/*
* FUNCTION: pkix_pl_OcspCertID_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_OcspCertID_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_PL_OcspCertID *certID = NULL;
PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPCERTID_TYPE, plContext),
PKIX_OBJECTNOTOCSPCERTID);
certID = (PKIX_PL_OcspCertID *)object;
if (certID->certID) {
CERT_DestroyOCSPCertID(certID->certID);
}
cleanup:
PKIX_RETURN(OCSPCERTID);
}
int
main(int argc, char **argv)
{
SECStatus rv;
int retval = -1;
CERTCertDBHandle *certHandle = NULL;
CERTCertificate *caCert = NULL, *cert = NULL;
CERTOCSPCertID *cid = NULL;
PLArenaPool *arena = NULL;
PRTime now = PR_Now();
SECItem *encoded = NULL;
CERTOCSPResponse *decoded = NULL;
SECStatus statusDecoded;
SECItem *encodedRev = NULL;
CERTOCSPResponse *decodedRev = NULL;
SECStatus statusDecodedRev;
SECItem *encodedFail = NULL;
CERTOCSPResponse *decodedFail = NULL;
SECStatus statusDecodedFail;
CERTCertificate *obtainedSignerCert = NULL;
if (argc != 4 && argc != 6) {
return Usage();
}
if (argc == 6) {
if (!strcmp(argv[4], "-p")) {
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(argv[5]);
}
else if (!strcmp(argv[4], "-f")) {
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(argv[5]);
}
else
return Usage();
}
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
rv = NSS_Init(argv[1]);
if (rv != SECSuccess) {
SECU_PrintPRandOSError(argv[0]);
goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
certHandle = CERT_GetDefaultCertDB();
if (!certHandle)
goto loser;
if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
goto loser;
cid = CERT_CreateOCSPCertID(cert, now);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
encoded = encode(arena, cid, caCert);
PORT_Assert(encoded);
decoded = CERT_DecodeOCSPResponse(encoded);
statusDecoded = CERT_GetOCSPResponseStatus(decoded);
PORT_Assert(statusDecoded == SECSuccess);
statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
&obtainedSignerCert, caCert);
PORT_Assert(statusDecoded == SECSuccess);
statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
obtainedSignerCert, now);
PORT_Assert(statusDecoded == SECSuccess);
CERT_DestroyCertificate(obtainedSignerCert);
encodedRev = encodeRevoked(arena, cid, caCert);
PORT_Assert(encodedRev);
decodedRev = CERT_DecodeOCSPResponse(encodedRev);
statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
PORT_Assert(statusDecodedRev == SECSuccess);
statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
&obtainedSignerCert, caCert);
PORT_Assert(statusDecodedRev == SECSuccess);
statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
obtainedSignerCert, now);
PORT_Assert(statusDecodedRev == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
CERT_DestroyCertificate(obtainedSignerCert);
encodedFail = CERT_CreateEncodedOCSPErrorResponse(
arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
PORT_Assert(encodedFail);
decodedFail = CERT_DecodeOCSPResponse(encodedFail);
statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
PORT_Assert(statusDecodedFail == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
retval = 0;
loser:
if (retval != 0)
SECU_PrintError(argv[0], "tests failed");
if (cid)
CERT_DestroyOCSPCertID(cid);
if (cert)
CERT_DestroyCertificate(cert);
if (caCert)
CERT_DestroyCertificate(caCert);
if (arena)
PORT_FreeArena(arena, PR_FALSE);
if (decoded)
CERT_DestroyOCSPResponse(decoded);
if (decodedRev)
CERT_DestroyOCSPResponse(decodedRev);
if (decodedFail)
CERT_DestroyOCSPResponse(decodedFail);
if (pwdata.data) {
PORT_Free(pwdata.data);
}
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError(argv[0], "NSS shutdown:");
if (retval == 0)
retval = -2;
}
return retval;
}
