static void testNameConstraints(char *dataDir) { char *goodPname = "nameConstraintsDN5CACert.crt"; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_CertNameConstraints *goodNC = NULL; char *expectedAscii = "[\n" "\t\tPermitted Name: (OU=permittedSubtree1," "O=Test Certificates,C=US)\n" "\t\tExcluded Name: (OU=excludedSubtree1," "OU=permittedSubtree1,O=Test Certificates,C=US)\n" "\t]\n"; PKIX_TEST_STD_VARS(); subTest("PKIX_PL_CertNameConstraints"); goodCert = createCert(dataDir, goodPname, plContext); subTest("PKIX_PL_Cert_GetNameConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints (goodCert, &goodNC, plContext)); testToStringHelper ((PKIX_PL_Object *)goodNC, expectedAscii, plContext); cleanup: PKIX_TEST_DECREF_AC(goodNC); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_RETURN(); }
static void test_NameConstraints(char *dirName) { PKIX_PL_Cert *goodCert = NULL; PKIX_PL_CertNameConstraints *getNameConstraints = NULL; PKIX_PL_CertNameConstraints *setNameConstraints = NULL; PKIX_ComCertSelParams *goodParams = NULL; char *expectedAscii = "[\n" "\t\tPermitted Name: (OU=permittedSubtree1," "O=Test Certificates,C=US, OU=permittedSubtree2," "O=Test Certificates,C=US)\n" "\t\tExcluded Name: (EMPTY)\n" "\t]\n"; PKIX_TEST_STD_VARS(); subTest("Create Cert for NameConstraints test"); goodCert = createCert (dirName, "nameConstraintsDN2CACert.crt", plContext); subTest("PKIX_PL_Cert_GetNameConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints (goodCert, &setNameConstraints, plContext)); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create (&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetNameConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints (goodParams, setNameConstraints, plContext)); subTest("PKIX_ComCertSelParams_GetNameConstraints"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints (goodParams, &getNameConstraints, plContext)); subTest("Compare NameConstraints"); testEqualsHelper((PKIX_PL_Object *)setNameConstraints, (PKIX_PL_Object *)getNameConstraints, PKIX_TRUE, plContext); subTest("Compare NameConstraints with canned string"); testToStringHelper ((PKIX_PL_Object *)getNameConstraints, expectedAscii, plContext); cleanup: PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(getNameConstraints); PKIX_TEST_DECREF_AC(setNameConstraints); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_RETURN(); }
void DtlsSocketContext::Init() { if (DtlsSocketContext::mCert == NULL) { SSL_library_init(); SSL_load_error_strings(); ERR_load_crypto_strings(); createCert("sip:[email protected]", 365, 1024, DtlsSocketContext::mCert, DtlsSocketContext::privkey); } }
PKIX_List * createCertChain( char *dirName, char *firstCertFileName, char *secondCertFileName, void *plContext) { PKIX_PL_Cert *firstCert = NULL; PKIX_PL_Cert *secondCert = NULL; PKIX_List *certList = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); firstCert = createCert(dirName, firstCertFileName, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certList, (PKIX_PL_Object *)firstCert, plContext)); if (secondCertFileName){ secondCert = createCert(dirName, secondCertFileName, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certList, (PKIX_PL_Object *)secondCert, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable (certList, plContext)); cleanup: if (PKIX_TEST_ERROR_RECEIVED){ PKIX_TEST_DECREF_AC(certList); } PKIX_TEST_DECREF_AC(firstCert); PKIX_TEST_DECREF_AC(secondCert); PKIX_TEST_RETURN(); return (certList); }
/* * This function reads a directory-file cert specified by "desiredSubjectCert", * and decodes the SubjectName. It uses that name to set up the CertSelector * for a Subject Name match, and then queries the database for matching entries. * It is intended to test a "smart" database query. */ static void testMatchCertSubject( char *crlDir, char *desiredSubjectCert, char *expectedAscii, PKIX_PL_Date *validityDate, void *plContext) { PKIX_UInt32 numCert = 0; PKIX_PL_Cert *certWithDesiredSubject = NULL; PKIX_CertStore *certStore = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_List *certList = NULL; PKIX_CertStore_CertCallback getCert = NULL; void *nbioContext = NULL; PKIX_TEST_STD_VARS(); certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext); test_makeSubjectCertSelector(certWithDesiredSubject, validityDate, &certSelector, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore, certSelector, &nbioContext, &certList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); if (numCert > 0) { /* List should be immutable */ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext)); } if (expectedAscii) { testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext); } cleanup: PKIX_TEST_DECREF_AC(certWithDesiredSubject); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(certList); PKIX_TEST_RETURN(); }
PKIX_TrustAnchor * createTrustAnchor( char *dirName, char *certFileName, PKIX_Boolean useCert, void *plContext) { PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *cert = NULL; PKIX_PL_X500Name *name = NULL; PKIX_PL_PublicKey *pubKey = NULL; PKIX_PL_CertNameConstraints *nameConstraints = NULL; PKIX_TEST_STD_VARS(); cert = createCert(dirName, certFileName, plContext); if (useCert){ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (cert, &anchor, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject (cert, &name, plContext)); if (name == NULL){ goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey (cert, &pubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_TrustAnchor_CreateWithNameKeyPair (name, pubKey, nameConstraints, &anchor, plContext)); } cleanup: if (PKIX_TEST_ERROR_RECEIVED){ PKIX_TEST_DECREF_AC(anchor); } PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(name); PKIX_TEST_DECREF_AC(pubKey); PKIX_TEST_DECREF_AC(nameConstraints); PKIX_TEST_RETURN(); return (anchor); }
PKIX_List * createCertChainPlus( char *dirName, char *certNames[], PKIX_PL_Cert *certs[], PKIX_UInt32 numCerts, void *plContext) { PKIX_List *certList = NULL; PKIX_UInt32 i; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); for (i = 0; i < numCerts; i++) { certs[i] = createCert(dirName, certNames[i], plContext); /* Create Cert may fail */ if (certs[i] == NULL) { PKIX_TEST_DECREF_BC(certList); goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certList, (PKIX_PL_Object *)certs[i], plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable (certList, plContext)); cleanup: if (PKIX_TEST_ERROR_RECEIVED){ PKIX_TEST_DECREF_AC(certList); } for (i = 0; i < numCerts; i++) { PKIX_TEST_DECREF_AC(certs[i]); } PKIX_TEST_RETURN(); return (certList); }
PKIX_ValidateResult * createValidateResult( char *dirName, char *anchorFileName, char *pubKeyCertFileName, void *plContext) { PKIX_TrustAnchor *anchor = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_PL_Cert *cert = NULL; PKIX_PL_PublicKey *pubKey = NULL; PKIX_TEST_STD_VARS(); anchor = createTrustAnchor (dirName, anchorFileName, PKIX_FALSE, plContext); cert = createCert(dirName, pubKeyCertFileName, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey (cert, &pubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR (pkix_ValidateResult_Create (pubKey, anchor, NULL, &valResult, plContext)); cleanup: if (PKIX_TEST_ERROR_RECEIVED){ PKIX_TEST_DECREF_AC(valResult); } PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(pubKey); PKIX_TEST_RETURN(); return (valResult); }
int test_buildchain_uchecker(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char * asciiResult = NULL; PKIX_Boolean result; PKIX_Boolean testValid = PKIX_TRUE; PKIX_Boolean supportForward = PKIX_FALSE; PKIX_List *expectedCerts = NULL; PKIX_List *userOIDs = NULL; PKIX_PL_OID *oid = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; char *oidString = NULL; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ PKIX_TEST_STD_VARS(); if (argc < 5){ printUsage(); return (0); } startTests("BuildChain_UserChecker"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } /* OID specified at argv[3+j] */ if (*argv[3+j] != '-') { if (*argv[3+j] == 'F') { supportForward = PKIX_TRUE; oidString = argv[3+j]+1; } else { oidString = argv[3+j]; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create (&userOIDs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (oidString, &oid, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (userOIDs, (PKIX_PL_Object *)oid, plContext)); PKIX_TEST_DECREF_BC(oid); } subTest(argv[1+j]); dirName = argv[4+j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); chainLength = argc - j - 5; for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); if (k == (chainLength - 1)){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == 0){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_IncRef ((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_SetCertificate (certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create (testUserChecker, supportForward, PKIX_FALSE, userOIDs, NULL, &checker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker (procParams, checker, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create (PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create (dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain (procParams, &nbioContext, &buildState, &buildResult, NULL, plContext); if (testValid == PKIX_TRUE) { /* ENE */ if (pkixTestErrorResult){ (void) printf("UNEXPECTED RESULT RECEIVED!\n"); } else { (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } } else { /* EE */ if (pkixTestErrorResult){ (void) printf("EXPECTED RESULT RECEIVED!\n"); PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { testError("UNEXPECTED RESULT RECEIVED"); } } if (buildResult){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_BuildResult_GetCertChain (buildResult, &certs, NULL)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++){ PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_GetItem (certs, i, (PKIX_PL_Object**)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_Equals ((PKIX_PL_Object*)certs, (PKIX_PL_Object*)expectedCerts, &result, plContext)); if (!result){ testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII (actualCertsString, plContext); if (actualCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Object_ToString ((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII (expectedCertsString, plContext); if (expectedCertsAscii == NULL){ pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void) printf("Actual value:\t%s\n", actualCertsAscii); (void) printf("Expected value:\t%s\n", expectedCertsAscii); if (chainLength - 1 != numUserCheckerCalled) { pkixTestErrorMsg = "PKIX user defined checker not called"; } goto cleanup; } } cleanup: PKIX_PL_Free(asciiResult, plContext); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(userOIDs); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
