diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c')
-rw-r--r-- | security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c | 497 |
1 files changed, 0 insertions, 497 deletions
diff --git a/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c b/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c deleted file mode 100644 index fed86f278..000000000 --- a/security/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c +++ /dev/null @@ -1,497 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * test_customcrlchecker.c - * - * Test Custom CRL Checking - * - */ - -#include "testutil.h" -#include "testutil_nss.h" - -#define PKIX_TEST_MAX_CERTS 10 -#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5 - -static void *plContext = NULL; -char *dirName = NULL; /* also used in callback */ - -static -void printUsage1(char *pName){ - printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName); - printf("cert [certs].\n"); -} - -static -void printUsageMax(PKIX_UInt32 numCerts){ - printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", - numCerts, PKIX_TEST_MAX_CERTS); -} - -static PKIX_Error * -getCRLCallback( - PKIX_CertStore *store, - PKIX_CRLSelector *crlSelector, - void **pNBIOContext, - PKIX_List **pCrlList, - void *plContext) -{ - char *crlFileNames[] = {"chem.crl", - "phys.crl", - "prof.crl", - "sci.crl", - "test.crl", - 0 }; - PKIX_PL_CRL *crl = NULL; - PKIX_List *crlList = NULL; - PKIX_UInt32 i = 0; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext)); - - while (crlFileNames[i]) { - - crl = createCRL(dirName, crlFileNames[i++], plContext); - - if (crl != NULL) { - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (crlList, (PKIX_PL_Object *)crl, plContext)); - - PKIX_TEST_DECREF_BC(crl); - } - } - - *pCrlList = crlList; - -cleanup: - - PKIX_TEST_RETURN(); - - return (0); /* this function is called by libpkix */ - -} - -static PKIX_Error * -getCRLContinue( - PKIX_CertStore *store, - PKIX_CRLSelector *crlSelector, - void **pNBIOContext, - PKIX_List **pCrlList, - void *plContext) -{ - return (NULL); -} - -static PKIX_Error * -getCertCallback( - PKIX_CertStore *store, - PKIX_CertSelector *certSelector, - void **pNBIOContext, - PKIX_List **pCerts, - void *plContext) -{ - return (NULL); -} - -static PKIX_Error * -getCertContinue( - PKIX_CertStore *store, - PKIX_CertSelector *certSelector, - void **pNBIOContext, - PKIX_List **pCerts, - void *plContext) -{ - return (NULL); -} - -static PKIX_Error * -testCRLSelectorMatchCallback( - PKIX_CRLSelector *selector, - PKIX_PL_CRL *crl, - void *plContext) -{ - PKIX_ComCRLSelParams *comCrlSelParams = NULL; - PKIX_List *issuerList = NULL; - PKIX_PL_X500Name *issuer = NULL; - PKIX_PL_X500Name *crlIssuer = NULL; - PKIX_UInt32 numIssuers = 0; - PKIX_UInt32 i = 0; - PKIX_Boolean result = PKIX_FALSE; - PKIX_Error *error = NULL; - char *errorText = "Not an error, CRL Select mismatch"; - - PKIX_TEST_STD_VARS(); - - subTest("Custom_Selector_MatchCallback"); - - if (selector != NULL) { - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CRLSelector_GetCommonCRLSelectorParams - (selector, &comCrlSelParams, plContext)); - } - - if (crl != NULL) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer - (crl, &crlIssuer, plContext)); - } - - if (comCrlSelParams != NULL) { - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCRLSelParams_GetIssuerNames - (comCrlSelParams, &issuerList, plContext)); - } - - if (issuerList != NULL) { - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (issuerList, &numIssuers, plContext)); - - for (i = 0; i < numIssuers; i++){ - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (issuerList, - i, (PKIX_PL_Object **)&issuer, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)crlIssuer, - (PKIX_PL_Object *)issuer, - &result, - plContext)); - - if (result != PKIX_TRUE) { - break; - } - - if (i == numIssuers-1) { - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_Error_Create - (0, - NULL, - NULL, - PKIX_TESTNOTANERRORCRLSELECTMISMATCH, - &error, - plContext)); - - PKIX_TEST_DECREF_AC(issuer); - issuer = NULL; - break; - } - - PKIX_TEST_DECREF_AC(issuer); - - } - } - -cleanup: - - PKIX_TEST_DECREF_AC(comCrlSelParams); - PKIX_TEST_DECREF_AC(crlIssuer); - PKIX_TEST_DECREF_AC(issuer); - PKIX_TEST_DECREF_AC(issuerList); - - PKIX_TEST_RETURN(); - - return (error); - -} - -static PKIX_Error * -testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName) -{ - PKIX_PL_String *issuerString = NULL; - PKIX_PL_X500Name *issuer = NULL; - PKIX_UInt32 length = 0; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_ComCRLSelParams_AddIssuerName"); - - length = PL_strlen(issuerName); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_UTF8, - issuerName, - length, - &issuerString, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString, - &issuer, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName - (comCrlSelParams, issuer, plContext)); - -cleanup: - - PKIX_TEST_DECREF_AC(issuerString); - PKIX_TEST_DECREF_AC(issuer); - - PKIX_TEST_RETURN(); - - return (0); -} - -static PKIX_Error * -testCustomCertStore(PKIX_ValidateParams *valParams) -{ - PKIX_CertStore_CRLCallback crlCallback; - PKIX_CertStore *certStore = NULL; - PKIX_ProcessingParams *procParams = NULL; - char *issuerName1 = "cn=science,o=mit,c=us"; - char *issuerName2 = "cn=physics,o=mit,c=us"; - char *issuerName3 = "cn=prof noall,o=mit,c=us"; - char *issuerName4 = "cn=testing CRL,o=test,c=us"; - PKIX_ComCRLSelParams *comCrlSelParams = NULL; - PKIX_CRLSelector *crlSelector = NULL; - PKIX_List *crlList = NULL; - PKIX_UInt32 numCrl = 0; - void *nbioContext = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_CollectionCertStore_Create"); - - /* Create CRLSelector, link in CollectionCertStore */ - - subTest("PKIX_ComCRLSelParams_AddIssuerNames"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create - (&comCrlSelParams, plContext)); - - - testAddIssuerName(comCrlSelParams, issuerName1); - testAddIssuerName(comCrlSelParams, issuerName2); - testAddIssuerName(comCrlSelParams, issuerName3); - testAddIssuerName(comCrlSelParams, issuerName4); - - - subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create - (testCRLSelectorMatchCallback, - NULL, - &crlSelector, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams - (crlSelector, comCrlSelParams, plContext)); - - /* Create CertStore, link in CRLSelector */ - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams - (valParams, &procParams, plContext)); - - subTest("PKIX_CertStore_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create - (getCertCallback, - getCRLCallback, - getCertContinue, - getCRLContinue, - NULL, /* trustCallback */ - (PKIX_PL_Object *)crlSelector, /* fake */ - PKIX_FALSE, /* cacheFlag */ - PKIX_TRUE, /* localFlag */ - &certStore, - plContext)); - - - subTest("PKIX_ProcessingParams_AddCertStore"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore - (procParams, certStore, plContext)); - - subTest("PKIX_ProcessingParams_SetRevocationEnabled"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled - (procParams, PKIX_TRUE, plContext)); - - subTest("PKIX_CertStore_GetCRLCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback - (certStore, - &crlCallback, - NULL)); - - subTest("Getting CRL by CRL Callback"); - PKIX_TEST_EXPECT_NO_ERROR(crlCallback - (certStore, - crlSelector, - &nbioContext, - &crlList, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (crlList, - &numCrl, - plContext)); - - if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) { - pkixTestErrorMsg = "unexpected CRL number mismatch"; - } - -cleanup: - - PKIX_TEST_DECREF_AC(crlList); - PKIX_TEST_DECREF_AC(comCrlSelParams); - PKIX_TEST_DECREF_AC(crlSelector); - PKIX_TEST_DECREF_AC(procParams); - PKIX_TEST_DECREF_AC(certStore); - - PKIX_TEST_RETURN(); - - return (0); -} - -/* - * Validate Certificate Chain with Certificate Revocation List - * Certificate Chain is built based on input certs' sequence. - * CRL is fetched from the directory specified in CollectionCertStore. - * while CollectionCertStore is linked in CertStore Object which then - * linked in ProcessParam. During validation, CRLChecker will invoke - * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL) - * to get CRL data for revocation check. - * This test set criteria in CRLSelector which is linked in - * CommonCRLSelectorParam. When CRL data is fetched into cache for - * revocation check, CRL's are filtered based on the criteria set. - */ - -int test_customcrlchecker(int argc, char *argv[]){ - - PKIX_List *chain = NULL; - PKIX_ValidateParams *valParams = NULL; - PKIX_ValidateResult *valResult = NULL; - PKIX_UInt32 actualMinorVersion; - char *certNames[PKIX_TEST_MAX_CERTS]; - PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; - PKIX_VerifyNode *verifyTree = NULL; - PKIX_PL_String *verifyString = NULL; - PKIX_UInt32 chainLength = 0; - PKIX_UInt32 i = 0; - PKIX_UInt32 j = 0; - PKIX_Boolean testValid = PKIX_TRUE; - char *anchorName = NULL; - - PKIX_TEST_STD_VARS(); - - if (argc < 5) { - printUsage1(argv[0]); - return (0); - } - - startTests("CRL Checker"); - - PKIX_TEST_EXPECT_NO_ERROR( - PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); - - /* ENE = expect no error; EE = expect error */ - if (PORT_Strcmp(argv[2+j], "ENE") == 0) { - testValid = PKIX_TRUE; - } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { - testValid = PKIX_FALSE; - } else { - printUsage1(argv[0]); - return (0); - } - - chainLength = (argc - j) - 5; - if (chainLength > PKIX_TEST_MAX_CERTS) { - printUsageMax(chainLength); - } - - for (i = 0; i < chainLength; i++) { - - certNames[i] = argv[(5 + j) +i]; - certs[i] = NULL; - } - - dirName = argv[3+j]; - - subTest(argv[1+j]); - - subTest("Custom-CRL-Checker - Create Cert Chain"); - - chain = createCertChainPlus - (dirName, certNames, certs, chainLength, plContext); - - subTest("Custom-CRL-Checker - Create Params"); - - anchorName = argv[4+j]; - - valParams = createValidateParams - (dirName, - anchorName, - NULL, - NULL, - NULL, - PKIX_FALSE, - PKIX_FALSE, - PKIX_FALSE, - PKIX_FALSE, - chain, - plContext); - - subTest("Custom-CRL-Checker - Set Processing Params for CertStore"); - - testCustomCertStore(valParams); - - subTest("Custom-CRL-Checker - Validate Chain"); - - if (testValid == PKIX_TRUE) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain - (valParams, &valResult, &verifyTree, plContext)); - } else { - PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain - (valParams, &valResult, &verifyTree, plContext)); - } - -cleanup: - - PKIX_TEST_DECREF_AC(verifyString); - PKIX_TEST_DECREF_AC(verifyTree); - PKIX_TEST_DECREF_AC(chain); - PKIX_TEST_DECREF_AC(valParams); - PKIX_TEST_DECREF_AC(valResult); - - PKIX_Shutdown(plContext); - - PKIX_TEST_RETURN(); - - endTests("CRL Checker"); - - return (0); -} |