tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_trustanchor.c (6836B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_trustanchor.c
      6 *
      7 * Test TrustAnchor Type
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 static void *plContext = NULL;
     15 
     16 static void
     17 createTrustAnchors(
     18    char *dirName,
     19    char *goodInput,
     20    PKIX_TrustAnchor **goodObject,
     21    PKIX_TrustAnchor **equalObject,
     22    PKIX_TrustAnchor **diffObject)
     23 {
     24    subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>");
     25    *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
     26 
     27    subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>");
     28    *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
     29 
     30    subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>");
     31    *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext);
     32 }
     33 
     34 static void
     35 testGetCAName(
     36    PKIX_PL_Cert *diffCert,
     37    PKIX_TrustAnchor *equalObject)
     38 {
     39 
     40    PKIX_PL_X500Name *diffCAName = NULL;
     41    PKIX_PL_X500Name *equalCAName = NULL;
     42 
     43    PKIX_TEST_STD_VARS();
     44    subTest("PKIX_TrustAnchor_GetCAName");
     45 
     46    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext));
     47 
     48    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext));
     49 
     50    testEqualsHelper((PKIX_PL_Object *)diffCAName,
     51                     (PKIX_PL_Object *)equalCAName,
     52                     PKIX_TRUE,
     53                     plContext);
     54 
     55 cleanup:
     56 
     57    PKIX_TEST_DECREF_AC(diffCAName);
     58    PKIX_TEST_DECREF_AC(equalCAName);
     59 
     60    PKIX_TEST_RETURN();
     61 }
     62 
     63 static void
     64 testGetCAPublicKey(
     65    PKIX_PL_Cert *diffCert,
     66    PKIX_TrustAnchor *equalObject)
     67 {
     68 
     69    PKIX_PL_PublicKey *diffPubKey = NULL;
     70    PKIX_PL_PublicKey *equalPubKey = NULL;
     71 
     72    PKIX_TEST_STD_VARS();
     73    subTest("PKIX_TrustAnchor_GetCAPublicKey");
     74 
     75    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext));
     76 
     77    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext));
     78 
     79    testEqualsHelper((PKIX_PL_Object *)diffPubKey,
     80                     (PKIX_PL_Object *)equalPubKey,
     81                     PKIX_TRUE,
     82                     plContext);
     83 
     84 cleanup:
     85 
     86    PKIX_TEST_DECREF_AC(diffPubKey);
     87    PKIX_TEST_DECREF_AC(equalPubKey);
     88 
     89    PKIX_TEST_RETURN();
     90 }
     91 
     92 static void
     93 testGetNameConstraints(char *dirName)
     94 {
     95    PKIX_TrustAnchor *goodObject = NULL;
     96    PKIX_TrustAnchor *equalObject = NULL;
     97    PKIX_TrustAnchor *diffObject = NULL;
     98    PKIX_PL_Cert *diffCert;
     99    PKIX_PL_CertNameConstraints *diffNC = NULL;
    100    PKIX_PL_CertNameConstraints *equalNC = NULL;
    101    char *goodInput = "nameConstraintsDN5CACert.crt";
    102    char *expectedAscii =
    103        "[\n"
    104        "\tTrusted CA Name:         CN=nameConstraints DN5 CA,"
    105        "O=Test Certificates,C=US\n"
    106        "\tTrusted CA PublicKey:    PKCS #1 RSA Encryption\n"
    107        "\tInitial Name Constraints:[\n"
    108        "\t\tPermitted Name:  (OU=permittedSubtree1,"
    109        "O=Test Certificates,C=US)\n"
    110        "\t\tExcluded Name:   (OU=excludedSubtree1,"
    111        "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
    112        "\t]\n"
    113        "\n"
    114        "]\n";
    115 
    116    PKIX_TEST_STD_VARS();
    117 
    118    subTest("Create TrustAnchors and compare");
    119 
    120    createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject);
    121 
    122    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
    123                                equalObject,
