| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * test_cert.c |
| * |
| * Test Cert Type |
| * |
| */ |
| |
| #include "testutil.h" |
| #include "testutil_nss.h" |
| |
| static PKIX_PL_Cert *altNameNoneCert = NULL; |
| static PKIX_PL_Cert *altNameOtherCert = NULL; |
| static PKIX_PL_Cert *altNameOtherCert_diff = NULL; |
| static PKIX_PL_Cert *altNameRfc822Cert = NULL; |
| static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL; |
| static PKIX_PL_Cert *altNameDnsCert = NULL; |
| static PKIX_PL_Cert *altNameDnsCert_diff = NULL; |
| static PKIX_PL_Cert *altNameX400Cert = NULL; |
| static PKIX_PL_Cert *altNameX400Cert_diff = NULL; |
| static PKIX_PL_Cert *altNameDnCert = NULL; |
| static PKIX_PL_Cert *altNameDnCert_diff = NULL; |
| static PKIX_PL_Cert *altNameEdiCert = NULL; |
| static PKIX_PL_Cert *altNameEdiCert_diff = NULL; |
| static PKIX_PL_Cert *altNameUriCert = NULL; |
| static PKIX_PL_Cert *altNameUriCert_diff = NULL; |
| static PKIX_PL_Cert *altNameIpCert = NULL; |
| static PKIX_PL_Cert *altNameIpCert_diff = NULL; |
| static PKIX_PL_Cert *altNameOidCert = NULL; |
| static PKIX_PL_Cert *altNameOidCert_diff = NULL; |
| static PKIX_PL_Cert *altNameMultipleCert = NULL; |
| |
| static void *plContext = NULL; |
| |
| static void |
| createCerts( |
| char *dataCentralDir, |
| char *goodInput, |
| char *diffInput, |
| PKIX_PL_Cert **goodObject, |
| PKIX_PL_Cert **equalObject, |
| PKIX_PL_Cert **diffObject) |
| { |
| subTest("PKIX_PL_Cert_Create <goodObject>"); |
| *goodObject = createCert(dataCentralDir, goodInput, plContext); |
| |
| subTest("PKIX_PL_Cert_Create <equalObject>"); |
| *equalObject = createCert(dataCentralDir, goodInput, plContext); |
| |
| subTest("PKIX_PL_Cert_Create <diffObject>"); |
| *diffObject = createCert(dataCentralDir, diffInput, plContext); |
| } |
| |
| static void |
| createCertsWithSubjectAltNames(char *dataCentralDir) |
| { |
| subTest("PKIX_PL_Cert_Create <altNameDNS>"); |
| altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameDNS_diff>"); |
| altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameRFC822>"); |
| altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>"); |
| altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameX400Cert>"); |
| altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameX400_diff>"); |
| altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameDN>"); |
| altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameDN_diff>"); |
| altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameEdiCert>"); |
| altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameEdi_diff>"); |
| altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameURI>"); |
| altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameURI_diff>"); |
| altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameIP>"); |
| altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameIP_diff>"); |
| altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameOID>"); |
| altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameOID_diff>"); |
| altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameOther>"); |
| altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameOther_diff>"); |
| altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameNone>"); |
| altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <altNameMultiple>"); |
| altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext); |
| } |
| |
| static void |
| testGetVersion( |
| PKIX_PL_Cert *goodObject) |
| { |
| PKIX_UInt32 goodVersion; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetVersion"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext)); |
| |
| if (goodVersion != 2) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", goodVersion); |
| (void)printf("Expected value:\t2\n"); |
| goto cleanup; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetSerialNumber( |
| PKIX_PL_Cert *goodObject, |
| PKIX_PL_Cert *equalObject, |
| PKIX_PL_Cert *diffObject) |
| { |
| PKIX_PL_BigInt *goodSN = NULL; |
| PKIX_PL_BigInt *equalSN = NULL; |
| PKIX_PL_BigInt *diffSN = NULL; |
| char *expectedAscii = "37bc66ec"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetSerialNumber"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodSN); |
| PKIX_TEST_DECREF_AC(equalSN); |
| PKIX_TEST_DECREF_AC(diffSN); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetSubject( |
| PKIX_PL_Cert *goodObject, |
| PKIX_PL_Cert *equalObject, |
| PKIX_PL_Cert *diffObject) |
| { |
| PKIX_PL_X500Name *goodSubject = NULL; |
| PKIX_PL_X500Name *equalSubject = NULL; |
| PKIX_PL_X500Name *diffSubject = NULL; |
| char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetSubject"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext)); |
| |
| if (!goodSubject) { |
| testError("Certificate Subject should not be NULL"); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext)); |
| |
| if (!equalSubject) { |
| testError("Certificate Subject should not be NULL"); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext)); |
| |
| if (!diffSubject) { |
| testError("Certificate Subject should not be NULL"); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject, |
| equalSubject, |
| diffSubject, |
| expectedAscii, |
| X500Name, |
| PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodSubject); |
| PKIX_TEST_DECREF_AC(equalSubject); |
| PKIX_TEST_DECREF_AC(diffSubject); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetIssuer( |
| PKIX_PL_Cert *goodObject, |
| PKIX_PL_Cert *equalObject, |
| PKIX_PL_Cert *diffObject) |
| { |
| PKIX_PL_X500Name *goodIssuer = NULL; |
| PKIX_PL_X500Name *equalIssuer = NULL; |
| PKIX_PL_X500Name *diffIssuer = NULL; |
| char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetIssuer"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer, |
| equalIssuer, |
| diffIssuer, |
| expectedAscii, |
| X500Name, |
| PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodIssuer); |
| PKIX_TEST_DECREF_AC(equalIssuer); |
| PKIX_TEST_DECREF_AC(diffIssuer); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testAltNames( |
| PKIX_PL_Cert *goodCert, |
| PKIX_PL_Cert *diffCert, |
| char *expectedAscii) |
| { |
| PKIX_List *goodAltNames = NULL; |
| PKIX_List *diffAltNames = NULL; |
| PKIX_PL_GeneralName *goodAltName = NULL; |
| PKIX_PL_GeneralName *diffAltName = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames, |
| 0, |
| (PKIX_PL_Object **)&goodAltName, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames, |
| 0, |
| (PKIX_PL_Object **)&diffAltName, |
| plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName, |
| expectedAscii, GeneralName, PKIX_TRUE); |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(goodAltNames); |
