static PKIX_Error *testLoggerCallback( PKIX_Logger *logger, PKIX_PL_String *message, PKIX_UInt32 logLevel, PKIX_ERRORCLASS logComponent, void *plContext) { char *comp = NULL; char *msg = NULL; char result[100]; static int callCount = 0; PKIX_TEST_STD_VARS(); msg = PKIX_String2ASCII(message, plContext); PR_snprintf(result, 100, "Logging %s (%s): %s", levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); subTest(result); callCount++; if (callCount > 1) { testError("Incorrect number of Logger Callback <expect 1>"); } cleanup: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); PKIX_TEST_RETURN(); }
static PKIX_Error *loggerCallback( PKIX_Logger *logger, PKIX_PL_String *message, PKIX_UInt32 logLevel, PKIX_ERRORCLASS logComponent, void *plContext) { #define resultSize 150 char *msg = NULL; char result[resultSize]; PKIX_TEST_STD_VARS(); msg = PKIX_String2ASCII(message, plContext); PR_snprintf(result, resultSize, "Logging %s (%s): %s", levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); subTest(result); cleanup: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); PKIX_TEST_RETURN(); }
/* * FUNCTION: treeToStringHelper * This function obtains the string representation of a PolicyNode * Tree and compares it to the expected value. * PARAMETERS: * "parent" - a PolicyNode, the root of a PolicyNodeTree; * must be non-NULL. * "expected" - the desired string. * THREAD SAFETY: * Thread Safe * * Multiple threads can safely call this function without worrying * about conflicts, even if they're operating on the same object. * RETURNS: * Nothing. */ static void treeToStringHelper(PKIX_PolicyNode *parent, char *expected) { PKIX_PL_String *stringRep = NULL; char *actual = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object *)parent, &stringRep, plContext)); actual = PKIX_String2ASCII(stringRep, plContext); if (actual == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } if (PL_strcmp(actual, expected) != 0){ testError("unexpected mismatch"); (void) printf("Actual value:\t%s\n", actual); (void) printf("Expected value:\t%s\n", expected); } cleanup: PKIX_PL_Free(actual, plContext); PKIX_TEST_DECREF_AC(stringRep); PKIX_TEST_RETURN(); }
static void testFree(PKIX_UInt32 *array) { PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext)); cleanup: PKIX_TEST_RETURN(); }
int test_mem(int argc, char *argv[]) { unsigned int *array = NULL; int arraySize = 10; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_TEST_STD_VARS(); startTests("Memory Allocation"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); subTest("PKIX_PL_Malloc"); testMalloc(&array); subTest("PKIX_PL_Realloc"); testRealloc(&array); subTest("PKIX_PL_Free"); testFree(array); /* --Negative Test Cases------------------- */ /* Create an integer array of size 10 */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc( (PKIX_UInt32)(arraySize*sizeof (unsigned int)), (void **) &array, plContext)); (void) printf("Attempting to reallocate 0 sized memory...\n"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Realloc(array, 0, (void **) &array, plContext)); (void) printf("Attempting to allocate to null pointer...\n"); PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext)); (void) printf("Attempting to reallocate to null pointer...\n"); PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext)); cleanup: PKIX_Shutdown(plContext); endTests("Memory Allocation"); return (0); }
int test_colcertstore(int argc, char *argv[]) { PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; char *platformDir = NULL; char *dataDir = NULL; char *combinedDir = NULL; PKIX_TEST_STD_VARS(); startTests("CollectionCertStore"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); if (argc < (3 + j)) { printUsage(argv[0]); return (0); } dataDir = argv[2 + j]; platformDir = argv[3 + j]; combinedDir = catDirName(platformDir, dataDir, plContext); testGetCRL(combinedDir); testGetCert(combinedDir); cleanup: pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("CollectionCertStore"); return (0); }
/* * FUNCTION: PKIX_PL_NssContext_Destroy * (see comments in pkix_samples_modules.h) */ PKIX_Error * PKIX_PL_NssContext_Destroy( void *nssContext) { void *plContext = NULL; PKIX_PL_NssContext *context = NULL; PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Destroy"); PKIX_NULLCHECK_ONE(nssContext); context = (PKIX_PL_NssContext*)nssContext; if (context->arena != NULL) { PKIX_CONTEXT_DEBUG("\t\tCalling PORT_FreeArena\n"); PORT_FreeArena(context->arena, PKIX_FALSE); } PKIX_PL_Free(nssContext, NULL); PKIX_RETURN(CONTEXT); }
