PageRenderTime 22ms CodeModel.GetById 8ms app.highlight 11ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c

http://github.com/zpao/v8monkey
C | 299 lines | 200 code | 47 blank | 52 comment | 29 complexity | e64e5b9e82f4fb90adf58070fd37d8dd MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the PKIX-C library.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Sun Microsystems, Inc.
 18 * Portions created by the Initial Developer are
 19 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Sun Microsystems, Inc.
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37/*
 38 * test_subjaltnamechecker.c
 39 *
 40 * Test Subject Alternative Name Checking
 41 *
 42 */
 43
 44/*
 45 * There is no subjaltnamechecker. Instead, targetcertchecker is doing
 46 * the job for checking subject alternative names' validity. For testing,
 47 * in order to enter names with various type, we create this test excutable
 48 * to parse different scenario.
 49 */
 50
 51#include "testutil.h"
 52#include "testutil_nss.h"
 53
 54#define PKIX_TEST_MAX_CERTS     10
 55
 56static void *plContext = NULL;
 57
 58static
 59void printUsage1(char *pName){
 60        printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
 61        printf("cert [certs].\n");
 62}
 63
 64static
 65void printUsage2(char *name) {
 66        printf("\ninvalid test-name syntax - %s", name);
 67        printf("\ntest-name syntax: [01][DNORU]:<name>+...");
 68        printf("\n             [01] 1 - match all; 0 - match one");
 69        printf("\n    name - type can be specified as");
 70        printf("\n          [DNORU] D-Directory name");
 71        printf("\n                  N-DNS name");
 72        printf("\n                  O-OID name");
 73        printf("\n                  R-RFC822 name");
 74        printf("\n                  U-URI name");
 75        printf("\n                + separator for more names\n\n");
 76}
 77
 78static
 79void printUsageMax(PKIX_UInt32 numCerts){
 80        printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
 81                numCerts, PKIX_TEST_MAX_CERTS);
 82}
 83
 84static
 85PKIX_UInt32 getNameType(char *name){
 86        PKIX_UInt32 nameType;
 87
 88        PKIX_TEST_STD_VARS();
 89
 90        switch (*name) {
 91        case 'D':
 92                nameType = PKIX_DIRECTORY_NAME;
 93                break;
 94        case 'N':
 95                nameType = PKIX_DNS_NAME;
 96                break;
 97        case 'O':
 98                nameType = PKIX_OID_NAME;
 99                break;
100        case 'R':
101                nameType = PKIX_RFC822_NAME;
102                break;
103        case 'U':
104                nameType = PKIX_URI_NAME;
105                break;
106        default:
107                printUsage2(name);
108                nameType = 0xFFFF;
109        }
110
111        goto cleanup;
112
113cleanup:
114        PKIX_TEST_RETURN();
115        return (nameType);
116}
117
118int test_subjaltnamechecker(int argc, char *argv[]){
119
120        PKIX_List *chain = NULL;
121        PKIX_ValidateParams *valParams = NULL;
122        PKIX_ValidateResult *valResult = NULL;
123        PKIX_CertSelector *selector = NULL;
124        PKIX_ComCertSelParams *selParams = NULL;
125        PKIX_ProcessingParams *procParams = NULL;
126        PKIX_PL_GeneralName *name = NULL;
127        PKIX_UInt32 actualMinorVersion;
128        char *certNames[PKIX_TEST_MAX_CERTS];
129        PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
130        PKIX_UInt32 chainLength = 0;
131        PKIX_UInt32 i = 0;
132        PKIX_UInt32 j = 0;
133        char *nameStr;
134        char *nameEnd;
135        char *names[PKIX_TEST_MAX_CERTS];
136        PKIX_UInt32 numNames = 0;
137        PKIX_UInt32 nameType;
138        PKIX_Boolean matchAll = PKIX_TRUE;
139        PKIX_Boolean testValid = PKIX_TRUE;
140        char *dirName = NULL;
141        char *anchorName = NULL;
142	PKIX_VerifyNode *verifyTree = NULL;
143	PKIX_PL_String *verifyString = NULL;
144
145        PKIX_TEST_STD_VARS();
146
147        if (argc < 5) {
148                printUsage1(argv[0]);
149                return (0);
150        }
151
152        startTests("SubjAltNameConstraintChecker");
153
154        PKIX_TEST_EXPECT_NO_ERROR(
155            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
156
157	j++; /* skip test-purpose string */
158
159        /* ENE = expect no error; EE = expect error */
160        if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
161                testValid = PKIX_TRUE;
162        } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
163                testValid = PKIX_FALSE;
164        } else {
165                printUsage1(argv[0]);
166                return (0);
