Google Git
Sign in
nest-open-source / manifest_repos / nss / 4c27b2c95aa58cee220d6d993f969b63a7261e83 / . / nss-3.41 / nss / cmd / libpkix / pkix / top / test_defaultcrlchecker2stores.c
blob: 3ce4513177c9c2a5505aa9b380ea84b620716ad5 [file] [log] [blame]
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* test_defaultcrlchecker2stores.c
*
* Test Default CRL with multiple CertStore Checking
*
*/
#include "testutil.h"
#include "testutil_nss.h"
#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
static void
printUsage1(char *pName)
{
printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
printf("crl-directory cert [certs].\n");
}
static void
printUsageMax(PKIX_UInt32 numCerts)
{
printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
numCerts, PKIX_TEST_MAX_CERTS);
}
static PKIX_Error *
getCertCallback(
PKIX_CertStore *store,
PKIX_CertSelector *certSelector,
PKIX_List **pCerts,
void *plContext)
{
return (NULL);
}
static PKIX_Error *
testDefaultMultipleCertStores(PKIX_ValidateParams *valParams,
char *crlDir1,
char *crlDir2)
{
PKIX_PL_String *dirString1 = NULL;
PKIX_PL_String *dirString2 = NULL;
PKIX_CertStore *certStore1 = NULL;
PKIX_CertStore *certStore2 = NULL;
PKIX_List *certStoreList = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_TEST_STD_VARS();
subTest("PKIX_PL_CollectionCertStore_Create");
/* Create CollectionCertStore */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
crlDir1,
0,
&dirString1,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1,
&certStore1,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
crlDir2,
0,
&dirString2,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2,
&certStore2,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
/* Add multiple CollectionCertStores */
subTest("PKIX_ProcessingParams_SetCertStores");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext));
subTest("PKIX_ProcessingParams_AddCertStore");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext));
subTest("PKIX_ProcessingParams_SetRevocationEnabled");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
cleanup:
PKIX_TEST_DECREF_AC(dirString1);
PKIX_TEST_DECREF_AC(dirString2);
PKIX_TEST_DECREF_AC(certStore1);
PKIX_TEST_DECREF_AC(certStore2);
PKIX_TEST_DECREF_AC(certStoreList);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_RETURN();
return (0);
}
/*
* Validate Certificate Chain with Certificate Revocation List
* Certificate Chain is build based on input certs' sequence.
* CRL is fetched from the directory specified in CollectionCertStore.
* while CollectionCertStore is linked in CertStore Object which then
* linked in ProcessParam. During validation, CRLChecker will invoke
* the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL)
* to get CRL data for revocation check.
* This test gets CRL's from two CertStores, each has a valid CRL
* required for revocation check to pass.
*/
int
test_defaultcrlchecker2stores(int argc, char *argv[])
{
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_VerifyNode *verifyTree = NULL;
PKIX_PL_String *verifyString = NULL;
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_Boolean testValid = PKIX_TRUE;
char *dirName = NULL;
char *anchorName = NULL;
PKIX_TEST_STD_VARS();
if (argc < 6) {
printUsage1(argv[0]);
return (0);
}
startTests("CRL Checker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
chainLength = (argc - j) - 7;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[(7 + j) + i];
certs[i] = NULL;
}
subTest(argv[1 + j]);
subTest("Default-CRL-Checker");
subTest("Default-CRL-Checker - Create Cert Chain");
dirName = argv[3 + j];
chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
subTest("Default-CRL-Checker - Create Params");
anchorName = argv[6 + j];
valParams = createValidateParams(dirName,
anchorName,
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("Multiple-CertStores");
testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]);
subTest("Default-CRL-Checker - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
(void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
cleanup:
PKIX_TEST_DECREF_AC(verifyString);
PKIX_TEST_DECREF_AC(verifyTree);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_TEST_DECREF_AC(chain);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("CRL Checker");
return (0);
}