test_cert.c (75333B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * test_cert.c 6 * 7 * Test Cert Type 8 * 9 */ 10 11 #include "testutil.h" 12 #include "testutil_nss.h" 13 14 static PKIX_PL_Cert *altNameNoneCert = NULL; 15 static PKIX_PL_Cert *altNameOtherCert = NULL; 16 static PKIX_PL_Cert *altNameOtherCert_diff = NULL; 17 static PKIX_PL_Cert *altNameRfc822Cert = NULL; 18 static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL; 19 static PKIX_PL_Cert *altNameDnsCert = NULL; 20 static PKIX_PL_Cert *altNameDnsCert_diff = NULL; 21 static PKIX_PL_Cert *altNameX400Cert = NULL; 22 static PKIX_PL_Cert *altNameX400Cert_diff = NULL; 23 static PKIX_PL_Cert *altNameDnCert = NULL; 24 static PKIX_PL_Cert *altNameDnCert_diff = NULL; 25 static PKIX_PL_Cert *altNameEdiCert = NULL; 26 static PKIX_PL_Cert *altNameEdiCert_diff = NULL; 27 static PKIX_PL_Cert *altNameUriCert = NULL; 28 static PKIX_PL_Cert *altNameUriCert_diff = NULL; 29 static PKIX_PL_Cert *altNameIpCert = NULL; 30 static PKIX_PL_Cert *altNameIpCert_diff = NULL; 31 static PKIX_PL_Cert *altNameOidCert = NULL; 32 static PKIX_PL_Cert *altNameOidCert_diff = NULL; 33 static PKIX_PL_Cert *altNameMultipleCert = NULL; 34 35 static void *plContext = NULL; 36 37 static void 38 createCerts( 39 char *dataCentralDir, 40 char *goodInput, 41 char *diffInput, 42 PKIX_PL_Cert **goodObject, 43 PKIX_PL_Cert **equalObject, 44 PKIX_PL_Cert **diffObject) 45 { 46 subTest("PKIX_PL_Cert_Create <goodObject>"); 47 *goodObject = createCert(dataCentralDir, goodInput, plContext); 48 49 subTest("PKIX_PL_Cert_Create <equalObject>"); 50 *equalObject = createCert(dataCentralDir, goodInput, plContext); 51 52 subTest("PKIX_PL_Cert_Create <diffObject>"); 53 *diffObject = createCert(dataCentralDir, diffInput, plContext); 54 } 55 56 static void 57 createCertsWithSubjectAltNames(char *dataCentralDir) 58 { 59 subTest("PKIX_PL_Cert_Create <altNameDNS>"); 60 altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext); 61 62 subTest("PKIX_PL_Cert_Create <altNameDNS_diff>"); 63 altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext); 64 65 subTest("PKIX_PL_Cert_Create <altNameRFC822>"); 66 altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext); 67 68 subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>"); 69 altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext); 70 71 subTest("PKIX_PL_Cert_Create <altNameX400Cert>"); 72 altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext); 73 74 subTest("PKIX_PL_Cert_Create <altNameX400_diff>"); 75 altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext); 76 77 subTest("PKIX_PL_Cert_Create <altNameDN>"); 78 altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext); 79 80 subTest("PKIX_PL_Cert_Create <altNameDN_diff>"); 81 altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext); 82 83 subTest("PKIX_PL_Cert_Create <altNameEdiCert>"); 84 altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext); 85 86 subTest("PKIX_PL_Cert_Create <altNameEdi_diff>"); 87 altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext); 88 89 subTest("PKIX_PL_Cert_Create <altNameURI>"); 90 altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext); 91 92 subTest("PKIX_PL_Cert_Create <altNameURI_diff>"); 93 altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext); 94 95 subTest("PKIX_PL_Cert_Create <altNameIP>"); 96 altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext); 97 98 subTest("PKIX_PL_Cert_Create <altNameIP_diff>"); 99 altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext); 100 101 subTest("PKIX_PL_Cert_Create <altNameOID>"); 102 altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext); 103 104 subTest("PKIX_PL_Cert_Create <altNameOID_diff>"); 105 altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext); 106 107 subTest("PKIX_PL_Cert_Create <altNameOther>"); 108 altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext); 109 110 subTest("PKIX_PL_Cert_Create <altNameOther_diff>"); 111 altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext); 112 113 subTest("PKIX_PL_Cert_Create <altNameNone>"); 114 altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext); 115 116 subTest("PKIX_PL_Cert_Create <altNameMultiple>"); 117 altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext); 118 } 119 120 static void 121 testGetVersion( 122 PKIX_PL_Cert *goodObject) 123 { 124 PKIX_UInt32 goodVersion; 125 126 PKIX_TEST_STD_VARS(); 127 128 subTest("PKIX_PL_Cert_GetVersion"); 129 130 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext)); 131 132 if (goodVersion != 2) { 133 testError("unexpected mismatch"); 134 (void)printf("Actual value:\t%d\n", goodVersion); 135 (void)printf("Expected value:\t2\n"); 136 goto cleanup; 137 } 138 139 cleanup: 140 141 PKIX_TEST_RETURN(); 142 } 143 144 static void 145 testGetSerialNumber( 146 PKIX_PL_Cert *goodObject, 147 PKIX_PL_Cert *equalObject, 148 PKIX_PL_Cert *diffObject) 149 { 150 PKIX_PL_BigInt *goodSN = NULL; 151 PKIX_PL_BigInt *equalSN = NULL; 152 PKIX_PL_BigInt *diffSN = NULL; 153 char *expectedAscii = "37bc66ec"; 154 155 PKIX_TEST_STD_VARS(); 156 157 subTest("PKIX_PL_Cert_GetSerialNumber"); 158 159 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext)); 160 161 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext)); 162 163 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext)); 164 165 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE); 166 167 cleanup: 168 169 PKIX_TEST_DECREF_AC(goodSN); 170 PKIX_TEST_DECREF_AC(equalSN); 171 PKIX_TEST_DECREF_AC(diffSN); 172 173 PKIX_TEST_RETURN(); 174 } 175 176 static void 177 testGetSubject( 178 PKIX_PL_Cert *goodObject, 179 PKIX_PL_Cert *equalObject, 180 PKIX_PL_Cert *diffObject) 181 { 182 PKIX_PL_X500Name *goodSubject = NULL; 183 PKIX_PL_X500Name *equalSubject = NULL; 184 PKIX_PL_X500Name *diffSubject = NULL; 185 char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us"; 186 187 PKIX_TEST_STD_VARS(); 188 189 subTest("PKIX_PL_Cert_GetSubject"); 190 191 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext)); 192 193 if (!goodSubject) { 194 testError("Certificate Subject should not be NULL"); 195 goto cleanup; 196 } 197 198 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext)); 199 200 if (!equalSubject) { 201 testError("Certificate Subject should not be NULL"); 202 goto cleanup; 203 } 204 205 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext)); 206 207 if (!diffSubject) { 208 testError("Certificate Subject should not be NULL"); 209 goto cleanup; 210 } 211 212 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject, 213 equalSubject, 214 diffSubject, 215 expectedAscii, 216 X500Name, 217 PKIX_TRUE); 218 219 cleanup: 220 221 PKIX_TEST_DECREF_AC(goodSubject); 222 PKIX_TEST_DECREF_AC(equalSubject); 223 PKIX_TEST_DECREF_AC(diffSubject); 224 225 PKIX_TEST_RETURN(); 226 } 227 228 static void 229 testGetIssuer( 230 PKIX_PL_Cert *goodObject, 231 PKIX_PL_Cert *equalObject, 232 PKIX_PL_Cert *diffObject) 233 { 234 PKIX_PL_X500Name *goodIssuer = NULL; 235 PKIX_PL_X500Name *equalIssuer = NULL; 236 PKIX_PL_X500Name *diffIssuer = NULL; 237 char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us"; 238 239 PKIX_TEST_STD_VARS(); 240 241 subTest("PKIX_PL_Cert_GetIssuer"); 242 243 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext)); 244 245 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext)); 246 247 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext)); 248 249 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer, 250 equalIssuer, 251 diffIssuer, 252 expectedAscii, 253 X500Name, 254 PKIX_TRUE); 255 256 cleanup: 257 258 PKIX_TEST_DECREF_AC(goodIssuer); 259 PKIX_TEST_DECREF_AC(equalIssuer); 260 PKIX_TEST_DECREF_AC(diffIssuer); 261 262 PKIX_TEST_RETURN(); 263 } 264 265 static void 266 testAltNames( 267 PKIX_PL_Cert *goodCert, 268 PKIX_PL_Cert *diffCert, 269 char *expectedAscii) 270 { 271 PKIX_List *goodAltNames = NULL; 272 PKIX_List *diffAltNames = NULL; 273 PKIX_PL_GeneralName *goodAltName = NULL; 274 PKIX_PL_GeneralName *diffAltName = NULL; 275 276 PKIX_TEST_STD_VARS(); 277 278 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext)); 279 280 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames, 281 0, 282 (PKIX_PL_Object **)&goodAltName, 283 plContext)); 284 285 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext)); 