/*
* FUNCTION: pkix_ValidateParams_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ValidateParams *firstValParams = NULL;
PKIX_ValidateParams *secondValParams = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
firstValParams = (PKIX_ValidateParams *)first;
secondValParams = (PKIX_ValidateParams *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->procParams,
(PKIX_PL_Object *)secondValParams->procParams,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->chain,
(PKIX_PL_Object *)secondValParams->chain,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
*pResult = cmpResult;
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
static void
test_KeyUsages(void)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_PL_OID *ekuOid = NULL;
PKIX_List *setExtKeyUsage = NULL;
PKIX_List *getExtKeyUsage = NULL;
PKIX_UInt32 getKeyUsage = 0;
PKIX_UInt32 setKeyUsage = 0x1FF;
PKIX_Boolean isEqual = PKIX_FALSE;
PKIX_TEST_STD_VARS();
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
subTest("PKIX_ComCertSelParams_SetKeyUsage");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext));
subTest("PKIX_ComCertSelParams_GetKeyUsage");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext));
if (setKeyUsage != getKeyUsage) {
testError("unexpected KeyUsage mismatch <expect equal>");
}
subTest("PKIX_PL_OID List create and append");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
PKIX_TEST_DECREF_BC(ekuOid);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
PKIX_TEST_DECREF_BC(ekuOid);
subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext));
subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage,
(PKIX_PL_Object *)getExtKeyUsage,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected ExtKeyUsage mismatch <expect equal>");
}
cleanup:
PKIX_TEST_DECREF_AC(ekuOid);
PKIX_TEST_DECREF_AC(setExtKeyUsage);
PKIX_TEST_DECREF_AC(getExtKeyUsage);
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_RETURN();
}
/*
* This test is the same as testDuplicateHelper, except that it
* produces a more useful "Actual value" and "Expected value"
* in the case of an unexpected mismatch.
*/
static void
test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext)
{
PKIX_PolicyNode *newObject = NULL;
PKIX_Boolean cmpResult;
PKIX_PL_String *original = NULL;
PKIX_PL_String *copy = NULL;
PKIX_TEST_STD_VARS();
subTest("testing pkix_PolicyNode_Duplicate");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)object,
(PKIX_PL_Object **)&newObject,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
((PKIX_PL_Object *)object,
(PKIX_PL_Object *)newObject,
&cmpResult,
plContext));
if (!cmpResult){
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)object, &original, plContext));
testError("unexpected mismatch");
(void) printf
("original value:\t%s\n", original->escAsciiString);
if (newObject) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)newObject, ©, plContext));
(void) printf
("copy value:\t%s\n", copy->escAsciiString);
} else {
(void) printf("copy value:\t(NULL)\n");
}
}
cleanup:
PKIX_TEST_DECREF_AC(newObject);
PKIX_TEST_DECREF_AC(original);
PKIX_TEST_DECREF_AC(copy);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PKIX_PL_CollectionCertStoreContext *firstCCSContext = NULL;
PKIX_PL_CollectionCertStoreContext *secondCCSContext = NULL;
PKIX_Boolean cmpResult = 0;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject,
secondObject,
PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
plContext),
PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
firstCCSContext = (PKIX_PL_CollectionCertStoreContext *)firstObject;
secondCCSContext = (PKIX_PL_CollectionCertStoreContext *)secondObject;
if (firstCCSContext->storeDir == secondCCSContext->storeDir) {
cmpResult = PKIX_TRUE;
} else {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *) firstCCSContext->storeDir,
(PKIX_PL_Object *) secondCCSContext->storeDir,
&cmpResult,
plContext),
PKIX_STRINGEQUALSFAILED);
}
*pResult = cmpResult;
/* should not check equal on crlList and certList, data are dynamic */
cleanup:
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}
/*
* FUNCTION: pkix_CertStore_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertStore_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PKIX_CertStore *firstCS = NULL;
PKIX_CertStore *secondCS = NULL;
PKIX_Boolean cmpResult = PKIX_FALSE;
PKIX_ENTER(CERTSTORE, "pkix_CertStore_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_CERTSTORE_TYPE, plContext),
PKIX_ARGUMENTSNOTDATES);
firstCS = (PKIX_CertStore *)firstObject;
secondCS = (PKIX_CertStore *)secondObject;
cmpResult = (firstCS->certCallback == secondCS->certCallback) &&
(firstCS->crlCallback == secondCS->crlCallback) &&
(firstCS->certContinue == secondCS->certContinue) &&
(firstCS->crlContinue == secondCS->crlContinue) &&
(firstCS->trustCallback == secondCS->trustCallback);
if (cmpResult &&
(firstCS->certStoreContext != secondCS->certStoreContext)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *) firstCS->certStoreContext,
(PKIX_PL_Object *) secondCS->certStoreContext,
&cmpResult,
plContext),
PKIX_CERTSTOREEQUALSFAILED);
}
*pResult = cmpResult;
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_List_Remove
* DESCRIPTION:
*
* Traverses the List pointed to by "list", to find and delete an entry
* that is equal to the Object pointed to by "object". If no such entry
* is found the function does not return an error.
