From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:47:29 +0200 Subject: Adding upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- security/nss/cmd/libpkix/testutil/testutil_nss.c | 579 +++++++++++++++++++++++ 1 file changed, 579 insertions(+) create mode 100644 security/nss/cmd/libpkix/testutil/testutil_nss.c (limited to 'security/nss/cmd/libpkix/testutil/testutil_nss.c') diff --git a/security/nss/cmd/libpkix/testutil/testutil_nss.c b/security/nss/cmd/libpkix/testutil/testutil_nss.c new file mode 100644 index 0000000000..3417d0ab7c --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/testutil_nss.c @@ -0,0 +1,579 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testutil_nss.c + * + * NSS-specific utility functions for handling test errors + * + */ + +#include +#include +#include + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "secutil.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static char * +catDirName(char *dir, char *name, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 nameLen; + PKIX_UInt32 dirLen; + + PKIX_TEST_STD_VARS(); + + nameLen = PL_strlen(name); + dirLen = PL_strlen(dir); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2, + (void **)&pathName, + plContext)); + + PL_strcpy(pathName, dir); + PL_strcat(pathName, "/"); + PL_strcat(pathName, name); + printf("pathName = %s\n", pathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +PKIX_PL_Cert * +createCert( + char *dirName, + char *certFileName, + void *plContext) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *certFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + char *pathName = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + pathName = catDirName(dirName, certFileName, plContext); + certFile = PR_Open(pathName, PR_RDONLY, 0); + + if (!certFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(pathName, plContext); + + if (certFile) { + PR_Close(certFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +PKIX_PL_CRL * +createCRL( + char *dirName, + char *crlFileName, + void *plContext) +{ + PKIX_PL_ByteArray *byteArray = NULL; + PKIX_PL_CRL *crl = NULL; + PKIX_Error *error = NULL; + PRFileDesc *inFile = NULL; + SECItem crlDER; + void *buf = NULL; + PKIX_UInt32 len; + SECStatus rv; + char *pathName = NULL; + + PKIX_TEST_STD_VARS(); + + crlDER.data = NULL; + + pathName = catDirName(dirName, crlFileName, plContext); + inFile = PR_Open(pathName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open crl file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)crlDER.data; + len = crlDER.len; + + error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext); + + if (error) { + pkixTestErrorMsg = + "PKIX_PL_ByteArray_Create failed"; + goto cleanup; + } + + error = PKIX_PL_CRL_Create(byteArray, &crl, plContext); + if (error) { + pkixTestErrorMsg = "PKIX_PL_Crl_Create failed"; + goto cleanup; + } + + SECITEM_FreeItem(&crlDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from crl file"; + goto cleanup; + } + } + +cleanup: + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext)); + + if (inFile) { + PR_Close(inFile); + } + + if (error) { + SECITEM_FreeItem(&crlDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (crl); +} + +PKIX_TrustAnchor * +createTrustAnchor( + char *dirName, + char *certFileName, + PKIX_Boolean useCert, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_X500Name *name = NULL; + PKIX_PL_PublicKey *pubKey = NULL; + PKIX_PL_CertNameConstraints *nameConstraints = NULL; + + PKIX_TEST_STD_VARS(); + + cert = createCert(dirName, certFileName, plContext); + + if (useCert) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext)); + + if (name == NULL) { + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext)); + } + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(anchor); + } + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(name); + PKIX_TEST_DECREF_AC(pubKey); + PKIX_TEST_DECREF_AC(nameConstraints); + + PKIX_TEST_RETURN(); + + return (anchor); +} + +PKIX_List * +createCertChain( + char *dirName, + char *firstCertFileName, + char *secondCertFileName, + void *plContext) +{ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_List *certList = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); + + firstCert = createCert(dirName, firstCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext)); + + if (secondCertFileName) { + secondCert = createCert(dirName, secondCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(certList); + } + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + + PKIX_TEST_RETURN(); + + return (certList); +} + +PKIX_List * +createCertChainPlus( + char *dirName, + char *certNames[], + PKIX_PL_Cert *certs[], + PKIX_UInt32 numCerts, + void *plContext) +{ + PKIX_List *certList = NULL; + PKIX_UInt32 i; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); + + for (i = 0; i < numCerts; i++) { + + certs[i] = createCert(dirName, certNames[i], plContext); + + /* Create Cert may fail */ + if (certs[i] == NULL) { + PKIX_TEST_DECREF_BC(certList); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, + (PKIX_PL_Object *)certs[i], + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(certList); + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_DECREF_AC(certs[i]); + } + + PKIX_TEST_RETURN(); + + return (certList); +} + +PKIX_PL_Date * +createDate( + char *asciiDate, + void *plContext) +{ + PKIX_PL_Date *date = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (date); +} + +PKIX_ProcessingParams * +createProcessingParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean isCrlEnabled, + void *plContext) +{ + + PKIX_TrustAnchor *firstAnchor = NULL; + PKIX_TrustAnchor *secondAnchor = NULL; + PKIX_List *anchorsList = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_String *dateString = NULL; + PKIX_PL_Date *testDate = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext)); + + firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList, + (PKIX_PL_Object *)firstAnchor, + plContext)); + + if (secondAnchorFileName) { + secondAnchor = + createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList, + (PKIX_PL_Object *)secondAnchor, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext)); + + if (dateAscii) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dateAscii, + 0, + &dateString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(procParams); + } + + PKIX_TEST_DECREF_AC(dateString); + PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(anchorsList); + PKIX_TEST_DECREF_AC(firstAnchor); + PKIX_TEST_DECREF_AC(secondAnchor); + + PKIX_TEST_RETURN(); + + return (procParams); +} + +PKIX_ValidateParams * +createValidateParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean initialPolicyMappingInhibit, + PKIX_Boolean initialAnyPolicyInhibit, + PKIX_Boolean initialExplicitPolicy, + PKIX_Boolean isCrlEnabled, + PKIX_List *chain, + void *plContext) +{ + + PKIX_ProcessingParams *procParams = NULL; + PKIX_ValidateParams *valParams = NULL; + + PKIX_TEST_STD_VARS(); + + procParams = + createProcessingParams(dirName, + firstAnchorFileName, + secondAnchorFileName, + dateAscii, + NULL, + isCrlEnabled, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(valParams); + } + + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (valParams); +} + +PKIX_ValidateResult * +createValidateResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + void *plContext) +{ + + PKIX_TrustAnchor *anchor = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_PublicKey *pubKey = NULL; + + PKIX_TEST_STD_VARS(); + + anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext); + cert = createCert(dirName, pubKeyCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(valResult); + } + + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(pubKey); + + PKIX_TEST_RETURN(); + + return (valResult); +} + +PKIX_PL_GeneralName * +createGeneralName( + PKIX_UInt32 nameType, + char *asciiName, + void *plContext) +{ + + PKIX_PL_GeneralName *generalName = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (generalName); +} + +PKIX_BuildResult * +createBuildResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + char *firstChainCertFileName, + char *secondChainCertFileName, + void *plContext) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *certChain = NULL; + + PKIX_TEST_STD_VARS(); + + valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext); + certChain = createCertChain(dirName, + firstChainCertFileName, + secondChainCertFileName, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(buildResult); + } + + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(certChain); + + PKIX_TEST_RETURN(); + + return (buildResult); +} -- cgit v1.2.3