← Back to branch summary

~ubuntu-branches/ubuntu/quantal/nss/quantal-updates

« back to all changes in this revision

Viewing changes to mozilla/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2013-11-14 14:58:07 UTC
  • mfrom: (1.1.19)
  • Revision ID: package-import@ubuntu.com-20131114145807-vj6v4erz8xj6kwz3
Tags: 3.15.3-0ubuntu0.12.10.1
* SECURITY UPDATE: New upstream release to fix multiple security issues
  and add TLSv1.2 support.
  - CVE-2013-1739
  - CVE-2013-1741
  - CVE-2013-5605
  - CVE-2013-5606
* Adjusted packaging for 3.15.3:
  - debian/patches/*: refreshed.
  - debian/patches/lower-dhe-priority.patch: removed, no longer needed,
    was a workaround for an old version of firefox.
  - debian/libnss3.symbols: added new symbols.
  - debian/rules: updated for new source layout.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mozilla/security/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
1
 
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
 
/*
5
 
 * test_buildchain_uchecker.c
6
 
 *
7
 
 * Test BuildChain User Checker function
8
 
 *
9
 
 */
10
 
 
11
 
#include "testutil.h"
12
 
#include "testutil_nss.h"
13
 
 
14
 
static void *plContext = NULL;
15
 
static PKIX_UInt32 numUserCheckerCalled = 0;
16
 
 
17
 
static
18
 
void printUsage(void){
19
 
        (void) printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
20
 
                    "[-|[F]<userOID>] "
21
 
                    "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
22
 
        (void) printf
23
 
                ("Builds a chain of certificates between "
24
 
                "<trustedCert> and <targetCert>\n"
25
 
                "using the certs and CRLs in <certStoreDirectory>.\n"
26
 
                "If <userOID> is not an empty string, its value is used as\n"
27
 
                "user defined checker's critical extension OID.\n"
28
 
                "A - for <userOID> is no OID and F is for supportingForward.\n"
29
 
                "If ENE is specified, then an Error is Not Expected.\n"
30
 
                "If EE is specified, an Error is Expected.\n");
31
 
}
32
 
 
33
 
static PKIX_Error *
34
 
testUserChecker(
35
 
        PKIX_CertChainChecker *checker,
36
 
        PKIX_PL_Cert *cert,
37
 
        PKIX_List *unresExtOIDs,
38
 
        void **pNBIOContext,
39
 
        void *plContext)
40
 
{
41
 
        numUserCheckerCalled++;
42
 
        return(0);
43
 
}
44
 
 
45
 
int test_buildchain_uchecker(int argc, char *argv[])
46
 
{
47
 
        PKIX_BuildResult *buildResult = NULL;
48
 
        PKIX_ComCertSelParams *certSelParams = NULL;
49
 
        PKIX_CertSelector *certSelector = NULL;
50
 
        PKIX_TrustAnchor *anchor = NULL;
51
 
        PKIX_List *anchors = NULL;
52
 
        PKIX_List *certs = NULL;
53
 
        PKIX_PL_Cert *cert = NULL;
54
 
        PKIX_ProcessingParams *procParams = NULL;
55
 
        PKIX_CertChainChecker *checker = NULL;
56
 
        char *dirName = NULL;
57
 
        PKIX_PL_String *dirNameString = NULL;
58
 
        PKIX_PL_Cert *trustedCert = NULL;
59
 
        PKIX_PL_Cert *targetCert = NULL;
60
 
        PKIX_UInt32 numCerts = 0;
61
 
        PKIX_UInt32 i = 0;
62
 
        PKIX_UInt32 j = 0;
63
 
        PKIX_UInt32 k = 0;
64
 
        PKIX_UInt32 chainLength = 0;
65
 
        PKIX_CertStore *certStore = NULL;
66
 
        PKIX_List *certStores = NULL;
67
 
        char * asciiResult = NULL;
68
 
        PKIX_Boolean result;
69
 
        PKIX_Boolean testValid = PKIX_TRUE;
70
 
        PKIX_Boolean supportForward = PKIX_FALSE;
71
 
        PKIX_List *expectedCerts = NULL;
72
 
        PKIX_List *userOIDs = NULL;
73
 
        PKIX_PL_OID *oid = NULL;
74
 
        PKIX_PL_Cert *dirCert = NULL;
75
 
        PKIX_PL_String *actualCertsString = NULL;
76
 
        PKIX_PL_String *expectedCertsString = NULL;
77
 
        char *actualCertsAscii = NULL;