int test_comcertselparams(int argc, char *argv[]) { PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_PL_Cert *testCert = NULL; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_Cert *equalCert = NULL; PKIX_PL_Cert *diffCert = NULL; PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ PKIX_ComCertSelParams *goodParams = NULL; PKIX_ComCertSelParams *equalParams = NULL; PKIX_PL_X500Name *goodSubject = NULL; PKIX_PL_X500Name *equalSubject = NULL; PKIX_PL_X500Name *diffSubject = NULL; PKIX_PL_X500Name *testSubject = NULL; PKIX_Int32 goodMinPathLength = 0; PKIX_Int32 equalMinPathLength = 0; PKIX_Int32 diffMinPathLength = 0; PKIX_Int32 testMinPathLength = 0; PKIX_List *goodPolicies = NULL; /* OIDs */ PKIX_List *equalPolicies = NULL; /* OIDs */ PKIX_List *testPolicies = NULL; /* OIDs */ PKIX_List *cert2Policies = NULL; /* OIDs */ PKIX_PL_Date *testDate = NULL; PKIX_PL_Date *goodDate = NULL; PKIX_PL_Date *equalDate = NULL; PKIX_PL_String *stringRep = NULL; char *asciiRep = NULL; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 2) { printUsage(); return (0); } startTests("ComCertSelParams"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); dirName = argv[j + 1]; asciiRep = "050501000000Z"; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); /* Convert from List of CertPolicyInfos to List of OIDs */ test_CreateOIDList(testPolicyInfos, &testPolicies); subTest("Create goodParams and set its fields"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); subTest("Duplicate goodParams and verify copy"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, (PKIX_PL_Object **)&equalParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_TRUE, plContext); if (goodMinPathLength != equalMinPathLength) { testError("unexpected mismatch"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodCert, (PKIX_PL_Object *)equalCert, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodDate, (PKIX_PL_Object *)equalDate, PKIX_TRUE, plContext); PKIX_TEST_DECREF_BC(equalSubject); PKIX_TEST_DECREF_BC(equalPolicies); PKIX_TEST_DECREF_BC(equalCert); PKIX_TEST_DECREF_AC(equalDate); subTest("Set different values and verify differences"); diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); test_CreateOIDList(cert2PolicyInfos, &cert2Policies); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( equalParams, diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_FALSE, plContext); if (goodMinPathLength == equalMinPathLength) { testError("unexpected match"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_FALSE, plContext); test_NameConstraints(dirName); test_PathToNames(); test_SubjAltNames(); test_KeyUsages(); test_Version_Issuer_SerialNumber(); test_SubjKeyId_AuthKeyId(); test_SubjAlgId_SubjPublicKey(dirName); cleanup: PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodSubject); PKIX_TEST_DECREF_AC(equalSubject); PKIX_TEST_DECREF_AC(diffSubject); PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodPolicies); PKIX_TEST_DECREF_AC(equalPolicies); PKIX_TEST_DECREF_AC(testPolicies); PKIX_TEST_DECREF_AC(cert2Policies); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(equalParams); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(diffCert); PKIX_TEST_DECREF_AC(testCert); PKIX_TEST_DECREF_AC(goodBasicConstraints); PKIX_TEST_DECREF_AC(diffBasicConstraints); PKIX_TEST_DECREF_AC(testPolicyInfos); PKIX_TEST_DECREF_AC(cert2PolicyInfos); PKIX_TEST_DECREF_AC(stringRep); PKIX_TEST_DECREF_AC(testDate); PKIX_TEST_DECREF_AC(goodDate); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ComCertSelParams"); return (0); }
static void test_SubjAlgId_SubjPublicKey(char *dirName) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_PL_OID *setAlgId = NULL; PKIX_PL_OID *getAlgId = NULL; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_PublicKey *setPublicKey = NULL; PKIX_PL_PublicKey *getPublicKey = NULL; PKIX_Boolean isEqual = PKIX_FALSE; PKIX_TEST_STD_VARS(); /* Subject Algorithm Identifier */ subTest("PKIX_PL_OID_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, (PKIX_PL_Object *)getAlgId, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Subject Public Key Alg mismatch " "<expect equal>"); } /* Subject Public Key */ subTest("Getting Cert for Subject Public Key"); goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); subTest("PKIX_PL_Cert_GetSubjectPublicKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); subTest("PKIX_ComCertSelParams_SetSubjPubKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); subTest("PKIX_ComCertSelParams_GetSubjPubKey"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, (PKIX_PL_Object *)getPublicKey, &isEqual, plContext)); if (isEqual == PKIX_FALSE) { testError("unexpected Subject Public Key mismatch " "<expect equal>"); } cleanup: PKIX_TEST_DECREF_AC(setAlgId); PKIX_TEST_DECREF_AC(getAlgId); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(setPublicKey); PKIX_TEST_DECREF_AC(getPublicKey); PKIX_TEST_RETURN(); }
int test_buildchain_resourcelimits(int argc, char *argv[]) { PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_CertChainChecker *checker = NULL; PKIX_ResourceLimits *resourceLimits = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = 0; /* 0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *expectedCerts = NULL; PKIX_Boolean testValid = PKIX_FALSE; PKIX_Boolean usebind = PKIX_FALSE; PKIX_Boolean useLDAP = PKIX_FALSE; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain_ResourceLimits"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); #if 0 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create (&certStore, plContext)); #endif PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* set resource limits */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext)); /* need longer time when running dbx for memory leak checking */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext)); /* build cert chain using processing params and return buildResult */ subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>"); Test_BuildResult(procParams, testValid, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext)); subTest("Testing ResourceLimits MaxFanout - <fail>"); Test_BuildResult(procParams, PKIX_FALSE, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext)); subTest("Testing ResourceLimits MaxDepth - <fail>"); Test_BuildResult(procParams, PKIX_FALSE, expectedCerts, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext)); subTest("Testing ResourceLimits No checking - <pass>"); Test_BuildResult(procParams, testValid, expectedCerts, plContext); cleanup: PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(checker); PKIX_TEST_DECREF_AC(resourceLimits); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain_UserChecker"); return (0); }
