/* * This test is the same as testDuplicateHelper, except that it * produces a more useful "Actual value" and "Expected value" * in the case of an unexpected mismatch. */ static void test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext) { PKIX_PolicyNode *newObject = NULL; PKIX_Boolean cmpResult; PKIX_PL_String *original = NULL; PKIX_PL_String *copy = NULL; PKIX_TEST_STD_VARS(); subTest("testing pkix_PolicyNode_Duplicate"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)object, (PKIX_PL_Object **)&newObject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals ((PKIX_PL_Object *)object, (PKIX_PL_Object *)newObject, &cmpResult, plContext)); if (!cmpResult){ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)object, &original, plContext)); testError("unexpected mismatch"); (void) printf ("original value:\t%s\n", original->escAsciiString); if (newObject) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)newObject, ©, plContext)); (void) printf ("copy value:\t%s\n", copy->escAsciiString); } else { (void) printf("copy value:\t(NULL)\n"); } } cleanup: PKIX_TEST_DECREF_AC(newObject); PKIX_TEST_DECREF_AC(original); PKIX_TEST_DECREF_AC(copy); PKIX_TEST_RETURN(); }
/* * FUNCTION: treeToStringHelper * This function obtains the string representation of a PolicyNode * Tree and compares it to the expected value. * PARAMETERS: * "parent" - a PolicyNode, the root of a PolicyNodeTree; * must be non-NULL. * "expected" - the desired string. * THREAD SAFETY: * Thread Safe * * Multiple threads can safely call this function without worrying * about conflicts, even if they're operating on the same object. * RETURNS: * Nothing. */ static void treeToStringHelper(PKIX_PolicyNode *parent, char *expected) { PKIX_PL_String *stringRep = NULL; char *actual = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object *)parent, &stringRep, plContext)); actual = PKIX_String2ASCII(stringRep, plContext); if (actual == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } if (PL_strcmp(actual, expected) != 0){ testError("unexpected mismatch"); (void) printf("Actual value:\t%s\n", actual); (void) printf("Expected value:\t%s\n", expected); } cleanup: PKIX_PL_Free(actual, plContext); PKIX_TEST_DECREF_AC(stringRep); PKIX_TEST_RETURN(); }
static void printValidPolicyTree(PKIX_ValidateResult *valResult) { PKIX_PolicyNode* validPolicyTree = NULL; PKIX_PL_String *treeString = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree (valResult, &validPolicyTree, plContext)); if (validPolicyTree) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)validPolicyTree, &treeString, plContext)); (void) printf("validPolicyTree is\n\t%s\n", treeString->escAsciiString); } else { (void) printf("validPolicyTree is NULL\n"); } cleanup: PKIX_TEST_DECREF_AC(validPolicyTree); PKIX_TEST_DECREF_AC(treeString); PKIX_TEST_RETURN(); }
int test_buildchain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *trustedPubKey = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *revCheckers = NULL; char *asciiResult = NULL; PKIX_Boolean result = PKIX_FALSE; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *expectedCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; void *state = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; useLDAP = PKIX_TRUE; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < (PKIX_UInt32)argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (PKIX_UInt32)(argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, NULL, /* testDate, may be NULL */ trustedPubKey, numCerts, &revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); #ifdef debuggingWithoutRevocation PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); #endif /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } } else { if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } subTest("Displaying VerifyNode objects"); if (verifyTree == NULL) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); } (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); if (pkixTestErrorResult) { PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(revCheckers); PKIX_TEST_DECREF_AC(revChecker); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(trustedPubKey); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain"); return (0); }
int test_buildchain_uchecker(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char * asciiResult = NULL; PKIX_Boolean result; PKIX_Boolean testValid = PKIX_TRUE; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_List *expectedCerts = NULL; PKIX_List *userOIDs = NULL; PKIX_PL_OID *oid = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; char *oidString = NULL; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ PKIX_TEST_STD_VARS(); if (argc < 5){ printUsage(); return (0); } startTests("BuildChain_UserChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } /* OID specified at argv[3+j] */ if (*argv[3+j] != '-') { if (*argv[3+j] == 'F') { supportForward = PKIX_TRUE; oidString = argv[3+j]+1; } else { oidString = argv[3+j]; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create (&userOIDs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (oidString, &oid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (userOIDs, (PKIX_PL_Object *)oid, plContext)); PKIX_TEST_DECREF_BC(oid); } subTest(argv[1+j]); dirName = argv[4+j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); chainLength = argc - j - 5; for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); if (k == (chainLength - 1)){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == 0){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_SetCertificate (certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create (testUserChecker, supportForward, PKIX_FALSE, userOIDs, NULL, &checker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker (procParams, checker, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain (procParams, &nbioContext, &buildState, &buildResult, NULL, plContext); if (testValid == PKIX_TRUE) { /* ENE */ if (pkixTestErrorResult){ (void) printf("UNEXPECTED RESULT RECEIVED!\n"); } else { (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } } else { /* EE */ if (pkixTestErrorResult){ (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { testError("UNEXPECTED RESULT RECEIVED"); } } if (buildResult){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_BuildResult_GetCertChain (buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetItem (certs, i, (PKIX_PL_Object**)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_Equals ((PKIX_PL_Object*)certs, (PKIX_PL_Object*)expectedCerts, &result, plContext)); if (!result){ testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII (actualCertsString, plContext); if (actualCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII (expectedCertsString, plContext); if (expectedCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void) printf("Actual value:\t%s\n", actualCertsAscii); (void) printf("Expected value:\t%s\n", expectedCertsAscii); if (chainLength - 1 != numUserCheckerCalled) { pkixTestErrorMsg = "PKIX user defined checker not called"; } goto cleanup; } } cleanup: PKIX_PL_Free(asciiResult, plContext); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(userOIDs); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
int test_defaultcrlchecker2stores(int argc, char *argv[]){ PKIX_List *chain = NULL; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_UInt32 actualMinorVersion; char *certNames[PKIX_TEST_MAX_CERTS]; PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_UInt32 chainLength = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_Boolean testValid = PKIX_TRUE; char *dirName = NULL; char *anchorName = NULL; PKIX_TEST_STD_VARS(); if (argc < 6) { printUsage1(argv[0]); return (0); } startTests("CRL Checker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage1(argv[0]); return (0); } chainLength = (argc - j) - 7; if (chainLength > PKIX_TEST_MAX_CERTS) { printUsageMax(chainLength); } for (i = 0; i < chainLength; i++) { certNames[i] = argv[(7+j)+i]; certs[i] = NULL; } subTest(argv[1+j]); subTest("Default-CRL-Checker"); subTest("Default-CRL-Checker - Create Cert Chain"); dirName = argv[3+j]; chain = createCertChainPlus (dirName, certNames, certs, chainLength, plContext); subTest("Default-CRL-Checker - Create Params"); anchorName = argv[6+j]; valParams = createValidateParams (dirName, anchorName, NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chain, plContext); subTest("Multiple-CertStores"); testDefaultMultipleCertStores(valParams, argv[4+j], argv[5+j]); subTest("Default-CRL-Checker - Validate Chain"); if (testValid == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } else { PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(chain); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("CRL Checker"); return (0); }
/* * FUNCTION: pkix_pl_CRL_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the CRL pointed * to by "crl" and stores it at "pString". * * PARAMETERS * "crl" * Address of CRL whose string representation is desired. * Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_ToString_Helper( PKIX_PL_CRL *crl, PKIX_PL_String **pString, void *plContext) { char *asciiFormat = NULL; PKIX_UInt32 crlVersion; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; PKIX_List *crlEntryList = NULL; PKIX_List *critExtOIDs = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *crlIssuerString = NULL; PKIX_PL_String *lastUpdateString = NULL; PKIX_PL_String *nextUpdateString = NULL; PKIX_PL_String *nssSignatureAlgIdString = NULL; PKIX_PL_String *crlNumberString = NULL; PKIX_PL_String *crlEntryListString = NULL; PKIX_PL_String *critExtOIDsString = NULL; PKIX_PL_String *crlString = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_ToString_Helper"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pString); asciiFormat = "[\n" "\tVersion: v%d\n" "\tIssuer: %s\n" "\tUpdate: [Last: %s\n" "\t Next: %s]\n" "\tSignatureAlgId: %s\n" "\tCRL Number : %s\n" "\n" "\tEntry List: %s\n" "\n" "\tCritExtOIDs: %s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Version */ PKIX_CHECK(pkix_pl_CRL_GetVersion(crl, &crlVersion, plContext), PKIX_CRLGETVERSIONFAILED); /* Issuer */ PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext), PKIX_CRLGETISSUERFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)crlIssuer, &crlIssuerString, plContext), PKIX_X500NAMETOSTRINGFAILED); /* This update - No Date object created, use nss data directly */ PKIX_CHECK(pkix_pl_Date_ToString_Helper (&(crl->nssSignedCrl->crl.lastUpdate), &lastUpdateString, plContext), PKIX_DATETOSTRINGHELPERFAILED); /* Next update - No Date object created, use nss data directly */ PKIX_CHECK(pkix_pl_Date_ToString_Helper (&(crl->nssSignedCrl->crl.nextUpdate), &nextUpdateString, plContext), PKIX_DATETOSTRINGHELPERFAILED); /* Signature Algorithm Id */ PKIX_CHECK(pkix_pl_CRL_GetSignatureAlgId (crl, &nssSignatureAlgId, plContext), PKIX_CRLGETSIGNATUREALGIDFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)nssSignatureAlgId, &nssSignatureAlgIdString, plContext), PKIX_OIDTOSTRINGFAILED); /* CRL Number */ PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber (crl, &crlNumber, plContext), PKIX_CRLGETCRLNUMBERFAILED); PKIX_TOSTRING(crlNumber, &crlNumberString, plContext, PKIX_BIGINTTOSTRINGFAILED); /* CRL Entries */ PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext), PKIX_CRLGETCRLENTRIESFAILED); PKIX_TOSTRING(crlEntryList, &crlEntryListString, plContext, PKIX_LISTTOSTRINGFAILED); /* CriticalExtensionOIDs */ PKIX_CHECK(PKIX_PL_CRL_GetCriticalExtensionOIDs (crl, &critExtOIDs, plContext), PKIX_CRLGETCRITICALEXTENSIONOIDSFAILED); PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext, PKIX_LISTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&crlString, plContext, formatString, crlVersion + 1, crlIssuerString, lastUpdateString, nextUpdateString, nssSignatureAlgIdString, crlNumberString, crlEntryListString, critExtOIDsString), PKIX_SPRINTFFAILED); *pString = crlString; cleanup: PKIX_DECREF(crlIssuer); PKIX_DECREF(nssSignatureAlgId); PKIX_DECREF(crlNumber); PKIX_DECREF(crlEntryList); PKIX_DECREF(critExtOIDs); PKIX_DECREF(crlIssuerString); PKIX_DECREF(lastUpdateString); PKIX_DECREF(nextUpdateString); PKIX_DECREF(nssSignatureAlgIdString); PKIX_DECREF(crlNumberString); PKIX_DECREF(crlEntryListString); PKIX_DECREF(critExtOIDsString); PKIX_DECREF(formatString); PKIX_RETURN(CRL); }
int test_validatechain(int argc, char *argv[]){ PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *chainCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; char *dirCertName = NULL; char *anchorCertName = NULL; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("ValidateChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } subTest(argv[1+j]); dirName = argv[3+j]; chainLength = argc - j - 5; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); for (k = 0; k < chainLength; k++) { dirCert = createCert(dirName, argv[5+k+j], plContext); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (chainCerts, (PKIX_PL_Object *)dirCert, plContext)); PKIX_TEST_DECREF_BC(dirCert); } valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chainCerts, plContext); testDefaultCertStore(valParams, dirName); if (testValid == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } else { PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } subTest("Displaying VerifyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(chainCerts); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ValidateChain"); return (0); }
int test_validatechain_bc(int argc, char *argv[]) { PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_PL_X500Name *subject = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; char *trustedCertFile = NULL; char *chainCertFile = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *chainCert = NULL; PKIX_UInt32 chainLength = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 actualMinorVersion; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_TEST_STD_VARS(); if (argc < 3){ printUsage(); return (0); } startTests("ValidateChainBasicConstraints"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); chainLength = (argc - j) - 2; /* create processing params with list of trust anchors */ trustedCertFile = argv[1+j]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints (certSelParams, -1, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_DECREF_BC(subject); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled (procParams, PKIX_FALSE, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_DECREF_BC(certSelector); /* create cert chain */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); for (i = 0; i < chainLength; i++){ chainCertFile = argv[i + (2+j)]; chainCert = createCert(chainCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certs, (PKIX_PL_Object *)chainCert, plContext)); PKIX_TEST_DECREF_BC(chainCert); } /* create validate params with processing params and cert chain */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create (procParams, certs, &valParams, plContext)); /* validate cert chain using processing params and return valResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); if (valResult != NULL){ printf("SUCCESSFULLY VALIDATED with Basic Constraint "); printf("Cert Selector minimum path length to be -1\n"); PKIX_TEST_DECREF_BC(valResult); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); PKIX_TEST_DECREF_BC(verifyString); PKIX_TEST_DECREF_BC(verifyTree); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints (certSelParams, 6, plContext)); /* validate cert chain using processing params and return valResult */ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); if (valResult != NULL){ printf("SUCCESSFULLY VALIDATED with Basic Constraint "); printf("Cert Selector minimum path length to be 6\n"); } PKIX_TEST_DECREF_BC(trustedCert); PKIX_TEST_DECREF_BC(anchor); PKIX_TEST_DECREF_BC(anchors); PKIX_TEST_DECREF_BC(certs); PKIX_TEST_DECREF_BC(procParams); cleanup: if (PKIX_TEST_ERROR_RECEIVED){ printf("FAILED TO VALIDATE\n"); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("ValidateChainBasicConstraints"); return (0); }
int test_policychecker(int argc, char *argv[]) { PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE; PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE; PKIX_Boolean initialExplicitPolicy = PKIX_FALSE; PKIX_Boolean expectedResult = PKIX_FALSE; PKIX_UInt32 chainLength = 0; PKIX_UInt32 initArgs = 0; PKIX_UInt32 firstCert = 0; PKIX_UInt32 i = 0; PKIX_Int32 j = 0; PKIX_UInt32 actualMinorVersion; PKIX_ProcessingParams *procParams = NULL; char *firstTrustAnchor = "yassir2yassir"; char *secondTrustAnchor = "yassir2bcn"; char *dateAscii = "991201000000Z"; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */ char *certNames[PKIX_TEST_MAX_CERTS]; PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; PKIX_List *chain = NULL; PKIX_Error *validationError = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; char *dirName = NULL; char *dataCentralDir = NULL; char *anchorName = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * Perform hard-coded tests if no command line args. * If command line args are provided, they must be: * arg[1]: test name * arg[2]: "ENE" or "EE", for "expect no error" or "expect error" * arg[3]: directory for certificates * arg[4]: user-initial-policy-set, consisting of braces * containing zero or more OID sequences, separated by commas * arg[5]: (optional) "E", indicating initialExplicitPolicy * arg[firstCert]: the path and filename of the trust anchor certificate * arg[firstCert+1..(n-1)]: successive certificates in the chain * arg[n]: the end entity certificate * * Example: test_policychecker test1EE ENE * {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity */ dirName = argv[3+j]; dataCentralDir = argv[4+j]; if (argc <= 5 || ((6 == argc) && (j))) { testPass (dataCentralDir, firstTrustAnchor, secondTrustAnchor, dateAscii); testNistTest1(dirName); testNistTest2(dirName); goto cleanup; } if (argc < (7 + j)) { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } if (PORT_Strcmp(argv[2+j], "ENE") == 0) { expectedResult = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { expectedResult = PKIX_FALSE; } else { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } userInitialPolicySet = policySetParse(argv[5+j]); if (!userInitialPolicySet) { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } for (initArgs = 0; initArgs < 3; initArgs++) { if (PORT_Strcmp(argv[6+j+initArgs], "A") == 0) { initialAnyPolicyInhibit = PKIX_TRUE; } else if (PORT_Strcmp(argv[6+j+initArgs], "E") == 0) { initialExplicitPolicy = PKIX_TRUE; } else if (PORT_Strcmp(argv[6+j+initArgs], "P") == 0) { initialPolicyMappingInhibit = PKIX_TRUE; } else { break; } } firstCert = initArgs + j + 6; chainLength = argc - (firstCert + 1); if (chainLength > PKIX_TEST_MAX_CERTS) { printUsageMax(chainLength); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } /* * Create a chain, but don't include the first certName. * That's the anchor, and is supplied separately from * the chain. */ for (i = 0; i < chainLength; i++) { certNames[i] = argv[i + (firstCert + 1)]; certs[i] = NULL; } chain = createCertChainPlus (dirName, certNames, certs, chainLength, plContext); subTest(argv[1+j]); valParams = createValidateParams (dirName, argv[firstCert], NULL, NULL, userInitialPolicySet, initialPolicyMappingInhibit, initialAnyPolicyInhibit, initialExplicitPolicy, PKIX_FALSE, chain, plContext); if (expectedResult == PKIX_TRUE) { subTest(" (expecting successful validation)"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); printValidPolicyTree(valResult); } else { subTest(" (expecting validation to fail)"); validationError = PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext); if (!validationError) { printValidPolicyTree(valResult); pkixTestErrorMsg = "Should have thrown an error here."; } PKIX_TEST_DECREF_BC(validationError); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); cleanup: PKIX_PL_Free(anchorName, plContext); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(userInitialPolicySet); PKIX_TEST_DECREF_AC(chain); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(validationError); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("PolicyChecker"); return (0); }
int test_policynode(int argc, char *argv[]) { /* * Create a tree with parent = anyPolicy, * child1 with Nist1+Nist2, child2 with Nist1. * Give each child another child, with policies Nist2 * and Nist1, respectively. Pruning with a depth of two * should have no effect. Give one of the children * another child. Then pruning with a depth of three * should reduce the tree to a single strand, as child1 * and child3 are removed. * * parent (anyPolicy) * / \ * child1(Nist1+Nist2) child2(Nist1) * | | * child3(Nist2) child4(Nist1) * | * child5(Nist1) * */ char *asciiAnyPolicy = "2.5.29.32.0"; PKIX_PL_Cert *cert = NULL; PKIX_PL_CertPolicyInfo *nist1Policy = NULL; PKIX_PL_CertPolicyInfo *nist2Policy = NULL; PKIX_List *policyQualifierList = NULL; PKIX_PL_OID *oidAnyPolicy = NULL; PKIX_PL_OID *oidNist1Policy = NULL; PKIX_PL_OID *oidNist2Policy = NULL; PKIX_List *expectedAnyList = NULL; PKIX_List *expectedNist1List = NULL; PKIX_List *expectedNist2List = NULL; PKIX_List *expectedNist1Nist2List = NULL; PKIX_List *emptyList = NULL; PKIX_PolicyNode *parentNode = NULL; PKIX_PolicyNode *childNode1 = NULL; PKIX_PolicyNode *childNode2 = NULL; PKIX_PolicyNode *childNode3 = NULL; PKIX_PolicyNode *childNode4 = NULL; PKIX_PolicyNode *childNode5 = NULL; PKIX_PL_String *parentString = NULL; PKIX_Boolean pDelete = PKIX_FALSE; char *expectedParentAscii = "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C " "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65" " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2" "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 " "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66" " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6" "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3" ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7" "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 " "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20" " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6" "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 " "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3" ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20" " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2" "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 " "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72" " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7" "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n" ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}"; char *expectedValidAscii = "2.16.840.1.101.3.2.1.48.2"; char *expectedQualifiersAscii = /* "(1.3.6.1.5.5.7.2.2)"; */ "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 " "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74" " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7" "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 " "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70" " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])"; char *expectedPoliciesAscii = "(2.16.840.1.101.3.2.1.48.1)"; char *expectedTree = "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1" ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69" " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6" "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 " "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63" " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7" "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101" ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A " "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72" " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6" "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 " "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F" " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]" "),1}\n" ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30" " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6" "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F " "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68" " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2" "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 " "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)" ",2}\n" ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," "(2.16.840.1.101.3.2.1.48.1),2}\n" ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" "0.1.101.3.2.1.48.1),3}"; char *expectedPrunedTree = "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," "(2.16.840.1.101.3.2.1.48.1),2}\n" ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" "0.1.101.3.2.1.48.1),3}"; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 2) { printUsage(); return (0); } startTests("PolicyNode"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); dirName = argv[j+1]; subTest("Creating OID objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (asciiAnyPolicy, &oidAnyPolicy, plContext)); /* Read certificates to get real policies, qualifiers */ cert = createCert (dirName, "UserNoticeQualifierTest16EE.