static void test_KeyUsages(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_PL_OID *ekuOid = NULL; PKIX_List *setExtKeyUsage = NULL; PKIX_List *getExtKeyUsage = NULL; PKIX_UInt32 getKeyUsage = 0; PKIX_UInt32 setKeyUsage = 0x1FF; PKIX_Boolean isEqual = PKIX_FALSE; PKIX_TEST_STD_VARS(); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); subTest("PKIX_ComCertSelParams_GetKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); if (setKeyUsage != getKeyUsage) { testError("unexpected KeyUsage mismatch <expect equal>"); } subTest("PKIX_PL_OID List create and append"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); PKIX_TEST_DECREF_BC(ekuOid); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); PKIX_TEST_DECREF_BC(ekuOid); subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, (PKIX_PL_Object *)getExtKeyUsage, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected ExtKeyUsage mismatch <expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(ekuOid); PKIX_TEST_DECREF_AC(setExtKeyUsage); PKIX_TEST_DECREF_AC(getExtKeyUsage); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_EkuChecker_Create * DESCRIPTION: * * Creates a new Extend Key Usage CheckerState using "params" to retrieve * application specified EKU for verification and stores it at "pState". * * PARAMETERS: * "params" * a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of * Extended Key Usage OIDs specified by application can be retrieved for * verification. * "pState" * Address where state pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a UserDefinedModules Error if the function fails in a * non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_EkuChecker_Create( PKIX_ProcessingParams *params, pkix_EkuChecker **pState, void *plContext) { pkix_EkuChecker *state = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_ComCertSelParams *comCertSelParams = NULL; PKIX_List *requiredOids = NULL; PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Create"); PKIX_NULLCHECK_TWO(params, pState); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_EKUCHECKER_TYPE, sizeof (pkix_EkuChecker), (PKIX_PL_Object **)&state, plContext), PKIX_COULDNOTCREATEEKUCHECKERSTATEOBJECT); PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints (params, &certSelector, plContext), PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED); if (certSelector != NULL) { /* Get initial EKU OIDs from ComCertSelParams, if set */ PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams (certSelector, &comCertSelParams, plContext), PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED); if (comCertSelParams != NULL) { PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage (comCertSelParams, &requiredOids, plContext), PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED); } } PKIX_CHECK(PKIX_PL_OID_Create (PKIX_EXTENDEDKEYUSAGE_OID, &state->ekuOID, plContext), PKIX_OIDCREATEFAILED); state->requiredExtKeyUsageOids = requiredOids; requiredOids = NULL; *pState = state; state = NULL; cleanup: PKIX_DECREF(certSelector); PKIX_DECREF(comCertSelParams); PKIX_DECREF(requiredOids); PKIX_DECREF(state); PKIX_RETURN(EKUCHECKER); }
/* * FUNCTION: pkix_TargetCertCheckerState_Create * DESCRIPTION: * * Creates a new TargetCertCheckerState using the CertSelector pointed to * by "certSelector" and the number of certs represented by "certsRemaining" * and stores it at "pState". * * PARAMETERS: * "certSelector" * Address of CertSelector representing the criteria against which the * final certificate in a chain is to be matched. Must be non-NULL. * "certsRemaining" * Number of certificates remaining in the chain. * "pState" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a TargetCertCheckerState Error if the function fails in a * non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_TargetCertCheckerState_Create( PKIX_CertSelector *certSelector, PKIX_UInt32 certsRemaining, pkix_TargetCertCheckerState **pState, void *plContext) { pkix_TargetCertCheckerState *state = NULL; PKIX_ComCertSelParams *certSelectorParams = NULL; PKIX_List *pathToNameList = NULL; PKIX_List *extKeyUsageList = NULL; PKIX_List *subjAltNameList = NULL; PKIX_PL_OID *extKeyUsageOID = NULL; PKIX_PL_OID *subjAltNameOID = NULL; PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE; PKIX_ENTER(TARGETCERTCHECKERSTATE, "pkix_TargetCertCheckerState_Create"); PKIX_NULLCHECK_ONE(pState); PKIX_CHECK(PKIX_PL_OID_Create (PKIX_EXTENDEDKEYUSAGE_OID, &extKeyUsageOID, plContext), PKIX_OIDCREATEFAILED); PKIX_CHECK(PKIX_PL_OID_Create (PKIX_CERTSUBJALTNAME_OID, &subjAltNameOID, plContext), PKIX_OIDCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_TARGETCERTCHECKERSTATE_TYPE, sizeof (pkix_TargetCertCheckerState), (PKIX_PL_Object **)&state, plContext), PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT); /* initialize fields */ if (certSelector != NULL) { PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams (certSelector, &certSelectorParams, plContext), PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED); if (certSelectorParams != NULL) { PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames (certSelectorParams, &pathToNameList, plContext), PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage (certSelectorParams, &extKeyUsageList, plContext), PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames (certSelectorParams, &subjAltNameList, plContext), PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames (certSelectorParams, &subjAltNameMatchAll, plContext), PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED); } } state->certsRemaining = certsRemaining; state->subjAltNameMatchAll = subjAltNameMatchAll; PKIX_INCREF(certSelector); state->certSelector = certSelector; state->pathToNameList = pathToNameList; pathToNameList = NULL; state->extKeyUsageList = extKeyUsageList; extKeyUsageList = NULL; state->subjAltNameList = subjAltNameList; subjAltNameList = NULL; state->extKeyUsageOID = extKeyUsageOID; extKeyUsageOID = NULL; state->subjAltNameOID = subjAltNameOID; subjAltNameOID = NULL; *pState = state; state = NULL; cleanup: PKIX_DECREF(extKeyUsageOID); PKIX_DECREF(subjAltNameOID); PKIX_DECREF(pathToNameList); PKIX_DECREF(extKeyUsageList); PKIX_DECREF(subjAltNameList); PKIX_DECREF(state); PKIX_DECREF(certSelectorParams); PKIX_RETURN(TARGETCERTCHECKERSTATE); }