| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| /* |
| * test_crl.c |
| * |
| * Test CRL Type |
| * |
| */ |
| |
| #include "testutil.h" |
| #include "testutil_nss.h" |
| |
| static void *plContext = NULL; |
| |
| static void |
| createCRLs( |
| char *dataDir, |
| char *goodInput, |
| char *diffInput, |
| PKIX_PL_CRL **goodObject, |
| PKIX_PL_CRL **equalObject, |
| PKIX_PL_CRL **diffObject) |
| { |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_CRL_Create <goodObject>"); |
| *goodObject = createCRL(dataDir, goodInput, plContext); |
| |
| subTest("PKIX_PL_CRL_Create <equalObject>"); |
| *equalObject = createCRL(dataDir, goodInput, plContext); |
| |
| subTest("PKIX_PL_CRL_Create <diffObject>"); |
| *diffObject = createCRL(dataDir, diffInput, plContext); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetCRLEntryForSerialNumber( |
| PKIX_PL_CRL *goodObject) |
| { |
| PKIX_PL_BigInt *bigInt; |
| PKIX_PL_String *bigIntString = NULL; |
| PKIX_PL_CRLEntry *crlEntry = NULL; |
| PKIX_PL_String *crlEntryString = NULL; |
| char *snAscii = "3039"; |
| char *expectedAscii = |
| "\n\t[\n" |
| "\tSerialNumber: 3039\n" |
| "\tReasonCode: 257\n" |
| "\tRevocationDate: Fri Jan 07, 2005\n" |
| /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ |
| "\tCritExtOIDs: (EMPTY)\n" |
| "\t]\n\t"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( |
| PKIX_ESCASCII, |
| snAscii, |
| PL_strlen(snAscii), |
| &bigIntString, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( |
| bigIntString, |
| &bigInt, |
| plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( |
| goodObject, bigInt, &crlEntry, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString( |
| (PKIX_PL_Object *)crlEntry, |
| &crlEntryString, |
| plContext)); |
| |
| testToStringHelper((PKIX_PL_Object *)crlEntryString, |
| expectedAscii, plContext); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(bigIntString); |
| PKIX_TEST_DECREF_AC(bigInt); |
| PKIX_TEST_DECREF_AC(crlEntryString); |
| PKIX_TEST_DECREF_AC(crlEntry); |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetIssuer( |
| PKIX_PL_CRL *goodObject, |
| PKIX_PL_CRL *equalObject, |
| PKIX_PL_CRL *diffObject) |
| { |
| PKIX_PL_X500Name *goodIssuer = NULL; |
| PKIX_PL_X500Name *equalIssuer = NULL; |
| PKIX_PL_X500Name *diffIssuer = NULL; |
| char *expectedAscii = "CN=hanfeiyu,O=sun,C=us"; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_CRL_GetIssuer"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR( |
| PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR( |
| PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR( |
| PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext)); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer, |
| equalIssuer, |
| diffIssuer, |
| expectedAscii, |
| X500Name, |
| PKIX_TRUE); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodIssuer); |
| PKIX_TEST_DECREF_AC(equalIssuer); |
| PKIX_TEST_DECREF_AC(diffIssuer); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testCritExtensionsAbsent(PKIX_PL_CRL *crl) |
| { |
| PKIX_List *oidList = NULL; |
| PKIX_UInt32 numOids = 0; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext)); |
| |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext)); |
| if (numOids != 0) { |
| pkixTestErrorMsg = "unexpected mismatch"; |
| } |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(oidList); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject) |
| { |
| subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs " |
| "<0 element>"); |