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation (cert, &expectedNist1Nist2List, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (expectedNist1Nist2List, 0, (PKIX_PL_Object **)&nist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (expectedNist1Nist2List, 1, (PKIX_PL_Object **)&nist2Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers (nist1Policy, &policyQualifierList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId (nist1Policy, &oidNist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId (nist2Policy, &oidNist2Policy, plContext)); subTest("Creating expectedPolicy List objects"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedAnyList, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedNist1List, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedNist2List, plContext)); subTest("Populating expectedPolicy List objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedNist1List, (PKIX_PL_Object *)oidNist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (expectedNist2List, (PKIX_PL_Object *)oidNist2Policy, plContext)); subTest("Creating PolicyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidAnyPolicy, NULL, PKIX_TRUE, expectedAnyList, &parentNode, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist2Policy, policyQualifierList, PKIX_TRUE, expectedNist1Nist2List, &childNode1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, policyQualifierList, PKIX_TRUE, expectedNist1List, &childNode2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist2Policy, policyQualifierList, PKIX_TRUE, expectedNist2List, &childNode3, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, emptyList, PKIX_FALSE, expectedNist1List, &childNode4, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, NULL, PKIX_TRUE, expectedNist1List, &childNode5, plContext)); subTest("Creating the PolicyNode tree"); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (parentNode, childNode1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (parentNode, childNode2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode1, childNode3, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode2, childNode4, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode4, childNode5, plContext)); subTest("Displaying PolicyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)parentNode, &parentString, plContext)); (void) printf("parentNode is\n\t%s\n", parentString->escAsciiString); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedTree, plContext); test_DuplicateHelper(parentNode, plContext); test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii); test_GetValidPolicy (childNode1, childNode3, parentNode, expectedValidAscii); test_GetPolicyQualifiers (childNode1, childNode3, childNode4, expectedQualifiersAscii); test_GetExpectedPolicies (childNode2, childNode4, childNode3, expectedPoliciesAscii); test_IsCritical(childNode1, childNode2, childNode4); test_GetDepth(childNode2, childNode4, childNode5); subTest("pkix_PolicyNode_Prune"); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune (parentNode, 2, &pDelete, plContext)); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedTree, plContext); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune (parentNode, 3, &pDelete, plContext)); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedPrunedTree, plContext); test_GetChildren(parentNode, parentNode, childNode2); cleanup: PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(nist1Policy); PKIX_TEST_DECREF_AC(nist2Policy); PKIX_TEST_DECREF_AC(policyQualifierList); PKIX_TEST_DECREF_AC(oidAnyPolicy); PKIX_TEST_DECREF_AC(oidNist1Policy); PKIX_TEST_DECREF_AC(oidNist2Policy); PKIX_TEST_DECREF_AC(expectedAnyList); PKIX_TEST_DECREF_AC(expectedNist1List); PKIX_TEST_DECREF_AC(expectedNist2List); PKIX_TEST_DECREF_AC(expectedNist1Nist2List); PKIX_TEST_DECREF_AC(emptyList); PKIX_TEST_DECREF_AC(parentNode); PKIX_TEST_DECREF_AC(childNode1); PKIX_TEST_DECREF_AC(childNode2); PKIX_TEST_DECREF_AC(childNode3); PKIX_TEST_DECREF_AC(childNode4); PKIX_TEST_DECREF_AC(childNode5); PKIX_TEST_DECREF_AC(parentString); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("PolicyNode"); return (0); }
/* * FUNCTION: pkix_ValidateResult_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ValidateResult_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_ValidateResult *valResult = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *valResultString = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *pubKey = NULL; PKIX_PolicyNode *policyTree = NULL; PKIX_PL_String *anchorString = NULL; PKIX_PL_String *pubKeyString = NULL; PKIX_PL_String *treeString = NULL; char *asciiNullString = "(null)"; char *asciiFormat = "[\n" "\tTrustAnchor: \t\t%s" "\tPubKey: \t\t%s\n" "\tPolicyTree: \t\t%s\n" "]\n"; PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext), PKIX_OBJECTNOTVALIDATERESULT); valResult = (PKIX_ValidateResult*)object; anchor = valResult->anchor; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor, &anchorString, plContext), PKIX_OBJECTTOSTRINGFAILED); pubKey = valResult->pubKey; PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)pubKey, &pubKeyString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_ValidateResult_GetPolicyTree (valResult, &policyTree, plContext), PKIX_VALIDATERESULTGETPOLICYTREEFAILED); if (policyTree) { PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)policyTree, &treeString, plContext), PKIX_OBJECTTOSTRINGFAILED); } else { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiNullString, 0, &treeString, plContext), PKIX_STRINGCREATEFAILED); } PKIX_CHECK(PKIX_PL_Sprintf (&valResultString, plContext, formatString, anchorString, pubKeyString, treeString), PKIX_SPRINTFFAILED); *pString = valResultString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(anchorString); PKIX_DECREF(pubKeyString); PKIX_DECREF(policyTree); PKIX_DECREF(treeString); PKIX_RETURN(VALIDATERESULT); }
/* * FUNCTION: pkix_ValidateParams_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ValidateParams_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_ValidateParams *valParams = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *valParamsString = NULL; PKIX_PL_String *procParamsString = NULL; PKIX_PL_String *chainString = NULL; PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext), PKIX_OBJECTNOTVALIDATEPARAMS); asciiFormat = "[\n" "\tProcessing Params: \n" "\t********BEGIN PROCESSING PARAMS********\n" "\t\t%s\n" "\t********END PROCESSING PARAMS********\n" "\tChain: \t\t%s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); valParams = (PKIX_ValidateParams*)object; PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object*)valParams->procParams, &procParamsString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)valParams->chain, &chainString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&valParamsString, plContext, formatString, procParamsString, chainString), PKIX_SPRINTFFAILED); *pString = valParamsString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(procParamsString); PKIX_DECREF(chainString); PKIX_RETURN(VALIDATEPARAMS); }
