT_TRUE' if should_validate else 'ASSERT_FALSE'
|
| + assert_function = 'ASSERT_TRUE' if info.should_validate else 'ASSERT_FALSE'
|
| +
|
| output.write('''
|
| // %(test_number)s %(raw_test_name)s
|
| WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) {
|
| @@ -48,24 +61,74 @@ WRAPPED_TYPED_TEST_P(%(test_case_name)s, %(sanitized_test_name)s) {
|
| const char* const crls[] = {
|
| %(crls_formatted)s
|
| };
|
| - %(assert_function)s(this->Verify(certs, crls));
|
| -}
|
| ''' % vars())
|
|
|
| - return sanitized_test_name
|
| + default_settings = TestInfo(False)
|
| +
|
| + settings_str = ''
|
| +
|
| + # Output any non-default settings. Only settings that differ from
|
| + # the default settings are written, so as to keep the generated
|
| + # file more readable.
|
| + if info.initial_policy_set != default_settings.initial_policy_set:
|
| + settings_str += ''' settings.SetInitialPolicySet("%s");
|
| +''' % (','.join(info.initial_policy_set))
|
| +
|
| + if info.initial_explicit_policy != default_settings.initial_explicit_policy:
|
| + settings_str += ''' settings.initial_explicit_policy = %s;
|
| +''' % bool_to_str(info.initial_explicit_policy)
|
| +
|
| + if (info.initial_policy_mapping_inhibit !=
|
| + default_settings.initial_policy_mapping_inhibit):
|
| + settings_str += ''' settings.initial_policy_mapping_inhibit = %s;
|
| +''' % bool_to_str(info.initial_policy_mapping_inhibit)
|
| +
|
| + if (info.initial_inhibit_any_policy !=
|
| + default_settings.initial_inhibit_any_policy):
|
| + settings_str += '''settings.initial_inhibit_any_policy = %s;
|
| +''' % bool_to_str(info.initial_inhibit_any_policy)
|
| +
|
| + settings_param_str = '{}'
|
| +
|
| + if settings_str != '':
|
| + output.write('''
|
| + // Custom settings
|
| + PkitsTestSettings settings;
|
| +''')
|
| + output.write(settings_str)
|
| + output.write('\n')
|
| + settings_param_str = 'settings'
|
| +
|
| + output.write(''' %(assert_function)s(this->Verify(certs, crls, %(settings_param_str)s));
|
| +}
|
| +''' % vars())
|
|
|
|
|
| # Matches a section header, ex: "4.1 Signature Verification"
|
| SECTION_MATCHER = re.compile('^\s*(\d+\.\d+)\s+(.+)\s*$')
|
| # Matches a test header, ex: "4.1.1 Valid Signatures Test1"
|
| TEST_MATCHER = re.compile('^\s*(\d+\.\d+.\d+)\s+(.+)\s*$')
|
| +
|
| +# Matches the various headers in a test specification.
|
| +EXPECTED_HEADER_MATCHER = re.compile('^\s*Expected Result:')
|
| +PROCEDURE_HEADER_MATCHER = re.compile('^\s*Procedure:')
|
| +PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:')
|
| +
|
| +# Matches the Procedure text if using default settings.
|
| +USING_DEFAULT_SETTINGS_MATCHER = re.compile(
|
| + '^.*using the \s*default settings.*')
|
| +
|
| +# Matches the description text if using custom settings.
|
| +CUSTOM_SETTINGS_MATCHER = re.compile(
|
| + '.*this\s+test\s+be\s+validated\s+using\s+the\s+following\s+inputs:.*')
|
| +
|
| # Match an expected test result. Note that some results in the PDF have a typo
|
| # "path not should validate" instead of "path should not validate".
|
| TEST_RESULT_MATCHER = re.compile(
|
| - '^\s*Expected Result:.*path (should validate|'
|
| - 'should not validate|not should validate)')
|
| -PATH_HEADER_MATCHER = re.compile('^\s*Certification Path:')
|
| -# Matches a line in the certification path, ex: "\u2022 Good CA Cert, Good CA CRL"
|
| + '^.*path (should validate|should not validate|not should validate)')
|
| +
|
| +# Matches a line in the certification path, ex:
|
| +# "\u2022 Good CA Cert, Good CA CRL"
|
| PATH_MATCHER = re.compile('^\s*\xe2\x80\xa2\s*(.+)\s*$')
|
| # Matches a page number. These may appear in the middle of multi-line fields and
|
| # thus need to be ignored.
|
| @@ -73,30 +136,69 @@ PAGE_NUMBER_MATCHER = re.compile('^\s*\d+\s*$')
|
| # Matches if an entry in a certification path refers to a CRL, ex:
|
| # "onlySomeReasons CA2 CRL1".
|
| CRL_MATCHER = re.compile('^.*CRL\d*$')
|
| -def parse_test(lines, i, test_case_name, test_number, test_name, output):
|
| - expected_result = None
|
| - certs = []
|
| - crls = []
|
|
|
| +
|
| +class TestSections(object):
|
| + def __init__(self):
|
| + self.description_lines = []
|
| + self.procedure_lines = []
|
| + self.expected_result_lines = []
|
| + self.cert_path_lines = []
|
| +
|
| +
|
| +def parse_main_test_sections(lines, i):
|
| + result = TestSections()
|
| +
|
| + # Read the description lines (text after test name up until
|
| + # "Procedure:").
|
| + result.description_lines = []
|
| while i < len(lines):
|
| - result_match = TEST_RESULT_MATCHER.match(lines[i])
|
| - i += 1
|
| - if result_match:
|
| - expected_result = result_match.group(1) == 'should validate'
|
| + if PROCEDURE_HEADER_MATCHER.match(lines[i]):
|
| break
|
| + result.description_lines.append(lines[i])
|
| + i += 1
|
|
|
| + # Read the procedure lines (text starting at "Procedure:" and up until
|
| + # "Expected Result:".
|
| + result.procedure_lines = []
|
| while i < len(lines):
|
| - path_match = PATH_HEADER_MATCHER.match(lines[i])
|
| + if EXPECTED_HEADER_MATCHER.match(lines[i]):
|
| + break
|
| + result.procedure_lines.append(lines[i])
|
| i += 1
|
| - if path_match:
|
| +
|
| + # Read the expected result lines (text starting at "Expected Result:" and up
|
| + # until "Certification Path:".
|
| + result.expected_result_lines = []
|
| + while i < len(lines):
|
| + if PATH_HEADER_MATCHER.match(lines[i]):
|
| break
|
| + result.expected_result_lines.append(lines[i])
|
| + i += 1
|
|
|
| - path_lines = []
|
| + # Read the certification path lines (text starting at "Certification Path:"
|
| + # and up until the next test title.
|
| + result.cert_path_lines = []
|
| while i < len(lines):
|
| - line = lines[i].strip()
|
| - if TEST_MATCHER.match(line) or SECTION_MATCHER.match(line):
|
| + if TEST_MATCHER.match(lines[i]) or SECTION_MATCHER.match(lines[i]):
|
| break
|
| + result.cert_path_lines.append(lines[i])
|
| i += 1
|
| +
|
| + return i, result
|
| +
|
| +
|
| +def parse_cert_path_lines(lines):
|
| + path_lines = []
|
| + crls = []
|
| + certs = []
|
| +
|
| + for line in lines[1:]:
|
| + line = line.strip()
|
| +
|
| + if "is composed of the following objects:" in line:
|
| + continue
|
| +
|
| if not line or PAGE_NUMBER_MATCHER.match(line):
|
| continue
|
| path_match = PATH_MATCHER.match(line)
|
| @@ -114,13 +216,851 @@ def parse_test(lines, i, test_case_name, test_number, test_name, output):
|
| else:
|
| certs.append(path)
|
|
|
| - assert certs
|
| - assert crls
|
| - assert expected_result is not None
|
| - sanitized_test_name = generate_test(test_case_name, test_number, test_name,
|
| - certs, crls, expected_result, output)
|
| + return certs, crls
|
| +
|
| +
|
| +ANY_POLICY = 'anyPolicy'
|
| +TEST_POLICY_1 = 'NIST-test-policy-1'
|
| +TEST_POLICY_2 = 'NIST-test-policy-2'
|
| +TEST_POLICY_3 = 'NIST-test-policy-3'
|
| +TEST_POLICY_6 = 'NIST-test-policy-6'
|
| +
|
| +# TODO(eroman): This omits a few outputs from PKITS:
|
| +#
|
| +# * authorities-constrained-policy-set
|
| +# * user-constrained-policy-set
|
| +# * explicit-policy-indicator
|
| +#
|
| +# Consider adding the constrained policy sets in the future, if our
|
| +# verification code supports outputting them.
