test_comcertselparams.c (31187B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_comcertselparams.c 6 * 7 * Test Common Cert Selector Params 8 * 9 */ 10 11 #include "testutil.h" 12 #include "testutil_nss.h" 13 14 static void *plContext = NULL; 15 16 static void 17 test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs) 18 { 19 PKIX_UInt32 i = 0; 20 PKIX_UInt32 numInfos = 0; 21 PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL; 22 PKIX_PL_OID *policyOID = NULL; 23 PKIX_List *certPolicies = NULL; 24 25 PKIX_TEST_STD_VARS(); 26 27 /* Convert from List of CertPolicyInfos to List of OIDs */ 28 if (certPolicyInfos) { 29 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext)); 30 } 31 32 if (numInfos > 0) { 33 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext)); 34 } 35 for (i = 0; i < numInfos; i++) { 36 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos, 37 i, 38 (PKIX_PL_Object **)&certPolicyInfo, 39 plContext)); 40 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext)); 41 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext)); 42 PKIX_TEST_DECREF_BC(certPolicyInfo); 43 PKIX_TEST_DECREF_BC(policyOID); 44 } 45 46 *pPolicyOIDs = certPolicies; 47 48 cleanup: 49 50 PKIX_TEST_DECREF_AC(certPolicyInfo); 51 PKIX_TEST_DECREF_AC(policyOID); 52 53 PKIX_TEST_RETURN(); 54 } 55 56 static void 57 test_NameConstraints(char *dirName) 58 { 59 PKIX_PL_Cert *goodCert = NULL; 60 PKIX_PL_CertNameConstraints *getNameConstraints = NULL; 61 PKIX_PL_CertNameConstraints *setNameConstraints = NULL; 62 PKIX_ComCertSelParams *goodParams = NULL; 63 char *expectedAscii = 64 "[\n" 65 "\t\tPermitted Name: (OU=permittedSubtree1," 66 "O=Test Certificates,C=US, OU=permittedSubtree2," 67 "O=Test Certificates,C=US)\n" 68 "\t\tExcluded Name: (EMPTY)\n" 69 "\t]\n"; 70 71 PKIX_TEST_STD_VARS(); 72 73 subTest("Create Cert for NameConstraints test"); 74 75 goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); 76 77 subTest("PKIX_PL_Cert_GetNameConstraints"); 78 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext)); 79 80 subTest("PKIX_ComCertSelParams_Create"); 81 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 82 83 subTest("PKIX_ComCertSelParams_SetNameConstraints"); 84 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext)); 85 86 subTest("PKIX_ComCertSelParams_GetNameConstraints"); 87 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext)); 88 89 subTest("Compare NameConstraints"); 90 testEqualsHelper((PKIX_PL_Object *)setNameConstraints, 91 (PKIX_PL_Object *)getNameConstraints, 92 PKIX_TRUE, 93 plContext); 94 95 subTest("Compare NameConstraints with canned string"); 96 testToStringHelper((PKIX_PL_Object *)getNameConstraints, 97 expectedAscii, 98 plContext); 99 100 cleanup: 101 102 PKIX_TEST_DECREF_AC(goodCert); 103 PKIX_TEST_DECREF_AC(getNameConstraints); 104 PKIX_TEST_DECREF_AC(setNameConstraints); 105 PKIX_TEST_DECREF_AC(goodParams); 106 107 PKIX_TEST_RETURN(); 108 } 109 110 static void 111 test_PathToNames(void) 112 { 113 PKIX_ComCertSelParams *goodParams = NULL; 114 PKIX_List *setGenNames = NULL; 115 PKIX_List *getGenNames = NULL; 116 PKIX_PL_GeneralName *rfc822GenName = NULL; 117 PKIX_PL_GeneralName *dnsGenName = NULL; 118 PKIX_PL_GeneralName *dirGenName = NULL; 119 PKIX_PL_GeneralName *uriGenName = NULL; 120 PKIX_PL_GeneralName *oidGenName = NULL; 121 char *rfc822Name = "john.doe@labs.com"; 122 char *dnsName = "comcast.net"; 123 char *dirName = "cn=john, ou=labs, o=sun, c=us"; 124 char *uriName = "http://comcast.net"; 125 char *oidName = "1.2.840.11"; 126 char *expectedAscii = 127 "(john.doe@labs.com, " 128 "comcast.net, " 129 "CN=john,OU=labs,O=sun,C=us, " 130 "http://comcast.net)"; 131 char *expectedAsciiAll = 132 "(john.doe@labs.com, " 133 "comcast.net, " 134 "CN=john,OU=labs,O=sun,C=us, " 135 "http://comcast.net, " 136 "1.2.840.11)"; 137 138 PKIX_TEST_STD_VARS(); 139 140 subTest("PKIX_PL_GeneralName_Create"); 141 dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); 142 uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); 143 oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); 144 dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); 145 rfc822GenName = createGeneralName(PKIX_RFC822_NAME, 146 rfc822Name, 147 plContext); 148 149 subTest("PKIX_PL_GeneralName List create and append"); 150 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); 151 152 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); 153 154 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); 155 156 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); 157 158 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); 159 160 subTest("PKIX_ComCertSelParams_Create"); 161 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 162 163 subTest("PKIX_ComCertSelParams_SetPathToNames"); 164 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext)); 165 166 subTest("PKIX_ComCertSelParams_GetPathToNames"); 167 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); 168 169 subTest("Compare GeneralName List"); 170 testEqualsHelper((PKIX_PL_Object *)setGenNames, 171 (PKIX_PL_Object *)getGenNames, 172 PKIX_TRUE, 173 plContext); 174 175 subTest("Compare GeneralName List with canned string"); 176 testToStringHelper((PKIX_PL_Object *)getGenNames, 177 expectedAscii, 178 plContext); 179 180 subTest("PKIX_ComCertSelParams_AddPathToName"); 181 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext)); 182 183 PKIX_TEST_DECREF_BC(getGenNames); 184 185 subTest("PKIX_ComCertSelParams_GetPathToNames"); 186 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); 187 188 subTest("Compare GeneralName List with canned string"); 189 testToStringHelper((PKIX_PL_Object *)getGenNames, 190 expectedAsciiAll, 191 plContext); 192 193 cleanup: 194 195 PKIX_TEST_DECREF_AC(goodParams); 196 PKIX_TEST_DECREF_AC(setGenNames); 197 PKIX_TEST_DECREF_AC(getGenNames); 198 PKIX_TEST_DECREF_AC(rfc822GenName); 199 PKIX_TEST_DECREF_AC(dnsGenName); 200 PKIX_TEST_DECREF_AC(dirGenName); 201 PKIX_TEST_DECREF_AC(uriGenName); 202 PKIX_TEST_DECREF_AC(oidGenName); 203 204 PKIX_TEST_RETURN(); 205 } 206 207 static void 208 test_SubjAltNames(void) 209 { 210 PKIX_ComCertSelParams *goodParams = NULL; 211 PKIX_List *setGenNames = NULL; 212 PKIX_List *getGenNames = NULL; 213 PKIX_PL_GeneralName *rfc822GenName = NULL; 214 PKIX_PL_GeneralName *dnsGenName = NULL; 215 PKIX_PL_GeneralName *dirGenName = NULL; 216 PKIX_PL_GeneralName *uriGenName = NULL; 217 PKIX_PL_GeneralName *oidGenName = NULL; 218 PKIX_Boolean matchAll = PKIX_TRUE; 219 char *rfc822Name = "john.doe@labs.com"; 220 char *dnsName = "comcast.net"; 221 char *dirName = "cn=john, ou=labs, o=sun, c=us"; 222 char *uriName = "http://comcast.net"; 223 char *oidName = "1.2.840.11"; 224 char *expectedAscii = 225 "(john.doe@labs.com, " 226 "comcast.net, " 227 "CN=john,OU=labs,O=sun,C=us, " 228 "http://comcast.net)"; 229 char *expectedAsciiAll = 230 "(john.doe@labs.com, " 231 "comcast.net, " 232 "CN=john,OU=labs,O=sun,C=us, " 233 "http://comcast.net, " 234 "1.2.840.11)"; 235 236 PKIX_TEST_STD_VARS(); 237 238 subTest("PKIX_PL_GeneralName_Create"); 239 dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); 240 uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); 241 oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); 242 dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); 243 rfc822GenName = createGeneralName(PKIX_RFC822_NAME, 244 rfc822Name, 245 plContext); 246 247 subTest("PKIX_PL_GeneralName List create and append"); 248 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); 249 250 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); 251 252 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); 253 254 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); 255 256 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); 257 258 subTest("PKIX_ComCertSelParams_Create"); 259 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 260 261 subTest("PKIX_ComCertSelParams_SetSubjAltNames"); 262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext)); 263 264 subTest("PKIX_ComCertSelParams_GetSubjAltNames"); 265 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); 266 267 subTest("Compare GeneralName List"); 268 testEqualsHelper((PKIX_PL_Object *)setGenNames, 269 (PKIX_PL_Object *)getGenNames, 270 PKIX_TRUE, 271 plContext); 272 273 subTest("Compare GeneralName List with canned string"); 274 testToStringHelper((PKIX_PL_Object *)getGenNames, 275 expectedAscii, 276 plContext); 277 278 subTest("PKIX_ComCertSelParams_AddSubjAltName"); 279 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext)); 280 281 PKIX_TEST_DECREF_BC(getGenNames); 282 283 subTest("PKIX_ComCertSelParams_GetSubjAltNames"); 284 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); 285 286 subTest("Compare GeneralName List with canned string"); 287 testToStringHelper((PKIX_PL_Object *)getGenNames, 288 expectedAsciiAll, 289 plContext); 290 291 subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); 292 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); 293 if (matchAll != PKIX_TRUE) { 294 testError("unexpected mismatch <expect TRUE>"); 295 } 296 297 subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); 298 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext)); 299 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); 300 if (matchAll != PKIX_FALSE) { 301 testError("unexpected mismatch <expect FALSE>"); 302 } 303 304 cleanup: 305 306 PKIX_TEST_DECREF_AC(goodParams); 307 PKIX_TEST_DECREF_AC(setGenNames); 308 PKIX_TEST_DECREF_AC(getGenNames); 309 PKIX_TEST_DECREF_AC(rfc822GenName); 310 PKIX_TEST_DECREF_AC(dnsGenName); 311 PKIX_TEST_DECREF_AC(dirGenName); 312 PKIX_TEST_DECREF_AC(uriGenName); 313 PKIX_TEST_DECREF_AC(oidGenName); 314 315 PKIX_TEST_RETURN(); 316 } 317 318 static void 319 test_KeyUsages(void) 320 { 321 PKIX_ComCertSelParams *goodParams = NULL; 322 PKIX_PL_OID *ekuOid = NULL; 323 PKIX_List *setExtKeyUsage = NULL; 324 PKIX_List *getExtKeyUsage = NULL; 325 PKIX_UInt32 getKeyUsage = 0; 326 PKIX_UInt32 setKeyUsage = 0x1FF; 327 PKIX_Boolean isEqual = PKIX_FALSE; 328 329 PKIX_TEST_STD_VARS(); 330 331 subTest("PKIX_ComCertSelParams_Create"); 332 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 333 334 subTest("PKIX_ComCertSelParams_SetKeyUsage"); 335 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); 336 337 subTest("PKIX_ComCertSelParams_GetKeyUsage"); 338 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); 339 340 if (setKeyUsage != getKeyUsage) { 341 testError("unexpected KeyUsage mismatch <expect equal>"); 342 } 343 344 subTest("PKIX_PL_OID List create and append"); 345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); 346 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); 347 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); 348 PKIX_TEST_DECREF_BC(ekuOid); 349 350 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); 351 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); 352 PKIX_TEST_DECREF_BC(ekuOid); 353 354 subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); 355 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); 356 357 subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); 358 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); 359 360 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, 361 (PKIX_PL_Object *)getExtKeyUsage, 362 &isEqual, 363 plContext)); 364 365 if (isEqual == PKIX_FALSE) { 366 testError("unexpected ExtKeyUsage mismatch <expect equal>"); 367 } 368 369 cleanup: 370 371 PKIX_TEST_DECREF_AC(ekuOid); 372 PKIX_TEST_DECREF_AC(setExtKeyUsage); 373 PKIX_TEST_DECREF_AC(getExtKeyUsage); 374 PKIX_TEST_DECREF_AC(goodParams); 375 376 PKIX_TEST_RETURN(); 377 } 378 379 static void 380 test_Version_Issuer_SerialNumber(void) 381 { 382 PKIX_ComCertSelParams *goodParams = NULL; 383 PKIX_UInt32 version = 0; 384 PKIX_PL_X500Name *setIssuer = NULL; 385 PKIX_PL_X500Name *getIssuer = NULL; 386 PKIX_PL_String *str = NULL; 387 PKIX_PL_BigInt *setSerialNumber = NULL; 388 PKIX_PL_BigInt *getSerialNumber = NULL; 389 PKIX_Boolean isEqual = PKIX_FALSE; 390 char *bigInt = "999999999999999999"; 391 392 PKIX_TEST_STD_VARS(); 393 394 subTest("PKIX_ComCertSelParams_Create"); 395 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 396 397 /* Version */ 398 subTest("PKIX_ComCertSelParams_SetVersion"); 399 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); 400 401 subTest("PKIX_ComCertSelParams_GetVersion"); 402 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); 403 404 if (version != 