PageRenderTime 33ms CodeModel.GetById 14ms app.highlight 15ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/libpkix/sample_apps/validate_chain.c

http://github.com/zpao/v8monkey
C | 267 lines | 169 code | 51 blank | 47 comment | 11 complexity | ef2407d4fdc23986b696d66cc67b65ac MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the PKIX-C library.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Sun Microsystems, Inc.
 18 * Portions created by the Initial Developer are
 19 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Sun Microsystems, Inc.
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37/*
 38 * validateChain.c
 39 *
 40 * Tests Cert Chain Validation
 41 *
 42 */
 43
 44#include <stdio.h>
 45#include <string.h>
 46#include <stddef.h>
 47
 48#include "pkix_pl_generalname.h"
 49#include "pkix_pl_cert.h"
 50#include "pkix.h"
 51#include "testutil.h"
 52#include "prlong.h"
 53#include "plstr.h"
 54#include "prthread.h"
 55#include "nspr.h"
 56#include "prtypes.h"
 57#include "prtime.h"
 58#include "pk11func.h"
 59#include "secasn1.h"
 60#include "cert.h"
 61#include "cryptohi.h"
 62#include "secoid.h"
 63#include "certdb.h"
 64#include "secitem.h"
 65#include "keythi.h"
 66#include "nss.h"
 67
 68static void *plContext = NULL;
 69
 70static 
 71void printUsage(void){
 72        (void) printf("\nUSAGE:\tvalidateChain <trustedCert> "
 73                "<cert_1> <cert_2> ... <cert_n>\n");
 74        (void) printf("\tValidates a chain of n certificates "
 75                "using the given trust anchor.\n");
 76
 77}
 78
 79static PKIX_PL_Cert *
 80createCert(char *inFileName)
 81{
 82        PKIX_PL_ByteArray *byteArray = NULL;
 83        void *buf = NULL;
 84        PRFileDesc *inFile = NULL;
 85        PKIX_UInt32 len;
 86        SECItem certDER;
 87        SECStatus rv;
 88        /* default: NULL cert (failure case) */
 89        PKIX_PL_Cert *cert = NULL;
 90
 91        PKIX_TEST_STD_VARS();
 92
 93        certDER.data = NULL;
 94
 95        inFile = PR_Open(inFileName, PR_RDONLY, 0);
 96
 97        if (!inFile){
 98                pkixTestErrorMsg = "Unable to open cert file";
 99                goto cleanup;
100        } else {
101                rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE);
102                if (!rv){
103                        buf = (void *)certDER.data;
104                        len = certDER.len;
105
106                        PKIX_TEST_EXPECT_NO_ERROR
107                                (PKIX_PL_ByteArray_Create
108                                (buf, len, &byteArray, plContext));
109
110                        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
111                                                (byteArray, &cert, plContext));
112
113                        SECITEM_FreeItem(&certDER, PR_FALSE);
114                } else {
115                        pkixTestErrorMsg = "Unable to read DER from cert file";
116                        goto cleanup;
117                }
118        }
119
120cleanup:
121
122        if (inFile){
123                PR_Close(inFile);
124        }
125
126        if (PKIX_TEST_ERROR_RECEIVED){
127                SECITEM_FreeItem(&certDER, PR_FALSE);
128        }
129
130        PKIX_TEST_DECREF_AC(byteArray);
131
132        PKIX_TEST_RETURN();
133
134        return (cert);
135}
136
137int validate_chain(int argc, char *argv[])
138{
139        PKIX_TrustAnchor *anchor = NULL;
140        PKIX_List *anchors = NULL;
141        PKIX_List *certs = NULL;
142        PKIX_ProcessingParams *procParams = NULL;
143        PKIX_ValidateParams *valParams = NULL;
144        PKIX_ValidateResult *valResult = NULL;
145        PKIX_PL_X500Name *subject = NULL;
146        PKIX_ComCertSelParams *certSelParams = NULL;
147        PKIX_CertSelector *certSelector = NULL;
148	PKIX_VerifyNode *verifyTree = NULL;
149	PKIX_PL_String *verifyString = NULL;
150
151        char *trustedCertFile = NULL;
152        char *chainCertFile = NULL;
153        PKIX_PL_Cert *trustedCert = NULL;
154        PKIX_PL_Cert *chainCert = NULL;
155        PKIX_UInt32 chainLength = 0;
156        PKIX_UInt32 i = 0;