|
| +class TestInfo(object):
|
| + """This structure describes a test inputs and outputs"""
|
| +
|
| + def __init__(self, should_validate,
|
| + # These defaults come from section 3 of PKITS.pdf
|
| + initial_policy_set = [ANY_POLICY],
|
| + initial_explicit_policy = False,
|
| + initial_policy_mapping_inhibit = False,
|
| + initial_inhibit_any_policy = False):
|
| + self.should_validate = should_validate
|
| + self.initial_policy_set = initial_policy_set
|
| + self.initial_explicit_policy = initial_explicit_policy
|
| + self.initial_policy_mapping_inhibit = initial_policy_mapping_inhibit
|
| + self.initial_inhibit_any_policy = initial_inhibit_any_policy
|
| +
|
| +
|
| +TEST_OVERRIDES = {
|
| + '4.8.1': [ # All Certificates Same Policy Test1
|
| + # 1. default settings, but with initial-explicit-policy set. The path
|
| + # should validate successfully
|
| + TestInfo(True, initial_explicit_policy=True),
|
| +
|
| + # 2. default settings, but with initial-explicit-policy set and
|
| + # initial-policy-set = {NIST-test-policy-1}. The path should validate
|
| + # successfully.
|
| + TestInfo(True, initial_explicit_policy=True,
|
| + initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 3. default settings, but with initial-explicit-policy set and
|
| + # initial-policy-set = {NIST-test-policy-2}. The path should not validate
|
| + # successfully.
|
| + TestInfo(False, initial_explicit_policy=True,
|
| + initial_policy_set=[TEST_POLICY_2]),
|
| +
|
| + # 4. default settings, but with initial-explicit-policy set and
|
| + # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path
|
| + # should validate successfully.
|
| + TestInfo(True, initial_explicit_policy=True,
|
| + initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.2': [ # All Certificates No Policies Test2
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-explicit-policy set. The path
|
| + # should not validate successfully
|
| + TestInfo(False, initial_explicit_policy=True),
|
| + ],
|
| +
|
| + '4.8.3': [ # Different Policies Test3
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-explicit-policy set. The path
|
| + # should not validate successfully.
|
| + TestInfo(False, initial_explicit_policy=True),
|
| +
|
| + # 3. default settings, but with initial-explicit-policy set and
|
| + # initial-policy-set = {NIST-test-policy-1, NIST-test-policy-2}. The path
|
| + # should not validate successfully.
|
| + TestInfo(False, initial_explicit_policy=True,
|
| + initial_policy_set=[TEST_POLICY_1, TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.4': [ # Different Policies Test4
|
| + # Procedure: Validate Different Policies Test4 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.69 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set if the application can process the policyConstraints
|
| + # extension. If the application can process the policyConstraints extension
|
| + # then the path should not validate successfully. If the application can
|
| + # not process the policyConstraints extension, then the path should
|
| + # validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.8.5': [ # 4.8.5 Different Policies Test5
|
| + # Procedure: Validate Different Policies Test5 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.70 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set if the application can process the policyConstraints
|
| + # extension. If the application can process the policyConstraints extension
|
| + # then the path should not validate successfully. If the application can
|
| + # not process the policyConstraints extension, then the path should
|
| + # validate successfully
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.8.6': [ # Overlapping Policies Test6
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.7': [ # Different Policies Test7
|
| + # Procedure: Validate Different Policies Test7 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.72 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. If the
|
| + # explicit-policy-indicator will be set if the application can process the
|
| + # policyConstraints extension. If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully. If the application can not process the policyConstraints
|
| + # extension, then the path should validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.8.8': [ # Different Policies Test8
|
| + # Procedure: Validate Different Policies Test8 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.73 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set if the application can process the policyConstraints
|
| + # extension. If the application can process the policyConstraints extension
|
| + # then the path should not validate successfully. If the application can
|
| + # not process the policyConstraints extension, then the path should
|
| + # validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.8.9': [ # Different Policies Test9
|
| + # Procedure: Validate Different Policies Test9 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.74 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set if the application can process the policyConstraints
|
| + # extension. If the application can process the policyConstraints
|
| + # extension, then the path should not validate successfully. If the
|
| + # application can not process the policyConstraints extension, then the
|
| + # path should validate successfully.