286 287 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames, 288 0, 289 (PKIX_PL_Object **)&diffAltName, 290 plContext)); 291 292 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName, 293 expectedAscii, GeneralName, PKIX_TRUE); 294 295 cleanup: 296 PKIX_TEST_DECREF_AC(goodAltNames); 297 PKIX_TEST_DECREF_AC(goodAltName); 298 PKIX_TEST_DECREF_AC(diffAltNames); 299 PKIX_TEST_DECREF_AC(diffAltName); 300 PKIX_TEST_RETURN(); 301 } 302 303 static void 304 testAltNamesNone(PKIX_PL_Cert *cert) 305 { 306 307 PKIX_List *altNames = NULL; 308 309 PKIX_TEST_STD_VARS(); 310 311 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext)); 312 313 if (altNames != NULL) { 314 testError("unexpected mismatch"); 315 (void)printf("Actual value:\t%p\n", (void *)altNames); 316 (void)printf("Expected value:\tNULL\n"); 317 goto cleanup; 318 } 319 320 cleanup: 321 322 PKIX_TEST_DECREF_AC(altNames); 323 PKIX_TEST_RETURN(); 324 } 325 static void 326 testAltNamesMultiple() 327 { 328 PKIX_List *altNames = NULL; 329 PKIX_PL_GeneralName *firstAltName = NULL; 330 PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME; 331 PKIX_PL_GeneralName *secondAltName = NULL; 332 PKIX_Int32 secondExpectedType = PKIX_DNS_NAME; 333 334 char *expectedAscii = 335 "[\n" 336 "\tVersion: v3\n" 337 "\tSerialNumber: 2d\n" 338 "\tIssuer: OU=labs,O=sun,C=us\n" 339 "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n" 340 "\tValidity: [From: Mon Feb 09, 2004\n" 341 /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */ 342 "\t To: Mon Feb 09, 2004]\n" 343 /* "\t To: Mon Feb 09 14:43:52 2004]\n" */ 344 "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n" 345 "\tAuthorityKeyId: (null)\n" 346 "\tSubjectKeyId: (null)\n" 347 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" 348 "\tCritExtOIDs: (EMPTY)\n" 349 "\tExtKeyUsages: (null)\n" 350 "\tBasicConstraint: (null)\n" 351 "\tCertPolicyInfo: (null)\n" 352 "\tPolicyMappings: (null)\n" 353 "\tExplicitPolicy: -1\n" 354 "\tInhibitMapping: -1\n" 355 "\tInhibitAnyPolicy:-1\n" 356 "\tNameConstraints: (null)\n" 357 "\tAuthorityInfoAccess: (null)\n" 358 "\tSubjectInfoAccess: (null)\n" 359 "\tCacheFlag: 0\n" 360 "]\n"; 361 362 PKIX_TEST_STD_VARS(); 363 364 testToStringHelper((PKIX_PL_Object *)altNameMultipleCert, 365 expectedAscii, 366 plContext); 367 368 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext)); 369 370 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext)); 371 372 if (firstAltName->type != firstExpectedType) { 373 testError("unexpected mismatch"); 374 (void)printf("Actual value:\t%d\n", firstAltName->type); 375 (void)printf("Expected value:\t%d\n", firstExpectedType); 376 goto cleanup; 377 } 378 379 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext)); 380 381 if (secondAltName->type != secondExpectedType) { 382 testError("unexpected mismatch"); 383 (void)printf("Actual value:\t%d\n", secondAltName->type); 384 (void)printf("Expected value:\t%d\n", secondExpectedType); 385 goto cleanup; 386 } 387 388 cleanup: 389 PKIX_TEST_DECREF_AC(altNames); 390 PKIX_TEST_DECREF_AC(firstAltName); 391 PKIX_TEST_DECREF_AC(secondAltName); 392 PKIX_TEST_RETURN(); 393 } 394 395 static void 396 testGetSubjectAltNames(char *dataCentralDir) 397 { 398 399 char *expectedAscii = NULL; 400 401 createCertsWithSubjectAltNames(dataCentralDir); 402 403 subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>"); 404 expectedAscii = "east.sun.com"; 405 testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii); 406 407 subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>"); 408 expectedAscii = "alice.barnes@bcn.east.sun.com"; 409 testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii); 410 411 /* 412 *this should work once bugzilla bug #233586 is fixed. 413 *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>"); 414 *expectedAscii = "X400Address: <DER-encoded value>"; 415 *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii); 416 */ 417 418 subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>"); 419 expectedAscii = "CN=elley,OU=labs,O=sun,C=us"; 420 testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii); 421 422 /* 423 * this should work once bugzilla bug #233586 is fixed. 424 * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>"); 425 * expectedAscii = "EDIPartyName: <DER-encoded value>"; 426 * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii); 427 */ 428 429 subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>"); 430 expectedAscii = "http://www.sun.com"; 431 testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii); 432 433 subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>"); 434 expectedAscii = "1.2.3.4"; 435 testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii); 436 437 subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>"); 438 expectedAscii = "1.2.39"; 439 testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii); 440 441 subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>"); 442 expectedAscii = "1.7.26.97"; 443 testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii); 444 445 subTest("PKIX_PL_Cert_GetSubjectAltNames <none>"); 446 testAltNamesNone(altNameNoneCert); 447 448 subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>"); 449 testAltNamesMultiple(); 450 } 451 452 static void 453 testGetSubjectPublicKey( 454 PKIX_PL_Cert *goodObject, 455 PKIX_PL_Cert *equalObject, 456 PKIX_PL_Cert *diffObject) 457 { 458 PKIX_PL_PublicKey *goodPubKey = NULL; 459 PKIX_PL_PublicKey *equalPubKey = NULL; 460 PKIX_PL_PublicKey *diffPubKey = NULL; 461 char *expectedAscii = "ANSI X9.57 DSA Signature"; 462 463 PKIX_TEST_STD_VARS(); 464 465 subTest("PKIX_PL_Cert_GetSubjectPublicKey"); 466 467 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext)); 468 469 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext)); 470 471 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext)); 472 473 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey, 474 expectedAscii, PublicKey, PKIX_TRUE); 475 476 cleanup: 477 478 PKIX_TEST_DECREF_AC(goodPubKey); 479 PKIX_TEST_DECREF_AC(equalPubKey); 480 PKIX_TEST_DECREF_AC(diffPubKey); 481 482 PKIX_TEST_RETURN(); 483 } 484 485 static void 486 testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject) 487 { 488 PKIX_PL_OID *pkixPubKeyOID = NULL; 489 char *expectedAscii = "1.2.840.10040.4.1"; 490 491 PKIX_TEST_STD_VARS(); 492 493 subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId"); 494 495 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext)); 496 497 testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext); 498 499 cleanup: 500 501 PKIX_TEST_DECREF_AC(pkixPubKeyOID); 502 PKIX_TEST_RETURN(); 503 } 504 505 static void 506 testCritExtensionsPresent(PKIX_PL_Cert *cert) 507 { 508 PKIX_List *critOIDList = NULL; 509 char *firstOIDAscii = "2.5.29.15"; 510 PKIX_PL_OID *firstOID = NULL; 511 char *secondOIDAscii = "2.5.29.19"; 512 PKIX_PL_OID *secondOID = NULL; 513 514 PKIX_TEST_STD_VARS(); 515 516 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext)); 517 518 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext)); 519 testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext); 520 521 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext)); 522 523 testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext); 524 525 cleanup: 526 527 PKIX_TEST_DECREF_AC(critOIDList); 528 PKIX_TEST_DECREF_AC(firstOID); 529 PKIX_TEST_DECREF_AC(secondOID); 530 531 PKIX_TEST_RETURN(); 532 } 533 534 static void 535 testCritExtensionsAbsent(PKIX_PL_Cert *cert) 536 { 537 PKIX_List *oidList = NULL; 538 PKIX_Boolean empty; 539 540 PKIX_TEST_STD_VARS(); 541 542 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); 543 544 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); 545 546 if (!empty) { 547 pkixTestErrorMsg = "unexpected mismatch"; 548 } 549 550 cleanup: 551 552 PKIX_TEST_DECREF_AC(oidList); 553 PKIX_TEST_RETURN(); 554 } 555 556 static void 557 testAllExtensionsAbsent(char *dataCentralDir) 558 { 559 PKIX_List *oidList = NULL; 560 PKIX_PL_Cert *cert = NULL; 561 PKIX_Boolean empty; 562 563 PKIX_TEST_STD_VARS(); 564 565 subTest("PKIX_PL_Cert_Create <noExtensionsCert>"); 566 cert = createCert(dataCentralDir, "noExtensionsCert", plContext); 567 568 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext)); 569 570 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext)); 571 572 if (!empty) { 573 pkixTestErrorMsg = "unexpected mismatch"; 574 } 575 576 cleanup: 577 PKIX_TEST_DECREF_AC(oidList); 578 PKIX_TEST_DECREF_AC(cert); 579 580 PKIX_TEST_RETURN(); 581 } 582 583 static void 584 testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject) 585 { 586 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " 587 "<CritExtensionsPresent>"); 588 testCritExtensionsPresent(goodObject); 589 590 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " 591 "<CritExtensionsAbsent>"); 592 testCritExtensionsAbsent(altNameOidCert); 593 594 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs " 595 "<AllExtensionsAbsent>"); 596 testAllExtensionsAbsent(dataCentralDir); 597 } 598 599 static void 600 testKeyIdentifiersMatching(char *dataCentralDir) 601 { 602 PKIX_PL_Cert *subjKeyIDCert = NULL; 603 PKIX_PL_Cert *authKeyIDCert = NULL; 604 PKIX_PL_ByteArray *subjKeyID = NULL; 605 PKIX_PL_ByteArray *authKeyID = NULL; 606 PKIX_PL_ByteArray *subjKeyID_diff = NULL; 607 608 char *expectedAscii = 609 "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225," 610 " 139, 009, 126, 127, 234, 025, 072, 078, 097]"; 611 612 PKIX_TEST_STD_VARS(); 613 614 subTest("PKIX_PL_Cert_Create <subjKeyIDCert>"); 615 subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext); 616 617 subTest("PKIX_PL_Cert_Create <authKeyIDCert>"); 618 authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext); 619 620 subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>"); 621 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext)); 622 623 subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>"); 624 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext)); 625 626 subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>"); 627 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext)); 628 629 PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID, 630 authKeyID, 631 subjKeyID_diff, 632 expectedAscii, 633 ByteArray, 634 PKIX_TRUE); 635 636 cleanup: 637 638 PKIX_TEST_DECREF_AC(subjKeyIDCert); 639 PKIX_TEST_DECREF_AC(authKeyIDCert); 640 PKIX_TEST_DECREF_AC(subjKeyID); 641 PKIX_TEST_DECREF_AC(authKeyID); 642 PKIX_TEST_DECREF_AC(subjKeyID_diff); 643 644 PKIX_TEST_RETURN(); 645 } 646 647 static void 648 testKeyIdentifierAbsent(PKIX_PL_Cert *cert) 649 { 650 PKIX_PL_ByteArray *subjKeyID = NULL; 651 PKIX_PL_ByteArray *authKeyID = NULL; 652 653 PKIX_TEST_STD_VARS(); 654 655 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext)); 656 657 if (subjKeyID != NULL) { 658 pkixTestErrorMsg = "unexpected mismatch"; 659 } 660 661 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext)); 662 663 if (authKeyID != NULL) { 664 pkixTestErrorMsg = "unexpected mismatch"; 665 } 666 667 cleanup: 668 669 PKIX_TEST_DECREF_AC(subjKeyID); 670 PKIX_TEST_DECREF_AC(authKeyID); 671 672 PKIX_TEST_RETURN(); 673 } 674 675 static void 676 testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject) 677 { 678 testKeyIdentifiersMatching(dataCentralDir); 679 testKeyIdentifierAbsent(goodObject); 680 } 681 682 static void 683 testVerifyKeyUsage( 684 char *dataCentralDir, 685 char *dataDir, 686 PKIX_PL_Cert *multiKeyUsagesCert) 687 { 688 PKIX_PL_Cert *encipherOnlyCert = NULL; 689 PKIX_PL_Cert *decipherOnlyCert = NULL; 690 PKIX_PL_Cert *noKeyUsagesCert = NULL; 691 PKIX_TEST_STD_VARS(); 692 693 subTest("PKIX_PL_Cert_Create <encipherOnlyCert>"); 694 encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext); 695 696 subTest("PKIX_PL_Cert_Create <decipherOnlyCert>"); 697 decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext); 698 699 subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>"); 700 noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext); 701 702 subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>"); 703 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext)); 704 705 subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>"); 706 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, 707 PKIX_KEY_CERT_SIGN | 708 PKIX_DIGITAL_SIGNATURE, 709 plContext)); 710 711 subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>"); 712 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext)); 713 714 subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>"); 715 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext)); 716 717 subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>"); 718 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext)); 719 720 cleanup: 721 PKIX_TEST_DECREF_AC(encipherOnlyCert); 722 PKIX_TEST_DECREF_AC(decipherOnlyCert); 723 PKIX_TEST_DECREF_AC(noKeyUsagesCert); 724 725 PKIX_TEST_RETURN(); 726 } 727 728 static void 729 testGetExtendedKeyUsage(char *dataCentralDir) 730 { 731 732 PKIX_PL_Cert *codeSigningEKUCert = NULL; 733 PKIX_PL_Cert *multiEKUCert = NULL; 734 PKIX_PL_Cert *noEKUCert = NULL; 735 PKIX_List *firstExtKeyUsage = NULL; 736 PKIX_List *secondExtKeyUsage = NULL; 737 PKIX_List *thirdExtKeyUsage = NULL; 738 PKIX_PL_OID *firstOID = NULL; 739 char *oidAscii = "1.3.6.1.5.5.7.3.3"; 740 PKIX_PL_OID *secondOID = NULL; 741 char *secondOIDAscii = "1.3.6.1.5.5.7.3.1"; 742 PKIX_PL_OID *thirdOID = NULL; 743 char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2"; 744 PKIX_PL_OID *fourthOID = NULL; 745 PKIX_UInt32 length = 0; 746 747 PKIX_TEST_STD_VARS(); 748 749 subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>"); 750 codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext); 751 752 subTest("PKIX_PL_Cert_Create <multiEKUCert>"); 753 multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext); 754 755 subTest("PKIX_PL_Cert_Create <noEKUCert>"); 756 noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext); 757 758 subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>"); 759 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext)); 760 761 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext)); 762 testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext); 763 764 subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>"); 765 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext)); 766 767 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext)); 768 769 if (length != 3) { 770 testError("unexpected mismatch"); 771 (void)printf("Actual value:\t%d\n", length); 772 (void)printf("Expected value:\t3\n"); 773 goto cleanup; 774 } 775 776 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, 777 0, 778 (PKIX_PL_Object **)&secondOID, 779 plContext)); 780 781 testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext); 782 783 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, 784 1, 785 (PKIX_PL_Object **)&thirdOID, 786 plContext)); 787 788 testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext); 789 790 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage, 791 2, 792 (PKIX_PL_Object **)&fourthOID, 793 plContext)); 794 795 testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext); 796 797 subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>"); 798 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext)); 799 800 if (thirdExtKeyUsage != NULL) { 801 testError("unexpected mismatch"); 802 (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage); 803 (void)printf("Expected value:\tNULL\n"); 804 goto cleanup; 805 } 806 807 cleanup: 808 809 PKIX_TEST_DECREF_AC(firstOID); 810 PKIX_TEST_DECREF_AC(secondOID); 811 PKIX_TEST_DECREF_AC(thirdOID); 812 PKIX_TEST_DECREF_AC(fourthOID); 813 814 PKIX_TEST_DECREF_AC(firstExtKeyUsage); 815 PKIX_TEST_DECREF_AC(secondExtKeyUsage); 816 PKIX_TEST_DECREF_AC(thirdExtKeyUsage); 817 818 PKIX_TEST_DECREF_AC(codeSigningEKUCert); 819 PKIX_TEST_DECREF_AC(multiEKUCert); 820 PKIX_TEST_DECREF_AC(noEKUCert); 821 822 PKIX_TEST_RETURN(); 823 } 824 825 static void 826 testMakeInheritedDSAPublicKey(char *dataCentralDir) 827 { 828 PKIX_PL_PublicKey *firstKey = NULL; 829 PKIX_PL_PublicKey *secondKey = NULL; 830 PKIX_PL_PublicKey *resultKeyPositive = NULL; 831 PKIX_PL_PublicKey *resultKeyNegative = NULL; 832 PKIX_PL_Cert *firstCert = NULL; 833 PKIX_PL_Cert *secondCert = NULL; 834 835 PKIX_TEST_STD_VARS(); 836 837 subTest("PKIX_PL_Cert_Create <dsaWithoutParams>"); 838 firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext); 839 840 subTest("PKIX_PL_Cert_Create <dsaWithParams>"); 841 secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext); 