search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / cmd / libpkix / pkix / top / test_customcrlchecker.c
blob97079d15556a38c06352e9c3862c817f8abd8aab
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * Sun Microsystems
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37 /*
38 * test_customcrlchecker.c
39 *
40 * Test Custom CRL Checking
41 *
42 */
43
44 #include "testutil.h"
45 #include "testutil_nss.h"
46
47 #define PKIX_TEST_MAX_CERTS 10
48 #define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5
49
50 void *plContext = NULL;
51 char *dirName = NULL; /* also used in callback */
52
53 void printUsage1(char *pName){
54 printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
55 printf("cert [certs].\n");
56 }
57
58 void printUsageMax(PKIX_UInt32 numCerts){
59 printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
60 numCerts, PKIX_TEST_MAX_CERTS);
61 }
62
63 PKIX_Error *
64 getCRLCallback(
65 PKIX_CertStore *store,
66 PKIX_CRLSelector *crlSelector,
67 void **pNBIOContext,
68 PKIX_List **pCrlList,
69 void *plContext)
70 {
71 char *crlFileNames[] = {"chem.crl",
72 "phys.crl",
73 "prof.crl",
74 "sci.crl",
75 "test.crl",
76 0 };
77 PKIX_PL_CRL *crl = NULL;
78 PKIX_List *crlList = NULL;
79 PKIX_UInt32 i = 0;
80
81 PKIX_TEST_STD_VARS();
82
83 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext));
84
85 while (crlFileNames[i]) {
86
87 crl = createCRL(dirName, crlFileNames[i++], plContext);
88
89 if (crl != NULL) {
90
91 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
92 (crlList, (PKIX_PL_Object *)crl, plContext));
93
94 PKIX_TEST_DECREF_BC(crl);
95 }
96 }
97
98 *pCrlList = crlList;
99
100 cleanup:
101
102 PKIX_TEST_RETURN();
103
104 return (0); /* this function is called by libpkix */
105
106 }
107
108 PKIX_Error *
109 getCRLContinue(
110 PKIX_CertStore *store,
111 PKIX_CRLSelector *crlSelector,
112 void **pNBIOContext,
113 PKIX_List **pCrlList,
114 void *plContext)
115 {
116 return (NULL);
117 }
118
119 PKIX_Error *
120 getCertCallback(
121 PKIX_CertStore *store,
122 PKIX_CertSelector *certSelector,
123 void **pNBIOContext,
124 PKIX_List **pCerts,
125 void *plContext)
126 {
127 return (NULL);
128 }
129
130 PKIX_Error *
131 getCertContinue(
132 PKIX_CertStore *store,
133 PKIX_CertSelector *certSelector,
134 void **pNBIOContext,
135 PKIX_List **pCerts,
136 void *plContext)
137 {
138 return (NULL);
139 }
140
141 PKIX_Error *
142 testCRLSelectorMatchCallback(
143 PKIX_CRLSelector *selector,
144 PKIX_PL_CRL *crl,
145 void *plContext)
146 {
147 PKIX_ComCRLSelParams *comCrlSelParams = NULL;
148 PKIX_List *issuerList = NULL;
149 PKIX_PL_X500Name *issuer = NULL;
150 PKIX_PL_X500Name *crlIssuer = NULL;
151 PKIX_UInt32 numIssuers = 0;
152 PKIX_UInt32 i = 0;
153 PKIX_Boolean result = PKIX_FALSE;
154 PKIX_Error *error = NULL;
155 PKIX_PL_String *textString = NULL;
156 char *errorText = "Not an error, CRL Select mismatch";
157
158 PKIX_TEST_STD_VARS();
159
160 subTest("Custom_Selector_MatchCallback");
161
162 if (selector != NULL) {
163 PKIX_TEST_EXPECT_NO_ERROR
164 (PKIX_CRLSelector_GetCommonCRLSelectorParams
165 (selector, &comCrlSelParams, plContext));
166 }
167
168 if (crl != NULL) {
169 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer
170 (crl, &crlIssuer, plContext));
171 }
172
173 if (comCrlSelParams != NULL) {
174 PKIX_TEST_EXPECT_NO_ERROR
175 (PKIX_ComCRLSelParams_GetIssuerNames
176 (comCrlSelParams, &issuerList, plContext));
177 }
178
179 if (issuerList != NULL) {
180
181 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
182 (issuerList, &numIssuers, plContext));
183
184 for (i = 0; i < numIssuers; i++){
185
186 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem
187 (issuerList,
188 i, (PKIX_PL_Object **)&issuer,
189 plContext));
190
191 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals
192 ((PKIX_PL_Object *)crlIssuer,
193 (PKIX_PL_Object *)issuer,
194 &result,
195 plContext));
196
197 if (result != PKIX_TRUE) {
198 break;
199 }
200
201 if (i == numIssuers-1) {
202
203 PKIX_TEST_EXPECT_NO_ERROR
204 (PKIX_PL_String_Create
205 (PKIX_ESCASCII,
206 (void *) errorText,
207 0,
208 &textString,
209 plContext));
210
211 PKIX_TEST_EXPECT_NO_ERROR
212 (PKIX_Error_Create
213 (0,
214 NULL,
215 NULL,
216 textString,
217 &error,
218 plContext));
219
220 PKIX_TEST_DECREF_AC(issuer);
221 issuer = NULL;
222 break;
223 }
224
225 PKIX_TEST_DECREF_AC(issuer);
226
227 }
228 }
229
230 cleanup:
231
232 PKIX_TEST_DECREF_AC(comCrlSelParams);
233 PKIX_TEST_DECREF_AC(crlIssuer);
234 PKIX_TEST_DECREF_AC(issuer);
235 PKIX_TEST_DECREF_AC(issuerList);
236 PKIX_TEST_DECREF_AC(textString);
237
238 PKIX_TEST_RETURN();
239
240 return (error);
241
242 }
243
244 PKIX_Error *
245 testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName)
246 {
247 PKIX_PL_String *issuerString = NULL;
248 PKIX_PL_X500Name *issuer = NULL;
249 PKIX_UInt32 length = 0;
250
251 PKIX_TEST_STD_VARS();
252
253 subTest("PKIX_ComCRLSelParams_AddIssuerName");
254
255 length = PL_strlen(issuerName);
256
257 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
258 (PKIX_UTF8,
259 issuerName,
260 length,
261 &issuerString,
262 plContext));
263
264 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString,
265 &issuer,
266 plContext));
267
268 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName
269 (comCrlSelParams, issuer, plContext));
270
271 cleanup:
272
273 PKIX_TEST_DECREF_AC(issuerString);
274 PKIX_TEST_DECREF_AC(issuer);
275
276 PKIX_TEST_RETURN();
277
278 return (0);
279 }
280
281 PKIX_Error *
282 testCustomCertStore(PKIX_ValidateParams *valParams)
283 {
284 PKIX_CertStore_CRLCallback crlCallback;
285 PKIX_CertStore *certStore = NULL;
286 PKIX_ProcessingParams *procParams = NULL;
287 char *issuerName1 = "cn=science,o=mit,c=us";
288 char *issuerName2 = "cn=physics,o=mit,c=us";
289 char *issuerName3 = "cn=prof noall,o=mit,c=us";
290 char *issuerName4 = "cn=testing CRL,o=test,c=us";
291 PKIX_ComCRLSelParams *comCrlSelParams = NULL;
292 PKIX_CRLSelector *crlSelector = NULL;
293 PKIX_List *crlList = NULL;
294 PKIX_UInt32 numCrl = 0;
295 void *nbioContext = NULL;
296
297 PKIX_TEST_STD_VARS();
298
299 subTest("PKIX_PL_CollectionCertStore_Create");
300
301 /* Create CRLSelector, link in CollectionCertStore */
302
303 subTest("PKIX_ComCRLSelParams_AddIssuerNames");
304
305 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
306 (&comCrlSelParams, plContext));
307
308
309 testAddIssuerName(comCrlSelParams, issuerName1);
310 testAddIssuerName(comCrlSelParams, issuerName2);
311 testAddIssuerName(comCrlSelParams, issuerName3);
312 testAddIssuerName(comCrlSelParams, issuerName4);
313
314
315 subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
316 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
317 (testCRLSelectorMatchCallback,
318 NULL,
319 &crlSelector,
320 plContext));
321
322 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams
323 (crlSelector, comCrlSelParams, plContext));
324
325 /* Create CertStore, link in CRLSelector */
326
327 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
328 (valParams, &procParams, plContext));
329
330 subTest("PKIX_CertStore_Create");
331 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create
332 (getCertCallback,
333 getCRLCallback,
334 getCertContinue,
335 getCRLContinue,
336 NULL, /* trustCallback */
337 (PKIX_PL_Object *)crlSelector, /* fake */
338 PKIX_FALSE, /* cacheFlag */
339 PKIX_TRUE, /* localFlag */
340 &certStore,
341 plContext));
342
343
344 subTest("PKIX_ProcessingParams_AddCertStore");
345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
346 (procParams, certStore, plContext));
347
348 subTest("PKIX_ProcessingParams_SetRevocationEnabled");
349 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
350 (procParams, PKIX_TRUE, plContext));
351
352 subTest("PKIX_CertStore_GetCRLCallback");
353 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
354 (certStore,
355 &crlCallback,
356 NULL));
357
358 subTest("Getting CRL by CRL Callback");
359 PKIX_TEST_EXPECT_NO_ERROR(crlCallback
360 (certStore,
361 crlSelector,
362 &nbioContext,
363 &crlList,
364 plContext));
365
366 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
367 (crlList,
368 &numCrl,
369 plContext));
370
371 if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
372 pkixTestErrorMsg = "unexpected CRL number mismatch";
373 }
374
375 cleanup:
376
377 PKIX_TEST_DECREF_AC(crlList);
378 PKIX_TEST_DECREF_AC(comCrlSelParams);
379 PKIX_TEST_DECREF_AC(crlSelector);
380 PKIX_TEST_DECREF_AC(procParams);
381 PKIX_TEST_DECREF_AC(certStore);
382
383 PKIX_TEST_RETURN();
384
385 return (0);
386 }
387
388 /*
389 * Validate Certificate Chain with Certificate Revocation List
390 * Certificate Chain is built based on input certs' sequence.
391 * CRL is fetched from the directory specified in CollectionCertStore.
392 * while CollectionCertStore is linked in CertStore Object which then
393 * linked in ProcessParam. During validation, CRLChecker will invoke
394 * the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL)
395 * to get CRL data for revocation check.
396 * This test set criteria in CRLSelector which is linked in
397 * CommonCRLSelectorParam. When CRL data is fetched into cache for
398 * revocation check, CRL's are filtered based on the criteria set.
399 */
400
401 int main(int argc, char *argv[]){
402
403 PKIX_List *chain = NULL;
404 PKIX_ValidateParams *valParams = NULL;
405 PKIX_ValidateResult *valResult = NULL;
406 PKIX_UInt32 actualMinorVersion;
407 char *certNames[PKIX_TEST_MAX_CERTS];
408 PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
409 PKIX_VerifyNode *verifyTree = NULL;
410 PKIX_PL_String *verifyString = NULL;
411 PKIX_UInt32 chainLength = 0;
412 PKIX_UInt32 i = 0;
413 PKIX_UInt32 j = 0;
414 PKIX_Boolean testValid = PKIX_TRUE;
415 PKIX_Boolean useArenas = PKIX_FALSE;
416 char *anchorName = NULL;
417
418 PKIX_TEST_STD_VARS();
419
420 if (argc < 5) {
421 printUsage1(argv[0]);
422 return (0);
423 }
424
425 startTests("CRL Checker");
426
427 useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
428
429 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
430 (PKIX_TRUE, /* nssInitNeeded */
431 useArenas,
432 PKIX_MAJOR_VERSION,
433 PKIX_MINOR_VERSION,
434 PKIX_MINOR_VERSION,
435 &actualMinorVersion,
436 &plContext));
437
438 /* ENE = expect no error; EE = expect error */
439 if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
440 testValid = PKIX_TRUE;
441 } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
442 testValid = PKIX_FALSE;
443 } else {
444 printUsage1(argv[0]);
445 return (0);
446 }
447
448 chainLength = (argc - j) - 5;
449 if (chainLength > PKIX_TEST_MAX_CERTS) {
450 printUsageMax(chainLength);
451 }
452
453 for (i = 0; i < chainLength; i++) {
454
455 certNames[i] = argv[(5 + j) +i];
456 certs[i] = NULL;
457 }
458
459 dirName = argv[3+j];
460
461 subTest(argv[1+j]);
462
463 subTest("Custom-CRL-Checker - Create Cert Chain");
464
465 chain = createCertChainPlus
466 (dirName, certNames, certs, chainLength, plContext);
467
468 subTest("Custom-CRL-Checker - Create Params");
469
470 anchorName = argv[4+j];
471
472 valParams = createValidateParams
473 (dirName,
474 anchorName,
475 NULL,
476 NULL,
477 NULL,
478 PKIX_FALSE,
479 PKIX_FALSE,
480 PKIX_FALSE,
481 PKIX_FALSE,
482 chain,
483 plContext);
484
485 subTest("Custom-CRL-Checker - Set Processing Params for CertStore");
486
487 testCustomCertStore(valParams);
488
489 subTest("Custom-CRL-Checker - Validate Chain");
490
491 if (testValid == PKIX_TRUE) {
492 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
493 (valParams, &valResult, &verifyTree, plContext));
494 } else {
495 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
496 (valParams, &valResult, &verifyTree, plContext));
497 }
498
499 cleanup:
500
501 PKIX_TEST_DECREF_AC(verifyString);
502 PKIX_TEST_DECREF_AC(verifyTree);
503 PKIX_TEST_DECREF_AC(chain);
504 PKIX_TEST_DECREF_AC(valParams);
505 PKIX_TEST_DECREF_AC(valResult);
506
507 PKIX_Shutdown(plContext);
508
509 PKIX_TEST_RETURN();
510
511 endTests("CRL Checker");
512
513 return (0);
514 }
Mozilla NSS module