1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
* test_subjaltnamechecker.c
7
* Test Subject Alternative Name Checking
12
* There is no subjaltnamechecker. Instead, targetcertchecker is doing
13
* the job for checking subject alternative names' validity. For testing,
14
* in order to enter names with various type, we create this test excutable
15
* to parse different scenario.
19
#include "testutil_nss.h"
21
#define PKIX_TEST_MAX_CERTS 10
23
static void *plContext = NULL;
26
void printUsage1(char *pName){
27
printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
28
printf("cert [certs].\n");
32
void printUsage2(char *name) {
33
printf("\ninvalid test-name syntax - %s", name);
34
printf("\ntest-name syntax: [01][DNORU]:<name>+...");
35
printf("\n [01] 1 - match all; 0 - match one");
36
printf("\n name - type can be specified as");
37
printf("\n [DNORU] D-Directory name");
38
printf("\n N-DNS name");
39
printf("\n O-OID name");
40
printf("\n R-RFC822 name");
41
printf("\n U-URI name");
42
printf("\n + separator for more names\n\n");
46
void printUsageMax(PKIX_UInt32 numCerts){
47
printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
48
numCerts, PKIX_TEST_MAX_CERTS);
52
PKIX_UInt32 getNameType(char *name){
59
nameType = PKIX_DIRECTORY_NAME;
62
nameType = PKIX_DNS_NAME;
65
nameType = PKIX_OID_NAME;
68
nameType = PKIX_RFC822_NAME;
71
nameType = PKIX_URI_NAME;
85
int test_subjaltnamechecker(int argc, char *argv[]){
87
PKIX_List *chain = NULL;
88
PKIX_ValidateParams *valParams = NULL;
89
PKIX_ValidateResult *valResult = NULL;
90
PKIX_CertSelector *selector = NULL;
91
PKIX_ComCertSelParams *selParams = NULL;
92
PKIX_ProcessingParams *procParams = NULL;
93
PKIX_PL_GeneralName *name = NULL;
94
PKIX_UInt32 actualMinorVersion;
95
char *certNames[PKIX_TEST_MAX_CERTS];
96
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
97
PKIX_UInt32 chainLength = 0;
102
char *names[PKIX_TEST_MAX_CERTS];
103
PKIX_UInt32 numNames = 0;
104
PKIX_UInt32 nameType;
105
PKIX_Boolean matchAll = PKIX_TRUE;
106
PKIX_Boolean testValid = PKIX_TRUE;
107
char *dirName = NULL;
108
char *anchorName = NULL;
109
PKIX_VerifyNode *verifyTree = NULL;
110
PKIX_PL_String *verifyString = NULL;
112
PKIX_TEST_STD_VARS();
115
printUsage1(argv[0]);
119
startTests("SubjAltNameConstraintChecker");
121
PKIX_TEST_EXPECT_NO_ERROR(
122
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
124
j++; /* skip test-purpose string */
126
/* ENE = expect no error; EE = expect error */
127
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
128
testValid = PKIX_TRUE;
129
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
130
testValid = PKIX_FALSE;
132
printUsage1(argv[0]);
136
/* taking out leading and trailing ", if any */
139
if (*nameStr == '"'){
142
while (*nameEnd != '"' && *nameEnd != '\0') {
148
/* extract first [0|1] inidcating matchAll or not */
149
matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE;
153
while (*nameStr != '\0') {
154
names[numNames++] = nameStr;
155
while (*nameStr != '+' && *nameStr != '\0') {
158
if (*nameStr == '+') {
164
chainLength = (argc - j) - 4;
165
if (chainLength > PKIX_TEST_MAX_CERTS) {
166
printUsageMax(chainLength);
169
for (i = 0; i < chainLength; i++) {
170
certNames[i] = argv[(4+j)+i];
174
/* SubjAltName for validation */
176
subTest("Add Subject Alt Name for NameConstraint checking");
178
subTest("Create Selector and ComCertSelParams");
179
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
180
(NULL, NULL, &selector, plContext));
181
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
182
(&selParams, plContext));
183
PKIX_TEST_EXPECT_NO_ERROR
184
(PKIX_CertSelector_SetCommonCertSelectorParams
185
(selector, selParams, plContext));
187
subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
188
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
189
(selParams, matchAll, plContext));
191
subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
192
for (i = 0; i < numNames; i++) {
193
nameType = getNameType(names[i]);
194
if (nameType == 0xFFFF) {
197
nameStr = names[i] + 2;
198
name = createGeneralName(nameType, nameStr, plContext);
200
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
201
(selParams, name, plContext));
202
PKIX_TEST_DECREF_BC(name);
205
subTest("SubjAltName-Constraints - Create Cert Chain");
209
chain = createCertChainPlus
210
(dirName, certNames, certs, chainLength, plContext);
212
subTest("SubjAltName-Constraints - Create Params");
214
valParams = createValidateParams
227
subTest("PKIX_ValidateParams_getProcessingParams");
228
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
229
(valParams, &procParams, plContext));
231
subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
232
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
233
(procParams, selector, plContext));
235
subTest("Subject Alt Name - Validate Chain");
237
if (testValid == PKIX_TRUE) {
238
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
239
(valParams, &valResult, &verifyTree, plContext));
241
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
242
(valParams, &valResult, &verifyTree, plContext));
247
PKIX_PL_Free(anchorName, plContext);
249
PKIX_TEST_DECREF_AC(verifyString);
250
PKIX_TEST_DECREF_AC(verifyTree);
251
PKIX_TEST_DECREF_AC(chain);
252
PKIX_TEST_DECREF_AC(valParams);
253
PKIX_TEST_DECREF_AC(valResult);
254
PKIX_TEST_DECREF_AC(selector);
255
PKIX_TEST_DECREF_AC(selParams);
256
PKIX_TEST_DECREF_AC(procParams);
257
PKIX_TEST_DECREF_AC(name);
259
PKIX_Shutdown(plContext);
263
endTests("SubjAltNameConstraintsChecker");