/security/nss/cmd/libpkix/pkix/top/test_ocsp.c
C | 349 lines | 223 code | 76 blank | 50 comment | 21 complexity | c5bea8c0af6903632c06064ba3064ff8 MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the PKIX-C library. 15 * 16 * The Initial Developer of the Original Code is 17 * Sun Microsystems, Inc. 18 * Portions created by the Initial Developer are 19 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. 20 * 21 * Contributor(s): 22 * Sun Microsystems, Inc. 23 * 24 * Alternatively, the contents of this file may be used under the terms of 25 * either the GNU General Public License Version 2 or later (the "GPL"), or 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 27 * in which case the provisions of the GPL or the LGPL are applicable instead 28 * of those above. If you wish to allow use of your version of this file only 29 * under the terms of either the GPL or the LGPL, and not to allow others to 30 * use your version of this file under the terms of the MPL, indicate your 31 * decision by deleting the provisions above and replace them with the notice 32 * and other provisions required by the GPL or the LGPL. If you do not delete 33 * the provisions above, a recipient may use your version of this file under 34 * the terms of any one of the MPL, the GPL or the LGPL. 35 * 36 * ***** END LICENSE BLOCK ***** */ 37/* 38 * test_ocspchecker.c 39 * 40 * Test OcspChecker function 41 * 42 */ 43 44#include "testutil.h" 45#include "testutil_nss.h" 46 47static void *plContext = NULL; 48 49static 50void printUsage(void){ 51 (void) printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName " 52 "[ENE|EE] <certLocationDirectory> <trustedCert> " 53 "<targetCert>\n\n"); 54 (void) printf 55 ("Validates a chain of certificates between " 56 "<trustedCert> and <targetCert>\n" 57 "using the certs and CRLs in <certLocationDirectory> and " 58 "pkcs11 db from <certStoreDirectory>. " 59 "If ENE is specified,\n" 60 "then an Error is Not Expected. " 61 "If EE is specified, an Error is Expected.\n"); 62} 63 64static 65char *createFullPathName( 66 char *dirName, 67 char *certFile, 68 void *plContext) 69{ 70 PKIX_UInt32 certFileLen; 71 PKIX_UInt32 dirNameLen; 72 char *certPathName = NULL; 73 74 PKIX_TEST_STD_VARS(); 75 76 certFileLen = PL_strlen(certFile); 77 dirNameLen = PL_strlen(dirName); 78 79 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc 80 (dirNameLen + certFileLen + 2, 81 (void **)&certPathName, 82 plContext)); 83 84 PL_strcpy(certPathName, dirName); 85 PL_strcat(certPathName, "/"); 86 PL_strcat(certPathName, certFile); 87 printf("certPathName = %s\n", certPathName); 88 89cleanup: 90 91 PKIX_TEST_RETURN(); 92 93 return (certPathName); 94} 95 96static PKIX_Error * 97testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) 98{ 99 PKIX_PL_String *dirString = NULL; 100 PKIX_CertStore *certStore = NULL; 101 PKIX_ProcessingParams *procParams = NULL; 102 PKIX_PL_Date *validity = NULL; 103 PKIX_List *revCheckers = NULL; 104 PKIX_RevocationChecker *revChecker = NULL; 105 PKIX_PL_Object *revCheckerContext = NULL; 106 PKIX_OcspChecker *ocspChecker = NULL; 107 108 PKIX_TEST_STD_VARS(); 109 110 subTest("PKIX_PL_CollectionCertStoreContext_Create"); 111 112 /* Create CollectionCertStore */ 113 114 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create 115 (PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); 116 117 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create 118 (dirString, &certStore, plContext)); 119 120 /* Create CertStore */ 121 122 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams 123 (valParams, &procParams, plContext)); 124 125 subTest("PKIX_ProcessingParams_AddCertStore"); 126 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore 127 (procParams, certStore, plContext)); 128 129 subTest("PKIX_ProcessingParams_SetRevocationEnabled"); 130 131 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled 132 (procParams, PKIX_FALSE, plContext)); 133 134 /* create current Date */ 135 PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime 136 (PR_Now(), &validity, plContext)); 137 138 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); 139 140 /* create revChecker */ 141 PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize 142 (validity, 143 NULL, /* pwArg */ 144 NULL, /* Use default responder */ 145 &revChecker, 146 plContext)); 147 148 PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext 149 (revChecker, &revCheckerContext, plContext)); 150 151 /* Check that this object is a ocsp checker */ 152 PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType 153 (revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext)); 154 155 ocspChecker = (PKIX_OcspChecker *)revCheckerContext; 156 157 PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn 158 (ocspChecker, 159 PKIX_PL_OcspResponse_UseBuildChain, 160 plContext)); 161 162 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem 163 (revCheckers, (PKIX_PL_Object *)revChecker, plContext)); 164 165 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers 166 (procParams, revCheckers, plContext)); 167 