/security/nss/cmd/libpkix/sample_apps/build_chain.c

http://github.com/zpao/v8monkey · C · 298 lines · 191 code · 56 blank · 51 comment · 10 complexity · db66202272aaf14af7424e86b2cc985a MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the PKIX-C library.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Sun Microsystems, Inc.
  18. * Portions created by the Initial Developer are
  19. * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Sun Microsystems, Inc.
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. /*
  38. * buildChain.c
  39. *
  40. * Tests Cert Chain Building
  41. *
  42. */
  43. #include <stdio.h>
  44. #include <string.h>
  45. #include <stddef.h>
  46. #include "pkix_pl_generalname.h"
  47. #include "pkix_pl_cert.h"
  48. #include "pkix.h"
  49. #include "testutil.h"
  50. #include "prlong.h"
  51. #include "plstr.h"
  52. #include "prthread.h"
  53. #include "nspr.h"
  54. #include "prtypes.h"
  55. #include "prtime.h"
  56. #include "pk11func.h"
  57. #include "secasn1.h"
  58. #include "cert.h"
  59. #include "cryptohi.h"
  60. #include "secoid.h"
  61. #include "certdb.h"
  62. #include "secitem.h"
  63. #include "keythi.h"
  64. #include "nss.h"
  65. static void *plContext = NULL;
  66. static
  67. void printUsage(void){
  68. (void) printf("\nUSAGE:\tbuildChain "
  69. "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
  70. (void) printf
  71. ("Builds a chain of certificates between "
  72. "<trustedCert> and <targetCert>\n"
  73. "using the certs and CRLs in <certStoreDirectory>.\n");
  74. }
  75. static PKIX_PL_Cert *
  76. createCert(char *inFileName)
  77. {
  78. PKIX_PL_ByteArray *byteArray = NULL;
  79. void *buf = NULL;
  80. PRFileDesc *inFile = NULL;
  81. PKIX_UInt32 len;
  82. SECItem certDER;
  83. SECStatus rv;
  84. /* default: NULL cert (failure case) */
  85. PKIX_PL_Cert *cert = NULL;
  86. PKIX_TEST_STD_VARS();
  87. certDER.data = NULL;
  88. inFile = PR_Open(inFileName, PR_RDONLY, 0);
  89. if (!inFile){
  90. pkixTestErrorMsg = "Unable to open cert file";
  91. goto cleanup;
  92. } else {
  93. rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE);
  94. if (!rv){
  95. buf = (void *)certDER.data;
  96. len = certDER.len;
  97. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
  98. (buf, len, &byteArray, plContext));
  99. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
  100. (byteArray, &cert, plContext));
  101. SECITEM_FreeItem(&certDER, PR_FALSE);
  102. } else {
  103. pkixTestErrorMsg = "Unable to read DER from cert file";
  104. goto cleanup;
  105. }
  106. }
  107. cleanup:
  108. if (inFile){
  109. PR_Close(inFile);
  110. }
  111. if (PKIX_TEST_ERROR_RECEIVED){
  112. SECITEM_FreeItem(&certDER, PR_FALSE);
  113. }
  114. PKIX_TEST_DECREF_AC(byteArray);
  115. PKIX_TEST_RETURN();
  116. return (cert);
  117. }
  118. int build_chain(int argc, char *argv[])
  119. {
  120. PKIX_BuildResult *buildResult = NULL;
  121. PKIX_ComCertSelParams *certSelParams = NULL;
  122. PKIX_CertSelector *certSelector = NULL;
  123. PKIX_TrustAnchor *anchor = NULL;
  124. PKIX_List *anchors = NULL;
  125. PKIX_List *certs = NULL;
  126. PKIX_PL_Cert *cert = NULL;
  127. PKIX_ProcessingParams *procParams = NULL;
  128. char *trustedCertFile = NULL;
  129. char *targetCertFile = NULL;
  130. char *storeDirAscii = NULL;
  131. PKIX_PL_String *storeDirString = NULL;
  132. PKIX_PL_Cert *trustedCert = NULL;
  133. PKIX_PL_Cert *targetCert = NULL;
  134. PKIX_UInt32 actualMinorVersion, numCerts, i;
  135. PKIX_UInt32 j = 0;
  136. PKIX_CertStore *certStore = NULL;
  137. PKIX_List *certStores = NULL;
  138. char * asciiResult = NULL;
  139. PKIX_Boolean useArenas = PKIX_FALSE;
  140. void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
  141. void *nbioContext = NULL;
  142. PKIX_TEST_STD_VARS();
  143. if (argc < 4){
  144. printUsage();
  145. return (0);
  146. }
