PageRenderTime 53ms CodeModel.GetById 18ms app.highlight 30ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/libpkix/sample_apps/build_chain.c

http://github.com/zpao/v8monkey
C | 298 lines | 191 code | 56 blank | 51 comment | 10 complexity | db66202272aaf14af7424e86b2cc985a MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the PKIX-C library.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Sun Microsystems, Inc.
 18 * Portions created by the Initial Developer are
 19 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Sun Microsystems, Inc.
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37/*
 38 * buildChain.c
 39 *
 40 * Tests Cert Chain Building
 41 *
 42 */
 43
 44#include <stdio.h>
 45#include <string.h>
 46#include <stddef.h>
 47
 48#include "pkix_pl_generalname.h"
 49#include "pkix_pl_cert.h"
 50#include "pkix.h"
 51#include "testutil.h"
 52#include "prlong.h"
 53#include "plstr.h"
 54#include "prthread.h"
 55#include "nspr.h"
 56#include "prtypes.h"
 57#include "prtime.h"
 58#include "pk11func.h"
 59#include "secasn1.h"
 60#include "cert.h"
 61#include "cryptohi.h"
 62#include "secoid.h"
 63#include "certdb.h"
 64#include "secitem.h"
 65#include "keythi.h"
 66#include "nss.h"
 67
 68static void *plContext = NULL;
 69
 70static
 71void printUsage(void){
 72        (void) printf("\nUSAGE:\tbuildChain "
 73                        "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
 74        (void) printf
 75                ("Builds a chain of certificates between "
 76                "<trustedCert> and <targetCert>\n"
 77                "using the certs and CRLs in <certStoreDirectory>.\n");
 78}
 79
 80static PKIX_PL_Cert *
 81createCert(char *inFileName)
 82{
 83        PKIX_PL_ByteArray *byteArray = NULL;
 84        void *buf = NULL;
 85        PRFileDesc *inFile = NULL;
 86        PKIX_UInt32 len;
 87        SECItem certDER;
 88        SECStatus rv;
 89        /* default: NULL cert (failure case) */
 90        PKIX_PL_Cert *cert = NULL;
 91
 92        PKIX_TEST_STD_VARS();
 93
 94        certDER.data = NULL;
 95
 96        inFile = PR_Open(inFileName, PR_RDONLY, 0);
 97
 98        if (!inFile){
 99                pkixTestErrorMsg = "Unable to open cert file";
100                goto cleanup;
101        } else {
102                rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE);
103                if (!rv){
104                        buf = (void *)certDER.data;
105                        len = certDER.len;
106
107                        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
108                                        (buf, len, &byteArray, plContext));
109
110                        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
111                                        (byteArray, &cert, plContext));
112
113                        SECITEM_FreeItem(&certDER, PR_FALSE);
114                } else {
115                        pkixTestErrorMsg = "Unable to read DER from cert file";
116                        goto cleanup;
117                }
118        }
119
120cleanup:
121
122        if (inFile){
123                PR_Close(inFile);
124        }
125
126        if (PKIX_TEST_ERROR_RECEIVED){
127                SECITEM_FreeItem(&certDER, PR_FALSE);
128        }
129
130        PKIX_TEST_DECREF_AC(byteArray);
131
132        PKIX_TEST_RETURN();
133
134        return (cert);
135}
136
137int build_chain(int argc, char *argv[])
138{
139        PKIX_BuildResult *buildResult = NULL;
140        PKIX_ComCertSelParams *certSelParams = NULL;
141        PKIX_CertSelector *certSelector = NULL;
142        PKIX_TrustAnchor *anchor = NULL;
143        PKIX_List *anchors = NULL;
144        PKIX_List *certs = NULL;
145        PKIX_PL_Cert *cert = NULL;
146        PKIX_ProcessingParams *procParams = NULL;
147        char *trustedCertFile = NULL;
148        char *targetCertFile = NULL;
149        char *storeDirAscii = NULL;
150        PKIX_PL_String *storeDirString = NULL;
151        PKIX_PL_Cert *trustedCert = NULL;
152        PKIX_PL_Cert *targetCert = NULL;
153        PKIX_UInt32 actualMinorVersion, numCerts, i;
154        PKIX_UInt32 j = 0;
155        PKIX_CertStore *certStore = NULL;
156        PKIX_List *certStores = NULL;
157        char * asciiResult = NULL;
158        PKIX_Boolean useArenas = PKIX_FALSE;
159        void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
160        void *nbioContext = NULL;
161
162        PKIX_TEST_STD_VARS();
163
164        if (argc < 4){
165                printUsage();
166                return (0);
167        }
168
169        useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
170
171        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
172                                    (PKIX_TRUE, /* nssInitNeeded */
173                                    useArenas,
174                                    PKIX_MAJOR_VERSION,
175                                    PKIX_MINOR_VERSION,
176                                    PKIX_MINOR_VERSION,
177                                    &actualMinorVersion,
178                                    &plContext));
179
180        /* create processing params with list of trust anchors */
181        trustedCertFile = argv[j+1];
182        trustedCert = createCert(trustedCertFile);
183
184        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
185                                    (trustedCert, &anchor, plContext));
186        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
187        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
188                            (anchors, (PKIX_PL_Object *)anchor, plContext));
189        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
190                            (anchors, &procParams, plContext));
191
192
193        /* create CertSelector with target certificate in params */
194        PKIX_TEST_EXPECT_NO_ERROR
195                (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
196
197        targetCertFile = argv[j+2];
198        targetCert = createCert(targetCertFile);
199
200        PKIX_TEST_EXPECT_NO_ERROR
201                (PKIX_ComCertSelParams_SetCertificate
202                (certSelParams, targetCert, plContext));
203
204        PKIX_TEST_EXPECT_NO_ERROR
205            (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
206
207        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
208                                (certSelector, certSelParams, plContext));
209
210        PKIX_TEST_EXPECT_NO_ERROR
211                (PKIX_ProcessingParams_SetTargetCertConstraints
212                (procParams, certSelector, plContext));
213
214        /* create CertStores */
215
216        storeDirAscii = argv[j+3];
217
218        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
219                (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
220
221        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
222                (storeDirString, &certStore, plContext));
223        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
224        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
225                (certStores, (PKIX_PL_Object *)certStore, plContext));
226
227        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
228                (procParams, certStores, plContext));
229
230        /* build cert chain using processing params and return buildResult */
231
232        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain
233                (procParams,
234                &nbioContext,
235                &buildState,
236                &buildResult,
237                NULL,
238                plContext));
239
240        /*
241         * As long as we use only CertStores with blocking I/O, we can omit
242         * checking for completion with nbioContext.
243         */
244
245        PKIX_TEST_EXPECT_NO_ERROR
246                (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
247
248        PKIX_TEST_EXPECT_NO_ERROR
249                (PKIX_List_GetLength(certs, &numCerts, plContext));
250
251        printf("\n");
252
253        for (i = 0; i < numCerts; i++){
254                PKIX_TEST_EXPECT_NO_ERROR
255                        (PKIX_List_GetItem
256                        (certs, i, (PKIX_PL_Object**)&cert, plContext));
257
258                asciiResult = PKIX_Cert2ASCII(cert);
259
260                printf("CERT[%d]:\n%s\n", i, asciiResult);
261
262                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
263                asciiResult = NULL;
264
265                PKIX_TEST_DECREF_BC(cert);
266        }
267
268cleanup:
269
270        if (PKIX_TEST_ERROR_RECEIVED){
271                (void) printf("FAILED TO BUILD CHAIN\n");
272        } else {
273                (void) printf("SUCCESSFULLY BUILT CHAIN\n");
274        }
275
276        PKIX_PL_Free(asciiResult, plContext);
277
278        PKIX_TEST_DECREF_AC(certs);
279        PKIX_TEST_DECREF_AC(cert);
280        PKIX_TEST_DECREF_AC(certStore);
281        PKIX_TEST_DECREF_AC(certStores);
282        PKIX_TEST_DECREF_AC(storeDirString);
283        PKIX_TEST_DECREF_AC(trustedCert);
284        PKIX_TEST_DECREF_AC(targetCert);
285        PKIX_TEST_DECREF_AC(anchor);
286        PKIX_TEST_DECREF_AC(anchors);
287        PKIX_TEST_DECREF_AC(procParams);
288        PKIX_TEST_DECREF_AC(certSelParams);
289        PKIX_TEST_DECREF_AC(certSelector);
290        PKIX_TEST_DECREF_AC(buildResult);
291
292        PKIX_TEST_RETURN();
293
294        PKIX_Shutdown(plContext);
295
296        return (0);
297
298}