168cleanup: 169 170 PKIX_TEST_DECREF_AC(dirString); 171 PKIX_TEST_DECREF_AC(procParams); 172 PKIX_TEST_DECREF_AC(certStore); 173 PKIX_TEST_DECREF_AC(revCheckers); 174 PKIX_TEST_DECREF_AC(revChecker); 175 PKIX_TEST_DECREF_AC(ocspChecker); 176 PKIX_TEST_DECREF_AC(validity); 177 178 PKIX_TEST_RETURN(); 179 180 return (0); 181} 182 183int test_ocsp(int argc, char *argv[]){ 184 185 PKIX_ValidateParams *valParams = NULL; 186 PKIX_ProcessingParams *procParams = NULL; 187 PKIX_ComCertSelParams *certSelParams = NULL; 188 PKIX_CertSelector *certSelector = NULL; 189 PKIX_ValidateResult *valResult = NULL; 190 PKIX_UInt32 actualMinorVersion; 191 PKIX_UInt32 j = 0; 192 PKIX_UInt32 k = 0; 193 PKIX_UInt32 chainLength = 0; 194 PKIX_Boolean testValid = PKIX_TRUE; 195 PKIX_List *chainCerts = NULL; 196 PKIX_VerifyNode *verifyTree = NULL; 197 PKIX_PL_String *verifyString = NULL; 198 PKIX_PL_Cert *dirCert = NULL; 199 PKIX_PL_Cert *trustedCert = NULL; 200 PKIX_PL_Cert *targetCert = NULL; 201 PKIX_TrustAnchor *anchor = NULL; 202 PKIX_List *anchors = NULL; 203 char *dirCertName = NULL; 204 char *anchorCertName = NULL; 205 char *dirName = NULL; 206 char *databaseDir = NULL; 207 208 PKIX_TEST_STD_VARS(); 209 210 if (argc < 5) { 211 printUsage(); 212 return (0); 213 } 214 215 startTests("OcspChecker"); 216 217 PKIX_TEST_EXPECT_NO_ERROR( 218 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 219 220 /* ENE = expect no error; EE = expect error */ 221 if (PORT_Strcmp(argv[2+j], "ENE") == 0) { 222 testValid = PKIX_TRUE; 223 } else if (PORT_Strcmp(argv[2+j], "EE") == 0) { 224 testValid = PKIX_FALSE; 225 } else { 226 printUsage(); 227 return (0); 228 } 229 230 subTest(argv[1+j]); 231 232 dirName = argv[3+j]; 233 234 chainLength = argc - j - 5; 235 236 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); 237 238 for (k = 0; k < chainLength; k++) { 239 240 dirCert = createCert(dirName, argv[5+k+j], plContext); 241 242 if (k == 0) { 243 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef 244 ((PKIX_PL_Object *)dirCert, plContext)); 245 targetCert = dirCert; 246 } 247 248 PKIX_TEST_EXPECT_NO_ERROR 249 (PKIX_List_AppendItem 250 (chainCerts, (PKIX_PL_Object *)dirCert, plContext)); 251 252 PKIX_TEST_DECREF_BC(dirCert); 253 } 254 255 /* create processing params with list of trust anchors */ 256 257 anchorCertName = argv[4+j]; 258 trustedCert = createCert(dirName, anchorCertName, plContext); 259 260 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert 261 (trustedCert, &anchor, plContext)); 262 263 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); 264 265 PKIX_TEST_EXPECT_NO_ERROR 266 (PKIX_List_AppendItem 267 (anchors, (PKIX_PL_Object *)anchor, plContext)); 268 269 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create 270 (anchors, &procParams, plContext)); 271 272 /* create CertSelector with target certificate in params */ 273 274 PKIX_TEST_EXPECT_NO_ERROR 275 (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); 276 277 PKIX_TEST_EXPECT_NO_ERROR 278 (PKIX_ComCertSelParams_SetCertificate 279 (certSelParams, targetCert, plContext)); 280 281 PKIX_TEST_EXPECT_NO_ERROR 282 (PKIX_CertSelector_Create 283 (NULL, NULL, &certSelector, plContext)); 284 285 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams 286 (certSelector, certSelParams, plContext)); 287 288 PKIX_TEST_EXPECT_NO_ERROR 289 (PKIX_ProcessingParams_SetTargetCertConstraints 290 (procParams, certSelector, plContext)); 291 292 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create 293 (procParams, chainCerts, &valParams, plContext)); 294 295 testDefaultCertStore(valParams, dirName); 296 297 pkixTestErrorResult = PKIX_ValidateChain 298 (valParams, &valResult, &verifyTree, plContext); 299 300 301 if (pkixTestErrorResult) { 302 if (testValid == PKIX_FALSE) { /* EE */ 303 (void) printf("EXPECTED ERROR RECEIVED!\n"); 304 } else { /* ENE */ 305 testError("UNEXPECTED ERROR RECEIVED"); 306 } 307 PKIX_TEST_DECREF_BC(pkixTestErrorResult); 308 } else { 309 if (testValid == PKIX_TRUE) { /* ENE */ 310 (void) printf("EXPECTED SUCCESSFUL VALIDATION!\n"); 311 } else { /* EE */ 312 (void) printf("UNEXPECTED SUCCESSFUL VALIDATION!\n"); 313 } 314 } 315 316 subTest("Displaying VerifyTree"); 317 318 if (verifyTree == NULL) { 319 (void) printf("VerifyTree is NULL\n"); 320 } else { 321 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString 322 ((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); 323 (void) printf("verifyTree is\n%s\n", 324 verifyString->escAsciiString); 325 PKIX_TEST_DECREF_BC(verifyString); 326 PKIX_TEST_DECREF_BC(verifyTree); 327 } 328 329cleanup: 330 331 PKIX_TEST_DECREF_AC(valParams); 332 PKIX_TEST_DECREF_AC(procParams); 333 PKIX_TEST_DECREF_AC(certSelParams); 334 PKIX_TEST_DECREF_AC(certSelector); 335 PKIX_TEST_DECREF_AC(chainCerts); 336 PKIX_TEST_DECREF_AC(anchors); 337 PKIX_TEST_DECREF_AC(anchor); 338 PKIX_TEST_DECREF_AC(trustedCert); 339 PKIX_TEST_DECREF_AC(targetCert); 340 PKIX_TEST_DECREF_AC(valResult); 341 342 PKIX_Shutdown(plContext); 343 344 PKIX_TEST_RETURN(); 345 346 endTests("OcspChecker"); 347 348 return (0); 349}