842 843 subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>"); 844 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext)); 845 846 subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>"); 847 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext)); 848 849 subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>"); 850 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext)); 851 852 if (resultKeyPositive == NULL) { 853 testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed"); 854 } 855 856 subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>"); 857 PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext)); 858 859 cleanup: 860 861 PKIX_TEST_DECREF_AC(firstCert); 862 PKIX_TEST_DECREF_AC(secondCert); 863 864 PKIX_TEST_DECREF_AC(firstKey); 865 PKIX_TEST_DECREF_AC(secondKey); 866 PKIX_TEST_DECREF_AC(resultKeyPositive); 867 PKIX_TEST_DECREF_AC(resultKeyNegative); 868 869 PKIX_TEST_RETURN(); 870 } 871 872 static void 873 testVerifySignature(char *dataCentralDir) 874 { 875 PKIX_PL_Cert *firstCert = NULL; 876 PKIX_PL_Cert *secondCert = NULL; 877 PKIX_PL_PublicKey *firstPubKey = NULL; 878 PKIX_PL_PublicKey *secondPubKey = NULL; 879 880 PKIX_TEST_STD_VARS(); 881 882 subTest("PKIX_PL_Cert_Create <labs2yassir>"); 883 firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext); 884 885 subTest("PKIX_PL_Cert_Create <yassir2labs>"); 886 secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext); 887 888 subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>"); 889 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext)); 890 891 subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>"); 892 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext)); 893 894 subTest("PKIX_PL_Cert_VerifySignature <positive>"); 895 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext)); 896 897 subTest("PKIX_PL_Cert_VerifySignature <negative>"); 898 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext)); 899 900 cleanup: 901 902 PKIX_TEST_DECREF_AC(firstCert); 903 PKIX_TEST_DECREF_AC(secondCert); 904 PKIX_TEST_DECREF_AC(firstPubKey); 905 PKIX_TEST_DECREF_AC(secondPubKey); 906 907 PKIX_TEST_RETURN(); 908 } 909 910 static void 911 testCheckValidity( 912 PKIX_PL_Cert *olderCert, 913 PKIX_PL_Cert *newerCert) 914 { 915 /* 916 * olderCert has the following Validity: 917 * notBefore = August 19, 1999: 20:19:56 GMT 918 * notAfter = August 18, 2000: 20:19:56 GMT 919 * 920 * newerCert has the following Validity: 921 * notBefore = November 13, 2003: 16:46:03 GMT 922 * notAfter = February 13, 2009: 16:46:03 GMT 923 */ 924 925 /* olderDateAscii = March 29, 2000: 13:48:47 GMT */ 926 char *olderAscii = "000329134847Z"; 927 PKIX_PL_String *olderString = NULL; 928 PKIX_PL_Date *olderDate = NULL; 929 930 /* newerDateAscii = March 29, 2004: 13:48:47 GMT */ 931 char *newerAscii = "040329134847Z"; 932 PKIX_PL_String *newerString = NULL; 933 PKIX_PL_Date *newerDate = NULL; 934 935 PKIX_TEST_STD_VARS(); 936 937 subTest("PKIX_PL_Cert_CheckValidity <creating Dates>"); 938 939 /* create newer date when newer cert is valid but older cert is not */ 940 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext)); 941 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext)); 942 943 /* create older date when older cert is valid but newer cert is not */ 944 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext)); 945 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext)); 946 947 /* check validity of both certificates using olderDate */ 948 subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>"); 949 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext)); 950 951 subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>"); 952 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext)); 953 954 /* check validity of both certificates using newerDate */ 955 subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>"); 956 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext)); 957 958 subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>"); 959 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext)); 960 961 /* 962 * check validity of both certificates using current time 963 * NOTE: these "now" tests will not work when the current 964 * time is after newerCert.notAfter (~ February 13, 2009) 965 */ 966 subTest("PKIX_PL_Cert_CheckValidity <now:positive>"); 967 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext)); 968 969 subTest("PKIX_PL_Cert_CheckValidity <now:negative>"); 970 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext)); 971 972 cleanup: 973 PKIX_TEST_DECREF_AC(olderString); 974 PKIX_TEST_DECREF_AC(newerString); 975 PKIX_TEST_DECREF_AC(olderDate); 976 PKIX_TEST_DECREF_AC(newerDate); 977 978 PKIX_TEST_RETURN(); 979 } 980 981 static void 982 readCertBasicConstraints( 983 char *dataDir, 984 char *goodCertName, 985 char *diffCertName, 986 PKIX_PL_CertBasicConstraints **goodBasicConstraints, 987 PKIX_PL_CertBasicConstraints **equalBasicConstraints, 988 PKIX_PL_CertBasicConstraints **diffBasicConstraints) 989 { 990 991 PKIX_PL_Cert *goodCert = NULL; 992 PKIX_PL_Cert *equalCert = NULL; 993 PKIX_PL_Cert *diffCert = NULL; 994 995 PKIX_TEST_STD_VARS(); 996 997 createCerts(dataDir, goodCertName, diffCertName, 998 &goodCert, &equalCert, &diffCert); 999 /* 1000 * Warning: pointer will be NULL if BasicConstraints 1001 * extension is not present in the certificate. */ 1002 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext)); 1003 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext)); 1004 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext)); 1005 1006 cleanup: 1007 1008 PKIX_TEST_DECREF_AC(goodCert); 1009 PKIX_TEST_DECREF_AC(equalCert); 1010 PKIX_TEST_DECREF_AC(diffCert); 1011 1012 PKIX_TEST_RETURN(); 1013 } 1014 1015 static void 1016 testBasicConstraintsHelper( 1017 char *dataDir, 1018 char *goodCertName, 1019 char *diffCertName, 1020 char *expectedAscii) 1021 { 1022 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; 1023 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; 1024 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; 1025 1026 PKIX_TEST_STD_VARS(); 1027 1028 readCertBasicConstraints(dataDir, 1029 goodCertName, 1030 diffCertName, 1031 &goodBasicConstraints, 1032 &equalBasicConstraints, 1033 &diffBasicConstraints); 1034 1035 /* 1036 * The standard test macro is applicable only 1037 * if BasicConstraint extension is present 1038 * in the certificate. Otherwise some 1039 * pointers will be null. 1040 */ 1041 if ((goodBasicConstraints) && 1042 (equalBasicConstraints) && 1043 (diffBasicConstraints)) { 1044 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints, 1045 equalBasicConstraints, 1046 diffBasicConstraints, 1047 expectedAscii, 1048 BasicConstraints, 1049 PKIX_TRUE); 1050 } else { 1051 /* Test what we can */ 1052 if (goodBasicConstraints) { 1053 if (!equalBasicConstraints) { 1054 testError("Unexpected NULL value of equalBasicConstraints"); 1055 goto cleanup; 1056 } 1057 subTest("PKIX_PL_BasicConstraints_Equals <match>"); 1058 testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), 1059 (PKIX_PL_Object *)(equalBasicConstraints), 1060 PKIX_TRUE, 1061 plContext); 1062 subTest("PKIX_PL_BasicConstraints_Hashcode <match>"); 1063 testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), 1064 (PKIX_PL_Object *)(equalBasicConstraints), 1065 PKIX_TRUE, 1066 plContext); 1067 if (diffBasicConstraints) { 1068 subTest("PKIX_PL_BasicConstraints_Equals <non-match>"); 1069 testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints), 1070 (PKIX_PL_Object *)(diffBasicConstraints), 1071 PKIX_FALSE, 1072 plContext); 1073 subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>"); 1074 testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints), 1075 (PKIX_PL_Object *)(diffBasicConstraints), 1076 PKIX_FALSE, 1077 plContext); 1078 } 1079 subTest("PKIX_PL_BasicConstraints_Duplicate"); 1080 testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext); 1081 } 1082 if (expectedAscii) { 1083 subTest("PKIX_PL_BasicConstraints_ToString"); 1084 testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints), 1085 expectedAscii, 1086 plContext); 1087 } 1088 } 1089 1090 cleanup: 1091 1092 PKIX_TEST_DECREF_AC(goodBasicConstraints); 1093 PKIX_TEST_DECREF_AC(equalBasicConstraints); 1094 PKIX_TEST_DECREF_AC(diffBasicConstraints); 1095 1096 PKIX_TEST_RETURN(); 1097 } 1098 1099 static void 1100 testBasicConstraints_GetCAFlag(char *dataCentralDir) 1101 { 1102 /* 1103 * XXX When we have a certificate with a non-null Basic 1104 * Constraints field and a value of FALSE for CAFlag, 1105 * this test should be modified to use that 1106 * certificate for diffCertName, and to verify that 1107 * GetCAFlag returns a FALSE value. But our certificates for 1108 * non-CAs are created with no BasicConstraints extension. 