static void
test_SubjAltNames(void)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_List *setGenNames = NULL;
PKIX_List *getGenNames = NULL;
PKIX_PL_GeneralName *rfc822GenName = NULL;
PKIX_PL_GeneralName *dnsGenName = NULL;
PKIX_PL_GeneralName *dirGenName = NULL;
PKIX_PL_GeneralName *uriGenName = NULL;
PKIX_PL_GeneralName *oidGenName = NULL;
PKIX_Boolean matchAll = PKIX_TRUE;
char *rfc822Name = "*****@*****.**";
char *dnsName = "comcast.net";
char *dirName = "cn=john, ou=labs, o=sun, c=us";
char *uriName = "http://comcast.net";
char *oidName = "1.2.840.11";
char *expectedAscii =
"([email protected], "
"comcast.net, "
"CN=john,OU=labs,O=sun,C=us, "
"http://comcast.net)";
char *expectedAsciiAll =
"([email protected], "
"comcast.net, "
"CN=john,OU=labs,O=sun,C=us, "
"http://comcast.net, "
"1.2.840.11)";
PKIX_TEST_STD_VARS();
subTest("PKIX_PL_GeneralName_Create");
dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
rfc822Name,
plContext);
subTest("PKIX_PL_GeneralName List create and append");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
subTest("PKIX_ComCertSelParams_SetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext));
subTest("PKIX_ComCertSelParams_GetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
subTest("Compare GeneralName List");
testEqualsHelper((PKIX_PL_Object *)setGenNames,
(PKIX_PL_Object *)getGenNames,
PKIX_TRUE,
plContext);
subTest("Compare GeneralName List with canned string");
testToStringHelper((PKIX_PL_Object *)getGenNames,
expectedAscii,
plContext);
subTest("PKIX_ComCertSelParams_AddSubjAltName");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext));
PKIX_TEST_DECREF_BC(getGenNames);
subTest("PKIX_ComCertSelParams_GetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
subTest("Compare GeneralName List with canned string");
testToStringHelper((PKIX_PL_Object *)getGenNames,
expectedAsciiAll,
plContext);
subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
if (matchAll != PKIX_TRUE) {
testError("unexpected mismatch <expect TRUE>");
}
subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
if (matchAll != PKIX_FALSE) {
testError("unexpected mismatch <expect FALSE>");
}
cleanup:
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_DECREF_AC(setGenNames);
PKIX_TEST_DECREF_AC(getGenNames);
PKIX_TEST_DECREF_AC(rfc822GenName);
PKIX_TEST_DECREF_AC(dnsGenName);
PKIX_TEST_DECREF_AC(dirGenName);
PKIX_TEST_DECREF_AC(uriGenName);
PKIX_TEST_DECREF_AC(oidGenName);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_TargetCertCheckerState_Create
* DESCRIPTION:
*
* Creates a new TargetCertCheckerState using the CertSelector pointed to
* by "certSelector" and the number of certs represented by "certsRemaining"
* and stores it at "pState".
*
* PARAMETERS:
* "certSelector"
* Address of CertSelector representing the criteria against which the
* final certificate in a chain is to be matched. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pState"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a TargetCertCheckerState Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_TargetCertCheckerState_Create(
PKIX_CertSelector *certSelector,
PKIX_UInt32 certsRemaining,
pkix_TargetCertCheckerState **pState,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_ComCertSelParams *certSelectorParams = NULL;
PKIX_List *pathToNameList = NULL;
PKIX_List *extKeyUsageList = NULL;
PKIX_List *subjAltNameList = NULL;
PKIX_PL_OID *extKeyUsageOID = NULL;
PKIX_PL_OID *subjAltNameOID = NULL;
PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE;
PKIX_ENTER(TARGETCERTCHECKERSTATE,
"pkix_TargetCertCheckerState_Create");
PKIX_NULLCHECK_ONE(pState);
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_EXTENDEDKEYUSAGE_OID,
&extKeyUsageOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_CERTSUBJALTNAME_OID,
&subjAltNameOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TARGETCERTCHECKERSTATE_TYPE,
sizeof (pkix_TargetCertCheckerState),
(PKIX_PL_Object **)&state,
plContext),
PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT);
/* initialize fields */
if (certSelector != NULL) {
PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
(certSelector, &certSelectorParams, plContext),
PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED);
if (certSelectorParams != NULL) {
PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
(certSelectorParams,
&pathToNameList,
plContext),
PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
(certSelectorParams,
&extKeyUsageList,
plContext),
PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
(certSelectorParams,
&subjAltNameList,
plContext),
PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
(certSelectorParams,
&subjAltNameMatchAll,
plContext),
PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
}
}
state->certsRemaining = certsRemaining;
state->subjAltNameMatchAll = subjAltNameMatchAll;
PKIX_INCREF(certSelector);
state->certSelector = certSelector;
state->pathToNameList = pathToNameList;
pathToNameList = NULL;
state->extKeyUsageList = extKeyUsageList;
extKeyUsageList = NULL;
state->subjAltNameList = subjAltNameList;
subjAltNameList = NULL;
state->extKeyUsageOID = extKeyUsageOID;
extKeyUsageOID = NULL;
state->subjAltNameOID = subjAltNameOID;
subjAltNameOID = NULL;
*pState = state;
state = NULL;
cleanup:
PKIX_DECREF(extKeyUsageOID);
PKIX_DECREF(subjAltNameOID);
PKIX_DECREF(pathToNameList);
PKIX_DECREF(extKeyUsageList);
PKIX_DECREF(subjAltNameList);
PKIX_DECREF(state);
PKIX_DECREF(certSelectorParams);
PKIX_RETURN(TARGETCERTCHECKERSTATE);
}
