void testCheckPolicy(void) { unsigned long flags = 0; /* Test non-existent policy */ PEGASUS_TEST_ASSERT(CheckPolicy( _testPolicyTable, _testPolicyTableSize, EXECUTOR_UPDATE_LOG_LEVEL_MESSAGE, NULL, NULL, &flags) != 0); PEGASUS_TEST_ASSERT(flags == 0); /* Test policy with no arguments, but with 'flags' attribute */ flags = 0; PEGASUS_TEST_ASSERT(CheckPolicy( _testPolicyTable, _testPolicyTableSize, EXECUTOR_PING_MESSAGE, NULL, NULL, &flags) == 0); PEGASUS_TEST_ASSERT(flags == 100); /* Test policies with invalid macro expansion in first argument and * non-match in first argument */ PEGASUS_TEST_ASSERT(CheckPolicy( _testPolicyTable, _testPolicyTableSize, EXECUTOR_RENAME_FILE_MESSAGE, "MyFile", "file2", NULL) != 0); /* Test policies with invalid macro expansion in second argument and * non-match in second argument */ PEGASUS_TEST_ASSERT(CheckPolicy( _testPolicyTable, _testPolicyTableSize, EXECUTOR_RENAME_FILE_MESSAGE, "file1", "MyFile", NULL) != 0); /* Test policy with successful match in both arguments */ PEGASUS_TEST_ASSERT(CheckPolicy( _testPolicyTable, _testPolicyTableSize, EXECUTOR_RENAME_FILE_MESSAGE, "file1", "file2", NULL) == 0); }
NS_IMETHODIMP nsContentPolicy::ShouldProcess(PRUint32 contentType, nsIURI *contentLocation, nsIURI *requestingLocation, nsISupports *requestingContext, const nsACString &mimeType, nsISupports *extra, PRInt16 *decision) { nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldProcess, contentType, contentLocation, requestingLocation, requestingContext, mimeType, extra, decision); LOG_CHECK("ShouldProcess"); return rv; }
NS_IMETHODIMP nsContentPolicy::ShouldLoad(PRUint32 contentType, nsIURI *contentLocation, nsIURI *requestingLocation, nsISupports *requestingContext, const nsACString &mimeType, nsISupports *extra, PRInt16 *decision) { // ShouldProcess does not need a content location, but we do NS_PRECONDITION(contentLocation, "Must provide request location"); nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldLoad, contentType, contentLocation, requestingLocation, requestingContext, mimeType, extra, decision); LOG_CHECK("ShouldLoad"); return rv; }
void check(unsigned char *cert_buffer, size_t cert_len, CertFormat format, CertType type) { X509_NAME *issuer; X509_NAME *subject; int ret; X509 *x509; int ca; struct tm tm_before; struct tm tm_after; Clear(); x509 = LoadCert(cert_buffer, cert_len, format); if (x509 == NULL) { SetError(ERR_INVALID); return; } ca = X509_check_ca(x509); if (ca > 0 && type == SubscriberCertificate) { SetWarning(WARN_CHECKED_AS_SUBSCRIBER); } else if (ca == 0 && type != SubscriberCertificate) { SetWarning(WARN_CHECKED_AS_CA); } ret = X509_get_version(x509); if (ret != 2) { SetError(ERR_NOT_VERSION3); } //CheckASN1_integer(x509->cert_info->version); issuer = X509_get_issuer_name(x509); if (issuer == NULL) { SetError(ERR_INVALID); return; } CheckDN(issuer); CheckSerial(x509); CheckTime(x509, &tm_before, &tm_after, type); /* Required by CAB base 9.1.3 */ if (!IsNameObjPresent(issuer, obj_organizationName)) { SetError(ERR_ISSUER_ORG_NAME); } /* Required by CAB base 9.1.4 */ if (!IsNameObjPresent(issuer, obj_countryName)) { SetError(ERR_ISSUER_COUNTRY); } subject = X509_get_subject_name(x509); if (subject == NULL) { SetError(ERR_INVALID); return; } CheckDN(subject); CheckDuplicateExtensions(x509); /* Prohibited in CAB base 7.1.4.2.2d */ if (!IsNameObjPresent(subject, obj_organizationName) && !IsNameObjPresent(subject, obj_givenName) && !IsNameObjPresent(subject, obj_surname) && IsNameObjPresent(subject, obj_StreetAddress)) { SetError(ERR_SUBJECT_ADDR); } /* Required in CAB base 7.1.4.2.2e and 7.1.4.2.2f */ if (((IsNameObjPresent(subject, obj_organizationName) && type == SubscriberCertificate) || IsNameObjPresent(subject, obj_givenName) || IsNameObjPresent(subject, obj_surname)) && !IsNameObjPresent(subject, obj_stateOrProvinceName) && !IsNameObjPresent(subject, obj_localityName)) { SetError(ERR_SUBJECT_ORG_NO_PLACE); } /* Prohibited in CAB base 7.1.4.2.2e or 7.1.4.2.2f */ if (!IsNameObjPresent(subject, obj_organizationName) && !IsNameObjPresent(subject, obj_givenName) && !IsNameObjPresent(subject, obj_surname) && (IsNameObjPresent(subject, obj_localityName) || IsNameObjPresent(subject, obj_stateOrProvinceName))) { SetError(ERR_SUBJECT_NO_ORG_PLACE); } /* Required by CAB base 7.1.4.2.2g */ if (!IsNameObjPresent(subject, obj_organizationName) && !IsNameObjPresent(subject, obj_givenName) && !IsNameObjPresent(subject, obj_surname) && IsNameObjPresent(subject, obj_postalCode)) { SetError(ERR_SUBJECT_POSTAL); } /* Required by CAB base 7.1.4.2.2h */ if ((IsNameObjPresent(subject, obj_organizationName) || IsNameObjPresent(subject, obj_givenName) || IsNameObjPresent(subject, obj_surname)) && !IsNameObjPresent(subject, obj_countryName)) { SetError(ERR_SUBJECT_COUNTRY); } CheckPolicy(x509, type, subject); CheckEKU(x509, type); CheckSAN(x509, type); /* Deprecated in CAB base 7.1.4.2.2a */ if (IsNameObjPresent(subject, obj_commonName)) { if (type == SubscriberCertificate) { SetInfo(INF_SUBJECT_CN); } } else if (type != SubscriberCertificate) { SetWarning(WARN_NO_CN); } CheckCRL(x509); CheckAIA(x509, type); CheckPublicKey(x509, tm_after); X509_free(x509); }