int test_subjaltnamechecker(int argc, char *argv[]){
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_CertSelector *selector = NULL;
PKIX_ComCertSelParams *selParams = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_GeneralName *name = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
char *nameStr;
char *nameEnd;
char *names[PKIX_TEST_MAX_CERTS];
PKIX_UInt32 numNames = 0;
PKIX_UInt32 nameType;
PKIX_Boolean matchAll = PKIX_TRUE;
PKIX_Boolean testValid = PKIX_TRUE;
char *dirName = NULL;
char *anchorName = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage1(argv[0]);
return (0);
}
startTests("SubjAltNameConstraintChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
j++; /* skip test-purpose string */
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
/* taking out leading and trailing ", if any */
nameStr = argv[1+j];
subTest(nameStr);
if (*nameStr == '"'){
nameStr++;
nameEnd = nameStr;
while (*nameEnd != '"' && *nameEnd != '\0') {
nameEnd++;
}
*nameEnd = '\0';
}
/* extract first [0|1] inidcating matchAll or not */
matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE;
nameStr++;
numNames = 0;
while (*nameStr != '\0') {
names[numNames++] = nameStr;
while (*nameStr != '+' && *nameStr != '\0') {
nameStr++;
}
if (*nameStr == '+') {
*nameStr = '\0';
nameStr++;
}
}
chainLength = (argc - j) - 4;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[(4+j)+i];
certs[i] = NULL;
}
/* SubjAltName for validation */
subTest("Add Subject Alt Name for NameConstraint checking");
subTest("Create Selector and ComCertSelParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
(NULL, NULL, &selector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
(&selParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_SetCommonCertSelectorParams
(selector, selParams, plContext));
subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
(selParams, matchAll, plContext));
subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
for (i = 0; i < numNames; i++) {
nameType = getNameType(names[i]);
if (nameType == 0xFFFF) {
return (0);
}
nameStr = names[i] + 2;
name = createGeneralName(nameType, nameStr, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
(selParams, name, plContext));
PKIX_TEST_DECREF_BC(name);
}
subTest("SubjAltName-Constraints - Create Cert Chain");
dirName = argv[3+j];
chain = createCertChainPlus
(dirName, certNames, certs, chainLength, plContext);
subTest("SubjAltName-Constraints - Create Params");
valParams = createValidateParams
(dirName,
argv[4+j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("PKIX_ValidateParams_getProcessingParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
(valParams, &procParams, plContext));
subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, selector, plContext));
subTest("Subject Alt Name - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
}
cleanup:
PKIX_PL_Free(anchorName, plContext);
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(chain);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(selector);
PKIX_TEST_DECREF_AC(selParams);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(name);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("SubjAltNameConstraintsChecker");
return (0);
}
bool INameInfo::matchesSelector(std::string name, NameType nameType)
{
auto thisNameType = getNameType();
return ((nameType & thisNameType) == thisNameType) && (getName().compare(name) == 0);
}
bool MapcrafterConfig::parse(const std::string& filename, ValidationMap& validation) {
INIConfig config;
ValidationMessage msg;
if (!config.loadFile(filename, msg)) {
validation.push_back(std::make_pair("Configuration file", makeValidationList(msg)));
return false;
}
fs::path config_dir = fs::path(filename).parent_path();
bool ok = true;
ValidationList general_msgs;
bool has_default_template = !util::findTemplateDir().empty();
if (has_default_template)
template_dir.setDefault(util::findTemplateDir());
auto entries = config.getRootSection().getEntries();
for (auto entry_it = entries.begin(); entry_it != entries.end(); ++entry_it) {
std::string key = entry_it->first;
std::string value = entry_it->second;
if (key == "output_dir") {
if (output_dir.load(key, value, general_msgs))
output_dir.setValue(BOOST_FS_ABSOLUTE(output_dir.getValue(), config_dir));
} else if (key == "template_dir") {
if (template_dir.load(key, value, general_msgs)) {
template_dir.setValue(BOOST_FS_ABSOLUTE(template_dir.getValue(), config_dir));
if (!fs::is_directory(template_dir.getValue()))
general_msgs.push_back(ValidationMessage::error(
"'template_dir' must be an existing directory! '"
+ template_dir.getValue().string() + "' does not exist!"));
}
} else {
general_msgs.push_back(ValidationMessage::warning(
"Unknown configuration option '" + key + "'!"));
}
}
if (!output_dir.require(general_msgs, "You have to specify an output directory ('output_dir')!"))
ok = false;
if (!has_default_template)
template_dir.require(general_msgs, "You have to specify a template directory ('template_dir')!");
if (!general_msgs.empty())
validation.push_back(std::make_pair("Configuration file", general_msgs));
if (config.hasSection("global", "worlds")) {
ValidationList msgs;
world_global.setConfigDir(config_dir);
ok = world_global.parse(config.getSection("global", "worlds"), msgs) && ok;
if (!msgs.empty())
validation.push_back(std::make_pair("Global world configuration", msgs));
if (!ok)
return false;
}
if (config.hasSection("global", "maps")) {
ValidationList msgs;
map_global.setConfigDir(config_dir);
ok = map_global.parse(config.getSection("global", "maps"), msgs) && ok;
if (!msgs.empty())
validation.push_back(std::make_pair("Global map configuration", msgs));
if (!ok)
return false;
}
auto sections = config.getSections();
for (auto it = sections.begin(); it != sections.end(); ++it)
if (it->getType() != "world" && it->getType() != "map"
&& it->getNameType() != "global:worlds"
&& it->getNameType() != "global:maps") {
validation.push_back(std::make_pair("Section '" + it->getName() + "' with type '" + it->getType() + "'",
makeValidationList(ValidationMessage::warning("Unknown section type!"))));
}
for (auto it = sections.begin(); it != sections.end(); ++it) {
if (it->getType() != "world")
continue;
ValidationList msgs;
WorldSection world = world_global;
world.setGlobal(false);
world.setConfigDir(config_dir);
ok = world.parse(*it, msgs) && ok;
if (hasWorld(it->getName())) {
msgs.push_back(ValidationMessage::error("World name '" + it->getName() + "' already used!"));
ok = false;
} else
worlds[it->getName()] = world;
if (!msgs.empty())
validation.push_back(std::make_pair("World section '" + it->getName() + "'", msgs));
}
for (auto it = sections.begin(); it != sections.end(); ++it) {
if (it->getType() != "map")
continue;
ValidationList msgs;
MapSection map = map_global;
map.setGlobal(false);
map.setConfigDir(config_dir);
ok = map.parse(*it, msgs) && ok;
if (hasMap(it->getName())) {
msgs.push_back(ValidationMessage::error("Map name '" + it->getName() + "' already used!"));
ok = false;
} else if (map.getWorld() != "" && !hasWorld(map.getWorld())) {
msgs.push_back(ValidationMessage::error("World '" + map.getWorld() + "' does not exist!"));
ok = false;
} else
maps.push_back(map);
if (!msgs.empty())
validation.push_back(std::make_pair("Map section '" + it->getName() + "'", msgs));
}
return ok;
}
