diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/checker')
-rw-r--r-- | security/nss/cmd/libpkix/pkix/checker/Makefile | 45 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/checker/manifest.mn | 20 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c | 185 |
3 files changed, 250 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix/checker/Makefile b/security/nss/cmd/libpkix/pkix/checker/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/checker/manifest.mn b/security/nss/cmd/libpkix/pkix/checker/manifest.mn new file mode 100644 index 0000000000..54e1486e68 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/manifest.mn @@ -0,0 +1,20 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_certchainchecker.c + +LIBRARY_NAME = pkixtoolchecker +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c new file mode 100644 index 0000000000..5fab3a6920 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c @@ -0,0 +1,185 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_certchainchecker.c + * + * Test Cert Chain Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_Error * +dummyChecker_Check( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, + void **pNBIOContext, + void *plContext) +{ + goto cleanup; + +cleanup: + + return (NULL); +} + +static void +test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original) +{ + PKIX_Boolean originalForward = PKIX_FALSE; + PKIX_Boolean copyForward = PKIX_FALSE; + PKIX_Boolean originalForwardDir = PKIX_FALSE; + PKIX_Boolean copyForwardDir = PKIX_FALSE; + PKIX_CertChainChecker *copy = NULL; + PKIX_CertChainChecker_CheckCallback originalCallback = NULL; + PKIX_CertChainChecker_CheckCallback copyCallback = NULL; + PKIX_PL_Object *originalState = NULL; + PKIX_PL_Object *copyState = NULL; + PKIX_List *originalList = NULL; + PKIX_List *copyList = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("CertChainChecker_Duplicate"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)original, + (PKIX_PL_Object **)©, + plContext)); + + subTest("CertChainChecker_GetCheckCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(original, &originalCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(copy, ©Callback, plContext)); + if (originalCallback != copyCallback) { + pkixTestErrorMsg = "CheckCallback functions are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardCheckingSupported"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(original, &originalForward, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(copy, ©Forward, plContext)); + if (originalForward != copyForward) { + pkixTestErrorMsg = "ForwardChecking booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_IsForwardDirectionExpected"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(original, &originalForwardDir, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(copy, ©ForwardDir, plContext)); + if (originalForwardDir != copyForwardDir) { + pkixTestErrorMsg = "ForwardDirection booleans are not equal!"; + goto cleanup; + } + + subTest("CertChainChecker_GetCertChainCheckerState"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(original, &originalState, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(copy, ©State, plContext)); + testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext); + + subTest("CertChainChecker_GetSupportedExtensions"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(original, &originalList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(copy, ©List, plContext)); + testEqualsHelper((PKIX_PL_Object *)originalList, + (PKIX_PL_Object *)copyList, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(copy); + PKIX_TEST_DECREF_AC(originalState); + PKIX_TEST_DECREF_AC(copyState); + PKIX_TEST_DECREF_AC(originalList); + PKIX_TEST_DECREF_AC(copyList); + + PKIX_TEST_RETURN(); +} + +int +test_certchainchecker(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_PL_OID *bcOID = NULL; + PKIX_PL_OID *ncOID = NULL; + PKIX_PL_OID *cpOID = NULL; + PKIX_PL_OID *pmOID = NULL; + PKIX_PL_OID *pcOID = NULL; + PKIX_PL_OID *iaOID = NULL; + PKIX_CertChainChecker *dummyChecker = NULL; + PKIX_List *supportedExtensions = NULL; + PKIX_PL_Object *initialState = NULL; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("CertChainChecker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&supportedExtensions, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext)); + + PKIX_TEST_DECREF_BC(bcOID); + PKIX_TEST_DECREF_BC(ncOID); + PKIX_TEST_DECREF_BC(cpOID); + PKIX_TEST_DECREF_BC(pmOID); + PKIX_TEST_DECREF_BC(pcOID); + PKIX_TEST_DECREF_BC(iaOID); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)supportedExtensions, plContext)); + + initialState = (PKIX_PL_Object *)supportedExtensions; + + subTest("CertChainChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */ + PKIX_FALSE, /* forwardCheckingSupported */ + PKIX_FALSE, /* forwardDirectionExpected */ + supportedExtensions, + NULL, /* PKIX_PL_Object *initialState */ + &dummyChecker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_SetCertChainCheckerState(dummyChecker, initialState, plContext)); + + test_CertChainChecker_Duplicate(dummyChecker); + + subTest("CertChainChecker_Destroy"); + PKIX_TEST_DECREF_BC(dummyChecker); + +cleanup: + + PKIX_TEST_DECREF_AC(dummyChecker); + PKIX_TEST_DECREF_AC(initialState); + PKIX_TEST_DECREF_AC(supportedExtensions); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CertChainChecker"); + + return (0); +} |