tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_buildchain_uchecker.c (11823B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_buildchain_uchecker.c
      6 *
      7 * Test BuildChain User Checker function
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 static void *plContext = NULL;
     15 static PKIX_UInt32 numUserCheckerCalled = 0;
     16 
     17 static void
     18 printUsage(void)
     19 {
     20    (void)printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
     21                 "[-|[F]<userOID>] "
     22                 "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
     23    (void)printf("Builds a chain of certificates between "
     24                 "<trustedCert> and <targetCert>\n"
     25                 "using the certs and CRLs in <certStoreDirectory>.\n"
     26                 "If <userOID> is not an empty string, its value is used as\n"
     27                 "user defined checker's critical extension OID.\n"
     28                 "A - for <userOID> is no OID and F is for supportingForward.\n"
     29                 "If ENE is specified, then an Error is Not Expected.\n"
     30                 "If EE is specified, an Error is Expected.\n");
     31 }
     32 
     33 static PKIX_Error *
     34 testUserChecker(
     35    PKIX_CertChainChecker *checker,
     36    PKIX_PL_Cert *cert,
     37    PKIX_List *unresExtOIDs,
     38    void **pNBIOContext,
     39    void *plContext)
     40 {
     41    numUserCheckerCalled++;
     42    return (0);
     43 }
     44 
     45 int
     46 test_buildchain_uchecker(int argc, char *argv[])
     47 {
     48    PKIX_BuildResult *buildResult = NULL;
     49    PKIX_ComCertSelParams *certSelParams = NULL;
     50    PKIX_CertSelector *certSelector = NULL;
     51    PKIX_TrustAnchor *anchor = NULL;
     52    PKIX_List *anchors = NULL;
     53    PKIX_List *certs = NULL;
     54    PKIX_PL_Cert *cert = NULL;
     55    PKIX_ProcessingParams *procParams = NULL;
     56    PKIX_CertChainChecker *checker = NULL;
     57    char *dirName = NULL;
     58    PKIX_PL_String *dirNameString = NULL;
     59    PKIX_PL_Cert *trustedCert = NULL;
     60    PKIX_PL_Cert *targetCert = NULL;
     61    PKIX_UInt32 numCerts = 0;
     62    PKIX_UInt32 i = 0;
     63    PKIX_UInt32 j = 0;
     64    PKIX_UInt32 k = 0;
     65    PKIX_UInt32 chainLength = 0;
     66    PKIX_CertStore *certStore = NULL;
     67    PKIX_List *certStores = NULL;
     68    char *asciiResult = NULL;
     69    PKIX_Boolean result;
     70    PKIX_Boolean testValid = PKIX_TRUE;
     71    PKIX_Boolean supportForward = PKIX_FALSE;
     72    PKIX_List *expectedCerts = NULL;
     73    PKIX_List *userOIDs = NULL;
     74    PKIX_PL_OID *oid = NULL;
     75    PKIX_PL_Cert *dirCert = NULL;
     76    PKIX_PL_String *actualCertsString = NULL;
     77    PKIX_PL_String *expectedCertsString = NULL;
     78    char *actualCertsAscii = NULL;
     79    char *expectedCertsAscii = NULL;
     80    char *oidString = NULL;
     81    void *buildState = NULL;  /* needed by pkix_build for non-blocking I/O */
     82    void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
     83 
     84    PKIX_TEST_STD_VARS();
     85 
     86    if (argc < 5) {
     87        printUsage();
     88        return (0);
     89    }
     90 
     91    startTests("BuildChain_UserChecker");
     92 
     93    PKIX_TEST_EXPECT_NO_ERROR(
     94        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
     95 
     96    /* ENE = expect no error; EE = expect error */
     97    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
     98        testValid = PKIX_TRUE;
     99    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
    100        testValid = PKIX_FALSE;
    101    } else {
    102        printUsage();
    103        return (0);
    104    }
    105 
    106    /* OID specified at argv[3+j] */
    107 
    108    if (*argv[3 + j] != '-') {
    109 
    110        if (*argv[3 + j] == 'F') {
    111            supportForward = PKIX_TRUE;
    112            oidString = argv[3 + j] + 1;
    113        } else {
    114            oidString = argv[3 + j];
    115        }
    116 
    117        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&userOIDs, plContext));
    118        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidString, &oid, plContext));
    119        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(userOIDs, (PKIX_PL_Object *)oid, plContext));
    120        PKIX_TEST_DECREF_BC(oid);
    121    }
    122 
    123    subTest(argv[1 + j]);
    124 
    125    dirName = argv[4 + j];
    126 
    127    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
    128 
    129    chainLength = argc - j - 5;
    130 
    131    for (k = 0; k < chainLength; k++) {
    132 
    133        dirCert = createCert(dirName, argv[5 + k + j], plContext);
    134 
    135        if (k == (chainLength - 1)) {
    136            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
    137            trustedCert = dirCert;
    138        } else {
    139 
    140            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
    141                                                           (PKIX_PL_Object *)dirCert,
    142                                                           plContext));
    143 
    144            if (k == 0) {
    145                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert,
    146                                                                plContext));
    147                targetCert = dirCert;
    148            }
    149        }
    150 
    151        PKIX_TEST_DECREF_BC(dirCert);
    152    }
    153 
    154    /* create processing params with list of trust anchors */
    155 
    156    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
    157    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
    158    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
    159    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
    160 
    161    /* create CertSelector with target certificate in params */
    162 
    163    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
    164 
    165    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
    166 
    167    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
    168 
    169    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
    170 
    171    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
    172 
    173    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(testUserChecker,