| PKIX_TEST_DECREF_AC(goodAltName); |
| PKIX_TEST_DECREF_AC(diffAltNames); |
| PKIX_TEST_DECREF_AC(diffAltName); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testAltNamesNone(PKIX_PL_Cert *cert) |
| { |
| |
| PKIX_List *altNames = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext)); |
| |
| if (altNames != NULL) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%p\n", (void *)altNames); |
| (void)printf("Expected value:\tNULL\n"); |
| goto cleanup; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(altNames); |
| PKIX_TEST_RETURN(); |
| } |
| static void |
| testAltNamesMultiple() |
| { |
| PKIX_List *altNames = NULL; |
| PKIX_PL_GeneralName *firstAltName = NULL; |
| PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME; |
| PKIX_PL_GeneralName *secondAltName = NULL; |
| PKIX_Int32 secondExpectedType = PKIX_DNS_NAME; |
| |
| char *expectedAscii = |
| "[\n" |
| "\tVersion: v3\n" |
| "\tSerialNumber: 2d\n" |
| "\tIssuer: OU=labs,O=sun,C=us\n" |
| "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n" |
| "\tValidity: [From: Mon Feb 09, 2004\n" |
| /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */ |
| "\t To: Mon Feb 09, 2004]\n" |
| /* "\t To: Mon Feb 09 14:43:52 2004]\n" */ |
| "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n" |
| "\tAuthorityKeyId: (null)\n" |
| "\tSubjectKeyId: (null)\n" |
| "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" |
| "\tCritExtOIDs: (EMPTY)\n" |
| "\tExtKeyUsages: (null)\n" |
| "\tBasicConstraint: (null)\n" |
| "\tCertPolicyInfo: (null)\n" |
| "\tPolicyMappings: (null)\n" |
| "\tExplicitPolicy: -1\n" |
| "\tInhibitMapping: -1\n" |
| "\tInhibitAnyPolicy:-1\n" |
| "\tNameConstraints: (null)\n" |
| "\tAuthorityInfoAccess: (null)\n" |
| "\tSubjectInfoAccess: (null)\n" |
| "\tCacheFlag: 0\n" |
| "]\n"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| testToStringHelper((PKIX_PL_Object *)altNameMultipleCert, |
| expectedAscii, |
| plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext)); |
| |
| if (firstAltName->type != firstExpectedType) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", firstAltName->type); |
| (void)printf("Expected value:\t%d\n", firstExpectedType); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext)); |
| |
| if (secondAltName->type != secondExpectedType) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", secondAltName->type); |
| (void)printf("Expected value:\t%d\n", secondExpectedType); |
| goto cleanup; |
| } |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(altNames); |
| PKIX_TEST_DECREF_AC(firstAltName); |
| PKIX_TEST_DECREF_AC(secondAltName); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetSubjectAltNames(char *dataCentralDir) |
| { |
| |
| char *expectedAscii = NULL; |
| |
| createCertsWithSubjectAltNames(dataCentralDir); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>"); |
| expectedAscii = "east.sun.com"; |
| testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>"); |
| expectedAscii = "alice.barnes@bcn.east.sun.com"; |
| testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii); |
| |
| /* |
| *this should work once bugzilla bug #233586 is fixed. |
| *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>"); |
| *expectedAscii = "X400Address: <DER-encoded value>"; |
| *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii); |
| */ |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>"); |
| expectedAscii = "CN=elley,OU=labs,O=sun,C=us"; |
| testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii); |
| |
| /* |
| * this should work once bugzilla bug #233586 is fixed. |
| * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>"); |
| * expectedAscii = "EDIPartyName: <DER-encoded value>"; |
| * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii); |
| */ |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>"); |
| expectedAscii = "http://www.sun.com"; |
| testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>"); |
| expectedAscii = "1.2.3.4"; |
| testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>"); |
| expectedAscii = "1.2.39"; |
| testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>"); |
| expectedAscii = "1.7.26.97"; |
| testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <none>"); |
| testAltNamesNone(altNameNoneCert); |
| |
| subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>"); |
| testAltNamesMultiple(); |
| } |
| |
| static void |
| testGetSubjectPublicKey( |
| PKIX_PL_Cert *goodObject, |
| PKIX_PL_Cert *equalObject, |
| PKIX_PL_Cert *diffObject) |
| { |
| PKIX_PL_PublicKey *goodPubKey = NULL; |
| PKIX_PL_PublicKey *equalPubKey = NULL; |
| PKIX_PL_PublicKey *diffPubKey = NULL; |
| char *expectedAscii = "ANSI X9.57 DSA Signature"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey, |
| expectedAscii, PublicKey, PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodPubKey); |
| PKIX_TEST_DECREF_AC(equalPubKey); |
| PKIX_TEST_DECREF_AC(diffPubKey); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject) |
| { |
| PKIX_PL_OID *pkixPubKeyOID = NULL; |
| char *expectedAscii = "1.2.840.10040.4.1"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(pkixPubKeyOID); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCritExtensionsPresent(PKIX_PL_Cert *cert) |
| { |
| PKIX_List *critOIDList = NULL; |
| char *firstOIDAscii = "2.5.29.15"; |
| PKIX_PL_OID *firstOID = NULL; |
| char *secondOIDAscii = "2.5.29.19"; |
| PKIX_PL_OID *secondOID = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext)); |
| testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(critOIDList); |
| PKIX_TEST_DECREF_AC(firstOID); |
| PKIX_TEST_DECREF_AC(secondOID); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCritExtensionsAbsent(PKIX_PL_Cert *cert) |
| { |
| PKIX_List *oidList = NULL; |
| PKIX_Boolean empty; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); |
| |
| if (!empty) { |
| pkixTestErrorMsg = "unexpected mismatch"; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(oidList); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testAllExtensionsAbsent(char *dataCentralDir) |
| { |
| PKIX_List *oidList = NULL; |
| PKIX_PL_Cert *cert = NULL; |
| PKIX_Boolean empty; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <noExtensionsCert>"); |
| cert = createCert(dataCentralDir, "noExtensionsCert", plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); |
| |
| if (!empty) { |
| pkixTestErrorMsg = "unexpected mismatch"; |
| } |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(oidList); |
| PKIX_TEST_DECREF_AC(cert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject) |
| { |
| subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " |
| "<CritExtensionsPresent>"); |
| testCritExtensionsPresent(goodObject); |
| |
| subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " |
| "<CritExtensionsAbsent>"); |
| testCritExtensionsAbsent(altNameOidCert); |
| |
| subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " |
| "<AllExtensionsAbsent>"); |
| testAllExtensionsAbsent(dataCentralDir); |
| } |
| |
| static void |
| testKeyIdentifiersMatching(char *dataCentralDir) |
| { |
| PKIX_PL_Cert *subjKeyIDCert = NULL; |
| PKIX_PL_Cert *authKeyIDCert = NULL; |
| PKIX_PL_ByteArray *subjKeyID = NULL; |
| PKIX_PL_ByteArray *authKeyID = NULL; |
| PKIX_PL_ByteArray *subjKeyID_diff = NULL; |
| |
| char *expectedAscii = |
| "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225," |
| " 139, 009, 126, 127, 234, 025, 072, 078, 097]"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <subjKeyIDCert>"); |
| subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <authKeyIDCert>"); |
| authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext); |
| |
| subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext)); |
| |
| subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext)); |
| |
| subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID, |
| authKeyID, |
| subjKeyID_diff, |
| expectedAscii, |
| ByteArray, |
| PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(subjKeyIDCert); |
| PKIX_TEST_DECREF_AC(authKeyIDCert); |
| PKIX_TEST_DECREF_AC(subjKeyID); |
| PKIX_TEST_DECREF_AC(authKeyID); |
| PKIX_TEST_DECREF_AC(subjKeyID_diff); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testKeyIdentifierAbsent(PKIX_PL_Cert *cert) |
| { |
| PKIX_PL_ByteArray *subjKeyID = NULL; |
| PKIX_PL_ByteArray *authKeyID = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext)); |
| |
| if (subjKeyID != NULL) { |
| pkixTestErrorMsg = "unexpected mismatch"; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext)); |
| |
| if (authKeyID != NULL) { |
| pkixTestErrorMsg = "unexpected mismatch"; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(subjKeyID); |
| PKIX_TEST_DECREF_AC(authKeyID); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject) |
| { |
| testKeyIdentifiersMatching(dataCentralDir); |
| testKeyIdentifierAbsent(goodObject); |
| } |
| |
| static void |
| testVerifyKeyUsage( |
| char *dataCentralDir, |
| char *dataDir, |
| PKIX_PL_Cert *multiKeyUsagesCert) |
| { |
| PKIX_PL_Cert *encipherOnlyCert = NULL; |
| PKIX_PL_Cert *decipherOnlyCert = NULL; |
| PKIX_PL_Cert *noKeyUsagesCert = NULL; |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <encipherOnlyCert>"); |
| encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <decipherOnlyCert>"); |
| decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>"); |
| noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext); |
| |
| subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, |
| PKIX_KEY_CERT_SIGN | |
| PKIX_DIGITAL_SIGNATURE, |
| plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext)); |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(encipherOnlyCert); |
| PKIX_TEST_DECREF_AC(decipherOnlyCert); |
| PKIX_TEST_DECREF_AC(noKeyUsagesCert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetExtendedKeyUsage(char *dataCentralDir) |
| { |
| |
| PKIX_PL_Cert *codeSigningEKUCert = NULL; |
| PKIX_PL_Cert *multiEKUCert = NULL; |
| PKIX_PL_Cert *noEKUCert = NULL; |
| PKIX_List *firstExtKeyUsage = NULL; |
| PKIX_List *secondExtKeyUsage = NULL; |
| PKIX_List *thirdExtKeyUsage = NULL; |
| PKIX_PL_OID *firstOID = NULL; |
| char *oidAscii = "1.3.6.1.5.5.7.3.3"; |
| PKIX_PL_OID *secondOID = NULL; |
| char *secondOIDAscii = "1.3.6.1.5.5.7.3.1"; |
| PKIX_PL_OID *thirdOID = NULL; |
| char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2"; |
| PKIX_PL_OID *fourthOID = NULL; |
| PKIX_UInt32 length = 0; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>"); |
| codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <multiEKUCert>"); |
| multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <noEKUCert>"); |
| noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext); |
| |
| subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext)); |
| testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext); |
| |
| subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext)); |
| |
| if (length != 3) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", length); |
| (void)printf("Expected value:\t3\n"); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, |
| 0, |
| (PKIX_PL_Object **)&secondOID, |
| plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, |
| 1, |
| (PKIX_PL_Object **)&thirdOID, |
| plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, |
| 2, |
| (PKIX_PL_Object **)&fourthOID, |
| plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext); |
| |
| subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext)); |
| |
| if (thirdExtKeyUsage != NULL) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage); |
| (void)printf("Expected value:\tNULL\n"); |
| goto cleanup; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(firstOID); |
| PKIX_TEST_DECREF_AC(secondOID); |
| PKIX_TEST_DECREF_AC(thirdOID); |
| PKIX_TEST_DECREF_AC(fourthOID); |
| |
| PKIX_TEST_DECREF_AC(firstExtKeyUsage); |
| PKIX_TEST_DECREF_AC(secondExtKeyUsage); |
| PKIX_TEST_DECREF_AC(thirdExtKeyUsage); |
| |
| PKIX_TEST_DECREF_AC(codeSigningEKUCert); |
| PKIX_TEST_DECREF_AC(multiEKUCert); |
| PKIX_TEST_DECREF_AC(noEKUCert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testMakeInheritedDSAPublicKey(char *dataCentralDir) |
| { |
| PKIX_PL_PublicKey *firstKey = NULL; |
| PKIX_PL_PublicKey *secondKey = NULL; |
| PKIX_PL_PublicKey *resultKeyPositive = NULL; |
| PKIX_PL_PublicKey *resultKeyNegative = NULL; |
| PKIX_PL_Cert *firstCert = NULL; |
| PKIX_PL_Cert *secondCert = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <dsaWithoutParams>"); |
| firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <dsaWithParams>"); |
| secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext)); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext)); |
| |
| subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext)); |
| |
| if (resultKeyPositive == NULL) { |
| testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed"); |
| } |
| |
| subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext)); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(firstCert); |
| PKIX_TEST_DECREF_AC(secondCert); |
| |
| PKIX_TEST_DECREF_AC(firstKey); |
| PKIX_TEST_DECREF_AC(secondKey); |
| PKIX_TEST_DECREF_AC(resultKeyPositive); |
