test_buildchain_partialchain.c (26017B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_buildchain_partialchain.c 6 * 7 * Test BuildChain function 8 * 9 */ 10 11 #define debuggingWithoutRevocation 12 13 #include "testutil.h" 14 #include "testutil_nss.h" 15 16 #define LDAP_PORT 389 17 static PKIX_Boolean usebind = PKIX_FALSE; 18 static PKIX_Boolean useLDAP = PKIX_FALSE; 19 static char buf[PR_NETDB_BUF_SIZE]; 20 static char *serverName = NULL; 21 static char *sepPtr = NULL; 22 static PRNetAddr netAddr; 23 static PRHostEnt hostent; 24 static PKIX_UInt32 portNum = 0; 25 static PRIntn hostenum = 0; 26 static PRStatus prstatus = PR_FAILURE; 27 static void *ipaddr = NULL; 28 29 static void *plContext = NULL; 30 31 static void 32 printUsage(void) 33 { 34 (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] " 35 "servername[:port] <testName> [ENE|EE]\n" 36 "\t <certStoreDirectory> <targetCert>" 37 " <intermediate Certs...> <trustedCert>\n\n"); 38 (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n" 39 "using the certs and CRLs in <certStoreDirectory>. " 40 "servername[:port] gives\n" 41 "the address of an LDAP server. If port is not" 42 " specified, port 389 is used. \"-\" means no LDAP server.\n" 43 "If ENE is specified, then an Error is Not Expected. " 44 "EE indicates an Error is Expected.\n"); 45 } 46 47 static PKIX_Error * 48 createLdapCertStore( 49 char *hostname, 50 PRIntervalTime timeout, 51 PKIX_CertStore **pLdapCertStore, 52 void *plContext) 53 { 54 PRIntn backlog = 0; 55 56 char *bindname = ""; 57 char *auth = ""; 58 59 LDAPBindAPI bindAPI; 60 LDAPBindAPI *bindPtr = NULL; 61 PKIX_PL_LdapDefaultClient *ldapClient = NULL; 62 PKIX_CertStore *ldapCertStore = NULL; 63 64 PKIX_TEST_STD_VARS(); 65 66 if (usebind) { 67 bindPtr = &bindAPI; 68 bindAPI.selector = SIMPLE_AUTH; 69 bindAPI.chooser.simple.bindName = bindname; 70 bindAPI.chooser.simple.authentication = auth; 71 } 72 73 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext)); 74 75 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, 76 &ldapCertStore, 77 plContext)); 78 79 *pLdapCertStore = ldapCertStore; 80 cleanup: 81 82 PKIX_TEST_DECREF_AC(ldapClient); 83 84 PKIX_TEST_RETURN(); 85 86 return (pkixTestErrorResult); 87 } 88 89 /* Test with all Certs in the partial list, no leaf */ 90 static PKIX_Error * 91 testWithNoLeaf( 92 PKIX_PL_Cert *trustedCert, 93 PKIX_List *listOfCerts, 94 PKIX_PL_Cert *targetCert, 95 PKIX_List *certStores, 96 PKIX_Boolean testValid, 97 void *plContext) 98 { 99 PKIX_UInt32 numCerts = 0; 100 PKIX_UInt32 i = 0; 101 PKIX_TrustAnchor *anchor = NULL; 102 PKIX_List *anchors = NULL; 103 PKIX_List *hintCerts = NULL; 104 PKIX_List *revCheckers = NULL; 105 PKIX_List *certs = NULL; 106 PKIX_PL_Cert *cert = NULL; 107 PKIX_ProcessingParams *procParams = NULL; 108 PKIX_ComCertSelParams *certSelParams = NULL; 109 PKIX_CertSelector *certSelector = NULL; 110 PKIX_PL_PublicKey *trustedPubKey = NULL; 111 PKIX_RevocationChecker *revChecker = NULL; 112 PKIX_BuildResult *buildResult = NULL; 113 PRPollDesc *pollDesc = NULL; 114 void *state = NULL; 115 char *asciiResult = NULL; 116 117 PKIX_TEST_STD_VARS(); 118 119 /* create processing params with list of trust anchors */ 120 121 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); 122 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); 123 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); 124 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); 125 126 /* create CertSelector with no target certificate in params */ 127 128 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); 129 130 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); 131 132 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); 133 134 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); 135 136 /* create hintCerts */ 137 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, 138 (PKIX_PL_Object **)&hintCerts, 139 plContext)); 140 141 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); 142 143 