summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/libpkix/testutil
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/libpkix/testutil')
-rwxr-xr-xsecurity/nss/cmd/libpkix/testutil/Makefile50
-rw-r--r--security/nss/cmd/libpkix/testutil/config.mk8
-rwxr-xr-xsecurity/nss/cmd/libpkix/testutil/manifest.mn27
-rw-r--r--security/nss/cmd/libpkix/testutil/pkixutil.def48
-rw-r--r--security/nss/cmd/libpkix/testutil/testutil.c576
-rw-r--r--security/nss/cmd/libpkix/testutil/testutil.h292
-rw-r--r--security/nss/cmd/libpkix/testutil/testutil_nss.c579
-rw-r--r--security/nss/cmd/libpkix/testutil/testutil_nss.h119
8 files changed, 1699 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/testutil/Makefile b/security/nss/cmd/libpkix/testutil/Makefile
new file mode 100755
index 0000000000..cc9d235938
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/Makefile
@@ -0,0 +1,50 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
+include $(PLAT_DEPTH)/platrules.mk
+
+
diff --git a/security/nss/cmd/libpkix/testutil/config.mk b/security/nss/cmd/libpkix/testutil/config.mk
new file mode 100644
index 0000000000..f1f6674f90
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/config.mk
@@ -0,0 +1,8 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# don't build the static library
+LIBRARY =
+RES =
diff --git a/security/nss/cmd/libpkix/testutil/manifest.mn b/security/nss/cmd/libpkix/testutil/manifest.mn
new file mode 100755
index 0000000000..184085b1b1
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/manifest.mn
@@ -0,0 +1,27 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+
+MODULE = nss
+
+PRIVATE_EXPORTS = \
+ testutil_nss.h \
+ testutil.h \
+ $(NULL)
+
+CSRCS = \
+ testutil_nss.c \
+ testutil.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixtooltestutil
+SHARED_LIBRARY = $(NULL)
+
+SOURCE_LIB_DIR = $(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/security/nss/cmd/libpkix/testutil/pkixutil.def b/security/nss/cmd/libpkix/testutil/pkixutil.def
new file mode 100644
index 0000000000..407d40a318
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/pkixutil.def
@@ -0,0 +1,48 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+# 1. For all unix platforms, the string ";-" means "remove this line"
+;+# 2. For all unix platforms, the string " DATA " will be removed from any
+;+# line on which it occurs.
+;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+# On AIX, lines containing ";+" will be removed.
+;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+# 5. For all unix platforms, after the above processing has taken place,
+;+# all characters after the first ";" on the line will be removed.
+;+# And for AIX, the first ";" will also be removed.
+;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+# directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.12 { # NSS 3.12 release
+;+ global:
+LIBRARY pkixutil ;-
+EXPORTS ;-
+createBuildResult;
+createCRL;
+createCert;
+createCertChain;
+createCertChainPlus;
+createDate;
+createGeneralName;
+createProcessingParams;
+createTrustAnchor;
+createValidateParams;
+createValidateResult;
+endTests;
+startTests;
+subTest;
+testDuplicateHelper;
+testEqualsHelper;
+testError;
+testErrorUndo;
+testHashcodeHelper;
+testToStringHelper;
+PKIX_Cert2ASCII;
+PKIX_Error2ASCII;
+PKIX_String2ASCII;
+;+ local:
+;+ *;
+;+};
diff --git a/security/nss/cmd/libpkix/testutil/testutil.c b/security/nss/cmd/libpkix/testutil/testutil.c
new file mode 100644
index 0000000000..0f438ba430
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/testutil.c
@@ -0,0 +1,576 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil.c
+ *
+ * Utility error handling functions
+ *
+ */
+
+#include "testutil.h"
+
+/*
+ * static global variable to keep track of total number of errors for
+ * a particular test suite (eg. all the OID tests)
+ */
+static int errCount = 0;
+
+/*
+ * FUNCTION: startTests
+ * DESCRIPTION:
+ *
+ * Prints standard message for starting the test suite with the name pointed
+ * to by "testName". This function should be called in the beginning of every
+ * test suite.
+ *
+ * PARAMETERS:
+ * "testName"
+ * Address of string representing name of test suite.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "errCount"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+startTests(char *testName)
+{
+ (void)printf("*START OF TESTS FOR %s:\n", testName);
+ errCount = 0;
+}
+
+/*
+ * FUNCTION: endTests
+ * DESCRIPTION:
+ *
+ * Prints standard message for ending the test suite with the name pointed
+ * to by "testName", followed by a success/failure message. This function
+ * should be called at the end of every test suite.
