Improve tools and add tests (#4)

.github/workflows/build-documents.yml

@@ -4,17 +4,17 @@ on:
     branches: ["main"]
   pull_request:
   workflow_dispatch:
-  
+
 jobs:
   build_docs:
     strategy:
       matrix:
         document:
-          - 'entrust'
-    name: Build ${{ matrix.document }}
-    runs-on: ubuntu-20.04
+          - "entrust"
+    name: Build Document ${{ matrix.document }}
+    runs-on: ubuntu-20.041
     steps:
-      - name: Checkout the code
+      - name: Checkout Repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -34,13 +34,14 @@ jobs:
           path: old/
       - name: Link RFC references
         run: |
-          python tools/rfc-links.py ${{ matrix.document }}.md
-          python tools/rfc-links.py old/${{ matrix.document }}.md
+          python tools/rfc_links.py ${{ matrix.document }}.md
+          python tools/rfc_links.py old/${{ matrix.document }}.md
       - name: Link CA/Browser Forum references
         run: |
-          python tools/cabforum-links.py ${{ matrix.document }}.md
-          python tools/cabforum-links.py old/${{ matrix.document }}.md
-      - uses: docker://ghcr.io/vanbroup/build-guidelines-action:sha-e5ddc9e4
+          python tools/cabforum_links.py ${{ matrix.document }}.md
+          python tools/cabforum_links.py old/${{ matrix.document }}.md
+      - name: Build Document
+        uses: docker://ghcr.io/vanbroup/build-guidelines-action:sha-e5ddc9e4
         id: build_doc
         with:
           markdown_file: ${{ matrix.document }}.md
@@ -59,4 +60,4 @@ jobs:
             ${{ steps.build_doc.outputs.pdf_file }}
             ${{ steps.build_doc.outputs.docx_file }}
             ${{ steps.build_doc.outputs.pdf_redline_file }}
-          if-no-files-found: 'error'
+          if-no-files-found: "error"

.github/workflows/check-no-stipulation.yml

@@ -0,0 +1,33 @@
+name: Check for no stipulation
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+
+jobs:
+  check-no-stipulation:
+    strategy:
+      matrix:
+        document:
+          - "entrust"
+
+    name: Check ${{ matrix.document }}.md for no stipulation
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python Environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install Python Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r tools/requirements.txt
+
+      - name: Run check
+        run: |
+          python tools/check_no_stipulation.py ${{ matrix.document }}.md

.github/workflows/check-sections.yml

@@ -8,37 +8,37 @@ jobs:
   check-sections:
     strategy:
       matrix:
-        source: ['rfc3647']
+        source: ["rfc3647"]
         document:
-          - 'entrust'
+          - "entrust"
         include:
-          - source: 'tlsbr'
-            document: 'entrust'
+          - source: "tlsbr"
+            document: "entrust"
 
     name: Check sections of ${{ matrix.document }} against ${{ matrix.source }}
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout Repository
+        uses: actions/checkout@v4
 
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.x'
+      - name: Setup Python Environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
 
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r tools/requirements.txt
+      - name: Install Python Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r tools/requirements.txt
 
-    - name: Check sections
-      run: |
-        python tools/check-sections.py ${{ matrix.document }}.md ${{ matrix.source }} output-${{ matrix.source }}.txt
+      - name: Check Document Sections
+        run: |
+          python tools/check_sections.py ${{ matrix.document }}.md ${{ matrix.source }} output-${{ matrix.source }}.txt
 
-    - name: Compare sections
-      run: |
-        if ! diff -u tests/expected/${{ matrix.document }}-${{ matrix.source }}-sections.txt output-${{ matrix.source }}.txt; then
-          echo "Sections have changed, please verify the diff above and fix or commit changes"
-          exit 1
-        fi
+      - name: Compare Document Sections
+        run: |
+          if ! diff -u tests/expected/${{ matrix.document }}-${{ matrix.source }}-sections.txt output-${{ matrix.source }}.txt; then
+            echo "Sections have changed, please verify the diff above and fix or commit changes"
+            exit 1
+          fi

.github/workflows/test-tools.yml

@@ -0,0 +1,33 @@
+name: Test tools
+on:
+  push:
+    branches: ["main"]
+    paths:
+      - "tools/**"
+  pull_request:
+    paths:
+      - "tools/**"
+
+jobs:
+  test-tools-job:
+    name: Run Unit Tests for Tools
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python Environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install Python Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r tools/requirements.txt
+
+      - name: Execute Unit Tests
+        run: |
+          cd ./tools
+          python -m unittest *_test.py

.gitignore

@@ -0,0 +1,13 @@
+# Python
+*.pyc
+__pycache__/
+*.pyo
+*.pyd
+*.pyi
+*.pyz
+*.pyw
+*.pyz/
+*.pyw/
+*.egg-info/
+dist/
+build/

tests/expected/entrust-tlsbr-sections.txt

@@ -1,6 +1,6 @@
 TLSBR
 
-- Section 1. (INTRODUCTION) not found in the document
+- Section 1 (INTRODUCTION) not found in the document
 - Section 1.1 (Overview) not found in the document
 - Section 1.2 (Document name and identification) not found in the document
 - Section 1.2.1 (Revisions) not found in the document
@@ -24,12 +24,12 @@ TLSBR
 - Section 1.6.2 (Acronyms) not found in the document
 - Section 1.6.3 (References) not found in the document
 - Section 1.6.4 (Conventions) not found in the document
-- Section 2. (PUBLICATION AND REPOSITORY RESPONSIBILITIES) not found in the document
+- Section 2 (PUBLICATION AND REPOSITORY RESPONSIBILITIES) not found in the document
 - Section 2.1 (Repositories) not found in the document
 - Section 2.2 (Publication of information) not found in the document
 - Section 2.3 (Time or frequency of publication) not found in the document
 - Section 2.4 (Access controls on repositories) not found in the document
-- Section 3. (IDENTIFICATION AND AUTHENTICATION) not found in the document
+- Section 3 (IDENTIFICATION AND AUTHENTICATION) not found in the document
 - Section 3.1 (Naming) not found in the document
 - Section 3.1.1 (Types of names) not found in the document
 - Section 3.1.2 (Need for names to be meaningful) not found in the document
@@ -83,7 +83,7 @@ TLSBR
 - Section 3.3.1 (Identification and authentication for routine re-key) not found in the document
 - Section 3.3.2 (Identification and authentication for re-key after revocation) not found in the document
 - Section 3.4 (Identification and authentication for revocation request) not found in the document
-- Section 4. (CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS) not found in the document
+- Section 4 (CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS) not found in the document
 - Section 4.1 (Certificate Application) not found in the document
 - Section 4.1.1 (Who can submit a certificate application) not found in the document
 - Section 4.1.2 (Enrollment process and responsibilities) not found in the document
@@ -93,6 +93,9 @@ TLSBR
 - Section 4.2.3 (Time to process certificate applications) not found in the document
 - Section 4.3 (Certificate issuance) not found in the document
 - Section 4.3.1 (CA actions during certificate issuance) not found in the document
+- Section 4.3.1.1 (Manual authorization of certificate issuance for Root CAs) not found in the document
+- Section 4.3.1.2 (Linting of to-be-signed Certificate content) not found in the document
+- Section 4.3.1.3 (Linting of issued Certificates) not found in the document
 - Section 4.3.2 (Notification to subscriber by the CA of issuance of certificate) not found in the document
 - Section 4.4 (Certificate acceptance) not found in the document
 - Section 4.4.1 (Conduct constituting certificate acceptance) not found in the document
@@ -152,7 +155,7 @@ TLSBR
 - Section 4.12 (Key escrow and recovery) not found in the document
 - Section 4.12.1 (Key escrow and recovery policy and practices) not found in the document
 - Section 4.12.2 (Session key encapsulation and recovery policy and practices) not found in the document
-- Section 5. (MANAGEMENT, OPERATIONAL, AND PHYSICAL CONTROLS) not found in the document
+- Section 5 (MANAGEMENT, OPERATIONAL, AND PHYSICAL CONTROLS) not found in the document
 - Section 5.1 (Physical Security Controls) not found in the document
 - Section 5.1.1 (Site location and construction) not found in the document
 - Section 5.1.2 (Physical access) not found in the document
@@ -201,7 +204,7 @@ TLSBR
 - Section 5.7.3 (Recovery Procedures after Key Compromise) not found in the document
 - Section 5.7.4 (Business continuity capabilities after a disaster) not found in the document
 - Section 5.8 (CA or RA termination) not found in the document
-- Section 6. (TECHNICAL SECURITY CONTROLS) not found in the document
+- Section 6 (TECHNICAL SECURITY CONTROLS) not found in the document
 - Section 6.1 (Key pair generation and installation) not found in the document
 - Section 6.1.1 (Key pair generation) not found in the document
 - Section 6.1.1.1 (CA Key Pair Generation) not found in the document
@@ -241,7 +244,7 @@ TLSBR
 - Section 6.6.3 (Life cycle security controls) not found in the document
 - Section 6.7 (Network security controls) not found in the document
 - Section 6.8 (Time-stamping) not found in the document
-- Section 7. (CERTIFICATE, CRL, AND OCSP PROFILES) not found in the document
+- Section 7 (CERTIFICATE, CRL, AND OCSP PROFILES) not found in the document
 - Section 7.1 (Certificate profile) not found in the document
 - Section 7.1.1 (Version number(s)) not found in the document
 - Section 7.1.2 (Certificate Content and Extensions) not found in the document
@@ -335,15 +338,15 @@ TLSBR
 - Section 7.3 (OCSP profile) not found in the document
 - Section 7.3.1 (Version number(s)) not found in the document
 - Section 7.3.2 (OCSP extensions) not found in the document
-- Section 8. (COMPLIANCE AUDIT AND OTHER ASSESSMENTS) not found in the document
+- Section 8 (COMPLIANCE AUDIT AND OTHER ASSESSMENTS) not found in the document
 - Section 8.1 (Frequency or circumstances of assessment) not found in the document
 - Section 8.2 (Identity/qualifications of assessor) not found in the document
 - Section 8.3 (Assessor's relationship to assessed entity) not found in the document
 - Section 8.4 (Topics covered by assessment) not found in the document
 - Section 8.5 (Actions taken as a result of deficiency) not found in the document
 - Section 8.6 (Communication of results) not found in the document
 - Section 8.7 (Self-Audits) not found in the document
-- Section 9. (OTHER BUSINESS AND LEGAL MATTERS) not found in the document
+- Section 9 (OTHER BUSINESS AND LEGAL MATTERS) not found in the document
 - Section 9.1 (Fees) not found in the document
 - Section 9.1.1 (Certificate issuance or renewal fees) not found in the document
 - Section 9.1.2 (Certificate access fees) not found in the document
@@ -395,3 +398,10 @@ TLSBR
 - Section 9.16.4 (Enforcement (attorneys' fees and waiver of rights)) not found in the document
 - Section 9.16.5 (Force Majeure) not found in the document
 - Section 9.17 (Other provisions) not found in the document
+- Section APPENDIX (B – Issuance of Certificates for Onion Domain Names) not found in the document
+- Section A.1 (CAA Methods) not found in the document
+- Section A.1.1 (CAA contactemail Property) not found in the document
+- Section A.1.2 (CAA contactphone Property) not found in the document
+- Section A.2 (DNS TXT Methods) not found in the document
+- Section A.2.1 (DNS TXT Record Email Contact) not found in the document
+- Section A.2.2 (DNS TXT Record Phone Contact) not found in the document

