1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
* test_buildchain_uchecker.c
7
* Test BuildChain User Checker function
12
#include "testutil_nss.h"
14
static void *plContext = NULL;
15
static PKIX_UInt32 numUserCheckerCalled = 0;
18
void printUsage(void){
19
(void) printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
21
"<trustedCert> <targetCert> <certStoreDirectory>\n\n");
23
("Builds a chain of certificates between "
24
"<trustedCert> and <targetCert>\n"
25
"using the certs and CRLs in <certStoreDirectory>.\n"
26
"If <userOID> is not an empty string, its value is used as\n"
27
"user defined checker's critical extension OID.\n"
28
"A - for <userOID> is no OID and F is for supportingForward.\n"
29
"If ENE is specified, then an Error is Not Expected.\n"
30
"If EE is specified, an Error is Expected.\n");
35
PKIX_CertChainChecker *checker,
37
PKIX_List *unresExtOIDs,
41
numUserCheckerCalled++;
45
int test_buildchain_uchecker(int argc, char *argv[])
47
PKIX_BuildResult *buildResult = NULL;
48
PKIX_ComCertSelParams *certSelParams = NULL;
49
PKIX_CertSelector *certSelector = NULL;
50
PKIX_TrustAnchor *anchor = NULL;
51
PKIX_List *anchors = NULL;
52
PKIX_List *certs = NULL;
53
PKIX_PL_Cert *cert = NULL;
54
PKIX_ProcessingParams *procParams = NULL;
55
PKIX_CertChainChecker *checker = NULL;
57
PKIX_PL_String *dirNameString = NULL;
58
PKIX_PL_Cert *trustedCert = NULL;
59
PKIX_PL_Cert *targetCert = NULL;
60
PKIX_UInt32 numCerts = 0;
64
PKIX_UInt32 chainLength = 0;
65
PKIX_CertStore *certStore = NULL;
66
PKIX_List *certStores = NULL;
67
char * asciiResult = NULL;
69
PKIX_Boolean testValid = PKIX_TRUE;
70
PKIX_Boolean supportForward = PKIX_FALSE;
71
PKIX_List *expectedCerts = NULL;
72
PKIX_List *userOIDs = NULL;
73
PKIX_PL_OID *oid = NULL;
74
PKIX_PL_Cert *dirCert = NULL;
75
PKIX_PL_String *actualCertsString = NULL;
76
PKIX_PL_String *expectedCertsString = NULL;
77
char *actualCertsAscii = NULL;
78
char *expectedCertsAscii = NULL;
79
char *oidString = NULL;
80
void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
81
void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
90
startTests("BuildChain_UserChecker");
92
PKIX_TEST_EXPECT_NO_ERROR(
93
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
95
/* ENE = expect no error; EE = expect error */
96
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
97
testValid = PKIX_TRUE;
98
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
99
testValid = PKIX_FALSE;
105
/* OID specified at argv[3+j] */
107
if (*argv[3+j] != '-') {
109
if (*argv[3+j] == 'F') {
110
supportForward = PKIX_TRUE;
111
oidString = argv[3+j]+1;
113
oidString = argv[3+j];
116
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
117
(&userOIDs, plContext));
118
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
119
(oidString, &oid, plContext));
120
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
121
(userOIDs, (PKIX_PL_Object *)oid, plContext));
122
PKIX_TEST_DECREF_BC(oid);
129
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
131
chainLength = argc - j - 5;
133
for (k = 0; k < chainLength; k++){
135
dirCert = createCert(dirName, argv[5+k+j], plContext);
137
if (k == (chainLength - 1)){
138
PKIX_TEST_EXPECT_NO_ERROR
139
(PKIX_PL_Object_IncRef
140
((PKIX_PL_Object *)dirCert, plContext));
141
trustedCert = dirCert;
144
PKIX_TEST_EXPECT_NO_ERROR
145
(PKIX_List_AppendItem
147
(PKIX_PL_Object *)dirCert,
151
PKIX_TEST_EXPECT_NO_ERROR
152
(PKIX_PL_Object_IncRef
153
((PKIX_PL_Object *)dirCert,
155
targetCert = dirCert;
159
PKIX_TEST_DECREF_BC(dirCert);
162
/* create processing params with list of trust anchors */
164
PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
165
(trustedCert, &anchor, plContext));
166
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
167
PKIX_TEST_EXPECT_NO_ERROR
168
(PKIX_List_AppendItem
169
(anchors, (PKIX_PL_Object *)anchor, plContext));
170
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
171
(anchors, &procParams, plContext));
173
/* create CertSelector with target certificate in params */
175
PKIX_TEST_EXPECT_NO_ERROR
