security/nss/cmd/libpkix/pkix/top/test_validatechain.c

   1 /* ***** BEGIN LICENSE BLOCK *****
   2  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
   3  *
   4  * The contents of this file are subject to the Mozilla Public License Version
   5  * 1.1 (the "License"); you may not use this file except in compliance with
   6  * the License. You may obtain a copy of the License at
   7  * http://www.mozilla.org/MPL/
   8  *
   9  * Software distributed under the License is distributed on an "AS IS" basis,
  10  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11  * for the specific language governing rights and limitations under the
  12  * License.
  13  *
  14  * The Original Code is the Netscape security libraries.
  15  *
  16  * The Initial Developer of the Original Code is
  17  * Netscape Communications Corporation.
  18  * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19  * the Initial Developer. All Rights Reserved.
  20  *
  21  * Contributor(s):
  22  *   Sun Microsystems
  23  *
  24  * Alternatively, the contents of this file may be used under the terms of
  25  * either the GNU General Public License Version 2 or later (the "GPL"), or
  26  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27  * in which case the provisions of the GPL or the LGPL are applicable instead
  28  * of those above. If you wish to allow use of your version of this file only
  29  * under the terms of either the GPL or the LGPL, and not to allow others to
  30  * use your version of this file under the terms of the MPL, indicate your
  31  * decision by deleting the provisions above and replace them with the notice
  32  * and other provisions required by the GPL or the LGPL. If you do not delete
  33  * the provisions above, a recipient may use your version of this file under
  34  * the terms of any one of the MPL, the GPL or the LGPL.
  35  *
  36  * ***** END LICENSE BLOCK ***** */
  37 /*
  38  * test_validatechain.c
  39  *
  40  * Test ValidateChain function
  41  *
  42  */
  43
  44 #include "testutil.h"
  45 #include "testutil_nss.h"
  46
  47 void *plContext = NULL;
  48
  49 void printUsage(void){
  50         (void) printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] "
  51                     "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
  52         (void) printf
  53                 ("Validates a chain of certificates between "
  54                 "<trustedCert> and <targetCert>\n"
  55                 "using the certs and CRLs in <certStoreDirectory>. "
  56                 "If ENE is specified,\n"
  57                 "then an Error is Not Expected. "
  58                 "If EE is specified, an Error is Expected.\n");
  59 }
  60
  61 char *createFullPathName(
  62         char *dirName,
  63         char *certFile,
  64         void *plContext)
  65 {
  66         PKIX_UInt32 certFileLen;
  67         PKIX_UInt32 dirNameLen;
  68         char *certPathName = NULL;
  69
  70         PKIX_TEST_STD_VARS();
  71
  72         certFileLen = PL_strlen(certFile);
  73         dirNameLen = PL_strlen(dirName);
  74
  75         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc
  76                 (dirNameLen + certFileLen + 2,
  77                 (void **)&certPathName,
  78                 plContext));
  79
  80         PL_strcpy(certPathName, dirName);
  81         PL_strcat(certPathName, "/");
  82         PL_strcat(certPathName, certFile);
  83         printf("certPathName = %s\n", certPathName);
  84
  85 cleanup:
  86
  87         PKIX_TEST_RETURN();
  88
  89         return (certPathName);
  90 }
  91
  92 PKIX_Error *
  93 testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
  94 {
  95         PKIX_PL_String *dirString = NULL;
  96         PKIX_CertStore *certStore = NULL;
  97         PKIX_ProcessingParams *procParams = NULL;
  98         PKIX_PL_Date *validity = NULL;
  99         PKIX_List *revCheckers = NULL;
 100         PKIX_RevocationChecker *ocspChecker = NULL;
 101
 102         PKIX_TEST_STD_VARS();
 103
 104         subTest("PKIX_PL_CollectionCertStoreContext_Create");
 105
 106         /* Create CollectionCertStore */
 107
 108         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
 109                 (PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
 110
 111         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
 112                 (dirString, &certStore, plContext));
 113
 114         /* Create CertStore */
 115
 116         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
 117                 (valParams, &procParams, plContext));
 118
 119         subTest("PKIX_ProcessingParams_AddCertStore");
 120         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
 121                 (procParams, certStore, plContext));
 122
 123         subTest("PKIX_ProcessingParams_SetRevocationEnabled");
 124
 125         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
 126                 (procParams, PKIX_TRUE, plContext));
 127
 128         /* create current Date */
 129         PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
 130                 (PR_Now(), &validity, plContext));
 131
 132         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
 133
 134         /* create revChecker */
 135         PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize
 136                 (validity,
 137                 NULL,        /* pwArg */
 138                 NULL,        /* Use default responder */
 139                 &ocspChecker,
 140                 plContext));
 141
 142         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
 143                 (revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
 144
 145         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers
 146                 (procParams, revCheckers, plContext));
 147
 148 cleanup:
 149
 150         PKIX_TEST_DECREF_AC(dirString);
 151         PKIX_TEST_DECREF_AC(procParams);
 152         PKIX_TEST_DECREF_AC(certStore);
 153         PKIX_TEST_DECREF_AC(revCheckers);
 154         PKIX_TEST_DECREF_AC(ocspChecker);
 155
 156         PKIX_TEST_RETURN();
 157
 158         return (0);
 159 }
 160
 161 int main(int argc, char *argv[]){
 162
 163         PKIX_ValidateParams *valParams = NULL;
 164         PKIX_ValidateResult *valResult = NULL;
 165         PKIX_UInt32 actualMinorVersion;
 166         PKIX_UInt32 j = 0;
 167         PKIX_UInt32 k = 0;
 168         PKIX_UInt32 chainLength = 0;
 169         PKIX_Boolean testValid = PKIX_TRUE;
 170         PKIX_Boolean useArenas = PKIX_FALSE;
 171         PKIX_List *chainCerts = NULL;
 172         PKIX_PL_Cert *dirCert = NULL;
 173         PKIX_VerifyNode *verifyTree = NULL;
 174         PKIX_PL_String *verifyString = NULL;
 175         char *dirCertName = NULL;
 176         char *anchorCertName = NULL;
 177         char *dirName = NULL;
 178
 179         PKIX_TEST_STD_VARS();
 180
 181         if (argc < 5) {
 182                 printUsage();
 183                 return (0);
 184         }
 185
 186         startTests("ValidateChain");
 187
 188         useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
 189
 190         PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
 191                 (PKIX_TRUE, /* nssInitNeeded */
 192                 useArenas,
 193                 PKIX_MAJOR_VERSION,
 194                 PKIX_MINOR_VERSION,
 195                 PKIX_MINOR_VERSION,
 196                 &actualMinorVersion,
 197                 &plContext));
 198
 199         /* ENE = expect no error; EE = expect error */
 200         if (PORT_Strcmp(argv[2+j], "ENE") == 0) {
 201                 testValid = PKIX_TRUE;
 202         } else if (PORT_Strcmp(argv[2+j], "EE") == 0) {
 203                 testValid = PKIX_FALSE;
 204         } else {
 205                 printUsage();
 206                 return (0);
 207         }
 208
 209         subTest(argv[1+j]);
 210
 211         dirName = argv[3+j];
 212
 213         chainLength = argc - j - 5;
 214
 215         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
 216
 217         for (k = 0; k < chainLength; k++) {
 218
 219                 dirCert = createCert(dirName, argv[5+k+j], plContext);
 220
 221                 PKIX_TEST_EXPECT_NO_ERROR
 222                         (PKIX_List_AppendItem
 223                         (chainCerts, (PKIX_PL_Object *)dirCert, plContext));
 224
 225                 PKIX_TEST_DECREF_BC(dirCert);
 226         }
 227
 228         valParams = createValidateParams
 229                 (dirName,
 230                 argv[4+j],
 231                 NULL,
 232                 NULL,
 233                 NULL,
 234                 PKIX_FALSE,
 235                 PKIX_FALSE,
 236                 PKIX_FALSE,
 237                 PKIX_FALSE,
 238                 chainCerts,
 239                 plContext);
 240
 241         testDefaultCertStore(valParams, dirName);
 242
 243         if (testValid == PKIX_TRUE) {
 244                 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain
 245                         (valParams, &valResult, &verifyTree, plContext));
 246         } else {
 247                 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain
 248                         (valParams, &valResult, &verifyTree, plContext));
 249         }
 250
 251         subTest("Displaying VerifyNode objects");
 252
 253         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString
 254                 ((PKIX_PL_Object*)verifyTree, &verifyString, plContext));
 255         (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);
 256
 257 cleanup:
 258         PKIX_TEST_DECREF_AC(verifyString);
 259         PKIX_TEST_DECREF_AC(verifyTree);
 260
 261         PKIX_TEST_DECREF_AC(chainCerts);
 262         PKIX_TEST_DECREF_AC(valParams);
 263         PKIX_TEST_DECREF_AC(valResult);
 264
 265         PKIX_Shutdown(plContext);
 266
 267         PKIX_TEST_RETURN();
 268
 269         endTests("ValidateChain");
 270
 271         return (0);
 272 }