[ tor-browser ].git.dasho

test_buildchain_resourcelimits.c (15138B)
      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_buildchain_resourcelimits.c
      6 *
      7 * Test BuildChain function with constraints on resources
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 #define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES + 30)
     15 
     16 static void *plContext = NULL;
     17 static PKIX_Boolean usebind = PKIX_FALSE;
     18 static PKIX_Boolean useLDAP = PKIX_FALSE;
     19 static char buf[PR_NETDB_BUF_SIZE];
     20 static char *serverName = NULL;
     21 
     22 static void
     23 printUsage(void)
     24 {
     25    (void)printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] "
     26                 "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]"
     27                 " <certStoreDirectory>\\\n\t\t<targetCert>"
     28                 " <intermediate Certs...> <trustedCert>\n\n");
     29    (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
     30                 "using the certs and CRLs in <certStoreDirectory>. "
     31                 "servername[:port] gives\n"
     32                 "the address of an LDAP server. If port is not"
     33                 " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n"
     34                 "If ENE is specified, then an Error is Not Expected.\n"
     35                 "EE indicates an Error is Expected.\n");
     36 }
     37 
     38 static PKIX_Error *
     39 createLdapCertStore(
     40    char *hostname,
     41    PRIntervalTime timeout,
     42    PKIX_CertStore **pLdapCertStore,
     43    void *plContext)
     44 {
     45    PRIntn backlog = 0;
     46 
     47    char *bindname = "";
     48    char *auth = "";
     49 
     50    LDAPBindAPI bindAPI;
     51    LDAPBindAPI *bindPtr = NULL;
     52    PKIX_PL_LdapDefaultClient *ldapClient = NULL;
     53    PKIX_CertStore *ldapCertStore = NULL;
     54 
     55    PKIX_TEST_STD_VARS();
     56 
     57    if (usebind) {
     58        bindPtr = &bindAPI;
     59        bindAPI.selector = SIMPLE_AUTH;
     60        bindAPI.chooser.simple.bindName = bindname;
     61        bindAPI.chooser.simple.authentication = auth;
     62    }
     63 
     64    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
     65 
     66    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext));
     67 
     68    *pLdapCertStore = ldapCertStore;
     69 cleanup:
     70 
     71    PKIX_TEST_DECREF_AC(ldapClient);
     72 
     73    PKIX_TEST_RETURN();
     74 
     75    return (pkixTestErrorResult);
     76 }
     77 
     78 static void
     79 Test_BuildResult(
     80    PKIX_ProcessingParams *procParams,
     81    PKIX_Boolean testValid,
     82    PKIX_List *expectedCerts,
     83    void *plContext)
     84 {
     85    PKIX_PL_Cert *cert = NULL;
     86    PKIX_List *certs = NULL;
     87    PKIX_PL_String *actualCertsString = NULL;
     88    PKIX_PL_String *expectedCertsString = NULL;
     89    PKIX_BuildResult *buildResult = NULL;
     90    PKIX_Boolean result;
     91    PKIX_Boolean supportForward = PKIX_FALSE;
     92    PKIX_UInt32 numCerts, i;
     93    char *asciiResult = NULL;
     94    char *actualCertsAscii = NULL;
     95    char *expectedCertsAscii = NULL;
     96    void *state = NULL;
     97    PRPollDesc *pollDesc = NULL;
     98 
     99    PKIX_TEST_STD_VARS();
    100 
    101    pkixTestErrorResult = PKIX_BuildChain(procParams,
    102                                          (void **)&pollDesc,
    103                                          &state,
    104                                          &buildResult,
    105                                          NULL,
    106                                          plContext);
    107 
    108    while (pollDesc != NULL) {
    109 
    110        if (PR_Poll(pollDesc, 1, 0) < 0) {
    111            testError("PR_Poll failed");
    112        }
    113 
    114        pkixTestErrorResult = PKIX_BuildChain(procParams,
    115                                              (void **)&pollDesc,
    116                                              &state,
    117                                              &buildResult,
    118                                              NULL,
    119                                              plContext);
    120    }
    121 
    122    if (pkixTestErrorResult) {
    123        if (testValid == PKIX_FALSE) { /* EE */
    124            (void)printf("EXPECTED ERROR RECEIVED!\n");
    125        } else { /* ENE */
    126            testError("UNEXPECTED ERROR RECEIVED!\n");
    127        }
    128        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
    129        goto cleanup;
    130    }
    131 
    132    if (testValid == PKIX_TRUE) { /* ENE */
    133        (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
    134    } else { /* EE */
    135        testError("UNEXPECTED NON-ERROR RECEIVED!\n");
    136    }
    137 
    138    if (buildResult) {
    139 
    140        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
    141 
    142        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
    143 
    144        printf("\n");
    145 
    146        for (i = 0; i < numCerts; i++) {
    147            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
    148                                                        i,
    149                                                        (PKIX_PL_Object **)&cert,
    150                                                        plContext));
    151 
    152            asciiResult = PKIX_Cert2ASCII(cert);