    174                                                           supportForward,
    175                                                           PKIX_FALSE,
    176                                                           userOIDs,
    177                                                           NULL,
    178                                                           &checker,
    179                                                           plContext));
    180 
    181    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(procParams, checker, plContext));
    182 
    183    /* create CertStores */
    184 
    185    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
    186                                                    dirName,
    187                                                    0,
    188                                                    &dirNameString,
    189                                                    plContext));
    190 
    191    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
    192 
    193 #if 0
    194        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
    195                                    (&certStore, plContext));
    196 #endif
    197 
    198    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
    199 
    200    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
    201 
    202    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
    203 
    204    /* build cert chain using processing params and return buildResult */
    205 
    206    pkixTestErrorResult = PKIX_BuildChain(procParams,
    207                                          &nbioContext,
    208                                          &buildState,
    209                                          &buildResult,
    210                                          NULL,
    211                                          plContext);
    212 
    213    if (testValid == PKIX_TRUE) { /* ENE */
    214        if (pkixTestErrorResult) {
    215            (void)printf("UNEXPECTED RESULT RECEIVED!\n");
    216        } else {
    217            (void)printf("EXPECTED RESULT RECEIVED!\n");
    218            PKIX_TEST_DECREF_BC(pkixTestErrorResult);
    219        }
    220    } else { /* EE */
    221        if (pkixTestErrorResult) {
    222            (void)printf("EXPECTED RESULT RECEIVED!\n");
    223            PKIX_TEST_DECREF_BC(pkixTestErrorResult);
    224        } else {
    225            testError("UNEXPECTED RESULT RECEIVED");
    226        }
    227    }
    228 
    229    if (buildResult) {
    230 
    231        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
    232 
    233        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
    234 
    235        printf("\n");
    236 
    237        for (i = 0; i < numCerts; i++) {
    238            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
    239                                                        i,
    240                                                        (PKIX_PL_Object **)&cert,
    241                                                        plContext));
    242 
    243            asciiResult = PKIX_Cert2ASCII(cert);
    244 
    245            printf("CERT[%d]:\n%s\n", i, asciiResult);
    246 
    247            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
    248            asciiResult = NULL;
    249 
    250            PKIX_TEST_DECREF_BC(cert);
    251        }
    252 
    253        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
    254                                                        (PKIX_PL_Object *)expectedCerts,
    255                                                        &result,
    256                                                        plContext));
    257 
    258        if (!result) {
    259            testError("BUILT CERTCHAIN IS "
    260                      "NOT THE ONE THAT WAS EXPECTED");
    261 
    262            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
    263                                                              &actualCertsString,
    264                                                              plContext));
    265 
    266            actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
    267            if (actualCertsAscii == NULL) {
    268                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
    269                goto cleanup;
    270            }
    271 
    272            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
    273                                                              &expectedCertsString,
    274                                                              plContext));
    275 
    276            expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
    277            if (expectedCertsAscii == NULL) {
    278                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
    279                goto cleanup;
    280            }
    281 
    282            (void)printf("Actual value:\t%s\n", actualCertsAscii);
    283            (void)printf("Expected value:\t%s\n",
    284                         expectedCertsAscii);
    285 
    286            if (chainLength - 1 != numUserCheckerCalled) {
    287                pkixTestErrorMsg =
    288                    "PKIX user defined checker not called";
    289            }
    290 
    291            goto cleanup;
    292        }
    293    }
    294 
    295 cleanup:
    296    PKIX_PL_Free(asciiResult, plContext);
    297    PKIX_PL_Free(actualCertsAscii, plContext);
    298    PKIX_PL_Free(expectedCertsAscii, plContext);
    299 
    300    PKIX_TEST_DECREF_AC(actualCertsString);
    301    PKIX_TEST_DECREF_AC(expectedCertsString);
    302    PKIX_TEST_DECREF_AC(expectedCerts);
    303    PKIX_TEST_DECREF_AC(certs);
    304    PKIX_TEST_DECREF_AC(cert);
    305    PKIX_TEST_DECREF_AC(certStore);
    306    PKIX_TEST_DECREF_AC(certStores);
    307    PKIX_TEST_DECREF_AC(dirNameString);
    308    PKIX_TEST_DECREF_AC(trustedCert);
    309    PKIX_TEST_DECREF_AC(targetCert);
    310    PKIX_TEST_DECREF_AC(anchor);
    311    PKIX_TEST_DECREF_AC(anchors);
    312    PKIX_TEST_DECREF_AC(procParams);
    313    PKIX_TEST_DECREF_AC(certSelParams);
    314    PKIX_TEST_DECREF_AC(certSelector);
    315    PKIX_TEST_DECREF_AC(buildResult);
    316    PKIX_TEST_DECREF_AC(procParams);
    317    PKIX_TEST_DECREF_AC(userOIDs);
    318    PKIX_TEST_DECREF_AC(checker);
    319 
    320    PKIX_TEST_RETURN();
    321 
    322    PKIX_Shutdown(plContext);
    323 
    324    endTests("BuildChain_UserChecker");
    325 
    326    return (0);
    327 }