2) { 405 testError("unexpected Version mismatch <expect 2>"); 406 } 407 408 /* Issuer */ 409 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); 410 411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); 412 413 PKIX_TEST_DECREF_BC(str); 414 415 subTest("PKIX_ComCertSelParams_SetIssuer"); 416 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); 417 418 subTest("PKIX_ComCertSelParams_GetIssuer"); 419 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); 420 421 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, 422 (PKIX_PL_Object *)getIssuer, 423 &isEqual, 424 plContext)); 425 426 if (isEqual == PKIX_FALSE) { 427 testError("unexpected Issuer mismatch <expect equal>"); 428 } 429 430 /* Serial Number */ 431 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); 432 433 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); 434 435 subTest("PKIX_ComCertSelParams_SetSerialNumber"); 436 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); 437 438 subTest("PKIX_ComCertSelParams_GetSerialNumber"); 439 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); 440 441 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, 442 (PKIX_PL_Object *)getSerialNumber, 443 &isEqual, 444 plContext)); 445 446 if (isEqual == PKIX_FALSE) { 447 testError("unexpected Serial Number mismatch <expect equal>"); 448 } 449 450 cleanup: 451 452 PKIX_TEST_DECREF_AC(str); 453 PKIX_TEST_DECREF_AC(setIssuer); 454 PKIX_TEST_DECREF_AC(getIssuer); 455 PKIX_TEST_DECREF_AC(setSerialNumber); 456 PKIX_TEST_DECREF_AC(getSerialNumber); 457 PKIX_TEST_DECREF_AC(goodParams); 458 459 PKIX_TEST_RETURN(); 460 } 461 462 static void 463 test_SubjKeyId_AuthKeyId(void) 464 { 465 PKIX_ComCertSelParams *goodParams = NULL; 466 PKIX_PL_ByteArray *setKeyId = NULL; 467 PKIX_PL_ByteArray *getKeyId = NULL; 468 PKIX_Boolean isEqual = PKIX_FALSE; 469 470 PKIX_TEST_STD_VARS(); 471 472 /* Subject Key Identifier */ 473 subTest("PKIX_PL_ByteArray_Create"); 474 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext)); 475 476 subTest("PKIX_ComCertSelParams_Create"); 477 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 478 479 subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier"); 480 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext)); 481 482 subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier"); 483 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext)); 484 485 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, 486 (PKIX_PL_Object *)getKeyId, 487 &isEqual, 488 plContext)); 489 490 if (isEqual == PKIX_FALSE) { 491 testError("unexpected Subject Key Id mismatch <expect equal>"); 492 } 493 494 PKIX_TEST_DECREF_BC(setKeyId); 495 PKIX_TEST_DECREF_BC(getKeyId); 496 497 /* Authority Key Identifier */ 498 subTest("PKIX_PL_ByteArray_Create"); 499 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext)); 500 501 subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); 502 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext)); 503 504 subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); 505 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext)); 506 507 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, 508 (PKIX_PL_Object *)getKeyId, 509 &isEqual, 510 plContext)); 511 512 if (isEqual == PKIX_FALSE) { 513 testError("unexpected Auth Key Id mismatch <expect equal>"); 514 } 515 516 cleanup: 517 518 PKIX_TEST_DECREF_AC(setKeyId); 519 PKIX_TEST_DECREF_AC(getKeyId); 520 PKIX_TEST_DECREF_AC(goodParams); 521 522 PKIX_TEST_RETURN(); 523 } 524 525 static void 526 test_SubjAlgId_SubjPublicKey(char *dirName) 527 { 528 PKIX_ComCertSelParams *goodParams = NULL; 529 PKIX_PL_OID *setAlgId = NULL; 530 PKIX_PL_OID *getAlgId = NULL; 531 PKIX_PL_Cert *goodCert = NULL; 532 PKIX_PL_PublicKey *setPublicKey = NULL; 533 PKIX_PL_PublicKey *getPublicKey = NULL; 534 PKIX_Boolean isEqual = PKIX_FALSE; 535 536 PKIX_TEST_STD_VARS(); 537 538 /* Subject Algorithm Identifier */ 539 subTest("PKIX_PL_OID_Create"); 540 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); 541 542 subTest("PKIX_ComCertSelParams_Create"); 543 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 544 545 subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); 546 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); 547 548 subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); 549 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); 550 551 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, 552 (PKIX_PL_Object *)getAlgId, 553 &isEqual, 554 plContext)); 555 556 if (isEqual == PKIX_FALSE) { 557 testError("unexpected Subject Public Key Alg mismatch " 558 "<expect equal>"); 559 } 560 561 /* Subject Public Key */ 562 subTest("Getting Cert for Subject Public Key"); 563 564 goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); 565 566 subTest("PKIX_PL_Cert_GetSubjectPublicKey"); 567 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); 568 569 subTest("PKIX_ComCertSelParams_SetSubjPubKey"); 570 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); 571 572 subTest("PKIX_ComCertSelParams_GetSubjPubKey"); 573 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); 574 575 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, 576 (PKIX_PL_Object *)getPublicKey, 577 &isEqual, 578 plContext)); 579 580 if (isEqual == PKIX_FALSE) { 581 testError("unexpected Subject Public Key mismatch " 582 "<expect equal>"); 583 } 584 585 cleanup: 586 587 PKIX_TEST_DECREF_AC(setAlgId); 588 PKIX_TEST_DECREF_AC(getAlgId); 589 PKIX_TEST_DECREF_AC(goodParams); 590 PKIX_TEST_DECREF_AC(goodCert); 591 PKIX_TEST_DECREF_AC(setPublicKey); 592 PKIX_TEST_DECREF_AC(getPublicKey); 593 594 PKIX_TEST_RETURN(); 595 } 596 597 static void 598 printUsage(void) 599 { 600 (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n"); 601 } 602 603 int 604 test_comcertselparams(int argc, char *argv[]) 605 { 606 607 PKIX_UInt32 actualMinorVersion; 608 PKIX_UInt32 j = 0; 609 610 PKIX_PL_Cert *testCert = NULL; 611 PKIX_PL_Cert *goodCert = NULL; 612 PKIX_PL_Cert *equalCert = NULL; 613 PKIX_PL_Cert *diffCert = NULL; 614 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; 615 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; 616 PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ 617 PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ 618 619 PKIX_ComCertSelParams *goodParams = NULL; 620 PKIX_ComCertSelParams *equalParams = NULL; 621 PKIX_PL_X500Name *goodSubject = NULL; 622 PKIX_PL_X500Name *equalSubject = NULL; 623 PKIX_PL_X500Name *diffSubject = NULL; 624 PKIX_PL_X500Name *testSubject = NULL; 625 PKIX_Int32 goodMinPathLength = 0; 626 PKIX_Int32 equalMinPathLength = 0; 627 PKIX_Int32 diffMinPathLength = 0; 628 PKIX_Int32 testMinPathLength = 0; 629 PKIX_List *goodPolicies = NULL; /* OIDs */ 630 PKIX_List *equalPolicies = NULL; /* OIDs */ 631 PKIX_List *testPolicies = NULL; /* OIDs */ 632 PKIX_List *cert2Policies = NULL; /* OIDs */ 633 634 PKIX_PL_Date *testDate = NULL; 635 PKIX_PL_Date *goodDate = NULL; 636 PKIX_PL_Date *equalDate = NULL; 637 PKIX_PL_String *stringRep = NULL; 638 char *asciiRep = NULL; 639 char *dirName = NULL; 640 641 PKIX_TEST_STD_VARS(); 642 643 if (argc < 2) { 644 printUsage(); 645 return (0); 646 } 647 648 startTests("ComCertSelParams"); 649 650 PKIX_TEST_EXPECT_NO_ERROR( 651 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 652 653 dirName = argv[j + 1]; 654 655 asciiRep = "050501000000Z"; 656 657 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); 658 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); 659 660 testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); 661 662 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); 663 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); 664 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); 665 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); 666 667 /* Convert from List of CertPolicyInfos to List of OIDs */ 668 test_CreateOIDList(testPolicyInfos, &testPolicies); 669 670 subTest("Create goodParams and set its fields"); 671 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); 672 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); 673 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); 674 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); 675 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); 676 