[glib-networking/pgriffis/automate-cert-update] Automate updating certificate data for tests

[Patrick Griffis <pgriffis src gnome org>]

commit bd18c3a81b77e74073dba85afa5c6e40beee8820
Author: Patrick Griffis <pgriffis igalia com>
Date:   Fri Jun 18 13:06:30 2021 -0500

    Automate updating certificate data for tests

 tls/tests/file-database.c               | 22 ++++------------------
 tls/tests/file-database.h               |  4 ++++
 tls/tests/files/create-files.sh         | 11 +++++++----
 tls/tests/files/update-test-database.py | 26 ++++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 22 deletions(-)
---
diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
index ff761b7..f836e58 100644
--- a/tls/tests/file-database.c
+++ b/tls/tests/file-database.c
@@ -26,6 +26,8 @@
 
 #include "config.h"
 
+#include "file-database.h"
+
 #include <gio/gio.h>
 
 #include <sys/types.h>
@@ -467,24 +469,8 @@ certificate_is_in_list (GList *certificates,
 static void
 test_lookup_certificates_issued_by (void)
 {
-  /* This data is generated from the frob-certificate test tool in gcr library.
-   * To regenerate (from e.g. a directory containing gcr and glib-networking):
-   *
-   * $ gcr/_build/ui/test-frob-certificate glib-networking/tls/tests/files/ca.pem
-   *
-   * Then copy the hex that is printed after "subject" (not "issuer"!) and add
-   * the missing 'x's.
-   */
-  const guchar ISSUER[] = "\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2"
-                          "\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A"
-                          "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41"
-                          "\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15"
-                          "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74"
-                          "\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03"
-                          "\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F"
-                          "\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09"
-                          "\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63"
-                          "\x6F\x6D";
+  /* This data is generated from the update-test-database.py script */
+  const guchar ISSUER[] = ISSUER_DATA;
 
   GList *certificates;
   GByteArray *issuer_dn;
diff --git a/tls/tests/file-database.h b/tls/tests/file-database.h
new file mode 100644
index 0000000..15b5716
--- /dev/null
+++ b/tls/tests/file-database.h
@@ -0,0 +1,4 @@
+
+/* This is a generated file from update-test-database.py */
+
+#define ISSUER_DATA 
"\x30\x81\x86\x31\x13\x30\x11\x06\x0A\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x03\x43\x4F\x4D\x31\x17\x30\x15\x06\x0A\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19\x16\x07\x45\x58\x41\x4D\x50\x4C\x45\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x0C\x15\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x17\x30\x15\x06\x03\x55\x04\x03\x0C\x0E\x63\x61\x2E\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F\x6D\x31\x1D\x30\x1B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x0E\x63\x61\x40\x65\x78\x61\x6D\x70\x6C\x65\x2E\x63\x6F\x6D"
diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
index a313963..96fecff 100755
--- a/tls/tests/files/create-files.sh
+++ b/tls/tests/files/create-files.sh
@@ -24,10 +24,6 @@ echo "A few manual changes need to be made. The first certificate"
 echo "in ca-roots.pem and ca-roots-bad.pem need to be replaced by"
 echo "the contents of ca.pem."
 echo
-echo "Also, file-database.c:test_lookup_certificates_issued_by has"
-echo "an ISSUER variable that needs to be changed by the CA identifier"
-echo "(read the comment in that function) if you modify this script."
-echo
 echo "                   *** IMPORTANT ***"
 echo
 
@@ -191,6 +187,13 @@ cat server-intermediate.pem > chain.pem
 cat intermediate-ca.pem >> chain.pem
 cat ca.pem >> chain.pem
 
+#######################################################################
+### Update test database
+#######################################################################
+
+msg "Updating test database"
+./update-test-database.py ca.pem ../file-database.h
+
 #######################################################################
 ### Cleanup
 #######################################################################
diff --git a/tls/tests/files/update-test-database.py b/tls/tests/files/update-test-database.py
new file mode 100755
index 0000000..3761ea9
--- /dev/null
+++ b/tls/tests/files/update-test-database.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+import sys
+import cryptography.x509
+
+try:
+    in_path = sys.argv[1]
+    out_path = sys.argv[2]
+except IndexError:
+    sys.exit('USAGE: update-test-database.py ca.pem output_header.h')
+
+with open(in_path, 'rb') as in_file:
+    cert_data = in_file.read()
+
+cert = cryptography.x509.load_pem_x509_certificate(cert_data)
+subject_data = cert.subject.public_bytes()
+hex_subject = ''.join('\\x%02X' % b for b in subject_data)
+
+header = '''/* This is a generated file from update-test-database.py */
+
+#define ISSUER_DATA "{}"
+'''.format(hex_subject)
+
+with open(out_path, 'w') as out_file:
+    out_file.write(header)