static void
createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput,
PKIX_PL_GeneralName **goodName,
PKIX_PL_GeneralName **equalName,
PKIX_PL_GeneralName **diffName)
{
subTest("PKIX_PL_GeneralName_Create <goodName>");
*goodName = createGeneralName(nameType, goodInput, plContext);
subTest("PKIX_PL_GeneralName_Create <equalName>");
*equalName = createGeneralName(nameType, goodInput, plContext);
subTest("PKIX_PL_GeneralName_Create <diffName>");
*diffName = createGeneralName(nameType, diffInput, plContext);
}
static void
test_SubjAltNames(void)
{
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_List *setGenNames = NULL;
PKIX_List *getGenNames = NULL;
PKIX_PL_GeneralName *rfc822GenName = NULL;
PKIX_PL_GeneralName *dnsGenName = NULL;
PKIX_PL_GeneralName *dirGenName = NULL;
PKIX_PL_GeneralName *uriGenName = NULL;
PKIX_PL_GeneralName *oidGenName = NULL;
PKIX_Boolean matchAll = PKIX_TRUE;
char *rfc822Name = "*****@*****.**";
char *dnsName = "comcast.net";
char *dirName = "cn=john, ou=labs, o=sun, c=us";
char *uriName = "http://comcast.net";
char *oidName = "1.2.840.11";
char *expectedAscii =
"([email protected], "
"comcast.net, "
"CN=john,OU=labs,O=sun,C=us, "
"http://comcast.net)";
char *expectedAsciiAll =
"([email protected], "
"comcast.net, "
"CN=john,OU=labs,O=sun,C=us, "
"http://comcast.net, "
"1.2.840.11)";
PKIX_TEST_STD_VARS();
subTest("PKIX_PL_GeneralName_Create");
dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
rfc822Name,
plContext);
subTest("PKIX_PL_GeneralName List create and append");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
subTest("PKIX_ComCertSelParams_SetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext));
subTest("PKIX_ComCertSelParams_GetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
subTest("Compare GeneralName List");
testEqualsHelper((PKIX_PL_Object *)setGenNames,
(PKIX_PL_Object *)getGenNames,
PKIX_TRUE,
plContext);
subTest("Compare GeneralName List with canned string");
testToStringHelper((PKIX_PL_Object *)getGenNames,
expectedAscii,
plContext);
subTest("PKIX_ComCertSelParams_AddSubjAltName");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext));
PKIX_TEST_DECREF_BC(getGenNames);
subTest("PKIX_ComCertSelParams_GetSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
subTest("Compare GeneralName List with canned string");
testToStringHelper((PKIX_PL_Object *)getGenNames,
expectedAsciiAll,
plContext);
subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
if (matchAll != PKIX_TRUE) {
testError("unexpected mismatch <expect TRUE>");
}
subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
if (matchAll != PKIX_FALSE) {
testError("unexpected mismatch <expect FALSE>");
}
cleanup:
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_DECREF_AC(setGenNames);
PKIX_TEST_DECREF_AC(getGenNames);
PKIX_TEST_DECREF_AC(rfc822GenName);
PKIX_TEST_DECREF_AC(dnsGenName);
PKIX_TEST_DECREF_AC(dirGenName);
PKIX_TEST_DECREF_AC(uriGenName);
PKIX_TEST_DECREF_AC(oidGenName);
PKIX_TEST_RETURN();
}
int test_subjaltnamechecker(int argc, char *argv[]){
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_CertSelector *selector = NULL;
PKIX_ComCertSelParams *selParams = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_GeneralName *name = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
char *nameStr;
char *nameEnd;
char *names[PKIX_TEST_MAX_CERTS];
PKIX_UInt32 numNames = 0;
PKIX_UInt32 nameType;
PKIX_Boolean matchAll = PKIX_TRUE;
PKIX_Boolean testValid = PKIX_TRUE;
char *dirName = NULL;
char *anchorName = NULL;
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage1(argv[0]);
return (0);
}
startTests("SubjAltNameConstraintChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
j++; /* skip test-purpose string */
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
/* taking out leading and trailing ", if any */
nameStr = argv[1+j];
subTest(nameStr);
if (*nameStr == '"'){
nameStr++;
nameEnd = nameStr;
while (*nameEnd != '"' && *nameEnd != '\0') {
nameEnd++;
}
*nameEnd = '\0';
}
/* extract first [0|1] inidcating matchAll or not */
matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE;
nameStr++;
numNames = 0;
while (*nameStr != '\0') {
names[numNames++] = nameStr;
while (*nameStr != '+' && *nameStr != '\0') {
nameStr++;
}
if (*nameStr == '+') {
*nameStr = '\0';
nameStr++;
}
}
chainLength = (argc - j) - 4;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[(4+j)+i];
certs[i] = NULL;
}
/* SubjAltName for validation */
subTest("Add Subject Alt Name for NameConstraint checking");
subTest("Create Selector and ComCertSelParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
(NULL, NULL, &selector, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
(&selParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertSelector_SetCommonCertSelectorParams
(selector, selParams, plContext));
subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
(selParams, matchAll, plContext));
subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
for (i = 0; i < numNames; i++) {
nameType = getNameType(names[i]);
if (nameType == 0xFFFF) {
return (0);
}
nameStr = names[i] + 2;
name = createGeneralName(nameType, nameStr, plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
(selParams, name, plContext));
PKIX_TEST_DECREF_BC(name);
}
subTest("SubjAltName-Constraints - Create Cert Chain");
dirName = argv[3+j];
chain = createCertChainPlus
(dirName, certNames, certs, chainLength, plContext);
subTest("SubjAltName-Constraints - Create Params");
valParams = createValidateParams
(dirName,
argv[4+j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("PKIX_ValidateParams_getProcessingParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
(valParams, &procParams, plContext));
subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
(procParams, selector, plContext));
subTest("Subject Alt Name - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
(valParams, &valResult, &verifyTree, plContext));
}
cleanup:
PKIX_PL_Free(anchorName, plContext);
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(chain);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(selector);
PKIX_TEST_DECREF_AC(selParams);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(name);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("SubjAltNameConstraintsChecker");
return (0);
}