From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/cmd/libpkix/pkix/Makefile | 46 + security/nss/cmd/libpkix/pkix/certsel/Makefile | 45 + security/nss/cmd/libpkix/pkix/certsel/manifest.mn | 22 + .../cmd/libpkix/pkix/certsel/test_certselector.c | 1677 ++++++++++++++++++++ .../libpkix/pkix/certsel/test_comcertselparams.c | 800 ++++++++++ security/nss/cmd/libpkix/pkix/checker/Makefile | 45 + security/nss/cmd/libpkix/pkix/checker/manifest.mn | 20 + .../libpkix/pkix/checker/test_certchainchecker.c | 185 +++ security/nss/cmd/libpkix/pkix/crlsel/Makefile | 45 + security/nss/cmd/libpkix/pkix/crlsel/manifest.mn | 22 + .../cmd/libpkix/pkix/crlsel/test_comcrlselparams.c | 406 +++++ .../nss/cmd/libpkix/pkix/crlsel/test_crlselector.c | 168 ++ security/nss/cmd/libpkix/pkix/manifest.mn | 11 + security/nss/cmd/libpkix/pkix/params/Makefile | 45 + security/nss/cmd/libpkix/pkix/params/manifest.mn | 24 + .../nss/cmd/libpkix/pkix/params/test_procparams.c | 478 ++++++ .../cmd/libpkix/pkix/params/test_resourcelimits.c | 99 ++ .../nss/cmd/libpkix/pkix/params/test_trustanchor.c | 251 +++ .../nss/cmd/libpkix/pkix/params/test_valparams.c | 261 +++ security/nss/cmd/libpkix/pkix/results/Makefile | 45 + security/nss/cmd/libpkix/pkix/results/manifest.mn | 24 + .../cmd/libpkix/pkix/results/test_buildresult.c | 212 +++ .../nss/cmd/libpkix/pkix/results/test_policynode.c | 612 +++++++ .../nss/cmd/libpkix/pkix/results/test_valresult.c | 199 +++ .../nss/cmd/libpkix/pkix/results/test_verifynode.c | 112 ++ security/nss/cmd/libpkix/pkix/store/Makefile | 45 + security/nss/cmd/libpkix/pkix/store/manifest.mn | 20 + security/nss/cmd/libpkix/pkix/store/test_store.c | 194 +++ security/nss/cmd/libpkix/pkix/top/Makefile | 45 + security/nss/cmd/libpkix/pkix/top/manifest.mn | 34 + .../nss/cmd/libpkix/pkix/top/test_basicchecker.c | 238 +++ .../pkix/top/test_basicconstraintschecker.c | 145 ++ .../nss/cmd/libpkix/pkix/top/test_buildchain.c | 418 +++++ .../pkix/top/test_buildchain_partialchain.c | 725 +++++++++ .../pkix/top/test_buildchain_resourcelimits.c | 438 +++++ .../libpkix/pkix/top/test_buildchain_uchecker.c | 327 ++++ .../cmd/libpkix/pkix/top/test_customcrlchecker.c | 435 +++++ .../pkix/top/test_defaultcrlchecker2stores.c | 230 +++ security/nss/cmd/libpkix/pkix/top/test_ocsp.c | 288 ++++ .../nss/cmd/libpkix/pkix/top/test_policychecker.c | 535 +++++++ .../cmd/libpkix/pkix/top/test_subjaltnamechecker.c | 261 +++ .../nss/cmd/libpkix/pkix/top/test_validatechain.c | 221 +++ .../cmd/libpkix/pkix/top/test_validatechain_NB.c | 351 ++++ .../cmd/libpkix/pkix/top/test_validatechain_bc.c | 233 +++ security/nss/cmd/libpkix/pkix/util/Makefile | 45 + security/nss/cmd/libpkix/pkix/util/manifest.mn | 24 + security/nss/cmd/libpkix/pkix/util/test_error.c | 385 +++++ security/nss/cmd/libpkix/pkix/util/test_list.c | 765 +++++++++ security/nss/cmd/libpkix/pkix/util/test_list2.c | 118 ++ security/nss/cmd/libpkix/pkix/util/test_logger.c | 314 ++++ 50 files changed, 12688 insertions(+) create mode 100644 security/nss/cmd/libpkix/pkix/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/certsel/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/certsel/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/certsel/test_certselector.c create mode 100644 security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c create mode 100644 security/nss/cmd/libpkix/pkix/checker/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/checker/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c create mode 100644 security/nss/cmd/libpkix/pkix/crlsel/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/crlsel/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c create mode 100644 security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c create mode 100644 security/nss/cmd/libpkix/pkix/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/params/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/params/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/params/test_procparams.c create mode 100644 security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c create mode 100644 security/nss/cmd/libpkix/pkix/params/test_trustanchor.c create mode 100644 security/nss/cmd/libpkix/pkix/params/test_valparams.c create mode 100644 security/nss/cmd/libpkix/pkix/results/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/results/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/results/test_buildresult.c create mode 100644 security/nss/cmd/libpkix/pkix/results/test_policynode.c create mode 100644 security/nss/cmd/libpkix/pkix/results/test_valresult.c create mode 100644 security/nss/cmd/libpkix/pkix/results/test_verifynode.c create mode 100644 security/nss/cmd/libpkix/pkix/store/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/store/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/store/test_store.c create mode 100644 security/nss/cmd/libpkix/pkix/top/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/top/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/top/test_basicchecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_buildchain.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_ocsp.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_policychecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_validatechain.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c create mode 100644 security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c create mode 100644 security/nss/cmd/libpkix/pkix/util/Makefile create mode 100644 security/nss/cmd/libpkix/pkix/util/manifest.mn create mode 100644 security/nss/cmd/libpkix/pkix/util/test_error.c create mode 100644 security/nss/cmd/libpkix/pkix/util/test_list.c create mode 100644 security/nss/cmd/libpkix/pkix/util/test_list2.c create mode 100644 security/nss/cmd/libpkix/pkix/util/test_logger.c (limited to 'security/nss/cmd/libpkix/pkix') diff --git a/security/nss/cmd/libpkix/pkix/Makefile b/security/nss/cmd/libpkix/pkix/Makefile new file mode 100644 index 0000000000..1de5ef2694 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk + diff --git a/security/nss/cmd/libpkix/pkix/certsel/Makefile b/security/nss/cmd/libpkix/pkix/certsel/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/certsel/manifest.mn b/security/nss/cmd/libpkix/pkix/certsel/manifest.mn new file mode 100644 index 0000000000..d9da6e1674 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_certselector.c \ + test_comcertselparams.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolcertsel +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c b/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c new file mode 100644 index 0000000000..1fde3739b8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/test_certselector.c @@ -0,0 +1,1677 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certselector.c + * + * Test Cert Selector + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS 5 +#define PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS 2 +#define PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS 2 +#define PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS 4 +#define PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS 1 + +static void *plContext = NULL; + +/* + * The first three certs are used to obtain policies to test + * policy matching. Changing the table could break tests. + */ +static char *certList[] = { +#define POLICY1CERT 0 + "GoodCACert.crt", +#define ANYPOLICYCERT 1 + "anyPolicyCACert.crt", +#define POLICY2CERT 2 + "PoliciesP12CACert.crt", +#define SUBJECTCERT 3 + "PoliciesP3CACert.crt", + "PoliciesP1234CACert.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint1CACert.crt", + "pathLenConstraint6CACert.crt", + "TrustAnchorRootCertificate.crt", + "GoodsubCACert.crt", + "AnyPolicyTest14EE.crt", + "UserNoticeQualifierTest16EE.crt" +}; +#define NUMCERTS (sizeof(certList) / sizeof(certList[0])) + +/* + * Following are Certs values for NameConstraints tests + * + * Cert0:nameConstraintsDN1subCA1Cert.crt: + * Subject:CN=nameConstraints DN1 subCA1,OU=permittedSubtree1, + * O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree2,OU=permittedSubtree1, + * O=Test Certificates,C=US) + * Excluded Name: (EMPTY) + * Cert1:nameConstraintsDN3subCA2Cert.crt: + * Subject:CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US + * Permitted Name:(O=Test Certificates,C=US) + * Excluded Name:(EMPTY) + * Cert2:nameConstraintsDN2CACert.crt + * Subject:CN=nameConstraints DN2 CA,O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US, + * OU=permittedSubtree2,O=Test Certificates,C=US) + * Excluded Name:(EMPTY) + * Cert3:nameConstraintsDN3subCA1Cert.crt + * Subject:CN=nameConstraints DN3 subCA1,O=Test Certificates,C=US + * Permitted Name:(EMPTY) + * Excluded Name:(OU=excludedSubtree2,O=Test Certificates,C=US) + * Cert4:nameConstraintsDN4CACert.crt + * Subject:CN=nameConstraints DN4 CA,O=Test Certificates,C=US + * Permitted Name:(EMPTY) + * Excluded Name:(OU=excludedSubtree1,O=Test Certificates,C=US, + * OU=excludedSubtree2,O=Test Certificates,C=US) + * Cert5:nameConstraintsDN5CACert.crt + * Subject:CN=nameConstraints DN5 CA,O=Test Certificates,C=US + * Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US) + * Excluded Name:(OU=excludedSubtree1,OU=permittedSubtree1, + * O=Test Certificates,C=US) + * Cert6:ValidDNnameConstraintsTest1EE.crt + * Subject:CN=Valid DN nameConstraints EE Certificate Test1, + * OU=permittedSubtree1,O=Test Certificates,C=US + * + */ +static char *ncCertList[] = { + "nameConstraintsDN1subCA1Cert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "nameConstraintsDN2CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "nameConstraintsDN4CACert.crt", + "nameConstraintsDN5CACert.crt", + "ValidDNnameConstraintsTest1EE.crt" +}; +#define NUMNCCERTS (sizeof(ncCertList) / sizeof(ncCertList[0])) + +static char *sanCertList[] = { + "InvalidDNnameConstraintsTest3EE.crt", + "InvalidDNSnameConstraintsTest38EE.crt" +}; +#define NUMSANCERTS (sizeof(sanCertList) / sizeof(sanCertList[0])) + +/* + * This function calls the CertSelector pointed to by "selector" for each + * cert in the List pointed to by "certs", and compares the results against + * the bit array given by the UInt32 "expectedResults". If the first cert is + * expected to pass, the lower-order bit of "expectedResults" should be 1. + * If the second cert is expected to pass, the second bit of "expectedResults" + * should be 1, and so on. If more than 32 certs are provided, only the first + * 32 will be checked. It is not an error to provide more bits than needed. + * (For example, if you expect every cert to pass, "expectedResult" can be + * set to 0xFFFFFFFF, even if the chain has fewer than 32 certs.) + */ +static void +testSelector( + PKIX_CertSelector *selector, + PKIX_List *certs, + PKIX_UInt32 expectedResults) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numCerts = 0; + PKIX_PL_Cert *cert = NULL; + PKIX_CertSelector_MatchCallback callback = NULL; + PKIX_Error *errReturn = NULL; + PKIX_Boolean result = PKIX_TRUE; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &callback, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + if (numCerts > 32) { + numCerts = 32; + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); + errReturn = callback(selector, cert, &result, plContext); + + if (errReturn || result == PKIX_FALSE) { + if ((expectedResults & 1) == 1) { + testError("selector unexpectedly failed"); + (void)printf(" processing cert:\t%d\n", i); + } + } else { + if ((expectedResults & 1) == 0) { + testError("selector unexpectedly passed"); + (void)printf(" processing cert:\t%d\n", i); + } + } + + expectedResults = expectedResults >> 1; + PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_DECREF_BC(errReturn); + } + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(errReturn); + + PKIX_TEST_RETURN(); +} + +/* + * This function gets a policy from the Cert pointed to by "cert", according + * to the index provided by "index", creates an immutable List containing the + * OID of that policy, and stores the result at "pPolicyList". + */ +static void +testGetPolicyFromCert( + PKIX_PL_Cert *cert, + PKIX_UInt32 index, + PKIX_List **pPolicyList) +{ + PKIX_List *policyInfo = NULL; + PKIX_PL_CertPolicyInfo *firstPolicy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *list = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &policyInfo, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(policyInfo, + index, + (PKIX_PL_Object **)&firstPolicy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(firstPolicy, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext)); + + *pPolicyList = list; + +cleanup: + + PKIX_TEST_DECREF_AC(policyInfo); + PKIX_TEST_DECREF_AC(firstPolicy); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +/* + * This custom matchCallback will pass any Certificate which has no + * CertificatePolicies extension and any Certificate whose Policies + * extension include a CertPolicyQualifier. + */ +static PKIX_Error * +custom_CertSelector_MatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_List *certPolicies = NULL; + PKIX_List *quals = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(policy, &quals, plContext)); + if (quals) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); + } + PKIX_TEST_DECREF_BC(certPolicies); + *pResult = PKIX_FALSE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, + &error, + plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(quals); + + return (error); +} + +/* + * This custom matchCallback will pass any Certificate whose + * CertificatePolicies extension asserts the Policy specified by + * the OID in the CertSelectorContext object. + */ +static PKIX_Error * +custom_CertSelector_MatchOIDCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_Boolean match = PKIX_FALSE; + PKIX_PL_Object *certSelectorContext = NULL; + PKIX_PL_OID *constraintOID = NULL; + PKIX_List *certPolicies = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_PL_String *errorDesc = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext(selector, &certSelectorContext, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(certSelectorContext, PKIX_OID_TYPE, plContext)); + + constraintOID = (PKIX_PL_OID *)certSelectorContext; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(policy, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)policyOID, + (PKIX_PL_Object *)constraintOID, + &match, + plContext)); + + if (match) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); + PKIX_TEST_DECREF_BC(policyOID); + } + } + + PKIX_TEST_DECREF_BC(certSelectorContext); + PKIX_TEST_DECREF_BC(certPolicies); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTNOMATCHINGPOLICY, + &error, + plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(certSelectorContext); + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(errorDesc); + + return (error); +} + +static void +testSubjectMatch( + PKIX_List *certs, + PKIX_PL_Cert *certNameToMatch) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *subjParams = NULL; + PKIX_PL_X500Name *subjectName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Subject name match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext)); + testSelector(selector, certs, 0x008); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(subjParams); + PKIX_TEST_DECREF_AC(subjectName); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraintsMatch( + PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *bcParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic Constraints match"); + subTest(" pathLenContraint = -2: pass only EE's"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&bcParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xC00); + + subTest(" pathLenContraint = -1: pass all certs"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xFFF); + + subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x3DF); + + subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x39F); + +cleanup: + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(bcParams); + + PKIX_TEST_RETURN(); +} + +static void +testPolicyMatch( + PKIX_List *certs, + PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */ + PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */ + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +{ + PKIX_CertSelector *selector = NULL; + PKIX_List *emptyList = NULL; /* no members */ + PKIX_List *policy1List = NULL; /* OIDs */ + PKIX_List *policy2List = NULL; /* OIDs */ + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_ComCertSelParams *polParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Policy match"); + testGetPolicyFromCert(NIST1Cert, 0, &policy1List); + testGetPolicyFromCert(NIST2Cert, 1, &policy2List); + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + + subTest(" Pass certs with any CertificatePolicies extension"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEFF); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy1List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEF5); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy2List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x814); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy anyPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, anyPolicyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x002); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(emptyList); + PKIX_TEST_DECREF_AC(policy1List); + PKIX_TEST_DECREF_AC(policy2List); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(polParams); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateMatch( + PKIX_List *certs, + PKIX_PL_Cert *certToMatch) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Certificate match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(params, certToMatch, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0x008); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + + PKIX_TEST_RETURN(); +} + +static void +testNameConstraintsMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL; + PKIX_UInt32 numCerts = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test NameConstraints Cert Selector"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 0, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 1, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 2, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 3, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 4, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 5, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted NONE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints1, plContext)); + testSelector(selector, certs, 0x0); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted ALL"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing permitted TWO"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints3, plContext)); + testSelector(selector, certs, 0x0041); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints1, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints3, plContext)); + testSelector(selector, certs, 0x41); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(permitNameConstraints1); + PKIX_TEST_DECREF_AC(permitNameConstraints2); + PKIX_TEST_DECREF_AC(permitNameConstraints3); + PKIX_TEST_DECREF_AC(excludeNameConstraints1); + PKIX_TEST_DECREF_AC(excludeNameConstraints2); + PKIX_TEST_DECREF_AC(excludeNameConstraints3); + + PKIX_TEST_RETURN(); +} + +static void +testPathToNamesMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test PathToName Cert Selector"); + + subTest(" PKIX_PL_GeneralName List create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=NotATest Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting THREE"); + testSelector(selector, certs, 0x58); + + subTest(" Remove directory name "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x5F); + + subTest(" Remove directory name "); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" Only directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + + subTest(" PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + PKIX_TEST_DECREF_BC(nameList); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE " + "Certificate Test1,OU=permittedSubtree1," + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x7e); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x58); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(nameList); + + PKIX_TEST_RETURN(); +} + +static void +testSubjAltNamesMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test SubjAltNames Cert Selector"); + + subTest(" PKIX_PL_GeneralName List create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name "); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "CN=Invalid DN nameConstraints EE Certificate Test3," + "OU=excludedSubtree1,O=Test Certificates,C=US", + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(params, nameList, plContext)); + + PKIX_TEST_DECREF_BC(name); + PKIX_TEST_DECREF_BC(nameList); + + subTest(" Permitting ONE"); + testSelector(selector, certs, 0x1); + + subTest(" Add DNS name "); + name = createGeneralName(PKIX_DNS_NAME, + "mytestcertificates.gov", + plContext); + + subTest(" PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting NONE"); + testSelector(selector, certs, 0x0); + + subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(params, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Permitting TWO"); + testSelector(selector, certs, 0x3); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(name); + PKIX_TEST_DECREF_AC(nameList); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateValidMatch( + PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_String *stringRep = NULL; + PKIX_PL_Date *testDate = NULL; + char *asciiRep = "050501000000Z"; + + PKIX_TEST_STD_VARS(); + + subTest("CertificateValid match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(params, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0xFFFFFFFF); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); + + PKIX_TEST_RETURN(); +} + +static void +test_customCallback1(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("custom matchCallback"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchCallback, + NULL, + &selector, + plContext)); + + testSelector(selector, certs, 0x900); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +test_customCallback2(PKIX_List *certs, + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +{ + PKIX_CertSelector *selector = NULL; + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_PL_OID *policyOID = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("custom matchCallback with CertSelectorContext"); + + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchOIDCallback, + (PKIX_PL_Object *)policyOID, + &selector, + plContext)); + + testSelector(selector, certs, (1 << ANYPOLICYCERT)); + +cleanup: + + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +static void +testExtendedKeyUsageMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *ekuOidList = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Extended KeyUsage Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest(" Create Extended Key Usage OID List"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.2", &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.3", &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + + subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, ekuOidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuOidList); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testKeyUsageMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test KeyUsage Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest(" PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, PKIX_CRL_SIGN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testCertValidMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_Date *validDate = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test CertValid Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + validDate = createDate("050601000000Z", plContext); + + subTest(" PKIX_ComCertSelParams_SetCertificateValid"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, validDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(validDate); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testIssuerMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_PL_String *issuerStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + char *issuerName = "CN=science,O=mit,C=US"; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Issuer Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerStr, &issuer, plContext)); + + subTest(" PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, issuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(issuer); + PKIX_TEST_DECREF_AC(issuerStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testSerialNumberVersionMatch(char *certDir) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_BigInt *serialNumber = NULL; + PKIX_PL_String *serialNumberStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test Serial Number Cert Selector"); + + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(serialNumberStr, &serialNumber, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, serialNumber, plContext)); + + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); + + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + PKIX_TEST_DECREF_BC(certList); + + if (numCert != 0) { + pkixTestErrorMsg = "unexpected Version mismatch"; + } + + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); + + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Serial Number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(serialNumber); + PKIX_TEST_DECREF_AC(serialNumberStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testSubjKeyIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selSubjKeyId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Key Id Cert Selector"); + + item = 2; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &selSubjKeyId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(params, selSubjKeyId, plContext)); + + subTest(" Select One"); + testSelector(selector, certs, 1 << item); + +cleanup: + + PKIX_TEST_DECREF_AC(selSubjKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testAuthKeyIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selAuthKeyId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Auth Key Id Cert Selector"); + + item = 3; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &selAuthKeyId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(params, selAuthKeyId, plContext)); + + subTest(" Select TWO"); + testSelector(selector, certs, (1 << item) | (1 << 1)); + +cleanup: + + PKIX_TEST_DECREF_AC(selAuthKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testSubjPKAlgIdMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_OID *selAlgId = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Public Key Algorithm Id Cert Selector"); + + item = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(cert, &selAlgId, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(params, selAlgId, plContext)); + + subTest(" Select All"); + testSelector(selector, certs, 0x7F); + +cleanup: + + PKIX_TEST_DECREF_AC(selAlgId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +testSubjPublicKeyMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_PublicKey *selPublicKey = NULL; + PKIX_UInt32 item = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test Subject Public Key Cert Selector"); + + item = 5; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); + + subTest(" PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &selPublicKey, plContext)); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(params, selPublicKey, plContext)); + + subTest(" Select ONE"); + testSelector(selector, certs, 1 << item); + +cleanup: + + PKIX_TEST_DECREF_AC(selPublicKey); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + + PKIX_TEST_RETURN(); +} + +static void +test_CertSelector_Duplicate(PKIX_CertSelector *selector) +{ + PKIX_Int32 goodBasicConstraints = 0; + PKIX_Int32 equalBasicConstraints = 0; + PKIX_CertSelector *dupSelector = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_CertSelector_MatchCallback goodCallback = NULL; + PKIX_CertSelector_MatchCallback equalCallback = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_List *goodPolicy = NULL; + PKIX_List *equalPolicy = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test_CertSelector_Duplicate"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)selector, + (PKIX_PL_Object **)&dupSelector, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(selector, &goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(dupSelector, &equalParams, plContext)); + /* There is no equals function, so look at components separately. */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + if (goodSubject && equalSubject) { + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodSubject, equalSubject) { + pkixTestErrorMsg = "Subject Names are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicy, plContext)); + if (goodPolicy && equalPolicy) { + testEqualsHelper((PKIX_PL_Object *)goodPolicy, + (PKIX_PL_Object *)equalPolicy, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodPolicy, equalPolicy) { + pkixTestErrorMsg = "Policy Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodCert, equalCert) { + pkixTestErrorMsg = "Cert Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + } else { + if PKIX_EXACTLY_ONE_NULL (goodDate, equalDate) { + pkixTestErrorMsg = "Date Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalBasicConstraints, plContext)); + if (goodBasicConstraints != equalBasicConstraints) { + pkixTestErrorMsg = "BasicConstraints are not equal!"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &goodCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(dupSelector, &equalCallback, plContext)); + if (goodCallback != equalCallback) { + pkixTestErrorMsg = "MatchCallbacks are not equal!"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dupSelector); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(goodDate); + PKIX_TEST_DECREF_AC(equalDate); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_certselector \n\n"); +} + +int +test_certselector(int argc, char *argv[]) +{ + + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + + PKIX_CertSelector *emptySelector = NULL; + PKIX_List *certs = NULL; + PKIX_List *nameConstraintsCerts = NULL; + PKIX_List *subjAltNamesCerts = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *policy1Cert = NULL; + PKIX_PL_Cert *policy2Cert = NULL; + PKIX_PL_Cert *anyPolicyCert = NULL; + PKIX_PL_Cert *subjectCert = NULL; + PKIX_ComCertSelParams *selParams = NULL; + char *certDir = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("CertSelector"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3) { + printUsage(); + return (0); + } + + dirName = argv[j + 1]; + certDir = argv[j + 3]; + + /* Create a List of certs to use in testing the selector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); + + for (i = 0; i < NUMCERTS; i++) { + + cert = createCert(dirName, certList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)cert, plContext)); + if (i == POLICY1CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy1Cert = cert; + } + if (i == ANYPOLICYCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + anyPolicyCert = cert; + } + if (i == POLICY2CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy2Cert = cert; + } + if (i == SUBJECTCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + subjectCert = cert; + } + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameConstraintsCerts, plContext)); + + for (i = 0; i < NUMNCCERTS; i++) { + + cert = createCert(dirName, ncCertList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameConstraintsCerts, + (PKIX_PL_Object *)cert, + plContext)); + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&subjAltNamesCerts, plContext)); + + for (i = 0; i < NUMSANCERTS; i++) { + + cert = createCert(dirName, sanCertList[i], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(subjAltNamesCerts, + (PKIX_PL_Object *)cert, + plContext)); + + PKIX_TEST_DECREF_BC(cert); + } + + subTest("test_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &emptySelector, plContext)); + + subTest("Default Match, no parameters set"); + testSelector(emptySelector, certs, 0xFFFFFFFF); + + testSubjectMatch(certs, subjectCert); + + testBasicConstraintsMatch(certs); + + testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert); + + testCertificateMatch(certs, subjectCert); + + testCertificateValidMatch(certs); + + subTest("Combination: pass only EE certs that assert some policy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(selParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(emptySelector, selParams, plContext)); + testSelector(emptySelector, certs, 0xC00); + + testNameConstraintsMatch(nameConstraintsCerts); + + testPathToNamesMatch(nameConstraintsCerts); + + testSubjAltNamesMatch(subjAltNamesCerts); + + testExtendedKeyUsageMatch(certDir); + + testKeyUsageMatch(certDir); + + testIssuerMatch(certDir); + + testSerialNumberVersionMatch(certDir); + + testCertValidMatch(certDir); + + testSubjKeyIdMatch(nameConstraintsCerts); + + testAuthKeyIdMatch(nameConstraintsCerts); + + testSubjPKAlgIdMatch(nameConstraintsCerts); + + testSubjPublicKeyMatch(nameConstraintsCerts); + + test_CertSelector_Duplicate(emptySelector); + + test_customCallback1(certs); + + test_customCallback2(certs, anyPolicyCert); + + subTest("test_CertSelector_Destroy"); + + PKIX_TEST_DECREF_BC(emptySelector); + +cleanup: + + PKIX_TEST_DECREF_AC(emptySelector); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(policy1Cert); + PKIX_TEST_DECREF_AC(policy2Cert); + PKIX_TEST_DECREF_AC(anyPolicyCert); + PKIX_TEST_DECREF_AC(subjectCert); + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(nameConstraintsCerts); + PKIX_TEST_DECREF_AC(subjAltNamesCerts); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertSelector"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c new file mode 100644 index 0000000000..57f192a42f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c @@ -0,0 +1,800 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_comcertselparams.c + * + * Test Common Cert Selector Params + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numInfos = 0; + PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *certPolicies = NULL; + + PKIX_TEST_STD_VARS(); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + if (certPolicyInfos) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext)); + } + + if (numInfos > 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext)); + } + for (i = 0; i < numInfos; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos, + i, + (PKIX_PL_Object **)&certPolicyInfo, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext)); + PKIX_TEST_DECREF_BC(certPolicyInfo); + PKIX_TEST_DECREF_BC(policyOID); + } + + *pPolicyOIDs = certPolicies; + +cleanup: + + PKIX_TEST_DECREF_AC(certPolicyInfo); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +static void +test_NameConstraints(char *dirName) +{ + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_CertNameConstraints *getNameConstraints = NULL; + PKIX_PL_CertNameConstraints *setNameConstraints = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + char *expectedAscii = + "[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US, OU=permittedSubtree2," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (EMPTY)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create Cert for NameConstraints test"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext)); + + subTest("Compare NameConstraints"); + testEqualsHelper((PKIX_PL_Object *)setNameConstraints, + (PKIX_PL_Object *)getNameConstraints, + PKIX_TRUE, + plContext); + + subTest("Compare NameConstraints with canned string"); + testToStringHelper((PKIX_PL_Object *)getNameConstraints, + expectedAscii, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(getNameConstraints); + PKIX_TEST_DECREF_AC(setNameConstraints); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_PathToNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAltNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + PKIX_Boolean matchAll = PKIX_TRUE; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + + subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_TRUE) { + testError("unexpected mismatch "); + } + + subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_FALSE) { + testError("unexpected mismatch "); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_KeyUsages(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *setExtKeyUsage = NULL; + PKIX_List *getExtKeyUsage = NULL; + PKIX_UInt32 getKeyUsage = 0; + PKIX_UInt32 setKeyUsage = 0x1FF; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); + + if (setKeyUsage != getKeyUsage) { + testError("unexpected KeyUsage mismatch "); + } + + subTest("PKIX_PL_OID List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, + (PKIX_PL_Object *)getExtKeyUsage, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected ExtKeyUsage mismatch "); + } + +cleanup: + + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(setExtKeyUsage); + PKIX_TEST_DECREF_AC(getExtKeyUsage); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_Version_Issuer_SerialNumber(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_UInt32 version = 0; + PKIX_PL_X500Name *setIssuer = NULL; + PKIX_PL_X500Name *getIssuer = NULL; + PKIX_PL_String *str = NULL; + PKIX_PL_BigInt *setSerialNumber = NULL; + PKIX_PL_BigInt *getSerialNumber = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + char *bigInt = "999999999999999999"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + /* Version */ + subTest("PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); + + subTest("PKIX_ComCertSelParams_GetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); + + if (version != 2) { + testError("unexpected Version mismatch "); + } + + /* Issuer */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); + + PKIX_TEST_DECREF_BC(str); + + subTest("PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); + + subTest("PKIX_ComCertSelParams_GetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, + (PKIX_PL_Object *)getIssuer, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Issuer mismatch "); + } + + /* Serial Number */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_GetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, + (PKIX_PL_Object *)getSerialNumber, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Serial Number mismatch "); + } + +cleanup: + + PKIX_TEST_DECREF_AC(str); + PKIX_TEST_DECREF_AC(setIssuer); + PKIX_TEST_DECREF_AC(getIssuer); + PKIX_TEST_DECREF_AC(setSerialNumber); + PKIX_TEST_DECREF_AC(getSerialNumber); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjKeyId_AuthKeyId(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_ByteArray *setKeyId = NULL; + PKIX_PL_ByteArray *getKeyId = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Key Id mismatch "); + } + + PKIX_TEST_DECREF_BC(setKeyId); + PKIX_TEST_DECREF_BC(getKeyId); + + /* Authority Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Auth Key Id mismatch "); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setKeyId); + PKIX_TEST_DECREF_AC(getKeyId); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAlgId_SubjPublicKey(char *dirName) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *setAlgId = NULL; + PKIX_PL_OID *getAlgId = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_PublicKey *setPublicKey = NULL; + PKIX_PL_PublicKey *getPublicKey = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Algorithm Identifier */ + subTest("PKIX_PL_OID_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, + (PKIX_PL_Object *)getAlgId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key Alg mismatch " + ""); + } + + /* Subject Public Key */ + subTest("Getting Cert for Subject Public Key"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, + (PKIX_PL_Object *)getPublicKey, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key mismatch " + ""); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setAlgId); + PKIX_TEST_DECREF_AC(getAlgId); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(setPublicKey); + PKIX_TEST_DECREF_AC(getPublicKey); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_comcertselparams \n\n"); +} + +int +test_comcertselparams(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_PL_Cert *testCert = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ + PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ + + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_PL_X500Name *diffSubject = NULL; + PKIX_PL_X500Name *testSubject = NULL; + PKIX_Int32 goodMinPathLength = 0; + PKIX_Int32 equalMinPathLength = 0; + PKIX_Int32 diffMinPathLength = 0; + PKIX_Int32 testMinPathLength = 0; + PKIX_List *goodPolicies = NULL; /* OIDs */ + PKIX_List *equalPolicies = NULL; /* OIDs */ + PKIX_List *testPolicies = NULL; /* OIDs */ + PKIX_List *cert2Policies = NULL; /* OIDs */ + + PKIX_PL_Date *testDate = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + PKIX_PL_String *stringRep = NULL; + char *asciiRep = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 2) { + printUsage(); + return (0); + } + + startTests("ComCertSelParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[j + 1]; + + asciiRep = "050501000000Z"; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + + testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + test_CreateOIDList(testPolicyInfos, &testPolicies); + + subTest("Create goodParams and set its fields"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); + + subTest("Duplicate goodParams and verify copy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, + (PKIX_PL_Object **)&equalParams, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + + if (goodMinPathLength != equalMinPathLength) { + testError("unexpected mismatch"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + + PKIX_TEST_DECREF_BC(equalSubject); + PKIX_TEST_DECREF_BC(equalPolicies); + PKIX_TEST_DECREF_BC(equalCert); + PKIX_TEST_DECREF_AC(equalDate); + + subTest("Set different values and verify differences"); + + diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); + test_CreateOIDList(cert2PolicyInfos, &cert2Policies); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( + equalParams, diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_FALSE, + plContext); + + if (goodMinPathLength == equalMinPathLength) { + testError("unexpected match"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_FALSE, + plContext); + + test_NameConstraints(dirName); + test_PathToNames(); + test_SubjAltNames(); + test_KeyUsages(); + test_Version_Issuer_SerialNumber(); + test_SubjKeyId_AuthKeyId(); + test_SubjAlgId_SubjPublicKey(dirName); + +cleanup: + + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(diffSubject); + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodPolicies); + PKIX_TEST_DECREF_AC(equalPolicies); + PKIX_TEST_DECREF_AC(testPolicies); + PKIX_TEST_DECREF_AC(cert2Policies); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_DECREF_AC(testCert); + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + PKIX_TEST_DECREF_AC(testPolicyInfos); + PKIX_TEST_DECREF_AC(cert2PolicyInfos); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(goodDate); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ComCertSelParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/checker/Makefile b/security/nss/cmd/libpkix/pkix/checker/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/checker/manifest.mn b/security/nss/cmd/libpkix/pkix/checker/manifest.mn new file mode 100644 index 0000000000..54e1486e68 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/manifest.mn @@ -0,0 +1,20 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_certchainchecker.c + +LIBRARY_NAME = pkixtoolchecker +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c new file mode 100644 index 0000000000..5fab3a6920 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c @@ -0,0 +1,185 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certchainchecker.c + * + * Test Cert Chain Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +dummyChecker_Check( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, + void **pNBIOContext, + void *plContext) +{ + goto cleanup; + +cleanup: + + return (NULL); +} + +static void +test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original) +{ + PKIX_Boolean originalForward = PKIX_FALSE; + PKIX_Boolean copyForward = PKIX_FALSE; + PKIX_Boolean originalForwardDir = PKIX_FALSE; + PKIX_Boolean copyForwardDir = PKIX_FALSE; + PKIX_CertChainChecker *copy = NULL; + PKIX_CertChainChecker_CheckCallback originalCallback = NULL; + PKIX_CertChainChecker_CheckCallback copyCallback = NULL; + PKIX_PL_Object *originalState = NULL; + PKIX_PL_Object *copyState = NULL; + PKIX_List *originalList = NULL; + PKIX_List *copyList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("CertChainChecker_Duplicate"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)original, + (PKIX_PL_Object **)©, + plContext)); + + subTest("CertChainChecker_GetCheckCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(original, &originalCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(copy, ©Callback, plContext)); + if (originalCallback != copyCallback) { + pkixTestErrorMsg = "CheckCallback functions are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardCheckingSupported"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(original, &originalForward, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(copy, ©Forward, plContext)); + if (originalForward != copyForward) { + pkixTestErrorMsg = "ForwardChecking booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardDirectionExpected"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(original, &originalForwardDir, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(copy, ©ForwardDir, plContext)); + if (originalForwardDir != copyForwardDir) { + pkixTestErrorMsg = "ForwardDirection booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_GetCertChainCheckerState"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(original, &originalState, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(copy, ©State, plContext)); + testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext); + + subTest("CertChainChecker_GetSupportedExtensions"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(original, &originalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(copy, ©List, plContext)); + testEqualsHelper((PKIX_PL_Object *)originalList, + (PKIX_PL_Object *)copyList, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(copy); + PKIX_TEST_DECREF_AC(originalState); + PKIX_TEST_DECREF_AC(copyState); + PKIX_TEST_DECREF_AC(originalList); + PKIX_TEST_DECREF_AC(copyList); + + PKIX_TEST_RETURN(); +} + +int +test_certchainchecker(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_PL_OID *bcOID = NULL; + PKIX_PL_OID *ncOID = NULL; + PKIX_PL_OID *cpOID = NULL; + PKIX_PL_OID *pmOID = NULL; + PKIX_PL_OID *pcOID = NULL; + PKIX_PL_OID *iaOID = NULL; + PKIX_CertChainChecker *dummyChecker = NULL; + PKIX_List *supportedExtensions = NULL; + PKIX_PL_Object *initialState = NULL; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("CertChainChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&supportedExtensions, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext)); + + PKIX_TEST_DECREF_BC(bcOID); + PKIX_TEST_DECREF_BC(ncOID); + PKIX_TEST_DECREF_BC(cpOID); + PKIX_TEST_DECREF_BC(pmOID); + PKIX_TEST_DECREF_BC(pcOID); + PKIX_TEST_DECREF_BC(iaOID); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)supportedExtensions, plContext)); + + initialState = (PKIX_PL_Object *)supportedExtensions; + + subTest("CertChainChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */ + PKIX_FALSE, /* forwardCheckingSupported */ + PKIX_FALSE, /* forwardDirectionExpected */ + supportedExtensions, + NULL, /* PKIX_PL_Object *initialState */ + &dummyChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_SetCertChainCheckerState(dummyChecker, initialState, plContext)); + + test_CertChainChecker_Duplicate(dummyChecker); + + subTest("CertChainChecker_Destroy"); + PKIX_TEST_DECREF_BC(dummyChecker); + +cleanup: + + PKIX_TEST_DECREF_AC(dummyChecker); + PKIX_TEST_DECREF_AC(initialState); + PKIX_TEST_DECREF_AC(supportedExtensions); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertChainChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/crlsel/Makefile b/security/nss/cmd/libpkix/pkix/crlsel/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn b/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn new file mode 100644 index 0000000000..3b13298aa6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_crlselector.c \ + test_comcrlselparams.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolcrlsel +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c b/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c new file mode 100644 index 0000000000..fcc5ef5a33 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c @@ -0,0 +1,406 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_comcrlselparams.c + * + * Test ComCRLSelParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testIssuer(PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_String *issuer1String = NULL; + PKIX_PL_String *issuer2String = NULL; + PKIX_PL_String *issuer3String = NULL; + PKIX_PL_X500Name *issuerName1 = NULL; + PKIX_PL_X500Name *issuerName2 = NULL; + PKIX_PL_X500Name *issuerName3 = NULL; + PKIX_List *setIssuerList = NULL; + PKIX_List *getIssuerList = NULL; + PKIX_PL_String *issuerListString = NULL; + char *name1 = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; + char *name2 = "CN=richard,OU=bcn,OU=east,O=sun,C=us"; + char *name3 = "CN=hanfei,OU=bcn,OU=east,O=sun,C=us"; + PKIX_Int32 length; + PKIX_Boolean result = PKIX_FALSE; + char *expectedAscii = + "(CN=yassir,OU=bcn,OU=east,O=sun," + "C=us, CN=richard,OU=bcn,OU=east,O=sun,C=us, " + "CN=hanfei,OU=bcn,OU=east,O=sun,C=us)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams Create Issuers"); + + length = PL_strlen(name1); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name1, + length, + &issuer1String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer1String, + &issuerName1, + plContext)); + + length = PL_strlen(name2); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name2, + length, + &issuer2String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer2String, + &issuerName2, + plContext)); + + length = PL_strlen(name3); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + name3, + length, + &issuer3String, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer3String, + &issuerName3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList, + (PKIX_PL_Object *)issuerName1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList, + (PKIX_PL_Object *)issuerName2, + plContext)); + + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + /* Test adding an issuer to an empty list */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + /* DECREF for GetIssuerNames */ + PKIX_TEST_DECREF_BC(getIssuerList); + /* DECREF for AddIssuerName so next SetIssuerName start clean */ + PKIX_TEST_DECREF_BC(getIssuerList); + + /* Test setting issuer names on the list */ + subTest("PKIX_ComCRLSelParams_SetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(goodObject, setIssuerList, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuerList, + (PKIX_PL_Object *)getIssuerList, + &result, + plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Issuers mismatch"; + } + + /* Test adding an issuer to existing list */ + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext)); + + subTest("PKIX_ComCRLSelParams_GetIssuerNames"); + PKIX_TEST_DECREF_BC(getIssuerList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)getIssuerList, + &issuerListString, + plContext)); + + testToStringHelper((PKIX_PL_Object *)getIssuerList, + expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(issuer1String); + PKIX_TEST_DECREF_AC(issuer2String); + PKIX_TEST_DECREF_AC(issuer3String); + PKIX_TEST_DECREF_AC(issuerListString); + PKIX_TEST_DECREF_AC(issuerName1); + PKIX_TEST_DECREF_AC(issuerName2); + PKIX_TEST_DECREF_AC(issuerName3); + PKIX_TEST_DECREF_AC(setIssuerList); + PKIX_TEST_DECREF_AC(getIssuerList); + + PKIX_TEST_RETURN(); +} + +static void +testCertificateChecking( + char *dataCentralDir, + char *goodInput, + PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_Cert *setCert = NULL; + PKIX_PL_Cert *getCert = NULL; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("Test CertificateChecking Cert Create"); + setCert = createCert(dataCentralDir, goodInput, plContext); + if (setCert == NULL) { + pkixTestErrorMsg = "create certificate failed"; + goto cleanup; + } + + subTest("PKIX_ComCRLSelParams_SetCertificateChecking"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetCertificateChecking(goodObject, setCert, plContext)); + + subTest("PKIX_ComCRLSelParams_GetCertificateChecking"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetCertificateChecking(goodObject, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setCert, + (PKIX_PL_Object *)getCert, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Cert mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setCert); + PKIX_TEST_DECREF_AC(getCert); + + PKIX_TEST_RETURN(); +} + +static void +testDateAndTime(PKIX_ComCRLSelParams *goodObject) +{ + + PKIX_PL_Date *setDate = NULL; + PKIX_PL_Date *getDate = NULL; + char *asciiDate = "040329134847Z"; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Date Create"); + setDate = createDate(asciiDate, plContext); + + subTest("PKIX_ComCRLSelParams_SetDateAndTime"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(goodObject, setDate, plContext)); + + subTest("PKIX_ComCRLSelParams_GetDateAndTime"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetDateAndTime(goodObject, &getDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setDate, + (PKIX_PL_Object *)getDate, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected DateAndTime mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(getDate); + + PKIX_TEST_RETURN(); +} + +static void +testMaxMinCRLNumbers(PKIX_ComCRLSelParams *goodObject) +{ + PKIX_PL_BigInt *setMaxCrlNumber = NULL; + PKIX_PL_BigInt *getMaxCrlNumber = NULL; + PKIX_PL_BigInt *setMinCrlNumber = NULL; + PKIX_PL_BigInt *getMinCrlNumber = NULL; + char *asciiCrlNumber1 = "01"; + char *asciiCrlNumber99999 = "0909090909"; + PKIX_PL_String *crlNumber1String = NULL; + PKIX_PL_String *crlNumber99999String = NULL; + + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_SetMinCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + asciiCrlNumber1, + PL_strlen(asciiCrlNumber1), + &crlNumber1String, + NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber1String, &setMinCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMinCRLNumber(goodObject, setMinCrlNumber, NULL)); + + subTest("PKIX_ComCRLSelParams_GetMinCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMinCRLNumber(goodObject, &getMinCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMinCrlNumber, + (PKIX_PL_Object *)getMinCrlNumber, + &result, NULL)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Minimum CRL Number mismatch"; + } + + subTest("PKIX_ComCRLSelParams_SetMaxCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + asciiCrlNumber99999, + PL_strlen(asciiCrlNumber99999), + &crlNumber99999String, + NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber99999String, &setMaxCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMaxCRLNumber(goodObject, setMaxCrlNumber, NULL)); + + subTest("PKIX_ComCRLSelParams_GetMaxCRLNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMaxCRLNumber(goodObject, &getMaxCrlNumber, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMaxCrlNumber, + (PKIX_PL_Object *)getMaxCrlNumber, + &result, NULL)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = "unexpected Maximum CRL Number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(setMaxCrlNumber); + PKIX_TEST_DECREF_AC(getMaxCrlNumber); + PKIX_TEST_DECREF_AC(setMinCrlNumber); + PKIX_TEST_DECREF_AC(getMinCrlNumber); + PKIX_TEST_DECREF_AC(crlNumber1String); + PKIX_TEST_DECREF_AC(crlNumber99999String); + + PKIX_TEST_RETURN(); +} + +static void +testDuplicate(PKIX_ComCRLSelParams *goodObject) +{ + + PKIX_ComCRLSelParams *dupObject = NULL; + PKIX_Boolean result = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Duplicate"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodObject, + (PKIX_PL_Object **)&dupObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)goodObject, + (PKIX_PL_Object *)dupObject, + &result, plContext)); + + if (result != PKIX_TRUE) { + pkixTestErrorMsg = + "unexpected Duplicate ComCRLSelParams mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dupObject); + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +/* Functional tests for ComCRLSelParams public functions */ + +int +test_comcrlselparams(int argc, char *argv[]) +{ + + char *dataCentralDir = NULL; + char *goodInput = "yassir2yassir"; + PKIX_ComCRLSelParams *goodObject = NULL; + PKIX_ComCRLSelParams *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("ComCRLSelParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dataCentralDir = argv[j + 1]; + + subTest("PKIX_ComCRLSelParams_Create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&goodObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&diffObject, + plContext)); + + testIssuer(goodObject); + + testCertificateChecking(dataCentralDir, goodInput, goodObject); + + testDateAndTime(goodObject); + + testMaxMinCRLNumbers(goodObject); + + testDuplicate(goodObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + goodObject, + diffObject, + NULL, + ComCRLSelParams, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ComCRLSelParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c b/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c new file mode 100644 index 0000000000..f17406be5d --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c @@ -0,0 +1,168 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_crlselector.c + * + * Test CRLSelector Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testGetMatchCallback(PKIX_CRLSelector *goodObject) +{ + PKIX_CRLSelector_MatchCallback mCallback = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testGetMatchCallback"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetMatchCallback(goodObject, &mCallback, plContext)); + + if (mCallback == NULL) { + pkixTestErrorMsg = "MatchCallback is NULL"; + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetCRLSelectorContext(PKIX_CRLSelector *goodObject) +{ + PKIX_PL_Object *context = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testGetCRLSelectorContext"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCRLSelectorContext(goodObject, (void *)&context, plContext)); + + if (context == NULL) { + pkixTestErrorMsg = "CRLSelectorContext is NULL"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(context); + PKIX_TEST_RETURN(); +} + +static void +testCommonCRLSelectorParams(PKIX_CRLSelector *goodObject) +{ + PKIX_ComCRLSelParams *setParams = NULL; + PKIX_ComCRLSelParams *getParams = NULL; + PKIX_PL_Date *setDate = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&setParams, + plContext)); + + subTest("PKIX_ComCRLSelParams_Date Create"); + + setDate = createDate(asciiDate, plContext); + + subTest("PKIX_ComCRLSelParams_SetDateAndTime"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(setParams, setDate, plContext)); + + subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams( + goodObject, setParams, plContext)); + + subTest("PKIX_CRLSelector_GetCommonCRLSelectorParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams( + goodObject, &getParams, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setParams, + (PKIX_PL_Object *)getParams, + PKIX_TRUE, + plContext); + + testHashcodeHelper((PKIX_PL_Object *)setParams, + (PKIX_PL_Object *)getParams, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(setParams); + PKIX_TEST_DECREF_AC(getParams); + + PKIX_TEST_RETURN(); +} + +/* Functional tests for CRLSelector public functions */ + +int +test_crlselector(int argc, char *argv[]) +{ + + PKIX_PL_Date *context = NULL; + PKIX_CRLSelector *goodObject = NULL; + PKIX_CRLSelector *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + + startTests("CRLSelector"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + context = createDate(asciiDate, plContext); + + subTest("PKIX_CRLSelector_Create"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, + (PKIX_PL_Object *)context, + &goodObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, + (PKIX_PL_Object *)context, + &diffObject, + plContext)); + + testGetMatchCallback(goodObject); + + testGetCRLSelectorContext(goodObject); + + testCommonCRLSelectorParams(goodObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + goodObject, + diffObject, + NULL, + CRLSelector, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(diffObject); + PKIX_TEST_DECREF_AC(context); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRLSelector"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/manifest.mn b/security/nss/cmd/libpkix/pkix/manifest.mn new file mode 100644 index 0000000000..895bf52b2b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/manifest.mn @@ -0,0 +1,11 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = .. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +DIRS = certsel checker crlsel params results store top util \ + $(NULL) diff --git a/security/nss/cmd/libpkix/pkix/params/Makefile b/security/nss/cmd/libpkix/pkix/params/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/params/manifest.mn b/security/nss/cmd/libpkix/pkix/params/manifest.mn new file mode 100644 index 0000000000..c7629a6207 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_procparams.c \ + test_trustanchor.c \ + test_valparams.c \ + test_resourcelimits.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolparams +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/params/test_procparams.c b/security/nss/cmd/libpkix/pkix/params/test_procparams.c new file mode 100644 index 0000000000..419322a1e7 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_procparams.c @@ -0,0 +1,478 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_procparams.c + * + * Test ProcessingParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ProcessingParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetAnchors( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_List *goodAnchors = NULL; + PKIX_List *equalAnchors = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_GetTrustAnchors"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(goodObject, &goodAnchors, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(equalObject, &equalAnchors, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodAnchors, + (PKIX_PL_Object *)equalAnchors, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodAnchors); + PKIX_TEST_DECREF_AC(equalAnchors); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetDate( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_PL_Date *setDate = NULL; + PKIX_PL_Date *getDate = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetDate"); + + setDate = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetDate(goodObject, &getDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setDate, + (PKIX_PL_Object *)getDate, + PKIX_TRUE, + plContext); + + /* we want to make sure that goodObject and equalObject are "equal" */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(equalObject, setDate, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(getDate); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker1cb( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */ + void **pNBIOContext, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetCertChainCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_CertChainChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, (PKIX_PL_Object *)checker, plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker2cb( + PKIX_RevocationChecker *checker, + PKIX_PL_Cert *cert, + PKIX_UInt32 *pResult, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetRevocationCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_RevocationChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, + (PKIX_PL_Object *)checker, + plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetResourceLimits( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) + +{ + PKIX_ResourceLimits *resourceLimits1 = NULL; + PKIX_ResourceLimits *resourceLimits2 = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits1, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(goodObject, resourceLimits1, plContext)); + + PKIX_TEST_DECREF_BC(resourceLimits2); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits(goodObject, &resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(equalObject, resourceLimits2, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(resourceLimits1); + PKIX_TEST_DECREF_AC(resourceLimits2); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetConstraints(PKIX_ProcessingParams *goodObject) +{ + + PKIX_CertSelector *setConstraints = NULL; + PKIX_CertSelector *getConstraints = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints"); + + /* + * After createConstraints is implemented + * setConstraints = createConstraints(); + */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(goodObject, setConstraints, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTargetCertConstraints(goodObject, &getConstraints, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setConstraints, + (PKIX_PL_Object *)getConstraints, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(setConstraints); + PKIX_TEST_DECREF_AC(getConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetInitialPolicies( + PKIX_ProcessingParams *goodObject, + char *asciiPolicyOID) +{ + PKIX_PL_OID *policyOID = NULL; + PKIX_List *setPolicyList = NULL; + PKIX_List *getPolicyList = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetInitialPolicies"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiPolicyOID, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setPolicyList, (PKIX_PL_Object *)policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(goodObject, setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies(goodObject, &getPolicyList, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setPolicyList, + (PKIX_PL_Object *)getPolicyList, + PKIX_TRUE, + plContext); + +cleanup: + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(setPolicyList); + PKIX_TEST_DECREF_AC(getPolicyList); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetPolicyQualifiersRejected( + PKIX_ProcessingParams *goodObject, + PKIX_Boolean rejected) +{ + PKIX_Boolean getRejected = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyQualifiersRejected(goodObject, rejected, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetPolicyQualifiersRejected(goodObject, &getRejected, plContext)); + + if (rejected != getRejected) { + testError("GetPolicyQualifiersRejected returned unexpected value"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +int +test_procparams(int argc, char *argv[]) +{ + + PKIX_ProcessingParams *goodObject = NULL; + PKIX_ProcessingParams *equalObject = NULL; + PKIX_ProcessingParams *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + char *dataCentralDir = NULL; + PKIX_UInt32 j = 0; + + char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID; + char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2"; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\tMon Mar 29 08:48:47 2004\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (2.5.29.32.0)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tResource Limits: [\n" + "\tMaxTime: 2\n" + "\tMaxFanout: 3\n" + "\tMaxDepth: 3\n" + "]\n\n" + "\tCRL Checking Enabled: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dataCentralDir = argv[j + 1]; + + subTest("PKIX_ProcessingParams_Create"); + goodObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + equalObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + diffObject = createProcessingParams(dataCentralDir, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + testGetAnchors(goodObject, equalObject); + testGetSetDate(goodObject, equalObject); + testGetSetCertChainCheckers(goodObject, equalObject); + testGetSetRevocationCheckers(goodObject, equalObject); + testGetSetResourceLimits(goodObject, equalObject); + + /* + * XXX testGetSetConstraints(goodObject); + */ + + testGetSetInitialPolicies(goodObject, oidAnyPolicy); + testGetSetInitialPolicies(equalObject, oidAnyPolicy); + testGetSetInitialPolicies(diffObject, oidNist1Policy); + testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ProcessingParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ProcessingParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c new file mode 100644 index 0000000000..f52c3ef87f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c @@ -0,0 +1,99 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_resourcelimits.c + * + * Test ResourceLimits Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ResourceLimits_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_resourcelimits(int argc, char *argv[]) +{ + + PKIX_ResourceLimits *goodObject = NULL; + PKIX_ResourceLimits *equalObject = NULL; + PKIX_ResourceLimits *diffObject = NULL; + PKIX_UInt32 maxTime = 0; + PKIX_UInt32 maxFanout = 0; + PKIX_UInt32 maxDepth = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *expectedAscii = + "[\n" + "\tMaxTime: 10\n" + "\tMaxFanout: 5\n" + "\tMaxDepth: 5\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_ResourceLimits_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&goodObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&diffObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&equalObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(goodObject, 10, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime(goodObject, &maxTime, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(equalObject, maxTime, plContext)); + maxTime++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(diffObject, maxTime, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout(goodObject, &maxFanout, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(equalObject, maxFanout, plContext)); + maxFanout++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(diffObject, maxFanout, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth(goodObject, &maxDepth, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(equalObject, maxDepth, plContext)); + maxDepth++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(diffObject, maxDepth, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + ResourceLimits, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ResourceLimits"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c new file mode 100644 index 0000000000..4bd9d174ce --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c @@ -0,0 +1,251 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_trustanchor.c + * + * Test TrustAnchor Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createTrustAnchors( + char *dirName, + char *goodInput, + PKIX_TrustAnchor **goodObject, + PKIX_TrustAnchor **equalObject, + PKIX_TrustAnchor **diffObject) +{ + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair "); + *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair "); + *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithCert "); + *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext); +} + +static void +testGetCAName( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_X500Name *diffCAName = NULL; + PKIX_PL_X500Name *equalCAName = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAName"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffCAName, + (PKIX_PL_Object *)equalCAName, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCAName); + PKIX_TEST_DECREF_AC(equalCAName); + + PKIX_TEST_RETURN(); +} + +static void +testGetCAPublicKey( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_PublicKey *diffPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffPubKey, + (PKIX_PL_Object *)equalPubKey, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetNameConstraints(char *dirName) +{ + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert; + PKIX_PL_CertNameConstraints *diffNC = NULL; + PKIX_PL_CertNameConstraints *equalNC = NULL; + char *goodInput = "nameConstraintsDN5CACert.crt"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: CN=nameConstraints DN5 CA," + "O=Test Certificates,C=US\n" + "\tTrusted CA PublicKey: PKCS #1 RSA Encryption\n" + "\tInitial Name Constraints:[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t]\n" + "\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create TrustAnchors and compare"); + + createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext)); + + subTest("PKIX_TrustAnchor_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffNC, + (PKIX_PL_Object *)equalNC, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffNC); + PKIX_TEST_DECREF_AC(equalNC); + PKIX_TEST_DECREF_BC(diffCert); + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_TrustAnchor_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_trustanchor \n\n"); +} + +int +test_trustanchor(int argc, char *argv[]) +{ + + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n"; + char *dirName = NULL; + char *dataCentralDir = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("TrustAnchor"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3) { + printUsage(); + return (0); + } + + dirName = argv[j + 1]; + dataCentralDir = argv[j + 2]; + + createTrustAnchors(dataCentralDir, + goodInput, + &goodObject, + &equalObject, + &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + testGetCAName(diffCert, equalObject); + testGetCAPublicKey(diffCert, equalObject); + + testGetNameConstraints(dirName); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCert); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("TrustAnchor"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_valparams.c b/security/nss/cmd/libpkix/pkix/params/test_valparams.c new file mode 100644 index 0000000000..6419062c40 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_valparams.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_valparams.c + * + * Test ValidateParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetProcParams( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_ProcessingParams *goodProcParams = NULL; + PKIX_ProcessingParams *equalProcParams = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(goodObject, &goodProcParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(equalObject, &equalProcParams, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodProcParams, + (PKIX_PL_Object *)equalProcParams, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodProcParams); + PKIX_TEST_DECREF_AC(equalProcParams); + + PKIX_TEST_RETURN(); +} + +static void +testGetCertChain( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_List *goodChain = NULL; + PKIX_List *equalChain = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetCertChain"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(goodObject, &goodChain, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(equalObject, &equalChain, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodChain, + (PKIX_PL_Object *)equalChain, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodChain); + PKIX_TEST_DECREF_AC(equalChain); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +int +test_valparams(int argc, char *argv[]) +{ + + PKIX_ValidateParams *goodObject = NULL; + PKIX_ValidateParams *equalObject = NULL; + PKIX_ValidateParams *diffObject = NULL; + PKIX_List *chain = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tProcessing Params: \n" + "\t********BEGIN PROCESSING PARAMS********\n" + "\t\t" + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\t(null)\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (null)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tCRL Checking Enabled: 0\n" + "]\n" + "\n" + "\t********END PROCESSING PARAMS********\n" + "\tChain: \t\t" + "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" + "\t To: Fri Aug 18 16:19:56 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc65af\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:14:39 1999\n" + "\t To: Fri Aug 18 16:14:39 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ValidateParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("PKIX_ValidateParams_Create"); + chain = createCertChain(dirName, diffInput, goodInput, plContext); + goodObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + equalObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + diffObject = createValidateParams(dirName, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + testGetProcParams(goodObject, equalObject); + testGetCertChain(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ValidateParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/Makefile b/security/nss/cmd/libpkix/pkix/results/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/results/manifest.mn b/security/nss/cmd/libpkix/pkix/results/manifest.mn new file mode 100644 index 0000000000..7e4caeac60 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_buildresult.c \ + test_policynode.c \ + test_verifynode.c \ + test_valresult.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolresults +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/results/test_buildresult.c b/security/nss/cmd/libpkix/pkix/results/test_buildresult.c new file mode 100644 index 0000000000..8b13e8eea6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_buildresult.c @@ -0,0 +1,212 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildresult.c + * + * Test BuildResult Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_BuildResult_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetValidateResult( + PKIX_BuildResult *goodObject, + PKIX_BuildResult *equalObject) +{ + + PKIX_ValidateResult *goodValResult = NULL; + PKIX_ValidateResult *equalValResult = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_BuildResult_GetValidateResult"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(goodObject, &goodValResult, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(equalObject, &equalValResult, NULL)); + + testEqualsHelper((PKIX_PL_Object *)goodValResult, + (PKIX_PL_Object *)equalValResult, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodValResult); + PKIX_TEST_DECREF_AC(equalValResult); + + PKIX_TEST_RETURN(); +} + +static void +testGetCertChain( + PKIX_BuildResult *goodObject, + PKIX_BuildResult *equalObject) +{ + + PKIX_List *goodChain = NULL; + PKIX_List *equalChain = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_BuildResult_GetCertChain"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(goodObject, &goodChain, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(equalObject, &equalChain, NULL)); + + testEqualsHelper((PKIX_PL_Object *)goodChain, + (PKIX_PL_Object *)equalChain, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodChain); + PKIX_TEST_DECREF_AC(equalChain); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +int +test_buildresult(int argc, char *argv[]) +{ + + PKIX_BuildResult *goodObject = NULL; + PKIX_BuildResult *equalObject = NULL; + PKIX_BuildResult *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + char *dirName = NULL; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tValidateResult: \t\t" + "[\n" + "\tTrustAnchor: \t\t" + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + "\tPubKey: \t\t" + "ANSI X9.57 DSA Signature\n" + "\tPolicyTree: \t\t(null)\n" + "]\n" + "\tCertChain: \t\t(" + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc65af\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:14:39 1999\n" + "\t To: Fri Aug 18 16:14:39 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" + "\t To: Fri Aug 18 16:19:56 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("BuildResult"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("pkix_BuildResult_Create"); + + goodObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext); + equalObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext); + diffObject = createBuildResult(dirName, diffInput, goodInput, diffInput, goodInput, plContext); + + testGetValidateResult(goodObject, equalObject); + testGetCertChain(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + BuildResult, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("BuildResult"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_policynode.c b/security/nss/cmd/libpkix/pkix/results/test_policynode.c new file mode 100644 index 0000000000..38ac1d95e6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_policynode.c @@ -0,0 +1,612 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_policynode.c + * + * Test PolicyNode Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +test_GetChildren( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode) +{ + + /* + * Caution: be careful where you insert this test. PKIX_PolicyNode_GetChildren + * is required by the API to return an immutable List, and it does it by setting + * the List immutable. We don't make a copy because the assumption is that + * certificate and policy processing have been completed before the user gets at + * the public API. So subsequent tests of functions that modify the policy tree, + * such as Prune, will fail if called after the execution of this test. + */ + + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetChildren"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, NULL, List, NULL); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetChildren returned a mutable List"); + } + +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_GetParent( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_PolicyNode *goodParent = NULL; + PKIX_PolicyNode *equalParent = NULL; + PKIX_PolicyNode *diffParent = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetParent"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(goodNode, &goodParent, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(equalNode, &equalParent, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(diffNode, &diffParent, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodParent, + equalParent, + diffParent, + expectedAscii, + CertPolicyNode, + NULL); + +cleanup: + PKIX_TEST_DECREF_AC(goodParent); + PKIX_TEST_DECREF_AC(equalParent); + PKIX_TEST_DECREF_AC(diffParent); + + PKIX_TEST_RETURN(); +} + +/* + * This test is the same as testDuplicateHelper, except that it + * produces a more useful "Actual value" and "Expected value" + * in the case of an unexpected mismatch. + */ +static void +test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext) +{ + PKIX_PolicyNode *newObject = NULL; + PKIX_Boolean cmpResult; + PKIX_PL_String *original = NULL; + PKIX_PL_String *copy = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testing pkix_PolicyNode_Duplicate"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)object, + (PKIX_PL_Object **)&newObject, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)object, + (PKIX_PL_Object *)newObject, + &cmpResult, + plContext)); + + if (!cmpResult) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)object, &original, plContext)); + testError("unexpected mismatch"); + (void)printf("original value:\t%s\n", original->escAsciiString); + + if (newObject) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)newObject, ©, plContext)); + (void)printf("copy value:\t%s\n", copy->escAsciiString); + } else { + (void)printf("copy value:\t(NULL)\n"); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(newObject); + PKIX_TEST_DECREF_AC(original); + PKIX_TEST_DECREF_AC(copy); + + PKIX_TEST_RETURN(); +} + +static void +test_GetValidPolicy( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_PL_OID *goodPolicy = NULL; + PKIX_PL_OID *equalPolicy = NULL; + PKIX_PL_OID *diffPolicy = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetValidPolicy"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(goodNode, &goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(equalNode, &equalPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(diffNode, &diffPolicy, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, equalPolicy, diffPolicy, expectedAscii, OID, NULL); + +cleanup: + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + + PKIX_TEST_RETURN(); +} + +static void +test_GetPolicyQualifiers( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetPolicyQualifiers"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetPolicyQualifiers returned a mutable List"); + } +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_GetExpectedPolicies( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode, + char *expectedAscii) +{ + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_List *goodList = NULL; + PKIX_List *equalList = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetExpectedPolicies"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(goodNode, &goodList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(equalNode, &equalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(diffNode, &diffList, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PKIX_PolicyNode_GetExpectedPolicies returned a mutable List"); + } +cleanup: + PKIX_TEST_DECREF_AC(goodList); + PKIX_TEST_DECREF_AC(equalList); + PKIX_TEST_DECREF_AC(diffList); + + PKIX_TEST_RETURN(); +} + +static void +test_IsCritical( + PKIX_PolicyNode *goodNode, + PKIX_PolicyNode *equalNode, + PKIX_PolicyNode *diffNode) +{ + PKIX_Boolean goodBool = PKIX_FALSE; + PKIX_Boolean equalBool = PKIX_FALSE; + PKIX_Boolean diffBool = PKIX_FALSE; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_IsCritical"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(goodNode, &goodBool, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(equalNode, &equalBool, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(diffNode, &diffBool, plContext)); + + if ((!goodBool) || (!equalBool) || (diffBool)) { + testError("IsCritical returned unexpected value"); + } +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +test_GetDepth( + PKIX_PolicyNode *depth1Node, + PKIX_PolicyNode *depth2Node, + PKIX_PolicyNode *depth3Node) +{ + PKIX_UInt32 depth1 = 0; + PKIX_UInt32 depth2 = 0; + PKIX_UInt32 depth3 = 0; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PolicyNode_GetDepth"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth1Node, &depth1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth2Node, &depth2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth3Node, &depth3, plContext)); + + if ((depth1 != 1) || (depth2 != 2) || (depth3 != 3)) { + testError("GetDepth returned unexpected value"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_policynode \n\n"); +} + +int +test_policynode(int argc, char *argv[]) +{ + + /* + * Create a tree with parent = anyPolicy, + * child1 with Nist1+Nist2, child2 with Nist1. + * Give each child another child, with policies Nist2 + * and Nist1, respectively. Pruning with a depth of two + * should have no effect. Give one of the children + * another child. Then pruning with a depth of three + * should reduce the tree to a single strand, as child1 + * and child3 are removed. + * + * parent (anyPolicy) + * / \ + * child1(Nist1+Nist2) child2(Nist1) + * | | + * child3(Nist2) child4(Nist1) + * | + * child5(Nist1) + * + */ + char *asciiAnyPolicy = "2.5.29.32.0"; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_CertPolicyInfo *nist1Policy = NULL; + PKIX_PL_CertPolicyInfo *nist2Policy = NULL; + PKIX_List *policyQualifierList = NULL; + PKIX_PL_OID *oidAnyPolicy = NULL; + PKIX_PL_OID *oidNist1Policy = NULL; + PKIX_PL_OID *oidNist2Policy = NULL; + PKIX_List *expectedAnyList = NULL; + PKIX_List *expectedNist1List = NULL; + PKIX_List *expectedNist2List = NULL; + PKIX_List *expectedNist1Nist2List = NULL; + PKIX_List *emptyList = NULL; + PKIX_PolicyNode *parentNode = NULL; + PKIX_PolicyNode *childNode1 = NULL; + PKIX_PolicyNode *childNode2 = NULL; + PKIX_PolicyNode *childNode3 = NULL; + PKIX_PolicyNode *childNode4 = NULL; + PKIX_PolicyNode *childNode5 = NULL; + PKIX_PL_String *parentString = NULL; + PKIX_Boolean pDelete = PKIX_FALSE; + char *expectedParentAscii = + "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C " + "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65" + " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2" + "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 " + "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66" + " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6" + "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3" + ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7" + "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 " + "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20" + " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6" + "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 " + "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3" + ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20" + " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2" + "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 " + "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72" + " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7" + "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n" + ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}"; + char *expectedValidAscii = + "2.16.840.1.101.3.2.1.48.2"; + char *expectedQualifiersAscii = + /* "(1.3.6.1.5.5.7.2.2)"; */ + "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 " + "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74" + " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7" + "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 " + "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70" + " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])"; + char *expectedPoliciesAscii = + "(2.16.840.1.101.3.2.1.48.1)"; + char *expectedTree = + "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" + ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1" + ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69" + " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6" + "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 " + "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63" + " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7" + "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101" + ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A " + "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72" + " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6" + "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 " + "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F" + " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]" + "),1}\n" + ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30" + " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6" + "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F " + "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68" + " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2" + "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 " + "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)" + ",2}\n" + ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" + ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," + "(2.16.840.1.101.3.2.1.48.1),2}\n" + ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" + "0.1.101.3.2.1.48.1),3}"; + char *expectedPrunedTree = + "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n" + ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5" + "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 " + "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D" + " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6" + "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 " + "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20" + " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n" + ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical," + "(2.16.840.1.101.3.2.1.48.1),2}\n" + ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84" + "0.1.101.3.2.1.48.1),3}"; + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 2) { + printUsage(); + return (0); + } + + startTests("PolicyNode"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[j + 1]; + + subTest("Creating OID objects"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &oidAnyPolicy, plContext)); + + /* Read certificates to get real policies, qualifiers */ + + cert = createCert(dirName, "UserNoticeQualifierTest16EE.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &expectedNist1Nist2List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List, + 0, + (PKIX_PL_Object **)&nist1Policy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List, + 1, + (PKIX_PL_Object **)&nist2Policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(nist1Policy, &policyQualifierList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist1Policy, &oidNist1Policy, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist2Policy, &oidNist2Policy, plContext)); + + subTest("Creating expectedPolicy List objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedAnyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist1List, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist2List, plContext)); + + subTest("Populating expectedPolicy List objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist1List, + (PKIX_PL_Object *)oidNist1Policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist2List, + (PKIX_PL_Object *)oidNist2Policy, + plContext)); + + subTest("Creating PolicyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidAnyPolicy, + NULL, + PKIX_TRUE, + expectedAnyList, + &parentNode, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist1Nist2List, + &childNode1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist1List, + &childNode2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy, + policyQualifierList, + PKIX_TRUE, + expectedNist2List, + &childNode3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + emptyList, + PKIX_FALSE, + expectedNist1List, + &childNode4, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy, + NULL, + PKIX_TRUE, + expectedNist1List, + &childNode5, + plContext)); + + subTest("Creating the PolicyNode tree"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode1, childNode3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode2, childNode4, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode4, childNode5, plContext)); + + subTest("Displaying PolicyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext)); + (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext); + + test_DuplicateHelper(parentNode, plContext); + + test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii); + test_GetValidPolicy(childNode1, childNode3, parentNode, expectedValidAscii); + test_GetPolicyQualifiers(childNode1, childNode3, childNode4, expectedQualifiersAscii); + test_GetExpectedPolicies(childNode2, childNode4, childNode3, expectedPoliciesAscii); + test_IsCritical(childNode1, childNode2, childNode4); + test_GetDepth(childNode2, childNode4, childNode5); + + subTest("pkix_PolicyNode_Prune"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 2, &pDelete, plContext)); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 3, &pDelete, plContext)); + + testToStringHelper((PKIX_PL_Object *)parentNode, expectedPrunedTree, plContext); + + test_GetChildren(parentNode, parentNode, childNode2); + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(nist1Policy); + PKIX_TEST_DECREF_AC(nist2Policy); + PKIX_TEST_DECREF_AC(policyQualifierList); + PKIX_TEST_DECREF_AC(oidAnyPolicy); + PKIX_TEST_DECREF_AC(oidNist1Policy); + PKIX_TEST_DECREF_AC(oidNist2Policy); + PKIX_TEST_DECREF_AC(expectedAnyList); + PKIX_TEST_DECREF_AC(expectedNist1List); + PKIX_TEST_DECREF_AC(expectedNist2List); + PKIX_TEST_DECREF_AC(expectedNist1Nist2List); + PKIX_TEST_DECREF_AC(emptyList); + PKIX_TEST_DECREF_AC(parentNode); + PKIX_TEST_DECREF_AC(childNode1); + PKIX_TEST_DECREF_AC(childNode2); + PKIX_TEST_DECREF_AC(childNode3); + PKIX_TEST_DECREF_AC(childNode4); + PKIX_TEST_DECREF_AC(childNode5); + PKIX_TEST_DECREF_AC(parentString); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("PolicyNode"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_valresult.c b/security/nss/cmd/libpkix/pkix/results/test_valresult.c new file mode 100644 index 0000000000..7760a431e3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_valresult.c @@ -0,0 +1,199 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_valresult.c + * + * Test ValidateResult Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateResult_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetPublicKey( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_PL_PublicKey *goodPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(goodObject, &goodPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(equalObject, &equalPubKey, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodPubKey, + (PKIX_PL_Object *)equalPubKey, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetTrustAnchor( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_TrustAnchor *goodAnchor = NULL; + PKIX_TrustAnchor *equalAnchor = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetTrustAnchor"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(goodObject, &goodAnchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(equalObject, &equalAnchor, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodAnchor, + (PKIX_PL_Object *)equalAnchor, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodAnchor); + PKIX_TEST_DECREF_AC(equalAnchor); + + PKIX_TEST_RETURN(); +} + +static void +testGetPolicyTree( + PKIX_ValidateResult *goodObject, + PKIX_ValidateResult *equalObject) +{ + + PKIX_PolicyNode *goodTree = NULL; + PKIX_PolicyNode *equalTree = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateResult_GetPolicyTree"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(goodObject, &goodTree, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(equalObject, &equalTree, plContext)); + + if (goodTree) { + testEqualsHelper((PKIX_PL_Object *)goodTree, + (PKIX_PL_Object *)equalTree, + PKIX_TRUE, + plContext); + } else if (equalTree) { + pkixTestErrorMsg = "Mismatch: NULL and non-NULL Policy Trees"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodTree); + PKIX_TEST_DECREF_AC(equalTree); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +int +test_valresult(int argc, char *argv[]) +{ + + PKIX_ValidateResult *goodObject = NULL; + PKIX_ValidateResult *equalObject = NULL; + PKIX_ValidateResult *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + char *dirName = NULL; + + char *expectedAscii = + "[\n" + "\tTrustAnchor: \t\t" + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + "\tPubKey: \t\t" + "ANSI X9.57 DSA Signature\n" + "\tPolicyTree: \t\t(null)\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ValidateResult"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("pkix_ValidateResult_Create"); + + goodObject = createValidateResult(dirName, goodInput, diffInput, plContext); + equalObject = createValidateResult(dirName, goodInput, diffInput, plContext); + diffObject = createValidateResult(dirName, diffInput, goodInput, plContext); + + testGetPublicKey(goodObject, equalObject); + testGetTrustAnchor(goodObject, equalObject); + testGetPolicyTree(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + ValidateResult, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateResult"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/results/test_verifynode.c b/security/nss/cmd/libpkix/pkix/results/test_verifynode.c new file mode 100644 index 0000000000..21c61aa96c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/results/test_verifynode.c @@ -0,0 +1,112 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_verifynode.c + * + * Test VerifyNode Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_verifynode path cert1 cert2 cert3\n\n"); +} + +int +test_verifynode(int argc, char *argv[]) +{ + + /* + * Create a tree with parent = cert1, child=cert2, grandchild=cert3 + */ + PKIX_PL_Cert *cert1 = NULL; + PKIX_PL_Cert *cert2 = NULL; + PKIX_PL_Cert *cert3 = NULL; + PKIX_VerifyNode *parentNode = NULL; + PKIX_VerifyNode *childNode = NULL; + PKIX_VerifyNode *grandChildNode = NULL; + PKIX_PL_String *parentString = NULL; + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + char *twoNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Cert" + "ificates,C=US, Subject:CN=Trust Anchor,O=Test Certif" + "icates,C=US], depth=0, error=(null)\n. CERT[Issuer:C" + "N=Trust Anchor,O=Test Certificates,C=US, Subject:CN=" + "Good CA,O=Test Certificates,C=US], depth=1, error=(null)"; + char *threeNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Ce" + "rtificates,C=US, Subject:CN=Trust Anchor,O=Test Cert" + "ificates,C=US], depth=0, error=(null)\n. CERT[Issuer" + ":CN=Trust Anchor,O=Test Certificates,C=US, Subject:C" + "N=Good CA,O=Test Certificates,C=US], depth=1, error=" + "(null)\n. . CERT[Issuer:CN=Good CA,O=Test Certificat" + "es,C=US, Subject:CN=Valid EE Certificate Test1,O=Tes" + "t Certificates,C=US], depth=2, error=(null)"; + + PKIX_TEST_STD_VARS(); + + if (argc < 3) { + printUsage(); + return (0); + } + + startTests("VerifyNode"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[++j]; + + subTest("Creating Certs"); + + cert1 = createCert(dirName, argv[++j], plContext); + + cert2 = createCert(dirName, argv[++j], plContext); + + cert3 = createCert(dirName, argv[++j], plContext); + + subTest("Creating VerifyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert1, 0, NULL, &parentNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert2, 1, NULL, &childNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert3, 2, NULL, &grandChildNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, childNode, plContext)); + + subTest("Creating VerifyNode ToString objects"); + + testToStringHelper((PKIX_PL_Object *)parentNode, twoNodeAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, grandChildNode, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext)); + (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString); + + testToStringHelper((PKIX_PL_Object *)parentNode, threeNodeAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(cert1); + PKIX_TEST_DECREF_AC(cert2); + PKIX_TEST_DECREF_AC(parentNode); + PKIX_TEST_DECREF_AC(childNode); + PKIX_TEST_DECREF_AC(parentString); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("VerifyNode"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/store/Makefile b/security/nss/cmd/libpkix/pkix/store/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/store/manifest.mn b/security/nss/cmd/libpkix/pkix/store/manifest.mn new file mode 100644 index 0000000000..b939ffdcfd --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/manifest.mn @@ -0,0 +1,20 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_store.c + +LIBRARY_NAME = pkixtoolstore +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/store/test_store.c b/security/nss/cmd/libpkix/pkix/store/test_store.c new file mode 100644 index 0000000000..59606b8929 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/store/test_store.c @@ -0,0 +1,194 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certstore.c + * + * Test CertStore Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +testCRLCallback( + PKIX_CertStore *store, + PKIX_CRLSelector *selector, + void **pNBIOContext, + PKIX_List **pCrls, /* list of PKIX_PL_Crl */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCRLContinue( + PKIX_CertStore *store, + PKIX_CRLSelector *selector, + void **pNBIOContext, + PKIX_List **pCrls, /* list of PKIX_PL_Crl */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *selector, + void **pNBIOContext, + PKIX_List **pCerts, /* list of PKIX_PL_Cert */ + void *plContext) +{ + return (0); +} + +static PKIX_Error * +testCertContinue( + PKIX_CertStore *store, + PKIX_CertSelector *selector, + void **pNBIOContext, + PKIX_List **pCerts, /* list of PKIX_PL_Cert */ + void *plContext) +{ + return (0); +} + +static char * +catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen + + dirLen + + 2, + (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testCertStore(char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_PL_Object *getCertStoreContext = NULL; + PKIX_CertStore_CertCallback certCallback = NULL; + PKIX_CertStore_CRLCallback crlCallback = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_CertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(testCertCallback, + testCRLCallback, + testCertContinue, + testCRLContinue, + NULL, /* trustCallback */ + (PKIX_PL_Object *)dirString, + PKIX_TRUE, /* cacheFlag */ + PKIX_TRUE, /* local */ + &certStore, + plContext)); + + subTest("PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, plContext)); + + if (certCallback != testCertCallback) { + testError("PKIX_CertStore_GetCertCallback unexpected mismatch"); + } + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, plContext)); + + if (crlCallback != testCRLCallback) { + testError("PKIX_CertStore_GetCRLCallback unexpected mismatch"); + } + + subTest("PKIX_CertStore_GetCertStoreContext"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertStoreContext(certStore, &getCertStoreContext, plContext)); + + if ((PKIX_PL_Object *)dirString != getCertStoreContext) { + testError("PKIX_CertStore_GetCertStoreContext unexpected mismatch"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(getCertStoreContext); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s testName \n\n", pName); +} + +/* Functional tests for CertStore public functions */ + +int +test_store(int argc, char *argv[]) +{ + + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < (3 + j)) { + printUsage(argv[0]); + return (0); + } + + startTests(argv[1 + j]); + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testCertStore(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/Makefile b/security/nss/cmd/libpkix/pkix/top/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/top/manifest.mn b/security/nss/cmd/libpkix/pkix/top/manifest.mn new file mode 100644 index 0000000000..8840204f7f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/manifest.mn @@ -0,0 +1,34 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_basicchecker.c \ + test_basicconstraintschecker.c \ + test_buildchain.c \ + test_buildchain_uchecker.c \ + test_buildchain_partialchain.c \ + test_buildchain_resourcelimits.c \ + test_customcrlchecker.c \ + test_defaultcrlchecker2stores.c \ + test_ocsp.c \ + test_policychecker.c \ + test_subjaltnamechecker.c \ + test_validatechain.c \ + test_validatechain_bc.c \ + test_validatechain_NB.c \ + $(NULL) + +LIBRARY_NAME = pkixtooltop +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c b/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c new file mode 100644 index 0000000000..e2743b343f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_basicchecker.c @@ -0,0 +1,238 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_basicchecker.c + * + * Test Basic Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic-Common-Fields "); + /* + * Tests the Expiration, NameChaining, and Signature Checkers + */ + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testNameChainingFail( + char *dirName, + char *goodInput, + char *diffInput, + char *dateAscii) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("NameChaining "); + + chain = createCertChain(dirName, diffInput, goodInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testDateFail(char *dirName, char *goodInput, char *diffInput) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + subTest("Expiration "); + valParams = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testSignatureFail( + char *dirName, + char *goodInput, + char *diffInput, + char *dateAscii) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Signature "); + + chain = createCertChain(dirName, diffInput, goodInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s \n\n", pName); +} + +int +test_basicchecker(int argc, char *argv[]) +{ + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + char *dateAscii = "991201000000Z"; + char *dirName = NULL; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + startTests("SignatureChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + /* The NameChaining, Expiration, and Signature Checkers all pass */ + testPass(dirName, goodInput, diffInput, dateAscii); + + /* Individual Checkers fail */ + testNameChainingFail(dirName, goodInput, diffInput, dateAscii); + testDateFail(dirName, goodInput, diffInput); + + /* + * XXX + * since the signature check is done last, we need to create + * certs whose name chaining passes, but their signatures fail; + * we currently don't have any such certs. + */ + /* testSignatureFail(goodInput, diffInput, dateAscii); */ + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("SignatureChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c new file mode 100644 index 0000000000..eba5153ac0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c @@ -0,0 +1,145 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_basicconstraintschecker.c + * + * Test Basic Constraints Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-name [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +int +test_basicconstraintschecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 4) { + printUsage1(argv[0]); + return (0); + } + + startTests("BasicConstraintsChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[3 + j]; + + chainLength = (argc - j) - 4; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + certNames[i] = argv[(4 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Basic-Constraints - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + /* + * Error occurs when creating Cert, this is critical and test + * should not continue. Since we expect error, we assume this + * error is the one that is expected, so undo the error count. + * + * This work needs future enhancement. We will introduce another + * flag ESE, in addition to the existing EE(expect validation + * error) and ENE(expect no validation error). ESE stands for + * "expect setup error". When running with ESE, if any of the setup + * calls such creating Cert Chain fails, the test can end and + * considered to be successful. + */ + if (testValid == PKIX_FALSE && chain == NULL) { + testErrorUndo("Cert Error - Create failed"); + goto cleanup; + } + + subTest("Basic-Constraints - Create Params"); + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Basic-Constraints - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("BasicConstraintsChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain.c new file mode 100644 index 0000000000..5c9ec5968b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain.c @@ -0,0 +1,418 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain.c + * + * Test BuildChain function + * + */ + +/* #define debuggingWithoutRevocation */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define LDAP_PORT 389 +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; +static char *sepPtr = NULL; +static PRNetAddr netAddr; +static PRHostEnt hostent; +static PKIX_UInt32 portNum = 0; +static PRIntn hostenum = 0; +static PRStatus prstatus = PR_FAILURE; +static void *ipaddr = NULL; + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] " + "servername[:port] [ENE|EE]\n" + "\t " + " \n\n"); + (void)printf("Builds a chain of certificates from to \n" + "using the certs and CRLs in . " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used. \"-\" means no LDAP server.\n" + "If ENE is specified, then an Error is Not Expected. " + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &ldapCertStore, + plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +int +test_buildchain(int argc, char *argv[]) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_CertStore *ldapCertStore = NULL; + PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ + /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + PKIX_List *revCheckers = NULL; + char *asciiResult = NULL; + PKIX_Boolean result = PKIX_FALSE; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *expectedCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + void *state = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + PRPollDesc *pollDesc = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + useLDAP = PKIX_TRUE; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + for (k = ++j; k < (PKIX_UInt32)argc; k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == (PKIX_UInt32)(argc - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + &verifyTree, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + &verifyTree, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + } else { + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + } + + subTest("Displaying VerifyNode objects"); + + if (verifyTree == NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + } + + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + + if (pkixTestErrorResult) { + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + } + } + +cleanup: + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_PL_Free(asciiResult, NULL); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(trustedPubKey); + + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(targetCert); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c new file mode 100644 index 0000000000..4861a8e326 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c @@ -0,0 +1,725 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_partialchain.c + * + * Test BuildChain function + * + */ + +#define debuggingWithoutRevocation + +#include "testutil.h" +#include "testutil_nss.h" + +#define LDAP_PORT 389 +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; +static char *sepPtr = NULL; +static PRNetAddr netAddr; +static PRHostEnt hostent; +static PKIX_UInt32 portNum = 0; +static PRIntn hostenum = 0; +static PRStatus prstatus = PR_FAILURE; +static void *ipaddr = NULL; + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] " + "servername[:port] [ENE|EE]\n" + "\t " + " \n\n"); + (void)printf("Builds a chain of certificates from to \n" + "using the certs and CRLs in . " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used. \"-\" means no LDAP server.\n" + "If ENE is specified, then an Error is Not Expected. " + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &ldapCertStore, + plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs in the partial list, no leaf */ +static PKIX_Error * +testWithNoLeaf( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with no target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + PKIX_PL_Free(asciiResult, NULL); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs in the partial list, leaf duplicates the first one */ +static PKIX_Error * +testWithDuplicateLeaf( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + PKIX_PL_Free(asciiResult, NULL); + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +/* Test with all Certs except the leaf in the partial list */ +static PKIX_Error * +testWithLeafAndChain( + PKIX_PL_Cert *trustedCert, + PKIX_List *listOfCerts, + PKIX_PL_Cert *targetCert, + PKIX_List *certStores, + PKIX_Boolean testValid, + void *plContext) +{ + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *hintCerts = NULL; + PKIX_List *revCheckers = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_PL_PublicKey *trustedPubKey = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_BuildResult *buildResult = NULL; + PRPollDesc *pollDesc = NULL; + void *state = NULL; + char *asciiResult = NULL; + + PKIX_TEST_STD_VARS(); + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create hintCerts */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, + (PKIX_PL_Object **)&hintCerts, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(hintCerts, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, + NULL, /* testDate, may be NULL */ + trustedPubKey, + numCerts, + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +#ifdef debuggingWithoutRevocation + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); +#endif + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(hintCerts); + PKIX_TEST_DECREF_AC(trustedPubKey); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +int +test_buildchain_partialchain(int argc, char *argv[]) +{ + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_Boolean ene = PKIX_TRUE; /* expect no error */ + PKIX_List *listOfCerts = NULL; + PKIX_List *certStores = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_Cert *trusted = NULL; + PKIX_PL_Cert *target = NULL; + PKIX_CertStore *ldapCertStore = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_PL_String *dirNameString = NULL; + char *dirName = NULL; + + PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ + /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + useLDAP = PKIX_TRUE; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + ene = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + ene = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext)); + + for (k = ++j; k < ((PKIX_UInt32)argc); k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == ((PKIX_UInt32)(argc - 1))) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trusted = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(listOfCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + target = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + } + + subTest("testWithNoLeaf"); + PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); + + subTest("testWithDuplicateLeaf"); + PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); + + subTest("testWithLeafAndChain"); + PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain(trusted, listOfCerts, target, certStores, ene, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(listOfCerts); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trusted); + PKIX_TEST_DECREF_AC(target); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c new file mode 100644 index 0000000000..1b28435b01 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c @@ -0,0 +1,438 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_resourcelimits.c + * + * Test BuildChain function with constraints on resources + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES + 30) + +static void *plContext = NULL; +static PKIX_Boolean usebind = PKIX_FALSE; +static PKIX_Boolean useLDAP = PKIX_FALSE; +static char buf[PR_NETDB_BUF_SIZE]; +static char *serverName = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] " + "[usebind] servername[:port]\\\n\t\t [ENE|EE]" + " \\\n\t\t" + " \n\n"); + (void)printf("Builds a chain of certificates from to \n" + "using the certs and CRLs in . " + "servername[:port] gives\n" + "the address of an LDAP server. If port is not" + " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n" + "If ENE is specified, then an Error is Not Expected.\n" + "EE indicates an Error is Expected.\n"); +} + +static PKIX_Error * +createLdapCertStore( + char *hostname, + PRIntervalTime timeout, + PKIX_CertStore **pLdapCertStore, + void *plContext) +{ + PRIntn backlog = 0; + + char *bindname = ""; + char *auth = ""; + + LDAPBindAPI bindAPI; + LDAPBindAPI *bindPtr = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + PKIX_CertStore *ldapCertStore = NULL; + + PKIX_TEST_STD_VARS(); + + if (usebind) { + bindPtr = &bindAPI; + bindAPI.selector = SIMPLE_AUTH; + bindAPI.chooser.simple.bindName = bindname; + bindAPI.chooser.simple.authentication = auth; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext)); + + *pLdapCertStore = ldapCertStore; +cleanup: + + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (pkixTestErrorResult); +} + +static void +Test_BuildResult( + PKIX_ProcessingParams *procParams, + PKIX_Boolean testValid, + PKIX_List *expectedCerts, + void *plContext) +{ + PKIX_PL_Cert *cert = NULL; + PKIX_List *certs = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + PKIX_BuildResult *buildResult = NULL; + PKIX_Boolean result; + PKIX_Boolean supportForward = PKIX_FALSE; + PKIX_UInt32 numCerts, i; + char *asciiResult = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + void *state = NULL; + PRPollDesc *pollDesc = NULL; + + PKIX_TEST_STD_VARS(); + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_BuildChain(procParams, + (void **)&pollDesc, + &state, + &buildResult, + NULL, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED!\n"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + goto cleanup; + } + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + testError("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + } + } + +cleanup: + + PKIX_PL_Free(asciiResult, NULL); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + PKIX_TEST_DECREF_AC(state); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + + PKIX_TEST_RETURN(); +} + +int +test_buildchain_resourcelimits(int argc, char *argv[]) +{ + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_CertChainChecker *checker = NULL; + PKIX_ResourceLimits *resourceLimits = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_UInt32 actualMinorVersion = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_CertStore *ldapCertStore = NULL; + PRIntervalTime timeout = 0; /* 0 for non-blocking */ + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + PKIX_List *expectedCerts = NULL; + PKIX_Boolean testValid = PKIX_FALSE; + PKIX_Boolean usebind = PKIX_FALSE; + PKIX_Boolean useLDAP = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain_ResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * arguments: + * [optional] -arenas + * [optional] usebind + * servername or servername:port ( - for no server) + * testname + * EE or ENE + * cert directory + * target cert (end entity) + * intermediate certs + * trust anchor + */ + + /* optional argument "usebind" for Ldap CertStore */ + if (argv[j + 1]) { + if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { + usebind = PKIX_TRUE; + j++; + } + } + + if (PORT_Strcmp(argv[++j], "-") == 0) { + useLDAP = PKIX_FALSE; + } else { + serverName = argv[j]; + } + + subTest(argv[++j]); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[++j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + dirName = argv[++j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + for (k = ++j; k < argc; k++) { + + dirCert = createCert(dirName, argv[k], plContext); + + if (k == (argc - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == j) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dirName, + 0, + &dirNameString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + +#if 0 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create + (&certStore, plContext)); +#endif + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + if (useLDAP == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, + (PKIX_PL_Object *)ldapCertStore, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + /* set resource limits */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext)); + + /* need longer time when running dbx for memory leak checking */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext)); + + /* build cert chain using processing params and return buildResult */ + + subTest("Testing ResourceLimits MaxFanout & MaxDepth - "); + Test_BuildResult(procParams, + testValid, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext)); + + subTest("Testing ResourceLimits MaxFanout - "); + Test_BuildResult(procParams, + PKIX_FALSE, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext)); + + subTest("Testing ResourceLimits MaxDepth - "); + Test_BuildResult(procParams, + PKIX_FALSE, + expectedCerts, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext)); + + subTest("Testing ResourceLimits No checking - "); + Test_BuildResult(procParams, + testValid, + expectedCerts, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(ldapCertStore); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(checker); + PKIX_TEST_DECREF_AC(resourceLimits); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain_UserChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c b/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c new file mode 100644 index 0000000000..43f06ec2ac --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c @@ -0,0 +1,327 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_buildchain_uchecker.c + * + * Test BuildChain User Checker function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; +static PKIX_UInt32 numUserCheckerCalled = 0; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] " + "[-|[F]] " + " \n\n"); + (void)printf("Builds a chain of certificates between " + " and \n" + "using the certs and CRLs in .\n" + "If is not an empty string, its value is used as\n" + "user defined checker's critical extension OID.\n" + "A - for is no OID and F is for supportingForward.\n" + "If ENE is specified, then an Error is Not Expected.\n" + "If EE is specified, an Error is Expected.\n"); +} + +static PKIX_Error * +testUserChecker( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresExtOIDs, + void **pNBIOContext, + void *plContext) +{ + numUserCheckerCalled++; + return (0); +} + +int +test_buildchain_uchecker(int argc, char *argv[]) +{ + PKIX_BuildResult *buildResult = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_CertChainChecker *checker = NULL; + char *dirName = NULL; + PKIX_PL_String *dirNameString = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_CertStore *certStore = NULL; + PKIX_List *certStores = NULL; + char *asciiResult = NULL; + PKIX_Boolean result; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_Boolean supportForward = PKIX_FALSE; + PKIX_List *expectedCerts = NULL; + PKIX_List *userOIDs = NULL; + PKIX_PL_OID *oid = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_String *actualCertsString = NULL; + PKIX_PL_String *expectedCertsString = NULL; + char *actualCertsAscii = NULL; + char *expectedCertsAscii = NULL; + char *oidString = NULL; + void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ + void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */ + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("BuildChain_UserChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + /* OID specified at argv[3+j] */ + + if (*argv[3 + j] != '-') { + + if (*argv[3 + j] == 'F') { + supportForward = PKIX_TRUE; + oidString = argv[3 + j] + 1; + } else { + oidString = argv[3 + j]; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&userOIDs, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidString, &oid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(userOIDs, (PKIX_PL_Object *)oid, plContext)); + PKIX_TEST_DECREF_BC(oid); + } + + subTest(argv[1 + j]); + + dirName = argv[4 + j]; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext)); + + chainLength = argc - j - 5; + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + if (k == (chainLength - 1)) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + trustedCert = dirCert; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts, + (PKIX_PL_Object *)dirCert, + plContext)); + + if (k == 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, + plContext)); + targetCert = dirCert; + } + } + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(testUserChecker, + supportForward, + PKIX_FALSE, + userOIDs, + NULL, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(procParams, checker, plContext)); + + /* create CertStores */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + dirName, + 0, + &dirNameString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); + +#if 0 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create + (&certStore, plContext)); +#endif + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); + + /* build cert chain using processing params and return buildResult */ + + pkixTestErrorResult = PKIX_BuildChain(procParams, + &nbioContext, + &buildState, + &buildResult, + NULL, + plContext); + + if (testValid == PKIX_TRUE) { /* ENE */ + if (pkixTestErrorResult) { + (void)printf("UNEXPECTED RESULT RECEIVED!\n"); + } else { + (void)printf("EXPECTED RESULT RECEIVED!\n"); + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } + } else { /* EE */ + if (pkixTestErrorResult) { + (void)printf("EXPECTED RESULT RECEIVED!\n"); + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + testError("UNEXPECTED RESULT RECEIVED"); + } + } + + if (buildResult) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + printf("\n"); + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs, + (PKIX_PL_Object *)expectedCerts, + &result, + plContext)); + + if (!result) { + testError("BUILT CERTCHAIN IS " + "NOT THE ONE THAT WAS EXPECTED"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs, + &actualCertsString, + plContext)); + + actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext); + if (actualCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts, + &expectedCertsString, + plContext)); + + expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext); + if (expectedCertsAscii == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + (void)printf("Actual value:\t%s\n", actualCertsAscii); + (void)printf("Expected value:\t%s\n", + expectedCertsAscii); + + if (chainLength - 1 != numUserCheckerCalled) { + pkixTestErrorMsg = + "PKIX user defined checker not called"; + } + + goto cleanup; + } + } + +cleanup: + PKIX_PL_Free(asciiResult, plContext); + PKIX_PL_Free(actualCertsAscii, plContext); + PKIX_PL_Free(expectedCertsAscii, plContext); + + PKIX_TEST_DECREF_AC(actualCertsString); + PKIX_TEST_DECREF_AC(expectedCertsString); + PKIX_TEST_DECREF_AC(expectedCerts); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certStores); + PKIX_TEST_DECREF_AC(dirNameString); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(buildResult); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(userOIDs); + PKIX_TEST_DECREF_AC(checker); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("BuildChain_UserChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c new file mode 100644 index 0000000000..d2c667ae74 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c @@ -0,0 +1,435 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_customcrlchecker.c + * + * Test Custom CRL Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5 + +static void *plContext = NULL; +char *dirName = NULL; /* also used in callback */ + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +getCRLCallback( + PKIX_CertStore *store, + PKIX_CRLSelector *crlSelector, + void **pNBIOContext, + PKIX_List **pCrlList, + void *plContext) +{ + char *crlFileNames[] = { "chem.crl", + "phys.crl", + "prof.crl", + "sci.crl", + "test.crl", + 0 }; + PKIX_PL_CRL *crl = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 i = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext)); + + while (crlFileNames[i]) { + + crl = createCRL(dirName, crlFileNames[i++], plContext); + + if (crl != NULL) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl, plContext)); + + PKIX_TEST_DECREF_BC(crl); + } + } + + *pCrlList = crlList; + +cleanup: + + PKIX_TEST_RETURN(); + + return (0); /* this function is called by libpkix */ +} + +static PKIX_Error * +getCRLContinue( + PKIX_CertStore *store, + PKIX_CRLSelector *crlSelector, + void **pNBIOContext, + PKIX_List **pCrlList, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + void **pNBIOContext, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +getCertContinue( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + void **pNBIOContext, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +testCRLSelectorMatchCallback( + PKIX_CRLSelector *selector, + PKIX_PL_CRL *crl, + void *plContext) +{ + PKIX_ComCRLSelParams *comCrlSelParams = NULL; + PKIX_List *issuerList = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_PL_X500Name *crlIssuer = NULL; + PKIX_UInt32 numIssuers = 0; + PKIX_UInt32 i = 0; + PKIX_Boolean result = PKIX_FALSE; + PKIX_Error *error = NULL; + char *errorText = "Not an error, CRL Select mismatch"; + + PKIX_TEST_STD_VARS(); + + subTest("Custom_Selector_MatchCallback"); + + if (selector != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(selector, &comCrlSelParams, plContext)); + } + + if (crl != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext)); + } + + if (comCrlSelParams != NULL) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(comCrlSelParams, &issuerList, plContext)); + } + + if (issuerList != NULL) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(issuerList, &numIssuers, plContext)); + + for (i = 0; i < numIssuers; i++) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(issuerList, + i, (PKIX_PL_Object **)&issuer, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)crlIssuer, + (PKIX_PL_Object *)issuer, + &result, + plContext)); + + if (result != PKIX_TRUE) { + break; + } + + if (i == numIssuers - 1) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(0, + NULL, + NULL, + PKIX_TESTNOTANERRORCRLSELECTMISMATCH, + &error, + plContext)); + + PKIX_TEST_DECREF_AC(issuer); + issuer = NULL; + break; + } + + PKIX_TEST_DECREF_AC(issuer); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(comCrlSelParams); + PKIX_TEST_DECREF_AC(crlIssuer); + PKIX_TEST_DECREF_AC(issuer); + PKIX_TEST_DECREF_AC(issuerList); + + PKIX_TEST_RETURN(); + + return (error); +} + +static PKIX_Error * +testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName) +{ + PKIX_PL_String *issuerString = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_UInt32 length = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCRLSelParams_AddIssuerName"); + + length = PL_strlen(issuerName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8, + issuerName, + length, + &issuerString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString, + &issuer, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuer, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(issuerString); + PKIX_TEST_DECREF_AC(issuer); + + PKIX_TEST_RETURN(); + + return (0); +} + +static PKIX_Error * +testCustomCertStore(PKIX_ValidateParams *valParams) +{ + PKIX_CertStore_CRLCallback crlCallback; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + char *issuerName1 = "cn=science,o=mit,c=us"; + char *issuerName2 = "cn=physics,o=mit,c=us"; + char *issuerName3 = "cn=prof noall,o=mit,c=us"; + char *issuerName4 = "cn=testing CRL,o=test,c=us"; + PKIX_ComCRLSelParams *comCrlSelParams = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 numCrl = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStore_Create"); + + /* Create CRLSelector, link in CollectionCertStore */ + + subTest("PKIX_ComCRLSelParams_AddIssuerNames"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext)); + + testAddIssuerName(comCrlSelParams, issuerName1); + testAddIssuerName(comCrlSelParams, issuerName2); + testAddIssuerName(comCrlSelParams, issuerName3); + testAddIssuerName(comCrlSelParams, issuerName4); + + subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback, + NULL, + &crlSelector, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, comCrlSelParams, plContext)); + + /* Create CertStore, link in CRLSelector */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_CertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(getCertCallback, + getCRLCallback, + getCertContinue, + getCRLContinue, + NULL, /* trustCallback */ + (PKIX_PL_Object *)crlSelector, /* fake */ + PKIX_FALSE, /* cacheFlag */ + PKIX_TRUE, /* localFlag */ + &certStore, + plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, + &crlCallback, + NULL)); + + subTest("Getting CRL by CRL Callback"); + PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, + &numCrl, + plContext)); + + if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { + pkixTestErrorMsg = "unexpected CRL number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(crlList); + PKIX_TEST_DECREF_AC(comCrlSelParams); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); + + return (0); +} + +/* + * Validate Certificate Chain with Certificate Revocation List + * Certificate Chain is built based on input certs' sequence. + * CRL is fetched from the directory specified in CollectionCertStore. + * while CollectionCertStore is linked in CertStore Object which then + * linked in ProcessParam. During validation, CRLChecker will invoke + * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) + * to get CRL data for revocation check. + * This test set criteria in CRLSelector which is linked in + * CommonCRLSelectorParam. When CRL data is fetched into cache for + * revocation check, CRL's are filtered based on the criteria set. + */ + +int +test_customcrlchecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_TRUE; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("CRL Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + chainLength = (argc - j) - 5; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[(5 + j) + i]; + certs[i] = NULL; + } + + dirName = argv[3 + j]; + + subTest(argv[1 + j]); + + subTest("Custom-CRL-Checker - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Custom-CRL-Checker - Create Params"); + + anchorName = argv[4 + j]; + + valParams = createValidateParams(dirName, + anchorName, + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Custom-CRL-Checker - Set Processing Params for CertStore"); + + testCustomCertStore(valParams); + + subTest("Custom-CRL-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c new file mode 100644 index 0000000000..3ce4513177 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c @@ -0,0 +1,230 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_defaultcrlchecker2stores.c + * + * Test Default CRL with multiple CertStore Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("crl-directory cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + PKIX_List **pCerts, + void *plContext) +{ + return (NULL); +} + +static PKIX_Error * +testDefaultMultipleCertStores(PKIX_ValidateParams *valParams, + char *crlDir1, + char *crlDir2) +{ + PKIX_PL_String *dirString1 = NULL; + PKIX_PL_String *dirString2 = NULL; + PKIX_CertStore *certStore1 = NULL; + PKIX_CertStore *certStore2 = NULL; + PKIX_List *certStoreList = NULL; + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStore_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir1, + 0, + &dirString1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1, + &certStore1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir2, + 0, + &dirString2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2, + &certStore2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Add multiple CollectionCertStores */ + + subTest("PKIX_ProcessingParams_SetCertStores"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString1); + PKIX_TEST_DECREF_AC(dirString2); + PKIX_TEST_DECREF_AC(certStore1); + PKIX_TEST_DECREF_AC(certStore2); + PKIX_TEST_DECREF_AC(certStoreList); + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +/* + * Validate Certificate Chain with Certificate Revocation List + * Certificate Chain is build based on input certs' sequence. + * CRL is fetched from the directory specified in CollectionCertStore. + * while CollectionCertStore is linked in CertStore Object which then + * linked in ProcessParam. During validation, CRLChecker will invoke + * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) + * to get CRL data for revocation check. + * This test gets CRL's from two CertStores, each has a valid CRL + * required for revocation check to pass. + */ + +int +test_defaultcrlchecker2stores(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_TRUE; + char *dirName = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 6) { + printUsage1(argv[0]); + return (0); + } + + startTests("CRL Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + chainLength = (argc - j) - 7; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[(7 + j) + i]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Default-CRL-Checker"); + + subTest("Default-CRL-Checker - Create Cert Chain"); + + dirName = argv[3 + j]; + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Default-CRL-Checker - Create Params"); + + anchorName = argv[6 + j]; + + valParams = createValidateParams(dirName, + anchorName, + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Multiple-CertStores"); + + testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]); + + subTest("Default-CRL-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_ocsp.c b/security/nss/cmd/libpkix/pkix/top/test_ocsp.c new file mode 100644 index 0000000000..e97e57096e --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_ocsp.c @@ -0,0 +1,288 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_ocspchecker.c + * + * Test OcspChecker function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\nOcspChecker -d TestName " + "[ENE|EE] " + "\n\n"); + (void)printf("Validates a chain of certificates between " + " and \n" + "using the certs and CRLs in and " + "pkcs11 db from . " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_Date *validity = NULL; + PKIX_List *revCheckers = NULL; + PKIX_RevocationChecker *revChecker = NULL; + PKIX_PL_Object *revCheckerContext = NULL; + PKIX_OcspChecker *ocspChecker = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + /* Create CertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + /* create current Date */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + /* create revChecker */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity, + NULL, /* pwArg */ + NULL, /* Use default responder */ + &revChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext(revChecker, &revCheckerContext, plContext)); + + /* Check that this object is a ocsp checker */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext)); + + ocspChecker = (PKIX_OcspChecker *)revCheckerContext; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn(ocspChecker, + PKIX_PL_OcspResponse_UseBuildChain, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(revChecker); + PKIX_TEST_DECREF_AC(ocspChecker); + PKIX_TEST_DECREF_AC(validity); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_ocsp(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *targetCert = NULL; + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + char *databaseDir = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("OcspChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + if (k == 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); + targetCert = dirCert; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + /* create processing params with list of trust anchors */ + + anchorCertName = argv[4 + j]; + trustedCert = createCert(dirName, anchorCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + /* create CertSelector with target certificate in params */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chainCerts, &valParams, plContext)); + + testDefaultCertStore(valParams, dirName); + + pkixTestErrorResult = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext); + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED SUCCESSFUL VALIDATION!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED SUCCESSFUL VALIDATION!\n"); + } + } + + subTest("Displaying VerifyTree"); + + if (verifyTree == NULL) { + (void)printf("VerifyTree is NULL\n"); + } else { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", + verifyString->escAsciiString); + PKIX_TEST_DECREF_BC(verifyString); + PKIX_TEST_DECREF_BC(verifyTree); + } + +cleanup: + + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(anchors); + PKIX_TEST_DECREF_AC(anchor); + PKIX_TEST_DECREF_AC(trustedCert); + PKIX_TEST_DECREF_AC(targetCert); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("OcspChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_policychecker.c b/security/nss/cmd/libpkix/pkix/top/test_policychecker.c new file mode 100644 index 0000000000..1318f13ba6 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_policychecker.c @@ -0,0 +1,535 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_policychecker.c + * + * Test Policy Checking + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage(char *testname) +{ + char *fmt = + "USAGE: %s testname" + " [ENE|EE] \"{OID[:OID]*}\" [A|E|P] cert [cert]*\n" + "(The quotes are needed around the OID argument for dbx.)\n" + "(The optional arg A indicates initialAnyPolicyInhibit.)\n" + "(The optional arg E indicates initialExplicitPolicy.)\n" + "(The optional arg P indicates initialPolicyMappingInhibit.)\n"; + printf(fmt, testname); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_List * +policySetParse(char *policyString) +{ + char *p = NULL; + char *oid = NULL; + char c = '\0'; + PKIX_Boolean validString = PKIX_FALSE; + PKIX_PL_OID *plOID = NULL; + PKIX_List *policySet = NULL; + + PKIX_TEST_STD_VARS(); + + p = policyString; + + /* + * There may or may not be quotes around the initial-policy-set + * string. If they are omitted, dbx will strip off the curly braces. + * If they are included, dbx will strip off the quotes, but if you + * are running directly from a script, without dbx, the quotes will + * not be stripped. We need to be able to handle both cases. + */ + if (*p == '"') { + p++; + } + + if ('{' != *p++) { + return (NULL); + } + oid = p; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&policySet, plContext)); + + /* scan to the end of policyString */ + while (!validString) { + /* scan to the end of the current OID string */ + c = *oid; + while ((c != '\0') && (c != ':') && (c != '}')) { + c = *++oid; + } + + if ((c != ':') || (c != '}')) { + *oid = '\0'; /* store a null terminator */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(p, &plOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(policySet, + (PKIX_PL_Object *)plOID, + plContext)); + + PKIX_TEST_DECREF_BC(plOID); + plOID = NULL; + if (c == '}') { + /* + * Any exit but this one means + * we were given a badly-formed string. + */ + validString = PKIX_TRUE; + } + p = ++oid; + } + } + +cleanup: + if (!validString) { + PKIX_TEST_DECREF_AC(plOID); + PKIX_TEST_DECREF_AC(policySet); + policySet = NULL; + } + + PKIX_TEST_RETURN(); + + return (policySet); +} + +/* + * FUNCTION: treeToStringHelper + * This function obtains the string representation of a PolicyNode + * Tree and compares it to the expected value. + * PARAMETERS: + * "parent" - a PolicyNode, the root of a PolicyNodeTree; + * must be non-NULL. + * "expected" - the desired string. + * THREAD SAFETY: + * Thread Safe + * + * Multiple threads can safely call this function without worrying + * about conflicts, even if they're operating on the same object. + * RETURNS: + * Nothing. + */ +static void +treeToStringHelper(PKIX_PolicyNode *parent, char *expected) +{ + PKIX_PL_String *stringRep = NULL; + char *actual = NULL; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parent, &stringRep, plContext)); + + actual = PKIX_String2ASCII(stringRep, plContext); + if (actual == NULL) { + pkixTestErrorMsg = "PKIX_String2ASCII Failed"; + goto cleanup; + } + + if (PL_strcmp(actual, expected) != 0) { + testError("unexpected mismatch"); + (void)printf("Actual value:\t%s\n", actual); + (void)printf("Expected value:\t%s\n", expected); + } + +cleanup: + + PKIX_PL_Free(actual, plContext); + + PKIX_TEST_DECREF_AC(stringRep); + + PKIX_TEST_RETURN(); +} + +static void +testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic-Common-Fields "); + /* + * Tests the Expiration, NameChaining, and Signature Checkers + */ + + chain = createCertChain(dirName, goodInput, diffInput, plContext); + + valParams = createValidateParams(dirName, + goodInput, + diffInput, + dateAscii, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_TEST_RETURN(); +} + +static void +testNistTest1(char *dirName) +{ +#define PKIX_TEST_NUM_CERTS 2 + char *trustAnchor = + "TrustAnchorRootCertificate.crt"; + char *intermediateCert = + "GoodCACert.crt"; + char *endEntityCert = + "ValidCertificatePathTest1EE.crt"; + char *certNames[PKIX_TEST_NUM_CERTS]; + char *asciiAnyPolicy = "2.5.29.32.0"; + PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL }; + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *chain = NULL; + PKIX_PL_OID *anyPolicyOID = NULL; + PKIX_List *initialPolicies = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testNistTest1: Creating the cert chain"); + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + certNames[0] = intermediateCert; + certNames[1] = endEntityCert; + chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext); + + subTest("testNistTest1: Creating the Validate Parameters"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &anyPolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)anyPolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext)); + + valParams = createValidateParams(dirName, + trustAnchor, + NULL, + NULL, + initialPolicies, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("testNistTest1: Validating the chain"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(anyPolicyOID); + PKIX_TEST_DECREF_AC(initialPolicies); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_TEST_RETURN(); +} + +static void +testNistTest2(char *dirName) +{ +#define PKIX_TEST_NUM_CERTS 2 + char *trustAnchor = + "TrustAnchorRootCertificate.crt"; + char *intermediateCert = + "GoodCACert.crt"; + char *endEntityCert = + "ValidCertificatePathTest1EE.crt"; + char *certNames[PKIX_TEST_NUM_CERTS]; + char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1"; + PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL }; + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *chain = NULL; + PKIX_PL_OID *Nist1PolicyOID = NULL; + PKIX_List *initialPolicies = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("testNistTest2: Creating the cert chain"); + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + certNames[0] = intermediateCert; + certNames[1] = endEntityCert; + chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext); + + subTest("testNistTest2: Creating the Validate Parameters"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiNist1Policy, &Nist1PolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext)); + + valParams = createValidateParams(dirName, + trustAnchor, + NULL, + NULL, + initialPolicies, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("testNistTest2: Validating the chain"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(Nist1PolicyOID); + PKIX_TEST_DECREF_AC(initialPolicies); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(chain); + + PKIX_TEST_RETURN(); +} + +static void +printValidPolicyTree(PKIX_ValidateResult *valResult) +{ + PKIX_PolicyNode *validPolicyTree = NULL; + PKIX_PL_String *treeString = NULL; + + PKIX_TEST_STD_VARS(); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(valResult, &validPolicyTree, plContext)); + if (validPolicyTree) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)validPolicyTree, + &treeString, + plContext)); + (void)printf("validPolicyTree is\n\t%s\n", + treeString->escAsciiString); + } else { + (void)printf("validPolicyTree is NULL\n"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(validPolicyTree); + PKIX_TEST_DECREF_AC(treeString); + + PKIX_TEST_RETURN(); +} + +int +test_policychecker(int argc, char *argv[]) +{ + + PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE; + PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE; + PKIX_Boolean initialExplicitPolicy = PKIX_FALSE; + PKIX_Boolean expectedResult = PKIX_FALSE; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 initArgs = 0; + PKIX_UInt32 firstCert = 0; + PKIX_UInt32 i = 0; + PKIX_Int32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_ProcessingParams *procParams = NULL; + char *firstTrustAnchor = "yassir2yassir"; + char *secondTrustAnchor = "yassir2bcn"; + char *dateAscii = "991201000000Z"; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */ + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_List *chain = NULL; + PKIX_Error *validationError = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + char *dirName = NULL; + char *dataCentralDir = NULL; + char *anchorName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* + * Perform hard-coded tests if no command line args. + * If command line args are provided, they must be: + * arg[1]: test name + * arg[2]: "ENE" or "EE", for "expect no error" or "expect error" + * arg[3]: directory for certificates + * arg[4]: user-initial-policy-set, consisting of braces + * containing zero or more OID sequences, separated by commas + * arg[5]: (optional) "E", indicating initialExplicitPolicy + * arg[firstCert]: the path and filename of the trust anchor certificate + * arg[firstCert+1..(n-1)]: successive certificates in the chain + * arg[n]: the end entity certificate + * + * Example: test_policychecker test1EE ENE + * {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity + */ + + dirName = argv[3 + j]; + dataCentralDir = argv[4 + j]; + + if (argc <= 5 || ((6 == argc) && (j))) { + + testPass(dataCentralDir, + firstTrustAnchor, + secondTrustAnchor, + dateAscii); + + testNistTest1(dirName); + + testNistTest2(dirName); + + goto cleanup; + } + + if (argc < (7 + j)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + expectedResult = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + expectedResult = PKIX_FALSE; + } else { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + userInitialPolicySet = policySetParse(argv[5 + j]); + if (!userInitialPolicySet) { + printUsage(argv[0]); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + for (initArgs = 0; initArgs < 3; initArgs++) { + if (PORT_Strcmp(argv[6 + j + initArgs], "A") == 0) { + initialAnyPolicyInhibit = PKIX_TRUE; + } else if (PORT_Strcmp(argv[6 + j + initArgs], "E") == 0) { + initialExplicitPolicy = PKIX_TRUE; + } else if (PORT_Strcmp(argv[6 + j + initArgs], "P") == 0) { + initialPolicyMappingInhibit = PKIX_TRUE; + } else { + break; + } + } + + firstCert = initArgs + j + 6; + chainLength = argc - (firstCert + 1); + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + pkixTestErrorMsg = "Invalid command line arguments."; + goto cleanup; + } + + /* + * Create a chain, but don't include the first certName. + * That's the anchor, and is supplied separately from + * the chain. + */ + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[i + (firstCert + 1)]; + certs[i] = NULL; + } + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest(argv[1 + j]); + + valParams = createValidateParams(dirName, + argv[firstCert], + NULL, + NULL, + userInitialPolicySet, + initialPolicyMappingInhibit, + initialAnyPolicyInhibit, + initialExplicitPolicy, + PKIX_FALSE, + chain, + plContext); + + if (expectedResult == PKIX_TRUE) { + subTest(" (expecting successful validation)"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + printValidPolicyTree(valResult); + + } else { + subTest(" (expecting validation to fail)"); + validationError = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext); + if (!validationError) { + printValidPolicyTree(valResult); + pkixTestErrorMsg = "Should have thrown an error here."; + } + PKIX_TEST_DECREF_BC(validationError); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(userInitialPolicySet); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(validationError); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("PolicyChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c b/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c new file mode 100644 index 0000000000..3f9711e691 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_subjaltnamechecker.c + * + * Test Subject Alternative Name Checking + * + */ + +/* + * There is no subjaltnamechecker. Instead, targetcertchecker is doing + * the job for checking subject alternative names' validity. For testing, + * in order to enter names with various type, we create this test excutable + * to parse different scenario. + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-name [ENE|EE] ", pName); + printf("cert [certs].\n"); +} + +static void +printUsage2(char *name) +{ + printf("\ninvalid test-name syntax - %s", name); + printf("\ntest-name syntax: [01][DNORU]:+..."); + printf("\n [01] 1 - match all; 0 - match one"); + printf("\n name - type can be specified as"); + printf("\n [DNORU] D-Directory name"); + printf("\n N-DNS name"); + printf("\n O-OID name"); + printf("\n R-RFC822 name"); + printf("\n U-URI name"); + printf("\n + separator for more names\n\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_UInt32 +getNameType(char *name) +{ + PKIX_UInt32 nameType; + + PKIX_TEST_STD_VARS(); + + switch (*name) { + case 'D': + nameType = PKIX_DIRECTORY_NAME; + break; + case 'N': + nameType = PKIX_DNS_NAME; + break; + case 'O': + nameType = PKIX_OID_NAME; + break; + case 'R': + nameType = PKIX_RFC822_NAME; + break; + case 'U': + nameType = PKIX_URI_NAME; + break; + default: + printUsage2(name); + nameType = 0xFFFF; + } + + goto cleanup; + +cleanup: + PKIX_TEST_RETURN(); + return (nameType); +} + +int +test_subjaltnamechecker(int argc, char *argv[]) +{ + + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *selParams = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_GeneralName *name = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + char *nameStr; + char *nameEnd; + char *names[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 numNames = 0; + PKIX_UInt32 nameType; + PKIX_Boolean matchAll = PKIX_TRUE; + PKIX_Boolean testValid = PKIX_TRUE; + char *dirName = NULL; + char *anchorName = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("SubjAltNameConstraintChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + j++; /* skip test-purpose string */ + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + /* taking out leading and trailing ", if any */ + nameStr = argv[1 + j]; + subTest(nameStr); + if (*nameStr == '"') { + nameStr++; + nameEnd = nameStr; + while (*nameEnd != '"' && *nameEnd != '\0') { + nameEnd++; + } + *nameEnd = '\0'; + } + + /* extract first [0|1] inidcating matchAll or not */ + matchAll = (*nameStr == '0') ? PKIX_FALSE : PKIX_TRUE; + nameStr++; + + numNames = 0; + while (*nameStr != '\0') { + names[numNames++] = nameStr; + while (*nameStr != '+' && *nameStr != '\0') { + nameStr++; + } + if (*nameStr == '+') { + *nameStr = '\0'; + nameStr++; + } + } + + chainLength = (argc - j) - 4; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + certNames[i] = argv[(4 + j) + i]; + certs[i] = NULL; + } + + /* SubjAltName for validation */ + + subTest("Add Subject Alt Name for NameConstraint checking"); + + subTest("Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, selParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(selParams, matchAll, plContext)); + + subTest("PKIX_ComCertSelParams_AddSubjAltName(s)"); + for (i = 0; i < numNames; i++) { + nameType = getNameType(names[i]); + if (nameType == 0xFFFF) { + return (0); + } + nameStr = names[i] + 2; + name = createGeneralName(nameType, nameStr, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(selParams, name, plContext)); + PKIX_TEST_DECREF_BC(name); + } + + subTest("SubjAltName-Constraints - Create Cert Chain"); + + dirName = argv[3 + j]; + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("SubjAltName-Constraints - Create Params"); + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("PKIX_ValidateParams_getProcessingParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, selector, plContext)); + + subTest("Subject Alt Name - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + +cleanup: + + PKIX_PL_Free(anchorName, plContext); + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(name); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("SubjAltNameConstraintsChecker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain.c new file mode 100644 index 0000000000..98cb7b018c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain.c @@ -0,0 +1,221 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_validatechain.c + * + * Test ValidateChain function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] " + " \n\n"); + (void)printf("Validates a chain of certificates between " + " and \n" + "using the certs and CRLs in . " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_Date *validity = NULL; + PKIX_List *revCheckers = NULL; + PKIX_RevocationChecker *ocspChecker = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create CollectionCertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); + + /* Create CertStore */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + + /* create current Date */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); + + /* create revChecker */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity, + NULL, /* pwArg */ + NULL, /* Use default responder */ + &ocspChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(revCheckers); + PKIX_TEST_DECREF_AC(ocspChecker); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_validatechain(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("ValidateChain"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chainCerts, + plContext); + + testDefaultCertStore(valParams, dirName); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + } + + subTest("Displaying VerifyNode objects"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + +cleanup: + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateChain"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c new file mode 100644 index 0000000000..ad73a5df76 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c @@ -0,0 +1,351 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_validatechain_NB.c + * + * Test ValidateChain (nonblocking I/O) function + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ntest_validateChain_NB TestName [ENE|EE] " + " \n\n"); + (void)printf("Validates a chain of certificates between " + " and \n" + "using the certs and CRLs in . " + "If ENE is specified,\n" + "then an Error is Not Expected. " + "If EE is specified, an Error is Expected.\n"); +} + +static char * +createFullPathName( + char *dirName, + char *certFile, + void *plContext) +{ + PKIX_UInt32 certFileLen; + PKIX_UInt32 dirNameLen; + char *certPathName = NULL; + + PKIX_TEST_STD_VARS(); + + certFileLen = PL_strlen(certFile); + dirNameLen = PL_strlen(dirName); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + + certFileLen + + 2, + (void **)&certPathName, + plContext)); + + PL_strcpy(certPathName, dirName); + PL_strcat(certPathName, "/"); + PL_strcat(certPathName, certFile); + printf("certPathName = %s\n", certPathName); + +cleanup: + + PKIX_TEST_RETURN(); + + return (certPathName); +} + +static PKIX_Error * +testSetupCertStore(PKIX_ValidateParams *valParams, char *ldapName) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_PL_LdapDefaultClient *ldapClient = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CollectionCertStoreContext_Create"); + + /* Create LDAPCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(ldapName, + 0, /* timeout */ + NULL, /* bindPtr */ + &ldapClient, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, + &certStore, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_AddCertStore"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(ldapClient); + + PKIX_TEST_RETURN(); + + return (0); +} + +static char *levels[] = { + "None", "Fatal Error", "Error", "Warning", "Debug", "Trace" +}; + +static PKIX_Error * +loggerCallback( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ +#define resultSize 150 + char *msg = NULL; + char result[resultSize]; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, resultSize, + "Logging %s (%s): %s", + levels[logLevel], + PKIX_ERRORCLASSNAMES[logComponent], + msg); + subTest(result); + +cleanup: + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static void +testLogErrors( + PKIX_ERRORCLASS module, + PKIX_UInt32 loggingLevel, + PKIX_List *loggers, + void *plContext) +{ + PKIX_Logger *logger = NULL; + PKIX_PL_String *component = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, module, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, loggingLevel, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggers, (PKIX_PL_Object *)logger, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(logger); + PKIX_TEST_DECREF_AC(component); + + PKIX_TEST_RETURN(); +} + +int +test_validatechain_NB(int argc, char *argv[]) +{ + + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + PKIX_UInt32 k = 0; + PKIX_UInt32 chainLength = 0; + PKIX_Boolean testValid = PKIX_TRUE; + PKIX_List *chainCerts = NULL; + PKIX_PL_Cert *dirCert = NULL; + char *dirCertName = NULL; + char *anchorCertName = NULL; + char *dirName = NULL; + PKIX_UInt32 certIndex = 0; + PKIX_UInt32 anchorIndex = 0; + PKIX_UInt32 checkerIndex = 0; + PKIX_Boolean revChecking = PKIX_FALSE; + PKIX_List *checkers = NULL; + PRPollDesc *pollDesc = NULL; + PRErrorCode errorCode = 0; + PKIX_PL_Socket *socket = NULL; + char *ldapName = NULL; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_List *loggers = NULL; + PKIX_Logger *logger = NULL; + char *logging = NULL; + PKIX_PL_String *component = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage(); + return (0); + } + + startTests("ValidateChain_NB"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage(); + return (0); + } + + subTest(argv[1 + j]); + + dirName = argv[3 + j]; + + chainLength = argc - j - 5; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); + + for (k = 0; k < chainLength; k++) { + + dirCert = createCert(dirName, argv[5 + k + j], plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); + + PKIX_TEST_DECREF_BC(dirCert); + } + + valParams = createValidateParams(dirName, + argv[4 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chainCerts, + plContext); + + ldapName = PR_GetEnvSecure("LDAP"); + /* Is LDAP set in the environment? */ + if ((ldapName == NULL) || (*ldapName == '\0')) { + testError("LDAP not set in environment"); + goto cleanup; + } + + pkixTestErrorResult = pkix_pl_Socket_CreateByName(PKIX_FALSE, /* isServer */ + PR_SecondsToInterval(30), /* try 30 secs for connect */ + ldapName, + &errorCode, + &socket, + plContext); + + if (pkixTestErrorResult != NULL) { + PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, plContext); + pkixTestErrorResult = NULL; + testError("Unable to connect to LDAP Server"); + goto cleanup; + } + + PKIX_TEST_DECREF_BC(socket); + + testSetupCertStore(valParams, ldapName); + + logging = PR_GetEnvSecure("LOGGING"); + /* Is LOGGING set in the environment? */ + if ((logging != NULL) && (*logging != '\0')) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggers, plContext)); + + testLogErrors(PKIX_VALIDATE_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext); + testLogErrors(PKIX_CERTSTORE_ERROR, 2, loggers, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext)); + } + + pkixTestErrorResult = PKIX_ValidateChain_NB(valParams, + &certIndex, + &anchorIndex, + &checkerIndex, + &revChecking, + &checkers, + (void **)&pollDesc, + &valResult, + &verifyTree, + plContext); + + while (pollDesc != NULL) { + + if (PR_Poll(pollDesc, 1, 0) < 0) { + testError("PR_Poll failed"); + } + + pkixTestErrorResult = PKIX_ValidateChain_NB(valParams, + &certIndex, + &anchorIndex, + &checkerIndex, + &revChecking, + &checkers, + (void **)&pollDesc, + &valResult, + &verifyTree, + plContext); + } + + if (pkixTestErrorResult) { + if (testValid == PKIX_FALSE) { /* EE */ + (void)printf("EXPECTED ERROR RECEIVED!\n"); + } else { /* ENE */ + testError("UNEXPECTED ERROR RECEIVED"); + } + PKIX_TEST_DECREF_BC(pkixTestErrorResult); + } else { + + if (testValid == PKIX_TRUE) { /* ENE */ + (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); + } else { /* EE */ + (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); + } + } + +cleanup: + + if (verifyTree) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", + verifyString->escAsciiString); + } + + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + PKIX_TEST_DECREF_AC(checkers); + PKIX_TEST_DECREF_AC(chainCerts); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateChain_NB"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c b/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c new file mode 100644 index 0000000000..480ec2643c --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c @@ -0,0 +1,233 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * validateChainBasicConstraints.c + * + * Tests Cert Chain Validation + * + */ + +#include +#include +#include + +#include "pkix_pl_generalname.h" +#include "pkix_pl_cert.h" +#include "pkix.h" +#include "testutil.h" +#include "prlong.h" +#include "plstr.h" +#include "prthread.h" +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "pk11func.h" +#include "secasn1.h" +#include "cert.h" +#include "cryptohi.h" +#include "secoid.h" +#include "certdb.h" +#include "secitem.h" +#include "keythi.h" +#include "nss.h" + +static void *plContext = NULL; + +static void +printUsage(void) +{ + printf("\nUSAGE: incorrect.\n"); +} + +static PKIX_PL_Cert * +createCert(char *inFileName) +{ + PKIX_PL_ByteArray *byteArray = NULL; + void *buf = NULL; + PRFileDesc *inFile = NULL; + PKIX_UInt32 len; + SECItem certDER; + SECStatus rv; + /* default: NULL cert (failure case) */ + PKIX_PL_Cert *cert = NULL; + + PKIX_TEST_STD_VARS(); + + certDER.data = NULL; + + inFile = PR_Open(inFileName, PR_RDONLY, 0); + + if (!inFile) { + pkixTestErrorMsg = "Unable to open cert file"; + goto cleanup; + } else { + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); + if (!rv) { + buf = (void *)certDER.data; + len = certDER.len; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); + + SECITEM_FreeItem(&certDER, PR_FALSE); + } else { + pkixTestErrorMsg = "Unable to read DER from cert file"; + goto cleanup; + } + } + +cleanup: + + if (inFile) { + PR_Close(inFile); + } + + if (PKIX_TEST_ERROR_RECEIVED) { + SECITEM_FreeItem(&certDER, PR_FALSE); + } + + PKIX_TEST_DECREF_AC(byteArray); + + PKIX_TEST_RETURN(); + + return (cert); +} + +int +test_validatechain_bc(int argc, char *argv[]) +{ + + PKIX_TrustAnchor *anchor = NULL; + PKIX_List *anchors = NULL; + PKIX_List *certs = NULL; + PKIX_ProcessingParams *procParams = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_PL_X500Name *subject = NULL; + PKIX_ComCertSelParams *certSelParams = NULL; + PKIX_CertSelector *certSelector = NULL; + + char *trustedCertFile = NULL; + char *chainCertFile = NULL; + PKIX_PL_Cert *trustedCert = NULL; + PKIX_PL_Cert *chainCert = NULL; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_VerifyNode *verifyTree = NULL; + PKIX_PL_String *verifyString = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 3) { + printUsage(); + return (0); + } + + startTests("ValidateChainBasicConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + chainLength = (argc - j) - 2; + + /* create processing params with list of trust anchors */ + trustedCertFile = argv[1 + j]; + trustedCert = createCert(trustedCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, -1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); + + PKIX_TEST_DECREF_BC(subject); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + + PKIX_TEST_DECREF_BC(certSelector); + + /* create cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); + for (i = 0; i < chainLength; i++) { + chainCertFile = argv[i + (2 + j)]; + chainCert = createCert(chainCertFile); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)chainCert, plContext)); + + PKIX_TEST_DECREF_BC(chainCert); + } + + /* create validate params with processing params and cert chain */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext)); + + /* validate cert chain using processing params and return valResult */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + if (valResult != NULL) { + printf("SUCCESSFULLY VALIDATED with Basic Constraint "); + printf("Cert Selector minimum path length to be -1\n"); + PKIX_TEST_DECREF_BC(valResult); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + PKIX_TEST_DECREF_BC(verifyString); + PKIX_TEST_DECREF_BC(verifyTree); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, 6, plContext)); + + /* validate cert chain using processing params and return valResult */ + + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); + + if (valResult != NULL) { + printf("SUCCESSFULLY VALIDATED with Basic Constraint "); + printf("Cert Selector minimum path length to be 6\n"); + } + + PKIX_TEST_DECREF_BC(trustedCert); + PKIX_TEST_DECREF_BC(anchor); + PKIX_TEST_DECREF_BC(anchors); + PKIX_TEST_DECREF_BC(certs); + PKIX_TEST_DECREF_BC(procParams); + +cleanup: + + if (PKIX_TEST_ERROR_RECEIVED) { + printf("FAILED TO VALIDATE\n"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); + (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); + PKIX_TEST_DECREF_AC(verifyString); + PKIX_TEST_DECREF_AC(verifyTree); + + PKIX_TEST_DECREF_AC(certSelParams); + PKIX_TEST_DECREF_AC(valResult); + PKIX_TEST_DECREF_AC(valParams); + + PKIX_TEST_RETURN(); + + PKIX_Shutdown(plContext); + + endTests("ValidateChainBasicConstraints"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/Makefile b/security/nss/cmd/libpkix/pkix/util/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/util/manifest.mn b/security/nss/cmd/libpkix/pkix/util/manifest.mn new file mode 100644 index 0000000000..c7790c401b --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_error.c \ + test_list.c \ + test_list2.c \ + test_logger.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolutil +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/util/test_error.c b/security/nss/cmd/libpkix/pkix/util/test_error.c new file mode 100644 index 0000000000..9cddecc827 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_error.c @@ -0,0 +1,385 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_error.c + * + * Tests Error Object Creation, ToString, Callbacks and Destroy + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createErrors( + PKIX_Error **error, + PKIX_Error **error2, + PKIX_Error **error3, + PKIX_Error **error5, + PKIX_Error **error6, + PKIX_Error **error7, + char *infoChar) + +{ + PKIX_PL_String *infoString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + infoChar, + PL_strlen(infoChar), + &infoString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR, + NULL, + NULL, + PKIX_TESTANOTHERERRORMESSAGE, + error2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error2, + (PKIX_PL_Object *)infoString, + PKIX_TESTERRORMESSAGE, + error, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error2, + (PKIX_PL_Object *)infoString, + PKIX_TESTERRORMESSAGE, + error3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + NULL, + (PKIX_PL_Object *)infoString, + 0, + error5, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR, + *error5, + (PKIX_PL_Object *)infoString, + 0, + error6, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR, + *error6, + (PKIX_PL_Object *)infoString, + 0, + error7, + plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(infoString); + + PKIX_TEST_RETURN(); +} + +static void +testGetErrorClass(PKIX_Error *error, PKIX_Error *error2) +{ + PKIX_ERRORCLASS errClass; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error, &errClass, plContext)); + + if (errClass != PKIX_OBJECT_ERROR) { + testError("Incorrect Class Returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error2, &errClass, plContext)); + + if (errClass != PKIX_MEM_ERROR) { + testError("Incorrect Class Returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(PKIX_ALLOC_ERROR(), + &errClass, plContext)); + if (errClass != PKIX_FATAL_ERROR) { + testError("Incorrect Class Returned"); + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testGetDescription( + PKIX_Error *error, + PKIX_Error *error2, + PKIX_Error *error3, + char *descChar, + char *descChar2) +{ + + PKIX_PL_String *targetString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error2, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar2) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error3, &targetString, plContext)); + temp = PKIX_String2ASCII(targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, descChar) != 0) { + testError("Incorrect description returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetCause(PKIX_Error *error, PKIX_Error *error2, PKIX_Error *error3) +{ + + PKIX_Error *error4 = NULL; + PKIX_PL_String *targetString = NULL; + char *temp = NULL; + PKIX_Boolean boolResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error, &error4, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2, + (PKIX_PL_Object *)error4, + &boolResult, plContext)); + if (!boolResult) + testError("Incorrect Cause returned"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error4, + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(targetString); + PKIX_TEST_DECREF_BC(error4); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error3, &error4, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2, + (PKIX_PL_Object *)error4, + &boolResult, plContext)); + if (!boolResult) + testError("Incorrect Cause returned"); + + PKIX_TEST_DECREF_BC(error4); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetSupplementaryInfo(PKIX_Error *error, char *infoChar) +{ + + PKIX_PL_Object *targetString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetSupplementaryInfo(error, &targetString, plContext)); + temp = PKIX_String2ASCII((PKIX_PL_String *)targetString, plContext); + PKIX_TEST_DECREF_BC(targetString); + + if (temp) { + if (PL_strcmp(temp, infoChar) != 0) { + testError("Incorrect info returned"); + } + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testPrimitiveError(void) +{ + PKIX_PL_String *targetString = NULL; + PKIX_PL_String *targetStringCopy = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)PKIX_ALLOC_ERROR(), + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + targetStringCopy = targetString; + + PKIX_TEST_DECREF_BC(targetString); + + /* + * We need to DECREF twice, b/c the PKIX_ALLOC_ERROR object + * which holds a cached copy of the stringRep can never be DECREF'd + */ + PKIX_TEST_DECREF_BC(targetStringCopy); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testChaining(PKIX_Error *error7) +{ + PKIX_PL_String *targetString = NULL; + PKIX_Error *tempError = NULL; + char *temp = NULL; + PKIX_UInt32 i; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error7, + &targetString, plContext)); + + temp = PKIX_String2ASCII(targetString, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + for (i = 0, tempError = error7; i < 2; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(tempError, &tempError, plContext)); + if (tempError == NULL) { + testError("Unexpected end to error chain"); + break; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)tempError, plContext)); + } + + PKIX_TEST_DECREF_BC(targetString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_Error *error) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(error); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_error(int argc, char *argv[]) +{ + + PKIX_Error *error, *error2, *error3, *error5, *error6, *error7; + char *descChar = "Error Message"; + char *descChar2 = "Another Error Message"; + char *infoChar = "Auxiliary Info"; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Errors"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_Error_Create"); + createErrors(&error, + &error2, + &error3, + &error5, + &error6, + &error7, + infoChar); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(error, + error, + error2, + NULL, + Error, + PKIX_TRUE); + + subTest("PKIX_Error_GetErrorClass"); + testGetErrorClass(error, error2); + + subTest("PKIX_Error_GetDescription"); + testGetDescription(error, error2, error3, descChar, descChar2); + + subTest("PKIX_Error_GetCause"); + testGetCause(error, error2, error3); + + subTest("PKIX_Error_GetSupplementaryInfo"); + testGetSupplementaryInfo(error, infoChar); + + subTest("Primitive Error Type"); + testPrimitiveError(); + + subTest("Error Chaining"); + testChaining(error7); + + subTest("PKIX_Error_Destroy"); + testDestroy(error); + testDestroy(error2); + testDestroy(error3); + testDestroy(error5); + testDestroy(error6); + testDestroy(error7); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Errors"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_list.c b/security/nss/cmd/libpkix/pkix/util/test_list.c new file mode 100644 index 0000000000..e5e6e507ba --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_list.c @@ -0,0 +1,765 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_list.c + * + * Tests List Objects + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createLists(PKIX_List **list, PKIX_List **list2) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list2, plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testReverseList(void) +{ + PKIX_List *firstList = NULL; + PKIX_List *reverseList = NULL; + PKIX_UInt32 length, i; + char *testItemString = "one"; + char *testItemString2 = "two"; + PKIX_PL_String *testItem = NULL; + PKIX_PL_String *testItem2 = NULL; + PKIX_PL_Object *retrievedItem1 = NULL; + PKIX_PL_Object *retrievedItem2 = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&firstList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 0) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_DECREF_BC(reverseList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + 0, + &testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + 0, + &testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 1) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_DECREF_BC(reverseList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList, + (PKIX_PL_Object *)testItem2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext)); + if (length != 4) { + testError("Incorrect Length returned"); + } + + for (i = 0; i < length; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstList, + i, + &retrievedItem1, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(reverseList, + (length - 1) - i, + &retrievedItem2, + plContext)); + + testEqualsHelper(retrievedItem1, retrievedItem2, PKIX_TRUE, plContext); + + PKIX_TEST_DECREF_BC(retrievedItem1); + PKIX_TEST_DECREF_BC(retrievedItem2); + } + +cleanup: + + PKIX_TEST_DECREF_AC(firstList); + PKIX_TEST_DECREF_AC(reverseList); + + PKIX_TEST_DECREF_AC(testItem); + PKIX_TEST_DECREF_AC(testItem2); + + PKIX_TEST_DECREF_AC(retrievedItem1); + PKIX_TEST_DECREF_AC(retrievedItem2); + + PKIX_TEST_RETURN(); +} + +static void +testZeroLengthList(PKIX_List *list) +{ + PKIX_UInt32 length; + PKIX_Boolean empty; + char *testItemString = "hello"; + PKIX_PL_String *testItem = NULL; + PKIX_PL_String *retrievedItem = NULL; + PKIX_List *diffList = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&diffList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext)); + + if (length != 0) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(list, &empty, plContext)); + if (!empty) { + testError("Incorrect result for PKIX_List_IsEmpty"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + 0, + &testItem, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, + 0, + (PKIX_PL_Object **)&retrievedItem, + plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(diffList, + (PKIX_PL_Object *)testItem, + plContext)); + + testDuplicateHelper((PKIX_PL_Object *)diffList, plContext); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(list, list, diffList, "(EMPTY)", List, PKIX_TRUE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext)); + if (length != 1) { + testError("Incorrect Length returned"); + } + + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(diffList, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext)); + if (length != 0) { + testError("Incorrect Length returned"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(testItem); + PKIX_TEST_DECREF_AC(diffList); + PKIX_TEST_RETURN(); +} + +static void +testGetLength(PKIX_List *list) +{ + PKIX_UInt32 length; + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext)); + + if (length != 3) { + testError("Incorrect Length returned"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetSetItem( + PKIX_List *list, + char *testItemString, + char *testItemString2, + char *testItemString3, + PKIX_PL_String **testItem, + PKIX_PL_String **testItem2, + PKIX_PL_String **testItem3) +{ + PKIX_PL_Object *tempItem = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + PL_strlen(testItemString), + testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + PL_strlen(testItemString2), + testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString3, + PL_strlen(testItemString3), + testItem3, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 1, (PKIX_PL_Object *)*testItem2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 2, (PKIX_PL_Object *)*testItem3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 1, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString2, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 2, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString3, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem3, plContext)); + temp = PKIX_String2ASCII(*testItem3, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString3, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testInsertItem( + PKIX_List *list, + PKIX_PL_String *testItem, + char *testItemString) +{ + PKIX_PL_Object *tempItem = NULL; + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext)); + + temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext); + if (temp) { + if (PL_strcmp(testItemString, temp) != 0) + testError("GetItem from list is incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(tempItem); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testAppendItem(PKIX_List *list, PKIX_PL_String *testItem) +{ + PKIX_UInt32 length2; + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, + (PKIX_PL_Object *)testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testNestedLists( + PKIX_List *list, + PKIX_List *list2, + PKIX_PL_String *testItem, + PKIX_PL_String *testItem2) +{ + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)NULL, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (null), a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 1, + (PKIX_PL_Object *)list2, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (a, (null), a), c, b, c, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDeleteItem( + PKIX_List *list, + PKIX_List *list2, + PKIX_PL_String *testItem2, + PKIX_PL_String *testItem3) +{ + PKIX_PL_String *outputString = NULL; + char *temp = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, (a, (null), a), c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 0, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(c, b, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a, b)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, + (PKIX_PL_Object *)testItem3, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2, + &outputString, + plContext)); + temp = PKIX_String2ASCII(outputString, plContext); + if (temp) { + if (PL_strcmp("(a, a, c)", temp) != 0) + testError("List toString is Incorrect"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(outputString); + + PKIX_TEST_DECREF_BC(list2); + +cleanup: + + PKIX_TEST_RETURN(); +} + +#if testContainsFunction +/* This test requires pkix_List_Contains to be in nss.def */ +static void +testContains(void) +{ + + PKIX_List *list; + PKIX_PL_String *testItem, *testItem2, *testItem3, *testItem4; + char *testItemString = "a"; + char *testItemString2 = "b"; + char *testItemString3 = "c"; + char *testItemString4 = "d"; + PKIX_Boolean found = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("pkix_ListContains"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString, + PL_strlen(testItemString), + &testItem, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString2, + PL_strlen(testItemString2), + &testItem2, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString3, + PL_strlen(testItemString3), + &testItem3, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + testItemString4, + PL_strlen(testItemString4), + &testItem4, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem3, plContext)); + + subTest("pkix_List_Contains "); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext)); + + if (found) { + testError("Contains found item that wasn't there!"); + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem4, plContext)); + + subTest("pkix_List_Contains "); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext)); + + if (!found) { + testError("Contains missed item that was present!"); + } + + PKIX_TEST_DECREF_BC(list); + PKIX_TEST_DECREF_BC(testItem); + PKIX_TEST_DECREF_BC(testItem2); + PKIX_TEST_DECREF_BC(testItem3); + PKIX_TEST_DECREF_BC(testItem4); + +cleanup: + + PKIX_TEST_RETURN(); +} +#endif + +static void +testErrorHandling(void) +{ + PKIX_List *emptylist = NULL; + PKIX_List *list = NULL; + PKIX_PL_Object *tempItem = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 4, &tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 1, NULL, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 4, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(NULL, 1, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 4, tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(NULL, 1, tempItem, plContext)); + + PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, tempItem, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 5, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(NULL, 1, plContext)); + PKIX_TEST_EXPECT_ERROR(PKIX_List_GetLength(list, NULL, plContext)); + + PKIX_TEST_DECREF_BC(list); + PKIX_TEST_DECREF_BC(emptylist); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_List *list) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(list); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_list(int argc, char *argv[]) +{ + + PKIX_List *list, *list2; + PKIX_PL_String *testItem, *testItem2, *testItem3; + char *testItemString = "a"; + char *testItemString2 = "b"; + char *testItemString3 = "c"; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Lists"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_List_Create"); + createLists(&list, &list2); + + subTest("pkix_List_ReverseList"); + testReverseList(); + + subTest("Zero-length List"); + testZeroLengthList(list); + + subTest("PKIX_List_Get/SetItem"); + testGetSetItem(list, + testItemString, + testItemString2, + testItemString3, + &testItem, + &testItem2, + &testItem3); + + subTest("PKIX_List_GetLength"); + testGetLength(list); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(list, + list, + list2, + "(c, b, c)", + List, + PKIX_TRUE); + + subTest("PKIX_List_InsertItem"); + testInsertItem(list, testItem, testItemString); + + subTest("PKIX_List_AppendItem"); + testAppendItem(list, testItem); + + subTest("Nested Lists"); + testNestedLists(list, list2, testItem, testItem2); + + subTest("PKIX_List_DeleteItem"); + testDeleteItem(list, list2, testItem2, testItem3); + + PKIX_TEST_DECREF_BC(testItem); + PKIX_TEST_DECREF_BC(testItem2); + PKIX_TEST_DECREF_BC(testItem3); + +#if testContainsFunction + /* This test requires pkix_List_Contains to be in nss.def */ + testContains(); +#endif + + subTest("PKIX_List Error Handling"); + testErrorHandling(); + + subTest("PKIX_List_Destroy"); + testDestroy(list); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Lists"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_list2.c b/security/nss/cmd/libpkix/pkix/util/test_list2.c new file mode 100644 index 0000000000..b802ff0e66 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_list2.c @@ -0,0 +1,118 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_list2.c + * + * Performs an in-place sort on a list + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int +test_list2(int argc, char *argv[]) +{ + + PKIX_List *list; + char *temp; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Int32 cmpResult; + PKIX_PL_OID *testOID; + PKIX_PL_String *testString; + PKIX_PL_Object *obj, *obj2; + PKIX_UInt32 size = 10; + char *testOIDString[10] = { + "2.9.999.1.20", + "1.2.3.4.5.6.7", + "0.1", + "1.2.3.5", + "0.39", + "1.2.3.4.7", + "1.2.3.4.6", + "0.39.1", + "1.2.3.4.5", + "0.39.1.300" + }; + PKIX_UInt32 actualMinorVersion; + + PKIX_TEST_STD_VARS(); + + startTests("List Sorting"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("Creating Unsorted Lists"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + for (i = 0; i < size; i++) { + /* Create a new OID object */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create( + testOIDString[i], + &testOID, + plContext)); + /* Insert it into the list */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext)); + /* Decref the string object */ + PKIX_TEST_DECREF_BC(testOID); + } + + subTest("Outputting Unsorted List"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &testString, + plContext)); + temp = PKIX_String2ASCII(testString, plContext); + if (temp) { + (void)printf("%s \n", temp); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + PKIX_TEST_DECREF_BC(testString); + + subTest("Performing Bubble Sort"); + + for (i = 0; i < size; i++) + for (j = 9; j > i; j--) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j - 1, + &obj2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext)); + if (cmpResult < 0) { + /* Exchange the items */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j - 1, + obj, plContext)); + } + /* DecRef objects */ + PKIX_TEST_DECREF_BC(obj); + PKIX_TEST_DECREF_BC(obj2); + } + + subTest("Outputting Sorted List"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list, + &testString, + plContext)); + temp = PKIX_String2ASCII(testString, plContext); + if (temp) { + (void)printf("%s \n", temp); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(testString); + PKIX_TEST_DECREF_AC(list); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("List Sorting"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/util/test_logger.c b/security/nss/cmd/libpkix/pkix/util/test_logger.c new file mode 100644 index 0000000000..3b7e5160a3 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/util/test_logger.c @@ -0,0 +1,314 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_logger.c + * + * Tests Logger Objects + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static char *levels[] = { + "None", + "Fatal Error", + "Error", + "Warning", + "Debug", + "Trace" +}; + +static PKIX_Error * +testLoggerCallback( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ + char *comp = NULL; + char *msg = NULL; + char result[100]; + static int callCount = 0; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, 100, "Logging %s (%s): %s", + levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); + subTest(result); + + callCount++; + if (callCount > 1) { + testError("Incorrect number of Logger Callback "); + } + +cleanup: + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +testLoggerCallback2( + PKIX_Logger *logger, + PKIX_PL_String *message, + PKIX_UInt32 logLevel, + PKIX_ERRORCLASS logComponent, + void *plContext) +{ + char *comp = NULL; + char *msg = NULL; + char result[100]; + + PKIX_TEST_STD_VARS(); + + msg = PKIX_String2ASCII(message, plContext); + PR_snprintf(result, 100, "Logging %s (%s): %s", + levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg); + subTest(result); + +cleanup: + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext)); + PKIX_TEST_RETURN(); +} + +static void +createLogger(PKIX_Logger **logger, + PKIX_PL_Object *context, + PKIX_Logger_LogCallback cb) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(cb, context, logger, plContext)); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testContextCallback(PKIX_Logger *logger, PKIX_Logger *logger2) +{ + PKIX_Logger_LogCallback cb = NULL; + PKIX_PL_Object *context = NULL; + PKIX_Boolean cmpResult = PKIX_FALSE; + PKIX_UInt32 length; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetLoggerContext"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggerContext(logger2, &context, plContext)); + + testEqualsHelper((PKIX_PL_Object *)logger, context, PKIX_TRUE, plContext); + + subTest("PKIX_Logger_GetLogCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLogCallback(logger, &cb, plContext)); + + if (cb != testLoggerCallback) { + testError("Incorrect Logger Callback returned"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(context); + PKIX_TEST_RETURN(); +} + +static void +testComponent(PKIX_Logger *logger) +{ + PKIX_ERRORCLASS compName = (PKIX_ERRORCLASS)NULL; + PKIX_ERRORCLASS compNameReturn = (PKIX_ERRORCLASS)NULL; + PKIX_Boolean cmpResult = PKIX_FALSE; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compName, plContext)); + + if (compName != (PKIX_ERRORCLASS)NULL) { + testError("Incorrect Logger Component returned. expect "); + } + + subTest("PKIX_Logger_SetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, PKIX_LIST_ERROR, plContext)); + + subTest("PKIX_Logger_GetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compNameReturn, plContext)); + + if (compNameReturn != PKIX_LIST_ERROR) { + testError("Incorrect Logger Component returned."); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testMaxLoggingLevel(PKIX_Logger *logger) +{ + PKIX_UInt32 level = 0; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_Logger_GetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext)); + + if (level != 0) { + testError("Incorrect Logger MaxLoggingLevel returned"); + } + + subTest("PKIX_Logger_SetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, 3, plContext)); + + subTest("PKIX_Logger_GetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext)); + + if (level != 3) { + testError("Incorrect Logger MaxLoggingLevel returned"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testLogger(PKIX_Logger *logger, PKIX_Logger *logger2) +{ + PKIX_List *loggerList = NULL; + PKIX_List *checkList = NULL; + PKIX_UInt32 length; + PKIX_Boolean cmpResult = PKIX_FALSE; + char *expectedAscii = "[\n" + "\tLogger: \n" + "\tContext: (null)\n" + "\tMaximum Level: 3\n" + "\tComponent Name: LIST\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_GetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext)); + if (length != 0) { + testError("Incorrect Logger List returned"); + } + PKIX_TEST_DECREF_BC(loggerList); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggerList, (PKIX_PL_Object *)logger, plContext)); + + subTest("PKIX_SetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggerList, plContext)); + + subTest("PKIX_Logger_SetLoggingComponent"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger2, PKIX_MUTEX_ERROR, plContext)); + + subTest("PKIX_Logger_SetMaxLoggingLevel"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger2, 5, plContext)); + + subTest("PKIX_AddLogger"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_AddLogger(logger2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&checkList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger2, plContext)); + + PKIX_TEST_DECREF_BC(loggerList); + + subTest("PKIX_GetLoggers"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext)); + + subTest("pkix_Loggers_Equals"); + testEqualsHelper((PKIX_PL_Object *)loggerList, + (PKIX_PL_Object *)checkList, + PKIX_TRUE, + plContext); + + subTest("pkix_Loggers_Duplicate"); + testDuplicateHelper((PKIX_PL_Object *)logger, plContext); + + subTest("pkix_Loggers_Hashcode"); + testHashcodeHelper((PKIX_PL_Object *)logger, + (PKIX_PL_Object *)logger, + PKIX_TRUE, + plContext); + + subTest("pkix_Loggers_ToString"); + testToStringHelper((PKIX_PL_Object *)logger, expectedAscii, plContext); + + subTest("PKIX Logger Callback"); + subTest("Expect to have ***Fatal Error (List): Null argument*** once"); + PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, (PKIX_PL_Object *)NULL, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(loggerList); + PKIX_TEST_DECREF_AC(checkList); + PKIX_TEST_RETURN(); +} + +static void +testDestroy(PKIX_Logger *logger) +{ + PKIX_TEST_STD_VARS(); + + PKIX_TEST_DECREF_BC(logger); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_logger(int argc, char *argv[]) +{ + + PKIX_Logger *logger, *logger2; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Loggers"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_Logger_Create"); + createLogger(&logger, NULL, testLoggerCallback); + createLogger(&logger2, (PKIX_PL_Object *)logger, testLoggerCallback2); + + subTest("Logger Context and Callback"); + testContextCallback(logger, logger2); + + subTest("Logger Component"); + testComponent(logger); + + subTest("Logger MaxLoggingLevel"); + testMaxLoggingLevel(logger); + + subTest("Logger List operations"); + testLogger(logger, logger2); + + subTest("PKIX_Logger_Destroy"); + testDestroy(logger); + testDestroy(logger2); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Loggers"); + + return (0); +} -- cgit v1.2.3