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); 144 145 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); 146 147 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); 148 149 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); 150 151 PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, 152 NULL, /* testDate, may be NULL */ 153 trustedPubKey, 154 numCerts, 155 &revChecker, 156 plContext)); 157 158 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); 159 160 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); 161 162 #ifdef debuggingWithoutRevocation 163 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); 164 #endif 165 166 /* build cert chain using processing params and return buildResult */ 167 168 pkixTestErrorResult = PKIX_BuildChain(procParams, 169 (void **)&pollDesc, 170 &state, 171 &buildResult, 172 NULL, 173 plContext); 174 175 while (pollDesc != NULL) { 176 177 if (PR_Poll(pollDesc, 1, 0) < 0) { 178 testError("PR_Poll failed"); 179 } 180 181 pkixTestErrorResult = PKIX_BuildChain(procParams, 182 (void **)&pollDesc, 183 &state, 184 &buildResult, 185 NULL, 186 plContext); 187 } 188 189 if (pkixTestErrorResult) { 190 if (testValid == PKIX_FALSE) { /* EE */ 191 (void)printf("EXPECTED ERROR RECEIVED!\n"); 192 } else { /* ENE */ 193 testError("UNEXPECTED ERROR RECEIVED"); 194 } 195 PKIX_TEST_DECREF_BC(pkixTestErrorResult); 196 goto cleanup; 197 } 198 199 if (testValid == PKIX_TRUE) { /* ENE */ 200 (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); 201 } else { /* EE */ 202 (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); 203 } 204 205 if (buildResult) { 206 207 PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); 208 209 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); 210 211 printf("\n"); 212 213 for (i = 0; i < numCerts; i++) { 214 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 215 i, 216 (PKIX_PL_Object **)&cert, 217 plContext)); 218 219 asciiResult = PKIX_Cert2ASCII(cert); 220 221 printf("CERT[%d]:\n%s\n", i, asciiResult); 222 223 /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ 224 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); 225 asciiResult = NULL; 226 227 PKIX_TEST_DECREF_BC(cert); 228 } 229 } 230 231 cleanup: 232 PKIX_PL_Free(asciiResult, NULL); 233 234 PKIX_TEST_DECREF_AC(state); 235 PKIX_TEST_DECREF_AC(buildResult); 236 PKIX_TEST_DECREF_AC(procParams); 237 PKIX_TEST_DECREF_AC(revCheckers); 238 PKIX_TEST_DECREF_AC(revChecker); 239 PKIX_TEST_DECREF_AC(certSelParams); 240 PKIX_TEST_DECREF_AC(certSelector); 241 PKIX_TEST_DECREF_AC(anchors); 242 PKIX_TEST_DECREF_AC(anchor); 243 PKIX_TEST_DECREF_AC(hintCerts); 244 PKIX_TEST_DECREF_AC(trustedPubKey); 245 PKIX_TEST_DECREF_AC(certs); 246 PKIX_TEST_DECREF_AC(cert); 247 PKIX_TEST_RETURN(); 248 249 return (pkixTestErrorResult); 250 } 251 252 /* Test with all Certs in the partial list, leaf duplicates the first one */ 253 static PKIX_Error * 254 testWithDuplicateLeaf( 255 PKIX_PL_Cert *trustedCert, 256 PKIX_List *listOfCerts, 257 PKIX_PL_Cert *targetCert, 258 PKIX_List *certStores, 259 PKIX_Boolean testValid, 260 void *plContext) 261 { 262 PKIX_UInt32 numCerts = 0; 263 PKIX_UInt32 i = 0; 264 PKIX_TrustAnchor *anchor = NULL; 265 PKIX_List *anchors = NULL; 266 PKIX_List *hintCerts = NULL; 267 PKIX_List *revCheckers = NULL; 268 PKIX_List *certs = NULL; 269 PKIX_PL_Cert *cert = NULL; 270 PKIX_ProcessingParams *procParams = NULL; 271 PKIX_ComCertSelParams *certSelParams = NULL; 272 PKIX_CertSelector *certSelector = NULL; 273 PKIX_PL_PublicKey *trustedPubKey = NULL; 274 PKIX_RevocationChecker *revChecker = NULL; 275 PKIX_BuildResult *buildResult = NULL; 276 PRPollDesc *pollDesc = NULL; 277 void *state = NULL; 278 char *asciiResult = NULL; 279 280 PKIX_TEST_STD_VARS(); 281 282 /* create processing params with list of trust anchors */ 283 284 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); 285 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); 286 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); 287 