    153 
    154            printf("CERT[%d]:\n%s\n", i, asciiResult);
    155 
    156            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
    157            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
    158            asciiResult = NULL;
    159 
    160            PKIX_TEST_DECREF_BC(cert);
    161        }
    162 
    163        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
    164                                                        (PKIX_PL_Object *)expectedCerts,
    165                                                        &result,
    166                                                        plContext));
    167 
    168        if (!result) {
    169            testError("BUILT CERTCHAIN IS "
    170                      "NOT THE ONE THAT WAS EXPECTED");
    171 
    172            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
    173                                                              &actualCertsString,
    174                                                              plContext));
    175 
    176            actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
    177            if (actualCertsAscii == NULL) {
    178                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
    179                goto cleanup;
    180            }
    181 
    182            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
    183                                                              &expectedCertsString,
    184                                                              plContext));
    185 
    186            expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
    187            if (expectedCertsAscii == NULL) {
    188                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
    189                goto cleanup;
    190            }
    191 
    192            (void)printf("Actual value:\t%s\n", actualCertsAscii);
    193            (void)printf("Expected value:\t%s\n",
    194                         expectedCertsAscii);
    195        }
    196    }
    197 
    198 cleanup:
    199 
    200    PKIX_PL_Free(asciiResult, NULL);
    201    PKIX_PL_Free(actualCertsAscii, plContext);
    202    PKIX_PL_Free(expectedCertsAscii, plContext);
    203    PKIX_TEST_DECREF_AC(state);
    204    PKIX_TEST_DECREF_AC(buildResult);
    205    PKIX_TEST_DECREF_AC(certs);
    206    PKIX_TEST_DECREF_AC(cert);
    207    PKIX_TEST_DECREF_AC(actualCertsString);
    208    PKIX_TEST_DECREF_AC(expectedCertsString);
    209 
    210    PKIX_TEST_RETURN();
    211 }
    212 
    213 int
    214 test_buildchain_resourcelimits(int argc, char *argv[])
    215 {
    216    PKIX_ComCertSelParams *certSelParams = NULL;
    217    PKIX_CertSelector *certSelector = NULL;
    218    PKIX_TrustAnchor *anchor = NULL;
    219    PKIX_List *anchors = NULL;
    220    PKIX_ProcessingParams *procParams = NULL;
    221    PKIX_CertChainChecker *checker = NULL;
    222    PKIX_ResourceLimits *resourceLimits = NULL;
    223    char *dirName = NULL;
    224    PKIX_PL_String *dirNameString = NULL;
    225    PKIX_PL_Cert *trustedCert = NULL;
    226    PKIX_PL_Cert *targetCert = NULL;
    227    PKIX_PL_Cert *dirCert = NULL;
    228    PKIX_UInt32 actualMinorVersion = 0;
    229    PKIX_UInt32 j = 0;
    230    PKIX_UInt32 k = 0;
    231    PKIX_CertStore *ldapCertStore = NULL;
    232    PRIntervalTime timeout = 0; /* 0 for non-blocking */
    233    PKIX_CertStore *certStore = NULL;
    234    PKIX_List *certStores = NULL;
    235    PKIX_List *expectedCerts = NULL;
    236    PKIX_Boolean testValid = PKIX_FALSE;
    237    PKIX_Boolean usebind = PKIX_FALSE;
    238    PKIX_Boolean useLDAP = PKIX_FALSE;
    239 
    240    PKIX_TEST_STD_VARS();
    241 
    242    if (argc < 5) {
    243        printUsage();
    244        return (0);
    245    }
    246 
    247    startTests("BuildChain_ResourceLimits");
    248 
    249    PKIX_TEST_EXPECT_NO_ERROR(
    250        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
    251 
    252    /*
    253     * arguments:
    254     * [optional] -arenas
    255     * [optional] usebind
    256     *            servername or servername:port ( - for no server)
    257     *            testname
    258     *            EE or ENE
    259     *            cert directory
    260     *            target cert (end entity)
    261     *            intermediate certs
    262     *            trust anchor
    263     */
    264 
    265    /* optional argument "usebind" for Ldap CertStore */
    266    if (argv[j + 1]) {
    267        if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
    268            usebind = PKIX_TRUE;
    269            j++;
    270        }
    271    }
    272 
    273    if (PORT_Strcmp(argv[++j], "-") == 0) {
    274        useLDAP = PKIX_FALSE;
    275    } else {
    276        serverName = argv[j];
    277    }
    278 
    279    subTest(argv[++j]);
    280 
    281    /* ENE = expect no error; EE = expect error */
    282    if (PORT_Strcmp(argv[++j], "ENE") == 0) {
    283        testValid = PKIX_TRUE;
    284    } else if (PORT_Strcmp(argv[j], "EE") == 0) {
    285        testValid = PKIX_FALSE;
    286    } else {
    287        printUsage();
    288        return (0);
    289    }
    290 
    291    dirName = argv[++j];
    292 
    293    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
    294 
    295    for (k = ++j; k < argc; k++) {
    296 
    297        dirCert = createCert(dirName, argv[k], plContext);
    298 
    299        if (k == (argc - 1)) {
    300            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
    301            trustedCert = dirCert;
    302        } else {
    303 
    304            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
    305                                                           (PKIX_PL_Object *)dirCert,
    306                                                           plContext));
    307 
    308            if (k == j) {
    309                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
    310                targetCert = dirCert;
    311            }
    312        }
    313 
    314        PKIX_TEST_DECREF_BC(dirCert);
    315    }
    316 
    317    /* create processing params with list of trust anchors */
    318 
    319    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
    320    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
    321    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
    322    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
    323 
    324    /* create CertSelector with target certificate in params */
    325 
    326    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
    327 
    328    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
    329 
    330    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
    331 
    332    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
    333 
    334    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
    335 
    336    /* create CertStores */
    337 
    338    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
    339                                                    dirName,
    340                                                    0,
    341                                                    &dirNameString,
    342                                                    plContext));
    343 
    344    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
    345 
    346 #if 0
    347        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
    348                                    (&certStore, plContext));
    349 #endif
    350 
    351    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
    352 
    353    if (useLDAP == PKIX_TRUE) {
    354        PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
    355 
    356        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
    357                                                       (PKIX_PL_Object *)ldapCertStore,
    358                                                       plContext));
    359    }
    360 
    361    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
    362 
    363    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
    364 
    365    /* set resource limits */
    366 
    367    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext));
    368 
    369    /* need longer time when running dbx for memory leak checking */
    370    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext));
    371 
    372    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
    373 
    374    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext));
    375 
    376    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext));
    377 
    378    /* build cert chain using processing params and return buildResult */
    379 
    380    subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>");
    381    Test_BuildResult(procParams,
    382                     testValid,
    383                     expectedCerts,
    384                     plContext);
    385 
    386    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext));
    387 
    388    subTest("Testing ResourceLimits MaxFanout - <fail>");
    389    Test_BuildResult(procParams,
    390                     PKIX_FALSE,
    391                     expectedCerts,
    392                     plContext);
    393 
    394    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
    395    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext));
    396 
    397    subTest("Testing ResourceLimits MaxDepth - <fail>");
    398    Test_BuildResult(procParams,
    399                     PKIX_FALSE,
    400                     expectedCerts,
    401                     plContext);
    402 
    403    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext));
    404    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext));
    405    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext));
    406 
    407    subTest("Testing ResourceLimits No checking - <pass>");
    408    Test_BuildResult(procParams,
    409                     testValid,
    410                     expectedCerts,
    411                     plContext);
    412 
    413 cleanup:
    414 
    415    PKIX_TEST_DECREF_AC(expectedCerts);
    416    PKIX_TEST_DECREF_AC(procParams);
    417    PKIX_TEST_DECREF_AC(procParams);
    418    PKIX_TEST_DECREF_AC(certStores);
    419    PKIX_TEST_DECREF_AC(certStore);
    420    PKIX_TEST_DECREF_AC(ldapCertStore);
    421    PKIX_TEST_DECREF_AC(dirNameString);
    422    PKIX_TEST_DECREF_AC(trustedCert);
    423    PKIX_TEST_DECREF_AC(targetCert);
    424    PKIX_TEST_DECREF_AC(anchors);
    425    PKIX_TEST_DECREF_AC(anchor);
    426    PKIX_TEST_DECREF_AC(certSelParams);
    427    PKIX_TEST_DECREF_AC(certSelector);
    428    PKIX_TEST_DECREF_AC(checker);
    429    PKIX_TEST_DECREF_AC(resourceLimits);
    430 
    431    PKIX_TEST_RETURN();
    432 
    433    PKIX_Shutdown(plContext);
    434 
    435    endTests("BuildChain_UserChecker");
    436 
    437    return (0);
    438 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE