/*
* This test is the same as testDuplicateHelper, except that it
* produces a more useful "Actual value" and "Expected value"
* in the case of an unexpected mismatch.
*/
static void
test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext)
{
PKIX_PolicyNode *newObject = NULL;
PKIX_Boolean cmpResult;
PKIX_PL_String *original = NULL;
PKIX_PL_String *copy = NULL;
PKIX_TEST_STD_VARS();
subTest("testing pkix_PolicyNode_Duplicate");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)object,
(PKIX_PL_Object **)&newObject,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
((PKIX_PL_Object *)object,
(PKIX_PL_Object *)newObject,
&cmpResult,
plContext));
if (!cmpResult){
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)object, &original, plContext));
testError("unexpected mismatch");
(void) printf
("original value:\t%s\n", original->escAsciiString);
if (newObject) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)newObject, ©, plContext));
(void) printf
("copy value:\t%s\n", copy->escAsciiString);
} else {
(void) printf("copy value:\t(NULL)\n");
}
}
cleanup:
PKIX_TEST_DECREF_AC(newObject);
PKIX_TEST_DECREF_AC(original);
PKIX_TEST_DECREF_AC(copy);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: treeToStringHelper
* This function obtains the string representation of a PolicyNode
* Tree and compares it to the expected value.
* PARAMETERS:
* "parent" - a PolicyNode, the root of a PolicyNodeTree;
* must be non-NULL.
* "expected" - the desired string.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads can safely call this function without worrying
* about conflicts, even if they're operating on the same object.
* RETURNS:
* Nothing.
*/
static void
treeToStringHelper(PKIX_PolicyNode *parent, char *expected)
{
PKIX_PL_String *stringRep = NULL;
char *actual = NULL;
PKIX_TEST_STD_VARS();
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object *)parent, &stringRep, plContext));
actual = PKIX_String2ASCII(stringRep, plContext);
if (actual == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
if (PL_strcmp(actual, expected) != 0){
testError("unexpected mismatch");
(void) printf("Actual value:\t%s\n", actual);
(void) printf("Expected value:\t%s\n", expected);
}
cleanup:
PKIX_PL_Free(actual, plContext);
PKIX_TEST_DECREF_AC(stringRep);
PKIX_TEST_RETURN();
}
static void printValidPolicyTree(PKIX_ValidateResult *valResult)
{
PKIX_PolicyNode* validPolicyTree = NULL;
PKIX_PL_String *treeString = NULL;
PKIX_TEST_STD_VARS();
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree
(valResult, &validPolicyTree, plContext));
if (validPolicyTree) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)validPolicyTree,
&treeString,
plContext));
(void) printf("validPolicyTree is\n\t%s\n",
treeString->escAsciiString);
} else {
(void) printf("validPolicyTree is NULL\n");
}
cleanup:
PKIX_TEST_DECREF_AC(validPolicyTree);
PKIX_TEST_DECREF_AC(treeString);
PKIX_TEST_RETURN();
}
int
test_buildchain(int argc, char *argv[])
{
PKIX_BuildResult *buildResult = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_PublicKey *trustedPubKey = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_RevocationChecker *revChecker = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_ProcessingParams *procParams = NULL;
char *dirName = NULL;
PKIX_PL_String *dirNameString = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *targetCert = NULL;
PKIX_UInt32 actualMinorVersion = 0;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_CertStore *ldapCertStore = NULL;
PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
/* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
PKIX_List *revCheckers = NULL;
char *asciiResult = NULL;
PKIX_Boolean result = PKIX_FALSE;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_List *expectedCerts = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
void *state = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
PRPollDesc *pollDesc = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage();
return (0);
}
startTests("BuildChain");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/*
* arguments:
* [optional] -arenas
* [optional] usebind
* servername or servername:port ( - for no server)
* testname
* EE or ENE
* cert directory
* target cert (end entity)
* intermediate certs
* trust anchor
*/
/* optional argument "usebind" for Ldap CertStore */
if (argv[j + 1]) {
if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
usebind = PKIX_TRUE;
j++;
}
}
if (PORT_Strcmp(argv[++j], "-") == 0) {
useLDAP = PKIX_FALSE;
} else {
serverName = argv[j];
useLDAP = PKIX_TRUE;
}
subTest(argv[++j]);
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[++j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
dirName = argv[++j];
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
for (k = ++j; k < (PKIX_UInt32)argc; k++) {
dirCert = createCert(dirName, argv[k], plContext);
if (k == (PKIX_UInt32)(argc - 1)) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
trustedCert = dirCert;
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
(PKIX_PL_Object *)dirCert,
plContext));
if (k == j) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
targetCert = dirCert;
}
}
PKIX_TEST_DECREF_BC(dirCert);
}
/* create processing params with list of trust anchors */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
/* create CertSelector with target certificate in params */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
/* create CertStores */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
if (useLDAP == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
(PKIX_PL_Object *)ldapCertStore,
plContext));
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
NULL, /* testDate, may be NULL */
trustedPubKey,
numCerts,
&revChecker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
#ifdef debuggingWithoutRevocation
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
#endif
/* build cert chain using processing params and return buildResult */
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
&verifyTree,
plContext);
while (pollDesc != NULL) {
if (PR_Poll(pollDesc, 1, 0) < 0) {
testError("PR_Poll failed");
}
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
&verifyTree,
plContext);
}
if (pkixTestErrorResult) {
if (testValid == PKIX_FALSE) { /* EE */
(void)printf("EXPECTED ERROR RECEIVED!\n");
} else { /* ENE */
testError("UNEXPECTED ERROR RECEIVED");
}
} else {
if (testValid == PKIX_TRUE) { /* ENE */
(void)printf("EXPECTED NON-ERROR RECEIVED!\n");
} else { /* EE */
(void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
}
}
subTest("Displaying VerifyNode objects");
if (verifyTree == NULL) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext));
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
}
(void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
if (pkixTestErrorResult) {
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
goto cleanup;
}
if (buildResult) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
i,
(PKIX_PL_Object **)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
/* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
(PKIX_PL_Object *)expectedCerts,
&result,
plContext));
if (!result) {
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
if (actualCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
if (expectedCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void)printf("Actual value:\t%s\n", actualCertsAscii);
(void)printf("Expected value:\t%s\n",
expectedCertsAscii);
}
}
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_PL_Free(asciiResult, NULL);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(state);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_DECREF_AC(expectedCerts);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certStores);
PKIX_TEST_DECREF_AC(revCheckers);
PKIX_TEST_DECREF_AC(revChecker);
PKIX_TEST_DECREF_AC(ldapCertStore);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(dirNameString);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(anchors);
PKIX_TEST_DECREF_AC(anchor);
PKIX_TEST_DECREF_AC(trustedCert);
PKIX_TEST_DECREF_AC(trustedPubKey);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(targetCert);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("BuildChain");
return (0);
}
int test_buildchain_uchecker(int argc, char *argv[])
{
PKIX_BuildResult *buildResult = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_CertChainChecker *checker = NULL;
char *dirName = NULL;
PKIX_PL_String *dirNameString = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *targetCert = NULL;
PKIX_UInt32 numCerts = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_UInt32 chainLength = 0;
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
char * asciiResult = NULL;
PKIX_Boolean result;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_Boolean supportForward = PKIX_FALSE;
PKIX_List *expectedCerts = NULL;
PKIX_List *userOIDs = NULL;
PKIX_PL_OID *oid = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
char *oidString = NULL;
void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
PKIX_TEST_STD_VARS();
if (argc < 5){
printUsage();
return (0);
}
startTests("BuildChain_UserChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
/* OID specified at argv[3+j] */
if (*argv[3+j] != '-') {
if (*argv[3+j] == 'F') {
supportForward = PKIX_TRUE;
oidString = argv[3+j]+1;
} else {
oidString = argv[3+j];
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
(&userOIDs, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(oidString, &oid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(userOIDs, (PKIX_PL_Object *)oid, plContext));
PKIX_TEST_DECREF_BC(oid);
}
subTest(argv[1+j]);
dirName = argv[4+j];
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
chainLength = argc - j - 5;
for (k = 0; k < chainLength; k++){
dirCert = createCert(dirName, argv[5+k+j], plContext);
if (k == (chainLength - 1)){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert, plContext));
trustedCert = dirCert;
} else {
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(expectedCerts,
(PKIX_PL_Object *)dirCert,
plContext));
if (k == 0){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_IncRef
((PKIX_PL_Object *)dirCert,
plContext));
targetCert = dirCert;
}
}
PKIX_TEST_DECREF_BC(dirCert);
}
/* create processing params with list of trust anchors */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
(anchors, &procParams, plContext));
/* create CertSelector with target certificate in params */
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_SetCertificate
(certSelParams, targetCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
(testUserChecker,
supportForward,
PKIX_FALSE,
userOIDs,
NULL,
&checker,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
(procParams, checker, plContext));
/* create CertStores */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
(PKIX_ESCASCII,
dirName,
0,
&dirNameString,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
(dirNameString, &certStore, plContext));
#if 0
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
(&certStore, plContext));
#endif
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(certStores, (PKIX_PL_Object *)certStore, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext));
/* build cert chain using processing params and return buildResult */
pkixTestErrorResult = PKIX_BuildChain
(procParams,
&nbioContext,
&buildState,
&buildResult,
NULL,
plContext);
if (testValid == PKIX_TRUE) { /* ENE */
if (pkixTestErrorResult){
(void) printf("UNEXPECTED RESULT RECEIVED!\n");
} else {
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
}
} else { /* EE */
if (pkixTestErrorResult){
(void) printf("EXPECTED RESULT RECEIVED!\n");
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
} else {
testError("UNEXPECTED RESULT RECEIVED");
}
}
if (buildResult){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_BuildResult_GetCertChain
(buildResult, &certs, NULL));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_GetItem
(certs,
i,
(PKIX_PL_Object**)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Free(asciiResult, plContext));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_Equals
((PKIX_PL_Object*)certs,
(PKIX_PL_Object*)expectedCerts,
&result,
plContext));
if (!result){
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII
(actualCertsString, plContext);
if (actualCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Object_ToString
((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII
(expectedCertsString, plContext);
if (expectedCertsAscii == NULL){
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void) printf("Actual value:\t%s\n", actualCertsAscii);
(void) printf("Expected value:\t%s\n",
expectedCertsAscii);
if (chainLength - 1 != numUserCheckerCalled) {
pkixTestErrorMsg =
"PKIX user defined checker not called";
}
goto cleanup;
}
}
cleanup:
PKIX_PL_Free(asciiResult, plContext);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_DECREF_AC(expectedCerts);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(certStores);
PKIX_TEST_DECREF_AC(dirNameString);
PKIX_TEST_DECREF_AC(trustedCert);
PKIX_TEST_DECREF_AC(targetCert);
PKIX_TEST_DECREF_AC(anchor);
PKIX_TEST_DECREF_AC(anchors);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(userOIDs);
PKIX_TEST_DECREF_AC(checker);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("BuildChain_UserChecker");
return (0);
}
int test_defaultcrlchecker2stores(int argc, char *argv[]){
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_Boolean testValid = PKIX_TRUE;
char *dirName = NULL;
char *anchorName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 6) {
printUsage1(argv[0]);
return (0);
}
startTests("CRL Checker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
chainLength = (argc - j) - 7;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[(7+j)+i];
certs[i] = NULL;
}
subTest(argv[1+j]);
subTest("Default-CRL-Checker");
subTest("Default-CRL-Checker - Create Cert Chain");
dirName = argv[3+j];
chain = createCertChainPlus
(dirName, certNames, certs, chainLength, plContext);
subTest("Default-CRL-Checker - Create Params");
anchorName = argv[6+j];
valParams = createValidateParams
(dirName,
anchorName,
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("Multiple-CertStores");
testDefaultMultipleCertStores(valParams, argv[4+j], argv[5+j]);
subTest("Default-CRL-Checker - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(chain);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("CRL Checker");
return (0);
}
/*
* FUNCTION: pkix_pl_CRL_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of the CRL pointed
* to by "crl" and stores it at "pString".
