diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c')
-rw-r--r-- | security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c | 230 |
1 files changed, 230 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c new file mode 100644 index 0000000000..3ce4513177 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c @@ -0,0 +1,230 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_defaultcrlchecker2stores.c + * + * Test Default CRL with multiple CertStore Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("crl-directory cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +testDefaultMultipleCertStores(PKIX_ValidateParams *valParams, + char *crlDir1, + char *crlDir2) +{ + PKIX_PL_String *dirString1 = NULL; + PKIX_PL_String *dirString2 = NULL; + PKIX_CertStore *certStore1 = NULL; + PKIX_CertStore *certStore2 = NULL; + PKIX_List *certStoreList = NULL; + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStore_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir1, + 0, + &dirString1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1, + &certStore1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir2, + 0, + &dirString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2, + &certStore2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Add multiple CollectionCertStores */ + + subTest("PKIX_ProcessingParams_SetCertStores"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString1); + PKIX_TEST_DECREF_AC(dirString2); + PKIX_TEST_DECREF_AC(certStore1); + PKIX_TEST_DECREF_AC(certStore2); + PKIX_TEST_DECREF_AC(certStoreList); + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +/* + * Validate Certificate Chain with Certificate Revocation List + * Certificate Chain is build based on input certs' sequence. + * CRL is fetched from the directory specified in CollectionCertStore. + * while CollectionCertStore is linked in CertStore Object which then + * linked in ProcessParam. During validation, CRLChecker will invoke + * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) + * to get CRL data for revocation check. + * This test gets CRL's from two CertStores, each has a valid CRL + * required for revocation check to pass. + */ + +int +test_defaultcrlchecker2stores(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_TRUE; + char *dirName = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 6) { + printUsage1(argv[0]); + return (0); + } + + startTests("CRL Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + chainLength = (argc - j) - 7; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[(7 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Default-CRL-Checker"); + + subTest("Default-CRL-Checker - Create Cert Chain"); + + dirName = argv[3 + j]; + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Default-CRL-Checker - Create Params"); + + anchorName = argv[6 + j]; + + valParams = createValidateParams(dirName, + anchorName, + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Multiple-CertStores"); + + testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]); + + subTest("Default-CRL-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL Checker"); + + return (0); +} |