diff options
Diffstat (limited to 'nss/cmd/libpkix/pkix/certsel/test_certselector.c')
-rw-r--r-- | nss/cmd/libpkix/pkix/certsel/test_certselector.c | 2684 |
1 files changed, 1204 insertions, 1480 deletions
diff --git a/nss/cmd/libpkix/pkix/certsel/test_certselector.c b/nss/cmd/libpkix/pkix/certsel/test_certselector.c index 70b1059..cbe7737 100644 --- a/nss/cmd/libpkix/pkix/certsel/test_certselector.c +++ b/nss/cmd/libpkix/pkix/certsel/test_certselector.c @@ -25,23 +25,23 @@ static void *plContext = NULL; */ static char *certList[] = { #define POLICY1CERT 0 - "GoodCACert.crt", + "GoodCACert.crt", #define ANYPOLICYCERT 1 - "anyPolicyCACert.crt", + "anyPolicyCACert.crt", #define POLICY2CERT 2 - "PoliciesP12CACert.crt", + "PoliciesP12CACert.crt", #define SUBJECTCERT 3 - "PoliciesP3CACert.crt", - "PoliciesP1234CACert.crt", - "pathLenConstraint0CACert.crt", - "pathLenConstraint1CACert.crt", - "pathLenConstraint6CACert.crt", - "TrustAnchorRootCertificate.crt", - "GoodsubCACert.crt", - "AnyPolicyTest14EE.crt", - "UserNoticeQualifierTest16EE.crt" - }; -#define NUMCERTS (sizeof (certList)/sizeof (certList[0])) + "PoliciesP3CACert.crt", + "PoliciesP1234CACert.crt", + "pathLenConstraint0CACert.crt", + "pathLenConstraint1CACert.crt", + "pathLenConstraint6CACert.crt", + "TrustAnchorRootCertificate.crt", + "GoodsubCACert.crt", + "AnyPolicyTest14EE.crt", + "UserNoticeQualifierTest16EE.crt" +}; +#define NUMCERTS (sizeof(certList) / sizeof(certList[0])) /* * Following are Certs values for NameConstraints tests @@ -81,21 +81,21 @@ static char *certList[] = { * */ static char *ncCertList[] = { - "nameConstraintsDN1subCA1Cert.crt", - "nameConstraintsDN3subCA2Cert.crt", - "nameConstraintsDN2CACert.crt", - "nameConstraintsDN3subCA1Cert.crt", - "nameConstraintsDN4CACert.crt", - "nameConstraintsDN5CACert.crt", - "ValidDNnameConstraintsTest1EE.crt" + "nameConstraintsDN1subCA1Cert.crt", + "nameConstraintsDN3subCA2Cert.crt", + "nameConstraintsDN2CACert.crt", + "nameConstraintsDN3subCA1Cert.crt", + "nameConstraintsDN4CACert.crt", + "nameConstraintsDN5CACert.crt", + "ValidDNnameConstraintsTest1EE.crt" }; -#define NUMNCCERTS (sizeof (ncCertList)/sizeof (ncCertList[0])) +#define NUMNCCERTS (sizeof(ncCertList) / sizeof(ncCertList[0])) static char *sanCertList[] = { - "InvalidDNnameConstraintsTest3EE.crt", - "InvalidDNSnameConstraintsTest38EE.crt" + "InvalidDNnameConstraintsTest3EE.crt", + "InvalidDNSnameConstraintsTest38EE.crt" }; -#define NUMSANCERTS (sizeof (sanCertList)/sizeof (sanCertList[0])) +#define NUMSANCERTS (sizeof(sanCertList) / sizeof(sanCertList[0])) /* * This function calls the CertSelector pointed to by "selector" for each @@ -108,58 +108,55 @@ static char *sanCertList[] = { * (For example, if you expect every cert to pass, "expectedResult" can be * set to 0xFFFFFFFF, even if the chain has fewer than 32 certs.) */ -static -void testSelector( - PKIX_CertSelector *selector, - PKIX_List *certs, - PKIX_UInt32 expectedResults) +static void +testSelector( + PKIX_CertSelector *selector, + PKIX_List *certs, + PKIX_UInt32 expectedResults) { - PKIX_UInt32 i = 0; - PKIX_UInt32 numCerts = 0; - PKIX_PL_Cert *cert = NULL; - PKIX_CertSelector_MatchCallback callback = NULL; - PKIX_Error *errReturn = NULL; - PKIX_Boolean result = PKIX_TRUE; - - PKIX_TEST_STD_VARS(); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback - (selector, &callback, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certs, &numCerts, plContext)); - if (numCerts > 32) { - numCerts = 32; + PKIX_UInt32 i = 0; + PKIX_UInt32 numCerts = 0; + PKIX_PL_Cert *cert = NULL; + PKIX_CertSelector_MatchCallback callback = NULL; + PKIX_Error *errReturn = NULL; + PKIX_Boolean result = PKIX_TRUE; + + PKIX_TEST_STD_VARS(); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &callback, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + if (numCerts > 32) { + numCerts = 32; + } + + for (i = 0; i < numCerts; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext)); + errReturn = callback(selector, cert, &result, plContext); + + if (errReturn || result == PKIX_FALSE) { + if ((expectedResults & 1) == 1) { + testError("selector unexpectedly failed"); + (void)printf(" processing cert:\t%d\n", i); + } + } else { + if ((expectedResults & 1) == 0) { + testError("selector unexpectedly passed"); + (void)printf(" processing cert:\t%d\n", i); + } } - for (i = 0; i < numCerts; i++) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, i, (PKIX_PL_Object **)&cert, plContext)); - errReturn = callback(selector, cert, &result, plContext); - - if (errReturn || result == PKIX_FALSE) { - if ((expectedResults & 1) == 1) { - testError("selector unexpectedly failed"); - (void) printf(" processing cert:\t%d\n", i); - } - } else { - if ((expectedResults & 1) == 0) { - testError("selector unexpectedly passed"); - (void) printf(" processing cert:\t%d\n", i); - } - } - - expectedResults = expectedResults >> 1; - PKIX_TEST_DECREF_BC(cert); - PKIX_TEST_DECREF_BC(errReturn); - } + expectedResults = expectedResults >> 1; + PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_DECREF_BC(errReturn); + } cleanup: - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(errReturn); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(errReturn); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } /* @@ -167,46 +164,43 @@ cleanup: * to the index provided by "index", creates an immutable List containing the * OID of that policy, and stores the result at "pPolicyList". */ -static void testGetPolicyFromCert( - PKIX_PL_Cert *cert, - PKIX_UInt32 index, - PKIX_List **pPolicyList) +static void +testGetPolicyFromCert( + PKIX_PL_Cert *cert, + PKIX_UInt32 index, + PKIX_List **pPolicyList) { - PKIX_List *policyInfo = NULL; - PKIX_PL_CertPolicyInfo *firstPolicy = NULL; - PKIX_PL_OID *policyOID = NULL; - PKIX_List *list = NULL; + PKIX_List *policyInfo = NULL; + PKIX_PL_CertPolicyInfo *firstPolicy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *list = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (cert, &policyInfo, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &policyInfo, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (policyInfo, - index, - (PKIX_PL_Object **)&firstPolicy, - plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(policyInfo, + index, + (PKIX_PL_Object **)&firstPolicy, + plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId - (firstPolicy, &policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(firstPolicy, &policyOID, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (list, (PKIX_PL_Object *)policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)policyOID, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext)); - *pPolicyList = list; + *pPolicyList = list; cleanup: - PKIX_TEST_DECREF_AC(policyInfo); - PKIX_TEST_DECREF_AC(firstPolicy); - PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(policyInfo); + PKIX_TEST_DECREF_AC(firstPolicy); + PKIX_TEST_DECREF_AC(policyOID); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } /* @@ -216,63 +210,56 @@ cleanup: */ static PKIX_Error * custom_CertSelector_MatchCallback( - PKIX_CertSelector *selector, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) { - PKIX_UInt32 i = 0; - PKIX_UInt32 numPolicies = 0; - PKIX_List *certPolicies = NULL; - PKIX_List *quals = NULL; - PKIX_PL_CertPolicyInfo *policy = NULL; - PKIX_Error *error = NULL; - - PKIX_TEST_STD_VARS(); - - *pResult = PKIX_TRUE; - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (cert, &certPolicies, plContext)); - - if (certPolicies) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certPolicies, &numPolicies, plContext)); - - for (i = 0; i < numPolicies; i++) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certPolicies, - i, - (PKIX_PL_Object **)&policy, - plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_CertPolicyInfo_GetPolQualifiers - (policy, &quals, plContext)); - if (quals) { - goto cleanup; - } - PKIX_TEST_DECREF_BC(policy); - } - PKIX_TEST_DECREF_BC(certPolicies); - *pResult = PKIX_FALSE; - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create - (PKIX_CERTSELECTOR_ERROR, - NULL, - NULL, - PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, - &error, - plContext)); + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_List *certPolicies = NULL; + PKIX_List *quals = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(policy, &quals, plContext)); + if (quals) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); } + PKIX_TEST_DECREF_BC(certPolicies); + *pResult = PKIX_FALSE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, + &error, + plContext)); + } cleanup: - PKIX_TEST_DECREF_AC(certPolicies); - PKIX_TEST_DECREF_AC(policy); - PKIX_TEST_DECREF_AC(quals); + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(quals); - return(error); + return (error); } /* @@ -282,1678 +269,1415 @@ cleanup: */ static PKIX_Error * custom_CertSelector_MatchOIDCallback( - PKIX_CertSelector *selector, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) + PKIX_CertSelector *selector, + PKIX_PL_Cert *cert, + PKIX_Boolean *pResult, + void *plContext) { - PKIX_UInt32 i = 0; - PKIX_UInt32 numPolicies = 0; - PKIX_Boolean match = PKIX_FALSE; - PKIX_PL_Object *certSelectorContext = NULL; - PKIX_PL_OID *constraintOID = NULL; - PKIX_List *certPolicies = NULL; - PKIX_PL_CertPolicyInfo *policy = NULL; - PKIX_PL_OID *policyOID = NULL; - PKIX_PL_String *errorDesc = NULL; - PKIX_Error *error = NULL; - - PKIX_TEST_STD_VARS(); - - *pResult = PKIX_TRUE; - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext - (selector, &certSelectorContext, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType - (certSelectorContext, PKIX_OID_TYPE, plContext)); - - constraintOID = (PKIX_PL_OID *)certSelectorContext; - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation - (cert, &certPolicies, plContext)); - - if (certPolicies) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certPolicies, &numPolicies, plContext)); - - for (i = 0; i < numPolicies; i++) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certPolicies, - i, - (PKIX_PL_Object **)&policy, - plContext)); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_CertPolicyInfo_GetPolicyId - (policy, &policyOID, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)policyOID, - (PKIX_PL_Object *)constraintOID, - &match, - plContext)); - - if (match) { - goto cleanup; - } - PKIX_TEST_DECREF_BC(policy); - PKIX_TEST_DECREF_BC(policyOID); - } + PKIX_UInt32 i = 0; + PKIX_UInt32 numPolicies = 0; + PKIX_Boolean match = PKIX_FALSE; + PKIX_PL_Object *certSelectorContext = NULL; + PKIX_PL_OID *constraintOID = NULL; + PKIX_List *certPolicies = NULL; + PKIX_PL_CertPolicyInfo *policy = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_PL_String *errorDesc = NULL; + PKIX_Error *error = NULL; + + PKIX_TEST_STD_VARS(); + + *pResult = PKIX_TRUE; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext(selector, &certSelectorContext, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(certSelectorContext, PKIX_OID_TYPE, plContext)); + + constraintOID = (PKIX_PL_OID *)certSelectorContext; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext)); + + if (certPolicies) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext)); + + for (i = 0; i < numPolicies; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies, + i, + (PKIX_PL_Object **)&policy, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(policy, &policyOID, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)policyOID, + (PKIX_PL_Object *)constraintOID, + &match, + plContext)); + + if (match) { + goto cleanup; + } + PKIX_TEST_DECREF_BC(policy); + PKIX_TEST_DECREF_BC(policyOID); } + } - PKIX_TEST_DECREF_BC(certSelectorContext); - PKIX_TEST_DECREF_BC(certPolicies); + PKIX_TEST_DECREF_BC(certSelectorContext); + PKIX_TEST_DECREF_BC(certPolicies); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create - (PKIX_CERTSELECTOR_ERROR, - NULL, - NULL, - PKIX_TESTNOMATCHINGPOLICY, - &error, - plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR, + NULL, + NULL, + PKIX_TESTNOMATCHINGPOLICY, + &error, + plContext)); cleanup: - PKIX_TEST_DECREF_AC(certSelectorContext); - PKIX_TEST_DECREF_AC(certPolicies); - PKIX_TEST_DECREF_AC(policy); - PKIX_TEST_DECREF_AC(policyOID); - PKIX_TEST_DECREF_AC(errorDesc); + PKIX_TEST_DECREF_AC(certSelectorContext); + PKIX_TEST_DECREF_AC(certPolicies); + PKIX_TEST_DECREF_AC(policy); + PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(errorDesc); - return(error); + return (error); } -static -void testSubjectMatch( - PKIX_List *certs, - PKIX_PL_Cert *certNameToMatch) +static void +testSubjectMatch( + PKIX_List *certs, + PKIX_PL_Cert *certNameToMatch) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *subjParams = NULL; - PKIX_PL_X500Name *subjectName = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("Subject name match"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&subjParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject - (certNameToMatch, &subjectName, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject - (subjParams, subjectName, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, subjParams, plContext)); - testSelector(selector, certs, 0x008); + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *subjParams = NULL; + PKIX_PL_X500Name *subjectName = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Subject name match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext)); + testSelector(selector, certs, 0x008); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(subjParams); - PKIX_TEST_DECREF_AC(subjectName); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(subjParams); + PKIX_TEST_DECREF_AC(subjectName); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testBasicConstraintsMatch( - PKIX_List *certs) +static void +testBasicConstraintsMatch( + PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *bcParams = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("Basic Constraints match"); - subTest(" pathLenContraint = -2: pass only EE's"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&bcParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetBasicConstraints - (bcParams, -2, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, bcParams, plContext)); - testSelector(selector, certs, 0xC00); - - subTest(" pathLenContraint = -1: pass all certs"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetBasicConstraints - (bcParams, -1, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, bcParams, plContext)); - testSelector(selector, certs, 0xFFF); - - subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetBasicConstraints - (bcParams, 1, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, bcParams, plContext)); - testSelector(selector, certs, 0x3DF); - - subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetBasicConstraints - (bcParams, 2, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, bcParams, plContext)); - testSelector(selector, certs, 0x39F); + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *bcParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Basic Constraints match"); + subTest(" pathLenContraint = -2: pass only EE's"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&bcParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xC00); + + subTest(" pathLenContraint = -1: pass all certs"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0xFFF); + + subTest(" pathLenContraint = 1: pass only certs with pathLen >= 1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 1, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x3DF); + + subTest(" pathLenContraint = 2: pass only certs with pathLen >= 2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext)); + testSelector(selector, certs, 0x39F); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(bcParams); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(bcParams); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testPolicyMatch( - PKIX_List *certs, - PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */ - PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */ - PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +static void testPolicyMatch( + PKIX_List *certs, + PKIX_PL_Cert *NIST1Cert, /* a source for policy NIST1 */ + PKIX_PL_Cert *NIST2Cert, /* a source for policy NIST2 */ + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ { - PKIX_CertSelector *selector = NULL; - PKIX_List *emptyList = NULL; /* no members */ - PKIX_List *policy1List = NULL; /* OIDs */ - PKIX_List *policy2List = NULL; /* OIDs */ - PKIX_List *anyPolicyList = NULL; /* OIDs */ - PKIX_ComCertSelParams *polParams = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("Policy match"); - testGetPolicyFromCert(NIST1Cert, 0, &policy1List); - testGetPolicyFromCert(NIST2Cert, 1, &policy2List); - testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); - - subTest(" Pass certs with any CertificatePolicies extension"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_Create(&polParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetPolicy - (polParams, emptyList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, polParams, plContext)); - testSelector(selector, certs, 0xEFF); - PKIX_TEST_DECREF_BC(polParams); - - subTest(" Pass only certs with policy NIST1"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_Create(&polParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetPolicy - (polParams, policy1List, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, polParams, plContext)); - testSelector(selector, certs, 0xEF5); - PKIX_TEST_DECREF_BC(polParams); - - subTest(" Pass only certs with policy NIST2"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_Create(&polParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetPolicy - (polParams, policy2List, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, polParams, plContext)); - testSelector(selector, certs, 0x814); - PKIX_TEST_DECREF_BC(polParams); - - subTest(" Pass only certs with policy anyPolicy"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_Create(&polParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetPolicy - (polParams, anyPolicyList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, polParams, plContext)); - testSelector(selector, certs, 0x002); + PKIX_CertSelector *selector = NULL; + PKIX_List *emptyList = NULL; /* no members */ + PKIX_List *policy1List = NULL; /* OIDs */ + PKIX_List *policy2List = NULL; /* OIDs */ + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_ComCertSelParams *polParams = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Policy match"); + testGetPolicyFromCert(NIST1Cert, 0, &policy1List); + testGetPolicyFromCert(NIST2Cert, 1, &policy2List); + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + + subTest(" Pass certs with any CertificatePolicies extension"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, emptyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEFF); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST1"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy1List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0xEF5); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy NIST2"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy2List, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x814); + PKIX_TEST_DECREF_BC(polParams); + + subTest(" Pass only certs with policy anyPolicy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, anyPolicyList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext)); + testSelector(selector, certs, 0x002); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(emptyList); - PKIX_TEST_DECREF_AC(policy1List); - PKIX_TEST_DECREF_AC(policy2List); - PKIX_TEST_DECREF_AC(anyPolicyList); - PKIX_TEST_DECREF_AC(polParams); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(emptyList); + PKIX_TEST_DECREF_AC(policy1List); + PKIX_TEST_DECREF_AC(policy2List); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(polParams); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testCertificateMatch( - PKIX_List *certs, - PKIX_PL_Cert *certToMatch) +static void +testCertificateMatch( + PKIX_List *certs, + PKIX_PL_Cert *certToMatch) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("Certificate match"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate - (params, certToMatch, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - testSelector(selector, certs, 0x008); + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("Certificate match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(params, certToMatch, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0x008); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testNameConstraintsMatch(PKIX_List *certs) +static void +testNameConstraintsMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL; - PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL; - PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL; - PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL; - PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL; - PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL; - PKIX_UInt32 numCerts = 0; - - PKIX_TEST_STD_VARS(); - - subTest("test NameConstraints Cert Selector"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certs, &numCerts, plContext)); - - subTest(" PKIX_PL_Cert_GetNameConstraints <cert0-permitted>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 0, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &permitNameConstraints1, plContext)); - PKIX_TEST_DECREF_BC(cert); + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL; + PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL; + PKIX_UInt32 numCerts = 0; + + PKIX_TEST_STD_VARS(); + + subTest("test NameConstraints Cert Selector"); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert0-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 0, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert1-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 1, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert2-permitted>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 2, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert3-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 3, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints1, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert4-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 4, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints2, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" PKIX_PL_Cert_GetNameConstraints <cert5-excluded>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 5, (PKIX_PL_Object **)&cert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints3, plContext)); + PKIX_TEST_DECREF_BC(cert); + + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted NONE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints1, plContext)); + testSelector(selector, certs, 0x0); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing permitted ALL"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing permitted TWO"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints3, plContext)); + testSelector(selector, certs, 0x0041); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints1, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints2, plContext)); + testSelector(selector, certs, 0x07F); + + subTest(" CertNameConstraints testing excluded"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints3, plContext)); + testSelector(selector, certs, 0x41); - subTest(" PKIX_PL_Cert_GetNameConstraints <cert1-permitted>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 1, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &permitNameConstraints2, plContext)); - PKIX_TEST_DECREF_BC(cert); +cleanup: - subTest(" PKIX_PL_Cert_GetNameConstraints <cert2-permitted>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 2, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &permitNameConstraints3, plContext)); - PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(permitNameConstraints1); + PKIX_TEST_DECREF_AC(permitNameConstraints2); + PKIX_TEST_DECREF_AC(permitNameConstraints3); + PKIX_TEST_DECREF_AC(excludeNameConstraints1); + PKIX_TEST_DECREF_AC(excludeNameConstraints2); + PKIX_TEST_DECREF_AC(excludeNameConstraints3); - subTest(" PKIX_PL_Cert_GetNameConstraints <cert3-excluded>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 3, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &excludeNameConstraints1, plContext)); - PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_RETURN(); +} - subTest(" PKIX_PL_Cert_GetNameConstraints <cert4-excluded>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 4, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &excludeNameConstraints2, plContext)); - PKIX_TEST_DECREF_BC(cert); +static void +testPathToNamesMatch(PKIX_List *certs) +{ + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; - subTest(" PKIX_PL_Cert_GetNameConstraints <cert5-excluded>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, 5, (PKIX_PL_Object **)&cert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints - (cert, &excludeNameConstraints3, plContext)); - PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_STD_VARS(); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" CertNameConstraints testing permitted NONE"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, permitNameConstraints1, plContext)); - testSelector(selector, certs, 0x0); - - subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" CertNameConstraints testing permitted ALL"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, permitNameConstraints2, plContext)); - testSelector(selector, certs, 0x07F); - - subTest(" CertNameConstraints testing permitted TWO"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, permitNameConstraints3, plContext)); - testSelector(selector, certs, 0x0041); - - subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" CertNameConstraints testing excluded"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, excludeNameConstraints1, plContext)); - testSelector(selector, certs, 0x07F); - - subTest(" CertNameConstraints testing excluded"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, excludeNameConstraints2, plContext)); - testSelector(selector, certs, 0x07F); - - subTest(" CertNameConstraints testing excluded"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints - (params, excludeNameConstraints3, plContext)); - testSelector(selector, certs, 0x41); + subTest("test PathToName Cert Selector"); -cleanup: + subTest(" PKIX_PL_GeneralName List create"); - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(permitNameConstraints1); - PKIX_TEST_DECREF_AC(permitNameConstraints2); - PKIX_TEST_DECREF_AC(permitNameConstraints3); - PKIX_TEST_DECREF_AC(excludeNameConstraints1); - PKIX_TEST_DECREF_AC(excludeNameConstraints2); - PKIX_TEST_DECREF_AC(excludeNameConstraints3); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); - PKIX_TEST_RETURN(); -} + subTest(" Add directory name <O=NotATest Certificates,C=US>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=NotATest Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); -static -void testPathToNamesMatch(PKIX_List *certs) -{ - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_List *nameList = NULL; - PKIX_PL_GeneralName *name = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("test PathToName Cert Selector"); - - subTest(" PKIX_PL_GeneralName List create"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); - - subTest(" Add directory name <O=NotATest Certificates,C=US>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "O=NotATest Certificates,C=US", - plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); - - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); - - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" PKIX_ComCertSelParams_SetPathToNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, nameList, plContext)); - - subTest(" Permitting THREE"); - testSelector(selector, certs, 0x58); - - subTest(" Remove directory name <O=NotATest Certificates,C=US...>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem - (nameList, 0, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" Add directory name <OU=permittedSubtree1,O=Test...>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "OU=permittedSubtree1,O=Test Certificates,C=US", - plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); - - subTest(" PKIX_ComCertSelParams_SetPathToNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, nameList, plContext)); - - subTest(" Permitting SIX"); - testSelector(selector, certs, 0x5F); - - subTest(" Remove directory name <OU=permittedSubtree1,O=Test...>"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem - (nameList, 0, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - - subTest(" Add directory name <O=Test Certificates,C=US...>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "O=Test Certificates,C=US", - plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" PKIX_ComCertSelParams_SetPathToNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, nameList, plContext)); - - subTest(" Permitting FOUR"); - testSelector(selector, certs, 0x47); - - subTest(" Only directory name <OU=permittedSubtree1,O=Test ...>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "OU=permittedSubtree1,O=Test Certificates,C=US", - plContext); - - subTest(" PKIX_ComCertSelParams_AddPathToName"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName - (params, name, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" Permitting FOUR"); - testSelector(selector, certs, 0x47); - - subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - PKIX_TEST_DECREF_BC(nameList); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); - - subTest(" Add directory name <CN=Valid DN nameConstraints EE...>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE " - "Certificate Test1,OU=permittedSubtree1," - "O=Test Certificates,C=US", - plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" PKIX_ComCertSelParams_SetPathToNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, nameList, plContext)); - - subTest(" Permitting SIX"); - testSelector(selector, certs, 0x7e); - - subTest(" Add directory name <OU=permittedSubtree1,O=Test>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "OU=permittedSubtree1,O=Test", - plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" PKIX_ComCertSelParams_SetPathToNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, nameList, plContext)); - - subTest(" Permitting SIX"); - testSelector(selector, certs, 0x58); - - subTest(" Add directory name <O=Test Certificates,C=US>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext); - - subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames - (params, NULL, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName - (params, name, plContext)); - PKIX_TEST_DECREF_BC(name); - - subTest(" Permitting FOUR"); - testSelector(selector, certs, 0x47); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting THREE"); + testSelector(selector, certs, 0x58); + + subTest(" Remove directory name <O=NotATest Certificates,C=US...>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name <OU=permittedSubtree1,O=Test...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x5F); + + subTest(" Remove directory name <OU=permittedSubtree1,O=Test...>"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + + subTest(" Add directory name <O=Test Certificates,C=US...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" Only directory name <OU=permittedSubtree1,O=Test ...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test Certificates,C=US", + plContext); + + subTest(" PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); + + subTest(" PKIX_ComCertSelParams_SetNameConstraint Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + PKIX_TEST_DECREF_BC(nameList); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + + subTest(" Add directory name <CN=Valid DN nameConstraints EE...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE " + "Certificate Test1,OU=permittedSubtree1," + "O=Test Certificates,C=US", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x7e); + + subTest(" Add directory name <OU=permittedSubtree1,O=Test>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "OU=permittedSubtree1,O=Test", + plContext); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext)); + + subTest(" Permitting SIX"); + testSelector(selector, certs, 0x58); + + subTest(" Add directory name <O=Test Certificates,C=US>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext); + + subTest(" PKIX_ComCertSelParams_SetPathToNames Reset"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); + + subTest(" Permitting FOUR"); + testSelector(selector, certs, 0x47); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(nameList); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(nameList); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testSubjAltNamesMatch(PKIX_List *certs) +static void +testSubjAltNamesMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_List *nameList = NULL; - PKIX_PL_GeneralName *name = NULL; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_List *nameList = NULL; + PKIX_PL_GeneralName *name = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test SubjAltNames Cert Selector"); + subTest("test SubjAltNames Cert Selector"); - subTest(" PKIX_PL_GeneralName List create"); + subTest(" PKIX_PL_GeneralName List create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext)); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" Add directory name <CN=Invalid DN nameConstraints EE...>"); - name = createGeneralName - (PKIX_DIRECTORY_NAME, - "CN=Invalid DN nameConstraints EE Certificate Test3," - "OU=excludedSubtree1,O=Test Certificates,C=US", - plContext); + subTest(" Add directory name <CN=Invalid DN nameConstraints EE...>"); + name = createGeneralName(PKIX_DIRECTORY_NAME, + "CN=Invalid DN nameConstraints EE Certificate Test3," + "OU=excludedSubtree1,O=Test Certificates,C=US", + plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameList, (PKIX_PL_Object *)name, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext)); - subTest(" PKIX_ComCertSelParams_SetSubjAltNames"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames - (params, nameList, plContext)); + subTest(" PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(params, nameList, plContext)); - PKIX_TEST_DECREF_BC(name); - PKIX_TEST_DECREF_BC(nameList); + PKIX_TEST_DECREF_BC(name); + PKIX_TEST_DECREF_BC(nameList); - subTest(" Permitting ONE"); - testSelector(selector, certs, 0x1); + subTest(" Permitting ONE"); + testSelector(selector, certs, 0x1); - subTest(" Add DNS name <mytestcertificates.gov>"); - name = createGeneralName - (PKIX_DNS_NAME, - "mytestcertificates.gov", - plContext); + subTest(" Add DNS name <mytestcertificates.gov>"); + name = createGeneralName(PKIX_DNS_NAME, + "mytestcertificates.gov", + plContext); - subTest(" PKIX_ComCertSelParams_AddSubjAltName"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName - (params, name, plContext)); - PKIX_TEST_DECREF_BC(name); + subTest(" PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(params, name, plContext)); + PKIX_TEST_DECREF_BC(name); - subTest(" Permitting NONE"); - testSelector(selector, certs, 0x0); + subTest(" Permitting NONE"); + testSelector(selector, certs, 0x0); - subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames - (params, PKIX_FALSE, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + subTest(" PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(params, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" Permitting TWO"); - testSelector(selector, certs, 0x3); + subTest(" Permitting TWO"); + testSelector(selector, certs, 0x3); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(name); - PKIX_TEST_DECREF_AC(nameList); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(name); + PKIX_TEST_DECREF_AC(nameList); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testCertificateValidMatch( - PKIX_List *certs) +static void +testCertificateValidMatch( + PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_String *stringRep = NULL; - PKIX_PL_Date *testDate = NULL; - char *asciiRep = "050501000000Z"; - - PKIX_TEST_STD_VARS(); - - subTest("CertificateValid match"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_String_Create - (PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid - (params, testDate, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); - testSelector(selector, certs, 0xFFFFFFFF); + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_String *stringRep = NULL; + PKIX_PL_Date *testDate = NULL; + char *asciiRep = "050501000000Z"; + + PKIX_TEST_STD_VARS(); + + subTest("CertificateValid match"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(params, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); + testSelector(selector, certs, 0xFFFFFFFF); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(stringRep); - PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void test_customCallback1(PKIX_List *certs) +static void +test_customCallback1(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; + PKIX_CertSelector *selector = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("custom matchCallback"); + subTest("custom matchCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (custom_CertSelector_MatchCallback, - NULL, - &selector, - plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchCallback, + NULL, + &selector, + plContext)); - testSelector(selector, certs, 0x900); + testSelector(selector, certs, 0x900); cleanup: - PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void test_customCallback2 - (PKIX_List *certs, - PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ +static void test_customCallback2(PKIX_List *certs, + PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */ { - PKIX_CertSelector *selector = NULL; - PKIX_List *anyPolicyList = NULL; /* OIDs */ - PKIX_PL_OID *policyOID = NULL; + PKIX_CertSelector *selector = NULL; + PKIX_List *anyPolicyList = NULL; /* OIDs */ + PKIX_PL_OID *policyOID = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("custom matchCallback with CertSelectorContext"); + subTest("custom matchCallback with CertSelectorContext"); - testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); + testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (custom_CertSelector_MatchOIDCallback, - (PKIX_PL_Object *)policyOID, - &selector, - plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchOIDCallback, + (PKIX_PL_Object *)policyOID, + &selector, + plContext)); - testSelector(selector, certs, (1 << ANYPOLICYCERT)); + testSelector(selector, certs, (1 << ANYPOLICYCERT)); cleanup: - PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_DECREF_AC(anyPolicyList); - PKIX_TEST_DECREF_AC(policyOID); + PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(anyPolicyList); + PKIX_TEST_DECREF_AC(policyOID); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testExtendedKeyUsageMatch(char *certDir) +static void +testExtendedKeyUsageMatch(char *certDir) { - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_PL_OID *ekuOid = NULL; - PKIX_List *ekuOidList = NULL; - PKIX_PL_String *dirString = NULL; - PKIX_CertStore_CertCallback certCallback; - PKIX_CertStore *certStore = NULL; - PKIX_CertSelector *certSelector = NULL; - PKIX_List *certList = NULL; - PKIX_UInt32 numCert = 0; - void *nbioContext = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *ekuOidList = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Extended KeyUsage Cert Selector"); + subTest("test Extended KeyUsage Cert Selector"); - subTest(" PKIX_ComCertSelParams_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&goodParams, plContext)); + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); - subTest(" Create Extended Key Usage OID List"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext)); + subTest(" Create Extended Key Usage OID List"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create - ("1.3.6.1.5.5.7.3.2", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.2", &ekuOid, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); - PKIX_TEST_DECREF_BC(ekuOid); + PKIX_TEST_DECREF_BC(ekuOid); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create - ("1.3.6.1.5.5.7.3.3", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.3", &ekuOid, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext)); - PKIX_TEST_DECREF_BC(ekuOid); + PKIX_TEST_DECREF_BC(ekuOid); - subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage - (goodParams, ekuOidList, plContext)); + subTest(" PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, ekuOidList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); - subTest(" PKIX_PL_CollectionCertStoreContext_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create - (dirString, &certStore, plContext)); + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); - subTest(" PKIX_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &certSelector, plContext)); + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (certSelector, goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); - subTest(" PKIX_CertStore_GetCertCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback - (certStore, &certCallback, NULL)); + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) { - pkixTestErrorMsg = "unexpected Cert number mismatch"; - } + if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } cleanup: - PKIX_TEST_DECREF_AC(ekuOid); - PKIX_TEST_DECREF_AC(ekuOidList); - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(dirString); - PKIX_TEST_DECREF_AC(certList); - PKIX_TEST_DECREF_AC(certSelector); - PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(ekuOidList); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testKeyUsageMatch(char *certDir) +static void +testKeyUsageMatch(char *certDir) { - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_PL_String *dirString = NULL; - PKIX_CertStore_CertCallback certCallback; - PKIX_CertStore *certStore = NULL; - PKIX_CertSelector *certSelector = NULL; - PKIX_List *certList = NULL; - PKIX_UInt32 numCert = 0; - void *nbioContext = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test KeyUsage Cert Selector"); + subTest("test KeyUsage Cert Selector"); - subTest(" PKIX_ComCertSelParams_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&goodParams, plContext)); + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); - subTest(" PKIX_ComCertSelParams_SetKeyUsage"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage - (goodParams, PKIX_CRL_SIGN, plContext)); + subTest(" PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, PKIX_CRL_SIGN, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); - subTest(" PKIX_PL_CollectionCertStoreContext_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create - (dirString, &certStore, plContext)); + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); - subTest(" PKIX_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &certSelector, plContext)); + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (certSelector, goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); - subTest(" PKIX_CertStore_GetCertCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback - (certStore, &certCallback, NULL)); + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) { - pkixTestErrorMsg = "unexpected Cert number mismatch"; - } + if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } cleanup: - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(dirString); - PKIX_TEST_DECREF_AC(certList); - PKIX_TEST_DECREF_AC(certSelector); - PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testCertValidMatch(char *certDir) +static void +testCertValidMatch(char *certDir) { - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_PL_Date *validDate = NULL; - PKIX_PL_String *dirString = NULL; - PKIX_CertStore_CertCallback certCallback; - PKIX_CertStore *certStore = NULL; - PKIX_CertSelector *certSelector = NULL; - PKIX_List *certList = NULL; - PKIX_UInt32 numCert = 0; - void *nbioContext = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_Date *validDate = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test CertValid Cert Selector"); + subTest("test CertValid Cert Selector"); - subTest(" PKIX_ComCertSelParams_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&goodParams, plContext)); + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); - validDate = createDate("050601000000Z", plContext); + validDate = createDate("050601000000Z", plContext); - subTest(" PKIX_ComCertSelParams_SetCertificateValid"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid - (goodParams, validDate, plContext)); + subTest(" PKIX_ComCertSelParams_SetCertificateValid"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, validDate, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); - subTest(" PKIX_PL_CollectionCertStoreContext_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create - (dirString, &certStore, plContext)); + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); - subTest(" PKIX_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &certSelector, plContext)); + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (certSelector, goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); - subTest(" PKIX_CertStore_GetCertCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback - (certStore, &certCallback, NULL)); + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) { - pkixTestErrorMsg = "unexpected Cert number mismatch"; - } + if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } cleanup: - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(validDate); - PKIX_TEST_DECREF_AC(dirString); - PKIX_TEST_DECREF_AC(certList); - PKIX_TEST_DECREF_AC(certSelector); - PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(validDate); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testIssuerMatch(char *certDir) +static void +testIssuerMatch(char *certDir) { - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_PL_X500Name *issuer = NULL; - PKIX_PL_String *issuerStr = NULL; - PKIX_PL_String *dirString = NULL; - PKIX_CertStore_CertCallback certCallback; - PKIX_CertStore *certStore = NULL; - PKIX_CertSelector *certSelector = NULL; - PKIX_List *certList = NULL; - char *issuerName = "CN=science,O=mit,C=US"; - PKIX_UInt32 numCert = 0; - void *nbioContext = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_X500Name *issuer = NULL; + PKIX_PL_String *issuerStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + char *issuerName = "CN=science,O=mit,C=US"; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Issuer Cert Selector"); + subTest("test Issuer Cert Selector"); - subTest(" PKIX_ComCertSelParams_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&goodParams, plContext)); + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create - (issuerStr, &issuer, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerStr, &issuer, plContext)); - subTest(" PKIX_ComCertSelParams_SetIssuer"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer - (goodParams, issuer, plContext)); + subTest(" PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, issuer, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); - subTest(" PKIX_PL_CollectionCertStoreContext_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create - (dirString, &certStore, plContext)); + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); - subTest(" PKIX_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &certSelector, plContext)); + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (certSelector, goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); - subTest(" PKIX_CertStore_GetCertCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback - (certStore, &certCallback, NULL)); + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) { - pkixTestErrorMsg = "unexpected Cert number mismatch"; - } + if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Cert number mismatch"; + } cleanup: - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(issuer); - PKIX_TEST_DECREF_AC(issuerStr); - PKIX_TEST_DECREF_AC(dirString); - PKIX_TEST_DECREF_AC(certList); - PKIX_TEST_DECREF_AC(certSelector); - PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(issuer); + PKIX_TEST_DECREF_AC(issuerStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testSerialNumberVersionMatch(char *certDir) +static void +testSerialNumberVersionMatch(char *certDir) { - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_PL_BigInt *serialNumber = NULL; - PKIX_PL_String *serialNumberStr = NULL; - PKIX_PL_String *dirString = NULL; - PKIX_CertStore_CertCallback certCallback; - PKIX_CertStore *certStore = NULL; - PKIX_CertSelector *certSelector = NULL; - PKIX_List *certList = NULL; - PKIX_UInt32 numCert = 0; - void *nbioContext = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_BigInt *serialNumber = NULL; + PKIX_PL_String *serialNumberStr = NULL; + PKIX_PL_String *dirString = NULL; + PKIX_CertStore_CertCallback certCallback; + PKIX_CertStore *certStore = NULL; + PKIX_CertSelector *certSelector = NULL; + PKIX_List *certList = NULL; + PKIX_UInt32 numCert = 0; + void *nbioContext = NULL; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Serial Number Cert Selector"); + subTest("test Serial Number Cert Selector"); - subTest(" PKIX_ComCertSelParams_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (&goodParams, plContext)); + subTest(" PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create - (serialNumberStr, &serialNumber, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(serialNumberStr, &serialNumber, plContext)); - subTest(" PKIX_ComCertSelParams_SetSerialNumber"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber - (goodParams, serialNumber, plContext)); + subTest(" PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, serialNumber, plContext)); - subTest(" PKIX_ComCertSelParams_SetVersion"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion - (goodParams, 0, plContext)); + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 0, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create - (PKIX_ESCASCII, certDir, 0, &dirString, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext)); - subTest(" PKIX_PL_CollectionCertStoreContext_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create - (dirString, &certStore, plContext)); + subTest(" PKIX_PL_CollectionCertStoreContext_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); - subTest(" PKIX_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &certSelector, plContext)); + subTest(" PKIX_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (certSelector, goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext)); - subTest(" PKIX_CertStore_GetCertCallback"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback - (certStore, &certCallback, NULL)); + subTest(" PKIX_CertStore_GetCertCallback"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - PKIX_TEST_DECREF_BC(certList); + PKIX_TEST_DECREF_BC(certList); - if (numCert != 0) { - pkixTestErrorMsg = "unexpected Version mismatch"; - } + if (numCert != 0) { + pkixTestErrorMsg = "unexpected Version mismatch"; + } - subTest(" PKIX_ComCertSelParams_SetVersion"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion - (goodParams, 2, plContext)); + subTest(" PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); - subTest(" Getting data from Cert Callback"); - PKIX_TEST_EXPECT_NO_ERROR(certCallback - (certStore, certSelector, &nbioContext, &certList, plContext)); + subTest(" Getting data from Cert Callback"); + PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength - (certList, &numCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext)); - if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) { - pkixTestErrorMsg = "unexpected Serial Number mismatch"; - } + if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) { + pkixTestErrorMsg = "unexpected Serial Number mismatch"; + } cleanup: - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(serialNumber); - PKIX_TEST_DECREF_AC(serialNumberStr); - PKIX_TEST_DECREF_AC(dirString); - PKIX_TEST_DECREF_AC(certList); - PKIX_TEST_DECREF_AC(certSelector); - PKIX_TEST_DECREF_AC(certStore); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(serialNumber); + PKIX_TEST_DECREF_AC(serialNumberStr); + PKIX_TEST_DECREF_AC(dirString); + PKIX_TEST_DECREF_AC(certList); + PKIX_TEST_DECREF_AC(certSelector); + PKIX_TEST_DECREF_AC(certStore); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testSubjKeyIdMatch(PKIX_List *certs) +static void +testSubjKeyIdMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_ByteArray *selSubjKeyId = NULL; - PKIX_UInt32 item = 0; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selSubjKeyId = NULL; + PKIX_UInt32 item = 0; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Subject Key Id Cert Selector"); + subTest("test Subject Key Id Cert Selector"); - item = 2; - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, item, (PKIX_PL_Object **)&cert, plContext)); + item = 2; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); - subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier - (cert, &selSubjKeyId, plContext)); + subTest(" PKIX_PL_Cert_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &selSubjKeyId, plContext)); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier - (params, selSubjKeyId, plContext)); + subTest(" PKIX_ComCertSelParams_SetSubjKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(params, selSubjKeyId, plContext)); - subTest(" Select One"); - testSelector(selector, certs, 1<<item); + subTest(" Select One"); + testSelector(selector, certs, 1 << item); cleanup: - PKIX_TEST_DECREF_AC(selSubjKeyId); - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selSubjKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testAuthKeyIdMatch(PKIX_List *certs) +static void +testAuthKeyIdMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_ByteArray *selAuthKeyId = NULL; - PKIX_UInt32 item = 0; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_ByteArray *selAuthKeyId = NULL; + PKIX_UInt32 item = 0; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Auth Key Id Cert Selector"); + subTest("test Auth Key Id Cert Selector"); - item = 3; - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, item, (PKIX_PL_Object **)&cert, plContext)); + item = 3; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); - subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier - (cert, &selAuthKeyId, plContext)); + subTest(" PKIX_PL_Cert_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &selAuthKeyId, plContext)); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetAuthorityKeyIdentifier - (params, selAuthKeyId, plContext)); + subTest(" PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(params, selAuthKeyId, plContext)); - subTest(" Select TWO"); - testSelector(selector, certs, (1<<item)|(1<<1)); + subTest(" Select TWO"); + testSelector(selector, certs, (1 << item) | (1 << 1)); cleanup: - PKIX_TEST_DECREF_AC(selAuthKeyId); - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selAuthKeyId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testSubjPKAlgIdMatch(PKIX_List *certs) +static void +testSubjPKAlgIdMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_OID *selAlgId = NULL; - PKIX_UInt32 item = 0; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_OID *selAlgId = NULL; + PKIX_UInt32 item = 0; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Subject Public Key Algorithm Id Cert Selector"); + subTest("test Subject Public Key Algorithm Id Cert Selector"); - item = 0; - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, item, (PKIX_PL_Object **)&cert, plContext)); + item = 0; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); - subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId - (cert, &selAlgId, plContext)); + subTest(" PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(cert, &selAlgId, plContext)); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId - (params, selAlgId, plContext)); + subTest(" PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(params, selAlgId, plContext)); - subTest(" Select All"); - testSelector(selector, certs, 0x7F); + subTest(" Select All"); + testSelector(selector, certs, 0x7F); cleanup: - PKIX_TEST_DECREF_AC(selAlgId); - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selAlgId); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void testSubjPublicKeyMatch(PKIX_List *certs) +static void +testSubjPublicKeyMatch(PKIX_List *certs) { - PKIX_CertSelector *selector = NULL; - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_PublicKey *selPublicKey = NULL; - PKIX_UInt32 item = 0; + PKIX_CertSelector *selector = NULL; + PKIX_ComCertSelParams *params = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_PublicKey *selPublicKey = NULL; + PKIX_UInt32 item = 0; - PKIX_TEST_STD_VARS(); + PKIX_TEST_STD_VARS(); - subTest("test Subject Public Key Cert Selector"); + subTest("test Subject Public Key Cert Selector"); - item = 5; - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem - (certs, item, (PKIX_PL_Object **)&cert, plContext)); + item = 5; + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext)); - subTest(" PKIX_PL_Cert_GetSubjectPublicKey"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey - (cert, &selPublicKey, plContext)); + subTest(" PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &selPublicKey, plContext)); - subTest(" Create Selector and ComCertSelParams"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &selector, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create - (¶ms, plContext)); + subTest(" Create Selector and ComCertSelParams"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(¶ms, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams - (selector, params, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext)); - subTest(" PKIX_ComCertSelParams_SetSubjPubKey"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey - (params, selPublicKey, plContext)); + subTest(" PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(params, selPublicKey, plContext)); - subTest(" Select ONE"); - testSelector(selector, certs, 1<<item); + subTest(" Select ONE"); + testSelector(selector, certs, 1 << item); cleanup: - PKIX_TEST_DECREF_AC(selPublicKey); - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(params); - PKIX_TEST_DECREF_AC(selector); + PKIX_TEST_DECREF_AC(selPublicKey); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(params); + PKIX_TEST_DECREF_AC(selector); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); } -static -void test_CertSelector_Duplicate(PKIX_CertSelector *selector) +static void +test_CertSelector_Duplicate(PKIX_CertSelector *selector) { - PKIX_Int32 goodBasicConstraints = 0; - PKIX_Int32 equalBasicConstraints = 0; - PKIX_CertSelector *dupSelector = NULL; - PKIX_ComCertSelParams *goodParams = NULL; - PKIX_ComCertSelParams *equalParams = NULL; - PKIX_CertSelector_MatchCallback goodCallback = NULL; - PKIX_CertSelector_MatchCallback equalCallback = NULL; - PKIX_PL_X500Name *goodSubject = NULL; - PKIX_PL_X500Name *equalSubject = NULL; - PKIX_List *goodPolicy = NULL; - PKIX_List *equalPolicy = NULL; - PKIX_PL_Cert *goodCert = NULL; - PKIX_PL_Cert *equalCert = NULL; - PKIX_PL_Date *goodDate = NULL; - PKIX_PL_Date *equalDate = NULL; - - PKIX_TEST_STD_VARS(); - - subTest("test_CertSelector_Duplicate"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate - ((PKIX_PL_Object *)selector, - (PKIX_PL_Object **)&dupSelector, - plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams - (selector, &goodParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams - (dupSelector, &equalParams, plContext)); - /* There is no equals function, so look at components separately. */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject - (goodParams, &goodSubject, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject - (equalParams, &equalSubject, plContext)); - if (goodSubject && equalSubject) { - testEqualsHelper - ((PKIX_PL_Object *)goodSubject, - (PKIX_PL_Object *)equalSubject, - PKIX_TRUE, - plContext); - } else { - if PKIX_EXACTLY_ONE_NULL(goodSubject, equalSubject) { - pkixTestErrorMsg = "Subject Names are not equal!"; - goto cleanup; - } - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy - (goodParams, &goodPolicy, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy - (equalParams, &equalPolicy, plContext)); - if (goodPolicy && equalPolicy) { - testEqualsHelper - ((PKIX_PL_Object *)goodPolicy, - (PKIX_PL_Object *)equalPolicy, - PKIX_TRUE, - plContext); - } else { - if PKIX_EXACTLY_ONE_NULL(goodPolicy, equalPolicy) { - pkixTestErrorMsg = "Policy Lists are not equal!"; - goto cleanup; - } - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate - (goodParams, &goodCert, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate - (equalParams, &equalCert, plContext)); - if (goodCert && equalCert) { - testEqualsHelper - ((PKIX_PL_Object *)goodCert, - (PKIX_PL_Object *)equalCert, - PKIX_TRUE, - plContext); - } else { - if PKIX_EXACTLY_ONE_NULL(goodCert, equalCert) { - pkixTestErrorMsg = "Cert Lists are not equal!"; - goto cleanup; - } - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid - (goodParams, &goodDate, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid - (equalParams, &equalDate, plContext)); - if (goodCert && equalCert) { - testEqualsHelper - ((PKIX_PL_Object *)goodDate, - (PKIX_PL_Object *)equalDate, - PKIX_TRUE, - plContext); - } else { - if PKIX_EXACTLY_ONE_NULL(goodDate, equalDate) { - pkixTestErrorMsg = "Date Lists are not equal!"; - goto cleanup; - } - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints - (goodParams, &goodBasicConstraints, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints - (equalParams, &equalBasicConstraints, plContext)); - if (goodBasicConstraints != equalBasicConstraints) { - pkixTestErrorMsg = "BasicConstraints are not equal!"; + PKIX_Int32 goodBasicConstraints = 0; + PKIX_Int32 equalBasicConstraints = 0; + PKIX_CertSelector *dupSelector = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_CertSelector_MatchCallback goodCallback = NULL; + PKIX_CertSelector_MatchCallback equalCallback = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_List *goodPolicy = NULL; + PKIX_List *equalPolicy = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + + PKIX_TEST_STD_VARS(); + + subTest("test_CertSelector_Duplicate"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)selector, + (PKIX_PL_Object **)&dupSelector, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(selector, &goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(dupSelector, &equalParams, plContext)); + /* There is no equals function, so look at components separately. */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + if (goodSubject && equalSubject) { + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + } else { + if + PKIX_EXACTLY_ONE_NULL(goodSubject, equalSubject) + { + pkixTestErrorMsg = "Subject Names are not equal!"; goto cleanup; - } - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback - (selector, &goodCallback, plContext)); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback - (dupSelector, &equalCallback, plContext)); - if (goodCallback != equalCallback) { - pkixTestErrorMsg = "MatchCallbacks are not equal!"; - } + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicy, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicy, plContext)); + if (goodPolicy && equalPolicy) { + testEqualsHelper((PKIX_PL_Object *)goodPolicy, + (PKIX_PL_Object *)equalPolicy, + PKIX_TRUE, + plContext); + } else { + if + PKIX_EXACTLY_ONE_NULL(goodPolicy, equalPolicy) + { + pkixTestErrorMsg = "Policy Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + } else { + if + PKIX_EXACTLY_ONE_NULL(goodCert, equalCert) + { + pkixTestErrorMsg = "Cert Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + if (goodCert && equalCert) { + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + } else { + if + PKIX_EXACTLY_ONE_NULL(goodDate, equalDate) + { + pkixTestErrorMsg = "Date Lists are not equal!"; + goto cleanup; + } + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalBasicConstraints, plContext)); + if (goodBasicConstraints != equalBasicConstraints) { + pkixTestErrorMsg = "BasicConstraints are not equal!"; + goto cleanup; + } + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &goodCallback, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(dupSelector, &equalCallback, plContext)); + if (goodCallback != equalCallback) { + pkixTestErrorMsg = "MatchCallbacks are not equal!"; + } cleanup: - PKIX_TEST_DECREF_AC(dupSelector); - PKIX_TEST_DECREF_AC(goodParams); - PKIX_TEST_DECREF_AC(equalParams); - PKIX_TEST_DECREF_AC(goodSubject); - PKIX_TEST_DECREF_AC(equalSubject); - PKIX_TEST_DECREF_AC(goodPolicy); - PKIX_TEST_DECREF_AC(equalPolicy); - PKIX_TEST_DECREF_AC(goodCert); - PKIX_TEST_DECREF_AC(equalCert); - PKIX_TEST_DECREF_AC(goodDate); - PKIX_TEST_DECREF_AC(equalDate); - - PKIX_TEST_RETURN(); + PKIX_TEST_DECREF_AC(dupSelector); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(goodPolicy); + PKIX_TEST_DECREF_AC(equalPolicy); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(equalCert); + PKIX_TEST_DECREF_AC(goodDate); + PKIX_TEST_DECREF_AC(equalDate); + + PKIX_TEST_RETURN(); } -static -void printUsage(void) { - (void) printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n"); +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n"); } -int test_certselector(int argc, char *argv[]) { - - PKIX_UInt32 i = 0; - PKIX_UInt32 j = 0; - PKIX_UInt32 actualMinorVersion; +int +test_certselector(int argc, char *argv[]) +{ - PKIX_CertSelector *emptySelector = NULL; - PKIX_List *certs = NULL; - PKIX_List *nameConstraintsCerts = NULL; - PKIX_List *subjAltNamesCerts = NULL; - PKIX_PL_Cert *cert = NULL; - PKIX_PL_Cert *policy1Cert = NULL; - PKIX_PL_Cert *policy2Cert = NULL; - PKIX_PL_Cert *anyPolicyCert = NULL; - PKIX_PL_Cert *subjectCert = NULL; - PKIX_ComCertSelParams *selParams = NULL; - char *certDir = NULL; - char *dirName = NULL; + PKIX_UInt32 i = 0; + PKIX_UInt32 j = 0; + PKIX_UInt32 actualMinorVersion; - PKIX_TEST_STD_VARS(); + PKIX_CertSelector *emptySelector = NULL; + PKIX_List *certs = NULL; + PKIX_List *nameConstraintsCerts = NULL; + PKIX_List *subjAltNamesCerts = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_PL_Cert *policy1Cert = NULL; + PKIX_PL_Cert *policy2Cert = NULL; + PKIX_PL_Cert *anyPolicyCert = NULL; + PKIX_PL_Cert *subjectCert = NULL; + PKIX_ComCertSelParams *selParams = NULL; + char *certDir = NULL; + char *dirName = NULL; - startTests("CertSelector"); + PKIX_TEST_STD_VARS(); - PKIX_TEST_EXPECT_NO_ERROR( - PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + startTests("CertSelector"); - if (argc < 3) { - printUsage(); - return (0); - } + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); - dirName = argv[j+1]; - certDir = argv[j+3]; - - /* Create a List of certs to use in testing the selector */ - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); - - for (i = 0; i < NUMCERTS; i++) { - - cert = createCert(dirName, certList[i], plContext); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (certs, (PKIX_PL_Object *)cert, plContext)); - if (i == POLICY1CERT) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef - ((PKIX_PL_Object *)cert, plContext)); - policy1Cert = cert; - } - if (i == ANYPOLICYCERT) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef - ((PKIX_PL_Object *)cert, plContext)); - anyPolicyCert = cert; - } - if (i == POLICY2CERT) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef - ((PKIX_PL_Object *)cert, plContext)); - policy2Cert = cert; - } - if (i == SUBJECTCERT) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef - ((PKIX_PL_Object *)cert, plContext)); - subjectCert = cert; - } - PKIX_TEST_DECREF_BC(cert); - } + if (argc < 3) { + printUsage(); + return (0); + } - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create - (&nameConstraintsCerts, plContext)); + dirName = argv[j + 1]; + certDir = argv[j + 3]; - for (i = 0; i < NUMNCCERTS; i++) { + /* Create a List of certs to use in testing the selector */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext)); - cert = createCert(dirName, ncCertList[i], plContext); + for (i = 0; i < NUMCERTS; i++) { - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (nameConstraintsCerts, - (PKIX_PL_Object *)cert, - plContext)); + cert = createCert(dirName, certList[i], plContext); - PKIX_TEST_DECREF_BC(cert); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)cert, plContext)); + if (i == POLICY1CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy1Cert = cert; + } + if (i == ANYPOLICYCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + anyPolicyCert = cert; } + if (i == POLICY2CERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + policy2Cert = cert; + } + if (i == SUBJECTCERT) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext)); + subjectCert = cert; + } + PKIX_TEST_DECREF_BC(cert); + } - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create - (&subjAltNamesCerts, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameConstraintsCerts, plContext)); - for (i = 0; i < NUMSANCERTS; i++) { + for (i = 0; i < NUMNCCERTS; i++) { - cert = createCert(dirName, sanCertList[i], plContext); + cert = createCert(dirName, ncCertList[i], plContext); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem - (subjAltNamesCerts, - (PKIX_PL_Object *)cert, - plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameConstraintsCerts, + (PKIX_PL_Object *)cert, + plContext)); - PKIX_TEST_DECREF_BC(cert); - } + PKIX_TEST_DECREF_BC(cert); + } - subTest("test_CertSelector_Create"); - PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create - (NULL, NULL, &emptySelector, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&subjAltNamesCerts, plContext)); - subTest("Default Match, no parameters set"); - testSelector(emptySelector, certs, 0xFFFFFFFF); + for (i = 0; i < NUMSANCERTS; i++) { - testSubjectMatch(certs, subjectCert); + cert = createCert(dirName, sanCertList[i], plContext); - testBasicConstraintsMatch(certs); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(subjAltNamesCerts, + (PKIX_PL_Object *)cert, + plContext)); + + PKIX_TEST_DECREF_BC(cert); + } - testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert); + subTest("test_CertSelector_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &emptySelector, plContext)); - testCertificateMatch(certs, subjectCert); + subTest("Default Match, no parameters set"); + testSelector(emptySelector, certs, 0xFFFFFFFF); - testCertificateValidMatch(certs); + testSubjectMatch(certs, subjectCert); - subTest("Combination: pass only EE certs that assert some policy"); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_Create(&selParams, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_ComCertSelParams_SetBasicConstraints - (selParams, -2, plContext)); - PKIX_TEST_EXPECT_NO_ERROR - (PKIX_CertSelector_SetCommonCertSelectorParams - (emptySelector, selParams, plContext)); - testSelector(emptySelector, certs, 0xC00); + testBasicConstraintsMatch(certs); - testNameConstraintsMatch(nameConstraintsCerts); + testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert); - testPathToNamesMatch(nameConstraintsCerts); + testCertificateMatch(certs, subjectCert); - testSubjAltNamesMatch(subjAltNamesCerts); + testCertificateValidMatch(certs); - testExtendedKeyUsageMatch(certDir); + subTest("Combination: pass only EE certs that assert some policy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(selParams, -2, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(emptySelector, selParams, plContext)); + testSelector(emptySelector, certs, 0xC00); - testKeyUsageMatch(certDir); + testNameConstraintsMatch(nameConstraintsCerts); - testIssuerMatch(certDir); + testPathToNamesMatch(nameConstraintsCerts); - testSerialNumberVersionMatch(certDir); + testSubjAltNamesMatch(subjAltNamesCerts); - testCertValidMatch(certDir); + testExtendedKeyUsageMatch(certDir); - testSubjKeyIdMatch(nameConstraintsCerts); + testKeyUsageMatch(certDir); - testAuthKeyIdMatch(nameConstraintsCerts); + testIssuerMatch(certDir); - testSubjPKAlgIdMatch(nameConstraintsCerts); + testSerialNumberVersionMatch(certDir); - testSubjPublicKeyMatch(nameConstraintsCerts); + testCertValidMatch(certDir); - test_CertSelector_Duplicate(emptySelector); + testSubjKeyIdMatch(nameConstraintsCerts); - test_customCallback1(certs); + testAuthKeyIdMatch(nameConstraintsCerts); - test_customCallback2(certs, anyPolicyCert); + testSubjPKAlgIdMatch(nameConstraintsCerts); - subTest("test_CertSelector_Destroy"); + testSubjPublicKeyMatch(nameConstraintsCerts); - PKIX_TEST_DECREF_BC(emptySelector); + test_CertSelector_Duplicate(emptySelector); + test_customCallback1(certs); + test_customCallback2(certs, anyPolicyCert); + + subTest("test_CertSelector_Destroy"); + + PKIX_TEST_DECREF_BC(emptySelector); cleanup: - PKIX_TEST_DECREF_AC(emptySelector); - PKIX_TEST_DECREF_AC(certs); - PKIX_TEST_DECREF_AC(cert); - PKIX_TEST_DECREF_AC(policy1Cert); - PKIX_TEST_DECREF_AC(policy2Cert); - PKIX_TEST_DECREF_AC(anyPolicyCert); - PKIX_TEST_DECREF_AC(subjectCert); - PKIX_TEST_DECREF_AC(selParams); - PKIX_TEST_DECREF_AC(nameConstraintsCerts); - PKIX_TEST_DECREF_AC(subjAltNamesCerts); + PKIX_TEST_DECREF_AC(emptySelector); + PKIX_TEST_DECREF_AC(certs); + PKIX_TEST_DECREF_AC(cert); + PKIX_TEST_DECREF_AC(policy1Cert); + PKIX_TEST_DECREF_AC(policy2Cert); + PKIX_TEST_DECREF_AC(anyPolicyCert); + PKIX_TEST_DECREF_AC(subjectCert); + PKIX_TEST_DECREF_AC(selParams); + PKIX_TEST_DECREF_AC(nameConstraintsCerts); + PKIX_TEST_DECREF_AC(subjAltNamesCerts); - PKIX_Shutdown(plContext); + PKIX_Shutdown(plContext); - PKIX_TEST_RETURN(); + PKIX_TEST_RETURN(); - endTests("CertSelector"); + endTests("CertSelector"); - return (0); + return (0); } |