+ *
+ * PARAMETERS:
+ * "testName"
+ * Address of string representing name of test suite.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "errCount"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+endTests(char *testName)
+{
+ char plural = ' ';
+
+ (void)printf("*END OF TESTS FOR %s: ", testName);
+ if (errCount > 0) {
+ if (errCount > 1)
+ plural = 's';
+ (void)printf("%d SUBTEST%c FAILED.\n\n", errCount, plural);
+ } else {
+ (void)printf("ALL TESTS COMPLETED SUCCESSFULLY.\n\n");
+ }
+}
+
+/*
+ * FUNCTION: subTest
+ * DESCRIPTION:
+ *
+ * Prints standard message for starting the subtest with the name pointed to
+ * by "subTestName". This function should be called at the beginning of each
+ * subtest.
+ *
+ * PARAMETERS:
+ * "subTestName"
+ * Address of string representing name of subTest.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+subTest(char *subTestName)
+{
+ (void)printf("TESTING: %s ...\n", subTestName);
+}
+
+/*
+ * FUNCTION: testErrorUndo
+ * DESCRIPTION:
+ *
+ * Decrements the global variable "errCount" and prints a test failure
+ * expected message followed by the string pointed to by "msg". This function
+ * should be called when an expected error condition is encountered in the
+ * tests. Calling this function *correct* the previous errCount increment.
+ * It should only be called ONCE per subtest.
+ *
+ * PARAMETERS:
+ * "msg"
+ * Address of text of error message.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "errCount"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testErrorUndo(char *msg)
+{
+ --errCount;
+ (void)printf("TEST FAILURE *** EXPECTED *** :%s\n", msg);
+}
+
+/*
+ * FUNCTION: testError
+ * DESCRIPTION:
+ *
+ * Increments the global variable "errCount" and prints a standard test
+ * failure message followed by the string pointed to by "msg". This function
+ * should be called when an unexpected error condition is encountered in the
+ * tests. It should only be called ONCE per subtest.
+ *
+ * PARAMETERS:
+ * "msg"
+ * Address of text of error message.
+ * THREAD SAFETY:
+ * Not Thread Safe - assumes exclusive access to "errCount"
+ * (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testError(char *msg)
+{
+ ++errCount;
+ (void)printf("TEST FAILURE: %s\n", msg);
+}
+
+/*
+ * FUNCTION: PKIX_String2ASCII
+ * DESCRIPTION:
+ *
+ * Converts String object pointed to by "string" to its ASCII representation
+ * and returns the converted value. Returns NULL upon failure.
+ *
+ * XXX Might want to use ESCASCII_DEBUG to show control characters, etc.
+ *
+ * PARAMETERS:
+ * "string"
+ * Address of String to be converted to ASCII. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns the ASCII representation of "string" upon success;
+ * NULL upon failure.
+ */
+char *
+PKIX_String2ASCII(PKIX_PL_String *string, void *plContext)
+{
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_Error *errorResult;
+
+ errorResult = PKIX_PL_String_GetEncoded(string,
+ PKIX_ESCASCII,
+ (void **)&asciiString,
+ &length,
+ plContext);
+
+ if (errorResult)
+ goto cleanup;
+
+cleanup:
+
+ if (errorResult) {
+ return (NULL);
+ }
+
+ return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Error2ASCII
+ * DESCRIPTION:
+ *
+ * Converts Error pointed to by "error" to its ASCII representation and
+ * returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ * "error"
+ * Address of Error to be converted to ASCII. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns the ASCII representation of "error" upon success;
+ * NULL upon failure.
+ */
+char *
+PKIX_Error2ASCII(PKIX_Error *error, void *plContext)
+{
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_PL_String *pkixString = NULL;
+ PKIX_Error *errorResult = NULL;
+
+ errorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)error, &pkixString, plContext);
+ if (errorResult)
+ goto cleanup;
+
+ errorResult = PKIX_PL_String_GetEncoded(pkixString,
+ PKIX_ESCASCII,
+ (void **)&asciiString,
+ &length,
+ plContext);
+
+cleanup:
+
+ if (pkixString) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, plContext)) {
+ return (NULL);
+ }
+ }
+
+ if (errorResult) {
+ return (NULL);
+ }
+
+ return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Object2ASCII
+ * DESCRIPTION:
+ *
+ * Converts Object pointed to by "object" to its ASCII representation and
+ * returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ * "object"
+ * Address of Object to be converted to ASCII. Must be non-NULL.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns the ASCII representation of "object" upon success;
+ * NULL upon failure.
