1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
* License, v. 2.0. If a copy of the MPL was not distributed with this
3
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
* Test ValidateChain function
12
#include "testutil_nss.h"
14
static void *plContext = NULL;
17
void printUsage(void){
18
(void) printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] "
19
"<certStoreDirectory> <trustedCert> <targetCert>\n\n");
21
("Validates a chain of certificates between "
22
"<trustedCert> and <targetCert>\n"
23
"using the certs and CRLs in <certStoreDirectory>. "
24
"If ENE is specified,\n"
25
"then an Error is Not Expected. "
26
"If EE is specified, an Error is Expected.\n");
30
char *createFullPathName(
35
PKIX_UInt32 certFileLen;
36
PKIX_UInt32 dirNameLen;
37
char *certPathName = NULL;
41
certFileLen = PL_strlen(certFile);
42
dirNameLen = PL_strlen(dirName);
44
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
45
(dirNameLen + certFileLen + 2,
46
(void **)&certPathName,
49
PL_strcpy(certPathName, dirName);
50
PL_strcat(certPathName, "/");
51
PL_strcat(certPathName, certFile);
52
printf("certPathName = %s\n", certPathName);
58
return (certPathName);
62
testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
64
PKIX_PL_String *dirString = NULL;
65
PKIX_CertStore *certStore = NULL;
66
PKIX_ProcessingParams *procParams = NULL;
67
PKIX_PL_Date *validity = NULL;
68
PKIX_List *revCheckers = NULL;
69
PKIX_RevocationChecker *ocspChecker = NULL;
73
subTest("PKIX_PL_CollectionCertStoreContext_Create");
75
/* Create CollectionCertStore */
77
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
78
(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
80
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
81
(dirString, &certStore, plContext));
83
/* Create CertStore */
85
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
86
(valParams, &procParams, plContext));
88
subTest("PKIX_ProcessingParams_AddCertStore");
89
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
90
(procParams, certStore, plContext));
92
subTest("PKIX_ProcessingParams_SetRevocationEnabled");
94
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
95
(procParams, PKIX_TRUE, plContext));
97
/* create current Date */
98
PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
99
(PR_Now(), &validity, plContext));
101
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
103
/* create revChecker */
104
PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
107
NULL, /* Use default responder */
111
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
112
(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
114
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
115
(procParams, revCheckers, plContext));
119
PKIX_TEST_DECREF_AC(dirString);
120
PKIX_TEST_DECREF_AC(procParams);
121
PKIX_TEST_DECREF_AC(certStore);
122
PKIX_TEST_DECREF_AC(revCheckers);
123
PKIX_TEST_DECREF_AC(ocspChecker);
130
int test_validatechain(int argc, char *argv[]){
132
PKIX_ValidateParams *valParams = NULL;
133
PKIX_ValidateResult *valResult = NULL;
134
PKIX_UInt32 actualMinorVersion;
137
PKIX_UInt32 chainLength = 0;
138
PKIX_Boolean testValid = PKIX_TRUE;
139
PKIX_List *chainCerts = NULL;
140
PKIX_PL_Cert *dirCert = NULL;
141
PKIX_VerifyNode *verifyTree = NULL;
142
PKIX_PL_String *verifyString = NULL;
143
char *dirCertName = NULL;
144
char *anchorCertName = NULL;
145
char *dirName = NULL;
147
PKIX_TEST_STD_VARS();
154
startTests("ValidateChain");
156
PKIX_TEST_EXPECT_NO_ERROR(
157
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
159
/* ENE = expect no error; EE = expect error */
160
if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
161
testValid = PKIX_TRUE;
162
} else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
163
testValid = PKIX_FALSE;
173
chainLength = argc - j - 5;
175
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
177
for (k = 0; k < chainLength; k++) {
179
dirCert = createCert(dirName, argv[5+k+j], plContext);
181
PKIX_TEST_EXPECT_NO_ERROR
182
(PKIX_List_AppendItem
183
(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
185
PKIX_TEST_DECREF_BC(dirCert);
188
valParams = createValidateParams
201
testDefaultCertStore(valParams, dirName);
203
if (testValid == PKIX_TRUE) {
204
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
205
(valParams, &valResult, &verifyTree, plContext));
207
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
208
(valParams, &valResult, &verifyTree, plContext));
211
subTest("Displaying VerifyNode objects");
213
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
214
((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
215
(void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
218
PKIX_TEST_DECREF_AC(verifyString);
219
PKIX_TEST_DECREF_AC(verifyTree);
221
PKIX_TEST_DECREF_AC(chainCerts);
222
PKIX_TEST_DECREF_AC(valParams);
223
PKIX_TEST_DECREF_AC(valResult);
225
PKIX_Shutdown(plContext);
229
endTests("ValidateChain");