testutil_nss.c - This C code provides a set of functions fo…

/security/nss/cmd/libpkix/testutil/testutil_nss.c

http://github.com/zpao/v8monkey · C · 663 lines · 466 code · 153 blank · 44 comment · 32 complexity · 41bf9e91d4be6d5ce89599435f1bbf07 MD5 · raw file

/* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the PKIX-C library.
 *
 * The Initial Developer of the Original Code is
 * Sun Microsystems, Inc.
 * Portions created by the Initial Developer are
 * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Contributor(s):
 *   Sun Microsystems, Inc.
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */
/*
 * testutil_nss.c
 *
 * NSS-specific utility functions for handling test errors
 *
 */

#include <stdio.h>
#include <string.h>
#include <stddef.h>

#include "pkix_pl_generalname.h"
#include "pkix_pl_cert.h"
#include "pkix.h"
#include "testutil.h"
#include "prlong.h"
#include "plstr.h"
#include "prthread.h"
#include "secutil.h"
#include "nspr.h"
#include "prtypes.h"
#include "prtime.h"
#include "pk11func.h"
#include "secasn1.h"
#include "cert.h"
#include "cryptohi.h"
#include "secoid.h"
#include "certdb.h"
#include "secitem.h"
#include "keythi.h"
#include "nss.h"

static char *catDirName(char *dir, char *name, void *plContext)
{
        char *pathName = NULL;
        PKIX_UInt32 nameLen;
        PKIX_UInt32 dirLen;

        PKIX_TEST_STD_VARS();

        nameLen = PL_strlen(name);
        dirLen = PL_strlen(dir);

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
                                    (dirLen + nameLen + 2,
                                    (void **)&pathName,
                                    plContext));

        PL_strcpy(pathName, dir);
        PL_strcat(pathName, "/");
        PL_strcat(pathName, name);
        printf("pathName = %s\n", pathName);

cleanup:

        PKIX_TEST_RETURN();

        return (pathName);
}

PKIX_PL_Cert *
createCert(
        char *dirName,
        char *certFileName,
        void *plContext)
{
        PKIX_PL_ByteArray *byteArray = NULL;
        void *buf = NULL;
        PRFileDesc *certFile = NULL;
        PKIX_UInt32 len;
        SECItem certDER;
        SECStatus rv;
        /* default: NULL cert (failure case) */
        PKIX_PL_Cert *cert = NULL;
        char *pathName = NULL;

        PKIX_TEST_STD_VARS();


        certDER.data = NULL;

        pathName = catDirName(dirName, certFileName, plContext);
        certFile = PR_Open(pathName, PR_RDONLY, 0);

        if (!certFile){
                pkixTestErrorMsg = "Unable to open cert file";
                goto cleanup;
        } else {
                rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE);
                if (!rv){
                        buf = (void *)certDER.data;
                        len = certDER.len;

                        PKIX_TEST_EXPECT_NO_ERROR
                                (PKIX_PL_ByteArray_Create
                                (buf, len, &byteArray, plContext));

                        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
                                                (byteArray, &cert, plContext));

                        SECITEM_FreeItem(&certDER, PR_FALSE);
                } else {
                        pkixTestErrorMsg = "Unable to read DER from cert file";
                        goto cleanup;
                }
        }

cleanup:

        pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);

        if (certFile){
                PR_Close(certFile);
        }

        if (PKIX_TEST_ERROR_RECEIVED){
                SECITEM_FreeItem(&certDER, PR_FALSE);
        }

        PKIX_TEST_DECREF_AC(byteArray);

        PKIX_TEST_RETURN();

        return (cert);
}

PKIX_PL_CRL *
createCRL(
        char *dirName,
        char *crlFileName,
        void *plContext)
{
        PKIX_PL_ByteArray *byteArray = NULL;
        PKIX_PL_CRL *crl = NULL;
        PKIX_Error *error = NULL;
        PRFileDesc *inFile = NULL;
        SECItem crlDER;
        void *buf = NULL;
        PKIX_UInt32 len;
        SECStatus rv;
        char *pathName = NULL;