int test_nameconstraints(int argc, char *argv[]) { PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; char *platformDir = NULL; char *dataDir = NULL; char *combinedDir = NULL; /* Note XXX serialnumber and reasoncode need debug */ PKIX_TEST_STD_VARS(); startTests("NameConstraints"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); if (argc < 3 + j) { printUsage(); return (0); } dataDir = argv[2 + j]; platformDir = argv[3 + j]; combinedDir = catDirName(platformDir, dataDir, plContext); testNameConstraints(combinedDir); cleanup: pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("NameConstraints"); return (0); }
int test_buildchain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *trustedPubKey = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *revCheckers = NULL; char *asciiResult = NULL; PKIX_Boolean result = PKIX_FALSE; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *expectedCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; void *state = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; useLDAP = PKIX_TRUE; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < (PKIX_UInt32)argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (PKIX_UInt32)(argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, NULL, /* testDate, may be NULL */ trustedPubKey, numCerts, &revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); #ifdef debuggingWithoutRevocation PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); #endif /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } } else { if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } subTest("Displaying VerifyNode objects"); if (verifyTree == NULL) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); } (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); if (pkixTestErrorResult) { PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(revCheckers); PKIX_TEST_DECREF_AC(revChecker); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(trustedPubKey); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain"); return (0); }
int test_buildchain_uchecker(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char * asciiResult = NULL; PKIX_Boolean result; PKIX_Boolean testValid = PKIX_TRUE; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_List *expectedCerts = NULL; PKIX_List *userOIDs = NULL; PKIX_PL_OID *oid = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; char *oidString = NULL; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ PKIX_TEST_STD_VARS(); if (argc < 5){ printUsage(); return (0); } startTests("BuildChain_UserChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } /* OID specified at argv[3+j] */ if (*argv[3+j] != '-') { if (*argv[3+j] == 'F') { supportForward = PKIX_TRUE; oidString = argv[3+j]+1; } else { oidString = argv[3+j]; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create (&userOIDs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (oidString, &oid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (userOIDs, (PKIX_PL_Object *)oid, plContext)); PKIX_TEST_DECREF_BC(oid); } subTest(argv[1+j]); dirName = argv[4+j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); chainLength = argc - j - 5; for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); if (k == (chainLength - 1)){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == 0){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_SetCertificate (certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create (testUserChecker, supportForward, PKIX_FALSE, userOIDs, NULL, &checker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker (procParams, checker, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain (procParams, &nbioContext, &buildState, &buildResult, NULL, plContext); if (testValid == PKIX_TRUE) { /* ENE */ if (pkixTestErrorResult){ (void) printf("UNEXPECTED RESULT RECEIVED!\n"); } else { (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } } else { /* EE */ if (pkixTestErrorResult){ (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { testError("UNEXPECTED RESULT RECEIVED"); } } if (buildResult){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_BuildResult_GetCertChain (buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetItem (certs, i, (PKIX_PL_Object**)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_Equals ((PKIX_PL_Object*)certs, (PKIX_PL_Object*)expectedCerts, &result, plContext)); if (!result){ testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII (actualCertsString, plContext); if (actualCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII (expectedCertsString, plContext); if (expectedCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void) printf("Actual value:\t%s\n", actualCertsAscii); (void) printf("Expected value:\t%s\n", expectedCertsAscii); if (chainLength - 1 != numUserCheckerCalled) { pkixTestErrorMsg = "PKIX user defined checker not called"; } goto cleanup; } } cleanup: PKIX_PL_Free(asciiResult, plContext); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(userOIDs); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
