/* * FUNCTION: pkix_ValidateParams_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ValidateParams_Equals( PKIX_PL_Object *first, PKIX_PL_Object *second, PKIX_Boolean *pResult, void *plContext) { PKIX_UInt32 secondType; PKIX_Boolean cmpResult; PKIX_ValidateParams *firstValParams = NULL; PKIX_ValidateParams *secondValParams = NULL; PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals"); PKIX_NULLCHECK_THREE(first, second, pResult); PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext), PKIX_FIRSTOBJECTNOTVALIDATEPARAMS); PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); *pResult = PKIX_FALSE; if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup; firstValParams = (PKIX_ValidateParams *)first; secondValParams = (PKIX_ValidateParams *)second; PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstValParams->procParams, (PKIX_PL_Object *)secondValParams->procParams, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstValParams->chain, (PKIX_PL_Object *)secondValParams->chain, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; *pResult = cmpResult; cleanup: PKIX_RETURN(VALIDATEPARAMS); }
static void test_KeyUsages(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_PL_OID *ekuOid = NULL; PKIX_List *setExtKeyUsage = NULL; PKIX_List *getExtKeyUsage = NULL; PKIX_UInt32 getKeyUsage = 0; PKIX_UInt32 setKeyUsage = 0x1FF; PKIX_Boolean isEqual = PKIX_FALSE; PKIX_TEST_STD_VARS(); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); subTest("PKIX_ComCertSelParams_GetKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); if (setKeyUsage != getKeyUsage) { testError("unexpected KeyUsage mismatch <expect equal>"); } subTest("PKIX_PL_OID List create and append"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); PKIX_TEST_DECREF_BC(ekuOid); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); PKIX_TEST_DECREF_BC(ekuOid); subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, (PKIX_PL_Object *)getExtKeyUsage, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected ExtKeyUsage mismatch <expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(ekuOid); PKIX_TEST_DECREF_AC(setExtKeyUsage); PKIX_TEST_DECREF_AC(getExtKeyUsage); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
/* * This test is the same as testDuplicateHelper, except that it * produces a more useful "Actual value" and "Expected value" * in the case of an unexpected mismatch. */ static void test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext) { PKIX_PolicyNode *newObject = NULL; PKIX_Boolean cmpResult; PKIX_PL_String *original = NULL; PKIX_PL_String *copy = NULL; PKIX_TEST_STD_VARS(); subTest("testing pkix_PolicyNode_Duplicate"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)object, (PKIX_PL_Object **)&newObject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals ((PKIX_PL_Object *)object, (PKIX_PL_Object *)newObject, &cmpResult, plContext)); if (!cmpResult){ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)object, &original, plContext)); testError("unexpected mismatch"); (void) printf ("original value:\t%s\n", original->escAsciiString); if (newObject) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)newObject, ©, plContext)); (void) printf ("copy value:\t%s\n", copy->escAsciiString); } else { (void) printf("copy value:\t(NULL)\n"); } } cleanup: PKIX_TEST_DECREF_AC(newObject); PKIX_TEST_DECREF_AC(original); PKIX_TEST_DECREF_AC(copy); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_pl_CollectionCertStoreContext_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_CollectionCertStoreContext_Equals( PKIX_PL_Object *firstObject, PKIX_PL_Object *secondObject, PKIX_Int32 *pResult, void *plContext) { PKIX_PL_CollectionCertStoreContext *firstCCSContext = NULL; PKIX_PL_CollectionCertStoreContext *secondCCSContext = NULL; PKIX_Boolean cmpResult = 0; PKIX_ENTER(COLLECTIONCERTSTORECONTEXT, "pkix_pl_CollectionCertStoreContext_Equals"); PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); PKIX_CHECK(pkix_CheckTypes (firstObject, secondObject, PKIX_COLLECTIONCERTSTORECONTEXT_TYPE, plContext), PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT); firstCCSContext = (PKIX_PL_CollectionCertStoreContext *)firstObject; secondCCSContext = (PKIX_PL_CollectionCertStoreContext *)secondObject; if (firstCCSContext->storeDir == secondCCSContext->storeDir) { cmpResult = PKIX_TRUE; } else { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *) firstCCSContext->storeDir, (PKIX_PL_Object *) secondCCSContext->storeDir, &cmpResult, plContext), PKIX_STRINGEQUALSFAILED); } *pResult = cmpResult; /* should not check equal on crlList and certList, data are dynamic */ cleanup: PKIX_RETURN(COLLECTIONCERTSTORECONTEXT); }