176
(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
178
PKIX_TEST_EXPECT_NO_ERROR
179
(PKIX_ComCertSelParams_SetCertificate
180
(certSelParams, targetCert, plContext));
182
PKIX_TEST_EXPECT_NO_ERROR
183
(PKIX_CertSelector_Create
184
(NULL, NULL, &certSelector, plContext));
186
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
187
(certSelector, certSelParams, plContext));
189
PKIX_TEST_EXPECT_NO_ERROR
190
(PKIX_ProcessingParams_SetTargetCertConstraints
191
(procParams, certSelector, plContext));
193
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
202
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
203
(procParams, checker, plContext));
206
/* create CertStores */
208
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
215
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
216
(dirNameString, &certStore, plContext));
219
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
220
(&certStore, plContext));
224
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
226
PKIX_TEST_EXPECT_NO_ERROR
227
(PKIX_List_AppendItem
228
(certStores, (PKIX_PL_Object *)certStore, plContext));
230
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
231
(procParams, certStores, plContext));
233
/* build cert chain using processing params and return buildResult */
235
pkixTestErrorResult = PKIX_BuildChain
243
if (testValid == PKIX_TRUE) { /* ENE */
244
if (pkixTestErrorResult){
245
(void) printf("UNEXPECTED RESULT RECEIVED!\n");
247
(void) printf("EXPECTED RESULT RECEIVED!\n");
248
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
251
if (pkixTestErrorResult){
252
(void) printf("EXPECTED RESULT RECEIVED!\n");
253
PKIX_TEST_DECREF_BC(pkixTestErrorResult);
255
testError("UNEXPECTED RESULT RECEIVED");
261
PKIX_TEST_EXPECT_NO_ERROR
262
(PKIX_BuildResult_GetCertChain
263
(buildResult, &certs, NULL));
265
PKIX_TEST_EXPECT_NO_ERROR
266
(PKIX_List_GetLength(certs, &numCerts, plContext));
270
for (i = 0; i < numCerts; i++){
271
PKIX_TEST_EXPECT_NO_ERROR
275
(PKIX_PL_Object**)&cert,
278
asciiResult = PKIX_Cert2ASCII(cert);
280
printf("CERT[%d]:\n%s\n", i, asciiResult);
282
PKIX_TEST_EXPECT_NO_ERROR
283
(PKIX_PL_Free(asciiResult, plContext));
286
PKIX_TEST_DECREF_BC(cert);
289
PKIX_TEST_EXPECT_NO_ERROR
290
(PKIX_PL_Object_Equals
291
((PKIX_PL_Object*)certs,
292
(PKIX_PL_Object*)expectedCerts,
297
testError("BUILT CERTCHAIN IS "
298
"NOT THE ONE THAT WAS EXPECTED");
300
PKIX_TEST_EXPECT_NO_ERROR
301
(PKIX_PL_Object_ToString
302
((PKIX_PL_Object *)certs,
306
actualCertsAscii = PKIX_String2ASCII
307
(actualCertsString, plContext);
308
if (actualCertsAscii == NULL){
309
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
313
PKIX_TEST_EXPECT_NO_ERROR
314
(PKIX_PL_Object_ToString
315
((PKIX_PL_Object *)expectedCerts,
316
&expectedCertsString,
319
expectedCertsAscii = PKIX_String2ASCII
320
(expectedCertsString, plContext);
321
if (expectedCertsAscii == NULL){
322
pkixTestErrorMsg = "PKIX_String2ASCII Failed";
326
(void) printf("Actual value:\t%s\n", actualCertsAscii);
327
(void) printf("Expected value:\t%s\n",
330
if (chainLength - 1 != numUserCheckerCalled) {
332
"PKIX user defined checker not called";
341
PKIX_PL_Free(asciiResult, plContext);
342
PKIX_PL_Free(actualCertsAscii, plContext);
343
PKIX_PL_Free(expectedCertsAscii, plContext);
345
PKIX_TEST_DECREF_AC(actualCertsString);
346
PKIX_TEST_DECREF_AC(expectedCertsString);
347
PKIX_TEST_DECREF_AC(expectedCerts);
348
PKIX_TEST_DECREF_AC(certs);
349
PKIX_TEST_DECREF_AC(cert);
350
PKIX_TEST_DECREF_AC(certStore);
351
PKIX_TEST_DECREF_AC(certStores);
352
PKIX_TEST_DECREF_AC(dirNameString);
353
PKIX_TEST_DECREF_AC(trustedCert);
354
PKIX_TEST_DECREF_AC(targetCert);
355
PKIX_TEST_DECREF_AC(anchor);
356
PKIX_TEST_DECREF_AC(anchors);
357
PKIX_TEST_DECREF_AC(procParams);
358
PKIX_TEST_DECREF_AC(certSelParams);
359
PKIX_TEST_DECREF_AC(certSelector);
360
PKIX_TEST_DECREF_AC(buildResult);
361
PKIX_TEST_DECREF_AC(procParams);
362
PKIX_TEST_DECREF_AC(userOIDs);
363
PKIX_TEST_DECREF_AC(checker);
367
PKIX_Shutdown(plContext);
369
endTests("BuildChain_UserChecker");