summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/libpkix/pkix_pl
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/cmd/libpkix/pkix_pl
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/cmd/libpkix/pkix_pl')
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/Makefile46
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/manifest.mn11
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/Makefile45
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/manifest.mn25
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c247
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c275
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c300
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c580
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/module/test_socket.c571
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/Makefile45
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn29
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c105
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c2088
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c302
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c208
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_date.c106
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c123
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c127
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c121
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c169
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/Makefile45
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/manifest.mn38
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/stress_test.c146
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c189
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c231
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c380
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_mem.c133
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c104
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c102
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c166
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c104
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_object.c281
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_oid.c212
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c204
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_string.c434
-rw-r--r--security/nss/cmd/libpkix/pkix_pl/system/test_string2.c337
36 files changed, 8629 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix_pl/Makefile b/security/nss/cmd/libpkix/pkix_pl/Makefile
new file mode 100644
index 0000000000..1de5ef2694
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/security/nss/cmd/libpkix/pkix_pl/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/manifest.mn
new file mode 100644
index 0000000000..84997cbe6f
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/manifest.mn
@@ -0,0 +1,11 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ./..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+DIRS = module pki system \
+ $(NULL)
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/Makefile b/security/nss/cmd/libpkix/pkix_pl/module/Makefile
new file mode 100644
index 0000000000..802e7729d9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn
new file mode 100644
index 0000000000..50d20d0bb4
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn
@@ -0,0 +1,25 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_colcertstore.c \
+ test_ekuchecker.c \
+ test_pk11certstore.c \
+ test_socket.c \
+ test_httpcertstore.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixtoolmodule
+SHARED_LIBRARY = $(NULL)
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c
new file mode 100644
index 0000000000..37169d6ff7
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c
@@ -0,0 +1,247 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_colcertstore.c
+ *
+ * Test CollectionCertStore Type
+ *
+ */
+
+#include "testutil.h"
+
+#include "testutil_nss.h"
+
+/* When CRL IDP is supported, change NUM_CRLS to 9 */
+#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 4
+#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS 15
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+testCRLSelectorMatchCallback(
+ PKIX_CRLSelector *selector,
+ PKIX_PL_CRL *crl,
+ PKIX_Boolean *pMatch,
+ void *plContext)
+{
+ *pMatch = PKIX_TRUE;
+
+ return (0);
+}
+
+static PKIX_Error *
+testCertSelectorMatchCallback(
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ *pResult = PKIX_TRUE;
+
+ return (0);
+}
+
+static PKIX_Error *
+getCertCallback(
+ PKIX_CertStore *store,
+ PKIX_CertSelector *certSelector,
+ PKIX_List **pCerts,
+ void *plContext)
+{
+ return (0);
+}
+
+static char *
+catDirName(char *platform, char *dir, void *plContext)
+{
+ char *pathName = NULL;
+ PKIX_UInt32 dirLen;
+ PKIX_UInt32 platformLen;
+
+ PKIX_TEST_STD_VARS();
+
+ dirLen = PL_strlen(dir);
+ platformLen = PL_strlen(platform);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+ dirLen +
+ 2,
+ (void **)&pathName, plContext));
+
+ PL_strcpy(pathName, platform);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, dir);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+
+ return (pathName);
+}
+
+static void
+testGetCRL(char *crlDir)
+{
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CRLCallback crlCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_UInt32 numCrl = 0;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ crlDir,
+ 0,
+ &dirString,
+ plContext));
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+ &certStore,
+ plContext));
+
+ subTest("PKIX_CRLSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback,
+ NULL,
+ &crlSelector,
+ plContext));
+
+ subTest("PKIX_CertStore_GetCRLCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL));
+
+ subTest("Getting data from CRL Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore,
+ crlSelector,
+ &nbioContext,
+ &crlList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList,
+ &numCrl,
+ plContext));
+
+ if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
+ pkixTestErrorMsg = "unexpected CRL number mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(crlList);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(certStore);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetCert(char *certDir)
+{
+ PKIX_PL_String *dirString = NULL;
+ PKIX_CertStore_CertCallback certCallback;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_UInt32 numCert = 0;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ certDir,
+ 0,
+ &dirString,
+ plContext));
+
+ subTest("PKIX_PL_CollectionCertStore_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+ &certStore,
+ plContext));
+
+ subTest("PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+ NULL,
+ &certSelector,
+ plContext));
+
+ subTest("PKIX_CertStore_GetCertCallback");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+ subTest("Getting data from Cert Callback");
+ PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList,
+ &numCert,
+ plContext));
+
+ if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) {
+ pkixTestErrorMsg = "unexpected Cert number mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(dirString);
+ PKIX_TEST_DECREF_AC(certList);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certStore);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName);
+}
+
+/* Functional tests for CollectionCertStore public functions */
+
+int
+test_colcertstore(int argc, char *argv[])
+{
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *platformDir = NULL;
+ char *dataDir = NULL;
+ char *combinedDir = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("CollectionCertStore");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < (3 + j)) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ dataDir = argv[2 + j];
+ platformDir = argv[3 + j];
+ combinedDir = catDirName(platformDir, dataDir, plContext);
+
+ testGetCRL(combinedDir);
+ testGetCert(combinedDir);
+
+cleanup:
+
+ pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("CollectionCertStore");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
new file mode 100644
index 0000000000..ccd05a5bf8
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
@@ -0,0 +1,275 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_ekuchecker.c
+ *
+ * Test Extend Key Usage Checker
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage1(char *pName)
+{
+ printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+ printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+ printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+ numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_Error *
+testCertSelectorMatchCallback(
+ PKIX_CertSelector *selector,
+ PKIX_PL_Cert *cert,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ *pResult = PKIX_TRUE;
+
+ return (0);
+}
+
+static PKIX_Error *
+testEkuSetup(
+ PKIX_ValidateParams *valParams,
+ char *ekuOidString,
+ PKIX_Boolean *only4EE)
+{
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_List *ekuList = NULL;
+ PKIX_PL_OID *ekuOid = NULL;
+ PKIX_ComCertSelParams *selParams = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_Boolean last_token = PKIX_FALSE;
+ PKIX_UInt32 i, tokeni;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_ValidateParams_GetProcessingParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+ /* Get extended key usage OID(s) from command line, separated by "," */
+
+ if (ekuOidString[0] == '"') {
+ /* erase doble quotes, if any */
+ i = 1;
+ while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
+ ekuOidString[i - 1] = ekuOidString[i];
+ i++;
+ }
+ ekuOidString[i - 1] = '\0';
+ }
+
+ if (ekuOidString[0] == '\0') {
+ ekuList = NULL;
+ } else {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));
+
+ /* if OID string start with E, only check for last cert */
+ if (ekuOidString[0] == 'E') {
+ *only4EE = PKIX_TRUE;
+ tokeni = 2;
+ i = 1;
+ } else {
+ *only4EE = PKIX_FALSE;
+ tokeni = 1;
+ i = 0;
+ }
+
+ while (last_token != PKIX_TRUE) {
+ while (ekuOidString[tokeni] != ',' &&
+ ekuOidString[tokeni] != '\0') {
+ tokeni++;
+ }
+ if (ekuOidString[tokeni] == '\0') {
+ last_token = PKIX_TRUE;
+ } else {
+ ekuOidString[tokeni] = '\0';
+ tokeni++;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));
+
+ PKIX_TEST_DECREF_BC(ekuOid);
+ i = tokeni;
+ }
+ }
+
+ /* Set extended key usage link to processing params */
+
+ subTest("PKIX_ComCertSelParams_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+
+ subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));
+
+ subTest("PKIX_CertSelector_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+ NULL,
+ &certSelector,
+ plContext));
+
+ subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));
+
+ subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(selParams);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(procParams);
+ PKIX_TEST_DECREF_AC(ekuOid);
+ PKIX_TEST_DECREF_AC(ekuList);
+
+ PKIX_TEST_RETURN();
+
+ return (0);
+}
+
+static PKIX_Error *
+testEkuChecker(
+ PKIX_ValidateParams *valParams,
+ PKIX_Boolean only4EE)
+{
+ PKIX_ProcessingParams *procParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+ subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+
+ if (only4EE == PKIX_FALSE) {
+ subTest("PKIX_PL_EkuChecker_Create");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(procParams);
+
+ PKIX_TEST_RETURN();
+
+ return (0);
+}
+
+int
+test_ekuchecker(int argc, char *argv[])
+{
+ PKIX_List *chain = NULL;
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_ValidateResult *valResult = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ char *certNames[PKIX_TEST_MAX_CERTS];
+ char *dirName = NULL;
+ PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+ PKIX_UInt32 chainLength = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean testValid = PKIX_FALSE;
+ PKIX_Boolean only4EE = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ if (argc < 5) {
+ printUsage1(argv[0]);
+ return (0);
+ }
+
+ startTests("EKU Checker");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ /* ENE = expect no error; EE = expect error */
+ if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+ testValid = PKIX_TRUE;
+ } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+ testValid = PKIX_FALSE;
+ } else {
+ printUsage1(argv[0]);
+ return (0);
+ }
+
+ dirName = argv[4 + j];
+
+ chainLength = (argc - j) - 6;
+ if (chainLength > PKIX_TEST_MAX_CERTS) {
+ printUsageMax(chainLength);
+ }
+
+ for (i = 0; i < chainLength; i++) {
+
+ certNames[i] = argv[6 + i + j];
+ certs[i] = NULL;
+ }
+
+ subTest(argv[1 + j]);
+
+ subTest("Extended-Key-Usage-Checker");
+
+ subTest("Extended-Key-Usage-Checker - Create Cert Chain");
+
+ chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+ subTest("Extended-Key-Usage-Checker - Create Params");
+
+ valParams = createValidateParams(dirName,
+ argv[5 +
+ j],
+ NULL,
+ NULL,
+ NULL,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ PKIX_FALSE,
+ chain,
+ plContext);
+
+ subTest("Default CertStore");
+
+ testEkuSetup(valParams, argv[3 + j], &only4EE);
+
+ testEkuChecker(valParams, only4EE);
+
+ subTest("Extended-Key-Usage-Checker - Validate Chain");
+
+ if (testValid == PKIX_TRUE) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(chain);
+ PKIX_TEST_DECREF_AC(valParams);
+ PKIX_TEST_DECREF_AC(valResult);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("EKU Checker");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
new file mode 100644
index 0000000000..62f86300ab
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
@@ -0,0 +1,300 @@
+/*
+ * test_httpcertstore.c
+ *
+ * Test Httpcertstore Type
+ *
+ * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear facility.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+#include "pkix_pl_common.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(char *testname)
+{
+ char *fmt =
+ "USAGE: %s [-arenas] certDir certName\n";
+ printf(fmt, "test_httpcertstore");
+}
+
+/* Functional tests for Socket public functions */
+static void
+do_other_work(void)
+{ /* while waiting for nonblocking I/O to complete */
+ (void)PR_Sleep(2 * 60);
+}
+
+PKIX_Error *
+PKIX_PL_HttpCertStore_Create(
+ PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+ PKIX_PL_GeneralName *location,
+ PKIX_CertStore **pCertStore,
+ void *plContext);
+
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateWithAsciiName(
+ PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+ char *location,
+ PKIX_CertStore **pCertStore,
+ void *plContext);
+
+static PKIX_Error *
+getLocation(
+ PKIX_PL_Cert *certWithAia,
+ PKIX_PL_GeneralName **pLocation,
+ void *plContext)
+{
+ PKIX_List *aiaList = NULL;
+ PKIX_UInt32 size = 0;
+ PKIX_PL_InfoAccess *aia = NULL;
+ PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+ PKIX_PL_GeneralName *location = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Getting Authority Info Access");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certWithAia, &aiaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType(aia, &iaType, plContext));
+
+ if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) {
+ pkixTestErrorMsg = "unexpected location type in AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(aia, &location, plContext));
+
+ *pLocation = location;
+
+cleanup:
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(aia);
+
+ PKIX_TEST_RETURN();
+
+ return (NULL);
+}
+
+int
+test_httpcertstore(int argc, char *argv[])
+{
+
+ PKIX_UInt32 i = 0;
+ PKIX_UInt32 numCerts = 0;
+ PKIX_UInt32 numCrls = 0;
+ int j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 length = 0;
+
+ char *certName = NULL;
+ char *certDir = NULL;
+ PKIX_PL_Cert *cmdLineCert = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_PL_GeneralName *location = NULL;
+ PKIX_CertStore_CertCallback getCerts = NULL;
+ PKIX_List *certs = NULL;
+ char *asciiResult = NULL;
+ void *nbio = NULL;
+
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL"
+ "files/BasicHTTPURIPeer2CACRL.crl";
+ PKIX_CertStore_CRLCallback getCrls = NULL;
+ PKIX_List *crls = NULL;
+ PKIX_PL_String *crlString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("HttpCertStore");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc != (j + 3)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Missing command line argument.";
+ goto cleanup;
+ }
+
+ certDir = argv[++j];
+ certName = argv[++j];
+
+ cmdLineCert = createCert(certDir, certName, plContext);
+ if (cmdLineCert == NULL) {
+ pkixTestErrorMsg = "Unable to create Cert";
+ goto cleanup;
+ }
+
+ /* muster arguments to create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(getLocation(cmdLineCert, &location, plContext));
+
+ if (location == NULL) {
+ pkixTestErrorMsg = "Give me a cert with an HTTP URI!";
+ goto cleanup;
+ }
+
+ /* create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create(NULL, location, &certStore, plContext));
+
+ /* get the GetCerts callback */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCerts, plContext));
+
+ /* create a CertSelector */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+ /* Get the certs */
+ PKIX_TEST_EXPECT_NO_ERROR(getCerts(certStore, certSelector, &nbio, &certs, plContext));
+
+ while (nbio != NULL) {
+ /* poll for a completion */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue(certStore, certSelector, &nbio, &certs, plContext));
+ }
+
+ if (certs) {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+ if (numCerts == 0) {
+ printf("HttpCertStore returned an empty Cert list\n");
+ goto cleanup;
+ }
+
+ for (i = 0; i < numCerts; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+ i,
+ (PKIX_PL_Object **)&cert,
+ plContext));
+
+ asciiResult = PKIX_Cert2ASCII(cert);
+
+ printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+ /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+ asciiResult = NULL;
+
+ PKIX_TEST_DECREF_BC(cert);
+ }
+ } else {
+ printf("HttpCertStore returned a NULL Cert list\n");
+ }
+
+ /* create HttpCertStore */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName(NULL, crlLocation, &crlStore, plContext));
+
+ /* get the GetCrls callback */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrls, plContext));
+
+ /* create a CrlSelector */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &crlSelector, plContext));
+
+ /* Get the crls */
+ PKIX_TEST_EXPECT_NO_ERROR(getCrls(crlStore, crlSelector, &nbio, &crls, plContext));
+
+ while (nbio != NULL) {
+ /* poll for a completion */
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue(crlStore, crlSelector, &nbio, &crls, plContext));
+ }
+
+ if (crls) {
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crls, &numCrls, plContext));
+
+ if (numCrls == 0) {
+ printf("HttpCertStore returned an empty CRL list\n");
+ goto cleanup;
+ }
+
+ for (i = 0; i < numCrls; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(crls,
+ i,
+ (PKIX_PL_Object **)&crl,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+ (PKIX_PL_Object *)crl,
+ &crlString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(crlString,
+ PKIX_ESCASCII,
+ (void **)&asciiResult,
+ &length,
+ plContext));
+
+ printf("CRL[%d]:\n%s\n", i, asciiResult);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+ PKIX_TEST_DECREF_BC(crlString);
+ PKIX_TEST_DECREF_BC(crl);
+ }
+ } else {
+ printf("HttpCertStore returned a NULL CRL list\n");
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(cmdLineCert);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(location);
+ PKIX_TEST_DECREF_AC(certs);
+ PKIX_TEST_DECREF_AC(crl);
+ PKIX_TEST_DECREF_AC(crlString);
+ PKIX_TEST_DECREF_AC(crls);
+
+ PKIX_TEST_RETURN();
+
+ endTests("HttpDefaultClient");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
new file mode 100644
index 0000000000..58fceb14f0
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
@@ -0,0 +1,580 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_pk11certstore.c
+ *
+ * Test Pk11CertStore Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+/*
+ * This function creates a certSelector with ComCertSelParams set up to
+ * select entries whose Subject Name matches that in the given Cert and
+ * whose validity window includes the Date specified by "validityDate".
+ */
+static void
+test_makeSubjectCertSelector(
+ PKIX_PL_Cert *certNameToMatch,
+ PKIX_PL_Date *validityDate,
+ PKIX_CertSelector **pSelector,
+ void *plContext)
+{
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *subjParams = NULL;
+ PKIX_PL_X500Name *subjectName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(subjParams, validityDate, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext));
+ *pSelector = selector;
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(subjParams);
+ PKIX_TEST_DECREF_AC(subjectName);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a certSelector with ComCertSelParams set up to
+ * select entries containing a Basic Constraints extension with a path
+ * length of at least the specified "minPathLength".
+ */
+static void
+test_makePathCertSelector(
+ PKIX_Int32 minPathLength,
+ PKIX_CertSelector **pSelector,
+ void *plContext)
+{
+ PKIX_CertSelector *selector = NULL;
+ PKIX_ComCertSelParams *pathParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&pathParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(pathParams, minPathLength, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, pathParams, plContext));
+ *pSelector = selector;
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(pathParams);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function reads a directory-file cert specified by "desiredSubjectCert",
+ * and decodes the SubjectName. It uses that name to set up the CertSelector
+ * for a Subject Name match, and then queries the database for matching entries.
+ * It is intended to test a "smart" database query.
+ */
+static void
+testMatchCertSubject(
+ char *crlDir,
+ char *desiredSubjectCert,
+ char *expectedAscii,
+ PKIX_PL_Date *validityDate,
+ void *plContext)
+{
+ PKIX_UInt32 numCert = 0;
+ PKIX_PL_Cert *certWithDesiredSubject = NULL;
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_CertStore_CertCallback getCert = NULL;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext);
+
+ test_makeSubjectCertSelector(certWithDesiredSubject,
+ validityDate,
+ &certSelector,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+ if (numCert > 0) {
+ /* List should be immutable */
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext));
+ }
+
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(certWithDesiredSubject);
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certList);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function uses the minimum path length specified by "minPath" to set up
+ * a CertSelector for a BasicConstraints match, and then queries the database
+ * for matching entries. It is intended to test the case where there
+ * is no "smart" database query, so the database will be asked for all
+ * available certs and the filtering will be done by the interaction of the
+ * certstore and the selector.
+ */
+static void
+testMatchCertMinPath(
+ PKIX_Int32 minPath,
+ char *expectedAscii,
+ void *plContext)
+{
+ PKIX_CertStore *certStore = NULL;
+ PKIX_CertSelector *certSelector = NULL;
+ PKIX_List *certList = NULL;
+ PKIX_CertStore_CertCallback getCert = NULL;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Searching Certs for minPath");
+
+ test_makePathCertSelector(minPath, &certSelector, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+ certSelector,
+ &nbioContext,
+ &certList,
+ plContext));
+
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(certStore);
+ PKIX_TEST_DECREF_AC(certSelector);
+ PKIX_TEST_DECREF_AC(certList);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a crlSelector with ComCrlSelParams set up to
+ * select entries whose Issuer Name matches that in the given Crl.
+ */
+static void
+test_makeIssuerCRLSelector(
+ PKIX_PL_CRL *crlNameToMatch,
+ PKIX_CRLSelector **pSelector,
+ void *plContext)
+{
+ PKIX_CRLSelector *selector = NULL;
+ PKIX_ComCRLSelParams *issuerParams = NULL;
+ PKIX_PL_X500Name *issuerName = NULL;
+ PKIX_List *names = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext));
+ *pSelector = selector;
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(issuerParams);
+ PKIX_TEST_DECREF_AC(issuerName);
+ PKIX_TEST_DECREF_AC(names);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a crlSelector with ComCrlSelParams set up to
+ * select entries that would be valid at the Date specified by the Date
+ * criterion.
+ */
+static void
+test_makeDateCRLSelector(
+ PKIX_PL_Date *dateToMatch,
+ PKIX_CRLSelector **pSelector,
+ void *plContext)
+{
+ PKIX_CRLSelector *selector = NULL;
+ PKIX_ComCRLSelParams *dateParams = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&dateParams, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(dateParams, dateToMatch, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, dateParams, plContext));
+ *pSelector = selector;
+
+cleanup:
+ PKIX_TEST_DECREF_AC(dateParams);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function reads a directory-file crl specified by "desiredIssuerCrl",
+ * and decodes the IssuerName. It uses that name to set up the CrlSelector
+ * for a Issuer Name match, and then queries the database for matching entries.
+ * It is intended to test the case of a "smart" database query.
+ */
+static void
+testMatchCrlIssuer(
+ char *crlDir,
+ char *desiredIssuerCrl,
+ char *expectedAscii,
+ void *plContext)
+{
+ PKIX_UInt32 numCrl = 0;
+ PKIX_PL_CRL *crlWithDesiredIssuer = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_CertStore_CRLCallback getCrl = NULL;
+ void *nbioContext = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Searching CRLs for matching Issuer");
+
+ crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext);
+
+ test_makeIssuerCRLSelector(crlWithDesiredIssuer, &crlSelector, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(getCrl(crlStore,
+ crlSelector,
+ &nbioContext,
+ &crlList,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext));
+
+ if (numCrl > 0) {
+ /* List should be immutable */
+ PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(crlList, 0, plContext));
+ }
+
+ if (expectedAscii) {
+ testToStringHelper((PKIX_PL_Object *)crlList, expectedAscii, plContext);
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(crlWithDesiredIssuer);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(crlList);
+
+ PKIX_TEST_RETURN();
+}
+
+/*
+ * This function uses the date specified by "matchDate" to set up the
+ * CrlSelector for a Date match. It is intended to test the case where there
+ * is no "smart" database query, so the CertStore should throw an error
+ * rather than ask the database for all available CRLs and then filter the
+ * results using the selector.
+ */
+static void
+testMatchCrlDate(
+ char *dateMatch,
+ char *expectedAscii,
+ void *plContext)
+{
+ PKIX_PL_Date *dateCriterion = NULL;
+ PKIX_CertStore *crlStore = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+ PKIX_List *crlList = NULL;
+ PKIX_CertStore_CRLCallback getCrl = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("Searching CRLs for matching Date");
+
+ dateCriterion = createDate(dateMatch, plContext);
+ test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
+
+ PKIX_TEST_EXPECT_ERROR(getCrl(crlStore, crlSelector, NULL, &crlList, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(dateCriterion);
+ PKIX_TEST_DECREF_AC(crlStore);
+ PKIX_TEST_DECREF_AC(crlSelector);
+ PKIX_TEST_DECREF_AC(crlList);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+ printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName);
+}
+
+/* Functional tests for Pk11CertStore public functions */
+
+int
+test_pk11certstore(int argc, char *argv[])
+{
+
+ PKIX_UInt32 j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_PL_Date *validityDate = NULL;
+ PKIX_PL_Date *betweenDate = NULL;
+ char *crlDir = NULL;
+ char *expectedProfAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 00ca\n"
+ "\tIssuer: CN=chemistry,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 14:14:06 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(6)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 03\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedValidityAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 03\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tSubject: CN=prof noall,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedMinPathAscii = "([\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 01\n"
+ "\tIssuer: CN=science,O=mit,C=us\n"
+ "\tSubject: CN=science,O=mit,C=us\n"
+ "\tValidity: [From: Fri Feb 11 12:47:58 2005\n"
+ "\t To: Mon Jan 18, 2105]\n"
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(10)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "]\n"
+ ")";
+ char *expectedIssuerAscii = "([\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=physics,O=mit,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 67\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Feb 11 13:51:38 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ")";
+ char *expectedDateAscii = "([\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=science,O=mit,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 65\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Feb 11 13:34:40 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ", [\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=testing CRL,O=test,C=us\n"
+ "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n"
+ "\t Next: Mon Jan 18, 2105]\n"
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n"
+ "\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 67\n"
+ "\tReasonCode: 258\n"
+ "\tRevocationDate: Fri Feb 11 13:14:38 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n"
+ "\t)\n"
+ "\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n"
+ ")";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Pk11CertStore");
+
+ if (argc < 3) {
+ printUsage(argv[0]);
+ return (0);
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ crlDir = argv[j + 2];
+
+ /* Two certs for prof should be valid now */
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validityDate, plContext));
+
+ subTest("Searching Certs for Subject");
+
+ testMatchCertSubject(crlDir,
+ "phy2prof.crt",
+ NULL, /* expectedProfAscii, */
+ validityDate,
+ plContext);
+
+ /* One of the certs was not yet valid at this time. */
+ betweenDate = createDate("050210184000Z", plContext);
+
+ subTest("Searching Certs for Subject and Validity");
+
+ testMatchCertSubject(crlDir,
+ "phy2prof.crt",
+ NULL, /* expectedValidityAscii, */
+ betweenDate,
+ plContext);
+
+ testMatchCertMinPath(9,
+ NULL, /* expectedMinPathAscii, */
+ plContext);
+
+ testMatchCrlIssuer(crlDir,
+ "phys.crl",
+ NULL, /* expectedIssuerAscii, */
+ plContext);
+
+ testMatchCrlDate("050211184000Z",
+ NULL, /* expectedDateAscii, */
+ plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(validityDate);
+ PKIX_TEST_DECREF_AC(betweenDate);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Pk11CertStore");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c
new file mode 100644
index 0000000000..89400256d9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c
@@ -0,0 +1,571 @@
+/*
+ * test_socket.c
+ *
+ * Test Socket Type
+ *
+ * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear facility.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+#include "pkix_pl_common.h"
+
+#define LDAP_PORT 389
+
+static void *plContext = NULL;
+
+typedef enum {
+ SERVER_LISTENING,
+ SERVER_RECV1,
+ SERVER_POLL1,
+ SERVER_SEND2,
+ SERVER_POLL2,
+ SERVER_RECV3,
+ SERVER_POLL3,
+ SERVER_SEND4,
+ SERVER_POLL4,
+ SERVER_DONE,
+ SERVER_FAILED
+} SERVER_STATE;
+
+typedef enum {
+ CLIENT_WAITFORCONNECT,
+ CLIENT_SEND1,
+ CLIENT_POLL1,
+ CLIENT_RECV2,
+ CLIENT_POLL2,
+ CLIENT_SEND3,
+ CLIENT_POLL3,
+ CLIENT_RECV4,
+ CLIENT_POLL4,
+ CLIENT_DONE,
+ CLIENT_FAILED
+} CLIENT_STATE;
+
+SERVER_STATE serverState;
+CLIENT_STATE clientState;
+PKIX_PL_Socket *sSock = NULL;
+PKIX_PL_Socket *cSock = NULL;
+PKIX_PL_Socket *rendezvousSock = NULL;
+PKIX_PL_Socket_Callback *sCallbackList;
+PKIX_PL_Socket_Callback *cCallbackList;
+PKIX_PL_Socket_Callback *rvCallbackList;
+PRNetAddr serverNetAddr;
+PRNetAddr clientNetAddr;
+PRIntn backlog = 0;
+PRIntervalTime timeout = 0;
+char *sendBuf1 = "Hello, world!";
+char *sendBuf2 = "Ack";
+char *sendBuf3 = "What do you mean, \"Ack\"?";
+char *sendBuf4 = "What do you mean, \"What do you mean, \'Ack\'?\"?";
+char rcvBuf1[100];
+char rcvBuf2[100];
+
+static void
+printUsage(char *testname)
+{
+ char *fmt = "USAGE: %s [-arenas] server:port\n";
+ printf(fmt, testname);
+}
+
+/* Functional tests for Socket public functions */
+static void
+do_other_work(void)
+{ /* while waiting for nonblocking I/O to complete */
+ (void)PR_Sleep(2 * 60);
+}
+
+static PKIX_Boolean
+server()
+{
+ PKIX_Int32 bytesRead = 0;
+ PKIX_Int32 bytesWritten = 0;
+ PKIX_Boolean keepGoing = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ switch (serverState) {
+ case SERVER_LISTENING:
+ subTest("SERVER_LISTENING");
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback(sSock, &rendezvousSock, plContext));
+ if (rendezvousSock) {
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(rendezvousSock, &rvCallbackList, plContext));
+
+ serverState = SERVER_RECV1;
+ }
+ break;
+ case SERVER_RECV1:
+ subTest("SERVER_RECV1");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+ rcvBuf1,
+ sizeof(rcvBuf1),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf1 = sendBuf1 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+ (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
+ }
+
+ serverState = SERVER_SEND2;
+ keepGoing = PKIX_TRUE;
+ } else {
+ serverState = SERVER_POLL1;
+ }
+ break;
+ case SERVER_POLL1:
+ subTest("SERVER_POLL1");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf1 = sendBuf1 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+ (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
+ }
+
+ serverState = SERVER_SEND2;
+ keepGoing = PKIX_TRUE;
+ }
+ break;
+ case SERVER_SEND2:
+ subTest("SERVER_SEND2");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+ sendBuf2,
+ strlen(sendBuf2) +
+ 1,
+ &bytesWritten,
+ plContext));
+ if (bytesWritten > 0) {
+ serverState = SERVER_RECV3;
+ } else {
+ serverState = SERVER_POLL2;
+ }
+ break;
+ case SERVER_POLL2:
+ subTest("SERVER_POLL2");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ serverState = SERVER_RECV3;
+ }
+ break;
+ case SERVER_RECV3:
+ subTest("SERVER_RECV3");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+ rcvBuf1,
+ sizeof(rcvBuf1),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ serverState = SERVER_SEND4;
+ keepGoing = PKIX_TRUE;
+ } else {
+ serverState = SERVER_POLL3;
+ }
+ break;
+ case SERVER_POLL3:
+ subTest("SERVER_POLL3");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ serverState = SERVER_SEND4;
+ keepGoing = PKIX_TRUE;
+ }
+ break;
+ case SERVER_SEND4:
+ subTest("SERVER_SEND4");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+ sendBuf4,
+ strlen(sendBuf4) +
+ 1,
+ &bytesWritten,
+ plContext));
+
+ if (bytesWritten > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+ PKIX_TEST_DECREF_BC(sSock);
+ PKIX_TEST_DECREF_BC(rendezvousSock);
+ serverState = SERVER_DONE;
+ } else {
+ serverState = SERVER_POLL4;
+ }
+ break;
+ case SERVER_POLL4:
+ subTest("SERVER_POLL4");
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+ PKIX_TEST_DECREF_BC(sSock);
+ PKIX_TEST_DECREF_BC(rendezvousSock);
+ serverState = SERVER_DONE;
+ }
+ break;
+ case SERVER_DONE:
+ default:
+ subTest("SERVER_DONE");
+ break;
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+
+ return (keepGoing);
+}
+
+static PKIX_Boolean
+client()
+{
+ PKIX_Boolean keepGoing = PKIX_FALSE;
+ PKIX_Int32 bytesRead = 0;
+ PKIX_Int32 bytesWritten = 0;
+ PRErrorCode cStat = 0;
+
+ /* At 2 seconds each cycle, this should suffice! */
+ PKIX_UInt32 giveUpCount = 10;
+
+ PKIX_TEST_STD_VARS();
+
+ switch (clientState) {
+ case CLIENT_WAITFORCONNECT:
+ subTest("CLIENT_WAITFORCONNECT");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback(cSock, &cStat, plContext));
+ if (cStat == 0) {
+ clientState = CLIENT_SEND1;
+ keepGoing = PKIX_TRUE;
+ } else {
+ clientState = CLIENT_WAITFORCONNECT;
+ if (--giveUpCount == 0) {
+ testError("Client unable to connect");
+ }
+ }
+ break;
+ case CLIENT_SEND1:
+ subTest("CLIENT_SEND1");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+ sendBuf1,
+ strlen(sendBuf1) +
+ 1,
+ &bytesWritten,
+ plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV2;
+ } else {
+ clientState = CLIENT_POLL1;
+ }
+ break;
+ case CLIENT_POLL1:
+ subTest("CLIENT_POLL1");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV2;
+ } else {
+ clientState = CLIENT_POLL1;
+ }
+ break;
+ case CLIENT_RECV2:
+ subTest("CLIENT_RECV2");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+ rcvBuf2,
+ sizeof(rcvBuf2),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf2 = sendBuf2 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+ (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
+ }
+ clientState = CLIENT_SEND3;
+ keepGoing = PKIX_TRUE;
+ } else {
+ clientState = CLIENT_POLL2;
+ }
+ break;
+ case CLIENT_POLL2:
+ subTest("CLIENT_POLL2");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ /* confirm that rcvBuf2 = sendBuf2 */
+ if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+ (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+ testError("Receive buffer mismatch\n");
+ }
+ clientState = CLIENT_SEND3;
+ } else {
+ clientState = CLIENT_POLL2;
+ }
+ break;
+ case CLIENT_SEND3:
+ subTest("CLIENT_SEND3");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+ sendBuf3,
+ strlen(sendBuf3) +
+ 1,
+ &bytesWritten,
+ plContext));
+
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV4;
+ } else {
+ clientState = CLIENT_POLL3;
+ }
+ break;
+ case CLIENT_POLL3:
+ subTest("CLIENT_POLL3");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+ if (bytesWritten > 0) {
+ clientState = CLIENT_RECV4;
+ } else {
+ clientState = CLIENT_POLL3;
+ }
+ break;
+ case CLIENT_RECV4:
+ subTest("CLIENT_RECV4");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+ rcvBuf2,
+ sizeof(rcvBuf2),
+ &bytesRead,
+ plContext));
+
+ if (bytesRead > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+ PKIX_TEST_DECREF_BC(cSock);
+ clientState = CLIENT_DONE;
+ } else {
+ clientState = CLIENT_POLL4;
+ }
+ break;
+ case CLIENT_POLL4:
+ subTest("CLIENT_POLL4");
+ clientState = CLIENT_FAILED;
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+ if (bytesRead > 0) {
+ PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+ PKIX_TEST_DECREF_BC(cSock);
+ clientState = CLIENT_DONE;
+ } else {
+ clientState = CLIENT_POLL4;
+ }
+ break;
+ case CLIENT_DONE:
+ default:
+ subTest("CLIENT_DONE");
+ break;
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+
+ return (keepGoing);
+}
+
+static void
+dispatcher()
+{
+ PKIX_Boolean keepGoing = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ do {
+ if (serverState < SERVER_DONE) {
+ do {
+ keepGoing = server();
+ } while (keepGoing == PKIX_TRUE);
+ }
+ if (clientState < CLIENT_DONE) {
+ do {
+ keepGoing = client();
+ } while (keepGoing == PKIX_TRUE);
+ }
+ do_other_work();
+
+ } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE));
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_socket(int argc, char *argv[])
+{
+
+ int j = 0;
+ PKIX_UInt32 actualMinorVersion;
+ char buf[PR_NETDB_BUF_SIZE];
+ char *serverName = NULL;
+ char *sepPtr = NULL;
+ PRHostEnt hostent;
+ PRUint16 portNum = 0;
+ PRStatus prstatus = PR_FAILURE;
+ PRErrorCode cStat = 0;
+ void *ipaddr = NULL;
+ PKIX_Error *bindError = NULL;
+ PRIntn hostenum;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Socket");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc != (j + 2)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg = "Missing command line argument.";
+ goto cleanup;
+ }
+
+ serverName = argv[j + 1];
+
+ subTest("Using pkix_pl_Socket_CreateByName");
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
+
+ serverState = SERVER_LISTENING;
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
+
+ if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+ clientState = CLIENT_WAITFORCONNECT;
+ } else {
+ clientState = CLIENT_SEND1;
+ }
+
+ dispatcher();
+
+ subTest("Using pkix_pl_Socket_Create");
+
+ sepPtr = strchr(serverName, ':');
+ /* First strip off the portnum, if present, from the end of the name */
+ if (sepPtr) {
+ *sepPtr++ = '\0';
+ portNum = (PRUint16)atoi(sepPtr);
+ } else {
+ portNum = (PRUint16)LDAP_PORT;
+ }
+ /*
+ * The hostname may be a fully-qualified name. Just
+ * use the leftmost component in our lookup.
