/security/nss/cmd/libpkix/pkix/top/test_ocsp.c

http://github.com/zpao/v8monkey · C · 349 lines · 223 code · 76 blank · 50 comment · 21 complexity · c5bea8c0af6903632c06064ba3064ff8 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the PKIX-C library.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Sun Microsystems, Inc.
  18. * Portions created by the Initial Developer are
  19. * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Sun Microsystems, Inc.
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. /*
  38. * test_ocspchecker.c
  39. *
  40. * Test OcspChecker function
  41. *
  42. */
  43. #include "testutil.h"
  44. #include "testutil_nss.h"
  45. static void *plContext = NULL;
  46. static
  47. void printUsage(void){
  48. (void) printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
  49. "[ENE|EE] <certLocationDirectory> <trustedCert> "
  50. "<targetCert>\n\n");
  51. (void) printf
  52. ("Validates a chain of certificates between "
  53. "<trustedCert> and <targetCert>\n"
  54. "using the certs and CRLs in <certLocationDirectory> and "
  55. "pkcs11 db from <certStoreDirectory>. "
  56. "If ENE is specified,\n"
  57. "then an Error is Not Expected. "
  58. "If EE is specified, an Error is Expected.\n");
  59. }
  60. static
  61. char *createFullPathName(
  62. char *dirName,
  63. char *certFile,
  64. void *plContext)
  65. {
  66. PKIX_UInt32 certFileLen;
  67. PKIX_UInt32 dirNameLen;
  68. char *certPathName = NULL;
  69. PKIX_TEST_STD_VARS();
  70. certFileLen = PL_strlen(certFile);
  71. dirNameLen = PL_strlen(dirName);
  72. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
  73. (dirNameLen + certFileLen + 2,
  74. (void **)&certPathName,
  75. plContext));
  76. PL_strcpy(certPathName, dirName);
  77. PL_strcat(certPathName, "/");
  78. PL_strcat(certPathName, certFile);
  79. printf("certPathName = %s\n", certPathName);
  80. cleanup:
  81. PKIX_TEST_RETURN();
  82. return (certPathName);
  83. }
  84. static PKIX_Error *
  85. testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
  86. {
  87. PKIX_PL_String *dirString = NULL;
  88. PKIX_CertStore *certStore = NULL;
  89. PKIX_ProcessingParams *procParams = NULL;
  90. PKIX_PL_Date *validity = NULL;
  91. PKIX_List *revCheckers = NULL;
  92. PKIX_RevocationChecker *revChecker = NULL;
  93. PKIX_PL_Object *revCheckerContext = NULL;
  94. PKIX_OcspChecker *ocspChecker = NULL;
  95. PKIX_TEST_STD_VARS();
  96. subTest("PKIX_PL_CollectionCertStoreContext_Create");
  97. /* Create CollectionCertStore */
  98. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
  99. (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
  100. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
  101. (dirString, &certStore, plContext));
  102. /* Create CertStore */
  103. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
  104. (valParams, &procParams, plContext));
  105. subTest("PKIX_ProcessingParams_AddCertStore");
  106. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
  107. (procParams, certStore, plContext));
  108. subTest("PKIX_ProcessingParams_SetRevocationEnabled");
  109. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
  110. (procParams, PKIX_FALSE, plContext));
  111. /* create current Date */
  112. PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
  113. (PR_Now(), &validity, plContext));
  114. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
  115. /* create revChecker */
  116. PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
  117. (validity,
  118. NULL, /* pwArg */
  119. NULL, /* Use default responder */
  120. &revChecker,
  121. plContext));
  122. PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext
  123. (revChecker, &revCheckerContext, plContext));
  124. /* Check that this object is a ocsp checker */
  125. PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType
  126. (revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
  127. ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
  128. PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn
  129. (ocspChecker,
  130. PKIX_PL_OcspResponse_UseBuildChain,
  131. plContext));
  132. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
  133. (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
  134. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
  135. (procParams, revCheckers, plContext));
  136. cleanup:
  137. PKIX_TEST_DECREF_AC(dirString);
  138. PKIX_TEST_DECREF_AC(procParams);
  139. PKIX_TEST_DECREF_AC(certStore);
  140. PKIX_TEST_DECREF_AC(revCheckers);
  141. PKIX_TEST_DECREF_AC(revChecker);
  142. PKIX_TEST_DECREF_AC(ocspChecker);
  143. PKIX_TEST_DECREF_AC(validity);
  144. PKIX_TEST_RETURN();
  145. return (0);
  146. }
  147. int test_ocsp(int argc, char *argv[]){
  148. PKIX_ValidateParams *valParams = NULL;
  149. PKIX_ProcessingParams *procParams = NULL;
