/security/nss/cmd/libpkix/sample_apps/build_chain.c
C | 298 lines | 191 code | 56 blank | 51 comment | 10 complexity | db66202272aaf14af7424e86b2cc985a MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the PKIX-C library. 15 * 16 * The Initial Developer of the Original Code is 17 * Sun Microsystems, Inc. 18 * Portions created by the Initial Developer are 19 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. 20 * 21 * Contributor(s): 22 * Sun Microsystems, Inc. 23 * 24 * Alternatively, the contents of this file may be used under the terms of 25 * either the GNU General Public License Version 2 or later (the "GPL"), or 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 27 * in which case the provisions of the GPL or the LGPL are applicable instead 28 * of those above. If you wish to allow use of your version of this file only 29 * under the terms of either the GPL or the LGPL, and not to allow others to 30 * use your version of this file under the terms of the MPL, indicate your 31 * decision by deleting the provisions above and replace them with the notice 32 * and other provisions required by the GPL or the LGPL. If you do not delete 33 * the provisions above, a recipient may use your version of this file under 34 * the terms of any one of the MPL, the GPL or the LGPL. 35 * 36 * ***** END LICENSE BLOCK ***** */ 37/* 38 * buildChain.c 39 * 40 * Tests Cert Chain Building 41 * 42 */ 43 44#include <stdio.h> 45#include <string.h> 46#include <stddef.h> 47 48#include "pkix_pl_generalname.h" 49#include "pkix_pl_cert.h" 50#include "pkix.h" 51#include "testutil.h" 52#include "prlong.h" 53#include "plstr.h" 54#include "prthread.h" 55#include "nspr.h" 56#include "prtypes.h" 57#include "prtime.h" 58#include "pk11func.h" 59#include "secasn1.h" 60#include "cert.h" 61#include "cryptohi.h" 62#include "secoid.h" 63#include "certdb.h" 64#include "secitem.h" 65#include "keythi.h" 66#include "nss.h" 67 68static void *plContext = NULL; 69 70static 71void printUsage(void){ 72 (void) printf("\nUSAGE:\tbuildChain " 73 "<trustedCert> <targetCert> <certStoreDirectory>\n\n"); 74 (void) printf 75 ("Builds a chain of certificates between " 76 "<trustedCert> and <targetCert>\n" 77 "using the certs and CRLs in <certStoreDirectory>.\n"); 78} 79 80static PKIX_PL_Cert * 81createCert(char *inFileName) 82{ 83 PKIX_PL_ByteArray *byteArray = NULL; 84 void *buf = NULL; 85 PRFileDesc *inFile = NULL; 86 PKIX_UInt32 len; 87 SECItem certDER; 88 SECStatus rv; 89 /* default: NULL cert (failure case) */ 90 PKIX_PL_Cert *cert = NULL; 91 92 PKIX_TEST_STD_VARS(); 93 94 certDER.data = NULL; 95 96 inFile = PR_Open(inFileName, PR_RDONLY, 0); 97 98 if (!inFile){ 99 pkixTestErrorMsg = "Unable to open cert file"; 100 goto cleanup; 101 } else { 102 rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE); 103 if (!rv){ 104 buf = (void *)certDER.data; 105 len = certDER.len; 106 107 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create 108 (buf, len, &byteArray, plContext)); 109 110 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create 111 (byteArray, &cert, plContext)); 112 113 SECITEM_FreeItem(&certDER, PR_FALSE); 114 } else { 115 pkixTestErrorMsg = "Unable to read DER from cert file"; 116 goto cleanup; 117 } 118 } 119 120cleanup: 121 122 if (inFile){ 123 PR_Close(inFile); 124 } 125 126 if (PKIX_TEST_ERROR_RECEIVED){ 127 SECITEM_FreeItem(&certDER, PR_FALSE); 128 } 129 130 PKIX_TEST_DECREF_AC(byteArray); 131 132 PKIX_TEST_RETURN(); 133 134 return (cert); 135} 136 137int build_chain(int argc, char *argv[]) 138{ 139 PKIX_BuildResult *buildResult = NULL; 140 PKIX_ComCertSelParams *certSelParams = NULL; 141 PKIX_CertSelector *certSelector = NULL; 142 PKIX_TrustAnchor *anchor = NULL; 143 PKIX_List *anchors = NULL; 144 PKIX_List *certs = NULL; 145 PKIX_PL_Cert *cert = NULL; 146 PKIX_ProcessingParams *procParams = NULL; 147 char *trustedCertFile = NULL; 148 char *targetCertFile = NULL; 149 char *storeDirAscii = NULL; 150 PKIX_PL_String *storeDirString = NULL; 151 PKIX_PL_Cert *trustedCert = NULL; 152 PKIX_PL_Cert *targetCert = NULL; 153 PKIX_UInt32 actualMinorVersion, numCerts, i; 154 PKIX_UInt32 j = 0; 155 PKIX_CertStore *certStore = NULL; 156 PKIX_List *certStores = NULL; 157 char * asciiResult = NULL; 158 PKIX_Boolean useArenas = PKIX_FALSE; 159 void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */ 160 void *nbioContext = NULL; 161 162 PKIX_TEST_STD_VARS(); 163 164 if (argc < 4){ 165 printUsage(); 166 return (0); 167 } 168 169 useArenas = PKIX_TEST_ARENAS_ARG(argv[1]); 170 171 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize 172 (PKIX_TRUE, /* nssInitNeeded */ 173 useArenas, 174 PKIX_MAJOR_VERSION, 175 PKIX_MINOR_VERSION, 176 PKIX_MINOR_VERSION, 177 &actualMinorVersion, 178 &plContext)); 179 180 /* create processing params with list of trust anchors */ 181 trustedCertFile = argv[j+1]; 182 trustedCert = createCert(trustedCertFile); 183 184 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert 185 (trustedCert, &anchor, plContext)); 186 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); 187 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem 188 (anchors, (PKIX_PL_Object *)anchor, plContext)); 189 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create 190 (anchors, &procParams, plContext)); 191 192 193 /* create CertSelector with target certificate in params */ 194 PKIX_TEST_EXPECT_NO_ERROR 195 (PKIX_ComCertSelParams_Create(&certSelParams, plContext)); 196 197 targetCertFile = argv[j+2]; 198 targetCert = createCert(targetCertFile); 199 200 PKIX_TEST_EXPECT_NO_ERROR 201 (PKIX_ComCertSelParams_SetCertificate 202 (certSelParams, targetCert, plContext)); 203 204 PKIX_TEST_EXPECT_NO_ERROR 205 (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); 206 207 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams 208 (certSelector, certSelParams, plContext)); 209 210 PKIX_TEST_EXPECT_NO_ERROR 211 (PKIX_ProcessingParams_SetTargetCertConstraints 212 (procParams, certSelector, plContext)); 213 214 /* create CertStores */ 215 216 storeDirAscii = argv[j+3]; 217 218 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create 219 (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext)); 220 221 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create 222 (storeDirString, &certStore, plContext)); 223 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); 224 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem 225 (certStores, (PKIX_PL_Object *)certStore, plContext)); 226 227 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores 228 (procParams, certStores, plContext)); 229 230 /* build cert chain using processing params and return buildResult */ 231 232 PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain 233 (procParams, 234 &nbioContext, 235 &buildState, 236 &buildResult, 237 NULL, 238 plContext)); 239 240 /* 241 * As long as we use only CertStores with blocking I/O, we can omit 242 * checking for completion with nbioContext. 243 */ 244 245 PKIX_TEST_EXPECT_NO_ERROR 246 (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); 247 248 PKIX_TEST_EXPECT_NO_ERROR 249 (PKIX_List_GetLength(certs, &numCerts, plContext)); 250 251 printf("\n"); 252 253 for (i = 0; i < numCerts; i++){ 254 PKIX_TEST_EXPECT_NO_ERROR 255 (PKIX_List_GetItem 256 (certs, i, (PKIX_PL_Object**)&cert, plContext)); 257 258 asciiResult = PKIX_Cert2ASCII(cert); 259 260 printf("CERT[%d]:\n%s\n", i, asciiResult); 261 262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext)); 263 asciiResult = NULL; 264 265 PKIX_TEST_DECREF_BC(cert); 266 } 267 268cleanup: 269 270 if (PKIX_TEST_ERROR_RECEIVED){ 271 (void) printf("FAILED TO BUILD CHAIN\n"); 272 } else { 273 (void) printf("SUCCESSFULLY BUILT CHAIN\n"); 274 } 275 276 PKIX_PL_Free(asciiResult, plContext); 277 278 PKIX_TEST_DECREF_AC(certs); 279 PKIX_TEST_DECREF_AC(cert); 280 PKIX_TEST_DECREF_AC(certStore); 281 PKIX_TEST_DECREF_AC(certStores); 282 PKIX_TEST_DECREF_AC(storeDirString); 283 PKIX_TEST_DECREF_AC(trustedCert); 284 PKIX_TEST_DECREF_AC(targetCert); 285 PKIX_TEST_DECREF_AC(anchor); 286 PKIX_TEST_DECREF_AC(anchors); 287 PKIX_TEST_DECREF_AC(procParams); 288 PKIX_TEST_DECREF_AC(certSelParams); 289 PKIX_TEST_DECREF_AC(certSelector); 290 PKIX_TEST_DECREF_AC(buildResult); 291 292 PKIX_TEST_RETURN(); 293 294 PKIX_Shutdown(plContext); 295 296 return (0); 297 298}