|
| + TestInfo(False),
|
| + ],
|
|
|
| - return i, sanitized_test_name
|
| + '4.8.10': [ # All Certificates Same Policies Test10
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 3. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.11': [ # All Certificates AnyPolicy Test11
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| + ],
|
| +
|
| + '4.8.12': [ # Different Policies Test12
|
| + # Procedure: Validate Different Policies Test12 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.77 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set if the application can process the policyConstraints
|
| + # extension. If the application can process the policyConstraints
|
| + # extension, then the path should not validate successfully. If the
|
| + # application can not process the policyConstraints extension, then the
|
| + # path should validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.8.13': [ # All Certificates Same Policies Test13
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_2]),
|
| +
|
| + # 3. default settings, but with initial-policy-set = {NIST-test-policy-3}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_3]),
|
| + ],
|
| +
|
| + '4.8.14': [ # AnyPolicy Test14
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.15': [ # User Notice Qualifier Test15
|
| + # Procedure: Validate User Notice Qualifier Test15 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.80 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same
|
| + # as the initial-explicit-policy indicator. If the initial-policy-set is
|
| + # any-policy or otherwise includes NIST-test-policy-1, then the
|
| + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the
|
| + # user-constrained-policy-set will be empty. If the initial-explicit-policy
|
| + # indicator is set and the initial-policy-set does not include
|
| + # NIST-test-policy-1, then the path should be rejected, otherwise it should
|
| + # validate successfully. If the path validates successfully, then the
|
| + # application should display the user notice.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.8.16': [ # User Notice Qualifier Test16
|
| + # Procedure: Validate User Notice Qualifier Test16 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.81 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same
|
| + # as the initial-explicit-policy indicator. If the initial-policy-set is
|
| + # any-policy or otherwise includes NIST-test-policy-1, then the
|
| + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the
|
| + # user-constrained-policy-set will be empty. If the initial-explicit-policy
|
| + # indicator is set and the initial-policy-set does not include
|
| + # NIST-test-policy-1, then the path should be rejected, otherwise it should
|
| + # validate successfully. If the path validates successfully, then the
|
| + # application should display the user notice associated with
|
| + # NIST-test-policy-1. The user notice associated with NIST-test-policy-2
|
| + # should not be displayed.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.8.17': [ # User Notice Qualifier Test17
|
| + # Procedure: Validate User Notice Qualifier Test17 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.82 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same
|
| + # as the initial-explicit-policy indicator. If the initial-policy-set is
|
| + # any-policy or otherwise includes NIST-test-policy-1, then the
|
| + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the
|
| + # user-constrained-policy-set will be empty. If the initial-explicit-policy
|
| + # indicator is set and the initial-policy-set does not include
|
| + # NIST-test-policy-1, then the path should be rejected, otherwise it should
|
| + # validate successfully. If the path validates successfully, then the
|
| + # application should display the user notice associated with anyPolicy.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.8.18': [ # User Notice Qualifier Test18
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully and the qualifier associated with
|
| + # NIST-test-policy-1 in the end entity certificate should be displayed.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should validate successfully and the qualifier associated with
|
| + # anyPolicy in the end entity certificate should be displayed.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.8.19': [ # User Notice Qualifier Test19
|
| + # Procedure: Validate User Notice Qualifier Test19 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.84 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same
|
| + # as the initial-explicit-policy indicator. If the initial-policy-set is
|
| + # any-policy or otherwise includes NIST-test-policy-1, then the
|
| + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the
|
| + # user-constrained-policy-set will be empty. If the initial-explicit-policy
|
| + # indicator is set and the initial-policy-set does not include
|
| + # NIST-test-policy-1, then the path should be rejected, otherwise it should
|
| + # validate successfully. Since the explicitText exceeds the maximum size
|
| + # of 200 characters, the application may choose to reject the certificate.