static void Test_BuildResult( PKIX_ProcessingParams *procParams, PKIX_Boolean testValid, PKIX_List *expectedCerts, void *plContext) { PKIX_PL_Cert *cert = NULL; PKIX_List *certs = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; PKIX_BuildResult *buildResult = NULL; PKIX_Boolean result; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_UInt32 numCerts, i; char *asciiResult = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; void *state = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, NULL, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED!\n"); } PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ testError("UNEXPECTED NON-ERROR RECEIVED!\n"); } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_RETURN(); }
int test_subjaltnamechecker(int argc, char *argv[]){ PKIX_List *chain = NULL; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_CertSelector *selector = NULL; PKIX_ComCertSelParams *selParams = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_PL_GeneralName *name = NULL; PKIX_UInt32 actualMinorVersion; char *certNames[PKIX_TEST_MAX_CERTS]; PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; PKIX_UInt32 chainLength = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; char *nameStr; char *nameEnd; char *names[PKIX_TEST_MAX_CERTS]; PKIX_UInt32 numNames = 0; PKIX_UInt32 nameType; PKIX_Boolean matchAll = PKIX_TRUE; PKIX_Boolean testValid = PKIX_TRUE; char *dirName = NULL; char *anchorName = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage1(argv[0]); return (0); } startTests("SubjAltNameConstraintChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); j++; /* skip test-purpose string */ /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage1(argv[0]); return (0); } /* taking out leading and trailing ", if any */ nameStr = argv[1+j]; subTest(nameStr); if (*nameStr == '"'){ nameStr++; nameEnd = nameStr; while (*nameEnd != '"' && *nameEnd != '\0') { nameEnd++; } *nameEnd = '\0'; } /* extract first [0|1] inidcating matchAll or not */ matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE; nameStr++; numNames = 0; while (*nameStr != '\0') { names[numNames++] = nameStr; while (*nameStr != '+' && *nameStr != '\0') { nameStr++; } if (*nameStr == '+') { *nameStr = '\0'; nameStr++; } } chainLength = (argc - j) - 4; if (chainLength > PKIX_TEST_MAX_CERTS) { printUsageMax(chainLength); } for (i = 0; i < chainLength; i++) { certNames[i] = argv[(4+j)+i]; certs[i] = NULL; } /* SubjAltName for validation */ subTest("Add Subject Alt Name for NameConstraint checking"); subTest("Create Selector and ComCertSelParams"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create (NULL, NULL, &selector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create (&selParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_SetCommonCertSelectorParams (selector, selParams, plContext)); subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames (selParams, matchAll, plContext)); subTest("PKIX_ComCertSelParams_AddSubjAltName(s)"); for (i = 0; i < numNames; i++) { nameType = getNameType(names[i]); if (nameType == 0xFFFF) { return (0); } nameStr = names[i] + 2; name = createGeneralName(nameType, nameStr, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName (selParams, name, plContext)); PKIX_TEST_DECREF_BC(name); } subTest("SubjAltName-Constraints - Create Cert Chain"); dirName = argv[3+j]; chain = createCertChainPlus (dirName, certNames, certs, chainLength, plContext); subTest("SubjAltName-Constraints - Create Params"); valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chain, plContext); subTest("PKIX_ValidateParams_getProcessingParams"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams (valParams, &procParams, plContext)); subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints (procParams, selector, plContext)); subTest("Subject Alt Name - Validate Chain"); if (testValid == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } else { PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } cleanup: PKIX_PL_Free(anchorName, plContext); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(chain); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(selector); PKIX_TEST_DECREF_AC(selParams); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(name); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("SubjAltNameConstraintsChecker"); return (0); }
PKIX_PL_CRL * createCRL( char *dirName, char *crlFileName, void *plContext) { PKIX_PL_ByteArray *byteArray = NULL; PKIX_PL_CRL *crl = NULL; PKIX_Error *error = NULL; PRFileDesc *inFile = NULL; SECItem crlDER; void *buf = NULL; PKIX_UInt32 len; SECStatus rv; char *pathName = NULL; PKIX_TEST_STD_VARS(); crlDER.data = NULL; pathName = catDirName(dirName, crlFileName, plContext); inFile = PR_Open(pathName, PR_RDONLY, 0); if (!inFile){ pkixTestErrorMsg = "Unable to open crl file"; goto cleanup; } else { rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); if (!rv){ buf = (void *)crlDER.data; len = crlDER.len; error = PKIX_PL_ByteArray_Create (buf, len, &byteArray, plContext); if (error){ pkixTestErrorMsg = "PKIX_PL_ByteArray_Create failed"; goto cleanup; } error = PKIX_PL_CRL_Create(byteArray, &crl, plContext); if (error){ pkixTestErrorMsg = "PKIX_PL_Crl_Create failed"; goto cleanup; } SECITEM_FreeItem(&crlDER, PR_FALSE); } else { pkixTestErrorMsg = "Unable to read DER from crl file"; goto cleanup; } } cleanup: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext)); if (inFile){ PR_Close(inFile); } if (error){ SECITEM_FreeItem(&crlDER, PR_FALSE); } PKIX_TEST_DECREF_AC(byteArray); PKIX_TEST_RETURN(); return (crl); }
PKIX_PL_Cert * createCert( char *dirName, char *certFileName, void *plContext) { PKIX_PL_ByteArray *byteArray = NULL; void *buf = NULL; PRFileDesc *certFile = NULL; PKIX_UInt32 len; SECItem certDER; SECStatus rv; /* default: NULL cert (failure case) */ PKIX_PL_Cert *cert = NULL; char *pathName = NULL; PKIX_TEST_STD_VARS(); certDER.data = NULL; pathName = catDirName(dirName, certFileName, plContext); certFile = PR_Open(pathName, PR_RDONLY, 0); if (!certFile){ pkixTestErrorMsg = "Unable to open cert file"; goto cleanup; } else { rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE); if (!rv){ buf = (void *)certDER.data; len = certDER.len; PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_ByteArray_Create (buf, len, &byteArray, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create (byteArray, &cert, plContext)); SECITEM_FreeItem(&certDER, PR_FALSE); } else { pkixTestErrorMsg = "Unable to read DER from cert file"; goto cleanup; } } cleanup: pkixTestErrorResult = PKIX_PL_Free(pathName, plContext); if (certFile){ PR_Close(certFile); } if (PKIX_TEST_ERROR_RECEIVED){ SECITEM_FreeItem(&certDER, PR_FALSE); } PKIX_TEST_DECREF_AC(byteArray); PKIX_TEST_RETURN(); return (cert); }
static void testNistTest2(char *dirName) { #define PKIX_TEST_NUM_CERTS 2 char *trustAnchor = "TrustAnchorRootCertificate.crt"; char *intermediateCert = "GoodCACert.crt"; char *endEntityCert = "ValidCertificatePathTest1EE.crt"; char *certNames[PKIX_TEST_NUM_CERTS]; char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1"; PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL }; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_List *chain = NULL; PKIX_PL_OID *Nist1PolicyOID = NULL; PKIX_List *initialPolicies = NULL; char *anchorName = NULL; PKIX_TEST_STD_VARS(); subTest("testNistTest2: Creating the cert chain"); /* * Create a chain, but don't include the first certName. * That's the anchor, and is supplied separately from * the chain. */ certNames[0] = intermediateCert; certNames[1] = endEntityCert; chain = createCertChainPlus (dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext); subTest("testNistTest2: Creating the Validate Parameters"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (asciiNist1Policy, &Nist1PolicyOID, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&initialPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable (initialPolicies, plContext)); valParams = createValidateParams (dirName, trustAnchor, NULL, NULL, initialPolicies, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chain, plContext); subTest("testNistTest2: Validating the chain"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, NULL, plContext)); cleanup: PKIX_PL_Free(anchorName, plContext); PKIX_TEST_DECREF_AC(Nist1PolicyOID); PKIX_TEST_DECREF_AC(initialPolicies); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(chain); PKIX_TEST_RETURN(); }
