1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* test_basicconstraintschecker.c
*
* Test Basic Constraints Checking
*
*/
#include "testutil.h"
#include "testutil_nss.h"
#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
static void
printUsage1(char *pName)
{
printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
printf("cert [certs].\n");
}
static void
printUsageMax(PKIX_UInt32 numCerts)
{
printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
numCerts, PKIX_TEST_MAX_CERTS);
}
int
test_basicconstraintschecker(int argc, char *argv[])
{
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_Boolean testValid = PKIX_FALSE;
char *dirName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 4) {
printUsage1(argv[0]);
return (0);
}
startTests("BasicConstraintsChecker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
dirName = argv[3 + j];
chainLength = (argc - j) - 4;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[(4 + j) + i];
certs[i] = NULL;
}
subTest(argv[1 + j]);
subTest("Basic-Constraints - Create Cert Chain");
chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
/*
* Error occurs when creating Cert, this is critical and test
* should not continue. Since we expect error, we assume this
* error is the one that is expected, so undo the error count.
*
* This work needs future enhancement. We will introduce another
* flag ESE, in addition to the existing EE(expect validation
* error) and ENE(expect no validation error). ESE stands for
* "expect setup error". When running with ESE, if any of the setup
* calls such creating Cert Chain fails, the test can end and
* considered to be successful.
*/
if (testValid == PKIX_FALSE && chain == NULL) {
testErrorUndo("Cert Error - Create failed");
goto cleanup;
}
subTest("Basic-Constraints - Create Params");
valParams = createValidateParams(dirName,
argv[4 +
j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("Basic-Constraints - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
}
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(chain);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("BasicConstraintsChecker");
return (0);
}
|
