PageRenderTime 65ms CodeModel.GetById 18ms app.highlight 42ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c

http://github.com/zpao/v8monkey
C | 321 lines | 207 code | 68 blank | 46 comment | 32 complexity | 633827aa519fc473a849a5e5aef6ce08 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the PKIX-C library.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Sun Microsystems, Inc.
 18 * Portions created by the Initial Developer are
 19 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Sun Microsystems, Inc.
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37/*
 38 * test_ekuchecker.c
 39 *
 40 * Test Extend Key Usage Checker
 41 *
 42 */
 43
 44#include "testutil.h"
 45#include "testutil_nss.h"
 46
 47#define PKIX_TEST_MAX_CERTS     10
 48
 49static void *plContext = NULL;
 50
 51static 
 52void printUsage1(char *pName){
 53        printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
 54        printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
 55}
 56
 57static void printUsageMax(PKIX_UInt32 numCerts){
 58        printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
 59                numCerts, PKIX_TEST_MAX_CERTS);
 60}
 61
 62static PKIX_Error *
 63testCertSelectorMatchCallback(
 64        PKIX_CertSelector *selector,
 65        PKIX_PL_Cert *cert,
 66        PKIX_Boolean *pResult,
 67        void *plContext)
 68{
 69        *pResult = PKIX_TRUE;
 70
 71        return (0);
 72}
 73
 74static PKIX_Error *
 75testEkuSetup(
 76        PKIX_ValidateParams *valParams,
 77        char *ekuOidString,
 78        PKIX_Boolean *only4EE)
 79{
 80        PKIX_ProcessingParams *procParams = NULL;
 81        PKIX_List *ekuList = NULL;
 82        PKIX_PL_OID *ekuOid = NULL;
 83        PKIX_ComCertSelParams *selParams = NULL;
 84        PKIX_CertSelector *certSelector = NULL;
 85        PKIX_Boolean last_token = PKIX_FALSE;
 86        PKIX_UInt32 i, tokeni;
 87
 88        PKIX_TEST_STD_VARS();
 89
 90        subTest("PKIX_ValidateParams_GetProcessingParams");
 91        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
 92                                    (valParams, &procParams, plContext));
 93
 94        /* Get extended key usage OID(s) from command line, separated by ","  */
 95
 96        if (ekuOidString[0] == '"') {
 97                /* erase doble quotes, if any */
 98                i = 1;
 99                while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
100                        ekuOidString[i-1] = ekuOidString[i];
101                        i++;
102                }
103                ekuOidString[i-1] = '\0';
104        }
105
106        if (ekuOidString[0] == '\0') {
107                ekuList = NULL;
108        } else {
109
110                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create
111                        (&ekuList, plContext));
112
113                /* if OID string start with E, only check for last cert */
114                if (ekuOidString[0] == 'E') {
115                        *only4EE = PKIX_TRUE;
116                        tokeni = 2;
117                        i = 1;
118                } else {
119                        *only4EE = PKIX_FALSE;
120                        tokeni = 1;
121                        i = 0;
122                }
123
124                while (last_token != PKIX_TRUE) {
125                    while (ekuOidString[tokeni] != ',' &&
126                            ekuOidString[tokeni] != '\0') {
127                        tokeni++;
128                    }
129                    if (ekuOidString[tokeni] == '\0') {
130                        last_token = PKIX_TRUE;
131                    } else {
132                        ekuOidString[tokeni] = '\0';
133                        tokeni++;
134                    }
135
136                    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create
137                        (&ekuOidString[i], &ekuOid, plContext));
138
139                    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
140                            (ekuList, (PKIX_PL_Object *)ekuOid, plContext));
141
142                    PKIX_TEST_DECREF_BC(ekuOid);
143                    i = tokeni;
144
145                }
146
147        }
148
149        /* Set extended key usage link to processing params */
150
151        subTest("PKIX_ComCertSelParams_Create");
152        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
153                        (&selParams, plContext));
154
155        subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
156        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage
157                        (selParams, ekuList, plContext));
158
159        subTest("PKIX_CertSelector_Create");
160        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
161                        (testCertSelectorMatchCallback,
162                        NULL,
163                        &certSelector,
164                        plContext));
165
166        subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
167        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
168                        (certSelector, selParams, plContext));
169
170        subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
171        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints
172                        (procParams, certSelector, plContext));
173
174cleanup:
175
176        PKIX_TEST_DECREF_AC(selParams);
177        PKIX_TEST_DECREF_AC(certSelector);
178        PKIX_TEST_DECREF_AC(procParams);
179        PKIX_TEST_DECREF_AC(ekuOid);
180        PKIX_TEST_DECREF_AC(ekuList);
181
182        PKIX_TEST_RETURN();
183
184        return (0);
185}
186
187static PKIX_Error *
188testEkuChecker(
189        PKIX_ValidateParams *valParams,
190        PKIX_Boolean only4EE)
191{
192        PKIX_ProcessingParams *procParams = NULL;
193
194        PKIX_TEST_STD_VARS();
195
196        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
197                                    (valParams, &procParams, plContext));
198
199        subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
200        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
201                                    (procParams, PKIX_FALSE, plContext));
202
203        if (only4EE == PKIX_FALSE) {
204                subTest("PKIX_PL_EkuChecker_Create");
205                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create
206                                    (procParams, plContext));
207        }
208
209cleanup:
210
211        PKIX_TEST_DECREF_AC(procParams);
212
213        PKIX_TEST_RETURN();
214
215        return (0);
216}
217
218int test_ekuchecker(int argc, char *argv[]){
219        PKIX_List *chain = NULL;
220        PKIX_ValidateParams *valParams = NULL;
221        PKIX_ValidateResult *valResult = NULL;
222        PKIX_UInt32 actualMinorVersion;
223        char *certNames[PKIX_TEST_MAX_CERTS];
224        char *dirName = NULL;
225        PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
226        PKIX_UInt32 chainLength = 0;
227        PKIX_UInt32 i = 0;
228        PKIX_UInt32 j = 0;
229        PKIX_Boolean testValid = PKIX_FALSE;
230        PKIX_Boolean only4EE = PKIX_FALSE;
231
232        PKIX_TEST_STD_VARS();
233
234        if (argc < 5) {
235                printUsage1(argv[0]);
236                return (0);
237        }
238
239        startTests("EKU Checker");
240
241        PKIX_TEST_EXPECT_NO_ERROR(
242            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
243
244        /* ENE = expect no error; EE = expect error */
245        if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
246                testValid = PKIX_TRUE;
247        } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
248                testValid = PKIX_FALSE;
249        } else {
250                printUsage1(argv[0]);
251                return (0);
252        }
253
254        dirName = argv[4+j];
255
256        chainLength = (argc - j) - 6;
257        if (chainLength > PKIX_TEST_MAX_CERTS) {
258                printUsageMax(chainLength);
259        }
260
261        for (i = 0; i < chainLength; i++) {
262
263                certNames[i] = argv[6+i+j];
264                certs[i] = NULL;
265        }
266
267        subTest(argv[1+j]);
268
269        subTest("Extended-Key-Usage-Checker");
270
271        subTest("Extended-Key-Usage-Checker - Create Cert Chain");
272
273        chain = createCertChainPlus
274                (dirName, certNames, certs, chainLength, plContext);
275
276        subTest("Extended-Key-Usage-Checker - Create Params");
277
278        valParams = createValidateParams
279                (dirName,
280                argv[5+j],
281                NULL,
282                NULL,
283                NULL,
284                PKIX_FALSE,
285                PKIX_FALSE,
286                PKIX_FALSE,
287                PKIX_FALSE,
288                chain,
289                plContext);
290
291        subTest("Default CertStore");
292
293        testEkuSetup(valParams, argv[3+j], &only4EE);
294
295        testEkuChecker(valParams, only4EE);
296
297        subTest("Extended-Key-Usage-Checker - Validate Chain");
298
299        if (testValid == PKIX_TRUE) {
300                PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
301                                    (valParams, &valResult, NULL, plContext));
302        } else {
303                PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
304                                    (valParams, &valResult, NULL, plContext));
305        }
306
307
308cleanup:
309
310        PKIX_TEST_DECREF_AC(chain);
311        PKIX_TEST_DECREF_AC(valParams);
312        PKIX_TEST_DECREF_AC(valResult);
313
314        PKIX_Shutdown(plContext);
315
316        PKIX_TEST_RETURN();
317
318        endTests("EKU Checker");
319
320        return (0);
321}