  150. PKIX_ComCertSelParams *certSelParams = NULL;
  151. PKIX_CertSelector *certSelector = NULL;
  152. PKIX_ValidateResult *valResult = NULL;
  153. PKIX_UInt32 actualMinorVersion;
  154. PKIX_UInt32 j = 0;
  155. PKIX_UInt32 k = 0;
  156. PKIX_UInt32 chainLength = 0;
  157. PKIX_Boolean testValid = PKIX_TRUE;
  158. PKIX_List *chainCerts = NULL;
  159. PKIX_VerifyNode *verifyTree = NULL;
  160. PKIX_PL_String *verifyString = NULL;
  161. PKIX_PL_Cert *dirCert = NULL;
  162. PKIX_PL_Cert *trustedCert = NULL;
  163. PKIX_PL_Cert *targetCert = NULL;
  164. PKIX_TrustAnchor *anchor = NULL;
  165. PKIX_List *anchors = NULL;
  166. char *dirCertName = NULL;
  167. char *anchorCertName = NULL;
  168. char *dirName = NULL;
  169. char *databaseDir = NULL;
  170. PKIX_TEST_STD_VARS();
  171. if (argc < 5) {
  172. printUsage();
  173. return (0);
  174. }
  175. startTests("OcspChecker");
  176. PKIX_TEST_EXPECT_NO_ERROR(
  177. PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
  178. /* ENE = expect no error; EE = expect error */
  179. if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
  180. testValid = PKIX_TRUE;
  181. } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
  182. testValid = PKIX_FALSE;
  183. } else {
  184. printUsage();
  185. return (0);
  186. }
  187. subTest(argv[1+j]);
  188. dirName = argv[3+j];
  189. chainLength = argc - j - 5;
  190. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
  191. for (k = 0; k < chainLength; k++) {
  192. dirCert = createCert(dirName, argv[5+k+j], plContext);
  193. if (k == 0) {
  194. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
  195. ((PKIX_PL_Object *)dirCert, plContext));
  196. targetCert = dirCert;
  197. }
  198. PKIX_TEST_EXPECT_NO_ERROR
  199. (PKIX_List_AppendItem
  200. (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
  201. PKIX_TEST_DECREF_BC(dirCert);
  202. }
  203. /* create processing params with list of trust anchors */
  204. anchorCertName = argv[4+j];
  205. trustedCert = createCert(dirName, anchorCertName, plContext);
  206. PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
  207. (trustedCert, &anchor, plContext));
  208. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
  209. PKIX_TEST_EXPECT_NO_ERROR
  210. (PKIX_List_AppendItem
  211. (anchors, (PKIX_PL_Object *)anchor, plContext));
  212. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
  213. (anchors, &procParams, plContext));
  214. /* create CertSelector with target certificate in params */
  215. PKIX_TEST_EXPECT_NO_ERROR
  216. (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
  217. PKIX_TEST_EXPECT_NO_ERROR
  218. (PKIX_ComCertSelParams_SetCertificate
  219. (certSelParams, targetCert, plContext));
  220. PKIX_TEST_EXPECT_NO_ERROR
  221. (PKIX_CertSelector_Create
  222. (NULL, NULL, &certSelector, plContext));
  223. PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
  224. (certSelector, certSelParams, plContext));
  225. PKIX_TEST_EXPECT_NO_ERROR
  226. (PKIX_ProcessingParams_SetTargetCertConstraints
  227. (procParams, certSelector, plContext));
  228. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
  229. (procParams, chainCerts, &valParams, plContext));
  230. testDefaultCertStore(valParams, dirName);
  231. pkixTestErrorResult = PKIX_ValidateChain
  232. (valParams, &valResult, &verifyTree, plContext);
  233. if (pkixTestErrorResult) {
  234. if (testValid == PKIX_FALSE) { /* EE */
  235. (void) printf("EXPECTED ERROR RECEIVED!\n");
  236. } else { /* ENE */
  237. testError("UNEXPECTED ERROR RECEIVED");
  238. }
  239. PKIX_TEST_DECREF_BC(pkixTestErrorResult);
  240. } else {
  241. if (testValid == PKIX_TRUE) { /* ENE */
  242. (void) printf("EXPECTED SUCCESSFUL VALIDATION!\n");
  243. } else { /* EE */
  244. (void) printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
  245. }
  246. }
  247. subTest("Displaying VerifyTree");
  248. if (verifyTree == NULL) {
  249. (void) printf("VerifyTree is NULL\n");
  250. } else {
  251. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
  252. ((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
  253. (void) printf("verifyTree is\n%s\n",
  254. verifyString->escAsciiString);
  255. PKIX_TEST_DECREF_BC(verifyString);
  256. PKIX_TEST_DECREF_BC(verifyTree);
  257. }
  258. cleanup:
  259. PKIX_TEST_DECREF_AC(valParams);
  260. PKIX_TEST_DECREF_AC(procParams);
  261. PKIX_TEST_DECREF_AC(certSelParams);
  262. PKIX_TEST_DECREF_AC(certSelector);
  263. PKIX_TEST_DECREF_AC(chainCerts);
  264. PKIX_TEST_DECREF_AC(anchors);
  265. PKIX_TEST_DECREF_AC(anchor);
  266. PKIX_TEST_DECREF_AC(trustedCert);
  267. PKIX_TEST_DECREF_AC(targetCert);
  268. PKIX_TEST_DECREF_AC(valResult);
  269. PKIX_Shutdown(plContext);
  270. PKIX_TEST_RETURN();
  271. endTests("OcspChecker");
  272. return (0);
  273. }