search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / cmd / libpkix / pkix / top / test_buildchain_resourcelimits.c
blobe79a2c899f6ccbf24b778d6821a539a95ebcb16f
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * Sun Microsystems
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37 /*
38 * test_buildchain_resourcelimits.c
39 *
40 * Test BuildChain function with constraints on resources
41 *
42 */
43
44 #include "testutil.h"
45 #include "testutil_nss.h"
46
47 #define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES+30)
48
49 void *plContext = NULL;
50 PKIX_Boolean usebind = PKIX_FALSE;
51 PKIX_Boolean useLDAP = PKIX_FALSE;
52 char buf[PR_NETDB_BUF_SIZE];
53 char *serverName = NULL;
54
55 static void printUsage(void) {
56 (void) printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] "
57 "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]"
58 " <certStoreDirectory>\\\n\t\t<targetCert>"
59 " <intermediate Certs...> <trustedCert>\n\n");
60 (void) printf
61 ("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
62 "using the certs and CRLs in <certStoreDirectory>. "
63 "servername[:port] gives\n"
64 "the address of an LDAP server. If port is not"
65 " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n"
66 "If ENE is specified, then an Error is Not Expected.\n"
67 "EE indicates an Error is Expected.\n");
68 }
69
70 static PKIX_Error *
71 createLdapCertStore(
72 char *hostname,
73 PRIntervalTime timeout,
74 PKIX_CertStore **pLdapCertStore,
75 void* plContext)
76 {
77 PRIntn backlog = 0;
78
79 char *bindname = "";
80 char *auth = "";
81
82 LDAPBindAPI bindAPI;
83 LDAPBindAPI *bindPtr = NULL;
84 PKIX_PL_LdapDefaultClient *ldapClient = NULL;
85 PKIX_CertStore *ldapCertStore = NULL;
86
87 PKIX_TEST_STD_VARS();
88
89 if (usebind) {
90 bindPtr = &bindAPI;
91 bindAPI.selector = SIMPLE_AUTH;
92 bindAPI.chooser.simple.bindName = bindname;
93 bindAPI.chooser.simple.authentication = auth;
94 }
95
96 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
97 (hostname, timeout, bindPtr, &ldapClient, plContext));
98
99 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
100 ((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext));
101
102 *pLdapCertStore = ldapCertStore;
103 cleanup:
104
105 PKIX_TEST_DECREF_AC(ldapClient);
106
107 PKIX_TEST_RETURN();
108
109 return (pkixTestErrorResult);
110
111 }
112
113 static void Test_BuildResult(
114 PKIX_ProcessingParams *procParams,
115 PKIX_Boolean testValid,
116 PKIX_List *expectedCerts,
117 void *plContext)
118 {
119 PKIX_PL_Cert *cert = NULL;
120 PKIX_List *certs = NULL;
121 PKIX_PL_String *actualCertsString = NULL;
122 PKIX_PL_String *expectedCertsString = NULL;
123 PKIX_BuildResult *buildResult = NULL;
124 PKIX_Boolean result;
125 PKIX_Boolean supportForward = PKIX_FALSE;
126 PKIX_UInt32 numCerts, i;
127 char *asciiResult = NULL;
128 char *actualCertsAscii = NULL;
129 char *expectedCertsAscii = NULL;
130 void *state = NULL;
131 PRPollDesc *pollDesc = NULL;
132
133 PKIX_TEST_STD_VARS();
134
135 pkixTestErrorResult = PKIX_BuildChain
136 (procParams,
137 (void **)&pollDesc,
138 &state,
139 &buildResult,
140 NULL,
141 plContext);
142
143 while (pollDesc != NULL) {
144
145 if (PR_Poll(pollDesc, 1, 0) < 0) {
146 testError("PR_Poll failed");
147 }
148
149 pkixTestErrorResult = PKIX_BuildChain
150 (procParams,
151 (void **)&pollDesc,
152 &state,
153 &buildResult,
154 NULL,
155 plContext);
156 }
157
158 if (pkixTestErrorResult) {
159 if (testValid == PKIX_FALSE) { /* EE */
160 (void) printf("EXPECTED ERROR RECEIVED!\n");
161 } else { /* ENE */
162 testError("UNEXPECTED ERROR RECEIVED!\n");
163 }
164 PKIX_TEST_DECREF_BC(pkixTestErrorResult);
165 goto cleanup;
166 }
167
168 if (testValid == PKIX_TRUE) { /* ENE */
169 (void) printf("EXPECTED NON-ERROR RECEIVED!\n");
170 } else { /* EE */
171 testError("UNEXPECTED NON-ERROR RECEIVED!\n");
172 }
173
174 if (buildResult){
175
176 PKIX_TEST_EXPECT_NO_ERROR
177 (PKIX_BuildResult_GetCertChain
178 (buildResult, &certs, NULL));
179
180 PKIX_TEST_EXPECT_NO_ERROR
181 (PKIX_List_GetLength(certs, &numCerts, plContext));
182
183 printf("\n");
184
185 for (i = 0; i < numCerts; i++){
186 PKIX_TEST_EXPECT_NO_ERROR
187 (PKIX_List_GetItem
188 (certs,
189 i,
190 (PKIX_PL_Object**)&cert,
191 plContext));
192
193 asciiResult = PKIX_Cert2ASCII(cert);
194
195 printf("CERT[%d]:\n%s\n", i, asciiResult);
196
197 /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
198 PKIX_TEST_EXPECT_NO_ERROR
199 (PKIX_PL_Free(asciiResult, NULL));
200 asciiResult = NULL;
201
202 PKIX_TEST_DECREF_BC(cert);
203 }
204
205 PKIX_TEST_EXPECT_NO_ERROR
206 (PKIX_PL_Object_Equals
207 ((PKIX_PL_Object*)certs,
208 (PKIX_PL_Object*)expectedCerts,
209 &result,
210 plContext));
211
212 if (!result){
213 testError("BUILT CERTCHAIN IS "
214 "NOT THE ONE THAT WAS EXPECTED");
215
216 PKIX_TEST_EXPECT_NO_ERROR
217 (PKIX_PL_Object_ToString
218 ((PKIX_PL_Object *)certs,
219 &actualCertsString,
220 plContext));
221
222 actualCertsAscii = PKIX_String2ASCII
223 (actualCertsString, plContext);
224 if (actualCertsAscii == NULL){
225 pkixTestErrorMsg = "PKIX_String2ASCII Failed";
226 goto cleanup;
227 }
228
229 PKIX_TEST_EXPECT_NO_ERROR
230 (PKIX_PL_Object_ToString
231 ((PKIX_PL_Object *)expectedCerts,
232 &expectedCertsString,
233 plContext));
234
235 expectedCertsAscii = PKIX_String2ASCII
236 (expectedCertsString, plContext);
237 if (expectedCertsAscii == NULL){
238 pkixTestErrorMsg = "PKIX_String2ASCII Failed";
239 goto cleanup;
240 }
241
242 (void) printf("Actual value:\t%s\n", actualCertsAscii);
243 (void) printf("Expected value:\t%s\n",
244 expectedCertsAscii);
245 }
246
247 }
248
249 cleanup:
250
251 PKIX_PL_Free(asciiResult, NULL);
252 PKIX_PL_Free(actualCertsAscii, plContext);
253 PKIX_PL_Free(expectedCertsAscii, plContext);
254 PKIX_TEST_DECREF_AC(state);
255 PKIX_TEST_DECREF_AC(buildResult);
256 PKIX_TEST_DECREF_AC(certs);
257 PKIX_TEST_DECREF_AC(cert);
258 PKIX_TEST_DECREF_AC(actualCertsString);
259 PKIX_TEST_DECREF_AC(expectedCertsString);
260
261 PKIX_TEST_RETURN();
262
263 }
264
265 int main(int argc, char *argv[])
266 {
267 PKIX_ComCertSelParams *certSelParams = NULL;
268 PKIX_CertSelector *certSelector = NULL;
269 PKIX_TrustAnchor *anchor = NULL;
270 PKIX_List *anchors = NULL;
271 PKIX_ProcessingParams *procParams = NULL;
272 PKIX_CertChainChecker *checker = NULL;
273 PKIX_ResourceLimits *resourceLimits = NULL;
274 char *dirName = NULL;
275 PKIX_PL_String *dirNameString = NULL;
276 PKIX_PL_Cert *trustedCert = NULL;
277 PKIX_PL_Cert *targetCert = NULL;
278 PKIX_PL_Cert *dirCert = NULL;
279 PKIX_UInt32 actualMinorVersion = 0;
280 PKIX_UInt32 j = 0;
281 PKIX_UInt32 k = 0;
282 PKIX_CertStore *ldapCertStore = NULL;
283 PRIntervalTime timeout = 0; /* 0 for non-blocking */
284 PKIX_CertStore *certStore = NULL;
285 PKIX_List *certStores = NULL;
286 PKIX_List *expectedCerts = NULL;
287 PKIX_Boolean useArenas = PKIX_FALSE;
288 PKIX_Boolean testValid = PKIX_FALSE;
289 PKIX_Boolean usebind = PKIX_FALSE;
290 PKIX_Boolean useLDAP = PKIX_FALSE;
291
292 PKIX_TEST_STD_VARS();
293
294 if (argc < 5){
295 printUsage();
296 return (0);
297 }
298
299 startTests("BuildChain_ResourceLimits");
300
301 useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
302
303 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
304 (PKIX_TRUE, /* nssInitNeeded */
305 useArenas,
306 PKIX_MAJOR_VERSION,
307 PKIX_MINOR_VERSION,
308 PKIX_MINOR_VERSION,
309 &actualMinorVersion,
310 &plContext));
311
312 /*
313 * arguments:
314 * [optional] -arenas
315 * [optional] usebind
316 * servername or servername:port ( - for no server)
317 * testname
318 * EE or ENE
319 * cert directory
320 * target cert (end entity)
321 * intermediate certs
322 * trust anchor
323 */
324
325 /* optional argument "usebind" for Ldap CertStore */
326 if (argv[j + 1]) {
327 if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
328 usebind = PKIX_TRUE;
329 j++;
330 }
331 }
332
333 if (PORT_Strcmp(argv[++j], "-") == 0) {
334 useLDAP = PKIX_FALSE;
335 } else {
336 serverName = argv[j];
337 }
338
339 subTest(argv[++j]);
340
341 /* ENE = expect no error; EE = expect error */
342 if (PORT_Strcmp(argv[++j], "ENE") == 0) {
343 testValid = PKIX_TRUE;
344 } else if (PORT_Strcmp(argv[j], "EE") == 0) {
345 testValid = PKIX_FALSE;
346 } else {
347 printUsage();
348 return (0);
349 }
350
351 dirName = argv[++j];
352
353 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
354
355 for (k = ++j; k < argc; k++) {
356
357 dirCert = createCert(dirName, argv[k], plContext);
358
359 if (k == (argc - 1)) {
360 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
361 ((PKIX_PL_Object *)dirCert, plContext));
362 trustedCert = dirCert;
363 } else {
364
365 PKIX_TEST_EXPECT_NO_ERROR
366 (PKIX_List_AppendItem
367 (expectedCerts,
368 (PKIX_PL_Object *)dirCert,
369 plContext));
370
371 if (k == j) {
372 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef
373 ((PKIX_PL_Object *)dirCert, plContext));
374 targetCert = dirCert;
375 }
376 }
377
378 PKIX_TEST_DECREF_BC(dirCert);
379 }
380
381 /* create processing params with list of trust anchors */
382
383 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
384 (trustedCert, &anchor, plContext));
385 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
386 PKIX_TEST_EXPECT_NO_ERROR
387 (PKIX_List_AppendItem
388 (anchors, (PKIX_PL_Object *)anchor, plContext));
389 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
390 (anchors, &procParams, plContext));
391
392 /* create CertSelector with target certificate in params */
393
394 PKIX_TEST_EXPECT_NO_ERROR
395 (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
396
397 PKIX_TEST_EXPECT_NO_ERROR
398 (PKIX_ComCertSelParams_SetCertificate
399 (certSelParams, targetCert, plContext));
400
401 PKIX_TEST_EXPECT_NO_ERROR
402 (PKIX_CertSelector_Create
403 (NULL, NULL, &certSelector, plContext));
404
405 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
406 (certSelector, certSelParams, plContext));
407
408 PKIX_TEST_EXPECT_NO_ERROR
409 (PKIX_ProcessingParams_SetTargetCertConstraints
410 (procParams, certSelector, plContext));
411
412 /* create CertStores */
413
414 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
415 (PKIX_ESCASCII,
416 dirName,
417 0,
418 &dirNameString,
419 plContext));
420
