test_basicchecker.c (6648B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_basicchecker.c 6 * 7 * Test Basic Checking 8 * 9 */ 10 11 #include "testutil.h" 12 #include "testutil_nss.h" 13 14 static void *plContext = NULL; 15 16 static void 17 testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii) 18 { 19 20 PKIX_List *chain = NULL; 21 PKIX_ValidateParams *valParams = NULL; 22 PKIX_ValidateResult *valResult = NULL; 23 PKIX_VerifyNode *verifyTree = NULL; 24 PKIX_PL_String *verifyString = NULL; 25 26 PKIX_TEST_STD_VARS(); 27 28 subTest("Basic-Common-Fields <pass>"); 29 /* 30 * Tests the Expiration, NameChaining, and Signature Checkers 31 */ 32 33 chain = createCertChain(dirName, goodInput, diffInput, plContext); 34 35 valParams = createValidateParams(dirName, 36 goodInput, 37 diffInput, 38 dateAscii, 39 NULL, 40 PKIX_FALSE, 41 PKIX_FALSE, 42 PKIX_FALSE, 43 PKIX_FALSE, 44 chain, 45 plContext); 46 47 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 48 49 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); 50 (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); 51 52 cleanup: 53 54 PKIX_TEST_DECREF_AC(verifyString); 55 PKIX_TEST_DECREF_AC(verifyTree); 56 PKIX_TEST_DECREF_AC(chain); 57 PKIX_TEST_DECREF_AC(valParams); 58 PKIX_TEST_DECREF_AC(valResult); 59 60 PKIX_TEST_RETURN(); 61 } 62 63 static void 64 testNameChainingFail( 65 char *dirName, 66 char *goodInput, 67 char *diffInput, 68 char *dateAscii) 69 { 70 PKIX_List *chain = NULL; 71 PKIX_ValidateParams *valParams = NULL; 72 PKIX_ValidateResult *valResult = NULL; 73 PKIX_VerifyNode *verifyTree = NULL; 74 PKIX_PL_String *verifyString = NULL; 75 76 PKIX_TEST_STD_VARS(); 77 78 subTest("NameChaining <fail>"); 79 80 chain = createCertChain(dirName, diffInput, goodInput, plContext); 81 82 valParams = createValidateParams(dirName, 83 goodInput, 84 diffInput, 85 dateAscii, 86 NULL, 87 PKIX_FALSE, 88 PKIX_FALSE, 89 PKIX_FALSE, 90 PKIX_FALSE, 91 chain, 92 plContext); 93 94 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 95 96 cleanup: 97 98 PKIX_TEST_DECREF_AC(verifyString); 99 PKIX_TEST_DECREF_AC(verifyTree); 100 PKIX_TEST_DECREF_AC(chain); 101 PKIX_TEST_DECREF_AC(valParams); 102 PKIX_TEST_DECREF_AC(valResult); 103 104 PKIX_TEST_RETURN(); 105 } 106 107 static void 108 testDateFail(char *dirName, char *goodInput, char *diffInput) 109 { 110 111 PKIX_List *chain = NULL; 112 PKIX_ValidateParams *valParams = NULL; 113 PKIX_ValidateResult *valResult = NULL; 114 115 PKIX_TEST_STD_VARS(); 116 117 chain = createCertChain(dirName, goodInput, diffInput, plContext); 118 119 subTest("Expiration <fail>"); 120 valParams = createValidateParams(dirName, 121 goodInput, 122 diffInput, 123 NULL, 124 NULL, 125 PKIX_FALSE, 126 PKIX_FALSE, 127 PKIX_FALSE, 128 PKIX_FALSE, 129 chain, 130 plContext); 131 132 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); 133 134 cleanup: 135 136 PKIX_TEST_DECREF_AC(chain); 137 PKIX_TEST_DECREF_AC(valParams); 138 PKIX_TEST_DECREF_AC(valResult); 139 140 PKIX_TEST_RETURN(); 141 } 142 143 static void 144 testSignatureFail( 145 char *dirName, 146 char *goodInput, 147 char *diffInput, 148 char *dateAscii) 149 { 150 PKIX_List *chain = NULL; 151 PKIX_ValidateParams *valParams = NULL; 152 PKIX_ValidateResult *valResult = NULL; 153 154 PKIX_TEST_STD_VARS(); 155 156 subTest("Signature <fail>"); 157 158 chain = createCertChain(dirName, diffInput, goodInput, plContext); 159 160 valParams = createValidateParams(dirName, 161 goodInput, 162 diffInput, 163 dateAscii, 164 NULL, 165 PKIX_FALSE, 166 PKIX_FALSE, 167 PKIX_FALSE, 168 PKIX_FALSE, 169 chain, 170 plContext); 171 172 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext)); 173 174 cleanup: 175 176 PKIX_TEST_DECREF_AC(chain); 177 PKIX_TEST_DECREF_AC(valParams); 178 PKIX_TEST_DECREF_AC(valResult); 179 180 PKIX_TEST_RETURN(); 181 } 182 183 static void 184 printUsage(char *pName) 185 { 186 printf("\nUSAGE: %s <central-data-dir>\n\n", pName); 187 } 188 189 int 190 test_basicchecker(int argc, char *argv[]) 191 { 192 193 char *goodInput = "yassir2yassir"; 194 char *diffInput = "yassir2bcn"; 195 char *dateAscii = "991201000000Z"; 196 char *dirName = NULL; 197 PKIX_UInt32 j = 0; 198 PKIX_UInt32 actualMinorVersion; 199 200 PKIX_TEST_STD_VARS(); 201 202 startTests("SignatureChecker"); 203 204 PKIX_TEST_EXPECT_NO_ERROR( 205 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 206 207 if (argc < 2) { 208 printUsage(argv[0]); 209 return (0); 210 } 211 212 dirName = argv[j + 1]; 213 214 /* The NameChaining, Expiration, and Signature Checkers all pass */ 215 testPass(dirName, goodInput, diffInput, dateAscii); 216 217 /* Individual Checkers fail */ 218 testNameChainingFail(dirName, goodInput, diffInput, dateAscii); 219 testDateFail(dirName, goodInput, diffInput); 220 221 /* 222 * XXX 223 * since the signature check is done last, we need to create 224 * certs whose name chaining passes, but their signatures fail; 225 * we currently don't have any such certs. 226 */ 227 /* testSignatureFail(goodInput, diffInput, dateAscii); */ 228 229 cleanup: 230 231 PKIX_Shutdown(plContext); 232 233 PKIX_TEST_RETURN(); 234 235 endTests("SignatureChecker"); 236 237 return (0); 238 }