int build_chain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *trustedCertFile = NULL; char *targetCertFile = NULL; char *storeDirAscii = NULL; PKIX_PL_String *storeDirString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion, numCerts, i; PKIX_UInt32 j = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char *asciiResult = NULL; PKIX_Boolean useArenas = PKIX_FALSE; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; PKIX_TEST_STD_VARS(); if (argc < 4) { printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext)); /* create processing params with list of trust anchors */ trustedCertFile = argv[j + 1]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); targetCertFile = argv[j + 2]; targetCert = createCert(targetCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ storeDirAscii = argv[j + 3]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams, &nbioContext, &buildState, &buildResult, NULL, plContext)); /* * As long as we use only CertStores with blocking I/O, we can omit * checking for completion with nbioContext. */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } cleanup: if (PKIX_TEST_ERROR_RECEIVED) { (void)printf("FAILED TO BUILD CHAIN\n"); } else { (void)printf("SUCCESSFULLY BUILT CHAIN\n"); } PKIX_PL_Free(asciiResult, plContext); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(storeDirString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); return (0); }
int test_list2(int argc, char *argv[]) { PKIX_List *list; char *temp; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_Int32 cmpResult; PKIX_PL_OID *testOID; PKIX_PL_String *testString; PKIX_PL_Object *obj, *obj2; PKIX_UInt32 size = 10; char *testOIDString[10] = { "2.9.999.1.20", "1.2.3.4.5.6.7", "0.1", "1.2.3.5", "0.39", "1.2.3.4.7", "1.2.3.4.6", "0.39.1", "1.2.3.4.5", "0.39.1.300" }; PKIX_UInt32 actualMinorVersion; PKIX_TEST_STD_VARS(); startTests("List Sorting"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); subTest("Creating Unsorted Lists"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); for (i = 0; i < size; i++) { /* Create a new OID object */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create( testOIDString[i], &testOID, plContext)); /* Insert it into the list */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext)); /* Decref the string object */ PKIX_TEST_DECREF_BC(testOID); } subTest("Outputting Unsorted List"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, &testString, plContext)); temp = PKIX_String2ASCII(testString, plContext); if (temp) { (void)printf("%s \n", temp); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); } PKIX_TEST_DECREF_BC(testString); subTest("Performing Bubble Sort"); for (i = 0; i < size; i++) for (j = 9; j > i; j--) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j - 1, &obj2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext)); if (cmpResult < 0) { /* Exchange the items */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j - 1, obj, plContext)); } /* DecRef objects */ PKIX_TEST_DECREF_BC(obj); PKIX_TEST_DECREF_BC(obj2); } subTest("Outputting Sorted List"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, &testString, plContext)); temp = PKIX_String2ASCII(testString, plContext); if (temp) { (void)printf("%s \n", temp); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); } cleanup: PKIX_TEST_DECREF_AC(testString); PKIX_TEST_DECREF_AC(list); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("List Sorting"); return (0); }
int test_policychecker(int argc, char *argv[]) { PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE; PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE; PKIX_Boolean initialExplicitPolicy = PKIX_FALSE; PKIX_Boolean expectedResult = PKIX_FALSE; PKIX_UInt32 chainLength = 0; PKIX_UInt32 initArgs = 0; PKIX_UInt32 firstCert = 0; PKIX_UInt32 i = 0; PKIX_Int32 j = 0; PKIX_UInt32 actualMinorVersion; PKIX_ProcessingParams *procParams = NULL; char *firstTrustAnchor = "yassir2yassir"; char *secondTrustAnchor = "yassir2bcn"; char *dateAscii = "991201000000Z"; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */ char *certNames[PKIX_TEST_MAX_CERTS]; PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; PKIX_List *chain = NULL; PKIX_Error *validationError = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; char *dirName = NULL; char *dataCentralDir = NULL; char *anchorName = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * Perform hard-coded tests if no command line args. * If command line args are provided, they must be: * arg[1]: test name * arg[2]: "ENE" or "EE", for "expect no error" or "expect error" * arg[3]: directory for certificates * arg[4]: user-initial-policy-set, consisting of braces * containing zero or more OID sequences, separated by commas * arg[5]: (optional) "E", indicating initialExplicitPolicy * arg[firstCert]: the path and filename of the trust anchor certificate * arg[firstCert+1..