diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix_pl/module')
7 files changed, 2043 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/Makefile b/security/nss/cmd/libpkix/pkix_pl/module/Makefile new file mode 100644 index 0000000000..802e7729d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn new file mode 100644 index 0000000000..50d20d0bb4 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/manifest.mn @@ -0,0 +1,25 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_colcertstore.c \ + test_ekuchecker.c \ + test_pk11certstore.c \ + test_socket.c \ + test_httpcertstore.c \ + $(NULL) + +LIBRARY_NAME = pkixtoolmodule +SHARED_LIBRARY = $(NULL) + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c new file mode 100644 index 0000000000..37169d6ff7 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c @@ -0,0 +1,247 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_colcertstore.c + * + * Test CollectionCertStore Type + * + */ + +#include "testutil.h" + +#include "testutil_nss.h" + +/* When CRL IDP is supported, change NUM_CRLS to 9 */ +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 4 +#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS 15 + +static void *plContext = NULL; + +static PKIX_Error * +testCRLSelectorMatchCallback( + PKIX_CRLSelector *selector, + PKIX_PL_CRL *crl, + PKIX_Boolean *pMatch, + void *plContext) +{ + *pMatch = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +testCertSelectorMatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + *pResult = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +getCertCallback( + PKIX_CertStore *store, + PKIX_CertSelector *certSelector, + PKIX_List **pCerts, + void *plContext) +{ + return (0); +} + +static char * +catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen + + dirLen + + 2, + (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testGetCRL(char *crlDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CRLCallback crlCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_UInt32 numCrl = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + crlDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_PL_CollectionCertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, + &certStore, + plContext)); + + subTest("PKIX_CRLSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback, + NULL, + &crlSelector, + plContext)); + + subTest("PKIX_CertStore_GetCRLCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL)); + + subTest("Getting data from CRL Callback"); + PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, + &numCrl, + plContext)); + + if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { + pkixTestErrorMsg = "unexpected CRL number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(crlList); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +testGetCert(char *certDir) +{ + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, + certDir, + 0, + &dirString, + plContext)); + + subTest("PKIX_PL_CollectionCertStore_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, + &certStore, + plContext)); + + subTest("PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback, + NULL, + &certSelector, + plContext)); + + subTest("PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); + + subTest("Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, + &numCert, + plContext)); + + if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName); +} + +/* Functional tests for CollectionCertStore public functions */ + +int +test_colcertstore(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("CollectionCertStore"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < (3 + j)) { + printUsage(argv[0]); + return (0); + } + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testGetCRL(combinedDir); + testGetCert(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CollectionCertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c new file mode 100644 index 0000000000..ccd05a5bf8 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c @@ -0,0 +1,275 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_ekuchecker.c + * + * Test Extend Key Usage Checker + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +#define PKIX_TEST_MAX_CERTS 10 + +static void *plContext = NULL; + +static void +printUsage1(char *pName) +{ + printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); + printf("[E]oid[,oid]* <data-dir> cert [certs].