78
 
        char *expectedCertsAscii = NULL;
79
 
        char *oidString = NULL;
80
 
        void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
81
 
        void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
82
 
 
83
 
        PKIX_TEST_STD_VARS();
84
 
 
85
 
        if (argc < 5){
86
 
                printUsage();
87
 
                return (0);
88
 
        }
89
 
 
90
 
        startTests("BuildChain_UserChecker");
91
 
 
92
 
        PKIX_TEST_EXPECT_NO_ERROR(
93
 
            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
94
 
 
95
 
        /* ENE = expect no error; EE = expect error */
96
 
        if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
97
 
                testValid = PKIX_TRUE;
98
 
        } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
99
 
                testValid = PKIX_FALSE;
100
 
        } else {
101
 
                printUsage();
102
 
                return (0);
103
 
        }
104
 
 
105
 
        /* OID specified at argv[3+j] */
106
 
 
107
 
        if (*argv[3+j] != '-') {
108
 
 
109
 
                if (*argv[3+j] == 'F') {
110
 
                        supportForward = PKIX_TRUE;
111
 
                        oidString = argv[3+j]+1;
112
 
                } else {
113
 
                        oidString = argv[3+j];
114
 
                }
115
 
 
116
 
                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
117
 
                                (&userOIDs, plContext));
118
 
                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
119
 
                                (oidString, &oid, plContext));
120
 
                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
121
 
                                (userOIDs, (PKIX_PL_Object *)oid, plContext));
122
 
                PKIX_TEST_DECREF_BC(oid);
123
 
        }
124
 
 
125
 
        subTest(argv[1+j]);
126
 
 
127
 
        dirName = argv[4+j];
128
 
 
129
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
130
 
 
131
 
        chainLength = argc - j - 5;
132
 
 
133
 
        for (k = 0; k < chainLength; k++){
134
 
 
135
 
                dirCert = createCert(dirName, argv[5+k+j], plContext);
136
 
 
137
 
                if (k == (chainLength - 1)){
138
 
                        PKIX_TEST_EXPECT_NO_ERROR
139
 
                                (PKIX_PL_Object_IncRef
140
 
                                ((PKIX_PL_Object *)dirCert, plContext));
141
 
                        trustedCert = dirCert;
142
 
                } else {
143
 
 
144
 
                        PKIX_TEST_EXPECT_NO_ERROR
145
 
                                (PKIX_List_AppendItem
146
 
                                (expectedCerts,
147
 
                                (PKIX_PL_Object *)dirCert,
148
 
                                plContext));
149
 
 
150
 
                        if (k == 0){
151
 
                                PKIX_TEST_EXPECT_NO_ERROR
152
 
                                        (PKIX_PL_Object_IncRef
153
 
                                        ((PKIX_PL_Object *)dirCert,
154
 
                                        plContext));
155
 
                                targetCert = dirCert;
156
 
                        }
157
 
                }
158
 
 
159
 
                PKIX_TEST_DECREF_BC(dirCert);
160
 
        }
161
 
 
162
 
        /* create processing params with list of trust anchors */
163
 
 
164
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
165
 
                                    (trustedCert, &anchor, plContext));
166
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
167
 
        PKIX_TEST_EXPECT_NO_ERROR
168
 
                (PKIX_List_AppendItem
169
 
                (anchors, (PKIX_PL_Object *)anchor, plContext));
170
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
171
 