|
| + # If the application accepts the certificate, display of the user notice is
|
| + # optional.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.8.20': [ # CPS Pointer Qualifier Test20
|
| + # Procedure: Validate CPS Pointer Qualifier Test20 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.85 using the
|
| + # default settings. (If possible, it is recommended that this test be run
|
| + # with the initial-explicit-policy indicator set. If this can not be done,
|
| + # manually check that the authorities-constrained-policy-set and
|
| + # user-constrained-policy-set are correct.)
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be the same
|
| + # as the initial-explicit-policy indicator. If the initial-policy-set is
|
| + # any-policy or otherwise includes NIST-test-policy-1, then the
|
| + # user-constrained-policy-set will be {NIST-test-policy-1}. If not, the
|
| + # user-constrained-policy-set will be empty. If the initial-explicit-policy
|
| + # indicator is set and the initial-policy-set does not include
|
| + # NIST-test-policy-1, then the path should be rejected, otherwise it should
|
| + # validate successfully. The CPS pointer in the qualifier should be
|
| + # associated with NIST-testpolicy-1 in the
|
| + # authorities-constrained-policy-set (and in the user-constrained-policy-set
|
| + # if NIST-test-policy-1 is in that set). There are no processing
|
| + # requirements associated with the CPS pointer qualifier.
|
| + TestInfo(True, initial_explicit_policy=True,
|
| + initial_policy_set=[TEST_POLICY_1]),
|
| + ],
|
| +
|
| + '4.10.1': [ # Valid Policy Mapping Test1
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_2]),
|
| +
|
| + # 3. default settings, but with initial-policy-mapping-inhibit set. The
|
| + # path should not validate successfully.
|
| + TestInfo(False, initial_policy_mapping_inhibit=True),
|
| + ],
|
| +
|
| + '4.10.2': [ # Invalid Policy Mapping Test2
|
| + # 1. default settings. The path should not validate successfully.
|
| + TestInfo(False),
|
| +
|
| + # 2. default settings, but with initial-policy-mapping-inhibit set. The
|
| + # path should not validate successfully.
|
| + TestInfo(False, initial_policy_mapping_inhibit=True),
|
| + ],
|
| +
|
| + '4.10.3': [ # Valid Policy Mapping Test3
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.10.4': [ # Invalid Policy Mapping Test4
|
| + # Procedure: Validate Invalid Policy Mapping Test4 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.97 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should be rejected, otherwise
|
| + # it should validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.10.5': [ # Valid Policy Mapping Test5
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_6]),
|
| + ],
|
| +
|
| + '4.10.6': [ # Valid Policy Mapping Test6
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-6}.
|
| + # The path should not validate successfully.
|
| + TestInfo(False, initial_policy_set=[TEST_POLICY_6]),
|
| + ],
|
| +
|
| + '4.10.9': [ # Valid Policy Mapping Test9
|
| + # Procedure: Validate Valid Policy Mapping Test9 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.102 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be
|
| + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and
|
| + # the application can process the policyConstraints extension), then the
|
| + # path should be rejected, otherwise it should validate successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.10.10': [ # Invalid Policy Mapping Test10
|
| + # Procedure: Validate Invalid Policy Mapping Test10 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.103 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should be rejected, otherwise
|
| + # it should validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.10.11': [ # Valid Policy Mapping Test11
|
| + # Procedure: Validate Valid Policy Mapping Test11 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.104 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be
|
| + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and
|
| + # the application can process the policyConstraints extension), then the
|
| + # path should be rejected, otherwise it should validate successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.10.12': [ # Valid Policy Mapping Test12
|
| + # 1. default settings, but with initial-policy-set = {NIST-test-policy-1}.