*
* PARAMETERS:
* "list"
* List to be searched; may be empty; must be non-NULL
* "object"
* Object to be checked for and deleted, if found; must be non-NULL
* "plContext"
* platform-specific context pointer
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds
* Returns a Validate Error if the functions fails in a non-fatal way
* Returns a Fatal Error if the function fails in an unrecoverable way
*/
PKIX_Error *
pkix_List_Remove(
PKIX_List *list,
PKIX_PL_Object *object,
void *plContext)
{
PKIX_PL_Object *current = NULL;
PKIX_UInt32 numEntries = 0;
PKIX_UInt32 index = 0;
PKIX_Boolean match = PKIX_FALSE;
PKIX_ENTER(LIST, "pkix_List_Remove");
PKIX_NULLCHECK_TWO(list, object);
PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext),
PKIX_LISTGETLENGTHFAILED);
for (index = 0; index < numEntries; index++) {
PKIX_CHECK(PKIX_List_GetItem
(list, index, ¤t, plContext),
PKIX_LISTGETITEMFAILED);
if (current) {
PKIX_CHECK(PKIX_PL_Object_Equals
(object, current, &match, plContext),
PKIX_OBJECTEQUALSFAILED);
PKIX_DECREF(current);
}
if (match) {
PKIX_CHECK(PKIX_List_DeleteItem
(list, index, plContext),
PKIX_LISTDELETEITEMFAILED);
break;
}
}
cleanup:
PKIX_DECREF(current);
PKIX_RETURN(LIST);
}
int
test_buildchain(int argc, char *argv[])
{
PKIX_BuildResult *buildResult = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_PublicKey *trustedPubKey = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_RevocationChecker *revChecker = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_ProcessingParams *procParams = NULL;
char *dirName = NULL;
PKIX_PL_String *dirNameString = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *targetCert = NULL;
PKIX_UInt32 actualMinorVersion = 0;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_CertStore *ldapCertStore = NULL;
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
/* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
PKIX_List *revCheckers = NULL;
char *asciiResult = NULL;
PKIX_Boolean result = PKIX_FALSE;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_List *expectedCerts = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
void *state = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
PRPollDesc *pollDesc = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage();
return (0);
}
startTests("BuildChain");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/*
* arguments:
* [optional] -arenas
* [optional] usebind
* servername or servername:port ( - for no server)
* testname
* EE or ENE
* cert directory
* target cert (end entity)
* intermediate certs
* trust anchor
*/
/* optional argument "usebind" for Ldap CertStore */
if (argv[j + 1]) {
if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
usebind = PKIX_TRUE;
j++;
}
}
if (PORT_Strcmp(argv[++j], "-") == 0) {
useLDAP = PKIX_FALSE;
} else {
serverName = argv[j];
useLDAP = PKIX_TRUE;
}
subTest(argv[++j]);
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[++j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
dirName = argv[++j];
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
for (k = ++j; k < (PKIX_UInt32)argc; k++) {
dirCert = createCert(dirName, argv[k], plContext);
if (k == (PKIX_UInt32)(argc - 1)) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
trustedCert = dirCert;
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
(PKIX_PL_Object *)dirCert,
plContext));
if (k == j) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
targetCert = dirCert;
}
}
PKIX_TEST_DECREF_BC(dirCert);
}
/* create processing params with list of trust anchors */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
/* create CertSelector with target certificate in params */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
/* create CertStores */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
if (useLDAP == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
(PKIX_PL_Object *)ldapCertStore,
plContext));
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
NULL, /* testDate, may be NULL */
trustedPubKey,
numCerts,
&revChecker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
#ifdef debuggingWithoutRevocation
