Merge branch 'main' into ww/rust-webpki-harness

Signed-off-by: William Woodruff <[email protected]>
C2SP · Nov 8, 2023 · a234a41 · a234a41
2 parents 304bf42 + 560f38e
commit a234a41
Show file tree

Hide file tree

Showing 8 changed files with 812 additions and 381 deletions.
diff --git a/harness/gocryptox509/main.go b/harness/gocryptox509/main.go
@@ -1,6 +1,6 @@
 package main
 
-//go:generate go run github.com/atombender/go-jsonschema/cmd/gojsonschema@latest -v -p main -o schema.go ../../limbo-schema.json
+//go:generate go run github.com/atombender/go-jsonschema@latest -v -p main -o schema.go ../../limbo-schema.json
 
 import (
 	"bytes"
@@ -98,7 +98,7 @@ func main() {
 	fmt.Printf("done! conformant/nonconformant/skipped/total %d/%d/%d/%d.\n", conform, nonconform, skip, len(testcases.Testcases))
 }
 
-func loadTestcases(path string) (testcases LimboSchemaJson, err error) {
+func loadTestcases(path string) (testcases Limbo, err error) {
 	contents, err := ioutil.ReadFile(path)
 	if err != nil {
 		return
@@ -119,17 +119,19 @@ func concatPEMCerts(certs []string) []byte {
 func evaluateTestcase(testcase Testcase) (testcaseResult, error) {
 	_ = spew.Dump
 
+	if testcase.Features != nil {
+		for _, feature := range testcase.Features {
+			if feature == "max-chain-depth" {
+				return resultSkipped, fmt.Errorf("max chain depth not supported")
+			}
+		}
+	}
+
 	var ts time.Time
 	if testcase.ValidationTime == nil {
 		ts = time.Now()
 	} else {
-		var err error
-		ts, err = time.Parse(time.RFC3339, *testcase.ValidationTime)
-
-		if err != nil {
-			fmt.Printf("%s\n", err)
-			return resultSkipped, errors.Wrap(err, "unable to parse testcase time as RFC3339")
-		}
+		ts = *testcase.ValidationTime
 	}
 
 	// TODO: Support testcases that constrain signature algorthms.
@@ -142,6 +144,10 @@ func evaluateTestcase(testcase Testcase) (testcaseResult, error) {
 		return resultSkipped, fmt.Errorf("key usage checks not supported yet")
 	}
 
+	if testcase.MaxChainDepth != nil {
+		return resultSkipped, fmt.Errorf("max chain depth not supported")
+	}
+
 	var ekus []x509.ExtKeyUsage
 	if len(testcase.ExtendedKeyUsage) != 0 {
 		extKeyUsagesMap := map[KnownEKUs]x509.ExtKeyUsage{

diff --git a/harness/gocryptox509/schema.go b/harness/gocryptox509/schema.go
diff --git a/harness/openssl/main.cpp b/harness/openssl/main.cpp
@@ -207,6 +207,13 @@ json evaluate_testcase(const json &testcase)
         }
     }
 
+    auto max_chain_depth_obj = testcase["max_chain_depth"];
+    if (!max_chain_depth_obj.is_null())
+    {
+        auto max_chain_depth = max_chain_depth_obj.template get<int64_t>();
+        X509_VERIFY_PARAM_set_depth(param, max_chain_depth);
+    }
+
     auto should_pass = testcase["expected_result"] == "SUCCESS";
     auto does_pass = X509_verify_cert(ctx.get());
     if (should_pass ^ does_pass)