*
* PARAMETERS
* "crl"
* Address of CRL whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_ToString_Helper(
PKIX_PL_CRL *crl,
PKIX_PL_String **pString,
void *plContext)
{
char *asciiFormat = NULL;
PKIX_UInt32 crlVersion;
PKIX_PL_X500Name *crlIssuer = NULL;
PKIX_PL_OID *nssSignatureAlgId = NULL;
PKIX_PL_BigInt *crlNumber = NULL;
PKIX_List *crlEntryList = NULL;
PKIX_List *critExtOIDs = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *crlIssuerString = NULL;
PKIX_PL_String *lastUpdateString = NULL;
PKIX_PL_String *nextUpdateString = NULL;
PKIX_PL_String *nssSignatureAlgIdString = NULL;
PKIX_PL_String *crlNumberString = NULL;
PKIX_PL_String *crlEntryListString = NULL;
PKIX_PL_String *critExtOIDsString = NULL;
PKIX_PL_String *crlString = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_ToString_Helper");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pString);
asciiFormat =
"[\n"
"\tVersion: v%d\n"
"\tIssuer: %s\n"
"\tUpdate: [Last: %s\n"
"\t Next: %s]\n"
"\tSignatureAlgId: %s\n"
"\tCRL Number : %s\n"
"\n"
"\tEntry List: %s\n"
"\n"
"\tCritExtOIDs: %s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Version */
PKIX_CHECK(pkix_pl_CRL_GetVersion(crl, &crlVersion, plContext),
PKIX_CRLGETVERSIONFAILED);
/* Issuer */
PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext),
PKIX_CRLGETISSUERFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)crlIssuer, &crlIssuerString, plContext),
PKIX_X500NAMETOSTRINGFAILED);
/* This update - No Date object created, use nss data directly */
PKIX_CHECK(pkix_pl_Date_ToString_Helper
(&(crl->nssSignedCrl->crl.lastUpdate),
&lastUpdateString,
plContext),
PKIX_DATETOSTRINGHELPERFAILED);
/* Next update - No Date object created, use nss data directly */
PKIX_CHECK(pkix_pl_Date_ToString_Helper
(&(crl->nssSignedCrl->crl.nextUpdate),
&nextUpdateString,
plContext),
PKIX_DATETOSTRINGHELPERFAILED);
/* Signature Algorithm Id */
PKIX_CHECK(pkix_pl_CRL_GetSignatureAlgId
(crl, &nssSignatureAlgId, plContext),
PKIX_CRLGETSIGNATUREALGIDFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)nssSignatureAlgId,
&nssSignatureAlgIdString,
plContext),
PKIX_OIDTOSTRINGFAILED);
/* CRL Number */
PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber
(crl, &crlNumber, plContext),
PKIX_CRLGETCRLNUMBERFAILED);
PKIX_TOSTRING(crlNumber, &crlNumberString, plContext,
PKIX_BIGINTTOSTRINGFAILED);
/* CRL Entries */
PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext),
PKIX_CRLGETCRLENTRIESFAILED);
PKIX_TOSTRING(crlEntryList, &crlEntryListString, plContext,
PKIX_LISTTOSTRINGFAILED);
/* CriticalExtensionOIDs */
PKIX_CHECK(PKIX_PL_CRL_GetCriticalExtensionOIDs
(crl, &critExtOIDs, plContext),
PKIX_CRLGETCRITICALEXTENSIONOIDSFAILED);
PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
PKIX_LISTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&crlString,
plContext,
formatString,
crlVersion + 1,
crlIssuerString,
lastUpdateString,
nextUpdateString,
nssSignatureAlgIdString,
crlNumberString,
crlEntryListString,
critExtOIDsString),
PKIX_SPRINTFFAILED);
*pString = crlString;
cleanup:
PKIX_DECREF(crlIssuer);
PKIX_DECREF(nssSignatureAlgId);
PKIX_DECREF(crlNumber);
PKIX_DECREF(crlEntryList);
PKIX_DECREF(critExtOIDs);
PKIX_DECREF(crlIssuerString);
PKIX_DECREF(lastUpdateString);
PKIX_DECREF(nextUpdateString);
PKIX_DECREF(nssSignatureAlgIdString);
PKIX_DECREF(crlNumberString);
PKIX_DECREF(crlEntryListString);
PKIX_DECREF(critExtOIDsString);
PKIX_DECREF(formatString);
PKIX_RETURN(CRL);
}
int test_validatechain(int argc, char *argv[]){
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_UInt32 chainLength = 0;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_List *chainCerts = NULL;
PKIX_PL_Cert *dirCert = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
char *dirCertName = NULL;
char *anchorCertName = NULL;
char *dirName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage();
return (0);
}
startTests("ValidateChain");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
subTest(argv[1+j]);
dirName = argv[3+j];
chainLength = argc - j - 5;
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
for (k = 0; k < chainLength; k++) {
dirCert = createCert(dirName, argv[5+k+j], plContext);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
PKIX_TEST_DECREF_BC(dirCert);
}
valParams = createValidateParams
(dirName,
argv[4+j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chainCerts,
plContext);
testDefaultCertStore(valParams, dirName);
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
}
subTest("Displaying VerifyNode objects");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(chainCerts);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("ValidateChain");
return (0);
}
int test_validatechain_bc(int argc, char *argv[])
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_List *anchors = NULL;
PKIX_List *certs = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_PL_X500Name *subject = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
char *trustedCertFile = NULL;
char *chainCertFile = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_PL_Cert *chainCert = NULL;
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_UInt32 actualMinorVersion;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_TEST_STD_VARS();
if (argc < 3){
printUsage();
return (0);
}
startTests("ValidateChainBasicConstraints");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
chainLength = (argc - j) - 2;
/* create processing params with list of trust anchors */
trustedCertFile = argv[1+j];
trustedCert = createCert(trustedCertFile);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
(certSelParams, -1, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext));
PKIX_TEST_DECREF_BC(subject);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
(trustedCert, &anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(anchors, (PKIX_PL_Object *)anchor, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
(anchors, &procParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
(procParams, PKIX_FALSE, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, certSelector, plContext));
PKIX_TEST_DECREF_BC(certSelector);
/* create cert chain */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
for (i = 0; i < chainLength; i++){
chainCertFile = argv[i + (2+j)];
chainCert = createCert(chainCertFile);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(certs, (PKIX_PL_Object *)chainCert, plContext));
PKIX_TEST_DECREF_BC(chainCert);
}
/* create validate params with processing params and cert chain */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
(procParams, certs, &valParams, plContext));
/* validate cert chain using processing params and return valResult */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
if (valResult != NULL){
printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
printf("Cert Selector minimum path length to be -1\n");
PKIX_TEST_DECREF_BC(valResult);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
PKIX_TEST_DECREF_BC(verifyString);
PKIX_TEST_DECREF_BC(verifyTree);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
(certSelParams, 6, plContext));
/* validate cert chain using processing params and return valResult */
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
if (valResult != NULL){
printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
printf("Cert Selector minimum path length to be 6\n");
}
PKIX_TEST_DECREF_BC(trustedCert);
PKIX_TEST_DECREF_BC(anchor);
PKIX_TEST_DECREF_BC(anchors);
PKIX_TEST_DECREF_BC(certs);
PKIX_TEST_DECREF_BC(procParams);
cleanup:
if (PKIX_TEST_ERROR_RECEIVED){
printf("FAILED TO VALIDATE\n");
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(certSelParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_RETURN();
PKIX_Shutdown(plContext);
endTests("ValidateChainBasicConstraints");
return (0);
}
int test_policychecker(int argc, char *argv[])
{
PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
PKIX_Boolean expectedResult = PKIX_FALSE;
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 initArgs = 0;
PKIX_UInt32 firstCert = 0;
PKIX_UInt32 i = 0;
PKIX_Int32 j = 0;
PKIX_UInt32 actualMinorVersion;
PKIX_ProcessingParams *procParams = NULL;
char *firstTrustAnchor = "yassir2yassir";
char *secondTrustAnchor = "yassir2bcn";
char *dateAscii = "991201000000Z";
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_List *chain = NULL;
PKIX_Error *validationError = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
char *dirName = NULL;
char *dataCentralDir = NULL;
char *anchorName = NULL;
PKIX_TEST_STD_VARS();
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/*
* Perform hard-coded tests if no command line args.
* If command line args are provided, they must be:
* arg[1]: test name
* arg[2]: "ENE" or "EE", for "expect no error" or "expect error"
* arg[3]: directory for certificates
* arg[4]: user-initial-policy-set, consisting of braces
* containing zero or more OID sequences, separated by commas
* arg[5]: (optional) "E", indicating initialExplicitPolicy
* arg[firstCert]: the path and filename of the trust anchor certificate
* arg[firstCert+1..(n-1)]: successive certificates in the chain
* arg[n]: the end entity certificate
*
* Example: test_policychecker test1EE ENE
* {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity
*/
dirName = argv[3+j];
dataCentralDir = argv[4+j];
if (argc <= 5 || ((6 == argc) && (j))) {
testPass
(dataCentralDir,
firstTrustAnchor,
secondTrustAnchor,
dateAscii);
testNistTest1(dirName);
testNistTest2(dirName);
goto cleanup;
}
if (argc < (7 + j)) {
printUsage(argv[0]);
pkixTestErrorMsg = "Invalid command line arguments.";
goto cleanup;
}
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
expectedResult = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
expectedResult = PKIX_FALSE;
} else {
printUsage(argv[0]);
pkixTestErrorMsg = "Invalid command line arguments.";
goto cleanup;
}
userInitialPolicySet = policySetParse(argv[5+j]);
if (!userInitialPolicySet) {
printUsage(argv[0]);
pkixTestErrorMsg = "Invalid command line arguments.";
goto cleanup;
}
for (initArgs = 0; initArgs < 3; initArgs++) {
if (PORT_Strcmp(argv[6+j+initArgs], "A") == 0) {
initialAnyPolicyInhibit = PKIX_TRUE;
} else if (PORT_Strcmp(argv[6+j+initArgs], "E") == 0) {
initialExplicitPolicy = PKIX_TRUE;
} else if (PORT_Strcmp(argv[6+j+initArgs], "P") == 0) {
initialPolicyMappingInhibit = PKIX_TRUE;
} else {
break;
}
}
firstCert = initArgs + j + 6;
chainLength = argc - (firstCert + 1);
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
pkixTestErrorMsg = "Invalid command line arguments.";
goto cleanup;
}
/*
* Create a chain, but don't include the first certName.
* That's the anchor, and is supplied separately from
* the chain.
*/
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[i + (firstCert + 1)];
certs[i] = NULL;
}
chain = createCertChainPlus
(dirName, certNames, certs, chainLength, plContext);
subTest(argv[1+j]);
valParams = createValidateParams
(dirName,
argv[firstCert],
NULL,
NULL,
userInitialPolicySet,
initialPolicyMappingInhibit,
initialAnyPolicyInhibit,
initialExplicitPolicy,
PKIX_FALSE,
chain,
plContext);
if (expectedResult == PKIX_TRUE) {
subTest(" (expecting successful validation)");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
printValidPolicyTree(valResult);
} else {
subTest(" (expecting validation to fail)");
validationError = PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext);
if (!validationError) {
printValidPolicyTree(valResult);
pkixTestErrorMsg = "Should have thrown an error here.";
}
PKIX_TEST_DECREF_BC(validationError);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
PKIX_PL_Free(anchorName, plContext);
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(userInitialPolicySet);
PKIX_TEST_DECREF_AC(chain);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(validationError);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("PolicyChecker");
return (0);
}
int test_policynode(int argc, char *argv[]) {
/*
* Create a tree with parent = anyPolicy,
* child1 with Nist1+Nist2, child2 with Nist1.
* Give each child another child, with policies Nist2
* and Nist1, respectively. Pruning with a depth of two
* should have no effect. Give one of the children
* another child. Then pruning with a depth of three
* should reduce the tree to a single strand, as child1
* and child3 are removed.
*
* parent (anyPolicy)
* / \
* child1(Nist1+Nist2) child2(Nist1)
* | |
* child3(Nist2) child4(Nist1)
* |
* child5(Nist1)
*
*/
char *asciiAnyPolicy = "2.5.29.32.0";
PKIX_PL_Cert *cert = NULL;
PKIX_PL_CertPolicyInfo *nist1Policy = NULL;
PKIX_PL_CertPolicyInfo *nist2Policy = NULL;
PKIX_List *policyQualifierList = NULL;
PKIX_PL_OID *oidAnyPolicy = NULL;
PKIX_PL_OID *oidNist1Policy = NULL;
PKIX_PL_OID *oidNist2Policy = NULL;
PKIX_List *expectedAnyList = NULL;
PKIX_List *expectedNist1List = NULL;
PKIX_List *expectedNist2List = NULL;
PKIX_List *expectedNist1Nist2List = NULL;
PKIX_List *emptyList = NULL;
PKIX_PolicyNode *parentNode = NULL;
PKIX_PolicyNode *childNode1 = NULL;
PKIX_PolicyNode *childNode2 = NULL;
PKIX_PolicyNode *childNode3 = NULL;
PKIX_PolicyNode *childNode4 = NULL;
PKIX_PolicyNode *childNode5 = NULL;
PKIX_PL_String *parentString = NULL;
PKIX_Boolean pDelete = PKIX_FALSE;
char *expectedParentAscii =
"{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C "
"1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65"
" 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2"
"0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 "
"73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66"
" 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6"
"F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3"
".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7"
"3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 "
"63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20"
" 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6"
"1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 "
"72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3"
".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20"
" 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2"
"0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 "
"66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72"
" 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7"
"4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n"
". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
"C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
"65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
" 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
"9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
"66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
" 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}";
char *expectedValidAscii =
"2.16.840.1.101.3.2.1.48.2";
char *expectedQualifiersAscii =
/* "(1.3.6.1.5.5.7.2.2)"; */
"(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 "
"69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74"
" 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7"
"2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 "
"63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70"
" 75 72 70 6F 73 65 73 20 6F 6E 6C 79])";
char *expectedPoliciesAscii =
"(2.16.840.1.101.3.2.1.48.1)";
char *expectedTree =
"{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
"C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
"65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
" 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
"9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
"66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
" 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1"
".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69"
" 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6"
"9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 "
"20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63"
" 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7"
"5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101"
".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A "
"20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72"
" 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6"
"9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 "
"72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F"
" 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]"
"),1}\n"
". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30"
" 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6"
"8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F "
"6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68"
" 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2"
"0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 "
"20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)"
",2}\n"
". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
"C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
"65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
" 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
"9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
"66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
" 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
