/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * buildChain.c * * Tests Cert Chain Building * */ #include #include #include #include "pkix_pl_generalname.h" #include "pkix_pl_cert.h" #include "pkix.h" #include "testutil.h" #include "prlong.h" #include "plstr.h" #include "prthread.h" #include "nspr.h" #include "prtypes.h" #include "prtime.h" #include "pk11func.h" #include "secasn1.h" #include "cert.h" #include "cryptohi.h" #include "secoid.h" #include "certdb.h" #include "secitem.h" #include "keythi.h" #include "nss.h" static void *plContext = NULL; static void printUsage(void) { (void)printf("\nUSAGE:\tbuildChain " " \n\n"); (void)printf("Builds a chain of certificates between " " and \n" "using the certs and CRLs in .\n"); } static PKIX_PL_Cert * createCert(char *inFileName) { PKIX_PL_ByteArray *byteArray = NULL; void *buf = NULL; PRFileDesc *inFile = NULL; PKIX_UInt32 len; SECItem certDER; SECStatus rv; /* default: NULL cert (failure case) */ PKIX_PL_Cert *cert = NULL; PKIX_TEST_STD_VARS(); certDER.data = NULL; inFile = PR_Open(inFileName, PR_RDONLY, 0); if (!inFile) { pkixTestErrorMsg = "Unable to open cert file"; goto cleanup; } else { rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE); if (!rv) { buf = (void *)certDER.data; len = certDER.len; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext)); SECITEM_FreeItem(&certDER, PR_FALSE); } else { pkixTestErrorMsg = "Unable to read DER from cert file"; goto cleanup; } } cleanup: if (inFile) { PR_Close(inFile); } if (PKIX_TEST_ERROR_RECEIVED) { SECITEM_FreeItem(&certDER, PR_FALSE); } PKIX_TEST_DECREF_AC(byteArray); PKIX_TEST_RETURN(); return (cert); } int build_chain(int argc, char *argv[]) { PKIX_BuildResult *buildResult = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; PKIX_TrustAnchor *anchor = NULL; PKIX_List *anchors = NULL; PKIX_List *certs = NULL; PKIX_PL_Cert *cert = NULL; PKIX_ProcessingParams *procParams = NULL; char *trustedCertFile = NULL; char *targetCertFile = NULL; char *storeDirAscii = NULL; PKIX_PL_String *storeDirString = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_PL_Cert *targetCert = NULL; PKIX_UInt32 actualMinorVersion, numCerts, i; PKIX_UInt32 j = 0; PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; char *asciiResult = NULL; PKIX_Boolean useArenas = PKIX_FALSE; void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ void *nbioContext = NULL; PKIX_TEST_STD_VARS(); if (argc < 4) { printUsage(); return (0); } useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */ useArenas, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, PKIX_MINOR_VERSION, &actualMinorVersion, &plContext)); /* create processing params with list of trust anchors */ trustedCertFile = argv[j + 1]; trustedCert = createCert(trustedCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); /* create CertSelector with target certificate in params */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); targetCertFile = argv[j + 2]; targetCert = createCert(targetCertFile); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); /* create CertStores */ storeDirAscii = argv[j + 3]; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); /* build cert chain using processing params and return buildResult */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams, &nbioContext, &buildState, &buildResult, NULL, plContext)); /* * As long as we use only CertStores with blocking I/O, we can omit * checking for completion with nbioContext. */ PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); printf("\n"); for (i = 0; i < numCerts; i++) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); asciiResult = PKIX_Cert2ASCII(cert); printf("CERT[%d]:\n%s\n", i, asciiResult); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); asciiResult = NULL; PKIX_TEST_DECREF_BC(cert); } cleanup: if (PKIX_TEST_ERROR_RECEIVED) { (void)printf("FAILED TO BUILD CHAIN\n"); } else { (void)printf("SUCCESSFULLY BUILT CHAIN\n"); } PKIX_PL_Free(asciiResult, plContext); PKIX_TEST_DECREF_AC(certs); PKIX_TEST_DECREF_AC(cert); PKIX_TEST_DECREF_AC(certStore); PKIX_TEST_DECREF_AC(certStores); PKIX_TEST_DECREF_AC(storeDirString); PKIX_TEST_DECREF_AC(trustedCert); PKIX_TEST_DECREF_AC(targetCert); PKIX_TEST_DECREF_AC(anchor); PKIX_TEST_DECREF_AC(anchors); PKIX_TEST_DECREF_AC(procParams); PKIX_TEST_DECREF_AC(certSelParams); PKIX_TEST_DECREF_AC(certSelector); PKIX_TEST_DECREF_AC(buildResult); PKIX_TEST_RETURN(); PKIX_Shutdown(plContext); return (0); }