/* * FUNCTION: pkix_CertStore_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_CertStore_Equals( PKIX_PL_Object *firstObject, PKIX_PL_Object *secondObject, PKIX_Int32 *pResult, void *plContext) { PKIX_CertStore *firstCS = NULL; PKIX_CertStore *secondCS = NULL; PKIX_Boolean cmpResult = PKIX_FALSE; PKIX_ENTER(CERTSTORE, "pkix_CertStore_Equals"); PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); PKIX_CHECK(pkix_CheckTypes (firstObject, secondObject, PKIX_CERTSTORE_TYPE, plContext), PKIX_ARGUMENTSNOTDATES); firstCS = (PKIX_CertStore *)firstObject; secondCS = (PKIX_CertStore *)secondObject; cmpResult = (firstCS->certCallback == secondCS->certCallback) && (firstCS->crlCallback == secondCS->crlCallback) && (firstCS->certContinue == secondCS->certContinue) && (firstCS->crlContinue == secondCS->crlContinue) && (firstCS->trustCallback == secondCS->trustCallback); if (cmpResult && (firstCS->certStoreContext != secondCS->certStoreContext)) { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *) firstCS->certStoreContext, (PKIX_PL_Object *) secondCS->certStoreContext, &cmpResult, plContext), PKIX_CERTSTOREEQUALSFAILED); } *pResult = cmpResult; cleanup: PKIX_RETURN(CERTSTORE); }
/* * FUNCTION: pkix_List_Remove * DESCRIPTION: * * Traverses the List pointed to by "list", to find and delete an entry * that is equal to the Object pointed to by "object". If no such entry * is found the function does not return an error. * * PARAMETERS: * "list" * List to be searched; may be empty; must be non-NULL * "object" * Object to be checked for and deleted, if found; must be non-NULL * "plContext" * platform-specific context pointer * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds * Returns a Validate Error if the functions fails in a non-fatal way * Returns a Fatal Error if the function fails in an unrecoverable way */ PKIX_Error * pkix_List_Remove( PKIX_List *list, PKIX_PL_Object *object, void *plContext) { PKIX_PL_Object *current = NULL; PKIX_UInt32 numEntries = 0; PKIX_UInt32 index = 0; PKIX_Boolean match = PKIX_FALSE; PKIX_ENTER(LIST, "pkix_List_Remove"); PKIX_NULLCHECK_TWO(list, object); PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext), PKIX_LISTGETLENGTHFAILED); for (index = 0; index < numEntries; index++) { PKIX_CHECK(PKIX_List_GetItem (list, index, ¤t, plContext), PKIX_LISTGETITEMFAILED); if (current) { PKIX_CHECK(PKIX_PL_Object_Equals (object, current, &match, plContext), PKIX_OBJECTEQUALSFAILED); PKIX_DECREF(current); } if (match) { PKIX_CHECK(PKIX_List_DeleteItem (list, index, plContext), PKIX_LISTDELETEITEMFAILED); break; } } cleanup: PKIX_DECREF(current); PKIX_RETURN(LIST); }
int test_buildchain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *trustedPubKey = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *revCheckers = NULL; char *asciiResult = NULL; PKIX_Boolean result = PKIX_FALSE; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *expectedCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; void *state = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; useLDAP = PKIX_TRUE; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < (PKIX_UInt32)argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (PKIX_UInt32)(argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, NULL, /* testDate, may be NULL */ trustedPubKey, numCerts, &revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); #ifdef debuggingWithoutRevocation PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); #endif /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } } else { if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } subTest("Displaying VerifyNode objects"); if (verifyTree == NULL) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); } (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); if (pkixTestErrorResult) { PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(revCheckers); PKIX_TEST_DECREF_AC(revChecker); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(trustedPubKey); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain"); return (0); }
