diff options
-rw-r--r-- | Makefile | 1 | ||||
-rw-r--r-- | reltool.config | 4 | ||||
-rw-r--r-- | src/catlfish.erl | 1 | ||||
-rw-r--r-- | src/dns.erl | 168 | ||||
-rw-r--r-- | src/v1.erl | 17 | ||||
-rw-r--r-- | tools/certtools.py | 13 | ||||
-rw-r--r-- | tools/precerttools.py | 2 | ||||
-rwxr-xr-x | tools/testcase1.py | 127 |
8 files changed, 219 insertions, 114 deletions
@@ -37,6 +37,7 @@ tests-prepare: mkdir $(INSTDIR)/tests/mergedb-secondary/chains touch $(INSTDIR)/tests/mergedb-secondary/logorder printf 0 > $(INSTDIR)/tests/mergedb-secondary/verifiedsize + cp test/testdata/dnssec/trust_anchors $(INSTDIR)/tests/ mkdir $(INSTDIR)/tests/known_roots cp tools/testcerts/roots/* $(INSTDIR)/tests/known_roots @for machine in $(MACHINES); do \ diff --git a/reltool.config b/reltool.config index 9fa5e7f..2a1b615 100644 --- a/reltool.config +++ b/reltool.config @@ -1,4 +1,8 @@ %% -*- mode: erlang -*- + +%% TODO: Be more specific with which files are copied. Point in case: +%% catlfish-0.9.0-dev.ez contains catlfish-0.9.0-dev/src/.~/. + {sys, [ {erts, [{mod_cond, derived}, {app_file, strip}]}, {app_file, strip}, diff --git a/src/catlfish.erl b/src/catlfish.erl index 711deaa..27563d1 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -124,6 +124,7 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) -> leaf_type = timestamped_entry, entry = TSE}), MTLHash = ht:leaf_hash(MTLText), + lager:debug("LeafCert len: ~p", [byte_size(LeafCert)]), LogEntry = pack_entry(Type, MTLText, LeafCert, CertChain), ok = plop:add(LogEntry, MTLHash, EntryHash), {TSE, MTLHash}. diff --git a/src/dns.erl b/src/dns.erl index f327a8f..46cda38 100644 --- a/src/dns.erl +++ b/src/dns.erl @@ -5,11 +5,13 @@ -export([decode_rrset/1, decode_rr/1, encode_rrset/1, encode_rr/1, canonicalize/1, validate/1]). +-include_lib("eunit/include/eunit.hrl"). + -record(rr, {name :: list(), % List of name labels. - type :: non_neg_integer(), - class :: binary(), - ttl :: integer(), - rdata :: binary()}). + type = 0 :: non_neg_integer(), + class = <<>> :: binary(), + ttl = 0 :: integer(), + rdata = <<>> :: binary()}). -type rr() :: #rr{}. -spec decode_name_label(binary()) -> tuple(). @@ -95,6 +97,7 @@ encode_rrset([H|T], Acc) -> encode_rrset(T, [encode_rr(H) | Acc]). %% Canonicalise a single RR according to RFC4034 section 6.2. +-spec canonicalize_rr_form(rr(), rr()) -> rr(). canonicalize_rr_form(RR, RRSIG) -> %% 1. Expand domain name -- a label with a length field >= 0xC0 is %% a two octet pointer, which we can't expand (since we don't have @@ -113,22 +116,72 @@ canonicalize_rr_form(RR, RRSIG) -> RR#rr{name = LCName, ttl = OrigTTL}. -%% Canonicalise an RRset with DNSKEY, DS, and RRSIG records according -%% to RFC4034 section 6. Records of other types are removed. Duplicate -%% records are removed. -canonicalize(RRset) -> +isValidType(#rr{type = Type}) -> + case Type of + 43 -> true; % DS + 46 -> true; % RRSIG + 48 -> true; % DNSKEY + _ -> false + end. + +%% Sort RR's within the same RRset, remove duplicate RR's and any RR's +%% not of the types DNSKEY, DS or RRSIG. +canonicalize_rr_ordering(RRs) -> + L1 = lists:takewhile(fun isValidType/1, RRs), + %%RRsets = splitOnName(L1), + %%SortedRRsets = lists:map(fun(L) -> lists:usort(fun cmpRR/2, L) end, L1), + %%OneList = lists:append(SortedRRsets), + lists:usort(fun cmpRR/2, L1). + +%% Canonicalise a list of RR's of the types