int test_subjaltnamechecker(int argc, char *argv[]){ PKIX_List *chain = NULL; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_CertSelector *selector = NULL; PKIX_ComCertSelParams *selParams = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_PL_GeneralName *name = NULL; PKIX_UInt32 actualMinorVersion; char *certNames[PKIX_TEST_MAX_CERTS]; PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; PKIX_UInt32 chainLength = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; char *nameStr; char *nameEnd; char *names[PKIX_TEST_MAX_CERTS]; PKIX_UInt32 numNames = 0; PKIX_UInt32 nameType; PKIX_Boolean matchAll = PKIX_TRUE; PKIX_Boolean testValid = PKIX_TRUE; char *dirName = NULL; char *anchorName = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage1(argv[0]); return (0); } startTests("SubjAltNameConstraintChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); j++; /* skip test-purpose string */ /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage1(argv[0]); return (0); } /* taking out leading and trailing ", if any */ nameStr = argv[1+j]; subTest(nameStr); if (*nameStr == '"'){ nameStr++; nameEnd = nameStr; while (*nameEnd != '"' && *nameEnd != '\0') { nameEnd++; } *nameEnd = '\0'; } /* extract first [0|1] inidcating matchAll or not */ matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE; nameStr++; numNames = 0; while (*nameStr != '\0') { names[numNames++] = nameStr; while (*nameStr != '+' && *nameStr != '\0') { nameStr++; } if (*nameStr == '+') { *nameStr = '\0'; nameStr++; } } chainLength = (argc - j) - 4; if (chainLength > PKIX_TEST_MAX_CERTS) { printUsageMax(chainLength); } for (i = 0; i < chainLength; i++) { certNames[i] = argv[(4+j)+i]; certs[i] = NULL; } /* SubjAltName for validation */ subTest("Add Subject Alt Name for NameConstraint checking"); subTest("Create Selector and ComCertSelParams"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create (NULL, NULL, &selector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create (&selParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_SetCommonCertSelectorParams (selector, selParams, plContext)); subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames (selParams, matchAll, plContext)); subTest("PKIX_ComCertSelParams_AddSubjAltName(s)"); for (i = 0; i < numNames; i++) { nameType = getNameType(names[i]); if (nameType == 0xFFFF) { return (0); } nameStr = names[i] + 2; name = createGeneralName(nameType, nameStr, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName (selParams, name, plContext)); PKIX_TEST_DECREF_BC(name); } subTest("SubjAltName-Constraints - Create Cert Chain"); dirName = argv[3+j]; chain = createCertChainPlus (dirName, certNames, certs, chainLength, plContext); subTest("SubjAltName-Constraints - Create Params"); valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chain, plContext); subTest("PKIX_ValidateParams_getProcessingParams"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams (valParams, &procParams, plContext)); subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints (procParams, selector, plContext)); subTest("Subject Alt Name - Validate Chain"); if (testValid == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } else { PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } cleanup: PKIX_PL_Free(anchorName, plContext); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(chain); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(selector); PKIX_TEST_DECREF_AC(selParams); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(name); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("SubjAltNameConstraintsChecker"); return (0); }
bool INameInfo::matchesSelector(std::string name, NameType nameType) { auto thisNameType = getNameType(); return ((nameType & thisNameType) == thisNameType) && (getName().compare(name) == 0); }
bool MapcrafterConfig::parse(const std::string& filename, ValidationMap& validation) { INIConfig config; ValidationMessage msg; if (!config.loadFile(filename, msg)) { validation.push_back(std::make_pair("Configuration file", makeValidationList(msg))); return false; } fs::path config_dir = fs::path(filename).parent_path(); bool ok = true; ValidationList general_msgs; bool has_default_template = !util::findTemplateDir().empty(); if (has_default_template) template_dir.setDefault(util::findTemplateDir()); auto entries = config.getRootSection().getEntries(); for (auto entry_it = entries.begin(); entry_it != entries.end(); ++entry_it) { std::string key = entry_it->first; std::string value = entry_it->second; if (key == "output_dir") { if (output_dir.load(key, value, general_msgs)) output_dir.setValue(BOOST_FS_ABSOLUTE(output_dir.getValue(), config_dir)); } else if (key == "template_dir") { if (template_dir.load(key, value, general_msgs)) { template_dir.setValue(BOOST_FS_ABSOLUTE(template_dir.getValue(), config_dir)); if (!fs::is_directory(template_dir.getValue())) general_msgs.push_back(ValidationMessage::error( "'template_dir' must be an existing directory! '" + template_dir.getValue().string() + "' does not exist!")); } } else { general_msgs.push_back(ValidationMessage::warning( "Unknown configuration option '" + key + "'!")); } } if (!output_dir.require(general_msgs, "You have to specify an output directory ('output_dir')!")) ok = false; if (!has_default_template) template_dir.require(general_msgs, "You have to specify a template directory ('template_dir')!"); if (!general_msgs.empty()) validation.push_back(std::make_pair("Configuration file", general_msgs)); if (config.hasSection("global", "worlds")) { ValidationList msgs; world_global.setConfigDir(config_dir); ok = world_global.parse(config.getSection("global", "worlds"), msgs) && ok; if (!msgs.empty()) validation.push_back(std::make_pair("Global world configuration", msgs)); if (!ok) return false; } if (config.hasSection("global", "maps")) { ValidationList msgs; map_global.setConfigDir(config_dir); ok = map_global.parse(config.getSection("global", "maps"), msgs) && ok; if (!msgs.empty()) validation.push_back(std::make_pair("Global map configuration", msgs)); if (!ok) return false; } auto sections = config.getSections(); for (auto it = sections.begin(); it != sections.end(); ++it) if (it->getType() != "world" && it->getType() != "map" && it->getNameType() != "global:worlds" && it->getNameType() != "global:maps") { validation.push_back(std::make_pair("Section '" + it->getName() + "' with type '" + it->getType() + "'", makeValidationList(ValidationMessage::warning("Unknown section type!")))); } for (auto it = sections.begin(); it != sections.end(); ++it) { if (it->getType() != "world") continue; ValidationList msgs; WorldSection world = world_global; world.setGlobal(false); world.setConfigDir(config_dir); ok = world.parse(*it, msgs) && ok; if (hasWorld(it->getName())) { msgs.push_back(ValidationMessage::error("World name '" + it->getName() + "' already used!")); ok = false; } else worlds[it->getName()] = world; if (!msgs.empty()) validation.push_back(std::make_pair("World section '" + it->getName() + "'", msgs)); } for (auto it = sections.begin(); it != sections.end(); ++it) { if (it->getType() != "map") continue; ValidationList msgs; MapSection map = map_global; map.setGlobal(false); map.setConfigDir(config_dir); ok = map.parse(*it, msgs) && ok; if (hasMap(it->getName())) { msgs.push_back(ValidationMessage::error("Map name '" + it->getName() + "' already used!")); ok = false; } else if (map.getWorld() != "" && !hasWorld(map.getWorld())) { msgs.push_back(ValidationMessage::error("World '" + map.getWorld() + "' does not exist!")); ok = false; } else maps.push_back(map); if (!msgs.empty()) validation.push_back(std::make_pair("Map section '" + it->getName() + "'", msgs)); } return ok; }