tools/cabforum_links_test.py

@@ -0,0 +1,33 @@
+import unittest
+from cabforum_links import replace_references, generate_document_pattern
+
+document_input = """
+Check SSL Baseline Requirements section 1.
+TLS Baseline Requirements Section 1.2 if you like.
+TLS BR section 1.2.3.
+Code Signing Baseline Requirements section 2.
+Code Signing BR section 3.6
+TLS EV Guidelines
+TLS EV Guidelines Section 4.5
+"""
+
+class TestCheckReplaceReferences(unittest.TestCase):
+    def test_replace_references(self):
+        document_pattern = generate_document_pattern()
+        output = replace_references(document_input, document_pattern)
+
+        expected_result = """
+Check [SSL Baseline Requirements section 1](https://cabforum.org/working-groups/server/baseline-requirements/requirements/#section-1).
+[TLS Baseline Requirements Section 1.2](https://cabforum.org/working-groups/server/baseline-requirements/requirements/#section-1.2) if you like.
+[TLS BR section 1.2.3](https://cabforum.org/working-groups/server/baseline-requirements/requirements/#section-1.2.3).
+[Code Signing Baseline Requirements section 2](https://cabforum.org/working-groups/code-signing/requirements/#section-2).
+[Code Signing BR section 3.6](https://cabforum.org/working-groups/code-signing/requirements/#section-3.6)
+TLS EV Guidelines
+[TLS EV Guidelines Section 4.5](https://cabforum.org/working-groups/server/extended-validation/guidelines/#section-4.5)
+"""
+        self.maxDiff = 1000
+        self.assertEqual(output, expected_result)
+
+
+if __name__ == '__main__':
+    unittest.main()