157        PKIX_UInt32 j = 0;
158        PKIX_UInt32 actualMinorVersion;
159
160        PKIX_TEST_STD_VARS();
161
162        if (argc < 3){
163                printUsage();
164                return (0);
165        }
166
167        PKIX_TEST_EXPECT_NO_ERROR(
168            PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
169
170        chainLength = (argc - j) - 2;
171
172        /* create processing params with list of trust anchors */
173        trustedCertFile = argv[1+j];
174        trustedCert = createCert(trustedCertFile);
175
176        PKIX_TEST_EXPECT_NO_ERROR
177                (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
178
179        PKIX_TEST_EXPECT_NO_ERROR
180                (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
181
182#if 0
183        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
184                                    (certSelParams, subject, plContext));
185#endif
186
187        PKIX_TEST_EXPECT_NO_ERROR
188                (PKIX_CertSelector_Create
189                (NULL, NULL, &certSelector, plContext));
190
191        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
192                                (certSelector, certSelParams, plContext));
193
194        PKIX_TEST_DECREF_BC(subject);
195        PKIX_TEST_DECREF_BC(certSelParams);
196
197        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
198                                    (trustedCert, &anchor, plContext));
199
200        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
201        PKIX_TEST_EXPECT_NO_ERROR
202                (PKIX_List_AppendItem
203                (anchors, (PKIX_PL_Object *)anchor, plContext));
204        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
205                                    (anchors, &procParams, plContext));
206
207        PKIX_TEST_EXPECT_NO_ERROR
208                (PKIX_ProcessingParams_SetTargetCertConstraints
209                (procParams, certSelector, plContext));
210
211        PKIX_TEST_DECREF_BC(certSelector);
212
213        /* create cert chain */
214        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
215        for (i = 0; i < chainLength; i++){
216                chainCertFile = argv[(i + j) + 2];
217                chainCert = createCert(chainCertFile);
218
219                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
220                                            (certs,
221                                            (PKIX_PL_Object *)chainCert,
222                                            plContext));
223
224                PKIX_TEST_DECREF_BC(chainCert);
225                chainCert = NULL;
226        }
227        /* create validate params with processing params and cert chain */
228        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
229                                    (procParams, certs, &valParams, plContext));
230
231        PKIX_TEST_DECREF_BC(trustedCert); trustedCert = NULL;
232        PKIX_TEST_DECREF_BC(anchor); anchor = NULL;
233        PKIX_TEST_DECREF_BC(anchors); anchors = NULL;
234        PKIX_TEST_DECREF_BC(certs); certs = NULL;
235        PKIX_TEST_DECREF_BC(procParams); procParams = NULL;
236
237        /* validate cert chain using processing params and return valResult */
238
239        PKIX_TEST_EXPECT_NO_ERROR
240                (PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
241
242        if (valResult != NULL){
243                (void) printf("SUCCESSFULLY VALIDATED\n");
244        }
245
246cleanup:
247
248        if (PKIX_TEST_ERROR_RECEIVED){
249                (void) printf("FAILED TO VALIDATE\n");
250	        (void) PKIX_PL_Object_ToString
251        	        ((PKIX_PL_Object*)verifyTree, &verifyString, plContext);
252	        (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
253	        PKIX_TEST_DECREF_AC(verifyString);
254
255        }
256
257        PKIX_TEST_DECREF_AC(verifyTree);
258        PKIX_TEST_DECREF_AC(valResult);
259        PKIX_TEST_DECREF_AC(valParams);
260
261        PKIX_TEST_RETURN();
262
263        PKIX_Shutdown(plContext);
264
265        return (0);
266
267}