1109 */ 1110 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; 1111 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; 1112 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; 1113 char *goodCertName = "yassir2yassir"; 1114 char *diffCertName = "nss2alice"; 1115 PKIX_Boolean goodCAFlag = PKIX_FALSE; 1116 PKIX_Boolean diffCAFlag = PKIX_FALSE; 1117 1118 PKIX_TEST_STD_VARS(); 1119 1120 subTest("PKIX_PL_BasicConstraints_GetCAFlag"); 1121 1122 readCertBasicConstraints(dataCentralDir, 1123 goodCertName, 1124 diffCertName, 1125 &goodBasicConstraints, 1126 &equalBasicConstraints, 1127 &diffBasicConstraints); 1128 1129 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext)); 1130 if (!goodCAFlag) { 1131 testError("BasicConstraint CAFlag unexpectedly FALSE"); 1132 goto cleanup; 1133 } 1134 1135 if (diffBasicConstraints) { 1136 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext)); 1137 if (diffCAFlag) { 1138 testError("BasicConstraint CAFlag unexpectedly TRUE"); 1139 goto cleanup; 1140 } 1141 } 1142 1143 cleanup: 1144 1145 PKIX_TEST_DECREF_AC(goodBasicConstraints); 1146 PKIX_TEST_DECREF_AC(equalBasicConstraints); 1147 PKIX_TEST_DECREF_AC(diffBasicConstraints); 1148 1149 PKIX_TEST_RETURN(); 1150 } 1151 1152 static void 1153 testBasicConstraints_GetPathLenConstraint(char *dataCentralDir) 1154 { 1155 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; 1156 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL; 1157 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; 1158 char *goodCertName = "yassir2yassir"; 1159 char *diffCertName = "sun2sun"; 1160 PKIX_Int32 goodPathLen = 0; 1161 PKIX_Int32 diffPathLen = 0; 1162 1163 PKIX_TEST_STD_VARS(); 1164 1165 subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint"); 1166 1167 readCertBasicConstraints(dataCentralDir, 1168 goodCertName, 1169 diffCertName, 1170 &goodBasicConstraints, 1171 &equalBasicConstraints, 1172 &diffBasicConstraints); 1173 1174 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext)); 1175 if (0 != goodPathLen) { 1176 testError("unexpected basicConstraint pathLen"); 1177 (void)printf("Actual value:\t%d\n", goodPathLen); 1178 (void)printf("Expected value:\t0\n"); 1179 goto cleanup; 1180 } 1181 1182 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext)); 1183 if (1 != diffPathLen) { 1184 testError("unexpected basicConstraint pathLen"); 1185 (void)printf("Actual value:\t%d\n", diffPathLen); 1186 (void)printf("Expected value:\t1\n"); 1187 goto cleanup; 1188 } 1189 1190 cleanup: 1191 1192 PKIX_TEST_DECREF_AC(goodBasicConstraints); 1193 PKIX_TEST_DECREF_AC(equalBasicConstraints); 1194 PKIX_TEST_DECREF_AC(diffBasicConstraints); 1195 1196 PKIX_TEST_RETURN(); 1197 } 1198 1199 static void 1200 testGetBasicConstraints(char *dataCentralDir) 1201 { 1202 char *goodCertName = NULL; 1203 char *diffCertName = NULL; 1204 1205 PKIX_TEST_STD_VARS(); 1206 1207 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>"); 1208 goodCertName = "yassir2yassir"; 1209 diffCertName = "nss2alice"; 1210 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); 1211 1212 subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>"); 1213 goodCertName = "nss2alice"; 1214 diffCertName = "sun2sun"; 1215 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL); 1216 1217 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>"); 1218 goodCertName = "yassir2bcn"; 1219 diffCertName = "sun2sun"; 1220 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)"); 1221 1222 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>"); 1223 goodCertName = "anchor2dsa"; 1224 diffCertName = "sun2sun"; 1225 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)"); 1226 1227 PKIX_TEST_RETURN(); 1228 } 1229 1230 static void 1231 testGetPolicyInformation(char *dataDir) 1232 { 1233 1234 char *goodCertName = 1235 "UserNoticeQualifierTest15EE.crt"; 1236 char *equalCertName = 1237 "UserNoticeQualifierTest15EE.crt"; 1238 char *diffCertName = 1239 "UserNoticeQualifierTest17EE.crt"; 1240 PKIX_Boolean isImmutable = PKIX_FALSE; 1241 PKIX_PL_Cert *goodCert = NULL; 1242 PKIX_PL_Cert *equalCert = NULL; 1243 PKIX_PL_Cert *diffCert = NULL; 1244 PKIX_List *goodPolicyInfo = NULL; 1245 PKIX_List *equalPolicyInfo = NULL; 1246 PKIX_List *diffPolicyInfo = NULL; 1247 PKIX_PL_CertPolicyInfo *goodPolicy = NULL; 1248 PKIX_PL_CertPolicyInfo *equalPolicy = NULL; 1249 PKIX_PL_CertPolicyInfo *diffPolicy = NULL; 1250 1251 PKIX_TEST_STD_VARS(); 1252 subTest("PKIX_PL_Cert_GetPolicyInformation"); 1253 1254 /* 1255 * Get the cert, then the list of policyInfos. 1256 * Take the first policyInfo from the list. 1257 */ 1258 1259 /* Get the PolicyInfo objects */ 1260 goodCert = createCert(dataDir, goodCertName, plContext); 1261 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); 1262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); 1263 1264 equalCert = createCert(dataDir, equalCertName, plContext); 1265 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); 1266 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, 1267 0, 1268 (PKIX_PL_Object **)&equalPolicy, 1269 plContext)); 1270 1271 diffCert = createCert(dataDir, diffCertName, plContext); 1272 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); 1273 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); 1274 1275 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, 1276 equalPolicy, 1277 diffPolicy, 1278 NULL, 1279 CertPolicyInfo, 1280 PKIX_FALSE); 1281 1282 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext)); 1283 1284 if (isImmutable != PKIX_TRUE) { 1285 testError("PolicyInfo List is not immutable"); 1286 } 1287 1288 cleanup: 1289 1290 PKIX_TEST_DECREF_AC(goodPolicy); 1291 PKIX_TEST_DECREF_AC(equalPolicy); 1292 PKIX_TEST_DECREF_AC(diffPolicy); 1293 PKIX_TEST_DECREF_AC(goodPolicyInfo); 1294 PKIX_TEST_DECREF_AC(equalPolicyInfo); 1295 PKIX_TEST_DECREF_AC(diffPolicyInfo); 1296 PKIX_TEST_DECREF_AC(goodCert); 1297 PKIX_TEST_DECREF_AC(equalCert); 1298 PKIX_TEST_DECREF_AC(diffCert); 1299 PKIX_TEST_RETURN(); 1300 } 1301 1302 static void 1303 testCertPolicy_GetPolicyId(char *dataDir) 1304 { 1305 char *goodCertName = 1306 "UserNoticeQualifierTest15EE.crt"; 1307 char *equalCertName = 1308 "UserNoticeQualifierTest16EE.crt"; 1309 char *diffCertName = 1310 "UserNoticeQualifierTest17EE.crt"; 1311 PKIX_PL_Cert *goodCert = NULL; 1312 PKIX_PL_Cert *equalCert = NULL; 1313 PKIX_PL_Cert *diffCert = NULL; 1314 PKIX_List *goodPolicyInfo = NULL; 1315 PKIX_List *equalPolicyInfo = NULL; 1316 PKIX_List *diffPolicyInfo = NULL; 1317 PKIX_PL_CertPolicyInfo *goodPolicy = NULL; 1318 PKIX_PL_CertPolicyInfo *equalPolicy = NULL; 1319 PKIX_PL_CertPolicyInfo *diffPolicy = NULL; 1320 PKIX_PL_OID *goodID = NULL; 1321 PKIX_PL_OID *equalID = NULL; 1322 PKIX_PL_OID *diffID = NULL; 1323 1324 PKIX_TEST_STD_VARS(); 1325 subTest("PKIX_PL_CertPolicyInfo_GetPolicyId"); 1326 1327 /* 1328 * Get the cert, then the list of policyInfos. 1329 * Take the first policyInfo from the list. 1330 * Finally, get the policyInfo's ID. 1331 */ 1332 1333 /* Get the PolicyInfo objects */ 1334 goodCert = createCert(dataDir, goodCertName, plContext); 1335 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); 1336 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); 1337 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext)); 1338 1339 equalCert = createCert(dataDir, equalCertName, plContext); 1340 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); 1341 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, 1342 0, 1343 (PKIX_PL_Object **)&equalPolicy, 1344 plContext)); 1345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext)); 1346 1347 diffCert = createCert(dataDir, diffCertName, plContext); 1348 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); 1349 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); 1350 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext)); 1351 1352 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); 1353 1354 cleanup: 1355 1356 PKIX_TEST_DECREF_AC(goodID); 1357 PKIX_TEST_DECREF_AC(equalID); 1358 PKIX_TEST_DECREF_AC(diffID); 1359 PKIX_TEST_DECREF_AC(goodPolicy); 1360 PKIX_TEST_DECREF_AC(equalPolicy); 1361 PKIX_TEST_DECREF_AC(diffPolicy); 1362 PKIX_TEST_DECREF_AC(goodPolicyInfo); 1363 PKIX_TEST_DECREF_AC(equalPolicyInfo); 1364 PKIX_TEST_DECREF_AC(diffPolicyInfo); 1365 PKIX_TEST_DECREF_AC(goodCert); 1366 PKIX_TEST_DECREF_AC(equalCert); 1367 PKIX_TEST_DECREF_AC(diffCert); 1368 PKIX_TEST_RETURN(); 1369 } 1370 1371 static void 1372 testCertPolicy_GetPolQualifiers(char *dataDir) 1373 { 1374 char *goodCertName = 1375 "UserNoticeQualifierTest15EE.crt"; 1376 char *equalCertName = 1377 "UserNoticeQualifierTest16EE.crt"; 1378 char *diffCertName = 1379 "UserNoticeQualifierTest18EE.crt"; 1380 PKIX_Boolean isImmutable = PKIX_FALSE; 1381 PKIX_PL_Cert *goodCert = NULL; 1382 PKIX_PL_Cert *equalCert = NULL; 1383 PKIX_PL_Cert *diffCert = NULL; 1384 PKIX_List *goodPolicyInfo = NULL; 1385 PKIX_List *equalPolicyInfo = NULL; 1386 PKIX_List *diffPolicyInfo = NULL; 1387 PKIX_PL_CertPolicyInfo *goodPolicy = NULL; 1388 PKIX_PL_CertPolicyInfo *equalPolicy = NULL; 1389 PKIX_PL_CertPolicyInfo *diffPolicy = NULL; 1390 PKIX_List *goodQuals = NULL; 1391 PKIX_List *equalQuals = NULL; 1392 PKIX_List *diffQuals = NULL; 1393 1394 PKIX_TEST_STD_VARS(); 1395 subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers"); 1396 1397 /* 1398 * Get the cert, then the list of policyInfos. 1399 * Take the first policyInfo from the list. 1400 * Get its list of PolicyQualifiers. 1401 */ 1402 1403 /* Get the PolicyInfo objects */ 1404 goodCert = createCert(dataDir, goodCertName, plContext); 1405 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); 1406 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); 1407 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); 1408 1409 equalCert = createCert(dataDir, equalCertName, plContext); 1410 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); 1411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, 1412 0, 1413 (PKIX_PL_Object **)&equalPolicy, 1414 plContext)); 1415 1416 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); 1417 1418 diffCert = createCert(dataDir, diffCertName, plContext); 1419 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); 1420 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); 1421 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); 1422 1423 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals, 1424 equalQuals, 1425 diffQuals, 1426 NULL, 1427 List, 1428 PKIX_FALSE); 1429 1430 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext)); 1431 1432 if (isImmutable != PKIX_TRUE) { 1433 testError("PolicyQualifier List is not immutable"); 1434 } 1435 1436 cleanup: 1437 1438 PKIX_TEST_DECREF_AC(goodCert); 1439 PKIX_TEST_DECREF_AC(goodPolicyInfo); 1440 PKIX_TEST_DECREF_AC(goodPolicy); 1441 PKIX_TEST_DECREF_AC(goodQuals); 1442 PKIX_TEST_DECREF_AC(equalCert); 1443 PKIX_TEST_DECREF_AC(equalPolicyInfo); 1444 PKIX_TEST_DECREF_AC(equalQuals); 1445 PKIX_TEST_DECREF_AC(equalPolicy); 1446 PKIX_TEST_DECREF_AC(diffCert); 1447 PKIX_TEST_DECREF_AC(diffPolicyInfo); 1448 PKIX_TEST_DECREF_AC(diffPolicy); 1449 PKIX_TEST_DECREF_AC(diffQuals); 1450 1451 PKIX_TEST_RETURN(); 1452 } 1453 1454 static void 1455 testPolicyQualifier_GetQualifier(char *dataDir) 1456 { 1457 char *goodCertName = 1458 "UserNoticeQualifierTest15EE.crt"; 1459 char *equalCertName = 1460 "UserNoticeQualifierTest16EE.crt"; 1461 char *diffCertName = 1462 "UserNoticeQualifierTest18EE.crt"; 1463 PKIX_PL_Cert *goodCert = NULL; 1464 PKIX_PL_Cert *equalCert = NULL; 1465 PKIX_PL_Cert *diffCert = NULL; 1466 PKIX_List *goodPolicyInfo = NULL; 1467 PKIX_List *equalPolicyInfo = NULL; 1468 PKIX_List *diffPolicyInfo = NULL; 1469 PKIX_PL_CertPolicyInfo *goodPolicy = NULL; 1470 PKIX_PL_CertPolicyInfo *equalPolicy = NULL; 1471 PKIX_PL_CertPolicyInfo *diffPolicy = NULL; 1472 PKIX_List *goodQuals = NULL; 1473 PKIX_List *equalQuals = NULL; 1474 PKIX_List *diffQuals = NULL; 1475 PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; 1476 PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; 1477 PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; 1478 PKIX_PL_ByteArray *goodArray = NULL; 1479 PKIX_PL_ByteArray *equalArray = NULL; 1480 PKIX_PL_ByteArray *diffArray = NULL; 1481 1482 PKIX_TEST_STD_VARS(); 1483 subTest("PKIX_PL_PolicyQualifier_GetQualifier"); 1484 1485 /* 1486 * Get the cert, then the list of policyInfos. 1487 * Take the first policyInfo from the list. 1488 * Get its list of PolicyQualifiers. 1489 * Take the first policyQualifier from the list. 1490 * Finally, get the policyQualifier's ByteArray. 1491 */ 1492 1493 /* Get the PolicyInfo objects */ 1494 goodCert = createCert(dataDir, goodCertName, plContext); 1495 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); 1496 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); 1497 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); 1498 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, 1499 0, 1500 (PKIX_PL_Object **)&goodPolQualifier, 1501 plContext)); 1502 1503 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext)); 1504 1505 equalCert = createCert(dataDir, equalCertName, plContext); 1506 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); 1507 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, 1508 0, 1509 (PKIX_PL_Object **)&equalPolicy, 1510 plContext)); 1511 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); 1512 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, 1513 0, 1514 (PKIX_PL_Object **)&equalPolQualifier, 1515 plContext)); 1516 1517 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext)); 1518 1519 diffCert = createCert(dataDir, diffCertName, plContext); 1520 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); 1521 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); 1522 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); 1523 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, 1524 0, 1525 (PKIX_PL_Object **)&diffPolQualifier, 1526 plContext)); 1527 1528 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext)); 1529 1530 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE); 1531 1532 cleanup: 1533 1534 PKIX_TEST_DECREF_AC(goodArray); 1535 PKIX_TEST_DECREF_AC(equalArray); 1536 PKIX_TEST_DECREF_AC(diffArray); 1537 PKIX_TEST_DECREF_AC(goodPolQualifier); 1538 PKIX_TEST_DECREF_AC(equalPolQualifier); 1539 PKIX_TEST_DECREF_AC(diffPolQualifier); 1540 PKIX_TEST_DECREF_AC(goodQuals); 1541 PKIX_TEST_DECREF_AC(equalQuals); 1542 PKIX_TEST_DECREF_AC(diffQuals); 1543 PKIX_TEST_DECREF_AC(goodPolicy); 1544 PKIX_TEST_DECREF_AC(equalPolicy); 1545 PKIX_TEST_DECREF_AC(diffPolicy); 1546 PKIX_TEST_DECREF_AC(goodPolicyInfo); 1547 PKIX_TEST_DECREF_AC(equalPolicyInfo); 1548 PKIX_TEST_DECREF_AC(diffPolicyInfo); 1549 PKIX_TEST_DECREF_AC(goodCert); 1550 PKIX_TEST_DECREF_AC(equalCert); 1551 PKIX_TEST_DECREF_AC(diffCert); 1552 PKIX_TEST_RETURN(); 1553 } 1554 1555 static void 1556 testPolicyQualifier_GetPolicyQualifierId(char *dataDir) 1557 { 1558 char *goodCertName = 1559 "UserNoticeQualifierTest15EE.crt"; 1560 char *equalCertName = 1561 "UserNoticeQualifierTest16EE.crt"; 1562 char *diffCertName = 1563 "CPSPointerQualifierTest20EE.crt"; 1564 PKIX_PL_Cert *goodCert = NULL; 1565 PKIX_PL_Cert *equalCert = NULL; 1566 PKIX_PL_Cert *diffCert = NULL; 1567 PKIX_List *goodPolicyInfo = NULL; 1568 PKIX_List *equalPolicyInfo = NULL; 1569 PKIX_List *diffPolicyInfo = NULL; 1570 PKIX_PL_CertPolicyInfo *goodPolicy = NULL; 1571 PKIX_PL_CertPolicyInfo *equalPolicy = NULL; 1572 PKIX_PL_CertPolicyInfo *diffPolicy = NULL; 1573 PKIX_List *goodQuals = NULL; 1574 PKIX_List *equalQuals = NULL; 1575 PKIX_List *diffQuals = NULL; 1576 PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL; 1577 PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL; 1578 PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL; 1579 PKIX_PL_OID *goodID = NULL; 1580 PKIX_PL_OID *equalID = NULL; 1581 PKIX_PL_OID *diffID = NULL; 1582 1583 PKIX_TEST_STD_VARS(); 1584 subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId"); 1585 1586 /* 1587 * Get the cert, then the list of policyInfos. 