| PKIX_TEST_DECREF_AC(resultKeyNegative); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testVerifySignature(char *dataCentralDir) |
| { |
| PKIX_PL_Cert *firstCert = NULL; |
| PKIX_PL_Cert *secondCert = NULL; |
| PKIX_PL_PublicKey *firstPubKey = NULL; |
| PKIX_PL_PublicKey *secondPubKey = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <labs2yassir>"); |
| firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <yassir2labs>"); |
| secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext)); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifySignature <positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext)); |
| |
| subTest("PKIX_PL_Cert_VerifySignature <negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext)); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(firstCert); |
| PKIX_TEST_DECREF_AC(secondCert); |
| PKIX_TEST_DECREF_AC(firstPubKey); |
| PKIX_TEST_DECREF_AC(secondPubKey); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCheckValidity( |
| PKIX_PL_Cert *olderCert, |
| PKIX_PL_Cert *newerCert) |
| { |
| /* |
| * olderCert has the following Validity: |
| * notBefore = August 19, 1999: 20:19:56 GMT |
| * notAfter = August 18, 2000: 20:19:56 GMT |
| * |
| * newerCert has the following Validity: |
| * notBefore = November 13, 2003: 16:46:03 GMT |
| * notAfter = February 13, 2009: 16:46:03 GMT |
| */ |
| |
| /* olderDateAscii = March 29, 2000: 13:48:47 GMT */ |
| char *olderAscii = "000329134847Z"; |
| PKIX_PL_String *olderString = NULL; |
| PKIX_PL_Date *olderDate = NULL; |
| |
| /* newerDateAscii = March 29, 2004: 13:48:47 GMT */ |
| char *newerAscii = "040329134847Z"; |
| PKIX_PL_String *newerString = NULL; |
| PKIX_PL_Date *newerDate = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_CheckValidity <creating Dates>"); |
| |
| /* create newer date when newer cert is valid but older cert is not */ |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext)); |
| |
| /* create older date when older cert is valid but newer cert is not */ |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext)); |
| |
| /* check validity of both certificates using olderDate */ |
| subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext)); |
| |
| subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext)); |
| |
| /* check validity of both certificates using newerDate */ |
| subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext)); |
| |
| subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext)); |
| |
| /* |
| * check validity of both certificates using current time |
| * NOTE: these "now" tests will not work when the current |
| * time is after newerCert.notAfter (~ February 13, 2009) |
| */ |
| subTest("PKIX_PL_Cert_CheckValidity <now:positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext)); |
| |
| subTest("PKIX_PL_Cert_CheckValidity <now:negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext)); |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(olderString); |
| PKIX_TEST_DECREF_AC(newerString); |
| PKIX_TEST_DECREF_AC(olderDate); |
| PKIX_TEST_DECREF_AC(newerDate); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| readCertBasicConstraints( |
| char *dataDir, |
| char *goodCertName, |
| char *diffCertName, |
| PKIX_PL_CertBasicConstraints **goodBasicConstraints, |
| PKIX_PL_CertBasicConstraints **equalBasicConstraints, |
| PKIX_PL_CertBasicConstraints **diffBasicConstraints) |
| { |
| |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| createCerts(dataDir, goodCertName, diffCertName, |
| &goodCert, &equalCert, &diffCert); |
| /* |
| * Warning: pointer will be NULL if BasicConstraints |
| * extension is not present in the certificate. */ |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext)); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(diffCert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testBasicConstraintsHelper( |
| char *dataDir, |
| char *goodCertName, |
| char *diffCertName, |
| char *expectedAscii) |
| { |
| PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| readCertBasicConstraints(dataDir, |
| goodCertName, |
| diffCertName, |
| &goodBasicConstraints, |
| &equalBasicConstraints, |
| &diffBasicConstraints); |
| |
| /* |
| * The standard test macro is applicable only |
| * if BasicConstraint extension is present |
| * in the certificate. Otherwise some |
| * pointers will be null. |
| */ |
| if ((goodBasicConstraints) && |
| (equalBasicConstraints) && |
| (diffBasicConstraints)) { |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints, |
| equalBasicConstraints, |
| diffBasicConstraints, |
| expectedAscii, |
| BasicConstraints, |
| PKIX_TRUE); |
| } else { |
| /* Test what we can */ |
| if (goodBasicConstraints) { |
| if (!equalBasicConstraints) { |
| testError("Unexpected NULL value of equalBasicConstraints"); |
| goto cleanup; |
| } |
| subTest("PKIX_PL_BasicConstraints_Equals <match>"); |
| testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), |
| (PKIX_PL_Object *)(equalBasicConstraints), |
| PKIX_TRUE, |
| plContext); |
| subTest("PKIX_PL_BasicConstraints_Hashcode <match>"); |
| testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), |
| (PKIX_PL_Object *)(equalBasicConstraints), |
| PKIX_TRUE, |
| plContext); |
| if (diffBasicConstraints) { |
| subTest("PKIX_PL_BasicConstraints_Equals <non-match>"); |
| testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), |
| (PKIX_PL_Object *)(diffBasicConstraints), |
| PKIX_FALSE, |
| plContext); |
| subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>"); |
| testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), |
| (PKIX_PL_Object *)(diffBasicConstraints), |
| PKIX_FALSE, |
| plContext); |
| } |
| subTest("PKIX_PL_BasicConstraints_Duplicate"); |
| testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext); |
| } |
| if (expectedAscii) { |
| subTest("PKIX_PL_BasicConstraints_ToString"); |
| testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints), |
| expectedAscii, |
| plContext); |
| } |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodBasicConstraints); |
| PKIX_TEST_DECREF_AC(equalBasicConstraints); |
| PKIX_TEST_DECREF_AC(diffBasicConstraints); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testBasicConstraints_GetCAFlag(char *dataCentralDir) |
| { |
| /* |
| * XXX When we have a certificate with a non-null Basic |
| * Constraints field and a value of FALSE for CAFlag, |
| * this test should be modified to use that |
| * certificate for diffCertName, and to verify that |
| * GetCAFlag returns a FALSE value. But our certificates for |
| * non-CAs are created with no BasicConstraints extension. |
| */ |
| PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; |
| char *goodCertName = "yassir2yassir"; |
| char *diffCertName = "nss2alice"; |
| PKIX_Boolean goodCAFlag = PKIX_FALSE; |
| PKIX_Boolean diffCAFlag = PKIX_FALSE; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_BasicConstraints_GetCAFlag"); |
| |
| readCertBasicConstraints(dataCentralDir, |
| goodCertName, |
| diffCertName, |
| &goodBasicConstraints, |
| &equalBasicConstraints, |
| &diffBasicConstraints); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext)); |
| if (!goodCAFlag) { |
| testError("BasicConstraint CAFlag unexpectedly FALSE"); |
| goto cleanup; |
| } |
| |
| if (diffBasicConstraints) { |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext)); |
| if (diffCAFlag) { |
| testError("BasicConstraint CAFlag unexpectedly TRUE"); |
| goto cleanup; |
| } |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodBasicConstraints); |
| PKIX_TEST_DECREF_AC(equalBasicConstraints); |
| PKIX_TEST_DECREF_AC(diffBasicConstraints); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testBasicConstraints_GetPathLenConstraint(char *dataCentralDir) |
| { |
| PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; |
| PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; |
| char *goodCertName = "yassir2yassir"; |
| char *diffCertName = "sun2sun"; |
| PKIX_Int32 goodPathLen = 0; |
| PKIX_Int32 diffPathLen = 0; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint"); |
| |
| readCertBasicConstraints(dataCentralDir, |
| goodCertName, |
| diffCertName, |
| &goodBasicConstraints, |
| &equalBasicConstraints, |
| &diffBasicConstraints); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext)); |
| if (0 != goodPathLen) { |
| testError("unexpected basicConstraint pathLen"); |
| (void)printf("Actual value:\t%d\n", goodPathLen); |
| (void)printf("Expected value:\t0\n"); |
| goto cleanup; |
| } |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext)); |
| if (1 != diffPathLen) { |
| testError("unexpected basicConstraint pathLen"); |
| (void)printf("Actual value:\t%d\n", diffPathLen); |
| (void)printf("Expected value:\t1\n"); |
| goto cleanup; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodBasicConstraints); |
| PKIX_TEST_DECREF_AC(equalBasicConstraints); |
| PKIX_TEST_DECREF_AC(diffBasicConstraints); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetBasicConstraints(char *dataCentralDir) |
| { |
| char *goodCertName = NULL; |
| char *diffCertName = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>"); |
| goodCertName = "yassir2yassir"; |
| diffCertName = "nss2alice"; |
| testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); |
| |
| subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>"); |
| goodCertName = "nss2alice"; |
| diffCertName = "sun2sun"; |
| testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL); |
| |
| subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>"); |
| goodCertName = "yassir2bcn"; |
| diffCertName = "sun2sun"; |
| testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); |
| |
| subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>"); |
| goodCertName = "anchor2dsa"; |
| diffCertName = "sun2sun"; |
| testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)"); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetPolicyInformation(char *dataDir) |
| { |
| |
| char *goodCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *equalCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *diffCertName = |
| "UserNoticeQualifierTest17EE.crt"; |
| PKIX_Boolean isImmutable = PKIX_FALSE; |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| PKIX_List *goodPolicyInfo = NULL; |
| PKIX_List *equalPolicyInfo = NULL; |
| PKIX_List *diffPolicyInfo = NULL; |
| PKIX_PL_CertPolicyInfo *goodPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *equalPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *diffPolicy = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_Cert_GetPolicyInformation"); |
| |
| /* |
| * Get the cert, then the list of policyInfos. |
| * Take the first policyInfo from the list. |
| */ |
| |
| /* Get the PolicyInfo objects */ |
| goodCert = createCert(dataDir, goodCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); |
| |
| equalCert = createCert(dataDir, equalCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, |
| 0, |
| (PKIX_PL_Object **)&equalPolicy, |
| plContext)); |
| |
| diffCert = createCert(dataDir, diffCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, |
| equalPolicy, |
| diffPolicy, |
| NULL, |
| CertPolicyInfo, |
| PKIX_FALSE); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext)); |
| |
| if (isImmutable != PKIX_TRUE) { |
| testError("PolicyInfo List is not immutable"); |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodPolicy); |
| PKIX_TEST_DECREF_AC(equalPolicy); |
| PKIX_TEST_DECREF_AC(diffPolicy); |
| PKIX_TEST_DECREF_AC(goodPolicyInfo); |
| PKIX_TEST_DECREF_AC(equalPolicyInfo); |
| PKIX_TEST_DECREF_AC(diffPolicyInfo); |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(diffCert); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCertPolicy_GetPolicyId(char *dataDir) |
| { |
| char *goodCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *equalCertName = |
| "UserNoticeQualifierTest16EE.crt"; |
| char *diffCertName = |
| "UserNoticeQualifierTest17EE.crt"; |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| PKIX_List *goodPolicyInfo = NULL; |
| PKIX_List *equalPolicyInfo = NULL; |
| PKIX_List *diffPolicyInfo = NULL; |
| PKIX_PL_CertPolicyInfo *goodPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *equalPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *diffPolicy = NULL; |
| PKIX_PL_OID *goodID = NULL; |
| PKIX_PL_OID *equalID = NULL; |
| PKIX_PL_OID *diffID = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_CertPolicyInfo_GetPolicyId"); |
| |
| /* |
| * Get the cert, then the list of policyInfos. |
| * Take the first policyInfo from the list. |
| * Finally, get the policyInfo's ID. |
| */ |
| |
| /* Get the PolicyInfo objects */ |
| goodCert = createCert(dataDir, goodCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext)); |
| |
| equalCert = createCert(dataDir, equalCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, |
| 0, |
| (PKIX_PL_Object **)&equalPolicy, |
| plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext)); |
| |
| diffCert = createCert(dataDir, diffCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodID); |
| PKIX_TEST_DECREF_AC(equalID); |
| PKIX_TEST_DECREF_AC(diffID); |
| PKIX_TEST_DECREF_AC(goodPolicy); |
| PKIX_TEST_DECREF_AC(equalPolicy); |
| PKIX_TEST_DECREF_AC(diffPolicy); |
| PKIX_TEST_DECREF_AC(goodPolicyInfo); |
| PKIX_TEST_DECREF_AC(equalPolicyInfo); |
| PKIX_TEST_DECREF_AC(diffPolicyInfo); |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(diffCert); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCertPolicy_GetPolQualifiers(char *dataDir) |
| { |
| char *goodCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *equalCertName = |
| "UserNoticeQualifierTest16EE.crt"; |
| char *diffCertName = |
| "UserNoticeQualifierTest18EE.crt"; |
| PKIX_Boolean isImmutable = PKIX_FALSE; |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| PKIX_List *goodPolicyInfo = NULL; |
| PKIX_List *equalPolicyInfo = NULL; |
| PKIX_List *diffPolicyInfo = NULL; |
| PKIX_PL_CertPolicyInfo *goodPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *equalPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *diffPolicy = NULL; |
| PKIX_List *goodQuals = NULL; |
| PKIX_List *equalQuals = NULL; |
| PKIX_List *diffQuals = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers"); |
| |
| /* |
| * Get the cert, then the list of policyInfos. |
| * Take the first policyInfo from the list. |
| * Get its list of PolicyQualifiers. |
| */ |
| |
| /* Get the PolicyInfo objects */ |
| goodCert = createCert(dataDir, goodCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); |
| |
| equalCert = createCert(dataDir, equalCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, |
| 0, |
| (PKIX_PL_Object **)&equalPolicy, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); |
| |
| diffCert = createCert(dataDir, diffCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals, |
| equalQuals, |
| diffQuals, |
| NULL, |
| List, |
| PKIX_FALSE); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext)); |
| |
| if (isImmutable != PKIX_TRUE) { |
| testError("PolicyQualifier List is not immutable"); |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(goodPolicyInfo); |
| PKIX_TEST_DECREF_AC(goodPolicy); |
| PKIX_TEST_DECREF_AC(goodQuals); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(equalPolicyInfo); |
| PKIX_TEST_DECREF_AC(equalQuals); |
| PKIX_TEST_DECREF_AC(equalPolicy); |
| PKIX_TEST_DECREF_AC(diffCert); |
| PKIX_TEST_DECREF_AC(diffPolicyInfo); |
| PKIX_TEST_DECREF_AC(diffPolicy); |
| PKIX_TEST_DECREF_AC(diffQuals); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testPolicyQualifier_GetQualifier(char *dataDir) |
| { |
| char *goodCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *equalCertName = |
| "UserNoticeQualifierTest16EE.crt"; |
| char *diffCertName = |
| "UserNoticeQualifierTest18EE.crt"; |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| PKIX_List *goodPolicyInfo = NULL; |
| PKIX_List *equalPolicyInfo = NULL; |
| PKIX_List *diffPolicyInfo = NULL; |
| PKIX_PL_CertPolicyInfo *goodPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *equalPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *diffPolicy = NULL; |
| PKIX_List *goodQuals = NULL; |
| PKIX_List *equalQuals = NULL; |
| PKIX_List *diffQuals = NULL; |
| PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; |
| PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; |
| PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; |
| PKIX_PL_ByteArray *goodArray = NULL; |
| PKIX_PL_ByteArray *equalArray = NULL; |
| PKIX_PL_ByteArray *diffArray = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_PolicyQualifier_GetQualifier"); |
| |
| /* |
| * Get the cert, then the list of policyInfos. |
| * Take the first policyInfo from the list. |
| * Get its list of PolicyQualifiers. |
| * Take the first policyQualifier from the list. |
| * Finally, get the policyQualifier's ByteArray. |
| */ |
| |
| /* Get the PolicyInfo objects */ |
| goodCert = createCert(dataDir, goodCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, |
| 0, |
| (PKIX_PL_Object **)&goodPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext)); |
| |
| equalCert = createCert(dataDir, equalCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, |
| 0, |
| (PKIX_PL_Object **)&equalPolicy, |
| plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, |
| 0, |
| (PKIX_PL_Object **)&equalPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext)); |
| |
| diffCert = createCert(dataDir, diffCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, |
| 0, |
| (PKIX_PL_Object **)&diffPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodArray); |
| PKIX_TEST_DECREF_AC(equalArray); |
| PKIX_TEST_DECREF_AC(diffArray); |
| PKIX_TEST_DECREF_AC(goodPolQualifier); |
| PKIX_TEST_DECREF_AC(equalPolQualifier); |
| PKIX_TEST_DECREF_AC(diffPolQualifier); |
| PKIX_TEST_DECREF_AC(goodQuals); |
| PKIX_TEST_DECREF_AC(equalQuals); |
| PKIX_TEST_DECREF_AC(diffQuals); |
| PKIX_TEST_DECREF_AC(goodPolicy); |
| PKIX_TEST_DECREF_AC(equalPolicy); |
| PKIX_TEST_DECREF_AC(diffPolicy); |
| PKIX_TEST_DECREF_AC(goodPolicyInfo); |
| PKIX_TEST_DECREF_AC(equalPolicyInfo); |
| PKIX_TEST_DECREF_AC(diffPolicyInfo); |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(diffCert); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testPolicyQualifier_GetPolicyQualifierId(char *dataDir) |
| { |
| char *goodCertName = |
| "UserNoticeQualifierTest15EE.crt"; |
| char *equalCertName = |
| "UserNoticeQualifierTest16EE.crt"; |
| char *diffCertName = |
| "CPSPointerQualifierTest20EE.crt"; |
| PKIX_PL_Cert *goodCert = NULL; |
| PKIX_PL_Cert *equalCert = NULL; |
| PKIX_PL_Cert *diffCert = NULL; |
| PKIX_List *goodPolicyInfo = NULL; |
| PKIX_List *equalPolicyInfo = NULL; |
| PKIX_List *diffPolicyInfo = NULL; |
| PKIX_PL_CertPolicyInfo *goodPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *equalPolicy = NULL; |
| PKIX_PL_CertPolicyInfo *diffPolicy = NULL; |
| PKIX_List *goodQuals = NULL; |
| PKIX_List *equalQuals = NULL; |
| PKIX_List *diffQuals = NULL; |
| PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; |
| PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; |
| PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; |
| PKIX_PL_OID *goodID = NULL; |
| PKIX_PL_OID *equalID = NULL; |
| PKIX_PL_OID *diffID = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId"); |
| |
| /* |
| * Get the cert, then the list of policyInfos. |
| * Take the first policyInfo from the list. |
| * Get its list of PolicyQualifiers. |
| * Take the first policyQualifier from the list. |
| * Finally, get the policyQualifier's ID. |
| */ |
| |
| /* Get the PolicyQualifier objects */ |
| goodCert = createCert(dataDir, goodCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, |
| 0, |
| (PKIX_PL_Object **)&goodPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext)); |
| |
| equalCert = createCert(dataDir, equalCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, |
| 0, |
| (PKIX_PL_Object **)&equalPolicy, |
| plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, |
| 0, |
| (PKIX_PL_Object **)&equalPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext)); |
| |
| diffCert = createCert(dataDir, diffCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, |
| 0, |
| (PKIX_PL_Object **)&diffPolQualifier, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodID); |
| PKIX_TEST_DECREF_AC(equalID); |
| PKIX_TEST_DECREF_AC(diffID); |
| PKIX_TEST_DECREF_AC(goodPolQualifier); |
| PKIX_TEST_DECREF_AC(equalPolQualifier); |
| PKIX_TEST_DECREF_AC(diffPolQualifier); |
| PKIX_TEST_DECREF_AC(goodQuals); |
| PKIX_TEST_DECREF_AC(equalQuals); |
| PKIX_TEST_DECREF_AC(diffQuals); |
| PKIX_TEST_DECREF_AC(goodPolicy); |
| PKIX_TEST_DECREF_AC(equalPolicy); |
| PKIX_TEST_DECREF_AC(diffPolicy); |
| PKIX_TEST_DECREF_AC(goodPolicyInfo); |
| PKIX_TEST_DECREF_AC(equalPolicyInfo); |
| PKIX_TEST_DECREF_AC(diffPolicyInfo); |
| PKIX_TEST_DECREF_AC(goodCert); |
| PKIX_TEST_DECREF_AC(equalCert); |
| PKIX_TEST_DECREF_AC(diffCert); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir) |
| { |
| |
| char *trueCertName = "CertificatePoliciesCritical.crt"; |
| char *falseCertName = "UserNoticeQualifierTest15EE.crt"; |
| PKIX_PL_Cert *trueCert = NULL; |
| PKIX_PL_Cert *falseCert = NULL; |
| PKIX_Boolean trueVal = PKIX_FALSE; |
| PKIX_Boolean falseVal = PKIX_FALSE; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>"); |
| |
| trueCert = createCert(dataCentralDir, trueCertName, plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext)); |
| |
| if (trueVal != PKIX_TRUE) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", trueVal); |
| (void)printf("Expected value:\t1\n"); |
| goto cleanup; |
| } |
| |
| subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>"); |
| |
| falseCert = createCert(dataDir, falseCertName, plContext); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext)); |
| |
| if (falseVal != PKIX_FALSE) { |
| testError("unexpected mismatch"); |
| (void)printf("Actual value:\t%d\n", falseVal); |
| (void)printf("Expected value:\t0\n"); |
| goto cleanup; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(trueCert); |
| PKIX_TEST_DECREF_AC(falseCert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCertPolicyConstraints(char *dataDir) |
| { |
| char *requireExplicitPolicy2CertName = |
| "requireExplicitPolicy2CACert.crt"; |
| char *inhibitPolicyMapping5CertName = |
| "inhibitPolicyMapping5CACert.crt"; |
| char *inhibitAnyPolicy5CertName = |
| "inhibitAnyPolicy5CACert.crt"; |
| char *inhibitAnyPolicy0CertName = |
| "inhibitAnyPolicy0CACert.crt"; |
| PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL; |
| PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL; |
| PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL; |
| PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL; |
| PKIX_Int32 skipCerts = 0; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetRequireExplicitPolicy"); |
| requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL)); |
| PR_ASSERT(skipCerts == 2); |
| |
| subTest("PKIX_PL_Cert_GetPolicyMappingInhibited"); |
| inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL)); |
| PR_ASSERT(skipCerts == 5); |
| |
| subTest("PKIX_PL_Cert_GetInhibitAnyPolicy"); |
| inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL)); |
| PR_ASSERT(skipCerts == 5); |
| |
| inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL)); |
| PR_ASSERT(skipCerts == 0); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert); |
| PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert); |
| PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert); |
| PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCertPolicyMaps(char *dataDir) |
| { |
| char *policyMappingsCertName = |
| "P1Mapping1to234CACert.crt"; |
| char *expectedAscii = |
| "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2"; |
| |
| PKIX_PL_Cert *policyMappingsCert = NULL; |
| PKIX_List *mappings = NULL; |
| PKIX_PL_CertPolicyMap *goodMap = NULL; |
| PKIX_PL_CertPolicyMap *equalMap = NULL; |
| PKIX_PL_CertPolicyMap *diffMap = NULL; |
| PKIX_PL_OID *goodOID = NULL; |
| PKIX_PL_OID *equalOID = NULL; |
| PKIX_PL_OID *diffOID = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_GetPolicyMappings"); |
| |
| policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap, |
| equalMap, |
| diffMap, |
| expectedAscii, |
| CertPolicyMap, |
| PKIX_TRUE); |
| |
| subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL)); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL)); |
| subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID, |
| equalOID, |
| diffOID, |
| "2.16.840.1.101.3.2.1.48.1", |
| OID, |
| PKIX_FALSE); |
| |
| subTest("pkix_pl_CertPolicyMap_Destroy"); |
| PKIX_TEST_DECREF_BC(goodMap); |
| PKIX_TEST_DECREF_BC(equalMap); |
| PKIX_TEST_DECREF_BC(diffMap); |
| |
| cleanup: |
| PKIX_TEST_DECREF_AC(policyMappingsCert); |
| PKIX_TEST_DECREF_AC(mappings); |
| PKIX_TEST_DECREF_AC(goodOID); |
| PKIX_TEST_DECREF_AC(equalOID); |
| PKIX_TEST_DECREF_AC(diffOID); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testNameConstraints(char *dataDir) |
| { |
| char *firstPname = "nameConstraintsDN3subCA2Cert.crt"; |
| char *secondPname = "nameConstraintsDN4CACert.crt"; |
| char *thirdPname = "nameConstraintsDN5CACert.crt"; |
| char *lastPname = "InvalidDNnameConstraintsTest3EE.crt"; |
| PKIX_PL_Cert *firstCert = NULL; |
| PKIX_PL_Cert *secondCert = NULL; |
| PKIX_PL_Cert *thirdCert = NULL; |
| PKIX_PL_Cert *lastCert = NULL; |
| PKIX_PL_CertNameConstraints *firstNC = NULL; |
| PKIX_PL_CertNameConstraints *secondNC = NULL; |
| PKIX_PL_CertNameConstraints *thirdNC = NULL; |
| PKIX_PL_CertNameConstraints *firstMergedNC = NULL; |
| PKIX_PL_CertNameConstraints *secondMergedNC = NULL; |
| char *firstExpectedAscii = |
| "[\n" |
| "\t\tPermitted Name: (O=Test Certificates,C=US)\n" |
| "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates," |
| "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n" |
| "\t]\n"; |
| char *secondExpectedAscii = |
| "[\n" |
| "\t\tPermitted Name: (O=Test Certificates,C=US, " |
| "OU=permittedSubtree1,O=Test Certificates,C=US)\n" |
| "\t\tExcluded Name: (OU=excludedSubtree1," |
| "O=Test Certificates," |
| "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, " |
| "OU=excludedSubtree1,OU=permittedSubtree1," |
| "O=Test Certificates,C=US)\n" |
| "\t]\n"; |
| |
| PKIX_TEST_STD_VARS(); |
| subTest("PKIX_PL_CertNameConstraints"); |
| |
| firstCert = createCert(dataDir, firstPname, plContext); |
| secondCert = createCert(dataDir, secondPname, plContext); |
| thirdCert = createCert(dataDir, thirdPname, plContext); |
| lastCert = createCert(dataDir, lastPname, plContext); |