\n"); +} + +static void +printUsageMax(PKIX_UInt32 numCerts) +{ + printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", + numCerts, PKIX_TEST_MAX_CERTS); +} + +static PKIX_Error * +testCertSelectorMatchCallback( + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) +{ + *pResult = PKIX_TRUE; + + return (0); +} + +static PKIX_Error * +testEkuSetup( + PKIX_ValidateParams *valParams, + char *ekuOidString, + PKIX_Boolean *only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + PKIX_List *ekuList = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_ComCertSelParams *selParams = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_Boolean last_token = PKIX_FALSE; + PKIX_UInt32 i, tokeni; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ValidateParams_GetProcessingParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + /* Get extended key usage OID(s) from command line, separated by "," */ + + if (ekuOidString[0] == '"') { + /* erase doble quotes, if any */ + i = 1; + while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') { + ekuOidString[i - 1] = ekuOidString[i]; + i++; + } + ekuOidString[i - 1] = '\0'; + } + + if (ekuOidString[0] == '\0') { + ekuList = NULL; + } else { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext)); + + /* if OID string start with E, only check for last cert */ + if (ekuOidString[0] == 'E') { + *only4EE = PKIX_TRUE; + tokeni = 2; + i = 1; + } else { + *only4EE = PKIX_FALSE; + tokeni = 1; + i = 0; + } + + while (last_token != PKIX_TRUE) { + while (ekuOidString[tokeni] != ',' && + ekuOidString[tokeni] != '\0') { + tokeni++; + } + if (ekuOidString[tokeni] == '\0') { + last_token = PKIX_TRUE; + } else { + ekuOidString[tokeni] = '\0'; + tokeni++; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext)); + + PKIX_TEST_DECREF_BC(ekuOid); + i = tokeni; + } + } + + /* Set extended key usage link to processing params */ + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext)); + + subTest("PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback, + NULL, + &certSelector, + plContext)); + + subTest("PKIX_CertSelector_SetCommonCertSelectorParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext)); + + subTest("PKIX_ProcessingParams_SetTargetCertConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(procParams); + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuList); + + PKIX_TEST_RETURN(); + + return (0); +} + +static PKIX_Error * +testEkuChecker( + PKIX_ValidateParams *valParams, + PKIX_Boolean only4EE) +{ + PKIX_ProcessingParams *procParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); + + subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); + + if (only4EE == PKIX_FALSE) { + subTest("PKIX_PL_EkuChecker_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(procParams); + + PKIX_TEST_RETURN(); + + return (0); +} + +int +test_ekuchecker(int argc, char *argv[]) +{ + PKIX_List *chain = NULL; + PKIX_ValidateParams *valParams = NULL; + PKIX_ValidateResult *valResult = NULL; + PKIX_UInt32 actualMinorVersion; + char *certNames[PKIX_TEST_MAX_CERTS]; + char *dirName = NULL; + PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; + PKIX_UInt32 chainLength = 0; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_Boolean testValid = PKIX_FALSE; + PKIX_Boolean only4EE = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + if (argc < 5) { + printUsage1(argv[0]); + return (0); + } + + startTests("EKU Checker"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + /* ENE = expect no error; EE = expect error */ + if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { + testValid = PKIX_TRUE; + } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { + testValid = PKIX_FALSE; + } else { + printUsage1(argv[0]); + return (0); + } + + dirName = argv[4 + j]; + + chainLength = (argc - j) - 6; + if (chainLength > PKIX_TEST_MAX_CERTS) { + printUsageMax(chainLength); + } + + for (i = 0; i < chainLength; i++) { + + certNames[i] = argv[6 + i + j]; + certs[i] = NULL; + } + + subTest(argv[1 + j]); + + subTest("Extended-Key-Usage-Checker"); + + subTest("Extended-Key-Usage-Checker - Create Cert Chain"); + + chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); + + subTest("Extended-Key-Usage-Checker - Create Params"); + + valParams = createValidateParams(dirName, + argv[5 + + j], + NULL, + NULL, + NULL, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + PKIX_FALSE, + chain, + plContext); + + subTest("Default CertStore"); + + testEkuSetup(valParams, argv[3 + j], &only4EE); + + testEkuChecker(valParams, only4EE); + + subTest("Extended-Key-Usage-Checker - Validate Chain"); + + if (testValid == PKIX_TRUE) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(chain); + PKIX_TEST_DECREF_AC(valParams); + PKIX_TEST_DECREF_AC(valResult); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("EKU Checker"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c new file mode 100644 index 0000000000..62f86300ab --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c @@ -0,0 +1,300 @@ +/* + * test_httpcertstore.c + * + * Test Httpcertstore Type + * + * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistribution of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistribution in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * Neither the name of Sun Microsystems, Inc. or the names of contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * This software is provided "AS IS," without a warranty of any kind. ALL + * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING + * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE + * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") + * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE + * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS + * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST + * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, + * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY + * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, + * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + * + * You acknowledge that this software is not designed or intended for use in + * the design, construction, operation or maintenance of any nuclear facility. + */ + +#include "testutil.h" +#include "testutil_nss.h" +#include "pkix_pl_common.h" + +static void *plContext = NULL; + +static void +printUsage(char *testname) +{ + char *fmt = + "USAGE: %s [-arenas] certDir certName\n"; + printf(fmt, "test_httpcertstore"); +} + +/* Functional tests for Socket public functions */ +static void +do_other_work(void) +{ /* while waiting for nonblocking I/O to complete */ + (void)PR_Sleep(2 * 60); +} + +PKIX_Error * +PKIX_PL_HttpCertStore_Create( + PKIX_PL_HttpClient *client, /* if NULL, use default Client */ + PKIX_PL_GeneralName *location, + PKIX_CertStore **pCertStore, + void *plContext); + +PKIX_Error * +pkix_pl_HttpCertStore_CreateWithAsciiName( + PKIX_PL_HttpClient *client, /* if NULL, use default Client */ + char *location, + PKIX_CertStore **pCertStore, + void *plContext); + +static PKIX_Error * +getLocation( + PKIX_PL_Cert *certWithAia, + PKIX_PL_GeneralName **pLocation, + void *plContext) +{ + PKIX_List *aiaList = NULL; + PKIX_UInt32 size = 0; + PKIX_PL_InfoAccess *aia = NULL; + PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN; + PKIX_PL_GeneralName *location = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Getting Authority Info Access"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certWithAia, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType(aia, &iaType, plContext)); + + if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) { + pkixTestErrorMsg = "unexpected location type in AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(aia, &location, plContext)); + + *pLocation = location; + +cleanup: + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(aia); + + PKIX_TEST_RETURN(); + + return (NULL); +} + +int +test_httpcertstore(int argc, char *argv[]) +{ + + PKIX_UInt32 i = 0; + PKIX_UInt32 numCerts = 0; + PKIX_UInt32 numCrls = 0; + int j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 length = 0; + + char *certName = NULL; + char *certDir = NULL; + PKIX_PL_Cert *cmdLineCert = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_PL_GeneralName *location = NULL; + PKIX_CertStore_CertCallback getCerts = NULL; + PKIX_List *certs = NULL; + char *asciiResult = NULL; + void *nbio = NULL; + + PKIX_PL_CRL *crl = NULL; + PKIX_CRLSelector *crlSelector = NULL; + char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL" + "files/BasicHTTPURIPeer2CACRL.crl"; + PKIX_CertStore_CRLCallback getCrls = NULL; + PKIX_List *crls = NULL; + PKIX_PL_String *crlString = NULL; + + PKIX_TEST_STD_VARS(); + + startTests("HttpCertStore"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc != (j + 3)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Missing command line argument."; + goto cleanup; + } + + certDir = argv[++j]; + certName = argv[++j]; + + cmdLineCert = createCert(certDir, certName, plContext); + if (cmdLineCert == NULL) { + pkixTestErrorMsg = "Unable to create Cert"; + goto cleanup; + } + + /* muster arguments to create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(getLocation(cmdLineCert, &location, plContext)); + + if (location == NULL) { + pkixTestErrorMsg = "Give me a cert with an HTTP URI!"; + goto cleanup; + } + + /* create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create(NULL, location, &certStore, plContext)); + + /* get the GetCerts callback */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCerts, plContext)); + + /* create a CertSelector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); + + /* Get the certs */ + PKIX_TEST_EXPECT_NO_ERROR(getCerts(certStore, certSelector, &nbio, &certs, plContext)); + + while (nbio != NULL) { + /* poll for a completion */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue(certStore, certSelector, &nbio, &certs, plContext)); + } + + if (certs) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + if (numCerts == 0) { + printf("HttpCertStore returned an empty Cert list\n"); + goto cleanup; + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, + i, + (PKIX_PL_Object **)&cert, + plContext)); + + asciiResult = PKIX_Cert2ASCII(cert); + + printf("CERT[%d]:\n%s\n", i, asciiResult); + + /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); + asciiResult = NULL; + + PKIX_TEST_DECREF_BC(cert); + } + } else { + printf("HttpCertStore returned a NULL Cert list\n"); + } + + /* create HttpCertStore */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName(NULL, crlLocation, &crlStore, plContext)); + + /* get the GetCrls callback */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrls, plContext)); + + /* create a CrlSelector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &crlSelector, plContext)); + + /* Get the crls */ + PKIX_TEST_EXPECT_NO_ERROR(getCrls(crlStore, crlSelector, &nbio, &crls, plContext)); + + while (nbio != NULL) { + /* poll for a completion */ + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue(crlStore, crlSelector, &nbio, &crls, plContext)); + } + + if (crls) { + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crls, &numCrls, plContext)); + + if (numCrls == 0) { + printf("HttpCertStore returned an empty CRL list\n"); + goto cleanup; + } + + for (i = 0; i < numCrls; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(crls, + i, + (PKIX_PL_Object **)&crl, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString( + (PKIX_PL_Object *)crl, + &crlString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(crlString, + PKIX_ESCASCII, + (void **)&asciiResult, + &length, + plContext)); + + printf("CRL[%d]:\n%s\n", i, asciiResult); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); + PKIX_TEST_DECREF_BC(crlString); + PKIX_TEST_DECREF_BC(crl); + } + } else { + printf("HttpCertStore returned a NULL CRL list\n"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(cmdLineCert); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(location); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(crl); + PKIX_TEST_DECREF_AC(crlString); + PKIX_TEST_DECREF_AC(crls); + + PKIX_TEST_RETURN(); + + endTests("HttpDefaultClient"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c new file mode 100644 index 0000000000..58fceb14f0 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c @@ -0,0 +1,580 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_pk11certstore.c + * + * Test Pk11CertStore Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +/* + * This function creates a certSelector with ComCertSelParams set up to + * select entries whose Subject Name matches that in the given Cert and + * whose validity window includes the Date specified by "validityDate". + */ +static void +test_makeSubjectCertSelector( + PKIX_PL_Cert *certNameToMatch, + PKIX_PL_Date *validityDate, + PKIX_CertSelector **pSelector, + void *plContext) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *subjParams = NULL; + PKIX_PL_X500Name *subjectName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(subjParams, validityDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(subjParams); + PKIX_TEST_DECREF_AC(subjectName); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a certSelector with ComCertSelParams set up to + * select entries containing a Basic Constraints extension with a path + * length of at least the specified "minPathLength". + */ +static void +test_makePathCertSelector( + PKIX_Int32 minPathLength, + PKIX_CertSelector **pSelector, + void *plContext) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *pathParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&pathParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(pathParams, minPathLength, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, pathParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(pathParams); + + PKIX_TEST_RETURN(); +} + +/* + * This function reads a directory-file cert specified by "desiredSubjectCert", + * and decodes the SubjectName. It uses that name to set up the CertSelector + * for a Subject Name match, and then queries the database for matching entries. + * It is intended to test a "smart" database query. + */ +static void +testMatchCertSubject( + char *crlDir, + char *desiredSubjectCert, + char *expectedAscii, + PKIX_PL_Date *validityDate, + void *plContext) +{ + PKIX_UInt32 numCert = 0; + PKIX_PL_Cert *certWithDesiredSubject = NULL; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_CertStore_CertCallback getCert = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext); + + test_makeSubjectCertSelector(certWithDesiredSubject, + validityDate, + &certSelector, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); + + if (numCert > 0) { + /* List should be immutable */ + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext)); + } + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certWithDesiredSubject); + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certList); + + PKIX_TEST_RETURN(); +} + +/* + * This function uses the minimum path length specified by "minPath" to set up + * a CertSelector for a BasicConstraints match, and then queries the database + * for matching entries. It is intended to test the case where there + * is no "smart" database query, so the database will be asked for all + * available certs and the filtering will be done by the interaction of the + * certstore and the selector. + */ +static void +testMatchCertMinPath( + PKIX_Int32 minPath, + char *expectedAscii, + void *plContext) +{ + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_CertStore_CertCallback getCert = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching Certs for minPath"); + + test_makePathCertSelector(minPath, &certSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore, + certSelector, + &nbioContext, + &certList, + plContext)); + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certList); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a crlSelector with ComCrlSelParams set up to + * select entries whose Issuer Name matches that in the given Crl. + */ +static void +test_makeIssuerCRLSelector( + PKIX_PL_CRL *crlNameToMatch, + PKIX_CRLSelector **pSelector, + void *plContext) +{ + PKIX_CRLSelector *selector = NULL; + PKIX_ComCRLSelParams *issuerParams = NULL; + PKIX_PL_X500Name *issuerName = NULL; + PKIX_List *names = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext)); + *pSelector = selector; + +cleanup: + + PKIX_TEST_DECREF_AC(issuerParams); + PKIX_TEST_DECREF_AC(issuerName); + PKIX_TEST_DECREF_AC(names); + + PKIX_TEST_RETURN(); +} + +/* + * This function creates a crlSelector with ComCrlSelParams set up to + * select entries that would be valid at the Date specified by the Date + * criterion. + */ +static void +test_makeDateCRLSelector( + PKIX_PL_Date *dateToMatch, + PKIX_CRLSelector **pSelector, + void *plContext) +{ + PKIX_CRLSelector *selector = NULL; + PKIX_ComCRLSelParams *dateParams = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&dateParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(dateParams, dateToMatch, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, dateParams, plContext)); + *pSelector = selector; + +cleanup: + PKIX_TEST_DECREF_AC(dateParams); + + PKIX_TEST_RETURN(); +} + +/* + * This function reads a directory-file crl specified by "desiredIssuerCrl", + * and decodes the IssuerName. It uses that name to set up the CrlSelector + * for a Issuer Name match, and then queries the database for matching entries. + * It is intended to test the case of a "smart" database query. + */ +static void +testMatchCrlIssuer( + char *crlDir, + char *desiredIssuerCrl, + char *expectedAscii, + void *plContext) +{ + PKIX_UInt32 numCrl = 0; + PKIX_PL_CRL *crlWithDesiredIssuer = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_CertStore_CRLCallback getCrl = NULL; + void *nbioContext = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching CRLs for matching Issuer"); + + crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext); + + test_makeIssuerCRLSelector(crlWithDesiredIssuer, &crlSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(getCrl(crlStore, + crlSelector, + &nbioContext, + &crlList, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext)); + + if (numCrl > 0) { + /* List should be immutable */ + PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(crlList, 0, plContext)); + } + + if (expectedAscii) { + testToStringHelper((PKIX_PL_Object *)crlList, expectedAscii, plContext); + } + +cleanup: + + PKIX_TEST_DECREF_AC(crlWithDesiredIssuer); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(crlList); + + PKIX_TEST_RETURN(); +} + +/* + * This function uses the date specified by "matchDate" to set up the + * CrlSelector for a Date match. It is intended to test the case where there + * is no "smart" database query, so the CertStore should throw an error + * rather than ask the database for all available CRLs and then filter the + * results using the selector. + */ +static void +testMatchCrlDate( + char *dateMatch, + char *expectedAscii, + void *plContext) +{ + PKIX_PL_Date *dateCriterion = NULL; + PKIX_CertStore *crlStore = NULL; + PKIX_CRLSelector *crlSelector = NULL; + PKIX_List *crlList = NULL; + PKIX_CertStore_CRLCallback getCrl = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Searching CRLs for matching Date"); + + dateCriterion = createDate(dateMatch, plContext); + test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext)); + + PKIX_TEST_EXPECT_ERROR(getCrl(crlStore, crlSelector, NULL, &crlList, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(dateCriterion); + PKIX_TEST_DECREF_AC(crlStore); + PKIX_TEST_DECREF_AC(crlSelector); + PKIX_TEST_DECREF_AC(crlList); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(char *pName) +{ + printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName); +} + +/* Functional tests for Pk11CertStore public functions */ + +int +test_pk11certstore(int argc, char *argv[]) +{ + + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_PL_Date *validityDate = NULL; + PKIX_PL_Date *betweenDate = NULL; + char *crlDir = NULL; + char *expectedProfAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 00ca\n" + "\tIssuer: CN=chemistry,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 14:14:06 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(6)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ", [\n" + "\tVersion: v3\n" + "\tSerialNumber: 03\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:52:26 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedValidityAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 03\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tSubject: CN=prof noall,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:52:26 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedMinPathAscii = "([\n" + "\tVersion: v3\n" + "\tSerialNumber: 01\n" + "\tIssuer: CN=science,O=mit,C=us\n" + "\tSubject: CN=science,O=mit,C=us\n" + "\tValidity: [From: Fri Feb 11 12:47:58 2005\n" + "\t To: Mon Jan 18, 2105]\n" + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(10)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "]\n" + ")"; + char *expectedIssuerAscii = "([\n" + "\tVersion: v2\n" + "\tIssuer: CN=physics,O=mit,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 67\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Feb 11 13:51:38 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ")"; + char *expectedDateAscii = "([\n" + "\tVersion: v2\n" + "\tIssuer: CN=science,O=mit,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 65\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Feb 11 13:34:40 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ", [\n" + "\tVersion: v2\n" + "\tIssuer: CN=testing CRL,O=test,C=us\n" + "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n" + "\t Next: Mon Jan 18, 2105]\n" + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n" + "\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 67\n" + "\tReasonCode: 258\n" + "\tRevocationDate: Fri Feb 11 13:14:38 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n" + "\t)\n" + "\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n" + ")"; + + PKIX_TEST_STD_VARS(); + + startTests("Pk11CertStore"); + + if (argc < 3) { + printUsage(argv[0]); + return (0); + } + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + crlDir = argv[j + 2]; + + /* Two certs for prof should be valid now */ + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validityDate, plContext)); + + subTest("Searching Certs for Subject"); + + testMatchCertSubject(crlDir, + "phy2prof.crt", + NULL, /* expectedProfAscii, */ + validityDate, + plContext); + + /* One of the certs was not yet valid at this time. */ + betweenDate = createDate("050210184000Z", plContext); + + subTest("Searching Certs for Subject and Validity"); + + testMatchCertSubject(crlDir, + "phy2prof.crt", + NULL, /* expectedValidityAscii, */ + betweenDate, + plContext); + + testMatchCertMinPath(9, + NULL, /* expectedMinPathAscii, */ + plContext); + + testMatchCrlIssuer(crlDir, + "phys.crl", + NULL, /* expectedIssuerAscii, */ + plContext); + + testMatchCrlDate("050211184000Z", + NULL, /* expectedDateAscii, */ + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(validityDate); + PKIX_TEST_DECREF_AC(betweenDate); + + PKIX_TEST_RETURN(); + + endTests("Pk11CertStore"); + + return (0); +} diff --git a/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c new file mode 100644 index 0000000000..89400256d9 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix_pl/module/test_socket.c @@ -0,0 +1,571 @@ +/* + * test_socket.c + * + * Test Socket Type + * + * Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistribution of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistribution in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * Neither the name of Sun Microsystems, Inc. or the names of contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * This software is provided "AS IS," without a warranty of any kind. ALL + * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING + * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE + * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") + * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE + * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS + * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST + * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, + * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY + * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, + * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + * + * You acknowledge that this software is not designed or intended for use in + * the design, construction, operation or maintenance of any nuclear facility. + */ + +#include "testutil.h" +#include "testutil_nss.h" +#include "pkix_pl_common.h" + +#define LDAP_PORT 389 + +static void *plContext = NULL; + +typedef enum { + SERVER_LISTENING, + SERVER_RECV1, + SERVER_POLL1, + SERVER_SEND2, + SERVER_POLL2, + SERVER_RECV3, + SERVER_POLL3, + SERVER_SEND4, + SERVER_POLL4, + SERVER_DONE, + SERVER_FAILED +} SERVER_STATE; + +typedef enum { + CLIENT_WAITFORCONNECT, + CLIENT_SEND1, + CLIENT_POLL1, + CLIENT_RECV2, + CLIENT_POLL2, + CLIENT_SEND3, + CLIENT_POLL3, + CLIENT_RECV4, + CLIENT_POLL4, + CLIENT_DONE, + CLIENT_FAILED +} CLIENT_STATE; + +SERVER_STATE serverState; +CLIENT_STATE clientState; +PKIX_PL_Socket *sSock = NULL; +PKIX_PL_Socket *cSock = NULL; +PKIX_PL_Socket *rendezvousSock = NULL; +PKIX_PL_Socket_Callback *sCallbackList; +PKIX_PL_Socket_Callback *cCallbackList; +PKIX_PL_Socket_Callback *rvCallbackList; +PRNetAddr serverNetAddr; +PRNetAddr clientNetAddr; +PRIntn backlog = 0; +PRIntervalTime timeout = 0; +char *sendBuf1 = "Hello, world!"; +char *sendBuf2 = "Ack"; +char *sendBuf3 = "What do you mean, \"Ack\"?"; +char *sendBuf4 = "What do you mean, \"What do you mean, \'Ack\'?\"?"; +char rcvBuf1[100]; +char rcvBuf2[100]; + +static void +printUsage(char *testname) +{ + char *fmt = "USAGE: %s [-arenas] server:port\n"; + printf(fmt, testname); +} + +/* Functional tests for Socket public functions */ +static void +do_other_work(void) +{ /* while waiting for nonblocking I/O to complete */ + (void)PR_Sleep(2 * 60); +} + +static PKIX_Boolean +server() +{ + PKIX_Int32 bytesRead = 0; + PKIX_Int32 bytesWritten = 0; + PKIX_Boolean keepGoing = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + switch (serverState) { + case SERVER_LISTENING: + subTest("SERVER_LISTENING"); + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback(sSock, &rendezvousSock, plContext)); + if (rendezvousSock) { + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(rendezvousSock, &rvCallbackList, plContext)); + + serverState = SERVER_RECV1; + } + break; + case SERVER_RECV1: + subTest("SERVER_RECV1"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock, + rcvBuf1, + sizeof(rcvBuf1), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf1 = sendBuf1 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) || + (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + + serverState = SERVER_SEND2; + keepGoing = PKIX_TRUE; + } else { + serverState = SERVER_POLL1; + } + break; + case SERVER_POLL1: + subTest("SERVER_POLL1"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf1 = sendBuf1 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) || + (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + + serverState = SERVER_SEND2; + keepGoing = PKIX_TRUE; + } + break; + case SERVER_SEND2: + subTest("SERVER_SEND2"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock, + sendBuf2, + strlen(sendBuf2) + + 1, + &bytesWritten, + plContext)); + if (bytesWritten > 0) { + serverState = SERVER_RECV3; + } else { + serverState = SERVER_POLL2; + } + break; + case SERVER_POLL2: + subTest("SERVER_POLL2"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + serverState = SERVER_RECV3; + } + break; + case SERVER_RECV3: + subTest("SERVER_RECV3"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock, + rcvBuf1, + sizeof(rcvBuf1), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + serverState = SERVER_SEND4; + keepGoing = PKIX_TRUE; + } else { + serverState = SERVER_POLL3; + } + break; + case SERVER_POLL3: + subTest("SERVER_POLL3"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + serverState = SERVER_SEND4; + keepGoing = PKIX_TRUE; + } + break; + case SERVER_SEND4: + subTest("SERVER_SEND4"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock, + sendBuf4, + strlen(sendBuf4) + + 1, + &bytesWritten, + plContext)); + + if (bytesWritten > 0) { + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext)); + PKIX_TEST_DECREF_BC(sSock); + PKIX_TEST_DECREF_BC(rendezvousSock); + serverState = SERVER_DONE; + } else { + serverState = SERVER_POLL4; + } + break; + case SERVER_POLL4: + subTest("SERVER_POLL4"); + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext)); + PKIX_TEST_DECREF_BC(sSock); + PKIX_TEST_DECREF_BC(rendezvousSock); + serverState = SERVER_DONE; + } + break; + case SERVER_DONE: + default: + subTest("SERVER_DONE"); + break; + } + +cleanup: + + PKIX_TEST_RETURN(); + + return (keepGoing); +} + +static PKIX_Boolean +client() +{ + PKIX_Boolean keepGoing = PKIX_FALSE; + PKIX_Int32 bytesRead = 0; + PKIX_Int32 bytesWritten = 0; + PRErrorCode cStat = 0; + + /* At 2 seconds each cycle, this should suffice! */ + PKIX_UInt32 giveUpCount = 10; + + PKIX_TEST_STD_VARS(); + + switch (clientState) { + case CLIENT_WAITFORCONNECT: + subTest("CLIENT_WAITFORCONNECT"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback(cSock, &cStat, plContext)); + if (cStat == 0) { + clientState = CLIENT_SEND1; + keepGoing = PKIX_TRUE; + } else { + clientState = CLIENT_WAITFORCONNECT; + if (--giveUpCount == 0) { + testError("Client unable to connect"); + } + } + break; + case CLIENT_SEND1: + subTest("CLIENT_SEND1"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock, + sendBuf1, + strlen(sendBuf1) + + 1, + &bytesWritten, + plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV2; + } else { + clientState = CLIENT_POLL1; + } + break; + case CLIENT_POLL1: + subTest("CLIENT_POLL1"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV2; + } else { + clientState = CLIENT_POLL1; + } + break; + case CLIENT_RECV2: + subTest("CLIENT_RECV2"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock, + rcvBuf2, + sizeof(rcvBuf2), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + /* confirm that rcvBuf2 = sendBuf2 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) || + (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + clientState = CLIENT_SEND3; + keepGoing = PKIX_TRUE; + } else { + clientState = CLIENT_POLL2; + } + break; + case CLIENT_POLL2: + subTest("CLIENT_POLL2"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + /* confirm that rcvBuf2 = sendBuf2 */ + if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) || + (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) { + testError("Receive buffer mismatch\n"); + } + clientState = CLIENT_SEND3; + } else { + clientState = CLIENT_POLL2; + } + break; + case CLIENT_SEND3: + subTest("CLIENT_SEND3"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock, + sendBuf3, + strlen(sendBuf3) + + 1, + &bytesWritten, + plContext)); + + if (bytesWritten > 0) { + clientState = CLIENT_RECV4; + } else { + clientState = CLIENT_POLL3; + } + break; + case CLIENT_POLL3: + subTest("CLIENT_POLL3"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext)); + if (bytesWritten > 0) { + clientState = CLIENT_RECV4; + } else { + clientState = CLIENT_POLL3; + } + break; + case CLIENT_RECV4: + subTest("CLIENT_RECV4"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock, + rcvBuf2, + sizeof(rcvBuf2), + &bytesRead, + plContext)); + + if (bytesRead > 0) { + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext)); + PKIX_TEST_DECREF_BC(cSock); + clientState = CLIENT_DONE; + } else { + clientState = CLIENT_POLL4; + } + break; + case CLIENT_POLL4: + subTest("CLIENT_POLL4"); + clientState = CLIENT_FAILED; + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext)); + if (bytesRead > 0) { + PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext)); + PKIX_TEST_DECREF_BC(cSock); + clientState = CLIENT_DONE; + } else { + clientState = CLIENT_POLL4; + } + break; + case CLIENT_DONE: + default: + subTest("CLIENT_DONE"); + break; + } + +cleanup: + + PKIX_TEST_RETURN(); + + return (keepGoing); +} + +static void +dispatcher() +{ + PKIX_Boolean keepGoing = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + do { + if (serverState < SERVER_DONE) { + do { + keepGoing = server(); + } while (keepGoing == PKIX_TRUE); + } + if (clientState < CLIENT_DONE) { + do { + keepGoing = client(); + } while (keepGoing == PKIX_TRUE); + } + do_other_work(); + + } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE)); + + PKIX_TEST_RETURN(); +} + +int +test_socket(int argc, char *argv[]) +{ + + int j = 0; + PKIX_UInt32 actualMinorVersion; + char buf[PR_NETDB_BUF_SIZE]; + char *serverName = NULL; + char *sepPtr = NULL; + PRHostEnt hostent; + PRUint16 portNum = 0; + PRStatus prstatus = PR_FAILURE; + PRErrorCode cStat = 0; + void *ipaddr = NULL; + PKIX_Error *bindError = NULL; + PRIntn hostenum; + + PKIX_TEST_STD_VARS(); + + startTests("Socket"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc != (j + 2)) { + printUsage(argv[0]); + pkixTestErrorMsg = "Missing command line argument."; + goto cleanup; + } + + serverName = argv[j + 1]; + + subTest("Using pkix_pl_Socket_CreateByName"); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext)); + + serverState = SERVER_LISTENING; + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext)); + + if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) { + clientState = CLIENT_WAITFORCONNECT; + } else { + clientState = CLIENT_SEND1; + } + + dispatcher(); + + subTest("Using pkix_pl_Socket_Create"); + + sepPtr = strchr(serverName, ':'); + /* First strip off the portnum, if present, from the end of the name */ + if (sepPtr) { + *sepPtr++ = '\0'; + portNum = (PRUint16)atoi(sepPtr); + } else { + portNum = (PRUint16)LDAP_PORT; + } + /* + * The hostname may be a fully-qualified name. Just + * use the leftmost component in our lookup. + */ + sepPtr = strchr(serverName, '.'); + if (sepPtr) { + *sepPtr++ = '\0'; + } + prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent); + + if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) { + printUsage(argv[0]); + pkixTestErrorMsg = + "PR_GetHostByName rejects command line argument."; + goto cleanup; + } + + serverNetAddr.inet.family = PR_AF_INET; + serverNetAddr.inet.port = PR_htons(portNum); + serverNetAddr.inet.ip = PR_INADDR_ANY; + + hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr); + if (hostenum == -1) { + pkixTestErrorMsg = + "PR_EnumerateHostEnt failed."; + goto cleanup; + } + + backlog = 5; + + /* timeout = PR_INTERVAL_NO_TIMEOUT; */ + /* timeout = 0; nonblocking */ + timeout = 0; + + bindError = pkix_pl_Socket_Create(PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext); + + /* If PR_Bind can't handle INADDR_ANY, try it with the real name */ + if (bindError) { + PKIX_TEST_DECREF_BC(bindError); + serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_TRUE, + timeout, + &serverNetAddr, + &cStat, + &sSock, + plContext)); + } + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext)); + + serverState = SERVER_LISTENING; + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext)); + + if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) { + clientState = CLIENT_WAITFORCONNECT; + } else { + clientState = CLIENT_SEND1; + } + + dispatcher(); + +cleanup: + + PKIX_TEST_DECREF_AC(sSock); + PKIX_TEST_DECREF_AC(cSock); + PKIX_TEST_DECREF_AC(rendezvousSock); + + PKIX_TEST_RETURN(); + + endTests("Socket"); + + return (0); +} |