"(2.16.840.1.101.3.2.1.48.1),2}\n"
". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
"0.1.101.3.2.1.48.1),3}";
char *expectedPrunedTree =
"{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
"C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
"65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
" 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
"9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
"66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
" 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
"(2.16.840.1.101.3.2.1.48.1),2}\n"
". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
"0.1.101.3.2.1.48.1),3}";
PKIX_UInt32 actualMinorVersion;
PKIX_UInt32 j = 0;
char *dirName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 2) {
printUsage();
return (0);
}
startTests("PolicyNode");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
dirName = argv[j+1];
subTest("Creating OID objects");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
(asciiAnyPolicy, &oidAnyPolicy, plContext));
/* Read certificates to get real policies, qualifiers */
cert = createCert
(dirName, "UserNoticeQualifierTest16EE.crt", plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation
(cert, &expectedNist1Nist2List, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
(expectedNist1Nist2List,
0,
(PKIX_PL_Object **)&nist1Policy,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
(expectedNist1Nist2List,
1,
(PKIX_PL_Object **)&nist2Policy,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers
(nist1Policy, &policyQualifierList, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
(nist1Policy, &oidNist1Policy, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId
(nist2Policy, &oidNist2Policy, plContext));
subTest("Creating expectedPolicy List objects");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_Create(&expectedAnyList, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_Create(&expectedNist1List, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_Create(&expectedNist2List, plContext));
subTest("Populating expectedPolicy List objects");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(expectedNist1List,
(PKIX_PL_Object *)oidNist1Policy,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(expectedNist2List,
(PKIX_PL_Object *)oidNist2Policy,
plContext));
subTest("Creating PolicyNode objects");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidAnyPolicy,
NULL,
PKIX_TRUE,
expectedAnyList,
&parentNode,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidNist2Policy,
policyQualifierList,
PKIX_TRUE,
expectedNist1Nist2List,
&childNode1,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidNist1Policy,
policyQualifierList,
PKIX_TRUE,
expectedNist1List,
&childNode2,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidNist2Policy,
policyQualifierList,
PKIX_TRUE,
expectedNist2List,
&childNode3,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidNist1Policy,
emptyList,
PKIX_FALSE,
expectedNist1List,
&childNode4,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create
(oidNist1Policy,
NULL,
PKIX_TRUE,
expectedNist1List,
&childNode5,
plContext));
subTest("Creating the PolicyNode tree");
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
(parentNode, childNode1, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
(parentNode, childNode2, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
(childNode1, childNode3, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
(childNode2, childNode4, plContext));
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent
(childNode4, childNode5, plContext));
subTest("Displaying PolicyNode objects");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)parentNode, &parentString, plContext));
(void) printf("parentNode is\n\t%s\n", parentString->escAsciiString);
testToStringHelper
((PKIX_PL_Object*)parentNode, expectedTree, plContext);
test_DuplicateHelper(parentNode, plContext);
test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii);
test_GetValidPolicy
(childNode1, childNode3, parentNode, expectedValidAscii);
test_GetPolicyQualifiers
(childNode1, childNode3, childNode4, expectedQualifiersAscii);
test_GetExpectedPolicies
(childNode2, childNode4, childNode3, expectedPoliciesAscii);
test_IsCritical(childNode1, childNode2, childNode4);
test_GetDepth(childNode2, childNode4, childNode5);
subTest("pkix_PolicyNode_Prune");
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune
(parentNode, 2, &pDelete, plContext));
testToStringHelper
((PKIX_PL_Object*)parentNode, expectedTree, plContext);
PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune
(parentNode, 3, &pDelete, plContext));
testToStringHelper
((PKIX_PL_Object*)parentNode, expectedPrunedTree, plContext);
test_GetChildren(parentNode, parentNode, childNode2);
cleanup:
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(nist1Policy);
PKIX_TEST_DECREF_AC(nist2Policy);
PKIX_TEST_DECREF_AC(policyQualifierList);
PKIX_TEST_DECREF_AC(oidAnyPolicy);
PKIX_TEST_DECREF_AC(oidNist1Policy);
PKIX_TEST_DECREF_AC(oidNist2Policy);
PKIX_TEST_DECREF_AC(expectedAnyList);
PKIX_TEST_DECREF_AC(expectedNist1List);
PKIX_TEST_DECREF_AC(expectedNist2List);
PKIX_TEST_DECREF_AC(expectedNist1Nist2List);
PKIX_TEST_DECREF_AC(emptyList);
PKIX_TEST_DECREF_AC(parentNode);
PKIX_TEST_DECREF_AC(childNode1);
PKIX_TEST_DECREF_AC(childNode2);
PKIX_TEST_DECREF_AC(childNode3);
PKIX_TEST_DECREF_AC(childNode4);
PKIX_TEST_DECREF_AC(childNode5);
PKIX_TEST_DECREF_AC(parentString);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("PolicyNode");
return (0);
}
/*
* FUNCTION: pkix_ValidateResult_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_ValidateResult *valResult = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *valResultString = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_PublicKey *pubKey = NULL;
PKIX_PolicyNode *policyTree = NULL;
PKIX_PL_String *anchorString = NULL;
PKIX_PL_String *pubKeyString = NULL;
PKIX_PL_String *treeString = NULL;
char *asciiNullString = "(null)";
char *asciiFormat =
"[\n"
"\tTrustAnchor: \t\t%s"
"\tPubKey: \t\t%s\n"
"\tPolicyTree: \t\t%s\n"
"]\n";
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_OBJECTNOTVALIDATERESULT);
valResult = (PKIX_ValidateResult*)object;
anchor = valResult->anchor;
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor, &anchorString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
pubKey = valResult->pubKey;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pubKey, &pubKeyString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_ValidateResult_GetPolicyTree
(valResult, &policyTree, plContext),
PKIX_VALIDATERESULTGETPOLICYTREEFAILED);
if (policyTree) {
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)policyTree, &treeString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
} else {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiNullString,
0,
&treeString,
plContext),
PKIX_STRINGCREATEFAILED);
}
PKIX_CHECK(PKIX_PL_Sprintf
(&valResultString,
plContext,
formatString,
anchorString,
pubKeyString,
treeString),
PKIX_SPRINTFFAILED);
*pString = valResultString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(anchorString);
PKIX_DECREF(pubKeyString);
PKIX_DECREF(policyTree);
PKIX_DECREF(treeString);
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateParams_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_ValidateParams *valParams = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *valParamsString = NULL;
PKIX_PL_String *procParamsString = NULL;
PKIX_PL_String *chainString = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_OBJECTNOTVALIDATEPARAMS);
asciiFormat =
"[\n"
"\tProcessing Params: \n"
"\t********BEGIN PROCESSING PARAMS********\n"
"\t\t%s\n"
"\t********END PROCESSING PARAMS********\n"
"\tChain: \t\t%s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
valParams = (PKIX_ValidateParams*)object;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)valParams->procParams,
&procParamsString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)valParams->chain,
&chainString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&valParamsString,
plContext,
formatString,
procParamsString,
chainString),
PKIX_SPRINTFFAILED);
*pString = valParamsString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(procParamsString);
PKIX_DECREF(chainString);
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: pkix_SinglePolicyNode_ToString
* DESCRIPTION:
*
* Creates a String representation of the attributes of the PolicyNode
* pointed to by "node", other than its parents or children, and
* stores the result at "pString".