int test_validatechain_NB(int argc, char *argv[]){ PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *chainCerts = NULL; PKIX_PL_Cert *dirCert = NULL; char *dirCertName = NULL; char *anchorCertName = NULL; char *dirName = NULL; PKIX_UInt32 certIndex = 0; PKIX_UInt32 anchorIndex = 0; PKIX_UInt32 checkerIndex = 0; PKIX_Boolean revChecking = PKIX_FALSE; PKIX_List *checkers = NULL; PRPollDesc *pollDesc = NULL; PRErrorCode errorCode = 0; PKIX_PL_Socket *socket = NULL; char *ldapName = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_List *loggers = NULL; PKIX_Logger *logger = NULL; char *logging = NULL; PKIX_PL_String *component = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("ValidateChain_NB"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } subTest(argv[1+j]); dirName = argv[3+j]; chainLength = argc - j - 5; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); for (k = 0; k < chainLength; k++){ dirCert = createCert(dirName, argv[5+k+j], plContext); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (chainCerts, (PKIX_PL_Object *)dirCert, plContext)); PKIX_TEST_DECREF_BC(dirCert); } valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chainCerts, plContext); ldapName = PR_GetEnv("LDAP"); /* Is LDAP set in the environment? */ if ((ldapName == NULL) || (*ldapName == '\0')) { testError("LDAP not set in environment"); goto cleanup; } pkixTestErrorResult = pkix_pl_Socket_CreateByName (PKIX_FALSE, /* isServer */ PR_SecondsToInterval(30), /* try 30 secs for connect */ ldapName, &errorCode, &socket, plContext); if (pkixTestErrorResult != NULL) { PKIX_PL_Object_DecRef ((PKIX_PL_Object *)pkixTestErrorResult, plContext); pkixTestErrorResult = NULL; testError("Unable to connect to LDAP Server"); goto cleanup; } PKIX_TEST_DECREF_BC(socket); testSetupCertStore(valParams, ldapName); logging = PR_GetEnv("LOGGING"); /* Is LOGGING set in the environment? */ if ((logging != NULL) && (*logging != '\0')) { PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&loggers, plContext)); testLogErrors (PKIX_VALIDATE_ERROR, 2, loggers, plContext); testLogErrors (PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext); testLogErrors (PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext); testLogErrors (PKIX_CERTSTORE_ERROR, 2, loggers, plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext)); } pkixTestErrorResult = PKIX_ValidateChain_NB (valParams, &certIndex, &anchorIndex, &checkerIndex, &revChecking, &checkers, (void **)&pollDesc, &valResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_ValidateChain_NB (valParams, &certIndex, &anchorIndex, &checkerIndex, &revChecking, &checkers, (void **)&pollDesc, &valResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void) printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } PKIX_TEST_DECREF_BC(pkixTestErrorResult); } else { if (testValid == PKIX_TRUE) { /* ENE */ (void) printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void) printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } cleanup: if (verifyTree) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); } PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(checkers); PKIX_TEST_DECREF_AC(chainCerts); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ValidateChain_NB"); return (0); }
int build_chain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *trustedCertFile = NULL; char *targetCertFile = NULL; char *storeDirAscii = NULL; PKIX_PL_String *storeDirString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion, numCerts, i; PKIX_UInt32 j = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char *asciiResult = NULL; PKIX_Boolean useArenas = PKIX_FALSE; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; PKIX_TEST_STD_VARS(); if (argc < 4) { printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext)); /* create processing params with list of trust anchors */ trustedCertFile = argv[j + 1]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); targetCertFile = argv[j + 2]; targetCert = createCert(targetCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ storeDirAscii = argv[j + 3]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams, &nbioContext, &buildState, &buildResult, NULL, plContext)); /* * As long as we use only CertStores with blocking I/O, we can omit * checking for completion with nbioContext. */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } cleanup: if (PKIX_TEST_ERROR_RECEIVED) { (void)printf("FAILED TO BUILD CHAIN\n"); } else { (void)printf("SUCCESSFULLY BUILT CHAIN\n"); } PKIX_PL_Free(asciiResult, plContext); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(storeDirString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); return (0); }