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); 288 289 /* create CertSelector with target certificate in params */ 290 291 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); 292 293 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); 294 295 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); 296 297 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); 298 299 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); 300 301 /* create hintCerts */ 302 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, 303 (PKIX_PL_Object **)&hintCerts, 304 plContext)); 305 306 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); 307 308 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); 309 310 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); 311 312 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); 313 314 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); 315 316 PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, 317 NULL, /* testDate, may be NULL */ 318 trustedPubKey, 319 numCerts, 320 &revChecker, 321 plContext)); 322 323 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); 324 325 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); 326 327 #ifdef debuggingWithoutRevocation 328 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); 329 #endif 330 331 /* build cert chain using processing params and return buildResult */ 332 333 pkixTestErrorResult = PKIX_BuildChain(procParams, 334 (void **)&pollDesc, 335 &state, 336 &buildResult, 337 NULL, 338 plContext); 339 340 while (pollDesc != NULL) { 341 342 if (PR_Poll(pollDesc, 1, 0) < 0) { 343 testError("PR_Poll failed"); 344 } 345 346 pkixTestErrorResult = PKIX_BuildChain(procParams, 347 (void **)&pollDesc, 348 &state, 349 &buildResult, 350 NULL, 351 plContext); 352 } 353 354 if (pkixTestErrorResult) { 355 if (testValid == PKIX_FALSE) { /* EE */ 356 (void)printf("EXPECTED ERROR RECEIVED!\n"); 357 } else { /* ENE */ 358 testError("UNEXPECTED ERROR RECEIVED"); 359 } 360 PKIX_TEST_DECREF_BC(pkixTestErrorResult); 361 goto cleanup; 362 } 363 364 if (testValid == PKIX_TRUE) { /* ENE */ 365 (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); 366 } else { /* EE */ 367 (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); 368 } 369 370 if (buildResult) { 371 372 PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); 373 374 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); 375 376 printf("\n"); 377 378 for (i = 0; i < numCerts; i++) { 379 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 380 i, 381 (PKIX_PL_Object **)&cert, 382 plContext)); 383 384 asciiResult = PKIX_Cert2ASCII(cert); 385 386 printf("CERT[%d]:\n%s\n", i, asciiResult); 387 388 /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ 389 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); 390 asciiResult = NULL; 391 392 PKIX_TEST_DECREF_BC(cert); 393 } 394 } 395 396 cleanup: 397 PKIX_PL_Free(asciiResult, NULL); 398 399 PKIX_TEST_DECREF_AC(state); 400 PKIX_TEST_DECREF_AC(buildResult); 401 PKIX_TEST_DECREF_AC(procParams); 402 PKIX_TEST_DECREF_AC(revCheckers); 403 PKIX_TEST_DECREF_AC(revChecker); 404 PKIX_TEST_DECREF_AC(certSelParams); 405 PKIX_TEST_DECREF_AC(certSelector); 406 PKIX_TEST_DECREF_AC(anchors); 407 PKIX_TEST_DECREF_AC(anchor); 408 PKIX_TEST_DECREF_AC(hintCerts); 409 PKIX_TEST_DECREF_AC(trustedPubKey); 410 PKIX_TEST_DECREF_AC(certs); 411 PKIX_TEST_DECREF_AC(cert); 412 PKIX_TEST_RETURN(); 413 414 return (pkixTestErrorResult); 415 } 416 417 /* Test with all Certs except the leaf in the partial list */ 418 static PKIX_Error * 419 testWithLeafAndChain( 420 PKIX_PL_Cert *trustedCert, 421 PKIX_List *listOfCerts, 422 PKIX_PL_Cert *targetCert, 423 PKIX_List *certStores, 424 PKIX_Boolean testValid, 425 void *plContext) 426 { 427 PKIX_UInt32 numCerts = 0; 428 PKIX_UInt32 i = 0; 429 PKIX_TrustAnchor *anchor = NULL; 430 PKIX_List *anchors = NULL; 431 PKIX_List *hintCerts = NULL; 432 PKIX_List *revCheckers = NULL; 433 PKIX_List *certs = NULL; 434 PKIX_PL_Cert *cert = NULL; 435 PKIX_ProcessingParams *procParams = NULL; 436 PKIX_ComCertSelParams *certSelParams = NULL; 437 PKIX_CertSelector *certSelector = NULL; 438 PKIX_PL_PublicKey *trustedPubKey = NULL; 439 PKIX_RevocationChecker *revChecker = NULL; 440 PKIX_BuildResult *buildResult = NULL; 441 PRPollDesc *pollDesc = NULL; 442 void *state = NULL; 443 char *asciiResult = NULL; 444 445 PKIX_TEST_STD_VARS(); 446 447 /* create processing params with list of trust anchors */ 448 449 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext)); 450 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext)); 451 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext)); 452 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext)); 453 454 /* create CertSelector with target certificate in params */ 455 456 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext)); 457 458 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext)); 459 460 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext)); 461 462 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext)); 463 464 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext)); 465 466 /* create hintCerts */ 467 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts, 468 (PKIX_PL_Object **)&hintCerts, 469 plContext)); 470 471 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(hintCerts, 0, plContext)); 472 473 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext)); 474 475 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext)); 476 477 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); 478 479 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext)); 480 481 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext)); 482 483 PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores, 484 NULL, /* testDate, may be NULL */ 485 trustedPubKey, 486 numCerts, 487 &revChecker, 488 plContext)); 489 490 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext)); 491 492 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); 493 494 #ifdef debuggingWithoutRevocation 495 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext)); 496 #endif 497 498 /* build cert chain using processing params and return buildResult */ 499 500 pkixTestErrorResult = PKIX_BuildChain(procParams, 501 (void **)&pollDesc, 502 &state, 503 &buildResult, 504 NULL, 505 plContext); 506 507 while (pollDesc != NULL) { 508 509 if (PR_Poll(pollDesc, 1, 0) < 0) { 510 testError("PR_Poll failed"); 511 } 512 513 pkixTestErrorResult = PKIX_BuildChain(procParams, 514 (void **)&pollDesc, 515 &state, 516 &buildResult, 517 NULL, 518 plContext); 519 } 520 521 if (pkixTestErrorResult) { 522 if (testValid == PKIX_FALSE) { /* EE */ 523 (void)printf("EXPECTED ERROR RECEIVED!\n"); 524 } else { /* ENE */ 525 testError("UNEXPECTED ERROR RECEIVED"); 526 } 527 PKIX_TEST_DECREF_BC(pkixTestErrorResult); 528 goto cleanup; 529 } 530 531 if (testValid == PKIX_TRUE) { /* ENE */ 532 (void)printf("EXPECTED NON-ERROR RECEIVED!\n"); 533 } else { /* EE */ 534 (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n"); 535 } 536 537 if (buildResult) { 538 539 PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext)); 540 541 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext)); 542 543 printf("\n"); 544 545 for (i = 0; i < numCerts; i++) { 546 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 547 i, 548 (PKIX_PL_Object **)&cert, 549 plContext)); 550 551 asciiResult = PKIX_Cert2ASCII(cert); 552 553 printf("CERT[%d]:\n%s\n", i, asciiResult); 554 555 /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */ 556 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL)); 557 asciiResult = NULL; 558 559 PKIX_TEST_DECREF_BC(cert); 560 } 561 } 562 563 cleanup: 564 565 PKIX_TEST_DECREF_AC(state); 566 PKIX_TEST_DECREF_AC(buildResult); 567 PKIX_TEST_DECREF_AC(procParams); 568 PKIX_TEST_DECREF_AC(revCheckers); 569 PKIX_TEST_DECREF_AC(revChecker); 570 PKIX_TEST_DECREF_AC(certSelParams); 571 PKIX_TEST_DECREF_AC(certSelector); 572 PKIX_TEST_DECREF_AC(anchors); 573 PKIX_TEST_DECREF_AC(anchor); 574 PKIX_TEST_DECREF_AC(hintCerts); 575 PKIX_TEST_DECREF_AC(trustedPubKey); 576 PKIX_TEST_DECREF_AC(certs); 577 PKIX_TEST_DECREF_AC(cert); 578 579 PKIX_TEST_RETURN(); 580 581 return (pkixTestErrorResult); 582 } 583 584 int 585 test_buildchain_partialchain(int argc, char *argv[]) 586 { 587 PKIX_UInt32 actualMinorVersion = 0; 588 PKIX_UInt32 j = 0; 589 PKIX_UInt32 k = 0; 590 PKIX_Boolean ene = PKIX_TRUE; /* expect no error */ 591 PKIX_List *listOfCerts = NULL; 592 PKIX_List *certStores = NULL; 593 PKIX_PL_Cert *dirCert = NULL; 594 PKIX_PL_Cert *trusted = NULL; 595 PKIX_PL_Cert *target = NULL; 596 PKIX_CertStore *ldapCertStore = NULL; 597 PKIX_CertStore *certStore = NULL; 598 PKIX_PL_String *dirNameString = NULL; 599 char *dirName = NULL; 600 601 PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */ 602 /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */ 603 604 PKIX_TEST_STD_VARS(); 605 606 if (argc < 5) { 607 printUsage(); 608 return (0); 609 } 610 611 startTests("BuildChain"); 612 613 PKIX_TEST_EXPECT_NO_ERROR( 614 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 615 616 /* 617 * arguments: 618 * [optional] -arenas 619 * [optional] usebind 620 * servername or servername:port ( - for no server) 621 * testname 622 * EE or ENE 623 * cert directory 624 * target cert (end entity) 625 * intermediate certs 626 * trust anchor 627 */ 628 629 /* optional argument "usebind" for Ldap CertStore */ 630 if (argv[j + 1]) { 631 if (PORT_Strcmp(argv[j + 1], "usebind") == 0) { 632 usebind = PKIX_TRUE; 633 j++; 634 } 635 } 636 637 if (PORT_Strcmp(argv[++j], "-") == 0) { 638 useLDAP = PKIX_FALSE; 639 } else { 640 serverName = argv[j]; 641 useLDAP = PKIX_TRUE; 642 } 643 644 subTest(argv[++j]); 645 646 /* ENE = expect no error; EE = expect error */ 647 if (PORT_Strcmp(argv[++j], "ENE") == 0) { 648 ene = PKIX_TRUE; 649 } else if (PORT_Strcmp(argv[j], "EE") == 0) { 650 ene = PKIX_FALSE; 651 } else { 652 printUsage(); 653 return (0); 654 } 655 656 dirName = argv[++j]; 657 658 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext)); 659 660 for (k = ++j; k < ((PKIX_UInt32)argc); k++) { 661 662 dirCert = createCert(dirName, argv[k], plContext); 663 664 if (k == ((PKIX_UInt32)(argc - 1))) { 665 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); 666 trusted = dirCert; 667 } else { 668 669 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(listOfCerts, 670 (PKIX_PL_Object *)dirCert, 671 plContext)); 672 673 if (k == j) { 674 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext)); 675 target = dirCert; 676 } 677 } 678 679 PKIX_TEST_DECREF_BC(dirCert); 680 } 681 682 /* create CertStores */ 683 684 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext)); 685 686 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext)); 687 688 if (useLDAP == PKIX_TRUE) { 689 PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext)); 690 691 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, 692 (PKIX_PL_Object *)ldapCertStore, 693 plContext)); 694 } else { 695 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext)); 696 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext)); 697 } 698 699 subTest("testWithNoLeaf"); 700 PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); 701 702 subTest("testWithDuplicateLeaf"); 703 PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf(trusted, listOfCerts, target, certStores, ene, plContext)); 704 705 subTest("testWithLeafAndChain"); 706 PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain(trusted, listOfCerts, target, certStores, ene, plContext)); 707 708 cleanup: 709 710 PKIX_TEST_DECREF_AC(listOfCerts); 711 PKIX_TEST_DECREF_AC(certStores); 712 PKIX_TEST_DECREF_AC(ldapCertStore); 713 PKIX_TEST_DECREF_AC(certStore); 714 PKIX_TEST_DECREF_AC(dirNameString); 715 PKIX_TEST_DECREF_AC(trusted); 716 PKIX_TEST_DECREF_AC(target); 717 718 PKIX_TEST_RETURN(); 719 720 PKIX_Shutdown(plContext); 721 722 endTests("BuildChain"); 723 724 return (0); 725 }