/* * FUNCTION: pkix_pl_OcspCertID_Destroy * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_pl_OcspCertID_Destroy( PKIX_PL_Object *object, void *plContext) { PKIX_PL_OcspCertID *certID = NULL; PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPCERTID_TYPE, plContext), PKIX_OBJECTNOTOCSPCERTID); certID = (PKIX_PL_OcspCertID *)object; if (certID->certID) { CERT_DestroyOCSPCertID(certID->certID); } cleanup: PKIX_RETURN(OCSPCERTID); }
int main(int argc, char **argv) { SECStatus rv; int retval = -1; CERTCertDBHandle *certHandle = NULL; CERTCertificate *caCert = NULL, *cert = NULL; CERTOCSPCertID *cid = NULL; PLArenaPool *arena = NULL; PRTime now = PR_Now(); SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; if (argc != 4 && argc != 6) { return Usage(); } if (argc == 6) { if (!strcmp(argv[4], "-p")) { pwdata.source = PW_PLAINTEXT; pwdata.data = PORT_Strdup(argv[5]); } else if (!strcmp(argv[4], "-f")) { pwdata.source = PW_FROMFILE; pwdata.data = PORT_Strdup(argv[5]); } else return Usage(); } PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/ rv = NSS_Init(argv[1]); if (rv != SECSuccess) { SECU_PrintPRandOSError(argv[0]); goto loser; } PK11_SetPasswordFunc(SECU_GetModulePassword); certHandle = CERT_GetDefaultCertDB(); if (!certHandle) goto loser; if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert)) goto loser; cid = CERT_CreateOCSPCertID(cert, now); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); statusDecoded = CERT_GetOCSPResponseStatus(decoded); PORT_Assert(statusDecoded == SECSuccess); statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, &obtainedSignerCert, caCert); PORT_Assert(statusDecoded == SECSuccess); statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, obtainedSignerCert, now); PORT_Assert(statusDecoded == SECSuccess); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); PORT_Assert(statusDecodedRev == SECSuccess); statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, &obtainedSignerCert, caCert); PORT_Assert(statusDecodedRev == SECSuccess); statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); PORT_Assert(statusDecodedRev == SECFailure); PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); PORT_Assert(statusDecodedFail == SECFailure); PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); retval = 0; loser: if (retval != 0) SECU_PrintError(argv[0], "tests failed"); if (cid) CERT_DestroyOCSPCertID(cid); if (cert) CERT_DestroyCertificate(cert); if (caCert) CERT_DestroyCertificate(caCert); if (arena) PORT_FreeArena(arena, PR_FALSE); if (decoded) CERT_DestroyOCSPResponse(decoded); if (decodedRev) CERT_DestroyOCSPResponse(decodedRev); if (decodedFail) CERT_DestroyOCSPResponse(decodedFail); if (pwdata.data) { PORT_Free(pwdata.data); } if (NSS_Shutdown() != SECSuccess) { SECU_PrintError(argv[0], "NSS shutdown:"); if (retval == 0) retval = -2; } return retval; }