int dumpcert(int argc, char *argv[]) { PKIX_PL_String *string = NULL; PKIX_PL_Cert *cert = NULL; PKIX_Error *error = NULL; char *ascii = NULL; PKIX_UInt32 length = 0; PKIX_UInt32 j = 0; PKIX_Boolean useArenas = PKIX_FALSE; PKIX_UInt32 actualMinorVersion; PKIX_TEST_STD_VARS(); if (argc == 1){ printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_Initialize (PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); cert = createCert(argv[1+j]); if (cert){ error = PKIX_PL_Object_ToString ((PKIX_PL_Object *)cert, &string, plContext); if (error){ printFailure("Unable to get string representation " "of cert"); goto cleanup; } error = PKIX_PL_String_GetEncoded (string, PKIX_ESCASCII, (void **)&ascii, &length, plContext); if (error || !ascii){ printFailure("Unable to get ASCII encoding of string"); goto cleanup; } (void) printf("OUTPUT:\n%s\n", ascii); } else { printFailure("Unable to create certificate"); goto cleanup; } cleanup: if (cert){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext); } if (string){ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext); } if (ascii){ PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext); } PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("DUMPCERT"); return (0); }
int test_buildchain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_PublicKey *trustedPubKey = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *dirName = NULL; PKIX_PL_String *dirNameString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion = 0; PKIX_UInt32 numCerts = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_CertStore *ldapCertStore = NULL; PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; PKIX_List *revCheckers = NULL; char *asciiResult = NULL; PKIX_Boolean result = PKIX_FALSE; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *expectedCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_PL_String *actualCertsString = NULL; PKIX_PL_String *expectedCertsString = NULL; void *state = NULL; char *actualCertsAscii = NULL; char *expectedCertsAscii = NULL; PRPollDesc *pollDesc = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("BuildChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* * arguments: * [optional] -arenas * [optional] usebind * servername or servername:port ( - for no server) * testname * EE or ENE * cert directory * target cert (end entity) * intermediate certs * trust anchor */ /* optional argument "usebind" for Ldap CertStore */ if (argv[j + 1]) { if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { usebind = PKIX_TRUE; j++; } } if (PORT_Strcmp(argv[++j], "-") == 0) { useLDAP = PKIX_FALSE; } else { serverName = argv[j]; useLDAP = PKIX_TRUE; } subTest(argv[++j]); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[++j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } dirName = argv[++j]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); for (k = ++j; k < (PKIX_UInt32)argc; k++) { dirCert = createCert(dirName, argv[k], plContext); if (k == (PKIX_UInt32)(argc - 1)) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); trustedCert = dirCert; } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, (PKIX_PL_Object *)dirCert, plContext)); if (k == j) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); targetCert = dirCert; } } PKIX_TEST_DECREF_BC(dirCert); } /* create processing params with list of trust anchors */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); if (useLDAP == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)ldapCertStore, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, NULL, /* testDate, may be NULL */ trustedPubKey, numCerts, &revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); #ifdef debuggingWithoutRevocation PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); #endif /* build cert chain using processing params and return buildResult */ pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); while (pollDesc != NULL) { if (PR_Poll(pollDesc, 1, 0) < 0) { testError("PR_Poll failed"); } pkixTestErrorResult = PKIX_BuildChain(procParams, (void **)&pollDesc, &state, &buildResult, &verifyTree, plContext); } if (pkixTestErrorResult) { if (testValid == PKIX_FALSE) { /* EE */ (void)printf("EXPECTED ERROR RECEIVED!\n"); } else { /* ENE */ testError("UNEXPECTED ERROR RECEIVED"); } } else { if (testValid == PKIX_TRUE) { /* ENE */ (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); } else { /* EE */ (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); } } subTest("Displaying VerifyNode objects"); if (verifyTree == NULL) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); } else { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); } (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); if (pkixTestErrorResult) { PKIX_TEST_DECREF_BC(pkixTestErrorResult); goto cleanup; } if (buildResult) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, (PKIX_PL_Object *)expectedCerts, &result, plContext)); if (!result) { testError("BUILT CERTCHAIN IS " "NOT THE ONE THAT WAS EXPECTED"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, &actualCertsString, plContext)); actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); if (actualCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, &expectedCertsString, plContext)); expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); if (expectedCertsAscii == NULL) { pkixTestErrorMsg = "PKIX_String2ASCII Failed"; goto cleanup; } (void)printf("Actual value:\t%s\n", actualCertsAscii); (void)printf("Expected value:\t%s\n", expectedCertsAscii); } } cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_PL_Free(asciiResult, NULL); PKIX_PL_Free(actualCertsAscii, plContext); PKIX_PL_Free(expectedCertsAscii, plContext); PKIX_TEST_DECREF_AC(state); PKIX_TEST_DECREF_AC(actualCertsString); PKIX_TEST_DECREF_AC(expectedCertsString); PKIX_TEST_DECREF_AC(expectedCerts); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(revCheckers); PKIX_TEST_DECREF_AC(revChecker); PKIX_TEST_DECREF_AC(ldapCertStore); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(dirNameString); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(trustedPubKey); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("BuildChain"); return (0); }
