Add new ocsp and httpcertstore tests to the scripts that compile

the tests.

6 files changed, 860 insertions, 0 deletions

diff --git a/security/nss/cmd/libpkix/pkix/top/ocspchecker/Makefile b/security/nss/cmd/libpkix/pkix/top/ocspchecker/Makefile
new file mode 100755
index 000000000..15a060b07
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix/top/ocspchecker/Makefile
@@ -0,0 +1,80 @@
+#! gmake
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(PKIX_DEPTH)/pkixrules.mk
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+include $(PKIX_DEPTH)/pkixlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/security/nss/cmd/libpkix/pkix/top/ocspchecker/manifest.mn b/security/nss/cmd/libpkix/pkix/top/ocspchecker/manifest.mn
new file mode 100755
index 000000000..c10a49ed3
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix/top/ocspchecker/manifest.mn
@@ -0,0 +1,50 @@
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# htt/www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+PKIX_DEPTH	= ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+DEFINES = -DNSPR20
+
+CSRCS = test_ocsp.c
+
+# this has to be different for NT and UNIX.
+PROGRAM	= test_ocsp
+
+
diff --git a/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c b/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c
new file mode 100644
index 000000000..fe3f59e74
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix/top/ocspchecker/test_ocsp.c
@@ -0,0 +1,270 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sun Microsystems
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/*
+ * test_ocspchecker.c
+ *
+ * Test OcspChecker function
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+void *plContext = NULL;
+
+void printUsage(void){
+        (void) printf("\nUSAGE:\nOcspChecker TestName [ENE|EE] "
+                    "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
+        (void) printf
+                ("Validates a chain of certificates between "
+                "<trustedCert> and <targetCert>\n"
+                "using the certs and CRLs in <certStoreDirectory>. "
+                "If ENE is specified,\n"
+                "then an Error is Not Expected. "
+                "If EE is specified, an Error is Expected.\n");
+}
+
+char *createFullPathName(
+        char *dirName,
+        char *certFile,
+        void *plContext)
+{
+        PKIX_UInt32 certFileLen;
+        PKIX_UInt32 dirNameLen;
+        char *certPathName = NULL;
+
+        PKIX_TEST_STD_VARS();
+
+        certFileLen = PL_strlen(certFile);
+        dirNameLen = PL_strlen(dirName);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
+                (dirNameLen + certFileLen + 2,
+                (void **)&certPathName,
+                plContext));
+
+        PL_strcpy(certPathName, dirName);
+        PL_strcat(certPathName, "/");
+        PL_strcat(certPathName, certFile);
+        printf("certPathName = %s\n", certPathName);
+
+cleanup:
+
+        PKIX_TEST_RETURN();
+
+        return (certPathName);
+}
+
+PKIX_Error *
+testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
+{
+        PKIX_PL_String *dirString = NULL;
+        PKIX_CertStore *certStore = NULL;
+        PKIX_ProcessingParams *procParams = NULL;
+        PKIX_PL_Date *validity = NULL; 
+        PKIX_List *revCheckers = NULL;
+        PKIX_OcspChecker *ocspChecker = NULL;
+
+        PKIX_TEST_STD_VARS();
+
+        subTest("PKIX_PL_CollectionCertStoreContext_Create");
+
+        /* Create CollectionCertStore */
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
+                (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
+                (dirString, &certStore, plContext));
+
+        /* Create CertStore */
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
+                (valParams, &procParams, plContext));
+
+        subTest("PKIX_ProcessingParams_AddCertStore");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
+                (procParams, certStore, plContext));
+
+        subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
+                (procParams, PKIX_FALSE, plContext));
+
+        /* create current Date */
+        PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
+                (PR_Now(), &validity, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+        /* create revChecker */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Create
+                (validity,
+                NULL,        /* pwArg */
+                NULL,        /* Use default responder */
+                &ocspChecker,
+                plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
