Commit graph

27 commits

Author SHA1 Message Date
Pengyu Lv
a57f677474 cert_audit: Fix DER files missed from parsing
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
ee870a6e83 cert_audit: Remove merge_auditdata
We maintain a dict with unique AudiData objects
(AuditData with unique underlying X.509 objects).
We don't need merge_auditdata anymore.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e09d27e723 cert_audit: Use dictionary to store parsed AuditData
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
31e3d12be9 cert_audit: Output format improvement
We should print all the information for each objects
found every line. This makes it easy to analyze the
output.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
13f2ef4949 cert_audit: Calculate identifier for X.509 objects
The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fd72d9f556 cert_audit: Fix bug in check_cryptography_version
check_cryptography_version didn't provide helpful
message with Python < 3.6, because re.Match object
is not subscriptable.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
0b4832bbf5 cert_audit: Sort the outputs by not_valid_after date
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fe13bd3d0e cert_audit: Merge audit_data for identical X.509 objects
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e245c0c734 cert_audit: Support parsing file with multiple PEMs
Previously, if a file had multiple PEM objects, only
the first one would be parsed. This commit add the
support so that we could parse all the PEM objects
in the file.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
1d4cc917ce cert_audit: Reword the options and their descriptions
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 15:17:19 +08:00
Pengyu Lv
1381598aa3 cert_audit: Check the version of cryptography
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 14:55:38 +08:00
Pengyu Lv
c34b9ac18c cert_audit: Clarify the abstraction of Auditor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 14:57:30 +08:00
Pengyu Lv
28fe957239 cert_audit: Add simple parser of suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 13:56:25 +08:00
Pengyu Lv
2d487217cd cert_audit: Improve the method to find tests folder
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 12:41:24 +08:00
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00
Pengyu Lv
8e6794ad56 cert_audit: Code refinement
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 17:00:47 +08:00
Pengyu Lv
f8e5e059c5 cert_audit: Improve documentation
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 16:24:02 +08:00
Pengyu Lv
7725c1d2a9 cert_audit: Output line/argument number for *.data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:55:30 +08:00
Pengyu Lv
57240958ed cert_audit: Make FILE as positional argument
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:46:14 +08:00
Pengyu Lv
3179232211 cert_audit: Disable pylint error for importing cryptography
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 16:30:54 +08:00
Pengyu Lv
cb8fc3275a cert_audit: Fill validity dates in AuditData constructor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 15:05:29 +08:00
Pengyu Lv
ebf011f43e cert_audit: Introduce not-[before|after] option
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 14:07:50 +08:00
Pengyu Lv
30f2683d18 cert_audit: Parse more information from test suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-07 18:04:07 +08:00
Pengyu Lv
45e32033db cert_audit: Support audit on test suite data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 14:33:41 +08:00
Pengyu Lv
7f6933a227 cert_audit: Initial script for auditing expiry date
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 13:38:56 +08:00