(n-1)]: successive certificates in the chain * arg[n]: the end entity certificate * * Example: test_policychecker test1EE ENE * {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity */ dirName = argv[3+j]; dataCentralDir = argv[4+j]; if (argc <= 5 || ((6 == argc) && (j))) { testPass (dataCentralDir, firstTrustAnchor, secondTrustAnchor, dateAscii); testNistTest1(dirName); testNistTest2(dirName); goto cleanup; } if (argc < (7 + j)) { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } if (PORT_Strcmp(argv[2+j], "ENE") == 0) { expectedResult = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { expectedResult = PKIX_FALSE; } else { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } userInitialPolicySet = policySetParse(argv[5+j]); if (!userInitialPolicySet) { printUsage(argv[0]); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } for (initArgs = 0; initArgs < 3; initArgs++) { if (PORT_Strcmp(argv[6+j+initArgs], "A") == 0) { initialAnyPolicyInhibit = PKIX_TRUE; } else if (PORT_Strcmp(argv[6+j+initArgs], "E") == 0) { initialExplicitPolicy = PKIX_TRUE; } else if (PORT_Strcmp(argv[6+j+initArgs], "P") == 0) { initialPolicyMappingInhibit = PKIX_TRUE; } else { break; } } firstCert = initArgs + j + 6; chainLength = argc - (firstCert + 1); if (chainLength > PKIX_TEST_MAX_CERTS) { printUsageMax(chainLength); pkixTestErrorMsg = "Invalid command line arguments."; goto cleanup; } /* * Create a chain, but don't include the first certName. * That's the anchor, and is supplied separately from * the chain. */ for (i = 0; i < chainLength; i++) { certNames[i] = argv[i + (firstCert + 1)]; certs[i] = NULL; } chain = createCertChainPlus (dirName, certNames, certs, chainLength, plContext); subTest(argv[1+j]); valParams = createValidateParams (dirName, argv[firstCert], NULL, NULL, userInitialPolicySet, initialPolicyMappingInhibit, initialAnyPolicyInhibit, initialExplicitPolicy, PKIX_FALSE, chain, plContext); if (expectedResult == PKIX_TRUE) { subTest(" (expecting successful validation)"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); printValidPolicyTree(valResult); } else { subTest(" (expecting validation to fail)"); validationError = PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext); if (!validationError) { printValidPolicyTree(valResult); pkixTestErrorMsg = "Should have thrown an error here."; } PKIX_TEST_DECREF_BC(validationError); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); cleanup: PKIX_PL_Free(anchorName, plContext); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(userInitialPolicySet); PKIX_TEST_DECREF_AC(chain); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(validationError); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("PolicyChecker"); return (0); }
int dumpcert(int argc, char *argv[]) { PKIX_PL_String *string = NULL; PKIX_PL_Cert *cert = NULL; PKIX_Error *error = NULL; char *ascii = NULL; PKIX_UInt32 length = 0; PKIX_UInt32 j = 0; PKIX_Boolean useArenas = PKIX_FALSE; PKIX_UInt32 actualMinorVersion; PKIX_TEST_STD_VARS(); if (argc == 1){ printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_Initialize (PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); cert = createCert(argv[1+j]); if (cert){ error = PKIX_PL_Object_ToString ((PKIX_PL_Object *)cert, &string, plContext); if (error){ printFailure("Unable to get string representation " "of cert"); goto cleanup; } error = PKIX_PL_String_GetEncoded (string, PKIX_ESCASCII, (void **)&ascii, &length, plContext); if (error || !ascii){ printFailure("Unable to get ASCII encoding of string"); goto cleanup; } (void) printf("OUTPUT:\n%s\n", ascii); } else { printFailure("Unable to create certificate"); goto cleanup; } cleanup: if (cert){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext); } if (string){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext); } if (ascii){ PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext); } PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("DUMPCERT"); return (0); }