search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / cmd / libpkix / pkix_pl / module / test_pk11certstore.c
blob9a61a9c639c4e5b0a9513a3b9a97227e5260460e
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * Sun Microsystems
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37 /*
38 * test_pk11certstore.c
39 *
40 * Test Pk11CertStore Type
41 *
42 */
43
44 #include "testutil.h"
45 #include "testutil_nss.h"
46
47
48 void *plContext = NULL;
49
50 /*
51 * This function creates a certSelector with ComCertSelParams set up to
52 * select entries whose Subject Name matches that in the given Cert and
53 * whose validity window includes the Date specified by "validityDate".
54 */
55 void test_makeSubjectCertSelector(
56 PKIX_PL_Cert *certNameToMatch,
57 PKIX_PL_Date *validityDate,
58 PKIX_CertSelector **pSelector,
59 void *plContext)
60 {
61 PKIX_CertSelector *selector = NULL;
62 PKIX_ComCertSelParams *subjParams = NULL;
63 PKIX_PL_X500Name *subjectName = NULL;
64
65 PKIX_TEST_STD_VARS();
66
67 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
68 (NULL, NULL, &selector, plContext));
69 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
70 (&subjParams, plContext));
71 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject
72 (certNameToMatch, &subjectName, plContext));
73 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
74 (subjParams, subjectName, plContext));
75 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid
76 (subjParams, validityDate, plContext));
77 PKIX_TEST_EXPECT_NO_ERROR
78 (PKIX_CertSelector_SetCommonCertSelectorParams
79 (selector, subjParams, plContext));
80 *pSelector = selector;
81
82 cleanup:
83
84 PKIX_TEST_DECREF_AC(subjParams);
85 PKIX_TEST_DECREF_AC(subjectName);
86
87 PKIX_TEST_RETURN();
88 }
89
90 /*
91 * This function creates a certSelector with ComCertSelParams set up to
92 * select entries containing a Basic Constraints extension with a path
93 * length of at least the specified "minPathLength".
94 */
95 void test_makePathCertSelector(
96 PKIX_Int32 minPathLength,
97 PKIX_CertSelector **pSelector,
98 void *plContext)
99 {
100 PKIX_CertSelector *selector = NULL;
101 PKIX_ComCertSelParams *pathParams = NULL;
102
103 PKIX_TEST_STD_VARS();
104
105 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create
106 (NULL, NULL, &selector, plContext));
107 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create
108 (&pathParams, plContext));
109 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints
110 (pathParams, minPathLength, plContext));
111
112 PKIX_TEST_EXPECT_NO_ERROR
113 (PKIX_CertSelector_SetCommonCertSelectorParams
114 (selector, pathParams, plContext));
115 *pSelector = selector;
116
117 cleanup:
118
119 PKIX_TEST_DECREF_AC(pathParams);
120
121 PKIX_TEST_RETURN();
122 }
123
124 /*
125 * This function reads a directory-file cert specified by "desiredSubjectCert",
126 * and decodes the SubjectName. It uses that name to set up the CertSelector
127 * for a Subject Name match, and then queries the database for matching entries.
128 * It is intended to test a "smart" database query.
129 */
130 void testMatchCertSubject(
131 char *crlDir,
132 char *desiredSubjectCert,
133 char *expectedAscii,
134 PKIX_PL_Date *validityDate,
135 void *plContext)
136 {
137 PKIX_UInt32 numCert = 0;
138 PKIX_PL_Cert *certWithDesiredSubject = NULL;
139 PKIX_CertStore *certStore = NULL;
140 PKIX_CertSelector *certSelector = NULL;
141 PKIX_List *certList = NULL;
142 PKIX_CertStore_CertCallback getCert = NULL;
143 void *nbioContext = NULL;
144
145 PKIX_TEST_STD_VARS();
146
147 certWithDesiredSubject = createCert
148 (crlDir, desiredSubjectCert, plContext);
149
150 test_makeSubjectCertSelector
151 (certWithDesiredSubject,
152 validityDate,
153 &certSelector,
154 plContext);
155
156 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
157 (&certStore, plContext));
158
159 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
160 (certStore, &getCert, plContext));
161
162 PKIX_TEST_EXPECT_NO_ERROR(getCert
163 (certStore,
164 certSelector,
165 &nbioContext,
166 &certList,
167 plContext));
168
169 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
170 (certList, &numCert, plContext));
171
172 if (numCert > 0) {
173 /* List should be immutable */
174 PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem
175 (certList, 0, plContext));
176 }
177
178 if (expectedAscii) {
179 testToStringHelper
180 ((PKIX_PL_Object *)certList, expectedAscii, plContext);
181 }
182
183 cleanup:
184
185 PKIX_TEST_DECREF_AC(certWithDesiredSubject);
186 PKIX_TEST_DECREF_AC(certStore);
187 PKIX_TEST_DECREF_AC(certSelector);
188 PKIX_TEST_DECREF_AC(certList);
189
190 PKIX_TEST_RETURN();
191 }
192
193 /*
194 * This function uses the minimum path length specified by "minPath" to set up
195 * a CertSelector for a BasicConstraints match, and then queries the database
196 * for matching entries. It is intended to test the case where there
197 * is no "smart" database query, so the database will be asked for all
198 * available certs and the filtering will be done by the interaction of the
199 * certstore and the selector.
200 */
201 void testMatchCertMinPath(
202 PKIX_Int32 minPath,
203 char *expectedAscii,
204 void *plContext)
205 {
206 PKIX_CertStore *certStore = NULL;
207 PKIX_CertSelector *certSelector = NULL;
208 PKIX_List *certList = NULL;
209 PKIX_CertStore_CertCallback getCert = NULL;
210 void *nbioContext = NULL;
211
212 PKIX_TEST_STD_VARS();
213
214 subTest("Searching Certs for minPath");
215
216 test_makePathCertSelector
217 (minPath, &certSelector, plContext);
218
219 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
220 (&certStore, plContext));
221
222 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback
223 (certStore, &getCert, plContext));
224
225 PKIX_TEST_EXPECT_NO_ERROR(getCert
226 (certStore,
227 certSelector,
228 &nbioContext,
229 &certList,
230 plContext));
231
232 if (expectedAscii) {
233 testToStringHelper
234 ((PKIX_PL_Object *)certList, expectedAscii, plContext);
235 }
236
237 cleanup:
238
239 PKIX_TEST_DECREF_AC(certStore);
240 PKIX_TEST_DECREF_AC(certSelector);
241 PKIX_TEST_DECREF_AC(certList);
242
243 PKIX_TEST_RETURN();
244 }
245
246 /*
247 * This function creates a crlSelector with ComCrlSelParams set up to
248 * select entries whose Issuer Name matches that in the given Crl.
249 */
250 void test_makeIssuerCRLSelector(
251 PKIX_PL_CRL *crlNameToMatch,
252 PKIX_CRLSelector **pSelector,
253 void *plContext)
254 {
255 PKIX_CRLSelector *selector = NULL;
256 PKIX_ComCRLSelParams *issuerParams = NULL;
257 PKIX_PL_X500Name *issuerName = NULL;
258 PKIX_List *names = NULL;
259
260 PKIX_TEST_STD_VARS();
261
262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
263 (NULL, NULL, &selector, plContext));
264 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
265 (&issuerParams, plContext));
266 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer
267 (crlNameToMatch, &issuerName, plContext));
268 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext));
269 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
270 (names, (PKIX_PL_Object *)issuerName, plContext));
271 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames
272 (issuerParams, names, plContext));
273
274 PKIX_TEST_EXPECT_NO_ERROR
275 (PKIX_CRLSelector_SetCommonCRLSelectorParams
276 (selector, issuerParams, plContext));
277 *pSelector = selector;
278
279 cleanup:
280
281 PKIX_TEST_DECREF_AC(issuerParams);
282 PKIX_TEST_DECREF_AC(issuerName);
283 PKIX_TEST_DECREF_AC(names);
284
285 PKIX_TEST_RETURN();
286 }
287
288 /*
289 * This function creates a crlSelector with ComCrlSelParams set up to
290 * select entries that would be valid at the Date specified by the Date
291 * criterion.
292 */
293 void test_makeDateCRLSelector(
294 PKIX_PL_Date *dateToMatch,
295 PKIX_CRLSelector **pSelector,
296 void *plContext)
297 {
298 PKIX_CRLSelector *selector = NULL;
299 PKIX_ComCRLSelParams *dateParams = NULL;
300
301 PKIX_TEST_STD_VARS();
302
303 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create
304 (NULL, NULL, &selector, plContext));
305 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create
306 (&dateParams, plContext));
307 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime
308 (dateParams, dateToMatch, plContext));
309 PKIX_TEST_EXPECT_NO_ERROR
310 (PKIX_CRLSelector_SetCommonCRLSelectorParams
311 (selector, dateParams, plContext));
312 *pSelector = selector;
313
314 cleanup:
315 PKIX_TEST_DECREF_AC(dateParams);
316
317 PKIX_TEST_RETURN();
318 }
319
320 /*
321 * This function reads a directory-file crl specified by "desiredIssuerCrl",
322 * and decodes the IssuerName. It uses that name to set up the CrlSelector
323 * for a Issuer Name match, and then queries the database for matching entries.