/* * FUNCTION: pkix_SinglePolicyNode_ToString * DESCRIPTION: * * Creates a String representation of the attributes of the PolicyNode * pointed to by "node", other than its parents or children, and * stores the result at "pString". * * PARAMETERS: * "node" * Address of PolicyNode to be described by the string. Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Conditionally Thread Safe * (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if function succeeds * Returns a PolicyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in a fatal way */ PKIX_Error * pkix_SinglePolicyNode_ToString( PKIX_PolicyNode *node, PKIX_PL_String **pString, void *plContext) { PKIX_PL_String *fmtString = NULL; PKIX_PL_String *validString = NULL; PKIX_PL_String *qualifierString = NULL; PKIX_PL_String *criticalityString = NULL; PKIX_PL_String *expectedString = NULL; PKIX_PL_String *outString = NULL; PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString"); PKIX_NULLCHECK_TWO(node, pString); PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "{%s,%s,%s,%s,%d}", 0, &fmtString, plContext), PKIX_CANTCREATESTRING); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)(node->validPolicy), &validString, plContext), PKIX_OIDTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)(node->expectedPolicySet), &expectedString, plContext), PKIX_LISTTOSTRINGFAILED); if (node->qualifierSet) { PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)(node->qualifierSet), &qualifierString, plContext), PKIX_LISTTOSTRINGFAILED); } else { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "{}", 0, &qualifierString, plContext), PKIX_CANTCREATESTRING); } PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, (node->criticality)?"Critical":"Not Critical", 0, &criticalityString, plContext), PKIX_CANTCREATESTRING); PKIX_CHECK(PKIX_PL_Sprintf (&outString, plContext, fmtString, validString, qualifierString, criticalityString, expectedString, node->depth), PKIX_SPRINTFFAILED); *pString = outString; cleanup: PKIX_DECREF(fmtString); PKIX_DECREF(validString); PKIX_DECREF(qualifierString); PKIX_DECREF(criticalityString); PKIX_DECREF(expectedString); PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: pkix_pl_GeneralName_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the GeneralName * pointed to by "name" and stores it at "pString" Different mechanisms are * used to create the string, depending on the type of the GeneralName. * * PARAMETERS * "name" * Address of GeneralName whose string representation is desired. * Must be non-NULL. * "pString" * Address where object pointer will be stored. Must be non-NULL. * "plContext" - Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a GeneralName Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_GeneralName_ToString_Helper( PKIX_PL_GeneralName *name, PKIX_PL_String **pString, void *plContext) { PKIX_PL_X500Name *pkixDN = NULL; PKIX_PL_OID *pkixOID = NULL; char *x400AsciiName = NULL; char *ediPartyName = NULL; char *asciiName = NULL; PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_ToString_Helper"); PKIX_NULLCHECK_TWO(name, pString); switch (name->type) { case certRFC822Name: case certDNSName: case certURI: /* * Note that we can't use PKIX_ESCASCII here because * name->other->data is not guaranteed to be null-terminated. */ PKIX_NULLCHECK_ONE(name->other); PKIX_CHECK(PKIX_PL_String_Create(PKIX_UTF8, (name->other)->data, (name->other)->len, pString, plContext), PKIX_STRINGCREATEFAILED); break; case certEDIPartyName: /* XXX print out the actual bytes */ ediPartyName = "EDIPartyName: <DER-encoded value>"; PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII, ediPartyName, 0, pString, plContext), PKIX_STRINGCREATEFAILED); break; case certX400Address: /* XXX print out the actual bytes */ x400AsciiName = "X400Address: <DER-encoded value>"; PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII, x400AsciiName, 0, pString, plContext), PKIX_STRINGCREATEFAILED); break; case certIPAddress: PKIX_CHECK(pkix_pl_ipAddrBytes2Ascii (name->other, &asciiName, plContext), PKIX_IPADDRBYTES2ASCIIFAILED); PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, pString, plContext), PKIX_STRINGCREATEFAILED); break; case certOtherName: PKIX_NULLCHECK_ONE(name->OthName); /* we only print type-id - don't know how to print value */ /* XXX print out the bytes of the value */ PKIX_CHECK(pkix_pl_oidBytes2Ascii (&name->OthName->oid, &asciiName, plContext), PKIX_OIDBYTES2ASCIIFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiName, 0, pString, plContext), PKIX_STRINGCREATEFAILED); break; case certRegisterID: pkixOID = name->oid; PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)pkixOID, pString, plContext), PKIX_OIDTOSTRINGFAILED); break; case certDirectoryName: pkixDN = name->directoryName; PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)pkixDN, pString, plContext), PKIX_X500NAMETOSTRINGFAILED); break; default: PKIX_ERROR (PKIX_TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED); } cleanup: PKIX_FREE(asciiName); PKIX_RETURN(GENERALNAME); }
