[ tor-browser ].git.dasho

test_ocsp.c (9426B)
      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_ocspchecker.c
      6 *
      7 * Test OcspChecker function
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 static void *plContext = NULL;
     15 
     16 static void
     17 printUsage(void)
     18 {
     19    (void)printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
     20                 "[ENE|EE] <certLocationDirectory> <trustedCert> "
     21                 "<targetCert>\n\n");
     22    (void)printf("Validates a chain of certificates between "
     23                 "<trustedCert> and <targetCert>\n"
     24                 "using the certs and CRLs in <certLocationDirectory> and "
     25                 "pkcs11 db from <certStoreDirectory>. "
     26                 "If ENE is specified,\n"
     27                 "then an Error is Not Expected. "
     28                 "If EE is specified, an Error is Expected.\n");
     29 }
     30 
     31 static char *
     32 createFullPathName(
     33    char *dirName,
     34    char *certFile,
     35    void *plContext)
     36 {
     37    PKIX_UInt32 certFileLen;
     38    PKIX_UInt32 dirNameLen;
     39    char *certPathName = NULL;
     40 
     41    PKIX_TEST_STD_VARS();
     42 
     43    certFileLen = PL_strlen(certFile);
     44    dirNameLen = PL_strlen(dirName);
     45 
     46    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
     47                                                 certFileLen +
     48                                                 2,
     49                                             (void **)&certPathName,
     50                                             plContext));
     51 
     52    PL_strcpy(certPathName, dirName);
     53    PL_strcat(certPathName, "/");
     54    PL_strcat(certPathName, certFile);
     55    printf("certPathName = %s\n", certPathName);
     56 
     57 cleanup:
     58 
     59    PKIX_TEST_RETURN();
     60 
     61    return (certPathName);
     62 }
     63 
     64 static PKIX_Error *
     65 testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
     66 {
     67    PKIX_PL_String *dirString = NULL;
     68    PKIX_CertStore *certStore = NULL;
     69    PKIX_ProcessingParams *procParams = NULL;
     70    PKIX_PL_Date *validity = NULL;
     71    PKIX_List *revCheckers = NULL;
     72    PKIX_RevocationChecker *revChecker = NULL;
     73    PKIX_PL_Object *revCheckerContext = NULL;
     74    PKIX_OcspChecker *ocspChecker = NULL;
     75 
     76    PKIX_TEST_STD_VARS();
     77 
     78    subTest("PKIX_PL_CollectionCertStoreContext_Create");
     79 
     80    /* Create CollectionCertStore */
     81 
     82    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
     83 
     84    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
     85 
     86    /* Create CertStore */
     87 
     88    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
     89 
     90    subTest("PKIX_ProcessingParams_AddCertStore");
     91    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
     92 
     93    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
     94 
     95    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
     96 
     97    /* create current Date */
     98    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext));
     99 
    100    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
    101 
    102    /* create revChecker */
    103    PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity,
    104                                                          NULL, /* pwArg */
    105                                                          NULL, /* Use default responder */
    106                                                          &revChecker,
    107                                                          plContext));
    108 
    109    PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext(revChecker, &revCheckerContext, plContext));
    110 
    111    /* Check that this object is a ocsp checker */
    112    PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
    113 
    114    ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
    115 
    116    PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn(ocspChecker,
    117                                                            PKIX_PL_OcspResponse_UseBuildChain,
    118                                                            plContext));
    119 
    120    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
    121 
    122    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
    123 
    124 cleanup:
    125 
    126    PKIX_TEST_DECREF_AC(dirString);
    127    PKIX_TEST_DECREF_AC(procParams);
    128    PKIX_TEST_DECREF_AC(certStore);
    129    PKIX_TEST_DECREF_AC(revCheckers);
    130    PKIX_TEST_DECREF_AC(revChecker);
    131    PKIX_TEST_DECREF_AC(ocspChecker);
    132    PKIX_TEST_DECREF_AC(validity);
    133 
    134    PKIX_TEST_RETURN();
    135 
    136    return (0);
    137 }
    138 
    139 int
    140 test_ocsp(int argc, char *argv[])
    141 {
    142 
    143    PKIX_ValidateParams *valParams = NULL;
