/*
* FUNCTION: pkix_RevocationChecker_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_RevocationChecker_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_RevocationChecker *checkerDuplicate = NULL;
PKIX_List *dupLeafList = NULL;
PKIX_List *dupChainList = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTCERTCHAINCHECKER);
checker = (PKIX_RevocationChecker *)object;
if (checker->leafMethodList){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->leafMethodList,
(PKIX_PL_Object **)&dupLeafList,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
if (checker->chainMethodList){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->chainMethodList,
(PKIX_PL_Object **)&dupChainList,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
PKIX_CHECK(
PKIX_RevocationChecker_Create(checker->leafMethodListFlags,
checker->chainMethodListFlags,
&checkerDuplicate,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
checkerDuplicate->leafMethodList = dupLeafList;
checkerDuplicate->chainMethodList = dupChainList;
dupLeafList = NULL;
dupChainList = NULL;
*pNewObject = (PKIX_PL_Object *)checkerDuplicate;
cleanup:
PKIX_DECREF(dupLeafList);
PKIX_DECREF(dupChainList);
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: PKIX_List_ReverseList (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_ReverseList(
PKIX_List *list,
PKIX_List **pReversedList,
void *plContext)
{
PKIX_List *reversedList = NULL;
PKIX_PL_Object *item = NULL;
PKIX_PL_Object *duplicateItem = NULL;
PKIX_UInt32 length, i;
PKIX_ENTER(LIST, "pkix_List_ReverseList");
PKIX_NULLCHECK_TWO(list, pReversedList);
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
length = list->length;
/* Create a new list object */
PKIX_CHECK(PKIX_List_Create(&reversedList, plContext),
PKIX_LISTCREATEINTERNALFAILED);
/*
* Starting with the last item and traversing backwards (from
* the original list), append each item to the reversed list
*/
for (i = 1; i <= length; i++){
PKIX_CHECK(PKIX_List_GetItem
(list, (length - i), &item, plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_Duplicate
(item, &duplicateItem, plContext),
PKIX_LISTDUPLICATEFAILED);
PKIX_CHECK(PKIX_List_AppendItem
(reversedList, duplicateItem, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_DECREF(item);
PKIX_DECREF(duplicateItem);
}
*pReversedList = reversedList;
cleanup:
PKIX_DECREF(item);
PKIX_DECREF(duplicateItem);
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(reversedList);
}
PKIX_RETURN(LIST);
}
/*
* This test is the same as testDuplicateHelper, except that it
* produces a more useful "Actual value" and "Expected value"
* in the case of an unexpected mismatch.
*/
static void
test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext)
{
PKIX_PolicyNode *newObject = NULL;
PKIX_Boolean cmpResult;
PKIX_PL_String *original = NULL;
PKIX_PL_String *copy = NULL;
PKIX_TEST_STD_VARS();
subTest("testing pkix_PolicyNode_Duplicate");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)object,
(PKIX_PL_Object **)&newObject,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
((PKIX_PL_Object *)object,
(PKIX_PL_Object *)newObject,
&cmpResult,
plContext));
if (!cmpResult){
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)object, &original, plContext));
testError("unexpected mismatch");
(void) printf
("original value:\t%s\n", original->escAsciiString);
if (newObject) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
((PKIX_PL_Object*)newObject, ©, plContext));
(void) printf
("copy value:\t%s\n", copy->escAsciiString);
} else {
(void) printf("copy value:\t(NULL)\n");
}
}
cleanup:
PKIX_TEST_DECREF_AC(newObject);
PKIX_TEST_DECREF_AC(original);
PKIX_TEST_DECREF_AC(copy);
PKIX_TEST_RETURN();
}
/*
* FUNCTION: pkix_RevocationChecker_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_RevocationChecker_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_RevocationChecker *checkerDuplicate = NULL;
PKIX_PL_Object *contextDuplicate = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTCERTCHAINCHECKER);
checker = (PKIX_RevocationChecker *)object;
if (checker->revCheckerContext){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->revCheckerContext,
(PKIX_PL_Object **)&contextDuplicate,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
PKIX_CHECK(PKIX_RevocationChecker_Create
(checker->checkCallback,
contextDuplicate,
&checkerDuplicate,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
*pNewObject = (PKIX_PL_Object *)checkerDuplicate;
cleanup:
PKIX_DECREF(contextDuplicate);
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_ComCertSelParams_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCertSelParams_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_ComCertSelParams *params = NULL;
PKIX_ComCertSelParams *paramsDuplicate = NULL;
PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_COMCERTSELPARAMS_TYPE, plContext),
PKIX_OBJECTNOTCOMCERTSELPARAMS);
params = (PKIX_ComCertSelParams *)object;
PKIX_CHECK(PKIX_ComCertSelParams_Create(¶msDuplicate, plContext),
PKIX_COMCERTSELPARAMSCREATEFAILED);
paramsDuplicate->minPathLength = params->minPathLength;
paramsDuplicate->matchAllSubjAltNames = params->matchAllSubjAltNames;
PKIX_DUPLICATE(params->subject, ¶msDuplicate->subject, plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->policies, ¶msDuplicate->policies, plContext,
PKIX_OBJECTDUPLICATEFAILED);
if (params->cert){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)params->cert,
(PKIX_PL_Object **)¶msDuplicate->cert,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
PKIX_DUPLICATE
(params->nameConstraints,
¶msDuplicate->nameConstraints,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE
(params->pathToNames,
¶msDuplicate->pathToNames,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE
(params->subjAltNames,
¶msDuplicate->subjAltNames,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
if (params->date){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)params->date,
(PKIX_PL_Object **)¶msDuplicate->date,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
paramsDuplicate->keyUsage = params->keyUsage;
PKIX_DUPLICATE(params->certValid,
¶msDuplicate->certValid,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->issuer,
¶msDuplicate->issuer,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->serialNumber,
¶msDuplicate->serialNumber,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->authKeyId,
¶msDuplicate->authKeyId,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->subjKeyId,
¶msDuplicate->subjKeyId,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->subjPubKey,
¶msDuplicate->subjPubKey,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
PKIX_DUPLICATE(params->subjPKAlgId,
¶msDuplicate->subjPKAlgId,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
paramsDuplicate->leafCertFlag = params->leafCertFlag;
*pNewObject = (PKIX_PL_Object *)paramsDuplicate;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(paramsDuplicate);
}
PKIX_RETURN(COMCERTSELPARAMS);
}
int
test_comcertselparams(int argc, char *argv[])
{
PKIX_UInt32 actualMinorVersion;
PKIX_UInt32 j = 0;
PKIX_PL_Cert *testCert = NULL;
PKIX_PL_Cert *goodCert = NULL;
PKIX_PL_Cert *equalCert = NULL;
PKIX_PL_Cert *diffCert = NULL;
PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */
PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */
PKIX_ComCertSelParams *goodParams = NULL;
PKIX_ComCertSelParams *equalParams = NULL;
PKIX_PL_X500Name *goodSubject = NULL;
PKIX_PL_X500Name *equalSubject = NULL;
PKIX_PL_X500Name *diffSubject = NULL;
PKIX_PL_X500Name *testSubject = NULL;
PKIX_Int32 goodMinPathLength = 0;
PKIX_Int32 equalMinPathLength = 0;
PKIX_Int32 diffMinPathLength = 0;
PKIX_Int32 testMinPathLength = 0;
PKIX_List *goodPolicies = NULL; /* OIDs */
PKIX_List *equalPolicies = NULL; /* OIDs */
PKIX_List *testPolicies = NULL; /* OIDs */
PKIX_List *cert2Policies = NULL; /* OIDs */
PKIX_PL_Date *testDate = NULL;
PKIX_PL_Date *goodDate = NULL;
PKIX_PL_Date *equalDate = NULL;
PKIX_PL_String *stringRep = NULL;
char *asciiRep = NULL;
char *dirName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 2) {
printUsage();
return (0);
}