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
#endif
/* build cert chain using processing params and return buildResult */
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
&verifyTree,
plContext);
while (pollDesc != NULL) {
if (PR_Poll(pollDesc, 1, 0) < 0) {
testError("PR_Poll failed");
}
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
&verifyTree,
plContext);
}
if (pkixTestErrorResult) {
if (testValid == PKIX_FALSE) { /* EE */
(void)printf("EXPECTED ERROR RECEIVED!\n");
} else { /* ENE */
testError("UNEXPECTED ERROR RECEIVED");
}
} else {
if (testValid == PKIX_TRUE) { /* ENE */
(void)printf("EXPECTED NON-ERROR RECEIVED!\n");
} else { /* EE */
(void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
}
}
subTest("Displaying VerifyNode objects");
if (verifyTree == NULL) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext));
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
}
(void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
if (pkixTestErrorResult) {
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
goto cleanup;
}
if (buildResult) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
i,
(PKIX_PL_Object **)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
/* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
(PKIX_PL_Object *)expectedCerts,
&result,
plContext));
if (!result) {
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
if (actualCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
if (expectedCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void)printf("Actual value:\t%s\n", actualCertsAscii);
(void)printf("Expected value:\t%s\n",
expectedCertsAscii);
}
}
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_PL_Free(asciiResult, NULL);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(state);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_DECREF_AC(expectedCerts);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certStores);
PKIX_TEST_DECREF_AC(revCheckers);
PKIX_TEST_DECREF_AC(revChecker);
PKIX_TEST_DECREF_AC(ldapCertStore);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(dirNameString);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(anchors);
PKIX_TEST_DECREF_AC(anchor);
PKIX_TEST_DECREF_AC(trustedCert);
PKIX_TEST_DECREF_AC(trustedPubKey);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(targetCert);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("BuildChain");
return (0);
}
int test_buildchain_uchecker(int argc, char *argv[])
{
PKIX_BuildResult *buildResult = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_CertChainChecker *checker = NULL;
char *dirName = NULL;
PKIX_PL_String *dirNameString = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *targetCert = NULL;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_UInt32 chainLength = 0;
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
char * asciiResult = NULL;
PKIX_Boolean result;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_Boolean supportForward = PKIX_FALSE;
PKIX_List *expectedCerts = NULL;
PKIX_List *userOIDs = NULL;
PKIX_PL_OID *oid = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
char *oidString = NULL;
void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
PKIX_TEST_STD_VARS();
if (argc < 5){
printUsage();
return (0);
}
startTests("BuildChain_UserChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
/* OID specified at argv[3+j] */
if (*argv[3+j] != '-') {
if (*argv[3+j] == 'F') {
supportForward = PKIX_TRUE;
oidString = argv[3+j]+1;
} else {
oidString = argv[3+j];
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
(&userOIDs, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(oidString, &oid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(userOIDs, (PKIX_PL_Object *)oid, plContext));
PKIX_TEST_DECREF_BC(oid);
}
subTest(argv[1+j]);
dirName = argv[4+j];
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
chainLength = argc - j - 5;
for (k = 0; k < chainLength; k++){
dirCert = createCert(dirName, argv[5+k+j], plContext);
if (k == (chainLength - 1)){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert, plContext));
trustedCert = dirCert;
} else {
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(expectedCerts,
(PKIX_PL_Object *)dirCert,
plContext));
if (k == 0){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert,
plContext));
targetCert = dirCert;
}
}
PKIX_TEST_DECREF_BC(dirCert);
}
/* create processing params with list of trust anchors */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
(anchors, &procParams, plContext));
/* create CertSelector with target certificate in params */
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_SetCertificate
(certSelParams, targetCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(testUserChecker,
supportForward,
PKIX_FALSE,
userOIDs,
NULL,
&checker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
(procParams, checker, plContext));
/* create CertStores */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
(PKIX_ESCASCII,
dirName,
0,
&dirNameString,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
(dirNameString, &certStore, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
(&certStore, plContext));
#endif
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(certStores, (PKIX_PL_Object *)certStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext));
/* build cert chain using processing params and return buildResult */
pkixTestErrorResult = PKIX_BuildChain
(procParams,
&nbioContext,
&buildState,
&buildResult,
NULL,
plContext);
if (testValid == PKIX_TRUE) { /* ENE */
if (pkixTestErrorResult){
(void) printf("UNEXPECTED RESULT RECEIVED!\n");
} else {
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
}
} else { /* EE */
if (pkixTestErrorResult){
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
} else {
testError("UNEXPECTED RESULT RECEIVED");
}
}
if (buildResult){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_BuildResult_GetCertChain
(buildResult, &certs, NULL));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetItem
(certs,
i,
(PKIX_PL_Object**)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Free(asciiResult, plContext));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_Equals
((PKIX_PL_Object*)certs,
(PKIX_PL_Object*)expectedCerts,
&result,
plContext));
if (!result){
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII
(actualCertsString, plContext);
if (actualCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII
(expectedCertsString, plContext);
if (expectedCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void) printf("Actual value:\t%s\n", actualCertsAscii);
(void) printf("Expected value:\t%s\n",
expectedCertsAscii);
if (chainLength - 1 != numUserCheckerCalled) {
pkixTestErrorMsg =
"PKIX user defined checker not called";
}
goto cleanup;
}
}
cleanup:
PKIX_PL_Free(asciiResult, plContext);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_DECREF_AC(expectedCerts);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(certStores);
PKIX_TEST_DECREF_AC(dirNameString);
PKIX_TEST_DECREF_AC(trustedCert);
PKIX_TEST_DECREF_AC(targetCert);
PKIX_TEST_DECREF_AC(anchor);
PKIX_TEST_DECREF_AC(anchors);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(userOIDs);
PKIX_TEST_DECREF_AC(checker);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("BuildChain_UserChecker");
return (0);
}
static void
test_SubjAlgId_SubjPublicKey(char *dirName)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_PL_OID *setAlgId = NULL;
PKIX_PL_OID *getAlgId = NULL;
PKIX_PL_Cert *goodCert = NULL;
PKIX_PL_PublicKey *setPublicKey = NULL;
PKIX_PL_PublicKey *getPublicKey = NULL;
PKIX_Boolean isEqual = PKIX_FALSE;
PKIX_TEST_STD_VARS();
/* Subject Algorithm Identifier */
subTest("PKIX_PL_OID_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext));
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
subTest("PKIX_ComCertSelParams_SetSubjPKAlgId");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext));
subTest("PKIX_ComCertSelParams_GetSubjPKAlgId");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId,
(PKIX_PL_Object *)getAlgId,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Subject Public Key Alg mismatch "
"<expect equal>");
}
/* Subject Public Key */
subTest("Getting Cert for Subject Public Key");
goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
subTest("PKIX_PL_Cert_GetSubjectPublicKey");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext));
subTest("PKIX_ComCertSelParams_SetSubjPubKey");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext));
subTest("PKIX_ComCertSelParams_GetSubjPubKey");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey,
(PKIX_PL_Object *)getPublicKey,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Subject Public Key mismatch "
"<expect equal>");
}
cleanup:
PKIX_TEST_DECREF_AC(setAlgId);
PKIX_TEST_DECREF_AC(getAlgId);
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_DECREF_AC(goodCert);
PKIX_TEST_DECREF_AC(setPublicKey);
PKIX_TEST_DECREF_AC(getPublicKey);
PKIX_TEST_RETURN();
}
static void
test_SubjKeyId_AuthKeyId(void)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_PL_ByteArray *setKeyId = NULL;
PKIX_PL_ByteArray *getKeyId = NULL;
PKIX_Boolean isEqual = PKIX_FALSE;
PKIX_TEST_STD_VARS();
/* Subject Key Identifier */
subTest("PKIX_PL_ByteArray_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext));
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext));
subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
(PKIX_PL_Object *)getKeyId,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Subject Key Id mismatch <expect equal>");
}
PKIX_TEST_DECREF_BC(setKeyId);
PKIX_TEST_DECREF_BC(getKeyId);
/* Authority Key Identifier */
subTest("PKIX_PL_ByteArray_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext));
subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext));
subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
(PKIX_PL_Object *)getKeyId,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Auth Key Id mismatch <expect equal>");
}
cleanup:
PKIX_TEST_DECREF_AC(setKeyId);
PKIX_TEST_DECREF_AC(getKeyId);
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_RETURN();
}
static void
test_Version_Issuer_SerialNumber(void)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_UInt32 version = 0;
PKIX_PL_X500Name *setIssuer = NULL;
PKIX_PL_X500Name *getIssuer = NULL;
PKIX_PL_String *str = NULL;
PKIX_PL_BigInt *setSerialNumber = NULL;
PKIX_PL_BigInt *getSerialNumber = NULL;
PKIX_Boolean isEqual = PKIX_FALSE;
char *bigInt = "999999999999999999";
PKIX_TEST_STD_VARS();
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
/* Version */
subTest("PKIX_ComCertSelParams_SetVersion");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
subTest("PKIX_ComCertSelParams_GetVersion");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext));
if (version != 2) {
testError("unexpected Version mismatch <expect 2>");
}
/* Issuer */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext));
PKIX_TEST_DECREF_BC(str);
subTest("PKIX_ComCertSelParams_SetIssuer");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext));
subTest("PKIX_ComCertSelParams_GetIssuer");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer,
(PKIX_PL_Object *)getIssuer,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Issuer mismatch <expect equal>");
}
/* Serial Number */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext));
subTest("PKIX_ComCertSelParams_SetSerialNumber");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext));
subTest("PKIX_ComCertSelParams_GetSerialNumber");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber,
(PKIX_PL_Object *)getSerialNumber,
&isEqual,
plContext));
if (isEqual == PKIX_FALSE) {
testError("unexpected Serial Number mismatch <expect equal>");
}
cleanup:
PKIX_TEST_DECREF_AC(str);
PKIX_TEST_DECREF_AC(setIssuer);
PKIX_TEST_DECREF_AC(getIssuer);
PKIX_TEST_DECREF_AC(setSerialNumber);
PKIX_TEST_DECREF_AC(getSerialNumber);
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_pl_GeneralName_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_GeneralName_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_PL_GeneralName *firstName = NULL;
PKIX_PL_GeneralName *secondName = NULL;
PKIX_UInt32 secondType;
PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a GeneralName */
PKIX_CHECK(pkix_CheckType
(firstObject, PKIX_GENERALNAME_TYPE, plContext),
PKIX_FIRSTOBJECTNOTGENERALNAME);
/*
* Since we know firstObject is a GeneralName, if both references are
* identical, they must be equal
*/
if (firstObject == secondObject){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondObject isn't a GeneralName, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
(secondObject, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_GENERALNAME_TYPE){
goto cleanup;
}
firstName = (PKIX_PL_GeneralName *)firstObject;
secondName = (PKIX_PL_GeneralName *)secondObject;
if (firstName->type != secondName->type){
goto cleanup;
}
switch (firstName->type) {
case certRFC822Name:
case certDNSName:
case certX400Address:
case certEDIPartyName:
case certURI:
case certIPAddress:
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
if (SECITEM_CompareItem(firstName->other,
secondName->other) != SECEqual) {
goto cleanup;
}
break;
case certRegisterID:
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstName->oid,
(PKIX_PL_Object *)secondName->oid,
pResult,
plContext),
PKIX_OIDEQUALSFAILED);
goto cleanup;
case certOtherName:
PKIX_NULLCHECK_TWO(firstName->OthName, secondName->OthName);
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
if (SECITEM_CompareItem(&firstName->OthName->oid,
&secondName->OthName->oid)
!= SECEqual ||
SECITEM_CompareItem(&firstName->OthName->name,
&secondName->OthName->name)
!= SECEqual) {
goto cleanup;
}
break;
case certDirectoryName:
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstName->directoryName,
(PKIX_PL_Object *)secondName->directoryName,
pResult,
plContext),
PKIX_X500NAMEEQUALSFAILED);
goto cleanup;
}
*pResult = PKIX_TRUE;
cleanup:
PKIX_RETURN(GENERALNAME);
}
static void
Test_BuildResult(
PKIX_ProcessingParams *procParams,
PKIX_Boolean testValid,
PKIX_List *expectedCerts,
void *plContext)
{
PKIX_PL_Cert *cert = NULL;
PKIX_List *certs = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
PKIX_BuildResult *buildResult = NULL;
PKIX_Boolean result;
PKIX_Boolean supportForward = PKIX_FALSE;
PKIX_UInt32 numCerts, i;
char *asciiResult = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
void *state = NULL;
PRPollDesc *pollDesc = NULL;
PKIX_TEST_STD_VARS();
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
NULL,
plContext);
while (pollDesc != NULL) {
if (PR_Poll(pollDesc, 1, 0) < 0) {
testError("PR_Poll failed");
}
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
NULL,
plContext);
}
if (pkixTestErrorResult) {
if (testValid == PKIX_FALSE) { /* EE */
(void)printf("EXPECTED ERROR RECEIVED!\n");
} else { /* ENE */
testError("UNEXPECTED ERROR RECEIVED!\n");
}
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
goto cleanup;
}
if (testValid == PKIX_TRUE) { /* ENE */
(void)printf("EXPECTED NON-ERROR RECEIVED!\n");
} else { /* EE */
testError("UNEXPECTED NON-ERROR RECEIVED!\n");
}
if (buildResult) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
i,
(PKIX_PL_Object **)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
/* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
(PKIX_PL_Object *)expectedCerts,
&result,
plContext));
if (!result) {
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
if (actualCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
if (expectedCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void)printf("Actual value:\t%s\n", actualCertsAscii);
(void)printf("Expected value:\t%s\n",
expectedCertsAscii);
}
}
cleanup:
PKIX_PL_Free(asciiResult, NULL);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(state);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_List_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_List_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_List *firstList = NULL;
PKIX_List *secondList = NULL;
PKIX_UInt32 firstLength = 0;
PKIX_UInt32 secondLength = 0;
PKIX_PL_Object *firstItem = NULL;
PKIX_PL_Object *secondItem = NULL;
PKIX_UInt32 i = 0;
PKIX_ENTER(LIST, "pkix_List_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
/* test that first is a List */
PKIX_CHECK(pkix_CheckType(first, PKIX_LIST_TYPE, plContext),
PKIX_FIRSTOBJECTNOTLIST);
/*
* Since we know first is a List, if both references are
* identical, they must be equal
*/
if (first == second){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If second isn't a List, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_LIST_TYPE) goto cleanup;
firstList = (PKIX_List *)first;
secondList = (PKIX_List *)second;
if ((!firstList->isHeader) && (!secondList->isHeader)){
PKIX_ERROR(PKIX_INPUTLISTSMUSTBELISTHEADERS);
}
firstLength = firstList->length;
secondLength = secondList->length;
cmpResult = PKIX_FALSE;
if (firstLength == secondLength){
for (i = 0, cmpResult = PKIX_TRUE;
((i < firstLength) && cmpResult);
i++){
PKIX_CHECK(PKIX_List_GetItem
(firstList, i, &firstItem, plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(PKIX_List_GetItem
(secondList, i, &secondItem, plContext),
PKIX_LISTGETITEMFAILED);
if ((!firstItem && secondItem) ||
(firstItem && !secondItem)){
cmpResult = PKIX_FALSE;
} else if (!firstItem && !secondItem){
continue;
} else {
PKIX_CHECK(PKIX_PL_Object_Equals
(firstItem,
secondItem,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
PKIX_DECREF(firstItem);
PKIX_DECREF(secondItem);
}
}
}
*pResult = cmpResult;
cleanup:
PKIX_DECREF(firstItem);
PKIX_DECREF(secondItem);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_ValidateResult_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ValidateResult *firstValResult = NULL;
PKIX_ValidateResult *secondValResult = NULL;
PKIX_PolicyNode *firstTree = NULL;
PKIX_PolicyNode *secondTree = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_FIRSTOBJECTNOTVALIDATERESULT);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup;
firstValResult = (PKIX_ValidateResult *)first;
secondValResult = (PKIX_ValidateResult *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValResult->pubKey,
(PKIX_PL_Object *)secondValResult->pubKey,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValResult->anchor,
(PKIX_PL_Object *)secondValResult->anchor,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
firstTree = firstValResult->policyTree;
secondTree = secondValResult->policyTree;
if ((firstTree != NULL) && (secondTree != NULL)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstTree,
(PKIX_PL_Object *)secondTree,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
} else {
if (PKIX_EXACTLY_ONE_NULL(firstTree, secondTree)) {
cmpResult = PKIX_FALSE;
}
}
/*
* The remaining case is that both are null,
* which we consider equality.
* cmpResult = PKIX_TRUE;
*/
*pResult = cmpResult;
cleanup:
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_Error_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_Error_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_Error *firstError = NULL;
PKIX_Error *secondError = NULL;
PKIX_Error *firstCause = NULL;
PKIX_Error *secondCause = NULL;
PKIX_PL_Object *firstInfo = NULL;
PKIX_PL_Object *secondInfo = NULL;
PKIX_ERRORCLASS firstClass, secondClass;
PKIX_UInt32 secondType;
PKIX_Boolean boolResult, unequalFlag;
PKIX_ENTER(ERROR, "pkix_Error_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
unequalFlag = PKIX_FALSE;
/* First just compare pointer values to save time */
if (firstObject == secondObject) {
*pResult = PKIX_TRUE;
goto cleanup;
} else {
/* Result will only be set to true if all tests pass */
*pResult = PKIX_FALSE;
}
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_ERROR_TYPE, plContext),
PKIX_FIRSTOBJECTNOTANERROROBJECT);
PKIX_CHECK(PKIX_PL_Object_GetType
(secondObject, &secondType, plContext),
PKIX_ERRORGETTINGSECONDOBJECTTYPE);
/* If types differ, then return false. Result is already set */
if (secondType != PKIX_ERROR_TYPE) goto cleanup;
/* It is safe to cast to PKIX_Error */
firstError = (PKIX_Error *) firstObject;
secondError = (PKIX_Error *) secondObject;
/* Compare error codes */
firstClass = firstError->errClass;
secondClass = secondError->errClass;
/* If codes differ, return false. Result is already set */
if (firstClass != secondClass) goto cleanup;
/* Compare causes */
firstCause = firstError->cause;
secondCause = secondError->cause;
