diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/cmd/libpkix/pkix/params | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/params')
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/Makefile | 45 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/manifest.mn | 24 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/test_procparams.c | 478 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c | 99 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/test_trustanchor.c | 251 | ||||
-rw-r--r-- | security/nss/cmd/libpkix/pkix/params/test_valparams.c | 261 |
6 files changed, 1158 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix/params/Makefile b/security/nss/cmd/libpkix/pkix/params/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix/params/manifest.mn b/security/nss/cmd/libpkix/pkix/params/manifest.mn new file mode 100644 index 0000000000..c7629a6207 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_procparams.c \ + test_trustanchor.c \ + test_valparams.c \ + test_resourcelimits.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolparams +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix/params/test_procparams.c b/security/nss/cmd/libpkix/pkix/params/test_procparams.c new file mode 100644 index 0000000000..419322a1e7 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_procparams.c @@ -0,0 +1,478 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_procparams.c + * + * Test ProcessingParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ProcessingParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetAnchors( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_List *goodAnchors = NULL; + PKIX_List *equalAnchors = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_GetTrustAnchors"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(goodObject, &goodAnchors, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(equalObject, &equalAnchors, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodAnchors, + (PKIX_PL_Object *)equalAnchors, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodAnchors); + PKIX_TEST_DECREF_AC(equalAnchors); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetDate( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_PL_Date *setDate = NULL; + PKIX_PL_Date *getDate = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetDate"); + + setDate = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetDate(goodObject, &getDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setDate, + (PKIX_PL_Object *)getDate, + PKIX_TRUE, + plContext); + + /* we want to make sure that goodObject and equalObject are "equal" */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(equalObject, setDate, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setDate); + PKIX_TEST_DECREF_AC(getDate); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker1cb( + PKIX_CertChainChecker *checker, + PKIX_PL_Cert *cert, + PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */ + void **pNBIOContext, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetCertChainCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_CertChainChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, (PKIX_PL_Object *)checker, plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb, + PKIX_FALSE, + PKIX_FALSE, + NULL, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static PKIX_Error * +userChecker2cb( + PKIX_RevocationChecker *checker, + PKIX_PL_Cert *cert, + PKIX_UInt32 *pResult, + void *plContext) +{ + return (NULL); +} + +static void +testGetSetRevocationCheckers( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) +{ + + PKIX_RevocationChecker *checker = NULL; + PKIX_List *setCheckersList = NULL; + PKIX_List *getCheckersList = NULL; + PKIX_PL_Date *date = NULL; + char *asciiDate = "040329134847Z"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers"); + + date = createDate(asciiDate, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, + (PKIX_PL_Object *)checker, + plContext)); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(goodObject, setCheckersList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb, + (PKIX_PL_Object *)date, + &checker, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker(goodObject, checker, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers(goodObject, &getCheckersList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(setCheckersList); + PKIX_TEST_DECREF_AC(getCheckersList); + PKIX_TEST_DECREF_AC(date); + PKIX_TEST_DECREF_BC(checker); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetResourceLimits( + PKIX_ProcessingParams *goodObject, + PKIX_ProcessingParams *equalObject) + +{ + PKIX_ResourceLimits *resourceLimits1 = NULL; + PKIX_ResourceLimits *resourceLimits2 = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits1, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits1, 3, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits1, 2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(goodObject, resourceLimits1, plContext)); + + PKIX_TEST_DECREF_BC(resourceLimits2); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits(goodObject, &resourceLimits2, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(equalObject, resourceLimits2, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(resourceLimits1); + PKIX_TEST_DECREF_AC(resourceLimits2); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetConstraints(PKIX_ProcessingParams *goodObject) +{ + + PKIX_CertSelector *setConstraints = NULL; + PKIX_CertSelector *getConstraints = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints"); + + /* + * After createConstraints is implemented + * setConstraints = createConstraints(); + */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(goodObject, setConstraints, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTargetCertConstraints(goodObject, &getConstraints, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setConstraints, + (PKIX_PL_Object *)getConstraints, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(setConstraints); + PKIX_TEST_DECREF_AC(getConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetInitialPolicies( + PKIX_ProcessingParams *goodObject, + char *asciiPolicyOID) +{ + PKIX_PL_OID *policyOID = NULL; + PKIX_List *setPolicyList = NULL; + PKIX_List *getPolicyList = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetInitialPolicies"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiPolicyOID, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setPolicyList, (PKIX_PL_Object *)policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(goodObject, setPolicyList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies(goodObject, &getPolicyList, plContext)); + + testEqualsHelper((PKIX_PL_Object *)setPolicyList, + (PKIX_PL_Object *)getPolicyList, + PKIX_TRUE, + plContext); + +cleanup: + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(setPolicyList); + PKIX_TEST_DECREF_AC(getPolicyList); + + PKIX_TEST_RETURN(); +} + +static void +testGetSetPolicyQualifiersRejected( + PKIX_ProcessingParams *goodObject, + PKIX_Boolean rejected) +{ + PKIX_Boolean getRejected = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyQualifiersRejected(goodObject, rejected, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetPolicyQualifiersRejected(goodObject, &getRejected, plContext)); + + if (rejected != getRejected) { + testError("GetPolicyQualifiersRejected returned unexpected value"); + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_procparams(int argc, char *argv[]) +{ + + PKIX_ProcessingParams *goodObject = NULL; + PKIX_ProcessingParams *equalObject = NULL; + PKIX_ProcessingParams *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + char *dataCentralDir = NULL; + PKIX_UInt32 j = 0; + + char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID; + char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2"; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\tMon Mar 29 08:48:47 2004\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (2.5.29.32.0)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tResource Limits: [\n" + "\tMaxTime: 2\n" + "\tMaxFanout: 3\n" + "\tMaxDepth: 3\n" + "]\n\n" + "\tCRL Checking Enabled: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dataCentralDir = argv[j + 1]; + + subTest("PKIX_ProcessingParams_Create"); + goodObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + equalObject = createProcessingParams(dataCentralDir, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + diffObject = createProcessingParams(dataCentralDir, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + plContext); + + testGetAnchors(goodObject, equalObject); + testGetSetDate(goodObject, equalObject); + testGetSetCertChainCheckers(goodObject, equalObject); + testGetSetRevocationCheckers(goodObject, equalObject); + testGetSetResourceLimits(goodObject, equalObject); + + /* + * XXX testGetSetConstraints(goodObject); + */ + + testGetSetInitialPolicies(goodObject, oidAnyPolicy); + testGetSetInitialPolicies(equalObject, oidAnyPolicy); + testGetSetInitialPolicies(diffObject, oidNist1Policy); + testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE); + testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ProcessingParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ProcessingParams"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c new file mode 100644 index 0000000000..f52c3ef87f --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_resourcelimits.c @@ -0,0 +1,99 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_resourcelimits.c + * + * Test ResourceLimits Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ResourceLimits_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +int +test_resourcelimits(int argc, char *argv[]) +{ + + PKIX_ResourceLimits *goodObject = NULL; + PKIX_ResourceLimits *equalObject = NULL; + PKIX_ResourceLimits *diffObject = NULL; + PKIX_UInt32 maxTime = 0; + PKIX_UInt32 maxFanout = 0; + PKIX_UInt32 maxDepth = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *expectedAscii = + "[\n" + "\tMaxTime: 10\n" + "\tMaxFanout: 5\n" + "\tMaxDepth: 5\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ResourceLimits"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + subTest("PKIX_ResourceLimits_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&goodObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&diffObject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&equalObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(goodObject, 10, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime(goodObject, &maxTime, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(equalObject, maxTime, plContext)); + maxTime++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(diffObject, maxTime, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout(goodObject, &maxFanout, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(equalObject, maxFanout, plContext)); + maxFanout++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(diffObject, maxFanout, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(goodObject, 5, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth(goodObject, &maxDepth, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(equalObject, maxDepth, plContext)); + maxDepth++; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(diffObject, maxDepth, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + ResourceLimits, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ResourceLimits"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c new file mode 100644 index 0000000000..4bd9d174ce --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_trustanchor.c @@ -0,0 +1,251 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_trustanchor.c + * + * Test TrustAnchor Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createTrustAnchors( + char *dirName, + char *goodInput, + PKIX_TrustAnchor **goodObject, + PKIX_TrustAnchor **equalObject, + PKIX_TrustAnchor **diffObject) +{ + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>"); + *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>"); + *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext); + + subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>"); + *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext); +} + +static void +testGetCAName( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_X500Name *diffCAName = NULL; + PKIX_PL_X500Name *equalCAName = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAName"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffCAName, + (PKIX_PL_Object *)equalCAName, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCAName); + PKIX_TEST_DECREF_AC(equalCAName); + + PKIX_TEST_RETURN(); +} + +static void +testGetCAPublicKey( + PKIX_PL_Cert *diffCert, + PKIX_TrustAnchor *equalObject) +{ + + PKIX_PL_PublicKey *diffPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_TrustAnchor_GetCAPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffPubKey, + (PKIX_PL_Object *)equalPubKey, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testGetNameConstraints(char *dirName) +{ + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert; + PKIX_PL_CertNameConstraints *diffNC = NULL; + PKIX_PL_CertNameConstraints *equalNC = NULL; + char *goodInput = "nameConstraintsDN5CACert.crt"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: CN=nameConstraints DN5 CA," + "O=Test Certificates,C=US\n" + "\tTrusted CA PublicKey: PKCS #1 RSA Encryption\n" + "\tInitial Name Constraints:[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t]\n" + "\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create TrustAnchors and compare"); + + createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext)); + + subTest("PKIX_TrustAnchor_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext)); + + testEqualsHelper((PKIX_PL_Object *)diffNC, + (PKIX_PL_Object *)equalNC, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(diffNC); + PKIX_TEST_DECREF_AC(equalNC); + PKIX_TEST_DECREF_BC(diffCert); + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_TrustAnchor_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n"); +} + +int +test_trustanchor(int argc, char *argv[]) +{ + + PKIX_TrustAnchor *goodObject = NULL; + PKIX_TrustAnchor *equalObject = NULL; + PKIX_TrustAnchor *diffObject = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *goodInput = "yassir2yassir"; + char *expectedAscii = + "[\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n"; + char *dirName = NULL; + char *dataCentralDir = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("TrustAnchor"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3) { + printUsage(); + return (0); + } + + dirName = argv[j + 1]; + dataCentralDir = argv[j + 2]; + + createTrustAnchors(dataCentralDir, + goodInput, + &goodObject, + &equalObject, + &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + expectedAscii, + TrustAnchor, + PKIX_TRUE); + + subTest("PKIX_TrustAnchor_GetTrustedCert"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext)); + + testGetCAName(diffCert, equalObject); + testGetCAPublicKey(diffCert, equalObject); + + testGetNameConstraints(dirName); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(diffCert); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("TrustAnchor"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix/params/test_valparams.c b/security/nss/cmd/libpkix/pkix/params/test_valparams.c new file mode 100644 index 0000000000..6419062c40 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/params/test_valparams.c @@ -0,0 +1,261 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_valparams.c + * + * Test ValidateParams Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void +testGetProcParams( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_ProcessingParams *goodProcParams = NULL; + PKIX_ProcessingParams *equalProcParams = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetProcessingParams"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(goodObject, &goodProcParams, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(equalObject, &equalProcParams, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodProcParams, + (PKIX_PL_Object *)equalProcParams, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodProcParams); + PKIX_TEST_DECREF_AC(equalProcParams); + + PKIX_TEST_RETURN(); +} + +static void +testGetCertChain( + PKIX_ValidateParams *goodObject, + PKIX_ValidateParams *equalObject) +{ + + PKIX_List *goodChain = NULL; + PKIX_List *equalChain = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_ValidateParams_GetCertChain"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(goodObject, &goodChain, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(equalObject, &equalChain, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodChain, + (PKIX_PL_Object *)equalChain, + PKIX_TRUE, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodChain); + PKIX_TEST_DECREF_AC(equalChain); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <central-data-dir>\n\n", pName); +} + +int +test_valparams(int argc, char *argv[]) +{ + + PKIX_ValidateParams *goodObject = NULL; + PKIX_ValidateParams *equalObject = NULL; + PKIX_ValidateParams *diffObject = NULL; + PKIX_List *chain = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *dirName = NULL; + + char *goodInput = "yassir2yassir"; + char *diffInput = "yassir2bcn"; + + char *expectedAscii = + "[\n" + "\tProcessing Params: \n" + "\t********BEGIN PROCESSING PARAMS********\n" + "\t\t" + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t" + "([\n" + "\tTrusted CA Name: " + "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ", [\n" + "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" + "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" + "\tInitial Name Constraints:(null)\n" + "]\n" + ")\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\t(null)\n" + "\tTarget Constraints: (null)\n" + "\tInitial Policies: (null)\n" + "\tQualifiers Rejected: FALSE\n" + "\tCert Stores: (EMPTY)\n" + "\tCRL Checking Enabled: 0\n" + "]\n" + "\n" + "\t********END PROCESSING PARAMS********\n" + "\tChain: \t\t" + "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" + "\t To: Fri Aug 18 16:19:56 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc65af\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19 16:14:39 1999\n" + "\t To: Fri Aug 18 16:14:39 2000]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("ValidateParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 2) { + printUsage(argv[0]); + return (0); + } + + dirName = argv[j + 1]; + + subTest("PKIX_ValidateParams_Create"); + chain = createCertChain(dirName, diffInput, goodInput, plContext); + goodObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + equalObject = createValidateParams(dirName, + goodInput, + diffInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + diffObject = createValidateParams(dirName, + diffInput, + goodInput, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + testGetProcParams(goodObject, equalObject); + testGetCertChain(goodObject, equalObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + ValidateParams, + PKIX_FALSE); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ValidateParams"); + + return (0); +} |