        PKIX_TEST_STD_VARS();

        crlDER.data = NULL;

        pathName = catDirName(dirName, crlFileName, plContext);
        inFile = PR_Open(pathName, PR_RDONLY, 0);

        if (!inFile){
                pkixTestErrorMsg = "Unable to open crl file";
                goto cleanup;
        } else {
                rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
                if (!rv){
                        buf = (void *)crlDER.data;
                        len = crlDER.len;

                        error = PKIX_PL_ByteArray_Create
                                (buf, len, &byteArray, plContext);

                        if (error){
                                pkixTestErrorMsg =
                                        "PKIX_PL_ByteArray_Create failed";
                                goto cleanup;
                        }

                        error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
                        if (error){
                                pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
                                goto cleanup;
                        }

                        SECITEM_FreeItem(&crlDER, PR_FALSE);
                } else {
                        pkixTestErrorMsg = "Unable to read DER from crl file";
                        goto cleanup;
                }
        }

cleanup:

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));

        if (inFile){
                PR_Close(inFile);
        }

        if (error){
                SECITEM_FreeItem(&crlDER, PR_FALSE);
        }

        PKIX_TEST_DECREF_AC(byteArray);

        PKIX_TEST_RETURN();

        return (crl);

}

PKIX_TrustAnchor *
createTrustAnchor(
        char *dirName,
        char *certFileName,
        PKIX_Boolean useCert,
        void *plContext)
{
        PKIX_TrustAnchor *anchor = NULL;
        PKIX_PL_Cert *cert = NULL;
        PKIX_PL_X500Name *name = NULL;
        PKIX_PL_PublicKey *pubKey = NULL;
        PKIX_PL_CertNameConstraints *nameConstraints = NULL;

        PKIX_TEST_STD_VARS();

        cert = createCert(dirName, certFileName, plContext);

        if (useCert){
                PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
                                        (cert, &anchor, plContext));
        } else {
                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
                                        (cert, &name, plContext));

                if (name == NULL){
                        goto cleanup;
                }

                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
                                        (cert, &pubKey, plContext));

                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints
                                        (cert, &nameConstraints, NULL));

                PKIX_TEST_EXPECT_NO_ERROR
                        (PKIX_TrustAnchor_CreateWithNameKeyPair
                        (name, pubKey, nameConstraints, &anchor, plContext));
        }

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(anchor);
        }

        PKIX_TEST_DECREF_AC(cert);
        PKIX_TEST_DECREF_AC(name);
        PKIX_TEST_DECREF_AC(pubKey);
        PKIX_TEST_DECREF_AC(nameConstraints);

        PKIX_TEST_RETURN();

        return (anchor);
}

PKIX_List *
createCertChain(
        char *dirName,
        char *firstCertFileName,
        char *secondCertFileName,
        void *plContext)
{
        PKIX_PL_Cert *firstCert = NULL;
        PKIX_PL_Cert *secondCert = NULL;
        PKIX_List *certList = NULL;

        PKIX_TEST_STD_VARS();

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));

        firstCert = createCert(dirName, firstCertFileName, plContext);

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
                (certList, (PKIX_PL_Object *)firstCert, plContext));

        if (secondCertFileName){
                secondCert = createCert(dirName, secondCertFileName, plContext);

                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
                        (certList, (PKIX_PL_Object *)secondCert, plContext));
        }

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
                                    (certList, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(certList);
        }

        PKIX_TEST_DECREF_AC(firstCert);
        PKIX_TEST_DECREF_AC(secondCert);

        PKIX_TEST_RETURN();

        return (certList);
}

PKIX_List *
createCertChainPlus(
        char *dirName,
        char *certNames[],
        PKIX_PL_Cert *certs[],
        PKIX_UInt32 numCerts,
        void *plContext)
{
        PKIX_List *certList = NULL;
        PKIX_UInt32 i;

        PKIX_TEST_STD_VARS();

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));

        for (i = 0; i < numCerts; i++) {

                certs[i] = createCert(dirName, certNames[i], plContext);

                /* Create Cert may fail */
                if (certs[i] == NULL) {
                        PKIX_TEST_DECREF_BC(certList);
                        goto cleanup;
                }

                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
                                            (certList,
                                            (PKIX_PL_Object *)certs[i],
                                            plContext));
        }

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable
                                    (certList, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(certList);
        }

        for (i = 0; i < numCerts; i++) {
                PKIX_TEST_DECREF_AC(certs[i]);
        }

        PKIX_TEST_RETURN();

        return (certList);

}

PKIX_PL_Date *
createDate(
        char *asciiDate,
        void *plContext)
{
        PKIX_PL_Date *date = NULL;
        PKIX_PL_String *plString = NULL;

        PKIX_TEST_STD_VARS();

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
            (PKIX_ESCASCII, asciiDate, 0, &plString, plContext));

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime
                                    (plString, &date, plContext));

cleanup:

        PKIX_TEST_DECREF_AC(plString);

        PKIX_TEST_RETURN();

        return (date);
}

PKIX_ProcessingParams *
createProcessingParams(
        char *dirName,
        char *firstAnchorFileName,
        char *secondAnchorFileName,
        char *dateAscii,
        PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
        PKIX_Boolean isCrlEnabled,
        void *plContext)
{

        PKIX_TrustAnchor *firstAnchor = NULL;
        PKIX_TrustAnchor *secondAnchor = NULL;
        PKIX_List *anchorsList = NULL;
        PKIX_ProcessingParams *procParams = NULL;
        PKIX_PL_String *dateString = NULL;
        PKIX_PL_Date *testDate = NULL;

        PKIX_TEST_STD_VARS();

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));

        firstAnchor = createTrustAnchor
                (dirName, firstAnchorFileName, PKIX_FALSE, plContext);

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
                                    (anchorsList,
                                    (PKIX_PL_Object *)firstAnchor,
                                    plContext));

        if (secondAnchorFileName){
                secondAnchor =
                        createTrustAnchor
                        (dirName, secondAnchorFileName, PKIX_FALSE, plContext);

                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
                                            (anchorsList,
                                            (PKIX_PL_Object *)secondAnchor,
                                            plContext));
        }

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
                                    (anchorsList, &procParams, plContext));

        if (dateAscii){
                PKIX_TEST_EXPECT_NO_ERROR
                        (PKIX_PL_String_Create
                        (PKIX_ESCASCII,
                        dateAscii,
                        0,
                        &dateString,
                        plContext));

                PKIX_TEST_EXPECT_NO_ERROR
                        (PKIX_PL_Date_Create_UTCTime
                        (dateString, &testDate, plContext));

                PKIX_TEST_EXPECT_NO_ERROR
                        (PKIX_ProcessingParams_SetDate
                        (procParams, testDate, plContext));
        }

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
                (procParams, initialPolicies, plContext));

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
                                    (procParams, isCrlEnabled, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(procParams);
        }

        PKIX_TEST_DECREF_AC(dateString);
        PKIX_TEST_DECREF_AC(testDate);
        PKIX_TEST_DECREF_AC(anchorsList);
        PKIX_TEST_DECREF_AC(firstAnchor);
        PKIX_TEST_DECREF_AC(secondAnchor);

        PKIX_TEST_RETURN();

        return (procParams);
}

PKIX_ValidateParams *
createValidateParams(
        char *dirName,
        char *firstAnchorFileName,
        char *secondAnchorFileName,
        char *dateAscii,
        PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
        PKIX_Boolean initialPolicyMappingInhibit,
        PKIX_Boolean initialAnyPolicyInhibit,
        PKIX_Boolean initialExplicitPolicy,
        PKIX_Boolean isCrlEnabled,
        PKIX_List *chain,
        void *plContext)
{

        PKIX_ProcessingParams *procParams = NULL;
        PKIX_ValidateParams *valParams = NULL;