+ */
+char *
+PKIX_Object2ASCII(PKIX_PL_Object *object)
+{
+ PKIX_UInt32 length;
+ char *asciiString = NULL;
+ PKIX_PL_String *pkixString = NULL;
+ PKIX_Error *errorResult = NULL;
+
+ errorResult = PKIX_PL_Object_ToString(object, &pkixString, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ errorResult = PKIX_PL_String_GetEncoded(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
+
+cleanup:
+
+ if (pkixString) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, NULL)) {
+ return (NULL);
+ }
+ }
+
+ if (errorResult) {
+ return (NULL);
+ }
+
+ return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Cert2ASCII
+ * DESCRIPTION:
+ *
+ * Converts Cert pointed to by "cert" to its partial ASCII representation and
+ * returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ * "cert"
+ * Address of Cert to be converted to ASCII. Must be non-NULL.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns the partial ASCII representation of "cert" upon success;
+ * NULL upon failure.
+ */
+char *
+PKIX_Cert2ASCII(PKIX_PL_Cert *cert)
+{
+ PKIX_PL_X500Name *issuer = NULL;
+ void *issuerAscii = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ void *subjectAscii = NULL;
+ void *asciiString = NULL;
+ PKIX_Error *errorResult = NULL;
+ PKIX_UInt32 numChars;
+
+ /* Issuer */
+ errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ issuerAscii = PKIX_Object2ASCII((PKIX_PL_Object *)issuer);
+
+ /* Subject */
+ errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ if (subject) {
+ subjectAscii = PKIX_Object2ASCII((PKIX_PL_Object *)subject);
+ }
+
+ errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
+ if (errorResult)
+ goto cleanup;
+
+ numChars =
+ PR_snprintf(asciiString,
+ 200,
+ "Issuer=%s\nSubject=%s\n",
+ issuerAscii,
+ subjectAscii);
+
+ if (!numChars)
+ goto cleanup;
+
+cleanup:
+
+ if (issuer) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)issuer, NULL)) {
+ return (NULL);
+ }
+ }
+
+ if (subject) {
+ if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)subject, NULL)) {
+ return (NULL);
+ }
+ }
+
+ if (PKIX_PL_Free((PKIX_PL_Object *)issuerAscii, NULL)) {
+ return (NULL);
+ }
+
+ if (PKIX_PL_Free((PKIX_PL_Object *)subjectAscii, NULL)) {
+ return (NULL);
+ }
+
+ if (errorResult) {
+ return (NULL);
+ }
+
+ return (asciiString);
+}
+
+/*
+ * FUNCTION: testHashcodeHelper
+ * DESCRIPTION:
+ *
+ * Computes the hashcode of the Object pointed to by "goodObject" and the
+ * Object pointed to by "otherObject" and compares them. If the result of the
+ * comparison is not the desired match as specified by "match", an error
+ * message is generated.
+ *
+ * PARAMETERS:
+ * "goodObject"
+ * Address of an object. Must be non-NULL.
+ * "otherObject"
+ * Address of another object. Must be non-NULL.
+ * "match"
+ * Boolean value representing the desired comparison result.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testHashcodeHelper(
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext)
+{
+
+ PKIX_UInt32 goodHash;
+ PKIX_UInt32 otherHash;
+ PKIX_Boolean cmpResult;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)goodObject, &goodHash, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)otherObject, &otherHash, plContext));
+
+ cmpResult = (goodHash == otherHash);
+
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Hash1:\t%d\n", goodHash);
+ (void)printf("Hash2:\t%d\n", otherHash);
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testToStringHelper
+ * DESCRIPTION:
+ *
+ * Calls toString on the Object pointed to by "goodObject" and compares the
+ * result to the string pointed to by "expected". If the results are not
+ * equal, an error message is generated.
+ *
+ * PARAMETERS:
+ * "goodObject"
+ * Address of Object. Must be non-NULL.
+ * "expected"
+ * Address of the desired string.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testToStringHelper(
+ PKIX_PL_Object *goodObject,
+ char *expected,
+ void *plContext)
+{
+ PKIX_PL_String *stringRep = NULL;
+ char *actual = NULL;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(goodObject, &stringRep, plContext));
+
+ actual = PKIX_String2ASCII(stringRep, plContext);
+ if (actual == NULL) {
+ pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+ goto cleanup;
+ }
+
+ /*
+ * If you are having trouble matching the string, uncomment the
+ * PL_strstr function to figure out what's going on.
+ */
+
+ /*
+ if (PL_strstr(actual, expected) == NULL){
+ testError("PL_strstr failed");
+ }
+ */
+
+ if (PL_strcmp(actual, expected) != 0) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%s\n", actual);
+ (void)printf("Expected value:\t%s\n", expected);
+ }
+
+cleanup:
+
+ PKIX_PL_Free(actual, plContext);
+
+ PKIX_TEST_DECREF_AC(stringRep);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testEqualsHelper
+ * DESCRIPTION:
+ *
+ * Checks if the Object pointed to by "goodObject" is Equal to the Object
+ * pointed to by "otherObject". If the result of the check is not the desired
+ * match as specified by "match", an error message is generated.
