PageRenderTime 34ms CodeModel.GetById 11ms app.highlight 18ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/libpkix/pkix/top/test_ocsp.c

http://github.com/zpao/v8monkey
C | 349 lines | 223 code | 76 blank | 50 comment | 21 complexity | c5bea8c0af6903632c06064ba3064ff8 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the PKIX-C library.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Sun Microsystems, Inc.
 18 * Portions created by the Initial Developer are
 19 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Sun Microsystems, Inc.
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37/*
 38 * test_ocspchecker.c
 39 *
 40 * Test OcspChecker function
 41 *
 42 */
 43
 44#include "testutil.h"
 45#include "testutil_nss.h"
 46
 47static void *plContext = NULL;
 48
 49static
 50void printUsage(void){
 51        (void) printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
 52                      "[ENE|EE] <certLocationDirectory> <trustedCert> "
 53                      "<targetCert>\n\n");
 54        (void) printf
 55                ("Validates a chain of certificates between "
 56                "<trustedCert> and <targetCert>\n"
 57                "using the certs and CRLs in <certLocationDirectory> and "
 58                "pkcs11 db from <certStoreDirectory>. "
 59                "If ENE is specified,\n"
 60                "then an Error is Not Expected. "
 61                "If EE is specified, an Error is Expected.\n");
 62}
 63
 64static
 65char *createFullPathName(
 66        char *dirName,
 67        char *certFile,
 68        void *plContext)
 69{
 70        PKIX_UInt32 certFileLen;
 71        PKIX_UInt32 dirNameLen;
 72        char *certPathName = NULL;
 73
 74        PKIX_TEST_STD_VARS();
 75
 76        certFileLen = PL_strlen(certFile);
 77        dirNameLen = PL_strlen(dirName);
 78
 79        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
 80                (dirNameLen + certFileLen + 2,
 81                (void **)&certPathName,
 82                plContext));
 83
 84        PL_strcpy(certPathName, dirName);
 85        PL_strcat(certPathName, "/");
 86        PL_strcat(certPathName, certFile);
 87        printf("certPathName = %s\n", certPathName);
 88
 89cleanup:
 90
 91        PKIX_TEST_RETURN();
 92
 93        return (certPathName);
 94}
 95
 96static PKIX_Error *
 97testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
 98{
 99        PKIX_PL_String *dirString = NULL;
100        PKIX_CertStore *certStore = NULL;
101        PKIX_ProcessingParams *procParams = NULL;
102        PKIX_PL_Date *validity = NULL; 
103        PKIX_List *revCheckers = NULL;
104        PKIX_RevocationChecker *revChecker = NULL;
105	PKIX_PL_Object *revCheckerContext = NULL;
106        PKIX_OcspChecker *ocspChecker = NULL;
107
108        PKIX_TEST_STD_VARS();
109
110        subTest("PKIX_PL_CollectionCertStoreContext_Create");
111
112        /* Create CollectionCertStore */
113
114        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
115                (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
116
117        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
118                (dirString, &certStore, plContext));
119
120        /* Create CertStore */
121
122        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
123                (valParams, &procParams, plContext));
124
125        subTest("PKIX_ProcessingParams_AddCertStore");
126        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
127                (procParams, certStore, plContext));
128
129        subTest("PKIX_ProcessingParams_SetRevocationEnabled");
130
131        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
132                (procParams, PKIX_FALSE, plContext));
133
134        /* create current Date */
135        PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
136                (PR_Now(), &validity, plContext));
137
138        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
139
140        /* create revChecker */
141        PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
142                (validity,
143                NULL,        /* pwArg */
144                NULL,        /* Use default responder */
145                &revChecker,
146                plContext));
147
148        PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext
149                (revChecker, &revCheckerContext, plContext));
150
151        /* Check that this object is a ocsp checker */
152        PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType
153                    (revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
154
155        ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
156
157        PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn
158                (ocspChecker,
159                PKIX_PL_OcspResponse_UseBuildChain,
160                plContext));
161
162        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
163                (revCheckers, (PKIX_PL_Object *)revChecker, plContext));
164
165        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
166                (procParams, revCheckers, plContext));
167
168cleanup:
169
170        PKIX_TEST_DECREF_AC(dirString);
171        PKIX_TEST_DECREF_AC(procParams);
172        PKIX_TEST_DECREF_AC(certStore);
173        PKIX_TEST_DECREF_AC(revCheckers);
174        PKIX_TEST_DECREF_AC(revChecker);
175        PKIX_TEST_DECREF_AC(ocspChecker);
176        PKIX_TEST_DECREF_AC(validity);
177
178        PKIX_TEST_RETURN();
179
180        return (0);
181}
182
183int test_ocsp(int argc, char *argv[]){
184
185        PKIX_ValidateParams *valParams = NULL;
186        PKIX_ProcessingParams *procParams = NULL;
187        PKIX_ComCertSelParams *certSelParams = NULL;