        PKIX_TEST_STD_VARS();

        procParams =
                createProcessingParams
                    (dirName,
                    firstAnchorFileName,
                    secondAnchorFileName,
                    dateAscii,
                    NULL,
                    isCrlEnabled,
                    plContext);

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies
                (procParams, initialPolicies, plContext));

        PKIX_TEST_EXPECT_NO_ERROR
                (PKIX_ProcessingParams_SetPolicyMappingInhibited
                (procParams, initialPolicyMappingInhibit, NULL));

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited
                (procParams, initialAnyPolicyInhibit, NULL));

        PKIX_TEST_EXPECT_NO_ERROR
                (PKIX_ProcessingParams_SetExplicitPolicyRequired
                (procParams, initialExplicitPolicy, NULL));

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create
                (procParams, chain, &valParams, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(valParams);
        }

        PKIX_TEST_DECREF_AC(procParams);

        PKIX_TEST_RETURN();

        return (valParams);
}

PKIX_ValidateResult *
createValidateResult(
        char *dirName,
        char *anchorFileName,
        char *pubKeyCertFileName,
        void *plContext)
{

        PKIX_TrustAnchor *anchor = NULL;
        PKIX_ValidateResult *valResult = NULL;
        PKIX_PL_Cert *cert = NULL;
        PKIX_PL_PublicKey *pubKey = NULL;

        PKIX_TEST_STD_VARS();

        anchor = createTrustAnchor
                    (dirName, anchorFileName, PKIX_FALSE, plContext);
        cert = createCert(dirName, pubKeyCertFileName, plContext);

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey
                                    (cert, &pubKey, plContext));

        PKIX_TEST_EXPECT_NO_ERROR
                (pkix_ValidateResult_Create
                (pubKey, anchor, NULL, &valResult, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(valResult);
        }

        PKIX_TEST_DECREF_AC(anchor);
        PKIX_TEST_DECREF_AC(cert);
        PKIX_TEST_DECREF_AC(pubKey);

        PKIX_TEST_RETURN();

        return (valResult);
}

PKIX_PL_GeneralName *
createGeneralName(
        PKIX_UInt32 nameType,
        char *asciiName,
        void *plContext)
{

        PKIX_PL_GeneralName *generalName = NULL;
        PKIX_PL_String *plString = NULL;

        PKIX_TEST_STD_VARS();

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
            (PKIX_ESCASCII, asciiName, 0, &plString, plContext));

        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create
            (nameType, plString, &generalName, plContext));

cleanup:

        PKIX_TEST_DECREF_AC(plString);

        PKIX_TEST_RETURN();

        return (generalName);
}

PKIX_BuildResult *
createBuildResult(
        char *dirName,
        char *anchorFileName,
        char *pubKeyCertFileName,
        char *firstChainCertFileName,
        char *secondChainCertFileName,
        void *plContext)
{
        PKIX_BuildResult *buildResult = NULL;
        PKIX_ValidateResult *valResult = NULL;
        PKIX_List *certChain = NULL;

        PKIX_TEST_STD_VARS();

        valResult = createValidateResult
                (dirName, anchorFileName, pubKeyCertFileName, plContext);
        certChain = createCertChain
                        (dirName,
                        firstChainCertFileName,
                        secondChainCertFileName,
                        plContext);

        PKIX_TEST_EXPECT_NO_ERROR
                (pkix_BuildResult_Create
                (valResult, certChain, &buildResult, plContext));

cleanup:

        if (PKIX_TEST_ERROR_RECEIVED){
                PKIX_TEST_DECREF_AC(buildResult);
        }

        PKIX_TEST_DECREF_AC(valResult);
        PKIX_TEST_DECREF_AC(certChain);

        PKIX_TEST_RETURN();

        return (buildResult);
}
Summary ✨

This C code provides a set of functions for creating and manipulating cryptographic objects, such as trust anchors, certificates, public keys, and general names. It appears to be part of a larger library or framework for building and validating X.509 certificates. The functions create various objects from scratch or build upon existing ones, ultimately producing a BuildResult that represents the validation outcome of a certificate chain.