diff options
Diffstat (limited to 'mozilla/security/nss/cmd/libpkix/pkix_pl/pki')
11 files changed, 4063 insertions, 0 deletions
diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/Makefile b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/Makefile new file mode 100755 index 0000000..3f1484b --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/Makefile @@ -0,0 +1,80 @@ +#! gmake +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the PKIX-C library. +# +# The Initial Developer of the Original Code is +# Sun Microsystems, Inc. +# Portions created by the Initial Developer are +# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. +# +# Contributor(s): +# Sun Microsystems, Inc. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(PKIX_DEPTH)/config.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include $(PLAT_DEPTH)/platrules.mk diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn new file mode 100755 index 0000000..69d2289 --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/manifest.mn @@ -0,0 +1,61 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# htt/www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the PKIX-C library. +# +# The Initial Developer of the Original Code is +# Sun Microsystems, Inc. +# Portions created by the Initial Developer are +# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. +# +# Contributor(s): +# Sun Microsystems, Inc. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +PKIX_DEPTH = ../.. +PLAT_DEPTH = $(PKIX_DEPTH)/.. +CORE_DEPTH = $(PKIX_DEPTH)/../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = test_cert.c \ + test_crl.c \ + test_crlentry.c \ + test_date.c \ + test_generalname.c \ + test_nameconstraints.c \ + test_x500name.c \ + test_authorityinfoaccess.c \ + test_subjectinfoaccess.c \ + $(NULL) + +LIBRARY_NAME=pkixtoolpki + +SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR) + +NO_MD_RELEASE = 1 diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c new file mode 100644 index 0000000..faae348 --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c @@ -0,0 +1,148 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_authorityinfoaccess.c + * + * Test Authority InfoAccess Type + * + */ + + + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int test_authorityinfoaccess(int argc, char *argv[]) { + + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *certDiff = NULL; + PKIX_List *aiaList = NULL; + PKIX_List *siaList = NULL; + PKIX_PL_InfoAccess *aia = NULL; + PKIX_PL_InfoAccess *aiaDup = NULL; + PKIX_PL_InfoAccess *aiaDiff = NULL; + char *certPathName = NULL; + char *dirName = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 size, i; + PKIX_UInt32 j = 0; + char *expectedAscii = "[method:caIssuers, location:ldap:" + "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1," + "o=Test%20Certificates,c=US?cACertificate;binary," + "crossCertificatePair;binary]"; + + PKIX_TEST_STD_VARS(); + + startTests("AuthorityInfoAccess"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 5+j) { + printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); + } + + dirName = argv[2+j]; + certPathName = argv[3+j]; + + subTest("Creating Cert with Authority Info Access"); + cert = createCert(dirName, certPathName, plContext); + + certPathName = argv[4+j]; + + subTest("Creating Cert with Subject Info Access"); + certDiff = createCert(dirName, certPathName, plContext); + + subTest("Getting Authority Info Access"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess + (cert, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (aiaList, 0, (PKIX_PL_Object **) &aia, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (aiaList, 0, (PKIX_PL_Object **) &aiaDup, plContext)); + + subTest("Getting Subject Info Access as difference comparison"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess + (certDiff, &siaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (siaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (siaList, 0, (PKIX_PL_Object **) &aiaDiff, plContext)); + + subTest("Checking: Equal, Hash and ToString"); + PKIX_TEST_EQ_HASH_TOSTR_DUP + (aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE); + + + +cleanup: + + PKIX_TEST_DECREF_AC(aia); + PKIX_TEST_DECREF_AC(aiaDup); + PKIX_TEST_DECREF_AC(aiaDiff); + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(siaList); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certDiff); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Authorityinfoaccess"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c new file mode 100644 index 0000000..5d03665 --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_cert.c @@ -0,0 +1,2360 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_cert.c + * + * Test Cert Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static PKIX_PL_Cert *altNameNoneCert = NULL; +static PKIX_PL_Cert *altNameOtherCert = NULL; +static PKIX_PL_Cert *altNameOtherCert_diff = NULL; +static PKIX_PL_Cert *altNameRfc822Cert = NULL; +static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL; +static PKIX_PL_Cert *altNameDnsCert = NULL; +static PKIX_PL_Cert *altNameDnsCert_diff = NULL; +static PKIX_PL_Cert *altNameX400Cert = NULL; +static PKIX_PL_Cert *altNameX400Cert_diff = NULL; +static PKIX_PL_Cert *altNameDnCert = NULL; +static PKIX_PL_Cert *altNameDnCert_diff = NULL; +static PKIX_PL_Cert *altNameEdiCert = NULL; +static PKIX_PL_Cert *altNameEdiCert_diff = NULL; +static PKIX_PL_Cert *altNameUriCert = NULL; +static PKIX_PL_Cert *altNameUriCert_diff = NULL; +static PKIX_PL_Cert *altNameIpCert = NULL; +static PKIX_PL_Cert *altNameIpCert_diff = NULL; +static PKIX_PL_Cert *altNameOidCert = NULL; +static PKIX_PL_Cert *altNameOidCert_diff = NULL; +static PKIX_PL_Cert *altNameMultipleCert = NULL; + +static void *plContext = NULL; + +static void createCerts( + char *dataCentralDir, + char *goodInput, + char *diffInput, + PKIX_PL_Cert **goodObject, + PKIX_PL_Cert **equalObject, + PKIX_PL_Cert **diffObject) +{ + subTest("PKIX_PL_Cert_Create <goodObject>"); + *goodObject = createCert(dataCentralDir, goodInput, plContext); + + subTest("PKIX_PL_Cert_Create <equalObject>"); + *equalObject = createCert(dataCentralDir, goodInput, plContext); + + subTest("PKIX_PL_Cert_Create <diffObject>"); + *diffObject = createCert(dataCentralDir, diffInput, plContext); +} + + +static void +createCertsWithSubjectAltNames(char *dataCentralDir) +{ + subTest("PKIX_PL_Cert_Create <altNameDNS>"); + altNameDnsCert = createCert + (dataCentralDir, "generalName/altNameDnsCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDNS_diff>"); + altNameDnsCert_diff = createCert + (dataCentralDir, "generalName/altNameDnsCert_diff", plContext); + + + subTest("PKIX_PL_Cert_Create <altNameRFC822>"); + altNameRfc822Cert = createCert + (dataCentralDir, "generalName/altNameRfc822Cert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>"); + altNameRfc822Cert_diff = createCert + (dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameX400Cert>"); + altNameX400Cert = createCert + (dataCentralDir, "generalName/altNameX400Cert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameX400_diff>"); + altNameX400Cert_diff = createCert + (dataCentralDir, "generalName/altNameX400Cert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDN>"); + altNameDnCert = createCert + (dataCentralDir, "generalName/altNameDnCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameDN_diff>"); + altNameDnCert_diff = createCert + (dataCentralDir, "generalName/altNameDnCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameEdiCert>"); + altNameEdiCert = createCert + (dataCentralDir, "generalName/altNameEdiCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameEdi_diff>"); + altNameEdiCert_diff = createCert + (dataCentralDir, "generalName/altNameEdiCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameURI>"); + altNameUriCert = createCert + (dataCentralDir, "generalName/altNameUriCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameURI_diff>"); + altNameUriCert_diff = createCert + (dataCentralDir, "generalName/altNameUriCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameIP>"); + altNameIpCert = createCert + (dataCentralDir, "generalName/altNameIpCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameIP_diff>"); + altNameIpCert_diff = createCert + (dataCentralDir, "generalName/altNameIpCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOID>"); + altNameOidCert = createCert + (dataCentralDir, "generalName/altNameOidCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOID_diff>"); + altNameOidCert_diff = createCert + (dataCentralDir, "generalName/altNameOidCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOther>"); + altNameOtherCert = createCert + (dataCentralDir, "generalName/altNameOtherCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameOther_diff>"); + altNameOtherCert_diff = createCert + (dataCentralDir, "generalName/altNameOtherCert_diff", plContext); + + subTest("PKIX_PL_Cert_Create <altNameNone>"); + altNameNoneCert = createCert + (dataCentralDir, "generalName/altNameNoneCert", plContext); + + subTest("PKIX_PL_Cert_Create <altNameMultiple>"); + altNameMultipleCert = createCert + (dataCentralDir, "generalName/altNameRfc822DnsCert", plContext); +} + +static void testGetVersion( + PKIX_PL_Cert *goodObject) +{ + PKIX_UInt32 goodVersion; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetVersion"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion + (goodObject, &goodVersion, plContext)); + + if (goodVersion != 2){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", goodVersion); + (void) printf("Expected value:\t2\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_RETURN(); +} + +static void testGetSerialNumber( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_BigInt *goodSN = NULL; + PKIX_PL_BigInt *equalSN = NULL; + PKIX_PL_BigInt *diffSN = NULL; + char *expectedAscii = "37bc66ec"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSerialNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber + (goodObject, &goodSN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber + (equalObject, &equalSN, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber + (diffObject, &diffSN, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodSN); + PKIX_TEST_DECREF_AC(equalSN); + PKIX_TEST_DECREF_AC(diffSN); + + PKIX_TEST_RETURN(); +} + + +static void testGetSubject( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_PL_X500Name *diffSubject = NULL; + char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubject"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject + (goodObject, &goodSubject, plContext)); + + if (!goodSubject){ + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject + (equalObject, &equalSubject, plContext)); + + if (!equalSubject){ + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject + (diffObject, &diffSubject, plContext)); + + if (!diffSubject){ + testError("Certificate Subject should not be NULL"); + goto cleanup; + } + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodSubject, + equalSubject, + diffSubject, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(diffSubject); + + PKIX_TEST_RETURN(); +} + +static void testGetIssuer( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_X500Name *goodIssuer = NULL; + PKIX_PL_X500Name *equalIssuer = NULL; + PKIX_PL_X500Name *diffIssuer = NULL; + char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetIssuer"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer + (goodObject, &goodIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer + (equalObject, &equalIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer + (diffObject, &diffIssuer, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodIssuer, + equalIssuer, + diffIssuer, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodIssuer); + PKIX_TEST_DECREF_AC(equalIssuer); + PKIX_TEST_DECREF_AC(diffIssuer); + + PKIX_TEST_RETURN(); +} + +static void testAltNames( + PKIX_PL_Cert *goodCert, + PKIX_PL_Cert *diffCert, + char *expectedAscii) +{ + PKIX_List *goodAltNames = NULL; + PKIX_List *diffAltNames = NULL; + PKIX_PL_GeneralName *goodAltName = NULL; + PKIX_PL_GeneralName *diffAltName = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames + (goodCert, &goodAltNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodAltNames, + 0, + (PKIX_PL_Object **)&goodAltName, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames + (diffCert, &diffAltNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffAltNames, + 0, + (PKIX_PL_Object **)&diffAltName, + plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodAltName, goodAltName, diffAltName, + expectedAscii, GeneralName, PKIX_TRUE); + +cleanup: + PKIX_TEST_DECREF_AC(goodAltNames); + PKIX_TEST_DECREF_AC(goodAltName); + PKIX_TEST_DECREF_AC(diffAltNames); + PKIX_TEST_DECREF_AC(diffAltName); + PKIX_TEST_RETURN(); +} + +static void testAltNamesNone(PKIX_PL_Cert *cert){ + + PKIX_List *altNames = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames + (cert, &altNames, plContext)); + + if (altNames != NULL){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%p\n", (void *)altNames); + (void) printf("Expected value:\tNULL\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(altNames); + PKIX_TEST_RETURN(); + +} +static void testAltNamesMultiple(){ + PKIX_List *altNames = NULL; + PKIX_PL_GeneralName *firstAltName = NULL; + PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME; + PKIX_PL_GeneralName *secondAltName = NULL; + PKIX_Int32 secondExpectedType = PKIX_DNS_NAME; + + + char *expectedAscii = + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 2d\n" + "\tIssuer: OU=labs,O=sun,C=us\n" + "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n" + "\tValidity: [From: Mon Feb 09, 2004\n" + /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */ + "\t To: Mon Feb 09, 2004]\n" + /* "\t To: Mon Feb 09 14:43:52 2004]\n" */ + "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (EMPTY)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: (null)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "\tAuthorityInfoAccess: (null)\n" + "\tSubjectInfoAccess: (null)\n" + "\tCacheFlag: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + testToStringHelper + ((PKIX_PL_Object *)altNameMultipleCert, + expectedAscii, + plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames + (altNameMultipleCert, &altNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext)); + + if (firstAltName->type != firstExpectedType){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", firstAltName->type); + (void) printf("Expected value:\t%d\n", firstExpectedType); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext)); + + if (secondAltName->type != secondExpectedType){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", secondAltName->type); + (void) printf("Expected value:\t%d\n", secondExpectedType); + goto cleanup; + } + +cleanup: + PKIX_TEST_DECREF_AC(altNames); + PKIX_TEST_DECREF_AC(firstAltName); + PKIX_TEST_DECREF_AC(secondAltName); + PKIX_TEST_RETURN(); +} + +static void testGetSubjectAltNames(char *dataCentralDir){ + + char *expectedAscii = NULL; + + createCertsWithSubjectAltNames(dataCentralDir); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>"); + expectedAscii = "east.sun.com"; + testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>"); + expectedAscii = "alice.barnes@bcn.east.sun.com"; + testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii); + + /* + *this should work once bugzilla bug #233586 is fixed. + *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>"); + *expectedAscii = "X400Address: <DER-encoded value>"; + *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii); + */ + + subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>"); + expectedAscii = "CN=elley,OU=labs,O=sun,C=us"; + testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii); + + /* + * this should work once bugzilla bug #233586 is fixed. + * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>"); + * expectedAscii = "EDIPartyName: <DER-encoded value>"; + * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii); + */ + + subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>"); + expectedAscii = "http://www.sun.com"; + testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>"); + expectedAscii = "1.2.3.4"; + testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>"); + expectedAscii = "1.2.39"; + testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>"); + expectedAscii = "1.7.26.97"; + testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <none>"); + testAltNamesNone(altNameNoneCert); + + subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>"); + testAltNamesMultiple(); +} + +static void testGetSubjectPublicKey( + PKIX_PL_Cert *goodObject, + PKIX_PL_Cert *equalObject, + PKIX_PL_Cert *diffObject) +{ + PKIX_PL_PublicKey *goodPubKey = NULL; + PKIX_PL_PublicKey *equalPubKey = NULL; + PKIX_PL_PublicKey *diffPubKey = NULL; + char *expectedAscii = "ANSI X9.57 DSA Signature"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey + (goodObject, &goodPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey + (equalObject, &equalPubKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey + (diffObject, &diffPubKey, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodPubKey, equalPubKey, diffPubKey, + expectedAscii, PublicKey, PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodPubKey); + PKIX_TEST_DECREF_AC(equalPubKey); + PKIX_TEST_DECREF_AC(diffPubKey); + + PKIX_TEST_RETURN(); +} + +static void testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject){ + PKIX_PL_OID *pkixPubKeyOID = NULL; + char *expectedAscii = "1.2.840.10040.4.1"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKeyAlgId + (goodObject, &pkixPubKeyOID, plContext)); + + testToStringHelper + ((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(pkixPubKeyOID); + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsPresent(PKIX_PL_Cert *cert) +{ + PKIX_List *critOIDList = NULL; + char *firstOIDAscii = "2.5.29.15"; + PKIX_PL_OID *firstOID = NULL; + char *secondOIDAscii = "2.5.29.19"; + PKIX_PL_OID *secondOID = NULL; + + PKIX_TEST_STD_VARS(); + + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs + (cert, &critOIDList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext)); + testToStringHelper + ((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext)); + + testToStringHelper + ((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(critOIDList); + PKIX_TEST_DECREF_AC(firstOID); + PKIX_TEST_DECREF_AC(secondOID); + + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_Cert *cert) +{ + PKIX_List *oidList = NULL; + PKIX_Boolean empty; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs + (cert, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_IsEmpty(oidList, &empty, plContext)); + + if (!empty){ + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + PKIX_TEST_RETURN(); +} + + +static void +testAllExtensionsAbsent(char *dataCentralDir) +{ + PKIX_List *oidList = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_Boolean empty; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <noExtensionsCert>"); + cert = createCert(dataCentralDir, "noExtensionsCert", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs + (cert, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_IsEmpty(oidList, &empty, plContext)); + + if (!empty){ + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + PKIX_TEST_DECREF_AC(oidList); + PKIX_TEST_DECREF_AC(cert); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject) +{ + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<CritExtensionsPresent>"); + testCritExtensionsPresent(goodObject); + + + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<CritExtensionsAbsent>"); + testCritExtensionsAbsent(altNameOidCert); + + + subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " + "<AllExtensionsAbsent>"); + testAllExtensionsAbsent(dataCentralDir); +} + +static void +testKeyIdentifiersMatching(char *dataCentralDir) +{ + PKIX_PL_Cert *subjKeyIDCert = NULL; + PKIX_PL_Cert *authKeyIDCert = NULL; + PKIX_PL_ByteArray *subjKeyID = NULL; + PKIX_PL_ByteArray *authKeyID = NULL; + PKIX_PL_ByteArray *subjKeyID_diff = NULL; + + char *expectedAscii = + "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225," + " 139, 009, 126, 127, 234, 025, 072, 078, 097]"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <subjKeyIDCert>"); + subjKeyIDCert = createCert + (dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext); + + subTest("PKIX_PL_Cert_Create <authKeyIDCert>"); + authKeyIDCert = createCert + (dataCentralDir, "keyIdentifier/authKeyIDCert", plContext); + + subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier + (subjKeyIDCert, &subjKeyID, plContext)); + + subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier + (authKeyIDCert, &authKeyID, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectKeyIdentifier + (authKeyIDCert, &subjKeyID_diff, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (subjKeyID, + authKeyID, + subjKeyID_diff, + expectedAscii, + ByteArray, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(subjKeyIDCert); + PKIX_TEST_DECREF_AC(authKeyIDCert); + PKIX_TEST_DECREF_AC(subjKeyID); + PKIX_TEST_DECREF_AC(authKeyID); + PKIX_TEST_DECREF_AC(subjKeyID_diff); + + PKIX_TEST_RETURN(); +} + +static void +testKeyIdentifierAbsent(PKIX_PL_Cert *cert) +{ + PKIX_PL_ByteArray *subjKeyID = NULL; + PKIX_PL_ByteArray *authKeyID = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier + (cert, &subjKeyID, plContext)); + + if (subjKeyID != NULL){ + pkixTestErrorMsg = "unexpected mismatch"; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier + (cert, &authKeyID, plContext)); + + if (authKeyID != NULL){ + pkixTestErrorMsg = "unexpected mismatch"; + } + + +cleanup: + + PKIX_TEST_DECREF_AC(subjKeyID); + PKIX_TEST_DECREF_AC(authKeyID); + + PKIX_TEST_RETURN(); +} + +static void +testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject) +{ + testKeyIdentifiersMatching(dataCentralDir); + testKeyIdentifierAbsent(goodObject); +} + +static void +testVerifyKeyUsage( + char *dataCentralDir, + char *dataDir, + PKIX_PL_Cert *multiKeyUsagesCert) +{ + PKIX_PL_Cert *encipherOnlyCert = NULL; + PKIX_PL_Cert *decipherOnlyCert = NULL; + PKIX_PL_Cert *noKeyUsagesCert = NULL; + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <encipherOnlyCert>"); + encipherOnlyCert = createCert + (dataCentralDir, "keyUsage/encipherOnlyCert", plContext); + + subTest("PKIX_PL_Cert_Create <decipherOnlyCert>"); + decipherOnlyCert = createCert + (dataCentralDir, "keyUsage/decipherOnlyCert", plContext); + + subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>"); + noKeyUsagesCert = createCert + (dataCentralDir, "keyUsage/noKeyUsagesCert", plContext); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_VerifyKeyUsage + (multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage + (multiKeyUsagesCert, + PKIX_KEY_CERT_SIGN | PKIX_DIGITAL_SIGNATURE, + plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_VerifyKeyUsage + (encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_VerifyKeyUsage + (noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext)); + + subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_Cert_VerifyKeyUsage + (decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(encipherOnlyCert); + PKIX_TEST_DECREF_AC(decipherOnlyCert); + PKIX_TEST_DECREF_AC(noKeyUsagesCert); + + PKIX_TEST_RETURN(); +} + +static void +testGetExtendedKeyUsage(char *dataCentralDir) +{ + + PKIX_PL_Cert *codeSigningEKUCert = NULL; + PKIX_PL_Cert *multiEKUCert = NULL; + PKIX_PL_Cert *noEKUCert = NULL; + PKIX_List *firstExtKeyUsage = NULL; + PKIX_List *secondExtKeyUsage = NULL; + PKIX_List *thirdExtKeyUsage = NULL; + PKIX_PL_OID *firstOID = NULL; + char *oidAscii = "1.3.6.1.5.5.7.3.3"; + PKIX_PL_OID *secondOID = NULL; + char *secondOIDAscii = "1.3.6.1.5.5.7.3.1"; + PKIX_PL_OID *thirdOID = NULL; + char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2"; + PKIX_PL_OID *fourthOID = NULL; + PKIX_UInt32 length = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>"); + codeSigningEKUCert = createCert + (dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext); + + subTest("PKIX_PL_Cert_Create <multiEKUCert>"); + multiEKUCert = createCert + (dataCentralDir, "extKeyUsage/multiEKUCert", plContext); + + subTest("PKIX_PL_Cert_Create <noEKUCert>"); + noEKUCert = createCert + (dataCentralDir, "extKeyUsage/noEKUCert", plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage + (codeSigningEKUCert, &firstExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext)); + testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage + (multiEKUCert, &secondExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (secondExtKeyUsage, &length, plContext)); + + if (length != 3){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", length); + (void) printf("Expected value:\t3\n"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (secondExtKeyUsage, + 0, + (PKIX_PL_Object **)&secondOID, + plContext)); + + testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (secondExtKeyUsage, + 1, + (PKIX_PL_Object **)&thirdOID, + plContext)); + + testToStringHelper + ((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (secondExtKeyUsage, + 2, + (PKIX_PL_Object **)&fourthOID, + plContext)); + + testToStringHelper + ((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext); + + subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage + (noEKUCert, &thirdExtKeyUsage, plContext)); + + if (thirdExtKeyUsage != NULL){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage); + (void) printf("Expected value:\tNULL\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(firstOID); + PKIX_TEST_DECREF_AC(secondOID); + PKIX_TEST_DECREF_AC(thirdOID); + PKIX_TEST_DECREF_AC(fourthOID); + + PKIX_TEST_DECREF_AC(firstExtKeyUsage); + PKIX_TEST_DECREF_AC(secondExtKeyUsage); + PKIX_TEST_DECREF_AC(thirdExtKeyUsage); + + PKIX_TEST_DECREF_AC(codeSigningEKUCert); + PKIX_TEST_DECREF_AC(multiEKUCert); + PKIX_TEST_DECREF_AC(noEKUCert); + + PKIX_TEST_RETURN(); +} + +static void testMakeInheritedDSAPublicKey(char *dataCentralDir){ + PKIX_PL_PublicKey *firstKey = NULL; + PKIX_PL_PublicKey *secondKey = NULL; + PKIX_PL_PublicKey *resultKeyPositive = NULL; + PKIX_PL_PublicKey *resultKeyNegative = NULL; + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <dsaWithoutParams>"); + firstCert = createCert + (dataCentralDir, "publicKey/dsaWithoutParams", plContext); + + subTest("PKIX_PL_Cert_Create <dsaWithParams>"); + secondCert = createCert + (dataCentralDir, "publicKey/dsaWithParams", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKey + (firstCert, &firstKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey + (secondCert, &secondKey, plContext)); + + subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey + (firstKey, secondKey, &resultKeyPositive, plContext)); + + if (resultKeyPositive == NULL){ + testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed"); + } + + subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>"); + PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey + (firstKey, firstKey, &resultKeyNegative, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + + PKIX_TEST_DECREF_AC(firstKey); + PKIX_TEST_DECREF_AC(secondKey); + PKIX_TEST_DECREF_AC(resultKeyPositive); + PKIX_TEST_DECREF_AC(resultKeyNegative); + + PKIX_TEST_RETURN(); +} + +static void testVerifySignature(char *dataCentralDir){ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_PublicKey *firstPubKey = NULL; + PKIX_PL_PublicKey *secondPubKey = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <labs2yassir>"); + firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext); + + subTest("PKIX_PL_Cert_Create <yassir2labs>"); + secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKey + (firstCert, &firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKey + (secondCert, &secondPubKey, plContext)); + + subTest("PKIX_PL_Cert_VerifySignature <positive>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_VerifySignature + (secondCert, firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_VerifySignature <negative>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_Cert_VerifySignature + (secondCert, secondPubKey, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(firstPubKey); + PKIX_TEST_DECREF_AC(secondPubKey); + + PKIX_TEST_RETURN(); +} + +static void +testCheckValidity( + PKIX_PL_Cert *olderCert, + PKIX_PL_Cert *newerCert) +{ + /* + * olderCert has the following Validity: + * notBefore = August 19, 1999: 20:19:56 GMT + * notAfter = August 18, 2000: 20:19:56 GMT + * + * newerCert has the following Validity: + * notBefore = November 13, 2003: 16:46:03 GMT + * notAfter = February 13, 2009: 16:46:03 GMT + */ + + /* olderDateAscii = March 29, 2000: 13:48:47 GMT */ + char *olderAscii = "000329134847Z"; + PKIX_PL_String *olderString = NULL; + PKIX_PL_Date *olderDate = NULL; + + /* newerDateAscii = March 29, 2004: 13:48:47 GMT */ + char *newerAscii = "040329134847Z"; + PKIX_PL_String *newerString = NULL; + PKIX_PL_Date *newerDate = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_CheckValidity <creating Dates>"); + + /* create newer date when newer cert is valid but older cert is not */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create + (PKIX_ESCASCII, newerAscii, 0, &newerString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Date_Create_UTCTime + (newerString, &newerDate, plContext)); + + /* create older date when older cert is valid but newer cert is not */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create + (PKIX_ESCASCII, olderAscii, 0, &olderString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Date_Create_UTCTime + (olderString, &olderDate, plContext)); + + /* check validity of both certificates using olderDate */ + subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext)); + + /* check validity of both certificates using newerDate */ + subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext)); + + /* + * check validity of both certificates using current time + * NOTE: these "now" tests will not work when the current + * time is after newerCert.notAfter (~ February 13, 2009) + */ + subTest("PKIX_PL_Cert_CheckValidity <now:positive>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext)); + + subTest("PKIX_PL_Cert_CheckValidity <now:negative>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext)); + +cleanup: + PKIX_TEST_DECREF_AC(olderString); + PKIX_TEST_DECREF_AC(newerString); + PKIX_TEST_DECREF_AC(olderDate); + PKIX_TEST_DECREF_AC(newerDate); + + PKIX_TEST_RETURN(); +} + +static void +readCertBasicConstraints( + char *dataDir, + char *goodCertName, + char *diffCertName, + PKIX_PL_CertBasicConstraints **goodBasicConstraints, + PKIX_PL_CertBasicConstraints **equalBasicConstraints, + PKIX_PL_CertBasicConstraints **diffBasicConstraints){ + + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + + PKIX_TEST_STD_VARS(); + + createCerts(dataDir, goodCertName, diffCertName, + &goodCert, &equalCert, &diffCert); + /* + * Warning: pointer will be NULL if BasicConstraints + * extension is not present in the certificate. */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints + (goodCert, goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints + (equalCert, equalBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints + (diffCert, diffBasicConstraints, plContext)); + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraintsHelper( + char *dataDir, + char *goodCertName, + char *diffCertName, + char *expectedAscii) +{ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + + PKIX_TEST_STD_VARS(); + + readCertBasicConstraints + (dataDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + /* + * The standard test macro is applicable only + * if BasicConstraint extension is present + * in the certificate. Otherwise some + * pointers will be null. + */ + if ((goodBasicConstraints) && + (equalBasicConstraints) && + (diffBasicConstraints)) { + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodBasicConstraints, + equalBasicConstraints, + diffBasicConstraints, + expectedAscii, + BasicConstraints, + PKIX_TRUE); + } else { + /* Test what we can */ + if (goodBasicConstraints) { + if (!equalBasicConstraints) { + testError + ("Unexpected NULL value of equalBasicConstraints"); + goto cleanup; + } + subTest("PKIX_PL_BasicConstraints_Equals <match>"); + testEqualsHelper + ((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(equalBasicConstraints), + PKIX_TRUE, + plContext); + subTest("PKIX_PL_BasicConstraints_Hashcode <match>"); + testHashcodeHelper + ((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(equalBasicConstraints), + PKIX_TRUE, + plContext); + if (diffBasicConstraints) { + subTest("PKIX_PL_BasicConstraints_Equals <non-match>"); + testEqualsHelper + ((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(diffBasicConstraints), + PKIX_FALSE, + plContext); + subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>"); + testHashcodeHelper + ((PKIX_PL_Object *)(goodBasicConstraints), + (PKIX_PL_Object *)(diffBasicConstraints), + PKIX_FALSE, + plContext); + } + subTest("PKIX_PL_BasicConstraints_Duplicate"); + testDuplicateHelper + ((PKIX_PL_Object *)goodBasicConstraints, plContext); + } + if (expectedAscii) { + subTest("PKIX_PL_BasicConstraints_ToString"); + testToStringHelper + ((PKIX_PL_Object *)(goodBasicConstraints), + expectedAscii, + plContext); + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraints_GetCAFlag(char *dataCentralDir) +{ + /* + * XXX When we have a certificate with a non-null Basic + * Constraints field and a value of FALSE for CAFlag, + * this test should be modified to use that + * certificate for diffCertName, and to verify that + * GetCAFlag returns a FALSE value. But our certificates for + * non-CAs are created with no BasicConstraints extension. + */ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + char *goodCertName = "yassir2yassir"; + char *diffCertName = "nss2alice"; + PKIX_Boolean goodCAFlag = PKIX_FALSE; + PKIX_Boolean diffCAFlag = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_BasicConstraints_GetCAFlag"); + + readCertBasicConstraints + (dataCentralDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag + (goodBasicConstraints, &goodCAFlag, plContext)); + if (!goodCAFlag) { + testError("BasicConstraint CAFlag unexpectedly FALSE"); + goto cleanup; + } + + if (diffBasicConstraints) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag + (diffBasicConstraints, &diffCAFlag, plContext)); + if (diffCAFlag) { + testError("BasicConstraint CAFlag unexpectedly TRUE"); + goto cleanup; + } + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testBasicConstraints_GetPathLenConstraint(char *dataCentralDir) +{ + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + char *goodCertName = "yassir2yassir"; + char *diffCertName = "sun2sun"; + PKIX_Int32 goodPathLen = 0; + PKIX_Int32 diffPathLen = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint"); + + readCertBasicConstraints + (dataCentralDir, + goodCertName, + diffCertName, + &goodBasicConstraints, + &equalBasicConstraints, + &diffBasicConstraints); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_BasicConstraints_GetPathLenConstraint + (goodBasicConstraints, &goodPathLen, plContext)); + if (0 != goodPathLen) { + testError("unexpected basicConstraint pathLen"); + (void) printf("Actual value:\t%d\n", goodPathLen); + (void) printf("Expected value:\t0\n"); + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_BasicConstraints_GetPathLenConstraint + (diffBasicConstraints, &diffPathLen, plContext)); + if (1 != diffPathLen) { + testError("unexpected basicConstraint pathLen"); + (void) printf("Actual value:\t%d\n", diffPathLen); + (void) printf("Expected value:\t1\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(equalBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + + PKIX_TEST_RETURN(); +} + +static void +testGetBasicConstraints(char *dataCentralDir) +{ + char *goodCertName = NULL; + char *diffCertName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>"); + goodCertName = "yassir2yassir"; + diffCertName = "nss2alice"; + testBasicConstraintsHelper + (dataCentralDir, goodCertName, diffCertName, "CA(0)"); + + subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>"); + goodCertName = "nss2alice"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper + (dataCentralDir, goodCertName, diffCertName, NULL); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>"); + goodCertName = "yassir2bcn"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper + (dataCentralDir, goodCertName, diffCertName, "CA(0)"); + + subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>"); + goodCertName = "anchor2dsa"; + diffCertName = "sun2sun"; + testBasicConstraintsHelper + (dataCentralDir, goodCertName, diffCertName, "CA(-1)"); + + PKIX_TEST_RETURN(); +} + +static void +testGetPolicyInformation(char *dataDir) +{ + + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest15EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest17EE.crt"; + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List* goodPolicyInfo = NULL; + PKIX_List* equalPolicyInfo = NULL; + PKIX_List* diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_Cert_GetPolicyInformation"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodPolicy, + equalPolicy, + diffPolicy, + NULL, + CertPolicyInfo, + PKIX_FALSE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable + (goodPolicyInfo, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PolicyInfo List is not immutable"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testCertPolicy_GetPolicyId(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest17EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List* goodPolicyInfo = NULL; + PKIX_List* equalPolicyInfo = NULL; + PKIX_List* diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_PL_OID *goodID = NULL; + PKIX_PL_OID *equalID = NULL; + PKIX_PL_OID *diffID = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertPolicyInfo_GetPolicyId"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Finally, get the policyInfo's ID. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId + (goodPolicy, &goodID, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId + (equalPolicy, &equalID, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId + (diffPolicy, &diffID, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodID, equalID, diffID, NULL, OID, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodID); + PKIX_TEST_DECREF_AC(equalID); + PKIX_TEST_DECREF_AC(diffID); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testCertPolicy_GetPolQualifiers(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest18EE.crt"; + PKIX_Boolean isImmutable = PKIX_FALSE; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List* goodPolicyInfo = NULL; + PKIX_List* equalPolicyInfo = NULL; + PKIX_List* diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List* goodQuals = NULL; + PKIX_List* equalQuals = NULL; + PKIX_List* diffQuals = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (goodPolicy, &goodQuals, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (equalPolicy, &equalQuals, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (diffPolicy, &diffQuals, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodQuals, + equalQuals, + diffQuals, + NULL, + List, + PKIX_FALSE); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable + (goodQuals, &isImmutable, plContext)); + + if (isImmutable != PKIX_TRUE) { + testError("PolicyQualifier List is not immutable"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(diffQuals); + + PKIX_TEST_RETURN(); +} + +static void +testPolicyQualifier_GetQualifier(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "UserNoticeQualifierTest18EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List* goodPolicyInfo = NULL; + PKIX_List* equalPolicyInfo = NULL; + PKIX_List* diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List* goodQuals = NULL; + PKIX_List* equalQuals = NULL; + PKIX_List* diffQuals = NULL; + PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; + PKIX_PL_ByteArray *goodArray = NULL; + PKIX_PL_ByteArray *equalArray = NULL; + PKIX_PL_ByteArray *diffArray = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_PolicyQualifier_GetQualifier"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + * Take the first policyQualifier from the list. + * Finally, get the policyQualifier's ByteArray. + */ + + /* Get the PolicyInfo objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (goodPolicy, &goodQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (goodQuals, + 0, + (PKIX_PL_Object **)&goodPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier + (goodPolQualifier, &goodArray, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (equalPolicy, &equalQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (equalQuals, + 0, + (PKIX_PL_Object **)&equalPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier + (equalPolQualifier, &equalArray, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (diffPolicy, &diffQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (diffQuals, + 0, + (PKIX_PL_Object **)&diffPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier + (diffPolQualifier, &diffArray, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodArray); + PKIX_TEST_DECREF_AC(equalArray); + PKIX_TEST_DECREF_AC(diffArray); + PKIX_TEST_DECREF_AC(goodPolQualifier); + PKIX_TEST_DECREF_AC(equalPolQualifier); + PKIX_TEST_DECREF_AC(diffPolQualifier); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(diffQuals); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testPolicyQualifier_GetPolicyQualifierId(char *dataDir) +{ + char *goodCertName = + "UserNoticeQualifierTest15EE.crt"; + char *equalCertName = + "UserNoticeQualifierTest16EE.crt"; + char *diffCertName = + "CPSPointerQualifierTest20EE.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_List* goodPolicyInfo = NULL; + PKIX_List* equalPolicyInfo = NULL; + PKIX_List* diffPolicyInfo = NULL; + PKIX_PL_CertPolicyInfo *goodPolicy = NULL; + PKIX_PL_CertPolicyInfo *equalPolicy = NULL; + PKIX_PL_CertPolicyInfo *diffPolicy = NULL; + PKIX_List* goodQuals = NULL; + PKIX_List* equalQuals = NULL; + PKIX_List* diffQuals = NULL; + PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; + PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; + PKIX_PL_OID *goodID = NULL; + PKIX_PL_OID *equalID = NULL; + PKIX_PL_OID *diffID = NULL; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId"); + + /* + * Get the cert, then the list of policyInfos. + * Take the first policyInfo from the list. + * Get its list of PolicyQualifiers. + * Take the first policyQualifier from the list. + * Finally, get the policyQualifier's ID. + */ + + /* Get the PolicyQualifier objects */ + goodCert = createCert(dataDir, goodCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (goodCert, &goodPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (goodPolicy, &goodQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (goodQuals, + 0, + (PKIX_PL_Object **)&goodPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId + (goodPolQualifier, &goodID, plContext)); + + equalCert = createCert(dataDir, equalCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (equalCert, &equalPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (equalPolicyInfo, + 0, + (PKIX_PL_Object **)&equalPolicy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (equalPolicy, &equalQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (equalQuals, + 0, + (PKIX_PL_Object **)&equalPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId + (equalPolQualifier, &equalID, plContext)); + + diffCert = createCert(dataDir, diffCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation + (diffCert, &diffPolicyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers + (diffPolicy, &diffQuals, plContext)); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_List_GetItem + (diffQuals, + 0, + (PKIX_PL_Object **)&diffPolQualifier, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId + (diffPolQualifier, &diffID, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodID, equalID, diffID, NULL, OID, PKIX_FALSE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodID); + PKIX_TEST_DECREF_AC(equalID); + PKIX_TEST_DECREF_AC(diffID); + PKIX_TEST_DECREF_AC(goodPolQualifier); + PKIX_TEST_DECREF_AC(equalPolQualifier); + PKIX_TEST_DECREF_AC(diffPolQualifier); + PKIX_TEST_DECREF_AC(goodQuals); + PKIX_TEST_DECREF_AC(equalQuals); + PKIX_TEST_DECREF_AC(diffQuals); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(diffPolicy); + PKIX_TEST_DECREF_AC(goodPolicyInfo); + PKIX_TEST_DECREF_AC(equalPolicyInfo); + PKIX_TEST_DECREF_AC(diffPolicyInfo); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_RETURN(); +} + +static void +testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir) +{ + + char *trueCertName = "CertificatePoliciesCritical.crt"; + char *falseCertName = "UserNoticeQualifierTest15EE.crt"; + PKIX_PL_Cert *trueCert = NULL; + PKIX_PL_Cert *falseCert = NULL; + PKIX_Boolean trueVal = PKIX_FALSE; + PKIX_Boolean falseVal = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>"); + + trueCert = createCert(dataCentralDir, trueCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical + (trueCert, &trueVal, plContext)); + + if (trueVal != PKIX_TRUE) { + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", trueVal); + (void) printf("Expected value:\t1\n"); + goto cleanup; + } + + subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>"); + + falseCert = createCert(dataDir, falseCertName, plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical + (falseCert, &falseVal, plContext)); + + if (falseVal != PKIX_FALSE) { + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", falseVal); + (void) printf("Expected value:\t0\n"); + goto cleanup; + } + +cleanup: + + PKIX_TEST_DECREF_AC(trueCert); + PKIX_TEST_DECREF_AC(falseCert); + + PKIX_TEST_RETURN(); +} + +static void +testCertPolicyConstraints(char *dataDir) +{ + char *requireExplicitPolicy2CertName = + "requireExplicitPolicy2CACert.crt"; + char *inhibitPolicyMapping5CertName = + "inhibitPolicyMapping5CACert.crt"; + char *inhibitAnyPolicy5CertName = + "inhibitAnyPolicy5CACert.crt"; + char *inhibitAnyPolicy0CertName = + "inhibitAnyPolicy0CACert.crt"; + PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL; + PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL; + PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL; + PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL; + PKIX_Int32 skipCerts = 0; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetRequireExplicitPolicy"); + requireExplicitPolicy2Cert = createCert + (dataDir, requireExplicitPolicy2CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy + (requireExplicitPolicy2Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 2); + + subTest("PKIX_PL_Cert_GetPolicyMappingInhibited"); + inhibitPolicyMapping5Cert = createCert + (dataDir, inhibitPolicyMapping5CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited + (inhibitPolicyMapping5Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 5); + + subTest("PKIX_PL_Cert_GetInhibitAnyPolicy"); + inhibitAnyPolicy5Cert = createCert + (dataDir, inhibitAnyPolicy5CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy + (inhibitAnyPolicy5Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 5); + + inhibitAnyPolicy0Cert = createCert + (dataDir, inhibitAnyPolicy0CertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy + (inhibitAnyPolicy0Cert, &skipCerts, NULL)); + PR_ASSERT(skipCerts == 0); + +cleanup: + + PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert); + PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert); + PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert); + PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert); + + PKIX_TEST_RETURN(); +} + +static void +testCertPolicyMaps(char *dataDir) +{ + char *policyMappingsCertName = + "P1Mapping1to234CACert.crt"; + char *expectedAscii = + "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2"; + + PKIX_PL_Cert *policyMappingsCert = NULL; + PKIX_List *mappings = NULL; + PKIX_PL_CertPolicyMap *goodMap = NULL; + PKIX_PL_CertPolicyMap *equalMap = NULL; + PKIX_PL_CertPolicyMap *diffMap = NULL; + PKIX_PL_OID *goodOID = NULL; + PKIX_PL_OID *equalOID = NULL; + PKIX_PL_OID *diffOID = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_GetPolicyMappings"); + + policyMappingsCert = createCert + (dataDir, policyMappingsCertName, plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings + (policyMappingsCert, &mappings, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (mappings, 0, (PKIX_PL_Object **)&goodMap, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (mappings, 0, (PKIX_PL_Object **)&equalMap, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (mappings, 2, (PKIX_PL_Object **)&diffMap, NULL)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodMap, + equalMap, + diffMap, + expectedAscii, + CertPolicyMap, + PKIX_TRUE); + + subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy + (goodMap, &goodOID, NULL)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy + (diffMap, &equalOID, NULL)); + subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy + (diffMap, &diffOID, NULL)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodOID, + equalOID, + diffOID, + "2.16.840.1.101.3.2.1.48.1", + OID, + PKIX_FALSE); + + subTest("pkix_pl_CertPolicyMap_Destroy"); + PKIX_TEST_DECREF_BC(goodMap); + PKIX_TEST_DECREF_BC(equalMap); + PKIX_TEST_DECREF_BC(diffMap); + +cleanup: + PKIX_TEST_DECREF_AC(policyMappingsCert); + PKIX_TEST_DECREF_AC(mappings); + PKIX_TEST_DECREF_AC(goodOID); + PKIX_TEST_DECREF_AC(equalOID); + PKIX_TEST_DECREF_AC(diffOID); + + PKIX_TEST_RETURN(); +} + + +static void +testNameConstraints(char *dataDir) +{ + char *firstPname = "nameConstraintsDN3subCA2Cert.crt"; + char *secondPname = "nameConstraintsDN4CACert.crt"; + char *thirdPname = "nameConstraintsDN5CACert.crt"; + char *lastPname = "InvalidDNnameConstraintsTest3EE.crt"; + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_Cert *thirdCert = NULL; + PKIX_PL_Cert *lastCert = NULL; + PKIX_PL_CertNameConstraints *firstNC = NULL; + PKIX_PL_CertNameConstraints *secondNC = NULL; + PKIX_PL_CertNameConstraints *thirdNC = NULL; + PKIX_PL_CertNameConstraints *firstMergedNC = NULL; + PKIX_PL_CertNameConstraints *secondMergedNC = NULL; + char *firstExpectedAscii = + "[\n" + "\t\tPermitted Name: (O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates," + "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n" + "\t]\n"; + char *secondExpectedAscii = + "[\n" + "\t\tPermitted Name: (O=Test Certificates,C=US, " + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "O=Test Certificates," + "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, " + "OU=excludedSubtree1,OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + subTest("PKIX_PL_CertNameConstraints"); + + firstCert = createCert(dataDir, firstPname, plContext); + secondCert = createCert(dataDir, secondPname, plContext); + thirdCert = createCert(dataDir, thirdPname, plContext); + lastCert = createCert(dataDir, lastPname, plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints <total=3>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints + (firstCert, &firstNC, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints + (secondCert, &secondNC, NULL)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints + (thirdCert, &thirdNC, NULL)); + + subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints + (firstNC, secondNC, &firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints + (firstMergedNC, thirdNC, &secondMergedNC, NULL)); + + testToStringHelper + ((PKIX_PL_Object *)firstMergedNC, + firstExpectedAscii, + plContext); + + testToStringHelper + ((PKIX_PL_Object *)secondMergedNC, + secondExpectedAscii, + plContext); + + subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>"); + + /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints + (firstCert, firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>"); + + /* + * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, + * OU=permittedSubtree1,O=Test Certificates,C=US + */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints + (lastCert, secondMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); + + /* + * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, + * OU=permittedSubtree1,O=Test Certificates,C=US + * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate + * Test3,OU=excludedSubtree1,O=Test Certificates,C=US + */ + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints + (lastCert, firstMergedNC, NULL)); + + subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); + + PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints + (firstCert, secondMergedNC, NULL)); + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(thirdCert); + PKIX_TEST_DECREF_AC(lastCert); + PKIX_TEST_DECREF_AC(firstNC); + PKIX_TEST_DECREF_AC(secondNC); + PKIX_TEST_DECREF_AC(thirdNC); + PKIX_TEST_DECREF_AC(firstMergedNC); + PKIX_TEST_DECREF_AC(secondMergedNC); + + PKIX_TEST_RETURN(); +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + + PKIX_TEST_DECREF_BC(altNameNoneCert); + PKIX_TEST_DECREF_BC(altNameOtherCert); + PKIX_TEST_DECREF_BC(altNameOtherCert_diff); + PKIX_TEST_DECREF_BC(altNameRfc822Cert); + PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff); + PKIX_TEST_DECREF_BC(altNameDnsCert); + PKIX_TEST_DECREF_BC(altNameDnsCert_diff); + PKIX_TEST_DECREF_BC(altNameX400Cert); + PKIX_TEST_DECREF_BC(altNameX400Cert_diff); + PKIX_TEST_DECREF_BC(altNameDnCert); + PKIX_TEST_DECREF_BC(altNameDnCert_diff); + PKIX_TEST_DECREF_BC(altNameEdiCert); + PKIX_TEST_DECREF_BC(altNameEdiCert_diff); + PKIX_TEST_DECREF_BC(altNameUriCert); + PKIX_TEST_DECREF_BC(altNameUriCert_diff); + PKIX_TEST_DECREF_BC(altNameIpCert); + PKIX_TEST_DECREF_BC(altNameIpCert_diff); + PKIX_TEST_DECREF_BC(altNameOidCert); + PKIX_TEST_DECREF_BC(altNameOidCert_diff); + PKIX_TEST_DECREF_BC(altNameMultipleCert); + +cleanup: + + PKIX_TEST_RETURN(); + +} + +static +void printUsage(void) { + (void) printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n"); +} + +int test_cert(int argc, char *argv[]) { + + PKIX_PL_Cert *goodObject = NULL; + PKIX_PL_Cert *equalObject = NULL; + PKIX_PL_Cert *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataCentralDir = NULL; + char *dataDir = NULL; + char *goodInput = "yassir2bcn"; + char *diffInput = "nss2alice"; + + char *expectedAscii = + "[\n" + "\tVersion: v3\n" + "\tSerialNumber: 37bc66ec\n" + "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" + "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" + "\tValidity: [From: Thu Aug 19, 1999\n" + /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */ + "\t To: Fri Aug 18, 2000]\n" + /* "\t To: Fri Aug 18 16:19:56 2000]\n" */ + "\tSubjectAltNames: (null)\n" + "\tAuthorityKeyId: (null)\n" + "\tSubjectKeyId: (null)\n" + "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" + "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" + "\tExtKeyUsages: (null)\n" + "\tBasicConstraint: CA(0)\n" + "\tCertPolicyInfo: (null)\n" + "\tPolicyMappings: (null)\n" + "\tExplicitPolicy: -1\n" + "\tInhibitMapping: -1\n" + "\tInhibitAnyPolicy:-1\n" + "\tNameConstraints: (null)\n" + "\tAuthorityInfoAccess: (null)\n" + "\tSubjectInfoAccess: (null)\n" + "\tCacheFlag: 0\n" + "]\n"; + + PKIX_TEST_STD_VARS(); + + startTests("Cert"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3+j) { + printUsage(); + return (0); + } + + dataCentralDir = argv[2+j]; + dataDir = argv[3+j]; + + createCerts + (dataCentralDir, + goodInput, + diffInput, + &goodObject, + &equalObject, + &diffObject); + + testToStringHelper + ((PKIX_PL_Object*)goodObject, expectedAscii, plContext); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodObject, + equalObject, + diffObject, + expectedAscii, + Cert, + PKIX_TRUE); + + testVerifyKeyUsage(dataCentralDir, dataDir, goodObject); + + + testGetExtendedKeyUsage(dataCentralDir); + testGetKeyIdentifiers(dataCentralDir, goodObject); + + testGetVersion(goodObject); + testGetSerialNumber(goodObject, equalObject, diffObject); + + testGetSubject(goodObject, equalObject, diffObject); + testGetIssuer(goodObject, equalObject, diffObject); + + testGetSubjectAltNames(dataCentralDir); + testGetCriticalExtensionOIDs(dataCentralDir, goodObject); + + testGetSubjectPublicKey(goodObject, equalObject, diffObject); + testGetSubjectPublicKeyAlgId(goodObject); + testMakeInheritedDSAPublicKey(dataCentralDir); + + testCheckValidity(goodObject, diffObject); + + testBasicConstraints_GetCAFlag(dataCentralDir); + testBasicConstraints_GetPathLenConstraint(dataCentralDir); + testGetBasicConstraints(dataCentralDir); + + /* Basic Policy Processing */ + testGetPolicyInformation(dataDir); + testCertPolicy_GetPolicyId(dataDir); + testCertPolicy_GetPolQualifiers(dataDir); + testPolicyQualifier_GetPolicyQualifierId(dataDir); + testPolicyQualifier_GetQualifier(dataDir); + testAreCertPoliciesCritical(dataCentralDir, dataDir); + + /* Advanced Policy Processing */ + testCertPolicyConstraints(dataDir); + testCertPolicyMaps(dataDir); + + testNameConstraints(dataDir); + + testVerifySignature(dataCentralDir); + + testDestroy(goodObject, equalObject, diffObject); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Cert"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c new file mode 100644 index 0000000..87fb31b --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crl.c @@ -0,0 +1,341 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_crl.c + * + * Test CRL Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static +void createCRLs( + char *dataDir, + char *goodInput, + char *diffInput, + PKIX_PL_CRL **goodObject, + PKIX_PL_CRL **equalObject, + PKIX_PL_CRL **diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_Create <goodObject>"); + *goodObject = createCRL(dataDir, goodInput, plContext); + + subTest("PKIX_PL_CRL_Create <equalObject>"); + *equalObject = createCRL(dataDir, goodInput, plContext); + + subTest("PKIX_PL_CRL_Create <diffObject>"); + *diffObject = createCRL(dataDir, diffInput, plContext); + + PKIX_TEST_RETURN(); +} + +static void testGetCRLEntryForSerialNumber( + PKIX_PL_CRL *goodObject) +{ + PKIX_PL_BigInt *bigInt; + PKIX_PL_String *bigIntString = NULL; + PKIX_PL_CRLEntry *crlEntry = NULL; + PKIX_PL_String *crlEntryString = NULL; + char *snAscii = "3039"; + char *expectedAscii = + "\n\t[\n" + "\tSerialNumber: 3039\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + snAscii, + PL_strlen(snAscii), + &bigIntString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + bigIntString, + &bigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + goodObject, bigInt, &crlEntry, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString( + (PKIX_PL_Object *)crlEntry, + &crlEntryString, + plContext)); + + testToStringHelper((PKIX_PL_Object *)crlEntryString, + expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(bigIntString); + PKIX_TEST_DECREF_AC(bigInt); + PKIX_TEST_DECREF_AC(crlEntryString); + PKIX_TEST_DECREF_AC(crlEntry); + PKIX_TEST_RETURN(); +} + +static void testGetIssuer( + PKIX_PL_CRL *goodObject, + PKIX_PL_CRL *equalObject, + PKIX_PL_CRL *diffObject) +{ + PKIX_PL_X500Name *goodIssuer = NULL; + PKIX_PL_X500Name *equalIssuer = NULL; + PKIX_PL_X500Name *diffIssuer = NULL; + char *expectedAscii = "CN=hanfeiyu,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_GetIssuer"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext)); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodIssuer, + equalIssuer, + diffIssuer, + expectedAscii, + X500Name, + PKIX_TRUE); + +cleanup: + + PKIX_TEST_DECREF_AC(goodIssuer); + PKIX_TEST_DECREF_AC(equalIssuer); + PKIX_TEST_DECREF_AC(diffIssuer); + + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_CRL *crl) +{ + PKIX_List *oidList = NULL; + PKIX_UInt32 numOids = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs + (crl, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (oidList, &numOids, plContext)); + if (numOids != 0){ + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject) +{ + subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs " + "<0 element>"); + testCritExtensionsAbsent(goodObject); + +} + +static void testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl){ + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + PKIX_PL_PublicKey *firstPubKey = NULL; + PKIX_PL_PublicKey *secondPubKey = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>"); + firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext); + + subTest("PKIX_PL_Cert_Create <hy2hy-bc0>"); + secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKey + (firstCert, &firstPubKey, plContext)); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_Cert_GetSubjectPublicKey + (secondCert, &secondPubKey, plContext)); + + subTest("PKIX_PL_CRL_VerifySignature <positive>"); + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext)); + + subTest("PKIX_PL_CRL_VerifySignature <negative>"); + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext)); + + +cleanup: + + PKIX_TEST_DECREF_AC(firstCert); + PKIX_TEST_DECREF_AC(secondCert); + PKIX_TEST_DECREF_AC(firstPubKey); + PKIX_TEST_DECREF_AC(secondPubKey); + + PKIX_TEST_RETURN(); +} + +static +void printUsage(void) { + (void) printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n"); +} + +/* Functional tests for CRL public functions */ + +int test_crl(int argc, char *argv[]) { + PKIX_PL_CRL *goodObject = NULL; + PKIX_PL_CRL *equalObject = NULL; + PKIX_PL_CRL *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataCentralDir = NULL; + char *goodInput = "crlgood.crl"; + char *diffInput = "crldiff.crl"; + char *expectedAscii = + "[\n" + "\tVersion: v2\n" + "\tIssuer: CN=hanfeiyu,O=sun,C=us\n" + "\tUpdate: [Last: Fri Jan 07, 2005\n" + /* "\tUpdate: [Last: Fri Jan 07 15:09:10 2005\n" */ + "\t Next: Sat Jan 07, 2006]\n" + /* "\t Next: Sat Jan 07 15:09:10 2006]\n" */ + "\tSignatureAlgId: 1.2.840.10040.4.3\n" + "\tCRL Number : (null)\n" + "\n\tEntry List: (\n" + "\t[\n" + "\tSerialNumber: 010932\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t" + ", " + "\n\t[\n" + "\tSerialNumber: 3039\n" + "\tReasonCode: 257\n" + "\tRevocationDate: Fri Jan 07, 2005\n" + /* "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" */ + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t" + ")" + "\n\n" + "\tCritExtOIDs: (EMPTY)\n" + "]\n"; + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("CRL"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3+j) { + printUsage(); + return (0); + } + + dataCentralDir = argv[2+j]; + + createCRLs + (dataCentralDir, + goodInput, + diffInput, + &goodObject, + &equalObject, + &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodObject, + equalObject, + diffObject, + expectedAscii, + CRL, + PKIX_TRUE); + + testGetIssuer(goodObject, equalObject, diffObject); + + testGetCriticalExtensionOIDs(goodObject); + + testGetCRLEntryForSerialNumber(goodObject); + + testVerifySignature(dataCentralDir, goodObject); + +cleanup: + + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(equalObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRL"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c new file mode 100644 index 0000000..fb1e070 --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c @@ -0,0 +1,244 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_crlentry.c + * + * Test CRLENTRY Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static +void createCRLEntries( + char *dataDir, + char *crlInput, + PKIX_PL_CRL **pCrl, + PKIX_PL_CRLEntry **goodObject, + PKIX_PL_CRLEntry **equalObject, + PKIX_PL_CRLEntry **diffObject) +{ + PKIX_PL_CRL *crl = NULL; + PKIX_PL_BigInt *firstSNBigInt = NULL; + PKIX_PL_BigInt *secondSNBigInt = NULL; + PKIX_PL_String *firstSNString = NULL; + PKIX_PL_String *secondSNString = NULL; + char *firstSNAscii = "010932"; + char *secondSNAscii = "3039"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRL_Create <crl>"); + crl = createCRL(dataDir, crlInput, plContext); + + subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + firstSNAscii, + PL_strlen(firstSNAscii), + &firstSNString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + firstSNString, + &firstSNBigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, firstSNBigInt, goodObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, firstSNBigInt, equalObject, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create( + PKIX_ESCASCII, + secondSNAscii, + PL_strlen(secondSNAscii), + &secondSNString, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create( + secondSNString, + &secondSNBigInt, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber( + crl, secondSNBigInt, diffObject, plContext)); + + + + *pCrl = crl; + +cleanup: + PKIX_TEST_DECREF_AC(firstSNBigInt); + PKIX_TEST_DECREF_AC(secondSNBigInt); + PKIX_TEST_DECREF_AC(firstSNString); + PKIX_TEST_DECREF_AC(secondSNString); + PKIX_TEST_RETURN(); +} + +static void testGetReasonCode( + PKIX_PL_CRLEntry *goodObject) +{ + PKIX_Int32 reasonCode = 0; + PKIX_Int32 expectedReasonCode = 260; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode( + goodObject, &reasonCode, plContext)); + + if (reasonCode != expectedReasonCode) { + testError("unexpected value of CRL Entry Reason Code"); + (void) printf("Actual value:\t%d\n", reasonCode); + (void) printf("Expected value:\t%d\n", expectedReasonCode); + goto cleanup; + } + +cleanup: + PKIX_TEST_RETURN(); +} + +static void +testCritExtensionsAbsent(PKIX_PL_CRLEntry *crlEntry) +{ + PKIX_List *oidList = NULL; + PKIX_UInt32 numOids = 0; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs + (crlEntry, &oidList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (oidList, &numOids, plContext)); + if (numOids != 0){ + pkixTestErrorMsg = "unexpected mismatch"; + } + +cleanup: + + PKIX_TEST_DECREF_AC(oidList); + + PKIX_TEST_RETURN(); +} + +static void +testGetCriticalExtensionOIDs(PKIX_PL_CRLEntry *goodObject) +{ + subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs " + "<CritExtensionsAbsent>"); + testCritExtensionsAbsent(goodObject); + +} + +static +void printUsage(void) { + (void) printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n"); +} + +/* Functional tests for CRLENTRY public functions */ + +int test_crlentry(int argc, char *argv[]) { + PKIX_PL_CRL *crl = NULL; + PKIX_PL_CRLEntry *goodObject = NULL; + PKIX_PL_CRLEntry *equalObject = NULL; + PKIX_PL_CRLEntry *diffObject = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + char *dataDir = NULL; + char *goodInput = "crlgood.crl"; + char *expectedAscii = + "\n\t[\n" + "\tSerialNumber: 010932\n" + "\tReasonCode: 260\n" + "\tRevocationDate: Fri Jan 07 15:09:10 2005\n" + "\tCritExtOIDs: (EMPTY)\n" + "\t]\n\t"; + + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("CRLEntry"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 1+j) { + printUsage(); + return (0); + } + + dataDir = argv[1+j]; + + createCRLEntries + (dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodObject, + equalObject, + diffObject, + NULL, /* expectedAscii, */ + CRLENTRY, + PKIX_TRUE); + + testGetReasonCode(goodObject); + + testGetCriticalExtensionOIDs(goodObject); + +cleanup: + + PKIX_TEST_DECREF_AC(crl); + PKIX_TEST_DECREF_AC(goodObject); + PKIX_TEST_DECREF_AC(equalObject); + PKIX_TEST_DECREF_AC(diffObject); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("CRLEntry"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c new file mode 100644 index 0000000..02ce70e --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_date.c @@ -0,0 +1,141 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_date.c + * + * Test Date Type + * + */ + + + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createDates(char *goodInput, char *diffInput, + PKIX_PL_Date **goodDate, + PKIX_PL_Date **equalDate, + PKIX_PL_Date **diffDate){ + + subTest("PKIX_PL_Date_Create <goodDate>"); + *goodDate = createDate(goodInput, plContext); + + subTest("PKIX_PL_Date_Create <equalDate>"); + *equalDate = createDate(goodInput, plContext); + + subTest("PKIX_PL_Date_Create <diffDate>"); + *diffDate = createDate(diffInput, plContext); + +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_Date_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); + +} + +static +void testDate(char *goodInput, char *diffInput){ + + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + PKIX_PL_Date *diffDate = NULL; + + /* + * The ASCII rep of the date will vary by platform and locale + * This particular string was generated on a SPARC running Solaris 9 + * in an English locale + */ + /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */ + char *expectedAscii = "Mon Mar 29, 2004"; + + PKIX_TEST_STD_VARS(); + + createDates(goodInput, diffInput, + &goodDate, &equalDate, &diffDate); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE); + + testDestroy(goodDate, equalDate, diffDate); + + PKIX_TEST_RETURN(); + +} + +int test_date(int argc, char *argv[]) { + + char *goodInput = NULL; + char *diffInput = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("Date"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + goodInput = "040329134847Z"; + diffInput = "050329135847Z"; + testDate(goodInput, diffInput); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Date"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c new file mode 100644 index 0000000..2ee4bee --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c @@ -0,0 +1,155 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_generalname.c + * + * Test GeneralName Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput, + PKIX_PL_GeneralName **goodName, + PKIX_PL_GeneralName **equalName, + PKIX_PL_GeneralName **diffName){ + + subTest("PKIX_PL_GeneralName_Create <goodName>"); + *goodName = createGeneralName(nameType, goodInput, plContext); + + subTest("PKIX_PL_GeneralName_Create <equalName>"); + *equalName = createGeneralName(nameType, goodInput, plContext); + + subTest("PKIX_PL_GeneralName_Create <diffName>"); + *diffName = createGeneralName(nameType, diffInput, plContext); + +} + +static void +testDestroy(void *goodObject, void *equalObject, void *diffObject) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + +cleanup: + + PKIX_TEST_RETURN(); + +} + +static void testNameType +(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii){ + + PKIX_PL_GeneralName *goodName = NULL; + PKIX_PL_GeneralName *equalName = NULL; + PKIX_PL_GeneralName *diffName = NULL; + + createGeneralNames(nameType, goodInput, diffInput, + &goodName, &equalName, &diffName); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodName, + equalName, + diffName, + expectedAscii, + GeneralName, + PKIX_TRUE); + + testDestroy(goodName, equalName, diffName); +} + +int test_generalname(int argc, char *argv[]) { + + char *goodInput = NULL; + char *diffInput = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_TEST_STD_VARS(); + + startTests("GeneralName"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + goodInput = "john@sun.com"; + diffInput = "john@labs.com"; + testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput); + + goodInput = "example1.com"; + diffInput = "ex2.net"; + testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput); + + goodInput = "cn=yassir, ou=labs, o=sun, c=us"; + diffInput = "cn=alice, ou=labs, o=sun, c=us"; + testNameType(PKIX_DIRECTORY_NAME, + goodInput, + diffInput, + "CN=yassir,OU=labs,O=sun,C=us"); + + goodInput = "http://example1.com"; + diffInput = "http://ex2.net"; + testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput); + + goodInput = "1.2.840.11"; + diffInput = "1.2.840.115349"; + testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput); + + /* + * We don't support creating PKIX_EDIPARTY_NAME, + * PKIX_IP_NAME, OTHER_NAME, X400_ADDRESS from strings + */ + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("GeneralName"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c new file mode 100644 index 0000000..14193ad --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c @@ -0,0 +1,157 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_nameconstraints.c + * + * Test CERT Name Constraints Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static char *catDirName(char *platform, char *dir, void *plContext) +{ + char *pathName = NULL; + PKIX_UInt32 dirLen; + PKIX_UInt32 platformLen; + + PKIX_TEST_STD_VARS(); + + dirLen = PL_strlen(dir); + platformLen = PL_strlen(platform); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc + (platformLen + dirLen + 2, (void **)&pathName, plContext)); + + PL_strcpy(pathName, platform); + PL_strcat(pathName, "/"); + PL_strcat(pathName, dir); + +cleanup: + + PKIX_TEST_RETURN(); + + return (pathName); +} + +static void +testNameConstraints(char *dataDir) +{ + char *goodPname = "nameConstraintsDN5CACert.crt"; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_CertNameConstraints *goodNC = NULL; + char *expectedAscii = + "[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (OU=excludedSubtree1," + "OU=permittedSubtree1,O=Test Certificates,C=US)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_CertNameConstraints"); + + goodCert = createCert(dataDir, goodPname, plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints + (goodCert, &goodNC, plContext)); + + testToStringHelper + ((PKIX_PL_Object *)goodNC, expectedAscii, plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodNC); + PKIX_TEST_DECREF_AC(goodCert); + + PKIX_TEST_RETURN(); +} + +static +void printUsage(void) { + (void) printf + ("\nUSAGE:\ttest_nameconstraints <test-purpose>" + " <data-dir> <platform-prefix>\n\n"); +} + +/* Functional tests for CRL public functions */ + +int test_nameconstraints(int argc, char *argv[]) { + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + char *platformDir = NULL; + char *dataDir = NULL; + char *combinedDir = NULL; + + /* Note XXX serialnumber and reasoncode need debug */ + + PKIX_TEST_STD_VARS(); + + startTests("NameConstraints"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 3 + j) { + printUsage(); + return (0); + } + + dataDir = argv[2 + j]; + platformDir = argv[3 + j]; + combinedDir = catDirName(platformDir, dataDir, plContext); + + testNameConstraints(combinedDir); + +cleanup: + + pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("NameConstraints"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c new file mode 100644 index 0000000..9f2260f --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c @@ -0,0 +1,166 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_subjectinfoaccess.c + * + * Test Subject InfoAccess Type + * + */ + + + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +int test_subjectinfoaccess(int argc, char *argv[]) { + + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *certDiff = NULL; + PKIX_List *aiaList = NULL; + PKIX_List *siaList = NULL; + PKIX_PL_InfoAccess *sia = NULL; + PKIX_PL_InfoAccess *siaDup = NULL; + PKIX_PL_InfoAccess *siaDiff = NULL; + PKIX_PL_GeneralName *location = NULL; + char *certPathName = NULL; + char *dirName = NULL; + PKIX_UInt32 method = 0; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 size, i; + PKIX_UInt32 j = 0; + char *expectedAscii = "[method:caRepository, " + "location:http://betty.nist.gov/pathdiscoverytestsuite/" + "p7cfiles/IssuedByTrustAnchor1.p7c]"; + + PKIX_TEST_STD_VARS(); + + startTests("SubjectInfoAccess"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + if (argc < 5+j) { + printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]); + } + + dirName = argv[2+j]; + certPathName = argv[3+j]; + + subTest("Creating Cert with Subject Info Access"); + cert = createCert(dirName, certPathName, plContext); + + certPathName = argv[4+j]; + + subTest("Creating Cert with Subject Info Access"); + certDiff = createCert(dirName, certPathName, plContext); + + subTest("Getting Subject Info Access"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess + (cert, &siaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (siaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (siaList, 0, (PKIX_PL_Object **) &sia, plContext)); + + subTest("PKIX_PL_InfoAccess_GetMethod"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod + (sia, &method, plContext)); + if (method != PKIX_INFOACCESS_CA_REPOSITORY) { + pkixTestErrorMsg = "unexpected method of AIA"; + goto cleanup; + } + + subTest("PKIX_PL_InfoAccess_GetLocation"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation + (sia, &location, plContext)); + if (!location) { + pkixTestErrorMsg = "Cannot get AIA location"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (siaList, 0, (PKIX_PL_Object **) &siaDup, plContext)); + + subTest("Getting Authority Info Access as difference comparison"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess + (certDiff, &aiaList, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength + (aiaList, &size, plContext)); + + if (size != 1) { + pkixTestErrorMsg = "unexpected number of AIA"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem + (aiaList, 0, (PKIX_PL_Object **) &siaDiff, plContext)); + + subTest("Checking: Equal, Hash and ToString"); + PKIX_TEST_EQ_HASH_TOSTR_DUP + (sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE); + + + +cleanup: + + PKIX_TEST_DECREF_AC(location); + PKIX_TEST_DECREF_AC(sia); + PKIX_TEST_DECREF_AC(siaDup); + PKIX_TEST_DECREF_AC(siaDiff); + PKIX_TEST_DECREF_AC(aiaList); + PKIX_TEST_DECREF_AC(siaList); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(certDiff); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("Subjectinfoaccess"); + + return (0); +} diff --git a/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c new file mode 100644 index 0000000..2bf0981 --- /dev/null +++ b/mozilla/security/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c @@ -0,0 +1,210 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the PKIX-C library. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are + * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. + * + * Contributor(s): + * Sun Microsystems, Inc. + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * test_x500name.c + * + * Test X500Name Type + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static PKIX_PL_X500Name * +createX500Name(char *asciiName, PKIX_Boolean expectedToPass){ + + PKIX_PL_X500Name *x500Name = NULL; + PKIX_PL_String *plString = NULL; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_String_Create + (PKIX_ESCASCII, asciiName, 0, &plString, plContext)); + + if (expectedToPass){ + PKIX_TEST_EXPECT_NO_ERROR + (PKIX_PL_X500Name_Create + (plString, &x500Name, plContext)); + } else { + PKIX_TEST_EXPECT_ERROR + (PKIX_PL_X500Name_Create + (plString, &x500Name, plContext)); + } + +cleanup: + + PKIX_TEST_DECREF_AC(plString); + + PKIX_TEST_RETURN(); + + return (x500Name); +} + +static void +createX500Names(char *goodInput, char *diffInput, char *diffInputMatch, + PKIX_PL_X500Name **goodObject, + PKIX_PL_X500Name **equalObject, + PKIX_PL_X500Name **diffObject, + PKIX_PL_X500Name **diffObjectMatch) +{ + char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us"; + PKIX_PL_X500Name *badObject = NULL; + + subTest("PKIX_PL_X500Name_Create <goodObject>"); + *goodObject = createX500Name(goodInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <equalObject>"); + *equalObject = createX500Name(goodInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <diffObject>"); + *diffObject = createX500Name(diffInput, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <diffObjectMatch>"); + *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Create <negative>"); + badObject = createX500Name(badAscii, PKIX_FALSE); +} + +static void testMatchHelper +(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match) +{ + PKIX_Boolean cmpResult; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match + (goodName, + otherName, + &cmpResult, + plContext)); + + if ((match && !cmpResult) || (!match && cmpResult)){ + testError("unexpected mismatch"); + (void) printf("Actual value:\t%d\n", cmpResult); + (void) printf("Expected value:\t%d\n", match); + } + +cleanup: + + PKIX_TEST_RETURN(); + +} + +static void +testMatch(void *goodObject, void *diffObject, void *diffObjectMatch) +{ + subTest("PKIX_PL_X500Name_Match <match>"); + testMatchHelper((PKIX_PL_X500Name *)diffObject, + (PKIX_PL_X500Name *)diffObjectMatch, + PKIX_TRUE); + + subTest("PKIX_PL_X500Name_Match <non-match>"); + testMatchHelper((PKIX_PL_X500Name *)goodObject, + (PKIX_PL_X500Name *)diffObject, + PKIX_FALSE); +} + +static void testDestroy +(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch) +{ + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_X500Name_Destroy"); + + PKIX_TEST_DECREF_BC(goodObject); + PKIX_TEST_DECREF_BC(equalObject); + PKIX_TEST_DECREF_BC(diffObject); + PKIX_TEST_DECREF_BC(diffObjectMatch); + +cleanup: + + PKIX_TEST_RETURN(); + +} + +int test_x500name(int argc, char *argv[]) { + + PKIX_PL_X500Name *goodObject = NULL; + PKIX_PL_X500Name *equalObject = NULL; + PKIX_PL_X500Name *diffObject = NULL; + PKIX_PL_X500Name *diffObjectMatch = NULL; + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + /* goodInput is encoded in PKIX_ESCASCII */ + char *goodInput = "cn=Strauß,ou=labs,o=sun,c=us"; + char *diffInput = "cn=steve,ou=labs,o=sun,c=us"; + char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS"; + char *expectedAscii = "CN=Strauß,OU=labs,O=sun,C=us"; + + PKIX_TEST_STD_VARS(); + + startTests("X500Name"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + createX500Names + (goodInput, diffInput, diffInputMatch, + &goodObject, &equalObject, &diffObject, &diffObjectMatch); + + PKIX_TEST_EQ_HASH_TOSTR_DUP + (goodObject, + equalObject, + diffObject, + expectedAscii, + X500Name, + PKIX_TRUE); + + testMatch(goodObject, diffObject, diffObjectMatch); + + testDestroy(goodObject, equalObject, diffObject, diffObjectMatch); + +cleanup: + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("X500Name"); + + return (0); +} |