test_validatechain.c (6731B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_validatechain.c 6 * 7 * Test ValidateChain function 8 * 9 */ 10 11 #include "testutil.h" 12 #include "testutil_nss.h" 13 14 static void *plContext = NULL; 15 16 static void 17 printUsage(void) 18 { 19 (void)printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] " 20 "<certStoreDirectory> <trustedCert> <targetCert>\n\n"); 21 (void)printf("Validates a chain of certificates between " 22 "<trustedCert> and <targetCert>\n" 23 "using the certs and CRLs in <certStoreDirectory>. " 24 "If ENE is specified,\n" 25 "then an Error is Not Expected. " 26 "If EE is specified, an Error is Expected.\n"); 27 } 28 29 static char * 30 createFullPathName( 31 char *dirName, 32 char *certFile, 33 void *plContext) 34 { 35 PKIX_UInt32 certFileLen; 36 PKIX_UInt32 dirNameLen; 37 char *certPathName = NULL; 38 39 PKIX_TEST_STD_VARS(); 40 41 certFileLen = PL_strlen(certFile); 42 dirNameLen = PL_strlen(dirName); 43 44 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen + 45 certFileLen + 46 2, 47 (void **)&certPathName, 48 plContext)); 49 50 PL_strcpy(certPathName, dirName); 51 PL_strcat(certPathName, "/"); 52 PL_strcat(certPathName, certFile); 53 printf("certPathName = %s\n", certPathName); 54 55 cleanup: 56 57 PKIX_TEST_RETURN(); 58 59 return (certPathName); 60 } 61 62 static PKIX_Error * 63 testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir) 64 { 65 PKIX_PL_String *dirString = NULL; 66 PKIX_CertStore *certStore = NULL; 67 PKIX_ProcessingParams *procParams = NULL; 68 PKIX_PL_Date *validity = NULL; 69 PKIX_List *revCheckers = NULL; 70 PKIX_RevocationChecker *ocspChecker = NULL; 71 72 PKIX_TEST_STD_VARS(); 73 74 subTest("PKIX_PL_CollectionCertStoreContext_Create"); 75 76 /* Create CollectionCertStore */ 77 78 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext)); 79 80 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext)); 81 82 /* Create CertStore */ 83 84 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext)); 85 86 subTest("PKIX_ProcessingParams_AddCertStore"); 87 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext)); 88 89 subTest("PKIX_ProcessingParams_SetRevocationEnabled"); 90 91 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext)); 92 93 /* create current Date */ 94 PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext)); 95 96 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext)); 97 98 /* create revChecker */ 99 PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity, 100 NULL, /* pwArg */ 101 NULL, /* Use default responder */ 102 &ocspChecker, 103 plContext)); 104 105 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext)); 106 107 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext)); 108 109 cleanup: 110 111 PKIX_TEST_DECREF_AC(dirString); 112 PKIX_TEST_DECREF_AC(procParams); 113 PKIX_TEST_DECREF_AC(certStore); 114 PKIX_TEST_DECREF_AC(revCheckers); 115 PKIX_TEST_DECREF_AC(ocspChecker); 116 117 PKIX_TEST_RETURN(); 118 119 return (0); 120 } 121 122 int 123 test_validatechain(int argc, char *argv[]) 124 { 125 126 PKIX_ValidateParams *valParams = NULL; 127 PKIX_ValidateResult *valResult = NULL; 128 PKIX_UInt32 actualMinorVersion; 129 PKIX_UInt32 j = 0; 130 PKIX_UInt32 k = 0; 131 PKIX_UInt32 chainLength = 0; 132 PKIX_Boolean testValid = PKIX_TRUE; 133 PKIX_List *chainCerts = NULL; 134 PKIX_PL_Cert *dirCert = NULL; 135 PKIX_VerifyNode *verifyTree = NULL; 136 PKIX_PL_String *verifyString = NULL; 137 char *dirCertName = NULL; 138 char *anchorCertName = NULL; 139 char *dirName = NULL; 140 141 PKIX_TEST_STD_VARS(); 142 143 if (argc < 5) { 144 printUsage(); 145 return (0); 146 } 147 148 startTests("ValidateChain"); 149 150 PKIX_TEST_EXPECT_NO_ERROR( 151 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 152 153 /* ENE = expect no error; EE = expect error */ 154 if (PORT_Strcmp(argv[2 + j], "ENE") == 0) { 155 testValid = PKIX_TRUE; 156 } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) { 157 testValid = PKIX_FALSE; 158 } else { 159 printUsage(); 160 return (0); 161 } 162 163 subTest(argv[1 + j]); 164 165 dirName = argv[3 + j]; 166 167 chainLength = argc - j - 5; 168 169 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext)); 170 171 for (k = 0; k < chainLength; k++) { 172 173 dirCert = createCert(dirName, argv[5 + k + j], plContext); 174 175 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext)); 176 177 PKIX_TEST_DECREF_BC(dirCert); 178 } 179 180 valParams = createValidateParams(dirName, 181 argv[4 + 182 j], 183 NULL, 184 NULL, 185 NULL, 186 PKIX_FALSE, 187 PKIX_FALSE, 188 PKIX_FALSE, 189 PKIX_FALSE, 190 chainCerts, 191 plContext); 192 193 testDefaultCertStore(valParams, dirName); 194 195 if (testValid == PKIX_TRUE) { 196 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 197 } else { 198 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext)); 199 } 200 201 subTest("Displaying VerifyNode objects"); 202 203 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext)); 204 (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString); 205 206 cleanup: 207 PKIX_TEST_DECREF_AC(verifyString); 208 PKIX_TEST_DECREF_AC(verifyTree); 209 210 PKIX_TEST_DECREF_AC(chainCerts); 211 PKIX_TEST_DECREF_AC(valParams); 212 PKIX_TEST_DECREF_AC(valResult); 213 214 PKIX_Shutdown(plContext); 215 216 PKIX_TEST_RETURN(); 217 218 endTests("ValidateChain"); 219 220 return (0); 221 }