diff options
Diffstat (limited to 'security/nss/cmd/libpkix')
111 files changed, 24950 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/Makefile b/security/nss/cmd/libpkix/Makefile new file mode 100644 index 0000000000..1de5ef2694 --- /dev/null +++ b/security/nss/cmd/libpkix/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk + diff --git a/security/nss/cmd/libpkix/manifest.mn b/security/nss/cmd/libpkix/manifest.mn new file mode 100644 index 0000000000..4f232a5100 --- /dev/null +++ b/security/nss/cmd/libpkix/manifest.mn @@ -0,0 +1,11 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = . +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../.. + +DIRS = testutil pkix_pl pkix sample_apps perf pkixutil \ + $(NULL) diff --git a/security/nss/cmd/libpkix/perf/Makefile b/security/nss/cmd/libpkix/perf/Makefile new file mode 100644 index 0000000000..3181547e2c --- /dev/null +++ b/security/nss/cmd/libpkix/perf/Makefile @@ -0,0 +1,44 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk + diff --git a/security/nss/cmd/libpkix/perf/libpkix_buildthreads.c b/security/nss/cmd/libpkix/perf/libpkix_buildthreads.c new file mode 100644 index 0000000000..4b8d438112 --- /dev/null +++ b/security/nss/cmd/libpkix/perf/libpkix_buildthreads.c @@ -0,0 +1,337 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * libpkixBuildThreads.c + * + * libpkix Builder Performance Evaluation application (multi-threaded) + * + */ + +#include <stdio.h> +#include <string.h> + +#include "secutil.h" + +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "prlong.h" + +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "nss.h" + +#include "pkix.h" +#include "pkix_tools.h" +#include "pkix_pl_cert.h" + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +#undef pkixTempResult +#define PERF_DECREF(obj) \ + { \ + PKIX_Error *pkixTempResult = NULL; \ + if (obj) { \ + pkixTempResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \ + obj = NULL; \ + } \ + } + +static void finish(char *message, int code); + +typedef struct ThreadDataStr tData; + +struct ThreadDataStr { + CERTCertificate *anchor; + char *eecertName; + PRIntervalTime duration; + CERTCertDBHandle *handle; + PRUint32 iterations; +}; + +#define PKIX_LOGGER_ON 1 + +#ifdef PKIX_LOGGER_ON + +char *logLevels[] = { + "None", + "Fatal Error", + "Error", + "Warning", + "Debug", + "Trace" +}; + +static PKIX_Error * +loggerCallback( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ + char *msg = NULL; + static int callCount = 0; + + msg = PKIX_String2ASCII(message, plContext); + printf("Logging %s (%s): %s\n", + logLevels[logLevel], + PKIX_ERRORCLASSNAMES[logComponent], + msg); + PR_Free((void *)msg); + + return (NULL); +} + +#endif /* PKIX_LOGGER_ON */ + +static void +ThreadEntry(void *data) +{ + tData *tdata = (tData *)data; + PRIntervalTime duration = tdata->duration; + PRIntervalTime start = PR_IntervalNow(); + + PKIX_List *anchors = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_BuildResult *buildResult = NULL; + CERTCertificate *nsseecert; + PKIX_PL_Cert *eeCert = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_Date *nowDate = NULL; + void *state = NULL; /* only relevant with non-blocking I/O */ + void *nbioContext = NULL; /* only relevant with non-blocking I/O */ + + PR_ASSERT(duration); + if (!duration) { + return; + } + + do { + + /* libpkix code */ + + /* keep more update time, testing cache */ + PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext); + + /* CertUsage is 0x10 and no NSS arena */ + /* We haven't determined how we obtain the value of wincx */ + + nsseecert = CERT_FindCertByNicknameOrEmailAddr(tdata->handle, + tdata->eecertName); + if (!nsseecert) + finish("Unable to find eecert.\n", 1); + + pkix_pl_Cert_CreateWithNSSCert(nsseecert, &eeCert, plContext); + + PKIX_List_Create(&anchors, plContext); + + /* + * This code is retired. + * pkix_pl_Cert_CreateWithNSSCert + * (tdata->anchor, &anchorCert, NULL); + * PKIX_TrustAnchor_CreateWithCert(anchorCert, &anchor, NULL); + * PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, NULL); + */ + + PKIX_ProcessingParams_Create(anchors, &procParams, plContext); + + PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext); + + PKIX_ProcessingParams_SetDate(procParams, nowDate, plContext); + + /* create CertSelector with target certificate in params */ + + PKIX_ComCertSelParams_Create(&certSelParams, plContext); + + PKIX_ComCertSelParams_SetCertificate(certSelParams, eeCert, plContext); + + PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext); + + PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext); + + PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext); + + PKIX_PL_Pk11CertStore_Create(&certStore, plContext); + + PKIX_List_Create(&certStores, plContext); + PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext); + PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext); + + PKIX_BuildChain(procParams, + &nbioContext, + &state, + &buildResult, + NULL, + plContext); + + /* + * As long as we use only CertStores with blocking I/O, we + * know we must be done at this point. + */ + + if (!buildResult) { + (void)fprintf(stderr, "libpkix BuildChain failed.\n"); + PORT_Assert(0); + return; + } + + tdata->iterations++; + + PERF_DECREF(nowDate); + PERF_DECREF(anchors); + PERF_DECREF(procParams); + PERF_DECREF(buildResult); + PERF_DECREF(certStore); + PERF_DECREF(certStores); + PERF_DECREF(certSelParams); + PERF_DECREF(certSelector); + PERF_DECREF(eeCert); + + } while ((PR_IntervalNow() - start) < duration); +} + +static void +Test( + CERTCertificate *anchor, + char *eecertName, + PRIntervalTime duration, + CERTCertDBHandle *handle, + PRUint32 threads) +{ + tData data; + tData **alldata; + PRIntervalTime starttime, endtime, elapsed; + PRUint32 msecs; + float total = 0; + PRThread **pthreads = NULL; + PRUint32 i = 0; + + data.duration = duration; + data.anchor = anchor; + data.eecertName = eecertName; + data.handle = handle; + + data.iterations = 0; + + starttime = PR_IntervalNow(); + pthreads = (PRThread **)PR_Malloc(threads * sizeof(PRThread *)); + alldata = (tData **)PR_Malloc(threads * sizeof(tData *)); + for (i = 0; i < threads; i++) { + alldata[i] = (tData *)PR_Malloc(sizeof(tData)); + *alldata[i] = data; + pthreads[i] = + PR_CreateThread(PR_USER_THREAD, + ThreadEntry, + (void *)alldata[i], + PR_PRIORITY_NORMAL, + PR_GLOBAL_THREAD, + PR_JOINABLE_THREAD, + 0); + } + + for (i = 0; i < threads; i++) { + tData *args = alldata[i]; + PR_JoinThread(pthreads[i]); + total += args->iterations; + PR_Free((void *)args); + } + + PR_Free((void *)pthreads); + PR_Free((void *)alldata); + endtime = PR_IntervalNow(); + + endtime = PR_IntervalNow(); + elapsed = endtime - starttime; + msecs = PR_IntervalToMilliseconds(elapsed); + total /= msecs; + total *= 1000; + (void)fprintf(stdout, "%f operations per second.\n", total); +} + +static void +finish(char *message, int code) +{ + (void)printf(message); + exit(code); +} + +static void +usage(char *progname) +{ + (void)printf("Usage : %s <-d certStoreDirectory> <duration> <threads> " + "<anchorNickname> <eecertNickname>\n\n", + progname); + finish("", 0); +} + +int +libpkix_buildthreads(int argc, char **argv) +{ + CERTCertDBHandle *handle = NULL; + CERTCertificate *eecert = NULL; + PRIntervalTime duration = PR_SecondsToInterval(1); + PRUint32 threads = 1; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_Logger *logger = NULL; + void *wincx = NULL; + + /* if (argc != 5) -- when TrustAnchor used to be on command line */ + if (argc != 4) { + usage(argv[0]); + } + if (atoi(argv[1]) > 0) { + duration = PR_SecondsToInterval(atoi(argv[1])); + } + if (atoi(argv[2]) > 0) { + threads = atoi(argv[2]); + } + + PKIX_PL_NssContext_Create(certificateUsageEmailSigner, PKIX_FALSE, + NULL, &plContext); + + handle = CERT_GetDefaultCertDB(); + PR_ASSERT(handle); + +#ifdef PKIX_LOGGER_ON + + /* set logger to log trace and up */ + PKIX_SetLoggers(NULL, plContext); + PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext); + PKIX_Logger_SetMaxLoggingLevel(logger, PKIX_LOGGER_LEVEL_WARNING, plContext); + PKIX_AddLogger(logger, plContext); + +#endif /* PKIX_LOGGER_ON */ + + /* + * This code is retired + * anchor = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]); + * if (!anchor) finish("Unable to find anchor.\n", 1); + * + * eecert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[4]); + + * if (!eecert) finish("Unable to find eecert.\n", 1); + * + * Test(anchor, eecert, duration, threads); + */ + + Test(NULL, argv[3], duration, handle, threads); + + PERF_DECREF(logger); + + PKIX_Shutdown(plContext); + + return (0); +} diff --git a/security/nss/cmd/libpkix/perf/manifest.mn b/security/nss/cmd/libpkix/perf/manifest.mn new file mode 100644 index 0000000000..f70040234a --- /dev/null +++ b/security/nss/cmd/libpkix/perf/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = libpkix_buildthreads.c \ + nss_threads.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolperf +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR = $(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/perf/nss_threads.c b/security/nss/cmd/libpkix/perf/nss_threads.c new file mode 100644 index 0000000000..202f128b61 --- /dev/null +++ b/security/nss/cmd/libpkix/perf/nss_threads.c @@ -0,0 +1,158 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * nssThreads.c + * + * NSS Performance Evaluation application (multi-threaded) + * + */ + +#include <stdio.h> +#include <string.h> + +#include "secutil.h" + +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "prlong.h" + +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "nss.h" + +typedef struct ThreadDataStr tData; + +struct ThreadDataStr { + CERTCertificate* cert; + PRIntervalTime duration; + PRUint32 iterations; +}; + +static void +ThreadEntry(void* data) +{ + tData* tdata = (tData*)data; + PRIntervalTime duration = tdata->duration; + PRTime now = PR_Now(); + PRIntervalTime start = PR_IntervalNow(); + + PR_ASSERT(duration); + if (!duration) { + return; + } + do { + SECStatus rv = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + tdata->cert, + PR_TRUE, + certificateUsageEmailSigner, + now, + NULL, + NULL, + NULL); + if (rv != SECSuccess) { + (void)fprintf(stderr, "Validation failed.\n"); + PORT_Assert(0); + return; + } + tdata->iterations++; + } while ((PR_IntervalNow() - start) < duration); +} + +static void +Test(CERTCertificate* cert, PRIntervalTime duration, PRUint32 threads) +{ + tData data; + tData** alldata; + PRIntervalTime starttime, endtime, elapsed; + PRUint32 msecs; + float total = 0; + PRThread** pthreads = NULL; + PRUint32 i = 0; + + data.duration = duration; + data.cert = cert; + data.iterations = 0; + + starttime = PR_IntervalNow(); + pthreads = (PRThread**)PR_Malloc(threads * sizeof(PRThread*)); + alldata = (tData**)PR_Malloc(threads * sizeof(tData*)); + for (i = 0; i < threads; i++) { + alldata[i] = (tData*)PR_Malloc(sizeof(tData)); + *alldata[i] = data; + pthreads[i] = + PR_CreateThread(PR_USER_THREAD, + ThreadEntry, + (void*)alldata[i], + PR_PRIORITY_NORMAL, + PR_GLOBAL_THREAD, + PR_JOINABLE_THREAD, + 0); + } + for (i = 0; i < threads; i++) { + tData* args = alldata[i]; + PR_JoinThread(pthreads[i]); + total += args->iterations; + PR_Free((void*)args); + } + PR_Free((void*)pthreads); + PR_Free((void*)alldata); + endtime = PR_IntervalNow(); + + endtime = PR_IntervalNow(); + elapsed = endtime - starttime; + msecs = PR_IntervalToMilliseconds(elapsed); + total /= msecs; + total *= 1000; + (void)fprintf(stdout, "%f operations per second.\n", total); +} + +static void +finish(char* message, int code) +{ + (void)printf(message); + exit(code); +} + +static void +usage(char* progname) +{ + (void)printf("Usage : %s <duration> <threads> <certnickname>\n\n", + progname); + finish("", 0); +} + +int +nss_threads(int argc, char** argv) +{ + SECStatus rv = SECSuccess; + CERTCertDBHandle* handle = NULL; + CERTCertificate* cert = NULL; + PRIntervalTime duration = PR_SecondsToInterval(1); + PRUint32 threads = 1; + if (argc != 4) { + usage(argv[0]); + } + if (atoi(argv[1]) > 0) { + duration = PR_SecondsToInterval(atoi(argv[1])); + } + if (atoi(argv[2]) > 0) { + threads = atoi(argv[2]); + } + + handle = CERT_GetDefaultCertDB(); + PR_ASSERT(handle); + cert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]); + if (!cert) { + finish("Unable to find certificate.\n", 1); + } + Test(cert, duration, threads); + + CERT_DestroyCertificate(cert); + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/Makefile b/security/nss/cmd/libpkix/pkix/Makefile new file mode 100644 index 0000000000..1de5ef2694 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk + diff --git a/security/nss/cmd/libpkix/pkix/certsel/Makefile b/security/nss/cmd/libpkix/pkix/certsel/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/certsel/manifest.mn b/security/nss/cmd/libpkix/pkix/certsel/manifest.mn new file mode 100644 index 0000000000..d9da6e1674 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_certselector.c \ + test_comcertselparams.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolcertsel +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c b/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c new file mode 100644 index 0000000000..1fde3739b8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c @@ -0,0 +1,1677 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certselector.c + * + * Test Cert Selector + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS 5 +#define PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS 2 +#define PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS 2 +#define PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS 4 +#define PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS 1 + +static void *plContext = NULL; + +/* + * The first three certs are used to obtain policies to test + * policy matching. Changing the table could break tests. + */ +static char *certList[] = { +#define POLICY1CERT 0 + "GoodCACert.crt", +#define ANYPOLICYCERT 1 + "anyPolicyCACert.crt", +#define POLICY2CERT 2 + "PoliciesP12CACert.crt", +#define SUBJECTCERT 3 + "PoliciesP3CACert.crt", + "PoliciesP1234CACert.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint1CACert.crt", + "pathLenConstraint6CACert.crt", + "TrustAnchorRootCertificate.crt", + "GoodsubCACert.crt", + "AnyPolicyTest14EE.crt", + "UserNoticeQualifierTest16EE.crt" +}; +#define NUMCERTS (sizeof(certList) / sizeof(certList[0])) + +/* + * Following are Certs values for NameConstraints tests + * + * Cert0:nameConstraintsDN1subCA1Cert.crt: + * Subject:CN=nameConstraints DN1 subCA1,OU=permittedSubtree1, + * O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree2,OU=permittedSubtree1, + * O=Test Certificates,C=US) + * Excluded Name: (EMPTY) + * Cert1:nameConstraintsDN3subCA2Cert.crt: + * Subject:CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US + * Permitted Name:(O=Test Certificates,C=US) + * Excluded Name:(EMPTY) + * Cert2:nameConstraintsDN2CACert.crt + * Subject:CN=nameConstraints DN2 CA,O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US, + * OU=permittedSubtree2,O=Test Certificates,C=US) + * Excluded Name:(EMPTY) + * Cert3:nameConstraintsDN3subCA1Cert.crt + * Subject:CN=nameConstraints DN3 subCA1,O=Test Certificates,C=US + * Permitted Name:(EMPTY) + * Excluded Name:(OU=excludedSubtree2,O=Test Certificates,C=US) + * Cert4:nameConstraintsDN4CACert.crt + * Subject:CN=nameConstraints DN4 CA,O=Test Certificates,C=US + * Permitted Name:(EMPTY) + * Excluded Name:(OU=excludedSubtree1,O=Test Certificates,C=US, + * OU=excludedSubtree2,O=Test Certificates,C=US) + * Cert5:nameConstraintsDN5CACert.crt + * Subject:CN=nameConstraints DN5 CA,O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US) + * Excluded Name:(OU=excludedSubtree1,OU=permittedSubtree1, + * O=Test Certificates,C=US) + * Cert6:ValidDNnameConstraintsTest1EE.crt + * Subject:CN=Valid DN nameConstraints EE Certificate Test1, + * OU=permittedSubtree1,O=Test Certificates,C=US + * + */ +static char *ncCertList[] = { + "nameConstraintsDN1subCA1Cert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "nameConstraintsDN2CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "nameConstraintsDN4CACert.crt", + "nameConstraintsDN5CACert.crt", + "ValidDNnameConstraintsTest1EE.crt" +}; +#define NUMNCCERTS (sizeof(ncCertList) / sizeof(ncCertList[0])) + +static char *sanCertList[] = { + "InvalidDNnameConstraintsTest3EE.crt", + "InvalidDNSnameConstraintsTest38EE.crt" +}; +#define NUMSANCERTS (sizeof(sanCertList) / sizeof(sanCertList[0])) + +/* + * This function calls the CertSelector pointed to by "selector" for each + * cert in the List pointed to by "certs", and compares the results against + * the bit array given by the UInt32 "expectedResults". If the first cert is + * expected to pass, the lower-order bit of "expectedResults" should be 1. + * If the second cert is expected to pass, the second bit of "expectedResults" + * should be 1, and so on. If more than 32 certs are provided, only the first + * 32 will be checked. It is not an error to provide more bits than needed. + * (For example, if you expect every cert to pass, "expectedResult" can be + * set to 0xFFFFFFFF, even if the chain has fewer than 32 certs.) + */ +static void +testSelector( + PKIX_CertSelector *selector, + PKIX_List *certs, + PKIX_UInt32 expectedResults) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numCerts = 0; + PKIX_PL_Cert *cert = NULL; + PKIX_CertSelector_MatchCallback callback = NULL; + PKIX_Error *errReturn = NULL; + PKIX_Boolean result = PKIX_TRUE; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &callback, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + if (numCerts > 32) { + numCerts = 32; + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); + errReturn = callback(selector, cert, &result, plContext); + + if (errReturn || result == PKIX_FALSE) { + if ((expectedResults & 1) == 1) { + testError("selector unexpectedly failed"); + (void)printf(" processing cert:\t%d\n", i); + } + } else { + if ((expectedResults & 1) == 0) { + testError("selector unexpectedly passed"); + (void)printf(" processing cert:\t%d\n", i); + } + } + + expectedResults = expectedResults >> 1; + PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_DECREF_BC(errReturn); + } + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(errReturn); + + PKIX_TEST_RETURN(); +} + +/* + * This function gets a policy from the Cert pointed to by "cert", according + * to the index provided by "index", creates an immutable List containing the + * OID of that policy, and stores the result at "pPolicyList". + */ +static void +testGetPolicyFromCert( + PKIX_PL_Cert *cert, + PKIX_UInt32 index, + PKIX_List **pPolicyList) +{ + PKIX_List *policyInfo = NULL; + PKIX_PL_CertPolicyInfo *firstPolicy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *list = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &policyInfo, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(policyInfo, + index, + (PKIX_PL_Object **)&firstPolicy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(firstPolicy, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext)); + + *pPolicyList = list; + +cleanup: + + PKIX_TEST_DECREF_AC(policyInfo); + PKIX_TEST_DECREF_AC(firstPolicy); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +/* + * This custom matchCallback will pass any Certificate which has no + * CertificatePolicies extension and any Certificate whose Policies + * extension include a CertPolicyQualifier. + */ +static PKIX_Error * +custom_CertSelector_MatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_List *certPolicies = NULL; + PKIX_List *quals = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(policy, &quals, plContext)); + if (quals) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); + } + PKIX_TEST_DECREF_BC(certPolicies); + *pResult = PKIX_FALSE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, + &error, + plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(quals); + + return (error); +} + +/* + * This custom matchCallback will pass any Certificate whose + * CertificatePolicies extension asserts the Policy specified by + * the OID in the CertSelectorContext object. + */ +static PKIX_Error * +custom_CertSelector_MatchOIDCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_Boolean match = PKIX_FALSE; + PKIX_PL_Object *certSelectorContext = NULL; + PKIX_PL_OID *constraintOID = NULL; + PKIX_List *certPolicies = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_PL_String *errorDesc = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext(selector, &certSelectorContext, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(certSelectorContext, PKIX_OID_TYPE, plContext)); + + constraintOID = (PKIX_PL_OID *)certSelectorContext; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(policy, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)policyOID, + (PKIX_PL_Object *)constraintOID, + &match, + plContext)); + + if (match) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); + PKIX_TEST_DECREF_BC(policyOID); + } + } + + PKIX_TEST_DECREF_BC(certSelectorContext); + PKIX_TEST_DECREF_BC(certPolicies); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTNOMATCHINGPOLICY, + &error, + plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(certSelectorContext); + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(errorDesc); + + return (error); +} + +static void +testSubjectMatch( + PKIX_List *certs, + PKIX_PL_Cert *certNameToMatch) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *subjParams = NULL; + PKIX_PL_X500Name *subjectName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Subject name match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext)); + testSelector(selector, certs, 0x008); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(subjParams); + PKIX_TEST_DECREF_AC(subjectName); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraintsMatch( + PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *bcParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic Constraints match"); + subTest(" pathLenContraint = -2: pass only EE's"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&bcParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xC00); + + subTest(" pathLenContraint = -1: pass all certs"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xFFF); + + subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x3DF); + + subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x39F); + +cleanup: + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(bcParams); + + PKIX_TEST_RETURN(); +} + +static void +testPolicyMatch( + PKIX_List *certs, + PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */ + PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */ + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +{ + PKIX_CertSelector *selector = NULL; + PKIX_List *emptyList = NULL; /* no members */ + PKIX_List *policy1List = NULL; /* OIDs */ + PKIX_List *policy2List = NULL; /* OIDs */ + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_ComCertSelParams *polParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Policy match"); + testGetPolicyFromCert(NIST1Cert, 0, &policy1List); + testGetPolicyFromCert(NIST2Cert, 1, &policy2List); + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + + subTest(" Pass certs with any CertificatePolicies extension"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEFF); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy1List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEF5); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy2List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x814); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy anyPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, anyPolicyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x002); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(emptyList); + PKIX_TEST_DECREF_AC(policy1List); + PKIX_TEST_DECREF_AC(policy2List); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(polParams); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateMatch( + PKIX_List *certs, + PKIX_PL_Cert *certToMatch) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Certificate match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(params, certToMatch, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0x008); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + + PKIX_TEST_RETURN(); +} + +static void +testNameConstraintsMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL; + PKIX_UInt32 numCerts = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test NameConstraints Cert Selector"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert0-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 0, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert1-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 1, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert2-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 2, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert3-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 3, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert4-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 4, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert5-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 5, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted NONE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints1, plContext)); + testSelector(selector, certs, 0x0); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted ALL"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing permitted TWO"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints3, plContext)); + testSelector(selector, certs, 0x0041); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints1, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints3, plContext)); + testSelector(selector, certs, 0x41); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(permitNameConstraints1); + PKIX_TEST_DECREF_AC(permitNameConstraints2); + PKIX_TEST_DECREF_AC(permitNameConstraints3); + PKIX_TEST_DECREF_AC(excludeNameConstraints1); + PKIX_TEST_DECREF_AC(excludeNameConstraints2); + PKIX_TEST_DECREF_AC(excludeNameConstraints3); + + PKIX_TEST_RETURN(); +} + +static void +testPathToNamesMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test PathToName Cert Selector"); + + subTest(" PKIX_PL_GeneralName List create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Add directory name <O=NotATest Certificates,C=US>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=NotATest Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting THREE"); + testSelector(selector, certs, 0x58); + + subTest(" Remove directory name <O=NotATest Certificates,C=US...>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name <OU=permittedSubtree1,O=Test...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x5F); + + subTest(" Remove directory name <OU=permittedSubtree1,O=Test...>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name <O=Test Certificates,C=US...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" Only directory name <OU=permittedSubtree1,O=Test ...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + + subTest(" PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + PKIX_TEST_DECREF_BC(nameList); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Add directory name <CN=Valid DN nameConstraints EE...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE " + "Certificate Test1,OU=permittedSubtree1," + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x7e); + + subTest(" Add directory name <OU=permittedSubtree1,O=Test>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x58); + + subTest(" Add directory name <O=Test Certificates,C=US>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(nameList); + + PKIX_TEST_RETURN(); +} + +static void +testSubjAltNamesMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test SubjAltNames Cert Selector"); + + subTest(" PKIX_PL_GeneralName List create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name <CN=Invalid DN nameConstraints EE...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "CN=Invalid DN nameConstraints EE Certificate Test3," + "OU=excludedSubtree1,O=Test Certificates,C=US", + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(params, nameList, plContext)); + + PKIX_TEST_DECREF_BC(name); + PKIX_TEST_DECREF_BC(nameList); + + subTest(" Permitting ONE"); + testSelector(selector, certs, 0x1); + + subTest(" Add DNS name <mytestcertificates.gov>"); + name = createGeneralName(PKIX_DNS_NAME, + "mytestcertificates.gov", + plContext); + + subTest(" PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting NONE"); + testSelector(selector, certs, 0x0); + + subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(params, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Permitting TWO"); + testSelector(selector, certs, 0x3); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(name); + PKIX_TEST_DECREF_AC(nameList); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateValidMatch( + PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_String *stringRep = NULL; + PKIX_PL_Date *testDate = NULL; + char *asciiRep = "050501000000Z"; + + PKIX_TEST_STD_VARS(); + + subTest("CertificateValid match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(params, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0xFFFFFFFF); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); + + PKIX_TEST_RETURN(); +} + +static void +test_customCallback1(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("custom matchCallback"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchCallback, + NULL, + &selector, + plContext)); + + testSelector(selector, certs, 0x900); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +test_customCallback2(PKIX_List *certs, + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +{ + PKIX_CertSelector *selector = NULL; + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_PL_OID *policyOID = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("custom matchCallback with CertSelectorContext"); + + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchOIDCallback, + (PKIX_PL_Object *)policyOID, + &selector, + plContext)); + + testSelector(selector, certs, (1 << ANYPOLICYCERT)); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +static void +testExtendedKeyUsageMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *ekuOidList = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Extended KeyUsage Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest(" Create Extended Key Usage OID List"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.2", &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.3", &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + + subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, ekuOidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuOidList); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testKeyUsageMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test KeyUsage Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest(" PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, PKIX_CRL_SIGN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testCertValidMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_Date *validDate = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test CertValid Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + validDate = createDate("050601000000Z", plContext); + + subTest(" PKIX_ComCertSelParams_SetCertificateValid"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, validDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(validDate); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testIssuerMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_PL_String *issuerStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + char *issuerName = "CN=science,O=mit,C=US"; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Issuer Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerStr, &issuer, plContext)); + + subTest(" PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, issuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(issuer); + PKIX_TEST_DECREF_AC(issuerStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testSerialNumberVersionMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_BigInt *serialNumber = NULL; + PKIX_PL_String *serialNumberStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Serial Number Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(serialNumberStr, &serialNumber, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, serialNumber, plContext)); + + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + PKIX_TEST_DECREF_BC(certList); + + if (numCert != 0) { + pkixTestErrorMsg = "unexpected Version mismatch"; + } + + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Serial Number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(serialNumber); + PKIX_TEST_DECREF_AC(serialNumberStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testSubjKeyIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selSubjKeyId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Key Id Cert Selector"); + + item = 2; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &selSubjKeyId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(params, selSubjKeyId, plContext)); + + subTest(" Select One"); + testSelector(selector, certs, 1 << item); + +cleanup: + + PKIX_TEST_DECREF_AC(selSubjKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testAuthKeyIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selAuthKeyId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Auth Key Id Cert Selector"); + + item = 3; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &selAuthKeyId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(params, selAuthKeyId, plContext)); + + subTest(" Select TWO"); + testSelector(selector, certs, (1 << item) | (1 << 1)); + +cleanup: + + PKIX_TEST_DECREF_AC(selAuthKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testSubjPKAlgIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_OID *selAlgId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Public Key Algorithm Id Cert Selector"); + + item = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(cert, &selAlgId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(params, selAlgId, plContext)); + + subTest(" Select All"); + testSelector(selector, certs, 0x7F); + +cleanup: + + PKIX_TEST_DECREF_AC(selAlgId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testSubjPublicKeyMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_PublicKey *selPublicKey = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Public Key Cert Selector"); + + item = 5; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &selPublicKey, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(params, selPublicKey, plContext)); + + subTest(" Select ONE"); + testSelector(selector, certs, 1 << item); + +cleanup: + + PKIX_TEST_DECREF_AC(selPublicKey); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +test_CertSelector_Duplicate(PKIX_CertSelector *selector) +{ + PKIX_Int32 goodBasicConstraints = 0; + PKIX_Int32 equalBasicConstraints = 0; + PKIX_CertSelector *dupSelector = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_CertSelector_MatchCallback goodCallback = NULL; + PKIX_CertSelector_MatchCallback equalCallback = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_List *goodPolicy = NULL; + PKIX_List *equalPolicy = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test_CertSelector_Duplicate"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)selector, + (PKIX_PL_Object **)&dupSelector, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(selector, &goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(dupSelector, &equalParams, plContext)); + /* There is no equals function, so look at components separately. */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + if (goodSubject && equalSubject) { + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodSubject, equalSubject) { + pkixTestErrorMsg = "Subject Names are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicy, plContext)); + if (goodPolicy && equalPolicy) { + testEqualsHelper((PKIX_PL_Object *)goodPolicy, + (PKIX_PL_Object *)equalPolicy, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodPolicy, equalPolicy) { + pkixTestErrorMsg = "Policy Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodCert, equalCert) { + pkixTestErrorMsg = "Cert Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodDate, equalDate) { + pkixTestErrorMsg = "Date Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalBasicConstraints, plContext)); + if (goodBasicConstraints != equalBasicConstraints) { + pkixTestErrorMsg = "BasicConstraints are not equal!"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &goodCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(dupSelector, &equalCallback, plContext)); + if (goodCallback != equalCallback) { + pkixTestErrorMsg = "MatchCallbacks are not equal!"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dupSelector); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(goodDate); + PKIX_TEST_DECREF_AC(equalDate); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n"); +} + +int +test_certselector(int argc, char *argv[]) +{ + + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + + PKIX_CertSelector *emptySelector = NULL; + PKIX_List *certs = NULL; + PKIX_List *nameConstraintsCerts = NULL; + PKIX_List *subjAltNamesCerts = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *policy1Cert = NULL; + PKIX_PL_Cert *policy2Cert = NULL; + PKIX_PL_Cert *anyPolicyCert = NULL; + PKIX_PL_Cert *subjectCert = NULL; + PKIX_ComCertSelParams *selParams = NULL; + char *certDir = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("CertSelector"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3) { + printUsage(); + return (0); + } + + dirName = argv[j + 1]; + certDir = argv[j + 3]; + + /* Create a List of certs to use in testing the selector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); + + for (i = 0; i < NUMCERTS; i++) { + + cert = createCert(dirName, certList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)cert, plContext)); + if (i == POLICY1CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy1Cert = cert; + } + if (i == ANYPOLICYCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + anyPolicyCert = cert; + } + if (i == POLICY2CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy2Cert = cert; + } + if (i == SUBJECTCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + subjectCert = cert; + } + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameConstraintsCerts, plContext)); + + for (i = 0; i < NUMNCCERTS; i++) { + + cert = createCert(dirName, ncCertList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameConstraintsCerts, + (PKIX_PL_Object *)cert, + plContext)); + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&subjAltNamesCerts, plContext)); + + for (i = 0; i < NUMSANCERTS; i++) { + + cert = createCert(dirName, sanCertList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(subjAltNamesCerts, + (PKIX_PL_Object *)cert, + plContext)); + + PKIX_TEST_DECREF_BC(cert); + } + + subTest("test_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &emptySelector, plContext)); + + subTest("Default Match, no parameters set"); + testSelector(emptySelector, certs, 0xFFFFFFFF); + + testSubjectMatch(certs, subjectCert); + + testBasicConstraintsMatch(certs); + + testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert); + + testCertificateMatch(certs, subjectCert); + + testCertificateValidMatch(certs); + + subTest("Combination: pass only EE certs that assert some policy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(selParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(emptySelector, selParams, plContext)); + testSelector(emptySelector, certs, 0xC00); + + testNameConstraintsMatch(nameConstraintsCerts); + + testPathToNamesMatch(nameConstraintsCerts); + + testSubjAltNamesMatch(subjAltNamesCerts); + + testExtendedKeyUsageMatch(certDir); + + testKeyUsageMatch(certDir); + + testIssuerMatch(certDir); + + testSerialNumberVersionMatch(certDir); + + testCertValidMatch(certDir); + + testSubjKeyIdMatch(nameConstraintsCerts); + + testAuthKeyIdMatch(nameConstraintsCerts); + + testSubjPKAlgIdMatch(nameConstraintsCerts); + + testSubjPublicKeyMatch(nameConstraintsCerts); + + test_CertSelector_Duplicate(emptySelector); + + test_customCallback1(certs); + + test_customCallback2(certs, anyPolicyCert); + + subTest("test_CertSelector_Destroy"); + + PKIX_TEST_DECREF_BC(emptySelector); + +cleanup: + + PKIX_TEST_DECREF_AC(emptySelector); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(policy1Cert); + PKIX_TEST_DECREF_AC(policy2Cert); + PKIX_TEST_DECREF_AC(anyPolicyCert); + PKIX_TEST_DECREF_AC(subjectCert); + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(nameConstraintsCerts); + PKIX_TEST_DECREF_AC(subjAltNamesCerts); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertSelector"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c new file mode 100644 index 0000000000..57f192a42f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c @@ -0,0 +1,800 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_comcertselparams.c + * + * Test Common Cert Selector Params + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numInfos = 0; + PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *certPolicies = NULL; + + PKIX_TEST_STD_VARS(); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + if (certPolicyInfos) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext)); + } + + if (numInfos > 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext)); + } + for (i = 0; i < numInfos; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos, + i, + (PKIX_PL_Object **)&certPolicyInfo, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext)); + PKIX_TEST_DECREF_BC(certPolicyInfo); + PKIX_TEST_DECREF_BC(policyOID); + } + + *pPolicyOIDs = certPolicies; + +cleanup: + + PKIX_TEST_DECREF_AC(certPolicyInfo); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +static void +test_NameConstraints(char *dirName) +{ + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_CertNameConstraints *getNameConstraints = NULL; + PKIX_PL_CertNameConstraints *setNameConstraints = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + char *expectedAscii = + "[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US, OU=permittedSubtree2," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (EMPTY)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create Cert for NameConstraints test"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext)); + + subTest("Compare NameConstraints"); + testEqualsHelper((PKIX_PL_Object *)setNameConstraints, + (PKIX_PL_Object *)getNameConstraints, + PKIX_TRUE, + plContext); + + subTest("Compare NameConstraints with canned string"); + testToStringHelper((PKIX_PL_Object *)getNameConstraints, + expectedAscii, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(getNameConstraints); + PKIX_TEST_DECREF_AC(setNameConstraints); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_PathToNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAltNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + PKIX_Boolean matchAll = PKIX_TRUE; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + + subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_TRUE) { + testError("unexpected mismatch <expect TRUE>"); + } + + subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_FALSE) { + testError("unexpected mismatch <expect FALSE>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_KeyUsages(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *setExtKeyUsage = NULL; + PKIX_List *getExtKeyUsage = NULL; + PKIX_UInt32 getKeyUsage = 0; + PKIX_UInt32 setKeyUsage = 0x1FF; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); + + if (setKeyUsage != getKeyUsage) { + testError("unexpected KeyUsage mismatch <expect equal>"); + } + + subTest("PKIX_PL_OID List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, + (PKIX_PL_Object *)getExtKeyUsage, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected ExtKeyUsage mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(setExtKeyUsage); + PKIX_TEST_DECREF_AC(getExtKeyUsage); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_Version_Issuer_SerialNumber(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_UInt32 version = 0; + PKIX_PL_X500Name *setIssuer = NULL; + PKIX_PL_X500Name *getIssuer = NULL; + PKIX_PL_String *str = NULL; + PKIX_PL_BigInt *setSerialNumber = NULL; + PKIX_PL_BigInt *getSerialNumber = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + char *bigInt = "999999999999999999"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + /* Version */ + subTest("PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); + + subTest("PKIX_ComCertSelParams_GetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); + + if (version != 2) { + testError("unexpected Version mismatch <expect 2>"); + } + + /* Issuer */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); + + PKIX_TEST_DECREF_BC(str); + + subTest("PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); + + subTest("PKIX_ComCertSelParams_GetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, + (PKIX_PL_Object *)getIssuer, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Issuer mismatch <expect equal>"); + } + + /* Serial Number */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_GetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, + (PKIX_PL_Object *)getSerialNumber, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Serial Number mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(str); + PKIX_TEST_DECREF_AC(setIssuer); + PKIX_TEST_DECREF_AC(getIssuer); + PKIX_TEST_DECREF_AC(setSerialNumber); + PKIX_TEST_DECREF_AC(getSerialNumber); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjKeyId_AuthKeyId(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_ByteArray *setKeyId = NULL; + PKIX_PL_ByteArray *getKeyId = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Key Id mismatch <expect equal>"); + } + + PKIX_TEST_DECREF_BC(setKeyId); + PKIX_TEST_DECREF_BC(getKeyId); + + /* Authority Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Auth Key Id mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setKeyId); + PKIX_TEST_DECREF_AC(getKeyId); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAlgId_SubjPublicKey(char *dirName) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *setAlgId = NULL; + PKIX_PL_OID *getAlgId = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_PublicKey *setPublicKey = NULL; + PKIX_PL_PublicKey *getPublicKey = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Algorithm Identifier */ + subTest("PKIX_PL_OID_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, + (PKIX_PL_Object *)getAlgId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key Alg mismatch " + "<expect equal>"); + } + + /* Subject Public Key */ + subTest("Getting Cert for Subject Public Key"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, + (PKIX_PL_Object *)getPublicKey, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key mismatch " + "<expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setAlgId); + PKIX_TEST_DECREF_AC(getAlgId); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(setPublicKey); + PKIX_TEST_DECREF_AC(getPublicKey); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n"); +} + +int +test_comcertselparams(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_PL_Cert *testCert = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ + PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ + + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_PL_X500Name *diffSubject = NULL; + PKIX_PL_X500Name *testSubject = NULL; + PKIX_Int32 goodMinPathLength = 0; + PKIX_Int32 equalMinPathLength = 0; + PKIX_Int32 diffMinPathLength = 0; + PKIX_Int32 testMinPathLength = 0; + PKIX_List *goodPolicies = NULL; /* OIDs */ + PKIX_List *equalPolicies = NULL; /* OIDs */ + PKIX_List *testPolicies = NULL; /* OIDs */ + PKIX_List *cert2Policies = NULL; /* OIDs */ + + PKIX_PL_Date *testDate = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + PKIX_PL_String *stringRep = NULL; + char *asciiRep = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 2) { + printUsage(); + return (0); + } + + startTests("ComCertSelParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[j + 1]; + + asciiRep = "050501000000Z"; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + + testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + test_CreateOIDList(testPolicyInfos, &testPolicies); + + subTest("Create goodParams and set its fields"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); + + subTest("Duplicate goodParams and verify copy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, + (PKIX_PL_Object **)&equalParams, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + + if (goodMinPathLength != equalMinPathLength) { + testError("unexpected mismatch"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + + PKIX_TEST_DECREF_BC(equalSubject); + PKIX_TEST_DECREF_BC(equalPolicies); + PKIX_TEST_DECREF_BC(equalCert); + PKIX_TEST_DECREF_AC(equalDate); + + subTest("Set different values and verify differences"); + + diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); + test_CreateOIDList(cert2PolicyInfos, &cert2Policies); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( + equalParams, diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_FALSE, + plContext); + + if (goodMinPathLength == equalMinPathLength) { + testError("unexpected match"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_FALSE, + plContext); + + test_NameConstraints(dirName); + test_PathToNames(); + test_SubjAltNames(); + test_KeyUsages(); + test_Version_Issuer_SerialNumber(); + test_SubjKeyId_AuthKeyId(); + test_SubjAlgId_SubjPublicKey(dirName); + +cleanup: + + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(diffSubject); + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodPolicies); + PKIX_TEST_DECREF_AC(equalPolicies); + PKIX_TEST_DECREF_AC(testPolicies); + PKIX_TEST_DECREF_AC(cert2Policies); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_DECREF_AC(testCert); + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + PKIX_TEST_DECREF_AC(testPolicyInfos); + PKIX_TEST_DECREF_AC(cert2PolicyInfos); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(goodDate); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ComCertSelParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/checker/Makefile b/security/nss/cmd/libpkix/pkix/checker/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/checker/manifest.mn b/security/nss/cmd/libpkix/pkix/checker/manifest.mn new file mode 100644 index 0000000000..54e1486e68 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/manifest.mn @@ -0,0 +1,20 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_certchainchecker.c + +LIBRARY_NAME = pkixtoolchecker +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c new file mode 100644 index 0000000000..5fab3a6920 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c @@ -0,0 +1,185 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certchainchecker.c + * + * Test Cert Chain Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +dummyChecker_Check( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, + void **pNBIOContext, + void *plContext) +{ + goto cleanup; + +cleanup: + + return (NULL); +} + +static void +test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original) +{ + PKIX_Boolean originalForward = PKIX_FALSE; + PKIX_Boolean copyForward = PKIX_FALSE; + PKIX_Boolean originalForwardDir = PKIX_FALSE; + PKIX_Boolean copyForwardDir = PKIX_FALSE; + PKIX_CertChainChecker *copy = NULL; + PKIX_CertChainChecker_CheckCallback originalCallback = NULL; + PKIX_CertChainChecker_CheckCallback copyCallback = NULL; + PKIX_PL_Object *originalState = NULL; + PKIX_PL_Object *copyState = NULL; + PKIX_List *originalList = NULL; + PKIX_List *copyList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("CertChainChecker_Duplicate"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)original, + (PKIX_PL_Object **)©, + plContext)); + + subTest("CertChainChecker_GetCheckCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(original, &originalCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(copy, ©Callback, plContext)); + if (originalCallback != copyCallback) { + pkixTestErrorMsg = "CheckCallback functions are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardCheckingSupported"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(original, &originalForward, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(copy, ©Forward, plContext)); + if (originalForward != copyForward) { + pkixTestErrorMsg = "ForwardChecking booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardDirectionExpected"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(original, &originalForwardDir, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(copy, ©ForwardDir, plContext)); + if (originalForwardDir != copyForwardDir) { + pkixTestErrorMsg = "ForwardDirection booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_GetCertChainCheckerState"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(original, &originalState, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(copy, ©State, plContext)); + testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext); + + subTest("CertChainChecker_GetSupportedExtensions"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(original, &originalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(copy, ©List, plContext)); + testEqualsHelper((PKIX_PL_Object *)originalList, + (PKIX_PL_Object *)copyList, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(copy); + PKIX_TEST_DECREF_AC(originalState); + PKIX_TEST_DECREF_AC(copyState); + PKIX_TEST_DECREF_AC(originalList); + PKIX_TEST_DECREF_AC(copyList); + + PKIX_TEST_RETURN(); +} + +int +test_certchainchecker(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_PL_OID *bcOID = NULL; + PKIX_PL_OID *ncOID = NULL; + PKIX_PL_OID *cpOID = NULL; + PKIX_PL_OID *pmOID = NULL; + PKIX_PL_OID *pcOID = NULL; + PKIX_PL_OID *iaOID = NULL; + PKIX_CertChainChecker *dummyChecker = NULL; + PKIX_List *supportedExtensions = NULL; + PKIX_PL_Object *initialState = NULL; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("CertChainChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&supportedExtensions, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext)); + + PKIX_TEST_DECREF_BC(bcOID); + PKIX_TEST_DECREF_BC(ncOID); + PKIX_TEST_DECREF_BC(cpOID); + PKIX_TEST_DECREF_BC(pmOID); + PKIX_TEST_DECREF_BC(pcOID); + PKIX_TEST_DECREF_BC(iaOID); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)supportedExtensions, plContext)); + + initialState = (PKIX_PL_Object *)supportedExtensions; + + subTest("CertChainChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */ + PKIX_FALSE, /* forwardCheckingSupported */ + PKIX_FALSE, /* forwardDirectionExpected */ + supportedExtensions, + NULL, /* PKIX_PL_Object *initialState */ + &dummyChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_SetCertChainCheckerState(dummyChecker, initialState, plContext)); + + test_CertChainChecker_Duplicate(dummyChecker); + + subTest("CertChainChecker_Destroy"); + PKIX_TEST_DECREF_BC(dummyChecker); + +cleanup: + + PKIX_TEST_DECREF_AC(dummyChecker); + PKIX_TEST_DECREF_AC(initialState); + PKIX_TEST_DECREF_AC(supportedExtensions); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertChainChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/crlsel/Makefile b/security/nss/cmd/libpkix/pkix/crlsel/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn b/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn new file mode 100644 index 0000000000..3b13298aa6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_crlselector.c \ + test_comcrlselparams.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolcrlsel +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c b/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c new file mode 100644 index 0000000000..fcc5ef5a33 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c @@ -0,0 +1,406 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_comcrlselparams.c + * + * Test ComCRLSelParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testIssuer(PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_String *issuer1String = NULL; + PKIX_PL_String *issuer2String = NULL; + PKIX_PL_String *issuer3String = NULL; + PKIX_PL_X500Name *issuerName1 = NULL; + PKIX_PL_X500Name *issuerName2 = NULL; + PKIX_PL_X500Name *issuerName3 = NULL; + PKIX_List *setIssuerList = NULL; + PKIX_List *getIssuerList = NULL; + PKIX_PL_String *issuerListString = NULL; + char *name1 = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; + char *name2 = "CN=richard,OU=bcn,OU=east,O=sun,C=us"; + char *name3 = "CN=hanfei,OU=bcn,OU=east,O=sun,C=us"; + PKIX_Int32 length; + PKIX_Boolean result = PKIX_FALSE; + char *expectedAscii = + "(CN=yassir,OU=bcn,OU=east,O=sun," + "C=us, CN=richard,OU=bcn,OU=east,O=sun,C=us, " + "CN=hanfei,OU=bcn,OU=east,O=sun,C=us)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams Create Issuers"); + + length = PL_strlen(name1); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name1, + length, + &issuer1String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer1String, + &issuerName1, + plContext)); + + length = PL_strlen(name2); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name2, + length, + &issuer2String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer2String, + &issuerName2, + plContext)); + + length = PL_strlen(name3); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name3, + length, + &issuer3String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer3String, + &issuerName3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList, + (PKIX_PL_Object *)issuerName1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList, + (PKIX_PL_Object *)issuerName2, + plContext)); + + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + /* Test adding an issuer to an empty list */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + /* DECREF for GetIssuerNames */ + PKIX_TEST_DECREF_BC(getIssuerList); + /* DECREF for AddIssuerName so next SetIssuerName start clean */ + PKIX_TEST_DECREF_BC(getIssuerList); + + /* Test setting issuer names on the list */ + subTest("PKIX_ComCRLSelParams_SetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(goodObject, setIssuerList, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuerList, + (PKIX_PL_Object *)getIssuerList, + &result, + plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Issuers mismatch"; + } + + /* Test adding an issuer to existing list */ + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + PKIX_TEST_DECREF_BC(getIssuerList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)getIssuerList, + &issuerListString, + plContext)); + + testToStringHelper((PKIX_PL_Object *)getIssuerList, + expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(issuer1String); + PKIX_TEST_DECREF_AC(issuer2String); + PKIX_TEST_DECREF_AC(issuer3String); + PKIX_TEST_DECREF_AC(issuerListString); + PKIX_TEST_DECREF_AC(issuerName1); + PKIX_TEST_DECREF_AC(issuerName2); + PKIX_TEST_DECREF_AC(issuerName3); + PKIX_TEST_DECREF_AC(setIssuerList); + PKIX_TEST_DECREF_AC(getIssuerList); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateChecking( + char *dataCentralDir, + char *goodInput, + PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_Cert *setCert = NULL; + PKIX_PL_Cert *getCert = NULL; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("Test CertificateChecking Cert Create"); + setCert = createCert(dataCentralDir, goodInput, plContext); + if (setCert == NULL) { + pkixTestErrorMsg = "create certificate failed"; + goto cleanup; + } + + subTest("PKIX_ComCRLSelParams_SetCertificateChecking"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetCertificateChecking(goodObject, setCert, plContext)); + + subTest("PKIX_ComCRLSelParams_GetCertificateChecking"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetCertificateChecking(goodObject, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setCert, + (PKIX_PL_Object *)getCert, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Cert mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setCert); + PKIX_TEST_DECREF_AC(getCert); + + PKIX_TEST_RETURN(); +} + +static void +testDateAndTime(PKIX_ComCRLSelParams *goodObject) +{ + + PKIX_PL_Date *setDate = NULL; + PKIX_PL_Date *getDate = NULL; + char *asciiDate = "040329134847Z"; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Date Create"); + setDate = createDate(asciiDate, plContext); + + subTest("PKIX_ComCRLSelParams_SetDateAndTime"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(goodObject, setDate, plContext)); + + subTest("PKIX_ComCRLSelParams_GetDateAndTime"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetDateAndTime(goodObject, &getDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setDate, + (PKIX_PL_Object *)getDate, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected DateAndTime mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(getDate); + + PKIX_TEST_RETURN(); +} + +static void +testMaxMinCRLNumbers(PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_BigInt *setMaxCrlNumber = NULL; + PKIX_PL_BigInt *getMaxCrlNumber = NULL; + PKIX_PL_BigInt *setMinCrlNumber = NULL; + PKIX_PL_BigInt *getMinCrlNumber = NULL; + char *asciiCrlNumber1 = "01"; + char *asciiCrlNumber99999 = "0909090909"; + PKIX_PL_String *crlNumber1String = NULL; + PKIX_PL_String *crlNumber99999String = NULL; + + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_SetMinCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + asciiCrlNumber1, + PL_strlen(asciiCrlNumber1), + &crlNumber1String, + NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber1String, &setMinCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMinCRLNumber(goodObject, setMinCrlNumber, NULL)); + + subTest("PKIX_ComCRLSelParams_GetMinCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMinCRLNumber(goodObject, &getMinCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMinCrlNumber, + (PKIX_PL_Object *)getMinCrlNumber, + &result, NULL)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Minimum CRL Number mismatch"; + } + + subTest("PKIX_ComCRLSelParams_SetMaxCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + asciiCrlNumber99999, + PL_strlen(asciiCrlNumber99999), + &crlNumber99999String, + NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber99999String, &setMaxCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMaxCRLNumber(goodObject, setMaxCrlNumber, NULL)); + + subTest("PKIX_ComCRLSelParams_GetMaxCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMaxCRLNumber(goodObject, &getMaxCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMaxCrlNumber, + (PKIX_PL_Object *)getMaxCrlNumber, + &result, NULL)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Maximum CRL Number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setMaxCrlNumber); + PKIX_TEST_DECREF_AC(getMaxCrlNumber); + PKIX_TEST_DECREF_AC(setMinCrlNumber); + PKIX_TEST_DECREF_AC(getMinCrlNumber); + PKIX_TEST_DECREF_AC(crlNumber1String); + PKIX_TEST_DECREF_AC(crlNumber99999String); + + PKIX_TEST_RETURN(); +} + +static void +testDuplicate(PKIX_ComCRLSelParams *goodObject) +{ + + PKIX_ComCRLSelParams *dupObject = NULL; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Duplicate"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodObject, + (PKIX_PL_Object **)&dupObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)goodObject, + (PKIX_PL_Object *)dupObject, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = + "unexpected Duplicate ComCRLSelParams mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dupObject); + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +/* Functional tests for ComCRLSelParams public functions */ + +int +test_comcrlselparams(int argc, char *argv[]) +{ + + char *dataCentralDir = NULL; + char *goodInput = "yassir2yassir"; + PKIX_ComCRLSelParams *goodObject = NULL; + PKIX_ComCRLSelParams *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("ComCRLSelParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dataCentralDir = argv[j + 1]; + + subTest("PKIX_ComCRLSelParams_Create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&goodObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&diffObject, + plContext)); + + testIssuer(goodObject); + + testCertificateChecking(dataCentralDir, goodInput, goodObject); + + testDateAndTime(goodObject); + + testMaxMinCRLNumbers(goodObject); + + testDuplicate(goodObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + goodObject, + diffObject, + NULL, + ComCRLSelParams, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ComCRLSelParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c b/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c new file mode 100644 index 0000000000..f17406be5d --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c @@ -0,0 +1,168 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_crlselector.c + * + * Test CRLSelector Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testGetMatchCallback(PKIX_CRLSelector *goodObject) +{ + PKIX_CRLSelector_MatchCallback mCallback = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testGetMatchCallback"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetMatchCallback(goodObject, &mCallback, plContext)); + + if (mCallback == NULL) { + pkixTestErrorMsg = "MatchCallback is NULL"; + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetCRLSelectorContext(PKIX_CRLSelector *goodObject) +{ + PKIX_PL_Object *context = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testGetCRLSelectorContext"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCRLSelectorContext(goodObject, (void *)&context, plContext)); + + if (context == NULL) { + pkixTestErrorMsg = "CRLSelectorContext is NULL"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(context); + PKIX_TEST_RETURN(); +} + +static void +testCommonCRLSelectorParams(PKIX_CRLSelector *goodObject) +{ + PKIX_ComCRLSelParams *setParams = NULL; + PKIX_ComCRLSelParams *getParams = NULL; + PKIX_PL_Date *setDate = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&setParams, + plContext)); + + subTest("PKIX_ComCRLSelParams_Date Create"); + + setDate = createDate(asciiDate, plContext); + + subTest("PKIX_ComCRLSelParams_SetDateAndTime"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(setParams, setDate, plContext)); + + subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams( + goodObject, setParams, plContext)); + + subTest("PKIX_CRLSelector_GetCommonCRLSelectorParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams( + goodObject, &getParams, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setParams, + (PKIX_PL_Object *)getParams, + PKIX_TRUE, + plContext); + + testHashcodeHelper((PKIX_PL_Object *)setParams, + (PKIX_PL_Object *)getParams, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(setParams); + PKIX_TEST_DECREF_AC(getParams); + + PKIX_TEST_RETURN(); +} + +/* Functional tests for CRLSelector public functions */ + +int +test_crlselector(int argc, char *argv[]) +{ + + PKIX_PL_Date *context = NULL; + PKIX_CRLSelector *goodObject = NULL; + PKIX_CRLSelector *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + + startTests("CRLSelector"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + context = createDate(asciiDate, plContext); + + subTest("PKIX_CRLSelector_Create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, + (PKIX_PL_Object *)context, + &goodObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, + (PKIX_PL_Object *)context, + &diffObject, + plContext)); + + testGetMatchCallback(goodObject); + + testGetCRLSelectorContext(goodObject); + + testCommonCRLSelectorParams(goodObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + goodObject, + diffObject, + NULL, + CRLSelector, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(diffObject); + PKIX_TEST_DECREF_AC(context); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRLSelector"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/manifest.mn b/security/nss/cmd/libpkix/pkix/manifest.mn new file mode 100644 index 0000000000..895bf52b2b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/manifest.mn @@ -0,0 +1,11 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +DIRS = certsel checker crlsel params results store top util \ + $(NULL) diff --git a/security/nss/cmd/libpkix/pkix/params/Makefile b/security/nss/cmd/libpkix/pkix/params/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/params/manifest.mn b/security/nss/cmd/libpkix/pkix/params/manifest.mn new file mode 100644 index 0000000000..c7629a6207 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_procparams.c \ + test_trustanchor.c \ + test_valparams.c \ + test_resourcelimits.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolparams +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/params/test_procparams.c b/security/nss/cmd/libpkix/pkix/params/test_procparams.c new file mode 100644 index 0000000000..419322a1e7 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_procparams.c @@ -0,0 +1,478 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_procparams.c + * + * Test ProcessingParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ProcessingParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetAnchors( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_List *goodAnchors = NULL; + PKIX_List *equalAnchors = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_GetTrustAnchors"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(goodObject, &goodAnchors, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(equalObject, &equalAnchors, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodAnchors, + (PKIX_PL_Object *)equalAnchors, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodAnchors); + PKIX_TEST_DECREF_AC(equalAnchors); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetDate( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_PL_Date *setDate = NULL; + PKIX_PL_Date *getDate = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetDate"); + + setDate = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetDate(goodObject, &getDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setDate, + (PKIX_PL_Object *)getDate, + PKIX_TRUE, + plContext); + + /* we want to make sure that goodObject and equalObject are "equal" */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(equalObject, setDate, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(getDate); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker1cb( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */ + void **pNBIOContext, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetCertChainCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_CertChainChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, (PKIX_PL_Object *)checker, plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker2cb( + PKIX_RevocationChecker *checker, + PKIX_PL_Cert *cert, + PKIX_UInt32 *pResult, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetRevocationCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_RevocationChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, + (PKIX_PL_Object *)checker, + plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetResourceLimits( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) + +{ + PKIX_ResourceLimits *resourceLimits1 = NULL; + PKIX_ResourceLimits *resourceLimits2 = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits1, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(goodObject, resourceLimits1, plContext)); + + PKIX_TEST_DECREF_BC(resourceLimits2); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits(goodObject, &resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(equalObject, resourceLimits2, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(resourceLimits1); + PKIX_TEST_DECREF_AC(resourceLimits2); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetConstraints(PKIX_ProcessingParams *goodObject) +{ + + PKIX_CertSelector *setConstraints = NULL; + PKIX_CertSelector *getConstraints = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints"); + + /* + * After createConstraints is implemented + * setConstraints = createConstraints(); + */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(goodObject, setConstraints, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTargetCertConstraints(goodObject, &getConstraints, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setConstraints, + (PKIX_PL_Object *)getConstraints, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(setConstraints); + PKIX_TEST_DECREF_AC(getConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetInitialPolicies( + PKIX_ProcessingParams *goodObject, + char *asciiPolicyOID) +{ + PKIX_PL_OID *policyOID = NULL; + PKIX_List *setPolicyList = NULL; + PKIX_List *getPolicyList = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetInitialPolicies"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiPolicyOID, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setPolicyList, (PKIX_PL_Object *)policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(goodObject, setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies(goodObject, &getPolicyList, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setPolicyList, + (PKIX_PL_Object *)getPolicyList, + PKIX_TRUE, + plContext); + +cleanup: + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(setPolicyList); + PKIX_TEST_DECREF_AC(getPolicyList); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetPolicyQualifiersRejected( + PKIX_ProcessingParams *goodObject, + PKIX_Boolean rejected) +{ + PKIX_Boolean getRejected = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyQualifiersRejected(goodObject, rejected, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetPolicyQualifiersRejected(goodObject, &getRejected, plContext)); + + if (rejected != getRejected) { + testError("GetPolicyQualifiersRejected returned unexpected value"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_procparams(int argc, char *argv[]) +{ + + PKIX_ProcessingParams *goodObject = NULL; + PKIX_ProcessingParams *equalObject = NULL; + PKIX_ProcessingParams *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + char *dataCentralDir = NULL; + PKIX_UInt32 j = 0; + + char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID; + char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2"; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\tMon Mar 29 08:48:47 2004\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (2.5.29.32.0)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tResource Limits: [\n" + "\tMaxTime: 2\n" + "\tMaxFanout: 3\n" + "\tMaxDepth: 3\n" + "]\n\n" + "\tCRL Checking Enabled: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dataCentralDir = argv[j + 1]; + + subTest("PKIX_ProcessingParams_Create"); + goodObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + equalObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + diffObject = createProcessingParams(dataCentralDir, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + testGetAnchors(goodObject, equalObject); + testGetSetDate(goodObject, equalObject); + testGetSetCertChainCheckers(goodObject, equalObject); + testGetSetRevocationCheckers(goodObject, equalObject); + testGetSetResourceLimits(goodObject, equalObject); + + /* + * XXX testGetSetConstraints(goodObject); + */ + + testGetSetInitialPolicies(goodObject, oidAnyPolicy); + testGetSetInitialPolicies(equalObject, oidAnyPolicy); + testGetSetInitialPolicies(diffObject, oidNist1Policy); + testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ProcessingParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ProcessingParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c new file mode 100644 index 0000000000..f52c3ef87f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c @@ -0,0 +1,99 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_resourcelimits.c + * + * Test ResourceLimits Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ResourceLimits_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_resourcelimits(int argc, char *argv[]) +{ + + PKIX_ResourceLimits *goodObject = NULL; + PKIX_ResourceLimits *equalObject = NULL; + PKIX_ResourceLimits *diffObject = NULL; + PKIX_UInt32 maxTime = 0; + PKIX_UInt32 maxFanout = 0; + PKIX_UInt32 maxDepth = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *expectedAscii = + "[\n" + "\tMaxTime: 10\n" + "\tMaxFanout: 5\n" + "\tMaxDepth: 5\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_ResourceLimits_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&goodObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&diffObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&equalObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(goodObject, 10, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime(goodObject, &maxTime, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(equalObject, maxTime, plContext)); + maxTime++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(diffObject, maxTime, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout(goodObject, &maxFanout, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(equalObject, maxFanout, plContext)); + maxFanout++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(diffObject, maxFanout, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth(goodObject, &maxDepth, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(equalObject, maxDepth, plContext)); + maxDepth++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(diffObject, maxDepth, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + ResourceLimits, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ResourceLimits"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c new file mode 100644 index 0000000000..4bd9d174ce --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c @@ -0,0 +1,251 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_trustanchor.c + * + * Test TrustAnchor Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createTrustAnchors( + char *dirName, + char *goodInput, + PKIX_TrustAnchor **goodObject, + PKIX_TrustAnchor **equalObject, + PKIX_TrustAnchor **diffObject) +{ + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>"); + *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>"); + *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>"); + *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext); +} + +static void +testGetCAName( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_X500Name *diffCAName = NULL; + PKIX_PL_X500Name *equalCAName = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAName"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffCAName, + (PKIX_PL_Object *)equalCAName, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCAName); + PKIX_TEST_DECREF_AC(equalCAName); + + PKIX_TEST_RETURN(); +} + +static void +testGetCAPublicKey( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_PublicKey *diffPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffPubKey, + (PKIX_PL_Object *)equalPubKey, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetNameConstraints(char *dirName) +{ + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert; + PKIX_PL_CertNameConstraints *diffNC = NULL; + PKIX_PL_CertNameConstraints *equalNC = NULL; + char *goodInput = "nameConstraintsDN5CACert.crt"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: CN=nameConstraints DN5 CA," + "O=Test Certificates,C=US\n" + "\tTrusted CA PublicKey: PKCS #1 RSA Encryption\n" + "\tInitial Name Constraints:[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t]\n" + "\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create TrustAnchors and compare"); + + createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext)); + + subTest("PKIX_TrustAnchor_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffNC, + (PKIX_PL_Object *)equalNC, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffNC); + PKIX_TEST_DECREF_AC(equalNC); + PKIX_TEST_DECREF_BC(diffCert); + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_TrustAnchor_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n"); +} + +int +test_trustanchor(int argc, char *argv[]) +{ + + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n"; + char *dirName = NULL; + char *dataCentralDir = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("TrustAnchor"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3) { + printUsage(); + return (0); + } + + dirName = argv[j + 1]; + dataCentralDir = argv[j + 2]; + + createTrustAnchors(dataCentralDir, + goodInput, + &goodObject, + &equalObject, + &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + testGetCAName(diffCert, equalObject); + testGetCAPublicKey(diffCert, equalObject); + + testGetNameConstraints(dirName); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCert); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("TrustAnchor"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_valparams.c b/security/nss/cmd/libpkix/pkix/params/test_valparams.c new file mode 100644 index 0000000000..6419062c40 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_valparams.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_valparams.c + * + * Test ValidateParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetProcParams( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_ProcessingParams *goodProcParams = NULL; + PKIX_ProcessingParams *equalProcParams = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(goodObject, &goodProcParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(equalObject, &equalProcParams, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodProcParams, + (PKIX_PL_Object *)equalProcParams, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodProcParams); + PKIX_TEST_DECREF_AC(equalProcParams); + + PKIX_TEST_RETURN(); +} + +static void +testGetCertChain( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_List *goodChain = NULL; + PKIX_List *equalChain = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetCertChain"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(goodObject, &goodChain, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(equalObject, &equalChain, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodChain, + (PKIX_PL_Object *)equalChain, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodChain); + PKIX_TEST_DECREF_AC(equalChain); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_valparams(int argc, char *argv[]) +{ + + PKIX_ValidateParams *goodObject = NULL; + PKIX_ValidateParams *equalObject = NULL; + PKIX_ValidateParams *diffObject = NULL; + PKIX_List *chain = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tProcessing Params: \n" + "\t********BEGIN PROCESSING PARAMS********\n" + "\t\t" + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\t(null)\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (null)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tCRL Checking Enabled: 0\n" + "]\n" + "\n" + "\t********END PROCESSING PARAMS********\n" + "\tChain: \t\t" + "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" + "\t To: Fri Aug 18 16:19:56 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc65af\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:14:39 1999\n" + "\t To: Fri Aug 18 16:14:39 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ValidateParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("PKIX_ValidateParams_Create"); + chain = createCertChain(dirName, diffInput, goodInput, plContext); + goodObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + equalObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + diffObject = createValidateParams(dirName, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + testGetProcParams(goodObject, equalObject); + testGetCertChain(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ValidateParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/Makefile b/security/nss/cmd/libpkix/pkix/results/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/results/manifest.mn b/security/nss/cmd/libpkix/pkix/results/manifest.mn new file mode 100644 index 0000000000..7e4caeac60 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_buildresult.c \ + test_policynode.c \ + test_verifynode.c \ + test_valresult.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolresults +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/results/test_buildresult.c b/security/nss/cmd/libpkix/pkix/results/test_buildresult.c new file mode 100644 index 0000000000..8b13e8eea6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_buildresult.c @@ -0,0 +1,212 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildresult.c + * + * Test BuildResult Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_BuildResult_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetValidateResult( + PKIX_BuildResult *goodObject, + PKIX_BuildResult *equalObject) +{ + + PKIX_ValidateResult *goodValResult = NULL; + PKIX_ValidateResult *equalValResult = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_BuildResult_GetValidateResult"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(goodObject, &goodValResult, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(equalObject, &equalValResult, NULL)); + + testEqualsHelper((PKIX_PL_Object *)goodValResult, + (PKIX_PL_Object *)equalValResult, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodValResult); + PKIX_TEST_DECREF_AC(equalValResult); + + PKIX_TEST_RETURN(); +} + +static void +testGetCertChain( + PKIX_BuildResult *goodObject, + PKIX_BuildResult *equalObject) +{ + + PKIX_List *goodChain = NULL; + PKIX_List *equalChain = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_BuildResult_GetCertChain"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(goodObject, &goodChain, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(equalObject, &equalChain, NULL)); + + testEqualsHelper((PKIX_PL_Object *)goodChain, + (PKIX_PL_Object *)equalChain, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodChain); + PKIX_TEST_DECREF_AC(equalChain); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_buildresult(int argc, char *argv[]) +{ + + PKIX_BuildResult *goodObject = NULL; + PKIX_BuildResult *equalObject = NULL; + PKIX_BuildResult *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + char *dirName = NULL; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tValidateResult: \t\t" + "[\n" + "\tTrustAnchor: \t\t" + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + "\tPubKey: \t\t" + "ANSI X9.57 DSA Signature\n" + "\tPolicyTree: \t\t(null)\n" + "]\n" + "\tCertChain: \t\t(" + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc65af\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:14:39 1999\n" + "\t To: Fri Aug 18 16:14:39 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" + "\t To: Fri Aug 18 16:19:56 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("BuildResult"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("pkix_BuildResult_Create"); + + goodObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext); + equalObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext); + diffObject = createBuildResult(dirName, diffInput, goodInput, diffInput, goodInput, plContext); + + testGetValidateResult(goodObject, equalObject); + testGetCertChain(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + BuildResult, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("BuildResult"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_policynode.c b/security/nss/cmd/libpkix/pkix/results/test_policynode.c new file mode 100644 index 0000000000..38ac1d95e6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_policynode.c @@ -0,0 +1,612 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_policynode.c + * + * Test PolicyNode Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +test_GetChildren( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode) +{ + + /* + * Caution: be careful where you insert this test. PKIX_PolicyNode_GetChildren + * is required by the API to return an immutable List, and it does it by setting + * the List immutable. We don't make a copy because the assumption is that + * certificate and policy processing have been completed before the user gets at + * the public API. So subsequent tests of functions that modify the policy tree, + * such as Prune, will fail if called after the execution of this test. + */ + + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetChildren"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, NULL, List, NULL); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetChildren returned a mutable List"); + } + +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_GetParent( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_PolicyNode *goodParent = NULL; + PKIX_PolicyNode *equalParent = NULL; + PKIX_PolicyNode *diffParent = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetParent"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(goodNode, &goodParent, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(equalNode, &equalParent, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(diffNode, &diffParent, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodParent, + equalParent, + diffParent, + expectedAscii, + CertPolicyNode, + NULL); + +cleanup: + PKIX_TEST_DECREF_AC(goodParent); + PKIX_TEST_DECREF_AC(equalParent); + PKIX_TEST_DECREF_AC(diffParent); + + PKIX_TEST_RETURN(); +} + +/* + * This test is the same as testDuplicateHelper, except that it + * produces a more useful "Actual value" and "Expected value" + * in the case of an unexpected mismatch. + */ +static void +test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext) +{ + PKIX_PolicyNode *newObject = NULL; + PKIX_Boolean cmpResult; + PKIX_PL_String *original = NULL; + PKIX_PL_String *copy = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testing pkix_PolicyNode_Duplicate"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)object, + (PKIX_PL_Object **)&newObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)object, + (PKIX_PL_Object *)newObject, + &cmpResult, + plContext)); + + if (!cmpResult) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)object, &original, plContext)); + testError("unexpected mismatch"); + (void)printf("original value:\t%s\n", original->escAsciiString); + + if (newObject) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)newObject, ©, plContext)); + (void)printf("copy value:\t%s\n", copy->escAsciiString); + } else { + (void)printf("copy value:\t(NULL)\n"); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(newObject); + PKIX_TEST_DECREF_AC(original); + PKIX_TEST_DECREF_AC(copy); + + PKIX_TEST_RETURN(); +} + +static void +test_GetValidPolicy( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_PL_OID *goodPolicy = NULL; + PKIX_PL_OID *equalPolicy = NULL; + PKIX_PL_OID *diffPolicy = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetValidPolicy"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(goodNode, &goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(equalNode, &equalPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(diffNode, &diffPolicy, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, equalPolicy, diffPolicy, expectedAscii, OID, NULL); + +cleanup: + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + + PKIX_TEST_RETURN(); +} + +static void +test_GetPolicyQualifiers( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetPolicyQualifiers"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetPolicyQualifiers returned a mutable List"); + } +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_GetExpectedPolicies( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetExpectedPolicies"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetExpectedPolicies returned a mutable List"); + } +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_IsCritical( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode) +{ + PKIX_Boolean goodBool = PKIX_FALSE; + PKIX_Boolean equalBool = PKIX_FALSE; + PKIX_Boolean diffBool = PKIX_FALSE; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_IsCritical"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(goodNode, &goodBool, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(equalNode, &equalBool, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(diffNode, &diffBool, plContext)); + + if ((!goodBool) || (!equalBool) || (diffBool)) { + testError("IsCritical returned unexpected value"); + } +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +test_GetDepth( + PKIX_PolicyNode *depth1Node, + PKIX_PolicyNode *depth2Node, + PKIX_PolicyNode *depth3Node) +{ + PKIX_UInt32 depth1 = 0; + PKIX_UInt32 depth2 = 0; + PKIX_UInt32 depth3 = 0; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetDepth"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth1Node, &depth1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth2Node, &depth2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth3Node, &depth3, plContext)); + + if ((depth1 != 1) || (depth2 != 2) || (depth3 != 3)) { + testError("GetDepth returned unexpected value"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_policynode <NIST_FILES_DIR> \n\n"); +} + +int +test_policynode(int argc, char *argv[]) +{ + + /* + * Create a tree with parent = anyPolicy, + * child1 with Nist1+Nist2, child2 with Nist1. + * Give each child another child, with policies Nist2 + * and Nist1, respectively. Pruning with a depth of two + * should have no effect. Give one of the children + * another child. Then pruning with a depth of three + * should reduce the tree to a single strand, as child1 + * and child3 are removed. + * + * parent (anyPolicy) + * / \ + * child1(Nist1+Nist2) child2(Nist1) + * | | + * child3(Nist2) child4(Nist1) + * | + * child5(Nist1) + * + */ + char *asciiAnyPolicy = "2.5.29.32.0"; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_CertPolicyInfo *nist1Policy = NULL; + PKIX_PL_CertPolicyInfo *nist2Policy = NULL; + PKIX_List *policyQualifierList = NULL; + PKIX_PL_OID *oidAnyPolicy = NULL; + PKIX_PL_OID *oidNist1Policy = NULL; + PKIX_PL_OID *oidNist2Policy = NULL; + PKIX_List *expectedAnyList = NULL; + PKIX_List *expectedNist1List = NULL; + PKIX_List *expectedNist2List = NULL; + PKIX_List *expectedNist1Nist2List = NULL; + PKIX_List *emptyList = NULL; + PKIX_PolicyNode *parentNode = NULL; + PKIX_PolicyNode *childNode1 = NULL; + PKIX_PolicyNode *childNode2 = NULL; + PKIX_PolicyNode *childNode3 = NULL; + PKIX_PolicyNode *childNode4 = NULL; + PKIX_PolicyNode *childNode5 = NULL; + PKIX_PL_String *parentString = NULL; + PKIX_Boolean pDelete = PKIX_FALSE; + char *expectedParentAscii = + "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C " + "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65" + " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2" + "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 " + "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66" + " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6" + "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3" + ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7" + "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 " + "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20" + " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6" + "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 " + "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3" + ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20" + " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2" + "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 " + "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72" + " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7" + "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n" + ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}"; + char *expectedValidAscii = + "2.16.840.1.101.3.2.1.48.2"; + char *expectedQualifiersAscii = + /* "(1.3.6.1.5.5.7.2.2)"; */ + "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 " + "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74" + " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7" + "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 " + "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70" + " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])"; + char *expectedPoliciesAscii = + "(2.16.840.1.101.3.2.1.48.1)"; + char *expectedTree = + "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" + ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1" + ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69" + " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6" + "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 " + "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63" + " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7" + "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101" + ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A " + "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72" + " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6" + "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 " + "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F" + " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]" + "),1}\n" + ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30" + " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6" + "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F " + "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68" + " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2" + "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 " + "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)" + ",2}\n" + ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" + ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," + "(2.16.840.1.101.3.2.1.48.1),2}\n" + ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" + "0.1.101.3.2.1.48.1),3}"; + char *expectedPrunedTree = + "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" + ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" + ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," + "(2.16.840.1.101.3.2.1.48.1),2}\n" + ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" + "0.1.101.3.2.1.48.1),3}"; + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 2) { + printUsage(); + return (0); + } + + startTests("PolicyNode"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[j + 1]; + + subTest("Creating OID objects"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &oidAnyPolicy, plContext)); + + /* Read certificates to get real policies, qualifiers */ + + cert = createCert(dirName, "UserNoticeQualifierTest16EE.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &expectedNist1Nist2List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List, + 0, + (PKIX_PL_Object **)&nist1Policy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List, + 1, + (PKIX_PL_Object **)&nist2Policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(nist1Policy, &policyQualifierList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist1Policy, &oidNist1Policy, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist2Policy, &oidNist2Policy, plContext)); + + subTest("Creating expectedPolicy List objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedAnyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist1List, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist2List, plContext)); + + subTest("Populating expectedPolicy List objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist1List, + (PKIX_PL_Object *)oidNist1Policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist2List, + (PKIX_PL_Object *)oidNist2Policy, + plContext)); + + subTest("Creating PolicyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidAnyPolicy, + NULL, + PKIX_TRUE, + expectedAnyList, + &parentNode, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist1Nist2List, + &childNode1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist1List, + &childNode2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist2List, + &childNode3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + emptyList, + PKIX_FALSE, + expectedNist1List, + &childNode4, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + NULL, + PKIX_TRUE, + expectedNist1List, + &childNode5, + plContext)); + + subTest("Creating the PolicyNode tree"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode1, childNode3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode2, childNode4, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode4, childNode5, plContext)); + + subTest("Displaying PolicyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext)); + (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext); + + test_DuplicateHelper(parentNode, plContext); + + test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii); + test_GetValidPolicy(childNode1, childNode3, parentNode, expectedValidAscii); + test_GetPolicyQualifiers(childNode1, childNode3, childNode4, expectedQualifiersAscii); + test_GetExpectedPolicies(childNode2, childNode4, childNode3, expectedPoliciesAscii); + test_IsCritical(childNode1, childNode2, childNode4); + test_GetDepth(childNode2, childNode4, childNode5); + + subTest("pkix_PolicyNode_Prune"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 2, &pDelete, plContext)); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 3, &pDelete, plContext)); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedPrunedTree, plContext); + + test_GetChildren(parentNode, parentNode, childNode2); + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(nist1Policy); + PKIX_TEST_DECREF_AC(nist2Policy); + PKIX_TEST_DECREF_AC(policyQualifierList); + PKIX_TEST_DECREF_AC(oidAnyPolicy); + PKIX_TEST_DECREF_AC(oidNist1Policy); + PKIX_TEST_DECREF_AC(oidNist2Policy); + PKIX_TEST_DECREF_AC(expectedAnyList); + PKIX_TEST_DECREF_AC(expectedNist1List); + PKIX_TEST_DECREF_AC(expectedNist2List); + PKIX_TEST_DECREF_AC(expectedNist1Nist2List); + PKIX_TEST_DECREF_AC(emptyList); + PKIX_TEST_DECREF_AC(parentNode); + PKIX_TEST_DECREF_AC(childNode1); + PKIX_TEST_DECREF_AC(childNode2); + PKIX_TEST_DECREF_AC(childNode3); + PKIX_TEST_DECREF_AC(childNode4); + PKIX_TEST_DECREF_AC(childNode5); + PKIX_TEST_DECREF_AC(parentString); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("PolicyNode"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_valresult.c b/security/nss/cmd/libpkix/pkix/results/test_valresult.c new file mode 100644 index 0000000000..7760a431e3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_valresult.c @@ -0,0 +1,199 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_valresult.c + * + * Test ValidateResult Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateResult_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetPublicKey( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_PL_PublicKey *goodPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(goodObject, &goodPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(equalObject, &equalPubKey, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodPubKey, + (PKIX_PL_Object *)equalPubKey, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetTrustAnchor( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_TrustAnchor *goodAnchor = NULL; + PKIX_TrustAnchor *equalAnchor = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetTrustAnchor"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(goodObject, &goodAnchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(equalObject, &equalAnchor, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodAnchor, + (PKIX_PL_Object *)equalAnchor, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodAnchor); + PKIX_TEST_DECREF_AC(equalAnchor); + + PKIX_TEST_RETURN(); +} + +static void +testGetPolicyTree( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_PolicyNode *goodTree = NULL; + PKIX_PolicyNode *equalTree = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetPolicyTree"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(goodObject, &goodTree, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(equalObject, &equalTree, plContext)); + + if (goodTree) { + testEqualsHelper((PKIX_PL_Object *)goodTree, + (PKIX_PL_Object *)equalTree, + PKIX_TRUE, + plContext); + } else if (equalTree) { + pkixTestErrorMsg = "Mismatch: NULL and non-NULL Policy Trees"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodTree); + PKIX_TEST_DECREF_AC(equalTree); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_valresult(int argc, char *argv[]) +{ + + PKIX_ValidateResult *goodObject = NULL; + PKIX_ValidateResult *equalObject = NULL; + PKIX_ValidateResult *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + char *dirName = NULL; + + char *expectedAscii = + "[\n" + "\tTrustAnchor: \t\t" + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + "\tPubKey: \t\t" + "ANSI X9.57 DSA Signature\n" + "\tPolicyTree: \t\t(null)\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ValidateResult"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("pkix_ValidateResult_Create"); + + goodObject = createValidateResult(dirName, goodInput, diffInput, plContext); + equalObject = createValidateResult(dirName, goodInput, diffInput, plContext); + diffObject = createValidateResult(dirName, diffInput, goodInput, plContext); + + testGetPublicKey(goodObject, equalObject); + testGetTrustAnchor(goodObject, equalObject); + testGetPolicyTree(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + ValidateResult, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateResult"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_verifynode.c b/security/nss/cmd/libpkix/pkix/results/test_verifynode.c new file mode 100644 index 0000000000..21c61aa96c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_verifynode.c @@ -0,0 +1,112 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_verifynode.c + * + * Test VerifyNode Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_verifynode path cert1 cert2 cert3\n\n"); +} + +int +test_verifynode(int argc, char *argv[]) +{ + + /* + * Create a tree with parent = cert1, child=cert2, grandchild=cert3 + */ + PKIX_PL_Cert *cert1 = NULL; + PKIX_PL_Cert *cert2 = NULL; + PKIX_PL_Cert *cert3 = NULL; + PKIX_VerifyNode *parentNode = NULL; + PKIX_VerifyNode *childNode = NULL; + PKIX_VerifyNode *grandChildNode = NULL; + PKIX_PL_String *parentString = NULL; + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + char *twoNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Cert" + "ificates,C=US, Subject:CN=Trust Anchor,O=Test Certif" + "icates,C=US], depth=0, error=(null)\n. CERT[Issuer:C" + "N=Trust Anchor,O=Test Certificates,C=US, Subject:CN=" + "Good CA,O=Test Certificates,C=US], depth=1, error=(null)"; + char *threeNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Ce" + "rtificates,C=US, Subject:CN=Trust Anchor,O=Test Cert" + "ificates,C=US], depth=0, error=(null)\n. CERT[Issuer" + ":CN=Trust Anchor,O=Test Certificates,C=US, Subject:C" + "N=Good CA,O=Test Certificates,C=US], depth=1, error=" + "(null)\n. . CERT[Issuer:CN=Good CA,O=Test Certificat" + "es,C=US, Subject:CN=Valid EE Certificate Test1,O=Tes" + "t Certificates,C=US], depth=2, error=(null)"; + + PKIX_TEST_STD_VARS(); + + if (argc < 3) { + printUsage(); + return (0); + } + + startTests("VerifyNode"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[++j]; + + subTest("Creating Certs"); + + cert1 = createCert(dirName, argv[++j], plContext); + + cert2 = createCert(dirName, argv[++j], plContext); + + cert3 = createCert(dirName, argv[++j], plContext); + + subTest("Creating VerifyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert1, 0, NULL, &parentNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert2, 1, NULL, &childNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert3, 2, NULL, &grandChildNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, childNode, plContext)); + + subTest("Creating VerifyNode ToString objects"); + + testToStringHelper((PKIX_PL_Object *)parentNode, twoNodeAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, grandChildNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext)); + (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString); + + testToStringHelper((PKIX_PL_Object *)parentNode, threeNodeAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(cert1); + PKIX_TEST_DECREF_AC(cert2); + PKIX_TEST_DECREF_AC(parentNode); + PKIX_TEST_DECREF_AC(childNode); + PKIX_TEST_DECREF_AC(parentString); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("VerifyNode"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/store/Makefile b/security/nss/cmd/libpkix/pkix/store/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/store/manifest.mn b/security/nss/cmd/libpkix/pkix/store/manifest.mn new file mode 100644 index 0000000000..b939ffdcfd --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/manifest.mn @@ -0,0 +1,20 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_store.c + +LIBRARY_NAME = pkixtoolstore +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/store/test_store.c b/security/nss/cmd/libpkix/pkix/store/test_store.c new file mode 100644 index 0000000000..59606b8929 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/test_store.c @@ -0,0 +1,194 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certstore.c + * + * Test CertStore Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +testCRLCallback( + PKIX_CertStore *store, + PKIX_CRLSelector *selector, + void **pNBIOContext, + PKIX_List **pCrls, /* list of PKIX_PL_Crl */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCRLContinue( + PKIX_CertStore *store, + PKIX_CRLSelector *selector, + void **pNBIOContext, + PKIX_List **pCrls, /* list of PKIX_PL_Crl */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *selector, + void **pNBIOContext, + PKIX_List **pCerts, /* list of PKIX_PL_Cert */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCertContinue( + PKIX_CertStore *store, + PKIX_CertSelector *selector, + void **pNBIOContext, + PKIX_List **pCerts, /* list of PKIX_PL_Cert */ + void *plContext) +{ + return (0); +} + +static char * +catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen + + dirLen + + 2, + (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testCertStore(char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_PL_Object *getCertStoreContext = NULL; + PKIX_CertStore_CertCallback certCallback = NULL; + PKIX_CertStore_CRLCallback crlCallback = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_CertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(testCertCallback, + testCRLCallback, + testCertContinue, + testCRLContinue, + NULL, /* trustCallback */ + (PKIX_PL_Object *)dirString, + PKIX_TRUE, /* cacheFlag */ + PKIX_TRUE, /* local */ + &certStore, + plContext)); + + subTest("PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, plContext)); + + if (certCallback != testCertCallback) { + testError("PKIX_CertStore_GetCertCallback unexpected mismatch"); + } + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, plContext)); + + if (crlCallback != testCRLCallback) { + testError("PKIX_CertStore_GetCRLCallback unexpected mismatch"); + } + + subTest("PKIX_CertStore_GetCertStoreContext"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertStoreContext(certStore, &getCertStoreContext, plContext)); + + if ((PKIX_PL_Object *)dirString != getCertStoreContext) { + testError("PKIX_CertStore_GetCertStoreContext unexpected mismatch"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(getCertStoreContext); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s testName <data-dir> <platform-dir>\n\n", pName); +} + +/* Functional tests for CertStore public functions */ + +int +test_store(int argc, char *argv[]) +{ + + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < (3 + j)) { + printUsage(argv[0]); + return (0); + } + + startTests(argv[1 + j]); + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testCertStore(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/Makefile b/security/nss/cmd/libpkix/pkix/top/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/top/manifest.mn b/security/nss/cmd/libpkix/pkix/top/manifest.mn new file mode 100644 index 0000000000..8840204f7f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/manifest.mn @@ -0,0 +1,34 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_basicchecker.c \ + test_basicconstraintschecker.c \ + test_buildchain.c \ + test_buildchain_uchecker.c \ + test_buildchain_partialchain.c \ + test_buildchain_resourcelimits.c \ + test_customcrlchecker.c \ + test_defaultcrlchecker2stores.c \ + test_ocsp.c \ + test_policychecker.c \ + test_subjaltnamechecker.c \ + test_validatechain.c \ + test_validatechain_bc.c \ + test_validatechain_NB.c \ + $(NULL) + +LIBRARY_NAME = pkixtooltop +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c b/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c new file mode 100644 index 0000000000..e2743b343f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c @@ -0,0 +1,238 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_basicchecker.c + * + * Test Basic Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic-Common-Fields <pass>"); + /* + * Tests the Expiration, NameChaining, and Signature Checkers + */ + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testNameChainingFail( + char *dirName, + char *goodInput, + char *diffInput, + char *dateAscii) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("NameChaining <fail>"); + + chain = createCertChain(dirName, diffInput, goodInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testDateFail(char *dirName, char *goodInput, char *diffInput) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + subTest("Expiration <fail>"); + valParams = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testSignatureFail( + char *dirName, + char *goodInput, + char *diffInput, + char *dateAscii) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Signature <fail>"); + + chain = createCertChain(dirName, diffInput, goodInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_basicchecker(int argc, char *argv[]) +{ + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + char *dateAscii = "991201000000Z"; + char *dirName = NULL; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + startTests("SignatureChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + /* The NameChaining, Expiration, and Signature Checkers all pass */ + testPass(dirName, goodInput, diffInput, dateAscii); + + /* Individual Checkers fail */ + testNameChainingFail(dirName, goodInput, diffInput, dateAscii); + testDateFail(dirName, goodInput, diffInput); + + /* + * XXX + * since the signature check is done last, we need to create + * certs whose name chaining passes, but their signatures fail; + * we currently don't have any such certs. + */ + /* testSignatureFail(goodInput, diffInput, dateAscii); */ + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("SignatureChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c new file mode 100644 index 0000000000..eba5153ac0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c @@ -0,0 +1,145 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_basicconstraintschecker.c + * + * Test Basic Constraints Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-name [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +int +test_basicconstraintschecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 4) { + printUsage1(argv[0]); + return (0); + } + + startTests("BasicConstraintsChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[3 + j]; + + chainLength = (argc - j) - 4; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + certNames[i] = argv[(4 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Basic-Constraints - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + /* + * Error occurs when creating Cert, this is critical and test + * should not continue. Since we expect error, we assume this + * error is the one that is expected, so undo the error count. + * + * This work needs future enhancement. We will introduce another + * flag ESE, in addition to the existing EE(expect validation + * error) and ENE(expect no validation error). ESE stands for + * "expect setup error". When running with ESE, if any of the setup + * calls such creating Cert Chain fails, the test can end and + * considered to be successful. + */ + if (testValid == PKIX_FALSE && chain == NULL) { + testErrorUndo("Cert Error - Create failed"); + goto cleanup; + } + + subTest("Basic-Constraints - Create Params"); + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Basic-Constraints - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("BasicConstraintsChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain.c new file mode 100644 index 0000000000..5c9ec5968b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain.c @@ -0,0 +1,418 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain.c + * + * Test BuildChain function + * + */ + +/* #define debuggingWithoutRevocation */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define LDAP_PORT 389 +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; +static char *sepPtr = NULL; +static PRNetAddr netAddr; +static PRHostEnt hostent; +static PKIX_UInt32 portNum = 0; +static PRIntn hostenum = 0; +static PRStatus prstatus = PR_FAILURE; +static void *ipaddr = NULL; + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] " + "servername[:port] <testName> [ENE|EE]\n" + "\t <certStoreDirectory> <targetCert>" + " <intermediate Certs...> <trustedCert>\n\n"); + (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n" + "using the certs and CRLs in <certStoreDirectory>. " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used. \"-\" means no LDAP server.\n" + "If ENE is specified, then an Error is Not Expected. " + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &ldapCertStore, + plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +int +test_buildchain(int argc, char *argv[]) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_CertStore *ldapCertStore = NULL; + PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ + /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + PKIX_List *revCheckers = NULL; + char *asciiResult = NULL; + PKIX_Boolean result = PKIX_FALSE; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *expectedCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + void *state = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + PRPollDesc *pollDesc = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + useLDAP = PKIX_TRUE; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + for (k = ++j; k < (PKIX_UInt32)argc; k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == (PKIX_UInt32)(argc - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + &verifyTree, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + &verifyTree, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + } else { + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + } + + subTest("Displaying VerifyNode objects"); + + if (verifyTree == NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + } + + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + + if (pkixTestErrorResult) { + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + } + } + +cleanup: + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_PL_Free(asciiResult, NULL); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(trustedPubKey); + + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(targetCert); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c new file mode 100644 index 0000000000..4861a8e326 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c @@ -0,0 +1,725 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_partialchain.c + * + * Test BuildChain function + * + */ + +#define debuggingWithoutRevocation + +#include "testutil.h" +#include "testutil_nss.h" + +#define LDAP_PORT 389 +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; +static char *sepPtr = NULL; +static PRNetAddr netAddr; +static PRHostEnt hostent; +static PKIX_UInt32 portNum = 0; +static PRIntn hostenum = 0; +static PRStatus prstatus = PR_FAILURE; +static void *ipaddr = NULL; + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] " + "servername[:port] <testName> [ENE|EE]\n" + "\t <certStoreDirectory> <targetCert>" + " <intermediate Certs...> <trustedCert>\n\n"); + (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n" + "using the certs and CRLs in <certStoreDirectory>. " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used. \"-\" means no LDAP server.\n" + "If ENE is specified, then an Error is Not Expected. " + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &ldapCertStore, + plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs in the partial list, no leaf */ +static PKIX_Error * +testWithNoLeaf( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with no target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + PKIX_PL_Free(asciiResult, NULL); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs in the partial list, leaf duplicates the first one */ +static PKIX_Error * +testWithDuplicateLeaf( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + PKIX_PL_Free(asciiResult, NULL); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs except the leaf in the partial list */ +static PKIX_Error * +testWithLeafAndChain( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(hintCerts, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +int +test_buildchain_partialchain(int argc, char *argv[]) +{ + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_Boolean ene = PKIX_TRUE; /* expect no error */ + PKIX_List *listOfCerts = NULL; + PKIX_List *certStores = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_Cert *trusted = NULL; + PKIX_PL_Cert *target = NULL; + PKIX_CertStore *ldapCertStore = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_PL_String *dirNameString = NULL; + char *dirName = NULL; + + PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ + /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + useLDAP = PKIX_TRUE; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + ene = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + ene = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext)); + + for (k = ++j; k < ((PKIX_UInt32)argc); k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == ((PKIX_UInt32)(argc - 1))) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trusted = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(listOfCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + target = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + } + + subTest("testWithNoLeaf"); + PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); + + subTest("testWithDuplicateLeaf"); + PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); + + subTest("testWithLeafAndChain"); + PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain(trusted, listOfCerts, target, certStores, ene, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(listOfCerts); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trusted); + PKIX_TEST_DECREF_AC(target); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c new file mode 100644 index 0000000000..1b28435b01 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c @@ -0,0 +1,438 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_resourcelimits.c + * + * Test BuildChain function with constraints on resources + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES + 30) + +static void *plContext = NULL; +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] " + "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]" + " <certStoreDirectory>\\\n\t\t<targetCert>" + " <intermediate Certs...> <trustedCert>\n\n"); + (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n" + "using the certs and CRLs in <certStoreDirectory>. " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n" + "If ENE is specified, then an Error is Not Expected.\n" + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +static void +Test_BuildResult( + PKIX_ProcessingParams *procParams, + PKIX_Boolean testValid, + PKIX_List *expectedCerts, + void *plContext) +{ + PKIX_PL_Cert *cert = NULL; + PKIX_List *certs = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + PKIX_BuildResult *buildResult = NULL; + PKIX_Boolean result; + PKIX_Boolean supportForward = PKIX_FALSE; + PKIX_UInt32 numCerts, i; + char *asciiResult = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + void *state = NULL; + PRPollDesc *pollDesc = NULL; + + PKIX_TEST_STD_VARS(); + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED!\n"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + testError("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + } + } + +cleanup: + + PKIX_PL_Free(asciiResult, NULL); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + + PKIX_TEST_RETURN(); +} + +int +test_buildchain_resourcelimits(int argc, char *argv[]) +{ + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_CertChainChecker *checker = NULL; + PKIX_ResourceLimits *resourceLimits = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_CertStore *ldapCertStore = NULL; + PRIntervalTime timeout = 0; /* 0 for non-blocking */ + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + PKIX_List *expectedCerts = NULL; + PKIX_Boolean testValid = PKIX_FALSE; + PKIX_Boolean usebind = PKIX_FALSE; + PKIX_Boolean useLDAP = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain_ResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + for (k = ++j; k < argc; k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == (argc - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dirName, + 0, + &dirNameString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + +#if 0 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create + (&certStore, plContext)); +#endif + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + /* set resource limits */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext)); + + /* need longer time when running dbx for memory leak checking */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext)); + + /* build cert chain using processing params and return buildResult */ + + subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>"); + Test_BuildResult(procParams, + testValid, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext)); + + subTest("Testing ResourceLimits MaxFanout - <fail>"); + Test_BuildResult(procParams, + PKIX_FALSE, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext)); + + subTest("Testing ResourceLimits MaxDepth - <fail>"); + Test_BuildResult(procParams, + PKIX_FALSE, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext)); + + subTest("Testing ResourceLimits No checking - <pass>"); + Test_BuildResult(procParams, + testValid, + expectedCerts, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(checker); + PKIX_TEST_DECREF_AC(resourceLimits); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain_UserChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c new file mode 100644 index 0000000000..43f06ec2ac --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c @@ -0,0 +1,327 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_uchecker.c + * + * Test BuildChain User Checker function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; +static PKIX_UInt32 numUserCheckerCalled = 0; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] " + "[-|[F]<userOID>] " + "<trustedCert> <targetCert> <certStoreDirectory>\n\n"); + (void)printf("Builds a chain of certificates between " + "<trustedCert> and <targetCert>\n" + "using the certs and CRLs in <certStoreDirectory>.\n" + "If <userOID> is not an empty string, its value is used as\n" + "user defined checker's critical extension OID.\n" + "A - for <userOID> is no OID and F is for supportingForward.\n" + "If ENE is specified, then an Error is Not Expected.\n" + "If EE is specified, an Error is Expected.\n"); +} + +static PKIX_Error * +testUserChecker( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresExtOIDs, + void **pNBIOContext, + void *plContext) +{ + numUserCheckerCalled++; + return (0); +} + +int +test_buildchain_uchecker(int argc, char *argv[]) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_CertChainChecker *checker = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + char *asciiResult = NULL; + PKIX_Boolean result; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_Boolean supportForward = PKIX_FALSE; + PKIX_List *expectedCerts = NULL; + PKIX_List *userOIDs = NULL; + PKIX_PL_OID *oid = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + char *oidString = NULL; + void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ + void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain_UserChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + /* OID specified at argv[3+j] */ + + if (*argv[3 + j] != '-') { + + if (*argv[3 + j] == 'F') { + supportForward = PKIX_TRUE; + oidString = argv[3 + j] + 1; + } else { + oidString = argv[3 + j]; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&userOIDs, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidString, &oid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(userOIDs, (PKIX_PL_Object *)oid, plContext)); + PKIX_TEST_DECREF_BC(oid); + } + + subTest(argv[1 + j]); + + dirName = argv[4 + j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + chainLength = argc - j - 5; + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + if (k == (chainLength - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, + plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(testUserChecker, + supportForward, + PKIX_FALSE, + userOIDs, + NULL, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(procParams, checker, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dirName, + 0, + &dirNameString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + +#if 0 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create + (&certStore, plContext)); +#endif + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + &nbioContext, + &buildState, + &buildResult, + NULL, + plContext); + + if (testValid == PKIX_TRUE) { /* ENE */ + if (pkixTestErrorResult) { + (void)printf("UNEXPECTED RESULT RECEIVED!\n"); + } else { + (void)printf("EXPECTED RESULT RECEIVED!\n"); + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } + } else { /* EE */ + if (pkixTestErrorResult) { + (void)printf("EXPECTED RESULT RECEIVED!\n"); + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + testError("UNEXPECTED RESULT RECEIVED"); + } + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + + if (chainLength - 1 != numUserCheckerCalled) { + pkixTestErrorMsg = + "PKIX user defined checker not called"; + } + + goto cleanup; + } + } + +cleanup: + PKIX_PL_Free(asciiResult, plContext); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(userOIDs); + PKIX_TEST_DECREF_AC(checker); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain_UserChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c new file mode 100644 index 0000000000..d2c667ae74 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c @@ -0,0 +1,435 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_customcrlchecker.c + * + * Test Custom CRL Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5 + +static void *plContext = NULL; +char *dirName = NULL; /* also used in callback */ + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +getCRLCallback( + PKIX_CertStore *store, + PKIX_CRLSelector *crlSelector, + void **pNBIOContext, + PKIX_List **pCrlList, + void *plContext) +{ + char *crlFileNames[] = { "chem.crl", + "phys.crl", + "prof.crl", + "sci.crl", + "test.crl", + 0 }; + PKIX_PL_CRL *crl = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 i = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext)); + + while (crlFileNames[i]) { + + crl = createCRL(dirName, crlFileNames[i++], plContext); + + if (crl != NULL) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl, plContext)); + + PKIX_TEST_DECREF_BC(crl); + } + } + + *pCrlList = crlList; + +cleanup: + + PKIX_TEST_RETURN(); + + return (0); /* this function is called by libpkix */ +} + +static PKIX_Error * +getCRLContinue( + PKIX_CertStore *store, + PKIX_CRLSelector *crlSelector, + void **pNBIOContext, + PKIX_List **pCrlList, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + void **pNBIOContext, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +getCertContinue( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + void **pNBIOContext, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +testCRLSelectorMatchCallback( + PKIX_CRLSelector *selector, + PKIX_PL_CRL *crl, + void *plContext) +{ + PKIX_ComCRLSelParams *comCrlSelParams = NULL; + PKIX_List *issuerList = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_PL_X500Name *crlIssuer = NULL; + PKIX_UInt32 numIssuers = 0; + PKIX_UInt32 i = 0; + PKIX_Boolean result = PKIX_FALSE; + PKIX_Error *error = NULL; + char *errorText = "Not an error, CRL Select mismatch"; + + PKIX_TEST_STD_VARS(); + + subTest("Custom_Selector_MatchCallback"); + + if (selector != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(selector, &comCrlSelParams, plContext)); + } + + if (crl != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext)); + } + + if (comCrlSelParams != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(comCrlSelParams, &issuerList, plContext)); + } + + if (issuerList != NULL) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(issuerList, &numIssuers, plContext)); + + for (i = 0; i < numIssuers; i++) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(issuerList, + i, (PKIX_PL_Object **)&issuer, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)crlIssuer, + (PKIX_PL_Object *)issuer, + &result, + plContext)); + + if (result != PKIX_TRUE) { + break; + } + + if (i == numIssuers - 1) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(0, + NULL, + NULL, + PKIX_TESTNOTANERRORCRLSELECTMISMATCH, + &error, + plContext)); + + PKIX_TEST_DECREF_AC(issuer); + issuer = NULL; + break; + } + + PKIX_TEST_DECREF_AC(issuer); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(comCrlSelParams); + PKIX_TEST_DECREF_AC(crlIssuer); + PKIX_TEST_DECREF_AC(issuer); + PKIX_TEST_DECREF_AC(issuerList); + + PKIX_TEST_RETURN(); + + return (error); +} + +static PKIX_Error * +testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName) +{ + PKIX_PL_String *issuerString = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_UInt32 length = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + length = PL_strlen(issuerName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + issuerName, + length, + &issuerString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString, + &issuer, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuer, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(issuerString); + PKIX_TEST_DECREF_AC(issuer); + + PKIX_TEST_RETURN(); + + return (0); +} + +static PKIX_Error * +testCustomCertStore(PKIX_ValidateParams *valParams) +{ + PKIX_CertStore_CRLCallback crlCallback; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + char *issuerName1 = "cn=science,o=mit,c=us"; + char *issuerName2 = "cn=physics,o=mit,c=us"; + char *issuerName3 = "cn=prof noall,o=mit,c=us"; + char *issuerName4 = "cn=testing CRL,o=test,c=us"; + PKIX_ComCRLSelParams *comCrlSelParams = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 numCrl = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStore_Create"); + + /* Create CRLSelector, link in CollectionCertStore */ + + subTest("PKIX_ComCRLSelParams_AddIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext)); + + testAddIssuerName(comCrlSelParams, issuerName1); + testAddIssuerName(comCrlSelParams, issuerName2); + testAddIssuerName(comCrlSelParams, issuerName3); + testAddIssuerName(comCrlSelParams, issuerName4); + + subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback, + NULL, + &crlSelector, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, comCrlSelParams, plContext)); + + /* Create CertStore, link in CRLSelector */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_CertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(getCertCallback, + getCRLCallback, + getCertContinue, + getCRLContinue, + NULL, /* trustCallback */ + (PKIX_PL_Object *)crlSelector, /* fake */ + PKIX_FALSE, /* cacheFlag */ + PKIX_TRUE, /* localFlag */ + &certStore, + plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, + &crlCallback, + NULL)); + + subTest("Getting CRL by CRL Callback"); + PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, + &numCrl, + plContext)); + + if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { + pkixTestErrorMsg = "unexpected CRL number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(crlList); + PKIX_TEST_DECREF_AC(comCrlSelParams); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); + + return (0); +} + +/* + * Validate Certificate Chain with Certificate Revocation List + * Certificate Chain is built based on input certs' sequence. + * CRL is fetched from the directory specified in CollectionCertStore. + * while CollectionCertStore is linked in CertStore Object which then + * linked in ProcessParam. During validation, CRLChecker will invoke + * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) + * to get CRL data for revocation check. + * This test set criteria in CRLSelector which is linked in + * CommonCRLSelectorParam. When CRL data is fetched into cache for + * revocation check, CRL's are filtered based on the criteria set. + */ + +int +test_customcrlchecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_TRUE; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("CRL Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + chainLength = (argc - j) - 5; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[(5 + j) + i]; + certs[i] = NULL; + } + + dirName = argv[3 + j]; + + subTest(argv[1 + j]); + + subTest("Custom-CRL-Checker - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Custom-CRL-Checker - Create Params"); + + anchorName = argv[4 + j]; + + valParams = createValidateParams(dirName, + anchorName, + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Custom-CRL-Checker - Set Processing Params for CertStore"); + + testCustomCertStore(valParams); + + subTest("Custom-CRL-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c new file mode 100644 index 0000000000..3ce4513177 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c @@ -0,0 +1,230 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_defaultcrlchecker2stores.c + * + * Test Default CRL with multiple CertStore Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("crl-directory cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +testDefaultMultipleCertStores(PKIX_ValidateParams *valParams, + char *crlDir1, + char *crlDir2) +{ + PKIX_PL_String *dirString1 = NULL; + PKIX_PL_String *dirString2 = NULL; + PKIX_CertStore *certStore1 = NULL; + PKIX_CertStore *certStore2 = NULL; + PKIX_List *certStoreList = NULL; + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStore_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir1, + 0, + &dirString1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1, + &certStore1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir2, + 0, + &dirString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2, + &certStore2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Add multiple CollectionCertStores */ + + subTest("PKIX_ProcessingParams_SetCertStores"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString1); + PKIX_TEST_DECREF_AC(dirString2); + PKIX_TEST_DECREF_AC(certStore1); + PKIX_TEST_DECREF_AC(certStore2); + PKIX_TEST_DECREF_AC(certStoreList); + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +/* + * Validate Certificate Chain with Certificate Revocation List + * Certificate Chain is build based on input certs' sequence. + * CRL is fetched from the directory specified in CollectionCertStore. + * while CollectionCertStore is linked in CertStore Object which then + * linked in ProcessParam. During validation, CRLChecker will invoke + * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) + * to get CRL data for revocation check. + * This test gets CRL's from two CertStores, each has a valid CRL + * required for revocation check to pass. + */ + +int +test_defaultcrlchecker2stores(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_TRUE; + char *dirName = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 6) { + printUsage1(argv[0]); + return (0); + } + + startTests("CRL Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + chainLength = (argc - j) - 7; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[(7 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Default-CRL-Checker"); + + subTest("Default-CRL-Checker - Create Cert Chain"); + + dirName = argv[3 + j]; + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Default-CRL-Checker - Create Params"); + + anchorName = argv[6 + j]; + + valParams = createValidateParams(dirName, + anchorName, + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Multiple-CertStores"); + + testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]); + + subTest("Default-CRL-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_ocsp.c b/security/nss/cmd/libpkix/pkix/top/test_ocsp.c new file mode 100644 index 0000000000..e97e57096e --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_ocsp.c @@ -0,0 +1,288 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_ocspchecker.c + * + * Test OcspChecker function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName " + "[ENE|EE] <certLocationDirectory> <trustedCert> " + "<targetCert>\n\n"); + (void)printf("Validates a chain of certificates between " + "<trustedCert> and <targetCert>\n" + "using the certs and CRLs in <certLocationDirectory> and " + "pkcs11 db from <certStoreDirectory>. " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_Date *validity = NULL; + PKIX_List *revCheckers = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_PL_Object *revCheckerContext = NULL; + PKIX_OcspChecker *ocspChecker = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + /* Create CertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + /* create current Date */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + /* create revChecker */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity, + NULL, /* pwArg */ + NULL, /* Use default responder */ + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext(revChecker, &revCheckerContext, plContext)); + + /* Check that this object is a ocsp checker */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext)); + + ocspChecker = (PKIX_OcspChecker *)revCheckerContext; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn(ocspChecker, + PKIX_PL_OcspResponse_UseBuildChain, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(ocspChecker); + PKIX_TEST_DECREF_AC(validity); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_ocsp(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + char *databaseDir = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("OcspChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + if (k == 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + anchorCertName = argv[4 + j]; + trustedCert = createCert(dirName, anchorCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chainCerts, &valParams, plContext)); + + testDefaultCertStore(valParams, dirName); + + pkixTestErrorResult = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext); + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED SUCCESSFUL VALIDATION!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED SUCCESSFUL VALIDATION!\n"); + } + } + + subTest("Displaying VerifyTree"); + + if (verifyTree == NULL) { + (void)printf("VerifyTree is NULL\n"); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", + verifyString->escAsciiString); + PKIX_TEST_DECREF_BC(verifyString); + PKIX_TEST_DECREF_BC(verifyTree); + } + +cleanup: + + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("OcspChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_policychecker.c b/security/nss/cmd/libpkix/pkix/top/test_policychecker.c new file mode 100644 index 0000000000..1318f13ba6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_policychecker.c @@ -0,0 +1,535 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_policychecker.c + * + * Test Policy Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage(char *testname) +{ + char *fmt = + "USAGE: %s testname" + " [ENE|EE] \"{OID[:OID]*}\" [A|E|P] cert [cert]*\n" + "(The quotes are needed around the OID argument for dbx.)\n" + "(The optional arg A indicates initialAnyPolicyInhibit.)\n" + "(The optional arg E indicates initialExplicitPolicy.)\n" + "(The optional arg P indicates initialPolicyMappingInhibit.)\n"; + printf(fmt, testname); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_List * +policySetParse(char *policyString) +{ + char *p = NULL; + char *oid = NULL; + char c = '\0'; + PKIX_Boolean validString = PKIX_FALSE; + PKIX_PL_OID *plOID = NULL; + PKIX_List *policySet = NULL; + + PKIX_TEST_STD_VARS(); + + p = policyString; + + /* + * There may or may not be quotes around the initial-policy-set + * string. If they are omitted, dbx will strip off the curly braces. + * If they are included, dbx will strip off the quotes, but if you + * are running directly from a script, without dbx, the quotes will + * not be stripped. We need to be able to handle both cases. + */ + if (*p == '"') { + p++; + } + + if ('{' != *p++) { + return (NULL); + } + oid = p; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&policySet, plContext)); + + /* scan to the end of policyString */ + while (!validString) { + /* scan to the end of the current OID string */ + c = *oid; + while ((c != '\0') && (c != ':') && (c != '}')) { + c = *++oid; + } + + if ((c != ':') || (c != '}')) { + *oid = '\0'; /* store a null terminator */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(p, &plOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(policySet, + (PKIX_PL_Object *)plOID, + plContext)); + + PKIX_TEST_DECREF_BC(plOID); + plOID = NULL; + if (c == '}') { + /* + * Any exit but this one means + * we were given a badly-formed string. + */ + validString = PKIX_TRUE; + } + p = ++oid; + } + } + +cleanup: + if (!validString) { + PKIX_TEST_DECREF_AC(plOID); + PKIX_TEST_DECREF_AC(policySet); + policySet = NULL; + } + + PKIX_TEST_RETURN(); + + return (policySet); +} + +/* + * FUNCTION: treeToStringHelper + * This function obtains the string representation of a PolicyNode + * Tree and compares it to the expected value. + * PARAMETERS: + * "parent" - a PolicyNode, the root of a PolicyNodeTree; + * must be non-NULL. + * "expected" - the desired string. + * THREAD SAFETY: + * Thread Safe + * + * Multiple threads can safely call this function without worrying + * about conflicts, even if they're operating on the same object. + * RETURNS: + * Nothing. + */ +static void +treeToStringHelper(PKIX_PolicyNode *parent, char *expected) +{ + PKIX_PL_String *stringRep = NULL; + char *actual = NULL; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parent, &stringRep, plContext)); + + actual = PKIX_String2ASCII(stringRep, plContext); + if (actual == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + if (PL_strcmp(actual, expected) != 0) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%s\n", actual); + (void)printf("Expected value:\t%s\n", expected); + } + +cleanup: + + PKIX_PL_Free(actual, plContext); + + PKIX_TEST_DECREF_AC(stringRep); + + PKIX_TEST_RETURN(); +} + +static void +testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic-Common-Fields <pass>"); + /* + * Tests the Expiration, NameChaining, and Signature Checkers + */ + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testNistTest1(char *dirName) +{ +#define PKIX_TEST_NUM_CERTS 2 + char *trustAnchor = + "TrustAnchorRootCertificate.crt"; + char *intermediateCert = + "GoodCACert.crt"; + char *endEntityCert = + "ValidCertificatePathTest1EE.crt"; + char *certNames[PKIX_TEST_NUM_CERTS]; + char *asciiAnyPolicy = "2.5.29.32.0"; + PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL }; + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *chain = NULL; + PKIX_PL_OID *anyPolicyOID = NULL; + PKIX_List *initialPolicies = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testNistTest1: Creating the cert chain"); + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + certNames[0] = intermediateCert; + certNames[1] = endEntityCert; + chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext); + + subTest("testNistTest1: Creating the Validate Parameters"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &anyPolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)anyPolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext)); + + valParams = createValidateParams(dirName, + trustAnchor, + NULL, + NULL, + initialPolicies, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("testNistTest1: Validating the chain"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(anyPolicyOID); + PKIX_TEST_DECREF_AC(initialPolicies); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_TEST_RETURN(); +} + +static void +testNistTest2(char *dirName) +{ +#define PKIX_TEST_NUM_CERTS 2 + char *trustAnchor = + "TrustAnchorRootCertificate.crt"; + char *intermediateCert = + "GoodCACert.crt"; + char *endEntityCert = + "ValidCertificatePathTest1EE.crt"; + char *certNames[PKIX_TEST_NUM_CERTS]; + char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1"; + PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL }; + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *chain = NULL; + PKIX_PL_OID *Nist1PolicyOID = NULL; + PKIX_List *initialPolicies = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testNistTest2: Creating the cert chain"); + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + certNames[0] = intermediateCert; + certNames[1] = endEntityCert; + chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext); + + subTest("testNistTest2: Creating the Validate Parameters"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiNist1Policy, &Nist1PolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext)); + + valParams = createValidateParams(dirName, + trustAnchor, + NULL, + NULL, + initialPolicies, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("testNistTest2: Validating the chain"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(Nist1PolicyOID); + PKIX_TEST_DECREF_AC(initialPolicies); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_TEST_RETURN(); +} + +static void +printValidPolicyTree(PKIX_ValidateResult *valResult) +{ + PKIX_PolicyNode *validPolicyTree = NULL; + PKIX_PL_String *treeString = NULL; + + PKIX_TEST_STD_VARS(); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(valResult, &validPolicyTree, plContext)); + if (validPolicyTree) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)validPolicyTree, + &treeString, + plContext)); + (void)printf("validPolicyTree is\n\t%s\n", + treeString->escAsciiString); + } else { + (void)printf("validPolicyTree is NULL\n"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(validPolicyTree); + PKIX_TEST_DECREF_AC(treeString); + + PKIX_TEST_RETURN(); +} + +int +test_policychecker(int argc, char *argv[]) +{ + + PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE; + PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE; + PKIX_Boolean initialExplicitPolicy = PKIX_FALSE; + PKIX_Boolean expectedResult = PKIX_FALSE; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 initArgs = 0; + PKIX_UInt32 firstCert = 0; + PKIX_UInt32 i = 0; + PKIX_Int32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_ProcessingParams *procParams = NULL; + char *firstTrustAnchor = "yassir2yassir"; + char *secondTrustAnchor = "yassir2bcn"; + char *dateAscii = "991201000000Z"; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */ + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_List *chain = NULL; + PKIX_Error *validationError = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + char *dirName = NULL; + char *dataCentralDir = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * Perform hard-coded tests if no command line args. + * If command line args are provided, they must be: + * arg[1]: test name + * arg[2]: "ENE" or "EE", for "expect no error" or "expect error" + * arg[3]: directory for certificates + * arg[4]: user-initial-policy-set, consisting of braces + * containing zero or more OID sequences, separated by commas + * arg[5]: (optional) "E", indicating initialExplicitPolicy + * arg[firstCert]: the path and filename of the trust anchor certificate + * arg[firstCert+1..(n-1)]: successive certificates in the chain + * arg[n]: the end entity certificate + * + * Example: test_policychecker test1EE ENE + * {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity + */ + + dirName = argv[3 + j]; + dataCentralDir = argv[4 + j]; + + if (argc <= 5 || ((6 == argc) && (j))) { + + testPass(dataCentralDir, + firstTrustAnchor, + secondTrustAnchor, + dateAscii); + + testNistTest1(dirName); + + testNistTest2(dirName); + + goto cleanup; + } + + if (argc < (7 + j)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + expectedResult = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + expectedResult = PKIX_FALSE; + } else { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + userInitialPolicySet = policySetParse(argv[5 + j]); + if (!userInitialPolicySet) { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + for (initArgs = 0; initArgs < 3; initArgs++) { + if (PORT_Strcmp(argv[6 + j + initArgs], "A") == 0) { + initialAnyPolicyInhibit = PKIX_TRUE; + } else if (PORT_Strcmp(argv[6 + j + initArgs], "E") == 0) { + initialExplicitPolicy = PKIX_TRUE; + } else if (PORT_Strcmp(argv[6 + j + initArgs], "P") == 0) { + initialPolicyMappingInhibit = PKIX_TRUE; + } else { + break; + } + } + + firstCert = initArgs + j + 6; + chainLength = argc - (firstCert + 1); + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[i + (firstCert + 1)]; + certs[i] = NULL; + } + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest(argv[1 + j]); + + valParams = createValidateParams(dirName, + argv[firstCert], + NULL, + NULL, + userInitialPolicySet, + initialPolicyMappingInhibit, + initialAnyPolicyInhibit, + initialExplicitPolicy, + PKIX_FALSE, + chain, + plContext); + + if (expectedResult == PKIX_TRUE) { + subTest(" (expecting successful validation)"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + printValidPolicyTree(valResult); + + } else { + subTest(" (expecting validation to fail)"); + validationError = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext); + if (!validationError) { + printValidPolicyTree(valResult); + pkixTestErrorMsg = "Should have thrown an error here."; + } + PKIX_TEST_DECREF_BC(validationError); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(userInitialPolicySet); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(validationError); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("PolicyChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c b/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c new file mode 100644 index 0000000000..3f9711e691 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_subjaltnamechecker.c + * + * Test Subject Alternative Name Checking + * + */ + +/* + * There is no subjaltnamechecker. Instead, targetcertchecker is doing + * the job for checking subject alternative names' validity. For testing, + * in order to enter names with various type, we create this test excutable + * to parse different scenario. + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-name [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsage2(char *name) +{ + printf("\ninvalid test-name syntax - %s", name); + printf("\ntest-name syntax: [01][DNORU]:<name>+..."); + printf("\n [01] 1 - match all; 0 - match one"); + printf("\n name - type can be specified as"); + printf("\n [DNORU] D-Directory name"); + printf("\n N-DNS name"); + printf("\n O-OID name"); + printf("\n R-RFC822 name"); + printf("\n U-URI name"); + printf("\n + separator for more names\n\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_UInt32 +getNameType(char *name) +{ + PKIX_UInt32 nameType; + + PKIX_TEST_STD_VARS(); + + switch (*name) { + case 'D': + nameType = PKIX_DIRECTORY_NAME; + break; + case 'N': + nameType = PKIX_DNS_NAME; + break; + case 'O': + nameType = PKIX_OID_NAME; + break; + case 'R': + nameType = PKIX_RFC822_NAME; + break; + case 'U': + nameType = PKIX_URI_NAME; + break; + default: + printUsage2(name); + nameType = 0xFFFF; + } + + goto cleanup; + +cleanup: + PKIX_TEST_RETURN(); + return (nameType); +} + +int +test_subjaltnamechecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *selParams = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_GeneralName *name = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + char *nameStr; + char *nameEnd; + char *names[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 numNames = 0; + PKIX_UInt32 nameType; + PKIX_Boolean matchAll = PKIX_TRUE; + PKIX_Boolean testValid = PKIX_TRUE; + char *dirName = NULL; + char *anchorName = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("SubjAltNameConstraintChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + j++; /* skip test-purpose string */ + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + /* taking out leading and trailing ", if any */ + nameStr = argv[1 + j]; + subTest(nameStr); + if (*nameStr == '"') { + nameStr++; + nameEnd = nameStr; + while (*nameEnd != '"' && *nameEnd != '\0') { + nameEnd++; + } + *nameEnd = '\0'; + } + + /* extract first [0|1] inidcating matchAll or not */ + matchAll = (*nameStr == '0') ? PKIX_FALSE : PKIX_TRUE; + nameStr++; + + numNames = 0; + while (*nameStr != '\0') { + names[numNames++] = nameStr; + while (*nameStr != '+' && *nameStr != '\0') { + nameStr++; + } + if (*nameStr == '+') { + *nameStr = '\0'; + nameStr++; + } + } + + chainLength = (argc - j) - 4; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + certNames[i] = argv[(4 + j) + i]; + certs[i] = NULL; + } + + /* SubjAltName for validation */ + + subTest("Add Subject Alt Name for NameConstraint checking"); + + subTest("Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, selParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(selParams, matchAll, plContext)); + + subTest("PKIX_ComCertSelParams_AddSubjAltName(s)"); + for (i = 0; i < numNames; i++) { + nameType = getNameType(names[i]); + if (nameType == 0xFFFF) { + return (0); + } + nameStr = names[i] + 2; + name = createGeneralName(nameType, nameStr, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(selParams, name, plContext)); + PKIX_TEST_DECREF_BC(name); + } + + subTest("SubjAltName-Constraints - Create Cert Chain"); + + dirName = argv[3 + j]; + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("SubjAltName-Constraints - Create Params"); + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("PKIX_ValidateParams_getProcessingParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, selector, plContext)); + + subTest("Subject Alt Name - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(name); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("SubjAltNameConstraintsChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain.c new file mode 100644 index 0000000000..98cb7b018c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain.c @@ -0,0 +1,221 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_validatechain.c + * + * Test ValidateChain function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] " + "<certStoreDirectory> <trustedCert> <targetCert>\n\n"); + (void)printf("Validates a chain of certificates between " + "<trustedCert> and <targetCert>\n" + "using the certs and CRLs in <certStoreDirectory>. " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_Date *validity = NULL; + PKIX_List *revCheckers = NULL; + PKIX_RevocationChecker *ocspChecker = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + /* Create CertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + + /* create current Date */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + /* create revChecker */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity, + NULL, /* pwArg */ + NULL, /* Use default responder */ + &ocspChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(ocspChecker); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_validatechain(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("ValidateChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chainCerts, + plContext); + + testDefaultCertStore(valParams, dirName); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + + subTest("Displaying VerifyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c new file mode 100644 index 0000000000..ad73a5df76 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c @@ -0,0 +1,351 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_validatechain_NB.c + * + * Test ValidateChain (nonblocking I/O) function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ntest_validateChain_NB TestName [ENE|EE] " + "<certStoreDirectory> <trustedCert> <targetCert>\n\n"); + (void)printf("Validates a chain of certificates between " + "<trustedCert> and <targetCert>\n" + "using the certs and CRLs in <certStoreDirectory>. " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testSetupCertStore(PKIX_ValidateParams *valParams, char *ldapName) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create LDAPCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(ldapName, + 0, /* timeout */ + NULL, /* bindPtr */ + &ldapClient, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &certStore, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (0); +} + +static char *levels[] = { + "None", "Fatal Error", "Error", "Warning", "Debug", "Trace" +}; + +static PKIX_Error * +loggerCallback( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ +#define resultSize 150 + char *msg = NULL; + char result[resultSize]; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, resultSize, + "Logging %s (%s): %s", + levels[logLevel], + PKIX_ERRORCLASSNAMES[logComponent], + msg); + subTest(result); + +cleanup: + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static void +testLogErrors( + PKIX_ERRORCLASS module, + PKIX_UInt32 loggingLevel, + PKIX_List *loggers, + void *plContext) +{ + PKIX_Logger *logger = NULL; + PKIX_PL_String *component = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, module, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, loggingLevel, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggers, (PKIX_PL_Object *)logger, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(logger); + PKIX_TEST_DECREF_AC(component); + + PKIX_TEST_RETURN(); +} + +int +test_validatechain_NB(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + PKIX_UInt32 certIndex = 0; + PKIX_UInt32 anchorIndex = 0; + PKIX_UInt32 checkerIndex = 0; + PKIX_Boolean revChecking = PKIX_FALSE; + PKIX_List *checkers = NULL; + PRPollDesc *pollDesc = NULL; + PRErrorCode errorCode = 0; + PKIX_PL_Socket *socket = NULL; + char *ldapName = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_List *loggers = NULL; + PKIX_Logger *logger = NULL; + char *logging = NULL; + PKIX_PL_String *component = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("ValidateChain_NB"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chainCerts, + plContext); + + ldapName = PR_GetEnvSecure("LDAP"); + /* Is LDAP set in the environment? */ + if ((ldapName == NULL) || (*ldapName == '\0')) { + testError("LDAP not set in environment"); + goto cleanup; + } + + pkixTestErrorResult = pkix_pl_Socket_CreateByName(PKIX_FALSE, /* isServer */ + PR_SecondsToInterval(30), /* try 30 secs for connect */ + ldapName, + &errorCode, + &socket, + plContext); + + if (pkixTestErrorResult != NULL) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, plContext); + pkixTestErrorResult = NULL; + testError("Unable to connect to LDAP Server"); + goto cleanup; + } + + PKIX_TEST_DECREF_BC(socket); + + testSetupCertStore(valParams, ldapName); + + logging = PR_GetEnvSecure("LOGGING"); + /* Is LOGGING set in the environment? */ + if ((logging != NULL) && (*logging != '\0')) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggers, plContext)); + + testLogErrors(PKIX_VALIDATE_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_CERTSTORE_ERROR, 2, loggers, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext)); + } + + pkixTestErrorResult = PKIX_ValidateChain_NB(valParams, + &certIndex, + &anchorIndex, + &checkerIndex, + &revChecking, + &checkers, + (void **)&pollDesc, + &valResult, + &verifyTree, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_ValidateChain_NB(valParams, + &certIndex, + &anchorIndex, + &checkerIndex, + &revChecking, + &checkers, + (void **)&pollDesc, + &valResult, + &verifyTree, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + } + +cleanup: + + if (verifyTree) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", + verifyString->escAsciiString); + } + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(checkers); + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateChain_NB"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c new file mode 100644 index 0000000000..480ec2643c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c @@ -0,0 +1,233 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * validateChainBasicConstraints.c + * + * Tests Cert Chain Validation + * + */ + +#include <stdio.h> +#include <string.h> +#include <stddef.h> + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + printf("\nUSAGE: incorrect.\n"); +} + +static PKIX_PL_Cert * +createCert(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *inFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +int +test_validatechain_bc(int argc, char *argv[]) +{ + + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_PL_X500Name *subject = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + + char *trustedCertFile = NULL; + char *chainCertFile = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *chainCert = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 3) { + printUsage(); + return (0); + } + + startTests("ValidateChainBasicConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + chainLength = (argc - j) - 2; + + /* create processing params with list of trust anchors */ + trustedCertFile = argv[1 + j]; + trustedCert = createCert(trustedCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, -1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_DECREF_BC(subject); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_DECREF_BC(certSelector); + + /* create cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); + for (i = 0; i < chainLength; i++) { + chainCertFile = argv[i + (2 + j)]; + chainCert = createCert(chainCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)chainCert, plContext)); + + PKIX_TEST_DECREF_BC(chainCert); + } + + /* create validate params with processing params and cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext)); + + /* validate cert chain using processing params and return valResult */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + if (valResult != NULL) { + printf("SUCCESSFULLY VALIDATED with Basic Constraint "); + printf("Cert Selector minimum path length to be -1\n"); + PKIX_TEST_DECREF_BC(valResult); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + PKIX_TEST_DECREF_BC(verifyString); + PKIX_TEST_DECREF_BC(verifyTree); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, 6, plContext)); + + /* validate cert chain using processing params and return valResult */ + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + if (valResult != NULL) { + printf("SUCCESSFULLY VALIDATED with Basic Constraint "); + printf("Cert Selector minimum path length to be 6\n"); + } + + PKIX_TEST_DECREF_BC(trustedCert); + PKIX_TEST_DECREF_BC(anchor); + PKIX_TEST_DECREF_BC(anchors); + PKIX_TEST_DECREF_BC(certs); + PKIX_TEST_DECREF_BC(procParams); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + printf("FAILED TO VALIDATE\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(valParams); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("ValidateChainBasicConstraints"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/Makefile b/security/nss/cmd/libpkix/pkix/util/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/util/manifest.mn b/security/nss/cmd/libpkix/pkix/util/manifest.mn new file mode 100644 index 0000000000..c7790c401b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_error.c \ + test_list.c \ + test_list2.c \ + test_logger.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolutil +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/util/test_error.c b/security/nss/cmd/libpkix/pkix/util/test_error.c new file mode 100644 index 0000000000..9cddecc827 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_error.c @@ -0,0 +1,385 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_error.c + * + * Tests Error Object Creation, ToString, Callbacks and Destroy + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createErrors( + PKIX_Error **error, + PKIX_Error **error2, + PKIX_Error **error3, + PKIX_Error **error5, + PKIX_Error **error6, + PKIX_Error **error7, + char *infoChar) + +{ + PKIX_PL_String *infoString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + infoChar, + PL_strlen(infoChar), + &infoString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR, + NULL, + NULL, + PKIX_TESTANOTHERERRORMESSAGE, + error2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error2, + (PKIX_PL_Object *)infoString, + PKIX_TESTERRORMESSAGE, + error, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error2, + (PKIX_PL_Object *)infoString, + PKIX_TESTERRORMESSAGE, + error3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + NULL, + (PKIX_PL_Object *)infoString, + 0, + error5, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR, + *error5, + (PKIX_PL_Object *)infoString, + 0, + error6, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error6, + (PKIX_PL_Object *)infoString, + 0, + error7, + plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(infoString); + + PKIX_TEST_RETURN(); +} + +static void +testGetErrorClass(PKIX_Error *error, PKIX_Error *error2) +{ + PKIX_ERRORCLASS errClass; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error, &errClass, plContext)); + + if (errClass != PKIX_OBJECT_ERROR) { + testError("Incorrect Class Returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error2, &errClass, plContext)); + + if (errClass != PKIX_MEM_ERROR) { + testError("Incorrect Class Returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(PKIX_ALLOC_ERROR(), + &errClass, plContext)); + if (errClass != PKIX_FATAL_ERROR) { + testError("Incorrect Class Returned"); + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testGetDescription( + PKIX_Error *error, + PKIX_Error *error2, + PKIX_Error *error3, + char *descChar, + char *descChar2) +{ + + PKIX_PL_String *targetString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error2, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar2) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error3, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetCause(PKIX_Error *error, PKIX_Error *error2, PKIX_Error *error3) +{ + + PKIX_Error *error4 = NULL; + PKIX_PL_String *targetString = NULL; + char *temp = NULL; + PKIX_Boolean boolResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error, &error4, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2, + (PKIX_PL_Object *)error4, + &boolResult, plContext)); + if (!boolResult) + testError("Incorrect Cause returned"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error4, + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(targetString); + PKIX_TEST_DECREF_BC(error4); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error3, &error4, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2, + (PKIX_PL_Object *)error4, + &boolResult, plContext)); + if (!boolResult) + testError("Incorrect Cause returned"); + + PKIX_TEST_DECREF_BC(error4); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetSupplementaryInfo(PKIX_Error *error, char *infoChar) +{ + + PKIX_PL_Object *targetString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetSupplementaryInfo(error, &targetString, plContext)); + temp = PKIX_String2ASCII((PKIX_PL_String *)targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, infoChar) != 0) { + testError("Incorrect info returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testPrimitiveError(void) +{ + PKIX_PL_String *targetString = NULL; + PKIX_PL_String *targetStringCopy = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)PKIX_ALLOC_ERROR(), + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + targetStringCopy = targetString; + + PKIX_TEST_DECREF_BC(targetString); + + /* + * We need to DECREF twice, b/c the PKIX_ALLOC_ERROR object + * which holds a cached copy of the stringRep can never be DECREF'd + */ + PKIX_TEST_DECREF_BC(targetStringCopy); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testChaining(PKIX_Error *error7) +{ + PKIX_PL_String *targetString = NULL; + PKIX_Error *tempError = NULL; + char *temp = NULL; + PKIX_UInt32 i; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error7, + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + for (i = 0, tempError = error7; i < 2; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(tempError, &tempError, plContext)); + if (tempError == NULL) { + testError("Unexpected end to error chain"); + break; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)tempError, plContext)); + } + + PKIX_TEST_DECREF_BC(targetString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_Error *error) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(error); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_error(int argc, char *argv[]) +{ + + PKIX_Error *error, *error2, *error3, *error5, *error6, *error7; + char *descChar = "Error Message"; + char *descChar2 = "Another Error Message"; + char *infoChar = "Auxiliary Info"; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Errors"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_Error_Create"); + createErrors(&error, + &error2, + &error3, + &error5, + &error6, + &error7, + infoChar); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(error, + error, + error2, + NULL, + Error, + PKIX_TRUE); + + subTest("PKIX_Error_GetErrorClass"); + testGetErrorClass(error, error2); + + subTest("PKIX_Error_GetDescription"); + testGetDescription(error, error2, error3, descChar, descChar2); + + subTest("PKIX_Error_GetCause"); + testGetCause(error, error2, error3); + + subTest("PKIX_Error_GetSupplementaryInfo"); + testGetSupplementaryInfo(error, infoChar); + + subTest("Primitive Error Type"); + testPrimitiveError(); + + subTest("Error Chaining"); + testChaining(error7); + + subTest("PKIX_Error_Destroy"); + testDestroy(error); + testDestroy(error2); + testDestroy(error3); + testDestroy(error5); + testDestroy(error6); + testDestroy(error7); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Errors"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_list.c b/security/nss/cmd/libpkix/pkix/util/test_list.c new file mode 100644 index 0000000000..e5e6e507ba --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_list.c @@ -0,0 +1,765 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_list.c + * + * Tests List Objects + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createLists(PKIX_List **list, PKIX_List **list2) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list2, plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testReverseList(void) +{ + PKIX_List *firstList = NULL; + PKIX_List *reverseList = NULL; + PKIX_UInt32 length, i; + char *testItemString = "one"; + char *testItemString2 = "two"; + PKIX_PL_String *testItem = NULL; + PKIX_PL_String *testItem2 = NULL; + PKIX_PL_Object *retrievedItem1 = NULL; + PKIX_PL_Object *retrievedItem2 = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&firstList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 0) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_DECREF_BC(reverseList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + 0, + &testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + 0, + &testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 1) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_DECREF_BC(reverseList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 4) { + testError("Incorrect Length returned"); + } + + for (i = 0; i < length; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstList, + i, + &retrievedItem1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(reverseList, + (length - 1) - i, + &retrievedItem2, + plContext)); + + testEqualsHelper(retrievedItem1, retrievedItem2, PKIX_TRUE, plContext); + + PKIX_TEST_DECREF_BC(retrievedItem1); + PKIX_TEST_DECREF_BC(retrievedItem2); + } + +cleanup: + + PKIX_TEST_DECREF_AC(firstList); + PKIX_TEST_DECREF_AC(reverseList); + + PKIX_TEST_DECREF_AC(testItem); + PKIX_TEST_DECREF_AC(testItem2); + + PKIX_TEST_DECREF_AC(retrievedItem1); + PKIX_TEST_DECREF_AC(retrievedItem2); + + PKIX_TEST_RETURN(); +} + +static void +testZeroLengthList(PKIX_List *list) +{ + PKIX_UInt32 length; + PKIX_Boolean empty; + char *testItemString = "hello"; + PKIX_PL_String *testItem = NULL; + PKIX_PL_String *retrievedItem = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&diffList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext)); + + if (length != 0) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(list, &empty, plContext)); + if (!empty) { + testError("Incorrect result for PKIX_List_IsEmpty"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + 0, + &testItem, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, + 0, + (PKIX_PL_Object **)&retrievedItem, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(diffList, + (PKIX_PL_Object *)testItem, + plContext)); + + testDuplicateHelper((PKIX_PL_Object *)diffList, plContext); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(list, list, diffList, "(EMPTY)", List, PKIX_TRUE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext)); + if (length != 1) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(diffList, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext)); + if (length != 0) { + testError("Incorrect Length returned"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(testItem); + PKIX_TEST_DECREF_AC(diffList); + PKIX_TEST_RETURN(); +} + +static void +testGetLength(PKIX_List *list) +{ + PKIX_UInt32 length; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext)); + + if (length != 3) { + testError("Incorrect Length returned"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetSetItem( + PKIX_List *list, + char *testItemString, + char *testItemString2, + char *testItemString3, + PKIX_PL_String **testItem, + PKIX_PL_String **testItem2, + PKIX_PL_String **testItem3) +{ + PKIX_PL_Object *tempItem = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + PL_strlen(testItemString), + testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + PL_strlen(testItemString2), + testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString3, + PL_strlen(testItemString3), + testItem3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 1, (PKIX_PL_Object *)*testItem2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 2, (PKIX_PL_Object *)*testItem3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 1, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString2, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 2, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString3, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem3, plContext)); + temp = PKIX_String2ASCII(*testItem3, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString3, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testInsertItem( + PKIX_List *list, + PKIX_PL_String *testItem, + char *testItemString) +{ + PKIX_PL_Object *tempItem = NULL; + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testAppendItem(PKIX_List *list, PKIX_PL_String *testItem) +{ + PKIX_UInt32 length2; + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, + (PKIX_PL_Object *)testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testNestedLists( + PKIX_List *list, + PKIX_List *list2, + PKIX_PL_String *testItem, + PKIX_PL_String *testItem2) +{ + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)NULL, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (null), a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 1, + (PKIX_PL_Object *)list2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (a, (null), a), c, b, c, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDeleteItem( + PKIX_List *list, + PKIX_List *list2, + PKIX_PL_String *testItem2, + PKIX_PL_String *testItem3) +{ + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (a, (null), a), c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a, b)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem3, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_DECREF_BC(list2); + +cleanup: + + PKIX_TEST_RETURN(); +} + +#if testContainsFunction +/* This test requires pkix_List_Contains to be in nss.def */ +static void +testContains(void) +{ + + PKIX_List *list; + PKIX_PL_String *testItem, *testItem2, *testItem3, *testItem4; + char *testItemString = "a"; + char *testItemString2 = "b"; + char *testItemString3 = "c"; + char *testItemString4 = "d"; + PKIX_Boolean found = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("pkix_ListContains"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + PL_strlen(testItemString), + &testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + PL_strlen(testItemString2), + &testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString3, + PL_strlen(testItemString3), + &testItem3, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString4, + PL_strlen(testItemString4), + &testItem4, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem3, plContext)); + + subTest("pkix_List_Contains <object missing>"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext)); + + if (found) { + testError("Contains found item that wasn't there!"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem4, plContext)); + + subTest("pkix_List_Contains <object present>"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext)); + + if (!found) { + testError("Contains missed item that was present!"); + } + + PKIX_TEST_DECREF_BC(list); + PKIX_TEST_DECREF_BC(testItem); + PKIX_TEST_DECREF_BC(testItem2); + PKIX_TEST_DECREF_BC(testItem3); + PKIX_TEST_DECREF_BC(testItem4); + +cleanup: + + PKIX_TEST_RETURN(); +} +#endif + +static void +testErrorHandling(void) +{ + PKIX_List *emptylist = NULL; + PKIX_List *list = NULL; + PKIX_PL_Object *tempItem = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 4, &tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 1, NULL, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 4, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(NULL, 1, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 4, tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(NULL, 1, tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 5, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(NULL, 1, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetLength(list, NULL, plContext)); + + PKIX_TEST_DECREF_BC(list); + PKIX_TEST_DECREF_BC(emptylist); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_List *list) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(list); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_list(int argc, char *argv[]) +{ + + PKIX_List *list, *list2; + PKIX_PL_String *testItem, *testItem2, *testItem3; + char *testItemString = "a"; + char *testItemString2 = "b"; + char *testItemString3 = "c"; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Lists"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_List_Create"); + createLists(&list, &list2); + + subTest("pkix_List_ReverseList"); + testReverseList(); + + subTest("Zero-length List"); + testZeroLengthList(list); + + subTest("PKIX_List_Get/SetItem"); + testGetSetItem(list, + testItemString, + testItemString2, + testItemString3, + &testItem, + &testItem2, + &testItem3); + + subTest("PKIX_List_GetLength"); + testGetLength(list); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(list, + list, + list2, + "(c, b, c)", + List, + PKIX_TRUE); + + subTest("PKIX_List_InsertItem"); + testInsertItem(list, testItem, testItemString); + + subTest("PKIX_List_AppendItem"); + testAppendItem(list, testItem); + + subTest("Nested Lists"); + testNestedLists(list, list2, testItem, testItem2); + + subTest("PKIX_List_DeleteItem"); + testDeleteItem(list, list2, testItem2, testItem3); + + PKIX_TEST_DECREF_BC(testItem); + PKIX_TEST_DECREF_BC(testItem2); + PKIX_TEST_DECREF_BC(testItem3); + +#if testContainsFunction + /* This test requires pkix_List_Contains to be in nss.def */ + testContains(); +#endif + + subTest("PKIX_List Error Handling"); + testErrorHandling(); + + subTest("PKIX_List_Destroy"); + testDestroy(list); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Lists"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_list2.c b/security/nss/cmd/libpkix/pkix/util/test_list2.c new file mode 100644 index 0000000000..b802ff0e66 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_list2.c @@ -0,0 +1,118 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_list2.c + * + * Performs an in-place sort on a list + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int +test_list2(int argc, char *argv[]) +{ + + PKIX_List *list; + char *temp; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Int32 cmpResult; + PKIX_PL_OID *testOID; + PKIX_PL_String *testString; + PKIX_PL_Object *obj, *obj2; + PKIX_UInt32 size = 10; + char *testOIDString[10] = { + "2.9.999.1.20", + "1.2.3.4.5.6.7", + "0.1", + "1.2.3.5", + "0.39", + "1.2.3.4.7", + "1.2.3.4.6", + "0.39.1", + "1.2.3.4.5", + "0.39.1.300" + }; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + startTests("List Sorting"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("Creating Unsorted Lists"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + for (i = 0; i < size; i++) { + /* Create a new OID object */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create( + testOIDString[i], + &testOID, + plContext)); + /* Insert it into the list */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext)); + /* Decref the string object */ + PKIX_TEST_DECREF_BC(testOID); + } + + subTest("Outputting Unsorted List"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &testString, + plContext)); + temp = PKIX_String2ASCII(testString, plContext); + if (temp) { + (void)printf("%s \n", temp); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(testString); + + subTest("Performing Bubble Sort"); + + for (i = 0; i < size; i++) + for (j = 9; j > i; j--) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j - 1, + &obj2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext)); + if (cmpResult < 0) { + /* Exchange the items */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j - 1, + obj, plContext)); + } + /* DecRef objects */ + PKIX_TEST_DECREF_BC(obj); + PKIX_TEST_DECREF_BC(obj2); + } + + subTest("Outputting Sorted List"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &testString, + plContext)); + temp = PKIX_String2ASCII(testString, plContext); + if (temp) { + (void)printf("%s \n", temp); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(testString); + PKIX_TEST_DECREF_AC(list); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("List Sorting"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_logger.c b/security/nss/cmd/libpkix/pkix/util/test_logger.c new file mode 100644 index 0000000000..3b7e5160a3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_logger.c @@ -0,0 +1,314 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_logger.c + * + * Tests Logger Objects + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static char *levels[] = { + "None", + "Fatal Error", + "Error", + "Warning", + "Debug", + "Trace" +}; + +static PKIX_Error * +testLoggerCallback( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ + char *comp = NULL; + char *msg = NULL; + char result[100]; + static int callCount = 0; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, 100, "Logging %s (%s): %s", + levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); + subTest(result); + + callCount++; + if (callCount > 1) { + testError("Incorrect number of Logger Callback <expect 1>"); + } + +cleanup: + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +testLoggerCallback2( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ + char *comp = NULL; + char *msg = NULL; + char result[100]; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, 100, "Logging %s (%s): %s", + levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); + subTest(result); + +cleanup: + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static void +createLogger(PKIX_Logger **logger, + PKIX_PL_Object *context, + PKIX_Logger_LogCallback cb) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(cb, context, logger, plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testContextCallback(PKIX_Logger *logger, PKIX_Logger *logger2) +{ + PKIX_Logger_LogCallback cb = NULL; + PKIX_PL_Object *context = NULL; + PKIX_Boolean cmpResult = PKIX_FALSE; + PKIX_UInt32 length; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetLoggerContext"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggerContext(logger2, &context, plContext)); + + testEqualsHelper((PKIX_PL_Object *)logger, context, PKIX_TRUE, plContext); + + subTest("PKIX_Logger_GetLogCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLogCallback(logger, &cb, plContext)); + + if (cb != testLoggerCallback) { + testError("Incorrect Logger Callback returned"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(context); + PKIX_TEST_RETURN(); +} + +static void +testComponent(PKIX_Logger *logger) +{ + PKIX_ERRORCLASS compName = (PKIX_ERRORCLASS)NULL; + PKIX_ERRORCLASS compNameReturn = (PKIX_ERRORCLASS)NULL; + PKIX_Boolean cmpResult = PKIX_FALSE; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compName, plContext)); + + if (compName != (PKIX_ERRORCLASS)NULL) { + testError("Incorrect Logger Component returned. expect <NULL>"); + } + + subTest("PKIX_Logger_SetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, PKIX_LIST_ERROR, plContext)); + + subTest("PKIX_Logger_GetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compNameReturn, plContext)); + + if (compNameReturn != PKIX_LIST_ERROR) { + testError("Incorrect Logger Component returned."); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testMaxLoggingLevel(PKIX_Logger *logger) +{ + PKIX_UInt32 level = 0; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext)); + + if (level != 0) { + testError("Incorrect Logger MaxLoggingLevel returned"); + } + + subTest("PKIX_Logger_SetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, 3, plContext)); + + subTest("PKIX_Logger_GetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext)); + + if (level != 3) { + testError("Incorrect Logger MaxLoggingLevel returned"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testLogger(PKIX_Logger *logger, PKIX_Logger *logger2) +{ + PKIX_List *loggerList = NULL; + PKIX_List *checkList = NULL; + PKIX_UInt32 length; + PKIX_Boolean cmpResult = PKIX_FALSE; + char *expectedAscii = "[\n" + "\tLogger: \n" + "\tContext: (null)\n" + "\tMaximum Level: 3\n" + "\tComponent Name: LIST\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_GetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext)); + if (length != 0) { + testError("Incorrect Logger List returned"); + } + PKIX_TEST_DECREF_BC(loggerList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggerList, (PKIX_PL_Object *)logger, plContext)); + + subTest("PKIX_SetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggerList, plContext)); + + subTest("PKIX_Logger_SetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger2, PKIX_MUTEX_ERROR, plContext)); + + subTest("PKIX_Logger_SetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger2, 5, plContext)); + + subTest("PKIX_AddLogger"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_AddLogger(logger2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&checkList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger2, plContext)); + + PKIX_TEST_DECREF_BC(loggerList); + + subTest("PKIX_GetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext)); + + subTest("pkix_Loggers_Equals"); + testEqualsHelper((PKIX_PL_Object *)loggerList, + (PKIX_PL_Object *)checkList, + PKIX_TRUE, + plContext); + + subTest("pkix_Loggers_Duplicate"); + testDuplicateHelper((PKIX_PL_Object *)logger, plContext); + + subTest("pkix_Loggers_Hashcode"); + testHashcodeHelper((PKIX_PL_Object *)logger, + (PKIX_PL_Object *)logger, + PKIX_TRUE, + plContext); + + subTest("pkix_Loggers_ToString"); + testToStringHelper((PKIX_PL_Object *)logger, expectedAscii, plContext); + + subTest("PKIX Logger Callback"); + subTest("Expect to have ***Fatal Error (List): Null argument*** once"); + PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, (PKIX_PL_Object *)NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(loggerList); + PKIX_TEST_DECREF_AC(checkList); + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_Logger *logger) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(logger); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_logger(int argc, char *argv[]) +{ + + PKIX_Logger *logger, *logger2; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Loggers"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_Logger_Create"); + createLogger(&logger, NULL, testLoggerCallback); + createLogger(&logger2, (PKIX_PL_Object *)logger, testLoggerCallback2); + + subTest("Logger Context and Callback"); + testContextCallback(logger, logger2); + + subTest("Logger Component"); + testComponent(logger); + + subTest("Logger MaxLoggingLevel"); + testMaxLoggingLevel(logger); + + subTest("Logger List operations"); + testLogger(logger, logger2); + + subTest("PKIX_Logger_Destroy"); + testDestroy(logger); + testDestroy(logger2); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Loggers"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/Makefile b/security/nss/cmd/libpkix/pkix_pl/Makefile new file mode 100644 index 0000000000..1de5ef2694 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk + diff --git a/security/nss/cmd/libpkix/pkix_pl/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/manifest.mn new file mode 100644 index 0000000000..84997cbe6f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/manifest.mn @@ -0,0 +1,11 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ./.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +DIRS = module pki system \ + $(NULL) diff --git a/security/nss/cmd/libpkix/pkix_pl/module/Makefile b/security/nss/cmd/libpkix/pkix_pl/module/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn new file mode 100644 index 0000000000..50d20d0bb4 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn @@ -0,0 +1,25 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_colcertstore.c \ + test_ekuchecker.c \ + test_pk11certstore.c \ + test_socket.c \ + test_httpcertstore.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolmodule +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c new file mode 100644 index 0000000000..37169d6ff7 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c @@ -0,0 +1,247 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_colcertstore.c + * + * Test CollectionCertStore Type + * + */ + +#include "testutil.h" + +#include "testutil_nss.h" + +/* When CRL IDP is supported, change NUM_CRLS to 9 */ +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 4 +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS 15 + +static void *plContext = NULL; + +static PKIX_Error * +testCRLSelectorMatchCallback( + PKIX_CRLSelector *selector, + PKIX_PL_CRL *crl, + PKIX_Boolean *pMatch, + void *plContext) +{ + *pMatch = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +testCertSelectorMatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + *pResult = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + PKIX_List **pCerts, + void *plContext) +{ + return (0); +} + +static char * +catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen + + dirLen + + 2, + (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testGetCRL(char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CRLCallback crlCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 numCrl = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_PL_CollectionCertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, + &certStore, + plContext)); + + subTest("PKIX_CRLSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback, + NULL, + &crlSelector, + plContext)); + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL)); + + subTest("Getting data from CRL Callback"); + PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, + &numCrl, + plContext)); + + if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { + pkixTestErrorMsg = "unexpected CRL number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(crlList); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testGetCert(char *certDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + certDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_PL_CollectionCertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, + &certStore, + plContext)); + + subTest("PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback, + NULL, + &certSelector, + plContext)); + + subTest("PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest("Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, + &numCert, + plContext)); + + if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName); +} + +/* Functional tests for CollectionCertStore public functions */ + +int +test_colcertstore(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("CollectionCertStore"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < (3 + j)) { + printUsage(argv[0]); + return (0); + } + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testGetCRL(combinedDir); + testGetCert(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CollectionCertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c new file mode 100644 index 0000000000..ccd05a5bf8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c @@ -0,0 +1,275 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_ekuchecker.c + * + * Test Extend Key Usage Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("[E]oid[,oid]* <data-dir> cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +testCertSelectorMatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + *pResult = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +testEkuSetup( + PKIX_ValidateParams *valParams, + char *ekuOidString, + PKIX_Boolean *only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + PKIX_List *ekuList = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_ComCertSelParams *selParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_Boolean last_token = PKIX_FALSE; + PKIX_UInt32 i, tokeni; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_GetProcessingParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Get extended key usage OID(s) from command line, separated by "," */ + + if (ekuOidString[0] == '"') { + /* erase doble quotes, if any */ + i = 1; + while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') { + ekuOidString[i - 1] = ekuOidString[i]; + i++; + } + ekuOidString[i - 1] = '\0'; + } + + if (ekuOidString[0] == '\0') { + ekuList = NULL; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext)); + + /* if OID string start with E, only check for last cert */ + if (ekuOidString[0] == 'E') { + *only4EE = PKIX_TRUE; + tokeni = 2; + i = 1; + } else { + *only4EE = PKIX_FALSE; + tokeni = 1; + i = 0; + } + + while (last_token != PKIX_TRUE) { + while (ekuOidString[tokeni] != ',' && + ekuOidString[tokeni] != '\0') { + tokeni++; + } + if (ekuOidString[tokeni] == '\0') { + last_token = PKIX_TRUE; + } else { + ekuOidString[tokeni] = '\0'; + tokeni++; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + i = tokeni; + } + } + + /* Set extended key usage link to processing params */ + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext)); + + subTest("PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback, + NULL, + &certSelector, + plContext)); + + subTest("PKIX_CertSelector_SetCommonCertSelectorParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext)); + + subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuList); + + PKIX_TEST_RETURN(); + + return (0); +} + +static PKIX_Error * +testEkuChecker( + PKIX_ValidateParams *valParams, + PKIX_Boolean only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + if (only4EE == PKIX_FALSE) { + subTest("PKIX_PL_EkuChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_ekuchecker(int argc, char *argv[]) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + char *dirName = NULL; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + PKIX_Boolean only4EE = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("EKU Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[4 + j]; + + chainLength = (argc - j) - 6; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[6 + i + j]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Extended-Key-Usage-Checker"); + + subTest("Extended-Key-Usage-Checker - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Extended-Key-Usage-Checker - Create Params"); + + valParams = createValidateParams(dirName, + argv[5 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Default CertStore"); + + testEkuSetup(valParams, argv[3 + j], &only4EE); + + testEkuChecker(valParams, only4EE); + + subTest("Extended-Key-Usage-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("EKU Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c new file mode 100644 index 0000000000..62f86300ab --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c @@ -0,0 +1,300 @@ +/* + * test_httpcertstore.c + * + * Test Httpcertstore Type + * + * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistribution of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistribution in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * Neither the name of Sun Microsystems, Inc. or the names of contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * This software is provided "AS IS," without a warranty of any kind. ALL + * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING + * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE + * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") + * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE + * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS + * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST + * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, + * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY + * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, + * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + * + * You acknowledge that this software is not designed or intended for use in + * the design, construction, operation or maintenance of any nuclear facility. + */ + +#include "testutil.h" +#include "testutil_nss.h" +#include "pkix_pl_common.h" + +static void *plContext = NULL; + +static void +printUsage(char *testname) +{ + char *fmt = + "USAGE: %s [-arenas] certDir certName\n"; + printf(fmt, "test_httpcertstore"); +} + +/* Functional tests for Socket public functions */ +static void +do_other_work(void) +{ /* while waiting for nonblocking I/O to complete */ + (void)PR_Sleep(2 * 60); +} + +PKIX_Error * +PKIX_PL_HttpCertStore_Create( + PKIX_PL_HttpClient *client, /* if NULL, use default Client */ + PKIX_PL_GeneralName *location, + PKIX_CertStore **pCertStore, + void *plContext); + +PKIX_Error * +pkix_pl_HttpCertStore_CreateWithAsciiName( + PKIX_PL_HttpClient *client, /* if NULL, use default Client */ + char *location, + PKIX_CertStore **pCertStore, + void *plContext); + +static PKIX_Error * +getLocation( + PKIX_PL_Cert *certWithAia, + PKIX_PL_GeneralName **pLocation, + void *plContext) +{ + PKIX_List *aiaList = NULL; + PKIX_UInt32 size = 0; + PKIX_PL_InfoAccess *aia = NULL; + PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN; + PKIX_PL_GeneralName *location = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Getting Authority Info Access"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certWithAia, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType(aia, &iaType, plContext)); + + if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) { + pkixTestErrorMsg = "unexpected location type in AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(aia, &location, plContext)); + + *pLocation = location; + +cleanup: + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(aia); + + PKIX_TEST_RETURN(); + + return (NULL); +} + +int +test_httpcertstore(int argc, char *argv[]) +{ + + PKIX_UInt32 i = 0; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 numCrls = 0; + int j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 length = 0; + + char *certName = NULL; + char *certDir = NULL; + PKIX_PL_Cert *cmdLineCert = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_PL_GeneralName *location = NULL; + PKIX_CertStore_CertCallback getCerts = NULL; + PKIX_List *certs = NULL; + char *asciiResult = NULL; + void *nbio = NULL; + + PKIX_PL_CRL *crl = NULL; + PKIX_CRLSelector *crlSelector = NULL; + char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL" + "files/BasicHTTPURIPeer2CACRL.crl"; + PKIX_CertStore_CRLCallback getCrls = NULL; + PKIX_List *crls = NULL; + PKIX_PL_String *crlString = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("HttpCertStore"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc != (j + 3)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Missing command line argument."; + goto cleanup; + } + + certDir = argv[++j]; + certName = argv[++j]; + + cmdLineCert = createCert(certDir, certName, plContext); + if (cmdLineCert == NULL) { + pkixTestErrorMsg = "Unable to create Cert"; + goto cleanup; + } + + /* muster arguments to create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(getLocation(cmdLineCert, &location, plContext)); + + if (location == NULL) { + pkixTestErrorMsg = "Give me a cert with an HTTP URI!"; + goto cleanup; + } + + /* create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create(NULL, location, &certStore, plContext)); + + /* get the GetCerts callback */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCerts, plContext)); + + /* create a CertSelector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + /* Get the certs */ + PKIX_TEST_EXPECT_NO_ERROR(getCerts(certStore, certSelector, &nbio, &certs, plContext)); + + while (nbio != NULL) { + /* poll for a completion */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue(certStore, certSelector, &nbio, &certs, plContext)); + } + + if (certs) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + if (numCerts == 0) { + printf("HttpCertStore returned an empty Cert list\n"); + goto cleanup; + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } else { + printf("HttpCertStore returned a NULL Cert list\n"); + } + + /* create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName(NULL, crlLocation, &crlStore, plContext)); + + /* get the GetCrls callback */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrls, plContext)); + + /* create a CrlSelector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &crlSelector, plContext)); + + /* Get the crls */ + PKIX_TEST_EXPECT_NO_ERROR(getCrls(crlStore, crlSelector, &nbio, &crls, plContext)); + + while (nbio != NULL) { + /* poll for a completion */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue(crlStore, crlSelector, &nbio, &crls, plContext)); + } + + if (crls) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crls, &numCrls, plContext)); + + if (numCrls == 0) { + printf("HttpCertStore returned an empty CRL list\n"); + goto cleanup; + } + + for (i = 0; i < numCrls; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(crls, + i, + (PKIX_PL_Object **)&crl, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString( + (PKIX_PL_Object *)crl, + &crlString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(crlString, + PKIX_ESCASCII, + (void **)&asciiResult, + &length, + plContext)); + + printf("CRL[%d]:\n%s\n", i, asciiResult); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); + PKIX_TEST_DECREF_BC(crlString); + PKIX_TEST_DECREF_BC(crl); + } + } else { + printf("HttpCertStore returned a NULL CRL list\n"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(cmdLineCert); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(location); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(crl); + PKIX_TEST_DECREF_AC(crlString); + PKIX_TEST_DECREF_AC(crls); + + PKIX_TEST_RETURN(); + + endTests("HttpDefaultClient"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c new file mode 100644 index 0000000000..58fceb14f0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c @@ -0,0 +1,580 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_pk11certstore.c + * + * Test Pk11CertStore Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +/* + * This function creates a certSelector with ComCertSelParams set up to + * select entries whose Subject Name matches that in the given Cert and + * whose validity window includes the Date specified by "validityDate". + */ +static void +test_makeSubjectCertSelector( + PKIX_PL_Cert *certNameToMatch, + PKIX_PL_Date *validityDate, + PKIX_CertSelector **pSelector, + void *plContext) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *subjParams = NULL; + PKIX_PL_X500Name *subjectName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(subjParams, validityDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(subjParams); + PKIX_TEST_DECREF_AC(subjectName); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a certSelector with ComCertSelParams set up to + * select entries containing a Basic Constraints extension with a path + * length of at least the specified "minPathLength". + */ +static void +test_makePathCertSelector( + PKIX_Int32 minPathLength, + PKIX_CertSelector **pSelector, + void *plContext) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *pathParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&pathParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(pathParams, minPathLength, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, pathParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(pathParams); + + PKIX_TEST_RETURN(); +} + +/* + * This function reads a directory-file cert specified by "desiredSubjectCert", + * and decodes the SubjectName. It uses that name to set up the CertSelector + * for a Subject Name match, and then queries the database for matching entries. + * It is intended to test a "smart" database query. + */ +static void +testMatchCertSubject( + char *crlDir, + char *desiredSubjectCert, + char *expectedAscii, + PKIX_PL_Date *validityDate, + void *plContext) +{ + PKIX_UInt32 numCert = 0; + PKIX_PL_Cert *certWithDesiredSubject = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_CertStore_CertCallback getCert = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext); + + test_makeSubjectCertSelector(certWithDesiredSubject, + validityDate, + &certSelector, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert > 0) { + /* List should be immutable */ + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext)); + } + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certWithDesiredSubject); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certList); + + PKIX_TEST_RETURN(); +} + +/* + * This function uses the minimum path length specified by "minPath" to set up + * a CertSelector for a BasicConstraints match, and then queries the database + * for matching entries. It is intended to test the case where there + * is no "smart" database query, so the database will be asked for all + * available certs and the filtering will be done by the interaction of the + * certstore and the selector. + */ +static void +testMatchCertMinPath( + PKIX_Int32 minPath, + char *expectedAscii, + void *plContext) +{ + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_CertStore_CertCallback getCert = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching Certs for minPath"); + + test_makePathCertSelector(minPath, &certSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certList); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a crlSelector with ComCrlSelParams set up to + * select entries whose Issuer Name matches that in the given Crl. + */ +static void +test_makeIssuerCRLSelector( + PKIX_PL_CRL *crlNameToMatch, + PKIX_CRLSelector **pSelector, + void *plContext) +{ + PKIX_CRLSelector *selector = NULL; + PKIX_ComCRLSelParams *issuerParams = NULL; + PKIX_PL_X500Name *issuerName = NULL; + PKIX_List *names = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(issuerParams); + PKIX_TEST_DECREF_AC(issuerName); + PKIX_TEST_DECREF_AC(names); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a crlSelector with ComCrlSelParams set up to + * select entries that would be valid at the Date specified by the Date + * criterion. + */ +static void +test_makeDateCRLSelector( + PKIX_PL_Date *dateToMatch, + PKIX_CRLSelector **pSelector, + void *plContext) +{ + PKIX_CRLSelector *selector = NULL; + PKIX_ComCRLSelParams *dateParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&dateParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(dateParams, dateToMatch, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, dateParams, plContext)); + *pSelector = selector; + +cleanup: + PKIX_TEST_DECREF_AC(dateParams); + + PKIX_TEST_RETURN(); +} + +/* + * This function reads a directory-file crl specified by "desiredIssuerCrl", + * and decodes the IssuerName. It uses that name to set up the CrlSelector + * for a Issuer Name match, and then queries the database for matching entries. + * It is intended to test the case of a "smart" database query. + */ +static void +testMatchCrlIssuer( + char *crlDir, + char *desiredIssuerCrl, + char *expectedAscii, + void *plContext) +{ + PKIX_UInt32 numCrl = 0; + PKIX_PL_CRL *crlWithDesiredIssuer = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_CertStore_CRLCallback getCrl = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching CRLs for matching Issuer"); + + crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext); + + test_makeIssuerCRLSelector(crlWithDesiredIssuer, &crlSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCrl(crlStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext)); + + if (numCrl > 0) { + /* List should be immutable */ + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(crlList, 0, plContext)); + } + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)crlList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(crlWithDesiredIssuer); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(crlList); + + PKIX_TEST_RETURN(); +} + +/* + * This function uses the date specified by "matchDate" to set up the + * CrlSelector for a Date match. It is intended to test the case where there + * is no "smart" database query, so the CertStore should throw an error + * rather than ask the database for all available CRLs and then filter the + * results using the selector. + */ +static void +testMatchCrlDate( + char *dateMatch, + char *expectedAscii, + void *plContext) +{ + PKIX_PL_Date *dateCriterion = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_CertStore_CRLCallback getCrl = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching CRLs for matching Date"); + + dateCriterion = createDate(dateMatch, plContext); + test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext)); + + PKIX_TEST_EXPECT_ERROR(getCrl(crlStore, crlSelector, NULL, &crlList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dateCriterion); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(crlList); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName); +} + +/* Functional tests for Pk11CertStore public functions */ + +int +test_pk11certstore(int argc, char *argv[]) +{ + + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_PL_Date *validityDate = NULL; + PKIX_PL_Date *betweenDate = NULL; + char *crlDir = NULL; + char *expectedProfAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 00ca\n" + "\tIssuer: CN=chemistry,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 14:14:06 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(6)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 03\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:52:26 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedValidityAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 03\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:52:26 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedMinPathAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 01\n" + "\tIssuer: CN=science,O=mit,C=us\n" + "\tSubject: CN=science,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:47:58 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(10)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedIssuerAscii = "([\n" + "\tVersion: v2\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 67\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Feb 11 13:51:38 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ")"; + char *expectedDateAscii = "([\n" + "\tVersion: v2\n" + "\tIssuer: CN=science,O=mit,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 65\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Feb 11 13:34:40 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ", [\n" + "\tVersion: v2\n" + "\tIssuer: CN=testing CRL,O=test,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 67\n" + "\tReasonCode: 258\n" + "\tRevocationDate: Fri Feb 11 13:14:38 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ")"; + + PKIX_TEST_STD_VARS(); + + startTests("Pk11CertStore"); + + if (argc < 3) { + printUsage(argv[0]); + return (0); + } + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + crlDir = argv[j + 2]; + + /* Two certs for prof should be valid now */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validityDate, plContext)); + + subTest("Searching Certs for Subject"); + + testMatchCertSubject(crlDir, + "phy2prof.crt", + NULL, /* expectedProfAscii, */ + validityDate, + plContext); + + /* One of the certs was not yet valid at this time. */ + betweenDate = createDate("050210184000Z", plContext); + + subTest("Searching Certs for Subject and Validity"); + + testMatchCertSubject(crlDir, + "phy2prof.crt", + NULL, /* expectedValidityAscii, */ + betweenDate, + plContext); + + testMatchCertMinPath(9, + NULL, /* expectedMinPathAscii, */ + plContext); + + testMatchCrlIssuer(crlDir, + "phys.crl", + NULL, /* expectedIssuerAscii, */ + plContext); + + testMatchCrlDate("050211184000Z", + NULL, /* expectedDateAscii, */ + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(validityDate); + PKIX_TEST_DECREF_AC(betweenDate); + + PKIX_TEST_RETURN(); + + endTests("Pk11CertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c new file mode 100644 index 0000000000..d43614a6b3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c @@ -0,0 +1,571 @@ +/* + * test_socket.c + * + * Test Socket Type + * + * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistribution of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistribution in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * Neither the name of Sun Microsystems, Inc. or the names of contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * This software is provided "AS IS," without a warranty of any kind. ALL + * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING + * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE + * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") + * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE + * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS + * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST + * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, + * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY + * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, + * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + * + * You acknowledge that this software is not designed or intended for use in + * the design, construction, operation or maintenance of any nuclear facility. + */ + +#include "testutil.h" +#include "testutil_nss.h" +#include "pkix_pl_common.h" + +#define LDAP_PORT 389 + +static void *plContext = NULL; + +typedef enum { + SERVER_LISTENING, + SERVER_RECV1, + SERVER_POLL1, + SERVER_SEND2, + SERVER_POLL2, + SERVER_RECV3, + SERVER_POLL3, + SERVER_SEND4, + SERVER_POLL4, + SERVER_DONE, + SERVER_FAILED +} SERVER_STATE; + +typedef enum { + CLIENT_WAITFORCONNECT, + CLIENT_SEND1, + CLIENT_POLL1, + CLIENT_RECV2, + CLIENT_POLL2, + CLIENT_SEND3, + CLIENT_POLL3, + CLIENT_RECV4, + CLIENT_POLL4, + CLIENT_DONE, + CLIENT_FAILED +} CLIENT_STATE; + +SERVER_STATE serverState; +CLIENT_STATE clientState; +PKIX_PL_Socket *sSock = NULL; +PKIX_PL_Socket *cSock = NULL; +PKIX_PL_Socket *rendezvousSock = NULL; +PKIX_PL_Socket_Callback *sCallbackList; +PKIX_PL_Socket_Callback *cCallbackList; +PKIX_PL_Socket_Callback *rvCallbackList; +PRNetAddr serverNetAddr; +PRNetAddr clientNetAddr; +PRIntn backlog = 0; +PRIntervalTime timeout = 0; +char *sendBuf1 = "Hello, world!"; +char *sendBuf2 = "Ack"; +char *sendBuf3 = "What do you mean, \"Ack\"?"; +char *sendBuf4 = "What do you mean, \"What do you mean, \'Ack\'?\"?"; +char rcvBuf1[100]; +char rcvBuf2[100]; + +static void +printUsage(char *testname) +{ + char *fmt = "USAGE: %s [-arenas] server:port\n"; + printf(fmt, testname); +} + +/* Functional tests for Socket public functions */ +static void +do_other_work(void) +{ /* while waiting for nonblocking I/O to complete */ + (void)PR_Sleep(2 * 60); +} + +static PKIX_Boolean +server() +{ + PKIX_Int32 bytesRead = 0; + PKIX_Int32 bytesWritten = 0; + PKIX_Boolean keepGoing = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + switch (serverState) { + case SERVER_LISTENING: + subTest("SERVER_LISTENING"); + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback(sSock, &rendezvousSock, plContext)); + if (rendezvousSock) { + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(rendezvousSock, &rvCallbackList, plContext)); + + serverState = SERVER_RECV1; + } + break; + case SERVER_RECV1: + subTest("SERVER_RECV1"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock, + rcvBuf1, + sizeof(rcvBuf1), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf1 = sendBuf1 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) || + (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + + serverState = SERVER_SEND2; + keepGoing = PKIX_TRUE; + } else { + serverState = SERVER_POLL1; + } + break; + case SERVER_POLL1: + subTest("SERVER_POLL1"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf1 = sendBuf1 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) || + (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + + serverState = SERVER_SEND2; + keepGoing = PKIX_TRUE; + } + break; + case SERVER_SEND2: + subTest("SERVER_SEND2"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock, + sendBuf2, + strlen(sendBuf2) + + 1, + &bytesWritten, + plContext)); + if (bytesWritten > 0) { + serverState = SERVER_RECV3; + } else { + serverState = SERVER_POLL2; + } + break; + case SERVER_POLL2: + subTest("SERVER_POLL2"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + serverState = SERVER_RECV3; + } + break; + case SERVER_RECV3: + subTest("SERVER_RECV3"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock, + rcvBuf1, + sizeof(rcvBuf1), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + serverState = SERVER_SEND4; + keepGoing = PKIX_TRUE; + } else { + serverState = SERVER_POLL3; + } + break; + case SERVER_POLL3: + subTest("SERVER_POLL3"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + serverState = SERVER_SEND4; + keepGoing = PKIX_TRUE; + } + break; + case SERVER_SEND4: + subTest("SERVER_SEND4"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock, + sendBuf4, + strlen(sendBuf4) + + 1, + &bytesWritten, + plContext)); + + if (bytesWritten > 0) { + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext)); + PKIX_TEST_DECREF_BC(sSock); + PKIX_TEST_DECREF_BC(rendezvousSock); + serverState = SERVER_DONE; + } else { + serverState = SERVER_POLL4; + } + break; + case SERVER_POLL4: + subTest("SERVER_POLL4"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext)); + PKIX_TEST_DECREF_BC(sSock); + PKIX_TEST_DECREF_BC(rendezvousSock); + serverState = SERVER_DONE; + } + break; + case SERVER_DONE: + default: + subTest("SERVER_DONE"); + break; + } + +cleanup: + + PKIX_TEST_RETURN(); + + return (keepGoing); +} + +static PKIX_Boolean +client() +{ + PKIX_Boolean keepGoing = PKIX_FALSE; + PKIX_Int32 bytesRead = 0; + PKIX_Int32 bytesWritten = 0; + PRErrorCode cStat = 0; + + /* At 2 seconds each cycle, this should suffice! */ + PKIX_UInt32 giveUpCount = 10; + + PKIX_TEST_STD_VARS(); + + switch (clientState) { + case CLIENT_WAITFORCONNECT: + subTest("CLIENT_WAITFORCONNECT"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback(cSock, &cStat, plContext)); + if (cStat == 0) { + clientState = CLIENT_SEND1; + keepGoing = PKIX_TRUE; + } else { + clientState = CLIENT_WAITFORCONNECT; + if (--giveUpCount == 0) { + testError("Client unable to connect"); + } + } + break; + case CLIENT_SEND1: + subTest("CLIENT_SEND1"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock, + sendBuf1, + strlen(sendBuf1) + + 1, + &bytesWritten, + plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV2; + } else { + clientState = CLIENT_POLL1; + } + break; + case CLIENT_POLL1: + subTest("CLIENT_POLL1"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV2; + } else { + clientState = CLIENT_POLL1; + } + break; + case CLIENT_RECV2: + subTest("CLIENT_RECV2"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock, + rcvBuf2, + sizeof(rcvBuf2), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf2 = sendBuf2 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) || + (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + clientState = CLIENT_SEND3; + keepGoing = PKIX_TRUE; + } else { + clientState = CLIENT_POLL2; + } + break; + case CLIENT_POLL2: + subTest("CLIENT_POLL2"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + /* confirm that rcvBuf2 = sendBuf2 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) || + (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + clientState = CLIENT_SEND3; + } else { + clientState = CLIENT_POLL2; + } + break; + case CLIENT_SEND3: + subTest("CLIENT_SEND3"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock, + sendBuf3, + strlen(sendBuf3) + + 1, + &bytesWritten, + plContext)); + + if (bytesWritten > 0) { + clientState = CLIENT_RECV4; + } else { + clientState = CLIENT_POLL3; + } + break; + case CLIENT_POLL3: + subTest("CLIENT_POLL3"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV4; + } else { + clientState = CLIENT_POLL3; + } + break; + case CLIENT_RECV4: + subTest("CLIENT_RECV4"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock, + rcvBuf2, + sizeof(rcvBuf2), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext)); + PKIX_TEST_DECREF_BC(cSock); + clientState = CLIENT_DONE; + } else { + clientState = CLIENT_POLL4; + } + break; + case CLIENT_POLL4: + subTest("CLIENT_POLL4"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext)); + PKIX_TEST_DECREF_BC(cSock); + clientState = CLIENT_DONE; + } else { + clientState = CLIENT_POLL4; + } + break; + case CLIENT_DONE: + default: + subTest("CLIENT_DONE"); + break; + } + +cleanup: + + PKIX_TEST_RETURN(); + + return (keepGoing); +} + +static void +dispatcher() +{ + PKIX_Boolean keepGoing = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + do { + if (serverState < SERVER_DONE) { + do { + keepGoing = server(); + } while (keepGoing == PKIX_TRUE); + } + if (clientState < CLIENT_DONE) { + do { + keepGoing = client(); + } while (keepGoing == PKIX_TRUE); + } + do_other_work(); + + } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE)); + + PKIX_TEST_RETURN(); +} + +int +test_socket(int argc, char *argv[]) +{ + + int j = 0; + PKIX_UInt32 actualMinorVersion; + char buf[PR_NETDB_BUF_SIZE]; + char *serverName = NULL; + char *sepPtr = NULL; + PRHostEnt hostent; + PRUint16 portNum = 0; + PRStatus prstatus = PR_FAILURE; + PRErrorCode cStat = 0; + void *ipaddr = NULL; + PKIX_Error *bindError = NULL; + PRIntn hostenum; + + PKIX_TEST_STD_VARS(); + + startTests("Socket"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc != (j + 2)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Missing command line argument."; + goto cleanup; + } + + serverName = argv[j + 1]; + + subTest("Using pkix_pl_Socket_CreateByName"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext)); + + serverState = SERVER_LISTENING; + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext)); + + if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) { + clientState = CLIENT_WAITFORCONNECT; + } else { + clientState = CLIENT_SEND1; + } + + dispatcher(); + + subTest("Using pkix_pl_Socket_Create"); + + sepPtr = strchr(serverName, ':'); + /* First strip off the portnum, if present, from the end of the name */ + if (sepPtr) { + *sepPtr++ = '\0'; + portNum = (PRUint16)atoi(sepPtr); + } else { + portNum = (PRUint16)LDAP_PORT; + } + /* + * The hostname may be a fully-qualified name. Just + * use the leftmost component in our lookup. + */ + sepPtr = strchr(serverName, '.'); + if (sepPtr) { + *sepPtr++ = '\0'; + } + prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent); + + if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) { + printUsage(argv[0]); + pkixTestErrorMsg = + "PR_GetHostByName rejects command line argument."; + goto cleanup; + } + + serverNetAddr.inet.family = PR_AF_INET; + serverNetAddr.inet.port = PR_htons(portNum); + serverNetAddr.inet.ip = PR_htonl(PR_INADDR_ANY); + + hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr); + if (hostenum == -1) { + pkixTestErrorMsg = + "PR_EnumerateHostEnt failed."; + goto cleanup; + } + + backlog = 5; + + /* timeout = PR_INTERVAL_NO_TIMEOUT; */ + /* timeout = 0; nonblocking */ + timeout = 0; + + bindError = pkix_pl_Socket_Create(PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext); + + /* If PR_Bind can't handle INADDR_ANY, try it with the real name */ + if (bindError) { + PKIX_TEST_DECREF_BC(bindError); + serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_TRUE, + timeout, + &serverNetAddr, + &cStat, + &sSock, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext)); + + serverState = SERVER_LISTENING; + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext)); + + if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) { + clientState = CLIENT_WAITFORCONNECT; + } else { + clientState = CLIENT_SEND1; + } + + dispatcher(); + +cleanup: + + PKIX_TEST_DECREF_AC(sSock); + PKIX_TEST_DECREF_AC(cSock); + PKIX_TEST_DECREF_AC(rendezvousSock); + + PKIX_TEST_RETURN(); + + endTests("Socket"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/Makefile b/security/nss/cmd/libpkix/pkix_pl/pki/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn new file mode 100644 index 0000000000..15fae7bb5f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn @@ -0,0 +1,29 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_cert.c \ + test_crl.c \ + test_crlentry.c \ + test_date.c \ + test_generalname.c \ + test_nameconstraints.c \ + test_x500name.c \ + test_authorityinfoaccess.c \ + test_subjectinfoaccess.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolpki +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c new file mode 100644 index 0000000000..156b440f9c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c @@ -0,0 +1,105 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_authorityinfoaccess.c + * + * Test Authority InfoAccess Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int +test_authorityinfoaccess(int argc, char *argv[]) +{ + + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *certDiff = NULL; + PKIX_List *aiaList = NULL; + PKIX_List *siaList = NULL; + PKIX_PL_InfoAccess *aia = NULL; + PKIX_PL_InfoAccess *aiaDup = NULL; + PKIX_PL_InfoAccess *aiaDiff = NULL; + char *certPathName = NULL; + char *dirName = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 size, i; + PKIX_UInt32 j = 0; + char *expectedAscii = "[method:caIssuers, location:ldap:" + "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1," + "o=Test%20Certificates,c=US?cACertificate;binary," + "crossCertificatePair;binary]"; + + PKIX_TEST_STD_VARS(); + + startTests("AuthorityInfoAccess"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 5 + j) { + printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); + } + + dirName = argv[2 + j]; + certPathName = argv[3 + j]; + + subTest("Creating Cert with Authority Info Access"); + cert = createCert(dirName, certPathName, plContext); + + certPathName = argv[4 + j]; + + subTest("Creating Cert with Subject Info Access"); + certDiff = createCert(dirName, certPathName, plContext); + + subTest("Getting Authority Info Access"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(cert, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aiaDup, plContext)); + + subTest("Getting Subject Info Access as difference comparison"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(certDiff, &siaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&aiaDiff, plContext)); + + subTest("Checking: Equal, Hash and ToString"); + PKIX_TEST_EQ_HASH_TOSTR_DUP(aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(aia); + PKIX_TEST_DECREF_AC(aiaDup); + PKIX_TEST_DECREF_AC(aiaDiff); + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(siaList); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certDiff); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Authorityinfoaccess"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c new file mode 100644 index 0000000000..274f818ab3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c @@ -0,0 +1,2088 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_cert.c + * + * Test Cert Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static PKIX_PL_Cert *altNameNoneCert = NULL; +static PKIX_PL_Cert *altNameOtherCert = NULL; +static PKIX_PL_Cert *altNameOtherCert_diff = NULL; +static PKIX_PL_Cert *altNameRfc822Cert = NULL; +static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL; +static PKIX_PL_Cert *altNameDnsCert = NULL; +static PKIX_PL_Cert *altNameDnsCert_diff = NULL; +static PKIX_PL_Cert *altNameX400Cert = NULL; +static PKIX_PL_Cert *altNameX400Cert_diff = NULL; +static PKIX_PL_Cert *altNameDnCert = NULL; +static PKIX_PL_Cert *altNameDnCert_diff = NULL; +static PKIX_PL_Cert *altNameEdiCert = NULL; +static PKIX_PL_Cert *altNameEdiCert_diff = NULL; +static PKIX_PL_Cert *altNameUriCert = NULL; +static PKIX_PL_Cert *altNameUriCert_diff = NULL; +static PKIX_PL_Cert *altNameIpCert = NULL; +static PKIX_PL_Cert *altNameIpCert_diff = NULL; +static PKIX_PL_Cert *altNameOidCert = NULL; +static PKIX_PL_Cert *altNameOidCert_diff = NULL; +static PKIX_PL_Cert *altNameMultipleCert = NULL; + +static void *plContext = NULL; + +static void +createCerts( + char *dataCentralDir, + char *goodInput, + char *diffInput, + PKIX_PL_Cert **goodObject, + PKIX_PL_Cert **equalObject, + PKIX_PL_Cert **diffObject) +{ + subTest("PKIX_PL_Cert_Create <goodObject>"); + *goodObject = createCert(dataCentralDir, goodInput, plContext); + + subTest("PKIX_PL_Cert_Create <equalObject>"); + *equalObject = createCert(dataCentralDir, goodInput, plContext); + + subTest("PKIX_PL_Cert_Create <diffObject>"); + *diffObject = createCert(dataCentralDir, diffInput, plContext); +} + +static void +createCertsWithSubjectAltNames(char *dataCentralDir) +{ + subTest("PKIX_PL_Cert_Create <altNameDNS>"); + altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDNS_diff>"); + altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameRFC822>"); + altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>"); + altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameX400Cert>"); + altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameX400_diff>"); + altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDN>"); + altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDN_diff>"); + altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameEdiCert>"); + altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameEdi_diff>"); + altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameURI>"); + altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameURI_diff>"); + altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameIP>"); + altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameIP_diff>"); + altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOID>"); + altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOID_diff>"); + altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOther>"); + altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOther_diff>"); + altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameNone>"); + altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameMultiple>"); + altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext); +} + +static void +testGetVersion( + PKIX_PL_Cert *goodObject) +{ + PKIX_UInt32 goodVersion; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetVersion"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext)); + + if (goodVersion != 2) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", goodVersion); + (void)printf("Expected value:\t2\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetSerialNumber( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_BigInt *goodSN = NULL; + PKIX_PL_BigInt *equalSN = NULL; + PKIX_PL_BigInt *diffSN = NULL; + char *expectedAscii = "37bc66ec"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSerialNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodSN); + PKIX_TEST_DECREF_AC(equalSN); + PKIX_TEST_DECREF_AC(diffSN); + + PKIX_TEST_RETURN(); +} + +static void +testGetSubject( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_PL_X500Name *diffSubject = NULL; + char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubject"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext)); + + if (!goodSubject) { + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext)); + + if (!equalSubject) { + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext)); + + if (!diffSubject) { + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject, + equalSubject, + diffSubject, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(diffSubject); + + PKIX_TEST_RETURN(); +} + +static void +testGetIssuer( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_X500Name *goodIssuer = NULL; + PKIX_PL_X500Name *equalIssuer = NULL; + PKIX_PL_X500Name *diffIssuer = NULL; + char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetIssuer"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer, + equalIssuer, + diffIssuer, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodIssuer); + PKIX_TEST_DECREF_AC(equalIssuer); + PKIX_TEST_DECREF_AC(diffIssuer); + + PKIX_TEST_RETURN(); +} + +static void +testAltNames( + PKIX_PL_Cert *goodCert, + PKIX_PL_Cert *diffCert, + char *expectedAscii) +{ + PKIX_List *goodAltNames = NULL; + PKIX_List *diffAltNames = NULL; + PKIX_PL_GeneralName *goodAltName = NULL; + PKIX_PL_GeneralName *diffAltName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames, + 0, + (PKIX_PL_Object **)&goodAltName, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames, + 0, + (PKIX_PL_Object **)&diffAltName, + plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName, + expectedAscii, GeneralName, PKIX_TRUE); + +cleanup: + PKIX_TEST_DECREF_AC(goodAltNames); + PKIX_TEST_DECREF_AC(goodAltName); + PKIX_TEST_DECREF_AC(diffAltNames); + PKIX_TEST_DECREF_AC(diffAltName); + PKIX_TEST_RETURN(); +} + +static void +testAltNamesNone(PKIX_PL_Cert *cert) +{ + + PKIX_List *altNames = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext)); + + if (altNames != NULL) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%p\n", (void *)altNames); + (void)printf("Expected value:\tNULL\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(altNames); + PKIX_TEST_RETURN(); +} +static void +testAltNamesMultiple() +{ + PKIX_List *altNames = NULL; + PKIX_PL_GeneralName *firstAltName = NULL; + PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME; + PKIX_PL_GeneralName *secondAltName = NULL; + PKIX_Int32 secondExpectedType = PKIX_DNS_NAME; + + char *expectedAscii = + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 2d\n" + "\tIssuer: OU=labs,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n" + "\tValidity: [From: Mon Feb 09, 2004\n" + /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */ + "\t To: Mon Feb 09, 2004]\n" + /* "\t To: Mon Feb 09 14:43:52 2004]\n" */ + "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (EMPTY)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: (null)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "\tAuthorityInfoAccess: (null)\n" + "\tSubjectInfoAccess: (null)\n" + "\tCacheFlag: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + testToStringHelper((PKIX_PL_Object *)altNameMultipleCert, + expectedAscii, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext)); + + if (firstAltName->type != firstExpectedType) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", firstAltName->type); + (void)printf("Expected value:\t%d\n", firstExpectedType); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext)); + + if (secondAltName->type != secondExpectedType) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", secondAltName->type); + (void)printf("Expected value:\t%d\n", secondExpectedType); + goto cleanup; + } + +cleanup: + PKIX_TEST_DECREF_AC(altNames); + PKIX_TEST_DECREF_AC(firstAltName); + PKIX_TEST_DECREF_AC(secondAltName); + PKIX_TEST_RETURN(); +} + +static void +testGetSubjectAltNames(char *dataCentralDir) +{ + + char *expectedAscii = NULL; + + createCertsWithSubjectAltNames(dataCentralDir); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>"); + expectedAscii = "east.sun.com"; + testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>"); + expectedAscii = "alice.barnes@bcn.east.sun.com"; + testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii); + + /* + *this should work once bugzilla bug #233586 is fixed. + *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>"); + *expectedAscii = "X400Address: <DER-encoded value>"; + *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii); + */ + + subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>"); + expectedAscii = "CN=elley,OU=labs,O=sun,C=us"; + testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii); + + /* + * this should work once bugzilla bug #233586 is fixed. + * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>"); + * expectedAscii = "EDIPartyName: <DER-encoded value>"; + * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii); + */ + + subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>"); + expectedAscii = "http://www.sun.com"; + testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>"); + expectedAscii = "1.2.3.4"; + testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>"); + expectedAscii = "1.2.39"; + testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>"); + expectedAscii = "1.7.26.97"; + testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <none>"); + testAltNamesNone(altNameNoneCert); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>"); + testAltNamesMultiple(); +} + +static void +testGetSubjectPublicKey( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_PublicKey *goodPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + PKIX_PL_PublicKey *diffPubKey = NULL; + char *expectedAscii = "ANSI X9.57 DSA Signature"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey, + expectedAscii, PublicKey, PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + PKIX_TEST_DECREF_AC(diffPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject) +{ + PKIX_PL_OID *pkixPubKeyOID = NULL; + char *expectedAscii = "1.2.840.10040.4.1"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext)); + + testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(pkixPubKeyOID); + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsPresent(PKIX_PL_Cert *cert) +{ + PKIX_List *critOIDList = NULL; + char *firstOIDAscii = "2.5.29.15"; + PKIX_PL_OID *firstOID = NULL; + char *secondOIDAscii = "2.5.29.19"; + PKIX_PL_OID *secondOID = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext)); + testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext)); + + testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(critOIDList); + PKIX_TEST_DECREF_AC(firstOID); + PKIX_TEST_DECREF_AC(secondOID); + + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_Cert *cert) +{ + PKIX_List *oidList = NULL; + PKIX_Boolean empty; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); + + if (!empty) { + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + PKIX_TEST_RETURN(); +} + +static void +testAllExtensionsAbsent(char *dataCentralDir) +{ + PKIX_List *oidList = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_Boolean empty; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <noExtensionsCert>"); + cert = createCert(dataCentralDir, "noExtensionsCert", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); + + if (!empty) { + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + PKIX_TEST_DECREF_AC(oidList); + PKIX_TEST_DECREF_AC(cert); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject) +{ + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<CritExtensionsPresent>"); + testCritExtensionsPresent(goodObject); + + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<CritExtensionsAbsent>"); + testCritExtensionsAbsent(altNameOidCert); + + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<AllExtensionsAbsent>"); + testAllExtensionsAbsent(dataCentralDir); +} + +static void +testKeyIdentifiersMatching(char *dataCentralDir) +{ + PKIX_PL_Cert *subjKeyIDCert = NULL; + PKIX_PL_Cert *authKeyIDCert = NULL; + PKIX_PL_ByteArray *subjKeyID = NULL; + PKIX_PL_ByteArray *authKeyID = NULL; + PKIX_PL_ByteArray *subjKeyID_diff = NULL; + + char *expectedAscii = + "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225," + " 139, 009, 126, 127, 234, 025, 072, 078, 097]"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <subjKeyIDCert>"); + subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext); + + subTest("PKIX_PL_Cert_Create <authKeyIDCert>"); + authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext); + + subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext)); + + subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID, + authKeyID, + subjKeyID_diff, + expectedAscii, + ByteArray, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(subjKeyIDCert); + PKIX_TEST_DECREF_AC(authKeyIDCert); + PKIX_TEST_DECREF_AC(subjKeyID); + PKIX_TEST_DECREF_AC(authKeyID); + PKIX_TEST_DECREF_AC(subjKeyID_diff); + + PKIX_TEST_RETURN(); +} + +static void +testKeyIdentifierAbsent(PKIX_PL_Cert *cert) +{ + PKIX_PL_ByteArray *subjKeyID = NULL; + PKIX_PL_ByteArray *authKeyID = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext)); + + if (subjKeyID != NULL) { + pkixTestErrorMsg = "unexpected mismatch"; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext)); + + if (authKeyID != NULL) { + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(subjKeyID); + PKIX_TEST_DECREF_AC(authKeyID); + + PKIX_TEST_RETURN(); +} + +static void +testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject) +{ + testKeyIdentifiersMatching(dataCentralDir); + testKeyIdentifierAbsent(goodObject); +} + +static void +testVerifyKeyUsage( + char *dataCentralDir, + char *dataDir, + PKIX_PL_Cert *multiKeyUsagesCert) +{ + PKIX_PL_Cert *encipherOnlyCert = NULL; + PKIX_PL_Cert *decipherOnlyCert = NULL; + PKIX_PL_Cert *noKeyUsagesCert = NULL; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <encipherOnlyCert>"); + encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext); + + subTest("PKIX_PL_Cert_Create <decipherOnlyCert>"); + decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext); + + subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>"); + noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, + PKIX_KEY_CERT_SIGN | + PKIX_DIGITAL_SIGNATURE, + plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(encipherOnlyCert); + PKIX_TEST_DECREF_AC(decipherOnlyCert); + PKIX_TEST_DECREF_AC(noKeyUsagesCert); + + PKIX_TEST_RETURN(); +} + +static void +testGetExtendedKeyUsage(char *dataCentralDir) +{ + + PKIX_PL_Cert *codeSigningEKUCert = NULL; + PKIX_PL_Cert *multiEKUCert = NULL; + PKIX_PL_Cert *noEKUCert = NULL; + PKIX_List *firstExtKeyUsage = NULL; + PKIX_List *secondExtKeyUsage = NULL; + PKIX_List *thirdExtKeyUsage = NULL; + PKIX_PL_OID *firstOID = NULL; + char *oidAscii = "1.3.6.1.5.5.7.3.3"; + PKIX_PL_OID *secondOID = NULL; + char *secondOIDAscii = "1.3.6.1.5.5.7.3.1"; + PKIX_PL_OID *thirdOID = NULL; + char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2"; + PKIX_PL_OID *fourthOID = NULL; + PKIX_UInt32 length = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>"); + codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext); + + subTest("PKIX_PL_Cert_Create <multiEKUCert>"); + multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext); + + subTest("PKIX_PL_Cert_Create <noEKUCert>"); + noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext)); + testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext)); + + if (length != 3) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", length); + (void)printf("Expected value:\t3\n"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, + 0, + (PKIX_PL_Object **)&secondOID, + plContext)); + + testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, + 1, + (PKIX_PL_Object **)&thirdOID, + plContext)); + + testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, + 2, + (PKIX_PL_Object **)&fourthOID, + plContext)); + + testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext)); + + if (thirdExtKeyUsage != NULL) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage); + (void)printf("Expected value:\tNULL\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(firstOID); + PKIX_TEST_DECREF_AC(secondOID); + PKIX_TEST_DECREF_AC(thirdOID); + PKIX_TEST_DECREF_AC(fourthOID); + + PKIX_TEST_DECREF_AC(firstExtKeyUsage); + PKIX_TEST_DECREF_AC(secondExtKeyUsage); + PKIX_TEST_DECREF_AC(thirdExtKeyUsage); + + PKIX_TEST_DECREF_AC(codeSigningEKUCert); + PKIX_TEST_DECREF_AC(multiEKUCert); + PKIX_TEST_DECREF_AC(noEKUCert); + + PKIX_TEST_RETURN(); +} + +static void +testMakeInheritedDSAPublicKey(char *dataCentralDir) +{ + PKIX_PL_PublicKey *firstKey = NULL; + PKIX_PL_PublicKey *secondKey = NULL; + PKIX_PL_PublicKey *resultKeyPositive = NULL; + PKIX_PL_PublicKey *resultKeyNegative = NULL; + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <dsaWithoutParams>"); + firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext); + + subTest("PKIX_PL_Cert_Create <dsaWithParams>"); + secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext)); + + subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext)); + + if (resultKeyPositive == NULL) { + testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed"); + } + + subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + + PKIX_TEST_DECREF_AC(firstKey); + PKIX_TEST_DECREF_AC(secondKey); + PKIX_TEST_DECREF_AC(resultKeyPositive); + PKIX_TEST_DECREF_AC(resultKeyNegative); + + PKIX_TEST_RETURN(); +} + +static void +testVerifySignature(char *dataCentralDir) +{ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_PublicKey *firstPubKey = NULL; + PKIX_PL_PublicKey *secondPubKey = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <labs2yassir>"); + firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext); + + subTest("PKIX_PL_Cert_Create <yassir2labs>"); + secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext)); + + subTest("PKIX_PL_Cert_VerifySignature <positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_VerifySignature <negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(firstPubKey); + PKIX_TEST_DECREF_AC(secondPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testCheckValidity( + PKIX_PL_Cert *olderCert, + PKIX_PL_Cert *newerCert) +{ + /* + * olderCert has the following Validity: + * notBefore = August 19, 1999: 20:19:56 GMT + * notAfter = August 18, 2000: 20:19:56 GMT + * + * newerCert has the following Validity: + * notBefore = November 13, 2003: 16:46:03 GMT + * notAfter = February 13, 2009: 16:46:03 GMT + */ + + /* olderDateAscii = March 29, 2000: 13:48:47 GMT */ + char *olderAscii = "000329134847Z"; + PKIX_PL_String *olderString = NULL; + PKIX_PL_Date *olderDate = NULL; + + /* newerDateAscii = March 29, 2004: 13:48:47 GMT */ + char *newerAscii = "040329134847Z"; + PKIX_PL_String *newerString = NULL; + PKIX_PL_Date *newerDate = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_CheckValidity <creating Dates>"); + + /* create newer date when newer cert is valid but older cert is not */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext)); + + /* create older date when older cert is valid but newer cert is not */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext)); + + /* check validity of both certificates using olderDate */ + subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext)); + + /* check validity of both certificates using newerDate */ + subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext)); + + /* + * check validity of both certificates using current time + * NOTE: these "now" tests will not work when the current + * time is after newerCert.notAfter (~ February 13, 2009) + */ + subTest("PKIX_PL_Cert_CheckValidity <now:positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <now:negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(olderString); + PKIX_TEST_DECREF_AC(newerString); + PKIX_TEST_DECREF_AC(olderDate); + PKIX_TEST_DECREF_AC(newerDate); + + PKIX_TEST_RETURN(); +} + +static void +readCertBasicConstraints( + char *dataDir, + char *goodCertName, + char *diffCertName, + PKIX_PL_CertBasicConstraints **goodBasicConstraints, + PKIX_PL_CertBasicConstraints **equalBasicConstraints, + PKIX_PL_CertBasicConstraints **diffBasicConstraints) +{ + + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + + PKIX_TEST_STD_VARS(); + + createCerts(dataDir, goodCertName, diffCertName, + &goodCert, &equalCert, &diffCert); + /* + * Warning: pointer will be NULL if BasicConstraints + * extension is not present in the certificate. */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraintsHelper( + char *dataDir, + char *goodCertName, + char *diffCertName, + char *expectedAscii) +{ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + + PKIX_TEST_STD_VARS(); + + readCertBasicConstraints(dataDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + /* + * The standard test macro is applicable only + * if BasicConstraint extension is present + * in the certificate. Otherwise some + * pointers will be null. + */ + if ((goodBasicConstraints) && + (equalBasicConstraints) && + (diffBasicConstraints)) { + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints, + equalBasicConstraints, + diffBasicConstraints, + expectedAscii, + BasicConstraints, + PKIX_TRUE); + } else { + /* Test what we can */ + if (goodBasicConstraints) { + if (!equalBasicConstraints) { + testError("Unexpected NULL value of equalBasicConstraints"); + goto cleanup; + } + subTest("PKIX_PL_BasicConstraints_Equals <match>"); + testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(equalBasicConstraints), + PKIX_TRUE, + plContext); + subTest("PKIX_PL_BasicConstraints_Hashcode <match>"); + testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(equalBasicConstraints), + PKIX_TRUE, + plContext); + if (diffBasicConstraints) { + subTest("PKIX_PL_BasicConstraints_Equals <non-match>"); + testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(diffBasicConstraints), + PKIX_FALSE, + plContext); + subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>"); + testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(diffBasicConstraints), + PKIX_FALSE, + plContext); + } + subTest("PKIX_PL_BasicConstraints_Duplicate"); + testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext); + } + if (expectedAscii) { + subTest("PKIX_PL_BasicConstraints_ToString"); + testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints), + expectedAscii, + plContext); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraints_GetCAFlag(char *dataCentralDir) +{ + /* + * XXX When we have a certificate with a non-null Basic + * Constraints field and a value of FALSE for CAFlag, + * this test should be modified to use that + * certificate for diffCertName, and to verify that + * GetCAFlag returns a FALSE value. But our certificates for + * non-CAs are created with no BasicConstraints extension. + */ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + char *goodCertName = "yassir2yassir"; + char *diffCertName = "nss2alice"; + PKIX_Boolean goodCAFlag = PKIX_FALSE; + PKIX_Boolean diffCAFlag = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_BasicConstraints_GetCAFlag"); + + readCertBasicConstraints(dataCentralDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext)); + if (!goodCAFlag) { + testError("BasicConstraint CAFlag unexpectedly FALSE"); + goto cleanup; + } + + if (diffBasicConstraints) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext)); + if (diffCAFlag) { + testError("BasicConstraint CAFlag unexpectedly TRUE"); + goto cleanup; + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraints_GetPathLenConstraint(char *dataCentralDir) +{ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + char *goodCertName = "yassir2yassir"; + char *diffCertName = "sun2sun"; + PKIX_Int32 goodPathLen = 0; + PKIX_Int32 diffPathLen = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint"); + + readCertBasicConstraints(dataCentralDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext)); + if (0 != goodPathLen) { + testError("unexpected basicConstraint pathLen"); + (void)printf("Actual value:\t%d\n", goodPathLen); + (void)printf("Expected value:\t0\n"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext)); + if (1 != diffPathLen) { + testError("unexpected basicConstraint pathLen"); + (void)printf("Actual value:\t%d\n", diffPathLen); + (void)printf("Expected value:\t1\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testGetBasicConstraints(char *dataCentralDir) +{ + char *goodCertName = NULL; + char *diffCertName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>"); + goodCertName = "yassir2yassir"; + diffCertName = "nss2alice"; + testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); + + subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>"); + goodCertName = "nss2alice"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>"); + goodCertName = "yassir2bcn"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>"); + goodCertName = "anchor2dsa"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)"); + + PKIX_TEST_RETURN(); +} + +static void +testGetPolicyInformation(char *dataDir) +{ + + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest15EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest17EE.crt"; + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List *goodPolicyInfo = NULL; + PKIX_List *equalPolicyInfo = NULL; + PKIX_List *diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_Cert_GetPolicyInformation"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, + equalPolicy, + diffPolicy, + NULL, + CertPolicyInfo, + PKIX_FALSE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PolicyInfo List is not immutable"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testCertPolicy_GetPolicyId(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest17EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List *goodPolicyInfo = NULL; + PKIX_List *equalPolicyInfo = NULL; + PKIX_List *diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_PL_OID *goodID = NULL; + PKIX_PL_OID *equalID = NULL; + PKIX_PL_OID *diffID = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertPolicyInfo_GetPolicyId"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Finally, get the policyInfo's ID. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodID); + PKIX_TEST_DECREF_AC(equalID); + PKIX_TEST_DECREF_AC(diffID); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testCertPolicy_GetPolQualifiers(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest18EE.crt"; + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List *goodPolicyInfo = NULL; + PKIX_List *equalPolicyInfo = NULL; + PKIX_List *diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List *goodQuals = NULL; + PKIX_List *equalQuals = NULL; + PKIX_List *diffQuals = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals, + equalQuals, + diffQuals, + NULL, + List, + PKIX_FALSE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PolicyQualifier List is not immutable"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(diffQuals); + + PKIX_TEST_RETURN(); +} + +static void +testPolicyQualifier_GetQualifier(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest18EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List *goodPolicyInfo = NULL; + PKIX_List *equalPolicyInfo = NULL; + PKIX_List *diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List *goodQuals = NULL; + PKIX_List *equalQuals = NULL; + PKIX_List *diffQuals = NULL; + PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; + PKIX_PL_ByteArray *goodArray = NULL; + PKIX_PL_ByteArray *equalArray = NULL; + PKIX_PL_ByteArray *diffArray = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_PolicyQualifier_GetQualifier"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + * Take the first policyQualifier from the list. + * Finally, get the policyQualifier's ByteArray. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, + 0, + (PKIX_PL_Object **)&goodPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, + 0, + (PKIX_PL_Object **)&equalPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, + 0, + (PKIX_PL_Object **)&diffPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodArray); + PKIX_TEST_DECREF_AC(equalArray); + PKIX_TEST_DECREF_AC(diffArray); + PKIX_TEST_DECREF_AC(goodPolQualifier); + PKIX_TEST_DECREF_AC(equalPolQualifier); + PKIX_TEST_DECREF_AC(diffPolQualifier); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(diffQuals); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testPolicyQualifier_GetPolicyQualifierId(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "CPSPointerQualifierTest20EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List *goodPolicyInfo = NULL; + PKIX_List *equalPolicyInfo = NULL; + PKIX_List *diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List *goodQuals = NULL; + PKIX_List *equalQuals = NULL; + PKIX_List *diffQuals = NULL; + PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; + PKIX_PL_OID *goodID = NULL; + PKIX_PL_OID *equalID = NULL; + PKIX_PL_OID *diffID = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + * Take the first policyQualifier from the list. + * Finally, get the policyQualifier's ID. + */ + + /* Get the PolicyQualifier objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, + 0, + (PKIX_PL_Object **)&goodPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, + 0, + (PKIX_PL_Object **)&equalPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, + 0, + (PKIX_PL_Object **)&diffPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodID); + PKIX_TEST_DECREF_AC(equalID); + PKIX_TEST_DECREF_AC(diffID); + PKIX_TEST_DECREF_AC(goodPolQualifier); + PKIX_TEST_DECREF_AC(equalPolQualifier); + PKIX_TEST_DECREF_AC(diffPolQualifier); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(diffQuals); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir) +{ + + char *trueCertName = "CertificatePoliciesCritical.crt"; + char *falseCertName = "UserNoticeQualifierTest15EE.crt"; + PKIX_PL_Cert *trueCert = NULL; + PKIX_PL_Cert *falseCert = NULL; + PKIX_Boolean trueVal = PKIX_FALSE; + PKIX_Boolean falseVal = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>"); + + trueCert = createCert(dataCentralDir, trueCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext)); + + if (trueVal != PKIX_TRUE) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", trueVal); + (void)printf("Expected value:\t1\n"); + goto cleanup; + } + + subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>"); + + falseCert = createCert(dataDir, falseCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext)); + + if (falseVal != PKIX_FALSE) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", falseVal); + (void)printf("Expected value:\t0\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(trueCert); + PKIX_TEST_DECREF_AC(falseCert); + + PKIX_TEST_RETURN(); +} + +static void +testCertPolicyConstraints(char *dataDir) +{ + char *requireExplicitPolicy2CertName = + "requireExplicitPolicy2CACert.crt"; + char *inhibitPolicyMapping5CertName = + "inhibitPolicyMapping5CACert.crt"; + char *inhibitAnyPolicy5CertName = + "inhibitAnyPolicy5CACert.crt"; + char *inhibitAnyPolicy0CertName = + "inhibitAnyPolicy0CACert.crt"; + PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL; + PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL; + PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL; + PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL; + PKIX_Int32 skipCerts = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetRequireExplicitPolicy"); + requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 2); + + subTest("PKIX_PL_Cert_GetPolicyMappingInhibited"); + inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 5); + + subTest("PKIX_PL_Cert_GetInhibitAnyPolicy"); + inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 5); + + inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 0); + +cleanup: + + PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert); + PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert); + PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert); + PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert); + + PKIX_TEST_RETURN(); +} + +static void +testCertPolicyMaps(char *dataDir) +{ + char *policyMappingsCertName = + "P1Mapping1to234CACert.crt"; + char *expectedAscii = + "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2"; + + PKIX_PL_Cert *policyMappingsCert = NULL; + PKIX_List *mappings = NULL; + PKIX_PL_CertPolicyMap *goodMap = NULL; + PKIX_PL_CertPolicyMap *equalMap = NULL; + PKIX_PL_CertPolicyMap *diffMap = NULL; + PKIX_PL_OID *goodOID = NULL; + PKIX_PL_OID *equalOID = NULL; + PKIX_PL_OID *diffOID = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetPolicyMappings"); + + policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap, + equalMap, + diffMap, + expectedAscii, + CertPolicyMap, + PKIX_TRUE); + + subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL)); + subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID, + equalOID, + diffOID, + "2.16.840.1.101.3.2.1.48.1", + OID, + PKIX_FALSE); + + subTest("pkix_pl_CertPolicyMap_Destroy"); + PKIX_TEST_DECREF_BC(goodMap); + PKIX_TEST_DECREF_BC(equalMap); + PKIX_TEST_DECREF_BC(diffMap); + +cleanup: + PKIX_TEST_DECREF_AC(policyMappingsCert); + PKIX_TEST_DECREF_AC(mappings); + PKIX_TEST_DECREF_AC(goodOID); + PKIX_TEST_DECREF_AC(equalOID); + PKIX_TEST_DECREF_AC(diffOID); + + PKIX_TEST_RETURN(); +} + +static void +testNameConstraints(char *dataDir) +{ + char *firstPname = "nameConstraintsDN3subCA2Cert.crt"; + char *secondPname = "nameConstraintsDN4CACert.crt"; + char *thirdPname = "nameConstraintsDN5CACert.crt"; + char *lastPname = "InvalidDNnameConstraintsTest3EE.crt"; + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_Cert *thirdCert = NULL; + PKIX_PL_Cert *lastCert = NULL; + PKIX_PL_CertNameConstraints *firstNC = NULL; + PKIX_PL_CertNameConstraints *secondNC = NULL; + PKIX_PL_CertNameConstraints *thirdNC = NULL; + PKIX_PL_CertNameConstraints *firstMergedNC = NULL; + PKIX_PL_CertNameConstraints *secondMergedNC = NULL; + char *firstExpectedAscii = + "[\n" + "\t\tPermitted Name: (O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates," + "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n" + "\t]\n"; + char *secondExpectedAscii = + "[\n" + "\t\tPermitted Name: (O=Test Certificates,C=US, " + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "O=Test Certificates," + "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, " + "OU=excludedSubtree1,OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertNameConstraints"); + + firstCert = createCert(dataDir, firstPname, plContext); + secondCert = createCert(dataDir, secondPname, plContext); + thirdCert = createCert(dataDir, thirdPname, plContext); + lastCert = createCert(dataDir, lastPname, plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints <total=3>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL)); + + subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL)); + + testToStringHelper((PKIX_PL_Object *)firstMergedNC, + firstExpectedAscii, + plContext); + + testToStringHelper((PKIX_PL_Object *)secondMergedNC, + secondExpectedAscii, + plContext); + + subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>"); + + /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>"); + + /* + * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, + * OU=permittedSubtree1,O=Test Certificates,C=US + */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); + + /* + * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, + * OU=permittedSubtree1,O=Test Certificates,C=US + * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate + * Test3,OU=excludedSubtree1,O=Test Certificates,C=US + */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(thirdCert); + PKIX_TEST_DECREF_AC(lastCert); + PKIX_TEST_DECREF_AC(firstNC); + PKIX_TEST_DECREF_AC(secondNC); + PKIX_TEST_DECREF_AC(thirdNC); + PKIX_TEST_DECREF_AC(firstMergedNC); + PKIX_TEST_DECREF_AC(secondMergedNC); + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + + PKIX_TEST_DECREF_BC(altNameNoneCert); + PKIX_TEST_DECREF_BC(altNameOtherCert); + PKIX_TEST_DECREF_BC(altNameOtherCert_diff); + PKIX_TEST_DECREF_BC(altNameRfc822Cert); + PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff); + PKIX_TEST_DECREF_BC(altNameDnsCert); + PKIX_TEST_DECREF_BC(altNameDnsCert_diff); + PKIX_TEST_DECREF_BC(altNameX400Cert); + PKIX_TEST_DECREF_BC(altNameX400Cert_diff); + PKIX_TEST_DECREF_BC(altNameDnCert); + PKIX_TEST_DECREF_BC(altNameDnCert_diff); + PKIX_TEST_DECREF_BC(altNameEdiCert); + PKIX_TEST_DECREF_BC(altNameEdiCert_diff); + PKIX_TEST_DECREF_BC(altNameUriCert); + PKIX_TEST_DECREF_BC(altNameUriCert_diff); + PKIX_TEST_DECREF_BC(altNameIpCert); + PKIX_TEST_DECREF_BC(altNameIpCert_diff); + PKIX_TEST_DECREF_BC(altNameOidCert); + PKIX_TEST_DECREF_BC(altNameOidCert_diff); + PKIX_TEST_DECREF_BC(altNameMultipleCert); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n"); +} + +int +test_cert(int argc, char *argv[]) +{ + + PKIX_PL_Cert *goodObject = NULL; + PKIX_PL_Cert *equalObject = NULL; + PKIX_PL_Cert *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataCentralDir = NULL; + char *dataDir = NULL; + char *goodInput = "yassir2bcn"; + char *diffInput = "nss2alice"; + + char *expectedAscii = + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19, 1999\n" + /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */ + "\t To: Fri Aug 18, 2000]\n" + /* "\t To: Fri Aug 18 16:19:56 2000]\n" */ + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "\tAuthorityInfoAccess: (null)\n" + "\tSubjectInfoAccess: (null)\n" + "\tCacheFlag: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("Cert"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3 + j) { + printUsage(); + return (0); + } + + dataCentralDir = argv[2 + j]; + dataDir = argv[3 + j]; + + createCerts(dataCentralDir, + goodInput, + diffInput, + &goodObject, + &equalObject, + &diffObject); + + testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + Cert, + PKIX_TRUE); + + testVerifyKeyUsage(dataCentralDir, dataDir, goodObject); + + testGetExtendedKeyUsage(dataCentralDir); + testGetKeyIdentifiers(dataCentralDir, goodObject); + + testGetVersion(goodObject); + testGetSerialNumber(goodObject, equalObject, diffObject); + + testGetSubject(goodObject, equalObject, diffObject); + testGetIssuer(goodObject, equalObject, diffObject); + + testGetSubjectAltNames(dataCentralDir); + testGetCriticalExtensionOIDs(dataCentralDir, goodObject); + + testGetSubjectPublicKey(goodObject, equalObject, diffObject); + testGetSubjectPublicKeyAlgId(goodObject); + testMakeInheritedDSAPublicKey(dataCentralDir); + + testCheckValidity(goodObject, diffObject); + + testBasicConstraints_GetCAFlag(dataCentralDir); + testBasicConstraints_GetPathLenConstraint(dataCentralDir); + testGetBasicConstraints(dataCentralDir); + + /* Basic Policy Processing */ + testGetPolicyInformation(dataDir); + testCertPolicy_GetPolicyId(dataDir); + testCertPolicy_GetPolQualifiers(dataDir); + testPolicyQualifier_GetPolicyQualifierId(dataDir); + testPolicyQualifier_GetQualifier(dataDir); + testAreCertPoliciesCritical(dataCentralDir, dataDir); + + /* Advanced Policy Processing */ + testCertPolicyConstraints(dataDir); + testCertPolicyMaps(dataDir); + + testNameConstraints(dataDir); + + testVerifySignature(dataCentralDir); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Cert"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c new file mode 100644 index 0000000000..6372c7a370 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c @@ -0,0 +1,302 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_crl.c + * + * Test CRL Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createCRLs( + char *dataDir, + char *goodInput, + char *diffInput, + PKIX_PL_CRL **goodObject, + PKIX_PL_CRL **equalObject, + PKIX_PL_CRL **diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_Create <goodObject>"); + *goodObject = createCRL(dataDir, goodInput, plContext); + + subTest("PKIX_PL_CRL_Create <equalObject>"); + *equalObject = createCRL(dataDir, goodInput, plContext); + + subTest("PKIX_PL_CRL_Create <diffObject>"); + *diffObject = createCRL(dataDir, diffInput, plContext); + + PKIX_TEST_RETURN(); +} + +static void +testGetCRLEntryForSerialNumber( + PKIX_PL_CRL *goodObject) +{ + PKIX_PL_BigInt *bigInt; + PKIX_PL_String *bigIntString = NULL; + PKIX_PL_CRLEntry *crlEntry = NULL; + PKIX_PL_String *crlEntryString = NULL; + char *snAscii = "3039"; + char *expectedAscii = + "\n\t[\n" + "\tSerialNumber: 3039\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + snAscii, + PL_strlen(snAscii), + &bigIntString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + bigIntString, + &bigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + goodObject, bigInt, &crlEntry, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString( + (PKIX_PL_Object *)crlEntry, + &crlEntryString, + plContext)); + + testToStringHelper((PKIX_PL_Object *)crlEntryString, + expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(bigIntString); + PKIX_TEST_DECREF_AC(bigInt); + PKIX_TEST_DECREF_AC(crlEntryString); + PKIX_TEST_DECREF_AC(crlEntry); + PKIX_TEST_RETURN(); +} + +static void +testGetIssuer( + PKIX_PL_CRL *goodObject, + PKIX_PL_CRL *equalObject, + PKIX_PL_CRL *diffObject) +{ + PKIX_PL_X500Name *goodIssuer = NULL; + PKIX_PL_X500Name *equalIssuer = NULL; + PKIX_PL_X500Name *diffIssuer = NULL; + char *expectedAscii = "CN=hanfeiyu,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_GetIssuer"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer, + equalIssuer, + diffIssuer, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodIssuer); + PKIX_TEST_DECREF_AC(equalIssuer); + PKIX_TEST_DECREF_AC(diffIssuer); + + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_CRL *crl) +{ + PKIX_List *oidList = NULL; + PKIX_UInt32 numOids = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext)); + if (numOids != 0) { + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject) +{ + subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs " + "<0 element>"); + testCritExtensionsAbsent(goodObject); +} + +static void +testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl) +{ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_PublicKey *firstPubKey = NULL; + PKIX_PL_PublicKey *secondPubKey = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>"); + firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext); + + subTest("PKIX_PL_Cert_Create <hy2hy-bc0>"); + secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext)); + + subTest("PKIX_PL_CRL_VerifySignature <positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext)); + + subTest("PKIX_PL_CRL_VerifySignature <negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(firstPubKey); + PKIX_TEST_DECREF_AC(secondPubKey); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n"); +} + +/* Functional tests for CRL public functions */ + +int +test_crl(int argc, char *argv[]) +{ + PKIX_PL_CRL *goodObject = NULL; + PKIX_PL_CRL *equalObject = NULL; + PKIX_PL_CRL *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataCentralDir = NULL; + char *goodInput = "crlgood.crl"; + char *diffInput = "crldiff.crl"; + char *expectedAscii = + "[\n" + "\tVersion: v2\n" + "\tIssuer: CN=hanfeiyu,O=sun,C=us\n" + "\tUpdate: [Last: Fri Jan 07, 2005\n" + /* "\tUpdate: [Last: Fri Jan 07 15:09:10 2005\n" */ + "\t Next: Sat Jan 07, 2006]\n" + /* "\t Next: Sat Jan 07 15:09:10 2006]\n" */ + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 010932\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t" + ", " + "\n\t[\n" + "\tSerialNumber: 3039\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t" + ")" + "\n\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n"; + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("CRL"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3 + j) { + printUsage(); + return (0); + } + + dataCentralDir = argv[2 + j]; + + createCRLs(dataCentralDir, + goodInput, + diffInput, + &goodObject, + &equalObject, + &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + CRL, + PKIX_TRUE); + + testGetIssuer(goodObject, equalObject, diffObject); + + testGetCriticalExtensionOIDs(goodObject); + + testGetCRLEntryForSerialNumber(goodObject); + + testVerifySignature(dataCentralDir, goodObject); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(equalObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c new file mode 100644 index 0000000000..30a008b4cf --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c @@ -0,0 +1,208 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_crlentry.c + * + * Test CRLENTRY Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createCRLEntries( + char *dataDir, + char *crlInput, + PKIX_PL_CRL **pCrl, + PKIX_PL_CRLEntry **goodObject, + PKIX_PL_CRLEntry **equalObject, + PKIX_PL_CRLEntry **diffObject) +{ + PKIX_PL_CRL *crl = NULL; + PKIX_PL_BigInt *firstSNBigInt = NULL; + PKIX_PL_BigInt *secondSNBigInt = NULL; + PKIX_PL_String *firstSNString = NULL; + PKIX_PL_String *secondSNString = NULL; + char *firstSNAscii = "010932"; + char *secondSNAscii = "3039"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_Create <crl>"); + crl = createCRL(dataDir, crlInput, plContext); + + subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + firstSNAscii, + PL_strlen(firstSNAscii), + &firstSNString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + firstSNString, + &firstSNBigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, firstSNBigInt, goodObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, firstSNBigInt, equalObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + secondSNAscii, + PL_strlen(secondSNAscii), + &secondSNString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + secondSNString, + &secondSNBigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, secondSNBigInt, diffObject, plContext)); + + *pCrl = crl; + +cleanup: + PKIX_TEST_DECREF_AC(firstSNBigInt); + PKIX_TEST_DECREF_AC(secondSNBigInt); + PKIX_TEST_DECREF_AC(firstSNString); + PKIX_TEST_DECREF_AC(secondSNString); + PKIX_TEST_RETURN(); +} + +static void +testGetReasonCode( + PKIX_PL_CRLEntry *goodObject) +{ + PKIX_Int32 reasonCode = 0; + PKIX_Int32 expectedReasonCode = 260; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode( + goodObject, &reasonCode, plContext)); + + if (reasonCode != expectedReasonCode) { + testError("unexpected value of CRL Entry Reason Code"); + (void)printf("Actual value:\t%d\n", reasonCode); + (void)printf("Expected value:\t%d\n", expectedReasonCode); + goto cleanup; + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_CRLEntry *crlEntry) +{ + PKIX_List *oidList = NULL; + PKIX_UInt32 numOids = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(crlEntry, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext)); + if (numOids != 0) { + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(PKIX_PL_CRLEntry *goodObject) +{ + subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs " + "<CritExtensionsAbsent>"); + testCritExtensionsAbsent(goodObject); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n"); +} + +/* Functional tests for CRLENTRY public functions */ + +int +test_crlentry(int argc, char *argv[]) +{ + PKIX_PL_CRL *crl = NULL; + PKIX_PL_CRLEntry *goodObject = NULL; + PKIX_PL_CRLEntry *equalObject = NULL; + PKIX_PL_CRLEntry *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataDir = NULL; + char *goodInput = "crlgood.crl"; + char *expectedAscii = + "\n\t[\n" + "\tSerialNumber: 010932\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t"; + + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("CRLEntry"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 1 + j) { + printUsage(); + return (0); + } + + dataDir = argv[1 + j]; + + createCRLEntries(dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + CRLENTRY, + PKIX_TRUE); + + testGetReasonCode(goodObject); + + testGetCriticalExtensionOIDs(goodObject); + +cleanup: + + PKIX_TEST_DECREF_AC(crl); + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(equalObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRLEntry"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c new file mode 100644 index 0000000000..4fb3718c19 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c @@ -0,0 +1,106 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_date.c + * + * Test Date Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createDates(char *goodInput, char *diffInput, + PKIX_PL_Date **goodDate, + PKIX_PL_Date **equalDate, + PKIX_PL_Date **diffDate) +{ + + subTest("PKIX_PL_Date_Create <goodDate>"); + *goodDate = createDate(goodInput, plContext); + + subTest("PKIX_PL_Date_Create <equalDate>"); + *equalDate = createDate(goodInput, plContext); + + subTest("PKIX_PL_Date_Create <diffDate>"); + *diffDate = createDate(diffInput, plContext); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Date_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDate(char *goodInput, char *diffInput) +{ + + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + PKIX_PL_Date *diffDate = NULL; + + /* + * The ASCII rep of the date will vary by platform and locale + * This particular string was generated on a SPARC running Solaris 9 + * in an English locale + */ + /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */ + char *expectedAscii = "Mon Mar 29, 2004"; + + PKIX_TEST_STD_VARS(); + + createDates(goodInput, diffInput, + &goodDate, &equalDate, &diffDate); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE); + + testDestroy(goodDate, equalDate, diffDate); + + PKIX_TEST_RETURN(); +} + +int +test_date(int argc, char *argv[]) +{ + + char *goodInput = NULL; + char *diffInput = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Date"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + goodInput = "040329134847Z"; + diffInput = "050329135847Z"; + testDate(goodInput, diffInput); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Date"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c new file mode 100644 index 0000000000..88181e3f20 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c @@ -0,0 +1,123 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_generalname.c + * + * Test GeneralName Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput, + PKIX_PL_GeneralName **goodName, + PKIX_PL_GeneralName **equalName, + PKIX_PL_GeneralName **diffName) +{ + + subTest("PKIX_PL_GeneralName_Create <goodName>"); + *goodName = createGeneralName(nameType, goodInput, plContext); + + subTest("PKIX_PL_GeneralName_Create <equalName>"); + *equalName = createGeneralName(nameType, goodInput, plContext); + + subTest("PKIX_PL_GeneralName_Create <diffName>"); + *diffName = createGeneralName(nameType, diffInput, plContext); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testNameType(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii) +{ + + PKIX_PL_GeneralName *goodName = NULL; + PKIX_PL_GeneralName *equalName = NULL; + PKIX_PL_GeneralName *diffName = NULL; + + createGeneralNames(nameType, goodInput, diffInput, + &goodName, &equalName, &diffName); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodName, + equalName, + diffName, + expectedAscii, + GeneralName, + PKIX_TRUE); + + testDestroy(goodName, equalName, diffName); +} + +int +test_generalname(int argc, char *argv[]) +{ + + char *goodInput = NULL; + char *diffInput = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("GeneralName"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + goodInput = "john@sun.com"; + diffInput = "john@labs.com"; + testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput); + + goodInput = "example1.com"; + diffInput = "ex2.net"; + testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput); + + goodInput = "cn=yassir, ou=labs, o=sun, c=us"; + diffInput = "cn=alice, ou=labs, o=sun, c=us"; + testNameType(PKIX_DIRECTORY_NAME, + goodInput, + diffInput, + "CN=yassir,OU=labs,O=sun,C=us"); + + goodInput = "http://example1.com"; + diffInput = "http://ex2.net"; + testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput); + + goodInput = "1.2.840.11"; + diffInput = "1.2.840.115349"; + testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput); + + /* + * We don't support creating PKIX_EDIPARTY_NAME, + * PKIX_IP_NAME, OTHER_NAME, X400_ADDRESS from strings + */ + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("GeneralName"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c new file mode 100644 index 0000000000..636ba3ead3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c @@ -0,0 +1,127 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_nameconstraints.c + * + * Test CERT Name Constraints Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static char * +catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen + + dirLen + + 2, + (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testNameConstraints(char *dataDir) +{ + char *goodPname = "nameConstraintsDN5CACert.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_CertNameConstraints *goodNC = NULL; + char *expectedAscii = + "[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CertNameConstraints"); + + goodCert = createCert(dataDir, goodPname, plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &goodNC, plContext)); + + testToStringHelper((PKIX_PL_Object *)goodNC, expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodNC); + PKIX_TEST_DECREF_AC(goodCert); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_nameconstraints <test-purpose>" + " <data-dir> <platform-prefix>\n\n"); +} + +/* Functional tests for CRL public functions */ + +int +test_nameconstraints(int argc, char *argv[]) +{ + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("NameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3 + j) { + printUsage(); + return (0); + } + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testNameConstraints(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("NameConstraints"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c new file mode 100644 index 0000000000..8f2ff9ec7e --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c @@ -0,0 +1,121 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_subjectinfoaccess.c + * + * Test Subject InfoAccess Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int +test_subjectinfoaccess(int argc, char *argv[]) +{ + + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *certDiff = NULL; + PKIX_List *aiaList = NULL; + PKIX_List *siaList = NULL; + PKIX_PL_InfoAccess *sia = NULL; + PKIX_PL_InfoAccess *siaDup = NULL; + PKIX_PL_InfoAccess *siaDiff = NULL; + PKIX_PL_GeneralName *location = NULL; + char *certPathName = NULL; + char *dirName = NULL; + PKIX_UInt32 method = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 size, i; + PKIX_UInt32 j = 0; + char *expectedAscii = "[method:caRepository, " + "location:http://betty.nist.gov/pathdiscoverytestsuite/" + "p7cfiles/IssuedByTrustAnchor1.p7c]"; + + PKIX_TEST_STD_VARS(); + + startTests("SubjectInfoAccess"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 5 + j) { + printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); + } + + dirName = argv[2 + j]; + certPathName = argv[3 + j]; + + subTest("Creating Cert with Subject Info Access"); + cert = createCert(dirName, certPathName, plContext); + + certPathName = argv[4 + j]; + + subTest("Creating Cert with Subject Info Access"); + certDiff = createCert(dirName, certPathName, plContext); + + subTest("Getting Subject Info Access"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(cert, &siaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&sia, plContext)); + + subTest("PKIX_PL_InfoAccess_GetMethod"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod(sia, &method, plContext)); + if (method != PKIX_INFOACCESS_CA_REPOSITORY) { + pkixTestErrorMsg = "unexpected method of AIA"; + goto cleanup; + } + + subTest("PKIX_PL_InfoAccess_GetLocation"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(sia, &location, plContext)); + if (!location) { + pkixTestErrorMsg = "Cannot get AIA location"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&siaDup, plContext)); + + subTest("Getting Authority Info Access as difference comparison"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certDiff, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&siaDiff, plContext)); + + subTest("Checking: Equal, Hash and ToString"); + PKIX_TEST_EQ_HASH_TOSTR_DUP(sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(location); + PKIX_TEST_DECREF_AC(sia); + PKIX_TEST_DECREF_AC(siaDup); + PKIX_TEST_DECREF_AC(siaDiff); + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(siaList); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certDiff); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Subjectinfoaccess"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c new file mode 100644 index 0000000000..91ff63fd0a --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c @@ -0,0 +1,169 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_x500name.c + * + * Test X500Name Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_PL_X500Name * +createX500Name(char *asciiName, PKIX_Boolean expectedToPass) +{ + + PKIX_PL_X500Name *x500Name = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext)); + + if (expectedToPass) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (x500Name); +} + +static void +createX500Names(char *goodInput, char *diffInput, char *diffInputMatch, + PKIX_PL_X500Name **goodObject, + PKIX_PL_X500Name **equalObject, + PKIX_PL_X500Name **diffObject, + PKIX_PL_X500Name **diffObjectMatch) +{ + char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us"; + PKIX_PL_X500Name *badObject = NULL; + + subTest("PKIX_PL_X500Name_Create <goodObject>"); + *goodObject = createX500Name(goodInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <equalObject>"); + *equalObject = createX500Name(goodInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <diffObject>"); + *diffObject = createX500Name(diffInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <diffObjectMatch>"); + *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <negative>"); + badObject = createX500Name(badAscii, PKIX_FALSE); +} + +static void +testMatchHelper(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match) +{ + PKIX_Boolean cmpResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match(goodName, + otherName, + &cmpResult, + plContext)); + + if ((match && !cmpResult) || (!match && cmpResult)) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", cmpResult); + (void)printf("Expected value:\t%d\n", match); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testMatch(void *goodObject, void *diffObject, void *diffObjectMatch) +{ + subTest("PKIX_PL_X500Name_Match <match>"); + testMatchHelper((PKIX_PL_X500Name *)diffObject, + (PKIX_PL_X500Name *)diffObjectMatch, + PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Match <non-match>"); + testMatchHelper((PKIX_PL_X500Name *)goodObject, + (PKIX_PL_X500Name *)diffObject, + PKIX_FALSE); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_X500Name_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + PKIX_TEST_DECREF_BC(diffObjectMatch); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_x500name(int argc, char *argv[]) +{ + + PKIX_PL_X500Name *goodObject = NULL; + PKIX_PL_X500Name *equalObject = NULL; + PKIX_PL_X500Name *diffObject = NULL; + PKIX_PL_X500Name *diffObjectMatch = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + /* goodInput is encoded in PKIX_ESCASCII */ + char *goodInput = "cn=Strauß,ou=labs,o=sun,c=us"; + char *diffInput = "cn=steve,ou=labs,o=sun,c=us"; + char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS"; + char *expectedAscii = "CN=Strauß,OU=labs,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + startTests("X500Name"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + createX500Names(goodInput, diffInput, diffInputMatch, + &goodObject, &equalObject, &diffObject, &diffObjectMatch); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + X500Name, + PKIX_TRUE); + + testMatch(goodObject, diffObject, diffObjectMatch); + + testDestroy(goodObject, equalObject, diffObject, diffObjectMatch); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("X500Name"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/Makefile b/security/nss/cmd/libpkix/pkix_pl/system/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn new file mode 100644 index 0000000000..52bb34ece0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn @@ -0,0 +1,38 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +# test_rwlock.c is taken out, need to link to libpkix internals +# +# The test is using LIBPKIX PL call directly, which violates our +# code convention. +# +CSRCS = test_bigint.c \ + test_bytearray.c \ + test_hashtable.c \ + test_mem.c \ + test_mutex.c \ + test_mutex2.c \ + test_mutex3.c \ + test_monitorlock.c \ + test_object.c \ + test_oid.c \ + stress_test.c \ + test_string.c \ + test_string2.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolsys +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c b/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c new file mode 100644 index 0000000000..839dc068d1 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c @@ -0,0 +1,146 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * stress_test.c + * + * Creates and deletes many objects + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int +stress_test(int argc, char *argv[]) +{ + + PKIX_UInt32 i, k, length, hashcode; + PKIX_UInt32 size = 17576; + char temp[4]; + PKIX_Boolean result; + PKIX_PL_String *strings[17576], *tempString; + PKIX_PL_String *utf16strings[17576]; + PKIX_PL_ByteArray *byteArrays[17576]; + void *dest; + PKIX_PL_HashTable *ht = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Stress Test"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ---------------------------- */ + subTest("Create every three letter String"); + + for (i = 0; i < 26; i++) + for (j = 0; j < 26; j++) + for (k = 0; k < 26; k++) { + temp[0] = (char)('a' + i); + temp[1] = (char)('a' + j); + temp[2] = (char)('a' + k); + temp[3] = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, temp, 3, + &strings[26 * (i * 26 + j) + k], + plContext)); + } + + /* ---------------------------- */ + subTest("Create a bytearray from each string's UTF-16 encoding"); + for (i = 0; i < size; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(strings[i], + PKIX_UTF16, + &dest, + &length, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(dest, length, &byteArrays[i], plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + } + + /* ---------------------------- */ + subTest("Create a copy string from each bytearray"); + for (i = 0; i < size; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF16, *(void **)byteArrays[i], 6, + &utf16strings[i], plContext)); + } + + /* ---------------------------- */ + subTest("Compare each original string with the copy"); + for (i = 0; i < size; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)strings[i], + (PKIX_PL_Object *)utf16strings[i], + &result, + plContext)); + if (result == 0) + testError("Strings do not match"); + } + + /* ---------------------------- */ + subTest("Put each string into a Hashtable"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(size / + 2, + 0, &ht, plContext)); + + for (i = 0; i < size; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)strings[i], + &hashcode, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (void *)&hashcode, + (void *)strings[i], + plContext)); + } + + /* ---------------------------- */ + subTest("Compare each copy string with the hashtable entries "); + for (i = 0; i < size; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)utf16strings[i], + &hashcode, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (void *)&hashcode, + (PKIX_PL_Object **)&tempString, + plContext)); + + if (tempString == NULL) + testError("String not found in hashtable"); + else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)tempString, + (PKIX_PL_Object *)utf16strings[i], + &result, + plContext)); + if (result == 0) + testError("Strings do not match"); + PKIX_TEST_DECREF_BC(tempString); + } + } + +cleanup: + + /* ---------------------------- */ + subTest("Destroy All Objects"); + + PKIX_TEST_DECREF_AC(ht); + + for (i = 0; i < size; i++) { + PKIX_TEST_DECREF_AC(strings[i]); + PKIX_TEST_DECREF_AC(utf16strings[i]); + PKIX_TEST_DECREF_AC(byteArrays[i]); + } + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Stress Test"); + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c b/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c new file mode 100644 index 0000000000..281e373790 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c @@ -0,0 +1,189 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_bigint.c + * + * Tests BigInt Types + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createBigInt( + PKIX_PL_BigInt **bigInts, + char *bigIntAscii, + PKIX_Boolean errorHandling) +{ + PKIX_PL_String *bigIntString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + bigIntAscii, + PL_strlen(bigIntAscii), + &bigIntString, + plContext)); + + if (errorHandling) { + PKIX_TEST_EXPECT_ERROR(PKIX_PL_BigInt_Create(bigIntString, + bigInts, + plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(bigIntString, + bigInts, + plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(bigIntString); + + PKIX_TEST_RETURN(); +} + +static void +testToString( + PKIX_PL_BigInt *bigInt, + char *expAscii) +{ + PKIX_PL_String *bigIntString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)bigInt, + &bigIntString, plContext)); + + temp = PKIX_String2ASCII(bigIntString, plContext); + if (temp == plContext) { + testError("PKIX_String2Ascii failed"); + goto cleanup; + } + + if (PL_strcmp(temp, expAscii) != 0) { + (void)printf("\tBigInt ToString: %s %s\n", temp, expAscii); + testError("Output string does not match source"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(bigIntString); + + PKIX_TEST_RETURN(); +} + +static void +testCompare( + PKIX_PL_BigInt *firstBigInt, + PKIX_PL_BigInt *secondBigInt, + PKIX_Int32 *cmpResult) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)firstBigInt, + (PKIX_PL_Object *)secondBigInt, + cmpResult, plContext)); +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_BigInt *bigInt) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(bigInt); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_bigint(int argc, char *argv[]) +{ + + PKIX_UInt32 size = 4, badSize = 3, i = 0; + PKIX_PL_BigInt *testBigInt[4] = { NULL }; + PKIX_Int32 cmpResult; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *bigIntValue[4] = { + "03", + "ff", + "1010101010101010101010101010101010101010", + "1010101010101010101010101010101010101010", + }; + + char *badValue[3] = { "00ff", "fff", "-ff" }; + + PKIX_TEST_STD_VARS(); + + startTests("BigInts"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + for (i = 0; i < badSize; i++) { + subTest("PKIX_PL_BigInt_Create <error_handling>"); + createBigInt(&testBigInt[i], badValue[i], PKIX_TRUE); + } + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_BigInt_Create"); + createBigInt(&testBigInt[i], bigIntValue[i], PKIX_FALSE); + } + + PKIX_TEST_EQ_HASH_TOSTR_DUP(testBigInt[2], + testBigInt[3], + testBigInt[1], + bigIntValue[2], + BigInt, + PKIX_TRUE); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_BigInt_ToString"); + testToString(testBigInt[i], bigIntValue[i]); + } + + subTest("PKIX_PL_BigInt_Compare <gt>"); + testCompare(testBigInt[2], testBigInt[1], &cmpResult); + if (cmpResult <= 0) { + testError("Invalid Result from String Compare"); + } + + subTest("PKIX_PL_BigInt_Compare <lt>"); + testCompare(testBigInt[1], testBigInt[2], &cmpResult); + if (cmpResult >= 0) { + testError("Invalid Result from String Compare"); + } + + subTest("PKIX_PL_BigInt_Compare <eq>"); + testCompare(testBigInt[2], testBigInt[3], &cmpResult); + if (cmpResult != 0) { + testError("Invalid Result from String Compare"); + } + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_BigInt_Destroy"); + testDestroy(testBigInt[i]); + } + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("BigInt"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c b/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c new file mode 100644 index 0000000000..402685b59d --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c @@ -0,0 +1,231 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_bytearray.c + * + * Tests ByteArray types. + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createByteArray( + PKIX_PL_ByteArray **byteArray, + char *bytes, + PKIX_UInt32 length) +{ + PKIX_TEST_STD_VARS(); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)bytes, + length, + byteArray, + plContext)); +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testZeroLength(void) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *array = NULL; + PKIX_UInt32 length = 2; + + PKIX_TEST_STD_VARS(); + + createByteArray(&byteArray, NULL, 0); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &length, plContext)); + if (length != 0) { + testError("Length should be zero"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, &array, plContext)); + if (array) { + testError("Array should be NULL"); + } + + testToStringHelper((PKIX_PL_Object *)byteArray, "[]", plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); +} + +static void +testToString( + PKIX_PL_ByteArray *byteArray, + char *expAscii) +{ + PKIX_PL_String *string = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)byteArray, + &string, plContext)); + + temp = PKIX_String2ASCII(string, plContext); + if (temp == NULL) { + testError("PKIX_String2Ascii failed"); + goto cleanup; + } + + if (PL_strcmp(temp, expAscii) != 0) { + (void)printf("\tByteArray ToString: %s %s\n", temp, expAscii); + testError("Output string does not match source"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(string); + + PKIX_TEST_RETURN(); +} + +static void +testGetLength( + PKIX_PL_ByteArray *byteArray, + PKIX_UInt32 expLength) +{ + PKIX_UInt32 arrayLength; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &arrayLength, plContext)); + + if (arrayLength != expLength) { + (void)printf("\tByteArray GetLength: %d %d\n", + arrayLength, expLength); + testError("Incorrect Array Length returned"); + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testGetPointer( + PKIX_PL_ByteArray *byteArray, + char *expBytes, + PKIX_UInt32 arrayLength) +{ + char *temp = NULL; + PKIX_UInt32 j; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, (void **)&temp, plContext)); + + for (j = 0; j < arrayLength; j++) { + if (temp[j] != expBytes[j]) { + testError("Incorrect Byte Array Contents"); + } + } + +cleanup: + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + PKIX_TEST_RETURN(); +} + +void +testDestroy( + PKIX_PL_ByteArray *byteArray) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(byteArray); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_bytearray(int argc, char *argv[]) +{ + + PKIX_PL_ByteArray *testByteArray[4]; + + PKIX_UInt32 i, size = 4; + PKIX_UInt32 lengths[4] = { 5, 6, 1, 5 }; + char dArray0[5] = { 1, 2, 3, 4, 5 }; + unsigned char dArray1[6] = { 127, 128, 129, 254, 255, 0 }; + char dArray2[1] = { 100 }; + char dArray3[5] = { 1, 2, 3, 4, 5 }; + + char *expected[4] = { + "[001, 002, 003, 004, 005]", + "[127, 128, 129, 254, 255, 000]", + "[100]", + "[001, 002, 003, 004, 005]" + }; + + char *dummyArray[4]; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + dummyArray[0] = dArray0; + dummyArray[1] = (char *)dArray1; + dummyArray[2] = dArray2; + dummyArray[3] = dArray3; + + startTests("ByteArrays"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_ByteArray_Create <zero length>"); + testZeroLength(); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_ByteArray_Create"); + createByteArray(&testByteArray[i], dummyArray[i], lengths[i]); + } + + PKIX_TEST_EQ_HASH_TOSTR_DUP(testByteArray[0], + testByteArray[3], + testByteArray[1], + "[001, 002, 003, 004, 005]", + ByteArray, + PKIX_TRUE); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_ByteArray_ToString"); + testToString(testByteArray[i], expected[i]); + } + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_ByteArray_GetLength"); + testGetLength(testByteArray[i], lengths[i]); + } + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_ByteArray_GetPointer"); + testGetPointer(testByteArray[i], dummyArray[i], lengths[i]); + } + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_ByteArray_Destroy"); + testDestroy(testByteArray[i]); + } + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("ByteArray"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c b/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c new file mode 100644 index 0000000000..663bfc9fac --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c @@ -0,0 +1,380 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_hashtable.c + * + * Tests Hashtables + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createHashTables( + PKIX_PL_HashTable **ht, + PKIX_PL_HashTable **ht2, + PKIX_PL_HashTable **ht3, + PKIX_PL_HashTable **ht4) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 0, ht, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(5, 0, ht2, plContext)); + + /* at most two entries per bucket */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 2, ht4, plContext)); + + *ht3 = *ht; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*ht3, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testAdd( + PKIX_PL_HashTable *ht, + PKIX_PL_HashTable *ht2, + PKIX_PL_String **testString, + PKIX_PL_String **testString2, + PKIX_PL_String **testString3, + PKIX_PL_OID **testOID) +{ + char *dummyString = "test string 1"; + char *dummyString2 = "test string 2"; + char *dummyString3 = "test string 3"; + char *dummyOID = "2.11.22222.33333"; + + PKIX_TEST_STD_VARS(); + + /* Make some dummy objects */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + dummyString, + PL_strlen(dummyString), + testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + dummyString2, + PL_strlen(dummyString2), + testString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + dummyString3, + PL_strlen(dummyString3), + testString3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(dummyOID, testOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testString, + (PKIX_PL_Object *)*testString2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2, + (PKIX_PL_Object *)*testString, + (PKIX_PL_Object *)*testString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testString2, + (PKIX_PL_Object *)*testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2, + (PKIX_PL_Object *)*testString2, + (PKIX_PL_Object *)*testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testOID, + (PKIX_PL_Object *)*testOID, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2, + (PKIX_PL_Object *)*testOID, + (PKIX_PL_Object *)*testOID, + plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testAddFIFO( + PKIX_PL_HashTable *ht, + PKIX_PL_String **testString, + PKIX_PL_String **testString2, + PKIX_PL_String **testString3) +{ + PKIX_PL_String *targetString = NULL; + PKIX_Boolean cmpResult; + + PKIX_TEST_STD_VARS(); + + /* + * ht is created as one bucket, two entries per bucket. Since we add + * three items to the ht, we expect the first one to be deleted. + */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testString, + (PKIX_PL_Object *)*testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testString2, + (PKIX_PL_Object *)*testString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht, + (PKIX_PL_Object *)*testString3, + (PKIX_PL_Object *)*testString3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (PKIX_PL_Object *)*testString, + (PKIX_PL_Object **)&targetString, + plContext)); + if (targetString != NULL) { + testError("HashTable_Lookup retrieved a supposed deleted item"); + PKIX_TEST_DECREF_BC(targetString); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (PKIX_PL_Object *)*testString3, + (PKIX_PL_Object **)&targetString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetString, + (PKIX_PL_Object *)*testString3, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testLookup( + PKIX_PL_HashTable *ht, + PKIX_PL_HashTable *ht2, + PKIX_PL_String *testString, + PKIX_PL_String *testString2, + PKIX_PL_String *testString3, + PKIX_PL_OID *testOID) +{ + PKIX_PL_String *targetString = NULL; + PKIX_PL_String *targetOID = NULL; + PKIX_Boolean cmpResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (PKIX_PL_Object *)testString, + (PKIX_PL_Object **)&targetString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetString, + (PKIX_PL_Object *)testString2, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2, + (PKIX_PL_Object *)testString, + (PKIX_PL_Object **)&targetString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetString, + (PKIX_PL_Object *)testString2, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2, + (PKIX_PL_Object *)testString2, + (PKIX_PL_Object **)&targetString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetString, + (PKIX_PL_Object *)testString, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (PKIX_PL_Object *)testOID, + (PKIX_PL_Object **)&targetOID, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetOID, + (PKIX_PL_Object *)testOID, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + PKIX_TEST_DECREF_BC(targetOID); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2, + (PKIX_PL_Object *)testOID, + (PKIX_PL_Object **)&targetOID, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals( + (PKIX_PL_Object *)targetOID, + (PKIX_PL_Object *)testOID, + &cmpResult, + plContext)); + if (cmpResult != PKIX_TRUE) { + testError("HashTable_Lookup failed"); + } + PKIX_TEST_DECREF_BC(targetString); + PKIX_TEST_DECREF_BC(targetOID); + + (void)printf("Looking up item not in HashTable.\n"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht, + (PKIX_PL_Object *)testString3, + (PKIX_PL_Object **)&targetString, + plContext)); + if (targetString == NULL) + (void)printf("\tCorrectly returned NULL.\n"); + else + testError("Hashtable did not return NULL value as expected"); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testRemove( + PKIX_PL_HashTable *ht, + PKIX_PL_HashTable *ht2, + PKIX_PL_String *testString, + PKIX_PL_String *testString2, + PKIX_PL_OID *testOID) +{ + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht, + (PKIX_PL_Object *)testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht, + (PKIX_PL_Object *)testOID, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht2, + (PKIX_PL_Object *)testString2, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_HashTable_Remove(ht, + (PKIX_PL_Object *)testString, + plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_HashTable *ht, + PKIX_PL_HashTable *ht2, + PKIX_PL_HashTable *ht3, + PKIX_PL_HashTable *ht4) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(ht); + PKIX_TEST_DECREF_BC(ht2); + PKIX_TEST_DECREF_BC(ht3); + PKIX_TEST_DECREF_BC(ht4); + +cleanup: + PKIX_TEST_RETURN(); +} + +int +test_hashtable(int argc, char *argv[]) +{ + + PKIX_PL_HashTable *ht, *ht2, *ht3, *ht4; + PKIX_PL_String *testString, *testString2, *testString3; + PKIX_PL_OID *testOID; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("HashTables"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_HashTable_Create"); + createHashTables(&ht, &ht2, &ht3, &ht4); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(ht, + ht3, + ht2, + NULL, + HashTable, + PKIX_FALSE); + + subTest("PKIX_PL_HashTable_Add"); + testAdd(ht, ht2, &testString, &testString2, &testString3, &testOID); + + subTest("PKIX_PL_HashTable_ADD - with Bucket Size limit"); + testAddFIFO(ht4, &testString, &testString2, &testString3); + + subTest("PKIX_PL_HashTable_Lookup"); + testLookup(ht, ht2, testString, testString2, testString3, testOID); + + subTest("PKIX_PL_HashTable_Remove"); + testRemove(ht, ht2, testString, testString2, testOID); + + PKIX_TEST_DECREF_BC(testString); + PKIX_TEST_DECREF_BC(testString2); + PKIX_TEST_DECREF_BC(testString3); + PKIX_TEST_DECREF_BC(testOID); + + subTest("PKIX_PL_HashTable_Destroy"); + testDestroy(ht, ht2, ht3, ht4); + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("BigInt"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c new file mode 100644 index 0000000000..3a4e5f7135 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c @@ -0,0 +1,133 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_mem.c + * + * Tests Malloc, Realloc and Free + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testMalloc(PKIX_UInt32 **array) +{ + PKIX_UInt32 i, arraySize = 10; + PKIX_TEST_STD_VARS(); + + /* Create an integer array of size 10 */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc( + (PKIX_UInt32)(arraySize * sizeof(unsigned int)), + (void **)array, plContext)); + + /* Fill in some values */ + (void)printf("Setting array[i] = i...\n"); + for (i = 0; i < arraySize; i++) { + (*array)[i] = i; + if ((*array)[i] != i) + testError("Array has incorrect contents"); + } + + /* Memory now reflects changes */ + (void)printf("\tArray: a[0] = %d, a[5] = %d, a[7] = %d.\n", + (*array[0]), (*array)[5], (*array)[7]); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testRealloc(PKIX_UInt32 **array) +{ + PKIX_UInt32 i, arraySize = 20; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(*array, + (PKIX_UInt32)(arraySize * + sizeof(unsigned int)), + (void **)array, plContext)); + + /* Fill in the new elements */ + (void)printf("Setting new portion of array to a[i] = i...\n"); + for (i = arraySize / 2; i < arraySize; i++) { + (*array)[i] = i; + if ((*array)[i] != i) + testError("Array has incorrect contents"); + } + + /* New elements should be reflected. The old should be the same */ + (void)printf("\tArray: a[0] = %d, a[15] = %d, a[17] = %d.\n", + (*array)[0], (*array)[15], (*array)[17]); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testFree(PKIX_UInt32 *array) +{ + + PKIX_TEST_STD_VARS(); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +int +test_mem(int argc, char *argv[]) +{ + + unsigned int *array = NULL; + int arraySize = 10; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Memory Allocation"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_Malloc"); + testMalloc(&array); + + subTest("PKIX_PL_Realloc"); + testRealloc(&array); + + subTest("PKIX_PL_Free"); + testFree(array); + + /* --Negative Test Cases------------------- */ + /* Create an integer array of size 10 */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc( + (PKIX_UInt32)(arraySize * sizeof(unsigned int)), + (void **)&array, plContext)); + + (void)printf("Attempting to reallocate 0 sized memory...\n"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(array, 0, (void **)&array, plContext)); + + (void)printf("Attempting to allocate to null pointer...\n"); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext)); + + (void)printf("Attempting to reallocate to null pointer...\n"); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext)); + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("Memory Allocation"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c b/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c new file mode 100644 index 0000000000..21974258f9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c @@ -0,0 +1,104 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_monitorlock.c + * + * Tests basic MonitorLock object functionality. No multi-threading. + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createMonitorLockes( + PKIX_PL_MonitorLock **monitorLock, + PKIX_PL_MonitorLock **monitorLock2, + PKIX_PL_MonitorLock **monitorLock3) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock2, plContext)); + + *monitorLock3 = *monitorLock; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*monitorLock3, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testLock(PKIX_PL_MonitorLock *monitorLock) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_MonitorLock *monitorLock, + PKIX_PL_MonitorLock *monitorLock2, + PKIX_PL_MonitorLock *monitorLock3) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(monitorLock); + PKIX_TEST_DECREF_BC(monitorLock2); + PKIX_TEST_DECREF_BC(monitorLock3); + +cleanup: + PKIX_TEST_RETURN(); +} + +int +test_monitorlock(int argc, char *argv[]) +{ + + PKIX_PL_MonitorLock *monitorLock, *monitorLock2, *monitorLock3; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("MonitorLocks"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_MonitorLock_Create"); + createMonitorLockes(&monitorLock, &monitorLock2, &monitorLock3); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(monitorLock, + monitorLock3, + monitorLock2, + NULL, + MonitorLock, + PKIX_FALSE); + + subTest("PKIX_PL_MonitorLock_Lock/Unlock"); + testLock(monitorLock); + + subTest("PKIX_PL_MonitorLock_Destroy"); + testDestroy(monitorLock, monitorLock2, monitorLock3); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("MonitorLockes"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c new file mode 100644 index 0000000000..bb0e7a0246 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c @@ -0,0 +1,102 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_mutex.c + * + * Tests basic mutex object functionality. No multi-threading. + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createMutexes( + PKIX_PL_Mutex **mutex, + PKIX_PL_Mutex **mutex2, + PKIX_PL_Mutex **mutex3) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex2, plContext)); + + *mutex3 = *mutex; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*mutex3, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testLock(PKIX_PL_Mutex *mutex) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Lock(mutex, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Unlock(mutex, plContext)); + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_Mutex *mutex, + PKIX_PL_Mutex *mutex2, + PKIX_PL_Mutex *mutex3) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(mutex); + PKIX_TEST_DECREF_BC(mutex2); + PKIX_TEST_DECREF_BC(mutex3); + +cleanup: + PKIX_TEST_RETURN(); +} + +int +test_mutex(int argc, char *argv[]) +{ + + PKIX_PL_Mutex *mutex, *mutex2, *mutex3; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Mutexes"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_Mutex_Create"); + createMutexes(&mutex, &mutex2, &mutex3); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(mutex, + mutex3, + mutex2, + NULL, + Mutex, + PKIX_FALSE); + + subTest("PKIX_PL_Mutex_Lock/Unlock"); + testLock(mutex); + + subTest("PKIX_PL_Mutex_Destroy"); + testDestroy(mutex, mutex2, mutex3); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Mutexes"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c new file mode 100644 index 0000000000..197eba2b44 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c @@ -0,0 +1,166 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_mutex2.c + * + * Tests multi-threaded functionality of Mutex + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static int box1 = 0, box2 = 0, box3 = 0; +static PKIX_PL_Mutex *mutex; +static PRCondVar *cv; +static void *plContext = NULL; + +static void +consumer(/* ARGSUSED */ void *arg) +{ + PRStatus status = PR_SUCCESS; + PKIX_Error *errorResult; + int i = 0; + for (i = 0; i < 5; i++) { + (void)PKIX_PL_Mutex_Lock(mutex, plContext); + while (((box1 == 0) || + (box2 == 0) || + (box3 == 0)) && + (status == PR_SUCCESS)) + status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT); + + (void)printf("\tConsumer got Box1 = %d ", box1); + box1 = 0; + (void)printf("Box2 = %d ", box2); + box2 = 0; + (void)printf("Box3 = %d\n", box3); + box3 = 0; + + status = PR_NotifyAllCondVar(cv); + if (status == PR_FAILURE) + (void)printf("Consumer error while notifying condvar\n"); + errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Unlock failed"); + } + (void)printf("Consumer exiting...\n"); +} + +static void +producer(void *arg) +{ + PRStatus status = PR_SUCCESS; + int value = *(int *)arg; + int i = 0; + int *box; + PKIX_Error *errorResult; + if (value == 10) + box = &box1; + else if (value == 20) + box = &box2; + else if (value == 30) + box = &box3; + + for (i = 0; i < 5; i++) { + (void)PKIX_PL_Mutex_Lock(mutex, plContext); + while ((*box != 0) && (status == PR_SUCCESS)) + status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT); + + *box = i + 1; + (void)printf("\tProducer %d put value: %d\n", value, *box); + + status = PR_NotifyAllCondVar(cv); + if (status == PR_FAILURE) + (void)printf("Producer %d error while notifying condvar\n", + value); + errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Unlock failed"); + } +} + +int +test_mutex2(int argc, char *argv[]) +{ + + PRThread *consThread, *prodThread, *prodThread2, *prodThread3; + int x = 10, y = 20, z = 30; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Mutex and Threads"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + (void)printf("Attempting to create new mutex...\n"); + subTest("Mutex Creation"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext)); + + cv = PR_NewCondVar(*(PRLock **)mutex); + + subTest("Starting consumer thread"); + consThread = PR_CreateThread(PR_USER_THREAD, + consumer, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + subTest("Starting producer thread 1"); + prodThread = PR_CreateThread(PR_USER_THREAD, + producer, + &x, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + subTest("Starting producer thread 2"); + prodThread2 = PR_CreateThread(PR_USER_THREAD, + producer, + &y, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + subTest("Starting producer thread 3"); + prodThread3 = PR_CreateThread(PR_USER_THREAD, + producer, + &z, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + PR_JoinThread(consThread); + + (void)PR_DestroyCondVar(cv); + PKIX_TEST_DECREF_BC(mutex); + + /* + * Note: we should also be freeing each thread's stack, but we + * don't have access to the prodThread->stack variable (since + * it is not exported). As a result, we have 120 bytes of memory + * leakage. + */ + + PR_Free(prodThread); + PR_Free(prodThread2); + PR_Free(prodThread3); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Mutex and Threads"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c new file mode 100644 index 0000000000..9f42f629b1 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c @@ -0,0 +1,104 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_mutex3.c + * + * Tests multi-threaded functionality of Mutex + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static PKIX_PL_Mutex *mutex; +static void *plContext = NULL; + +static void +t1(/* ARGSUSED */ void *arg) +{ + PKIX_Error *errorResult; + + (void)printf("t1 acquiring lock...\n"); + errorResult = PKIX_PL_Mutex_Lock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Lock failed"); + + (void)printf("t1 sleeplng for 3 seconds\n"); + PR_Sleep(PR_SecondsToInterval(3)); + (void)printf("t1 releasing lock...\n"); + + errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Unlock failed"); + + (void)printf("t1 exiting...\n"); +} + +static void +t2(/* ARGSUSED */ void *arg) +{ + PKIX_Error *errorResult; + + (void)printf("t2 acquiring lock...\n"); + errorResult = PKIX_PL_Mutex_Lock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Lock failed"); + + (void)printf("t2 releasing lock...\n"); + errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext); + if (errorResult) + testError("PKIX_PL_Mutex_Unlock failed"); + + (void)printf("t2 exiting...\n"); +} + +int +test_mutex3(int argc, char *argv[]) +{ + PRThread *thread, *thread2; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Mutex and Threads"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("Mutex Creation"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext)); + + subTest("Starting thread"); + thread = PR_CreateThread(PR_USER_THREAD, + t1, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + thread2 = PR_CreateThread(PR_USER_THREAD, + t2, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + PR_JoinThread(thread2); + PR_JoinThread(thread); + +cleanup: + + PKIX_TEST_DECREF_AC(mutex); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Mutex and Threads"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_object.c b/security/nss/cmd/libpkix/pkix_pl/system/test_object.c new file mode 100644 index 0000000000..ebb691ba63 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_object.c @@ -0,0 +1,281 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_object.c + * + * Test Object Allocation, toString, Equals, Destruction + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +destructor( + /* ARGSUSED */ PKIX_PL_Object *object, + /* ARGSUSED */ void *plContext) +{ + (void)printf("\tUser defined destructor called\n"); + return (NULL); +} + +static PKIX_Error * +toStringCallback( + PKIX_PL_Object *obj, + PKIX_PL_String **pString, + /* ARGSUSED */ void *plContext) +{ + + PKIX_Error *errorResult; + PKIX_UInt32 type; + char *format = "(addr: %x, type: %d)"; + PKIX_PL_String *formatString = NULL; + + errorResult = PKIX_PL_String_Create( + PKIX_ESCASCII, + format, + PL_strlen(format), + &formatString, + plContext); + if (errorResult) + testError("PKIX_PL_String_Create failed"); + + if (pString == plContext) + testError("Null String"); + + type = (unsigned int)0; + + (void)PKIX_PL_Object_GetType(obj, &type, plContext); + + errorResult = PKIX_PL_Sprintf(pString, plContext, + formatString, + (int)obj, type); + if (errorResult) + testError("PKIX_PL_Sprintf failed"); + + errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString, + plContext); + if (errorResult) + testError("PKIX_PL_Object_DecRef failed"); + + return (NULL); +} + +static PKIX_Error * +comparator( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Int32 *pValue, + /* ARGSUSED */ void *plContext) +{ + if (*(char *)first > *(char *)second) + *pValue = 1; + else if (*(char *)first < *(char *)second) + *pValue = -1; + else + *pValue = 0; + return (NULL); +} + +static PKIX_Error * +hashcodeCallback( + PKIX_PL_Object *object, + PKIX_UInt32 *pValue, + /* ARGSUSED */ void *plContext) +{ + *pValue = 123456789; + return (NULL); +} + +static PKIX_Error * +equalsCallback( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *result, + void *plContext) +{ + + PKIX_UInt32 firstType = 0, secondType = 0; + + if ((first == plContext) || (second == plContext)) + testError("Null Object"); + + (void)PKIX_PL_Object_GetType(first, &firstType, plContext); + + (void)PKIX_PL_Object_GetType(second, &secondType, plContext); + + *result = (firstType == secondType) ? PKIX_TRUE : PKIX_FALSE; + + return (NULL); +} + +static void +createObjects( + PKIX_PL_Object **obj, + PKIX_PL_Object **obj2, + PKIX_PL_Object **obj3, + PKIX_PL_Object **obj4) +{ + PKIX_TEST_STD_VARS(); + +#ifdef PKIX_USER_OBJECT_TYPE + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(1000, /* type */ + "thousand", /* description */ + NULL, /* destructor */ + NULL, /* equals */ + (PKIX_PL_HashcodeCallback)hashcodeCallback, + NULL, /* toString */ + NULL, /* Comparator */ + NULL, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(1000, /* type */ + 12, /* size */ + obj, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(2000, /* type */ + "two thousand" /* description */, + (PKIX_PL_DestructorCallback)destructor, + (PKIX_PL_EqualsCallback)equalsCallback, + NULL, /* hashcode */ + (PKIX_PL_ToStringCallback)toStringCallback, + (PKIX_PL_ComparatorCallback)comparator, + NULL, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */ + 1, /* size */ + obj2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */ + 1, /* size */ + obj4, + plContext)); + + *obj3 = *obj; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext)); + +cleanup: +#endif /* PKIX_USER_OBJECT_TYPE */ + PKIX_TEST_RETURN(); +} + +static void +testGetType( + PKIX_PL_Object *obj, + PKIX_PL_Object *obj2, + PKIX_PL_Object *obj3) +{ + PKIX_UInt32 testType; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj, &testType, plContext)); + + if (testType != 1000) + testError("Object 1 returned the wrong type"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj2, &testType, plContext)); + if (testType != 2000) + testError("Object 2 returned the wrong type"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj3, &testType, plContext)); + if (testType != 1000) + testError("Object 3 returned the wrong type"); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testCompare( + PKIX_PL_Object *obj2, + PKIX_PL_Object *obj4) +{ + PKIX_Int32 cmpResult; + PKIX_TEST_STD_VARS(); + + *(char *)obj2 = 0x20; + *(char *)obj4 = 0x10; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj2, obj4, &cmpResult, plContext)); + if (cmpResult <= 0) + testError("Invalid Result from Object Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj2, &cmpResult, plContext)); + if (cmpResult >= 0) + testError("Invalid Result from Object Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj4, &cmpResult, plContext)); + + *(char *)obj2 = 0x10; + if (cmpResult != 0) + testError("Invalid Result from Object Compare"); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_Object *obj, + PKIX_PL_Object *obj2, + PKIX_PL_Object *obj3, + PKIX_PL_Object *obj4) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(obj); + PKIX_TEST_DECREF_BC(obj2); + PKIX_TEST_DECREF_BC(obj3); + PKIX_TEST_DECREF_BC(obj4); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_object(int argc, char *argv[]) +{ + +#ifdef PKIX_USER_OBJECT_TYPE + PKIX_PL_Object *obj, *obj2, *obj3, *obj4; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Objects"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_Object_Create"); + createObjects(&obj, &obj2, &obj3, &obj4); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(obj, obj3, obj2, NULL, Object, PKIX_FALSE); + + subTest("PKIX_PL_Object_GetType"); + testGetType(obj, obj2, obj3); + + subTest("PKIX_PL_Object_Compare"); + testCompare(obj2, obj4); + + subTest("PKIX_PL_Object_Destroy"); + testDestroy(obj, obj2, obj3, obj4); + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("Objects"); +#endif /* PKIX_USER_OBJECT_TYPE */ + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c b/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c new file mode 100644 index 0000000000..09cddaeea9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c @@ -0,0 +1,212 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_oid.c + * + * Test OID Types + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createOID( + PKIX_PL_OID **testOID, + char *oidAscii, + PKIX_Boolean errorHandling) +{ + PKIX_TEST_STD_VARS(); + + if (errorHandling) { + PKIX_TEST_EXPECT_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testToString( + PKIX_PL_OID *oid, + char *expAscii) +{ + PKIX_PL_String *oidString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)oid, + &oidString, plContext)); + + temp = PKIX_String2ASCII(oidString, plContext); + if (temp == NULL) { + testError("PKIX_String2Ascii failed"); + goto cleanup; + } + + if (PL_strcmp(temp, expAscii) != 0) { + (void)printf("\tOid ToString: %s %s\n", temp, expAscii); + testError("Output string does not match source"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(oidString); + + PKIX_TEST_RETURN(); +} + +static void +testCompare( + PKIX_PL_OID *oid0, + PKIX_PL_OID *oid1, + PKIX_PL_OID *oid2, + PKIX_PL_OID *oid3) +{ + PKIX_Int32 cmpResult; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid0, + (PKIX_PL_Object *)oid1, + &cmpResult, plContext)); + if (cmpResult <= 0) + testError("Invalid Result from OID Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1, + (PKIX_PL_Object *)oid0, + &cmpResult, plContext)); + if (cmpResult >= 0) + testError("Invalid Result from OID Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1, + (PKIX_PL_Object *)oid2, + &cmpResult, plContext)); + if (cmpResult >= 0) + testError("Invalid Result from OID Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid2, + (PKIX_PL_Object *)oid1, + &cmpResult, plContext)); + if (cmpResult <= 0) + testError("Invalid Result from OID Compare"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1, + (PKIX_PL_Object *)oid3, + &cmpResult, plContext)); + if (cmpResult != 0) + testError("Invalid Result from OID Compare"); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_OID *oid) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(oid); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_oid(int argc, char *argv[]) +{ + + PKIX_PL_OID *testOID[6] = { NULL }; + PKIX_PL_OID *badTestOID = NULL; + PKIX_UInt32 i, size = 6; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *validOID[6] = { + "2.11.22222.33333", + "1.2.3.004.5.6.7", + "2.11.22222.33333", + "1.2.3.4.5.6.7", + "1.2.3", + "2.39.3" + }; + + char *expected[6] = { + "2.11.22222.33333", + "1.2.3.4.5.6.7", + "2.11.22222.33333", + "1.2.3.4.5.6.7", + "1.2.3", + "2.39.3" + }; + + char *badOID[11] = { + "1.2.4294967299", + "this. is. a. bad. oid", + "00a1000.002b", + "100.-5.10", + "1.2..3", + ".1.2.3", + "1.2.3.", + "00010.1.2.3", + "1.000041.2.3", + "000000000000000000000000000000000000000010.3.2", + "1" + }; + + PKIX_TEST_STD_VARS(); + + startTests("OIDs"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_OID_Create"); + createOID(&testOID[i], validOID[i], PKIX_FALSE); + } + + PKIX_TEST_EQ_HASH_TOSTR_DUP(testOID[0], + testOID[2], + testOID[1], + NULL, + OID, + PKIX_FALSE); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_OID_ToString"); + testToString(testOID[i], expected[i]); + } + + subTest("PKIX_PL_OID_Compare"); + testCompare(testOID[0], testOID[1], testOID[2], testOID[3]); + + for (i = 0; i < size; i++) { + subTest("PKIX_PL_OID_Destroy"); + testDestroy(testOID[i]); + } + + for (i = 0; i < 11; i++) { + subTest("PKIX_PL_OID Error Handling"); + createOID(&badTestOID, badOID[i], PKIX_TRUE); + } + +cleanup: + + PKIX_Shutdown(plContext); + + endTests("OIDs"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c b/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c new file mode 100644 index 0000000000..9c09d6479e --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c @@ -0,0 +1,204 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_rwlock.c + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static PKIX_PL_RWLock *rwlock = NULL, *rwlock2 = NULL, *rwlock3 = NULL; +static PRThread *thread = NULL, *thread2 = NULL, *thread3 = NULL; +static void *plContext = NULL; + +static void +reader(void) +{ + PKIX_Error *errorResult; + + errorResult = PKIX_PL_AcquireReaderLock(rwlock, NULL); + if (errorResult) + testError("PKIX_PL_AcquireReaderLock failed"); + + (void)printf("\t[Thread #1 Read Lock #1.]\n"); + (void)printf("\t[Thread #1 Sleeplng for 1 seconds.]\n"); + PR_Sleep(PR_SecondsToInterval(1)); + PKIX_PL_ReleaseReaderLock(rwlock, NULL); + if (errorResult) + testError("PKIX_PL_ReleaseReaderLock failed"); + (void)printf("\t[Thread #1 Read UNLock #1.]\n"); +} + +static void +writer(void) +{ + PKIX_Error *errorResult; + /* This thread should stick here until lock 1 is released */ + PKIX_PL_AcquireWriterLock(rwlock, NULL); + if (errorResult) + testError("PKIX_PL_AcquireWriterLock failed"); + + (void)printf("\t[Thread #2 Write Lock #1.]\n"); + + PKIX_PL_AcquireWriterLock(rwlock2, NULL); + if (errorResult) + testError("PKIX_PL_AcquireWriterLock failed"); + (void)printf("\t[Thread #2 Write Lock #2.]\n"); + + (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n"); + PR_Sleep(PR_SecondsToInterval(1)); + + PKIX_PL_ReleaseWriterLock(rwlock2, NULL); + if (errorResult) + testError("PKIX_PL_ReleaseWriterLock failed"); + (void)printf("\t[Thread #2 Write UNLock #2.]\n"); + + (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n"); + PR_Sleep(PR_SecondsToInterval(1)); + + PKIX_PL_ReleaseWriterLock(rwlock, NULL); + if (errorResult) + testError("PKIX_PL_ReleaseWriterLock failed"); + (void)printf("\t[Thread #2 Write UNLock #1.]\n"); + + PR_JoinThread(thread3); +} + +static void +reader2(void) +{ + PKIX_Error *errorResult; + /* Reader 2 should yield here until the writer is done */ + + PKIX_PL_AcquireReaderLock(rwlock2, NULL); + if (errorResult) + testError("PKIX_PL_AcquireReaderLock failed"); + + (void)printf("\t[Thread #3 Read Lock #2.]\n"); + + PKIX_PL_AcquireReaderLock(rwlock3, NULL); + if (errorResult) + testError("PKIX_PL_AcquireReaderLock failed"); + (void)printf("\t[Thread #3 Read Lock #3.]\n"); + + (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n"); + PR_Sleep(PR_SecondsToInterval(1)); + + PKIX_PL_ReleaseReaderLock(rwlock3, NULL); + if (errorResult) + testError("PKIX_PL_ReleaseReaderLock failed"); + (void)printf("\t[Thread #3 Read UNLock #3.]\n"); + + (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n"); + PR_Sleep(PR_SecondsToInterval(1)); + + PKIX_PL_ReleaseReaderLock(rwlock2, NULL); + if (errorResult) + testError("PKIX_PL_ReleaseReaderLock failed"); + (void)printf("\t[Thread #3 Read UNLock #2.]\n"); +} + +int +test_rwlock() +{ + PKIX_PL_String *outputString = NULL; + PKIX_UInt32 j = 0; + PKIX_Boolean bool; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + startTests("RWLocks"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + (void)printf("Attempting to create new rwlock...\n"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock3, plContext)); + + /* Test toString functionality */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)rwlock, &outputString, plContext)); + + (void)printf("Testing RWLock toString: %s\n", + PKIX_String2ASCII(outputString)); + + PKIX_TEST_DECREF_BC(outputString); + + /* Call Equals on two different objects */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock, + (PKIX_PL_Object *)rwlock2, + &bool, + plContext)); + + (void)printf("Testing RWLock Equals: %d (should be 0)\n", bool); + + if (bool != 0) + testError("Error in RWLock_Equals"); + + /* Call Equals on two equal objects */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock, + (PKIX_PL_Object *)rwlock, &bool, plContext)); + + (void)printf("Testing RWLock Equals: %d (should be 1)\n", bool); + if (bool != 1) + testError("Error in RWLock_Equals"); + + subTest("Multi-Thread Read/Write Lock Testing"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_AcquireReaderLock(rwlock, plContext)); + (void)printf("\t[Main Thread Read Lock #1.]\n"); + + thread = PR_CreateThread(PR_USER_THREAD, + reader, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + thread2 = PR_CreateThread(PR_USER_THREAD, + writer, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + thread3 = PR_CreateThread(PR_USER_THREAD, + reader2, + NULL, + PR_PRIORITY_NORMAL, + PR_LOCAL_THREAD, + PR_JOINABLE_THREAD, + 0); + + PR_JoinThread(thread); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ReleaseReaderLock(rwlock, plContext)); + (void)printf("\t[Main Thread Read Unlock #1.]\n"); + + PR_JoinThread(thread2); + +cleanup: + + /* Test destructor */ + subTest("Testing destructor..."); + PKIX_TEST_DECREF_AC(rwlock); + PKIX_TEST_DECREF_AC(rwlock2); + PKIX_TEST_DECREF_AC(rwlock3); + + pkixTestTempResult = PKIX_Shutdown(plContext); + if (pkixTestTempResult) + pkixTestErrorResult = pkixTestTempResult; + + PKIX_TEST_RETURN(); + + endTests("RWLocks"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_string.c b/security/nss/cmd/libpkix/pkix_pl/system/test_string.c new file mode 100644 index 0000000000..9b84f94d9c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_string.c @@ -0,0 +1,434 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_string.c + * + * Tests Strings. + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createString( + PKIX_PL_String **testString, + PKIX_UInt32 format, + char *stringAscii, + PKIX_UInt32 length) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(format, stringAscii, length, testString, plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +createStringOther( + PKIX_PL_String **testEscAscii, + PKIX_PL_String **testUtf16, + PKIX_PL_String **ampString, + PKIX_PL_String **testDebugAscii, + PKIX_PL_String **testNullString, + PKIX_UInt32 *utf16data) +{ + char *nullText = "Hi� there!"; + + char *escAsciiString = + "¡𐀀࿿􀀁"; + + char *debugAsciiString = + "string with
newlines and	tabs"; + + char *utfAmp = "\x00&"; + + PKIX_TEST_STD_VARS(); + + createString(testEscAscii, + PKIX_ESCASCII, + escAsciiString, + PL_strlen(escAsciiString)); + + createString(testUtf16, PKIX_UTF16, (char *)utf16data, 12); + + createString(ampString, PKIX_UTF16, utfAmp, 2); + + createString(testDebugAscii, + PKIX_ESCASCII_DEBUG, + debugAsciiString, + PL_strlen(debugAsciiString)); + + createString(testNullString, + PKIX_ESCASCII_DEBUG, + nullText, + PL_strlen(nullText)); + + goto cleanup; + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetEncoded( + PKIX_PL_String *testEscAscii, + PKIX_PL_String *testString0, + PKIX_PL_String *testDebugAscii, + PKIX_PL_String *testNullString, + PKIX_UInt32 *utf16data) +{ + char *temp = NULL; + void *dest = NULL; + void *dest2 = NULL; + char *plainText = "string with\nnewlines and\ttabs"; + PKIX_UInt32 length, length2, i; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testEscAscii, + PKIX_UTF16, + &dest, + &length, + plContext)); + for (i = 0; i < length; i++) { + if (((char *)dest)[i] != ((char *)utf16data)[i]) { + testError("UTF-16 Data Differs from Source"); + printf("%d-th char is different -%c-%c-\n", i, + ((char *)dest)[i], ((char *)utf16data)[i]); + } + } + + length = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testNullString, + PKIX_UTF16, + &dest, + &length, + plContext)); + + length = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testString0, + PKIX_ESCASCII_DEBUG, + &dest, + &length, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testDebugAscii, + PKIX_ESCASCII_DEBUG, + &dest2, + &length2, + plContext)); + + for (i = 0; (i < length) && (i < length2); i++) + if (((char *)dest)[i] != ((char *)dest2)[i]) { + testError("Equivalent strings are unequal"); + break; + } + + length = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + length2 = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest2, plContext)); + + temp = PKIX_String2ASCII(testDebugAscii, plContext); + if (temp) { + if (PL_strcmp(plainText, temp) != 0) + testError("Debugged ASCII does not match " + "equivalent EscAscii"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testSprintf(void) +{ + PKIX_Int32 x = 0xCAFE; + PKIX_Int32 y = -12345; + PKIX_PL_String *testString = NULL; + PKIX_PL_String *formatString = NULL; + PKIX_PL_String *sprintfString = NULL; + char *plainText = "Testing Sprintf"; + char *format = "%s %x %u %d"; + char *convertedFormat = "%s %lx %lu %ld"; + char *temp = NULL; + char *temp2 = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + plainText, + PL_strlen(plainText), + &testString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + format, + 11, + &formatString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Sprintf(&sprintfString, + plContext, + formatString, + testString, x, y, y)); + PKIX_TEST_DECREF_BC(testString); + + temp = PR_smprintf(convertedFormat, plainText, x, y, y); + temp2 = PKIX_String2ASCII(sprintfString, plContext); + + if (PL_strcmp(temp, temp2) != 0) + testError("Sprintf produced incorrect output"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp2, plContext)); + + PKIX_TEST_DECREF_BC(sprintfString); + + PKIX_TEST_DECREF_BC(formatString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testErrorHandling(void) +{ + char *debugAsciiString = + "string with
newlines and	tabs"; + + PKIX_PL_String *testString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + NULL, + 50, + &testString, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + "blah", 4, NULL, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Sprintf(&testString, plContext, NULL)); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, NULL, &testString, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, "blah", 0, plContext)); + + /* ---------------------------- */ + subTest("Unicode Error Handling"); + + /* &#x must be followed by 4 hexadecimal digits */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "k;", + 7, + &testString, + plContext)); + + /* &#x must be followed by 4 hexadecimal digits */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "abc�", + 8, + &testString, + plContext)); + + /* &#x must be between 00010000-0010FFFF */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "�", + 11, + &testString, + plContext)); + + /* &#x must be followed by 8 hexadecimal digits */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "က", + 10, + &testString, + plContext)); + + /* &#x must be followed by 8 hexadecimal digits */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "m00;", + 10, + &testString, + plContext)); + + /* Byte values D800-DFFF are reserved */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "�", + 7, + &testString, + plContext)); + + /* Can't use &#x for regular characters */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "2", + 7, + &testString, + plContext)); + + /* Can't use non-printable characters */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "\xA1", + 1, + &testString, + plContext)); + + /* Only legal \\ characters are \\, u and U */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + "&blah", + 5, + &testString, + plContext)); + + /* Surrogate pairs must be legal */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_UTF16, + "\xd8\x00\x0\x66", + 4, + &testString, + plContext)); + + /* Debugged EscASCII should not be accepted as EscASCII */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + debugAsciiString, + PL_strlen(debugAsciiString), + &testString, + plContext)); +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_String *string) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(string); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_string(int argc, char *argv[]) +{ + + PKIX_PL_String *testString[6] = { NULL }; + PKIX_PL_String *testNullString = NULL; + PKIX_PL_String *testDebugAscii = NULL; + PKIX_PL_String *testEscAscii = NULL; + PKIX_PL_String *testUtf16 = NULL; + PKIX_PL_String *ampString = NULL; + unsigned char utf16Data[] = { 0x00, 0xA1, 0xD8, 0x00, + 0xDC, 0x00, 0x0F, 0xFF, + 0xDB, 0xC0, 0xDC, 0x01 }; + PKIX_UInt32 i, size = 6; + + char *plainText[6] = { + "string with\nnewlines and\ttabs", + "Not an escaped char: &#x0012;", + "Encode & with &amp; in ASCII", + "¡", + "&", + "string with\nnewlines and\ttabs" + }; + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Strings"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_String_Create <ascii format>"); + for (i = 0; i < size; i++) { + testString[i] = NULL; + createString(&testString[i], + PKIX_ESCASCII, + plainText[i], + PL_strlen(plainText[i])); + } + + subTest("PKIX_PL_String_Create <other formats>"); + createStringOther(&testEscAscii, + &testUtf16, + &String, + &testDebugAscii, + &testNullString, + (PKIX_UInt32 *)utf16Data); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(testString[0], + testString[5], + testString[1], + plainText[0], + String, + PKIX_TRUE); + + subTest("PKIX_PL_String_GetEncoded"); + testGetEncoded(testEscAscii, + testString[0], + testDebugAscii, + testNullString, + (PKIX_UInt32 *)utf16Data); + + subTest("PKIX_PL_Sprintf"); + testSprintf(); + + subTest("PKIX_PL_String_Create <error_handling>"); + testErrorHandling(); + + subTest("PKIX_PL_String_Destroy"); + for (i = 0; i < size; i++) { + testDestroy(testString[i]); + } + testDestroy(testEscAscii); + testDestroy(testUtf16); + testDestroy(ampString); + testDestroy(testDebugAscii); + testDestroy(testNullString); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("String"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c b/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c new file mode 100644 index 0000000000..c76d1e9ac8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c @@ -0,0 +1,337 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_string2.c + * + * Tests International Strings + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createString( + PKIX_PL_String **vivaEspanaString, + PKIX_PL_String **straussString, + PKIX_PL_String **gorbachevString, + PKIX_PL_String **testUTF16String, + PKIX_PL_String **chineseString, + PKIX_PL_String **jeanRenoString) +{ + /* this is meant to fail - it highlights bug 0002 */ + unsigned char utf16String[4] = { 0xF8, 0x60, + 0xFC, 0x60 }; + + unsigned char chinese[16] = { 0xe7, 0xab, 0xa0, + 0xe5, 0xad, 0x90, + 0xe6, 0x80, 0xa1, + 0x20, + 0xe4, 0xb8, 0xad, + 0xe5, 0x9b, 0xbd }; + + char *jeanReno = "Jean R\303\251no is an actor."; + char *gorbachev = /* This is the name "Gorbachev" in cyrllic */ + "\xd0\x93\xd0\xbe\xd1\x80\xd0\xb1\xd0\xb0\xd1\x87\xd1\x91\xd0\xb2"; + + char *vivaEspana = + "¡Viva España!"; + + char *strauss = + "Strauß was born in Österreich"; + + PKIX_TEST_STD_VARS(); + + /* ---------------------------- */ + subTest("String Creation"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + vivaEspana, + PL_strlen(vivaEspana), + vivaEspanaString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + strauss, + PL_strlen(strauss), + straussString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_UTF8, + gorbachev, + PL_strlen(gorbachev), + gorbachevString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_UTF16, + utf16String, + 4, + testUTF16String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_UTF8, + chinese, + 16, + chineseString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_UTF8, + jeanReno, + PL_strlen(jeanReno), + jeanRenoString, + plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetEncoded(PKIX_PL_String *string, PKIX_UInt32 format) +{ + void *dest = NULL; + PKIX_UInt32 length; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(string, + format, + &dest, + &length, + plContext)); + + if (dest) { + (void)printf("\tResult: %s\n", (char *)dest); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testHTMLOutput( + PKIX_PL_String *vivaEspanaString, + PKIX_PL_String *straussString, + PKIX_PL_String *gorbachevString, + PKIX_PL_String *testUTF16String, + PKIX_PL_String *chineseString, + PKIX_PL_String *jeanRenoString) +{ + void *dest = NULL; + PKIX_UInt32 length; + + FILE *htmlFile = NULL; + + PKIX_TEST_STD_VARS(); + + /* Opening a file for output */ + htmlFile = fopen("utf8.html", "w"); + + if (htmlFile != plContext) { + (void)fprintf(htmlFile, "<html><head>\n"); + (void)fprintf(htmlFile, "<meta http-equiv=\"Content-Type\""); + (void)fprintf(htmlFile, + "content = \"text/html; charset = UTF-8\">\n"); + (void)fprintf(htmlFile, "</head><body>\n"); + (void)fprintf(htmlFile, "<font size =\"+2\">\n"); + } else + (void)printf("Could not open HTML file\n"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testUTF16String, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(chineseString, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(jeanRenoString, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(vivaEspanaString, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString, + PKIX_UTF8, + &dest, + &length, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(gorbachevString, + PKIX_UTF8, + &dest, + &length, + plContext)); + if (htmlFile != plContext) { + (void)printf("%d bytes written to HTML file\n", + fwrite(dest, length, 1, htmlFile)); + (void)fprintf(htmlFile, "<BR>\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext)); + dest = NULL; + length = 0; + + if (htmlFile != plContext) { + (void)fprintf(htmlFile, "</font>\n"); + (void)fprintf(htmlFile, "</body></html>\n"); + (void)fclose(htmlFile); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy( + PKIX_PL_String *string) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(string); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_string2(int argc, char *argv[]) +{ + + PKIX_PL_String *vivaEspanaString, *straussString, *testUTF16String; + PKIX_PL_String *chineseString, *jeanRenoString, *gorbachevString; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Unicode Strings"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_PL_String_Create"); + createString(&vivaEspanaString, + &straussString, + &gorbachevString, + &testUTF16String, + &chineseString, + &jeanRenoString); + + subTest("Converting UTF-16 to EscASCII"); + testGetEncoded(testUTF16String, PKIX_ESCASCII); + + subTest("Converting UTF-8 to EscASCII"); + testGetEncoded(chineseString, PKIX_ESCASCII); + + subTest("Converting UTF-8 to EscASCII"); + testGetEncoded(jeanRenoString, PKIX_ESCASCII); + + subTest("Converting EscASCII to UTF-16"); + testGetEncoded(vivaEspanaString, PKIX_UTF16); + + subTest("Converting UTF-8 to UTF-16"); + testGetEncoded(chineseString, PKIX_UTF16); + + subTest("Creating HTML Output File \'utf8.html\'"); + testHTMLOutput(vivaEspanaString, + straussString, + gorbachevString, + testUTF16String, + chineseString, + jeanRenoString); + + subTest("Unicode Destructors"); + testDestroy(testUTF16String); + testDestroy(chineseString); + testDestroy(jeanRenoString); + testDestroy(vivaEspanaString); + testDestroy(straussString); + testDestroy(gorbachevString); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Unicode Strings"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkixlibs.mk b/security/nss/cmd/libpkix/pkixlibs.mk new file mode 100755 index 0000000000..2e1eb154f0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkixlibs.mk @@ -0,0 +1,27 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +ifdef NS_USE_GCC +EXTRA_SHARED_LIBS += \ + -L$(DIST)/lib \ + -lpkixutil \ + $(NULL) +else # ! NS_USE_GCC +EXTRA_SHARED_LIBS += \ + $(DIST)/lib/pkixutil.lib \ + $(NULL) +endif # NS_USE_GCC + +else + +EXTRA_SHARED_LIBS += \ + -L$(DIST)/lib/ \ + -lpkixutil \ + $(NULL) + +endif + diff --git a/security/nss/cmd/libpkix/pkixrules.mk b/security/nss/cmd/libpkix/pkixrules.mk new file mode 100755 index 0000000000..bbaf85c568 --- /dev/null +++ b/security/nss/cmd/libpkix/pkixrules.mk @@ -0,0 +1,7 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +CORE_DEPTH = $(PKIX_DEPTH)/../../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. diff --git a/security/nss/cmd/libpkix/pkixutil/Makefile b/security/nss/cmd/libpkix/pkixutil/Makefile new file mode 100644 index 0000000000..a2cfa73bd0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkixutil/Makefile @@ -0,0 +1,43 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkixutil/manifest.mn b/security/nss/cmd/libpkix/pkixutil/manifest.mn new file mode 100644 index 0000000000..180e995aa1 --- /dev/null +++ b/security/nss/cmd/libpkix/pkixutil/manifest.mn @@ -0,0 +1,41 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = \ + pkixutil.c \ + $(NULL) + +PROGRAM = pkixutil + +TOOLS_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +EXTRA_LIBS += \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolperf.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolcertsel.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolparams.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolmodule.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolpki.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolsys.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolresults.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolstore.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtooltop.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolutil.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolsmplapps.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolchecker.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolcrlsel.$(LIB_SUFFIX) \ + $(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtooltestutil.$(LIB_SUFFIX) \ + $(NULL) + +NO_MD_RELEASE = 1 + +USE_STATIC_LIBS = 1 + diff --git a/security/nss/cmd/libpkix/pkixutil/pkixutil.c b/security/nss/cmd/libpkix/pkixutil/pkixutil.c new file mode 100644 index 0000000000..158f458952 --- /dev/null +++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c @@ -0,0 +1,299 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testwrapper.c + * + * Wrpper programm for libpkix tests. + * + */ + +#include <stdio.h> + +#include "nspr.h" +#include "plgetopt.h" + +#include "nss.h" +#include "secport.h" + +typedef int (*mainTestFn)(int argc, char *argv[]); + +extern int libpkix_buildthreads(int argc, char *argv[]); +extern int nss_threads(int argc, char *argv[]); +extern int test_certselector(int argc, char *argv[]); +extern int test_comcertselparams(int argc, char *argv[]); +extern int test_certchainchecker(int argc, char *argv[]); +extern int test_comcrlselparams(int argc, char *argv[]); +extern int test_crlselector(int argc, char *argv[]); + +extern int test_procparams(int argc, char *argv[]); +extern int test_resourcelimits(int argc, char *argv[]); +extern int test_trustanchor(int argc, char *argv[]); +extern int test_valparams(int argc, char *argv[]); +extern int test_buildresult(int argc, char *argv[]); +extern int test_policynode(int argc, char *argv[]); +extern int test_valresult(int argc, char *argv[]); +extern int test_verifynode(int argc, char *argv[]); +extern int test_store(int argc, char *argv[]); +extern int test_basicchecker(int argc, char *argv[]); +extern int test_basicconstraintschecker(int argc, char *argv[]); +extern int test_buildchain(int argc, char *argv[]); +extern int test_buildchain_partialchain(int argc, char *argv[]); +extern int test_buildchain_resourcelimits(int argc, char *argv[]); +extern int test_buildchain_uchecker(int argc, char *argv[]); +extern int test_customcrlchecker(int argc, char *argv[]); +extern int test_defaultcrlchecker2stores(int argc, char *argv[]); +extern int test_ocsp(int argc, char *argv[]); +extern int test_policychecker(int argc, char *argv[]); +extern int test_subjaltnamechecker(int argc, char *argv[]); +extern int test_validatechain(int argc, char *argv[]); +extern int test_validatechain_NB(int argc, char *argv[]); +extern int test_validatechain_bc(int argc, char *argv[]); +extern int test_error(int argc, char *argv[]); +extern int test_list(int argc, char *argv[]); +extern int test_list2(int argc, char *argv[]); +extern int test_logger(int argc, char *argv[]); +extern int test_colcertstore(int argc, char *argv[]); +extern int test_ekuchecker(int argc, char *argv[]); +extern int test_httpcertstore(int argc, char *argv[]); +extern int test_pk11certstore(int argc, char *argv[]); +extern int test_socket(int argc, char *argv[]); +extern int test_authorityinfoaccess(int argc, char *argv[]); +extern int test_cert(int argc, char *argv[]); +extern int test_crl(int argc, char *argv[]); +extern int test_crlentry(int argc, char *argv[]); +extern int test_date(int argc, char *argv[]); +extern int test_generalname(int argc, char *argv[]); +extern int test_nameconstraints(int argc, char *argv[]); +extern int test_subjectinfoaccess(int argc, char *argv[]); +extern int test_x500name(int argc, char *argv[]); +extern int stress_test(int argc, char *argv[]); +extern int test_bigint(int argc, char *argv[]); +extern int test_bytearray(int argc, char *argv[]); +extern int test_hashtable(int argc, char *argv[]); +extern int test_mem(int argc, char *argv[]); +extern int test_monitorlock(int argc, char *argv[]); +extern int test_mutex(int argc, char *argv[]); +extern int test_mutex2(int argc, char *argv[]); +extern int test_mutex3(int argc, char *argv[]); +extern int test_object(int argc, char *argv[]); +extern int test_oid(int argc, char *argv[]); + +/* Taken out. Problem with build */ +/* extern int test_rwlock(int argc, char *argv[]); */ +extern int test_string(int argc, char *argv[]); +extern int test_string2(int argc, char *argv[]); +extern int build_chain(int argc, char *argv[]); +extern int dumpcert(int argc, char *argv[]); +extern int dumpcrl(int argc, char *argv[]); +extern int validate_chain(int argc, char *argv[]); + +typedef struct { + char *fnName; + mainTestFn fnPointer; +} testFunctionRef; + +testFunctionRef testFnRefTable[] = { + { "libpkix_buildthreads", libpkix_buildthreads }, + { "nss_threads", nss_threads }, + { "test_certselector", test_certselector }, + { "test_comcertselparams", test_comcertselparams }, + { "test_certchainchecker", test_certchainchecker }, + { "test_comcrlselparams", test_comcrlselparams }, + { "test_crlselector", test_crlselector }, + { "test_procparams", test_procparams }, + { "test_resourcelimits", test_resourcelimits }, + { "test_trustanchor", test_trustanchor }, + { "test_valparams", test_valparams }, + { "test_buildresult", test_buildresult }, + { "test_policynode", test_policynode }, + { "test_valresult", test_valresult }, + { "test_verifynode", test_verifynode }, + { "test_store", test_store }, + { "test_basicchecker", test_basicchecker }, + { "test_basicconstraintschecker", test_basicconstraintschecker }, + { "test_buildchain", test_buildchain }, + { "test_buildchain_partialchain", test_buildchain_partialchain }, + { "test_buildchain_resourcelimits", test_buildchain_resourcelimits }, + { "test_buildchain_uchecker", test_buildchain_uchecker }, + { "test_customcrlchecker", test_customcrlchecker }, + { "test_defaultcrlchecker2stores", test_defaultcrlchecker2stores }, + { "test_ocsp", test_ocsp }, + { "test_policychecker", test_policychecker }, + { "test_subjaltnamechecker", test_subjaltnamechecker }, + { "test_validatechain", test_validatechain }, + { "test_validatechain_NB", test_validatechain_NB }, + { "test_validatechain_bc", test_validatechain_bc }, + { "test_error", test_error }, + { "test_list", test_list }, + { "test_list2", test_list2 }, + { "test_logger", test_logger }, + { "test_colcertstore", test_colcertstore }, + { "test_ekuchecker", test_ekuchecker }, + { "test_httpcertstore", test_httpcertstore }, + { "test_pk11certstore", test_pk11certstore }, + { "test_socket", test_socket }, + { "test_authorityinfoaccess", test_authorityinfoaccess }, + { "test_cert", test_cert }, + { "test_crl", test_crl }, + { "test_crlentry", test_crlentry }, + { "test_date", test_date }, + { "test_generalname", test_generalname }, + { "test_nameconstraints", test_nameconstraints }, + { "test_subjectinfoaccess", test_subjectinfoaccess }, + { "test_x500name", test_x500name }, + { "stress_test", stress_test }, + { "test_bigint", test_bigint }, + { "test_bytearray", test_bytearray }, + { "test_hashtable", test_hashtable }, + { "test_mem", test_mem }, + { "test_monitorlock", test_monitorlock }, + { "test_mutex", test_mutex }, + { "test_mutex2", test_mutex2 }, + { "test_mutex3", test_mutex3 }, + { "test_object", test_object }, + { "test_oid", test_oid }, + /* {"test_rwlock", test_rwlock }*/ + { "test_string", test_string }, + { "test_string2", test_string2 }, + { "build_chain", build_chain }, + { "dumpcert", dumpcert }, + { "dumpcrl", dumpcrl }, + { "validate_chain", validate_chain }, + { NULL, NULL }, +}; + +static void +printUsage(char *cmdName) +{ + int fnCounter = 0; + + fprintf(stderr, "Usage: %s [test name] [arg1]...[argN]\n\n", cmdName); + fprintf(stderr, "List of possible names for the tests:"); + while (testFnRefTable[fnCounter].fnName != NULL) { + if (fnCounter % 2 == 0) { + fprintf(stderr, "\n"); + } + fprintf(stderr, " %-35s ", testFnRefTable[fnCounter].fnName); + fnCounter += 1; + } + fprintf(stderr, "\n"); +} + +static SECStatus +getTestArguments(int argc, + char **argv, + mainTestFn *ptestFn, + char **pdbPath, + int *pargc, + char ***pargv) +{ + PLOptState *optstate = NULL; + PLOptStatus status; + mainTestFn testFunction = NULL; + char **wArgv = NULL; + char *dbPath = NULL; + char *fnName = NULL; + int wArgc = 0; + int fnCounter = 0; + + if (argc < 2) { + printf("ERROR: insufficient number of arguments: %s.\n", fnName); + return SECFailure; + } + + fnName = argv[1]; + while (testFnRefTable[fnCounter].fnName != NULL) { + if (!PORT_Strcmp(fnName, testFnRefTable[fnCounter].fnName)) { + testFunction = testFnRefTable[fnCounter].fnPointer; + break; + } + fnCounter += 1; + } + if (!testFunction) { + printf("ERROR: unknown name of the test: %s.\n", fnName); + return SECFailure; + } + + wArgv = PORT_ZNewArray(char *, argc); + if (!wArgv) { + return SECFailure; + } + + /* set name of the function as a first arg and increment arg count. */ + wArgv[0] = fnName; + wArgc += 1; + + optstate = PL_CreateOptState(argc - 1, argv + 1, "d:"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + case 'd': + dbPath = (char *)optstate->value; + break; + + default: + wArgv[wArgc] = (char *)optstate->value; + wArgc += 1; + break; + } + } + PL_DestroyOptState(optstate); + + *ptestFn = testFunction; + *pdbPath = dbPath; + *pargc = wArgc; + *pargv = wArgv; + + return SECSuccess; +} + +static int +runCmd(mainTestFn fnPointer, + int argc, + char **argv, + char *dbPath) +{ + int retStat = 0; + + /* Initialize NSPR and NSS. */ + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + + /* if using databases, use NSS_Init and not NSS_NoDB_Init */ + if (dbPath && PORT_Strlen(dbPath) != 0) { + if (NSS_Init(dbPath) != SECSuccess) + return SECFailure; + } else { + if (NSS_NoDB_Init(NULL) != 0) + return SECFailure; + } + retStat = fnPointer(argc, argv); + + if (NSS_Shutdown() != SECSuccess) { + exit(1); + } + PR_Cleanup(); + return retStat; +} + +int +main(int argc, char **argv) +{ + mainTestFn testFunction = NULL; + char *dbPath = NULL; + char **testArgv = NULL; + int testArgc = 0; + int rv = 0; + + rv = getTestArguments(argc, argv, &testFunction, &dbPath, + &testArgc, &testArgv); + if (rv != SECSuccess) { + printUsage(argv[0]); + return 1; + } + + rv = runCmd(testFunction, testArgc, testArgv, dbPath); + + PORT_Free(testArgv); + + return rv; +} diff --git a/security/nss/cmd/libpkix/sample_apps/Makefile b/security/nss/cmd/libpkix/sample_apps/Makefile new file mode 100644 index 0000000000..daa8765778 --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(PKIX_DEPTH)/config.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/sample_apps/build_chain.c b/security/nss/cmd/libpkix/sample_apps/build_chain.c new file mode 100644 index 0000000000..38bf1d9f3a --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/build_chain.c @@ -0,0 +1,242 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * buildChain.c + * + * Tests Cert Chain Building + * + */ + +#include <stdio.h> +#include <string.h> +#include <stddef.h> + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\tbuildChain " + "<trustedCert> <targetCert> <certStoreDirectory>\n\n"); + (void)printf("Builds a chain of certificates between " + "<trustedCert> and <targetCert>\n" + "using the certs and CRLs in <certStoreDirectory>.\n"); +} + +static PKIX_PL_Cert * +createCert(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *inFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +int +build_chain(int argc, char *argv[]) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + char *trustedCertFile = NULL; + char *targetCertFile = NULL; + char *storeDirAscii = NULL; + PKIX_PL_String *storeDirString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_UInt32 actualMinorVersion, numCerts, i; + PKIX_UInt32 j = 0; + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + char *asciiResult = NULL; + PKIX_Boolean useArenas = PKIX_FALSE; + void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 4) { + printUsage(); + return (0); + } + + useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ + useArenas, + PKIX_MAJOR_VERSION, + PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, + &actualMinorVersion, + &plContext)); + + /* create processing params with list of trust anchors */ + trustedCertFile = argv[j + 1]; + trustedCert = createCert(trustedCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + targetCertFile = argv[j + 2]; + targetCert = createCert(targetCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create CertStores */ + + storeDirAscii = argv[j + 3]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + /* build cert chain using processing params and return buildResult */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams, + &nbioContext, + &buildState, + &buildResult, + NULL, + plContext)); + + /* + * As long as we use only CertStores with blocking I/O, we can omit + * checking for completion with nbioContext. + */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + (void)printf("FAILED TO BUILD CHAIN\n"); + } else { + (void)printf("SUCCESSFULLY BUILT CHAIN\n"); + } + + PKIX_PL_Free(asciiResult, plContext); + + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(storeDirString); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(buildResult); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + return (0); +} diff --git a/security/nss/cmd/libpkix/sample_apps/dumpcert.c b/security/nss/cmd/libpkix/sample_apps/dumpcert.c new file mode 100644 index 0000000000..6ff5f83779 --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/dumpcert.c @@ -0,0 +1,182 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * dumpcert.c + * + * dump certificate sample application + * + */ + +#include <stdio.h> + +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "plarena.h" +#include "seccomon.h" +#include "secdert.h" +#include "secasn1t.h" +#include "certt.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\tdumpcert <certFile>\n"); + (void)printf("\tParses a certificate located at <certFile> " + "and displays it.\n"); +} + +static void +printFailure(char *msg) +{ + (void)printf("FAILURE: %s\n", msg); +} + +static PKIX_PL_Cert * +createCert(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_Error *error = NULL; + PRFileDesc *inFile = NULL; + SECItem certDER; + void *buf = NULL; + PKIX_UInt32 len; + SECStatus rv = SECFailure; + + certDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + printFailure("Unable to open cert file"); + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext); + + if (error) { + printFailure("PKIX_PL_ByteArray_Create failed"); + goto cleanup; + } + + error = PKIX_PL_Cert_Create(byteArray, &cert, plContext); + + if (error) { + printFailure("PKIX_PL_Cert_Create failed"); + goto cleanup; + } + } else { + printFailure("Unable to read DER from cert file"); + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (rv == SECSuccess) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + if (byteArray) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext); + } + + return (cert); +} + +int +dumpcert(int argc, char *argv[]) +{ + + PKIX_PL_String *string = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_Error *error = NULL; + char *ascii = NULL; + PKIX_UInt32 length = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean useArenas = PKIX_FALSE; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + if (argc == 1) { + printUsage(); + return (0); + } + + useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); + + PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ + useArenas, + PKIX_MAJOR_VERSION, + PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, + &actualMinorVersion, + &plContext); + + cert = createCert(argv[1 + j]); + + if (cert) { + + error = PKIX_PL_Object_ToString((PKIX_PL_Object *)cert, &string, plContext); + + if (error) { + printFailure("Unable to get string representation " + "of cert"); + goto cleanup; + } + + error = PKIX_PL_String_GetEncoded(string, + PKIX_ESCASCII, + (void **)&ascii, + &length, + plContext); + + if (error || !ascii) { + printFailure("Unable to get ASCII encoding of string"); + goto cleanup; + } + + (void)printf("OUTPUT:\n%s\n", ascii); + + } else { + printFailure("Unable to create certificate"); + goto cleanup; + } + +cleanup: + + if (cert) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext); + } + + if (string) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext); + } + + if (ascii) { + PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext); + } + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("DUMPCERT"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/sample_apps/dumpcrl.c b/security/nss/cmd/libpkix/sample_apps/dumpcrl.c new file mode 100644 index 0000000000..642601409a --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/dumpcrl.c @@ -0,0 +1,186 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * dumpcrl.c + * + * dump CRL sample application + * + */ + +#include <stdio.h> + +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "plarena.h" +#include "seccomon.h" +#include "secdert.h" +#include "secasn1t.h" +#include "certt.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\tdumpcrl <crlFile>\n"); + (void)printf("\tParses a CRL located at <crlFile> " + "and displays it.\n"); +} + +static void +printFailure(char *msg) +{ + (void)printf("FAILURE: %s\n", msg); +} + +static PKIX_PL_CRL * +createCRL(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + PKIX_PL_CRL *crl = NULL; + PKIX_Error *error = NULL; + PRFileDesc *inFile = NULL; + SECItem crlDER; + void *buf = NULL; + PKIX_UInt32 len; + SECStatus rv; + + PKIX_TEST_STD_VARS(); + + crlDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + printFailure("Unable to open crl file"); + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)crlDER.data; + len = crlDER.len; + + error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext); + + if (error) { + printFailure("PKIX_PL_ByteArray_Create failed"); + goto cleanup; + } + + error = PKIX_PL_CRL_Create(byteArray, &crl, plContext); + if (error) { + printFailure("PKIX_PL_CRL_Create failed"); + goto cleanup; + } + + SECITEM_FreeItem(&crlDER, PR_FALSE); + } else { + printFailure("Unable to read DER from crl file"); + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (error) { + SECITEM_FreeItem(&crlDER, PR_FALSE); + } + + if (byteArray) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext); + } + + PKIX_TEST_RETURN(); + + return (crl); +} + +int +dumpcrl(int argc, char *argv[]) +{ + + PKIX_PL_String *string = NULL; + PKIX_PL_CRL *crl = NULL; + PKIX_Error *error = NULL; + char *ascii = NULL; + PKIX_UInt32 length; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_Boolean useArenas = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc == 1) { + printUsage(); + return (0); + } + + useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); + + PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ + useArenas, + PKIX_MAJOR_VERSION, + PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, + &actualMinorVersion, + &plContext); + + crl = createCRL(argv[j + 1]); + + if (crl) { + + error = PKIX_PL_Object_ToString((PKIX_PL_Object *)crl, &string, plContext); + + if (error) { + printFailure("Unable to get string representation " + "of crl"); + goto cleanup; + } + + error = PKIX_PL_String_GetEncoded(string, + PKIX_ESCASCII, + (void **)&ascii, + &length, + plContext); + if (error || !ascii) { + printFailure("Unable to get ASCII encoding of string"); + goto cleanup; + } + + (void)printf("OUTPUT:\n%s\n", ascii); + + } else { + printFailure("Unable to create CRL"); + goto cleanup; + } + +cleanup: + + if (crl) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(crl), plContext); + } + + if (string) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext); + } + + if (ascii) { + PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext); + } + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("DUMPCRL"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/sample_apps/manifest.mn b/security/nss/cmd/libpkix/sample_apps/manifest.mn new file mode 100644 index 0000000000..32926cc1bb --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/manifest.mn @@ -0,0 +1,23 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = dumpcert.c \ + dumpcrl.c \ + validate_chain.c \ + build_chain.c \ + $(NULL) + +LIBRARY_NAME=pkixtoolsmplapps + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/sample_apps/validate_chain.c b/security/nss/cmd/libpkix/sample_apps/validate_chain.c new file mode 100644 index 0000000000..1ccf364e0c --- /dev/null +++ b/security/nss/cmd/libpkix/sample_apps/validate_chain.c @@ -0,0 +1,220 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * validateChain.c + * + * Tests Cert Chain Validation + * + */ + +#include <stdio.h> +#include <string.h> +#include <stddef.h> + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\tvalidateChain <trustedCert> " + "<cert_1> <cert_2> ... <cert_n>\n"); + (void)printf("\tValidates a chain of n certificates " + "using the given trust anchor.\n"); +} + +static PKIX_PL_Cert * +createCert(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *inFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +int +validate_chain(int argc, char *argv[]) +{ + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_PL_X500Name *subject = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + char *trustedCertFile = NULL; + char *chainCertFile = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *chainCert = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + if (argc < 3) { + printUsage(); + return (0); + } + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + chainLength = (argc - j) - 2; + + /* create processing params with list of trust anchors */ + trustedCertFile = argv[1 + j]; + trustedCert = createCert(trustedCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + +#if 0 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject + (certSelParams, subject, plContext)); +#endif + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_DECREF_BC(subject); + PKIX_TEST_DECREF_BC(certSelParams); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_DECREF_BC(certSelector); + + /* create cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); + for (i = 0; i < chainLength; i++) { + chainCertFile = argv[(i + j) + 2]; + chainCert = createCert(chainCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, + (PKIX_PL_Object *)chainCert, + plContext)); + + PKIX_TEST_DECREF_BC(chainCert); + chainCert = NULL; + } + /* create validate params with processing params and cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext)); + + PKIX_TEST_DECREF_BC(trustedCert); + trustedCert = NULL; + PKIX_TEST_DECREF_BC(anchor); + anchor = NULL; + PKIX_TEST_DECREF_BC(anchors); + anchors = NULL; + PKIX_TEST_DECREF_BC(certs); + certs = NULL; + PKIX_TEST_DECREF_BC(procParams); + procParams = NULL; + + /* validate cert chain using processing params and return valResult */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + if (valResult != NULL) { + (void)printf("SUCCESSFULLY VALIDATED\n"); + } + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + (void)printf("FAILED TO VALIDATE\n"); + (void)PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + PKIX_TEST_DECREF_AC(verifyString); + } + + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(valParams); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + return (0); +} diff --git a/security/nss/cmd/libpkix/testutil/Makefile b/security/nss/cmd/libpkix/testutil/Makefile new file mode 100644 index 0000000000..cc9d235938 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/Makefile @@ -0,0 +1,50 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(PKIX_DEPTH)/config.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +include $(PLAT_DEPTH)/platrules.mk + + diff --git a/security/nss/cmd/libpkix/testutil/config.mk b/security/nss/cmd/libpkix/testutil/config.mk new file mode 100644 index 0000000000..f1f6674f90 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/config.mk @@ -0,0 +1,8 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# don't build the static library +LIBRARY = +RES = diff --git a/security/nss/cmd/libpkix/testutil/manifest.mn b/security/nss/cmd/libpkix/testutil/manifest.mn new file mode 100644 index 0000000000..184085b1b1 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/manifest.mn @@ -0,0 +1,27 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. + +MODULE = nss + +PRIVATE_EXPORTS = \ + testutil_nss.h \ + testutil.h \ + $(NULL) + +CSRCS = \ + testutil_nss.c \ + testutil.c \ + $(NULL) + +LIBRARY_NAME = pkixtooltestutil +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR = $(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/testutil/pkixutil.def b/security/nss/cmd/libpkix/testutil/pkixutil.def new file mode 100644 index 0000000000..407d40a318 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/pkixutil.def @@ -0,0 +1,48 @@ +;+# +;+# This Source Code Form is subject to the terms of the Mozilla Public +;+# License, v. 2.0. If a copy of the MPL was not distributed with this +;+# file, You can obtain one at http://mozilla.org/MPL/2.0/. +;+# +;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS +;+# 1. For all unix platforms, the string ";-" means "remove this line" +;+# 2. For all unix platforms, the string " DATA " will be removed from any +;+# line on which it occurs. +;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. +;+# On AIX, lines containing ";+" will be removed. +;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. +;+# 5. For all unix platforms, after the above processing has taken place, +;+# all characters after the first ";" on the line will be removed. +;+# And for AIX, the first ";" will also be removed. +;+# This file is passed directly to windows. Since ';' is a comment, all UNIX +;+# directives are hidden behind ";", ";+", and ";-" +;+ +;+NSS_3.12 { # NSS 3.12 release +;+ global: +LIBRARY pkixutil ;- +EXPORTS ;- +createBuildResult; +createCRL; +createCert; +createCertChain; +createCertChainPlus; +createDate; +createGeneralName; +createProcessingParams; +createTrustAnchor; +createValidateParams; +createValidateResult; +endTests; +startTests; +subTest; +testDuplicateHelper; +testEqualsHelper; +testError; +testErrorUndo; +testHashcodeHelper; +testToStringHelper; +PKIX_Cert2ASCII; +PKIX_Error2ASCII; +PKIX_String2ASCII; +;+ local: +;+ *; +;+}; diff --git a/security/nss/cmd/libpkix/testutil/testutil.c b/security/nss/cmd/libpkix/testutil/testutil.c new file mode 100644 index 0000000000..0f438ba430 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/testutil.c @@ -0,0 +1,576 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testutil.c + * + * Utility error handling functions + * + */ + +#include "testutil.h" + +/* + * static global variable to keep track of total number of errors for + * a particular test suite (eg. all the OID tests) + */ +static int errCount = 0; + +/* + * FUNCTION: startTests + * DESCRIPTION: + * + * Prints standard message for starting the test suite with the name pointed + * to by "testName". This function should be called in the beginning of every + * test suite. + * + * PARAMETERS: + * "testName" + * Address of string representing name of test suite. + * THREAD SAFETY: + * Not Thread Safe - assumes exclusive access to "errCount" + * (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +startTests(char *testName) +{ + (void)printf("*START OF TESTS FOR %s:\n", testName); + errCount = 0; +} + +/* + * FUNCTION: endTests + * DESCRIPTION: + * + * Prints standard message for ending the test suite with the name pointed + * to by "testName", followed by a success/failure message. This function + * should be called at the end of every test suite. + * + * PARAMETERS: + * "testName" + * Address of string representing name of test suite. + * THREAD SAFETY: + * Not Thread Safe - assumes exclusive access to "errCount" + * (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +endTests(char *testName) +{ + char plural = ' '; + + (void)printf("*END OF TESTS FOR %s: ", testName); + if (errCount > 0) { + if (errCount > 1) + plural = 's'; + (void)printf("%d SUBTEST%c FAILED.\n\n", errCount, plural); + } else { + (void)printf("ALL TESTS COMPLETED SUCCESSFULLY.\n\n"); + } +} + +/* + * FUNCTION: subTest + * DESCRIPTION: + * + * Prints standard message for starting the subtest with the name pointed to + * by "subTestName". This function should be called at the beginning of each + * subtest. + * + * PARAMETERS: + * "subTestName" + * Address of string representing name of subTest. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +subTest(char *subTestName) +{ + (void)printf("TESTING: %s ...\n", subTestName); +} + +/* + * FUNCTION: testErrorUndo + * DESCRIPTION: + * + * Decrements the global variable "errCount" and prints a test failure + * expected message followed by the string pointed to by "msg". This function + * should be called when an expected error condition is encountered in the + * tests. Calling this function *correct* the previous errCount increment. + * It should only be called ONCE per subtest. + * + * PARAMETERS: + * "msg" + * Address of text of error message. + * THREAD SAFETY: + * Not Thread Safe - assumes exclusive access to "errCount" + * (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testErrorUndo(char *msg) +{ + --errCount; + (void)printf("TEST FAILURE *** EXPECTED *** :%s\n", msg); +} + +/* + * FUNCTION: testError + * DESCRIPTION: + * + * Increments the global variable "errCount" and prints a standard test + * failure message followed by the string pointed to by "msg". This function + * should be called when an unexpected error condition is encountered in the + * tests. It should only be called ONCE per subtest. + * + * PARAMETERS: + * "msg" + * Address of text of error message. + * THREAD SAFETY: + * Not Thread Safe - assumes exclusive access to "errCount" + * (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testError(char *msg) +{ + ++errCount; + (void)printf("TEST FAILURE: %s\n", msg); +} + +/* + * FUNCTION: PKIX_String2ASCII + * DESCRIPTION: + * + * Converts String object pointed to by "string" to its ASCII representation + * and returns the converted value. Returns NULL upon failure. + * + * XXX Might want to use ESCASCII_DEBUG to show control characters, etc. + * + * PARAMETERS: + * "string" + * Address of String to be converted to ASCII. Must be non-NULL. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns the ASCII representation of "string" upon success; + * NULL upon failure. + */ +char * +PKIX_String2ASCII(PKIX_PL_String *string, void *plContext) +{ + PKIX_UInt32 length; + char *asciiString = NULL; + PKIX_Error *errorResult; + + errorResult = PKIX_PL_String_GetEncoded(string, + PKIX_ESCASCII, + (void **)&asciiString, + &length, + plContext); + + if (errorResult) + goto cleanup; + +cleanup: + + if (errorResult) { + return (NULL); + } + + return (asciiString); +} + +/* + * FUNCTION: PKIX_Error2ASCII + * DESCRIPTION: + * + * Converts Error pointed to by "error" to its ASCII representation and + * returns the converted value. Returns NULL upon failure. + * + * PARAMETERS: + * "error" + * Address of Error to be converted to ASCII. Must be non-NULL. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns the ASCII representation of "error" upon success; + * NULL upon failure. + */ +char * +PKIX_Error2ASCII(PKIX_Error *error, void *plContext) +{ + PKIX_UInt32 length; + char *asciiString = NULL; + PKIX_PL_String *pkixString = NULL; + PKIX_Error *errorResult = NULL; + + errorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)error, &pkixString, plContext); + if (errorResult) + goto cleanup; + + errorResult = PKIX_PL_String_GetEncoded(pkixString, + PKIX_ESCASCII, + (void **)&asciiString, + &length, + plContext); + +cleanup: + + if (pkixString) { + if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, plContext)) { + return (NULL); + } + } + + if (errorResult) { + return (NULL); + } + + return (asciiString); +} + +/* + * FUNCTION: PKIX_Object2ASCII + * DESCRIPTION: + * + * Converts Object pointed to by "object" to its ASCII representation and + * returns the converted value. Returns NULL upon failure. + * + * PARAMETERS: + * "object" + * Address of Object to be converted to ASCII. Must be non-NULL. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns the ASCII representation of "object" upon success; + * NULL upon failure. + */ +char * +PKIX_Object2ASCII(PKIX_PL_Object *object) +{ + PKIX_UInt32 length; + char *asciiString = NULL; + PKIX_PL_String *pkixString = NULL; + PKIX_Error *errorResult = NULL; + + errorResult = PKIX_PL_Object_ToString(object, &pkixString, NULL); + if (errorResult) + goto cleanup; + + errorResult = PKIX_PL_String_GetEncoded(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL); + +cleanup: + + if (pkixString) { + if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, NULL)) { + return (NULL); + } + } + + if (errorResult) { + return (NULL); + } + + return (asciiString); +} + +/* + * FUNCTION: PKIX_Cert2ASCII + * DESCRIPTION: + * + * Converts Cert pointed to by "cert" to its partial ASCII representation and + * returns the converted value. Returns NULL upon failure. + * + * PARAMETERS: + * "cert" + * Address of Cert to be converted to ASCII. Must be non-NULL. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns the partial ASCII representation of "cert" upon success; + * NULL upon failure. + */ +char * +PKIX_Cert2ASCII(PKIX_PL_Cert *cert) +{ + PKIX_PL_X500Name *issuer = NULL; + void *issuerAscii = NULL; + PKIX_PL_X500Name *subject = NULL; + void *subjectAscii = NULL; + void *asciiString = NULL; + PKIX_Error *errorResult = NULL; + PKIX_UInt32 numChars; + + /* Issuer */ + errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL); + if (errorResult) + goto cleanup; + + issuerAscii = PKIX_Object2ASCII((PKIX_PL_Object *)issuer); + + /* Subject */ + errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL); + if (errorResult) + goto cleanup; + + if (subject) { + subjectAscii = PKIX_Object2ASCII((PKIX_PL_Object *)subject); + } + + errorResult = PKIX_PL_Malloc(200, &asciiString, NULL); + if (errorResult) + goto cleanup; + + numChars = + PR_snprintf(asciiString, + 200, + "Issuer=%s\nSubject=%s\n", + issuerAscii, + subjectAscii); + + if (!numChars) + goto cleanup; + +cleanup: + + if (issuer) { + if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)issuer, NULL)) { + return (NULL); + } + } + + if (subject) { + if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)subject, NULL)) { + return (NULL); + } + } + + if (PKIX_PL_Free((PKIX_PL_Object *)issuerAscii, NULL)) { + return (NULL); + } + + if (PKIX_PL_Free((PKIX_PL_Object *)subjectAscii, NULL)) { + return (NULL); + } + + if (errorResult) { + return (NULL); + } + + return (asciiString); +} + +/* + * FUNCTION: testHashcodeHelper + * DESCRIPTION: + * + * Computes the hashcode of the Object pointed to by "goodObject" and the + * Object pointed to by "otherObject" and compares them. If the result of the + * comparison is not the desired match as specified by "match", an error + * message is generated. + * + * PARAMETERS: + * "goodObject" + * Address of an object. Must be non-NULL. + * "otherObject" + * Address of another object. Must be non-NULL. + * "match" + * Boolean value representing the desired comparison result. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testHashcodeHelper( + PKIX_PL_Object *goodObject, + PKIX_PL_Object *otherObject, + PKIX_Boolean match, + void *plContext) +{ + + PKIX_UInt32 goodHash; + PKIX_UInt32 otherHash; + PKIX_Boolean cmpResult; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)goodObject, &goodHash, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)otherObject, &otherHash, plContext)); + + cmpResult = (goodHash == otherHash); + + if ((match && !cmpResult) || (!match && cmpResult)) { + testError("unexpected mismatch"); + (void)printf("Hash1:\t%d\n", goodHash); + (void)printf("Hash2:\t%d\n", otherHash); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +/* + * FUNCTION: testToStringHelper + * DESCRIPTION: + * + * Calls toString on the Object pointed to by "goodObject" and compares the + * result to the string pointed to by "expected". If the results are not + * equal, an error message is generated. + * + * PARAMETERS: + * "goodObject" + * Address of Object. Must be non-NULL. + * "expected" + * Address of the desired string. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testToStringHelper( + PKIX_PL_Object *goodObject, + char *expected, + void *plContext) +{ + PKIX_PL_String *stringRep = NULL; + char *actual = NULL; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(goodObject, &stringRep, plContext)); + + actual = PKIX_String2ASCII(stringRep, plContext); + if (actual == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + /* + * If you are having trouble matching the string, uncomment the + * PL_strstr function to figure out what's going on. + */ + + /* + if (PL_strstr(actual, expected) == NULL){ + testError("PL_strstr failed"); + } + */ + + if (PL_strcmp(actual, expected) != 0) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%s\n", actual); + (void)printf("Expected value:\t%s\n", expected); + } + +cleanup: + + PKIX_PL_Free(actual, plContext); + + PKIX_TEST_DECREF_AC(stringRep); + + PKIX_TEST_RETURN(); +} + +/* + * FUNCTION: testEqualsHelper + * DESCRIPTION: + * + * Checks if the Object pointed to by "goodObject" is Equal to the Object + * pointed to by "otherObject". If the result of the check is not the desired + * match as specified by "match", an error message is generated. + * + * PARAMETERS: + * "goodObject" + * Address of an Object. Must be non-NULL. + * "otherObject" + * Address of another Object. Must be non-NULL. + * "match" + * Boolean value representing the desired comparison result. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testEqualsHelper( + PKIX_PL_Object *goodObject, + PKIX_PL_Object *otherObject, + PKIX_Boolean match, + void *plContext) +{ + + PKIX_Boolean cmpResult; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(goodObject, otherObject, &cmpResult, plContext)); + + if ((match && !cmpResult) || (!match && cmpResult)) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", cmpResult); + (void)printf("Expected value:\t%d\n", match); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +/* + * FUNCTION: testDuplicateHelper + * DESCRIPTION: + * Checks if the Object pointed to by "object" is equal to its duplicate. + * If the result of the check is not equality, an error message is generated. + * PARAMETERS: + * "object" + * Address of Object. Must be non-NULL. + * "plContext" + * Platform-specific context pointer. + * THREAD SAFETY: + * Thread Safe (see Thread Safety Definitions in Programmer's Guide) + * RETURNS: + * Returns nothing. + */ +void +testDuplicateHelper(PKIX_PL_Object *object, void *plContext) +{ + PKIX_PL_Object *newObject = NULL; + PKIX_Boolean cmpResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate(object, &newObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(object, newObject, &cmpResult, plContext)); + + if (!cmpResult) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%d\n", cmpResult); + (void)printf("Expected value:\t%d\n", PKIX_TRUE); + } + +cleanup: + + PKIX_TEST_DECREF_AC(newObject); + + PKIX_TEST_RETURN(); +} diff --git a/security/nss/cmd/libpkix/testutil/testutil.h b/security/nss/cmd/libpkix/testutil/testutil.h new file mode 100644 index 0000000000..9c594fa038 --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/testutil.h @@ -0,0 +1,292 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testutil.h + * + * Utility functions for handling test errors + * + */ + +#ifndef _TESTUTIL_H +#define _TESTUTIL_H + +#include "pkix.h" +#include "plstr.h" +#include "prprf.h" +#include "prlong.h" +#include "pkix_pl_common.h" +#include "secutil.h" +#include <stdio.h> +#include <ctype.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * In order to have a consistent format for displaying test information, + * all tests are REQUIRED to use the functions provided by this library + * (libtestutil.a) for displaying their information. + * + * A test using this library begins with a call to startTests with the test + * name as the arg (which is used only for formatting). Before the first + * subtest, a call to subTest should be made with the subtest name as the arg + * (again, for formatting). If the subTest is successful, then no action + * is needed. However, if the subTest is not successful, then a call + * to testError should be made with a descriptive error message as the arg. + * Note that a subTest MUST NOT call testError more than once. + * Finally, a call to endTests is made with the test name as the arg (for + * formatting). Note that most of these macros assume that a variable named + * "plContext" of type (void *) has been defined by the test. As such, it + * is essential that the test satisfy this condition. + */ + +/* + * PKIX_TEST_STD_VARS should be called at the beginning of every function + * that uses PKIX_TEST_RETURN (e.g. subTests), but it should be called only + * AFTER declaring local variables (so we don't get compiler warnings about + * declarations after statements). PKIX_TEST_STD_VARS declares and initializes + * several variables needed by the other test macros. + */ +#define PKIX_TEST_STD_VARS() \ + PKIX_Error *pkixTestErrorResult = NULL; \ + char *pkixTestErrorMsg = NULL; + +/* + * PKIX_TEST_EXPECT_NO_ERROR should be used to wrap a standard PKIX function + * call (one which returns a pointer to PKIX_Error) that is expected to return + * NULL (i.e. to succeed). If "pkixTestErrorResult" is not NULL, + * "goto cleanup" is executed, where a testError call is made if there were + * unexpected results. This macro MUST NOT be called after the "cleanup" label. + * + * Example Usage: PKIX_TEST_EXPECT_NO_ERROR(pkixFunc_expected_to_succeed(...)); + */ + +#define PKIX_TEST_EXPECT_NO_ERROR(func) \ + do { \ + pkixTestErrorResult = (func); \ + if (pkixTestErrorResult) { \ + goto cleanup; \ + } \ + } while (0) + +/* + * PKIX_TEST_EXPECT_ERROR should be used to wrap a standard PKIX function call + * (one which returns a pointer to PKIX_Error) that is expected to return + * a non-NULL value (i.e. to fail). If "pkixTestErrorResult" is NULL, + * "pkixTestErrorMsg" is set to a standard string and "goto cleanup" + * is executed, where a testError call is made if there were unexpected + * results. This macro MUST NOT be called after the "cleanup" label. + * + * Example Usage: PKIX_TEST_EXPECT_ERROR(pkixFunc_expected_to_fail(...)); + */ + +#define PKIX_TEST_EXPECT_ERROR(func) \ + do { \ + pkixTestErrorResult = (func); \ + if (!pkixTestErrorResult) { \ + pkixTestErrorMsg = \ + "Should have thrown an error here."; \ + goto cleanup; \ + } \ + PKIX_TEST_DECREF_BC(pkixTestErrorResult); \ + } while (0) + +/* + * PKIX_TEST_DECREF_BC is a convenience macro which should only be called + * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it + * DecRefs the input parameter and wraps the function with + * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error. + * This macro MUST NOT be called after the "cleanup" label. + */ + +#define PKIX_TEST_DECREF_BC(obj) \ + do { \ + if (obj) { \ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext)); \ + obj = NULL; \ + } \ + } while (0) + +/* + * PKIX_TEST_DECREF_AC is a convenience macro which should only be called + * AFTER the "cleanup" label ("AC"). If the input parameter is non-NULL, it + * DecRefs the input parameter. A pkixTestTempResult variable is used to prevent + * incorrectly overwriting pkixTestErrorResult with NULL. + * In the case DecRef succeeds, pkixTestTempResult will be NULL, and we won't + * overwrite a previously set pkixTestErrorResult (if any). If DecRef fails, + * then we do want to overwrite a previously set pkixTestErrorResult since a + * DecRef failure is fatal and may be indicative of memory corruption. + */ + +#define PKIX_TEST_DECREF_AC(obj) \ + do { \ + if (obj) { \ + PKIX_Error *pkixTestTempResult = NULL; \ + pkixTestTempResult = \ + PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \ + if (pkixTestTempResult) \ + pkixTestErrorResult = pkixTestTempResult; \ + obj = NULL; \ + } \ + } while (0) + +/* + * PKIX_TEST_RETURN must always be AFTER the "cleanup" label. It does nothing + * if everything went as expected. However, if there were unexpected results, + * PKIX_TEST_RETURN calls testError, which displays a standard failure message + * and increments the number of subtests that have failed. In the case + * of an unexpected error, testError is called using the error's description + * as an input and the error is DecRef'd. In the case of unexpected success + * testError is called with a standard string. + */ +#define PKIX_TEST_RETURN() \ + { \ + if (pkixTestErrorMsg) { \ + testError(pkixTestErrorMsg); \ + } else if (pkixTestErrorResult) { \ + pkixTestErrorMsg = \ + PKIX_Error2ASCII(pkixTestErrorResult, plContext); \ + if (pkixTestErrorMsg) { \ + testError(pkixTestErrorMsg); \ + PKIX_PL_Free((PKIX_PL_Object *)pkixTestErrorMsg, \ + plContext); \ + } else { \ + testError("PKIX_Error2ASCII Failed"); \ + } \ + if (pkixTestErrorResult != PKIX_ALLOC_ERROR()) { \ + PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, \ + plContext); \ + pkixTestErrorResult = NULL; \ + } \ + } \ + } + +/* + * PKIX_TEST_EQ_HASH_TOSTR_DUP is a convenience macro which executes the + * standard set of operations that test the Equals, Hashcode, ToString, and + * Duplicate functions of an object type. The goodObj, equalObj, and diffObj + * are as the names suggest. The expAscii parameter is the expected result of + * calling ToString on the goodObj. If expAscii is NULL, then ToString will + * not be called on the goodObj. The checkDuplicate parameter is treated as + * a Boolean to indicate whether the Duplicate function should be tested. If + * checkDuplicate is NULL, then Duplicate will not be called on the goodObj. + * The type is the name of the function's family. For example, if the type is + * Cert, this macro will call PKIX_PL_Cert_Equals, PKIX_PL_Cert_Hashcode, and + * PKIX_PL_Cert_ToString. + * + * Note: If goodObj uses the default Equals and Hashcode functions, then + * for goodObj and equalObj to be equal, they must have the same pointer value. + */ +#define PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObj, equalObj, diffObj, \ + expAscii, type, checkDuplicate) \ + do { \ + subTest("PKIX_PL_" #type "_Equals <match>"); \ + testEqualsHelper((PKIX_PL_Object *)(goodObj), \ + (PKIX_PL_Object *)(equalObj), \ + PKIX_TRUE, \ + plContext); \ + subTest("PKIX_PL_" #type "_Hashcode <match>"); \ + testHashcodeHelper((PKIX_PL_Object *)(goodObj), \ + (PKIX_PL_Object *)(equalObj), \ + PKIX_TRUE, \ + plContext); \ + subTest("PKIX_PL_" #type "_Equals <non-match>"); \ + testEqualsHelper((PKIX_PL_Object *)(goodObj), \ + (PKIX_PL_Object *)(diffObj), \ + PKIX_FALSE, \ + plContext); \ + subTest("PKIX_PL_" #type "_Hashcode <non-match>"); \ + testHashcodeHelper((PKIX_PL_Object *)(goodObj), \ + (PKIX_PL_Object *)(diffObj), \ + PKIX_FALSE, \ + plContext); \ + if (expAscii) { \ + subTest("PKIX_PL_" #type "_ToString"); \ + testToStringHelper((PKIX_PL_Object *)(goodObj), \ + (expAscii), \ + plContext); \ + } \ + if (checkDuplicate) { \ + subTest("PKIX_PL_" #type "_Duplicate"); \ + testDuplicateHelper((PKIX_PL_Object *)goodObj, plContext); \ + } \ + } while (0) + +/* + * PKIX_TEST_DECREF_BC is a convenience macro which should only be called + * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it + * DecRefs the input parameter and wraps the function with + * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error. + * This macro MUST NOT be called after the "cleanup" label. + */ + +#define PKIX_TEST_ABORT_ON_NULL(obj) \ + do { \ + if (!obj) { \ + goto cleanup; \ + } \ + } while (0) + +#define PKIX_TEST_ARENAS_ARG(arena) \ + (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : PKIX_FALSE) + +#define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult) + +/* see source file for function documentation */ + +void startTests(char *testName); + +void endTests(char *testName); + +void subTest(char *subTestName); + +void testError(char *msg); + +extern PKIX_Error * +_ErrorCheck(PKIX_Error *errorResult); + +extern PKIX_Error * +_OutputError(PKIX_Error *errorResult); + +char *PKIX_String2ASCII(PKIX_PL_String *string, void *plContext); + +char *PKIX_Error2ASCII(PKIX_Error *error, void *plContext); + +char *PKIX_Object2ASCII(PKIX_PL_Object *object); + +char *PKIX_Cert2ASCII(PKIX_PL_Cert *cert); + +void +testHashcodeHelper( + PKIX_PL_Object *goodObject, + PKIX_PL_Object *otherObject, + PKIX_Boolean match, + void *plContext); + +void +testToStringHelper( + PKIX_PL_Object *goodObject, + char *expected, + void *plContext); + +void +testEqualsHelper( + PKIX_PL_Object *goodObject, + PKIX_PL_Object *otherObject, + PKIX_Boolean match, + void *plContext); + +void +testDuplicateHelper( + PKIX_PL_Object *object, + void *plContext); +void +testErrorUndo(char *msg); + +#ifdef __cplusplus +} +#endif + +#endif /* TESTUTIL_H */ diff --git a/security/nss/cmd/libpkix/testutil/testutil_nss.c b/security/nss/cmd/libpkix/testutil/testutil_nss.c new file mode 100644 index 0000000000..3417d0ab7c --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/testutil_nss.c @@ -0,0 +1,579 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testutil_nss.c + * + * NSS-specific utility functions for handling test errors + * + */ + +#include <stdio.h> +#include <string.h> +#include <stddef.h> + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "secutil.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static char * +catDirName(char *dir, char *name, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 nameLen; + PKIX_UInt32 dirLen; + + PKIX_TEST_STD_VARS(); + + nameLen = PL_strlen(name); + dirLen = PL_strlen(dir); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2, + (void **)&pathName, + plContext)); + + PL_strcpy(pathName, dir); + PL_strcat(pathName, "/"); + PL_strcat(pathName, name); + printf("pathName = %s\n", pathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +PKIX_PL_Cert * +createCert( + char *dirName, + char *certFileName, + void *plContext) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *certFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + char *pathName = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + pathName = catDirName(dirName, certFileName, plContext); + certFile = PR_Open(pathName, PR_RDONLY, 0); + + if (!certFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(pathName, plContext); + + if (certFile) { + PR_Close(certFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +PKIX_PL_CRL * +createCRL( + char *dirName, + char *crlFileName, + void *plContext) +{ + PKIX_PL_ByteArray *byteArray = NULL; + PKIX_PL_CRL *crl = NULL; + PKIX_Error *error = NULL; + PRFileDesc *inFile = NULL; + SECItem crlDER; + void *buf = NULL; + PKIX_UInt32 len; + SECStatus rv; + char *pathName = NULL; + + PKIX_TEST_STD_VARS(); + + crlDER.data = NULL; + + pathName = catDirName(dirName, crlFileName, plContext); + inFile = PR_Open(pathName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open crl file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)crlDER.data; + len = crlDER.len; + + error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext); + + if (error) { + pkixTestErrorMsg = + "PKIX_PL_ByteArray_Create failed"; + goto cleanup; + } + + error = PKIX_PL_CRL_Create(byteArray, &crl, plContext); + if (error) { + pkixTestErrorMsg = "PKIX_PL_Crl_Create failed"; + goto cleanup; + } + + SECITEM_FreeItem(&crlDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from crl file"; + goto cleanup; + } + } + +cleanup: + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext)); + + if (inFile) { + PR_Close(inFile); + } + + if (error) { + SECITEM_FreeItem(&crlDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (crl); +} + +PKIX_TrustAnchor * +createTrustAnchor( + char *dirName, + char *certFileName, + PKIX_Boolean useCert, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_X500Name *name = NULL; + PKIX_PL_PublicKey *pubKey = NULL; + PKIX_PL_CertNameConstraints *nameConstraints = NULL; + + PKIX_TEST_STD_VARS(); + + cert = createCert(dirName, certFileName, plContext); + + if (useCert) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext)); + + if (name == NULL) { + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext)); + } + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(anchor); + } + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(name); + PKIX_TEST_DECREF_AC(pubKey); + PKIX_TEST_DECREF_AC(nameConstraints); + + PKIX_TEST_RETURN(); + + return (anchor); +} + +PKIX_List * +createCertChain( + char *dirName, + char *firstCertFileName, + char *secondCertFileName, + void *plContext) +{ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_List *certList = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); + + firstCert = createCert(dirName, firstCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext)); + + if (secondCertFileName) { + secondCert = createCert(dirName, secondCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(certList); + } + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + + PKIX_TEST_RETURN(); + + return (certList); +} + +PKIX_List * +createCertChainPlus( + char *dirName, + char *certNames[], + PKIX_PL_Cert *certs[], + PKIX_UInt32 numCerts, + void *plContext) +{ + PKIX_List *certList = NULL; + PKIX_UInt32 i; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); + + for (i = 0; i < numCerts; i++) { + + certs[i] = createCert(dirName, certNames[i], plContext); + + /* Create Cert may fail */ + if (certs[i] == NULL) { + PKIX_TEST_DECREF_BC(certList); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, + (PKIX_PL_Object *)certs[i], + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(certList); + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_DECREF_AC(certs[i]); + } + + PKIX_TEST_RETURN(); + + return (certList); +} + +PKIX_PL_Date * +createDate( + char *asciiDate, + void *plContext) +{ + PKIX_PL_Date *date = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (date); +} + +PKIX_ProcessingParams * +createProcessingParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean isCrlEnabled, + void *plContext) +{ + + PKIX_TrustAnchor *firstAnchor = NULL; + PKIX_TrustAnchor *secondAnchor = NULL; + PKIX_List *anchorsList = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_String *dateString = NULL; + PKIX_PL_Date *testDate = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext)); + + firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList, + (PKIX_PL_Object *)firstAnchor, + plContext)); + + if (secondAnchorFileName) { + secondAnchor = + createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList, + (PKIX_PL_Object *)secondAnchor, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext)); + + if (dateAscii) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dateAscii, + 0, + &dateString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(procParams); + } + + PKIX_TEST_DECREF_AC(dateString); + PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(anchorsList); + PKIX_TEST_DECREF_AC(firstAnchor); + PKIX_TEST_DECREF_AC(secondAnchor); + + PKIX_TEST_RETURN(); + + return (procParams); +} + +PKIX_ValidateParams * +createValidateParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean initialPolicyMappingInhibit, + PKIX_Boolean initialAnyPolicyInhibit, + PKIX_Boolean initialExplicitPolicy, + PKIX_Boolean isCrlEnabled, + PKIX_List *chain, + void *plContext) +{ + + PKIX_ProcessingParams *procParams = NULL; + PKIX_ValidateParams *valParams = NULL; + + PKIX_TEST_STD_VARS(); + + procParams = + createProcessingParams(dirName, + firstAnchorFileName, + secondAnchorFileName, + dateAscii, + NULL, + isCrlEnabled, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(valParams); + } + + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (valParams); +} + +PKIX_ValidateResult * +createValidateResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + void *plContext) +{ + + PKIX_TrustAnchor *anchor = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_PublicKey *pubKey = NULL; + + PKIX_TEST_STD_VARS(); + + anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext); + cert = createCert(dirName, pubKeyCertFileName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(valResult); + } + + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(pubKey); + + PKIX_TEST_RETURN(); + + return (valResult); +} + +PKIX_PL_GeneralName * +createGeneralName( + PKIX_UInt32 nameType, + char *asciiName, + void *plContext) +{ + + PKIX_PL_GeneralName *generalName = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (generalName); +} + +PKIX_BuildResult * +createBuildResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + char *firstChainCertFileName, + char *secondChainCertFileName, + void *plContext) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *certChain = NULL; + + PKIX_TEST_STD_VARS(); + + valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext); + certChain = createCertChain(dirName, + firstChainCertFileName, + secondChainCertFileName, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext)); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + PKIX_TEST_DECREF_AC(buildResult); + } + + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(certChain); + + PKIX_TEST_RETURN(); + + return (buildResult); +} diff --git a/security/nss/cmd/libpkix/testutil/testutil_nss.h b/security/nss/cmd/libpkix/testutil/testutil_nss.h new file mode 100644 index 0000000000..e1f24af89d --- /dev/null +++ b/security/nss/cmd/libpkix/testutil/testutil_nss.h @@ -0,0 +1,119 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * testutil_nss.h + * + * NSS-specific utility functions for handling test errors + * + */ + +#ifndef _TESTUTIL_NSS_H +#define _TESTUTIL_NSS_H + +#include "pkix_tools.h" +#include "plstr.h" +#include "prprf.h" +#include "prlong.h" +#include "secutil.h" +#include <stdio.h> +#include <ctype.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#include "pkix_pl_generalname.h" + +/* see source file for function documentation */ + +PKIX_PL_Cert * +createCert( + char *dirName, + char *certFile, + void *plContext); + +PKIX_PL_CRL * +createCRL( + char *dirName, + char *crlFileName, + void *plContext); + +PKIX_TrustAnchor * +createTrustAnchor( + char *dirName, + char *taFileName, + PKIX_Boolean useCert, + void *plContext); + +PKIX_List * +createCertChain( + char *dirName, + char *firstCertFileName, + char *secondCertFileName, + void *plContext); + +PKIX_List * +createCertChainPlus( + char *dirName, + char *certNames[], + PKIX_PL_Cert *certs[], + PKIX_UInt32 numCerts, + void *plContext); + +PKIX_PL_Date * +createDate( + char *asciiDate, + void *plContext); + +PKIX_ProcessingParams * +createProcessingParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean isCrlEnabled, + void *plContext); + +PKIX_ValidateParams * +createValidateParams( + char *dirName, + char *firstAnchorFileName, + char *secondAnchorFileName, + char *dateAscii, + PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ + PKIX_Boolean initialPolicyMappingInhibit, + PKIX_Boolean initialAnyPolicyInhibit, + PKIX_Boolean initialExplicitPolicy, + PKIX_Boolean isCrlEnabled, + PKIX_List *chain, + void *plContext); + +PKIX_ValidateResult * +createValidateResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + void *plContext); + +PKIX_BuildResult * +createBuildResult( + char *dirName, + char *anchorFileName, + char *pubKeyCertFileName, + char *firstChainCertFileName, + char *secondChainCertFileName, + void *plContext); + +PKIX_PL_GeneralName * +createGeneralName( + PKIX_UInt32 nameType, + char *asciiName, + void *plContext); + +#ifdef __cplusplus +} +#endif + +#endif /* TESTUTIL_NSS_H */ |