| |
| subTest("PKIX_PL_Cert_GetNameConstraints <total=3>"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL)); |
| |
| subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL)); |
| |
| subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL)); |
| |
| testToStringHelper((PKIX_PL_Object *)firstMergedNC, |
| firstExpectedAscii, |
| plContext); |
| |
| testToStringHelper((PKIX_PL_Object *)secondMergedNC, |
| secondExpectedAscii, |
| plContext); |
| |
| subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>"); |
| |
| /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */ |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL)); |
| |
| subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>"); |
| |
| /* |
| * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, |
| * OU=permittedSubtree1,O=Test Certificates,C=US |
| */ |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL)); |
| |
| subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); |
| |
| /* |
| * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, |
| * OU=permittedSubtree1,O=Test Certificates,C=US |
| * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate |
| * Test3,OU=excludedSubtree1,O=Test Certificates,C=US |
| */ |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL)); |
| |
| subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); |
| |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL)); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(firstCert); |
| PKIX_TEST_DECREF_AC(secondCert); |
| PKIX_TEST_DECREF_AC(thirdCert); |
| PKIX_TEST_DECREF_AC(lastCert); |
| PKIX_TEST_DECREF_AC(firstNC); |
| PKIX_TEST_DECREF_AC(secondNC); |
| PKIX_TEST_DECREF_AC(thirdNC); |
| PKIX_TEST_DECREF_AC(firstMergedNC); |
| PKIX_TEST_DECREF_AC(secondMergedNC); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testDestroy(void *goodObject, void *equalObject, void *diffObject) |
| { |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Destroy"); |
| |
| PKIX_TEST_DECREF_BC(goodObject); |
| PKIX_TEST_DECREF_BC(equalObject); |
| PKIX_TEST_DECREF_BC(diffObject); |
| |
| PKIX_TEST_DECREF_BC(altNameNoneCert); |
| PKIX_TEST_DECREF_BC(altNameOtherCert); |
| PKIX_TEST_DECREF_BC(altNameOtherCert_diff); |
| PKIX_TEST_DECREF_BC(altNameRfc822Cert); |
| PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff); |
| PKIX_TEST_DECREF_BC(altNameDnsCert); |
| PKIX_TEST_DECREF_BC(altNameDnsCert_diff); |
| PKIX_TEST_DECREF_BC(altNameX400Cert); |
| PKIX_TEST_DECREF_BC(altNameX400Cert_diff); |
| PKIX_TEST_DECREF_BC(altNameDnCert); |
| PKIX_TEST_DECREF_BC(altNameDnCert_diff); |
| PKIX_TEST_DECREF_BC(altNameEdiCert); |
| PKIX_TEST_DECREF_BC(altNameEdiCert_diff); |
| PKIX_TEST_DECREF_BC(altNameUriCert); |
| PKIX_TEST_DECREF_BC(altNameUriCert_diff); |
| PKIX_TEST_DECREF_BC(altNameIpCert); |
| PKIX_TEST_DECREF_BC(altNameIpCert_diff); |
| PKIX_TEST_DECREF_BC(altNameOidCert); |
| PKIX_TEST_DECREF_BC(altNameOidCert_diff); |
| PKIX_TEST_DECREF_BC(altNameMultipleCert); |
| |
| cleanup: |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| printUsage(void) |
| { |
| (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n"); |
| } |
| |
| int |
| test_cert(int argc, char *argv[]) |
| { |
| |
| PKIX_PL_Cert *goodObject = NULL; |
| PKIX_PL_Cert *equalObject = NULL; |
| PKIX_PL_Cert *diffObject = NULL; |
| PKIX_UInt32 actualMinorVersion; |
| PKIX_UInt32 j = 0; |
| |
| char *dataCentralDir = NULL; |
| char *dataDir = NULL; |
| char *goodInput = "yassir2bcn"; |
| char *diffInput = "nss2alice"; |
| |
| char *expectedAscii = |
| "[\n" |
| "\tVersion: v3\n" |
| "\tSerialNumber: 37bc66ec\n" |
| "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" |
| "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" |
| "\tValidity: [From: Thu Aug 19, 1999\n" |
| /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */ |
| "\t To: Fri Aug 18, 2000]\n" |
| /* "\t To: Fri Aug 18 16:19:56 2000]\n" */ |
| "\tSubjectAltNames: (null)\n" |
| "\tAuthorityKeyId: (null)\n" |
| "\tSubjectKeyId: (null)\n" |
| "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" |
| "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" |
| "\tExtKeyUsages: (null)\n" |
| "\tBasicConstraint: CA(0)\n" |
| "\tCertPolicyInfo: (null)\n" |
| "\tPolicyMappings: (null)\n" |
| "\tExplicitPolicy: -1\n" |
| "\tInhibitMapping: -1\n" |
| "\tInhibitAnyPolicy:-1\n" |
| "\tNameConstraints: (null)\n" |
| "\tAuthorityInfoAccess: (null)\n" |
| "\tSubjectInfoAccess: (null)\n" |
| "\tCacheFlag: 0\n" |
| "]\n"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| startTests("Cert"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR( |
| PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); |
| |
| if (argc < 3 + j) { |
| printUsage(); |
| return (0); |
| } |
| |
| dataCentralDir = argv[2 + j]; |
| dataDir = argv[3 + j]; |
| |
| createCerts(dataCentralDir, |
| goodInput, |
| diffInput, |
| &goodObject, |
| &equalObject, |
| &diffObject); |
| |
| testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, |
| equalObject, |
| diffObject, |
| expectedAscii, |
| Cert, |
| PKIX_TRUE); |
| |
| testVerifyKeyUsage(dataCentralDir, dataDir, goodObject); |
| |
| testGetExtendedKeyUsage(dataCentralDir); |
| testGetKeyIdentifiers(dataCentralDir, goodObject); |
| |
| testGetVersion(goodObject); |
| testGetSerialNumber(goodObject, equalObject, diffObject); |
| |
| testGetSubject(goodObject, equalObject, diffObject); |
| testGetIssuer(goodObject, equalObject, diffObject); |
| |
| testGetSubjectAltNames(dataCentralDir); |
| testGetCriticalExtensionOIDs(dataCentralDir, goodObject); |
| |
| testGetSubjectPublicKey(goodObject, equalObject, diffObject); |
| testGetSubjectPublicKeyAlgId(goodObject); |
| testMakeInheritedDSAPublicKey(dataCentralDir); |
| |
| testCheckValidity(goodObject, diffObject); |
| |
| testBasicConstraints_GetCAFlag(dataCentralDir); |
| testBasicConstraints_GetPathLenConstraint(dataCentralDir); |
| testGetBasicConstraints(dataCentralDir); |
| |
| /* Basic Policy Processing */ |
| testGetPolicyInformation(dataDir); |
| testCertPolicy_GetPolicyId(dataDir); |
| testCertPolicy_GetPolQualifiers(dataDir); |
| testPolicyQualifier_GetPolicyQualifierId(dataDir); |
| testPolicyQualifier_GetQualifier(dataDir); |
| testAreCertPoliciesCritical(dataCentralDir, dataDir); |
| |
| /* Advanced Policy Processing */ |
| testCertPolicyConstraints(dataDir); |
| testCertPolicyMaps(dataDir); |
| |
| testNameConstraints(dataDir); |
| |
| testVerifySignature(dataCentralDir); |
| |
| testDestroy(goodObject, equalObject, diffObject); |
| |
| cleanup: |
| |
| PKIX_Shutdown(plContext); |
| |
| PKIX_TEST_RETURN(); |
| |
| endTests("Cert"); |
| |
| return (0); |
| } |