DNSKEY, DS, and RRSIG +%% according to RFC4034 section 6. Records of other types are +%% removed. Duplicate records are removed. +-spec canonicalize(list()) -> list(). +canonicalize(RRs) -> %% 6.1 owner name order - RRset61 = RRset, % TODO + RRs61 = RRs, % TODO %% 6.2 RR form - [DS, RRSIG | Rest] = RRset61, + [DS, RRSIG | Rest] = RRs61, C14N_DS = canonicalize_rr_form(DS, RRSIG), - RRset62 = [C14N_DS, RRSIG | Rest], + RRs62 = [C14N_DS, RRSIG | Rest], %% 6.3 RR ordering (and dropping duplicates) - RRset63 = RRset62, + RRs63 = canonicalize_rr_ordering(RRs62), + + RRs63. + +%% cmpRR(A, B) when A#rr.type =< B#rr.type, +%% A#rr.class =< B#rr.class, +%% A#rr.ttl =< B#rr.ttl, +%% A#rr.rdata =< B#rr.rdata -> +%% cmpRRname(A#rr.name, B#rr.name); +%% cmpRR(_, _) -> +%% false. + +%% @doc +-spec cmpRR(rr(), rr()) -> boolean(). +cmpRR(A, B) -> + case cmpRRname(A#rr.name, B#rr.name) of + equal -> + ?debugFmt("~p == ~p, next", [A#rr.name, B#rr.name]), + case A#rr.type == B#rr.type of + false -> A#rr.type =< B#rr.type; + true -> case A#rr.class == B#rr.class of + false -> A#rr.class =< B#rr.class; + true -> case A#rr.ttl == B#rr.ttl of + false -> A#rr.ttl =< B#rr.ttl; + true -> A#rr.rdata =< B#rr.rdata + end + end + end; + NameCmp -> NameCmp + end. - RRset63. +cmpRRname(A, B) when A == B -> equal; +cmpRRname(A, B) when length(A) < length(B) -> true; +cmpRRname(A, B) when length(A) > length(B) -> false; +cmpRRname(A, B) -> A =< B. %% Is the RR set valid for our needs from a DNS point of view? If so, %% return the signature inception time of the RRSIG covering the DS @@ -150,3 +203,92 @@ validate(RRsetBin) -> %% TODO: Add unit tests. + +-define(TV_RR1_inbin, +<<7,101,120,97,109,112,108,101,3,99,111,109,0,0,43,0,1,0,0,14,16,0,36,82,106, + 13,2,89,208,13,15,120,173,192,134,9,41,169,35,70,122,194,189,203,240,40,210, + 4,171,20,30,135,63,107,184,116,61,213,134,7,101,120,97,109,112,108,101,3,99, + 111,109,0,0,46,0,1,0,0,14,16,0,87,0,43,13,2,0,0,14,16,87,22,3,11,87,3,142,11, + 80,81,3,99,111,109,0,6,228,88,59,0,197,54,50,211,112,165,110,118,14,215,62, + 255,210,31,169,117,192,113,47,232,31,111,175,28,118,31,225,190,139,249,250, + 244,69,217,9,111,122,75,130,10,159,190,71,241,184,230,58,126,189,225,42,29, + 195,7,217,85,233,231,155,0,0,48,0,1,0,0,14,16,0,68,1,0,3,13,209,167,133,117, + 137,124,191,163,201,10,151,19,139,232,224,244,203,106,201,233,28,167,30,177, + 84,53,125,127,85,116,219,50,35,216,117,50,127,240,195,143,219,193,12,65,95,5, + 16,116,0,141,5,83,66,213,40,91,22,196,101,145,127,109,68,210,7,101,120,97, + 109,112,108,101,3,99,111,109,0,0,43,0,1,0,0,14,16,0,36,82,106,13,2,89,208,13, + 15,120,173,192,134,9,41,169,35,70,122,194,189,203,240,40,210,4,171,20,30,135, + 63,107,184,116,61,213,134,0,0,48,0,1,0,0,14,16,0,68,1,0,3,13,209,167,133,117, + 137,124,191,163,201,10,151,19,139,232,224,244,203,106,201,233,28,167,30,177, + 84,53,125,127,85,116,219,50,35,216,117,50,127,240,195,143,219,193,12,65,95,5, + 16,116,0,141,5,83,66,213,40,91,22,196,101,145,127,109,68,210>>). +-define(TV_RR1_in, decode_rrset(?TV_RR1_inbin)). +-define(TV_RR1_out, []). + +gen_rrset(Name) -> + gen_rrset(Name, 0, 0, <<>>). +gen_rrset(Name, Type) -> + gen_rrset(Name, Type, 0, <<>>). +gen_rrset(Name, Type, TTL, RDATA) -> + N = string:tokens(Name, "."), + RRs = [#rr{name = N, type = Type, class = <<0, 1>>, ttl = TTL, rdata = RDATA}, + #rr{name = N, type = 46, class = <<0, 1>>, ttl = TTL, + rdata = <<0,0,0,0, TTL:32/integer>>}], + %%?debugFmt("gen_rrset: ~p", [RRs]), + RRs. + +basic_test_() -> + {ok, SingleRRbin} = file:read_file("test/testdata/dnssec/testrrsets/single-record"), + [SingleRR | _] = decode_rrset(SingleRRbin), + [G | _] = gen_rrset("example.com", 43, 3600, + <<82,106,13,2,89,208,13,15,120,173,192,134,9,41, + 169,35,70,122,194,189,203,240,40,210,4,171,20, + 30,135,63,107,184,116,61,213,134>>), + [?_assertMatch(#rr{name = ["example", "com"], + type = 43, class = <<0,1>>, ttl = 3600}, SingleRR), + ?_assertEqual(G, SingleRR)]. + +-define(TV_R1, gen_rrset("example.com", 43, 3600, <<>>)). +-define(TV_R2, gen_rrset("com", 43, 3600, <<>>)). +-define(TV_R3, gen_rrset("com", 43, 300, <<>>)). + +c14n_test_() -> + [ + %% Reverse order, names. + ?_assertEqual(lists:append([?TV_R2, ?TV_R1]), + canonicalize(lists:append([?TV_R1, ?TV_R2]))), + %% Remove duplicate R1. + ?_assertEqual(lists:append([?TV_R2, ?TV_R1]), + canonicalize(lists:append([?TV_R1, ?TV_R2, ?TV_R1]))), + %% Reverse order, TTL. + ?_assertEqual(lists:append([?TV_R3, ?TV_R2]), + canonicalize(lists:append([?TV_R2, ?TV_R3]))), + %% Sorting and removing. + %%?_assertEqual(lists:append([?TV_R3, ?TV_R2, ?TV_R1]), + %% canonicalize(lists:append([?TV_R2, ?TV_R3, ?TV_R1, ?TV_R3]))), + ?_assert(true)]. + +sorting_test_() -> + [ + ?_assertEqual(lists:append([ + gen_rrset("example", 43), + gen_rrset("a.example", 43), + gen_rrset("yljkjljk.a.example", 43), + gen_rrset("Z.a.example", 43), + gen_rrset("zABC.a.EXAMPLE", 43), + gen_rrset("z.example", 43), + gen_rrset("\001.z.example", 43), + gen_rrset("*.z.example", 43), + gen_rrset("\200.z.example", 43)]), + canonicalize( + lists:append([ + gen_rrset("\001.z.example", 43), + gen_rrset("a.example", 43), + gen_rrset("example", 43), + gen_rrset("Z.a.example", 43), + gen_rrset("zABC.a.EXAMPLE", 43), + gen_rrset("\200.z.example", 43), + gen_rrset("z.example", 43), + gen_rrset("*.z.example", 43), + gen_rrset("yljkjljk.a.example", 43)]))) + ]. @@ -129,13 +129,20 @@ request(_Method, _App, _Fun, _) -> none. %% Private functions. +-define(INPUT_TRIMLEN, 80). err400(Text, Input) -> + InputTrimmed = case Input of + I when is_binary(I) -> + binary_part(I, 0, ?INPUT_TRIMLEN); + I when is_list(I) -> + lists:sublist(I, ?INPUT_TRIMLEN) + end, {400, [{"Content-Type", "text/html"}], io_lib:format( "<html><body><p>~n" ++ "~s~n" ++ "~p~n" ++ - "</body></html>~n", [Text, Input])}. + "</body></html>~n", [Text, InputTrimmed])}. success(Data) -> {200, [{"Content-Type", "text/json"}], mochijson2:encode(Data)}. @@ -165,9 +172,13 @@ add_rr_chain(Input) -> add_chain_helper(Data) -> case dnssecport:validate(Data) of - {valid, [DS | Chain]} -> + {valid, ChainBin} -> lager:debug("succesful DNSSEC validation"), - success(catlfish:add_chain(DS, Chain, normal)); + {DS, Chain} = lists:split(2, dns:decode_rrset(ChainBin)), + %%lager:debug("DS: ~p~nChain: ~p", [DS, Chain]), + success(catlfish:add_chain(dns:encode_rrset(DS), + [dns:encode_rrset(Chain)], % FIXME + normal)); {invalid, Reason} -> lager:debug("DNSSEC validation failed with ~p", [Reason]), err400(io_lib:format("add-rr-chain: invalid DS record: ~p", diff --git a/tools/certtools.py b/tools/certtools.py index 9296401..ec4177c 100644 --- a/tools/certtools.py +++ b/tools/certtools.py @@ -137,7 +137,7 @@ def pyopenssl_https_get(url): return