                                    (anchors, &procParams, plContext));
172
 
 
173
 
        /* create CertSelector with target certificate in params */
174
 
 
175
 
        PKIX_TEST_EXPECT_NO_ERROR
176
 
                (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
177
 
 
178
 
        PKIX_TEST_EXPECT_NO_ERROR
179
 
                (PKIX_ComCertSelParams_SetCertificate
180
 
                (certSelParams, targetCert, plContext));
181
 
 
182
 
        PKIX_TEST_EXPECT_NO_ERROR
183
 
                (PKIX_CertSelector_Create
184
 
                (NULL, NULL, &certSelector, plContext));
185
 
 
186
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
187
 
                                (certSelector, certSelParams, plContext));
188
 
 
189
 
        PKIX_TEST_EXPECT_NO_ERROR
190
 
                (PKIX_ProcessingParams_SetTargetCertConstraints
191
 
                (procParams, certSelector, plContext));
192
 
 
193
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create
194
 
                                    (testUserChecker,
195
 
                                    supportForward,
196
 
                                    PKIX_FALSE,
197
 
                                    userOIDs,
198
 
                                    NULL,
199
 
                                    &checker,
200
 
                                    plContext));
201
 
 
202
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker
203
 
                                  (procParams, checker, plContext));
204
 
 
205
 
 
206
 
        /* create CertStores */
207
 
 
208
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
209
 
                                    (PKIX_ESCASCII,
210
 
                                    dirName,
211
 
                                    0,
212
 
                                    &dirNameString,
213
 
                                    plContext));
214
 
 
215
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
216
 
                                    (dirNameString, &certStore, plContext));
217
 
 
218
 
#if 0
219
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
220
 
                                    (&certStore, plContext));
221
 
#endif
222
 
 
223
 
 
224
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
225
 
 
226
 
        PKIX_TEST_EXPECT_NO_ERROR
227
 
                (PKIX_List_AppendItem
228
 
                (certStores, (PKIX_PL_Object *)certStore, plContext));
229
 
 
230
 
        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
231
 
                                    (procParams, certStores, plContext));
232
 
 
233
 
        /* build cert chain using processing params and return buildResult */
234
 
 
235
 
        pkixTestErrorResult = PKIX_BuildChain
236
 
                (procParams,
237
 
                &nbioContext,
238
 
                &buildState,
239
 
                &buildResult,
240
 
                NULL,
241
 
                plContext);
242
 
 
243
 
        if (testValid == PKIX_TRUE) { /* ENE */
244
 
                if (pkixTestErrorResult){
245
 
                        (void) printf("UNEXPECTED RESULT RECEIVED!\n");
246
 
                } else {
247
 
                        (void) printf("EXPECTED RESULT RECEIVED!\n");
248
 
                        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
249
 
                }
250
 
        } else { /* EE */
251
 
                if (pkixTestErrorResult){
252
 
                        (void) printf("EXPECTED RESULT RECEIVED!\n");
253
 
                        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
254
 
                } else {
255
 
                        testError("UNEXPECTED RESULT RECEIVED");
256
 
                }
257
 
        }
258
 
 
259
 
        if (buildResult){
260
 
 
261
 
                PKIX_TEST_EXPECT_NO_ERROR
262
 
                        (PKIX_BuildResult_GetCertChain
263
 
                        (buildResult, &certs, NULL));
264
 
 
265
 
                PKIX_TEST_EXPECT_NO_ERROR
266
 
                        (PKIX_List_GetLength(certs, &numCerts, plContext));
267
 
 
268
 
                printf("\n");
269
 
 
270
 
                for (i = 0; i < numCerts; i++){
271
 
                        PKIX_TEST_EXPECT_NO_ERROR
272
 
                                (PKIX_List_GetItem
273
 