*
* PARAMETERS:
* "node"
* Address of PolicyNode to be described by the string. Must be non-NULL.
* "pString"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if function succeeds
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in a fatal way
*/
PKIX_Error *
pkix_SinglePolicyNode_ToString(
PKIX_PolicyNode *node,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *fmtString = NULL;
PKIX_PL_String *validString = NULL;
PKIX_PL_String *qualifierString = NULL;
PKIX_PL_String *criticalityString = NULL;
PKIX_PL_String *expectedString = NULL;
PKIX_PL_String *outString = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString");
PKIX_NULLCHECK_TWO(node, pString);
PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"{%s,%s,%s,%s,%d}",
0,
&fmtString,
plContext),
PKIX_CANTCREATESTRING);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)(node->validPolicy),
&validString,
plContext),
PKIX_OIDTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)(node->expectedPolicySet),
&expectedString,
plContext),
PKIX_LISTTOSTRINGFAILED);
if (node->qualifierSet) {
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)(node->qualifierSet),
&qualifierString,
plContext),
PKIX_LISTTOSTRINGFAILED);
} else {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"{}",
0,
&qualifierString,
plContext),
PKIX_CANTCREATESTRING);
}
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
(node->criticality)?"Critical":"Not Critical",
0,
&criticalityString,
plContext),
PKIX_CANTCREATESTRING);
PKIX_CHECK(PKIX_PL_Sprintf
(&outString,
plContext,
fmtString,
validString,
qualifierString,
criticalityString,
expectedString,
node->depth),
PKIX_SPRINTFFAILED);
*pString = outString;
cleanup:
PKIX_DECREF(fmtString);
PKIX_DECREF(validString);
PKIX_DECREF(qualifierString);
PKIX_DECREF(criticalityString);
PKIX_DECREF(expectedString);
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: pkix_pl_GeneralName_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of the GeneralName
* pointed to by "name" and stores it at "pString" Different mechanisms are
* used to create the string, depending on the type of the GeneralName.
*
* PARAMETERS
* "name"
* Address of GeneralName whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a GeneralName Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_GeneralName_ToString_Helper(
PKIX_PL_GeneralName *name,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_X500Name *pkixDN = NULL;
PKIX_PL_OID *pkixOID = NULL;
char *x400AsciiName = NULL;
char *ediPartyName = NULL;
char *asciiName = NULL;
PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_ToString_Helper");
PKIX_NULLCHECK_TWO(name, pString);
switch (name->type) {
case certRFC822Name:
case certDNSName:
case certURI:
/*
* Note that we can't use PKIX_ESCASCII here because
* name->other->data is not guaranteed to be null-terminated.
*/
PKIX_NULLCHECK_ONE(name->other);
PKIX_CHECK(PKIX_PL_String_Create(PKIX_UTF8,
(name->other)->data,
(name->other)->len,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certEDIPartyName:
/* XXX print out the actual bytes */
ediPartyName = "EDIPartyName: <DER-encoded value>";
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
ediPartyName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certX400Address:
/* XXX print out the actual bytes */
x400AsciiName = "X400Address: <DER-encoded value>";
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
x400AsciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certIPAddress:
PKIX_CHECK(pkix_pl_ipAddrBytes2Ascii
(name->other, &asciiName, plContext),
PKIX_IPADDRBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
asciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certOtherName:
PKIX_NULLCHECK_ONE(name->OthName);
/* we only print type-id - don't know how to print value */
/* XXX print out the bytes of the value */
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&name->OthName->oid, &asciiName, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certRegisterID:
pkixOID = name->oid;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pkixOID, pString, plContext),
PKIX_OIDTOSTRINGFAILED);
break;
case certDirectoryName:
pkixDN = name->directoryName;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pkixDN, pString, plContext),
PKIX_X500NAMETOSTRINGFAILED);
break;
default:
PKIX_ERROR
(PKIX_TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED);
}
cleanup:
PKIX_FREE(asciiName);
PKIX_RETURN(GENERALNAME);
}
int
test_list2(int argc, char *argv[])
{
PKIX_List *list;
char *temp;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_Int32 cmpResult;
PKIX_PL_OID *testOID;
PKIX_PL_String *testString;
PKIX_PL_Object *obj, *obj2;
PKIX_UInt32 size = 10;
char *testOIDString[10] = {
"2.9.999.1.20",
"1.2.3.4.5.6.7",
"0.1",
"1.2.3.5",
"0.39",
"1.2.3.4.7",
"1.2.3.4.6",
"0.39.1",
"1.2.3.4.5",
"0.39.1.300"
};
PKIX_UInt32 actualMinorVersion;
PKIX_TEST_STD_VARS();
startTests("List Sorting");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
subTest("Creating Unsorted Lists");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
for (i = 0; i < size; i++) {
/* Create a new OID object */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(
testOIDString[i],
&testOID,
plContext));
/* Insert it into the list */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext));
/* Decref the string object */
PKIX_TEST_DECREF_BC(testOID);
}
subTest("Outputting Unsorted List");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
&testString,
plContext));
temp = PKIX_String2ASCII(testString, plContext);
if (temp) {
(void)printf("%s \n", temp);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
}
PKIX_TEST_DECREF_BC(testString);
subTest("Performing Bubble Sort");
for (i = 0; i < size; i++)
for (j = 9; j > i; j--) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j -
1,
&obj2, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext));
if (cmpResult < 0) {
/* Exchange the items */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j -
1,
obj, plContext));
}
/* DecRef objects */
PKIX_TEST_DECREF_BC(obj);
PKIX_TEST_DECREF_BC(obj2);
}
subTest("Outputting Sorted List");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
&testString,
plContext));
temp = PKIX_String2ASCII(testString, plContext);
if (temp) {
(void)printf("%s \n", temp);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
}
cleanup:
PKIX_TEST_DECREF_AC(testString);
PKIX_TEST_DECREF_AC(list);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("List Sorting");
return (0);
}
int test_validatechain_NB(int argc, char *argv[]){
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
PKIX_UInt32 j = 0;
PKIX_UInt32 k = 0;
PKIX_UInt32 chainLength = 0;
PKIX_Boolean testValid = PKIX_TRUE;
PKIX_List *chainCerts = NULL;
PKIX_PL_Cert *dirCert = NULL;
char *dirCertName = NULL;