188        PKIX_CertSelector *certSelector = NULL;
189        PKIX_ValidateResult *valResult = NULL;
190        PKIX_UInt32 actualMinorVersion;
191        PKIX_UInt32 j = 0;
192        PKIX_UInt32 k = 0;
193        PKIX_UInt32 chainLength = 0;
194        PKIX_Boolean testValid = PKIX_TRUE;
195        PKIX_List *chainCerts = NULL;
196	PKIX_VerifyNode *verifyTree = NULL;
197	PKIX_PL_String *verifyString = NULL;
198        PKIX_PL_Cert *dirCert = NULL;
199        PKIX_PL_Cert *trustedCert = NULL;
200        PKIX_PL_Cert *targetCert = NULL;
201        PKIX_TrustAnchor *anchor = NULL;
202        PKIX_List *anchors = NULL;
203        char *dirCertName = NULL;
204        char *anchorCertName = NULL;
205        char *dirName = NULL;
206        char *databaseDir = NULL;
207
208        PKIX_TEST_STD_VARS();
209
210        if (argc < 5) {
211                printUsage();
212                return (0);
213        }
214
215        startTests("OcspChecker");
216
217        PKIX_TEST_EXPECT_NO_ERROR(
218            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
219
220        /* ENE = expect no error; EE = expect error */
221        if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
222                testValid = PKIX_TRUE;
223        } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
224                testValid = PKIX_FALSE;
225        } else {
226                printUsage();
227                return (0);
228        }
229
230        subTest(argv[1+j]);
231
232        dirName = argv[3+j];
233
234        chainLength = argc - j - 5;
235
236        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
237
238        for (k = 0; k < chainLength; k++) {
239
240                dirCert = createCert(dirName, argv[5+k+j], plContext);
241
242                if (k == 0) {
243                        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
244                                ((PKIX_PL_Object *)dirCert, plContext));
245                        targetCert = dirCert;
246                }
247
248                PKIX_TEST_EXPECT_NO_ERROR
249                        (PKIX_List_AppendItem
250                        (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
251
252                PKIX_TEST_DECREF_BC(dirCert);
253        }
254
255        /* create processing params with list of trust anchors */
256
257        anchorCertName = argv[4+j];
258        trustedCert = createCert(dirName, anchorCertName, plContext);
259
260        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
261                (trustedCert, &anchor, plContext));
262
263        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
264
265        PKIX_TEST_EXPECT_NO_ERROR
266                (PKIX_List_AppendItem
267                (anchors, (PKIX_PL_Object *)anchor, plContext));
268
269        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
270                (anchors, &procParams, plContext));
271
272        /* create CertSelector with target certificate in params */
273
274        PKIX_TEST_EXPECT_NO_ERROR
275                (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
276
277        PKIX_TEST_EXPECT_NO_ERROR
278                (PKIX_ComCertSelParams_SetCertificate
279                (certSelParams, targetCert, plContext));
280
281        PKIX_TEST_EXPECT_NO_ERROR
282                (PKIX_CertSelector_Create
283                (NULL, NULL, &certSelector, plContext));
284
285        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
286                (certSelector, certSelParams, plContext));
287
288        PKIX_TEST_EXPECT_NO_ERROR
289                (PKIX_ProcessingParams_SetTargetCertConstraints
290                (procParams, certSelector, plContext));
291
292        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
293                (procParams, chainCerts, &valParams, plContext));
294
295        testDefaultCertStore(valParams, dirName);
296
297        pkixTestErrorResult = PKIX_ValidateChain
298                (valParams, &valResult, &verifyTree, plContext);
299
300
301        if (pkixTestErrorResult) {
302                if (testValid == PKIX_FALSE) { /* EE */
303                        (void) printf("EXPECTED ERROR RECEIVED!\n");
304                } else { /* ENE */
305                        testError("UNEXPECTED ERROR RECEIVED");
306                }
307                PKIX_TEST_DECREF_BC(pkixTestErrorResult);
308        } else {
309	        if (testValid == PKIX_TRUE) { /* ENE */
310        	        (void) printf("EXPECTED SUCCESSFUL VALIDATION!\n");
311	        } else { /* EE */
312        	        (void) printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
313	        }
314	}
315
316        subTest("Displaying VerifyTree");
317
318	if (verifyTree == NULL) {
319                (void) printf("VerifyTree is NULL\n");
320	} else {
321	        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
322        	    ((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
323                (void) printf("verifyTree is\n%s\n",
324                    verifyString->escAsciiString);
325                PKIX_TEST_DECREF_BC(verifyString);
326                PKIX_TEST_DECREF_BC(verifyTree);
327	}
328
329cleanup:
330
331        PKIX_TEST_DECREF_AC(valParams);
332        PKIX_TEST_DECREF_AC(procParams);
333        PKIX_TEST_DECREF_AC(certSelParams);
334        PKIX_TEST_DECREF_AC(certSelector);
335        PKIX_TEST_DECREF_AC(chainCerts);
336        PKIX_TEST_DECREF_AC(anchors);
337        PKIX_TEST_DECREF_AC(anchor);
338        PKIX_TEST_DECREF_AC(trustedCert);
339        PKIX_TEST_DECREF_AC(targetCert);
340        PKIX_TEST_DECREF_AC(valResult);
341
342        PKIX_Shutdown(plContext);
343
344        PKIX_TEST_RETURN();
345
346        endTests("OcspChecker");
347
348        return (0);
349}