startTests("ComCertSelParams");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
dirName = argv[j + 1];
asciiRep = "050501000000Z";
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext));
/* Convert from List of CertPolicyInfos to List of OIDs */
test_CreateOIDList(testPolicyInfos, &testPolicies);
subTest("Create goodParams and set its fields");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext));
subTest("Duplicate goodParams and verify copy");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams,
(PKIX_PL_Object **)&equalParams,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
testEqualsHelper((PKIX_PL_Object *)goodSubject,
(PKIX_PL_Object *)equalSubject,
PKIX_TRUE,
plContext);
if (goodMinPathLength != equalMinPathLength) {
testError("unexpected mismatch");
(void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
(void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
}
testEqualsHelper((PKIX_PL_Object *)goodPolicies,
(PKIX_PL_Object *)equalPolicies,
PKIX_TRUE,
plContext);
testEqualsHelper((PKIX_PL_Object *)goodCert,
(PKIX_PL_Object *)equalCert,
PKIX_TRUE,
plContext);
testEqualsHelper((PKIX_PL_Object *)goodDate,
(PKIX_PL_Object *)equalDate,
PKIX_TRUE,
plContext);
PKIX_TEST_DECREF_BC(equalSubject);
PKIX_TEST_DECREF_BC(equalPolicies);
PKIX_TEST_DECREF_BC(equalCert);
PKIX_TEST_DECREF_AC(equalDate);
subTest("Set different values and verify differences");
diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext));
test_CreateOIDList(cert2PolicyInfos, &cert2Policies);
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(
equalParams, diffSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
testEqualsHelper((PKIX_PL_Object *)goodSubject,
(PKIX_PL_Object *)equalSubject,
PKIX_FALSE,
plContext);
if (goodMinPathLength == equalMinPathLength) {
testError("unexpected match");
(void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
(void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
}
testEqualsHelper((PKIX_PL_Object *)goodPolicies,
(PKIX_PL_Object *)equalPolicies,
PKIX_FALSE,
plContext);
test_NameConstraints(dirName);
test_PathToNames();
test_SubjAltNames();
test_KeyUsages();
test_Version_Issuer_SerialNumber();
test_SubjKeyId_AuthKeyId();
test_SubjAlgId_SubjPublicKey(dirName);
cleanup:
PKIX_TEST_DECREF_AC(testSubject);
PKIX_TEST_DECREF_AC(goodSubject);
PKIX_TEST_DECREF_AC(equalSubject);
PKIX_TEST_DECREF_AC(diffSubject);
PKIX_TEST_DECREF_AC(testSubject);
PKIX_TEST_DECREF_AC(goodPolicies);
PKIX_TEST_DECREF_AC(equalPolicies);
PKIX_TEST_DECREF_AC(testPolicies);
PKIX_TEST_DECREF_AC(cert2Policies);
PKIX_TEST_DECREF_AC(goodParams);
PKIX_TEST_DECREF_AC(equalParams);
PKIX_TEST_DECREF_AC(goodCert);
PKIX_TEST_DECREF_AC(diffCert);
PKIX_TEST_DECREF_AC(testCert);
PKIX_TEST_DECREF_AC(goodBasicConstraints);
PKIX_TEST_DECREF_AC(diffBasicConstraints);
PKIX_TEST_DECREF_AC(testPolicyInfos);
PKIX_TEST_DECREF_AC(cert2PolicyInfos);
PKIX_TEST_DECREF_AC(stringRep);
PKIX_TEST_DECREF_AC(testDate);
PKIX_TEST_DECREF_AC(goodDate);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("ComCertSelParams");
return (0);
}
static
void test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original)
{
PKIX_Boolean originalForward = PKIX_FALSE;
PKIX_Boolean copyForward = PKIX_FALSE;
PKIX_Boolean originalForwardDir = PKIX_FALSE;
PKIX_Boolean copyForwardDir = PKIX_FALSE;
PKIX_CertChainChecker *copy = NULL;
PKIX_CertChainChecker_CheckCallback originalCallback = NULL;
PKIX_CertChainChecker_CheckCallback copyCallback = NULL;
PKIX_PL_Object *originalState = NULL;
PKIX_PL_Object *copyState = NULL;
PKIX_List *originalList = NULL;
PKIX_List *copyList = NULL;
PKIX_TEST_STD_VARS();
subTest("CertChainChecker_Duplicate");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)original,
(PKIX_PL_Object **)©,
plContext));
subTest("CertChainChecker_GetCheckCallback");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback
(original, &originalCallback, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback
(copy, ©Callback, plContext));
if (originalCallback != copyCallback) {
