/* * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts (see description in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_AIAMgr_GetAIACerts( PKIX_PL_AIAMgr *aiaMgr, PKIX_PL_Cert *prevCert, void **pNBIOContext, PKIX_List **pCerts, void *plContext) { PKIX_UInt32 numAias = 0; PKIX_UInt32 aiaIndex = 0; PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN; PKIX_List *certs = NULL; PKIX_PL_InfoAccess *ia = NULL; void *nbio = NULL; PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_GetAIACerts"); PKIX_NULLCHECK_FOUR(aiaMgr, prevCert, pNBIOContext, pCerts); nbio = *pNBIOContext; *pCerts = NULL; *pNBIOContext = NULL; if (nbio == NULL) { /* a new request */ /* Does this Cert have an AIA extension? */ PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccess (prevCert, &aiaMgr->aia, plContext), PKIX_CERTGETAUTHORITYINFOACCESSFAILED); if (aiaMgr->aia != NULL) { PKIX_CHECK(PKIX_List_GetLength (aiaMgr->aia, &numAias, plContext), PKIX_LISTGETLENGTHFAILED); } /* And if so, does it have any entries? */ if ((aiaMgr->aia == NULL) || (numAias == 0)) { *pCerts = NULL; goto cleanup; } aiaMgr->aiaIndex = 0; aiaMgr->numAias = numAias; aiaMgr->results = NULL; } for (aiaIndex = aiaMgr->aiaIndex; aiaIndex < aiaMgr->numAias; aiaIndex ++) { PKIX_UInt32 method = 0; PKIX_CHECK(PKIX_List_GetItem (aiaMgr->aia, aiaIndex, (PKIX_PL_Object **)&ia, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(PKIX_PL_InfoAccess_GetMethod (ia, &method, plContext), PKIX_INFOACCESSGETMETHODFAILED); if (method != PKIX_INFOACCESS_CA_ISSUERS && method != PKIX_INFOACCESS_CA_REPOSITORY) { PKIX_DECREF(ia); continue; } PKIX_CHECK(PKIX_PL_InfoAccess_GetLocationType (ia, &iaType, plContext), PKIX_INFOACCESSGETLOCATIONTYPEFAILED); if (iaType == PKIX_INFOACCESS_LOCATION_HTTP) { PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETHTTPCERTSFAILED); } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) { PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETLDAPCERTSFAILED); } else { /* We only support http and ldap requests. */ PKIX_DECREF(ia); continue; } if (nbio != NULL) { /* WOULDBLOCK */ aiaMgr->aiaIndex = aiaIndex; *pNBIOContext = nbio; *pCerts = NULL; goto cleanup; } /* * We can't just use and modify the List we received. * Because it's cached, it's set immutable. */ if (aiaMgr->results == NULL) { PKIX_CHECK(PKIX_List_Create (&(aiaMgr->results), plContext), PKIX_LISTCREATEFAILED); } PKIX_CHECK(pkix_List_AppendList (aiaMgr->results, certs, plContext), PKIX_APPENDLISTFAILED); PKIX_DECREF(certs); PKIX_DECREF(ia); } PKIX_DECREF(aiaMgr->aia); *pNBIOContext = NULL; *pCerts = aiaMgr->results; aiaMgr->results = NULL; cleanup: if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(aiaMgr->aia); PKIX_DECREF(aiaMgr->results); PKIX_DECREF(aiaMgr->client.ldapClient); } PKIX_DECREF(certs); PKIX_DECREF(ia); PKIX_RETURN(AIAMGR); }
int test_subjectinfoaccess(int argc, char *argv[]) { PKIX_PL_Cert *cert = NULL; PKIX_PL_Cert *certDiff = NULL; PKIX_List *aiaList = NULL; PKIX_List *siaList = NULL; PKIX_PL_InfoAccess *sia = NULL; PKIX_PL_InfoAccess *siaDup = NULL; PKIX_PL_InfoAccess *siaDiff = NULL; PKIX_PL_GeneralName *location = NULL; char *certPathName = NULL; char *dirName = NULL; PKIX_UInt32 method = 0; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 size, i; PKIX_UInt32 j = 0; char *expectedAscii = "[method:caRepository, " "location:http://betty.nist.gov/pathdiscoverytestsuite/" "p7cfiles/IssuedByTrustAnchor1.p7c]"; PKIX_TEST_STD_VARS(); startTests("SubjectInfoAccess"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); if (argc < 5+j) { printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); } dirName = argv[2+j]; certPathName = argv[3+j]; subTest("Creating Cert with Subject Info Access"); cert = createCert(dirName, certPathName, plContext); certPathName = argv[4+j]; subTest("Creating Cert with Subject Info Access"); certDiff = createCert(dirName, certPathName, plContext); subTest("Getting Subject Info Access"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess (cert, &siaList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength (siaList, &size, plContext)); if (size != 1) { pkixTestErrorMsg = "unexpected number of AIA"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (siaList, 0, (PKIX_PL_Object **) &sia, plContext)); subTest("PKIX_PL_InfoAccess_GetMethod"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod (sia, &method, plContext)); if (method != PKIX_INFOACCESS_CA_REPOSITORY) { pkixTestErrorMsg = "unexpected method of AIA"; goto cleanup; } subTest("PKIX_PL_InfoAccess_GetLocation"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation (sia, &location, plContext)); if (!location) { pkixTestErrorMsg = "Cannot get AIA location"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (siaList, 0, (PKIX_PL_Object **) &siaDup, plContext)); subTest("Getting Authority Info Access as difference comparison"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess (certDiff, &aiaList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength (aiaList, &size, plContext)); if (size != 1) { pkixTestErrorMsg = "unexpected number of AIA"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (aiaList, 0, (PKIX_PL_Object **) &siaDiff, plContext)); subTest("Checking: Equal, Hash and ToString"); PKIX_TEST_EQ_HASH_TOSTR_DUP (sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE); cleanup: PKIX_TEST_DECREF_AC(location); PKIX_TEST_DECREF_AC(sia); PKIX_TEST_DECREF_AC(siaDup); PKIX_TEST_DECREF_AC(siaDiff); PKIX_TEST_DECREF_AC(aiaList); PKIX_TEST_DECREF_AC(siaList); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certDiff); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("Subjectinfoaccess"); return (0); }