static void test_SubjAltNames(void) { PKIX_ComCertSelParams *goodParams = NULL; PKIX_List *setGenNames = NULL; PKIX_List *getGenNames = NULL; PKIX_PL_GeneralName *rfc822GenName = NULL; PKIX_PL_GeneralName *dnsGenName = NULL; PKIX_PL_GeneralName *dirGenName = NULL; PKIX_PL_GeneralName *uriGenName = NULL; PKIX_PL_GeneralName *oidGenName = NULL; PKIX_Boolean matchAll = PKIX_TRUE; char *rfc822Name = "*****@*****.**"; char *dnsName = "comcast.net"; char *dirName = "cn=john, ou=labs, o=sun, c=us"; char *uriName = "http://comcast.net"; char *oidName = "1.2.840.11"; char *expectedAscii = "([email protected], " "comcast.net, " "CN=john,OU=labs,O=sun,C=us, " "http://comcast.net)"; char *expectedAsciiAll = "([email protected], " "comcast.net, " "CN=john,OU=labs,O=sun,C=us, " "http://comcast.net, " "1.2.840.11)"; PKIX_TEST_STD_VARS(); subTest("PKIX_PL_GeneralName_Create"); dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); rfc822GenName = createGeneralName(PKIX_RFC822_NAME, rfc822Name, plContext); subTest("PKIX_PL_GeneralName List create and append"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); subTest("PKIX_ComCertSelParams_Create"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); subTest("PKIX_ComCertSelParams_SetSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext)); subTest("PKIX_ComCertSelParams_GetSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); subTest("Compare GeneralName List"); testEqualsHelper((PKIX_PL_Object *)setGenNames, (PKIX_PL_Object *)getGenNames, PKIX_TRUE, plContext); subTest("Compare GeneralName List with canned string"); testToStringHelper((PKIX_PL_Object *)getGenNames, expectedAscii, plContext); subTest("PKIX_ComCertSelParams_AddSubjAltName"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext)); PKIX_TEST_DECREF_BC(getGenNames); subTest("PKIX_ComCertSelParams_GetSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); subTest("Compare GeneralName List with canned string"); testToStringHelper((PKIX_PL_Object *)getGenNames, expectedAsciiAll, plContext); subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); if (matchAll != PKIX_TRUE) { testError("unexpected mismatch <expect TRUE>"); } subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); if (matchAll != PKIX_FALSE) { testError("unexpected mismatch <expect FALSE>"); } cleanup: PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(setGenNames); PKIX_TEST_DECREF_AC(getGenNames); PKIX_TEST_DECREF_AC(rfc822GenName); PKIX_TEST_DECREF_AC(dnsGenName); PKIX_TEST_DECREF_AC(dirGenName); PKIX_TEST_DECREF_AC(uriGenName); PKIX_TEST_DECREF_AC(oidGenName); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_TargetCertCheckerState_Create * DESCRIPTION: * * Creates a new TargetCertCheckerState using the CertSelector pointed to * by "certSelector" and the number of certs represented by "certsRemaining" * and stores it at "pState". * * PARAMETERS: * "certSelector" * Address of CertSelector representing the criteria against which the * final certificate in a chain is to be matched. Must be non-NULL. * "certsRemaining" * Number of certificates remaining in the chain. * "pState" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a TargetCertCheckerState Error if the function fails in a * non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_TargetCertCheckerState_Create( PKIX_CertSelector *certSelector, PKIX_UInt32 certsRemaining, pkix_TargetCertCheckerState **pState, void *plContext) { pkix_TargetCertCheckerState *state = NULL; PKIX_ComCertSelParams *certSelectorParams = NULL; PKIX_List *pathToNameList = NULL; PKIX_List *extKeyUsageList = NULL; PKIX_List *subjAltNameList = NULL; PKIX_PL_OID *extKeyUsageOID = NULL; PKIX_PL_OID *subjAltNameOID = NULL; PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE; PKIX_ENTER(TARGETCERTCHECKERSTATE, "pkix_TargetCertCheckerState_Create"); PKIX_NULLCHECK_ONE(pState); PKIX_CHECK(PKIX_PL_OID_Create (PKIX_EXTENDEDKEYUSAGE_OID, &extKeyUsageOID, plContext), PKIX_OIDCREATEFAILED); PKIX_CHECK(PKIX_PL_OID_Create (PKIX_CERTSUBJALTNAME_OID, &subjAltNameOID, plContext), PKIX_OIDCREATEFAILED); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_TARGETCERTCHECKERSTATE_TYPE, sizeof (pkix_TargetCertCheckerState), (PKIX_PL_Object **)&state, plContext), PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT); /* initialize fields */ if (certSelector != NULL) { PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams (certSelector, &certSelectorParams, plContext), PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED); if (certSelectorParams != NULL) { PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames (certSelectorParams, &pathToNameList, plContext), PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage (certSelectorParams, &extKeyUsageList, plContext), PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames (certSelectorParams, &subjAltNameList, plContext), PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED); PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames (certSelectorParams, &subjAltNameMatchAll, plContext), PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED); } } state->certsRemaining = certsRemaining; state->subjAltNameMatchAll = subjAltNameMatchAll; PKIX_INCREF(certSelector); state->certSelector = certSelector; state->pathToNameList = pathToNameList; pathToNameList = NULL; state->extKeyUsageList = extKeyUsageList; extKeyUsageList = NULL; state->subjAltNameList = subjAltNameList; subjAltNameList = NULL; state->extKeyUsageOID = extKeyUsageOID; extKeyUsageOID = NULL; state->subjAltNameOID = subjAltNameOID; subjAltNameOID = NULL; *pState = state; state = NULL; cleanup: PKIX_DECREF(extKeyUsageOID); PKIX_DECREF(subjAltNameOID); PKIX_DECREF(pathToNameList); PKIX_DECREF(extKeyUsageList); PKIX_DECREF(subjAltNameList); PKIX_DECREF(state); PKIX_DECREF(certSelectorParams); PKIX_RETURN(TARGETCERTCHECKERSTATE); }