    124                                diffObject,
    125                                expectedAscii,
    126                                TrustAnchor,
    127                                PKIX_TRUE);
    128 
    129    subTest("PKIX_TrustAnchor_GetTrustedCert");
    130 
    131    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
    132 
    133    subTest("PKIX_PL_Cert_GetNameConstraints");
    134 
    135    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext));
    136 
    137    subTest("PKIX_TrustAnchor_GetNameConstraints");
    138 
    139    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext));
    140 
    141    testEqualsHelper((PKIX_PL_Object *)diffNC,
    142                     (PKIX_PL_Object *)equalNC,
    143                     PKIX_TRUE,
    144                     plContext);
    145 
    146 cleanup:
    147 
    148    PKIX_TEST_DECREF_AC(diffNC);
    149    PKIX_TEST_DECREF_AC(equalNC);
    150    PKIX_TEST_DECREF_BC(diffCert);
    151    PKIX_TEST_DECREF_BC(goodObject);
    152    PKIX_TEST_DECREF_BC(equalObject);
    153    PKIX_TEST_DECREF_BC(diffObject);
    154 
    155    PKIX_TEST_RETURN();
    156 }
    157 
    158 static void
    159 testDestroy(void *goodObject, void *equalObject, void *diffObject)
    160 {
    161    PKIX_TEST_STD_VARS();
    162 
    163    subTest("PKIX_TrustAnchor_Destroy");
    164 
    165    PKIX_TEST_DECREF_BC(goodObject);
    166    PKIX_TEST_DECREF_BC(equalObject);
    167    PKIX_TEST_DECREF_BC(diffObject);
    168 
    169 cleanup:
    170 
    171    PKIX_TEST_RETURN();
    172 }
    173 
    174 static void
    175 printUsage(void)
    176 {
    177    (void)printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n");
    178 }
    179 
    180 int
    181 test_trustanchor(int argc, char *argv[])
    182 {
    183 
    184    PKIX_TrustAnchor *goodObject = NULL;
    185    PKIX_TrustAnchor *equalObject = NULL;
    186    PKIX_TrustAnchor *diffObject = NULL;
    187    PKIX_PL_Cert *diffCert = NULL;
    188    PKIX_UInt32 actualMinorVersion;
    189    PKIX_UInt32 j = 0;
    190 
    191    char *goodInput = "yassir2yassir";
    192    char *expectedAscii =
    193        "[\n"
    194        "\tTrusted CA Name:         "
    195        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
    196        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
    197        "\tInitial Name Constraints:(null)\n"
    198        "]\n";
    199    char *dirName = NULL;
    200    char *dataCentralDir = NULL;
    201 
    202    PKIX_TEST_STD_VARS();
    203 
    204    startTests("TrustAnchor");
    205 
    206    PKIX_TEST_EXPECT_NO_ERROR(
    207        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
    208 
    209    if (argc < 3) {
    210        printUsage();
    211        return (0);
    212    }
    213 
    214    dirName = argv[j + 1];
    215    dataCentralDir = argv[j + 2];
    216 
    217    createTrustAnchors(dataCentralDir,
    218                       goodInput,
    219                       &goodObject,
    220                       &equalObject,
    221                       &diffObject);
    222 
    223    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
    224                                equalObject,
    225                                diffObject,
    226                                expectedAscii,
    227                                TrustAnchor,
    228                                PKIX_TRUE);
    229 
    230    subTest("PKIX_TrustAnchor_GetTrustedCert");
    231    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
    232 
    233    testGetCAName(diffCert, equalObject);
    234    testGetCAPublicKey(diffCert, equalObject);
    235 
    236    testGetNameConstraints(dirName);
    237 
    238    testDestroy(goodObject, equalObject, diffObject);
    239 
    240 cleanup:
    241 
    242    PKIX_TEST_DECREF_AC(diffCert);
    243 
    244    PKIX_Shutdown(plContext);
    245 
    246    PKIX_TEST_RETURN();
    247 
    248    endTests("TrustAnchor");
    249 
    250    return (0);
    251 }