tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_defaultcrlchecker2stores.c (7275B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_defaultcrlchecker2stores.c
      6 *
      7 * Test Default CRL with multiple CertStore Checking
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 #define PKIX_TEST_MAX_CERTS 10
     15 
     16 static void *plContext = NULL;
     17 
     18 static void
     19 printUsage1(char *pName)
     20 {
     21    printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
     22    printf("crl-directory cert [certs].\n");
     23 }
     24 
     25 static void
     26 printUsageMax(PKIX_UInt32 numCerts)
     27 {
     28    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
     29           numCerts, PKIX_TEST_MAX_CERTS);
     30 }
     31 
     32 static PKIX_Error *
     33 getCertCallback(
     34    PKIX_CertStore *store,
     35    PKIX_CertSelector *certSelector,
     36    PKIX_List **pCerts,
     37    void *plContext)
     38 {
     39    return (NULL);
     40 }
     41 
     42 static PKIX_Error *
     43 testDefaultMultipleCertStores(PKIX_ValidateParams *valParams,
     44                              char *crlDir1,
     45                              char *crlDir2)
     46 {
     47    PKIX_PL_String *dirString1 = NULL;
     48    PKIX_PL_String *dirString2 = NULL;
     49    PKIX_CertStore *certStore1 = NULL;
     50    PKIX_CertStore *certStore2 = NULL;
     51    PKIX_List *certStoreList = NULL;
     52    PKIX_ProcessingParams *procParams = NULL;
     53 
     54    PKIX_TEST_STD_VARS();
     55 
     56    subTest("PKIX_PL_CollectionCertStore_Create");
     57 
     58    /* Create CollectionCertStore */
     59 
     60    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
     61                                                    crlDir1,
     62                                                    0,
     63                                                    &dirString1,
     64                                                    plContext));
     65 
     66    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1,
     67                                                                 &certStore1,
     68                                                                 plContext));
     69 
     70    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
     71                                                    crlDir2,
     72                                                    0,
     73                                                    &dirString2,
     74                                                    plContext));
     75 
     76    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2,
     77                                                                 &certStore2,
     78                                                                 plContext));
     79 
     80    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
     81 
     82    /* Add multiple CollectionCertStores */
     83 
     84    subTest("PKIX_ProcessingParams_SetCertStores");
     85    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext));
     86    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext));
     87    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext));
     88 
     89    subTest("PKIX_ProcessingParams_AddCertStore");
     90    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext));
     91 
     92    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
     93    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
     94 
     95 cleanup:
     96 
     97    PKIX_TEST_DECREF_AC(dirString1);
     98    PKIX_TEST_DECREF_AC(dirString2);
     99    PKIX_TEST_DECREF_AC(certStore1);
    100    PKIX_TEST_DECREF_AC(certStore2);
    101    PKIX_TEST_DECREF_AC(certStoreList);
    102    PKIX_TEST_DECREF_AC(procParams);
    103 
    104    PKIX_TEST_RETURN();
    105 
    106    return (0);
    107 }
    108 
    109 /*
    110 * Validate Certificate Chain with Certificate Revocation List
    111 *      Certificate Chain is build based on input certs' sequence.
    112 *      CRL is fetched from the directory specified in CollectionCertStore.
    113 *      while CollectionCertStore is linked in CertStore Object which then
    114 *      linked in ProcessParam. During validation, CRLChecker will invoke
    115 *      the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL)
    116 *      to get CRL data for revocation check.
    117 *      This test gets CRL's from two CertStores, each has a valid CRL
    118 *      required for revocation check to pass.
    119 */
    120 
    121 int
    122 test_defaultcrlchecker2stores(int argc, char *argv[])
    123 {
    124 
    125    PKIX_List *chain = NULL;
    126    PKIX_ValidateParams *valParams = NULL;
    127    PKIX_ValidateResult *valResult = NULL;
    128    PKIX_UInt32 actualMinorVersion;
    129    char *certNames[PKIX_TEST_MAX_CERTS];
    130    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
    131    PKIX_VerifyNode *verifyTree = NULL;
    132    PKIX_PL_String *verifyString = NULL;
    133    PKIX_UInt32 chainLength = 0;
    134    PKIX_UInt32 i = 0;
    135    PKIX_UInt32 j = 0;
    136    PKIX_Boolean testValid = PKIX_TRUE;
    137    char *dirName = NULL;
    138    char *anchorName = NULL;
    139 
    140    PKIX_TEST_STD_VARS();
    141 
    142    if (argc < 6) {
    143        printUsage1(argv[0]);
    144        return (0);
    145    }
    146 
    147    startTests("CRL Checker");
    148 
    149    PKIX_TEST_EXPECT_NO_ERROR(
    150        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
    151 
    152    /* ENE = expect no error; EE = expect error */
    153    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
    154        testValid = PKIX_TRUE;
    155    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
    156        testValid = PKIX_FALSE;
    157    } else {
    158        printUsage1(argv[0]);
    159        return (0);
    160    }
    161 
    162    chainLength = (argc - j) - 7;
    163    if (chainLength > PKIX_TEST_MAX_CERTS) {
    164        printUsageMax(chainLength);
    165    }
    166 
    167    for (i = 0; i < chainLength; i++) {
    168 
    169        certNames[i] = argv[(7 + j) + i];
    170        certs[i] = NULL;
    171    }
    172 
    173    subTest(argv[1 + j]);
    174 
    175    subTest("Default-CRL-Checker");
    176 
    177    subTest("Default-CRL-Checker - Create Cert Chain");
    178 
    179    dirName = argv[3 + j];
    180 
    181    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
    182 
    183    subTest("Default-CRL-Checker - Create Params");
    184 
    185    anchorName = argv[6 + j];
    186 
    187    valParams = createValidateParams(dirName,
    188                                     anchorName,
    189                                     NULL,
    190                                     NULL,
    191                                     NULL,
    192                                     PKIX_FALSE,
    193                                     PKIX_FALSE,
    194                                     PKIX_FALSE,
    195                                     PKIX_FALSE,
    196                                     chain,
    197                                     plContext);
    198 
    199    subTest("Multiple-CertStores");
    200 
    201    testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]);
    202 
    203    subTest("Default-CRL-Checker - Validate Chain");
    204 
    205    if (testValid == PKIX_TRUE) {
    206        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
    207    } else {
    208        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
    209    }
    210 
    211    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
    212    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
    213 
    214 cleanup:
    215 
    216    PKIX_TEST_DECREF_AC(verifyString);
    217    PKIX_TEST_DECREF_AC(verifyTree);
    218 
    219    PKIX_TEST_DECREF_AC(valParams);
    220    PKIX_TEST_DECREF_AC(valResult);
    221    PKIX_TEST_DECREF_AC(chain);
    222 
    223    PKIX_Shutdown(plContext);
    224 
    225    PKIX_TEST_RETURN();
    226 
    227    endTests("CRL Checker");
    228 
    229    return (0);
    230 }