char *anchorCertName = NULL;
char *dirName = NULL;
PKIX_UInt32 certIndex = 0;
PKIX_UInt32 anchorIndex = 0;
PKIX_UInt32 checkerIndex = 0;
PKIX_Boolean revChecking = PKIX_FALSE;
PKIX_List *checkers = NULL;
PRPollDesc *pollDesc = NULL;
PRErrorCode errorCode = 0;
PKIX_PL_Socket *socket = NULL;
char *ldapName = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_List *loggers = NULL;
PKIX_Logger *logger = NULL;
char *logging = NULL;
PKIX_PL_String *component = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage();
return (0);
}
startTests("ValidateChain_NB");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage();
return (0);
}
subTest(argv[1+j]);
dirName = argv[3+j];
chainLength = argc - j - 5;
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
for (k = 0; k < chainLength; k++){
dirCert = createCert(dirName, argv[5+k+j], plContext);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_AppendItem
(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
PKIX_TEST_DECREF_BC(dirCert);
}
valParams = createValidateParams
(dirName,
argv[4+j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chainCerts,
plContext);
ldapName = PR_GetEnv("LDAP");
/* Is LDAP set in the environment? */
if ((ldapName == NULL) || (*ldapName == '\0')) {
testError("LDAP not set in environment");
goto cleanup;
}
pkixTestErrorResult = pkix_pl_Socket_CreateByName
(PKIX_FALSE, /* isServer */
PR_SecondsToInterval(30), /* try 30 secs for connect */
ldapName,
&errorCode,
&socket,
plContext);
if (pkixTestErrorResult != NULL) {
PKIX_PL_Object_DecRef
((PKIX_PL_Object *)pkixTestErrorResult, plContext);
pkixTestErrorResult = NULL;
testError("Unable to connect to LDAP Server");
goto cleanup;
}
PKIX_TEST_DECREF_BC(socket);
testSetupCertStore(valParams, ldapName);
logging = PR_GetEnv("LOGGING");
/* Is LOGGING set in the environment? */
if ((logging != NULL) && (*logging != '\0')) {
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_Create(&loggers, plContext));
testLogErrors
(PKIX_VALIDATE_ERROR, 2, loggers, plContext);
testLogErrors
(PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext);
testLogErrors
(PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext);
testLogErrors
(PKIX_CERTSTORE_ERROR, 2, loggers, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext));
}
pkixTestErrorResult = PKIX_ValidateChain_NB
(valParams,
&certIndex,
&anchorIndex,
&checkerIndex,
&revChecking,
&checkers,
(void **)&pollDesc,
&valResult,
&verifyTree,
plContext);
while (pollDesc != NULL) {
if (PR_Poll(pollDesc, 1, 0) < 0) {
testError("PR_Poll failed");
}
pkixTestErrorResult = PKIX_ValidateChain_NB
(valParams,
&certIndex,
&anchorIndex,
&checkerIndex,
&revChecking,
&checkers,
(void **)&pollDesc,
&valResult,
&verifyTree,
plContext);
}
if (pkixTestErrorResult) {
if (testValid == PKIX_FALSE) { /* EE */
(void) printf("EXPECTED ERROR RECEIVED!\n");
} else { /* ENE */
testError("UNEXPECTED ERROR RECEIVED");
}
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
} else {
if (testValid == PKIX_TRUE) { /* ENE */
(void) printf("EXPECTED NON-ERROR RECEIVED!\n");
} else { /* EE */
(void) printf("UNEXPECTED NON-ERROR RECEIVED!\n");
}
}
cleanup:
if (verifyTree) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
(void) printf("verifyTree is\n%s\n",
verifyString->escAsciiString);
}
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(checkers);
PKIX_TEST_DECREF_AC(chainCerts);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("ValidateChain_NB");
return (0);
}
/*
* FUNCTION: pkix_List_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of the List pointed
* to by "list" and stores its address in the object pointed to by "pString".
*
* PARAMETERS
* "list"
* Address of List whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address of object pointer's destination. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a List Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_List_ToString_Helper(
PKIX_List *list,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *itemString = NULL;
PKIX_PL_String *nextString = NULL;
PKIX_PL_String *format = NULL;
PKIX_Boolean empty;
PKIX_ENTER(LIST, "pkix_List_ToString_Helper");
PKIX_NULLCHECK_TWO(list, pString);
/* special case when list is the header */
if (list->isHeader){
PKIX_CHECK(PKIX_List_IsEmpty(list, &empty, plContext),
PKIX_LISTISEMPTYFAILED);
if (empty){
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"EMPTY",
0,
&itemString,
plContext),
PKIX_ERRORCREATINGITEMSTRING);
(*pString) = itemString;
PKIX_DEBUG_EXIT(LIST);
return (NULL);
} else {
PKIX_CHECK(pkix_List_ToString_Helper
(list->next, &itemString, plContext),
PKIX_LISTTOSTRINGHELPERFAILED);
}
/* Create a string object from the format */
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, "%s", 0, &format, plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(pString, plContext, format, itemString),
PKIX_SPRINTFFAILED);
} else {
/* Get a string for this list's item */
if (list->item == NULL) {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"(null)",
0,
&itemString,
plContext),
PKIX_STRINGCREATEFAILED);
} else {
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)list->item,
&itemString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
}
if (list->next == NULL) {
/* Just return the itemstring */
(*pString) = itemString;
PKIX_DEBUG_EXIT(LIST);
return (NULL);
}
/* Recursive call to get string for this list's next pointer */
PKIX_CHECK(pkix_List_ToString_Helper
(list->next, &nextString, plContext),
PKIX_LISTTOSTRINGHELPERFAILED);
/* Create a string object from the format */
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
"%s, %s",
0,
&format,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(pString,
plContext,
format,
itemString,
nextString),
PKIX_SPRINTFFAILED);
}
cleanup:
PKIX_DECREF(itemString);
PKIX_DECREF(nextString);
PKIX_DECREF(format);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_Error_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_Error_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_Error *error = NULL;
PKIX_Error *cause = NULL;
PKIX_PL_String *desc = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *causeString = NULL;
PKIX_PL_String *optCauseString = NULL;
PKIX_PL_String *errorNameString = NULL;
char *format = NULL;
PKIX_ERRORCLASS errClass;
PKIX_ENTER(ERROR, "pkix_Error_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
PKIX_OBJECTNOTANERROR);
error = (PKIX_Error *)object;
/* Get this error's errClass, description and the string of its cause */
errClass = error->errClass;
/* Get the description string */
PKIX_Error_GetDescription(error, &desc, plContext);
/* Get the cause */
cause = error->cause;
/* Get the causes's description string */
if (cause != NULL) {
pkix_error_cause_depth++;
/* Get the cause string */