1588 * Take the first policyInfo from the list. 1589 * Get its list of PolicyQualifiers. 1590 * Take the first policyQualifier from the list. 1591 * Finally, get the policyQualifier's ID. 1592 */ 1593 1594 /* Get the PolicyQualifier objects */ 1595 goodCert = createCert(dataDir, goodCertName, plContext); 1596 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext)); 1597 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext)); 1598 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext)); 1599 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals, 1600 0, 1601 (PKIX_PL_Object **)&goodPolQualifier, 1602 plContext)); 1603 1604 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext)); 1605 1606 equalCert = createCert(dataDir, equalCertName, plContext); 1607 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext)); 1608 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo, 1609 0, 1610 (PKIX_PL_Object **)&equalPolicy, 1611 plContext)); 1612 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext)); 1613 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals, 1614 0, 1615 (PKIX_PL_Object **)&equalPolQualifier, 1616 plContext)); 1617 1618 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext)); 1619 1620 diffCert = createCert(dataDir, diffCertName, plContext); 1621 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext)); 1622 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext)); 1623 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext)); 1624 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals, 1625 0, 1626 (PKIX_PL_Object **)&diffPolQualifier, 1627 plContext)); 1628 1629 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext)); 1630 1631 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE); 1632 1633 cleanup: 1634 1635 PKIX_TEST_DECREF_AC(goodID); 1636 PKIX_TEST_DECREF_AC(equalID); 1637 PKIX_TEST_DECREF_AC(diffID); 1638 PKIX_TEST_DECREF_AC(goodPolQualifier); 1639 PKIX_TEST_DECREF_AC(equalPolQualifier); 1640 PKIX_TEST_DECREF_AC(diffPolQualifier); 1641 PKIX_TEST_DECREF_AC(goodQuals); 1642 PKIX_TEST_DECREF_AC(equalQuals); 1643 PKIX_TEST_DECREF_AC(diffQuals); 1644 PKIX_TEST_DECREF_AC(goodPolicy); 1645 PKIX_TEST_DECREF_AC(equalPolicy); 1646 PKIX_TEST_DECREF_AC(diffPolicy); 1647 PKIX_TEST_DECREF_AC(goodPolicyInfo); 1648 PKIX_TEST_DECREF_AC(equalPolicyInfo); 1649 PKIX_TEST_DECREF_AC(diffPolicyInfo); 1650 PKIX_TEST_DECREF_AC(goodCert); 1651 PKIX_TEST_DECREF_AC(equalCert); 1652 PKIX_TEST_DECREF_AC(diffCert); 1653 PKIX_TEST_RETURN(); 1654 } 1655 1656 static void 1657 testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir) 1658 { 1659 1660 char *trueCertName = "CertificatePoliciesCritical.crt"; 1661 char *falseCertName = "UserNoticeQualifierTest15EE.crt"; 1662 PKIX_PL_Cert *trueCert = NULL; 1663 PKIX_PL_Cert *falseCert = NULL; 1664 PKIX_Boolean trueVal = PKIX_FALSE; 1665 PKIX_Boolean falseVal = PKIX_FALSE; 1666 1667 PKIX_TEST_STD_VARS(); 1668 subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>"); 1669 1670 trueCert = createCert(dataCentralDir, trueCertName, plContext); 1671 1672 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext)); 1673 1674 if (trueVal != PKIX_TRUE) { 1675 testError("unexpected mismatch"); 1676 (void)printf("Actual value:\t%d\n", trueVal); 1677 (void)printf("Expected value:\t1\n"); 1678 goto cleanup; 1679 } 1680 1681 subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>"); 1682 1683 falseCert = createCert(dataDir, falseCertName, plContext); 1684 1685 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext)); 1686 1687 if (falseVal != PKIX_FALSE) { 1688 testError("unexpected mismatch"); 1689 (void)printf("Actual value:\t%d\n", falseVal); 1690 (void)printf("Expected value:\t0\n"); 1691 goto cleanup; 1692 } 1693 1694 cleanup: 1695 1696 PKIX_TEST_DECREF_AC(trueCert); 1697 PKIX_TEST_DECREF_AC(falseCert); 1698 1699 PKIX_TEST_RETURN(); 1700 } 1701 1702 static void 1703 testCertPolicyConstraints(char *dataDir) 1704 { 1705 char *requireExplicitPolicy2CertName = 1706 "requireExplicitPolicy2CACert.crt"; 1707 char *inhibitPolicyMapping5CertName = 1708 "inhibitPolicyMapping5CACert.crt"; 1709 char *inhibitAnyPolicy5CertName = 1710 "inhibitAnyPolicy5CACert.crt"; 1711 char *inhibitAnyPolicy0CertName = 1712 "inhibitAnyPolicy0CACert.crt"; 1713 PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL; 1714 PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL; 1715 PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL; 1716 PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL; 1717 PKIX_Int32 skipCerts = 0; 1718 1719 PKIX_TEST_STD_VARS(); 1720 1721 subTest("PKIX_PL_Cert_GetRequireExplicitPolicy"); 1722 requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext); 1723 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL)); 1724 PR_ASSERT(skipCerts == 2); 1725 1726 subTest("PKIX_PL_Cert_GetPolicyMappingInhibited"); 1727 inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext); 1728 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL)); 1729 PR_ASSERT(skipCerts == 5); 1730 1731 subTest("PKIX_PL_Cert_GetInhibitAnyPolicy"); 1732 inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext); 1733 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL)); 1734 PR_ASSERT(skipCerts == 5); 1735 1736 inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext); 1737 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL)); 1738 PR_ASSERT(skipCerts == 0); 1739 1740 cleanup: 1741 1742 PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert); 1743 PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert); 1744 PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert); 1745 PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert); 1746 1747 PKIX_TEST_RETURN(); 1748 } 1749 1750 static void 1751 testCertPolicyMaps(char *dataDir) 1752 { 1753 char *policyMappingsCertName = 1754 "P1Mapping1to234CACert.crt"; 1755 char *expectedAscii = 1756 "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2"; 1757 1758 PKIX_PL_Cert *policyMappingsCert = NULL; 1759 PKIX_List *mappings = NULL; 1760 PKIX_PL_CertPolicyMap *goodMap = NULL; 1761 PKIX_PL_CertPolicyMap *equalMap = NULL; 1762 PKIX_PL_CertPolicyMap *diffMap = NULL; 1763 PKIX_PL_OID *goodOID = NULL; 1764 PKIX_PL_OID *equalOID = NULL; 1765 PKIX_PL_OID *diffOID = NULL; 1766 1767 PKIX_TEST_STD_VARS(); 1768 1769 subTest("PKIX_PL_Cert_GetPolicyMappings"); 1770 1771 policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext); 1772 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL)); 1773 1774 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL)); 1775 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL)); 1776 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL)); 1777 1778 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap, 1779 equalMap, 1780 diffMap, 1781 expectedAscii, 1782 CertPolicyMap, 1783 PKIX_TRUE); 1784 1785 subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy"); 1786 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL)); 1787 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL)); 1788 subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy"); 1789 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL)); 1790 1791 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID, 1792 equalOID, 1793 diffOID, 1794 "2.16.840.1.101.3.2.1.48.1", 1795 OID, 1796 PKIX_FALSE); 1797 1798 subTest("pkix_pl_CertPolicyMap_Destroy"); 1799 PKIX_TEST_DECREF_BC(goodMap); 1800 PKIX_TEST_DECREF_BC(equalMap); 1801 PKIX_TEST_DECREF_BC(diffMap); 1802 1803 cleanup: 1804 PKIX_TEST_DECREF_AC(policyMappingsCert); 1805 PKIX_TEST_DECREF_AC(mappings); 1806 PKIX_TEST_DECREF_AC(goodOID); 1807 PKIX_TEST_DECREF_AC(equalOID); 1808 PKIX_TEST_DECREF_AC(diffOID); 1809 1810 PKIX_TEST_RETURN(); 1811 } 1812 1813 static void 1814 testNameConstraints(char *dataDir) 1815 { 1816 char *firstPname = "nameConstraintsDN3subCA2Cert.crt"; 1817 char *secondPname = "nameConstraintsDN4CACert.crt"; 1818 char *thirdPname = "nameConstraintsDN5CACert.crt"; 1819 char *lastPname = "InvalidDNnameConstraintsTest3EE.crt"; 1820 PKIX_PL_Cert *firstCert = NULL; 1821 PKIX_PL_Cert *secondCert = NULL; 1822 PKIX_PL_Cert *thirdCert = NULL; 1823 PKIX_PL_Cert *lastCert = NULL; 1824 PKIX_PL_CertNameConstraints *firstNC = NULL; 1825 PKIX_PL_CertNameConstraints *secondNC = NULL; 1826 PKIX_PL_CertNameConstraints *thirdNC = NULL; 1827 PKIX_PL_CertNameConstraints *firstMergedNC = NULL; 1828 PKIX_PL_CertNameConstraints *secondMergedNC = NULL; 1829 char *firstExpectedAscii = 1830 "[\n" 1831 "\t\tPermitted Name: (O=Test Certificates,C=US)\n" 1832 "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates," 1833 "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n" 1834 "\t]\n"; 1835 char *secondExpectedAscii = 1836 "[\n" 1837 "\t\tPermitted Name: (O=Test Certificates,C=US, " 1838 "OU=permittedSubtree1,O=Test Certificates,C=US)\n" 1839 "\t\tExcluded Name: (OU=excludedSubtree1," 1840 "O=Test Certificates," 1841 "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, " 1842 "OU=excludedSubtree1,OU=permittedSubtree1," 1843 "O=Test Certificates,C=US)\n" 1844 "\t]\n"; 1845 1846 PKIX_TEST_STD_VARS(); 1847 subTest("PKIX_PL_CertNameConstraints"); 1848 1849 firstCert = createCert(dataDir, firstPname, plContext); 1850 secondCert = createCert(dataDir, secondPname, plContext); 1851 thirdCert = createCert(dataDir, thirdPname, plContext); 1852 lastCert = createCert(dataDir, lastPname, plContext); 1853 1854 subTest("PKIX_PL_Cert_GetNameConstraints <total=3>"); 1855 1856 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL)); 1857 1858 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL)); 1859 1860 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL)); 1861 1862 subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>"); 1863 1864 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL)); 1865 1866 subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>"); 1867 1868 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL)); 1869 1870 testToStringHelper((PKIX_PL_Object *)firstMergedNC, 1871 firstExpectedAscii, 1872 plContext); 1873 1874 testToStringHelper((PKIX_PL_Object *)secondMergedNC, 1875 secondExpectedAscii, 1876 plContext); 1877 1878 subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>"); 1879 1880 /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */ 1881 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL)); 1882 1883 subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>"); 1884 1885 /* 1886 * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, 1887 * OU=permittedSubtree1,O=Test Certificates,C=US 1888 */ 1889 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL)); 1890 1891 subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); 1892 1893 /* 1894 * Subject: CN=Invalid DN nameConstraints EE Certificate Test3, 1895 * OU=permittedSubtree1,O=Test Certificates,C=US 1896 * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate 1897 * Test3,OU=excludedSubtree1,O=Test Certificates,C=US 1898 */ 1899 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL)); 1900 1901 subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>"); 1902 1903 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL)); 1904 1905 cleanup: 1906 1907 PKIX_TEST_DECREF_AC(firstCert); 1908 PKIX_TEST_DECREF_AC(secondCert); 1909 PKIX_TEST_DECREF_AC(thirdCert); 1910 PKIX_TEST_DECREF_AC(lastCert); 1911 PKIX_TEST_DECREF_AC(firstNC); 1912 PKIX_TEST_DECREF_AC(secondNC); 1913 PKIX_TEST_DECREF_AC(thirdNC); 1914 PKIX_TEST_DECREF_AC(firstMergedNC); 1915 PKIX_TEST_DECREF_AC(secondMergedNC); 1916 1917 PKIX_TEST_RETURN(); 1918 } 1919 1920 static void 1921 testDestroy(void *goodObject, void *equalObject, void *diffObject) 1922 { 1923 PKIX_TEST_STD_VARS(); 1924 1925 subTest("PKIX_PL_Cert_Destroy"); 1926 1927 PKIX_TEST_DECREF_BC(goodObject); 1928 PKIX_TEST_DECREF_BC(equalObject); 1929 PKIX_TEST_DECREF_BC(diffObject); 1930 1931 PKIX_TEST_DECREF_BC(altNameNoneCert); 1932 PKIX_TEST_DECREF_BC(altNameOtherCert); 1933 PKIX_TEST_DECREF_BC(altNameOtherCert_diff); 1934 PKIX_TEST_DECREF_BC(altNameRfc822Cert); 1935 PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff); 1936 PKIX_TEST_DECREF_BC(altNameDnsCert); 1937 PKIX_TEST_DECREF_BC(altNameDnsCert_diff); 1938 PKIX_TEST_DECREF_BC(altNameX400Cert); 1939 PKIX_TEST_DECREF_BC(altNameX400Cert_diff); 1940 PKIX_TEST_DECREF_BC(altNameDnCert); 1941 PKIX_TEST_DECREF_BC(altNameDnCert_diff); 1942 PKIX_TEST_DECREF_BC(altNameEdiCert); 1943 PKIX_TEST_DECREF_BC(altNameEdiCert_diff); 1944 PKIX_TEST_DECREF_BC(altNameUriCert); 1945 PKIX_TEST_DECREF_BC(altNameUriCert_diff); 1946 PKIX_TEST_DECREF_BC(altNameIpCert); 1947 PKIX_TEST_DECREF_BC(altNameIpCert_diff); 1948 PKIX_TEST_DECREF_BC(altNameOidCert); 1949 PKIX_TEST_DECREF_BC(altNameOidCert_diff); 1950 PKIX_TEST_DECREF_BC(altNameMultipleCert); 1951 1952 cleanup: 1953 1954 PKIX_TEST_RETURN(); 1955 } 1956 1957 static void 1958 printUsage(void) 1959 { 1960 (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n"); 1961 } 1962 1963 int 1964 test_cert(int argc, char *argv[]) 1965 { 1966 1967 PKIX_PL_Cert *goodObject = NULL; 1968 PKIX_PL_Cert *equalObject = NULL; 1969 PKIX_PL_Cert *diffObject = NULL; 1970 PKIX_UInt32 actualMinorVersion; 1971 PKIX_UInt32 j = 0; 1972 1973 char *dataCentralDir = NULL; 1974 char *dataDir = NULL; 1975 char *goodInput = "yassir2bcn"; 1976 char *diffInput = "nss2alice"; 1977 1978 char *expectedAscii = 1979 "[\n" 1980 "\tVersion: v3\n" 1981 "\tSerialNumber: 37bc66ec\n" 1982 "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" 1983 "\tSubject: OU=bcn,OU=east,O=sun,C=us\n" 1984 "\tValidity: [From: Thu Aug 19, 1999\n" 1985 /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */ 1986 "\t To: Fri Aug 18, 2000]\n" 1987 /* "\t To: Fri Aug 18 16:19:56 2000]\n" */ 1988 "\tSubjectAltNames: (null)\n" 1989 "\tAuthorityKeyId: (null)\n" 1990 "\tSubjectKeyId: (null)\n" 1991 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n" 1992 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n" 1993 "\tExtKeyUsages: (null)\n" 1994 "\tBasicConstraint: CA(0)\n" 1995 "\tCertPolicyInfo: (null)\n" 1996 "\tPolicyMappings: (null)\n" 1997 "\tExplicitPolicy: -1\n" 1998 "\tInhibitMapping: -1\n" 1999 "\tInhibitAnyPolicy:-1\n" 2000 "\tNameConstraints: (null)\n" 2001 "\tAuthorityInfoAccess: (null)\n" 2002 "\tSubjectInfoAccess: (null)\n" 2003 "\tCacheFlag: 0\n" 2004 "]\n"; 2005 2006 PKIX_TEST_STD_VARS(); 2007 2008 startTests("Cert"); 2009 2010 PKIX_TEST_EXPECT_NO_ERROR( 2011 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); 2012 2013 if (argc < 3 + j) { 2014 printUsage(); 2015 return (0); 2016 } 2017 2018 dataCentralDir = argv[2 + j]; 2019 dataDir = argv[3 + j]; 2020 2021 createCerts(dataCentralDir, 2022 goodInput, 2023 diffInput, 2024 &goodObject, 2025 &equalObject, 2026 &diffObject); 2027 2028 testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext); 2029 2030 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject, 2031 equalObject, 2032 diffObject, 2033 expectedAscii, 2034 Cert, 2035 PKIX_TRUE); 2036 2037 testVerifyKeyUsage(dataCentralDir, dataDir, goodObject); 2038 2039 testGetExtendedKeyUsage(dataCentralDir); 2040 testGetKeyIdentifiers(dataCentralDir, goodObject); 2041 2042 testGetVersion(goodObject); 2043 testGetSerialNumber(goodObject, equalObject, diffObject); 2044 2045 testGetSubject(goodObject, equalObject, diffObject); 2046 testGetIssuer(goodObject, equalObject, diffObject); 2047 2048 testGetSubjectAltNames(dataCentralDir); 2049 testGetCriticalExtensionOIDs(dataCentralDir, goodObject); 2050 2051 testGetSubjectPublicKey(goodObject, equalObject, diffObject); 2052 testGetSubjectPublicKeyAlgId(goodObject); 2053 testMakeInheritedDSAPublicKey(dataCentralDir); 2054 2055 testCheckValidity(goodObject, diffObject); 2056 2057 testBasicConstraints_GetCAFlag(dataCentralDir); 2058 testBasicConstraints_GetPathLenConstraint(dataCentralDir); 2059 testGetBasicConstraints(dataCentralDir); 2060 2061 /* Basic Policy Processing */ 2062 testGetPolicyInformation(dataDir); 2063 testCertPolicy_GetPolicyId(dataDir); 2064 testCertPolicy_GetPolQualifiers(dataDir); 2065 testPolicyQualifier_GetPolicyQualifierId(dataDir); 2066 testPolicyQualifier_GetQualifier(dataDir); 2067 testAreCertPoliciesCritical(dataCentralDir, dataDir); 2068 2069 /* Advanced Policy Processing */ 2070 testCertPolicyConstraints(dataDir); 2071 testCertPolicyMaps(dataDir); 2072 2073 testNameConstraints(dataDir); 2074 2075 testVerifySignature(dataCentralDir); 2076 2077 testDestroy(goodObject, equalObject, diffObject); 2078 2079 cleanup: 2080 2081 PKIX_Shutdown(plContext); 2082 2083 PKIX_TEST_RETURN(); 2084 2085 endTests("Cert"); 2086 2087 return (0); 2088 }