int test_subjectinfoaccess(int argc, char *argv[]) { PKIX_PL_Cert *cert = NULL; PKIX_PL_Cert *certDiff = NULL; PKIX_List *aiaList = NULL; PKIX_List *siaList = NULL; PKIX_PL_InfoAccess *sia = NULL; PKIX_PL_InfoAccess *siaDup = NULL; PKIX_PL_InfoAccess *siaDiff = NULL; PKIX_PL_GeneralName *location = NULL; char *certPathName = NULL; char *dirName = NULL; PKIX_UInt32 method = 0; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 size, i; PKIX_UInt32 j = 0; char *expectedAscii = "[method:caRepository, " "location:http://betty.nist.gov/pathdiscoverytestsuite/" "p7cfiles/IssuedByTrustAnchor1.p7c]"; PKIX_TEST_STD_VARS(); startTests("SubjectInfoAccess"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); if (argc < 5+j) { printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); } dirName = argv[2+j]; certPathName = argv[3+j]; subTest("Creating Cert with Subject Info Access"); cert = createCert(dirName, certPathName, plContext); certPathName = argv[4+j]; subTest("Creating Cert with Subject Info Access"); certDiff = createCert(dirName, certPathName, plContext); subTest("Getting Subject Info Access"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess (cert, &siaList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength (siaList, &size, plContext)); if (size != 1) { pkixTestErrorMsg = "unexpected number of AIA"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (siaList, 0, (PKIX_PL_Object **) &sia, plContext)); subTest("PKIX_PL_InfoAccess_GetMethod"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod (sia, &method, plContext)); if (method != PKIX_INFOACCESS_CA_REPOSITORY) { pkixTestErrorMsg = "unexpected method of AIA"; goto cleanup; } subTest("PKIX_PL_InfoAccess_GetLocation"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation (sia, &location, plContext)); if (!location) { pkixTestErrorMsg = "Cannot get AIA location"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (siaList, 0, (PKIX_PL_Object **) &siaDup, plContext)); subTest("Getting Authority Info Access as difference comparison"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess (certDiff, &aiaList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength (aiaList, &size, plContext)); if (size != 1) { pkixTestErrorMsg = "unexpected number of AIA"; goto cleanup; } PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (aiaList, 0, (PKIX_PL_Object **) &siaDiff, plContext)); subTest("Checking: Equal, Hash and ToString"); PKIX_TEST_EQ_HASH_TOSTR_DUP (sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE); cleanup: PKIX_TEST_DECREF_AC(location); PKIX_TEST_DECREF_AC(sia); PKIX_TEST_DECREF_AC(siaDup); PKIX_TEST_DECREF_AC(siaDiff); PKIX_TEST_DECREF_AC(aiaList); PKIX_TEST_DECREF_AC(siaList); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certDiff); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("Subjectinfoaccess"); return (0); }
int test_validatechain(int argc, char *argv[]){ PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_UInt32 k = 0; PKIX_UInt32 chainLength = 0; PKIX_Boolean testValid = PKIX_TRUE; PKIX_List *chainCerts = NULL; PKIX_PL_Cert *dirCert = NULL; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; char *dirCertName = NULL; char *anchorCertName = NULL; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 5) { printUsage(); return (0); } startTests("ValidateChain"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); /* ENE = expect no error; EE = expect error */ if (PORT_Strcmp(argv[2+j], "ENE") == 0) { testValid = PKIX_TRUE; } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { testValid = PKIX_FALSE; } else { printUsage(); return (0); } subTest(argv[1+j]); dirName = argv[3+j]; chainLength = argc - j - 5; PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); for (k = 0; k < chainLength; k++) { dirCert = createCert(dirName, argv[5+k+j], plContext); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (chainCerts, (PKIX_PL_Object *)dirCert, plContext)); PKIX_TEST_DECREF_BC(dirCert); } valParams = createValidateParams (dirName, argv[4+j], NULL, NULL, NULL, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, PKIX_FALSE, chainCerts, plContext); testDefaultCertStore(valParams, dirName); if (testValid == PKIX_TRUE) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } else { PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); } subTest("Displaying VerifyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); cleanup: PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(chainCerts); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_DECREF_AC(valResult); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ValidateChain"); return (0); }
int test_validatechain_bc(int argc, char *argv[]) { PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_ProcessingParams *procParams = NULL; PKIX_ValidateParams *valParams = NULL; PKIX_ValidateResult *valResult = NULL; PKIX_PL_X500Name *subject = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; char *trustedCertFile = NULL; char *chainCertFile = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *chainCert = NULL; PKIX_UInt32 chainLength = 0; PKIX_UInt32 i = 0; PKIX_UInt32 j = 0; PKIX_UInt32 actualMinorVersion; PKIX_VerifyNode *verifyTree = NULL; PKIX_PL_String *verifyString = NULL; PKIX_TEST_STD_VARS(); if (argc < 3){ printUsage(); return (0); } startTests("ValidateChainBasicConstraints"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); chainLength = (argc - j) - 2; /* create processing params with list of trust anchors */ trustedCertFile = argv[1+j]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints (certSelParams, -1, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext)); PKIX_TEST_DECREF_BC(subject); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert (trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create (anchors, &procParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled (procParams, PKIX_FALSE, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext)); PKIX_TEST_DECREF_BC(certSelector); /* create cert chain */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); for (i = 0; i < chainLength; i++){ chainCertFile = argv[i + (2+j)]; chainCert = createCert(chainCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (certs, (PKIX_PL_Object *)chainCert, plContext)); PKIX_TEST_DECREF_BC(chainCert); } /* create validate params with processing params and cert chain */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create (procParams, certs, &valParams, plContext)); /* validate cert chain using processing params and return valResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); if (valResult != NULL){ printf("SUCCESSFULLY VALIDATED with Basic Constraint "); printf("Cert Selector minimum path length to be -1\n"); PKIX_TEST_DECREF_BC(valResult); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); PKIX_TEST_DECREF_BC(verifyString); PKIX_TEST_DECREF_BC(verifyTree); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints (certSelParams, 6, plContext)); /* validate cert chain using processing params and return valResult */ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain (valParams, &valResult, &verifyTree, plContext)); if (valResult != NULL){ printf("SUCCESSFULLY VALIDATED with Basic Constraint "); printf("Cert Selector minimum path length to be 6\n"); } PKIX_TEST_DECREF_BC(trustedCert); PKIX_TEST_DECREF_BC(anchor); PKIX_TEST_DECREF_BC(anchors); PKIX_TEST_DECREF_BC(certs); PKIX_TEST_DECREF_BC(procParams); cleanup: if (PKIX_TEST_ERROR_RECEIVED){ printf("FAILED TO VALIDATE\n"); } PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)verifyTree, &verifyString, plContext)); (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString); PKIX_TEST_DECREF_AC(verifyString); PKIX_TEST_DECREF_AC(verifyTree); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(valResult); PKIX_TEST_DECREF_AC(valParams); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); endTests("ValidateChainBasicConstraints"); return (0); }
int test_policynode(int argc, char *argv[]) { /* * Create a tree with parent = anyPolicy, * child1 with Nist1+Nist2, child2 with Nist1. * Give each child another child, with policies Nist2 * and Nist1, respectively. Pruning with a depth of two * should have no effect. Give one of the children * another child. Then pruning with a depth of three * should reduce the tree to a single strand, as child1 * and child3 are removed. * * parent (anyPolicy) * / \ * child1(Nist1+Nist2) child2(Nist1) * | | * child3(Nist2) child4(Nist1) * | * child5(Nist1) * */ char *asciiAnyPolicy = "2.5.29.32.0"; PKIX_PL_Cert *cert = NULL; PKIX_PL_CertPolicyInfo *nist1Policy = NULL; PKIX_PL_CertPolicyInfo *nist2Policy = NULL; PKIX_List *policyQualifierList = NULL; PKIX_PL_OID *oidAnyPolicy = NULL; PKIX_PL_OID *oidNist1Policy = NULL; PKIX_PL_OID *oidNist2Policy = NULL; PKIX_List *expectedAnyList = NULL; PKIX_List *expectedNist1List = NULL; PKIX_List *expectedNist2List = NULL; PKIX_List *expectedNist1Nist2List = NULL; PKIX_List *emptyList = NULL; PKIX_PolicyNode *parentNode = NULL; PKIX_PolicyNode *childNode1 = NULL; PKIX_PolicyNode *childNode2 = NULL; PKIX_PolicyNode *childNode3 = NULL; PKIX_PolicyNode *childNode4 = NULL; PKIX_PolicyNode *childNode5 = NULL; PKIX_PL_String *parentString = NULL; PKIX_Boolean pDelete = PKIX_FALSE; char *expectedParentAscii = "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C " "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65" " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2" "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 " "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66" " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6" "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3" ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7" "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 " "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20" " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6" "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 " "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3" ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20" " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2" "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 " "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72" " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7" "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n" ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}"; char *expectedValidAscii = "2.16.840.1.101.3.2.1.48.2"; char *expectedQualifiersAscii = /* "(1.3.6.1.5.5.7.2.2)"; */ "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 " "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74" " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7" "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 " "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70" " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])"; char *expectedPoliciesAscii = "(2.16.840.1.101.3.2.1.48.1)"; char *expectedTree = "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1" ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69" " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6" "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 " "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63" " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7" "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101" ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A " "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72" " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6" "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 " "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F" " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]" "),1}\n" ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30" " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6" "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F " "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68" " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2" "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 " "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)" ",2}\n" ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," "(2.16.840.1.101.3.2.1.48.1),2}\n" ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" "0.1.101.3.2.1.48.1),3}"; char *expectedPrunedTree = "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," "(2.16.840.1.101.3.2.1.48.1),2}\n" ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" "0.1.101.3.2.1.48.1),3}"; PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 2) { printUsage(); return (0); } startTests("PolicyNode"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); dirName = argv[j+1]; subTest("Creating OID objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create (asciiAnyPolicy, &oidAnyPolicy, plContext)); /* Read certificates to get real policies, qualifiers */ cert = createCert (dirName, "UserNoticeQualifierTest16EE.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation (cert, &expectedNist1Nist2List, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (expectedNist1Nist2List, 0, (PKIX_PL_Object **)&nist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem (expectedNist1Nist2List, 1, (PKIX_PL_Object **)&nist2Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers (nist1Policy, &policyQualifierList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId (nist1Policy, &oidNist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId (nist2Policy, &oidNist2Policy, plContext)); subTest("Creating expectedPolicy List objects"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedAnyList, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedNist1List, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_Create(&expectedNist2List, plContext)); subTest("Populating expectedPolicy List objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_List_AppendItem (expectedNist1List, (PKIX_PL_Object *)oidNist1Policy, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem (expectedNist2List, (PKIX_PL_Object *)oidNist2Policy, plContext)); subTest("Creating PolicyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidAnyPolicy, NULL, PKIX_TRUE, expectedAnyList, &parentNode, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist2Policy, policyQualifierList, PKIX_TRUE, expectedNist1Nist2List, &childNode1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, policyQualifierList, PKIX_TRUE, expectedNist1List, &childNode2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist2Policy, policyQualifierList, PKIX_TRUE, expectedNist2List, &childNode3, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, emptyList, PKIX_FALSE, expectedNist1List, &childNode4, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create (oidNist1Policy, NULL, PKIX_TRUE, expectedNist1List, &childNode5, plContext)); subTest("Creating the PolicyNode tree"); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (parentNode, childNode1, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (parentNode, childNode2, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode1, childNode3, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode2, childNode4, plContext)); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent (childNode4, childNode5, plContext)); subTest("Displaying PolicyNode objects"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)parentNode, &parentString, plContext)); (void) printf("parentNode is\n\t%s\n", parentString->escAsciiString); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedTree, plContext); test_DuplicateHelper(parentNode, plContext); test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii); test_GetValidPolicy (childNode1, childNode3, parentNode, expectedValidAscii); test_GetPolicyQualifiers (childNode1, childNode3, childNode4, expectedQualifiersAscii); test_GetExpectedPolicies (childNode2, childNode4, childNode3, expectedPoliciesAscii); test_IsCritical(childNode1, childNode2, childNode4); test_GetDepth(childNode2, childNode4, childNode5); subTest("pkix_PolicyNode_Prune"); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune (parentNode, 2, &pDelete, plContext)); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedTree, plContext); PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune (parentNode, 3, &pDelete, plContext)); testToStringHelper ((PKIX_PL_Object*)parentNode, expectedPrunedTree, plContext); test_GetChildren(parentNode, parentNode, childNode2); cleanup: PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(nist1Policy); PKIX_TEST_DECREF_AC(nist2Policy); PKIX_TEST_DECREF_AC(policyQualifierList); PKIX_TEST_DECREF_AC(oidAnyPolicy); PKIX_TEST_DECREF_AC(oidNist1Policy); PKIX_TEST_DECREF_AC(oidNist2Policy); PKIX_TEST_DECREF_AC(expectedAnyList); PKIX_TEST_DECREF_AC(expectedNist1List); PKIX_TEST_DECREF_AC(expectedNist2List); PKIX_TEST_DECREF_AC(expectedNist1Nist2List); PKIX_TEST_DECREF_AC(emptyList); PKIX_TEST_DECREF_AC(parentNode); PKIX_TEST_DECREF_AC(childNode1); PKIX_TEST_DECREF_AC(childNode2); PKIX_TEST_DECREF_AC(childNode3); PKIX_TEST_DECREF_AC(childNode4); PKIX_TEST_DECREF_AC(childNode5); PKIX_TEST_DECREF_AC(parentString); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("PolicyNode"); return (0); }