tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_ekuchecker.c (7691B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /*
      5 * test_ekuchecker.c
      6 *
      7 * Test Extend Key Usage Checker
      8 *
      9 */
     10 
     11 #include "testutil.h"
     12 #include "testutil_nss.h"
     13 
     14 #define PKIX_TEST_MAX_CERTS 10
     15 
     16 static void *plContext = NULL;
     17 
     18 static void
     19 printUsage1(char *pName)
     20 {
     21    printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
     22    printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
     23 }
     24 
     25 static void
     26 printUsageMax(PKIX_UInt32 numCerts)
     27 {
     28    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
     29           numCerts, PKIX_TEST_MAX_CERTS);
     30 }
     31 
     32 static PKIX_Error *
     33 testCertSelectorMatchCallback(
     34    PKIX_CertSelector *selector,
     35    PKIX_PL_Cert *cert,
     36    PKIX_Boolean *pResult,
     37    void *plContext)
     38 {
     39    *pResult = PKIX_TRUE;
     40 
     41    return (0);
     42 }
     43 
     44 static PKIX_Error *
     45 testEkuSetup(
     46    PKIX_ValidateParams *valParams,
     47    char *ekuOidString,
     48    PKIX_Boolean *only4EE)
     49 {
     50    PKIX_ProcessingParams *procParams = NULL;
     51    PKIX_List *ekuList = NULL;
     52    PKIX_PL_OID *ekuOid = NULL;
     53    PKIX_ComCertSelParams *selParams = NULL;
     54    PKIX_CertSelector *certSelector = NULL;
     55    PKIX_Boolean last_token = PKIX_FALSE;
     56    PKIX_UInt32 i, tokeni;
     57 
     58    PKIX_TEST_STD_VARS();
     59 
     60    subTest("PKIX_ValidateParams_GetProcessingParams");
     61    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
     62 
     63    /* Get extended key usage OID(s) from command line, separated by ","  */
     64 
     65    if (ekuOidString[0] == '"') {
     66        /* erase doble quotes, if any */
     67        i = 1;
     68        while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
     69            ekuOidString[i - 1] = ekuOidString[i];
     70            i++;
     71        }
     72        ekuOidString[i - 1] = '\0';
     73    }
     74 
     75    if (ekuOidString[0] == '\0') {
     76        ekuList = NULL;
     77    } else {
     78 
     79        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));
     80 
     81        /* if OID string start with E, only check for last cert */
     82        if (ekuOidString[0] == 'E') {
     83            *only4EE = PKIX_TRUE;
     84            tokeni = 2;
     85            i = 1;
     86        } else {
     87            *only4EE = PKIX_FALSE;
     88            tokeni = 1;
     89            i = 0;
     90        }
     91 
     92        while (last_token != PKIX_TRUE) {
     93            while (ekuOidString[tokeni] != ',' &&
     94                   ekuOidString[tokeni] != '\0') {
     95                tokeni++;
     96            }
     97            if (ekuOidString[tokeni] == '\0') {
     98                last_token = PKIX_TRUE;
     99            } else {
    100                ekuOidString[tokeni] = '\0';
    101                tokeni++;
    102            }
    103 
    104            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));
    105 
    106            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));
    107 
    108            PKIX_TEST_DECREF_BC(ekuOid);
    109            i = tokeni;
    110        }
    111    }
    112 
    113    /* Set extended key usage link to processing params */
    114 
    115    subTest("PKIX_ComCertSelParams_Create");
    116    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
    117 
    118    subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
    119    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));
    120 
    121    subTest("PKIX_CertSelector_Create");
    122    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
    123                                                       NULL,
    124                                                       &certSelector,
    125                                                       plContext));
    126 
    127    subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
    128    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));
    129 
    130    subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
    131    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
    132 
    133 cleanup:
    134 
    135    PKIX_TEST_DECREF_AC(selParams);
    136    PKIX_TEST_DECREF_AC(certSelector);
    137    PKIX_TEST_DECREF_AC(procParams);
    138    PKIX_TEST_DECREF_AC(ekuOid);
    139    PKIX_TEST_DECREF_AC(ekuList);
    140 
    141    PKIX_TEST_RETURN();
    142 
    143    return (0);
    144 }
    145 
    146 static PKIX_Error *
    147 testEkuChecker(
    148    PKIX_ValidateParams *valParams,
    149    PKIX_Boolean only4EE)
    150 {
    151    PKIX_ProcessingParams *procParams = NULL;
    152 
    153    PKIX_TEST_STD_VARS();
    154 
    155    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
    156 
    157    subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
    158    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
    159 
    160    if (only4EE == PKIX_FALSE) {
    161        subTest("PKIX_PL_EkuChecker_Create");
    162        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
    163    }
    164 
    165 cleanup:
    166 
    167    PKIX_TEST_DECREF_AC(procParams);
    168 
    169    PKIX_TEST_RETURN();
    170 
    171    return (0);
    172 }
    173 
    174 int
    175 test_ekuchecker(int argc, char *argv[])
    176 {
    177    PKIX_List *chain = NULL;
    178    PKIX_ValidateParams *valParams = NULL;
    179    PKIX_ValidateResult *valResult = NULL;
    180    PKIX_UInt32 actualMinorVersion;
    181    char *certNames[PKIX_TEST_MAX_CERTS];
    182    char *dirName = NULL;
    183    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
    184    PKIX_UInt32 chainLength = 0;
    185    PKIX_UInt32 i = 0;
    186    PKIX_UInt32 j = 0;
    187    PKIX_Boolean testValid = PKIX_FALSE;
    188    PKIX_Boolean only4EE = PKIX_FALSE;
    189 
    190    PKIX_TEST_STD_VARS();
    191 
    192    if (argc < 5) {
    193        printUsage1(argv[0]);
    194        return (0);
    195    }
    196 
    197    startTests("EKU Checker");
    198 
    199    PKIX_TEST_EXPECT_NO_ERROR(
    200        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
    201 
    202    /* ENE = expect no error; EE = expect error */
    203    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
    204        testValid = PKIX_TRUE;
    205    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
    206        testValid = PKIX_FALSE;
    207    } else {
    208        printUsage1(argv[0]);
    209        return (0);
    210    }
    211 
    212    dirName = argv[4 + j];
    213 
    214    chainLength = (argc - j) - 6;
    215    if (chainLength > PKIX_TEST_MAX_CERTS) {
    216        printUsageMax(chainLength);
    217    }
    218 
    219    for (i = 0; i < chainLength; i++) {
    220 
    221        certNames[i] = argv[6 + i + j];
    222        certs[i] = NULL;
    223    }
    224 
    225    subTest(argv[1 + j]);
    226 
    227    subTest("Extended-Key-Usage-Checker");
    228 
    229    subTest("Extended-Key-Usage-Checker - Create Cert Chain");
    230 
    231    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
    232 
    233    subTest("Extended-Key-Usage-Checker - Create Params");
    234 
    235    valParams = createValidateParams(dirName,
    236                                     argv[5 +
    237                                          j],
    238                                     NULL,
    239                                     NULL,
    240                                     NULL,
    241                                     PKIX_FALSE,
    242                                     PKIX_FALSE,
    243                                     PKIX_FALSE,
    244                                     PKIX_FALSE,
    245                                     chain,
    246                                     plContext);
    247 
    248    subTest("Default CertStore");
    249 
    250    testEkuSetup(valParams, argv[3 + j], &only4EE);
    251 
    252    testEkuChecker(valParams, only4EE);
    253 
    254    subTest("Extended-Key-Usage-Checker - Validate Chain");
    255 
    256    if (testValid == PKIX_TRUE) {
    257        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
    258    } else {
    259        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
    260    }
    261 
    262 cleanup:
    263 
    264    PKIX_TEST_DECREF_AC(chain);
    265    PKIX_TEST_DECREF_AC(valParams);
    266    PKIX_TEST_DECREF_AC(valResult);
    267 
    268    PKIX_Shutdown(plContext);
    269 
    270    PKIX_TEST_RETURN();
    271 
    272    endTests("EKU Checker");
    273 
    274    return (0);
    275 }