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); 677 678 subTest("Duplicate goodParams and verify copy"); 679 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, 680 (PKIX_PL_Object **)&equalParams, 681 plContext)); 682 683 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); 684 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); 685 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); 686 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); 687 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); 688 689 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); 690 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); 691 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); 692 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); 693 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); 694 695 testEqualsHelper((PKIX_PL_Object *)goodSubject, 696 (PKIX_PL_Object *)equalSubject, 697 PKIX_TRUE, 698 plContext); 699 700 if (goodMinPathLength != equalMinPathLength) { 701 testError("unexpected mismatch"); 702 (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); 703 (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); 704 } 705 706 testEqualsHelper((PKIX_PL_Object *)goodPolicies, 707 (PKIX_PL_Object *)equalPolicies, 708 PKIX_TRUE, 709 plContext); 710 711 testEqualsHelper((PKIX_PL_Object *)goodCert, 712 (PKIX_PL_Object *)equalCert, 713 PKIX_TRUE, 714 plContext); 715 716 testEqualsHelper((PKIX_PL_Object *)goodDate, 717 (PKIX_PL_Object *)equalDate, 718 PKIX_TRUE, 719 plContext); 720 721 PKIX_TEST_DECREF_BC(equalSubject); 722 PKIX_TEST_DECREF_BC(equalPolicies); 723 PKIX_TEST_DECREF_BC(equalCert); 724 PKIX_TEST_DECREF_AC(equalDate); 725 726 subTest("Set different values and verify differences"); 727 728 diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); 729 730 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); 731 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); 732 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); 733 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); 734 test_CreateOIDList(cert2PolicyInfos, &cert2Policies); 735 736 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( 737 equalParams, diffSubject, plContext)); 738 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); 739 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); 740 741 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); 742 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); 743 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); 744 745 testEqualsHelper((PKIX_PL_Object *)goodSubject, 746 (PKIX_PL_Object *)equalSubject, 747 PKIX_FALSE, 748 plContext); 749 750 if (goodMinPathLength == equalMinPathLength) { 751 testError("unexpected match"); 752 (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); 753 (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); 754 } 755 756 testEqualsHelper((PKIX_PL_Object *)goodPolicies, 757 (PKIX_PL_Object *)equalPolicies, 758 PKIX_FALSE, 759 plContext); 760 761 test_NameConstraints(dirName); 762 test_PathToNames(); 763 test_SubjAltNames(); 764 test_KeyUsages(); 765 test_Version_Issuer_SerialNumber(); 766 test_SubjKeyId_AuthKeyId(); 767 test_SubjAlgId_SubjPublicKey(dirName); 768 769 cleanup: 770 771 PKIX_TEST_DECREF_AC(testSubject); 772 PKIX_TEST_DECREF_AC(goodSubject); 773 PKIX_TEST_DECREF_AC(equalSubject); 774 PKIX_TEST_DECREF_AC(diffSubject); 775 PKIX_TEST_DECREF_AC(testSubject); 776 PKIX_TEST_DECREF_AC(goodPolicies); 777 PKIX_TEST_DECREF_AC(equalPolicies); 778 PKIX_TEST_DECREF_AC(testPolicies); 779 PKIX_TEST_DECREF_AC(cert2Policies); 780 PKIX_TEST_DECREF_AC(goodParams); 781 PKIX_TEST_DECREF_AC(equalParams); 782 PKIX_TEST_DECREF_AC(goodCert); 783 PKIX_TEST_DECREF_AC(diffCert); 784 PKIX_TEST_DECREF_AC(testCert); 785 PKIX_TEST_DECREF_AC(goodBasicConstraints); 786 PKIX_TEST_DECREF_AC(diffBasicConstraints); 787 PKIX_TEST_DECREF_AC(testPolicyInfos); 788 PKIX_TEST_DECREF_AC(cert2PolicyInfos); 789 PKIX_TEST_DECREF_AC(stringRep); 790 PKIX_TEST_DECREF_AC(testDate); 791 PKIX_TEST_DECREF_AC(goodDate); 792 793 PKIX_Shutdown(plContext); 794 795 PKIX_TEST_RETURN(); 796 797 endTests("ComCertSelParams"); 798 799 return (0); 800 }