/* Ensure that either both or none of the causes are NULL */
if (((firstCause != NULL) && (secondCause == NULL))||
((firstCause == NULL) && (secondCause != NULL)))
unequalFlag = PKIX_TRUE;
if ((firstCause != NULL) && (secondCause != NULL)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object*)firstCause,
(PKIX_PL_Object*)secondCause,
&boolResult,
plContext),
PKIX_ERRORINRECURSIVEEQUALSCALL);
/* Set the unequalFlag so that we return after dec refing */
if (boolResult == 0) unequalFlag = PKIX_TRUE;
}
/* If the cause errors are not equal, return null */
if (unequalFlag) goto cleanup;
/* Compare info fields */
firstInfo = firstError->info;
secondInfo = secondError->info;
if (firstInfo != secondInfo) goto cleanup;
/* Ensure that either both or none of the infos are NULL */
if (((firstInfo != NULL) && (secondInfo == NULL))||
((firstInfo == NULL) && (secondInfo != NULL)))
unequalFlag = PKIX_TRUE;
if ((firstInfo != NULL) && (secondInfo != NULL)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object*)firstInfo,
(PKIX_PL_Object*)secondInfo,
&boolResult,
plContext),
PKIX_ERRORINRECURSIVEEQUALSCALL);
/* Set the unequalFlag so that we return after dec refing */
if (boolResult == 0) unequalFlag = PKIX_TRUE;
}
/* If the infos are not equal, return null */
if (unequalFlag) goto cleanup;
/* Compare descs */
if (firstError->errCode != secondError->errCode) {
unequalFlag = PKIX_TRUE;
}
if (firstError->plErr != secondError->plErr) {
unequalFlag = PKIX_TRUE;
}
/* If the unequalFlag was set, return false */
if (unequalFlag) goto cleanup;
/* Errors are equal in all fields at this point */
*pResult = PKIX_TRUE;
cleanup:
PKIX_RETURN(ERROR);
}
/*
* FUNCTION: pkix_TrustAnchor_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_TrustAnchor *firstAnchor = NULL;
PKIX_TrustAnchor *secondAnchor = NULL;
PKIX_PL_Cert *firstCert = NULL;
PKIX_PL_Cert *secondCert = NULL;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
firstAnchor = (PKIX_TrustAnchor *)first;
secondAnchor = (PKIX_TrustAnchor *)second;
firstCert = firstAnchor->trustedCert;
secondCert = secondAnchor->trustedCert;
if ((firstCert && !secondCert) || (!firstCert && secondCert)){
goto cleanup;
}
if (firstCert && secondCert){
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstCert,
(PKIX_PL_Object *)secondCert,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
} else {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstAnchor->caName,
(PKIX_PL_Object *)secondAnchor->caName,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstAnchor->caPubKey,
(PKIX_PL_Object *)secondAnchor->caPubKey,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_EQUALS
(firstAnchor->nameConstraints,
secondAnchor->nameConstraints,
&cmpResult,
plContext,
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
}
*pResult = cmpResult;
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCRLEntryForSerialNumber(
PKIX_PL_CRL *crl,
PKIX_PL_BigInt *serialNumber,
PKIX_PL_CRLEntry **pCRLEntry,
void *plContext)
{
PKIX_PL_CRLEntry *crlEntry = NULL;
PKIX_List *crlEntryList = NULL;
PKIX_UInt32 numEntries = 0;
PKIX_UInt32 i = 0;
PKIX_Boolean cmpResult = PKIX_FALSE;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLEntryForSerialNumber");
PKIX_NULLCHECK_THREE(crl, serialNumber, pCRLEntry);
/* Assume there is no entry for Serial Number at start */
*pCRLEntry = NULL;
PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext),
PKIX_CRLGETCRLENTRIESFAILED);
if (crlEntryList == NULL) {
goto cleanup;
}
PKIX_CHECK(PKIX_List_GetLength(crlEntryList, &numEntries, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < numEntries; i++) {
PKIX_CHECK(PKIX_List_GetItem
(crlEntryList,
i,
(PKIX_PL_Object **)&crlEntry,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)crlEntry->serialNumber,
(PKIX_PL_Object *)serialNumber,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
/* Found the entry for Serial Number */
if (cmpResult == PKIX_TRUE) {
*pCRLEntry = crlEntry;
goto cleanup;
}
PKIX_DECREF(crlEntry);
}
cleanup:
PKIX_DECREF(crlEntryList);
if (PKIX_ERROR_RECEIVED) {
PKIX_DECREF(crlEntry);
}
PKIX_RETURN(CRL);
}