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)cause, &causeString, plContext),
PKIX_ERRORGETTINGCAUSESTRING);
format = "\n*** Cause (%d): %s";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
format,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Create the optional Cause String */
PKIX_CHECK(PKIX_PL_Sprintf
(&optCauseString,
plContext,
formatString,
pkix_error_cause_depth,
causeString),
PKIX_SPRINTFFAILED);
PKIX_DECREF(formatString);
pkix_error_cause_depth--;
}
/* Create the Format String */
if (optCauseString != NULL) {
format = "*** %s Error- %s%s";
} else {
format = "*** %s Error- %s";
}
/* Ensure that error errClass is known, otherwise default to Object */
if (errClass >= PKIX_NUMERRORCLASSES) {
errClass = 0;
}
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
(void *)PKIX_ERRORCLASSNAMES[errClass],
0,
&errorNameString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
format,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Create the output String */
PKIX_CHECK(PKIX_PL_Sprintf
(pString,
plContext,
formatString,
errorNameString,
desc,
optCauseString),
PKIX_SPRINTFFAILED);
cleanup:
PKIX_DECREF(desc);
PKIX_DECREF(causeString);
PKIX_DECREF(formatString);
PKIX_DECREF(optCauseString);
PKIX_DECREF(errorNameString);
PKIX_RETURN(ERROR);
}
static void
Test_BuildResult(
PKIX_ProcessingParams *procParams,
PKIX_Boolean testValid,
PKIX_List *expectedCerts,
void *plContext)
{
PKIX_PL_Cert *cert = NULL;
PKIX_List *certs = NULL;
PKIX_PL_String *actualCertsString = NULL;
PKIX_PL_String *expectedCertsString = NULL;
PKIX_BuildResult *buildResult = NULL;
PKIX_Boolean result;
PKIX_Boolean supportForward = PKIX_FALSE;
PKIX_UInt32 numCerts, i;
char *asciiResult = NULL;
char *actualCertsAscii = NULL;
char *expectedCertsAscii = NULL;
void *state = NULL;
PRPollDesc *pollDesc = NULL;
PKIX_TEST_STD_VARS();
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
NULL,
plContext);
while (pollDesc != NULL) {
if (PR_Poll(pollDesc, 1, 0) < 0) {
testError("PR_Poll failed");
}
pkixTestErrorResult = PKIX_BuildChain(procParams,
(void **)&pollDesc,
&state,
&buildResult,
NULL,
plContext);
}
if (pkixTestErrorResult) {
if (testValid == PKIX_FALSE) { /* EE */
(void)printf("EXPECTED ERROR RECEIVED!\n");
} else { /* ENE */
testError("UNEXPECTED ERROR RECEIVED!\n");
}
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
goto cleanup;
}
if (testValid == PKIX_TRUE) { /* ENE */
(void)printf("EXPECTED NON-ERROR RECEIVED!\n");
} else { /* EE */
testError("UNEXPECTED NON-ERROR RECEIVED!\n");
}
if (buildResult) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
printf("\n");
for (i = 0; i < numCerts; i++) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
i,
(PKIX_PL_Object **)&cert,
plContext));
asciiResult = PKIX_Cert2ASCII(cert);
printf("CERT[%d]:\n%s\n", i, asciiResult);
/* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
asciiResult = NULL;
PKIX_TEST_DECREF_BC(cert);
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
(PKIX_PL_Object *)expectedCerts,
&result,
plContext));
if (!result) {
testError("BUILT CERTCHAIN IS "
"NOT THE ONE THAT WAS EXPECTED");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
&actualCertsString,
plContext));
actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
if (actualCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
&expectedCertsString,
plContext));
expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
if (expectedCertsAscii == NULL) {
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
goto cleanup;
}
(void)printf("Actual value:\t%s\n", actualCertsAscii);
(void)printf("Expected value:\t%s\n",
expectedCertsAscii);
}
}
cleanup:
PKIX_PL_Free(asciiResult, NULL);
PKIX_PL_Free(actualCertsAscii, plContext);
PKIX_PL_Free(expectedCertsAscii, plContext);
PKIX_TEST_DECREF_AC(state);
PKIX_TEST_DECREF_AC(buildResult);
PKIX_TEST_DECREF_AC(certs);
PKIX_TEST_DECREF_AC(cert);
PKIX_TEST_DECREF_AC(actualCertsString);
PKIX_TEST_DECREF_AC(expectedCertsString);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_TrustAnchor_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *anchorString = NULL;
PKIX_PL_String *certString = NULL;
PKIX_PL_String *nameString = NULL;
PKIX_PL_String *pubKeyString = NULL;
PKIX_PL_String *nameConstraintsString = NULL;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_OBJECTNOTTRUSTANCHOR);
anchor = (PKIX_TrustAnchor*)object;
if (anchor->trustedCert){
asciiFormat =
"[\n"
"\tTrusted Cert: %s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->trustedCert,
&certString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&anchorString,
plContext,
formatString,
certString),
PKIX_SPRINTFFAILED);
} else {
asciiFormat =
"[\n"
"\tTrusted CA Name: %s\n"
"\tTrusted CA PublicKey: %s\n"
"\tInitial Name Constraints:%s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->caName,
&nameString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->caPubKey,
&pubKeyString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_TOSTRING
(anchor->nameConstraints,
&nameConstraintsString,
plContext,
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&anchorString,
plContext,
formatString,
nameString,
pubKeyString,
nameConstraintsString),
PKIX_SPRINTFFAILED);
}
*pString = anchorString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(certString);
PKIX_DECREF(nameString);
PKIX_DECREF(pubKeyString);
PKIX_DECREF(nameConstraintsString);
PKIX_RETURN(TRUSTANCHOR);
}
int dumpcert(int argc, char *argv[])
{
PKIX_PL_String *string = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_Error *error = NULL;
char *ascii = NULL;
PKIX_UInt32 length = 0;
PKIX_UInt32 j = 0;
PKIX_Boolean useArenas = PKIX_FALSE;
PKIX_UInt32 actualMinorVersion;
PKIX_TEST_STD_VARS();
if (argc == 1){
printUsage();
return (0);
}
useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
PKIX_Initialize
(PKIX_TRUE, /* nssInitNeeded */
useArenas,
PKIX_MAJOR_VERSION,
PKIX_MINOR_VERSION,
PKIX_MINOR_VERSION,
&actualMinorVersion,
&plContext);
cert = createCert(argv[1+j]);
if (cert){
error = PKIX_PL_Object_ToString
((PKIX_PL_Object *)cert, &string, plContext);
if (error){
printFailure("Unable to get string representation "
"of cert");
goto cleanup;
}
error = PKIX_PL_String_GetEncoded
(string,
PKIX_ESCASCII,
(void **)&ascii,
&length,
plContext);
if (error || !ascii){
printFailure("Unable to get ASCII encoding of string");
goto cleanup;
}
(void) printf("OUTPUT:\n%s\n", ascii);
} else {
printFailure("Unable to create certificate");
goto cleanup;
}
cleanup:
if (cert){
PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext);
}
if (string){
PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
}
if (ascii){
PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
}
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("DUMPCERT");
return (0);
}