167        }
168
169        /* taking out leading and trailing ", if any */
170        nameStr = argv[1+j];
171        subTest(nameStr);
172        if (*nameStr == '"'){
173                nameStr++;
174                nameEnd = nameStr;
175                while (*nameEnd != '"' && *nameEnd != '\0') {
176                        nameEnd++;
177                }
178                *nameEnd = '\0';
179        }
180
181        /* extract first [0|1] inidcating matchAll or not */
182        matchAll = (*nameStr == '0')?PKIX_FALSE:PKIX_TRUE;
183        nameStr++;
184
185        numNames = 0;
186        while (*nameStr != '\0') {
187                names[numNames++] = nameStr;
188                while (*nameStr != '+' && *nameStr != '\0') {
189                        nameStr++;
190                }
191                if (*nameStr == '+') {
192                        *nameStr = '\0';
193                        nameStr++;
194                }
195        }
196
197        chainLength = (argc - j) - 4;
198        if (chainLength > PKIX_TEST_MAX_CERTS) {
199                printUsageMax(chainLength);
200        }
201
202        for (i = 0; i < chainLength; i++) {
203                certNames[i] = argv[(4+j)+i];
204                certs[i] = NULL;
205        }
206
207        /* SubjAltName for validation */
208
209        subTest("Add Subject Alt Name for NameConstraint checking");
210
211        subTest("Create Selector and ComCertSelParams");
212        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
213                (NULL, NULL, &selector, plContext));
214        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
215                (&selParams, plContext));
216        PKIX_TEST_EXPECT_NO_ERROR
217                (PKIX_CertSelector_SetCommonCertSelectorParams
218                (selector, selParams, plContext));
219
220        subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
221        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames
222                (selParams, matchAll, plContext));
223
224        subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
225        for (i = 0; i < numNames; i++) {
226                nameType = getNameType(names[i]);
227                if (nameType == 0xFFFF) {
228                        return (0);
229                }
230                nameStr = names[i] + 2;
231                name = createGeneralName(nameType, nameStr, plContext);
232
233                PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName
234                        (selParams, name, plContext));
235                PKIX_TEST_DECREF_BC(name);
236        }
237
238        subTest("SubjAltName-Constraints - Create Cert Chain");
239
240        dirName = argv[3+j];
241
242        chain = createCertChainPlus
243                (dirName, certNames, certs, chainLength, plContext);
244
245        subTest("SubjAltName-Constraints - Create Params");
246
247        valParams = createValidateParams
248                (dirName,
249                argv[4+j],
250                NULL,
251                NULL,
252                NULL,
253                PKIX_FALSE,
254                PKIX_FALSE,
255                PKIX_FALSE,
256                PKIX_FALSE,
257                chain,
258                plContext);
259
260        subTest("PKIX_ValidateParams_getProcessingParams");
261        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
262                (valParams, &procParams, plContext));
263
264        subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
265        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
266                (procParams, selector, plContext));
267
268        subTest("Subject Alt Name - Validate Chain");
269
270        if (testValid == PKIX_TRUE) {
271                PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
272                        (valParams, &valResult, &verifyTree, plContext));
273        } else {
274                PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
275                        (valParams, &valResult, &verifyTree, plContext));
276        }
277
278cleanup:
279
280        PKIX_PL_Free(anchorName, plContext);
281
282        PKIX_TEST_DECREF_AC(verifyString);
283        PKIX_TEST_DECREF_AC(verifyTree);
284        PKIX_TEST_DECREF_AC(chain);
285        PKIX_TEST_DECREF_AC(valParams);
286        PKIX_TEST_DECREF_AC(valResult);
287        PKIX_TEST_DECREF_AC(selector);
288        PKIX_TEST_DECREF_AC(selParams);
289        PKIX_TEST_DECREF_AC(procParams);
290        PKIX_TEST_DECREF_AC(name);
291
292        PKIX_Shutdown(plContext);
293
294        PKIX_TEST_RETURN();
295
296        endTests("SubjAltNameConstraintsChecker");
297
298        return (0);
299}