int test_list2(int argc, char *argv[]) { PKIX_List *list; char *temp; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_Int32 cmpResult; PKIX_PL_OID *testOID; PKIX_PL_String *testString; PKIX_PL_Object *obj, *obj2; PKIX_UInt32 size = 10; char *testOIDString[10] = { "2.9.999.1.20", "1.2.3.4.5.6.7", "0.1", "1.2.3.5", "0.39", "1.2.3.4.7", "1.2.3.4.6", "0.39.1", "1.2.3.4.5", "0.39.1.300" }; PKIX_UInt32 actualMinorVersion; PKIX_TEST_STD_VARS(); startTests("List Sorting"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); subTest("Creating Unsorted Lists"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); for (i = 0; i < size; i++) { /* Create a new OID object */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create( testOIDString[i], &testOID, plContext)); /* Insert it into the list */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext)); /* Decref the string object */ PKIX_TEST_DECREF_BC(testOID); } subTest("Outputting Unsorted List"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, &testString, plContext)); temp = PKIX_String2ASCII(testString, plContext); if (temp) { (void)printf("%s \n", temp); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); } PKIX_TEST_DECREF_BC(testString); subTest("Performing Bubble Sort"); for (i = 0; i < size; i++) for (j = 9; j > i; j--) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j - 1, &obj2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext)); if (cmpResult < 0) { /* Exchange the items */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j - 1, obj, plContext)); } /* DecRef objects */ PKIX_TEST_DECREF_BC(obj); PKIX_TEST_DECREF_BC(obj2); } subTest("Outputting Sorted List"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, &testString, plContext)); temp = PKIX_String2ASCII(testString, plContext); if (temp) { (void)printf("%s \n", temp); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); } cleanup: PKIX_TEST_DECREF_AC(testString); PKIX_TEST_DECREF_AC(list); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("List Sorting"); return (0); }
int test_validatechain_NB(int argc, char *argv[]){ PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *chainCerts = NULL; PKIX_PL_Cert *dirCert = NULL; char *dirCertName = NULL; char *anchorCertName = NULL; char *dirName = NULL; PKIX_UInt32 certIndex = 0; PKIX_UInt32 anchorIndex = 0; PKIX_UInt32 checkerIndex = 0; PKIX_Boolean revChecking = PKIX_FALSE; PKIX_List *checkers = NULL; PRPollDesc *pollDesc = NULL; PRErrorCode errorCode = 0; PKIX_PL_Socket *socket = NULL; char *ldapName = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_List *loggers = NULL; PKIX_Logger *logger = NULL; char *logging = NULL; PKIX_PL_String *component = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("ValidateChain_NB"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } subTest(argv[1+j]); dirName = argv[3+j]; chainLength = argc - j - 5; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (chainCerts, (PKIX_PL_Object *)dirCert, plContext)); PKIX_TEST_DECREF_BC(dirCert); } valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chainCerts, plContext); ldapName = PR_GetEnv("LDAP"); /* Is LDAP set in the environment? */ if ((ldapName == NULL) || (*ldapName == '\0')) { testError("LDAP not set in environment"); goto cleanup; } pkixTestErrorResult = pkix_pl_Socket_CreateByName (PKIX_FALSE, /* isServer */ PR_SecondsToInterval(30), /* try 30 secs for connect */ ldapName, &errorCode, &socket, plContext); if (pkixTestErrorResult != NULL) { PKIX_PL_Object_DecRef ((PKIX_PL_Object *)pkixTestErrorResult, plContext); pkixTestErrorResult = NULL; testError("Unable to connect to LDAP Server"); goto cleanup; } PKIX_TEST_DECREF_BC(socket); testSetupCertStore(valParams, ldapName); logging = PR_GetEnv("LOGGING"); /* Is LOGGING set in the environment? */ if ((logging != NULL) && (*logging != '\0')) { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&loggers, plContext)); testLogErrors (PKIX_VALIDATE_ERROR, 2, loggers, plContext); testLogErrors (PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext); testLogErrors (PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext); testLogErrors (PKIX_CERTSTORE_ERROR, 2, loggers, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext)); } pkixTestErrorResult = PKIX_ValidateChain_NB (valParams, &certIndex, &anchorIndex, &checkerIndex, &revChecking, &checkers, (void **)&pollDesc, &valResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_ValidateChain_NB (valParams, &certIndex, &anchorIndex, &checkerIndex, &revChecking, &checkers, (void **)&pollDesc, &valResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void) printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { if (testValid == PKIX_TRUE) { /* ENE */ (void) printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } cleanup: if (verifyTree) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); } PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(checkers); PKIX_TEST_DECREF_AC(chainCerts); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ValidateChain_NB"); return (0); }
/* * FUNCTION: pkix_List_ToString_Helper * DESCRIPTION: * * Helper function that creates a string representation of the List pointed * to by "list" and stores its address in the object pointed to by "pString". * * PARAMETERS * "list" * Address of List whose string representation is desired. * Must be non-NULL. * "pString" * Address of object pointer's destination. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Conditionally Thread Safe * (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a List Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_List_ToString_Helper( PKIX_List *list, PKIX_PL_String **pString, void *plContext) { PKIX_PL_String *itemString = NULL; PKIX_PL_String *nextString = NULL; PKIX_PL_String *format = NULL; PKIX_Boolean empty; PKIX_ENTER(LIST, "pkix_List_ToString_Helper"); PKIX_NULLCHECK_TWO(list, pString); /* special case when list is the header */ if (list->isHeader){ PKIX_CHECK(PKIX_List_IsEmpty(list, &empty, plContext), PKIX_LISTISEMPTYFAILED); if (empty){ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "EMPTY", 0, &itemString, plContext), PKIX_ERRORCREATINGITEMSTRING); (*pString) = itemString; PKIX_DEBUG_EXIT(LIST); return (NULL); } else { PKIX_CHECK(pkix_List_ToString_Helper (list->next, &itemString, plContext), PKIX_LISTTOSTRINGHELPERFAILED); } /* Create a string object from the format */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s", 0, &format, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, format, itemString), PKIX_SPRINTFFAILED); } else { /* Get a string for this list's item */ if (list->item == NULL) { PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "(null)", 0, &itemString, plContext), PKIX_STRINGCREATEFAILED); } else { PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object*)list->item, &itemString, plContext), PKIX_OBJECTTOSTRINGFAILED); } if (list->next == NULL) { /* Just return the itemstring */ (*pString) = itemString; PKIX_DEBUG_EXIT(LIST); return (NULL); } /* Recursive call to get string for this list's next pointer */ PKIX_CHECK(pkix_List_ToString_Helper (list->next, &nextString, plContext), PKIX_LISTTOSTRINGHELPERFAILED); /* Create a string object from the format */ PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, "%s, %s", 0, &format, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, format, itemString, nextString), PKIX_SPRINTFFAILED); } cleanup: PKIX_DECREF(itemString); PKIX_DECREF(nextString); PKIX_DECREF(format); PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_Error_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_Error_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_Error *error = NULL; PKIX_Error *cause = NULL; PKIX_PL_String *desc = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *causeString = NULL; PKIX_PL_String *optCauseString = NULL; PKIX_PL_String *errorNameString = NULL; char *format = NULL; PKIX_ERRORCLASS errClass; PKIX_ENTER(ERROR, "pkix_Error_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext), PKIX_OBJECTNOTANERROR); error = (PKIX_Error *)object; /* Get this error's errClass, description and the string of its cause */ errClass = error->errClass; /* Get the description string */ PKIX_Error_GetDescription(error, &desc, plContext); /* Get the cause */ cause = error->cause; /* Get the causes's description string */ if (cause != NULL) { pkix_error_cause_depth++; /* Get the cause string */ PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object*)cause, &causeString, plContext), PKIX_ERRORGETTINGCAUSESTRING); format = "\n*** Cause (%d): %s"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, format, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Create the optional Cause String */ PKIX_CHECK(PKIX_PL_Sprintf (&optCauseString, plContext, formatString, pkix_error_cause_depth, causeString), PKIX_SPRINTFFAILED); PKIX_DECREF(formatString); pkix_error_cause_depth--; } /* Create the Format String */ if (optCauseString != NULL) { format = "*** %s Error- %s%s"; } else { format = "*** %s Error- %s"; } /* Ensure that error errClass is known, otherwise default to Object */ if (errClass >= PKIX_NUMERRORCLASSES) { errClass = 0; } PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, (void *)PKIX_ERRORCLASSNAMES[errClass], 0, &errorNameString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, format, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); /* Create the output String */ PKIX_CHECK(PKIX_PL_Sprintf (pString, plContext, formatString, errorNameString, desc, optCauseString), PKIX_SPRINTFFAILED); cleanup: PKIX_DECREF(desc); PKIX_DECREF(causeString); PKIX_DECREF(formatString); PKIX_DECREF(optCauseString); PKIX_DECREF(errorNameString); PKIX_RETURN(ERROR); }
static void Test_BuildResult( PKIX_ProcessingParams *procParams, PKIX_Boolean testValid, PKIX_List *expectedCerts, void *plContext) { PKIX_PL_Cert *cert = NULL; PKIX_List *certs = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; PKIX_BuildResult *buildResult = NULL; PKIX_Boolean result; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_UInt32 numCerts, i; char *asciiResult = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; void *state = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED!\n"); } PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ testError("UNEXPECTED NON-ERROR RECEIVED!\n"); } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_TrustAnchor_ToString * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_TrustAnchor_ToString( PKIX_PL_Object *object, PKIX_PL_String **pString, void *plContext) { PKIX_TrustAnchor *anchor = NULL; char *asciiFormat = NULL; PKIX_PL_String *formatString = NULL; PKIX_PL_String *anchorString = NULL; PKIX_PL_String *certString = NULL; PKIX_PL_String *nameString = NULL; PKIX_PL_String *pubKeyString = NULL; PKIX_PL_String *nameConstraintsString = NULL; PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString"); PKIX_NULLCHECK_TWO(object, pString); PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext), PKIX_OBJECTNOTTRUSTANCHOR); anchor = (PKIX_TrustAnchor*)object; if (anchor->trustedCert){ asciiFormat = "[\n" "\tTrusted Cert: %s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->trustedCert, &certString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&anchorString, plContext, formatString, certString), PKIX_SPRINTFFAILED); } else { asciiFormat = "[\n" "\tTrusted CA Name: %s\n" "\tTrusted CA PublicKey: %s\n" "\tInitial Name Constraints:%s\n" "]\n"; PKIX_CHECK(PKIX_PL_String_Create (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext), PKIX_STRINGCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->caName, &nameString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Object_ToString ((PKIX_PL_Object *)anchor->caPubKey, &pubKeyString, plContext), PKIX_OBJECTTOSTRINGFAILED); PKIX_TOSTRING (anchor->nameConstraints, &nameConstraintsString, plContext, PKIX_OBJECTTOSTRINGFAILED); PKIX_CHECK(PKIX_PL_Sprintf (&anchorString, plContext, formatString, nameString, pubKeyString, nameConstraintsString), PKIX_SPRINTFFAILED); } *pString = anchorString; cleanup: PKIX_DECREF(formatString); PKIX_DECREF(certString); PKIX_DECREF(nameString); PKIX_DECREF(pubKeyString); PKIX_DECREF(nameConstraintsString); PKIX_RETURN(TRUSTANCHOR); }
int dumpcert(int argc, char *argv[]) { PKIX_PL_String *string = NULL; PKIX_PL_Cert *cert = NULL; PKIX_Error *error = NULL; char *ascii = NULL; PKIX_UInt32 length = 0; PKIX_UInt32 j = 0; PKIX_Boolean useArenas = PKIX_FALSE; PKIX_UInt32 actualMinorVersion; PKIX_TEST_STD_VARS(); if (argc == 1){ printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_Initialize (PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); cert = createCert(argv[1+j]); if (cert){ error = PKIX_PL_Object_ToString ((PKIX_PL_Object *)cert, &string, plContext); if (error){ printFailure("Unable to get string representation " "of cert"); goto cleanup; } error = PKIX_PL_String_GetEncoded (string, PKIX_ESCASCII, (void **)&ascii, &length, plContext); if (error || !ascii){ printFailure("Unable to get ASCII encoding of string"); goto cleanup; } (void) printf("OUTPUT:\n%s\n", ascii); } else { printFailure("Unable to create certificate"); goto cleanup; } cleanup: if (cert){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext); } if (string){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext); } if (ascii){ PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext); } PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("DUMPCERT"); return (0); }