diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c')
-rw-r--r-- | security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c new file mode 100644 index 0000000000..eba5153ac0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c @@ -0,0 +1,145 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_basicconstraintschecker.c + * + * Test Basic Constraints Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-name [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +int +test_basicconstraintschecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 4) { + printUsage1(argv[0]); + return (0); + } + + startTests("BasicConstraintsChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[3 + j]; + + chainLength = (argc - j) - 4; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + certNames[i] = argv[(4 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Basic-Constraints - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + /* + * Error occurs when creating Cert, this is critical and test + * should not continue. Since we expect error, we assume this + * error is the one that is expected, so undo the error count. + * + * This work needs future enhancement. We will introduce another + * flag ESE, in addition to the existing EE(expect validation + * error) and ENE(expect no validation error). ESE stands for + * "expect setup error". When running with ESE, if any of the setup + * calls such creating Cert Chain fails, the test can end and + * considered to be successful. + */ + if (testValid == PKIX_FALSE && chain == NULL) { + testErrorUndo("Cert Error - Create failed"); + goto cleanup; + } + + subTest("Basic-Constraints - Create Params"); + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Basic-Constraints - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("BasicConstraintsChecker"); + + return (0); +} |