+ */
+ sepPtr = strchr(serverName, '.');
+ if (sepPtr) {
+ *sepPtr++ = '\0';
+ }
+ prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent);
+
+ if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+ printUsage(argv[0]);
+ pkixTestErrorMsg =
+ "PR_GetHostByName rejects command line argument.";
+ goto cleanup;
+ }
+
+ serverNetAddr.inet.family = PR_AF_INET;
+ serverNetAddr.inet.port = PR_htons(portNum);
+ serverNetAddr.inet.ip = PR_INADDR_ANY;
+
+ hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr);
+ if (hostenum == -1) {
+ pkixTestErrorMsg =
+ "PR_EnumerateHostEnt failed.";
+ goto cleanup;
+ }
+
+ backlog = 5;
+
+ /* timeout = PR_INTERVAL_NO_TIMEOUT; */
+ /* timeout = 0; nonblocking */
+ timeout = 0;
+
+ bindError = pkix_pl_Socket_Create(PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext);
+
+ /* If PR_Bind can't handle INADDR_ANY, try it with the real name */
+ if (bindError) {
+ PKIX_TEST_DECREF_BC(bindError);
+ serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr);
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_TRUE,
+ timeout,
+ &serverNetAddr,
+ &cStat,
+ &sSock,
+ plContext));
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
+
+ serverState = SERVER_LISTENING;
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
+
+ if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+ clientState = CLIENT_WAITFORCONNECT;
+ } else {
+ clientState = CLIENT_SEND1;
+ }
+
+ dispatcher();
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(sSock);
+ PKIX_TEST_DECREF_AC(cSock);
+ PKIX_TEST_DECREF_AC(rendezvousSock);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Socket");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/Makefile b/security/nss/cmd/libpkix/pkix_pl/pki/Makefile
new file mode 100644
index 0000000000..802e7729d9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn
new file mode 100644
index 0000000000..15fae7bb5f
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn
@@ -0,0 +1,29 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_cert.c \
+ test_crl.c \
+ test_crlentry.c \
+ test_date.c \
+ test_generalname.c \
+ test_nameconstraints.c \
+ test_x500name.c \
+ test_authorityinfoaccess.c \
+ test_subjectinfoaccess.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixtoolpki
+SHARED_LIBRARY = $(NULL)
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
new file mode 100644
index 0000000000..156b440f9c
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
@@ -0,0 +1,105 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_authorityinfoaccess.c
+ *
+ * Test Authority InfoAccess Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+test_authorityinfoaccess(int argc, char *argv[])
+{
+
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_Cert *certDiff = NULL;
+ PKIX_List *aiaList = NULL;
+ PKIX_List *siaList = NULL;
+ PKIX_PL_InfoAccess *aia = NULL;
+ PKIX_PL_InfoAccess *aiaDup = NULL;
+ PKIX_PL_InfoAccess *aiaDiff = NULL;
+ char *certPathName = NULL;
+ char *dirName = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 size, i;
+ PKIX_UInt32 j = 0;
+ char *expectedAscii = "[method:caIssuers, location:ldap:"
+ "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1,"
+ "o=Test%20Certificates,c=US?cACertificate;binary,"
+ "crossCertificatePair;binary]";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("AuthorityInfoAccess");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 5 + j) {
+ printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+ }
+
+ dirName = argv[2 + j];
+ certPathName = argv[3 + j];
+
+ subTest("Creating Cert with Authority Info Access");
+ cert = createCert(dirName, certPathName, plContext);
+
+ certPathName = argv[4 + j];
+
+ subTest("Creating Cert with Subject Info Access");
+ certDiff = createCert(dirName, certPathName, plContext);
+
+ subTest("Getting Authority Info Access");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(cert, &aiaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aiaDup, plContext));
+
+ subTest("Getting Subject Info Access as difference comparison");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(certDiff, &siaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&aiaDiff, plContext));
+
+ subTest("Checking: Equal, Hash and ToString");
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(aia);
+ PKIX_TEST_DECREF_AC(aiaDup);
+ PKIX_TEST_DECREF_AC(aiaDiff);
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(siaList);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certDiff);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Authorityinfoaccess");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c
new file mode 100644
index 0000000000..274f818ab3
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c
@@ -0,0 +1,2088 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_cert.c
+ *
+ * Test Cert Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_Cert *altNameNoneCert = NULL;
+static PKIX_PL_Cert *altNameOtherCert = NULL;
+static PKIX_PL_Cert *altNameOtherCert_diff = NULL;
+static PKIX_PL_Cert *altNameRfc822Cert = NULL;
+static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL;
+static PKIX_PL_Cert *altNameDnsCert = NULL;
+static PKIX_PL_Cert *altNameDnsCert_diff = NULL;
+static PKIX_PL_Cert *altNameX400Cert = NULL;
+static PKIX_PL_Cert *altNameX400Cert_diff = NULL;
+static PKIX_PL_Cert *altNameDnCert = NULL;
+static PKIX_PL_Cert *altNameDnCert_diff = NULL;
+static PKIX_PL_Cert *altNameEdiCert = NULL;
+static PKIX_PL_Cert *altNameEdiCert_diff = NULL;
+static PKIX_PL_Cert *altNameUriCert = NULL;
+static PKIX_PL_Cert *altNameUriCert_diff = NULL;
+static PKIX_PL_Cert *altNameIpCert = NULL;
+static PKIX_PL_Cert *altNameIpCert_diff = NULL;
+static PKIX_PL_Cert *altNameOidCert = NULL;
+static PKIX_PL_Cert *altNameOidCert_diff = NULL;
+static PKIX_PL_Cert *altNameMultipleCert = NULL;
+
+static void *plContext = NULL;
+
+static void
+createCerts(
+ char *dataCentralDir,
+ char *goodInput,
+ char *diffInput,
+ PKIX_PL_Cert **goodObject,
+ PKIX_PL_Cert **equalObject,
+ PKIX_PL_Cert **diffObject)
+{
+ subTest("PKIX_PL_Cert_Create <goodObject>");
+ *goodObject = createCert(dataCentralDir, goodInput, plContext);
+
+ subTest("PKIX_PL_Cert_Create <equalObject>");
+ *equalObject = createCert(dataCentralDir, goodInput, plContext);
+
+ subTest("PKIX_PL_Cert_Create <diffObject>");
+ *diffObject = createCert(dataCentralDir, diffInput, plContext);
+}
+
+static void
+createCertsWithSubjectAltNames(char *dataCentralDir)
+{
+ subTest("PKIX_PL_Cert_Create <altNameDNS>");
+ altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameDNS_diff>");
+ altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameRFC822>");
+ altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>");
+ altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameX400Cert>");
+ altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameX400_diff>");
+ altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameDN>");
+ altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameDN_diff>");
+ altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameEdiCert>");
+ altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameEdi_diff>");
+ altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameURI>");
+ altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameURI_diff>");
+ altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameIP>");
+ altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameIP_diff>");
+ altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameOID>");
+ altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameOID_diff>");
+ altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameOther>");
+ altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameOther_diff>");
+ altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameNone>");
+ altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <altNameMultiple>");
+ altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext);
+}
+
+static void
+testGetVersion(
+ PKIX_PL_Cert *goodObject)
+{
+ PKIX_UInt32 goodVersion;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetVersion");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext));
+
+ if (goodVersion != 2) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", goodVersion);
+ (void)printf("Expected value:\t2\n");
+ goto cleanup;
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetSerialNumber(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
+{
+ PKIX_PL_BigInt *goodSN = NULL;
+ PKIX_PL_BigInt *equalSN = NULL;
+ PKIX_PL_BigInt *diffSN = NULL;
+ char *expectedAscii = "37bc66ec";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetSerialNumber");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodSN);
+ PKIX_TEST_DECREF_AC(equalSN);
+ PKIX_TEST_DECREF_AC(diffSN);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubject(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
+{
+ PKIX_PL_X500Name *goodSubject = NULL;
+ PKIX_PL_X500Name *equalSubject = NULL;
+ PKIX_PL_X500Name *diffSubject = NULL;
+ char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetSubject");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext));
+
+ if (!goodSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext));
+
+ if (!equalSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext));
+
+ if (!diffSubject) {
+ testError("Certificate Subject should not be NULL");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject,
+ equalSubject,
+ diffSubject,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodSubject);
+ PKIX_TEST_DECREF_AC(equalSubject);
+ PKIX_TEST_DECREF_AC(diffSubject);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetIssuer(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
+{
+ PKIX_PL_X500Name *goodIssuer = NULL;
+ PKIX_PL_X500Name *equalIssuer = NULL;
+ PKIX_PL_X500Name *diffIssuer = NULL;
+ char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetIssuer");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+ equalIssuer,
+ diffIssuer,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodIssuer);
+ PKIX_TEST_DECREF_AC(equalIssuer);
+ PKIX_TEST_DECREF_AC(diffIssuer);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAltNames(
+ PKIX_PL_Cert *goodCert,
+ PKIX_PL_Cert *diffCert,
+ char *expectedAscii)
+{
+ PKIX_List *goodAltNames = NULL;
+ PKIX_List *diffAltNames = NULL;
+ PKIX_PL_GeneralName *goodAltName = NULL;
+ PKIX_PL_GeneralName *diffAltName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames,
+ 0,
+ (PKIX_PL_Object **)&goodAltName,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames,
+ 0,
+ (PKIX_PL_Object **)&diffAltName,
+ plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName,
+ expectedAscii, GeneralName, PKIX_TRUE);
+
+cleanup:
+ PKIX_TEST_DECREF_AC(goodAltNames);
+ PKIX_TEST_DECREF_AC(goodAltName);
+ PKIX_TEST_DECREF_AC(diffAltNames);
+ PKIX_TEST_DECREF_AC(diffAltName);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAltNamesNone(PKIX_PL_Cert *cert)
+{
+
+ PKIX_List *altNames = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext));
+
+ if (altNames != NULL) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%p\n", (void *)altNames);
+ (void)printf("Expected value:\tNULL\n");
+ goto cleanup;
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(altNames);
+ PKIX_TEST_RETURN();
+}
+static void
+testAltNamesMultiple()
+{
+ PKIX_List *altNames = NULL;
+ PKIX_PL_GeneralName *firstAltName = NULL;
+ PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME;
+ PKIX_PL_GeneralName *secondAltName = NULL;
+ PKIX_Int32 secondExpectedType = PKIX_DNS_NAME;
+
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 2d\n"
+ "\tIssuer: OU=labs,O=sun,C=us\n"
+ "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n"
+ "\tValidity: [From: Mon Feb 09, 2004\n"
+ /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */
+ "\t To: Mon Feb 09, 2004]\n"
+ /* "\t To: Mon Feb 09 14:43:52 2004]\n" */
+ "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: (null)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "\tAuthorityInfoAccess: (null)\n"
+ "\tSubjectInfoAccess: (null)\n"
+ "\tCacheFlag: 0\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ testToStringHelper((PKIX_PL_Object *)altNameMultipleCert,
+ expectedAscii,
+ plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext));
+
+ if (firstAltName->type != firstExpectedType) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", firstAltName->type);
+ (void)printf("Expected value:\t%d\n", firstExpectedType);
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext));
+
+ if (secondAltName->type != secondExpectedType) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", secondAltName->type);
+ (void)printf("Expected value:\t%d\n", secondExpectedType);
+ goto cleanup;
+ }
+
+cleanup:
+ PKIX_TEST_DECREF_AC(altNames);
+ PKIX_TEST_DECREF_AC(firstAltName);
+ PKIX_TEST_DECREF_AC(secondAltName);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubjectAltNames(char *dataCentralDir)
+{
+
+ char *expectedAscii = NULL;
+
+ createCertsWithSubjectAltNames(dataCentralDir);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>");
+ expectedAscii = "east.sun.com";
+ testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>");
+ expectedAscii = "alice.barnes@bcn.east.sun.com";
+ testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii);
+
+ /*
+ *this should work once bugzilla bug #233586 is fixed.
+ *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>");
+ *expectedAscii = "X400Address: <DER-encoded value>";
+ *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii);
+ */
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>");
+ expectedAscii = "CN=elley,OU=labs,O=sun,C=us";
+ testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii);
+
+ /*
+ * this should work once bugzilla bug #233586 is fixed.
+ * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>");
+ * expectedAscii = "EDIPartyName: <DER-encoded value>";
+ * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii);
+ */
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>");
+ expectedAscii = "http://www.sun.com";
+ testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>");
+ expectedAscii = "1.2.3.4";
+ testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>");
+ expectedAscii = "1.2.39";
+ testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>");
+ expectedAscii = "1.7.26.97";
+ testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <none>");
+ testAltNamesNone(altNameNoneCert);
+
+ subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>");
+ testAltNamesMultiple();
+}
+
+static void
+testGetSubjectPublicKey(
+ PKIX_PL_Cert *goodObject,
+ PKIX_PL_Cert *equalObject,
+ PKIX_PL_Cert *diffObject)
+{
+ PKIX_PL_PublicKey *goodPubKey = NULL;
+ PKIX_PL_PublicKey *equalPubKey = NULL;
+ PKIX_PL_PublicKey *diffPubKey = NULL;
+ char *expectedAscii = "ANSI X9.57 DSA Signature";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey,
+ expectedAscii, PublicKey, PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodPubKey);
+ PKIX_TEST_DECREF_AC(equalPubKey);
+ PKIX_TEST_DECREF_AC(diffPubKey);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject)
+{
+ PKIX_PL_OID *pkixPubKeyOID = NULL;
+ char *expectedAscii = "1.2.840.10040.4.1";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext));
+
+ testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(pkixPubKeyOID);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsPresent(PKIX_PL_Cert *cert)
+{
+ PKIX_List *critOIDList = NULL;
+ char *firstOIDAscii = "2.5.29.15";
+ PKIX_PL_OID *firstOID = NULL;
+ char *secondOIDAscii = "2.5.29.19";
+ PKIX_PL_OID *secondOID = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext));
+ testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext));
+
+ testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(critOIDList);
+ PKIX_TEST_DECREF_AC(firstOID);
+ PKIX_TEST_DECREF_AC(secondOID);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_Cert *cert)
+{
+ PKIX_List *oidList = NULL;
+ PKIX_Boolean empty;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
+
+ if (!empty) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAllExtensionsAbsent(char *dataCentralDir)
+{
+ PKIX_List *oidList = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_Boolean empty;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <noExtensionsCert>");
+ cert = createCert(dataCentralDir, "noExtensionsCert", plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
+
+ if (!empty) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+cleanup:
+ PKIX_TEST_DECREF_AC(oidList);
+ PKIX_TEST_DECREF_AC(cert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject)
+{
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<CritExtensionsPresent>");
+ testCritExtensionsPresent(goodObject);
+
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<CritExtensionsAbsent>");
+ testCritExtensionsAbsent(altNameOidCert);
+
+ subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+ "<AllExtensionsAbsent>");
+ testAllExtensionsAbsent(dataCentralDir);
+}
+
+static void
+testKeyIdentifiersMatching(char *dataCentralDir)
+{
+ PKIX_PL_Cert *subjKeyIDCert = NULL;
+ PKIX_PL_Cert *authKeyIDCert = NULL;
+ PKIX_PL_ByteArray *subjKeyID = NULL;
+ PKIX_PL_ByteArray *authKeyID = NULL;
+ PKIX_PL_ByteArray *subjKeyID_diff = NULL;
+
+ char *expectedAscii =
+ "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225,"
+ " 139, 009, 126, 127, 234, 025, 072, 078, 097]";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <subjKeyIDCert>");
+ subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <authKeyIDCert>");
+ authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext));
+
+ subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext));
+
+ subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID,
+ authKeyID,
+ subjKeyID_diff,
+ expectedAscii,
+ ByteArray,
+ PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(subjKeyIDCert);
+ PKIX_TEST_DECREF_AC(authKeyIDCert);
+ PKIX_TEST_DECREF_AC(subjKeyID);
+ PKIX_TEST_DECREF_AC(authKeyID);
+ PKIX_TEST_DECREF_AC(subjKeyID_diff);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testKeyIdentifierAbsent(PKIX_PL_Cert *cert)
+{
+ PKIX_PL_ByteArray *subjKeyID = NULL;
+ PKIX_PL_ByteArray *authKeyID = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext));
+
+ if (subjKeyID != NULL) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext));
+
+ if (authKeyID != NULL) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(subjKeyID);
+ PKIX_TEST_DECREF_AC(authKeyID);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject)
+{
+ testKeyIdentifiersMatching(dataCentralDir);
+ testKeyIdentifierAbsent(goodObject);
+}
+
+static void
+testVerifyKeyUsage(
+ char *dataCentralDir,
+ char *dataDir,
+ PKIX_PL_Cert *multiKeyUsagesCert)
+{
+ PKIX_PL_Cert *encipherOnlyCert = NULL;
+ PKIX_PL_Cert *decipherOnlyCert = NULL;
+ PKIX_PL_Cert *noKeyUsagesCert = NULL;
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <encipherOnlyCert>");
+ encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <decipherOnlyCert>");
+ decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>");
+ noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext);
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert,
+ PKIX_KEY_CERT_SIGN |
+ PKIX_DIGITAL_SIGNATURE,
+ plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext));
+
+ subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext));
+
+cleanup:
+ PKIX_TEST_DECREF_AC(encipherOnlyCert);
+ PKIX_TEST_DECREF_AC(decipherOnlyCert);
+ PKIX_TEST_DECREF_AC(noKeyUsagesCert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetExtendedKeyUsage(char *dataCentralDir)
+{
+
+ PKIX_PL_Cert *codeSigningEKUCert = NULL;
+ PKIX_PL_Cert *multiEKUCert = NULL;
+ PKIX_PL_Cert *noEKUCert = NULL;
+ PKIX_List *firstExtKeyUsage = NULL;
+ PKIX_List *secondExtKeyUsage = NULL;
+ PKIX_List *thirdExtKeyUsage = NULL;
+ PKIX_PL_OID *firstOID = NULL;
+ char *oidAscii = "1.3.6.1.5.5.7.3.3";
+ PKIX_PL_OID *secondOID = NULL;
+ char *secondOIDAscii = "1.3.6.1.5.5.7.3.1";
+ PKIX_PL_OID *thirdOID = NULL;
+ char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2";
+ PKIX_PL_OID *fourthOID = NULL;
+ PKIX_UInt32 length = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>");
+ codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <multiEKUCert>");
+ multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_Create <noEKUCert>");
+ noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext));
+ testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext));
+
+ if (length != 3) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", length);
+ (void)printf("Expected value:\t3\n");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 0,
+ (PKIX_PL_Object **)&secondOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 1,
+ (PKIX_PL_Object **)&thirdOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+ 2,
+ (PKIX_PL_Object **)&fourthOID,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext);
+
+ subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext));
+
+ if (thirdExtKeyUsage != NULL) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage);
+ (void)printf("Expected value:\tNULL\n");
+ goto cleanup;
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(firstOID);
+ PKIX_TEST_DECREF_AC(secondOID);
+ PKIX_TEST_DECREF_AC(thirdOID);
+ PKIX_TEST_DECREF_AC(fourthOID);
+
+ PKIX_TEST_DECREF_AC(firstExtKeyUsage);
+ PKIX_TEST_DECREF_AC(secondExtKeyUsage);
+ PKIX_TEST_DECREF_AC(thirdExtKeyUsage);
+
+ PKIX_TEST_DECREF_AC(codeSigningEKUCert);
+ PKIX_TEST_DECREF_AC(multiEKUCert);
+ PKIX_TEST_DECREF_AC(noEKUCert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testMakeInheritedDSAPublicKey(char *dataCentralDir)
+{
+ PKIX_PL_PublicKey *firstKey = NULL;
+ PKIX_PL_PublicKey *secondKey = NULL;
+ PKIX_PL_PublicKey *resultKeyPositive = NULL;
+ PKIX_PL_PublicKey *resultKeyNegative = NULL;
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <dsaWithoutParams>");
+ firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext);
+
+ subTest("PKIX_PL_Cert_Create <dsaWithParams>");
+ secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext));
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext));
+
+ subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext));
+
+ if (resultKeyPositive == NULL) {
+ testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed");
+ }
+
+ subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+
+ PKIX_TEST_DECREF_AC(firstKey);
+ PKIX_TEST_DECREF_AC(secondKey);
+ PKIX_TEST_DECREF_AC(resultKeyPositive);
+ PKIX_TEST_DECREF_AC(resultKeyNegative);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testVerifySignature(char *dataCentralDir)
+{
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_PublicKey *firstPubKey = NULL;
+ PKIX_PL_PublicKey *secondPubKey = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <labs2yassir>");
+ firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext);
+
+ subTest("PKIX_PL_Cert_Create <yassir2labs>");
+ secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
+
+ subTest("PKIX_PL_Cert_VerifySignature <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext));
+
+ subTest("PKIX_PL_Cert_VerifySignature <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstPubKey);
+ PKIX_TEST_DECREF_AC(secondPubKey);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCheckValidity(
+ PKIX_PL_Cert *olderCert,
+ PKIX_PL_Cert *newerCert)
+{
+ /*
+ * olderCert has the following Validity:
+ * notBefore = August 19, 1999: 20:19:56 GMT
+ * notAfter = August 18, 2000: 20:19:56 GMT
+ *
+ * newerCert has the following Validity:
+ * notBefore = November 13, 2003: 16:46:03 GMT
+ * notAfter = February 13, 2009: 16:46:03 GMT
+ */
+
+ /* olderDateAscii = March 29, 2000: 13:48:47 GMT */
+ char *olderAscii = "000329134847Z";
+ PKIX_PL_String *olderString = NULL;
+ PKIX_PL_Date *olderDate = NULL;
+
+ /* newerDateAscii = March 29, 2004: 13:48:47 GMT */
+ char *newerAscii = "040329134847Z";
+ PKIX_PL_String *newerString = NULL;
+ PKIX_PL_Date *newerDate = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_CheckValidity <creating Dates>");
+
+ /* create newer date when newer cert is valid but older cert is not */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext));
+
+ /* create older date when older cert is valid but newer cert is not */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext));
+
+ /* check validity of both certificates using olderDate */
+ subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext));
+
+ subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext));
+
+ /* check validity of both certificates using newerDate */
+ subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext));
+
+ subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext));
+
+ /*
+ * check validity of both certificates using current time
+ * NOTE: these "now" tests will not work when the current
+ * time is after newerCert.notAfter (~ February 13, 2009)
+ */
+ subTest("PKIX_PL_Cert_CheckValidity <now:positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext));
+
+ subTest("PKIX_PL_Cert_CheckValidity <now:negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext));
+
+cleanup:
+ PKIX_TEST_DECREF_AC(olderString);
+ PKIX_TEST_DECREF_AC(newerString);
+ PKIX_TEST_DECREF_AC(olderDate);
+ PKIX_TEST_DECREF_AC(newerDate);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+readCertBasicConstraints(
+ char *dataDir,
+ char *goodCertName,
+ char *diffCertName,
+ PKIX_PL_CertBasicConstraints **goodBasicConstraints,
+ PKIX_PL_CertBasicConstraints **equalBasicConstraints,
+ PKIX_PL_CertBasicConstraints **diffBasicConstraints)
+{
+
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ createCerts(dataDir, goodCertName, diffCertName,
+ &goodCert, &equalCert, &diffCert);
+ /*
+ * Warning: pointer will be NULL if BasicConstraints
+ * extension is not present in the certificate. */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraintsHelper(
+ char *dataDir,
+ char *goodCertName,
+ char *diffCertName,
+ char *expectedAscii)
+{
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ readCertBasicConstraints(dataDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
+
+ /*
+ * The standard test macro is applicable only
+ * if BasicConstraint extension is present
+ * in the certificate. Otherwise some
+ * pointers will be null.
+ */
+ if ((goodBasicConstraints) &&
+ (equalBasicConstraints) &&
+ (diffBasicConstraints)) {
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints,
+ equalBasicConstraints,
+ diffBasicConstraints,
+ expectedAscii,
+ BasicConstraints,
+ PKIX_TRUE);
+ } else {
+ /* Test what we can */
+ if (goodBasicConstraints) {
+ if (!equalBasicConstraints) {
+ testError("Unexpected NULL value of equalBasicConstraints");
+ goto cleanup;
+ }
+ subTest("PKIX_PL_BasicConstraints_Equals <match>");
+ testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(equalBasicConstraints),
+ PKIX_TRUE,
+ plContext);
+ subTest("PKIX_PL_BasicConstraints_Hashcode <match>");
+ testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(equalBasicConstraints),
+ PKIX_TRUE,
+ plContext);
+ if (diffBasicConstraints) {
+ subTest("PKIX_PL_BasicConstraints_Equals <non-match>");
+ testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(diffBasicConstraints),
+ PKIX_FALSE,
+ plContext);
+ subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>");
+ testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ (PKIX_PL_Object *)(diffBasicConstraints),
+ PKIX_FALSE,
+ plContext);
+ }
+ subTest("PKIX_PL_BasicConstraints_Duplicate");
+ testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext);
+ }
+ if (expectedAscii) {
+ subTest("PKIX_PL_BasicConstraints_ToString");
+ testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints),
+ expectedAscii,
+ plContext);
+ }
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraints_GetCAFlag(char *dataCentralDir)
+{
+ /*
+ * XXX When we have a certificate with a non-null Basic
+ * Constraints field and a value of FALSE for CAFlag,
+ * this test should be modified to use that
+ * certificate for diffCertName, and to verify that
+ * GetCAFlag returns a FALSE value. But our certificates for
+ * non-CAs are created with no BasicConstraints extension.
+ */
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ char *goodCertName = "yassir2yassir";
+ char *diffCertName = "nss2alice";
+ PKIX_Boolean goodCAFlag = PKIX_FALSE;
+ PKIX_Boolean diffCAFlag = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_BasicConstraints_GetCAFlag");
+
+ readCertBasicConstraints(dataCentralDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext));
+ if (!goodCAFlag) {
+ testError("BasicConstraint CAFlag unexpectedly FALSE");
+ goto cleanup;
+ }
+
+ if (diffBasicConstraints) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext));
+ if (diffCAFlag) {
+ testError("BasicConstraint CAFlag unexpectedly TRUE");
+ goto cleanup;
+ }
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraints_GetPathLenConstraint(char *dataCentralDir)
+{
+ PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+ PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+ char *goodCertName = "yassir2yassir";
+ char *diffCertName = "sun2sun";
+ PKIX_Int32 goodPathLen = 0;
+ PKIX_Int32 diffPathLen = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint");
+
+ readCertBasicConstraints(dataCentralDir,
+ goodCertName,
+ diffCertName,
+ &goodBasicConstraints,
+ &equalBasicConstraints,
+ &diffBasicConstraints);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext));
+ if (0 != goodPathLen) {
+ testError("unexpected basicConstraint pathLen");
+ (void)printf("Actual value:\t%d\n", goodPathLen);
+ (void)printf("Expected value:\t0\n");
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext));
+ if (1 != diffPathLen) {
+ testError("unexpected basicConstraint pathLen");
+ (void)printf("Actual value:\t%d\n", diffPathLen);
+ (void)printf("Expected value:\t1\n");
+ goto cleanup;
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodBasicConstraints);
+ PKIX_TEST_DECREF_AC(equalBasicConstraints);
+ PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetBasicConstraints(char *dataCentralDir)
+{
+ char *goodCertName = NULL;
+ char *diffCertName = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>");
+ goodCertName = "yassir2yassir";
+ diffCertName = "nss2alice";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>");
+ goodCertName = "nss2alice";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL);
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>");
+ goodCertName = "yassir2bcn";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+ subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>");
+ goodCertName = "anchor2dsa";
+ diffCertName = "sun2sun";
+ testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)");
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetPolicyInformation(char *dataDir)
+{
+
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest17EE.crt";
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_Cert_GetPolicyInformation");
+
+ /*
+ * Get the cert, then the list of policyInfos.
+ * Take the first policyInfo from the list.
+ */
+
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy,
+ equalPolicy,
+ diffPolicy,
+ NULL,
+ CertPolicyInfo,
+ PKIX_FALSE);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext));
+
+ if (isImmutable != PKIX_TRUE) {
+ testError("PolicyInfo List is not immutable");
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicy_GetPolicyId(char *dataDir)
+{
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest17EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_PL_OID *goodID = NULL;
+ PKIX_PL_OID *equalID = NULL;
+ PKIX_PL_OID *diffID = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertPolicyInfo_GetPolicyId");
+
+ /*
+ * Get the cert, then the list of policyInfos.
+ * Take the first policyInfo from the list.
+ * Finally, get the policyInfo's ID.
+ */
+
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodID);
+ PKIX_TEST_DECREF_AC(equalID);
+ PKIX_TEST_DECREF_AC(diffID);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicy_GetPolQualifiers(char *dataDir)
+{
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest18EE.crt";
+ PKIX_Boolean isImmutable = PKIX_FALSE;
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers");
+
+ /*
+ * Get the cert, then the list of policyInfos.
+ * Take the first policyInfo from the list.
+ * Get its list of PolicyQualifiers.
+ */
+
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals,
+ equalQuals,
+ diffQuals,
+ NULL,
+ List,
+ PKIX_FALSE);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext));
+
+ if (isImmutable != PKIX_TRUE) {
+ testError("PolicyQualifier List is not immutable");
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(diffQuals);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testPolicyQualifier_GetQualifier(char *dataDir)
+{
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "UserNoticeQualifierTest18EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+ PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+ PKIX_PL_ByteArray *goodArray = NULL;
+ PKIX_PL_ByteArray *equalArray = NULL;
+ PKIX_PL_ByteArray *diffArray = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_PolicyQualifier_GetQualifier");
+
+ /*
+ * Get the cert, then the list of policyInfos.
+ * Take the first policyInfo from the list.
+ * Get its list of PolicyQualifiers.
+ * Take the first policyQualifier from the list.
+ * Finally, get the policyQualifier's ByteArray.
+ */
+
+ /* Get the PolicyInfo objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+ 0,
+ (PKIX_PL_Object **)&goodPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+ 0,
+ (PKIX_PL_Object **)&equalPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+ 0,
+ (PKIX_PL_Object **)&diffPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodArray);
+ PKIX_TEST_DECREF_AC(equalArray);
+ PKIX_TEST_DECREF_AC(diffArray);
+ PKIX_TEST_DECREF_AC(goodPolQualifier);
+ PKIX_TEST_DECREF_AC(equalPolQualifier);
+ PKIX_TEST_DECREF_AC(diffPolQualifier);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(diffQuals);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testPolicyQualifier_GetPolicyQualifierId(char *dataDir)
+{
+ char *goodCertName =
+ "UserNoticeQualifierTest15EE.crt";
+ char *equalCertName =
+ "UserNoticeQualifierTest16EE.crt";
+ char *diffCertName =
+ "CPSPointerQualifierTest20EE.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_Cert *equalCert = NULL;
+ PKIX_PL_Cert *diffCert = NULL;
+ PKIX_List *goodPolicyInfo = NULL;
+ PKIX_List *equalPolicyInfo = NULL;
+ PKIX_List *diffPolicyInfo = NULL;
+ PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+ PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+ PKIX_List *goodQuals = NULL;
+ PKIX_List *equalQuals = NULL;
+ PKIX_List *diffQuals = NULL;
+ PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+ PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+ PKIX_PL_OID *goodID = NULL;
+ PKIX_PL_OID *equalID = NULL;
+ PKIX_PL_OID *diffID = NULL;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
+
+ /*
+ * Get the cert, then the list of policyInfos.
+ * Take the first policyInfo from the list.
+ * Get its list of PolicyQualifiers.
+ * Take the first policyQualifier from the list.
+ * Finally, get the policyQualifier's ID.
+ */
+
+ /* Get the PolicyQualifier objects */
+ goodCert = createCert(dataDir, goodCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+ 0,
+ (PKIX_PL_Object **)&goodPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext));
+
+ equalCert = createCert(dataDir, equalCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+ 0,
+ (PKIX_PL_Object **)&equalPolicy,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+ 0,
+ (PKIX_PL_Object **)&equalPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext));
+
+ diffCert = createCert(dataDir, diffCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+ 0,
+ (PKIX_PL_Object **)&diffPolQualifier,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodID);
+ PKIX_TEST_DECREF_AC(equalID);
+ PKIX_TEST_DECREF_AC(diffID);
+ PKIX_TEST_DECREF_AC(goodPolQualifier);
+ PKIX_TEST_DECREF_AC(equalPolQualifier);
+ PKIX_TEST_DECREF_AC(diffPolQualifier);
+ PKIX_TEST_DECREF_AC(goodQuals);
+ PKIX_TEST_DECREF_AC(equalQuals);
+ PKIX_TEST_DECREF_AC(diffQuals);
+ PKIX_TEST_DECREF_AC(goodPolicy);
+ PKIX_TEST_DECREF_AC(equalPolicy);
+ PKIX_TEST_DECREF_AC(diffPolicy);
+ PKIX_TEST_DECREF_AC(goodPolicyInfo);
+ PKIX_TEST_DECREF_AC(equalPolicyInfo);
+ PKIX_TEST_DECREF_AC(diffPolicyInfo);
+ PKIX_TEST_DECREF_AC(goodCert);
+ PKIX_TEST_DECREF_AC(equalCert);
+ PKIX_TEST_DECREF_AC(diffCert);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir)
+{
+
+ char *trueCertName = "CertificatePoliciesCritical.crt";
+ char *falseCertName = "UserNoticeQualifierTest15EE.crt";
+ PKIX_PL_Cert *trueCert = NULL;
+ PKIX_PL_Cert *falseCert = NULL;
+ PKIX_Boolean trueVal = PKIX_FALSE;
+ PKIX_Boolean falseVal = PKIX_FALSE;
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>");
+
+ trueCert = createCert(dataCentralDir, trueCertName, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext));
+
+ if (trueVal != PKIX_TRUE) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", trueVal);
+ (void)printf("Expected value:\t1\n");
+ goto cleanup;
+ }
+
+ subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>");
+
+ falseCert = createCert(dataDir, falseCertName, plContext);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext));
+
+ if (falseVal != PKIX_FALSE) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", falseVal);
+ (void)printf("Expected value:\t0\n");
+ goto cleanup;
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(trueCert);
+ PKIX_TEST_DECREF_AC(falseCert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicyConstraints(char *dataDir)
+{
+ char *requireExplicitPolicy2CertName =
+ "requireExplicitPolicy2CACert.crt";
+ char *inhibitPolicyMapping5CertName =
+ "inhibitPolicyMapping5CACert.crt";
+ char *inhibitAnyPolicy5CertName =
+ "inhibitAnyPolicy5CACert.crt";
+ char *inhibitAnyPolicy0CertName =
+ "inhibitAnyPolicy0CACert.crt";
+ PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL;
+ PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL;
+ PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL;
+ PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL;
+ PKIX_Int32 skipCerts = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetRequireExplicitPolicy");
+ requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 2);
+
+ subTest("PKIX_PL_Cert_GetPolicyMappingInhibited");
+ inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 5);
+
+ subTest("PKIX_PL_Cert_GetInhibitAnyPolicy");
+ inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 5);
+
+ inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL));
+ PR_ASSERT(skipCerts == 0);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert);
+ PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert);
+ PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert);
+ PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicyMaps(char *dataDir)
+{
+ char *policyMappingsCertName =
+ "P1Mapping1to234CACert.crt";
+ char *expectedAscii =
+ "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2";
+
+ PKIX_PL_Cert *policyMappingsCert = NULL;
+ PKIX_List *mappings = NULL;
+ PKIX_PL_CertPolicyMap *goodMap = NULL;
+ PKIX_PL_CertPolicyMap *equalMap = NULL;
+ PKIX_PL_CertPolicyMap *diffMap = NULL;
+ PKIX_PL_OID *goodOID = NULL;
+ PKIX_PL_OID *equalOID = NULL;
+ PKIX_PL_OID *diffOID = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_GetPolicyMappings");
+
+ policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap,
+ equalMap,
+ diffMap,
+ expectedAscii,
+ CertPolicyMap,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL));
+ subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID,
+ equalOID,
+ diffOID,
+ "2.16.840.1.101.3.2.1.48.1",
+ OID,
+ PKIX_FALSE);
+
+ subTest("pkix_pl_CertPolicyMap_Destroy");
+ PKIX_TEST_DECREF_BC(goodMap);
+ PKIX_TEST_DECREF_BC(equalMap);
+ PKIX_TEST_DECREF_BC(diffMap);
+
+cleanup:
+ PKIX_TEST_DECREF_AC(policyMappingsCert);
+ PKIX_TEST_DECREF_AC(mappings);
+ PKIX_TEST_DECREF_AC(goodOID);
+ PKIX_TEST_DECREF_AC(equalOID);
+ PKIX_TEST_DECREF_AC(diffOID);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testNameConstraints(char *dataDir)
+{
+ char *firstPname = "nameConstraintsDN3subCA2Cert.crt";
+ char *secondPname = "nameConstraintsDN4CACert.crt";
+ char *thirdPname = "nameConstraintsDN5CACert.crt";
+ char *lastPname = "InvalidDNnameConstraintsTest3EE.crt";
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_Cert *thirdCert = NULL;
+ PKIX_PL_Cert *lastCert = NULL;
+ PKIX_PL_CertNameConstraints *firstNC = NULL;
+ PKIX_PL_CertNameConstraints *secondNC = NULL;
+ PKIX_PL_CertNameConstraints *thirdNC = NULL;
+ PKIX_PL_CertNameConstraints *firstMergedNC = NULL;
+ PKIX_PL_CertNameConstraints *secondMergedNC = NULL;
+ char *firstExpectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates,"
+ "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n"
+ "\t]\n";
+ char *secondExpectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (O=Test Certificates,C=US, "
+ "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,"
+ "O=Test Certificates,"
+ "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, "
+ "OU=excludedSubtree1,OU=permittedSubtree1,"
+ "O=Test Certificates,C=US)\n"
+ "\t]\n";
+
+ PKIX_TEST_STD_VARS();
+ subTest("PKIX_PL_CertNameConstraints");
+
+ firstCert = createCert(dataDir, firstPname, plContext);
+ secondCert = createCert(dataDir, secondPname, plContext);
+ thirdCert = createCert(dataDir, thirdPname, plContext);
+ lastCert = createCert(dataDir, lastPname, plContext);
+
+ subTest("PKIX_PL_Cert_GetNameConstraints <total=3>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL));
+
+ subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL));
+
+ testToStringHelper((PKIX_PL_Object *)firstMergedNC,
+ firstExpectedAscii,
+ plContext);
+
+ testToStringHelper((PKIX_PL_Object *)secondMergedNC,
+ secondExpectedAscii,
+ plContext);
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>");
+
+ /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>");
+
+ /*
+ * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
+ * OU=permittedSubtree1,O=Test Certificates,C=US
+ */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+
+ /*
+ * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
+ * OU=permittedSubtree1,O=Test Certificates,C=US
+ * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate
+ * Test3,OU=excludedSubtree1,O=Test Certificates,C=US
+ */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL));
+
+ subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(thirdCert);
+ PKIX_TEST_DECREF_AC(lastCert);
+ PKIX_TEST_DECREF_AC(firstNC);
+ PKIX_TEST_DECREF_AC(secondNC);
+ PKIX_TEST_DECREF_AC(thirdNC);
+ PKIX_TEST_DECREF_AC(firstMergedNC);
+ PKIX_TEST_DECREF_AC(secondMergedNC);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Destroy");
+
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+
+ PKIX_TEST_DECREF_BC(altNameNoneCert);
+ PKIX_TEST_DECREF_BC(altNameOtherCert);
+ PKIX_TEST_DECREF_BC(altNameOtherCert_diff);
+ PKIX_TEST_DECREF_BC(altNameRfc822Cert);
+ PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff);
+ PKIX_TEST_DECREF_BC(altNameDnsCert);
+ PKIX_TEST_DECREF_BC(altNameDnsCert_diff);
+ PKIX_TEST_DECREF_BC(altNameX400Cert);
+ PKIX_TEST_DECREF_BC(altNameX400Cert_diff);
+ PKIX_TEST_DECREF_BC(altNameDnCert);
+ PKIX_TEST_DECREF_BC(altNameDnCert_diff);
+ PKIX_TEST_DECREF_BC(altNameEdiCert);
+ PKIX_TEST_DECREF_BC(altNameEdiCert_diff);
+ PKIX_TEST_DECREF_BC(altNameUriCert);
+ PKIX_TEST_DECREF_BC(altNameUriCert_diff);
+ PKIX_TEST_DECREF_BC(altNameIpCert);
+ PKIX_TEST_DECREF_BC(altNameIpCert_diff);
+ PKIX_TEST_DECREF_BC(altNameOidCert);
+ PKIX_TEST_DECREF_BC(altNameOidCert_diff);
+ PKIX_TEST_DECREF_BC(altNameMultipleCert);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n");
+}
+
+int
+test_cert(int argc, char *argv[])
+{
+
+ PKIX_PL_Cert *goodObject = NULL;
+ PKIX_PL_Cert *equalObject = NULL;
+ PKIX_PL_Cert *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataCentralDir = NULL;
+ char *dataDir = NULL;
+ char *goodInput = "yassir2bcn";
+ char *diffInput = "nss2alice";
+
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v3\n"
+ "\tSerialNumber: 37bc66ec\n"
+ "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+ "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
+ "\tValidity: [From: Thu Aug 19, 1999\n"
+ /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */
+ "\t To: Fri Aug 18, 2000]\n"
+ /* "\t To: Fri Aug 18 16:19:56 2000]\n" */
+ "\tSubjectAltNames: (null)\n"
+ "\tAuthorityKeyId: (null)\n"
+ "\tSubjectKeyId: (null)\n"
+ "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+ "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
+ "\tExtKeyUsages: (null)\n"
+ "\tBasicConstraint: CA(0)\n"
+ "\tCertPolicyInfo: (null)\n"
+ "\tPolicyMappings: (null)\n"
+ "\tExplicitPolicy: -1\n"
+ "\tInhibitMapping: -1\n"
+ "\tInhibitAnyPolicy:-1\n"
+ "\tNameConstraints: (null)\n"
+ "\tAuthorityInfoAccess: (null)\n"
+ "\tSubjectInfoAccess: (null)\n"
+ "\tCacheFlag: 0\n"
+ "]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Cert");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
+
+ dataCentralDir = argv[2 + j];
+ dataDir = argv[3 + j];
+
+ createCerts(dataCentralDir,
+ goodInput,
+ diffInput,
+ &goodObject,
+ &equalObject,
+ &diffObject);
+
+ testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ Cert,
+ PKIX_TRUE);
+
+ testVerifyKeyUsage(dataCentralDir, dataDir, goodObject);
+
+ testGetExtendedKeyUsage(dataCentralDir);
+ testGetKeyIdentifiers(dataCentralDir, goodObject);
+
+ testGetVersion(goodObject);
+ testGetSerialNumber(goodObject, equalObject, diffObject);
+
+ testGetSubject(goodObject, equalObject, diffObject);
+ testGetIssuer(goodObject, equalObject, diffObject);
+
+ testGetSubjectAltNames(dataCentralDir);
+ testGetCriticalExtensionOIDs(dataCentralDir, goodObject);
+
+ testGetSubjectPublicKey(goodObject, equalObject, diffObject);
+ testGetSubjectPublicKeyAlgId(goodObject);
+ testMakeInheritedDSAPublicKey(dataCentralDir);
+
+ testCheckValidity(goodObject, diffObject);
+
+ testBasicConstraints_GetCAFlag(dataCentralDir);
+ testBasicConstraints_GetPathLenConstraint(dataCentralDir);
+ testGetBasicConstraints(dataCentralDir);
+
+ /* Basic Policy Processing */
+ testGetPolicyInformation(dataDir);
+ testCertPolicy_GetPolicyId(dataDir);
+ testCertPolicy_GetPolQualifiers(dataDir);
+ testPolicyQualifier_GetPolicyQualifierId(dataDir);
+ testPolicyQualifier_GetQualifier(dataDir);
+ testAreCertPoliciesCritical(dataCentralDir, dataDir);
+
+ /* Advanced Policy Processing */
+ testCertPolicyConstraints(dataDir);
+ testCertPolicyMaps(dataDir);
+
+ testNameConstraints(dataDir);
+
+ testVerifySignature(dataCentralDir);
+
+ testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Cert");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c
new file mode 100644
index 0000000000..6372c7a370
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c
@@ -0,0 +1,302 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_crl.c
+ *
+ * Test CRL Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createCRLs(
+ char *dataDir,
+ char *goodInput,
+ char *diffInput,
+ PKIX_PL_CRL **goodObject,
+ PKIX_PL_CRL **equalObject,
+ PKIX_PL_CRL **diffObject)
+{
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRL_Create <goodObject>");
+ *goodObject = createCRL(dataDir, goodInput, plContext);
+
+ subTest("PKIX_PL_CRL_Create <equalObject>");
+ *equalObject = createCRL(dataDir, goodInput, plContext);
+
+ subTest("PKIX_PL_CRL_Create <diffObject>");
+ *diffObject = createCRL(dataDir, diffInput, plContext);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetCRLEntryForSerialNumber(
+ PKIX_PL_CRL *goodObject)
+{
+ PKIX_PL_BigInt *bigInt;
+ PKIX_PL_String *bigIntString = NULL;
+ PKIX_PL_CRLEntry *crlEntry = NULL;
+ PKIX_PL_String *crlEntryString = NULL;
+ char *snAscii = "3039";
+ char *expectedAscii =
+ "\n\t[\n"
+ "\tSerialNumber: 3039\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
+ /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ snAscii,
+ PL_strlen(snAscii),
+ &bigIntString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ bigIntString,
+ &bigInt,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ goodObject, bigInt, &crlEntry, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+ (PKIX_PL_Object *)crlEntry,
+ &crlEntryString,
+ plContext));
+
+ testToStringHelper((PKIX_PL_Object *)crlEntryString,
+ expectedAscii, plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(bigIntString);
+ PKIX_TEST_DECREF_AC(bigInt);
+ PKIX_TEST_DECREF_AC(crlEntryString);
+ PKIX_TEST_DECREF_AC(crlEntry);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetIssuer(
+ PKIX_PL_CRL *goodObject,
+ PKIX_PL_CRL *equalObject,
+ PKIX_PL_CRL *diffObject)
+{
+ PKIX_PL_X500Name *goodIssuer = NULL;
+ PKIX_PL_X500Name *equalIssuer = NULL;
+ PKIX_PL_X500Name *diffIssuer = NULL;
+ char *expectedAscii = "CN=hanfeiyu,O=sun,C=us";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRL_GetIssuer");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext));
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+ equalIssuer,
+ diffIssuer,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodIssuer);
+ PKIX_TEST_DECREF_AC(equalIssuer);
+ PKIX_TEST_DECREF_AC(diffIssuer);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_CRL *crl)
+{
+ PKIX_List *oidList = NULL;
+ PKIX_UInt32 numOids = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+ if (numOids != 0) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(oidList);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject)
+{
+ subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+ "<0 element>");
+ testCritExtensionsAbsent(goodObject);
+}
+
+static void
+testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl)
+{
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+ PKIX_PL_PublicKey *firstPubKey = NULL;
+ PKIX_PL_PublicKey *secondPubKey = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>");
+ firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext);
+
+ subTest("PKIX_PL_Cert_Create <hy2hy-bc0>");
+ secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext);
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
+
+ subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
+
+ subTest("PKIX_PL_CRL_VerifySignature <positive>");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext));
+
+ subTest("PKIX_PL_CRL_VerifySignature <negative>");
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(firstCert);
+ PKIX_TEST_DECREF_AC(secondCert);
+ PKIX_TEST_DECREF_AC(firstPubKey);
+ PKIX_TEST_DECREF_AC(secondPubKey);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n");
+}
+
+/* Functional tests for CRL public functions */
+
+int
+test_crl(int argc, char *argv[])
+{
+ PKIX_PL_CRL *goodObject = NULL;
+ PKIX_PL_CRL *equalObject = NULL;
+ PKIX_PL_CRL *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataCentralDir = NULL;
+ char *goodInput = "crlgood.crl";
+ char *diffInput = "crldiff.crl";
+ char *expectedAscii =
+ "[\n"
+ "\tVersion: v2\n"
+ "\tIssuer: CN=hanfeiyu,O=sun,C=us\n"
+ "\tUpdate: [Last: Fri Jan 07, 2005\n"
+ /* "\tUpdate: [Last: Fri Jan 07 15:09:10 2005\n" */
+ "\t Next: Sat Jan 07, 2006]\n"
+ /* "\t Next: Sat Jan 07 15:09:10 2006]\n" */
+ "\tSignatureAlgId: 1.2.840.10040.4.3\n"
+ "\tCRL Number : (null)\n"
+ "\n\tEntry List: (\n"
+ "\t[\n"
+ "\tSerialNumber: 010932\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
+ /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t"
+ ", "
+ "\n\t[\n"
+ "\tSerialNumber: 3039\n"
+ "\tReasonCode: 257\n"
+ "\tRevocationDate: Fri Jan 07, 2005\n"
+ /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t"
+ ")"
+ "\n\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "]\n";
+ /* Note XXX serialnumber and reasoncode need debug */
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("CRL");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
+
+ dataCentralDir = argv[2 + j];
+
+ createCRLs(dataCentralDir,
+ goodInput,
+ diffInput,
+ &goodObject,
+ &equalObject,
+ &diffObject);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ CRL,
+ PKIX_TRUE);
+
+ testGetIssuer(goodObject, equalObject, diffObject);
+
+ testGetCriticalExtensionOIDs(goodObject);
+
+ testGetCRLEntryForSerialNumber(goodObject);
+
+ testVerifySignature(dataCentralDir, goodObject);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(equalObject);
+ PKIX_TEST_DECREF_AC(diffObject);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("CRL");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c
new file mode 100644
index 0000000000..30a008b4cf
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c
@@ -0,0 +1,208 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_crlentry.c
+ *
+ * Test CRLENTRY Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createCRLEntries(
+ char *dataDir,
+ char *crlInput,
+ PKIX_PL_CRL **pCrl,
+ PKIX_PL_CRLEntry **goodObject,
+ PKIX_PL_CRLEntry **equalObject,
+ PKIX_PL_CRLEntry **diffObject)
+{
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_PL_BigInt *firstSNBigInt = NULL;
+ PKIX_PL_BigInt *secondSNBigInt = NULL;
+ PKIX_PL_String *firstSNString = NULL;
+ PKIX_PL_String *secondSNString = NULL;
+ char *firstSNAscii = "010932";
+ char *secondSNAscii = "3039";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRL_Create <crl>");
+ crl = createCRL(dataDir, crlInput, plContext);
+
+ subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ firstSNAscii,
+ PL_strlen(firstSNAscii),
+ &firstSNString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ firstSNString,
+ &firstSNBigInt,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, firstSNBigInt, goodObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, firstSNBigInt, equalObject, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ secondSNAscii,
+ PL_strlen(secondSNAscii),
+ &secondSNString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+ secondSNString,
+ &secondSNBigInt,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+ crl, secondSNBigInt, diffObject, plContext));
+
+ *pCrl = crl;
+
+cleanup:
+ PKIX_TEST_DECREF_AC(firstSNBigInt);
+ PKIX_TEST_DECREF_AC(secondSNBigInt);
+ PKIX_TEST_DECREF_AC(firstSNString);
+ PKIX_TEST_DECREF_AC(secondSNString);
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetReasonCode(
+ PKIX_PL_CRLEntry *goodObject)
+{
+ PKIX_Int32 reasonCode = 0;
+ PKIX_Int32 expectedReasonCode = 260;
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
+ goodObject, &reasonCode, plContext));
+
+ if (reasonCode != expectedReasonCode) {
+ testError("unexpected value of CRL Entry Reason Code");
+ (void)printf("Actual value:\t%d\n", reasonCode);
+ (void)printf("Expected value:\t%d\n", expectedReasonCode);
+ goto cleanup;
+ }
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_CRLEntry *crlEntry)
+{
+ PKIX_List *oidList = NULL;
+ PKIX_UInt32 numOids = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(crlEntry, &oidList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+ if (numOids != 0) {
+ pkixTestErrorMsg = "unexpected mismatch";
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(oidList);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(PKIX_PL_CRLEntry *goodObject)
+{
+ subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+ "<CritExtensionsAbsent>");
+ testCritExtensionsAbsent(goodObject);
+}
+
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n");
+}
+
+/* Functional tests for CRLENTRY public functions */
+
+int
+test_crlentry(int argc, char *argv[])
+{
+ PKIX_PL_CRL *crl = NULL;
+ PKIX_PL_CRLEntry *goodObject = NULL;
+ PKIX_PL_CRLEntry *equalObject = NULL;
+ PKIX_PL_CRLEntry *diffObject = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *dataDir = NULL;
+ char *goodInput = "crlgood.crl";
+ char *expectedAscii =
+ "\n\t[\n"
+ "\tSerialNumber: 010932\n"
+ "\tReasonCode: 260\n"
+ "\tRevocationDate: Fri Jan 07 15:09:10 2005\n"
+ "\tCritExtOIDs: (EMPTY)\n"
+ "\t]\n\t";
+
+ /* Note XXX serialnumber and reasoncode need debug */
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("CRLEntry");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 1 + j) {
+ printUsage();
+ return (0);
+ }
+
+ dataDir = argv[1 + j];
+
+ createCRLEntries(dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ NULL, /* expectedAscii, */
+ CRLENTRY,
+ PKIX_TRUE);
+
+ testGetReasonCode(goodObject);
+
+ testGetCriticalExtensionOIDs(goodObject);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(crl);
+ PKIX_TEST_DECREF_AC(goodObject);
+ PKIX_TEST_DECREF_AC(equalObject);
+ PKIX_TEST_DECREF_AC(diffObject);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("CRLEntry");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c
new file mode 100644
index 0000000000..4fb3718c19
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_date.c
+ *
+ * Test Date Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createDates(char *goodInput, char *diffInput,
+ PKIX_PL_Date **goodDate,
+ PKIX_PL_Date **equalDate,
+ PKIX_PL_Date **diffDate)
+{
+
+ subTest("PKIX_PL_Date_Create <goodDate>");
+ *goodDate = createDate(goodInput, plContext);
+
+ subTest("PKIX_PL_Date_Create <equalDate>");
+ *equalDate = createDate(goodInput, plContext);
+
+ subTest("PKIX_PL_Date_Create <diffDate>");
+ *diffDate = createDate(diffInput, plContext);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_Date_Destroy");
+
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDate(char *goodInput, char *diffInput)
+{
+
+ PKIX_PL_Date *goodDate = NULL;
+ PKIX_PL_Date *equalDate = NULL;
+ PKIX_PL_Date *diffDate = NULL;
+
+ /*
+ * The ASCII rep of the date will vary by platform and locale
+ * This particular string was generated on a SPARC running Solaris 9
+ * in an English locale
+ */
+ /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */
+ char *expectedAscii = "Mon Mar 29, 2004";
+
+ PKIX_TEST_STD_VARS();
+
+ createDates(goodInput, diffInput,
+ &goodDate, &equalDate, &diffDate);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE);
+
+ testDestroy(goodDate, equalDate, diffDate);
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_date(int argc, char *argv[])
+{
+
+ char *goodInput = NULL;
+ char *diffInput = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Date");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ goodInput = "040329134847Z";
+ diffInput = "050329135847Z";
+ testDate(goodInput, diffInput);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Date");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c
new file mode 100644
index 0000000000..88181e3f20
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c
@@ -0,0 +1,123 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_generalname.c
+ *
+ * Test GeneralName Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput,
+ PKIX_PL_GeneralName **goodName,
+ PKIX_PL_GeneralName **equalName,
+ PKIX_PL_GeneralName **diffName)
+{
+
+ subTest("PKIX_PL_GeneralName_Create <goodName>");
+ *goodName = createGeneralName(nameType, goodInput, plContext);
+
+ subTest("PKIX_PL_GeneralName_Create <equalName>");
+ *equalName = createGeneralName(nameType, goodInput, plContext);
+
+ subTest("PKIX_PL_GeneralName_Create <diffName>");
+ *diffName = createGeneralName(nameType, diffInput, plContext);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_GeneralName_Destroy");
+
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testNameType(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii)
+{
+
+ PKIX_PL_GeneralName *goodName = NULL;
+ PKIX_PL_GeneralName *equalName = NULL;
+ PKIX_PL_GeneralName *diffName = NULL;
+
+ createGeneralNames(nameType, goodInput, diffInput,
+ &goodName, &equalName, &diffName);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodName,
+ equalName,
+ diffName,
+ expectedAscii,
+ GeneralName,
+ PKIX_TRUE);
+
+ testDestroy(goodName, equalName, diffName);
+}
+
+int
+test_generalname(int argc, char *argv[])
+{
+
+ char *goodInput = NULL;
+ char *diffInput = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("GeneralName");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ goodInput = "john@sun.com";
+ diffInput = "john@labs.com";
+ testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput);
+
+ goodInput = "example1.com";
+ diffInput = "ex2.net";
+ testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput);
+
+ goodInput = "cn=yassir, ou=labs, o=sun, c=us";
+ diffInput = "cn=alice, ou=labs, o=sun, c=us";
+ testNameType(PKIX_DIRECTORY_NAME,
+ goodInput,
+ diffInput,
+ "CN=yassir,OU=labs,O=sun,C=us");
+
+ goodInput = "http://example1.com";
+ diffInput = "http://ex2.net";
+ testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput);
+
+ goodInput = "1.2.840.11";
+ diffInput = "1.2.840.115349";
+ testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput);
+
+ /*
+ * We don't support creating PKIX_EDIPARTY_NAME,
+ * PKIX_IP_NAME, OTHER_NAME, X400_ADDRESS from strings
+ */
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("GeneralName");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
new file mode 100644
index 0000000000..636ba3ead3
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
@@ -0,0 +1,127 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_nameconstraints.c
+ *
+ * Test CERT Name Constraints Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static char *
+catDirName(char *platform, char *dir, void *plContext)
+{
+ char *pathName = NULL;
+ PKIX_UInt32 dirLen;
+ PKIX_UInt32 platformLen;
+
+ PKIX_TEST_STD_VARS();
+
+ dirLen = PL_strlen(dir);
+ platformLen = PL_strlen(platform);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+ dirLen +
+ 2,
+ (void **)&pathName, plContext));
+
+ PL_strcpy(pathName, platform);
+ PL_strcat(pathName, "/");
+ PL_strcat(pathName, dir);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+
+ return (pathName);
+}
+
+static void
+testNameConstraints(char *dataDir)
+{
+ char *goodPname = "nameConstraintsDN5CACert.crt";
+ PKIX_PL_Cert *goodCert = NULL;
+ PKIX_PL_CertNameConstraints *goodNC = NULL;
+ char *expectedAscii =
+ "[\n"
+ "\t\tPermitted Name: (OU=permittedSubtree1,"
+ "O=Test Certificates,C=US)\n"
+ "\t\tExcluded Name: (OU=excludedSubtree1,"
+ "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+ "\t]\n";
+
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_CertNameConstraints");
+
+ goodCert = createCert(dataDir, goodPname, plContext);
+
+ subTest("PKIX_PL_Cert_GetNameConstraints");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &goodNC, plContext));
+
+ testToStringHelper((PKIX_PL_Object *)goodNC, expectedAscii, plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(goodNC);
+ PKIX_TEST_DECREF_AC(goodCert);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+ (void)printf("\nUSAGE:\ttest_nameconstraints <test-purpose>"
+ " <data-dir> <platform-prefix>\n\n");
+}
+
+/* Functional tests for CRL public functions */
+
+int
+test_nameconstraints(int argc, char *argv[])
+{
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+ char *platformDir = NULL;
+ char *dataDir = NULL;
+ char *combinedDir = NULL;
+
+ /* Note XXX serialnumber and reasoncode need debug */
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("NameConstraints");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 3 + j) {
+ printUsage();
+ return (0);
+ }
+
+ dataDir = argv[2 + j];
+ platformDir = argv[3 + j];
+ combinedDir = catDirName(platformDir, dataDir, plContext);
+
+ testNameConstraints(combinedDir);
+
+cleanup:
+
+ pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("NameConstraints");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
new file mode 100644
index 0000000000..8f2ff9ec7e
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_subjectinfoaccess.c
+ *
+ * Test Subject InfoAccess Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+test_subjectinfoaccess(int argc, char *argv[])
+{
+
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_PL_Cert *certDiff = NULL;
+ PKIX_List *aiaList = NULL;
+ PKIX_List *siaList = NULL;
+ PKIX_PL_InfoAccess *sia = NULL;
+ PKIX_PL_InfoAccess *siaDup = NULL;
+ PKIX_PL_InfoAccess *siaDiff = NULL;
+ PKIX_PL_GeneralName *location = NULL;
+ char *certPathName = NULL;
+ char *dirName = NULL;
+ PKIX_UInt32 method = 0;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 size, i;
+ PKIX_UInt32 j = 0;
+ char *expectedAscii = "[method:caRepository, "
+ "location:http://betty.nist.gov/pathdiscoverytestsuite/"
+ "p7cfiles/IssuedByTrustAnchor1.p7c]";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("SubjectInfoAccess");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ if (argc < 5 + j) {
+ printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+ }
+
+ dirName = argv[2 + j];
+ certPathName = argv[3 + j];
+
+ subTest("Creating Cert with Subject Info Access");
+ cert = createCert(dirName, certPathName, plContext);
+
+ certPathName = argv[4 + j];
+
+ subTest("Creating Cert with Subject Info Access");
+ certDiff = createCert(dirName, certPathName, plContext);
+
+ subTest("Getting Subject Info Access");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(cert, &siaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&sia, plContext));
+
+ subTest("PKIX_PL_InfoAccess_GetMethod");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod(sia, &method, plContext));
+ if (method != PKIX_INFOACCESS_CA_REPOSITORY) {
+ pkixTestErrorMsg = "unexpected method of AIA";
+ goto cleanup;
+ }
+
+ subTest("PKIX_PL_InfoAccess_GetLocation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(sia, &location, plContext));
+ if (!location) {
+ pkixTestErrorMsg = "Cannot get AIA location";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&siaDup, plContext));
+
+ subTest("Getting Authority Info Access as difference comparison");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certDiff, &aiaList, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+ if (size != 1) {
+ pkixTestErrorMsg = "unexpected number of AIA";
+ goto cleanup;
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&siaDiff, plContext));
+
+ subTest("Checking: Equal, Hash and ToString");
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(location);
+ PKIX_TEST_DECREF_AC(sia);
+ PKIX_TEST_DECREF_AC(siaDup);
+ PKIX_TEST_DECREF_AC(siaDiff);
+ PKIX_TEST_DECREF_AC(aiaList);
+ PKIX_TEST_DECREF_AC(siaList);
+ PKIX_TEST_DECREF_AC(cert);
+ PKIX_TEST_DECREF_AC(certDiff);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Subjectinfoaccess");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c
new file mode 100644
index 0000000000..91ff63fd0a
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c
@@ -0,0 +1,169 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_x500name.c
+ *
+ * Test X500Name Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_PL_X500Name *
+createX500Name(char *asciiName, PKIX_Boolean expectedToPass)
+{
+
+ PKIX_PL_X500Name *x500Name = NULL;
+ PKIX_PL_String *plString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+
+ if (expectedToPass) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+ } else {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(plString);
+
+ PKIX_TEST_RETURN();
+
+ return (x500Name);
+}
+
+static void
+createX500Names(char *goodInput, char *diffInput, char *diffInputMatch,
+ PKIX_PL_X500Name **goodObject,
+ PKIX_PL_X500Name **equalObject,
+ PKIX_PL_X500Name **diffObject,
+ PKIX_PL_X500Name **diffObjectMatch)
+{
+ char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us";
+ PKIX_PL_X500Name *badObject = NULL;
+
+ subTest("PKIX_PL_X500Name_Create <goodObject>");
+ *goodObject = createX500Name(goodInput, PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Create <equalObject>");
+ *equalObject = createX500Name(goodInput, PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Create <diffObject>");
+ *diffObject = createX500Name(diffInput, PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Create <diffObjectMatch>");
+ *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Create <negative>");
+ badObject = createX500Name(badAscii, PKIX_FALSE);
+}
+
+static void
+testMatchHelper(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match)
+{
+ PKIX_Boolean cmpResult;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match(goodName,
+ otherName,
+ &cmpResult,
+ plContext));
+
+ if ((match && !cmpResult) || (!match && cmpResult)) {
+ testError("unexpected mismatch");
+ (void)printf("Actual value:\t%d\n", cmpResult);
+ (void)printf("Expected value:\t%d\n", match);
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testMatch(void *goodObject, void *diffObject, void *diffObjectMatch)
+{
+ subTest("PKIX_PL_X500Name_Match <match>");
+ testMatchHelper((PKIX_PL_X500Name *)diffObject,
+ (PKIX_PL_X500Name *)diffObjectMatch,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_X500Name_Match <non-match>");
+ testMatchHelper((PKIX_PL_X500Name *)goodObject,
+ (PKIX_PL_X500Name *)diffObject,
+ PKIX_FALSE);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch)
+{
+ PKIX_TEST_STD_VARS();
+
+ subTest("PKIX_PL_X500Name_Destroy");
+
+ PKIX_TEST_DECREF_BC(goodObject);
+ PKIX_TEST_DECREF_BC(equalObject);
+ PKIX_TEST_DECREF_BC(diffObject);
+ PKIX_TEST_DECREF_BC(diffObjectMatch);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_x500name(int argc, char *argv[])
+{
+
+ PKIX_PL_X500Name *goodObject = NULL;
+ PKIX_PL_X500Name *equalObject = NULL;
+ PKIX_PL_X500Name *diffObject = NULL;
+ PKIX_PL_X500Name *diffObjectMatch = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ /* goodInput is encoded in PKIX_ESCASCII */
+ char *goodInput = "cn=Strau&#x00Df;,ou=labs,o=sun,c=us";
+ char *diffInput = "cn=steve,ou=labs,o=sun,c=us";
+ char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS";
+ char *expectedAscii = "CN=Strau&#x00DF;,OU=labs,O=sun,C=us";
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("X500Name");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ createX500Names(goodInput, diffInput, diffInputMatch,
+ &goodObject, &equalObject, &diffObject, &diffObjectMatch);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+ equalObject,
+ diffObject,
+ expectedAscii,
+ X500Name,
+ PKIX_TRUE);
+
+ testMatch(goodObject, diffObject, diffObjectMatch);
+
+ testDestroy(goodObject, equalObject, diffObject, diffObjectMatch);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("X500Name");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/Makefile b/security/nss/cmd/libpkix/pkix_pl/system/Makefile
new file mode 100644
index 0000000000..802e7729d9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn
new file mode 100644
index 0000000000..52bb34ece0
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/manifest.mn
@@ -0,0 +1,38 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+# test_rwlock.c is taken out, need to link to libpkix internals
+#
+# The test is using LIBPKIX PL call directly, which violates our
+# code convention.
+#
+CSRCS = test_bigint.c \
+ test_bytearray.c \
+ test_hashtable.c \
+ test_mem.c \
+ test_mutex.c \
+ test_mutex2.c \
+ test_mutex3.c \
+ test_monitorlock.c \
+ test_object.c \
+ test_oid.c \
+ stress_test.c \
+ test_string.c \
+ test_string2.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixtoolsys
+SHARED_LIBRARY = $(NULL)
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c b/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c
new file mode 100644
index 0000000000..839dc068d1
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/stress_test.c
@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * stress_test.c
+ *
+ * Creates and deletes many objects
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+stress_test(int argc, char *argv[])
+{
+
+ PKIX_UInt32 i, k, length, hashcode;
+ PKIX_UInt32 size = 17576;
+ char temp[4];
+ PKIX_Boolean result;
+ PKIX_PL_String *strings[17576], *tempString;
+ PKIX_PL_String *utf16strings[17576];
+ PKIX_PL_ByteArray *byteArrays[17576];
+ void *dest;
+ PKIX_PL_HashTable *ht = NULL;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Stress Test");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ /* ---------------------------- */
+ subTest("Create every three letter String");
+
+ for (i = 0; i < 26; i++)
+ for (j = 0; j < 26; j++)
+ for (k = 0; k < 26; k++) {
+ temp[0] = (char)('a' + i);
+ temp[1] = (char)('a' + j);
+ temp[2] = (char)('a' + k);
+ temp[3] = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, temp, 3,
+ &strings[26 * (i * 26 + j) + k],
+ plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Create a bytearray from each string's UTF-16 encoding");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(strings[i],
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(dest, length, &byteArrays[i], plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Create a copy string from each bytearray");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF16, *(void **)byteArrays[i], 6,
+ &utf16strings[i], plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Compare each original string with the copy");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)strings[i],
+ (PKIX_PL_Object *)utf16strings[i],
+ &result,
+ plContext));
+ if (result == 0)
+ testError("Strings do not match");
+ }
+
+ /* ---------------------------- */
+ subTest("Put each string into a Hashtable");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(size /
+ 2,
+ 0, &ht, plContext));
+
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)strings[i],
+ &hashcode,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (void *)&hashcode,
+ (void *)strings[i],
+ plContext));
+ }
+
+ /* ---------------------------- */
+ subTest("Compare each copy string with the hashtable entries ");
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)utf16strings[i],
+ &hashcode,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (void *)&hashcode,
+ (PKIX_PL_Object **)&tempString,
+ plContext));
+
+ if (tempString == NULL)
+ testError("String not found in hashtable");
+ else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)tempString,
+ (PKIX_PL_Object *)utf16strings[i],
+ &result,
+ plContext));
+ if (result == 0)
+ testError("Strings do not match");
+ PKIX_TEST_DECREF_BC(tempString);
+ }
+ }
+
+cleanup:
+
+ /* ---------------------------- */
+ subTest("Destroy All Objects");
+
+ PKIX_TEST_DECREF_AC(ht);
+
+ for (i = 0; i < size; i++) {
+ PKIX_TEST_DECREF_AC(strings[i]);
+ PKIX_TEST_DECREF_AC(utf16strings[i]);
+ PKIX_TEST_DECREF_AC(byteArrays[i]);
+ }
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Stress Test");
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c b/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c
new file mode 100644
index 0000000000..281e373790
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_bigint.c
@@ -0,0 +1,189 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_bigint.c
+ *
+ * Tests BigInt Types
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createBigInt(
+ PKIX_PL_BigInt **bigInts,
+ char *bigIntAscii,
+ PKIX_Boolean errorHandling)
+{
+ PKIX_PL_String *bigIntString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ bigIntAscii,
+ PL_strlen(bigIntAscii),
+ &bigIntString,
+ plContext));
+
+ if (errorHandling) {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+ bigInts,
+ plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+ bigInts,
+ plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(bigIntString);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+ PKIX_PL_BigInt *bigInt,
+ char *expAscii)
+{
+ PKIX_PL_String *bigIntString = NULL;
+ char *temp = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)bigInt,
+ &bigIntString, plContext));
+
+ temp = PKIX_String2ASCII(bigIntString, plContext);
+ if (temp == plContext) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
+
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tBigInt ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(bigIntString);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+ PKIX_PL_BigInt *firstBigInt,
+ PKIX_PL_BigInt *secondBigInt,
+ PKIX_Int32 *cmpResult)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)firstBigInt,
+ (PKIX_PL_Object *)secondBigInt,
+ cmpResult, plContext));
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_BigInt *bigInt)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(bigInt);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_bigint(int argc, char *argv[])
+{
+
+ PKIX_UInt32 size = 4, badSize = 3, i = 0;
+ PKIX_PL_BigInt *testBigInt[4] = { NULL };
+ PKIX_Int32 cmpResult;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *bigIntValue[4] = {
+ "03",
+ "ff",
+ "1010101010101010101010101010101010101010",
+ "1010101010101010101010101010101010101010",
+ };
+
+ char *badValue[3] = { "00ff", "fff", "-ff" };
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("BigInts");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ for (i = 0; i < badSize; i++) {
+ subTest("PKIX_PL_BigInt_Create <error_handling>");
+ createBigInt(&testBigInt[i], badValue[i], PKIX_TRUE);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_Create");
+ createBigInt(&testBigInt[i], bigIntValue[i], PKIX_FALSE);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testBigInt[2],
+ testBigInt[3],
+ testBigInt[1],
+ bigIntValue[2],
+ BigInt,
+ PKIX_TRUE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_ToString");
+ testToString(testBigInt[i], bigIntValue[i]);
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <gt>");
+ testCompare(testBigInt[2], testBigInt[1], &cmpResult);
+ if (cmpResult <= 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <lt>");
+ testCompare(testBigInt[1], testBigInt[2], &cmpResult);
+ if (cmpResult >= 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ subTest("PKIX_PL_BigInt_Compare <eq>");
+ testCompare(testBigInt[2], testBigInt[3], &cmpResult);
+ if (cmpResult != 0) {
+ testError("Invalid Result from String Compare");
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_BigInt_Destroy");
+ testDestroy(testBigInt[i]);
+ }
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("BigInt");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c b/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c
new file mode 100644
index 0000000000..402685b59d
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c
@@ -0,0 +1,231 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_bytearray.c
+ *
+ * Tests ByteArray types.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createByteArray(
+ PKIX_PL_ByteArray **byteArray,
+ char *bytes,
+ PKIX_UInt32 length)
+{
+ PKIX_TEST_STD_VARS();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)bytes,
+ length,
+ byteArray,
+ plContext));
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testZeroLength(void)
+{
+ PKIX_PL_ByteArray *byteArray = NULL;
+ void *array = NULL;
+ PKIX_UInt32 length = 2;
+
+ PKIX_TEST_STD_VARS();
+
+ createByteArray(&byteArray, NULL, 0);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &length, plContext));
+ if (length != 0) {
+ testError("Length should be zero");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, &array, plContext));
+ if (array) {
+ testError("Array should be NULL");
+ }
+
+ testToStringHelper((PKIX_PL_Object *)byteArray, "[]", plContext);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(byteArray);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+ PKIX_PL_ByteArray *byteArray,
+ char *expAscii)
+{
+ PKIX_PL_String *string = NULL;
+ char *temp = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)byteArray,
+ &string, plContext));
+
+ temp = PKIX_String2ASCII(string, plContext);
+ if (temp == NULL) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
+
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tByteArray ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(string);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetLength(
+ PKIX_PL_ByteArray *byteArray,
+ PKIX_UInt32 expLength)
+{
+ PKIX_UInt32 arrayLength;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &arrayLength, plContext));
+
+ if (arrayLength != expLength) {
+ (void)printf("\tByteArray GetLength: %d %d\n",
+ arrayLength, expLength);
+ testError("Incorrect Array Length returned");
+ }
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetPointer(
+ PKIX_PL_ByteArray *byteArray,
+ char *expBytes,
+ PKIX_UInt32 arrayLength)
+{
+ char *temp = NULL;
+ PKIX_UInt32 j;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, (void **)&temp, plContext));
+
+ for (j = 0; j < arrayLength; j++) {
+ if (temp[j] != expBytes[j]) {
+ testError("Incorrect Byte Array Contents");
+ }
+ }
+
+cleanup:
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_RETURN();
+}
+
+void
+testDestroy(
+ PKIX_PL_ByteArray *byteArray)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(byteArray);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_bytearray(int argc, char *argv[])
+{
+
+ PKIX_PL_ByteArray *testByteArray[4];
+
+ PKIX_UInt32 i, size = 4;
+ PKIX_UInt32 lengths[4] = { 5, 6, 1, 5 };
+ char dArray0[5] = { 1, 2, 3, 4, 5 };
+ unsigned char dArray1[6] = { 127, 128, 129, 254, 255, 0 };
+ char dArray2[1] = { 100 };
+ char dArray3[5] = { 1, 2, 3, 4, 5 };
+
+ char *expected[4] = {
+ "[001, 002, 003, 004, 005]",
+ "[127, 128, 129, 254, 255, 000]",
+ "[100]",
+ "[001, 002, 003, 004, 005]"
+ };
+
+ char *dummyArray[4];
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ dummyArray[0] = dArray0;
+ dummyArray[1] = (char *)dArray1;
+ dummyArray[2] = dArray2;
+ dummyArray[3] = dArray3;
+
+ startTests("ByteArrays");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_ByteArray_Create <zero length>");
+ testZeroLength();
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_Create");
+ createByteArray(&testByteArray[i], dummyArray[i], lengths[i]);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testByteArray[0],
+ testByteArray[3],
+ testByteArray[1],
+ "[001, 002, 003, 004, 005]",
+ ByteArray,
+ PKIX_TRUE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_ToString");
+ testToString(testByteArray[i], expected[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_GetLength");
+ testGetLength(testByteArray[i], lengths[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_GetPointer");
+ testGetPointer(testByteArray[i], dummyArray[i], lengths[i]);
+ }
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_ByteArray_Destroy");
+ testDestroy(testByteArray[i]);
+ }
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("ByteArray");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c b/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c
new file mode 100644
index 0000000000..663bfc9fac
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c
@@ -0,0 +1,380 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_hashtable.c
+ *
+ * Tests Hashtables
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createHashTables(
+ PKIX_PL_HashTable **ht,
+ PKIX_PL_HashTable **ht2,
+ PKIX_PL_HashTable **ht3,
+ PKIX_PL_HashTable **ht4)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 0, ht, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(5, 0, ht2, plContext));
+
+ /* at most two entries per bucket */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 2, ht4, plContext));
+
+ *ht3 = *ht;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*ht3, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAdd(
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String **testString,
+ PKIX_PL_String **testString2,
+ PKIX_PL_String **testString3,
+ PKIX_PL_OID **testOID)
+{
+ char *dummyString = "test string 1";
+ char *dummyString2 = "test string 2";
+ char *dummyString3 = "test string 3";
+ char *dummyOID = "2.11.22222.33333";
+
+ PKIX_TEST_STD_VARS();
+
+ /* Make some dummy objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString,
+ PL_strlen(dummyString),
+ testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString2,
+ PL_strlen(dummyString2),
+ testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ dummyString3,
+ PL_strlen(dummyString3),
+ testString3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(dummyOID, testOID, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testOID,
+ (PKIX_PL_Object *)*testOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+ (PKIX_PL_Object *)*testOID,
+ (PKIX_PL_Object *)*testOID,
+ plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testAddFIFO(
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_String **testString,
+ PKIX_PL_String **testString2,
+ PKIX_PL_String **testString3)
+{
+ PKIX_PL_String *targetString = NULL;
+ PKIX_Boolean cmpResult;
+
+ PKIX_TEST_STD_VARS();
+
+ /*
+ * ht is created as one bucket, two entries per bucket. Since we add
+ * three items to the ht, we expect the first one to be deleted.
+ */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object *)*testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString2,
+ (PKIX_PL_Object *)*testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+ (PKIX_PL_Object *)*testString3,
+ (PKIX_PL_Object *)*testString3,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)*testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+ if (targetString != NULL) {
+ testError("HashTable_Lookup retrieved a supposed deleted item");
+ PKIX_TEST_DECREF_BC(targetString);
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)*testString3,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)*testString3,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testLookup(
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String *testString,
+ PKIX_PL_String *testString2,
+ PKIX_PL_String *testString3,
+ PKIX_PL_OID *testOID)
+{
+ PKIX_PL_String *targetString = NULL;
+ PKIX_PL_String *targetOID = NULL;
+ PKIX_Boolean cmpResult;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString2,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testString,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString2,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testString2,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetString,
+ (PKIX_PL_Object *)testString,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testOID,
+ (PKIX_PL_Object **)&targetOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetOID,
+ (PKIX_PL_Object *)testOID,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(targetOID);
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+ (PKIX_PL_Object *)testOID,
+ (PKIX_PL_Object **)&targetOID,
+ plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+ (PKIX_PL_Object *)targetOID,
+ (PKIX_PL_Object *)testOID,
+ &cmpResult,
+ plContext));
+ if (cmpResult != PKIX_TRUE) {
+ testError("HashTable_Lookup failed");
+ }
+ PKIX_TEST_DECREF_BC(targetString);
+ PKIX_TEST_DECREF_BC(targetOID);
+
+ (void)printf("Looking up item not in HashTable.\n");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+ (PKIX_PL_Object *)testString3,
+ (PKIX_PL_Object **)&targetString,
+ plContext));
+ if (targetString == NULL)
+ (void)printf("\tCorrectly returned NULL.\n");
+ else
+ testError("Hashtable did not return NULL value as expected");
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testRemove(
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_String *testString,
+ PKIX_PL_String *testString2,
+ PKIX_PL_OID *testOID)
+{
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testOID,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht2,
+ (PKIX_PL_Object *)testString2,
+ plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_HashTable_Remove(ht,
+ (PKIX_PL_Object *)testString,
+ plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_HashTable *ht,
+ PKIX_PL_HashTable *ht2,
+ PKIX_PL_HashTable *ht3,
+ PKIX_PL_HashTable *ht4)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(ht);
+ PKIX_TEST_DECREF_BC(ht2);
+ PKIX_TEST_DECREF_BC(ht3);
+ PKIX_TEST_DECREF_BC(ht4);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+int
+test_hashtable(int argc, char *argv[])
+{
+
+ PKIX_PL_HashTable *ht, *ht2, *ht3, *ht4;
+ PKIX_PL_String *testString, *testString2, *testString3;
+ PKIX_PL_OID *testOID;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("HashTables");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_HashTable_Create");
+ createHashTables(&ht, &ht2, &ht3, &ht4);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(ht,
+ ht3,
+ ht2,
+ NULL,
+ HashTable,
+ PKIX_FALSE);
+
+ subTest("PKIX_PL_HashTable_Add");
+ testAdd(ht, ht2, &testString, &testString2, &testString3, &testOID);
+
+ subTest("PKIX_PL_HashTable_ADD - with Bucket Size limit");
+ testAddFIFO(ht4, &testString, &testString2, &testString3);
+
+ subTest("PKIX_PL_HashTable_Lookup");
+ testLookup(ht, ht2, testString, testString2, testString3, testOID);
+
+ subTest("PKIX_PL_HashTable_Remove");
+ testRemove(ht, ht2, testString, testString2, testOID);
+
+ PKIX_TEST_DECREF_BC(testString);
+ PKIX_TEST_DECREF_BC(testString2);
+ PKIX_TEST_DECREF_BC(testString3);
+ PKIX_TEST_DECREF_BC(testOID);
+
+ subTest("PKIX_PL_HashTable_Destroy");
+ testDestroy(ht, ht2, ht3, ht4);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("BigInt");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c
new file mode 100644
index 0000000000..3a4e5f7135
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mem.c
@@ -0,0 +1,133 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mem.c
+ *
+ * Tests Malloc, Realloc and Free
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testMalloc(PKIX_UInt32 **array)
+{
+ PKIX_UInt32 i, arraySize = 10;
+ PKIX_TEST_STD_VARS();
+
+ /* Create an integer array of size 10 */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+ (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+ (void **)array, plContext));
+
+ /* Fill in some values */
+ (void)printf("Setting array[i] = i...\n");
+ for (i = 0; i < arraySize; i++) {
+ (*array)[i] = i;
+ if ((*array)[i] != i)
+ testError("Array has incorrect contents");
+ }
+
+ /* Memory now reflects changes */
+ (void)printf("\tArray: a[0] = %d, a[5] = %d, a[7] = %d.\n",
+ (*array[0]), (*array)[5], (*array)[7]);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testRealloc(PKIX_UInt32 **array)
+{
+ PKIX_UInt32 i, arraySize = 20;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(*array,
+ (PKIX_UInt32)(arraySize *
+ sizeof(unsigned int)),
+ (void **)array, plContext));
+
+ /* Fill in the new elements */
+ (void)printf("Setting new portion of array to a[i] = i...\n");
+ for (i = arraySize / 2; i < arraySize; i++) {
+ (*array)[i] = i;
+ if ((*array)[i] != i)
+ testError("Array has incorrect contents");
+ }
+
+ /* New elements should be reflected. The old should be the same */
+ (void)printf("\tArray: a[0] = %d, a[15] = %d, a[17] = %d.\n",
+ (*array)[0], (*array)[15], (*array)[17]);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testFree(PKIX_UInt32 *array)
+{
+
+ PKIX_TEST_STD_VARS();
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+int
+test_mem(int argc, char *argv[])
+{
+
+ unsigned int *array = NULL;
+ int arraySize = 10;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Memory Allocation");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_Malloc");
+ testMalloc(&array);
+
+ subTest("PKIX_PL_Realloc");
+ testRealloc(&array);
+
+ subTest("PKIX_PL_Free");
+ testFree(array);
+
+ /* --Negative Test Cases------------------- */
+ /* Create an integer array of size 10 */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+ (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+ (void **)&array, plContext));
+
+ (void)printf("Attempting to reallocate 0 sized memory...\n");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(array, 0, (void **)&array, plContext));
+
+ (void)printf("Attempting to allocate to null pointer...\n");
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext));
+
+ (void)printf("Attempting to reallocate to null pointer...\n");
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("Memory Allocation");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c b/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c
new file mode 100644
index 0000000000..21974258f9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_monitorlock.c
+ *
+ * Tests basic MonitorLock object functionality. No multi-threading.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createMonitorLockes(
+ PKIX_PL_MonitorLock **monitorLock,
+ PKIX_PL_MonitorLock **monitorLock2,
+ PKIX_PL_MonitorLock **monitorLock3)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock2, plContext));
+
+ *monitorLock3 = *monitorLock;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*monitorLock3, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testLock(PKIX_PL_MonitorLock *monitorLock)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_MonitorLock *monitorLock,
+ PKIX_PL_MonitorLock *monitorLock2,
+ PKIX_PL_MonitorLock *monitorLock3)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(monitorLock);
+ PKIX_TEST_DECREF_BC(monitorLock2);
+ PKIX_TEST_DECREF_BC(monitorLock3);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+int
+test_monitorlock(int argc, char *argv[])
+{
+
+ PKIX_PL_MonitorLock *monitorLock, *monitorLock2, *monitorLock3;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("MonitorLocks");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_MonitorLock_Create");
+ createMonitorLockes(&monitorLock, &monitorLock2, &monitorLock3);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(monitorLock,
+ monitorLock3,
+ monitorLock2,
+ NULL,
+ MonitorLock,
+ PKIX_FALSE);
+
+ subTest("PKIX_PL_MonitorLock_Lock/Unlock");
+ testLock(monitorLock);
+
+ subTest("PKIX_PL_MonitorLock_Destroy");
+ testDestroy(monitorLock, monitorLock2, monitorLock3);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("MonitorLockes");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c
new file mode 100644
index 0000000000..bb0e7a0246
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex.c
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex.c
+ *
+ * Tests basic mutex object functionality. No multi-threading.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createMutexes(
+ PKIX_PL_Mutex **mutex,
+ PKIX_PL_Mutex **mutex2,
+ PKIX_PL_Mutex **mutex3)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex2, plContext));
+
+ *mutex3 = *mutex;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*mutex3, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testLock(PKIX_PL_Mutex *mutex)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Lock(mutex, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Unlock(mutex, plContext));
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_Mutex *mutex,
+ PKIX_PL_Mutex *mutex2,
+ PKIX_PL_Mutex *mutex3)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(mutex);
+ PKIX_TEST_DECREF_BC(mutex2);
+ PKIX_TEST_DECREF_BC(mutex3);
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+int
+test_mutex(int argc, char *argv[])
+{
+
+ PKIX_PL_Mutex *mutex, *mutex2, *mutex3;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Mutexes");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_Mutex_Create");
+ createMutexes(&mutex, &mutex2, &mutex3);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(mutex,
+ mutex3,
+ mutex2,
+ NULL,
+ Mutex,
+ PKIX_FALSE);
+
+ subTest("PKIX_PL_Mutex_Lock/Unlock");
+ testLock(mutex);
+
+ subTest("PKIX_PL_Mutex_Destroy");
+ testDestroy(mutex, mutex2, mutex3);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Mutexes");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c
new file mode 100644
index 0000000000..197eba2b44
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c
@@ -0,0 +1,166 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex2.c
+ *
+ * Tests multi-threaded functionality of Mutex
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static int box1 = 0, box2 = 0, box3 = 0;
+static PKIX_PL_Mutex *mutex;
+static PRCondVar *cv;
+static void *plContext = NULL;
+
+static void
+consumer(/* ARGSUSED */ void *arg)
+{
+ PRStatus status = PR_SUCCESS;
+ PKIX_Error *errorResult;
+ int i = 0;
+ for (i = 0; i < 5; i++) {
+ (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+ while (((box1 == 0) ||
+ (box2 == 0) ||
+ (box3 == 0)) &&
+ (status == PR_SUCCESS))
+ status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+ (void)printf("\tConsumer got Box1 = %d ", box1);
+ box1 = 0;
+ (void)printf("Box2 = %d ", box2);
+ box2 = 0;
+ (void)printf("Box3 = %d\n", box3);
+ box3 = 0;
+
+ status = PR_NotifyAllCondVar(cv);
+ if (status == PR_FAILURE)
+ (void)printf("Consumer error while notifying condvar\n");
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+ }
+ (void)printf("Consumer exiting...\n");
+}
+
+static void
+producer(void *arg)
+{
+ PRStatus status = PR_SUCCESS;
+ int value = *(int *)arg;
+ int i = 0;
+ int *box;
+ PKIX_Error *errorResult;
+ if (value == 10)
+ box = &box1;
+ else if (value == 20)
+ box = &box2;
+ else if (value == 30)
+ box = &box3;
+
+ for (i = 0; i < 5; i++) {
+ (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+ while ((*box != 0) && (status == PR_SUCCESS))
+ status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+ *box = i + 1;
+ (void)printf("\tProducer %d put value: %d\n", value, *box);
+
+ status = PR_NotifyAllCondVar(cv);
+ if (status == PR_FAILURE)
+ (void)printf("Producer %d error while notifying condvar\n",
+ value);
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+ }
+}
+
+int
+test_mutex2(int argc, char *argv[])
+{
+
+ PRThread *consThread, *prodThread, *prodThread2, *prodThread3;
+ int x = 10, y = 20, z = 30;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Mutex and Threads");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ (void)printf("Attempting to create new mutex...\n");
+ subTest("Mutex Creation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+
+ cv = PR_NewCondVar(*(PRLock **)mutex);
+
+ subTest("Starting consumer thread");
+ consThread = PR_CreateThread(PR_USER_THREAD,
+ consumer,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 1");
+ prodThread = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &x,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 2");
+ prodThread2 = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &y,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ subTest("Starting producer thread 3");
+ prodThread3 = PR_CreateThread(PR_USER_THREAD,
+ producer,
+ &z,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ PR_JoinThread(consThread);
+
+ (void)PR_DestroyCondVar(cv);
+ PKIX_TEST_DECREF_BC(mutex);
+
+ /*
+ * Note: we should also be freeing each thread's stack, but we
+ * don't have access to the prodThread->stack variable (since
+ * it is not exported). As a result, we have 120 bytes of memory
+ * leakage.
+ */
+
+ PR_Free(prodThread);
+ PR_Free(prodThread2);
+ PR_Free(prodThread3);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Mutex and Threads");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c
new file mode 100644
index 0000000000..9f42f629b1
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex3.c
+ *
+ * Tests multi-threaded functionality of Mutex
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_Mutex *mutex;
+static void *plContext = NULL;
+
+static void
+t1(/* ARGSUSED */ void *arg)
+{
+ PKIX_Error *errorResult;
+
+ (void)printf("t1 acquiring lock...\n");
+ errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Lock failed");
+
+ (void)printf("t1 sleeplng for 3 seconds\n");
+ PR_Sleep(PR_SecondsToInterval(3));
+ (void)printf("t1 releasing lock...\n");
+
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+
+ (void)printf("t1 exiting...\n");
+}
+
+static void
+t2(/* ARGSUSED */ void *arg)
+{
+ PKIX_Error *errorResult;
+
+ (void)printf("t2 acquiring lock...\n");
+ errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Lock failed");
+
+ (void)printf("t2 releasing lock...\n");
+ errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+ if (errorResult)
+ testError("PKIX_PL_Mutex_Unlock failed");
+
+ (void)printf("t2 exiting...\n");
+}
+
+int
+test_mutex3(int argc, char *argv[])
+{
+ PRThread *thread, *thread2;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Mutex and Threads");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("Mutex Creation");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+
+ subTest("Starting thread");
+ thread = PR_CreateThread(PR_USER_THREAD,
+ t1,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ thread2 = PR_CreateThread(PR_USER_THREAD,
+ t2,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ PR_JoinThread(thread2);
+ PR_JoinThread(thread);
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(mutex);
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Mutex and Threads");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_object.c b/security/nss/cmd/libpkix/pkix_pl/system/test_object.c
new file mode 100644
index 0000000000..ebb691ba63
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_object.c
@@ -0,0 +1,281 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_object.c
+ *
+ * Test Object Allocation, toString, Equals, Destruction
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+destructor(
+ /* ARGSUSED */ PKIX_PL_Object *object,
+ /* ARGSUSED */ void *plContext)
+{
+ (void)printf("\tUser defined destructor called\n");
+ return (NULL);
+}
+
+static PKIX_Error *
+toStringCallback(
+ PKIX_PL_Object *obj,
+ PKIX_PL_String **pString,
+ /* ARGSUSED */ void *plContext)
+{
+
+ PKIX_Error *errorResult;
+ PKIX_UInt32 type;
+ char *format = "(addr: %x, type: %d)";
+ PKIX_PL_String *formatString = NULL;
+
+ errorResult = PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ format,
+ PL_strlen(format),
+ &formatString,
+ plContext);
+ if (errorResult)
+ testError("PKIX_PL_String_Create failed");
+
+ if (pString == plContext)
+ testError("Null String");
+
+ type = (unsigned int)0;
+
+ (void)PKIX_PL_Object_GetType(obj, &type, plContext);
+
+ errorResult = PKIX_PL_Sprintf(pString, plContext,
+ formatString,
+ (int)obj, type);
+ if (errorResult)
+ testError("PKIX_PL_Sprintf failed");
+
+ errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString,
+ plContext);
+ if (errorResult)
+ testError("PKIX_PL_Object_DecRef failed");
+
+ return (NULL);
+}
+
+static PKIX_Error *
+comparator(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Int32 *pValue,
+ /* ARGSUSED */ void *plContext)
+{
+ if (*(char *)first > *(char *)second)
+ *pValue = 1;
+ else if (*(char *)first < *(char *)second)
+ *pValue = -1;
+ else
+ *pValue = 0;
+ return (NULL);
+}
+
+static PKIX_Error *
+hashcodeCallback(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pValue,
+ /* ARGSUSED */ void *plContext)
+{
+ *pValue = 123456789;
+ return (NULL);
+}
+
+static PKIX_Error *
+equalsCallback(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *result,
+ void *plContext)
+{
+
+ PKIX_UInt32 firstType = 0, secondType = 0;
+
+ if ((first == plContext) || (second == plContext))
+ testError("Null Object");
+
+ (void)PKIX_PL_Object_GetType(first, &firstType, plContext);
+
+ (void)PKIX_PL_Object_GetType(second, &secondType, plContext);
+
+ *result = (firstType == secondType) ? PKIX_TRUE : PKIX_FALSE;
+
+ return (NULL);
+}
+
+static void
+createObjects(
+ PKIX_PL_Object **obj,
+ PKIX_PL_Object **obj2,
+ PKIX_PL_Object **obj3,
+ PKIX_PL_Object **obj4)
+{
+ PKIX_TEST_STD_VARS();
+
+#ifdef PKIX_USER_OBJECT_TYPE
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(1000, /* type */
+ "thousand", /* description */
+ NULL, /* destructor */
+ NULL, /* equals */
+ (PKIX_PL_HashcodeCallback)hashcodeCallback,
+ NULL, /* toString */
+ NULL, /* Comparator */
+ NULL,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(1000, /* type */
+ 12, /* size */
+ obj,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(2000, /* type */
+ "two thousand" /* description */,
+ (PKIX_PL_DestructorCallback)destructor,
+ (PKIX_PL_EqualsCallback)equalsCallback,
+ NULL, /* hashcode */
+ (PKIX_PL_ToStringCallback)toStringCallback,
+ (PKIX_PL_ComparatorCallback)comparator,
+ NULL,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+ 1, /* size */
+ obj2,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+ 1, /* size */
+ obj4,
+ plContext));
+
+ *obj3 = *obj;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext));
+
+cleanup:
+#endif /* PKIX_USER_OBJECT_TYPE */
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetType(
+ PKIX_PL_Object *obj,
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj3)
+{
+ PKIX_UInt32 testType;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj, &testType, plContext));
+
+ if (testType != 1000)
+ testError("Object 1 returned the wrong type");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj2, &testType, plContext));
+ if (testType != 2000)
+ testError("Object 2 returned the wrong type");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj3, &testType, plContext));
+ if (testType != 1000)
+ testError("Object 3 returned the wrong type");
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj4)
+{
+ PKIX_Int32 cmpResult;
+ PKIX_TEST_STD_VARS();
+
+ *(char *)obj2 = 0x20;
+ *(char *)obj4 = 0x10;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj2, obj4, &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from Object Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj2, &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from Object Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj4, &cmpResult, plContext));
+
+ *(char *)obj2 = 0x10;
+ if (cmpResult != 0)
+ testError("Invalid Result from Object Compare");
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_Object *obj,
+ PKIX_PL_Object *obj2,
+ PKIX_PL_Object *obj3,
+ PKIX_PL_Object *obj4)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(obj);
+ PKIX_TEST_DECREF_BC(obj2);
+ PKIX_TEST_DECREF_BC(obj3);
+ PKIX_TEST_DECREF_BC(obj4);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_object(int argc, char *argv[])
+{
+
+#ifdef PKIX_USER_OBJECT_TYPE
+ PKIX_PL_Object *obj, *obj2, *obj3, *obj4;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Objects");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_Object_Create");
+ createObjects(&obj, &obj2, &obj3, &obj4);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(obj, obj3, obj2, NULL, Object, PKIX_FALSE);
+
+ subTest("PKIX_PL_Object_GetType");
+ testGetType(obj, obj2, obj3);
+
+ subTest("PKIX_PL_Object_Compare");
+ testCompare(obj2, obj4);
+
+ subTest("PKIX_PL_Object_Destroy");
+ testDestroy(obj, obj2, obj3, obj4);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("Objects");
+#endif /* PKIX_USER_OBJECT_TYPE */
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c b/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c
new file mode 100644
index 0000000000..09cddaeea9
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_oid.c
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_oid.c
+ *
+ * Test OID Types
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createOID(
+ PKIX_PL_OID **testOID,
+ char *oidAscii,
+ PKIX_Boolean errorHandling)
+{
+ PKIX_TEST_STD_VARS();
+
+ if (errorHandling) {
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+ } else {
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+ PKIX_PL_OID *oid,
+ char *expAscii)
+{
+ PKIX_PL_String *oidString = NULL;
+ char *temp = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)oid,
+ &oidString, plContext));
+
+ temp = PKIX_String2ASCII(oidString, plContext);
+ if (temp == NULL) {
+ testError("PKIX_String2Ascii failed");
+ goto cleanup;
+ }
+
+ if (PL_strcmp(temp, expAscii) != 0) {
+ (void)printf("\tOid ToString: %s %s\n", temp, expAscii);
+ testError("Output string does not match source");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+ PKIX_TEST_DECREF_AC(oidString);
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+ PKIX_PL_OID *oid0,
+ PKIX_PL_OID *oid1,
+ PKIX_PL_OID *oid2,
+ PKIX_PL_OID *oid3)
+{
+ PKIX_Int32 cmpResult;
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid0,
+ (PKIX_PL_Object *)oid1,
+ &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid0,
+ &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid2,
+ &cmpResult, plContext));
+ if (cmpResult >= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid2,
+ (PKIX_PL_Object *)oid1,
+ &cmpResult, plContext));
+ if (cmpResult <= 0)
+ testError("Invalid Result from OID Compare");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+ (PKIX_PL_Object *)oid3,
+ &cmpResult, plContext));
+ if (cmpResult != 0)
+ testError("Invalid Result from OID Compare");
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_OID *oid)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(oid);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_oid(int argc, char *argv[])
+{
+
+ PKIX_PL_OID *testOID[6] = { NULL };
+ PKIX_PL_OID *badTestOID = NULL;
+ PKIX_UInt32 i, size = 6;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ char *validOID[6] = {
+ "2.11.22222.33333",
+ "1.2.3.004.5.6.7",
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "1.2.3",
+ "2.39.3"
+ };
+
+ char *expected[6] = {
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "2.11.22222.33333",
+ "1.2.3.4.5.6.7",
+ "1.2.3",
+ "2.39.3"
+ };
+
+ char *badOID[11] = {
+ "1.2.4294967299",
+ "this. is. a. bad. oid",
+ "00a1000.002b",
+ "100.-5.10",
+ "1.2..3",
+ ".1.2.3",
+ "1.2.3.",
+ "00010.1.2.3",
+ "1.000041.2.3",
+ "000000000000000000000000000000000000000010.3.2",
+ "1"
+ };
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("OIDs");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_Create");
+ createOID(&testOID[i], validOID[i], PKIX_FALSE);
+ }
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testOID[0],
+ testOID[2],
+ testOID[1],
+ NULL,
+ OID,
+ PKIX_FALSE);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_ToString");
+ testToString(testOID[i], expected[i]);
+ }
+
+ subTest("PKIX_PL_OID_Compare");
+ testCompare(testOID[0], testOID[1], testOID[2], testOID[3]);
+
+ for (i = 0; i < size; i++) {
+ subTest("PKIX_PL_OID_Destroy");
+ testDestroy(testOID[i]);
+ }
+
+ for (i = 0; i < 11; i++) {
+ subTest("PKIX_PL_OID Error Handling");
+ createOID(&badTestOID, badOID[i], PKIX_TRUE);
+ }
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ endTests("OIDs");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c b/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c
new file mode 100644
index 0000000000..9c09d6479e
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_rwlock.c
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_RWLock *rwlock = NULL, *rwlock2 = NULL, *rwlock3 = NULL;
+static PRThread *thread = NULL, *thread2 = NULL, *thread3 = NULL;
+static void *plContext = NULL;
+
+static void
+reader(void)
+{
+ PKIX_Error *errorResult;
+
+ errorResult = PKIX_PL_AcquireReaderLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
+
+ (void)printf("\t[Thread #1 Read Lock #1.]\n");
+ (void)printf("\t[Thread #1 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+ PKIX_PL_ReleaseReaderLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #1 Read UNLock #1.]\n");
+}
+
+static void
+writer(void)
+{
+ PKIX_Error *errorResult;
+ /* This thread should stick here until lock 1 is released */
+ PKIX_PL_AcquireWriterLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireWriterLock failed");
+
+ (void)printf("\t[Thread #2 Write Lock #1.]\n");
+
+ PKIX_PL_AcquireWriterLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireWriterLock failed");
+ (void)printf("\t[Thread #2 Write Lock #2.]\n");
+
+ (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+
+ PKIX_PL_ReleaseWriterLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseWriterLock failed");
+ (void)printf("\t[Thread #2 Write UNLock #2.]\n");
+
+ (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+
+ PKIX_PL_ReleaseWriterLock(rwlock, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseWriterLock failed");
+ (void)printf("\t[Thread #2 Write UNLock #1.]\n");
+
+ PR_JoinThread(thread3);
+}
+
+static void
+reader2(void)
+{
+ PKIX_Error *errorResult;
+ /* Reader 2 should yield here until the writer is done */
+
+ PKIX_PL_AcquireReaderLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
+
+ (void)printf("\t[Thread #3 Read Lock #2.]\n");
+
+ PKIX_PL_AcquireReaderLock(rwlock3, NULL);
+ if (errorResult)
+ testError("PKIX_PL_AcquireReaderLock failed");
+ (void)printf("\t[Thread #3 Read Lock #3.]\n");
+
+ (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+
+ PKIX_PL_ReleaseReaderLock(rwlock3, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #3 Read UNLock #3.]\n");
+
+ (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+ PR_Sleep(PR_SecondsToInterval(1));
+
+ PKIX_PL_ReleaseReaderLock(rwlock2, NULL);
+ if (errorResult)
+ testError("PKIX_PL_ReleaseReaderLock failed");
+ (void)printf("\t[Thread #3 Read UNLock #2.]\n");
+}
+
+int
+test_rwlock()
+{
+ PKIX_PL_String *outputString = NULL;
+ PKIX_UInt32 j = 0;
+ PKIX_Boolean bool;
+ PKIX_UInt32 actualMinorVersion;
+
+ PKIX_TEST_STD_VARS();
+ startTests("RWLocks");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ (void)printf("Attempting to create new rwlock...\n");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock2, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock3, plContext));
+
+ /* Test toString functionality */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)rwlock, &outputString, plContext));
+
+ (void)printf("Testing RWLock toString: %s\n",
+ PKIX_String2ASCII(outputString));
+
+ PKIX_TEST_DECREF_BC(outputString);
+
+ /* Call Equals on two different objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+ (PKIX_PL_Object *)rwlock2,
+ &bool,
+ plContext));
+
+ (void)printf("Testing RWLock Equals: %d (should be 0)\n", bool);
+
+ if (bool != 0)
+ testError("Error in RWLock_Equals");
+
+ /* Call Equals on two equal objects */
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+ (PKIX_PL_Object *)rwlock, &bool, plContext));
+
+ (void)printf("Testing RWLock Equals: %d (should be 1)\n", bool);
+ if (bool != 1)
+ testError("Error in RWLock_Equals");
+
+ subTest("Multi-Thread Read/Write Lock Testing");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_AcquireReaderLock(rwlock, plContext));
+ (void)printf("\t[Main Thread Read Lock #1.]\n");
+
+ thread = PR_CreateThread(PR_USER_THREAD,
+ reader,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ thread2 = PR_CreateThread(PR_USER_THREAD,
+ writer,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ thread3 = PR_CreateThread(PR_USER_THREAD,
+ reader2,
+ NULL,
+ PR_PRIORITY_NORMAL,
+ PR_LOCAL_THREAD,
+ PR_JOINABLE_THREAD,
+ 0);
+
+ PR_JoinThread(thread);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ReleaseReaderLock(rwlock, plContext));
+ (void)printf("\t[Main Thread Read Unlock #1.]\n");
+
+ PR_JoinThread(thread2);
+
+cleanup:
+
+ /* Test destructor */
+ subTest("Testing destructor...");
+ PKIX_TEST_DECREF_AC(rwlock);
+ PKIX_TEST_DECREF_AC(rwlock2);
+ PKIX_TEST_DECREF_AC(rwlock3);
+
+ pkixTestTempResult = PKIX_Shutdown(plContext);
+ if (pkixTestTempResult)
+ pkixTestErrorResult = pkixTestTempResult;
+
+ PKIX_TEST_RETURN();
+
+ endTests("RWLocks");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_string.c b/security/nss/cmd/libpkix/pkix_pl/system/test_string.c
new file mode 100644
index 0000000000..9b84f94d9c
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_string.c
@@ -0,0 +1,434 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_string.c
+ *
+ * Tests Strings.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createString(
+ PKIX_PL_String **testString,
+ PKIX_UInt32 format,
+ char *stringAscii,
+ PKIX_UInt32 length)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(format, stringAscii, length, testString, plContext));
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+createStringOther(
+ PKIX_PL_String **testEscAscii,
+ PKIX_PL_String **testUtf16,
+ PKIX_PL_String **ampString,
+ PKIX_PL_String **testDebugAscii,
+ PKIX_PL_String **testNullString,
+ PKIX_UInt32 *utf16data)
+{
+ char *nullText = "Hi&#x0000; there!";
+
+ char *escAsciiString =
+ "&#x00A1;&#x00010000;&#x0FFF;&#x00100001;";
+
+ char *debugAsciiString =
+ "string with&#x000A;newlines and&#x0009;tabs";
+
+ char *utfAmp = "\x00&";
+
+ PKIX_TEST_STD_VARS();
+
+ createString(testEscAscii,
+ PKIX_ESCASCII,
+ escAsciiString,
+ PL_strlen(escAsciiString));
+
+ createString(testUtf16, PKIX_UTF16, (char *)utf16data, 12);
+
+ createString(ampString, PKIX_UTF16, utfAmp, 2);
+
+ createString(testDebugAscii,
+ PKIX_ESCASCII_DEBUG,
+ debugAsciiString,
+ PL_strlen(debugAsciiString));
+
+ createString(testNullString,
+ PKIX_ESCASCII_DEBUG,
+ nullText,
+ PL_strlen(nullText));
+
+ goto cleanup;
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetEncoded(
+ PKIX_PL_String *testEscAscii,
+ PKIX_PL_String *testString0,
+ PKIX_PL_String *testDebugAscii,
+ PKIX_PL_String *testNullString,
+ PKIX_UInt32 *utf16data)
+{
+ char *temp = NULL;
+ void *dest = NULL;
+ void *dest2 = NULL;
+ char *plainText = "string with\nnewlines and\ttabs";
+ PKIX_UInt32 length, length2, i;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testEscAscii,
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+ for (i = 0; i < length; i++) {
+ if (((char *)dest)[i] != ((char *)utf16data)[i]) {
+ testError("UTF-16 Data Differs from Source");
+ printf("%d-th char is different -%c-%c-\n", i,
+ ((char *)dest)[i], ((char *)utf16data)[i]);
+ }
+ }
+
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testNullString,
+ PKIX_UTF16,
+ &dest,
+ &length,
+ plContext));
+
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testString0,
+ PKIX_ESCASCII_DEBUG,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testDebugAscii,
+ PKIX_ESCASCII_DEBUG,
+ &dest2,
+ &length2,
+ plContext));
+
+ for (i = 0; (i < length) && (i < length2); i++)
+ if (((char *)dest)[i] != ((char *)dest2)[i]) {
+ testError("Equivalent strings are unequal");
+ break;
+ }
+
+ length = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ length2 = 0;
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest2, plContext));
+
+ temp = PKIX_String2ASCII(testDebugAscii, plContext);
+ if (temp) {
+ if (PL_strcmp(plainText, temp) != 0)
+ testError("Debugged ASCII does not match "
+ "equivalent EscAscii");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testSprintf(void)
+{
+ PKIX_Int32 x = 0xCAFE;
+ PKIX_Int32 y = -12345;
+ PKIX_PL_String *testString = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *sprintfString = NULL;
+ char *plainText = "Testing Sprintf";
+ char *format = "%s %x %u %d";
+ char *convertedFormat = "%s %lx %lu %ld";
+ char *temp = NULL;
+ char *temp2 = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ plainText,
+ PL_strlen(plainText),
+ &testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ format,
+ 11,
+ &formatString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Sprintf(&sprintfString,
+ plContext,
+ formatString,
+ testString, x, y, y));
+ PKIX_TEST_DECREF_BC(testString);
+
+ temp = PR_smprintf(convertedFormat, plainText, x, y, y);
+ temp2 = PKIX_String2ASCII(sprintfString, plContext);
+
+ if (PL_strcmp(temp, temp2) != 0)
+ testError("Sprintf produced incorrect output");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp2, plContext));
+
+ PKIX_TEST_DECREF_BC(sprintfString);
+
+ PKIX_TEST_DECREF_BC(formatString);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testErrorHandling(void)
+{
+ char *debugAsciiString =
+ "string with&#x000A;newlines and&#x0009;tabs";
+
+ PKIX_PL_String *testString = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ NULL,
+ 50,
+ &testString,
+ plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+ "blah", 4, NULL, plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_Sprintf(&testString, plContext, NULL));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, NULL, &testString, plContext));
+
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, "blah", 0, plContext));
+
+ /* ---------------------------- */
+ subTest("Unicode Error Handling");
+
+ /* &#x must be followed by 4 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x003k;",
+ 7,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 4 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "abc&#x00",
+ 8,
+ &testString,
+ plContext));
+
+ /* &#x must be between 00010000-0010FFFF */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x00200101;",
+ 11,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 8 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x001000",
+ 10,
+ &testString,
+ plContext));
+
+ /* &#x must be followed by 8 hexadecimal digits */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x0010m00;",
+ 10,
+ &testString,
+ plContext));
+
+ /* Byte values D800-DFFF are reserved */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#xD800;",
+ 7,
+ &testString,
+ plContext));
+
+ /* Can't use &#x for regular characters */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&#x0032;",
+ 7,
+ &testString,
+ plContext));
+
+ /* Can't use non-printable characters */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "\xA1",
+ 1,
+ &testString,
+ plContext));
+
+ /* Only legal \\ characters are \\, u and U */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ "&blah",
+ 5,
+ &testString,
+ plContext));
+
+ /* Surrogate pairs must be legal */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF16,
+ "\xd8\x00\x0\x66",
+ 4,
+ &testString,
+ plContext));
+
+ /* Debugged EscASCII should not be accepted as EscASCII */
+ PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ debugAsciiString,
+ PL_strlen(debugAsciiString),
+ &testString,
+ plContext));
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_String *string)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(string);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_string(int argc, char *argv[])
+{
+
+ PKIX_PL_String *testString[6] = { NULL };
+ PKIX_PL_String *testNullString = NULL;
+ PKIX_PL_String *testDebugAscii = NULL;
+ PKIX_PL_String *testEscAscii = NULL;
+ PKIX_PL_String *testUtf16 = NULL;
+ PKIX_PL_String *ampString = NULL;
+ unsigned char utf16Data[] = { 0x00, 0xA1, 0xD8, 0x00,
+ 0xDC, 0x00, 0x0F, 0xFF,
+ 0xDB, 0xC0, 0xDC, 0x01 };
+ PKIX_UInt32 i, size = 6;
+
+ char *plainText[6] = {
+ "string with\nnewlines and\ttabs",
+ "Not an escaped char: &amp;#x0012;",
+ "Encode &amp; with &amp;amp; in ASCII",
+ "&#x00A1;",
+ "&amp;",
+ "string with\nnewlines and\ttabs"
+ };
+
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Strings");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_String_Create <ascii format>");
+ for (i = 0; i < size; i++) {
+ testString[i] = NULL;
+ createString(&testString[i],
+ PKIX_ESCASCII,
+ plainText[i],
+ PL_strlen(plainText[i]));
+ }
+
+ subTest("PKIX_PL_String_Create <other formats>");
+ createStringOther(&testEscAscii,
+ &testUtf16,
+ &ampString,
+ &testDebugAscii,
+ &testNullString,
+ (PKIX_UInt32 *)utf16Data);
+
+ PKIX_TEST_EQ_HASH_TOSTR_DUP(testString[0],
+ testString[5],
+ testString[1],
+ plainText[0],
+ String,
+ PKIX_TRUE);
+
+ subTest("PKIX_PL_String_GetEncoded");
+ testGetEncoded(testEscAscii,
+ testString[0],
+ testDebugAscii,
+ testNullString,
+ (PKIX_UInt32 *)utf16Data);
+
+ subTest("PKIX_PL_Sprintf");
+ testSprintf();
+
+ subTest("PKIX_PL_String_Create <error_handling>");
+ testErrorHandling();
+
+ subTest("PKIX_PL_String_Destroy");
+ for (i = 0; i < size; i++) {
+ testDestroy(testString[i]);
+ }
+ testDestroy(testEscAscii);
+ testDestroy(testUtf16);
+ testDestroy(ampString);
+ testDestroy(testDebugAscii);
+ testDestroy(testNullString);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("String");
+
+ return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c b/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c
new file mode 100644
index 0000000000..c76d1e9ac8
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/system/test_string2.c
@@ -0,0 +1,337 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_string2.c
+ *
+ * Tests International Strings
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createString(
+ PKIX_PL_String **vivaEspanaString,
+ PKIX_PL_String **straussString,
+ PKIX_PL_String **gorbachevString,
+ PKIX_PL_String **testUTF16String,
+ PKIX_PL_String **chineseString,
+ PKIX_PL_String **jeanRenoString)
+{
+ /* this is meant to fail - it highlights bug 0002 */
+ unsigned char utf16String[4] = { 0xF8, 0x60,
+ 0xFC, 0x60 };
+
+ unsigned char chinese[16] = { 0xe7, 0xab, 0xa0,
+ 0xe5, 0xad, 0x90,
+ 0xe6, 0x80, 0xa1,
+ 0x20,
+ 0xe4, 0xb8, 0xad,
+ 0xe5, 0x9b, 0xbd };
+
+ char *jeanReno = "Jean R\303\251no is an actor.";
+ char *gorbachev = /* This is the name "Gorbachev" in cyrllic */
+ "\xd0\x93\xd0\xbe\xd1\x80\xd0\xb1\xd0\xb0\xd1\x87\xd1\x91\xd0\xb2";
+
+ char *vivaEspana =
+ "&#x00A1;Viva Espa&#x00f1;a!";
+
+ char *strauss =
+ "Strau&#x00Df; was born in &#x00D6;sterreich";
+
+ PKIX_TEST_STD_VARS();
+
+ /* ---------------------------- */
+ subTest("String Creation");
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ vivaEspana,
+ PL_strlen(vivaEspana),
+ vivaEspanaString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_ESCASCII,
+ strauss,
+ PL_strlen(strauss),
+ straussString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ gorbachev,
+ PL_strlen(gorbachev),
+ gorbachevString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF16,
+ utf16String,
+ 4,
+ testUTF16String,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ chinese,
+ 16,
+ chineseString,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+ PKIX_UTF8,
+ jeanReno,
+ PL_strlen(jeanReno),
+ jeanRenoString,
+ plContext));
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testGetEncoded(PKIX_PL_String *string, PKIX_UInt32 format)
+{
+ void *dest = NULL;
+ PKIX_UInt32 length;
+
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(string,
+ format,
+ &dest,
+ &length,
+ plContext));
+
+ if (dest) {
+ (void)printf("\tResult: %s\n", (char *)dest);
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ }
+
+cleanup:
+ PKIX_TEST_RETURN();
+}
+
+static void
+testHTMLOutput(
+ PKIX_PL_String *vivaEspanaString,
+ PKIX_PL_String *straussString,
+ PKIX_PL_String *gorbachevString,
+ PKIX_PL_String *testUTF16String,
+ PKIX_PL_String *chineseString,
+ PKIX_PL_String *jeanRenoString)
+{
+ void *dest = NULL;
+ PKIX_UInt32 length;
+
+ FILE *htmlFile = NULL;
+
+ PKIX_TEST_STD_VARS();
+
+ /* Opening a file for output */
+ htmlFile = fopen("utf8.html", "w");
+
+ if (htmlFile != plContext) {
+ (void)fprintf(htmlFile, "<html><head>\n");
+ (void)fprintf(htmlFile, "<meta http-equiv=\"Content-Type\"");
+ (void)fprintf(htmlFile,
+ "content = \"text/html; charset = UTF-8\">\n");
+ (void)fprintf(htmlFile, "</head><body>\n");
+ (void)fprintf(htmlFile, "<font size =\"+2\">\n");
+ } else
+ (void)printf("Could not open HTML file\n");
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testUTF16String,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(chineseString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(jeanRenoString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(vivaEspanaString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(gorbachevString,
+ PKIX_UTF8,
+ &dest,
+ &length,
+ plContext));
+ if (htmlFile != plContext) {
+ (void)printf("%d bytes written to HTML file\n",
+ fwrite(dest, length, 1, htmlFile));
+ (void)fprintf(htmlFile, "<BR>\n");
+ }
+
+ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+ dest = NULL;
+ length = 0;
+
+ if (htmlFile != plContext) {
+ (void)fprintf(htmlFile, "</font>\n");
+ (void)fprintf(htmlFile, "</body></html>\n");
+ (void)fclose(htmlFile);
+ }
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+ PKIX_PL_String *string)
+{
+ PKIX_TEST_STD_VARS();
+
+ PKIX_TEST_DECREF_BC(string);
+
+cleanup:
+
+ PKIX_TEST_RETURN();
+}
+
+int
+test_string2(int argc, char *argv[])
+{
+
+ PKIX_PL_String *vivaEspanaString, *straussString, *testUTF16String;
+ PKIX_PL_String *chineseString, *jeanRenoString, *gorbachevString;
+ PKIX_UInt32 actualMinorVersion;
+ PKIX_UInt32 j = 0;
+
+ PKIX_TEST_STD_VARS();
+
+ startTests("Unicode Strings");
+
+ PKIX_TEST_EXPECT_NO_ERROR(
+ PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+ subTest("PKIX_PL_String_Create");
+ createString(&vivaEspanaString,
+ &straussString,
+ &gorbachevString,
+ &testUTF16String,
+ &chineseString,
+ &jeanRenoString);
+
+ subTest("Converting UTF-16 to EscASCII");
+ testGetEncoded(testUTF16String, PKIX_ESCASCII);
+
+ subTest("Converting UTF-8 to EscASCII");
+ testGetEncoded(chineseString, PKIX_ESCASCII);
+
+ subTest("Converting UTF-8 to EscASCII");
+ testGetEncoded(jeanRenoString, PKIX_ESCASCII);
+
+ subTest("Converting EscASCII to UTF-16");
+ testGetEncoded(vivaEspanaString, PKIX_UTF16);
+
+ subTest("Converting UTF-8 to UTF-16");
+ testGetEncoded(chineseString, PKIX_UTF16);
+
+ subTest("Creating HTML Output File \'utf8.html\'");
+ testHTMLOutput(vivaEspanaString,
+ straussString,
+ gorbachevString,
+ testUTF16String,
+ chineseString,
+ jeanRenoString);
+
+ subTest("Unicode Destructors");
+ testDestroy(testUTF16String);
+ testDestroy(chineseString);
+ testDestroy(jeanRenoString);
+ testDestroy(vivaEspanaString);
+ testDestroy(straussString);
+ testDestroy(gorbachevString);
+
+cleanup:
+
+ PKIX_Shutdown(plContext);
+
+ PKIX_TEST_RETURN();
+
+ endTests("Unicode Strings");
+
+ return (0);
+}