324 * It is intended to test the case of a "smart" database query.
325 */
326 void testMatchCrlIssuer(
327 char *crlDir,
328 char *desiredIssuerCrl,
329 char *expectedAscii,
330 void *plContext)
331 {
332 PKIX_UInt32 numCrl = 0;
333 PKIX_PL_CRL *crlWithDesiredIssuer = NULL;
334 PKIX_CertStore *crlStore = NULL;
335 PKIX_CRLSelector *crlSelector = NULL;
336 PKIX_List *crlList = NULL;
337 PKIX_CertStore_CRLCallback getCrl = NULL;
338 void *nbioContext = NULL;
339
340 PKIX_TEST_STD_VARS();
341
342 subTest("Searching CRLs for matching Issuer");
343
344 crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext);
345
346 test_makeIssuerCRLSelector
347 (crlWithDesiredIssuer, &crlSelector, plContext);
348
349 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
350 (&crlStore, plContext));
351
352 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
353 (crlStore, &getCrl, plContext));
354
355 PKIX_TEST_EXPECT_NO_ERROR(getCrl
356 (crlStore,
357 crlSelector,
358 &nbioContext,
359 &crlList,
360 plContext));
361
362 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength
363 (crlList, &numCrl, plContext));
364
365 if (numCrl > 0) {
366 /* List should be immutable */
367 PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem
368 (crlList, 0, plContext));
369 }
370
371 if (expectedAscii) {
372 testToStringHelper
373 ((PKIX_PL_Object *)crlList, expectedAscii, plContext);
374 }
375
376 cleanup:
377
378 PKIX_TEST_DECREF_AC(crlWithDesiredIssuer);
379 PKIX_TEST_DECREF_AC(crlStore);
380 PKIX_TEST_DECREF_AC(crlSelector);
381 PKIX_TEST_DECREF_AC(crlList);
382
383 PKIX_TEST_RETURN();
384 }
385
386 /*
387 * This function uses the date specified by "matchDate" to set up the
388 * CrlSelector for a Date match. It is intended to test the case where there
389 * is no "smart" database query, so the CertStore should throw an error
390 * rather than ask the database for all available CRLs and then filter the
391 * results using the selector.
392 */
393 void testMatchCrlDate(
394 char *dateMatch,
395 char *expectedAscii,
396 void *plContext)
397 {
398 PKIX_PL_Date *dateCriterion = NULL;
399 PKIX_CertStore *crlStore = NULL;
400 PKIX_CRLSelector *crlSelector = NULL;
401 PKIX_List *crlList = NULL;
402 PKIX_CertStore_CRLCallback getCrl = NULL;
403
404 PKIX_TEST_STD_VARS();
405
406 subTest("Searching CRLs for matching Date");
407
408 dateCriterion = createDate(dateMatch, plContext);
409 test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext);
410
411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
412 (&crlStore, plContext));
413
414 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback
415 (crlStore, &getCrl, plContext));
416
417 PKIX_TEST_EXPECT_ERROR(getCrl
418 (crlStore, crlSelector, NULL, &crlList, plContext));
419
420 cleanup:
421
422 PKIX_TEST_DECREF_AC(dateCriterion);
423 PKIX_TEST_DECREF_AC(crlStore);
424 PKIX_TEST_DECREF_AC(crlSelector);
425 PKIX_TEST_DECREF_AC(crlList);
426
427 PKIX_TEST_RETURN();
428 }
429
430 void printUsage(char *pName){
431 printf("\nUSAGE: %s <data-dir> <database-dir>\n\n", pName);
432 }
433
434 /* Functional tests for Pk11CertStore public functions */
435
436 int main(int argc, char *argv[]) {
437
438 PKIX_Boolean useArenas = PKIX_FALSE;
439 PKIX_UInt32 j = 0;
440 PKIX_UInt32 actualMinorVersion;
441 PKIX_PL_Date *validityDate = NULL;
442 PKIX_PL_Date *betweenDate = NULL;
443 char *crlDir = NULL;
444 char *databaseDir = NULL;
445 char *expectedProfAscii = "([\n"
446 "\tVersion: v3\n"
447 "\tSerialNumber: 00ca\n"
448 "\tIssuer: CN=chemistry,O=mit,C=us\n"
449 "\tSubject: CN=prof noall,O=mit,C=us\n"
450 "\tValidity: [From: Fri Feb 11 14:14:06 2005\n"
451 "\t To: Mon Jan 18, 2105]\n"
452 "\tSubjectAltNames: (null)\n"
453 "\tAuthorityKeyId: (null)\n"
454 "\tSubjectKeyId: (null)\n"
455 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
456 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
457 "\tExtKeyUsages: (null)\n"
458 "\tBasicConstraint: CA(6)\n"
459 "\tCertPolicyInfo: (null)\n"
460 "\tPolicyMappings: (null)\n"
461 "\tExplicitPolicy: -1\n"
462 "\tInhibitMapping: -1\n"
463 "\tInhibitAnyPolicy:-1\n"
464 "\tNameConstraints: (null)\n"
465 "]\n"
466 ", [\n"
467 "\tVersion: v3\n"
468 "\tSerialNumber: 03\n"
469 "\tIssuer: CN=physics,O=mit,C=us\n"
470 "\tSubject: CN=prof noall,O=mit,C=us\n"
471 "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
472 "\t To: Mon Jan 18, 2105]\n"
473 "\tSubjectAltNames: (null)\n"
474 "\tAuthorityKeyId: (null)\n"
475 "\tSubjectKeyId: (null)\n"
476 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
477 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
478 "\tExtKeyUsages: (null)\n"
479 "\tBasicConstraint: CA(0)\n"
480 "\tCertPolicyInfo: (null)\n"
481 "\tPolicyMappings: (null)\n"
482 "\tExplicitPolicy: -1\n"
483 "\tInhibitMapping: -1\n"
484 "\tInhibitAnyPolicy:-1\n"
485 "\tNameConstraints: (null)\n"
486 "]\n"
487 ")";
488 char *expectedValidityAscii = "([\n"
489 "\tVersion: v3\n"
490 "\tSerialNumber: 03\n"
491 "\tIssuer: CN=physics,O=mit,C=us\n"
492 "\tSubject: CN=prof noall,O=mit,C=us\n"
493 "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
494 "\t To: Mon Jan 18, 2105]\n"
495 "\tSubjectAltNames: (null)\n"
496 "\tAuthorityKeyId: (null)\n"
497 "\tSubjectKeyId: (null)\n"
498 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
499 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
500 "\tExtKeyUsages: (null)\n"
501 "\tBasicConstraint: CA(0)\n"
502 "\tCertPolicyInfo: (null)\n"
503 "\tPolicyMappings: (null)\n"
504 "\tExplicitPolicy: -1\n"
505 "\tInhibitMapping: -1\n"
506 "\tInhibitAnyPolicy:-1\n"
507 "\tNameConstraints: (null)\n"
508 "]\n"
509 ")";
510 char *expectedMinPathAscii = "([\n"
511 "\tVersion: v3\n"
512 "\tSerialNumber: 01\n"
513 "\tIssuer: CN=science,O=mit,C=us\n"
514 "\tSubject: CN=science,O=mit,C=us\n"
515 "\tValidity: [From: Fri Feb 11 12:47:58 2005\n"
516 "\t To: Mon Jan 18, 2105]\n"
517 "\tSubjectAltNames: (null)\n"
518 "\tAuthorityKeyId: (null)\n"
519 "\tSubjectKeyId: (null)\n"
520 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
521 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
522 "\tExtKeyUsages: (null)\n"
523 "\tBasicConstraint: CA(10)\n"
524 "\tCertPolicyInfo: (null)\n"
525 "\tPolicyMappings: (null)\n"
526 "\tExplicitPolicy: -1\n"
527 "\tInhibitMapping: -1\n"
528 "\tInhibitAnyPolicy:-1\n"
529 "\tNameConstraints: (null)\n"
530 "]\n"
531 ")";
532 char *expectedIssuerAscii = "([\n"
533 "\tVersion: v2\n"
534 "\tIssuer: CN=physics,O=mit,C=us\n"
535 "\tUpdate: [Last: Fri Feb 11 13:51:38 2005\n"
536 "\t Next: Mon Jan 18, 2105]\n"
537 "\tSignatureAlgId: 1.2.840.10040.4.3\n"
538 "\tCRL Number : (null)\n"
539 "\n"
540 "\tEntry List: (\n"
541 "\t[\n"
542 "\tSerialNumber: 67\n"
543 "\tReasonCode: 257\n"
544 "\tRevocationDate: Fri Feb 11 13:51:38 2005\n"
545 "\tCritExtOIDs: (EMPTY)\n"
546 "\t]\n"
547 "\t)\n"
548 "\n"
549 "\tCritExtOIDs: (EMPTY)\n"
550 "]\n"
551 ")";
552 char *expectedDateAscii = "([\n"
553 "\tVersion: v2\n"
554 "\tIssuer: CN=science,O=mit,C=us\n"
555 "\tUpdate: [Last: Fri Feb 11 13:34:40 2005\n"
556 "\t Next: Mon Jan 18, 2105]\n"
557 "\tSignatureAlgId: 1.2.840.10040.4.3\n"
558 "\tCRL Number : (null)\n"
559 "\n"
560 "\tEntry List: (\n"
561 "\t[\n"
562 "\tSerialNumber: 65\n"
563 "\tReasonCode: 260\n"
564 "\tRevocationDate: Fri Feb 11 13:34:40 2005\n"
565 "\tCritExtOIDs: (EMPTY)\n"
566 "\t]\n"
567 "\t)\n"
568 "\n"
569 "\tCritExtOIDs: (EMPTY)\n"
570 "]\n"
571 ", [\n"
572 "\tVersion: v2\n"
573 "\tIssuer: CN=testing CRL,O=test,C=us\n"
574 "\tUpdate: [Last: Fri Feb 11 13:14:38 2005\n"
575 "\t Next: Mon Jan 18, 2105]\n"
576 "\tSignatureAlgId: 1.2.840.10040.4.3\n"
577 "\tCRL Number : (null)\n"
578 "\n"
579 "\tEntry List: (\n"
580 "\t[\n"
581 "\tSerialNumber: 67\n"
582 "\tReasonCode: 258\n"
583 "\tRevocationDate: Fri Feb 11 13:14:38 2005\n"
584 "\tCritExtOIDs: (EMPTY)\n"
585 "\t]\n"
586 "\t)\n"
587 "\n"
588 "\tCritExtOIDs: (EMPTY)\n"
589 "]\n"
590 ")";
591
592 PKIX_TEST_STD_VARS();
593
594 startTests("Pk11CertStore");
595
596 if (argc < 3) {
597 printUsage(argv[0]);
598 return (0);
599 }
600
601 /* too bad we cannot do this after the macro NSSCONTEXT_SETUP */
602 databaseDir = argv[1];
603 if (databaseDir[0] == '-') {
604 /* with -arenas at front */
605 databaseDir = argv[2];
606 }
607
608 /* This must precede the call to PKIX_Initialize! */
609 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize_SetConfigDir
610 (PKIX_STORE_TYPE_PK11, databaseDir, plContext));
611
612 useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
613
614 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
615 (PKIX_TRUE, /* nssInitNeeded */
616 useArenas,
617 PKIX_MAJOR_VERSION,
618 PKIX_MINOR_VERSION,
619 PKIX_MINOR_VERSION,
620 &actualMinorVersion,
621 &plContext));
622
623 crlDir = argv[j+2];
624
625 /* Two certs for prof should be valid now */
626 PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime
627 (PR_Now(), &validityDate, plContext));
628
629 subTest("Searching Certs for Subject");
630
631 testMatchCertSubject
632 (crlDir,
633 "phy2prof.crt",
634 NULL, /* expectedProfAscii, */
635 validityDate,
636 plContext);
637
638 /* One of the certs was not yet valid at this time. */
639 betweenDate = createDate("050210184000Z", plContext);
640
641 subTest("Searching Certs for Subject and Validity");
642
643 testMatchCertSubject
644 (crlDir,
645 "phy2prof.crt",
646 NULL, /* expectedValidityAscii, */
647 betweenDate,
648 plContext);
649
650 testMatchCertMinPath
651 (9,
652 NULL, /* expectedMinPathAscii, */
653 plContext);
654
655 testMatchCrlIssuer
656 (crlDir,
657 "phys.crl",
658 NULL, /* expectedIssuerAscii, */
659 plContext);
660
661 testMatchCrlDate
662 ("050211184000Z",
663 NULL, /* expectedDateAscii, */
664 plContext);
665
666 cleanup:
667
668 PKIX_TEST_DECREF_AC(validityDate);
669 PKIX_TEST_DECREF_AC(betweenDate);
670
671 PKIX_TEST_RETURN();
672
673 endTests("Pk11CertStore");
674
675 return (0);
676 }
Mozilla NSS module