Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
7903-public_key-add-types-delete-redundant-code...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 7903-public_key-add-types-delete-redundant-code-pkits_SUI.patch of Package erlang
From 10d052ac41ba5f67216ff8754bfc2d08f367d35e Mon Sep 17 00:00:00 2001 From: Kiko Fernandez-Reyes <kiko@erlang.org> Date: Mon, 19 Dec 2022 10:25:17 +0100 Subject: [PATCH 3/3] public_key: add types/delete redundant code pkits_SUITE --- lib/public_key/test/pkits_SUITE.erl | 51 +++++++++++++++++++---------- 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl index 9cd71adce1..ad4defa5fb 100644 --- a/lib/public_key/test/pkits_SUITE.erl +++ b/lib/public_key/test/pkits_SUITE.erl @@ -19,7 +19,7 @@ %% -%% Se specification here: +%% See specification here: %% http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html -module(pkits_SUITE). @@ -332,7 +332,7 @@ not_before_valid() -> [{doc,"Test valid periods"}]. not_before_valid(Config) when is_list(Config) -> run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3 EE", ok}, - { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]). + { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]). not_after_invalid() -> [{doc,"Test valid periods"}]. @@ -828,13 +828,24 @@ unknown_not_critical_extension(Config) when is_list(Config) -> %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- +-spec run([tuple()]) -> ok. run(Tests) -> [TA] = read_certs("Trust Anchor Root Certificate"), run(Tests, TA). +-spec run([Entry] | Entry, TA) -> ok when + TA :: public_key:pem_entry(), + Entry :: {CA, Test, Result} | {CA, Test, Result, CertificateBodies}, + CA :: public_key:pem_entry(), + Test :: string(), + Result :: atom(), + CertificateBodies :: [binary()]. run({Chap, Test, Result}, TA) -> - CertChain = cas(Chap) ++ read_certs(Test), - Options = path_validation_options(TA, Chap,Test), + run({Chap, Test, Result, read_certs(Test)}, TA); + +run({Chap, Test, Result, CertsBody}, TA) -> + CertChain = cas(Chap) ++ CertsBody, + Options = path_validation_options(Chap), try public_key:pkix_path_validation(TA, CertChain, Options) of {Result, _} -> ok; {error,Result} when Result =/= ok -> @@ -851,15 +862,14 @@ run({Chap, Test, Result}, TA) -> exit(crash) end; -run([Test|Rest],TA) -> - run(Test,TA), - run(Rest,TA); -run([],_) -> ok. +run(Tests,TA) when is_list(Tests) -> + lists:foreach(fun (T) -> run(T, TA) end, Tests), + ok. -path_validation_options(TA, Chap, Test) -> +path_validation_options(Chap) -> case needs_crl_options(Chap) of true -> - crl_options(TA, Chap, Test); + crl_options(Chap); false -> Fun = fun(_,{bad_cert, _} = Reason, _) -> @@ -873,9 +883,14 @@ path_validation_options(TA, Chap, Test) -> [{verify_fun, {Fun, []}}] end. +-spec read_certs(TestCase :: string()) -> [CertificateContent :: binary()]. read_certs(Test) -> File = cert_file(Test), Ders = erl_make_certs:pem_to_der(File), + extract_certificate(Ders). + +-spec extract_certificate(Certificates :: [public_key:pem_entry()]) -> CertificateContent :: binary(). +extract_certificate(Ders) -> [Cert || {'Certificate', Cert, not_encrypted} <- Ders]. read_crls(Test) -> @@ -883,13 +898,15 @@ read_crls(Test) -> Ders = erl_make_certs:pem_to_der(File), [CRL || {'CertificateList', CRL, not_encrypted} <- Ders]. +-spec cert_file(TestCase :: string()) -> FilenamePath :: string(). cert_file(Test) -> file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem"). +-spec crl_file(TestCase :: string()) -> FilenamePath :: string(). crl_file(Test) -> file(?CRL, lists:append(string:tokens(Test, " -")) ++ ".pem"). - +-spec file(Subdir :: string(), Filename :: string()) -> FilenamePath :: string(). file(Sub,File) -> TestDir = case get(datadir) of undefined -> "./pkits_SUITE_data"; @@ -939,7 +956,7 @@ needs_crl_options("4.15" ++ _) -> needs_crl_options(_) -> false. -crl_options(_TA, Chap, _Test) -> +crl_options(Chap) -> CRLNames = crl_names(Chap), CRLs = crls(CRLNames), Paths = lists:map(fun(CRLName) -> crl_path(CRLName) end, CRLNames), @@ -966,16 +983,12 @@ crl_options(_TA, Chap, _Test) -> CRLInfo = lists:reverse(CRLInfo0), PathDb = crl_path_db(lists:reverse(Crls), Paths, []), - Fun = fun(DP, CRLtoValidate, Id, PathDb0) -> - trusted_cert_and_path(DP, CRLtoValidate, Id, PathDb0) - end, - case CRLInfo of [] -> {valid, UserState}; [_|_] -> case public_key:pkix_crls_validate(OtpCert, CRLInfo, - [{issuer_fun,{Fun, PathDb}}]) of + [{issuer_fun,{fun trusted_cert_and_path/4, PathDb}}]) of valid -> {valid, UserState}; Reason -> @@ -1089,6 +1102,7 @@ dp_crlissuer_to_issuer(DPCRLIssuer) -> %%%%%%%%%%%%%%% CA mappings %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +-spec cas(Chap :: string()) -> [Certificates :: public_key:pem_entry()]. cas(Chap) -> CAS = intermidiate_cas(Chap), lists:foldl(fun([], Acc) -> @@ -1097,7 +1111,8 @@ cas(Chap) -> [CACert] = read_certs(CA), [CACert | Acc] end, [], CAS). - + +-spec intermidiate_cas(Chap :: string()) -> [CACert :: string()]. intermidiate_cas(Chap) when Chap == "4.1.1"; Chap == "4.1.3"; Chap == "4.2.2"; -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor