diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c')
-rw-r--r-- | security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c | 2360 |
1 files changed, 0 insertions, 2360 deletions
diff --git a/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c b/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c deleted file mode 100644 index 5d036658d..000000000 --- a/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c +++ /dev/null @@ -1,2360 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * test_cert.c - * - * Test Cert Type - * - */ - -#include "testutil.h" -#include "testutil_nss.h" - -static PKIX_PL_Cert *altNameNoneCert = NULL; -static PKIX_PL_Cert *altNameOtherCert = NULL; -static PKIX_PL_Cert *altNameOtherCert_diff = NULL; -static PKIX_PL_Cert *altNameRfc822Cert = NULL; -static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL; -static PKIX_PL_Cert *altNameDnsCert = NULL; -static PKIX_PL_Cert *altNameDnsCert_diff = NULL; -static PKIX_PL_Cert *altNameX400Cert = NULL; -static PKIX_PL_Cert *altNameX400Cert_diff = NULL; -static PKIX_PL_Cert *altNameDnCert = NULL; -static PKIX_PL_Cert *altNameDnCert_diff = NULL; -static PKIX_PL_Cert *altNameEdiCert = NULL; -static PKIX_PL_Cert *altNameEdiCert_diff = NULL; -static PKIX_PL_Cert *altNameUriCert = NULL; -static PKIX_PL_Cert *altNameUriCert_diff = NULL; -static PKIX_PL_Cert *altNameIpCert = NULL; -static PKIX_PL_Cert *altNameIpCert_diff = NULL; -static PKIX_PL_Cert *altNameOidCert = NULL; -static PKIX_PL_Cert *altNameOidCert_diff = NULL; -static PKIX_PL_Cert *altNameMultipleCert = NULL; - -static void *plContext = NULL; - -static void createCerts( - char *dataCentralDir, - char *goodInput, - char *diffInput, - PKIX_PL_Cert **goodObject, - PKIX_PL_Cert **equalObject, - PKIX_PL_Cert **diffObject) -{ - subTest("PKIX_PL_Cert_Create <goodObject>"); - *goodObject = createCert(dataCentralDir, goodInput, plContext); - - subTest("PKIX_PL_Cert_Create <equalObject>"); - *equalObject = createCert(dataCentralDir, goodInput, plContext); - - subTest("PKIX_PL_Cert_Create <diffObject>"); - *diffObject = createCert(dataCentralDir, diffInput, plContext); -} - - -static void -createCertsWithSubjectAltNames(char *dataCentralDir) -{ - subTest("PKIX_PL_Cert_Create <altNameDNS>"); - altNameDnsCert = createCert - (dataCentralDir, "generalName/altNameDnsCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameDNS_diff>"); - altNameDnsCert_diff = createCert - (dataCentralDir, "generalName/altNameDnsCert_diff", plContext); - - - subTest("PKIX_PL_Cert_Create <altNameRFC822>"); - altNameRfc822Cert = createCert - (dataCentralDir, "generalName/altNameRfc822Cert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>"); - altNameRfc822Cert_diff = createCert - (dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameX400Cert>"); - altNameX400Cert = createCert - (dataCentralDir, "generalName/altNameX400Cert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameX400_diff>"); - altNameX400Cert_diff = createCert - (dataCentralDir, "generalName/altNameX400Cert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameDN>"); - altNameDnCert = createCert - (dataCentralDir, "generalName/altNameDnCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameDN_diff>"); - altNameDnCert_diff = createCert - (dataCentralDir, "generalName/altNameDnCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameEdiCert>"); - altNameEdiCert = createCert - (dataCentralDir, "generalName/altNameEdiCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameEdi_diff>"); - altNameEdiCert_diff = createCert - (dataCentralDir, "generalName/altNameEdiCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameURI>"); - altNameUriCert = createCert - (dataCentralDir, "generalName/altNameUriCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameURI_diff>"); - altNameUriCert_diff = createCert - (dataCentralDir, "generalName/altNameUriCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameIP>"); - altNameIpCert = createCert - (dataCentralDir, "generalName/altNameIpCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameIP_diff>"); - altNameIpCert_diff = createCert - (dataCentralDir, "generalName/altNameIpCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameOID>"); - altNameOidCert = createCert - (dataCentralDir, "generalName/altNameOidCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameOID_diff>"); - altNameOidCert_diff = createCert - (dataCentralDir, "generalName/altNameOidCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameOther>"); - altNameOtherCert = createCert - (dataCentralDir, "generalName/altNameOtherCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameOther_diff>"); - altNameOtherCert_diff = createCert - (dataCentralDir, "generalName/altNameOtherCert_diff", plContext); - - subTest("PKIX_PL_Cert_Create <altNameNone>"); - altNameNoneCert = createCert - (dataCentralDir, "generalName/altNameNoneCert", plContext); - - subTest("PKIX_PL_Cert_Create <altNameMultiple>"); - altNameMultipleCert = createCert - (dataCentralDir, "generalName/altNameRfc822DnsCert", plContext); -} - -static void testGetVersion( - PKIX_PL_Cert *goodObject) -{ - PKIX_UInt32 goodVersion; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetVersion"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion - (goodObject, &goodVersion, plContext)); - - if (goodVersion != 2){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", goodVersion); - (void) printf("Expected value:\t2\n"); - goto cleanup; - } - -cleanup: - - PKIX_TEST_RETURN(); -} - -static void testGetSerialNumber( - PKIX_PL_Cert *goodObject, - PKIX_PL_Cert *equalObject, - PKIX_PL_Cert *diffObject) -{ - PKIX_PL_BigInt *goodSN = NULL; - PKIX_PL_BigInt *equalSN = NULL; - PKIX_PL_BigInt *diffSN = NULL; - char *expectedAscii = "37bc66ec"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetSerialNumber"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber - (goodObject, &goodSN, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber - (equalObject, &equalSN, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber - (diffObject, &diffSN, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodSN); - PKIX_TEST_DECREF_AC(equalSN); - PKIX_TEST_DECREF_AC(diffSN); - - PKIX_TEST_RETURN(); -} - - -static void testGetSubject( - PKIX_PL_Cert *goodObject, - PKIX_PL_Cert *equalObject, - PKIX_PL_Cert *diffObject) -{ - PKIX_PL_X500Name *goodSubject = NULL; - PKIX_PL_X500Name *equalSubject = NULL; - PKIX_PL_X500Name *diffSubject = NULL; - char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetSubject"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject - (goodObject, &goodSubject, plContext)); - - if (!goodSubject){ - testError("Certificate Subject should not be NULL"); - goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject - (equalObject, &equalSubject, plContext)); - - if (!equalSubject){ - testError("Certificate Subject should not be NULL"); - goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject - (diffObject, &diffSubject, plContext)); - - if (!diffSubject){ - testError("Certificate Subject should not be NULL"); - goto cleanup; - } - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodSubject, - equalSubject, - diffSubject, - expectedAscii, - X500Name, - PKIX_TRUE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodSubject); - PKIX_TEST_DECREF_AC(equalSubject); - PKIX_TEST_DECREF_AC(diffSubject); - - PKIX_TEST_RETURN(); -} - -static void testGetIssuer( - PKIX_PL_Cert *goodObject, - PKIX_PL_Cert *equalObject, - PKIX_PL_Cert *diffObject) -{ - PKIX_PL_X500Name *goodIssuer = NULL; - PKIX_PL_X500Name *equalIssuer = NULL; - PKIX_PL_X500Name *diffIssuer = NULL; - char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetIssuer"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer - (goodObject, &goodIssuer, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer - (equalObject, &equalIssuer, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer - (diffObject, &diffIssuer, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodIssuer, - equalIssuer, - diffIssuer, - expectedAscii, - X500Name, - PKIX_TRUE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodIssuer); - PKIX_TEST_DECREF_AC(equalIssuer); - PKIX_TEST_DECREF_AC(diffIssuer); - - PKIX_TEST_RETURN(); -} - -static void testAltNames( - PKIX_PL_Cert *goodCert, - PKIX_PL_Cert *diffCert, - char *expectedAscii) -{ - PKIX_List *goodAltNames = NULL; - PKIX_List *diffAltNames = NULL; - PKIX_PL_GeneralName *goodAltName = NULL; - PKIX_PL_GeneralName *diffAltName = NULL; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames - (goodCert, &goodAltNames, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodAltNames, - 0, - (PKIX_PL_Object **)&goodAltName, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames - (diffCert, &diffAltNames, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffAltNames, - 0, - (PKIX_PL_Object **)&diffAltName, - plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodAltName, goodAltName, diffAltName, - expectedAscii, GeneralName, PKIX_TRUE); - -cleanup: - PKIX_TEST_DECREF_AC(goodAltNames); - PKIX_TEST_DECREF_AC(goodAltName); - PKIX_TEST_DECREF_AC(diffAltNames); - PKIX_TEST_DECREF_AC(diffAltName); - PKIX_TEST_RETURN(); -} - -static void testAltNamesNone(PKIX_PL_Cert *cert){ - - PKIX_List *altNames = NULL; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames - (cert, &altNames, plContext)); - - if (altNames != NULL){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%p\n", (void *)altNames); - (void) printf("Expected value:\tNULL\n"); - goto cleanup; - } - -cleanup: - - PKIX_TEST_DECREF_AC(altNames); - PKIX_TEST_RETURN(); - -} -static void testAltNamesMultiple(){ - PKIX_List *altNames = NULL; - PKIX_PL_GeneralName *firstAltName = NULL; - PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME; - PKIX_PL_GeneralName *secondAltName = NULL; - PKIX_Int32 secondExpectedType = PKIX_DNS_NAME; - - - char *expectedAscii = - "[\n" - "\tVersion: v3\n" - "\tSerialNumber: 2d\n" - "\tIssuer: OU=labs,O=sun,C=us\n" - "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n" - "\tValidity: [From: Mon Feb 09, 2004\n" - /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */ - "\t To: Mon Feb 09, 2004]\n" - /* "\t To: Mon Feb 09 14:43:52 2004]\n" */ - "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n" - "\tAuthorityKeyId: (null)\n" - "\tSubjectKeyId: (null)\n" - "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" - "\tCritExtOIDs: (EMPTY)\n" - "\tExtKeyUsages: (null)\n" - "\tBasicConstraint: (null)\n" - "\tCertPolicyInfo: (null)\n" - "\tPolicyMappings: (null)\n" - "\tExplicitPolicy: -1\n" - "\tInhibitMapping: -1\n" - "\tInhibitAnyPolicy:-1\n" - "\tNameConstraints: (null)\n" - "\tAuthorityInfoAccess: (null)\n" - "\tSubjectInfoAccess: (null)\n" - "\tCacheFlag: 0\n" - "]\n"; - - PKIX_TEST_STD_VARS(); - - testToStringHelper - ((PKIX_PL_Object *)altNameMultipleCert, - expectedAscii, - plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames - (altNameMultipleCert, &altNames, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext)); - - if (firstAltName->type != firstExpectedType){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", firstAltName->type); - (void) printf("Expected value:\t%d\n", firstExpectedType); - goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext)); - - if (secondAltName->type != secondExpectedType){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", secondAltName->type); - (void) printf("Expected value:\t%d\n", secondExpectedType); - goto cleanup; - } - -cleanup: - PKIX_TEST_DECREF_AC(altNames); - PKIX_TEST_DECREF_AC(firstAltName); - PKIX_TEST_DECREF_AC(secondAltName); - PKIX_TEST_RETURN(); -} - -static void testGetSubjectAltNames(char *dataCentralDir){ - - char *expectedAscii = NULL; - - createCertsWithSubjectAltNames(dataCentralDir); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>"); - expectedAscii = "east.sun.com"; - testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>"); - expectedAscii = "alice.barnes@bcn.east.sun.com"; - testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii); - - /* - *this should work once bugzilla bug #233586 is fixed. - *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>"); - *expectedAscii = "X400Address: <DER-encoded value>"; - *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii); - */ - - subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>"); - expectedAscii = "CN=elley,OU=labs,O=sun,C=us"; - testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii); - - /* - * this should work once bugzilla bug #233586 is fixed. - * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>"); - * expectedAscii = "EDIPartyName: <DER-encoded value>"; - * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii); - */ - - subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>"); - expectedAscii = "http://www.sun.com"; - testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>"); - expectedAscii = "1.2.3.4"; - testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>"); - expectedAscii = "1.2.39"; - testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>"); - expectedAscii = "1.7.26.97"; - testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <none>"); - testAltNamesNone(altNameNoneCert); - - subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>"); - testAltNamesMultiple(); -} - -static void testGetSubjectPublicKey( - PKIX_PL_Cert *goodObject, - PKIX_PL_Cert *equalObject, - PKIX_PL_Cert *diffObject) -{ - PKIX_PL_PublicKey *goodPubKey = NULL; - PKIX_PL_PublicKey *equalPubKey = NULL; - PKIX_PL_PublicKey *diffPubKey = NULL; - char *expectedAscii = "ANSI X9.57 DSA Signature"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetSubjectPublicKey"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey - (goodObject, &goodPubKey, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey - (equalObject, &equalPubKey, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey - (diffObject, &diffPubKey, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodPubKey, equalPubKey, diffPubKey, - expectedAscii, PublicKey, PKIX_TRUE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodPubKey); - PKIX_TEST_DECREF_AC(equalPubKey); - PKIX_TEST_DECREF_AC(diffPubKey); - - PKIX_TEST_RETURN(); -} - -static void testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject){ - PKIX_PL_OID *pkixPubKeyOID = NULL; - char *expectedAscii = "1.2.840.10040.4.1"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_GetSubjectPublicKeyAlgId - (goodObject, &pkixPubKeyOID, plContext)); - - testToStringHelper - ((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext); - -cleanup: - - PKIX_TEST_DECREF_AC(pkixPubKeyOID); - PKIX_TEST_RETURN(); -} - -static void -testCritExtensionsPresent(PKIX_PL_Cert *cert) -{ - PKIX_List *critOIDList = NULL; - char *firstOIDAscii = "2.5.29.15"; - PKIX_PL_OID *firstOID = NULL; - char *secondOIDAscii = "2.5.29.19"; - PKIX_PL_OID *secondOID = NULL; - - PKIX_TEST_STD_VARS(); - - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs - (cert, &critOIDList, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext)); - testToStringHelper - ((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext)); - - testToStringHelper - ((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext); - -cleanup: - - PKIX_TEST_DECREF_AC(critOIDList); - PKIX_TEST_DECREF_AC(firstOID); - PKIX_TEST_DECREF_AC(secondOID); - - PKIX_TEST_RETURN(); -} - -static void -testCritExtensionsAbsent(PKIX_PL_Cert *cert) -{ - PKIX_List *oidList = NULL; - PKIX_Boolean empty; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs - (cert, &oidList, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_IsEmpty(oidList, &empty, plContext)); - - if (!empty){ - pkixTestErrorMsg = "unexpected mismatch"; - } - -cleanup: - - PKIX_TEST_DECREF_AC(oidList); - PKIX_TEST_RETURN(); -} - - -static void -testAllExtensionsAbsent(char *dataCentralDir) -{ - PKIX_List *oidList = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_Boolean empty; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <noExtensionsCert>"); - cert = createCert(dataCentralDir, "noExtensionsCert", plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs - (cert, &oidList, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_IsEmpty(oidList, &empty, plContext)); - - if (!empty){ - pkixTestErrorMsg = "unexpected mismatch"; - } - -cleanup: - PKIX_TEST_DECREF_AC(oidList); - PKIX_TEST_DECREF_AC(cert); - - PKIX_TEST_RETURN(); -} - -static void -testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject) -{ - subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " - "<CritExtensionsPresent>"); - testCritExtensionsPresent(goodObject); - - - subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " - "<CritExtensionsAbsent>"); - testCritExtensionsAbsent(altNameOidCert); - - - subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " - "<AllExtensionsAbsent>"); - testAllExtensionsAbsent(dataCentralDir); -} - -static void -testKeyIdentifiersMatching(char *dataCentralDir) -{ - PKIX_PL_Cert *subjKeyIDCert = NULL; - PKIX_PL_Cert *authKeyIDCert = NULL; - PKIX_PL_ByteArray *subjKeyID = NULL; - PKIX_PL_ByteArray *authKeyID = NULL; - PKIX_PL_ByteArray *subjKeyID_diff = NULL; - - char *expectedAscii = - "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225," - " 139, 009, 126, 127, 234, 025, 072, 078, 097]"; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <subjKeyIDCert>"); - subjKeyIDCert = createCert - (dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext); - - subTest("PKIX_PL_Cert_Create <authKeyIDCert>"); - authKeyIDCert = createCert - (dataCentralDir, "keyIdentifier/authKeyIDCert", plContext); - - subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier - (subjKeyIDCert, &subjKeyID, plContext)); - - subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier - (authKeyIDCert, &authKeyID, plContext)); - - subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_GetSubjectKeyIdentifier - (authKeyIDCert, &subjKeyID_diff, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (subjKeyID, - authKeyID, - subjKeyID_diff, - expectedAscii, - ByteArray, - PKIX_TRUE); - -cleanup: - - PKIX_TEST_DECREF_AC(subjKeyIDCert); - PKIX_TEST_DECREF_AC(authKeyIDCert); - PKIX_TEST_DECREF_AC(subjKeyID); - PKIX_TEST_DECREF_AC(authKeyID); - PKIX_TEST_DECREF_AC(subjKeyID_diff); - - PKIX_TEST_RETURN(); -} - -static void -testKeyIdentifierAbsent(PKIX_PL_Cert *cert) -{ - PKIX_PL_ByteArray *subjKeyID = NULL; - PKIX_PL_ByteArray *authKeyID = NULL; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier - (cert, &subjKeyID, plContext)); - - if (subjKeyID != NULL){ - pkixTestErrorMsg = "unexpected mismatch"; - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier - (cert, &authKeyID, plContext)); - - if (authKeyID != NULL){ - pkixTestErrorMsg = "unexpected mismatch"; - } - - -cleanup: - - PKIX_TEST_DECREF_AC(subjKeyID); - PKIX_TEST_DECREF_AC(authKeyID); - - PKIX_TEST_RETURN(); -} - -static void -testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject) -{ - testKeyIdentifiersMatching(dataCentralDir); - testKeyIdentifierAbsent(goodObject); -} - -static void -testVerifyKeyUsage( - char *dataCentralDir, - char *dataDir, - PKIX_PL_Cert *multiKeyUsagesCert) -{ - PKIX_PL_Cert *encipherOnlyCert = NULL; - PKIX_PL_Cert *decipherOnlyCert = NULL; - PKIX_PL_Cert *noKeyUsagesCert = NULL; - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <encipherOnlyCert>"); - encipherOnlyCert = createCert - (dataCentralDir, "keyUsage/encipherOnlyCert", plContext); - - subTest("PKIX_PL_Cert_Create <decipherOnlyCert>"); - decipherOnlyCert = createCert - (dataCentralDir, "keyUsage/decipherOnlyCert", plContext); - - subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>"); - noKeyUsagesCert = createCert - (dataCentralDir, "keyUsage/noKeyUsagesCert", plContext); - - subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_VerifyKeyUsage - (multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext)); - - subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage - (multiKeyUsagesCert, - PKIX_KEY_CERT_SIGN | PKIX_DIGITAL_SIGNATURE, - plContext)); - - subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_VerifyKeyUsage - (encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext)); - - subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_VerifyKeyUsage - (noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext)); - - subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>"); - PKIX_TEST_EXPECT_ERROR - (PKIX_PL_Cert_VerifyKeyUsage - (decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext)); - -cleanup: - PKIX_TEST_DECREF_AC(encipherOnlyCert); - PKIX_TEST_DECREF_AC(decipherOnlyCert); - PKIX_TEST_DECREF_AC(noKeyUsagesCert); - - PKIX_TEST_RETURN(); -} - -static void -testGetExtendedKeyUsage(char *dataCentralDir) -{ - - PKIX_PL_Cert *codeSigningEKUCert = NULL; - PKIX_PL_Cert *multiEKUCert = NULL; - PKIX_PL_Cert *noEKUCert = NULL; - PKIX_List *firstExtKeyUsage = NULL; - PKIX_List *secondExtKeyUsage = NULL; - PKIX_List *thirdExtKeyUsage = NULL; - PKIX_PL_OID *firstOID = NULL; - char *oidAscii = "1.3.6.1.5.5.7.3.3"; - PKIX_PL_OID *secondOID = NULL; - char *secondOIDAscii = "1.3.6.1.5.5.7.3.1"; - PKIX_PL_OID *thirdOID = NULL; - char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2"; - PKIX_PL_OID *fourthOID = NULL; - PKIX_UInt32 length = 0; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>"); - codeSigningEKUCert = createCert - (dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext); - - subTest("PKIX_PL_Cert_Create <multiEKUCert>"); - multiEKUCert = createCert - (dataCentralDir, "extKeyUsage/multiEKUCert", plContext); - - subTest("PKIX_PL_Cert_Create <noEKUCert>"); - noEKUCert = createCert - (dataCentralDir, "extKeyUsage/noEKUCert", plContext); - - subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage - (codeSigningEKUCert, &firstExtKeyUsage, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext)); - testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext); - - subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage - (multiEKUCert, &secondExtKeyUsage, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (secondExtKeyUsage, &length, plContext)); - - if (length != 3){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", length); - (void) printf("Expected value:\t3\n"); - goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (secondExtKeyUsage, - 0, - (PKIX_PL_Object **)&secondOID, - plContext)); - - testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (secondExtKeyUsage, - 1, - (PKIX_PL_Object **)&thirdOID, - plContext)); - - testToStringHelper - ((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (secondExtKeyUsage, - 2, - (PKIX_PL_Object **)&fourthOID, - plContext)); - - testToStringHelper - ((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext); - - subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage - (noEKUCert, &thirdExtKeyUsage, plContext)); - - if (thirdExtKeyUsage != NULL){ - testError("unexpected mismatch"); - (void) printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage); - (void) printf("Expected value:\tNULL\n"); - goto cleanup; - } - -cleanup: - - PKIX_TEST_DECREF_AC(firstOID); - PKIX_TEST_DECREF_AC(secondOID); - PKIX_TEST_DECREF_AC(thirdOID); - PKIX_TEST_DECREF_AC(fourthOID); - - PKIX_TEST_DECREF_AC(firstExtKeyUsage); - PKIX_TEST_DECREF_AC(secondExtKeyUsage); - PKIX_TEST_DECREF_AC(thirdExtKeyUsage); - - PKIX_TEST_DECREF_AC(codeSigningEKUCert); - PKIX_TEST_DECREF_AC(multiEKUCert); - PKIX_TEST_DECREF_AC(noEKUCert); - - PKIX_TEST_RETURN(); -} - -static void testMakeInheritedDSAPublicKey(char *dataCentralDir){ - PKIX_PL_PublicKey *firstKey = NULL; - PKIX_PL_PublicKey *secondKey = NULL; - PKIX_PL_PublicKey *resultKeyPositive = NULL; - PKIX_PL_PublicKey *resultKeyNegative = NULL; - PKIX_PL_Cert *firstCert = NULL; - PKIX_PL_Cert *secondCert = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <dsaWithoutParams>"); - firstCert = createCert - (dataCentralDir, "publicKey/dsaWithoutParams", plContext); - - subTest("PKIX_PL_Cert_Create <dsaWithParams>"); - secondCert = createCert - (dataCentralDir, "publicKey/dsaWithParams", plContext); - - subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_GetSubjectPublicKey - (firstCert, &firstKey, plContext)); - - subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey - (secondCert, &secondKey, plContext)); - - subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey - (firstKey, secondKey, &resultKeyPositive, plContext)); - - if (resultKeyPositive == NULL){ - testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed"); - } - - subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>"); - PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey - (firstKey, firstKey, &resultKeyNegative, plContext)); - -cleanup: - - PKIX_TEST_DECREF_AC(firstCert); - PKIX_TEST_DECREF_AC(secondCert); - - PKIX_TEST_DECREF_AC(firstKey); - PKIX_TEST_DECREF_AC(secondKey); - PKIX_TEST_DECREF_AC(resultKeyPositive); - PKIX_TEST_DECREF_AC(resultKeyNegative); - - PKIX_TEST_RETURN(); -} - -static void testVerifySignature(char *dataCentralDir){ - PKIX_PL_Cert *firstCert = NULL; - PKIX_PL_Cert *secondCert = NULL; - PKIX_PL_PublicKey *firstPubKey = NULL; - PKIX_PL_PublicKey *secondPubKey = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Create <labs2yassir>"); - firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext); - - subTest("PKIX_PL_Cert_Create <yassir2labs>"); - secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext); - - subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_GetSubjectPublicKey - (firstCert, &firstPubKey, plContext)); - - subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_GetSubjectPublicKey - (secondCert, &secondPubKey, plContext)); - - subTest("PKIX_PL_Cert_VerifySignature <positive>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_VerifySignature - (secondCert, firstPubKey, plContext)); - - subTest("PKIX_PL_Cert_VerifySignature <negative>"); - PKIX_TEST_EXPECT_ERROR - (PKIX_PL_Cert_VerifySignature - (secondCert, secondPubKey, plContext)); - -cleanup: - - PKIX_TEST_DECREF_AC(firstCert); - PKIX_TEST_DECREF_AC(secondCert); - PKIX_TEST_DECREF_AC(firstPubKey); - PKIX_TEST_DECREF_AC(secondPubKey); - - PKIX_TEST_RETURN(); -} - -static void -testCheckValidity( - PKIX_PL_Cert *olderCert, - PKIX_PL_Cert *newerCert) -{ - /* - * olderCert has the following Validity: - * notBefore = August 19, 1999: 20:19:56 GMT - * notAfter = August 18, 2000: 20:19:56 GMT - * - * newerCert has the following Validity: - * notBefore = November 13, 2003: 16:46:03 GMT - * notAfter = February 13, 2009: 16:46:03 GMT - */ - - /* olderDateAscii = March 29, 2000: 13:48:47 GMT */ - char *olderAscii = "000329134847Z"; - PKIX_PL_String *olderString = NULL; - PKIX_PL_Date *olderDate = NULL; - - /* newerDateAscii = March 29, 2004: 13:48:47 GMT */ - char *newerAscii = "040329134847Z"; - PKIX_PL_String *newerString = NULL; - PKIX_PL_Date *newerDate = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_CheckValidity <creating Dates>"); - - /* create newer date when newer cert is valid but older cert is not */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, newerAscii, 0, &newerString, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Date_Create_UTCTime - (newerString, &newerDate, plContext)); - - /* create older date when older cert is valid but newer cert is not */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, olderAscii, 0, &olderString, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Date_Create_UTCTime - (olderString, &olderDate, plContext)); - - /* check validity of both certificates using olderDate */ - subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext)); - - subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>"); - PKIX_TEST_EXPECT_ERROR - (PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext)); - - /* check validity of both certificates using newerDate */ - subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext)); - - subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>"); - PKIX_TEST_EXPECT_ERROR - (PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext)); - - /* - * check validity of both certificates using current time - * NOTE: these "now" tests will not work when the current - * time is after newerCert.notAfter (~ February 13, 2009) - */ - subTest("PKIX_PL_Cert_CheckValidity <now:positive>"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext)); - - subTest("PKIX_PL_Cert_CheckValidity <now:negative>"); - PKIX_TEST_EXPECT_ERROR - (PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext)); - -cleanup: - PKIX_TEST_DECREF_AC(olderString); - PKIX_TEST_DECREF_AC(newerString); - PKIX_TEST_DECREF_AC(olderDate); - PKIX_TEST_DECREF_AC(newerDate); - - PKIX_TEST_RETURN(); -} - -static void -readCertBasicConstraints( - char *dataDir, - char *goodCertName, - char *diffCertName, - PKIX_PL_CertBasicConstraints **goodBasicConstraints, - PKIX_PL_CertBasicConstraints **equalBasicConstraints, - PKIX_PL_CertBasicConstraints **diffBasicConstraints){ - - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - - PKIX_TEST_STD_VARS(); - - createCerts(dataDir, goodCertName, diffCertName, - &goodCert, &equalCert, &diffCert); - /* - * Warning: pointer will be NULL if BasicConstraints - * extension is not present in the certificate. */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints - (goodCert, goodBasicConstraints, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints - (equalCert, equalBasicConstraints, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints - (diffCert, diffBasicConstraints, plContext)); - -cleanup: - - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(diffCert); - - PKIX_TEST_RETURN(); -} - -static void -testBasicConstraintsHelper( - char *dataDir, - char *goodCertName, - char *diffCertName, - char *expectedAscii) -{ - PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; - - PKIX_TEST_STD_VARS(); - - readCertBasicConstraints - (dataDir, - goodCertName, - diffCertName, - &goodBasicConstraints, - &equalBasicConstraints, - &diffBasicConstraints); - - /* - * The standard test macro is applicable only - * if BasicConstraint extension is present - * in the certificate. Otherwise some - * pointers will be null. - */ - if ((goodBasicConstraints) && - (equalBasicConstraints) && - (diffBasicConstraints)) { - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodBasicConstraints, - equalBasicConstraints, - diffBasicConstraints, - expectedAscii, - BasicConstraints, - PKIX_TRUE); - } else { - /* Test what we can */ - if (goodBasicConstraints) { - if (!equalBasicConstraints) { - testError - ("Unexpected NULL value of equalBasicConstraints"); - goto cleanup; - } - subTest("PKIX_PL_BasicConstraints_Equals <match>"); - testEqualsHelper - ((PKIX_PL_Object *)(goodBasicConstraints), - (PKIX_PL_Object *)(equalBasicConstraints), - PKIX_TRUE, - plContext); - subTest("PKIX_PL_BasicConstraints_Hashcode <match>"); - testHashcodeHelper - ((PKIX_PL_Object *)(goodBasicConstraints), - (PKIX_PL_Object *)(equalBasicConstraints), - PKIX_TRUE, - plContext); - if (diffBasicConstraints) { - subTest("PKIX_PL_BasicConstraints_Equals <non-match>"); - testEqualsHelper - ((PKIX_PL_Object *)(goodBasicConstraints), - (PKIX_PL_Object *)(diffBasicConstraints), - PKIX_FALSE, - plContext); - subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>"); - testHashcodeHelper - ((PKIX_PL_Object *)(goodBasicConstraints), - (PKIX_PL_Object *)(diffBasicConstraints), - PKIX_FALSE, - plContext); - } - subTest("PKIX_PL_BasicConstraints_Duplicate"); - testDuplicateHelper - ((PKIX_PL_Object *)goodBasicConstraints, plContext); - } - if (expectedAscii) { - subTest("PKIX_PL_BasicConstraints_ToString"); - testToStringHelper - ((PKIX_PL_Object *)(goodBasicConstraints), - expectedAscii, - plContext); - } - } - -cleanup: - - PKIX_TEST_DECREF_AC(goodBasicConstraints); - PKIX_TEST_DECREF_AC(equalBasicConstraints); - PKIX_TEST_DECREF_AC(diffBasicConstraints); - - PKIX_TEST_RETURN(); -} - -static void -testBasicConstraints_GetCAFlag(char *dataCentralDir) -{ - /* - * XXX When we have a certificate with a non-null Basic - * Constraints field and a value of FALSE for CAFlag, - * this test should be modified to use that - * certificate for diffCertName, and to verify that - * GetCAFlag returns a FALSE value. But our certificates for - * non-CAs are created with no BasicConstraints extension. - */ - PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; - char *goodCertName = "yassir2yassir"; - char *diffCertName = "nss2alice"; - PKIX_Boolean goodCAFlag = PKIX_FALSE; - PKIX_Boolean diffCAFlag = PKIX_FALSE; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_BasicConstraints_GetCAFlag"); - - readCertBasicConstraints - (dataCentralDir, - goodCertName, - diffCertName, - &goodBasicConstraints, - &equalBasicConstraints, - &diffBasicConstraints); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag - (goodBasicConstraints, &goodCAFlag, plContext)); - if (!goodCAFlag) { - testError("BasicConstraint CAFlag unexpectedly FALSE"); - goto cleanup; - } - - if (diffBasicConstraints) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag - (diffBasicConstraints, &diffCAFlag, plContext)); - if (diffCAFlag) { - testError("BasicConstraint CAFlag unexpectedly TRUE"); - goto cleanup; - } - } - -cleanup: - - PKIX_TEST_DECREF_AC(goodBasicConstraints); - PKIX_TEST_DECREF_AC(equalBasicConstraints); - PKIX_TEST_DECREF_AC(diffBasicConstraints); - - PKIX_TEST_RETURN(); -} - -static void -testBasicConstraints_GetPathLenConstraint(char *dataCentralDir) -{ - PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; - PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; - char *goodCertName = "yassir2yassir"; - char *diffCertName = "sun2sun"; - PKIX_Int32 goodPathLen = 0; - PKIX_Int32 diffPathLen = 0; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint"); - - readCertBasicConstraints - (dataCentralDir, - goodCertName, - diffCertName, - &goodBasicConstraints, - &equalBasicConstraints, - &diffBasicConstraints); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_BasicConstraints_GetPathLenConstraint - (goodBasicConstraints, &goodPathLen, plContext)); - if (0 != goodPathLen) { - testError("unexpected basicConstraint pathLen"); - (void) printf("Actual value:\t%d\n", goodPathLen); - (void) printf("Expected value:\t0\n"); - goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_BasicConstraints_GetPathLenConstraint - (diffBasicConstraints, &diffPathLen, plContext)); - if (1 != diffPathLen) { - testError("unexpected basicConstraint pathLen"); - (void) printf("Actual value:\t%d\n", diffPathLen); - (void) printf("Expected value:\t1\n"); - goto cleanup; - } - -cleanup: - - PKIX_TEST_DECREF_AC(goodBasicConstraints); - PKIX_TEST_DECREF_AC(equalBasicConstraints); - PKIX_TEST_DECREF_AC(diffBasicConstraints); - - PKIX_TEST_RETURN(); -} - -static void -testGetBasicConstraints(char *dataCentralDir) -{ - char *goodCertName = NULL; - char *diffCertName = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>"); - goodCertName = "yassir2yassir"; - diffCertName = "nss2alice"; - testBasicConstraintsHelper - (dataCentralDir, goodCertName, diffCertName, "CA(0)"); - - subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>"); - goodCertName = "nss2alice"; - diffCertName = "sun2sun"; - testBasicConstraintsHelper - (dataCentralDir, goodCertName, diffCertName, NULL); - - subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>"); - goodCertName = "yassir2bcn"; - diffCertName = "sun2sun"; - testBasicConstraintsHelper - (dataCentralDir, goodCertName, diffCertName, "CA(0)"); - - subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>"); - goodCertName = "anchor2dsa"; - diffCertName = "sun2sun"; - testBasicConstraintsHelper - (dataCentralDir, goodCertName, diffCertName, "CA(-1)"); - - PKIX_TEST_RETURN(); -} - -static void -testGetPolicyInformation(char *dataDir) -{ - - char *goodCertName = - "UserNoticeQualifierTest15EE.crt"; - char *equalCertName = - "UserNoticeQualifierTest15EE.crt"; - char *diffCertName = - "UserNoticeQualifierTest17EE.crt"; - PKIX_Boolean isImmutable = PKIX_FALSE; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - PKIX_List* goodPolicyInfo = NULL; - PKIX_List* equalPolicyInfo = NULL; - PKIX_List* diffPolicyInfo = NULL; - PKIX_PL_CertPolicyInfo *goodPolicy = NULL; - PKIX_PL_CertPolicyInfo *equalPolicy = NULL; - PKIX_PL_CertPolicyInfo *diffPolicy = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_Cert_GetPolicyInformation"); - - /* - * Get the cert, then the list of policyInfos. - * Take the first policyInfo from the list. - */ - - /* Get the PolicyInfo objects */ - goodCert = createCert(dataDir, goodCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (goodCert, &goodPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); - - equalCert = createCert(dataDir, equalCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (equalCert, &equalPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (equalPolicyInfo, - 0, - (PKIX_PL_Object **)&equalPolicy, - plContext)); - - diffCert = createCert(dataDir, diffCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (diffCert, &diffPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodPolicy, - equalPolicy, - diffPolicy, - NULL, - CertPolicyInfo, - PKIX_FALSE); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable - (goodPolicyInfo, &isImmutable, plContext)); - - if (isImmutable != PKIX_TRUE) { - testError("PolicyInfo List is not immutable"); - } - -cleanup: - - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(diffPolicy); - PKIX_TEST_DECREF_AC(goodPolicyInfo); - PKIX_TEST_DECREF_AC(equalPolicyInfo); - PKIX_TEST_DECREF_AC(diffPolicyInfo); - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(diffCert); - PKIX_TEST_RETURN(); -} - -static void -testCertPolicy_GetPolicyId(char *dataDir) -{ - char *goodCertName = - "UserNoticeQualifierTest15EE.crt"; - char *equalCertName = - "UserNoticeQualifierTest16EE.crt"; - char *diffCertName = - "UserNoticeQualifierTest17EE.crt"; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - PKIX_List* goodPolicyInfo = NULL; - PKIX_List* equalPolicyInfo = NULL; - PKIX_List* diffPolicyInfo = NULL; - PKIX_PL_CertPolicyInfo *goodPolicy = NULL; - PKIX_PL_CertPolicyInfo *equalPolicy = NULL; - PKIX_PL_CertPolicyInfo *diffPolicy = NULL; - PKIX_PL_OID *goodID = NULL; - PKIX_PL_OID *equalID = NULL; - PKIX_PL_OID *diffID = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_CertPolicyInfo_GetPolicyId"); - - /* - * Get the cert, then the list of policyInfos. - * Take the first policyInfo from the list. - * Finally, get the policyInfo's ID. - */ - - /* Get the PolicyInfo objects */ - goodCert = createCert(dataDir, goodCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (goodCert, &goodPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId - (goodPolicy, &goodID, plContext)); - - equalCert = createCert(dataDir, equalCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (equalCert, &equalPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (equalPolicyInfo, - 0, - (PKIX_PL_Object **)&equalPolicy, - plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId - (equalPolicy, &equalID, plContext)); - - diffCert = createCert(dataDir, diffCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (diffCert, &diffPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId - (diffPolicy, &diffID, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodID, equalID, diffID, NULL, OID, PKIX_FALSE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodID); - PKIX_TEST_DECREF_AC(equalID); - PKIX_TEST_DECREF_AC(diffID); - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(diffPolicy); - PKIX_TEST_DECREF_AC(goodPolicyInfo); - PKIX_TEST_DECREF_AC(equalPolicyInfo); - PKIX_TEST_DECREF_AC(diffPolicyInfo); - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(diffCert); - PKIX_TEST_RETURN(); -} - -static void -testCertPolicy_GetPolQualifiers(char *dataDir) -{ - char *goodCertName = - "UserNoticeQualifierTest15EE.crt"; - char *equalCertName = - "UserNoticeQualifierTest16EE.crt"; - char *diffCertName = - "UserNoticeQualifierTest18EE.crt"; - PKIX_Boolean isImmutable = PKIX_FALSE; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - PKIX_List* goodPolicyInfo = NULL; - PKIX_List* equalPolicyInfo = NULL; - PKIX_List* diffPolicyInfo = NULL; - PKIX_PL_CertPolicyInfo *goodPolicy = NULL; - PKIX_PL_CertPolicyInfo *equalPolicy = NULL; - PKIX_PL_CertPolicyInfo *diffPolicy = NULL; - PKIX_List* goodQuals = NULL; - PKIX_List* equalQuals = NULL; - PKIX_List* diffQuals = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers"); - - /* - * Get the cert, then the list of policyInfos. - * Take the first policyInfo from the list. - * Get its list of PolicyQualifiers. - */ - - /* Get the PolicyInfo objects */ - goodCert = createCert(dataDir, goodCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (goodCert, &goodPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (goodPolicy, &goodQuals, plContext)); - - equalCert = createCert(dataDir, equalCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (equalCert, &equalPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (equalPolicyInfo, - 0, - (PKIX_PL_Object **)&equalPolicy, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (equalPolicy, &equalQuals, plContext)); - - diffCert = createCert(dataDir, diffCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (diffCert, &diffPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (diffPolicy, &diffQuals, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodQuals, - equalQuals, - diffQuals, - NULL, - List, - PKIX_FALSE); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable - (goodQuals, &isImmutable, plContext)); - - if (isImmutable != PKIX_TRUE) { - testError("PolicyQualifier List is not immutable"); - } - -cleanup: - - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(goodPolicyInfo); - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(goodQuals); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(equalPolicyInfo); - PKIX_TEST_DECREF_AC(equalQuals); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(diffCert); - PKIX_TEST_DECREF_AC(diffPolicyInfo); - PKIX_TEST_DECREF_AC(diffPolicy); - PKIX_TEST_DECREF_AC(diffQuals); - - PKIX_TEST_RETURN(); -} - -static void -testPolicyQualifier_GetQualifier(char *dataDir) -{ - char *goodCertName = - "UserNoticeQualifierTest15EE.crt"; - char *equalCertName = - "UserNoticeQualifierTest16EE.crt"; - char *diffCertName = - "UserNoticeQualifierTest18EE.crt"; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - PKIX_List* goodPolicyInfo = NULL; - PKIX_List* equalPolicyInfo = NULL; - PKIX_List* diffPolicyInfo = NULL; - PKIX_PL_CertPolicyInfo *goodPolicy = NULL; - PKIX_PL_CertPolicyInfo *equalPolicy = NULL; - PKIX_PL_CertPolicyInfo *diffPolicy = NULL; - PKIX_List* goodQuals = NULL; - PKIX_List* equalQuals = NULL; - PKIX_List* diffQuals = NULL; - PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; - PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; - PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; - PKIX_PL_ByteArray *goodArray = NULL; - PKIX_PL_ByteArray *equalArray = NULL; - PKIX_PL_ByteArray *diffArray = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_PolicyQualifier_GetQualifier"); - - /* - * Get the cert, then the list of policyInfos. - * Take the first policyInfo from the list. - * Get its list of PolicyQualifiers. - * Take the first policyQualifier from the list. - * Finally, get the policyQualifier's ByteArray. - */ - - /* Get the PolicyInfo objects */ - goodCert = createCert(dataDir, goodCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (goodCert, &goodPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (goodPolicy, &goodQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (goodQuals, - 0, - (PKIX_PL_Object **)&goodPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier - (goodPolQualifier, &goodArray, plContext)); - - equalCert = createCert(dataDir, equalCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (equalCert, &equalPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (equalPolicyInfo, - 0, - (PKIX_PL_Object **)&equalPolicy, - plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (equalPolicy, &equalQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (equalQuals, - 0, - (PKIX_PL_Object **)&equalPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier - (equalPolQualifier, &equalArray, plContext)); - - diffCert = createCert(dataDir, diffCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (diffCert, &diffPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (diffPolicy, &diffQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (diffQuals, - 0, - (PKIX_PL_Object **)&diffPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier - (diffPolQualifier, &diffArray, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodArray); - PKIX_TEST_DECREF_AC(equalArray); - PKIX_TEST_DECREF_AC(diffArray); - PKIX_TEST_DECREF_AC(goodPolQualifier); - PKIX_TEST_DECREF_AC(equalPolQualifier); - PKIX_TEST_DECREF_AC(diffPolQualifier); - PKIX_TEST_DECREF_AC(goodQuals); - PKIX_TEST_DECREF_AC(equalQuals); - PKIX_TEST_DECREF_AC(diffQuals); - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(diffPolicy); - PKIX_TEST_DECREF_AC(goodPolicyInfo); - PKIX_TEST_DECREF_AC(equalPolicyInfo); - PKIX_TEST_DECREF_AC(diffPolicyInfo); - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(diffCert); - PKIX_TEST_RETURN(); -} - -static void -testPolicyQualifier_GetPolicyQualifierId(char *dataDir) -{ - char *goodCertName = - "UserNoticeQualifierTest15EE.crt"; - char *equalCertName = - "UserNoticeQualifierTest16EE.crt"; - char *diffCertName = - "CPSPointerQualifierTest20EE.crt"; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Cert *diffCert = NULL; - PKIX_List* goodPolicyInfo = NULL; - PKIX_List* equalPolicyInfo = NULL; - PKIX_List* diffPolicyInfo = NULL; - PKIX_PL_CertPolicyInfo *goodPolicy = NULL; - PKIX_PL_CertPolicyInfo *equalPolicy = NULL; - PKIX_PL_CertPolicyInfo *diffPolicy = NULL; - PKIX_List* goodQuals = NULL; - PKIX_List* equalQuals = NULL; - PKIX_List* diffQuals = NULL; - PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; - PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; - PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; - PKIX_PL_OID *goodID = NULL; - PKIX_PL_OID *equalID = NULL; - PKIX_PL_OID *diffID = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId"); - - /* - * Get the cert, then the list of policyInfos. - * Take