    144    PKIX_ProcessingParams *procParams = NULL;
    145    PKIX_ComCertSelParams *certSelParams = NULL;
    146    PKIX_CertSelector *certSelector = NULL;
    147    PKIX_ValidateResult *valResult = NULL;
    148    PKIX_UInt32 actualMinorVersion;
    149    PKIX_UInt32 j = 0;
    150    PKIX_UInt32 k = 0;
    151    PKIX_UInt32 chainLength = 0;
    152    PKIX_Boolean testValid = PKIX_TRUE;
    153    PKIX_List *chainCerts = NULL;
    154    PKIX_VerifyNode *verifyTree = NULL;
    155    PKIX_PL_String *verifyString = NULL;
    156    PKIX_PL_Cert *dirCert = NULL;
    157    PKIX_PL_Cert *trustedCert = NULL;
    158    PKIX_PL_Cert *targetCert = NULL;
    159    PKIX_TrustAnchor *anchor = NULL;
    160    PKIX_List *anchors = NULL;
    161    char *dirCertName = NULL;
    162    char *anchorCertName = NULL;
    163    char *dirName = NULL;
    164    char *databaseDir = NULL;
    165 
    166    PKIX_TEST_STD_VARS();
    167 
    168    if (argc < 5) {
    169        printUsage();
    170        return (0);
    171    }
    172 
    173    startTests("OcspChecker");
    174 
    175    PKIX_TEST_EXPECT_NO_ERROR(
    176        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
    177 
    178    /* ENE = expect no error; EE = expect error */
    179    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
    180        testValid = PKIX_TRUE;
    181    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
    182        testValid = PKIX_FALSE;
    183    } else {
    184        printUsage();
    185        return (0);
    186    }
    187 
    188    subTest(argv[1 + j]);
    189 
    190    dirName = argv[3 + j];
    191 
    192    chainLength = argc - j - 5;
    193 
    194    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
    195 
    196    for (k = 0; k < chainLength; k++) {
    197 
    198        dirCert = createCert(dirName, argv[5 + k + j], plContext);
    199 
    200        if (k == 0) {
    201            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
    202            targetCert = dirCert;
    203        }
    204 
    205        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
    206 
    207        PKIX_TEST_DECREF_BC(dirCert);
    208    }
    209 
    210    /* create processing params with list of trust anchors */
    211 
    212    anchorCertName = argv[4 + j];
    213    trustedCert = createCert(dirName, anchorCertName, plContext);
    214 
    215    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
    216 
    217    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
    218 
    219    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
    220 
    221    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
    222 
    223    /* create CertSelector with target certificate in params */
    224 
    225    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
    226 
    227    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
    228 
    229    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
    230 
    231    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
    232 
    233    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
    234 
    235    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chainCerts, &valParams, plContext));
    236 
    237    testDefaultCertStore(valParams, dirName);
    238 
    239    pkixTestErrorResult = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext);
    240 
    241    if (pkixTestErrorResult) {
    242        if (testValid == PKIX_FALSE) { /* EE */
    243            (void)printf("EXPECTED ERROR RECEIVED!\n");
    244        } else { /* ENE */
    245            testError("UNEXPECTED ERROR RECEIVED");
    246        }
    247        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
    248    } else {
    249        if (testValid == PKIX_TRUE) { /* ENE */
    250            (void)printf("EXPECTED SUCCESSFUL VALIDATION!\n");
    251        } else { /* EE */
    252            (void)printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
    253        }
    254    }
    255 
    256    subTest("Displaying VerifyTree");
    257 
    258    if (verifyTree == NULL) {
    259        (void)printf("VerifyTree is NULL\n");
    260    } else {
    261        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
    262        (void)printf("verifyTree is\n%s\n",
    263                     verifyString->escAsciiString);
    264        PKIX_TEST_DECREF_BC(verifyString);
    265        PKIX_TEST_DECREF_BC(verifyTree);
    266    }
    267 
    268 cleanup:
    269 
    270    PKIX_TEST_DECREF_AC(valParams);
    271    PKIX_TEST_DECREF_AC(procParams);
    272    PKIX_TEST_DECREF_AC(certSelParams);
    273    PKIX_TEST_DECREF_AC(certSelector);
    274    PKIX_TEST_DECREF_AC(chainCerts);
    275    PKIX_TEST_DECREF_AC(anchors);
    276    PKIX_TEST_DECREF_AC(anchor);
    277    PKIX_TEST_DECREF_AC(trustedCert);
    278    PKIX_TEST_DECREF_AC(targetCert);
    279    PKIX_TEST_DECREF_AC(valResult);
    280 
    281    PKIX_Shutdown(plContext);
    282 
    283    PKIX_TEST_RETURN();
    284 
    285    endTests("OcspChecker");
    286 
    287    return (0);
    288 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE