/* * FUNCTION: pkix_pl_OID_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) * Use this function only for printing OIDs and not to make any * critical security decision. */ static PKIX_Error * pkix_pl_OID_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_PL_OID *oid = NULL; char *oidString = NULL; PKIX_ENTER(OID, "pkix_pl_OID_toString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext), PKIX_OBJECTNOTANOID); oid = (PKIX_PL_OID*)object; oidString = CERT_GetOidString(&oid->derOid); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, oidString , 0, pString, plContext), PKIX_STRINGCREATEFAILED); cleanup: PR_smprintf_free(oidString); PKIX_RETURN(OID); }
/* * FUNCTION: PKIX_Error_GetDescription (see comments in pkix_util.h) */ PKIX_Error * PKIX_Error_GetDescription( PKIX_Error *error, PKIX_PL_String **pDesc, void *plContext) { PKIX_PL_String *descString = NULL; #ifndef PKIX_ERROR_DESCRIPTION char errorStr[32]; #endif PKIX_ENTER(ERROR, "PKIX_Error_GetDescription"); PKIX_NULLCHECK_TWO(error, pDesc); #ifndef PKIX_ERROR_DESCRIPTION PR_snprintf(errorStr, 32, "Error code: %d", error->errCode); #endif PKIX_PL_String_Create(PKIX_ESCASCII, #if defined PKIX_ERROR_DESCRIPTION (void *)PKIX_ErrorText[error->errCode], #else errorStr, #endif 0, &descString, plContext); *pDesc = descString; PKIX_RETURN(ERROR); }
PKIX_PL_GeneralName * createGeneralName( PKIX_UInt32 nameType, char *asciiName, void *plContext) { PKIX_PL_GeneralName *generalName = NULL; PKIX_PL_String *plString = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, asciiName, 0, &plString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create (nameType, plString, &generalName, plContext)); cleanup: PKIX_TEST_DECREF_AC(plString); PKIX_TEST_RETURN(); return (generalName); }
static PKIX_PL_X500Name * createX500Name(char *asciiName, PKIX_Boolean expectedToPass){ PKIX_PL_X500Name *x500Name = NULL; PKIX_PL_String *plString = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_String_Create (PKIX_ESCASCII, asciiName, 0, &plString, plContext)); if (expectedToPass){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_X500Name_Create (plString, &x500Name, plContext)); } else { PKIX_TEST_EXPECT_ERROR (PKIX_PL_X500Name_Create (plString, &x500Name, plContext)); } cleanup: PKIX_TEST_DECREF_AC(plString); PKIX_TEST_RETURN(); return (x500Name); }
/* * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient * DESCRIPTION: * * This function checks the collection of LDAPClient connections held by the * AIAMgr pointed to by "aiaMgr" for one matching the domain name given by * "domainName". The string may include a port number: e.g., "betty.nist.gov" * or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is * stored at "pClient". Otherwise, an LDAPClient is created and added to the * collection, and then stored at "pClient". * * PARAMETERS: * "aiaMgr" * The AIAMgr whose LDAPClient connected are to be managed. Must be * non-NULL. * "domainName" * Address of a string pointing to a server name. Must be non-NULL. * "pClient" * Address at which the returned LDAPClient is stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns an AIAMgr Error if the function fails in a non-fatal way * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_AiaMgr_FindLDAPClient( PKIX_PL_AIAMgr *aiaMgr, char *domainName, PKIX_PL_LdapClient **pClient, void *plContext) { PKIX_PL_String *domainString = NULL; PKIX_PL_LdapDefaultClient *client = NULL; PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient"); PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient); /* create PKIX_PL_String from domain name */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, domainName, 0, &domainString, plContext), PKIX_STRINGCREATEFAILED); /* Is this domainName already in cache? */ PKIX_CHECK(PKIX_PL_HashTable_Lookup (aiaConnectionCache, (PKIX_PL_Object *)domainString, (PKIX_PL_Object **)&client, plContext), PKIX_HASHTABLELOOKUPFAILED); if (client == NULL) { /* No, create a connection (and cache it) */ PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName (domainName, /* Do not use NBIO until we verify, that * it is working. For now use 1 min timeout. */ PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), NULL, &client, plContext), PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED); PKIX_CHECK(PKIX_PL_HashTable_Add (aiaConnectionCache, (PKIX_PL_Object *)domainString, (PKIX_PL_Object *)client, plContext), PKIX_HASHTABLEADDFAILED); } *pClient = (PKIX_PL_LdapClient *)client; cleanup: PKIX_DECREF(domainString); PKIX_RETURN(AIAMGR); }
static void testGetCRL(char *crlDir) { PKIX_PL_String *dirString = NULL; PKIX_CertStore_CRLCallback crlCallback; PKIX_CertStore *certStore = NULL; PKIX_CRLSelector *crlSelector = NULL; PKIX_List *crlList = NULL; PKIX_UInt32 numCrl = 0; void *nbioContext = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); subTest("PKIX_PL_CollectionCertStore_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); subTest("PKIX_CRLSelector_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback, NULL, &crlSelector, plContext)); subTest("PKIX_CertStore_GetCRLCallback"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL)); subTest("Getting data from CRL Callback"); PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore, crlSelector, &nbioContext, &crlList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext)); if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { pkixTestErrorMsg = "unexpected CRL number mismatch"; } cleanup: PKIX_TEST_DECREF_AC(dirString); PKIX_TEST_DECREF_AC(crlList); PKIX_TEST_DECREF_AC(crlSelector); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_pl_CertPolicyQualifier_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_CertPolicyQualifier_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_PL_CertPolicyQualifier *certPQ = NULL; char *asciiFormat = "%s:%s"; PKIX_PL_String *formatString = NULL; PKIX_PL_String *pqIDString = NULL; PKIX_PL_String *pqValString = NULL; PKIX_PL_String *outString = NULL; PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext), PKIX_OBJECTNOTCERTPOLICYQUALIFIER); certPQ = (PKIX_PL_CertPolicyQualifier *)object; /* * The policyQualifierId is required. If there is no qualifier, * we should have a ByteArray of zero length. */ PKIX_NULLCHECK_TWO(certPQ->policyQualifierId, certPQ->qualifier); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_TOSTRING(certPQ->policyQualifierId, &pqIDString, plContext, PKIX_OIDTOSTRINGFAILED); PKIX_CHECK(pkix_pl_ByteArray_ToHexString (certPQ->qualifier, &pqValString, plContext), PKIX_BYTEARRAYTOHEXSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, formatString, pqIDString, pqValString), PKIX_SPRINTFFAILED); *pString = outString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(pqIDString); PKIX_DECREF(pqValString); PKIX_RETURN(CERTPOLICYQUALIFIER); }
/* * FUNCTION: pkix_ResourceLimits_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ResourceLimits_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_ResourceLimits *rLimits = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *rLimitsString = NULL; PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext), PKIX_OBJECTNOTRESOURCELIMITS); /* maxCertsNumber and maxCrlsNumber are not supported */ asciiFormat = "[\n" "\tMaxTime: \t\t%d\n" "\tMaxFanout: \t\t%d\n" "\tMaxDepth: \t\t%d\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); rLimits = (PKIX_ResourceLimits*)object; PKIX_CHECK(PKIX_PL_Sprintf (&rLimitsString, plContext, formatString, rLimits->maxTime, rLimits->maxFanout, rLimits->maxDepth), PKIX_SPRINTFFAILED); *pString = rLimitsString; cleanup: PKIX_DECREF(formatString); PKIX_RETURN(RESOURCELIMITS); }
/* * FUNCTION: pkix_pl_CertPolicyMap_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_CertPolicyMap_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_PL_CertPolicyMap *certMap = NULL; PKIX_PL_String *format = NULL; PKIX_PL_String *outString = NULL; PKIX_PL_String *issuerString = NULL; PKIX_PL_String *subjectString = NULL; PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext), PKIX_OBJECTNOTCERTPOLICYMAP); certMap = (PKIX_PL_CertPolicyMap *)object; PKIX_TOSTRING (certMap->issuerDomainPolicy, &issuerString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING (certMap->subjectDomainPolicy, &subjectString, plContext, PKIX_OBJECTTOSTRINGFAILED); /* Put them together in the form issuerPolicy=>subjectPolicy */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s=>%s", 0, &format, plContext), PKIX_ERRORINSTRINGCREATE); PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, format, issuerString, subjectString), PKIX_ERRORINSPRINTF); *pString = outString; cleanup: PKIX_DECREF(format); PKIX_DECREF(issuerString); PKIX_DECREF(subjectString); PKIX_RETURN(CERTPOLICYMAP); }
/* * FUNCTION: pkix_pl_Date_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the SECItem pointed * to by "nssTime" (which represents a date) and stores it at "pString". * * PARAMETERS * "nssTime" * Address of SECItem whose string representation is desired. * Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" - Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a Date Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_pl_Date_ToString_Helper( SECItem *nssTime, PKIX_PL_String **pString, void *plContext) { char *asciiDate = NULL; PKIX_ENTER(DATE, "pkix_pl_Date_ToString_Helper"); PKIX_NULLCHECK_TWO(nssTime, pString); switch (nssTime->type) { case siUTCTime: PKIX_PL_NSSCALLRV (DATE, asciiDate, DER_UTCDayToAscii, (nssTime)); if (!asciiDate){ PKIX_ERROR(PKIX_DERUTCTIMETOASCIIFAILED); } break; case siGeneralizedTime: /* * we don't currently have any way to create GeneralizedTime. * this code is only here so that it will be in place when * we do have the capability to create GeneralizedTime. */ PKIX_PL_NSSCALLRV (DATE, asciiDate, DER_GeneralizedDayToAscii, (nssTime)); if (!asciiDate){ PKIX_ERROR(PKIX_DERGENERALIZEDDAYTOASCIIFAILED); } break; default: PKIX_ERROR(PKIX_UNRECOGNIZEDTIMETYPE); } PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiDate, 0, pString, plContext), PKIX_STRINGCREATEFAILED); cleanup: PR_Free(asciiDate); PKIX_RETURN(DATE); }
static PKIX_Error * toStringCallback( PKIX_PL_Object *obj, PKIX_PL_String **pString, /* ARGSUSED */ void *plContext) { PKIX_Error *errorResult; PKIX_UInt32 type; char *format = "(addr: %x, type: %d)"; PKIX_PL_String *formatString = NULL; errorResult = PKIX_PL_String_Create( PKIX_ESCASCII, format, PL_strlen(format), &formatString, plContext); if (errorResult) testError("PKIX_PL_String_Create failed"); if (pString == plContext) testError("Null String"); type = (unsigned int)0; (void)PKIX_PL_Object_GetType(obj, &type, plContext); errorResult = PKIX_PL_Sprintf(pString, plContext, formatString, (int)obj, type); if (errorResult) testError("PKIX_PL_Sprintf failed"); errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString, plContext); if (errorResult) testError("PKIX_PL_Object_DecRef failed"); return (NULL); }
/* * FUNCTION: pkix_List_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_List_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_List *list = NULL; PKIX_PL_String *listString = NULL; PKIX_PL_String *format = NULL; PKIX_ENTER(LIST, "pkix_List_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext), PKIX_OBJECTNOTLIST); list = (PKIX_List *)object; if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } PKIX_CHECK(pkix_List_ToString_Helper(list, &listString, plContext), PKIX_LISTTOSTRINGHELPERFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "(%s)", 0, &format, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf(pString, plContext, format, listString), PKIX_SPRINTFFAILED); cleanup: PKIX_DECREF(listString); PKIX_DECREF(format); PKIX_RETURN(LIST); }
PKIX_PL_Date * createDate( char *asciiDate, void *plContext) { PKIX_PL_Date *date = NULL; PKIX_PL_String *plString = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, asciiDate, 0, &plString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime (plString, &date, plContext)); cleanup: PKIX_TEST_DECREF_AC(plString); PKIX_TEST_RETURN(); return (date); }
/* * FUNCTION: pkix_Error_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_Error_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_Error *error = NULL; PKIX_Error *cause = NULL; PKIX_PL_String *desc = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *causeString = NULL; PKIX_PL_String *optCauseString = NULL; PKIX_PL_String *errorNameString = NULL; char *format = NULL; PKIX_ERRORCLASS errClass; PKIX_ENTER(ERROR, "pkix_Error_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext), PKIX_OBJECTNOTANERROR); error = (PKIX_Error *)object; /* Get this error's errClass, description and the string of its cause */ errClass = error->errClass; /* Get the description string */ PKIX_Error_GetDescription(error, &desc, plContext); /* Get the cause */ cause = error->cause; /* Get the causes's description string */ if (cause != NULL) { pkix_error_cause_depth++; /* Get the cause string */ PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object*)cause, &causeString, plContext), PKIX_ERRORGETTINGCAUSESTRING); format = "\n*** Cause (%d): %s"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, format, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Create the optional Cause String */ PKIX_CHECK(PKIX_PL_Sprintf (&optCauseString, plContext, formatString, pkix_error_cause_depth, causeString), PKIX_SPRINTFFAILED); PKIX_DECREF(formatString); pkix_error_cause_depth--; } /* Create the Format String */ if (optCauseString != NULL) { format = "*** %s Error- %s%s"; } else { format = "*** %s Error- %s"; } /* Ensure that error errClass is known, otherwise default to Object */ if (errClass >= PKIX_NUMERRORCLASSES) { errClass = 0; } PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, (void *)PKIX_ERRORCLASSNAMES[errClass], 0, &errorNameString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, format, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Create the output String */ PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, formatString, errorNameString, desc, optCauseString), PKIX_SPRINTFFAILED); cleanup: PKIX_DECREF(desc); PKIX_DECREF(causeString); PKIX_DECREF(formatString); PKIX_DECREF(optCauseString); PKIX_DECREF(errorNameString); PKIX_RETURN(ERROR); }
int test_buildchain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *trustedPubKey = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *revCheckers = NULL; char *asciiResult = NULL; PKIX_Boolean result = PKIX_FALSE; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *expectedCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; void *state = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; useLDAP = PKIX_TRUE; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < (PKIX_UInt32)argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (PKIX_UInt32)(argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, NULL, /* testDate, may be NULL */ trustedPubKey, numCerts, &revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); #ifdef debuggingWithoutRevocation PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); #endif /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } } else { if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } subTest("Displaying VerifyNode objects"); if (verifyTree == NULL) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); } (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); if (pkixTestErrorResult) { PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(revCheckers); PKIX_TEST_DECREF_AC(revChecker); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(trustedPubKey); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain"); return (0); }
/* * FUNCTION: pkix_VerifyNode_ToString_Helper * DESCRIPTION: * * Produces a String representation of a VerifyNode tree below the VerifyNode * pointed to by "rootNode", with each line of output prefixed by the String * pointed to by "indent", and stores the result at "pTreeString". It is * called recursively, with ever-increasing indentation, for successively * lower nodes on the tree. * * PARAMETERS: * "rootNode" * Address of VerifyNode subtree. Must be non-NULL. * "indent" * Address of String to be prefixed to each line of output. May be NULL * if no indentation is desired * "pTreeString" * Address where the resulting String will be stored; must be non-NULL * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Conditionally Thread Safe * (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a VerifyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_VerifyNode_ToString_Helper( PKIX_VerifyNode *rootNode, PKIX_PL_String *indent, PKIX_PL_String **pTreeString, void *plContext) { PKIX_PL_String *nextIndentFormat = NULL; PKIX_PL_String *thisNodeFormat = NULL; PKIX_PL_String *childrenFormat = NULL; PKIX_PL_String *nextIndentString = NULL; PKIX_PL_String *resultString = NULL; PKIX_PL_String *thisItemString = NULL; PKIX_PL_String *childString = NULL; PKIX_VerifyNode *childNode = NULL; PKIX_UInt32 numberOfChildren = 0; PKIX_UInt32 childIndex = 0; PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString_Helper"); PKIX_NULLCHECK_TWO(rootNode, pTreeString); /* Create a string for this node */ PKIX_CHECK(pkix_SingleVerifyNode_ToString (rootNode, &thisItemString, plContext), PKIX_ERRORINSINGLEVERIFYNODETOSTRING); if (indent) { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s%s", 0, &thisNodeFormat, plContext), PKIX_ERRORCREATINGFORMATSTRING); PKIX_CHECK(PKIX_PL_Sprintf (&resultString, plContext, thisNodeFormat, indent, thisItemString), PKIX_ERRORINSPRINTF); } else { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s", 0, &thisNodeFormat, plContext), PKIX_ERRORCREATINGFORMATSTRING); PKIX_CHECK(PKIX_PL_Sprintf (&resultString, plContext, thisNodeFormat, thisItemString), PKIX_ERRORINSPRINTF); } PKIX_DECREF(thisItemString); thisItemString = resultString; /* if no children, we are done */ if (rootNode->children) { PKIX_CHECK(PKIX_List_GetLength (rootNode->children, &numberOfChildren, plContext), PKIX_LISTGETLENGTHFAILED); } if (numberOfChildren != 0) { /* * We create a string for each child in turn, * concatenating them to thisItemString. */ /* Prepare an indent string for each child */ if (indent) { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s. ", 0, &nextIndentFormat, plContext), PKIX_ERRORCREATINGFORMATSTRING); PKIX_CHECK(PKIX_PL_Sprintf (&nextIndentString, plContext, nextIndentFormat, indent), PKIX_ERRORINSPRINTF); } else { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, ". ", 0, &nextIndentString, plContext), PKIX_ERRORCREATINGINDENTSTRING); } /* Prepare the format for concatenation. */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s\n%s", 0, &childrenFormat, plContext), PKIX_ERRORCREATINGFORMATSTRING); for (childIndex = 0; childIndex < numberOfChildren; childIndex++) { PKIX_CHECK(PKIX_List_GetItem (rootNode->children, childIndex, (PKIX_PL_Object **)&childNode, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(pkix_VerifyNode_ToString_Helper (childNode, nextIndentString, &childString, plContext), PKIX_ERRORCREATINGCHILDSTRING); PKIX_CHECK(PKIX_PL_Sprintf (&resultString, plContext, childrenFormat, thisItemString, childString), PKIX_ERRORINSPRINTF); PKIX_DECREF(childNode); PKIX_DECREF(childString); PKIX_DECREF(thisItemString); thisItemString = resultString; } } *pTreeString = thisItemString; cleanup: if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(thisItemString); } PKIX_DECREF(nextIndentFormat); PKIX_DECREF(thisNodeFormat); PKIX_DECREF(childrenFormat); PKIX_DECREF(nextIndentString); PKIX_DECREF(childString); PKIX_DECREF(childNode); PKIX_RETURN(VERIFYNODE); }
/* * FUNCTION: pkix_SingleVerifyNode_ToString * DESCRIPTION: * * Creates a String representation of the attributes of the VerifyNode pointed * to by "node", other than its children, and stores the result at "pString". * * PARAMETERS: * "node" * Address of VerifyNode to be described by the string. Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Conditionally Thread Safe * (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if function succeeds * Returns a VerifyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in a fatal way */ PKIX_Error * pkix_SingleVerifyNode_ToString( PKIX_VerifyNode *node, PKIX_PL_String **pString, void *plContext) { PKIX_PL_String *fmtString = NULL; PKIX_PL_String *errorString = NULL; PKIX_PL_String *outString = NULL; PKIX_PL_X500Name *issuerName = NULL; PKIX_PL_X500Name *subjectName = NULL; PKIX_PL_String *issuerString = NULL; PKIX_PL_String *subjectString = NULL; PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_ToString"); PKIX_NULLCHECK_THREE(node, pString, node->verifyCert); PKIX_TOSTRING(node->error, &errorString, plContext, PKIX_ERRORTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Cert_GetIssuer (node->verifyCert, &issuerName, plContext), PKIX_CERTGETISSUERFAILED); PKIX_TOSTRING(issuerName, &issuerString, plContext, PKIX_X500NAMETOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Cert_GetSubject (node->verifyCert, &subjectName, plContext), PKIX_CERTGETSUBJECTFAILED); PKIX_TOSTRING(subjectName, &subjectString, plContext, PKIX_X500NAMETOSTRINGFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "CERT[Issuer:%s, Subject:%s], depth=%d, error=%s", 0, &fmtString, plContext), PKIX_CANTCREATESTRING); PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, fmtString, issuerString, subjectString, node->depth, errorString), PKIX_SPRINTFFAILED); *pString = outString; cleanup: PKIX_DECREF(fmtString); PKIX_DECREF(errorString); PKIX_DECREF(issuerName); PKIX_DECREF(subjectName); PKIX_DECREF(issuerString); PKIX_DECREF(subjectString); PKIX_RETURN(VERIFYNODE); }
int test_buildchain_uchecker(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char * asciiResult = NULL; PKIX_Boolean result; PKIX_Boolean testValid = PKIX_TRUE; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_List *expectedCerts = NULL; PKIX_List *userOIDs = NULL; PKIX_PL_OID *oid = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; char *oidString = NULL; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ PKIX_TEST_STD_VARS(); if (argc < 5){ printUsage(); return (0); } startTests("BuildChain_UserChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } /* OID specified at argv[3+j] */ if (*argv[3+j] != '-') { if (*argv[3+j] == 'F') { supportForward = PKIX_TRUE; oidString = argv[3+j]+1; } else { oidString = argv[3+j]; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create (&userOIDs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (oidString, &oid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (userOIDs, (PKIX_PL_Object *)oid, plContext)); PKIX_TEST_DECREF_BC(oid); } subTest(argv[1+j]); dirName = argv[4+j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); chainLength = argc - j - 5; for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); if (k == (chainLength - 1)){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == 0){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_SetCertificate (certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create (testUserChecker, supportForward, PKIX_FALSE, userOIDs, NULL, &checker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker (procParams, checker, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain (procParams, &nbioContext, &buildState, &buildResult, NULL, plContext); if (testValid == PKIX_TRUE) { /* ENE */ if (pkixTestErrorResult){ (void) printf("UNEXPECTED RESULT RECEIVED!\n"); } else { (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } } else { /* EE */ if (pkixTestErrorResult){ (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { testError("UNEXPECTED RESULT RECEIVED"); } } if (buildResult){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_BuildResult_GetCertChain (buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetItem (certs, i, (PKIX_PL_Object**)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_Equals ((PKIX_PL_Object*)certs, (PKIX_PL_Object*)expectedCerts, &result, plContext)); if (!result){ testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII (actualCertsString, plContext); if (actualCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII (expectedCertsString, plContext); if (expectedCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void) printf("Actual value:\t%s\n", actualCertsAscii); (void) printf("Expected value:\t%s\n", expectedCertsAscii); if (chainLength - 1 != numUserCheckerCalled) { pkixTestErrorMsg = "PKIX user defined checker not called"; } goto cleanup; } } cleanup: PKIX_PL_Free(asciiResult, plContext); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(userOIDs); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
int test_comcertselparams(int argc, char *argv[]) { PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_PL_Cert *testCert = NULL; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_Cert *equalCert = NULL; PKIX_PL_Cert *diffCert = NULL; PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ PKIX_ComCertSelParams *goodParams = NULL; PKIX_ComCertSelParams *equalParams = NULL; PKIX_PL_X500Name *goodSubject = NULL; PKIX_PL_X500Name *equalSubject = NULL; PKIX_PL_X500Name *diffSubject = NULL; PKIX_PL_X500Name *testSubject = NULL; PKIX_Int32 goodMinPathLength = 0; PKIX_Int32 equalMinPathLength = 0; PKIX_Int32 diffMinPathLength = 0; PKIX_Int32 testMinPathLength = 0; PKIX_List *goodPolicies = NULL; /* OIDs */ PKIX_List *equalPolicies = NULL; /* OIDs */ PKIX_List *testPolicies = NULL; /* OIDs */ PKIX_List *cert2Policies = NULL; /* OIDs */ PKIX_PL_Date *testDate = NULL; PKIX_PL_Date *goodDate = NULL; PKIX_PL_Date *equalDate = NULL; PKIX_PL_String *stringRep = NULL; char *asciiRep = NULL; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 2) { printUsage(); return (0); } startTests("ComCertSelParams"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); dirName = argv[j + 1]; asciiRep = "050501000000Z"; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); /* Convert from List of CertPolicyInfos to List of OIDs */ test_CreateOIDList(testPolicyInfos, &testPolicies); subTest("Create goodParams and set its fields"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); subTest("Duplicate goodParams and verify copy"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, (PKIX_PL_Object **)&equalParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_TRUE, plContext); if (goodMinPathLength != equalMinPathLength) { testError("unexpected mismatch"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodCert, (PKIX_PL_Object *)equalCert, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodDate, (PKIX_PL_Object *)equalDate, PKIX_TRUE, plContext); PKIX_TEST_DECREF_BC(equalSubject); PKIX_TEST_DECREF_BC(equalPolicies); PKIX_TEST_DECREF_BC(equalCert); PKIX_TEST_DECREF_AC(equalDate); subTest("Set different values and verify differences"); diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); test_CreateOIDList(cert2PolicyInfos, &cert2Policies); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( equalParams, diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_FALSE, plContext); if (goodMinPathLength == equalMinPathLength) { testError("unexpected match"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_FALSE, plContext); test_NameConstraints(dirName); test_PathToNames(); test_SubjAltNames(); test_KeyUsages(); test_Version_Issuer_SerialNumber(); test_SubjKeyId_AuthKeyId(); test_SubjAlgId_SubjPublicKey(dirName); cleanup: PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodSubject); PKIX_TEST_DECREF_AC(equalSubject); PKIX_TEST_DECREF_AC(diffSubject); PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodPolicies); PKIX_TEST_DECREF_AC(equalPolicies); PKIX_TEST_DECREF_AC(testPolicies); PKIX_TEST_DECREF_AC(cert2Policies); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(equalParams); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(diffCert); PKIX_TEST_DECREF_AC(testCert); PKIX_TEST_DECREF_AC(goodBasicConstraints); PKIX_TEST_DECREF_AC(diffBasicConstraints); PKIX_TEST_DECREF_AC(testPolicyInfos); PKIX_TEST_DECREF_AC(cert2PolicyInfos); PKIX_TEST_DECREF_AC(stringRep); PKIX_TEST_DECREF_AC(testDate); PKIX_TEST_DECREF_AC(goodDate); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ComCertSelParams"); return (0); }
/* * FUNCTION: pkix_Logger_CheckErrors * DESCRIPTION: * * This function goes through each PKIX_Logger at "pkixLoggersList" and * checks if "maxLevel" and "logComponent" satisfies what is specified in the * PKIX_Logger. If satisfies, it invokes the callback in PKIX_Logger and * passes a PKIX_PL_String that is the concatenation of "message" and * "message2" to the application for processing. * Since this call is inserted into a handful of PKIX macros, no macros are * applied in this function, to avoid infinite recursion. * If an error occurs, this call is aborted. * * PARAMETERS: * "pkixLoggersList" * A list of PKIX_Loggers to be examined for invoking callback. Must be * non-NULL. * "message" * Address of "message" to be logged. Must be non-NULL. * "message2" * Address of "message2" to be concatenated and logged. May be NULL. * "logComponent" * A PKIX_UInt32 that indicates the component the message is from. * "maxLevel" * A PKIX_UInt32 that represents the level of severity of the message. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds * Returns a Fatal Error if the function fails in an unrecoverable way */ PKIX_Error * pkix_Logger_Check( PKIX_List *pkixLoggersList, const char *message, const char *message2, PKIX_ERRORCLASS logComponent, PKIX_UInt32 currentLevel, void *plContext) { PKIX_Logger *logger = NULL; PKIX_List *savedPkixLoggersErrors = NULL; PKIX_List *savedPkixLoggersDebugTrace = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *messageString = NULL; PKIX_PL_String *message2String = NULL; PKIX_PL_String *msgString = NULL; PKIX_Error *error = NULL; PKIX_Boolean needLogging = PKIX_FALSE; PKIX_UInt32 i, length; /* * We cannot use any the PKIX_ macros here, since this function is * called from some of these macros. It can create infinite recursion. */ if ((pkixLoggersList == NULL) || (message == NULL)) { return(NULL); } /* * Disable all subsequent loggings to avoid recursion. The result is * if other thread is calling this function at the same time, there * won't be any logging because the pkixLoggersErrors and * pkixLoggersDebugTrace are set to null. * It would be nice if we provide control per thread (e.g. make * plContext threadable) then we can avoid the recursion by setting * flag at plContext. Then other thread's logging won't be affected. * * Also we need to use a reentrant Lock. Although we avoid recursion * for TRACE. When there is an ERROR occurs in subsequent call, this * function will be called. */ error = PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext); if (error) { return(NULL); } savedPkixLoggersDebugTrace = pkixLoggersDebugTrace; pkixLoggersDebugTrace = NULL; savedPkixLoggersErrors = pkixLoggersErrors; pkixLoggersErrors = NULL; /* Convert message and message2 to String */ error = PKIX_PL_String_Create (PKIX_ESCASCII, message, 0, &messageString, plContext); if (error) { goto cleanup; } if (message2) { error = PKIX_PL_String_Create (PKIX_ESCASCII, message2, 0, &message2String, plContext); if (error) { goto cleanup; } error = PKIX_PL_String_Create (PKIX_ESCASCII, "%s %s", 0, &formatString, plContext); if (error) { goto cleanup; } } else { error = PKIX_PL_String_Create (PKIX_ESCASCII, "%s", 0, &formatString, plContext); if (error) { goto cleanup; } } error = PKIX_PL_Sprintf (&msgString, plContext, formatString, messageString, message2String); if (error) { goto cleanup; } /* Go through the Logger list */ error = PKIX_List_GetLength(pkixLoggersList, &length, plContext); if (error) { goto cleanup; } for (i = 0; i < length; i++) { error = PKIX_List_GetItem (pkixLoggersList, i, (PKIX_PL_Object **) &logger, plContext); if (error) { goto cleanup; } /* Intended logging level less or equal than the max */ needLogging = (currentLevel <= logger->maxLevel); if (needLogging && (logger->callback)) { /* * We separate Logger into two lists based on log level * but log level is not modified. We need to check here to * avoid logging the higher log level (lower value) twice. */ if (pkixLoggersList == pkixLoggersErrors) { needLogging = needLogging && (currentLevel <= PKIX_LOGGER_LEVEL_WARNING); } else if (pkixLoggersList == pkixLoggersDebugTrace) { needLogging = needLogging && (currentLevel > PKIX_LOGGER_LEVEL_WARNING); } if (needLogging) { if (logComponent == logger->logComponent) { needLogging = PKIX_TRUE; } else { needLogging = PKIX_FALSE; } } if (needLogging) { error = logger->callback (logger, msgString, currentLevel, logComponent, plContext); if (error) { goto cleanup; } } } error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)logger, plContext); logger = NULL; if (error) { goto cleanup; } } cleanup: if (formatString) { error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)formatString, plContext); } if (messageString) { error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)messageString, plContext); } if (message2String) { error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)message2String, plContext); } if (msgString) { error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)msgString, plContext); } if (logger) { error = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)logger, plContext); } if (pkixLoggersErrors == NULL && savedPkixLoggersErrors != NULL) { pkixLoggersErrors = savedPkixLoggersErrors; } if (pkixLoggersDebugTrace == NULL && savedPkixLoggersDebugTrace != NULL) { pkixLoggersDebugTrace = savedPkixLoggersDebugTrace; } error = PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext); if (error) { return(NULL); } return(NULL); }
int build_chain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *trustedCertFile = NULL; char *targetCertFile = NULL; char *storeDirAscii = NULL; PKIX_PL_String *storeDirString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion, numCerts, i; PKIX_UInt32 j = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char *asciiResult = NULL; PKIX_Boolean useArenas = PKIX_FALSE; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; PKIX_TEST_STD_VARS(); if (argc < 4) { printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext)); /* create processing params with list of trust anchors */ trustedCertFile = argv[j + 1]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); targetCertFile = argv[j + 2]; targetCert = createCert(targetCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ storeDirAscii = argv[j + 3]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams, &nbioContext, &buildState, &buildResult, NULL, plContext)); /* * As long as we use only CertStores with blocking I/O, we can omit * checking for completion with nbioContext. */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } cleanup: if (PKIX_TEST_ERROR_RECEIVED) { (void)printf("FAILED TO BUILD CHAIN\n"); } else { (void)printf("SUCCESSFULLY BUILT CHAIN\n"); } PKIX_PL_Free(asciiResult, plContext); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(storeDirString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); return (0); }
static PKIX_Error * testDefaultMultipleCertStores(PKIX_ValidateParams *valParams, char *crlDir1, char *crlDir2) { PKIX_PL_String *dirString1 = NULL; PKIX_PL_String *dirString2 = NULL; PKIX_CertStore *certStore1 = NULL; PKIX_CertStore *certStore2 = NULL; PKIX_List *certStoreList = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_TEST_STD_VARS(); subTest("PKIX_PL_CollectionCertStore_Create"); /* Create CollectionCertStore */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, crlDir1, 0, &dirString1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirString1, &certStore1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, crlDir2, 0, &dirString2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirString2, &certStore2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams (valParams, &procParams, plContext)); /* Add multiple CollectionCertStores */ subTest("PKIX_ProcessingParams_SetCertStores"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certStoreList, (PKIX_PL_Object *)certStore1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStoreList, plContext)); subTest("PKIX_ProcessingParams_AddCertStore"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore (procParams, certStore2, plContext)); subTest("PKIX_ProcessingParams_SetRevocationEnabled"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled (procParams, PKIX_TRUE, plContext)); cleanup: PKIX_TEST_DECREF_AC(dirString1); PKIX_TEST_DECREF_AC(dirString2); PKIX_TEST_DECREF_AC(certStore1); PKIX_TEST_DECREF_AC(certStore2); PKIX_TEST_DECREF_AC(certStoreList); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_RETURN(); return (0); }
/* * FUNCTION: pkix_pl_CRL_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the CRL pointed * to by "crl" and stores it at "pString". * * PARAMETERS * "crl" * Address of CRL whose string representation is desired. * Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_ToString_Helper( PKIX_PL_CRL *crl, PKIX_PL_String **pString, void *plContext) { char *asciiFormat = NULL; PKIX_UInt32 crlVersion; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; PKIX_List *crlEntryList = NULL; PKIX_List *critExtOIDs = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *crlIssuerString = NULL; PKIX_PL_String *lastUpdateString = NULL; PKIX_PL_String *nextUpdateString = NULL; PKIX_PL_String *nssSignatureAlgIdString = NULL; PKIX_PL_String *crlNumberString = NULL; PKIX_PL_String *crlEntryListString = NULL; PKIX_PL_String *critExtOIDsString = NULL; PKIX_PL_String *crlString = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_ToString_Helper"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pString); asciiFormat = "[\n" "\tVersion: v%d\n" "\tIssuer: %s\n" "\tUpdate: [Last: %s\n" "\t Next: %s]\n" "\tSignatureAlgId: %s\n" "\tCRL Number : %s\n" "\n" "\tEntry List: %s\n" "\n" "\tCritExtOIDs: %s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Version */ PKIX_CHECK(pkix_pl_CRL_GetVersion(crl, &crlVersion, plContext), PKIX_CRLGETVERSIONFAILED); /* Issuer */ PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext), PKIX_CRLGETISSUERFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)crlIssuer, &crlIssuerString, plContext), PKIX_X500NAMETOSTRINGFAILED); /* This update - No Date object created, use nss data directly */ PKIX_CHECK(pkix_pl_Date_ToString_Helper (&(crl->nssSignedCrl->crl.lastUpdate), &lastUpdateString, plContext), PKIX_DATETOSTRINGHELPERFAILED); /* Next update - No Date object created, use nss data directly */ PKIX_CHECK(pkix_pl_Date_ToString_Helper (&(crl->nssSignedCrl->crl.nextUpdate), &nextUpdateString, plContext), PKIX_DATETOSTRINGHELPERFAILED); /* Signature Algorithm Id */ PKIX_CHECK(pkix_pl_CRL_GetSignatureAlgId (crl, &nssSignatureAlgId, plContext), PKIX_CRLGETSIGNATUREALGIDFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)nssSignatureAlgId, &nssSignatureAlgIdString, plContext), PKIX_OIDTOSTRINGFAILED); /* CRL Number */ PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber (crl, &crlNumber, plContext), PKIX_CRLGETCRLNUMBERFAILED); PKIX_TOSTRING(crlNumber, &crlNumberString, plContext, PKIX_BIGINTTOSTRINGFAILED); /* CRL Entries */ PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext), PKIX_CRLGETCRLENTRIESFAILED); PKIX_TOSTRING(crlEntryList, &crlEntryListString, plContext, PKIX_LISTTOSTRINGFAILED); /* CriticalExtensionOIDs */ PKIX_CHECK(PKIX_PL_CRL_GetCriticalExtensionOIDs (crl, &critExtOIDs, plContext), PKIX_CRLGETCRITICALEXTENSIONOIDSFAILED); PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext, PKIX_LISTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&crlString, plContext, formatString, crlVersion + 1, crlIssuerString, lastUpdateString, nextUpdateString, nssSignatureAlgIdString, crlNumberString, crlEntryListString, critExtOIDsString), PKIX_SPRINTFFAILED); *pString = crlString; cleanup: PKIX_DECREF(crlIssuer); PKIX_DECREF(nssSignatureAlgId); PKIX_DECREF(crlNumber); PKIX_DECREF(crlEntryList); PKIX_DECREF(critExtOIDs); PKIX_DECREF(crlIssuerString); PKIX_DECREF(lastUpdateString); PKIX_DECREF(nextUpdateString); PKIX_DECREF(nssSignatureAlgIdString); PKIX_DECREF(crlNumberString); PKIX_DECREF(crlEntryListString); PKIX_DECREF(critExtOIDsString); PKIX_DECREF(formatString); PKIX_RETURN(CRL); }