the first policyInfo from the list. - * Get its list of PolicyQualifiers. - * Take the first policyQualifier from the list. - * Finally, get the policyQualifier's ID. - */ - - /* Get the PolicyQualifier objects */ - goodCert = createCert(dataDir, goodCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (goodCert, &goodPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (goodPolicy, &goodQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (goodQuals, - 0, - (PKIX_PL_Object **)&goodPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId - (goodPolQualifier, &goodID, plContext)); - - equalCert = createCert(dataDir, equalCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (equalCert, &equalPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (equalPolicyInfo, - 0, - (PKIX_PL_Object **)&equalPolicy, - plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (equalPolicy, &equalQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (equalQuals, - 0, - (PKIX_PL_Object **)&equalPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId - (equalPolQualifier, &equalID, plContext)); - - diffCert = createCert(dataDir, diffCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (diffCert, &diffPolicyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers - (diffPolicy, &diffQuals, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_List_GetItem - (diffQuals, - 0, - (PKIX_PL_Object **)&diffPolQualifier, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId - (diffPolQualifier, &diffID, plContext)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodID, equalID, diffID, NULL, OID, PKIX_FALSE); - -cleanup: - - PKIX_TEST_DECREF_AC(goodID); - PKIX_TEST_DECREF_AC(equalID); - PKIX_TEST_DECREF_AC(diffID); - PKIX_TEST_DECREF_AC(goodPolQualifier); - PKIX_TEST_DECREF_AC(equalPolQualifier); - PKIX_TEST_DECREF_AC(diffPolQualifier); - PKIX_TEST_DECREF_AC(goodQuals); - PKIX_TEST_DECREF_AC(equalQuals); - PKIX_TEST_DECREF_AC(diffQuals); - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(diffPolicy); - PKIX_TEST_DECREF_AC(goodPolicyInfo); - PKIX_TEST_DECREF_AC(equalPolicyInfo); - PKIX_TEST_DECREF_AC(diffPolicyInfo); - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(diffCert); - PKIX_TEST_RETURN(); -} - -static void -testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir) -{ - - char *trueCertName = "CertificatePoliciesCritical.crt"; - char *falseCertName = "UserNoticeQualifierTest15EE.crt"; - PKIX_PL_Cert *trueCert = NULL; - PKIX_PL_Cert *falseCert = NULL; - PKIX_Boolean trueVal = PKIX_FALSE; - PKIX_Boolean falseVal = PKIX_FALSE; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>"); - - trueCert = createCert(dataCentralDir, trueCertName, plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical - (trueCert, &trueVal, plContext)); - - if (trueVal != PKIX_TRUE) { - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", trueVal); - (void) printf("Expected value:\t1\n"); - goto cleanup; - } - - subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>"); - - falseCert = createCert(dataDir, falseCertName, plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical - (falseCert, &falseVal, plContext)); - - if (falseVal != PKIX_FALSE) { - testError("unexpected mismatch"); - (void) printf("Actual value:\t%d\n", falseVal); - (void) printf("Expected value:\t0\n"); - goto cleanup; - } - -cleanup: - - PKIX_TEST_DECREF_AC(trueCert); - PKIX_TEST_DECREF_AC(falseCert); - - PKIX_TEST_RETURN(); -} - -static void -testCertPolicyConstraints(char *dataDir) -{ - char *requireExplicitPolicy2CertName = - "requireExplicitPolicy2CACert.crt"; - char *inhibitPolicyMapping5CertName = - "inhibitPolicyMapping5CACert.crt"; - char *inhibitAnyPolicy5CertName = - "inhibitAnyPolicy5CACert.crt"; - char *inhibitAnyPolicy0CertName = - "inhibitAnyPolicy0CACert.crt"; - PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL; - PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL; - PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL; - PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL; - PKIX_Int32 skipCerts = 0; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetRequireExplicitPolicy"); - requireExplicitPolicy2Cert = createCert - (dataDir, requireExplicitPolicy2CertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy - (requireExplicitPolicy2Cert, &skipCerts, NULL)); - PR_ASSERT(skipCerts == 2); - - subTest("PKIX_PL_Cert_GetPolicyMappingInhibited"); - inhibitPolicyMapping5Cert = createCert - (dataDir, inhibitPolicyMapping5CertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited - (inhibitPolicyMapping5Cert, &skipCerts, NULL)); - PR_ASSERT(skipCerts == 5); - - subTest("PKIX_PL_Cert_GetInhibitAnyPolicy"); - inhibitAnyPolicy5Cert = createCert - (dataDir, inhibitAnyPolicy5CertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy - (inhibitAnyPolicy5Cert, &skipCerts, NULL)); - PR_ASSERT(skipCerts == 5); - - inhibitAnyPolicy0Cert = createCert - (dataDir, inhibitAnyPolicy0CertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy - (inhibitAnyPolicy0Cert, &skipCerts, NULL)); - PR_ASSERT(skipCerts == 0); - -cleanup: - - PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert); - PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert); - PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert); - PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert); - - PKIX_TEST_RETURN(); -} - -static void -testCertPolicyMaps(char *dataDir) -{ - char *policyMappingsCertName = - "P1Mapping1to234CACert.crt"; - char *expectedAscii = - "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2"; - - PKIX_PL_Cert *policyMappingsCert = NULL; - PKIX_List *mappings = NULL; - PKIX_PL_CertPolicyMap *goodMap = NULL; - PKIX_PL_CertPolicyMap *equalMap = NULL; - PKIX_PL_CertPolicyMap *diffMap = NULL; - PKIX_PL_OID *goodOID = NULL; - PKIX_PL_OID *equalOID = NULL; - PKIX_PL_OID *diffOID = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_GetPolicyMappings"); - - policyMappingsCert = createCert - (dataDir, policyMappingsCertName, plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings - (policyMappingsCert, &mappings, NULL)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (mappings, 0, (PKIX_PL_Object **)&goodMap, NULL)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (mappings, 0, (PKIX_PL_Object **)&equalMap, NULL)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (mappings, 2, (PKIX_PL_Object **)&diffMap, NULL)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodMap, - equalMap, - diffMap, - expectedAscii, - CertPolicyMap, - PKIX_TRUE); - - subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy - (goodMap, &goodOID, NULL)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy - (diffMap, &equalOID, NULL)); - subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy - (diffMap, &diffOID, NULL)); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodOID, - equalOID, - diffOID, - "2.16.840.1.101.3.2.1.48.1", - OID, - PKIX_FALSE); - - subTest("pkix_pl_CertPolicyMap_Destroy"); - PKIX_TEST_DECREF_BC(goodMap); - PKIX_TEST_DECREF_BC(equalMap); - PKIX_TEST_DECREF_BC(diffMap); - -cleanup: - PKIX_TEST_DECREF_AC(policyMappingsCert); - PKIX_TEST_DECREF_AC(mappings); - PKIX_TEST_DECREF_AC(goodOID); - PKIX_TEST_DECREF_AC(equalOID); - PKIX_TEST_DECREF_AC(diffOID); - - PKIX_TEST_RETURN(); -} - - -static void -testNameConstraints(char *dataDir) -{ - char *firstPname = "nameConstraintsDN3subCA2Cert.crt"; - char *secondPname = "nameConstraintsDN4CACert.crt"; - char *thirdPname = "nameConstraintsDN5CACert.crt"; - char *lastPname = "InvalidDNnameConstraintsTest3EE.crt"; - PKIX_PL_Cert *firstCert = NULL; - PKIX_PL_Cert *secondCert = NULL; - PKIX_PL_Cert *thirdCert = NULL; - PKIX_PL_Cert *lastCert = NULL; - PKIX_PL_CertNameConstraints *firstNC = NULL; - PKIX_PL_CertNameConstraints *secondNC = NULL; - PKIX_PL_CertNameConstraints *thirdNC = NULL; - PKIX_PL_CertNameConstraints *firstMergedNC = NULL; - PKIX_PL_CertNameConstraints *secondMergedNC = NULL; - char *firstExpectedAscii = - "[\n" - "\t\tPermitted Name: (O=Test Certificates,C=US)\n" - "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates," - "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n" - "\t]\n"; - char *secondExpectedAscii = - "[\n" - "\t\tPermitted Name: (O=Test Certificates,C=US, " - "OU=permittedSubtree1,O=Test Certificates,C=US)\n" - "\t\tExcluded Name: (OU=excludedSubtree1," - "O=Test Certificates," - "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, " - "OU=excludedSubtree1,OU=permittedSubtree1," - "O=Test Certificates,C=US)\n" - "\t]\n"; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_PL_CertNameConstraints"); - - firstCert = createCert(dataDir, firstPname, plContext); - secondCert = createCert(dataDir, secondPname, plContext); - thirdCert = createCert(dataDir, thirdPname, plContext); - lastCert = createCert(dataDir, lastPname, plContext); - - subTest("PKIX_PL_Cert_GetNameConstraints <total=3>"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (firstCert, &firstNC, NULL)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (secondCert, &secondNC, NULL)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (thirdCert, &thirdNC, NULL)); - - subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints - (firstNC, secondNC, &firstMergedNC, NULL)); - - subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints - (firstMergedNC, thirdNC, &secondMergedNC, NULL)); - - testToStringHelper - ((PKIX_PL_Object *)firstMergedNC, - firstExpectedAscii, - plContext); - - testToStringHelper - ((PKIX_PL_Object *)secondMergedNC, - secondExpectedAscii, - plContext); - - subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>"); - - /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints - (firstCert, firstMergedNC, NULL)); - - subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>"); - - /* - * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, - * OU=permittedSubtree1,O=Test Certificates,C=US - */ - PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints - (lastCert, secondMergedNC, NULL)); - - subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); - - /* - * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, - * OU=permittedSubtree1,O=Test Certificates,C=US - * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate - * Test3,OU=excludedSubtree1,O=Test Certificates,C=US - */ - PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints - (lastCert, firstMergedNC, NULL)); - - subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); - - PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints - (firstCert, secondMergedNC, NULL)); - -cleanup: - - PKIX_TEST_DECREF_AC(firstCert); - PKIX_TEST_DECREF_AC(secondCert); - PKIX_TEST_DECREF_AC(thirdCert); - PKIX_TEST_DECREF_AC(lastCert); - PKIX_TEST_DECREF_AC(firstNC); - PKIX_TEST_DECREF_AC(secondNC); - PKIX_TEST_DECREF_AC(thirdNC); - PKIX_TEST_DECREF_AC(firstMergedNC); - PKIX_TEST_DECREF_AC(secondMergedNC); - - PKIX_TEST_RETURN(); -} - -static void -testDestroy(void *goodObject, void *equalObject, void *diffObject) -{ - PKIX_TEST_STD_VARS(); - - subTest("PKIX_PL_Cert_Destroy"); - - PKIX_TEST_DECREF_BC(goodObject); - PKIX_TEST_DECREF_BC(equalObject); - PKIX_TEST_DECREF_BC(diffObject); - - PKIX_TEST_DECREF_BC(altNameNoneCert); - PKIX_TEST_DECREF_BC(altNameOtherCert); - PKIX_TEST_DECREF_BC(altNameOtherCert_diff); - PKIX_TEST_DECREF_BC(altNameRfc822Cert); - PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff); - PKIX_TEST_DECREF_BC(altNameDnsCert); - PKIX_TEST_DECREF_BC(altNameDnsCert_diff); - PKIX_TEST_DECREF_BC(altNameX400Cert); - PKIX_TEST_DECREF_BC(altNameX400Cert_diff); - PKIX_TEST_DECREF_BC(altNameDnCert); - PKIX_TEST_DECREF_BC(altNameDnCert_diff); - PKIX_TEST_DECREF_BC(altNameEdiCert); - PKIX_TEST_DECREF_BC(altNameEdiCert_diff); - PKIX_TEST_DECREF_BC(altNameUriCert); - PKIX_TEST_DECREF_BC(altNameUriCert_diff); - PKIX_TEST_DECREF_BC(altNameIpCert); - PKIX_TEST_DECREF_BC(altNameIpCert_diff); - PKIX_TEST_DECREF_BC(altNameOidCert); - PKIX_TEST_DECREF_BC(altNameOidCert_diff); - PKIX_TEST_DECREF_BC(altNameMultipleCert); - -cleanup: - - PKIX_TEST_RETURN(); - -} - -static -void printUsage(void) { - (void) printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n"); -} - -int test_cert(int argc, char *argv[]) { - - PKIX_PL_Cert *goodObject = NULL; - PKIX_PL_Cert *equalObject = NULL; - PKIX_PL_Cert *diffObject = NULL; - PKIX_UInt32 actualMinorVersion; - PKIX_UInt32 j = 0; - - char *dataCentralDir = NULL; - char *dataDir = NULL; - char *goodInput = "yassir2bcn"; - char *diffInput = "nss2alice"; - - char *expectedAscii = - "[\n" - "\tVersion: v3\n" - "\tSerialNumber: 37bc66ec\n" - "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" - "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" - "\tValidity: [From: Thu Aug 19, 1999\n" - /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */ - "\t To: Fri Aug 18, 2000]\n" - /* "\t To: Fri Aug 18 16:19:56 2000]\n" */ - "\tSubjectAltNames: (null)\n" - "\tAuthorityKeyId: (null)\n" - "\tSubjectKeyId: (null)\n" - "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" - "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" - "\tExtKeyUsages: (null)\n" - "\tBasicConstraint: CA(0)\n" - "\tCertPolicyInfo: (null)\n" - "\tPolicyMappings: (null)\n" - "\tExplicitPolicy: -1\n" - "\tInhibitMapping: -1\n" - "\tInhibitAnyPolicy:-1\n" - "\tNameConstraints: (null)\n" - "\tAuthorityInfoAccess: (null)\n" - "\tSubjectInfoAccess: (null)\n" - "\tCacheFlag: 0\n" - "]\n"; - - PKIX_TEST_STD_VARS(); - - startTests("Cert"); - - PKIX_TEST_EXPECT_NO_ERROR( - PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); - - if (argc < 3+j) { - printUsage(); - return (0); - } - - dataCentralDir = argv[2+j]; - dataDir = argv[3+j]; - - createCerts - (dataCentralDir, - goodInput, - diffInput, - &goodObject, - &equalObject, - &diffObject); - - testToStringHelper - ((PKIX_PL_Object*)goodObject, expectedAscii, plContext); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodObject, - equalObject, - diffObject, - expectedAscii, - Cert, - PKIX_TRUE); - - testVerifyKeyUsage(dataCentralDir, dataDir, goodObject); - - - testGetExtendedKeyUsage(dataCentralDir); - testGetKeyIdentifiers(dataCentralDir, goodObject); - - testGetVersion(goodObject); - testGetSerialNumber(goodObject, equalObject, diffObject); - - testGetSubject(goodObject, equalObject, diffObject); - testGetIssuer(goodObject, equalObject, diffObject); - - testGetSubjectAltNames(dataCentralDir); - testGetCriticalExtensionOIDs(dataCentralDir, goodObject); - - testGetSubjectPublicKey(goodObject, equalObject, diffObject); - testGetSubjectPublicKeyAlgId(goodObject); - testMakeInheritedDSAPublicKey(dataCentralDir); - - testCheckValidity(goodObject, diffObject); - - testBasicConstraints_GetCAFlag(dataCentralDir); - testBasicConstraints_GetPathLenConstraint(dataCentralDir); - testGetBasicConstraints(dataCentralDir); - - /* Basic Policy Processing */ - testGetPolicyInformation(dataDir); - testCertPolicy_GetPolicyId(dataDir); - testCertPolicy_GetPolQualifiers(dataDir); - testPolicyQualifier_GetPolicyQualifierId(dataDir); - testPolicyQualifier_GetQualifier(dataDir); - testAreCertPoliciesCritical(dataCentralDir, dataDir); - - /* Advanced Policy Processing */ - testCertPolicyConstraints(dataDir); - testCertPolicyMaps(dataDir); - - testNameConstraints(dataDir); - - testVerifySignature(dataCentralDir); - - testDestroy(goodObject, equalObject, diffObject); - -cleanup: - - PKIX_Shutdown(plContext); - - PKIX_TEST_RETURN(); - - endTests("Cert"); - - return (0); -} |