|
| + # The path should validate successfully and the application should display
|
| + # the user notice associated with NIST-test-policy-3 in the end entity
|
| + # certificate.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_1]),
|
| +
|
| + # 2. default settings, but with initial-policy-set = {NIST-test-policy-2}.
|
| + # The path should validate successfully and the application should display
|
| + # the user notice associated with anyPolicy in the end entity certificate.
|
| + TestInfo(True, initial_policy_set=[TEST_POLICY_2]),
|
| + ],
|
| +
|
| + '4.10.13': [ # Valid Policy Mapping Test13
|
| + # Procedure: Validate Valid Policy Mapping Test13 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.106 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be
|
| + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and
|
| + # the application can process the policyConstraints extension), then the
|
| + # path should be rejected, otherwise it should validate successfully. If
|
| + # the path is accepted, the application should display the user notice
|
| + # associated with NIST-testpolicy-1 in the intermediate certificate.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.10.14': [ # Valid Policy Mapping Test14
|
| + # Procedure: Validate Valid Policy Mapping Test14 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.107 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1}. If not, the user-constrained-policy-set will be
|
| + # empty. If the initial-policy-set does not include NIST-test-policy-1 (and
|
| + # the application can process the policyConstraints extension), then the
|
| + # path should be rejected, otherwise it should validate successfully. If
|
| + # the path is accepted, the application should display the user notice
|
| + # associated with anyPolicy in the intermediate certificate
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.11.1': [ # Invalid inhibitPolicyMapping Test1
|
| + # Procedure: Validate Invalid inhibitPolicyMapping Test1 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.108 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty. The explicit-policy-indicator
|
| + # will be set. The path should not validate successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.2': [ # Valid inhibitPolicyMapping Test2
|
| + # Procedure: Validate Valid inhibitPolicyMapping Test2 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.109 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set. If
|
| + # the initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the path should validate successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.11.3': [ # Invalid inhibitPolicyMapping Test3
|
| + # Procedure: Validate Invalid inhibitPolicyMapping Test3 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.110 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.4': [ # Valid inhibitPolicyMapping Test4
|
| + # Procedure: Validate Valid inhibitPolicyMapping Test4 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.111 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-2} and the explicit-policy-indicator will be set. If
|
| + # the initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-2, then the path should validate successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.11.5': [ # Invalid inhibitPolicyMapping Test5
|
| + # Procedure: Validate Invalid inhibitPolicyMapping Test5 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.112 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.6': [ # Invalid inhibitPolicyMapping Test6
|
| + # Procedure: Validate Invalid inhibitPolicyMapping Test6 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.113 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and the
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.7': [ # Valid Self-Issued inhibitPolicyMapping Test7
|
| + # Procedure: Validate Valid Self-Issued inhibitPolicyMapping Test7 EE using
|
| + # the default settings or open and verify Signed Test Message 6.2.2.114
|
| + # using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set. If
|
| + # the initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the path should validate successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.11.8': [ # Invalid Self-Issued inhibitPolicyMapping Test8
|
| + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test8 EE
|
| + # using the default settings or open and verify Signed Test Message
|
| + # 6.2.2.115 using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.9': [ # Invalid Self-Issued inhibitPolicyMapping Test9
|
| + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test9 EE
|
| + # using the default settings or open and verify Signed Test Message
|
| + # 6.2.2.116 using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.10': [ # Invalid Self-Issued inhibitPolicyMapping Test10
|
| + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test10 EE
|
| + # using the default settings or open and verify Signed Test Message
|
| + # 6.2.2.117 using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.11.11': [ # Invalid Self-Issued inhibitPolicyMapping Test11
|
| + # Procedure: Validate Invalid Self-Issued inhibitPolicyMapping Test11 EE
|
| + # using the default settings or open and verify Signed Test Message
|
| + # 6.2.2.118 using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set. The path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.1': [ # Invalid inhibitAnyPolicy Test1
|
| + # Procedure: Validate Invalid inhibitAnyPolicy Test1 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.119 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.2': [ # Valid inhibitAnyPolicy Test2
|
| + # Procedure: Validate Valid inhibitAnyPolicy Test2 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.120 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the path should validate successfully. If not,
|
| + # then the user-constrained-policy-set will be empty. If the
|
| + # user-constrained-policy-set is empty and the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| +
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.12.3': [ # inhibitAnyPolicy Test3
|
| + # 1. default settings. The path should validate successfully.
|
| + TestInfo(True),
|
| +
|
| + # 2. default settings, but with initial-inhibit-any-policy set. The path
|
| + # should not validate successfully.
|
| + TestInfo(False, initial_inhibit_any_policy=True),
|
| + ],
|
| +
|
| + '4.12.4': [ # Invalid inhibitAnyPolicy Test4
|
| + # Procedure: Validate Invalid inhibitAnyPolicy Test4 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.122 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.5': [ # Invalid inhibitAnyPolicy Test5
|
| + # Procedure: Validate Invalid inhibitAnyPolicy Test5 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.123 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.6': [ # Invalid inhibitAnyPolicy Test6
|
| + # Procedure: Validate Invalid inhibitAnyPolicy Test6 EE using the default
|
| + # settings or open and verify Signed Test Message 6.2.2.124 using the
|
| + # default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.7': [ # Valid Self-Issued inhibitAnyPolicy Test7
|
| + # Procedure: Validate Valid Self-Issued inhibitAnyPolicy Test7 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.125 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the path should validate successfully. If not,
|
| + # then the user-constrained-policy-set will be empty. If the
|
| + # user-constrained-policy-set is empty and the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.12.8': [ # Invalid Self-Issued inhibitAnyPolicy Test8
|
| + # Procedure: Validate Invalid Self-Issued inhibitAnyPolicy Test8 EE using
|
| + # the default settings or open and verify Signed Test Message 6.2.2.126
|
| + # using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +
|
| + '4.12.9': [ # Valid Self-Issued inhibitAnyPolicy Test9
|
| + # Procedure: Validate Valid Self-Issued inhibitAnyPolicy Test9 EE using the
|
| + # default settings or open and verify Signed Test Message 6.2.2.127 using
|
| + # the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the explicit-policy-indicator will be set (if
|
| + # the application can process the policyConstraints extension). If the
|
| + # initial-policy-set is any-policy or otherwise includes
|
| + # NIST-test-policy-1, then the user-constrained-policy-set will be
|
| + # {NIST-test-policy-1} and the path should validate successfully. If not,
|
| + # then the user-constrained-policy-set will be empty. If the
|
| + # user-constrained-policy-set is empty and the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(True),
|
| + ],
|
| +
|
| + '4.12.10': [ # Invalid Self-Issued inhibitAnyPolicy Test10
|
| + # Procedure: Validate Invalid Self-Issued inhibitAnyPolicy Test10 EE using
|
| + # the default settings or open and verify Signed Test Message 6.2.2.128
|
| + # using the default settings.
|
| + #
|
| + # Expected Result: The authorities-constrained-policy-set and
|
| + # user-constrained-policy-set will be empty and the
|
| + # explicit-policy-indicator will be set (if the application can process the
|
| + # policyConstraints extension). If the application can process the
|
| + # policyConstraints extension, then the path should not validate
|
| + # successfully.
|
| + TestInfo(False),
|
| + ],
|
| +}
|
| +
|
| +
|
| +def parse_test(lines, i, test_case_name, test_number, test_name,
|
| + sanitized_test_names, output):
|
| + # Start by doing a coarse level of parsing that separates out the lines for
|
| + # the main sections.
|
| + i, test_sections = parse_main_test_sections(lines, i)
|
| +
|
| + certs, crls = parse_cert_path_lines(test_sections.cert_path_lines)
|
| +
|
| + # Most tests have a formulaic specification: they use the default
|
| + # settings, and have one expectation. These are easily parsed and are handled
|
| + # programmatically. In contrast, many of the policies tests have a more
|
| + # complicated specification which involves multiple subtests having various
|
| + # settings, as well as expectations described in terms of supported
|
| + # extensions. Rather than try to handle all the nuanced language, these are
|
| + # handled manually via "overrides".
|
| + overrides = TEST_OVERRIDES.get(test_number, None)
|
| +
|
| + if overrides is None:
|
| + # Verify that the test description doesn't include numbered subparts (those
|
| + # are not handled here).
|
| + if CUSTOM_SETTINGS_MATCHER.match(" ".join(test_sections.description_lines)):
|
| + sys.stderr.write('Unexpected custom settings for %s\n' % test_number)
|
| + sys.exit(1)
|
| +
|
| + # Verify that the test is using only default settings.
|
| + if not USING_DEFAULT_SETTINGS_MATCHER.match(
|
| + " ".join(test_sections.procedure_lines)):
|
| + sys.stderr.write('Unexpected procedure for %s: %s\n' %
|
| + (test_number, " ".join(test_section.procedure_lines)))
|
| + sys.exit(1)
|
| +
|
| + # Check whether expected result is validation success or failure.
|
| + result_match = TEST_RESULT_MATCHER.match(
|
| + test_sections.expected_result_lines[0])
|
| + if not result_match:
|
| + sys.stderr.write('Unknown expectation for %s:\n%s\n' % (
|
| + test_number, " ".join(test_sections.expected_result_lines)))
|
| + sys.exit(1)
|
| + # Initializes with default settings.
|
| + info = TestInfo(result_match.group(1) == 'should validate')
|
| +
|
| + output_test(test_case_name, test_number, test_name, None, info, certs,
|
| + crls, sanitized_test_names, output)
|
| + else:
|
| + # The overrides may have a series of inputs (settings) and outputs
|
| + # (success/failure) for this test. Output each as a separate test case.
|
| + for subpart_i in range(len(overrides)):
|
| + info = overrides[subpart_i]
|
| + # If the test has only 1 subpart, don't number it.
|
| + subpart_number = subpart_i + 1 if len(overrides) > 1 else None
|
| + output_test(test_case_name, test_number, test_name, subpart_number, info,
|
| + certs, crls, sanitized_test_names, output)
|
| +
|
| + return i
|
|
|
|
|
| def main():
|
| @@ -164,17 +1104,12 @@ def main():
|
| finalize_test_case(test_case_name, sanitized_test_names, output)
|
| sanitized_test_names = []
|
|
|
| - # TODO(mattm): Handle certificate policies tests.
|
| - if section_match.group(1) in ('4.8', '4.9', '4.10', '4.11', '4.12'):
|
| - test_case_name = None
|
| - output.write('\n// Skipping section %s\n' % section_match.group(1))
|
| - continue
|
| -
|
| test_case_name = 'PkitsTest%02d%s' % (
|
| int(section_match.group(1).split('.')[-1]),
|
| sanitize_name(section_match.group(2)))
|
| output.write('\ntemplate <typename PkitsTestDelegate>\n')
|
| - output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' % test_case_name)
|
| + output.write('class %s : public PkitsTest<PkitsTestDelegate> {};\n' %
|
| + test_case_name)
|
| output.write('TYPED_TEST_CASE_P(%s);\n' % test_case_name)
|
|
|
| if match:
|
| @@ -183,10 +1118,8 @@ def main():
|
| if not test_case_name:
|
| output.write('// Skipped %s %s\n' % (test_number, test_name))
|
| continue
|
| - i, sanitized_test_name = parse_test(lines, i, test_case_name, test_number,
|
| - test_name, output)
|
| - if sanitized_test_name:
|
| - sanitized_test_names.append(sanitized_test_name)
|
| + i, parse_test(lines, i, test_case_name, test_number,
|
| + test_name, sanitized_test_names, output)
|
|
|
| if test_case_name:
|
| finalize_test_case(test_case_name, sanitized_test_names, output)
|
|
|
Chromium Code Reviews
Issue 2903633005:
Add generated PKITS tests relating to certificate policies. (Closed)
