diff options
Diffstat (limited to '')
-rw-r--r-- | security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c new file mode 100644 index 0000000000..ccd05a5bf8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c @@ -0,0 +1,275 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_ekuchecker.c + * + * Test Extend Key Usage Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("[E]oid[,oid]* <data-dir> cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +testCertSelectorMatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + *pResult = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +testEkuSetup( + PKIX_ValidateParams *valParams, + char *ekuOidString, + PKIX_Boolean *only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + PKIX_List *ekuList = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_ComCertSelParams *selParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_Boolean last_token = PKIX_FALSE; + PKIX_UInt32 i, tokeni; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_GetProcessingParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Get extended key usage OID(s) from command line, separated by "," */ + + if (ekuOidString[0] == '"') { + /* erase doble quotes, if any */ + i = 1; + while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') { + ekuOidString[i - 1] = ekuOidString[i]; + i++; + } + ekuOidString[i - 1] = '\0'; + } + + if (ekuOidString[0] == '\0') { + ekuList = NULL; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext)); + + /* if OID string start with E, only check for last cert */ + if (ekuOidString[0] == 'E') { + *only4EE = PKIX_TRUE; + tokeni = 2; + i = 1; + } else { + *only4EE = PKIX_FALSE; + tokeni = 1; + i = 0; + } + + while (last_token != PKIX_TRUE) { + while (ekuOidString[tokeni] != ',' && + ekuOidString[tokeni] != '\0') { + tokeni++; + } + if (ekuOidString[tokeni] == '\0') { + last_token = PKIX_TRUE; + } else { + ekuOidString[tokeni] = '\0'; + tokeni++; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + i = tokeni; + } + } + + /* Set extended key usage link to processing params */ + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext)); + + subTest("PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback, + NULL, + &certSelector, + plContext)); + + subTest("PKIX_CertSelector_SetCommonCertSelectorParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext)); + + subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuList); + + PKIX_TEST_RETURN(); + + return (0); +} + +static PKIX_Error * +testEkuChecker( + PKIX_ValidateParams *valParams, + PKIX_Boolean only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + if (only4EE == PKIX_FALSE) { + subTest("PKIX_PL_EkuChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_ekuchecker(int argc, char *argv[]) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + char *dirName = NULL; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + PKIX_Boolean only4EE = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("EKU Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[4 + j]; + + chainLength = (argc - j) - 6; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[6 + i + j]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Extended-Key-Usage-Checker"); + + subTest("Extended-Key-Usage-Checker - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Extended-Key-Usage-Checker - Create Params"); + + valParams = createValidateParams(dirName, + argv[5 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Default CertStore"); + + testEkuSetup(valParams, argv[3 + j], &only4EE); + + testEkuChecker(valParams, only4EE); + + subTest("Extended-Key-Usage-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("EKU Checker"); + + return (0); +} |