421 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
422 (dirNameString, &certStore, plContext));
423
424 #if 0
425 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
426 (&certStore, plContext));
427 #endif
428
429
430 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
431
432 if (useLDAP == PKIX_TRUE) {
433 PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore
434 (serverName, timeout, &ldapCertStore, plContext));
435
436 PKIX_TEST_EXPECT_NO_ERROR
437 (PKIX_List_AppendItem
438 (certStores,
439 (PKIX_PL_Object *)ldapCertStore,
440 plContext));
441 }
442
443 PKIX_TEST_EXPECT_NO_ERROR
444 (PKIX_List_AppendItem
445 (certStores, (PKIX_PL_Object *)certStore, plContext));
446
447 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
448 (procParams, certStores, plContext));
449
450 /* set resource limits */
451
452 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create
453 (&resourceLimits, plContext));
454
455 /* need longer time when running dbx for memory leak checking */
456 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
457 (resourceLimits, 60, plContext));
458
459 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
460 (resourceLimits, 2, plContext));
461
462 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
463 (resourceLimits, 2, plContext));
464
465 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits
466 (procParams, resourceLimits, plContext));
467
468 /* build cert chain using processing params and return buildResult */
469
470 subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>");
471 Test_BuildResult
472 (procParams,
473 testValid,
474 expectedCerts,
475 plContext);
476
477 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
478 (resourceLimits, 1, plContext));
479
480 subTest("Testing ResourceLimits MaxFanout - <fail>");
481 Test_BuildResult
482 (procParams,
483 PKIX_FALSE,
484 expectedCerts,
485 plContext);
486
487 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
488 (resourceLimits, 2, plContext));
489 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
490 (resourceLimits, 1, plContext));
491
492 subTest("Testing ResourceLimits MaxDepth - <fail>");
493 Test_BuildResult
494 (procParams,
495 PKIX_FALSE,
496 expectedCerts,
497 plContext);
498
499 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout
500 (resourceLimits, 0, plContext));
501 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth
502 (resourceLimits, 0, plContext));
503 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime
504 (resourceLimits, 0, plContext));
505
506 subTest("Testing ResourceLimits No checking - <pass>");
507 Test_BuildResult
508 (procParams,
509 testValid,
510 expectedCerts,
511 plContext);
512
513 cleanup:
514
515 PKIX_TEST_DECREF_AC(expectedCerts);
516 PKIX_TEST_DECREF_AC(procParams);
517 PKIX_TEST_DECREF_AC(procParams);
518 PKIX_TEST_DECREF_AC(certStores);
519 PKIX_TEST_DECREF_AC(certStore);
520 PKIX_TEST_DECREF_AC(ldapCertStore);
521 PKIX_TEST_DECREF_AC(dirNameString);
522 PKIX_TEST_DECREF_AC(trustedCert);
523 PKIX_TEST_DECREF_AC(targetCert);
524 PKIX_TEST_DECREF_AC(anchors);
525 PKIX_TEST_DECREF_AC(anchor);
526 PKIX_TEST_DECREF_AC(certSelParams);
527 PKIX_TEST_DECREF_AC(certSelector);
528 PKIX_TEST_DECREF_AC(checker);
529 PKIX_TEST_DECREF_AC(resourceLimits);
530
531 PKIX_TEST_RETURN();
532
533 PKIX_Shutdown(plContext);
534
535 endTests("BuildChain_UserChecker");
536
537 return (0);
538
539 }
Mozilla NSS module