static
void testGetSetDate(
PKIX_ProcessingParams *goodObject,
PKIX_ProcessingParams *equalObject){
PKIX_PL_Date *setDate = NULL;
PKIX_PL_Date *getDate = NULL;
char *asciiDate = "040329134847Z";
PKIX_TEST_STD_VARS();
subTest("PKIX_ProcessingParams_Get/SetDate");
setDate = createDate(asciiDate, plContext);
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_GetDate
(goodObject, &getDate, plContext));
testEqualsHelper((PKIX_PL_Object *)setDate,
(PKIX_PL_Object *)getDate,
PKIX_TRUE,
plContext);
/* we want to make sure that goodObject and equalObject are "equal" */
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetDate
(equalObject, setDate, plContext));
cleanup:
PKIX_TEST_DECREF_AC(setDate);
PKIX_TEST_DECREF_AC(getDate);
PKIX_TEST_RETURN();
}
/*
* This is the libpkix replacement for CERT_VerifyOCSPResponseSignature.
* It is used if it has been set as the verifyFcn member of ocspChecker.
*/
PKIX_Error *
PKIX_PL_OcspResponse_UseBuildChain(
PKIX_PL_Cert *signerCert,
PKIX_PL_Date *producedAt,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
void **pState,
PKIX_BuildResult **pBuildResult,
PKIX_VerifyNode **pVerifyTree,
void *plContext)
{
PKIX_ProcessingParams *caProcParams = NULL;
PKIX_PL_Date *date = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
void *nbioContext = NULL;
PKIX_Error *buildError = NULL;
PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain");
PKIX_NULLCHECK_THREE(signerCert, producedAt, procParams);
PKIX_NULLCHECK_THREE(pNBIOContext, pState, pBuildResult);
nbioContext = *pNBIOContext;
*pNBIOContext = NULL;
/* Are we resuming after a WOULDBLOCK return, or starting anew ? */
if (nbioContext == NULL) {
/* Starting anew */
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)procParams,
(PKIX_PL_Object **)&caProcParams,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext),
PKIX_PROCESSINGPARAMSSETDATEFAILED);
/* create CertSelector with target certificate in params */
PKIX_CHECK(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext),
PKIX_CERTSELECTORCREATEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_Create
(&certSelParams, plContext),
PKIX_COMCERTSELPARAMSCREATEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate
(certSelParams, signerCert, plContext),
PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext),
PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints
(caProcParams, certSelector, plContext),
PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED);
}
buildError = PKIX_BuildChain
(caProcParams,
&nbioContext,
pState,
pBuildResult,
pVerifyTree,
plContext);
/* non-null nbioContext means the build would block */
if (nbioContext != NULL) {
*pNBIOContext = nbioContext;
/* no buildResult means the build has failed */
} else if (buildError) {
pkixErrorResult = buildError;
buildError = NULL;
} else {
PKIX_DECREF(*pState);
}
cleanup:
PKIX_DECREF(caProcParams);
PKIX_DECREF(date);
PKIX_DECREF(certSelParams);
PKIX_DECREF(certSelector);
PKIX_RETURN(OCSPRESPONSE);
}
PKIX_ProcessingParams *
createProcessingParams(
char *dirName,
char *firstAnchorFileName,
char *secondAnchorFileName,
char *dateAscii,
PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
PKIX_Boolean isCrlEnabled,
void *plContext)
{
PKIX_TrustAnchor *firstAnchor = NULL;
PKIX_TrustAnchor *secondAnchor = NULL;
PKIX_List *anchorsList = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_String *dateString = NULL;
PKIX_PL_Date *testDate = NULL;
PKIX_TEST_STD_VARS();
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
firstAnchor = createTrustAnchor
(dirName, firstAnchorFileName, PKIX_FALSE, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(anchorsList,
(PKIX_PL_Object *)firstAnchor,
plContext));
if (secondAnchorFileName){
secondAnchor =
createTrustAnchor
(dirName, secondAnchorFileName, PKIX_FALSE, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
(anchorsList,
(PKIX_PL_Object *)secondAnchor,
plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
(anchorsList, &procParams, plContext));
if (dateAscii){
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_String_Create
(PKIX_ESCASCII,
dateAscii,
0,
&dateString,
plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_PL_Date_Create_UTCTime
(dateString, &testDate, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_ProcessingParams_SetDate
(procParams, testDate, plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
(procParams, initialPolicies, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
(procParams, isCrlEnabled, plContext));
cleanup:
if (PKIX_TEST_ERROR_RECEIVED){
PKIX_TEST_DECREF_AC(procParams);
}
PKIX_TEST_DECREF_AC(dateString);
PKIX_TEST_DECREF_AC(testDate);
PKIX_TEST_DECREF_AC(anchorsList);
PKIX_TEST_DECREF_AC(firstAnchor);
PKIX_TEST_DECREF_AC(secondAnchor);
PKIX_TEST_RETURN();
return (procParams);
}