pkixTestErrorMsg = "CheckCallback functions are not equal!";
goto cleanup;
}
subTest("CertChainChecker_IsForwardCheckingSupported");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_IsForwardCheckingSupported
(original, &originalForward, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_IsForwardCheckingSupported
(copy, ©Forward, plContext));
if (originalForward != copyForward) {
pkixTestErrorMsg = "ForwardChecking booleans are not equal!";
goto cleanup;
}
subTest("CertChainChecker_IsForwardDirectionExpected");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_IsForwardDirectionExpected
(original, &originalForwardDir, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_IsForwardDirectionExpected
(copy, ©ForwardDir, plContext));
if (originalForwardDir != copyForwardDir) {
pkixTestErrorMsg = "ForwardDirection booleans are not equal!";
goto cleanup;
}
subTest("CertChainChecker_GetCertChainCheckerState");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_GetCertChainCheckerState
(original, &originalState, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_GetCertChainCheckerState
(copy, ©State, plContext));
testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext);
subTest("CertChainChecker_GetSupportedExtensions");
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_GetSupportedExtensions
(original, &originalList, plContext));
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_CertChainChecker_GetSupportedExtensions
(copy, ©List, plContext));
testEqualsHelper
((PKIX_PL_Object *)originalList,
(PKIX_PL_Object *)copyList,
PKIX_TRUE,
plContext);
cleanup:
PKIX_TEST_DECREF_AC(copy);
PKIX_TEST_DECREF_AC(originalState);
PKIX_TEST_DECREF_AC(copyState);
PKIX_TEST_DECREF_AC(originalList);
PKIX_TEST_DECREF_AC(copyList);
PKIX_TEST_RETURN();
}
/*
* This is the libpkix replacement for CERT_VerifyOCSPResponseSignature.
* It is used if it has been set as the verifyFcn member of ocspChecker.
*/
PKIX_Error *
PKIX_PL_OcspResponse_UseBuildChain(
PKIX_PL_Cert *signerCert,
PKIX_PL_Date *producedAt,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
void **pState,
PKIX_BuildResult **pBuildResult,
PKIX_VerifyNode **pVerifyTree,
void *plContext)
{
PKIX_ProcessingParams *caProcParams = NULL;
PKIX_PL_Date *date = NULL;
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertSelector *certSelector = NULL;
void *nbioContext = NULL;
PKIX_Error *buildError = NULL;
PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain");
PKIX_NULLCHECK_THREE(signerCert, producedAt, procParams);
PKIX_NULLCHECK_THREE(pNBIOContext, pState, pBuildResult);
nbioContext = *pNBIOContext;
*pNBIOContext = NULL;
/* Are we resuming after a WOULDBLOCK return, or starting anew ? */
if (nbioContext == NULL) {
/* Starting anew */
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)procParams,
(PKIX_PL_Object **)&caProcParams,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext),
PKIX_PROCESSINGPARAMSSETDATEFAILED);
/* create CertSelector with target certificate in params */
PKIX_CHECK(PKIX_CertSelector_Create
(NULL, NULL, &certSelector, plContext),
PKIX_CERTSELECTORCREATEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_Create
(&certSelParams, plContext),
PKIX_COMCERTSELPARAMSCREATEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate
(certSelParams, signerCert, plContext),
PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
(certSelector, certSelParams, plContext),
PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints
(caProcParams, certSelector, plContext),
PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED);
}
buildError = PKIX_BuildChain
(caProcParams,
&nbioContext,
pState,
pBuildResult,
pVerifyTree,
plContext);
/* non-null nbioContext means the build would block */
if (nbioContext != NULL) {
*pNBIOContext = nbioContext;
/* no buildResult means the build has failed */
} else if (buildError) {
pkixErrorResult = buildError;
buildError = NULL;
} else {
PKIX_DECREF(*pState);
}
cleanup:
PKIX_DECREF(caProcParams);
PKIX_DECREF(date);
PKIX_DECREF(certSelParams);
PKIX_DECREF(certSelector);
PKIX_RETURN(OCSPRESPONSE);
}