+ *
+ * PARAMETERS:
+ * "goodObject"
+ * Address of an Object. Must be non-NULL.
+ * "otherObject"
+ * Address of another Object. Must be non-NULL.
+ * "match"
+ * Boolean value representing the desired comparison result.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testEqualsHelper(
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext)
+{
+
+ PKIX_Boolean cmpResult;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(goodObject, otherObject, &cmpResult, plContext));
+
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", match);
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testDuplicateHelper
+ * DESCRIPTION:
+ * Checks if the Object pointed to by "object" is equal to its duplicate.
+ * If the result of the check is not equality, an error message is generated.
+ * PARAMETERS:
+ * "object"
+ * Address of Object. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns nothing.
+ */
+void
+testDuplicateHelper(PKIX_PL_Object *object, void *plContext)
+{
+ PKIX_PL_Object *newObject = NULL;
+ PKIX_Boolean cmpResult;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate(object, &newObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(object, newObject, &cmpResult, plContext));
+
+ if (!cmpResult) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", PKIX_TRUE);
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(newObject);
+
+ PKIX_TEST_RETURN();
+}
diff --git a/security/nss/cmd/libpkix/testutil/testutil.h b/security/nss/cmd/libpkix/testutil/testutil.h
new file mode 100644
index 0000000000..9c594fa038
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/testutil.h
@@ -0,0 +1,292 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil.h
+ *
+ * Utility functions for handling test errors
+ *
+ */
+
+#ifndef _TESTUTIL_H
+#define _TESTUTIL_H
+
+#include "pkix.h"
+#include "plstr.h"
+#include "prprf.h"
+#include "prlong.h"
+#include "pkix_pl_common.h"
+#include "secutil.h"
+#include <stdio.h>
+#include <ctype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * In order to have a consistent format for displaying test information,
+ * all tests are REQUIRED to use the functions provided by this library
+ * (libtestutil.a) for displaying their information.
+ *
+ * A test using this library begins with a call to startTests with the test
+ * name as the arg (which is used only for formatting). Before the first
+ * subtest, a call to subTest should be made with the subtest name as the arg
+ * (again, for formatting). If the subTest is successful, then no action
+ * is needed. However, if the subTest is not successful, then a call
+ * to testError should be made with a descriptive error message as the arg.
+ * Note that a subTest MUST NOT call testError more than once.
+ * Finally, a call to endTests is made with the test name as the arg (for
+ * formatting). Note that most of these macros assume that a variable named
+ * "plContext" of type (void *) has been defined by the test. As such, it
+ * is essential that the test satisfy this condition.
+ */
+
+/*
+ * PKIX_TEST_STD_VARS should be called at the beginning of every function
+ * that uses PKIX_TEST_RETURN (e.g. subTests), but it should be called only
+ * AFTER declaring local variables (so we don't get compiler warnings about
+ * declarations after statements). PKIX_TEST_STD_VARS declares and initializes
+ * several variables needed by the other test macros.
+ */
+#define PKIX_TEST_STD_VARS() \
+ PKIX_Error *pkixTestErrorResult = NULL; \
+ char *pkixTestErrorMsg = NULL;
+
+/*
+ * PKIX_TEST_EXPECT_NO_ERROR should be used to wrap a standard PKIX function
+ * call (one which returns a pointer to PKIX_Error) that is expected to return
+ * NULL (i.e. to succeed). If "pkixTestErrorResult" is not NULL,
+ * "goto cleanup" is executed, where a testError call is made if there were
+ * unexpected results. This macro MUST NOT be called after the "cleanup" label.
+ *
+ * Example Usage: PKIX_TEST_EXPECT_NO_ERROR(pkixFunc_expected_to_succeed(...));
+ */
+
+#define PKIX_TEST_EXPECT_NO_ERROR(func) \
+ do { \
+ pkixTestErrorResult = (func); \
+ if (pkixTestErrorResult) { \
+ goto cleanup; \
+ } \
+ } while (0)
+
+/*
+ * PKIX_TEST_EXPECT_ERROR should be used to wrap a standard PKIX function call
+ * (one which returns a pointer to PKIX_Error) that is expected to return
+ * a non-NULL value (i.e. to fail). If "pkixTestErrorResult" is NULL,
+ * "pkixTestErrorMsg" is set to a standard string and "goto cleanup"
+ * is executed, where a testError call is made if there were unexpected
+ * results. This macro MUST NOT be called after the "cleanup" label.
+ *
+ * Example Usage: PKIX_TEST_EXPECT_ERROR(pkixFunc_expected_to_fail(...));
+ */
+
+#define PKIX_TEST_EXPECT_ERROR(func) \
+ do { \
+ pkixTestErrorResult = (func); \
+ if (!pkixTestErrorResult) { \
+ pkixTestErrorMsg = \
+ "Should have thrown an error here."; \
+ goto cleanup; \
+ } \
+ PKIX_TEST_DECREF_BC(pkixTestErrorResult); \
+ } while (0)
+
+/*
+ * PKIX_TEST_DECREF_BC is a convenience macro which should only be called
+ * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter and wraps the function with
+ * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error.
+ * This macro MUST NOT be called after the "cleanup" label.
+ */
+
+#define PKIX_TEST_DECREF_BC(obj) \
+ do { \
+ if (obj) { \
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext)); \
+ obj = NULL; \
+ } \
+ } while (0)
+
+/*
+ * PKIX_TEST_DECREF_AC is a convenience macro which should only be called
+ * AFTER the "cleanup" label ("AC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter. A pkixTestTempResult variable is used to prevent
+ * incorrectly overwriting pkixTestErrorResult with NULL.
+ * In the case DecRef succeeds, pkixTestTempResult will be NULL, and we won't
+ * overwrite a previously set pkixTestErrorResult (if any). If DecRef fails,
+ * then we do want to overwrite a previously set pkixTestErrorResult since a
+ * DecRef failure is fatal and may be indicative of memory corruption.
+ */
+
+#define PKIX_TEST_DECREF_AC(obj) \
+ do { \
+ if (obj) { \
+ PKIX_Error *pkixTestTempResult = NULL; \
+ pkixTestTempResult = \
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \
+ if (pkixTestTempResult) \
+ pkixTestErrorResult = pkixTestTempResult; \
+ obj = NULL; \
+ } \
+ } while (0)
+
+/*
+ * PKIX_TEST_RETURN must always be AFTER the "cleanup" label. It does nothing
+ * if everything went as expected. However, if there were unexpected results,
+ * PKIX_TEST_RETURN calls testError, which displays a standard failure message
+ * and increments the number of subtests that have failed. In the case
+ * of an unexpected error, testError is called using the error's description
+ * as an input and the error is DecRef'd. In the case of unexpected success
+ * testError is called with a standard string.
+ */
+#define PKIX_TEST_RETURN() \
+ { \
+ if (pkixTestErrorMsg) { \
+ testError(pkixTestErrorMsg); \
+ } else if (pkixTestErrorResult) { \
+ pkixTestErrorMsg = \
+ PKIX_Error2ASCII(pkixTestErrorResult, plContext); \
+ if (pkixTestErrorMsg) { \
+ testError(pkixTestErrorMsg); \
+ PKIX_PL_Free((PKIX_PL_Object *)pkixTestErrorMsg, \
+ plContext); \
+ } else { \
+ testError("PKIX_Error2ASCII Failed"); \
+ } \
+ if (pkixTestErrorResult != PKIX_ALLOC_ERROR()) { \
+ PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, \
+ plContext); \
+ pkixTestErrorResult = NULL; \
+ } \
+ } \
+ }
+
+/*
+ * PKIX_TEST_EQ_HASH_TOSTR_DUP is a convenience macro which executes the
+ * standard set of operations that test the Equals, Hashcode, ToString, and
+ * Duplicate functions of an object type. The goodObj, equalObj, and diffObj
+ * are as the names suggest. The expAscii parameter is the expected result of
+ * calling ToString on the goodObj. If expAscii is NULL, then ToString will
+ * not be called on the goodObj. The checkDuplicate parameter is treated as
+ * a Boolean to indicate whether the Duplicate function should be tested. If
+ * checkDuplicate is NULL, then Duplicate will not be called on the goodObj.
+ * The type is the name of the function's family. For example, if the type is
+ * Cert, this macro will call PKIX_PL_Cert_Equals, PKIX_PL_Cert_Hashcode, and
+ * PKIX_PL_Cert_ToString.
+ *
+ * Note: If goodObj uses the default Equals and Hashcode functions, then
+ * for goodObj and equalObj to be equal, they must have the same pointer value.
+ */
+#define PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObj, equalObj, diffObj, \
+ expAscii, type, checkDuplicate) \
+ do { \
+ subTest("PKIX_PL_" #type "_Equals <match>"); \
+ testEqualsHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(equalObj), \
+ PKIX_TRUE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Hashcode <match>"); \
+ testHashcodeHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(equalObj), \
+ PKIX_TRUE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Equals <non-match>"); \
+ testEqualsHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(diffObj), \
+ PKIX_FALSE, \
+ plContext); \
+ subTest("PKIX_PL_" #type "_Hashcode <non-match>"); \
+ testHashcodeHelper((PKIX_PL_Object *)(goodObj), \
+ (PKIX_PL_Object *)(diffObj), \
+ PKIX_FALSE, \
+ plContext); \
+ if (expAscii) { \
+ subTest("PKIX_PL_" #type "_ToString"); \
+ testToStringHelper((PKIX_PL_Object *)(goodObj), \
+ (expAscii), \
+ plContext); \
+ } \
+ if (checkDuplicate) { \
+ subTest("PKIX_PL_" #type "_Duplicate"); \
+ testDuplicateHelper((PKIX_PL_Object *)goodObj, plContext); \
+ } \
+ } while (0)
+
+/*
+ * PKIX_TEST_DECREF_BC is a convenience macro which should only be called
+ * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter and wraps the function with
+ * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error.
+ * This macro MUST NOT be called after the "cleanup" label.
+ */
+
+#define PKIX_TEST_ABORT_ON_NULL(obj) \
+ do { \
+ if (!obj) { \
+ goto cleanup; \
+ } \
+ } while (0)
+
+#define PKIX_TEST_ARENAS_ARG(arena) \
+ (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : PKIX_FALSE)
+
+#define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult)
+
+/* see source file for function documentation */
+
+void startTests(char *testName);
+
+void endTests(char *testName);
+
+void subTest(char *subTestName);
+
+void testError(char *msg);
+
+extern PKIX_Error *
+_ErrorCheck(PKIX_Error *errorResult);
+
+extern PKIX_Error *
+_OutputError(PKIX_Error *errorResult);
+
+char *PKIX_String2ASCII(PKIX_PL_String *string, void *plContext);
+
+char *PKIX_Error2ASCII(PKIX_Error *error, void *plContext);
+
+char *PKIX_Object2ASCII(PKIX_PL_Object *object);
+
+char *PKIX_Cert2ASCII(PKIX_PL_Cert *cert);
+
+void
+testHashcodeHelper(
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext);
+
+void
+testToStringHelper(
+ PKIX_PL_Object *goodObject,
+ char *expected,
+ void *plContext);
+
+void
+testEqualsHelper(
+ PKIX_PL_Object *goodObject,
+ PKIX_PL_Object *otherObject,
+ PKIX_Boolean match,
+ void *plContext);
+
+void
+testDuplicateHelper(
+ PKIX_PL_Object *object,
+ void *plContext);
+void
+testErrorUndo(char *msg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TESTUTIL_H */
diff --git a/security/nss/cmd/libpkix/testutil/testutil_nss.c b/security/nss/cmd/libpkix/testutil/testutil_nss.c
new file mode 100644
index 0000000000..3417d0ab7c
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/testutil_nss.c
@@ -0,0 +1,579 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil_nss.c
+ *
+ * NSS-specific utility functions for handling test errors
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_cert.h"
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "secutil.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "keythi.h"
+#include "nss.h"
+
+static char *
+catDirName(char *dir, char *name, void *plContext)
+{
+ char *pathName = NULL;
+ PKIX_UInt32 nameLen;
+ PKIX_UInt32 dirLen;
+
+ PKIX_TEST_STD_VARS();
+
+ nameLen = PL_strlen(name);
+ dirLen = PL_strlen(dir);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2,
+ (void **)&pathName,
+ plContext));
+
+ PL_strcpy(pathName, dir);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, name);
+ printf("pathName = %s\n", pathName);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+
+ return (pathName);
+}
+
+PKIX_PL_Cert *
+createCert(
+ char *dirName,
+ char *certFileName,
+ void *plContext)
+{
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *buf = NULL;
+ PRFileDesc *certFile = NULL;
+ PKIX_UInt32 len;
+ SECItem certDER;
+ SECStatus rv;
+ /* default: NULL cert (failure case) */
+ PKIX_PL_Cert *cert = NULL;
+ char *pathName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certDER.data = NULL;
+
+ pathName = catDirName(dirName, certFileName, plContext);
+ certFile = PR_Open(pathName, PR_RDONLY, 0);
+
+ if (!certFile) {
+ pkixTestErrorMsg = "Unable to open cert file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)certDER.data;
+ len = certDER.len;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ } else {
+ pkixTestErrorMsg = "Unable to read DER from cert file";
+ goto cleanup;
+ }
+ }
+
+cleanup:
+
+ pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);
+
+ if (certFile) {
+ PR_Close(certFile);
+ }
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ SECITEM_FreeItem(&certDER, PR_FALSE);
+ }
+
+ PKIX_TEST_DECREF_AC(byteArray);
+
+ PKIX_TEST_RETURN();
+
+ return (cert);
+}
+
+PKIX_PL_CRL *
+createCRL(
+ char *dirName,
+ char *crlFileName,
+ void *plContext)
+{
+ PKIX_PL_ByteArray *byteArray = NULL;
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_Error *error = NULL;
+ PRFileDesc *inFile = NULL;
+ SECItem crlDER;
+ void *buf = NULL;
+ PKIX_UInt32 len;
+ SECStatus rv;
+ char *pathName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ crlDER.data = NULL;
+
+ pathName = catDirName(dirName, crlFileName, plContext);
+ inFile = PR_Open(pathName, PR_RDONLY, 0);
+
+ if (!inFile) {
+ pkixTestErrorMsg = "Unable to open crl file";
+ goto cleanup;
+ } else {
+ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+ if (!rv) {
+ buf = (void *)crlDER.data;
+ len = crlDER.len;
+
+ error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+ if (error) {
+ pkixTestErrorMsg =
+ "PKIX_PL_ByteArray_Create failed";
+ goto cleanup;
+ }
+
+ error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
+ if (error) {
+ pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
+ goto cleanup;
+ }
+
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
+ } else {
+ pkixTestErrorMsg = "Unable to read DER from crl file";
+ goto cleanup;
+ }
+ }
+
+cleanup:
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));
+
+ if (inFile) {
+ PR_Close(inFile);
+ }
+
+ if (error) {
+ SECITEM_FreeItem(&crlDER, PR_FALSE);
+ }
+
+ PKIX_TEST_DECREF_AC(byteArray);
+
+ PKIX_TEST_RETURN();
+
+ return (crl);
+}
+
+PKIX_TrustAnchor *
+createTrustAnchor(
+ char *dirName,
+ char *certFileName,
+ PKIX_Boolean useCert,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_X500Name *name = NULL;
+ PKIX_PL_PublicKey *pubKey = NULL;
+ PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ cert = createCert(dirName, certFileName, plContext);
+
+ if (useCert) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext));
+
+ if (name == NULL) {
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext));
+ }
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(anchor);
+ }
+
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(name);
+ PKIX_TEST_DECREF_AC(pubKey);
+ PKIX_TEST_DECREF_AC(nameConstraints);
+
+ PKIX_TEST_RETURN();
+
+ return (anchor);
+}
+
+PKIX_List *
+createCertChain(
+ char *dirName,
+ char *firstCertFileName,
+ char *secondCertFileName,
+ void *plContext)
+{
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_List *certList = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+
+ firstCert = createCert(dirName, firstCertFileName, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext));
+
+ if (secondCertFileName) {
+ secondCert = createCert(dirName, secondCertFileName, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(certList);
+ }
+
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+
+ PKIX_TEST_RETURN();
+
+ return (certList);
+}
+
+PKIX_List *
+createCertChainPlus(
+ char *dirName,
+ char *certNames[],
+ PKIX_PL_Cert *certs[],
+ PKIX_UInt32 numCerts,
+ void *plContext)
+{
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 i;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+
+ for (i = 0; i < numCerts; i++) {
+
+ certs[i] = createCert(dirName, certNames[i], plContext);
+
+ /* Create Cert may fail */
+ if (certs[i] == NULL) {
+ PKIX_TEST_DECREF_BC(certList);
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList,
+ (PKIX_PL_Object *)certs[i],
+ plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(certList);
+ }
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_DECREF_AC(certs[i]);
+ }
+
+ PKIX_TEST_RETURN();
+
+ return (certList);
+}
+
+PKIX_PL_Date *
+createDate(
+ char *asciiDate,
+ void *plContext)
+{
+ PKIX_PL_Date *date = NULL;
+ PKIX_PL_String *plString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(plString);
+
+ PKIX_TEST_RETURN();
+
+ return (date);
+}
+
+PKIX_ProcessingParams *
+createProcessingParams(
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean isCrlEnabled,
+ void *plContext)
+{
+
+ PKIX_TrustAnchor *firstAnchor = NULL;
+ PKIX_TrustAnchor *secondAnchor = NULL;
+ PKIX_List *anchorsList = NULL;
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_PL_String *dateString = NULL;
+ PKIX_PL_Date *testDate = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
+
+ firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+ (PKIX_PL_Object *)firstAnchor,
+ plContext));
+
+ if (secondAnchorFileName) {
+ secondAnchor =
+ createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+ (PKIX_PL_Object *)secondAnchor,
+ plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext));
+
+ if (dateAscii) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ dateAscii,
+ 0,
+ &dateString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(procParams);
+ }
+
+ PKIX_TEST_DECREF_AC(dateString);
+ PKIX_TEST_DECREF_AC(testDate);
+ PKIX_TEST_DECREF_AC(anchorsList);
+ PKIX_TEST_DECREF_AC(firstAnchor);
+ PKIX_TEST_DECREF_AC(secondAnchor);
+
+ PKIX_TEST_RETURN();
+
+ return (procParams);
+}
+
+PKIX_ValidateParams *
+createValidateParams(
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean initialPolicyMappingInhibit,
+ PKIX_Boolean initialAnyPolicyInhibit,
+ PKIX_Boolean initialExplicitPolicy,
+ PKIX_Boolean isCrlEnabled,
+ PKIX_List *chain,
+ void *plContext)
+{
+
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ procParams =
+ createProcessingParams(dirName,
+ firstAnchorFileName,
+ secondAnchorFileName,
+ dateAscii,
+ NULL,
+ isCrlEnabled,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(valParams);
+ }
+
+ PKIX_TEST_DECREF_AC(procParams);
+
+ PKIX_TEST_RETURN();
+
+ return (valParams);
+}
+
+PKIX_ValidateResult *
+createValidateResult(
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ void *plContext)
+{
+
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_PublicKey *pubKey = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext);
+ cert = createCert(dirName, pubKeyCertFileName, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(valResult);
+ }
+
+ PKIX_TEST_DECREF_AC(anchor);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(pubKey);
+
+ PKIX_TEST_RETURN();
+
+ return (valResult);
+}
+
+PKIX_PL_GeneralName *
+createGeneralName(
+ PKIX_UInt32 nameType,
+ char *asciiName,
+ void *plContext)
+{
+
+ PKIX_PL_GeneralName *generalName = NULL;
+ PKIX_PL_String *plString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(plString);
+
+ PKIX_TEST_RETURN();
+
+ return (generalName);
+}
+
+PKIX_BuildResult *
+createBuildResult(
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ char *firstChainCertFileName,
+ char *secondChainCertFileName,
+ void *plContext)
+{
+ PKIX_BuildResult *buildResult = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_List *certChain = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext);
+ certChain = createCertChain(dirName,
+ firstChainCertFileName,
+ secondChainCertFileName,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext));
+
+cleanup:
+
+ if (PKIX_TEST_ERROR_RECEIVED) {
+ PKIX_TEST_DECREF_AC(buildResult);
+ }
+
+ PKIX_TEST_DECREF_AC(valResult);
+ PKIX_TEST_DECREF_AC(certChain);
+
+ PKIX_TEST_RETURN();
+
+ return (buildResult);
+}
diff --git a/security/nss/cmd/libpkix/testutil/testutil_nss.h b/security/nss/cmd/libpkix/testutil/testutil_nss.h
new file mode 100644
index 0000000000..e1f24af89d
--- /dev/null
+++ b/security/nss/cmd/libpkix/testutil/testutil_nss.h
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil_nss.h
+ *
+ * NSS-specific utility functions for handling test errors
+ *
+ */
+
+#ifndef _TESTUTIL_NSS_H
+#define _TESTUTIL_NSS_H
+
+#include "pkix_tools.h"
+#include "plstr.h"
+#include "prprf.h"
+#include "prlong.h"
+#include "secutil.h"
+#include <stdio.h>
+#include <ctype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "pkix_pl_generalname.h"
+
+/* see source file for function documentation */
+
+PKIX_PL_Cert *
+createCert(
+ char *dirName,
+ char *certFile,
+ void *plContext);
+
+PKIX_PL_CRL *
+createCRL(
+ char *dirName,
+ char *crlFileName,
+ void *plContext);
+
+PKIX_TrustAnchor *
+createTrustAnchor(
+ char *dirName,
+ char *taFileName,
+ PKIX_Boolean useCert,
+ void *plContext);
+
+PKIX_List *
+createCertChain(
+ char *dirName,
+ char *firstCertFileName,
+ char *secondCertFileName,
+ void *plContext);
+
+PKIX_List *
+createCertChainPlus(
+ char *dirName,
+ char *certNames[],
+ PKIX_PL_Cert *certs[],
+ PKIX_UInt32 numCerts,
+ void *plContext);
+
+PKIX_PL_Date *
+createDate(
+ char *asciiDate,
+ void *plContext);
+
+PKIX_ProcessingParams *
+createProcessingParams(
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean isCrlEnabled,
+ void *plContext);
+
+PKIX_ValidateParams *
+createValidateParams(
+ char *dirName,
+ char *firstAnchorFileName,
+ char *secondAnchorFileName,
+ char *dateAscii,
+ PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+ PKIX_Boolean initialPolicyMappingInhibit,
+ PKIX_Boolean initialAnyPolicyInhibit,
+ PKIX_Boolean initialExplicitPolicy,
+ PKIX_Boolean isCrlEnabled,
+ PKIX_List *chain,
+ void *plContext);
+
+PKIX_ValidateResult *
+createValidateResult(
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ void *plContext);
+
+PKIX_BuildResult *
+createBuildResult(
+ char *dirName,
+ char *anchorFileName,
+ char *pubKeyCertFileName,
+ char *firstChainCertFileName,
+ char *secondChainCertFileName,
+ void *plContext);
+
+PKIX_PL_GeneralName *
+createGeneralName(
+ PKIX_UInt32 nameType,
+ char *asciiName,
+ void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TESTUTIL_NSS_H */