static
void testGetSetCertChainCheckers(
PKIX_ProcessingParams *goodObject,
PKIX_ProcessingParams *equalObject){
PKIX_CertChainChecker *checker = NULL;
PKIX_List *setCheckersList = NULL;
PKIX_List *getCheckersList = NULL;
PKIX_PL_Date *date = NULL;
char *asciiDate = "040329134847Z";
PKIX_TEST_STD_VARS();
subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers");
date = createDate(asciiDate, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(userChecker1cb,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) date,
&checker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
(&setCheckersList, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(setCheckersList, (PKIX_PL_Object *) checker, plContext));
PKIX_TEST_DECREF_BC(checker);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers
(goodObject, setCheckersList, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(userChecker1cb,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) date,
&checker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
(goodObject, checker, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers
(goodObject, &getCheckersList, plContext));
cleanup:
PKIX_TEST_DECREF_AC(setCheckersList);
PKIX_TEST_DECREF_AC(getCheckersList);
PKIX_TEST_DECREF_AC(date);
PKIX_TEST_DECREF_BC(checker);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_NameConstraintsChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with a NameConstraintsCheckerState. The
* NameConstraintsCheckerState is created with "trustedNC" and "numCerts"
* as its initial state. The CertChainChecker for the NameConstraints is
* returned at address of "pChecker".
*
* PARAMETERS
* "trustedNC"
* The NameConstraints from trusted anchor Cert is stored at "trustedNC"
* for initialization. May be NULL.
* "numCerts"
* Number of certificates in the validation chain. This data is used
* to identify end-entity.
* "pChecker"
* Address of CertChainChecker to bo created and returned.
* Must be non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CERTCHAINCHECKER Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_NameConstraintsChecker_Initialize(
PKIX_PL_CertNameConstraints *trustedNC,
PKIX_UInt32 numCerts,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_NameConstraintsCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_NameConstraintsCheckerState_Create
(trustedNC, numCerts, &state, plContext),
PKIX_NAMECONSTRAINTSCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_NameConstraintsChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_TargetCertChecker_Initialize
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker", where it will
* used by pkix_TargetCertChecker_Check to check that the final certificate
* of a chain meets the criteria of the CertSelector pointed to by
* "certSelector". The number of certs remaining in the chain, represented by
* "certsRemaining" is used to initialize the checker's state.
*
* PARAMETERS:
* "certSelector"
* Address of CertSelector representing the criteria against which the
* final certificate in a chain is to be matched. May be NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_TargetCertChecker_Initialize(
PKIX_CertSelector *certSelector,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_TargetCertCheckerState_Create
(certSelector, certsRemaining, &state, plContext),
PKIX_TARGETCERTCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_TargetCertChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *)state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_EkuChecker_Initialize
* (see comments in pkix_sample_modules.h)
*/
PKIX_Error *
PKIX_EkuChecker_Create(
PKIX_ProcessingParams *params,
PKIX_CertChainChecker **pEkuChecker,
void *plContext)
{
pkix_EkuChecker *state = NULL;
PKIX_List *critExtOIDsList = NULL;
PKIX_ENTER(EKUCHECKER, "PKIX_EkuChecker_Initialize");
PKIX_NULLCHECK_ONE(params);
/*
* This function and functions in this file provide an example of how
* an application defined checker can be hooked into libpkix.
*/
PKIX_CHECK(pkix_EkuChecker_Create
(params, &state, plContext),
PKIX_EKUCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_List_Create(&critExtOIDsList, plContext),
PKIX_LISTCREATEFAILED);
PKIX_CHECK(PKIX_List_AppendItem
(critExtOIDsList,
(PKIX_PL_Object *)state->ekuOID,
plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_EkuChecker_Check,
PKIX_TRUE, /* forwardCheckingSupported */
PKIX_FALSE, /* forwardDirectionExpected */
critExtOIDsList,
(PKIX_PL_Object *) state,
pEkuChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(critExtOIDsList);
PKIX_DECREF(state);
PKIX_RETURN(EKUCHECKER);
}
/*
* FUNCTION: pkix_DefaultCRLChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with DefaultCRLCheckerState.
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Address of Public Key of Trust Anchor. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "nistPolicyEnabled"
* Enable NIST crl policy.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_DefaultCRLChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_Boolean nistPolicyEnabled,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_DefaultCRLCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_DefaultCRLChecker_Initialize");
PKIX_NULLCHECK_TWO(certStores, pChecker);
PKIX_CHECK(pkix_DefaultCRLCheckerState_Create
(certStores,
testDate,
trustedPubKey,
certsRemaining,
nistPolicyEnabled,
&state,
plContext),
PKIX_DEFAULTCRLCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_DefaultCRLChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}
int test_buildchain_uchecker(int argc, char *argv[])
{
PKIX_BuildResult *buildResult = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_CertChainChecker *checker = NULL;
char *dirName = NULL;
PKIX_PL_String *dirNameString = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *targetCert = NULL;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_UInt32 chainLength = 0;
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
char * asciiResult = NULL;
PKIX_Boolean result;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_Boolean supportForward = PKIX_FALSE;
PKIX_List *expectedCerts = NULL;
PKIX_List *userOIDs = NULL;
PKIX_PL_OID *oid = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
char *oidString = NULL;
void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
PKIX_TEST_STD_VARS();
if (argc < 5){
printUsage();
return (0);
}
startTests("BuildChain_UserChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
/* OID specified at argv[3+j] */
if (*argv[3+j] != '-') {
if (*argv[3+j] == 'F') {
supportForward = PKIX_TRUE;
oidString = argv[3+j]+1;
} else {
oidString = argv[3+j];
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
(&userOIDs, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(oidString, &oid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(userOIDs, (PKIX_PL_Object *)oid, plContext));
PKIX_TEST_DECREF_BC(oid);
}
subTest(argv[1+j]);
dirName = argv[4+j];
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
chainLength = argc - j - 5;
for (k = 0; k < chainLength; k++){
dirCert = createCert(dirName, argv[5+k+j], plContext);
if (k == (chainLength - 1)){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert, plContext));
trustedCert = dirCert;
} else {
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(expectedCerts,
(PKIX_PL_Object *)dirCert,
plContext));
if (k == 0){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert,
plContext));
targetCert = dirCert;
}
}
PKIX_TEST_DECREF_BC(dirCert);
}
/* create processing params with list of trust anchors */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
(anchors, &procParams, plContext));
/* create CertSelector with target certificate in params */
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_SetCertificate
(certSelParams, targetCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(testUserChecker,
supportForward,
PKIX_FALSE,
userOIDs,
NULL,
&checker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
(procParams, checker, plContext));
/* create CertStores */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
(PKIX_ESCASCII,
dirName,
0,
&dirNameString,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
(dirNameString, &certStore, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
(&certStore, plContext));
#endif
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(certStores, (PKIX_PL_Object *)certStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext));
/* build cert chain using processing params and return buildResult */
pkixTestErrorResult = PKIX_BuildChain
(procParams,
&nbioContext,
&buildState,
&buildResult,
NULL,
plContext);
if (testValid == PKIX_TRUE) { /* ENE */
if (pkixTestErrorResult){
(void) printf("UNEXPECTED RESULT RECEIVED!\n");
} else {
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
}
} else { /* EE */
if (pkixTestErrorResult){
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
} else {
testError("UNEXPECTED RESULT RECEIVED");
}
}
if (buildResult){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_BuildResult_GetCertChain
(buildResult, &certs, NULL));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetItem
(certs,
i,
(PKIX_PL_Object**)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Free(asciiResult, plContext));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_Equals
((PKIX_PL_Object*)certs,
(PKIX_PL_Object*)expectedCerts,
&result,
plContext));
if (!result){
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII
(actualCertsString, plContext);
if (actualCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII
(expectedCertsString, plContext);
if (expectedCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void) printf("Actual value:\t%s\n", actualCertsAscii);
(void) printf("Expected value:\t%s\n",
expectedCertsAscii);
if (chainLength - 1 != numUserCheckerCalled) {
pkixTestErrorMsg =
"PKIX user defined checker not called";
}
goto cleanup;
}
}
cleanup:
PKIX_PL_Free(asciiResult, plContext);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_DECREF_AC(expectedCerts);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(certStores);
PKIX_TEST_DECREF_AC(dirNameString);
PKIX_TEST_DECREF_AC(trustedCert);
PKIX_TEST_DECREF_AC(targetCert);
PKIX_TEST_DECREF_AC(anchor);
PKIX_TEST_DECREF_AC(anchors);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(userOIDs);
PKIX_TEST_DECREF_AC(checker);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("BuildChain_UserChecker");
return (0);
}
int test_certchainchecker(int argc, char *argv[]) {
PKIX_UInt32 actualMinorVersion;
PKIX_PL_OID *bcOID = NULL;
PKIX_PL_OID *ncOID = NULL;
PKIX_PL_OID *cpOID = NULL;
PKIX_PL_OID *pmOID = NULL;
PKIX_PL_OID *pcOID = NULL;
PKIX_PL_OID *iaOID = NULL;
PKIX_CertChainChecker *dummyChecker = NULL;
PKIX_List *supportedExtensions = NULL;
PKIX_PL_Object *initialState = NULL;
PKIX_UInt32 j = 0;
PKIX_TEST_STD_VARS();
startTests("CertChainChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
(&supportedExtensions, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext));
PKIX_TEST_DECREF_BC(bcOID);
PKIX_TEST_DECREF_BC(ncOID);
PKIX_TEST_DECREF_BC(cpOID);
PKIX_TEST_DECREF_BC(pmOID);
PKIX_TEST_DECREF_BC(pcOID);
PKIX_TEST_DECREF_BC(iaOID);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)supportedExtensions, plContext));
initialState = (PKIX_PL_Object *)supportedExtensions;
subTest("CertChainChecker_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */
PKIX_FALSE, /* forwardCheckingSupported */
PKIX_FALSE, /* forwardDirectionExpected */
supportedExtensions,
NULL, /* PKIX_PL_Object *initialState */
&dummyChecker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_SetCertChainCheckerState
(dummyChecker, initialState, plContext));
test_CertChainChecker_Duplicate(dummyChecker);
subTest("CertChainChecker_Destroy");
PKIX_TEST_DECREF_BC(dummyChecker);
cleanup:
PKIX_TEST_DECREF_AC(dummyChecker);
PKIX_TEST_DECREF_AC(initialState);
PKIX_TEST_DECREF_AC(supportedExtensions);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("CertChainChecker");
return (0);
}