test_basicconstraintschecker.c (4137B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_basicconstraintschecker.c 6 * 7 * Test Basic Constraints Checking 8 * 9 */ 10 11 #include "testutil.h" 12 #include "testutil_nss.h" 13 14 #define PKIX_TEST_MAX_CERTS 10 15 16 static void *plContext = NULL; 17 18 static void 19 printUsage1(char *pName) 20 { 21 printf("\nUSAGE: %s test-name [ENE|EE] ", pName); 22 printf("cert [certs].\n"); 23 } 24 25 static void 26 printUsageMax(PKIX_UInt32 numCerts) 27 { 28 printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n", 29 numCerts, PKIX_TEST_MAX_CERTS); 30 } 31 32 int 33 test_basicconstraintschecker(int argc, char *argv[]) 34 { 35 36 PKIX_List *chain = NULL; 37 PKIX_ValidateParams *valParams = NULL; 38 PKIX_ValidateResult *valResult = NULL; 39 PKIX_UInt32 actualMinorVersion; 40 char *certNames[PKIX_TEST_MAX_CERTS]; 41 PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS]; 42 PKIX_VerifyNode *verifyTree = NULL; 43 PKIX_PL_String *verifyString = NULL; 44 PKIX_UInt32 chainLength = 0; 45 PKIX_UInt32 i = 0; 46 PKIX_UInt32 j = 0; 47 PKIX_Boolean testValid = PKIX_FALSE; 48 char *dirName = NULL; 49 50 PKIX_TEST_STD_VARS(); 51 52 if (argc < 4) { 53 printUsage1(argv[0]); 54 return (0); 55 } 56 57 startTests("BasicConstraintsChecker"); 58 59 PKIX_TEST_EXPECT_NO_ERROR( 60 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 61 62 /* ENE = expect no error; EE = expect error */ 63 if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { 64 testValid = PKIX_TRUE; 65 } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { 66 testValid = PKIX_FALSE; 67 } else { 68 printUsage1(argv[0]); 69 return (0); 70 } 71 72 dirName = argv[3 + j]; 73 74 chainLength = (argc - j) - 4; 75 if (chainLength > PKIX_TEST_MAX_CERTS) { 76 printUsageMax(chainLength); 77 } 78 79 for (i = 0; i < chainLength; i++) { 80 certNames[i] = argv[(4 + j) + i]; 81 certs[i] = NULL; 82 } 83 84 subTest(argv[1 + j]); 85 86 subTest("Basic-Constraints - Create Cert Chain"); 87 88 chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext); 89 90 /* 91 * Error occurs when creating Cert, this is critical and test 92 * should not continue. Since we expect error, we assume this 93 * error is the one that is expected, so undo the error count. 94 * 95 * This work needs future enhancement. We will introduce another 96 * flag ESE, in addition to the existing EE(expect validation 97 * error) and ENE(expect no validation error). ESE stands for 98 * "expect setup error". When running with ESE, if any of the setup 99 * calls such creating Cert Chain fails, the test can end and 100 * considered to be successful. 101 */ 102 if (testValid == PKIX_FALSE && chain == NULL) { 103 testErrorUndo("Cert Error - Create failed"); 104 goto cleanup; 105 } 106 107 subTest("Basic-Constraints - Create Params"); 108 109 valParams = createValidateParams(dirName, 110 argv[4 + 111 j], 112 NULL, 113 NULL, 114 NULL, 115 PKIX_FALSE, 116 PKIX_FALSE, 117 PKIX_FALSE, 118 PKIX_FALSE, 119 chain, 120 plContext); 121 122 subTest("Basic-Constraints - Validate Chain"); 123 124 if (testValid == PKIX_TRUE) { 125 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 126 } else { 127 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 128 } 129 130 cleanup: 131 132 PKIX_TEST_DECREF_AC(verifyString); 133 PKIX_TEST_DECREF_AC(verifyTree); 134 PKIX_TEST_DECREF_AC(chain); 135 PKIX_TEST_DECREF_AC(valParams); 136 PKIX_TEST_DECREF_AC(valResult); 137 138 PKIX_Shutdown(plContext); 139 140 PKIX_TEST_RETURN(); 141 142 endTests("BasicConstraintsChecker"); 143 144 return (0); 145 }