int test_buildchain_resourcelimits(int argc, char *argv[]) { PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; PKIX_ResourceLimits *resourceLimits = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = 0; /* 0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *expectedCerts = NULL; PKIX_Boolean testValid = PKIX_FALSE; PKIX_Boolean usebind = PKIX_FALSE; PKIX_Boolean useLDAP = PKIX_FALSE; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain_ResourceLimits"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* set resource limits */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext)); /* need longer time when running dbx for memory leak checking */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext)); /* build cert chain using processing params and return buildResult */ subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>"); Test_BuildResult(procParams, testValid, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext)); subTest("Testing ResourceLimits MaxFanout - <fail>"); Test_BuildResult(procParams, PKIX_FALSE, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext)); subTest("Testing ResourceLimits MaxDepth - <fail>"); Test_BuildResult(procParams, PKIX_FALSE, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext)); subTest("Testing ResourceLimits No checking - <pass>"); Test_BuildResult(procParams, testValid, expectedCerts, plContext); cleanup: PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_DECREF_AC(resourceLimits); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
/* * FUNCTION: pkix_Logger_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_Logger_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_Logger *logger = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *contextString = NULL; PKIX_PL_String *componentString = NULL; PKIX_PL_String *loggerString = NULL; PKIX_ENTER(LOGGER, "pkix_Logger_ToString_Helper"); PKIX_NULLCHECK_TWO(object, pString); /* Check that this object is a logger */ PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext), PKIX_OBJECTNOTLOGGER); logger = (PKIX_Logger *)object; asciiFormat = "[\n" "\tLogger: \n" "\tContext: %s\n" "\tMaximum Level: %d\n" "\tComponent Name: %s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_TOSTRING(logger->context, &contextString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, (void *)PKIX_ERRORCLASSNAMES[logger->logComponent], 0, &componentString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&loggerString, plContext, formatString, contextString, logger->maxLevel, componentString), PKIX_SPRINTFFAILED); *pString = loggerString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(contextString); PKIX_RETURN(LOGGER); }
/* * FUNCTION: pkix_List_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the List pointed * to by "list" and stores its address in the object pointed to by "pString". * * PARAMETERS * "list" * Address of List whose string representation is desired. * Must be non-NULL. * "pString" * Address of object pointer's destination. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Conditionally Thread Safe * (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a List Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_List_ToString_Helper( PKIX_List *list, PKIX_PL_String **pString, void *plContext) { PKIX_PL_String *itemString = NULL; PKIX_PL_String *nextString = NULL; PKIX_PL_String *format = NULL; PKIX_Boolean empty; PKIX_ENTER(LIST, "pkix_List_ToString_Helper"); PKIX_NULLCHECK_TWO(list, pString); /* special case when list is the header */ if (list->isHeader){ PKIX_CHECK(PKIX_List_IsEmpty(list, &empty, plContext), PKIX_LISTISEMPTYFAILED); if (empty){ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "EMPTY", 0, &itemString, plContext), PKIX_ERRORCREATINGITEMSTRING); (*pString) = itemString; PKIX_DEBUG_EXIT(LIST); return (NULL); } else { PKIX_CHECK(pkix_List_ToString_Helper (list->next, &itemString, plContext), PKIX_LISTTOSTRINGHELPERFAILED); } /* Create a string object from the format */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s", 0, &format, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, format, itemString), PKIX_SPRINTFFAILED); } else { /* Get a string for this list's item */ if (list->item == NULL) { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "(null)", 0, &itemString, plContext), PKIX_STRINGCREATEFAILED); } else { PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object*)list->item, &itemString, plContext), PKIX_OBJECTTOSTRINGFAILED); } if (list->next == NULL) { /* Just return the itemstring */ (*pString) = itemString; PKIX_DEBUG_EXIT(LIST); return (NULL); } /* Recursive call to get string for this list's next pointer */ PKIX_CHECK(pkix_List_ToString_Helper (list->next, &nextString, plContext), PKIX_LISTTOSTRINGHELPERFAILED); /* Create a string object from the format */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s, %s", 0, &format, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, format, itemString, nextString), PKIX_SPRINTFFAILED); } cleanup: PKIX_DECREF(itemString); PKIX_DECREF(nextString); PKIX_DECREF(format); PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_pl_CertBasicConstraints_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_CertBasicConstraints_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_PL_String *certBasicConstraintsString = NULL; PKIX_PL_CertBasicConstraints *certB = NULL; PKIX_Boolean isCA = PKIX_FALSE; PKIX_Int32 pathLen = 0; PKIX_PL_String *outString = NULL; char *fmtString = NULL; PKIX_Boolean pathlenArg = PKIX_FALSE; PKIX_ENTER(CERTBASICCONSTRAINTS, "pkix_pl_CertBasicConstraints_toString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext), PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT); certB = (PKIX_PL_CertBasicConstraints *)object; /* * if CA == TRUE * if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT * print "CA(-1)" * else print "CA(nnn)" * if CA == FALSE, print "~CA" */ isCA = certB->isCA; if (isCA) { pathLen = certB->pathLen; if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) { /* print "CA(-1)" */ fmtString = "CA(-1)"; pathlenArg = PKIX_FALSE; } else { /* print "CA(pathLen)" */ fmtString = "CA(%d)"; pathlenArg = PKIX_TRUE; } } else { /* print "~CA" */ fmtString = "~CA"; pathlenArg = PKIX_FALSE; } PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, fmtString, 0, &certBasicConstraintsString, plContext), PKIX_STRINGCREATEFAILED); if (pathlenArg) { PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, certBasicConstraintsString, pathLen), PKIX_SPRINTFFAILED); } else { PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, certBasicConstraintsString), PKIX_SPRINTFFAILED); } *pString = outString; cleanup: PKIX_DECREF(certBasicConstraintsString); PKIX_RETURN(CERTBASICCONSTRAINTS); }
static void test_Version_Issuer_SerialNumber(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_UInt32 version = 0; PKIX_PL_X500Name *setIssuer = NULL; PKIX_PL_X500Name *getIssuer = NULL; PKIX_PL_String *str = NULL; PKIX_PL_BigInt *setSerialNumber = NULL; PKIX_PL_BigInt *getSerialNumber = NULL; PKIX_Boolean isEqual = PKIX_FALSE; char *bigInt = "999999999999999999"; PKIX_TEST_STD_VARS(); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); /* Version */ subTest("PKIX_ComCertSelParams_SetVersion"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); subTest("PKIX_ComCertSelParams_GetVersion"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); if (version != 2) { testError("unexpected Version mismatch <expect 2>"); } /* Issuer */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); PKIX_TEST_DECREF_BC(str); subTest("PKIX_ComCertSelParams_SetIssuer"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); subTest("PKIX_ComCertSelParams_GetIssuer"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, (PKIX_PL_Object *)getIssuer, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Issuer mismatch <expect equal>"); } /* Serial Number */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); subTest("PKIX_ComCertSelParams_SetSerialNumber"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); subTest("PKIX_ComCertSelParams_GetSerialNumber"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, (PKIX_PL_Object *)getSerialNumber, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Serial Number mismatch <expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(str); PKIX_TEST_DECREF_AC(setIssuer); PKIX_TEST_DECREF_AC(getIssuer); PKIX_TEST_DECREF_AC(setSerialNumber); PKIX_TEST_DECREF_AC(getSerialNumber); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_TrustAnchor_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_TrustAnchor_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_TrustAnchor *anchor = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *anchorString = NULL; PKIX_PL_String *certString = NULL; PKIX_PL_String *nameString = NULL; PKIX_PL_String *pubKeyString = NULL; PKIX_PL_String *nameConstraintsString = NULL; PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext), PKIX_OBJECTNOTTRUSTANCHOR); anchor = (PKIX_TrustAnchor*)object; if (anchor->trustedCert){ asciiFormat = "[\n" "\tTrusted Cert: %s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->trustedCert, &certString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&anchorString, plContext, formatString, certString), PKIX_SPRINTFFAILED); } else { asciiFormat = "[\n" "\tTrusted CA Name: %s\n" "\tTrusted CA PublicKey: %s\n" "\tInitial Name Constraints:%s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->caName, &nameString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->caPubKey, &pubKeyString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING (anchor->nameConstraints, &nameConstraintsString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&anchorString, plContext, formatString, nameString, pubKeyString, nameConstraintsString), PKIX_SPRINTFFAILED); } *pString = anchorString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(certString); PKIX_DECREF(nameString); PKIX_DECREF(pubKeyString); PKIX_DECREF(nameConstraintsString); PKIX_RETURN(TRUSTANCHOR); }
/* * FUNCTION: pkix_ProcessingParams_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ProcessingParams_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_ProcessingParams *procParams = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *procParamsString = NULL; PKIX_PL_String *anchorsString = NULL; PKIX_PL_String *dateString = NULL; PKIX_PL_String *constraintsString = NULL; PKIX_PL_String *InitialPoliciesString = NULL; PKIX_PL_String *qualsRejectedString = NULL; PKIX_List *certStores = NULL; PKIX_PL_String *certStoresString = NULL; PKIX_PL_String *resourceLimitsString = NULL; PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType (object, PKIX_PROCESSINGPARAMS_TYPE, plContext), PKIX_OBJECTNOTPROCESSINGPARAMS); asciiFormat = "[\n" "\tTrust Anchors: \n" "\t********BEGIN LIST OF TRUST ANCHORS********\n" "\t\t%s\n" "\t********END LIST OF TRUST ANCHORS********\n" "\tDate: \t\t%s\n" "\tTarget Constraints: %s\n" "\tInitial Policies: %s\n" "\tQualifiers Rejected: %s\n" "\tCert Stores: %s\n" "\tResource Limits: %s\n" "\tCRL Checking Enabled: %d\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); procParams = (PKIX_ProcessingParams*)object; PKIX_TOSTRING(procParams->trustAnchors, &anchorsString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING(procParams->date, &dateString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING(procParams->constraints, &constraintsString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING (procParams->initialPolicies, &InitialPoliciesString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, (procParams->qualifiersRejected)?"TRUE":"FALSE", 0, &qualsRejectedString, plContext), PKIX_STRINGCREATEFAILED); /* There is no ToString function for CertChainCheckers */ PKIX_CHECK(PKIX_ProcessingParams_GetCertStores (procParams, &certStores, plContext), PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED); PKIX_TOSTRING(certStores, &certStoresString, plContext, PKIX_LISTTOSTRINGFAILED); PKIX_TOSTRING(procParams->resourceLimits, &resourceLimitsString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&procParamsString, plContext, formatString, anchorsString, dateString, constraintsString, InitialPoliciesString, qualsRejectedString, certStoresString, resourceLimitsString, procParams->isCrlRevocationCheckingEnabled, procParams->isCrlRevocationCheckingEnabledWithNISTPolicy), PKIX_SPRINTFFAILED); *pString = procParamsString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(anchorsString); PKIX_DECREF(dateString); PKIX_DECREF(constraintsString); PKIX_DECREF(InitialPoliciesString); PKIX_DECREF(qualsRejectedString); PKIX_DECREF(certStores); PKIX_DECREF(certStoresString); PKIX_DECREF(resourceLimitsString); PKIX_RETURN(PROCESSINGPARAMS); }