+                (revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
+                (procParams, revCheckers, plContext));
+
+cleanup:
+
+        PKIX_TEST_DECREF_AC(dirString);
+        PKIX_TEST_DECREF_AC(procParams);
+        PKIX_TEST_DECREF_AC(certStore);
+        PKIX_TEST_DECREF_AC(revCheckers);
+        PKIX_TEST_DECREF_AC(ocspChecker);
+
+        PKIX_TEST_RETURN();
+
+        return (0);
+}
+
+int main(int argc, char *argv[]){
+
+        PKIX_ValidateParams *valParams = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_UInt32 actualMinorVersion;
+        PKIX_UInt32 j = 0;
+        PKIX_UInt32 k = 0;
+        PKIX_UInt32 chainLength = 0;
+        PKIX_Boolean testValid = PKIX_TRUE;
+        PKIX_Boolean useArenas = PKIX_FALSE;
+        PKIX_List *chainCerts = NULL;
+        PKIX_PL_Cert *dirCert = NULL;
+        char *dirCertName = NULL;
+        char *anchorCertName = NULL;
+        char *dirName = NULL;
+        char *databaseDir = NULL;
+
+        PKIX_TEST_STD_VARS();
+
+        if (argc < 5) {
+                printUsage();
+                return (0);
+        }
+
+        startTests("OcspChecker");
+
+        useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+
+        databaseDir = argv[3+j];
+
+        /* This must precede the call to PKIX_Initialize! */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize_SetConfigDir
+            (PKIX_STORE_TYPE_PK11, databaseDir, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
+                (PKIX_TRUE, /* nssInitNeeded */
+                useArenas,
+                PKIX_MAJOR_VERSION,
+                PKIX_MINOR_VERSION,
+                PKIX_MINOR_VERSION,
+                &actualMinorVersion,
+                &plContext));
+
+        /* ENE = expect no error; EE = expect error */
+        if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
+                testValid = PKIX_TRUE;
+        } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
+                testValid = PKIX_FALSE;
+        } else {
+                printUsage();
+                return (0);
+        }
+
+        subTest(argv[1+j]);
+
+        dirName = databaseDir;
+
+        chainLength = argc - j - 5;
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+
+        for (k = 0; k < chainLength; k++) {
+
+                dirCert = createCert(dirName, argv[5+k+j], plContext);
+
+                PKIX_TEST_EXPECT_NO_ERROR
+                        (PKIX_List_AppendItem
+                        (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+                PKIX_TEST_DECREF_BC(dirCert);
+        }
+
+        valParams = createValidateParams
+                (dirName,
+                argv[4+j],
+                NULL,
+                NULL,
+                NULL,
+                PKIX_FALSE,
+                PKIX_FALSE,
+                PKIX_FALSE,
+                PKIX_FALSE,
+                chainCerts,
+                plContext);
+
+        testDefaultCertStore(valParams, dirName);
+
+        if (testValid == PKIX_TRUE) {
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
+                        (valParams, &valResult, plContext));
+        } else {
+                PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
+                        (valParams, &valResult, plContext));
+        }
+
+
+cleanup:
+
+        PKIX_TEST_DECREF_AC(chainCerts);
+        PKIX_TEST_DECREF_AC(valParams);
+        PKIX_TEST_DECREF_AC(valResult);
+
+        PKIX_Shutdown(plContext);
+
+        PKIX_TEST_RETURN();
+
+        endTests("OcspChecker");
+
+        return (0);
+}
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/Makefile b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/Makefile
new file mode 100755
index 000000000..15a060b07
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/Makefile
@@ -0,0 +1,80 @@
+#! gmake
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(PKIX_DEPTH)/pkixrules.mk
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+include $(PKIX_DEPTH)/pkixlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/manifest.mn b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/manifest.mn
new file mode 100755
index 000000000..a0890213f
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/manifest.mn
@@ -0,0 +1,51 @@
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# htt/www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+PKIX_DEPTH	= ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+DEFINES = -DNSPR20
+
+CSRCS = test_httpcertstore.c
+
+# this has to be different for NT and UNIX.
