nss-3.41/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c - manifest_repos/nss - Git at Google

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * test_ekuchecker.c
  *
  * Test Extend Key Usage Checker
  *
  */

 #include "testutil.h"
 #include "testutil_nss.h"

 #define PKIX_TEST_MAX_CERTS 10

 static void *plContext = NULL;

 static void
 printUsage1(char *pName)
 {
     printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
     printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
 }

 static void
 printUsageMax(PKIX_UInt32 numCerts)
 {
     printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
            numCerts, PKIX_TEST_MAX_CERTS);
 }

 static PKIX_Error *
 testCertSelectorMatchCallback(
     PKIX_CertSelector *selector,
     PKIX_PL_Cert *cert,
     PKIX_Boolean *pResult,
     void *plContext)
 {
     *pResult = PKIX_TRUE;

     return (0);
 }

 static PKIX_Error *
 testEkuSetup(
     PKIX_ValidateParams *valParams,
     char *ekuOidString,
     PKIX_Boolean *only4EE)
 {
     PKIX_ProcessingParams *procParams = NULL;
     PKIX_List *ekuList = NULL;
     PKIX_PL_OID *ekuOid = NULL;
     PKIX_ComCertSelParams *selParams = NULL;
     PKIX_CertSelector *certSelector = NULL;
     PKIX_Boolean last_token = PKIX_FALSE;
     PKIX_UInt32 i, tokeni;

     PKIX_TEST_STD_VARS();

     subTest("PKIX_ValidateParams_GetProcessingParams");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));

     /* Get extended key usage OID(s) from command line, separated by ","  */

     if (ekuOidString[0] == '"') {
         /* erase doble quotes, if any */
         i = 1;
         while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
             ekuOidString[i - 1] = ekuOidString[i];
             i++;
         }
         ekuOidString[i - 1] = '\0';
     }

     if (ekuOidString[0] == '\0') {
         ekuList = NULL;
     } else {

         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));

         /* if OID string start with E, only check for last cert */
         if (ekuOidString[0] == 'E') {
             *only4EE = PKIX_TRUE;
             tokeni = 2;
             i = 1;
         } else {
             *only4EE = PKIX_FALSE;
             tokeni = 1;
             i = 0;
         }

         while (last_token != PKIX_TRUE) {
             while (ekuOidString[tokeni] != ',' &&
                    ekuOidString[tokeni] != '\0') {
                 tokeni++;
             }
             if (ekuOidString[tokeni] == '\0') {
                 last_token = PKIX_TRUE;
             } else {
                 ekuOidString[tokeni] = '\0';
                 tokeni++;
             }

             PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));

             PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));

             PKIX_TEST_DECREF_BC(ekuOid);
             i = tokeni;
         }
     }

     /* Set extended key usage link to processing params */

     subTest("PKIX_ComCertSelParams_Create");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));

     subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));

     subTest("PKIX_CertSelector_Create");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
                                                        NULL,
                                                        &certSelector,
                                                        plContext));

     subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));

     subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));

 cleanup:

     PKIX_TEST_DECREF_AC(selParams);
     PKIX_TEST_DECREF_AC(certSelector);
     PKIX_TEST_DECREF_AC(procParams);
     PKIX_TEST_DECREF_AC(ekuOid);
     PKIX_TEST_DECREF_AC(ekuList);

     PKIX_TEST_RETURN();

     return (0);
 }

 static PKIX_Error *
 testEkuChecker(
     PKIX_ValidateParams *valParams,
     PKIX_Boolean only4EE)
 {
     PKIX_ProcessingParams *procParams = NULL;

     PKIX_TEST_STD_VARS();

     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));

     subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
     PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));

     if (only4EE == PKIX_FALSE) {
         subTest("PKIX_PL_EkuChecker_Create");
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
     }

 cleanup:

     PKIX_TEST_DECREF_AC(procParams);

     PKIX_TEST_RETURN();

     return (0);
 }

 int
 test_ekuchecker(int argc, char *argv[])
 {
     PKIX_List *chain = NULL;
     PKIX_ValidateParams *valParams = NULL;
     PKIX_ValidateResult *valResult = NULL;
     PKIX_UInt32 actualMinorVersion;
     char *certNames[PKIX_TEST_MAX_CERTS];
     char *dirName = NULL;
     PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
     PKIX_UInt32 chainLength = 0;
     PKIX_UInt32 i = 0;
     PKIX_UInt32 j = 0;
     PKIX_Boolean testValid = PKIX_FALSE;
     PKIX_Boolean only4EE = PKIX_FALSE;

     PKIX_TEST_STD_VARS();

     if (argc < 5) {
         printUsage1(argv[0]);
         return (0);
     }

     startTests("EKU Checker");

     PKIX_TEST_EXPECT_NO_ERROR(
         PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));

     /* ENE = expect no error; EE = expect error */
     if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
         testValid = PKIX_TRUE;
     } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
         testValid = PKIX_FALSE;
     } else {
         printUsage1(argv[0]);
         return (0);
     }

     dirName = argv[4 + j];

     chainLength = (argc - j) - 6;
     if (chainLength > PKIX_TEST_MAX_CERTS) {
         printUsageMax(chainLength);
     }

     for (i = 0; i < chainLength; i++) {

         certNames[i] = argv[6 + i + j];
         certs[i] = NULL;
     }

     subTest(argv[1 + j]);

     subTest("Extended-Key-Usage-Checker");

     subTest("Extended-Key-Usage-Checker - Create Cert Chain");

     chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);

     subTest("Extended-Key-Usage-Checker - Create Params");

     valParams = createValidateParams(dirName,
                                      argv[5 +
                                           j],
                                      NULL,
                                      NULL,
                                      NULL,
                                      PKIX_FALSE,
                                      PKIX_FALSE,
                                      PKIX_FALSE,
                                      PKIX_FALSE,
                                      chain,
                                      plContext);

     subTest("Default CertStore");

     testEkuSetup(valParams, argv[3 + j], &only4EE);

     testEkuChecker(valParams, only4EE);

     subTest("Extended-Key-Usage-Checker - Validate Chain");

     if (testValid == PKIX_TRUE) {
         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
     } else {
         PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
     }

 cleanup:

     PKIX_TEST_DECREF_AC(chain);
     PKIX_TEST_DECREF_AC(valParams);
     PKIX_TEST_DECREF_AC(valResult);

     PKIX_Shutdown(plContext);

     PKIX_TEST_RETURN();

     endTests("EKU Checker");

     return (0);
 }
	/* This Source Code Form is subject to the terms of the Mozilla Public
	* License, v. 2.0. If a copy of the MPL was not distributed with this
	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
	/*
	* test_ekuchecker.c
	*
	* Test Extend Key Usage Checker
	*
	*/

	#include "testutil.h"
	#include "testutil_nss.h"

	#define PKIX_TEST_MAX_CERTS 10

	static void *plContext = NULL;

	static void
	printUsage1(char *pName)
	{
	printf("\nUSAGE: %s test-purpose [ENE\|EE] ", pName);
	printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
	}

	static void
	printUsageMax(PKIX_UInt32 numCerts)
	{
	printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
	numCerts, PKIX_TEST_MAX_CERTS);
	}

	static PKIX_Error *
	testCertSelectorMatchCallback(
	PKIX_CertSelector *selector,
	PKIX_PL_Cert *cert,
	PKIX_Boolean *pResult,
	void *plContext)
	{
	*pResult = PKIX_TRUE;

	return (0);
	}

	static PKIX_Error *
	testEkuSetup(
	PKIX_ValidateParams *valParams,
	char *ekuOidString,
	PKIX_Boolean *only4EE)
	{
	PKIX_ProcessingParams *procParams = NULL;
	PKIX_List *ekuList = NULL;
	PKIX_PL_OID *ekuOid = NULL;
	PKIX_ComCertSelParams *selParams = NULL;
	PKIX_CertSelector *certSelector = NULL;
	PKIX_Boolean last_token = PKIX_FALSE;
	PKIX_UInt32 i, tokeni;

	PKIX_TEST_STD_VARS();

	subTest("PKIX_ValidateParams_GetProcessingParams");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));

	/* Get extended key usage OID(s) from command line, separated by "," */

	if (ekuOidString[0] == '"') {
	/* erase doble quotes, if any */
	i = 1;
	while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
	ekuOidString[i - 1] = ekuOidString[i];
	i++;
	}
	ekuOidString[i - 1] = '\0';
	}

	if (ekuOidString[0] == '\0') {
	ekuList = NULL;
	} else {

	PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));

	/* if OID string start with E, only check for last cert */
	if (ekuOidString[0] == 'E') {
	*only4EE = PKIX_TRUE;
	tokeni = 2;
	i = 1;
	} else {
	*only4EE = PKIX_FALSE;
	tokeni = 1;
	i = 0;
	}

	while (last_token != PKIX_TRUE) {
	while (ekuOidString[tokeni] != ',' &&
	ekuOidString[tokeni] != '\0') {
	tokeni++;
	}
	if (ekuOidString[tokeni] == '\0') {
	last_token = PKIX_TRUE;
	} else {
	ekuOidString[tokeni] = '\0';
	tokeni++;
	}

	PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));

	PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));

	PKIX_TEST_DECREF_BC(ekuOid);
	i = tokeni;
	}
	}

	/* Set extended key usage link to processing params */

	subTest("PKIX_ComCertSelParams_Create");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));

	subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));

	subTest("PKIX_CertSelector_Create");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
	NULL,
	&certSelector,
	plContext));

	subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));

	subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));

	cleanup:

	PKIX_TEST_DECREF_AC(selParams);
	PKIX_TEST_DECREF_AC(certSelector);
	PKIX_TEST_DECREF_AC(procParams);
	PKIX_TEST_DECREF_AC(ekuOid);
	PKIX_TEST_DECREF_AC(ekuList);

	PKIX_TEST_RETURN();

	return (0);
	}

	static PKIX_Error *
	testEkuChecker(
	PKIX_ValidateParams *valParams,
	PKIX_Boolean only4EE)
	{
	PKIX_ProcessingParams *procParams = NULL;

	PKIX_TEST_STD_VARS();

	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));

	subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));

	if (only4EE == PKIX_FALSE) {
	subTest("PKIX_PL_EkuChecker_Create");
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
	}

	cleanup:

	PKIX_TEST_DECREF_AC(procParams);

	PKIX_TEST_RETURN();

	return (0);
	}

	int
	test_ekuchecker(int argc, char *argv[])
	{
	PKIX_List *chain = NULL;
	PKIX_ValidateParams *valParams = NULL;
	PKIX_ValidateResult *valResult = NULL;
	PKIX_UInt32 actualMinorVersion;
	char *certNames[PKIX_TEST_MAX_CERTS];
	char *dirName = NULL;
	PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
	PKIX_UInt32 chainLength = 0;
	PKIX_UInt32 i = 0;
	PKIX_UInt32 j = 0;
	PKIX_Boolean testValid = PKIX_FALSE;
	PKIX_Boolean only4EE = PKIX_FALSE;

	PKIX_TEST_STD_VARS();

	if (argc < 5) {
	printUsage1(argv[0]);
	return (0);
	}

	startTests("EKU Checker");

	PKIX_TEST_EXPECT_NO_ERROR(
	PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));

	/* ENE = expect no error; EE = expect error */
	if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
	testValid = PKIX_TRUE;
	} else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
	testValid = PKIX_FALSE;
	} else {
	printUsage1(argv[0]);
	return (0);
	}

	dirName = argv[4 + j];

	chainLength = (argc - j) - 6;
	if (chainLength > PKIX_TEST_MAX_CERTS) {
	printUsageMax(chainLength);
	}

	for (i = 0; i < chainLength; i++) {

	certNames[i] = argv[6 + i + j];
	certs[i] = NULL;
	}

	subTest(argv[1 + j]);

	subTest("Extended-Key-Usage-Checker");

	subTest("Extended-Key-Usage-Checker - Create Cert Chain");

	chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);

	subTest("Extended-Key-Usage-Checker - Create Params");

	valParams = createValidateParams(dirName,
	argv[5 +
	j],
	NULL,
	NULL,
	NULL,
	PKIX_FALSE,
	PKIX_FALSE,
	PKIX_FALSE,
	PKIX_FALSE,
	chain,
	plContext);

	subTest("Default CertStore");

	testEkuSetup(valParams, argv[3 + j], &only4EE);

	testEkuChecker(valParams, only4EE);

	subTest("Extended-Key-Usage-Checker - Validate Chain");

	if (testValid == PKIX_TRUE) {
	PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
	} else {
	PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
	}

	cleanup:

	PKIX_TEST_DECREF_AC(chain);
	PKIX_TEST_DECREF_AC(valParams);
	PKIX_TEST_DECREF_AC(valResult);

	PKIX_Shutdown(plContext);

	PKIX_TEST_RETURN();

	endTests("EKU Checker");

	return (0);
	}