summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/catlfish.erl31
-rw-r--r--src/catlfish.hrl4
-rw-r--r--src/catlfish_app.erl10
-rw-r--r--src/x509.erl15
4 files changed, 32 insertions, 28 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 83ca3db..765a8a6 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -4,8 +4,8 @@
-module(catlfish).
-export([add_chain/2, entries/2, entry_and_proof/2]).
-export([known_roots/0, update_known_roots/0]).
+-export([init_cache_table/0]).
-include_lib("eunit/include/eunit.hrl").
--include("catlfish.hrl").
-define(PROTOCOL_VERSION, 0).
@@ -133,6 +133,14 @@ entry_and_proof(Index, TreeSize) ->
{error_message, list_to_binary(Msg)}]}
end.
+-define(CACHE_TABLE, catlfish_cache).
+init_cache_table() ->
+ case ets:info(?CACHE_TABLE) of
+ undefined -> ok;
+ _ -> ets:delete(?CACHE_TABLE)
+ end,
+ ets:new(?CACHE_TABLE, [set, public, named_table]).
+
%% Private functions.
unpack_entry(Entry) ->
<<Timestamp:64, LogEntry/binary>> = Entry,
@@ -183,28 +191,30 @@ known_roots(Directory, CacheUsage) ->
use_cache ->
case ets:lookup(?CACHE_TABLE, ?ROOTS_CACHE_KEY) of
[] ->
- read_files_and_udpate_table(Directory);
+ read_files_and_update_table(Directory);
[{roots, DerList}] ->
DerList
end;
update_tab ->
- read_files_and_udpate_table(Directory)
+ read_files_and_update_table(Directory)
end.
-read_files_and_udpate_table(Directory) ->
+read_files_and_update_table(Directory) ->
L = x509:read_pemfiles_from_dir(Directory),
true = ets:insert(?CACHE_TABLE, {?ROOTS_CACHE_KEY, L}),
L.
%%%%%%%%%%%%%%%%%%%%
%% Testing internal functions.
--define(PEMFILES_DIR_OK, "../test/testdata/known-roots").
--define(PEMFILES_DIR_NONEXISTENT, "../test/testdata/nonexistent-dir").
+-define(PEMFILES_DIR_OK, "test/testdata/known_roots").
+-define(PEMFILES_DIR_NONEXISTENT, "test/testdata/nonexistent-dir").
read_pemfiles_test_() ->
{setup,
- fun() -> {known_roots(?PEMFILES_DIR_OK, use_cache),
- known_roots(?PEMFILES_DIR_OK, use_cache)}
+ fun() ->
+ init_cache_table(),
+ {known_roots(?PEMFILES_DIR_OK, update_tab),
+ known_roots(?PEMFILES_DIR_OK, use_cache)}
end,
fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end,
fun({L, LCached}) ->
@@ -214,6 +224,9 @@ read_pemfiles_test_() ->
read_pemfiles_fail_test_() ->
{setup,
- fun() -> known_roots(?PEMFILES_DIR_NONEXISTENT, use_cache) end,
+ fun() ->
+ init_cache_table(),
+ known_roots(?PEMFILES_DIR_NONEXISTENT, update_tab)
+ end,
fun(_) -> ets:delete(?CACHE_TABLE, ?ROOTS_CACHE_KEY) end,
fun(Empty) -> [?_assertMatch([], Empty)] end}.
diff --git a/src/catlfish.hrl b/src/catlfish.hrl
deleted file mode 100644
index 46e882b..0000000
--- a/src/catlfish.hrl
+++ /dev/null
@@ -1,4 +0,0 @@
-%%% Copyright (c) 2014, NORDUnet A/S.
-%%% See LICENSE for licensing information.
-
--define(CACHE_TABLE, catlfish_cache).
diff --git a/src/catlfish_app.erl b/src/catlfish_app.erl
index e24a1bb..56f6cc2 100644
--- a/src/catlfish_app.erl
+++ b/src/catlfish_app.erl
@@ -8,20 +8,12 @@
%% Application callbacks
-export([start/2, stop/1]).
--include("catlfish.hrl").
-
%% ===================================================================
%% Application callbacks
%% ===================================================================
start(normal, Args) ->
- case ets:info(?CACHE_TABLE) of
- undefined ->
- ok;
- _ ->
- ets:delete(?CACHE_TABLE)
- end,
- ets:new(?CACHE_TABLE, [set, public, named_table]),
+ catlfish:init_cache_table(),
catlfish_sup:start_link(Args).
stop(_State) ->
diff --git a/src/x509.erl b/src/x509.erl
index b0363cd..32ade83 100644
--- a/src/x509.erl
+++ b/src/x509.erl
@@ -31,7 +31,6 @@ normalise_chain(AcceptableRootCerts, CertChain) ->
%% an acceptable root cert. Order of certificates in second argument
%% is: leaf cert in head, chain in tail. Order of first argument is
%% irrelevant.
-
-spec valid_chain_p([binary()], [binary()], integer()) ->
{false, reason()} | {true, list()}.
valid_chain_p(_, _, MaxChainLength) when MaxChainLength =< 0 ->
@@ -279,8 +278,8 @@ sign_test_() ->
valid_cert_test_() ->
{setup,
- fun() -> {read_pemfiles_from_dir("../test/testdata/known_roots"),
- read_certs("../test/testdata/chains")} end,
+ fun() -> {read_pemfiles_from_dir("test/testdata/known_roots"),
+ read_certs("test/testdata/chains")} end,
fun(_) -> ok end,
fun({KnownRoots, Chains}) ->
[
@@ -298,7 +297,13 @@ valid_cert_test_() ->
%% leaf signed by known CA
?_assertMatch({true, _},
valid_chain_p(KnownRoots,
- lists:nth(3, Chains), 10))
+ lists:nth(3, Chains), 10)),
+ %% bug CATLFISH-19 --> [info] rejecting "3ee62cb678014c14d22ebf96f44cc899adea72f1": chain_broken
+ %% leaf sha1: 3ee62cb678014c14d22ebf96f44cc899adea72f1
+ %% leaf Subject: C=KR, O=Government of Korea, OU=Group of Server, OU=\xEA\xB5\x90\xEC\x9C\xA1\xEA\xB3\xBC\xED\x95\x99\xEA\xB8\xB0\xEC\x88\xA0\xEB\xB6\x80, CN=www.berea.ac.kr, CN=haksa.bits.ac.kr
+ ?_assertMatch({true, _},
+ valid_chain_p(lists:nth(4, Chains),
+ lists:nth(4, Chains), 10))
] end}.
chain_test_() ->
@@ -320,8 +325,6 @@ chain_test(C0, C1) ->
?_assertMatch({false, chain_too_long}, valid_chain_p([C1], [C0, C1], 1)),
%% Root not in trust store.
?_assertMatch({false, root_unknown}, valid_chain_p([], [C0, C1], 10)),
- %% Invalid signer.
- ?_assertMatch({false, chain_broken}, valid_chain_p([C0], [C1, C0], 10)),
%% Selfsigned. Actually OK.
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 10)),
?_assertMatch({true, []}, valid_chain_p([C0], [C0], 1)),