  147. useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
  148. PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
  149. (PKIX_TRUE, /* nssInitNeeded */
  150. useArenas,
  151. PKIX_MAJOR_VERSION,
  152. PKIX_MINOR_VERSION,
  153. PKIX_MINOR_VERSION,
  154. &actualMinorVersion,
  155. &plContext));
  156. /* create processing params with list of trust anchors */
  157. trustedCertFile = argv[j+1];
  158. trustedCert = createCert(trustedCertFile);
  159. PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
  160. (trustedCert, &anchor, plContext));
  161. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
  162. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
  163. (anchors, (PKIX_PL_Object *)anchor, plContext));
  164. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
  165. (anchors, &procParams, plContext));
  166. /* create CertSelector with target certificate in params */
  167. PKIX_TEST_EXPECT_NO_ERROR
  168. (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
  169. targetCertFile = argv[j+2];
  170. targetCert = createCert(targetCertFile);
  171. PKIX_TEST_EXPECT_NO_ERROR
  172. (PKIX_ComCertSelParams_SetCertificate
  173. (certSelParams, targetCert, plContext));
  174. PKIX_TEST_EXPECT_NO_ERROR
  175. (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
  176. PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
  177. (certSelector, certSelParams, plContext));
  178. PKIX_TEST_EXPECT_NO_ERROR
  179. (PKIX_ProcessingParams_SetTargetCertConstraints
  180. (procParams, certSelector, plContext));
  181. /* create CertStores */
  182. storeDirAscii = argv[j+3];
  183. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
  184. (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
  185. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
  186. (storeDirString, &certStore, plContext));
  187. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
  188. PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
  189. (certStores, (PKIX_PL_Object *)certStore, plContext));
  190. PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
  191. (procParams, certStores, plContext));
  192. /* build cert chain using processing params and return buildResult */
  193. PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain
  194. (procParams,
  195. &nbioContext,
  196. &buildState,
  197. &buildResult,
  198. NULL,
  199. plContext));
  200. /*
  201. * As long as we use only CertStores with blocking I/O, we can omit
  202. * checking for completion with nbioContext.
  203. */
  204. PKIX_TEST_EXPECT_NO_ERROR
  205. (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
  206. PKIX_TEST_EXPECT_NO_ERROR
  207. (PKIX_List_GetLength(certs, &numCerts, plContext));
  208. printf("\n");
  209. for (i = 0; i < numCerts; i++){
  210. PKIX_TEST_EXPECT_NO_ERROR
  211. (PKIX_List_GetItem
  212. (certs, i, (PKIX_PL_Object**)&cert, plContext));
  213. asciiResult = PKIX_Cert2ASCII(cert);
  214. printf("CERT[%d]:\n%s\n", i, asciiResult);
  215. PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
  216. asciiResult = NULL;
  217. PKIX_TEST_DECREF_BC(cert);
  218. }
  219. cleanup:
  220. if (PKIX_TEST_ERROR_RECEIVED){
  221. (void) printf("FAILED TO BUILD CHAIN\n");
  222. } else {
  223. (void) printf("SUCCESSFULLY BUILT CHAIN\n");
  224. }
  225. PKIX_PL_Free(asciiResult, plContext);
  226. PKIX_TEST_DECREF_AC(certs);
  227. PKIX_TEST_DECREF_AC(cert);
  228. PKIX_TEST_DECREF_AC(certStore);
  229. PKIX_TEST_DECREF_AC(certStores);
  230. PKIX_TEST_DECREF_AC(storeDirString);
  231. PKIX_TEST_DECREF_AC(trustedCert);
  232. PKIX_TEST_DECREF_AC(targetCert);
  233. PKIX_TEST_DECREF_AC(anchor);
  234. PKIX_TEST_DECREF_AC(anchors);
  235. PKIX_TEST_DECREF_AC(procParams);
  236. PKIX_TEST_DECREF_AC(certSelParams);
  237. PKIX_TEST_DECREF_AC(certSelector);
  238. PKIX_TEST_DECREF_AC(buildResult);
  239. PKIX_TEST_RETURN();
  240. PKIX_Shutdown(plContext);
  241. return (0);
  242. }