                                (certs,
274
 
                                i,
275
 
                                (PKIX_PL_Object**)&cert,
276
 
                                plContext));
277
 
 
278
 
                        asciiResult = PKIX_Cert2ASCII(cert);
279
 
 
280
 
                        printf("CERT[%d]:\n%s\n", i, asciiResult);
281
 
 
282
 
                        PKIX_TEST_EXPECT_NO_ERROR
283
 
                                (PKIX_PL_Free(asciiResult, plContext));
284
 
                        asciiResult = NULL;
285
 
 
286
 
                        PKIX_TEST_DECREF_BC(cert);
287
 
                }
288
 
 
289
 
                PKIX_TEST_EXPECT_NO_ERROR
290
 
                        (PKIX_PL_Object_Equals
291
 
                        ((PKIX_PL_Object*)certs,
292
 
                        (PKIX_PL_Object*)expectedCerts,
293
 
                        &result,
294
 
                        plContext));
295
 
 
296
 
                if (!result){
297
 
                        testError("BUILT CERTCHAIN IS "
298
 
                                    "NOT THE ONE THAT WAS EXPECTED");
299
 
 
300
 
                        PKIX_TEST_EXPECT_NO_ERROR
301
 
                                (PKIX_PL_Object_ToString
302
 
                                ((PKIX_PL_Object *)certs,
303
 
                                &actualCertsString,
304
 
                                plContext));
305
 
 
306
 
                        actualCertsAscii = PKIX_String2ASCII
307
 
                                (actualCertsString, plContext);
308
 
                        if (actualCertsAscii == NULL){
309
 
                                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
310
 
                                goto cleanup;
311
 
                        }
312
 
 
313
 
                        PKIX_TEST_EXPECT_NO_ERROR
314
 
                                (PKIX_PL_Object_ToString
315
 
                                ((PKIX_PL_Object *)expectedCerts,
316
 
                                &expectedCertsString,
317
 
                                plContext));
318
 
 
319
 
                        expectedCertsAscii = PKIX_String2ASCII
320
 
                                (expectedCertsString, plContext);
321
 
                        if (expectedCertsAscii == NULL){
322
 
                                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
323
 
                                goto cleanup;
324
 
                        }
325
 
 
326
 
                        (void) printf("Actual value:\t%s\n", actualCertsAscii);
327
 
                        (void) printf("Expected value:\t%s\n",
328
 
                                        expectedCertsAscii);
329
 
 
330
 
                        if (chainLength - 1 != numUserCheckerCalled) {
331
 
                                pkixTestErrorMsg =
332
 
                                    "PKIX user defined checker not called";
333
 
                        }
334
 
 
335
 
                        goto cleanup;
336
 
                }
337
 
 
338
 
        }
339
 
 
340
 
cleanup:
341
 
        PKIX_PL_Free(asciiResult, plContext);
342
 
        PKIX_PL_Free(actualCertsAscii, plContext);
343
 
        PKIX_PL_Free(expectedCertsAscii, plContext);
344
 
 
345
 
        PKIX_TEST_DECREF_AC(actualCertsString);
346
 
        PKIX_TEST_DECREF_AC(expectedCertsString);
347
 
        PKIX_TEST_DECREF_AC(expectedCerts);
348
 
        PKIX_TEST_DECREF_AC(certs);
349
 
        PKIX_TEST_DECREF_AC(cert);
350
 
        PKIX_TEST_DECREF_AC(certStore);
351
 
        PKIX_TEST_DECREF_AC(certStores);
352
 
        PKIX_TEST_DECREF_AC(dirNameString);
353
 
        PKIX_TEST_DECREF_AC(trustedCert);
354
 
        PKIX_TEST_DECREF_AC(targetCert);
355
 
        PKIX_TEST_DECREF_AC(anchor);
356
 
        PKIX_TEST_DECREF_AC(anchors);
357
 
        PKIX_TEST_DECREF_AC(procParams);
358
 
        PKIX_TEST_DECREF_AC(certSelParams);
359
 
        PKIX_TEST_DECREF_AC(certSelector);
360
 
        PKIX_TEST_DECREF_AC(buildResult);
361
 
        PKIX_TEST_DECREF_AC(procParams);
362
 
        PKIX_TEST_DECREF_AC(userOIDs);
363
 
        PKIX_TEST_DECREF_AC(checker);
364
 
 
365
 
        PKIX_TEST_RETURN();
366
 
 
367
 
        PKIX_Shutdown(plContext);
368
 
 
369
 
        endTests("BuildChain_UserChecker");
370
 
 
371
 
        return (0);
372
 
 
373
 
}