Merge CAFILE and Certificate

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-12-01 10:59:59 +08:00
parent b4ac8f3c04
commit 882c30da17

View file

@ -27,30 +27,25 @@ import os
import abc import abc
import argparse import argparse
import itertools import itertools
from collections import namedtuple
# pylint: disable=useless-super-delegation # pylint: disable=useless-super-delegation
# define certificates configuration entry
Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
# define the certificate parameters for signature algorithms
CERTIFICATES = { CERTIFICATES = {
'ecdsa_secp256r1_sha256': ( 'ecdsa_secp256r1_sha256': Certificate('data_files/test-ca2.crt',
'data_files/ecdsa_secp256r1.crt', 'data_files/ecdsa_secp256r1.crt',
'data_files/ecdsa_secp256r1.key'), 'data_files/ecdsa_secp256r1.key'),
'ecdsa_secp384r1_sha384': ( 'ecdsa_secp384r1_sha384': Certificate('data_files/test-ca2.crt',
'data_files/ecdsa_secp384r1.crt', 'data_files/ecdsa_secp384r1.crt',
'data_files/ecdsa_secp384r1.key'), 'data_files/ecdsa_secp384r1.key'),
'ecdsa_secp521r1_sha512': ( 'ecdsa_secp521r1_sha512': Certificate('data_files/test-ca2.crt',
'data_files/ecdsa_secp521r1.crt', 'data_files/ecdsa_secp521r1.crt',
'data_files/ecdsa_secp521r1.key'), 'data_files/ecdsa_secp521r1.key'),
'rsa_pss_rsae_sha256': ( 'rsa_pss_rsae_sha256': Certificate('data_files/test-ca_cat12.crt',
'data_files/server2-sha256.crt', 'data_files/server2.key' 'data_files/server2-sha256.crt', 'data_files/server2.key'
) )
}
CAFILE = {
'ecdsa_secp256r1_sha256': 'data_files/test-ca2.crt',
'ecdsa_secp384r1_sha384': 'data_files/test-ca2.crt',
'ecdsa_secp521r1_sha512': 'data_files/test-ca2.crt',
'rsa_pss_rsae_sha256': 'data_files/test-ca_cat12.crt'
} }
CIPHER_SUITE_IANA_VALUE = { CIPHER_SUITE_IANA_VALUE = {
@ -160,7 +155,9 @@ class OpenSSLServ(TLSProgram):
def cmd(self): def cmd(self):
ret = ['$O_NEXT_SRV_NO_CERT'] ret = ['$O_NEXT_SRV_NO_CERT']
for cert, key in self.certificates: for i in self.certificates:
print(i)
for _, cert, key in self.certificates:
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-accept $SRV_PORT'] ret += ['-accept $SRV_PORT']
ciphersuites = ','.join(self.ciphersuites) ciphersuites = ','.join(self.ciphersuites)
@ -253,7 +250,7 @@ class GnuTLSServ(TLSProgram):
'--http', '--http',
'--disable-client-cert', '--disable-client-cert',
'--debug=4'] '--debug=4']
for cert, key in self.certificates: for _, cert, key in self.certificates:
ret += ['--x509certfile {cert} --x509keyfile {key}'.format( ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
cert=cert, key=key)] cert=cert, key=key)]
priority_strings = ':+'.join(['NONE'] + priority_strings = ':+'.join(['NONE'] +
@ -333,7 +330,8 @@ class MbedTLSCli(TLSProgram):
ret += [ ret += [
'server_addr=127.0.0.1 server_port=$SRV_PORT', 'server_addr=127.0.0.1 server_port=$SRV_PORT',
'debug_level=4 force_version=tls1_3'] 'debug_level=4 force_version=tls1_3']
ret += ['ca_file={CAFILE}'.format(CAFILE=CAFILE[self._sig_alg])] ret += ['ca_file={cafile}'.format(
cafile=CERTIFICATES[self._sig_alg].cafile)]
self.ciphersuites = list(set(self.ciphersuites)) self.ciphersuites = list(set(self.ciphersuites))
cipher = ','.join(self.ciphersuites) cipher = ','.join(self.ciphersuites)
if cipher: if cipher:
@ -479,8 +477,8 @@ def main():
print(*CLIENT_CLASSES.keys()) print(*CLIENT_CLASSES.keys())
return 0 return 0
print(generate_compat_test(server=args.server, client=args.client, print(generate_compat_test(server=args.server, client=args.client, sig_alg=args.sig_alg,
sig_alg=args.sig_alg, cipher=args.cipher, named_group=args.named_group)) cipher=args.cipher, named_group=args.named_group))
return 0 return 0