+# PROGRAM	=$(OBJDIR)/test_httpcertstore
+PROGRAM	= test_httpcertstore
+
+
diff --git a/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/test_httpcertstore.c b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/test_httpcertstore.c
new file mode 100644
index 000000000..4d9948a8a
--- /dev/null
+++ b/security/nss/cmd/libpkix/pkix_pl/module/httpcertstore/test_httpcertstore.c
@@ -0,0 +1,329 @@
+/*
+ * test_httpcertstore.c
+ *
+ * Test Httpcertstore Type
+ *
+ * Copyright 2004-2005 Sun Microsystems, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistribution of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ *
+ *   2. Redistribution in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear facility.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+#include "pkix_pl_common.h"
+
+void *plContext = NULL;
+
+void printUsage(char *testname) {
+        char *fmt =
+		"USAGE: %s [-arenas] certDir certName\n";
+        printf(fmt, "test_httpcertstore");
+}
+
+/* Functional tests for Socket public functions */
+void do_other_work(void) { /* while waiting for nonblocking I/O to complete */
+        (void) PR_Sleep(2*60);
+}
+
+PKIX_Error *
+PKIX_PL_HttpCertStore_Create(
+        PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+        PKIX_PL_GeneralName *location,
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateWithAsciiName(
+        PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+        char *location,
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+
+PKIX_Error *
+getLocation(
+	PKIX_PL_Cert *certWithAia,
+	PKIX_PL_GeneralName **pLocation,
+	void *plContext)
+{
+	PKIX_List *aiaList = NULL;
+	PKIX_UInt32 size = 0;
+        PKIX_PL_InfoAccess *aia = NULL;
+        PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+	PKIX_PL_GeneralName *location = NULL;
+
+        PKIX_TEST_STD_VARS();
+
+        subTest("Getting Authority Info Access");
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess
+                (certWithAia, &aiaList, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
+                (aiaList, &size, plContext));
+
+        if (size != 1) {
+                pkixTestErrorMsg = "unexpected number of AIA";
+                goto cleanup;
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
+                (aiaList, 0, (PKIX_PL_Object **) &aia, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType
+                (aia, &iaType, plContext));
+
+        if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) {
+                pkixTestErrorMsg = "unexpected location type in AIA";
+                goto cleanup;
+
+	}
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation
+                (aia, &location, plContext));
+
+	*pLocation = location;
+
+cleanup:
+	PKIX_TEST_DECREF_AC(aiaList);
+	PKIX_TEST_DECREF_AC(aia);
+
+        PKIX_TEST_RETURN();
+
+        return (NULL);
+}
+
+int main(int argc, char *argv[]) {
+
+        PKIX_UInt32 i = 0;
+        PKIX_UInt32 numCerts = 0;
+        PKIX_UInt32 numCrls = 0;
+        int j = 0;
+        PKIX_Boolean useArenas = PKIX_FALSE;
+        PKIX_UInt32 actualMinorVersion;
+        PKIX_UInt32 length = 0;
+
+        char *certName = NULL;
+        char *certDir = NULL;
+	PKIX_PL_Cert *cmdLineCert = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        PKIX_CertSelector *certSelector = NULL;
+	PKIX_CertStore *certStore = NULL;
+	PKIX_CertStore *crlStore = NULL;
+	PKIX_PL_GeneralName *location = NULL;
+	PKIX_CertStore_CertCallback getCerts = NULL;
+	PKIX_List *certs = NULL;
+        char *asciiResult = NULL;
+	void *nbio = NULL;
+
+        PKIX_PL_CRL *crl = NULL;
+        PKIX_CRLSelector *crlSelector = NULL;
+	char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL"
+		"files/BasicHTTPURIPeer2CACRL.crl";
+	PKIX_CertStore_CRLCallback getCrls = NULL;
+	PKIX_List *crls = NULL;
+	PKIX_PL_String *crlString = NULL;
+
+        PKIX_TEST_STD_VARS();
+
+        startTests("HttpCertStore");
+
+        useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
+                (PKIX_TRUE, /* nssInitNeeded */
+                useArenas,
+                PKIX_MAJOR_VERSION,
+                PKIX_MINOR_VERSION,
+                PKIX_MINOR_VERSION,
+                &actualMinorVersion,
+                &plContext));
+
+        if (argc != (j + 3)) {
+                printUsage(argv[0]);
+                pkixTestErrorMsg = "Missing command line argument.";
+                goto cleanup;
+        }
+
+	certDir = argv[++j];
+	certName = argv[++j];
+
+	cmdLineCert = createCert(certDir, certName, plContext);
+	if (cmdLineCert == NULL) {
+                pkixTestErrorMsg = "Unable to create Cert";
+		goto cleanup;
+	}
+
+        /* muster arguments to create HttpCertStore */
+	PKIX_TEST_EXPECT_NO_ERROR(getLocation
+		(cmdLineCert, &location, plContext));
+
+	if (location == NULL) {
+                pkixTestErrorMsg = "Give me a cert with an HTTP URI!";
+                goto cleanup;
+	}
+
+        /* create HttpCertStore */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create
+                (NULL, location, &certStore, plContext));
+
+	/* get the GetCerts callback */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
+		(certStore, &getCerts, plContext));
+
+	/* create a CertSelector */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
+                (NULL, NULL, &certSelector, plContext));
+
+	/* Get the certs */
+	PKIX_TEST_EXPECT_NO_ERROR(getCerts
+		(certStore, certSelector, &nbio, &certs, plContext));
+
+	while (nbio != NULL) {
+		/* poll for a completion */
+
+		PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue
+			(certStore, certSelector, &nbio, &certs, plContext));
+	}
+
+        if (certs) {
+
+                PKIX_TEST_EXPECT_NO_ERROR
+                        (PKIX_List_GetLength(certs, &numCerts, plContext));
+
+		if (numCerts == 0) {
+			printf("HttpCertStore returned an empty Cert list\n");
+			goto cleanup;
+		}
+
+                for (i = 0; i < numCerts; i++) {
+                        PKIX_TEST_EXPECT_NO_ERROR
+                                (PKIX_List_GetItem
+                                (certs,
+                                i,
+                                (PKIX_PL_Object**)&cert,
+                                plContext));
+
+                        asciiResult = PKIX_Cert2ASCII(cert);
+
+                        printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+                        /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+                        PKIX_TEST_EXPECT_NO_ERROR
+                                (PKIX_PL_Free(asciiResult, NULL));
+                        asciiResult = NULL;
+
+                        PKIX_TEST_DECREF_BC(cert);
+                }
+	} else {
+		printf("HttpCertStore returned a NULL Cert list\n");
+	}
+
+        /* create HttpCertStore */
+        PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName
+                (NULL, crlLocation, &crlStore, plContext));
+
+	/* get the GetCrls callback */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
+		(crlStore, &getCrls, plContext));
+
+	/* create a CrlSelector */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
+                (NULL, NULL, &crlSelector, plContext));
+
+	/* Get the crls */
+	PKIX_TEST_EXPECT_NO_ERROR(getCrls
+		(crlStore, crlSelector, &nbio, &crls, plContext));
+
+	while (nbio != NULL) {
+		/* poll for a completion */
+
+		PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue
+			(crlStore, crlSelector, &nbio, &crls, plContext));
+	}
+
+        if (crls) {
+
+                PKIX_TEST_EXPECT_NO_ERROR
+                        (PKIX_List_GetLength(crls, &numCrls, plContext));
+
+		if (numCrls == 0) {
+			printf("HttpCertStore returned an empty CRL list\n");
+			goto cleanup;
+		}
+
+                for (i = 0; i < numCrls; i++) {
+                        PKIX_TEST_EXPECT_NO_ERROR
+                                (PKIX_List_GetItem
+                                (crls,
+                                i,
+                                (PKIX_PL_Object**)&crl,
+                                plContext));
+
+			PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+                                (PKIX_PL_Object *)crl,
+                                &crlString,
+                                plContext));
+
+	                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded
+                                (crlString,
+                                PKIX_ESCASCII,
+                                (void **)&asciiResult,
+                                &length,
+                                plContext));
+
+                        printf("CRL[%d]:\n%s\n", i, asciiResult);
+
+                        PKIX_TEST_EXPECT_NO_ERROR
+                                (PKIX_PL_Free(asciiResult, plContext));
+        		PKIX_TEST_DECREF_BC(crlString);
+                        PKIX_TEST_DECREF_BC(crl);
+                }
+	} else {
+		printf("HttpCertStore returned a NULL CRL list\n");
+	}
+
+cleanup:
+
+        PKIX_TEST_DECREF_AC(cert);
+	PKIX_TEST_DECREF_AC(cmdLineCert);
+	PKIX_TEST_DECREF_AC(certStore);
+	PKIX_TEST_DECREF_AC(crlStore);
+	PKIX_TEST_DECREF_AC(location);
+	PKIX_TEST_DECREF_AC(certs);
+        PKIX_TEST_DECREF_AC(crl);
+        PKIX_TEST_DECREF_AC(crlString);
+	PKIX_TEST_DECREF_AC(crls);
+
+        PKIX_TEST_RETURN();
+
+        endTests("HttpDefaultClient");
+
+        return (0);
+}