int test_buildchain_uchecker(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char * asciiResult = NULL; PKIX_Boolean result; PKIX_Boolean testValid = PKIX_TRUE; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_List *expectedCerts = NULL; PKIX_List *userOIDs = NULL; PKIX_PL_OID *oid = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; char *oidString = NULL; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ PKIX_TEST_STD_VARS(); if (argc < 5){ printUsage(); return (0); } startTests("BuildChain_UserChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } /* OID specified at argv[3+j] */ if (*argv[3+j] != '-') { if (*argv[3+j] == 'F') { supportForward = PKIX_TRUE; oidString = argv[3+j]+1; } else { oidString = argv[3+j]; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create (&userOIDs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (oidString, &oid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (userOIDs, (PKIX_PL_Object *)oid, plContext)); PKIX_TEST_DECREF_BC(oid); } subTest(argv[1+j]); dirName = argv[4+j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); chainLength = argc - j - 5; for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); if (k == (chainLength - 1)){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == 0){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_SetCertificate (certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create (testUserChecker, supportForward, PKIX_FALSE, userOIDs, NULL, &checker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker (procParams, checker, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain (procParams, &nbioContext, &buildState, &buildResult, NULL, plContext); if (testValid == PKIX_TRUE) { /* ENE */ if (pkixTestErrorResult){ (void) printf("UNEXPECTED RESULT RECEIVED!\n"); } else { (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } } else { /* EE */ if (pkixTestErrorResult){ (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { testError("UNEXPECTED RESULT RECEIVED"); } } if (buildResult){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_BuildResult_GetCertChain (buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetItem (certs, i, (PKIX_PL_Object**)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_Equals ((PKIX_PL_Object*)certs, (PKIX_PL_Object*)expectedCerts, &result, plContext)); if (!result){ testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII (actualCertsString, plContext); if (actualCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII (expectedCertsString, plContext); if (expectedCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void) printf("Actual value:\t%s\n", actualCertsAscii); (void) printf("Expected value:\t%s\n", expectedCertsAscii); if (chainLength - 1 != numUserCheckerCalled) { pkixTestErrorMsg = "PKIX user defined checker not called"; } goto cleanup; } } cleanup: PKIX_PL_Free(asciiResult, plContext); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(userOIDs); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
static void test_SubjAlgId_SubjPublicKey(char *dirName) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_PL_OID *setAlgId = NULL; PKIX_PL_OID *getAlgId = NULL; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_PublicKey *setPublicKey = NULL; PKIX_PL_PublicKey *getPublicKey = NULL; PKIX_Boolean isEqual = PKIX_FALSE; PKIX_TEST_STD_VARS(); /* Subject Algorithm Identifier */ subTest("PKIX_PL_OID_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, (PKIX_PL_Object *)getAlgId, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Subject Public Key Alg mismatch " "<expect equal>"); } /* Subject Public Key */ subTest("Getting Cert for Subject Public Key"); goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); subTest("PKIX_PL_Cert_GetSubjectPublicKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); subTest("PKIX_ComCertSelParams_SetSubjPubKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); subTest("PKIX_ComCertSelParams_GetSubjPubKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, (PKIX_PL_Object *)getPublicKey, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Subject Public Key mismatch " "<expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(setAlgId); PKIX_TEST_DECREF_AC(getAlgId); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(setPublicKey); PKIX_TEST_DECREF_AC(getPublicKey); PKIX_TEST_RETURN(); }
static void test_SubjKeyId_AuthKeyId(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_PL_ByteArray *setKeyId = NULL; PKIX_PL_ByteArray *getKeyId = NULL; PKIX_Boolean isEqual = PKIX_FALSE; PKIX_TEST_STD_VARS(); /* Subject Key Identifier */ subTest("PKIX_PL_ByteArray_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext)); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext)); subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, (PKIX_PL_Object *)getKeyId, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Subject Key Id mismatch <expect equal>"); } PKIX_TEST_DECREF_BC(setKeyId); PKIX_TEST_DECREF_BC(getKeyId); /* Authority Key Identifier */ subTest("PKIX_PL_ByteArray_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext)); subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext)); subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, (PKIX_PL_Object *)getKeyId, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Auth Key Id mismatch <expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(setKeyId); PKIX_TEST_DECREF_AC(getKeyId); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
static void test_Version_Issuer_SerialNumber(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_UInt32 version = 0; PKIX_PL_X500Name *setIssuer = NULL; PKIX_PL_X500Name *getIssuer = NULL; PKIX_PL_String *str = NULL; PKIX_PL_BigInt *setSerialNumber = NULL; PKIX_PL_BigInt *getSerialNumber = NULL; PKIX_Boolean isEqual = PKIX_FALSE; char *bigInt = "999999999999999999"; PKIX_TEST_STD_VARS(); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); /* Version */ subTest("PKIX_ComCertSelParams_SetVersion"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); subTest("PKIX_ComCertSelParams_GetVersion"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); if (version != 2) { testError("unexpected Version mismatch <expect 2>"); } /* Issuer */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); PKIX_TEST_DECREF_BC(str); subTest("PKIX_ComCertSelParams_SetIssuer"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); subTest("PKIX_ComCertSelParams_GetIssuer"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, (PKIX_PL_Object *)getIssuer, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Issuer mismatch <expect equal>"); } /* Serial Number */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); subTest("PKIX_ComCertSelParams_SetSerialNumber"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); subTest("PKIX_ComCertSelParams_GetSerialNumber"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, (PKIX_PL_Object *)getSerialNumber, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Serial Number mismatch <expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(str); PKIX_TEST_DECREF_AC(setIssuer); PKIX_TEST_DECREF_AC(getIssuer); PKIX_TEST_DECREF_AC(setSerialNumber); PKIX_TEST_DECREF_AC(getSerialNumber); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_pl_GeneralName_Equals * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_GeneralName_Equals( PKIX_PL_Object *firstObject, PKIX_PL_Object *secondObject, PKIX_Boolean *pResult, void *plContext) { PKIX_PL_GeneralName *firstName = NULL; PKIX_PL_GeneralName *secondName = NULL; PKIX_UInt32 secondType; PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Equals"); PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); /* test that firstObject is a GeneralName */ PKIX_CHECK(pkix_CheckType (firstObject, PKIX_GENERALNAME_TYPE, plContext), PKIX_FIRSTOBJECTNOTGENERALNAME); /* * Since we know firstObject is a GeneralName, if both references are * identical, they must be equal */ if (firstObject == secondObject){ *pResult = PKIX_TRUE; goto cleanup; } /* * If secondObject isn't a GeneralName, we don't throw an error. * We simply return a Boolean result of FALSE */ *pResult = PKIX_FALSE; PKIX_CHECK(PKIX_PL_Object_GetType (secondObject, &secondType, plContext), PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); if (secondType != PKIX_GENERALNAME_TYPE){ goto cleanup; } firstName = (PKIX_PL_GeneralName *)firstObject; secondName = (PKIX_PL_GeneralName *)secondObject; if (firstName->type != secondName->type){ goto cleanup; } switch (firstName->type) { case certRFC822Name: case certDNSName: case certX400Address: case certEDIPartyName: case certURI: case certIPAddress: PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n"); if (SECITEM_CompareItem(firstName->other, secondName->other) != SECEqual) { goto cleanup; } break; case certRegisterID: PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstName->oid, (PKIX_PL_Object *)secondName->oid, pResult, plContext), PKIX_OIDEQUALSFAILED); goto cleanup; case certOtherName: PKIX_NULLCHECK_TWO(firstName->OthName, secondName->OthName); PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n"); if (SECITEM_CompareItem(&firstName->OthName->oid, &secondName->OthName->oid) != SECEqual || SECITEM_CompareItem(&firstName->OthName->name, &secondName->OthName->name) != SECEqual) { goto cleanup; } break; case certDirectoryName: PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstName->directoryName, (PKIX_PL_Object *)secondName->directoryName, pResult, plContext), PKIX_X500NAMEEQUALSFAILED); goto cleanup; } *pResult = PKIX_TRUE; cleanup: PKIX_RETURN(GENERALNAME); }
static void Test_BuildResult( PKIX_ProcessingParams *procParams, PKIX_Boolean testValid, PKIX_List *expectedCerts, void *plContext) { PKIX_PL_Cert *cert = NULL; PKIX_List *certs = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; PKIX_BuildResult *buildResult = NULL; PKIX_Boolean result; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_UInt32 numCerts, i; char *asciiResult = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; void *state = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED!\n"); } PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ testError("UNEXPECTED NON-ERROR RECEIVED!\n"); } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_List_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_List_Equals( PKIX_PL_Object *first, PKIX_PL_Object *second, PKIX_Boolean *pResult, void *plContext) { PKIX_UInt32 secondType; PKIX_Boolean cmpResult; PKIX_List *firstList = NULL; PKIX_List *secondList = NULL; PKIX_UInt32 firstLength = 0; PKIX_UInt32 secondLength = 0; PKIX_PL_Object *firstItem = NULL; PKIX_PL_Object *secondItem = NULL; PKIX_UInt32 i = 0; PKIX_ENTER(LIST, "pkix_List_Equals"); PKIX_NULLCHECK_THREE(first, second, pResult); /* test that first is a List */ PKIX_CHECK(pkix_CheckType(first, PKIX_LIST_TYPE, plContext), PKIX_FIRSTOBJECTNOTLIST); /* * Since we know first is a List, if both references are * identical, they must be equal */ if (first == second){ *pResult = PKIX_TRUE; goto cleanup; } /* * If second isn't a List, we don't throw an error. * We simply return a Boolean result of FALSE */ *pResult = PKIX_FALSE; PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); if (secondType != PKIX_LIST_TYPE) goto cleanup; firstList = (PKIX_List *)first; secondList = (PKIX_List *)second; if ((!firstList->isHeader) && (!secondList->isHeader)){ PKIX_ERROR(PKIX_INPUTLISTSMUSTBELISTHEADERS); } firstLength = firstList->length; secondLength = secondList->length; cmpResult = PKIX_FALSE; if (firstLength == secondLength){ for (i = 0, cmpResult = PKIX_TRUE; ((i < firstLength) && cmpResult); i++){ PKIX_CHECK(PKIX_List_GetItem (firstList, i, &firstItem, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(PKIX_List_GetItem (secondList, i, &secondItem, plContext), PKIX_LISTGETITEMFAILED); if ((!firstItem && secondItem) || (firstItem && !secondItem)){ cmpResult = PKIX_FALSE; } else if (!firstItem && !secondItem){ continue; } else { PKIX_CHECK(PKIX_PL_Object_Equals (firstItem, secondItem, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); PKIX_DECREF(firstItem); PKIX_DECREF(secondItem); } } } *pResult = cmpResult; cleanup: PKIX_DECREF(firstItem); PKIX_DECREF(secondItem); PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_ValidateResult_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ValidateResult_Equals( PKIX_PL_Object *first, PKIX_PL_Object *second, PKIX_Boolean *pResult, void *plContext) { PKIX_UInt32 secondType; PKIX_Boolean cmpResult; PKIX_ValidateResult *firstValResult = NULL; PKIX_ValidateResult *secondValResult = NULL; PKIX_PolicyNode *firstTree = NULL; PKIX_PolicyNode *secondTree = NULL; PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals"); PKIX_NULLCHECK_THREE(first, second, pResult); PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext), PKIX_FIRSTOBJECTNOTVALIDATERESULT); PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); *pResult = PKIX_FALSE; if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup; firstValResult = (PKIX_ValidateResult *)first; secondValResult = (PKIX_ValidateResult *)second; PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstValResult->pubKey, (PKIX_PL_Object *)secondValResult->pubKey, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstValResult->anchor, (PKIX_PL_Object *)secondValResult->anchor, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; firstTree = firstValResult->policyTree; secondTree = secondValResult->policyTree; if ((firstTree != NULL) && (secondTree != NULL)) { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstTree, (PKIX_PL_Object *)secondTree, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); } else { if (PKIX_EXACTLY_ONE_NULL(firstTree, secondTree)) { cmpResult = PKIX_FALSE; } } /* * The remaining case is that both are null, * which we consider equality. * cmpResult = PKIX_TRUE; */ *pResult = cmpResult; cleanup: PKIX_RETURN(VALIDATERESULT); }
/* * FUNCTION: pkix_Error_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_Error_Equals( PKIX_PL_Object *firstObject, PKIX_PL_Object *secondObject, PKIX_Boolean *pResult, void *plContext) { PKIX_Error *firstError = NULL; PKIX_Error *secondError = NULL; PKIX_Error *firstCause = NULL; PKIX_Error *secondCause = NULL; PKIX_PL_Object *firstInfo = NULL; PKIX_PL_Object *secondInfo = NULL; PKIX_ERRORCLASS firstClass, secondClass; PKIX_UInt32 secondType; PKIX_Boolean boolResult, unequalFlag; PKIX_ENTER(ERROR, "pkix_Error_Equals"); PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); unequalFlag = PKIX_FALSE; /* First just compare pointer values to save time */ if (firstObject == secondObject) { *pResult = PKIX_TRUE; goto cleanup; } else { /* Result will only be set to true if all tests pass */ *pResult = PKIX_FALSE; } PKIX_CHECK(pkix_CheckType(firstObject, PKIX_ERROR_TYPE, plContext), PKIX_FIRSTOBJECTNOTANERROROBJECT); PKIX_CHECK(PKIX_PL_Object_GetType (secondObject, &secondType, plContext), PKIX_ERRORGETTINGSECONDOBJECTTYPE); /* If types differ, then return false. Result is already set */ if (secondType != PKIX_ERROR_TYPE) goto cleanup; /* It is safe to cast to PKIX_Error */ firstError = (PKIX_Error *) firstObject; secondError = (PKIX_Error *) secondObject; /* Compare error codes */ firstClass = firstError->errClass; secondClass = secondError->errClass; /* If codes differ, return false. Result is already set */ if (firstClass != secondClass) goto cleanup; /* Compare causes */ firstCause = firstError->cause; secondCause = secondError->cause; /* Ensure that either both or none of the causes are NULL */ if (((firstCause != NULL) && (secondCause == NULL))|| ((firstCause == NULL) && (secondCause != NULL))) unequalFlag = PKIX_TRUE; if ((firstCause != NULL) && (secondCause != NULL)) { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object*)firstCause, (PKIX_PL_Object*)secondCause, &boolResult, plContext), PKIX_ERRORINRECURSIVEEQUALSCALL); /* Set the unequalFlag so that we return after dec refing */ if (boolResult == 0) unequalFlag = PKIX_TRUE; } /* If the cause errors are not equal, return null */ if (unequalFlag) goto cleanup; /* Compare info fields */ firstInfo = firstError->info; secondInfo = secondError->info; if (firstInfo != secondInfo) goto cleanup; /* Ensure that either both or none of the infos are NULL */ if (((firstInfo != NULL) && (secondInfo == NULL))|| ((firstInfo == NULL) && (secondInfo != NULL))) unequalFlag = PKIX_TRUE; if ((firstInfo != NULL) && (secondInfo != NULL)) { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object*)firstInfo, (PKIX_PL_Object*)secondInfo, &boolResult, plContext), PKIX_ERRORINRECURSIVEEQUALSCALL); /* Set the unequalFlag so that we return after dec refing */ if (boolResult == 0) unequalFlag = PKIX_TRUE; } /* If the infos are not equal, return null */ if (unequalFlag) goto cleanup; /* Compare descs */ if (firstError->errCode != secondError->errCode) { unequalFlag = PKIX_TRUE; } if (firstError->plErr != secondError->plErr) { unequalFlag = PKIX_TRUE; } /* If the unequalFlag was set, return false */ if (unequalFlag) goto cleanup; /* Errors are equal in all fields at this point */ *pResult = PKIX_TRUE; cleanup: PKIX_RETURN(ERROR); }
/* * FUNCTION: pkix_TrustAnchor_Equals * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_TrustAnchor_Equals( PKIX_PL_Object *first, PKIX_PL_Object *second, PKIX_Boolean *pResult, void *plContext) { PKIX_UInt32 secondType; PKIX_Boolean cmpResult; PKIX_TrustAnchor *firstAnchor = NULL; PKIX_TrustAnchor *secondAnchor = NULL; PKIX_PL_Cert *firstCert = NULL; PKIX_PL_Cert *secondCert = NULL; PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals"); PKIX_NULLCHECK_THREE(first, second, pResult); PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext), PKIX_FIRSTOBJECTNOTTRUSTANCHOR); PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); *pResult = PKIX_FALSE; if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup; firstAnchor = (PKIX_TrustAnchor *)first; secondAnchor = (PKIX_TrustAnchor *)second; firstCert = firstAnchor->trustedCert; secondCert = secondAnchor->trustedCert; if ((firstCert && !secondCert) || (!firstCert && secondCert)){ goto cleanup; } if (firstCert && secondCert){ PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstCert, (PKIX_PL_Object *)secondCert, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); } else { PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstAnchor->caName, (PKIX_PL_Object *)secondAnchor->caName, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)firstAnchor->caPubKey, (PKIX_PL_Object *)secondAnchor->caPubKey, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; PKIX_EQUALS (firstAnchor->nameConstraints, secondAnchor->nameConstraints, &cmpResult, plContext, PKIX_OBJECTEQUALSFAILED); if (!cmpResult) goto cleanup; } *pResult = cmpResult; cleanup: PKIX_RETURN(TRUSTANCHOR); }
/* * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber * (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetCRLEntryForSerialNumber( PKIX_PL_CRL *crl, PKIX_PL_BigInt *serialNumber, PKIX_PL_CRLEntry **pCRLEntry, void *plContext) { PKIX_PL_CRLEntry *crlEntry = NULL; PKIX_List *crlEntryList = NULL; PKIX_UInt32 numEntries = 0; PKIX_UInt32 i = 0; PKIX_Boolean cmpResult = PKIX_FALSE; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLEntryForSerialNumber"); PKIX_NULLCHECK_THREE(crl, serialNumber, pCRLEntry); /* Assume there is no entry for Serial Number at start */ *pCRLEntry = NULL; PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext), PKIX_CRLGETCRLENTRIESFAILED); if (crlEntryList == NULL) { goto cleanup; } PKIX_CHECK(PKIX_List_GetLength(crlEntryList, &numEntries, plContext), PKIX_LISTGETLENGTHFAILED); for (i = 0; i < numEntries; i++) { PKIX_CHECK(PKIX_List_GetItem (crlEntryList, i, (PKIX_PL_Object **)&crlEntry, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(PKIX_PL_Object_Equals ((PKIX_PL_Object *)crlEntry->serialNumber, (PKIX_PL_Object *)serialNumber, &cmpResult, plContext), PKIX_OBJECTEQUALSFAILED); /* Found the entry for Serial Number */ if (cmpResult == PKIX_TRUE) { *pCRLEntry = crlEntry; goto cleanup; } PKIX_DECREF(crlEntry); } cleanup: PKIX_DECREF(crlEntryList); if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(crlEntry); } PKIX_RETURN(CRL); }