1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
* test_basicconstraintschecker.c
7
* Test Basic Constraints Checking
12
#include "testutil_nss.h"
14
#define PKIX_TEST_MAX_CERTS 10
16
static void *plContext = NULL;
19
void printUsage1(char *pName){
20
printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
21
printf("cert [certs].\n");
25
void printUsageMax(PKIX_UInt32 numCerts){
26
printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
27
numCerts, PKIX_TEST_MAX_CERTS);
30
int test_basicconstraintschecker(int argc, char *argv[]){
32
PKIX_List *chain = NULL;
33
PKIX_ValidateParams *valParams = NULL;
34
PKIX_ValidateResult *valResult = NULL;
35
PKIX_UInt32 actualMinorVersion;
36
char *certNames[PKIX_TEST_MAX_CERTS];
37
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
38
PKIX_VerifyNode *verifyTree = NULL;
39
PKIX_PL_String *verifyString = NULL;
40
PKIX_UInt32 chainLength = 0;
43
PKIX_Boolean testValid = PKIX_FALSE;
53
startTests("BasicConstraintsChecker");
55
PKIX_TEST_EXPECT_NO_ERROR(
56
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
58
/* ENE = expect no error; EE = expect error */
59
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
60
testValid = PKIX_TRUE;
61
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
62
testValid = PKIX_FALSE;
70
chainLength = (argc - j) - 4;
71
if (chainLength > PKIX_TEST_MAX_CERTS) {
72
printUsageMax(chainLength);
75
for (i = 0; i < chainLength; i++) {
76
certNames[i] = argv[(4+j)+i];
82
subTest("Basic-Constraints - Create Cert Chain");
84
chain = createCertChainPlus
85
(dirName, certNames, certs, chainLength, plContext);
88
* Error occurs when creating Cert, this is critical and test
89
* should not continue. Since we expect error, we assume this
90
* error is the one that is expected, so undo the error count.
92
* This work needs future enhancement. We will introduce another
93
* flag ESE, in addition to the existing EE(expect validation
94
* error) and ENE(expect no validation error). ESE stands for
95
* "expect setup error". When running with ESE, if any of the setup
96
* calls such creating Cert Chain fails, the test can end and
97
* considered to be successful.
99
if (testValid == PKIX_FALSE && chain == NULL) {
100
testErrorUndo("Cert Error - Create failed");
104
subTest("Basic-Constraints - Create Params");
106
valParams = createValidateParams
119
subTest("Basic-Constraints - Validate Chain");
121
if (testValid == PKIX_TRUE) {
122
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
123
(valParams, &valResult, &verifyTree, plContext));
125
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
126
(valParams, &valResult, &verifyTree, plContext));
131
PKIX_TEST_DECREF_AC(verifyString);
132
PKIX_TEST_DECREF_AC(verifyTree);
133
PKIX_TEST_DECREF_AC(chain);
134
PKIX_TEST_DECREF_AC(valParams);
135
PKIX_TEST_DECREF_AC(valResult);
137
PKIX_Shutdown(plContext);
141
endTests("BasicConstraintsChecker");