| testCritExtensionsAbsent(goodObject); |
| } |
| |
| static void |
| testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl) |
| { |
| PKIX_PL_Cert *firstCert = NULL; |
| PKIX_PL_Cert *secondCert = NULL; |
| PKIX_PL_PublicKey *firstPubKey = NULL; |
| PKIX_PL_PublicKey *secondPubKey = NULL; |
| |
| PKIX_TEST_STD_VARS(); |
| |
| subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>"); |
| firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext); |
| |
| subTest("PKIX_PL_Cert_Create <hy2hy-bc0>"); |
| secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext)); |
| |
| subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext)); |
| |
| subTest("PKIX_PL_CRL_VerifySignature <positive>"); |
| PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext)); |
| |
| subTest("PKIX_PL_CRL_VerifySignature <negative>"); |
| PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext)); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(firstCert); |
| PKIX_TEST_DECREF_AC(secondCert); |
| PKIX_TEST_DECREF_AC(firstPubKey); |
| PKIX_TEST_DECREF_AC(secondPubKey); |
| |
| PKIX_TEST_RETURN(); |
| } |
| |
| static void |
| printUsage(void) |
| { |
| (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n"); |
| } |
| |
| /* Functional tests for CRL public functions */ |
| |
| int |
| test_crl(int argc, char *argv[]) |
| { |
| PKIX_PL_CRL *goodObject = NULL; |
| PKIX_PL_CRL *equalObject = NULL; |
| PKIX_PL_CRL *diffObject = NULL; |
| PKIX_UInt32 actualMinorVersion; |
| PKIX_UInt32 j = 0; |
| |
| char *dataCentralDir = NULL; |
| char *goodInput = "crlgood.crl"; |
| char *diffInput = "crldiff.crl"; |
| char *expectedAscii = |
| "[\n" |
| "\tVersion: v2\n" |
| "\tIssuer: CN=hanfeiyu,O=sun,C=us\n" |
| "\tUpdate: [Last: Fri Jan 07, 2005\n" |
| /* "\tUpdate: [Last: Fri Jan 07 15:09:10 2005\n" */ |
| "\t Next: Sat Jan 07, 2006]\n" |
| /* "\t Next: Sat Jan 07 15:09:10 2006]\n" */ |
| "\tSignatureAlgId: 1.2.840.10040.4.3\n" |
| "\tCRL Number : (null)\n" |
| "\n\tEntry List: (\n" |
| "\t[\n" |
| "\tSerialNumber: 010932\n" |
| "\tReasonCode: 260\n" |
| "\tRevocationDate: Fri Jan 07, 2005\n" |
| /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ |
| "\tCritExtOIDs: (EMPTY)\n" |
| "\t]\n\t" |
| ", " |
| "\n\t[\n" |
| "\tSerialNumber: 3039\n" |
| "\tReasonCode: 257\n" |
| "\tRevocationDate: Fri Jan 07, 2005\n" |
| /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ |
| "\tCritExtOIDs: (EMPTY)\n" |
| "\t]\n\t" |
| ")" |
| "\n\n" |
| "\tCritExtOIDs: (EMPTY)\n" |
| "]\n"; |
| /* Note XXX serialnumber and reasoncode need debug */ |
| |
| PKIX_TEST_STD_VARS(); |
| |
| startTests("CRL"); |
| |
| PKIX_TEST_EXPECT_NO_ERROR( |
| PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); |
| |
| if (argc < 3 + j) { |
| printUsage(); |
| return (0); |
| } |
| |
| dataCentralDir = argv[2 + j]; |
| |
| createCRLs(dataCentralDir, |
| goodInput, |
| diffInput, |
| &goodObject, |
| &equalObject, |
| &diffObject); |
| |
| PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, |
| equalObject, |
| diffObject, |
| expectedAscii, |
| CRL, |
| PKIX_TRUE); |
| |
| testGetIssuer(goodObject, equalObject, diffObject); |
| |
| testGetCriticalExtensionOIDs(goodObject); |
| |
| testGetCRLEntryForSerialNumber(goodObject); |
| |
| testVerifySignature(dataCentralDir, goodObject); |
| |
| cleanup: |
| |
| PKIX_TEST_DECREF_AC(goodObject); |
| PKIX_TEST_DECREF_AC(equalObject); |
| PKIX_TEST_DECREF_AC(diffObject); |
| |
| PKIX_Shutdown(plContext); |
| |
| PKIX_TEST_RETURN(); |
| |
| endTests("CRL"); |
| |
| return (0); |
| } |