response_lines[len(response_lines) - 1] def get_sth(baseurl): - result = urlopen(baseurl + "open/gaol/v1/get-sth").read() + result = urlopen(baseurl + "dt/v1/get-sth").read() return json.loads(result) def get_proof_by_hash(baseurl, hash, tree_size): @@ -145,7 +145,7 @@ def get_proof_by_hash(baseurl, hash, tree_size): params = urllib.urlencode({"hash":base64.b64encode(hash), "tree_size":tree_size}) result = \ - urlopen(baseurl + "open/gaol/v1/get-proof-by-hash?" + params).read() + urlopen(baseurl + "dt/v1/get-proof-by-hash?" + params).read() return json.loads(result) except urllib2.HTTPError, e: print "ERROR:", e.read() @@ -156,7 +156,7 @@ def get_consistency_proof(baseurl, tree_size1, tree_size2): params = urllib.urlencode({"first":tree_size1, "second":tree_size2}) result = \ - urlopen(baseurl + "open/gaol/v1/get-sth-consistency?" + params).read() + urlopen(baseurl + "dt/v1/get-sth-consistency?" + params).read() return json.loads(result)["consistency"] except urllib2.HTTPError, e: print "ERROR:", e.read() @@ -179,7 +179,8 @@ def unpack_tls_array(packed_data, length_len): def add_chain(baseurl, submission): try: - result = urlopen(baseurl + "open/gaol/v1/add-blob", json.dumps(submission)).read() + result = urlopen(baseurl + "dt/v1/add-rr-chain", + json.dumps(submission)).read() return json.loads(result) except urllib2.HTTPError, e: print "ERROR", e.code,":", e.read() @@ -196,7 +197,7 @@ def add_chain(baseurl, submission): def add_prechain(baseurl, submission): try: - result = urlopen(baseurl + "open/gaol/v1/add-pre-chain", + result = urlopen(baseurl + "dt/v1/add-pre-chain", json.dumps(submission)).read() return json.loads(result) except urllib2.HTTPError, e: @@ -215,7 +216,7 @@ def add_prechain(baseurl, submission): def get_entries(baseurl, start, end): params = urllib.urlencode({"start":start, "end":end}) try: - result = urlopen(baseurl + "open/gaol/v1/get-entries?" + params).read() + result = urlopen(baseurl + "dt/v1/get-entries?" + params).read() return json.loads(result) except urllib2.HTTPError, e: print "ERROR:", e.read() diff --git a/tools/precerttools.py b/tools/precerttools.py index 13ac572..9687e28 100644 --- a/tools/precerttools.py +++ b/tools/precerttools.py @@ -3,7 +3,7 @@ import sys import hashlib -import rfc2459 +import rfc2459 # debian package python-pyasn1-modules from pyasn1.type import univ, tag from pyasn1.codec.der import encoder, decoder diff --git a/tools/testcase1.py b/tools/testcase1.py index 1a294d9..ec85d85 100755 --- a/tools/testcase1.py +++ b/tools/testcase1.py @@ -13,23 +13,19 @@ import struct import hashlib import itertools from certtools import * +from dnstools import c14n_dsrr, unpack_rrset baseurls = [sys.argv[1]] logpublickeyfile = sys.argv[2] cacertfile = sys.argv[3] -certfiles = ["../tools/testcerts/cert1.txt", "../tools/testcerts/cert2.txt", - "../tools/testcerts/cert3.txt", "../tools/testcerts/cert4.txt", - "../tools/testcerts/cert5.txt"] +RRfiles = ["../test/testdata/dnssec/testrrsets/req-basic"] -def get_blob_from_file(filename): - return [open(filename, 'r').read()] +def get_rrset_from_file(filename): + return open(filename, 'r').read() -cc1 = get_blob_from_file(certfiles[0]) -cc2 = get_blob_from_file(certfiles[1]) -cc3 = get_blob_from_file(certfiles[2]) -cc4 = get_blob_from_file(certfiles[3]) -cc5 = get_blob_from_file(certfiles[4]) +# TODO: Add more tests, like 4 more would be good. +rr1 = get_rrset_from_file(RRfiles[0]) create_ssl_context(cafile=cacertfile) @@ -76,15 +72,18 @@ def print_and_check_tree_size(expected, baseurl): tree_size = sth["tree_size"] assert_equal(tree_size, expected, "tree size", quiet=True) -def do_add_chain(chain, baseurl): +def do_add_chain(ignore1, ignore2): assert 0, "use do_add_rr() instead" # FIXME: remove + +def do_add_rr(rrset, baseurl): global failures - blob = ''.join(chain) try: - result = add_chain(baseurl, {"blob":base64.b64encode(blob)}) + result = add_chain(baseurl, {"chain":base64.b64encode(rrset)}) except ValueError, e: print_error("%s", e) try: - signed_entry = pack_cert(blob) + print "result:", result + signed_entry = pack_cert(c14n_dsrr(rrset)) + print "signed_entry:", repr(signed_entry) check_sct_signature(baseurl, signed_entry, result, publickey=logpublickey) print_success("signature check succeeded") except AssertionError, e: @@ -95,8 +94,8 @@ def do_add_chain(chain, baseurl): return result def get_and_validate_proof(timestamp, chain, leaf_index, nentries, baseurl): - blob = ''.join(chain) - merkle_tree_leaf = pack_mtl(timestamp, blob) + dsrr = c14n_dsrr(chain) + merkle_tree_leaf = pack_mtl(timestamp, dsrr) leaf_hash = get_leaf_hash(merkle_tree_leaf) sth = get_sth(baseurl) proof = get_proof_by_hash(baseurl, leaf_hash, sth["tree_size"]) @@ -109,7 +108,7 @@ def get_and_validate_proof(timestamp, chain, leaf_index, nentries, baseurl): root_hash = base64.b64decode(sth["sha256_root_hash"]) assert_equal(root_hash, calc_root_hash, "verified root hash", nodata=True, quiet=True) - get_and_check_entry(timestamp, blob, leaf_index, baseurl) + get_and_check_entry(timestamp, chain, leaf_index, baseurl) def get_and_validate_consistency_proof(sth1, sth2, size1, size2, baseurl): consistency_proof = [base64.decodestring(entry) for entry in get_consistency_proof(baseurl, size1, size2)] @@ -121,15 +120,17 @@ def get_and_validate_consistency_proof(sth1, sth2, size1, size2, baseurl): def get_and_check_entry(timestamp, chain, leaf_index, baseurl): - blob = ''.join(chain) entries = get_entries(baseurl, leaf_index, leaf_index) assert_equal(len(entries), 1, "get_entries", quiet=True) fetched_entry = entries["entries"][0] - merkle_tree_leaf = pack_mtl(timestamp, blob) + merkle_tree_leaf = pack_mtl(timestamp, c14n_dsrr(chain)) leaf_input = base64.decodestring(fetched_entry["leaf_input"]) - extra_data = base64.decodestring(fetched_entry["extra_data"]) assert_equal(leaf_input, merkle_tree_leaf, "entry", nodata=True, quiet=True) - assert_equal(extra_data, '\x00\x00\x00', "extra_data", quiet=True) + extra_data = base64.decodestring(fetched_entry["extra_data"]) + chain_fetched = unpack_rrset(decode_certificate_chain(extra_data)[0]) + chain_submitted = unpack_rrset(chain)[1:] + # FIXME: Might not have submited trust anchors. + assert_equal(chain_fetched, chain_submitted, "chain", quiet=True) def merge(): return subprocess.call(["../tools/merge", "--config", "../test/catlfish-test.cfg", @@ -141,9 +142,9 @@ assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) for baseurl in baseurls: print_and_check_tree_size(0, baseurl) -testgroup("cert1") +testgroup("rr1") -result1 = do_add_chain(cc1, baseurls[0]) +result1 = do_add_rr(rr1, baseurls[0]) mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) @@ -154,7 +155,7 @@ for baseurl in baseurls: print_and_check_tree_size(1, baseurl) size_sth[1] = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) -result2 = do_add_chain(cc1, baseurls[0]) +result2 = do_add_rr(rr1, baseurls[0]) assert_equal(result2["timestamp"], result1["timestamp"], "timestamp") @@ -167,79 +168,23 @@ size1_v2_sth = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) assert_equal(size_sth[1], size1_v2_sth, "sth", nodata=True) -# TODO: add invalid cert and check that it generates an error -# and that treesize still is 1 - -get_and_validate_proof(result1["timestamp"], cc1, 0, 0, baseurls[0]) - -testgroup("cert2") - -result3 = do_add_chain(cc2, baseurls[0]) - -mergeresult = merge() -assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) - -for baseurl in baseurls: - print_and_check_tree_size(2, baseurl) -size_sth[2] = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) - -get_and_validate_proof(result1["timestamp"], cc1, 0, 1, baseurls[0]) -get_and_validate_proof(result3["timestamp"], cc2, 1, 1, baseurls[0]) - -testgroup("cert3") - -result4 = do_add_chain(cc3, baseurls[0]) - -mergeresult = merge() -assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) - -for baseurl in baseurls: - print_and_check_tree_size(3, baseurl) -size_sth[3] = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) - -get_and_validate_proof(result1["timestamp"], cc1, 0, 2, baseurls[0]) -get_and_validate_proof(result3["timestamp"], cc2, 1, 2, baseurls[0]) -get_and_validate_proof(result4["timestamp"], cc3, 2, 1, baseurls[0]) - -testgroup("cert4") - -result5 = do_add_chain(cc4, baseurls[0]) +# TODO: add an invalid chain and check that it generates an error and +# that treesize still is 1 -mergeresult = merge() -assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) - -for baseurl in baseurls: - print_and_check_tree_size(4, baseurl) -size_sth[4] = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) - -get_and_validate_proof(result1["timestamp"], cc1, 0, 2, baseurls[0]) -get_and_validate_proof(result3["timestamp"], cc2, 1, 2, baseurls[0]) -get_and_validate_proof(result4["timestamp"], cc3, 2, 2, baseurls[0]) -get_and_validate_proof(result5["timestamp"], cc4, 3, 2, baseurls[0]) - -testgroup("cert5") - -result6 = do_add_chain(cc5, baseurls[0]) - -mergeresult = merge() -assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) - -for baseurl in baseurls: - print_and_check_tree_size(5, baseurl) -size_sth[5] = base64.b64decode(get_sth(baseurls[0])["sha256_root_hash"]) +get_and_validate_proof(result1["timestamp"], rr1, 0, 0, baseurls[0]) -get_and_validate_proof(result1["timestamp"], cc1, 0, 3, baseurls[0]) -get_and_validate_proof(result3["timestamp"], cc2, 1, 3, baseurls[0]) -get_and_validate_proof(result4["timestamp"], cc3, 2, 3, baseurls[0]) -get_and_validate_proof(result5["timestamp"], cc4, 3, 3, baseurls[0]) -get_and_validate_proof(result6["timestamp"], cc5, 4, 1, baseurls[0]) +testgroup("proofs") mergeresult = merge() assert_equal(mergeresult, 0, "merge", quiet=True, fatal=True) -for first_size in range(1, 5): - for second_size in range(first_size + 1, 6): - get_and_validate_consistency_proof(size_sth[first_size], size_sth[second_size], first_size, second_size, baseurls[0]) +for first_size in range(1, 1): + for second_size in range(first_size + 1, 2): + get_and_validate_consistency_proof(size_sth[first_size], + size_sth[second_size], + first_size, + second_size, + baseurls[0]) print "-------" if failures: |