tor-browser

test_crl.c (8180B)

---

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* test_crl.c
*
* Test CRL Type
*
*/

#include "testutil.h"
#include "testutil_nss.h"

static void *plContext = NULL;

static void
createCRLs(
   char *dataDir,
   char *goodInput,
   char *diffInput,
   PKIX_PL_CRL **goodObject,
   PKIX_PL_CRL **equalObject,
   PKIX_PL_CRL **diffObject)
{
   PKIX_TEST_STD_VARS();

   subTest("PKIX_PL_CRL_Create <goodObject>");
   *goodObject = createCRL(dataDir, goodInput, plContext);

   subTest("PKIX_PL_CRL_Create <equalObject>");
   *equalObject = createCRL(dataDir, goodInput, plContext);

   subTest("PKIX_PL_CRL_Create <diffObject>");
   *diffObject = createCRL(dataDir, diffInput, plContext);

   PKIX_TEST_RETURN();
}

static void
testGetCRLEntryForSerialNumber(
   PKIX_PL_CRL *goodObject)
{
   PKIX_PL_BigInt *bigInt;
   PKIX_PL_String *bigIntString = NULL;
   PKIX_PL_CRLEntry *crlEntry = NULL;
   PKIX_PL_String *crlEntryString = NULL;
   char *snAscii = "3039";
   char *expectedAscii =
       "\n\t[\n"
       "\tSerialNumber:    3039\n"
       "\tReasonCode:      257\n"
       "\tRevocationDate:  Fri Jan 07, 2005\n"
       /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
       "\tCritExtOIDs:     (EMPTY)\n"
       "\t]\n\t";

   PKIX_TEST_STD_VARS();

   subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
       PKIX_ESCASCII,
       snAscii,
       PL_strlen(snAscii),
       &bigIntString,
       plContext));

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
       bigIntString,
       &bigInt,
       plContext));

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
       goodObject, bigInt, &crlEntry, plContext));

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
       (PKIX_PL_Object *)crlEntry,
       &crlEntryString,
       plContext));

   testToStringHelper((PKIX_PL_Object *)crlEntryString,
                      expectedAscii, plContext);

cleanup:

   PKIX_TEST_DECREF_AC(bigIntString);
   PKIX_TEST_DECREF_AC(bigInt);
   PKIX_TEST_DECREF_AC(crlEntryString);
   PKIX_TEST_DECREF_AC(crlEntry);
   PKIX_TEST_RETURN();
}

static void
testGetIssuer(
   PKIX_PL_CRL *goodObject,
   PKIX_PL_CRL *equalObject,
   PKIX_PL_CRL *diffObject)
{
   PKIX_PL_X500Name *goodIssuer = NULL;
   PKIX_PL_X500Name *equalIssuer = NULL;
   PKIX_PL_X500Name *diffIssuer = NULL;
   char *expectedAscii = "CN=hanfeiyu,O=sun,C=us";

   PKIX_TEST_STD_VARS();

   subTest("PKIX_PL_CRL_GetIssuer");

   PKIX_TEST_EXPECT_NO_ERROR(
       PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext));

   PKIX_TEST_EXPECT_NO_ERROR(
       PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext));

   PKIX_TEST_EXPECT_NO_ERROR(
       PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext));

   PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
                               equalIssuer,
                               diffIssuer,
                               expectedAscii,
                               X500Name,
                               PKIX_TRUE);

cleanup:

   PKIX_TEST_DECREF_AC(goodIssuer);
   PKIX_TEST_DECREF_AC(equalIssuer);
   PKIX_TEST_DECREF_AC(diffIssuer);

   PKIX_TEST_RETURN();
}

static void
testCritExtensionsAbsent(PKIX_PL_CRL *crl)
{
   PKIX_List *oidList = NULL;
   PKIX_UInt32 numOids = 0;

   PKIX_TEST_STD_VARS();

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext));

   PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
   if (numOids != 0) {
       pkixTestErrorMsg = "unexpected mismatch";
   }

cleanup:

   PKIX_TEST_DECREF_AC(oidList);

   PKIX_TEST_RETURN();
}

static void
testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject)
{
   subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
           "<0 element>");
   testCritExtensionsAbsent(goodObject);
}

static void
testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl)
{
   PKIX_PL_Cert *firstCert = NULL;
   PKIX_PL_Cert *secondCert = NULL;
   PKIX_PL_PublicKey *firstPubKey = NULL;
   PKIX_PL_PublicKey *secondPubKey = NULL;

   PKIX_TEST_STD_VARS();

   subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>");
   firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext);

   subTest("PKIX_PL_Cert_Create <hy2hy-bc0>");
   secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext);

   subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>");
   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));

   subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>");
   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));

   subTest("PKIX_PL_CRL_VerifySignature <positive>");
   PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext));

   subTest("PKIX_PL_CRL_VerifySignature <negative>");
   PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext));

cleanup:

   PKIX_TEST_DECREF_AC(firstCert);
   PKIX_TEST_DECREF_AC(secondCert);
   PKIX_TEST_DECREF_AC(firstPubKey);
   PKIX_TEST_DECREF_AC(secondPubKey);

   PKIX_TEST_RETURN();
}

static void
printUsage(void)
{
   (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n");
}

/* Functional tests for CRL public functions */

int
test_crl(int argc, char *argv[])
{
   PKIX_PL_CRL *goodObject = NULL;
   PKIX_PL_CRL *equalObject = NULL;
   PKIX_PL_CRL *diffObject = NULL;
   PKIX_UInt32 actualMinorVersion;
   PKIX_UInt32 j = 0;

   char *dataCentralDir = NULL;
   char *goodInput = "crlgood.crl";
   char *diffInput = "crldiff.crl";
   char *expectedAscii =
       "[\n"
       "\tVersion:         v2\n"
       "\tIssuer:          CN=hanfeiyu,O=sun,C=us\n"
       "\tUpdate:   [Last: Fri Jan 07, 2005\n"
       /*      "\tUpdate:   [Last: Fri Jan 07 15:09:10 2005\n" */
       "\t           Next: Sat Jan 07, 2006]\n"
       /*      "\t           Next: Sat Jan 07 15:09:10 2006]\n" */
       "\tSignatureAlgId:  1.2.840.10040.4.3\n"
       "\tCRL Number     : (null)\n"
       "\n\tEntry List:      (\n"
       "\t[\n"
       "\tSerialNumber:    010932\n"
       "\tReasonCode:      260\n"
       "\tRevocationDate:  Fri Jan 07, 2005\n"
       /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
       "\tCritExtOIDs:     (EMPTY)\n"
       "\t]\n\t"
       ", "
       "\n\t[\n"
       "\tSerialNumber:    3039\n"
       "\tReasonCode:      257\n"
       "\tRevocationDate:  Fri Jan 07, 2005\n"
       /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
       "\tCritExtOIDs:     (EMPTY)\n"
       "\t]\n\t"
       ")"
       "\n\n"
       "\tCritExtOIDs:     (EMPTY)\n"
       "]\n";
   /* Note XXX serialnumber and reasoncode need debug */

   PKIX_TEST_STD_VARS();

   startTests("CRL");

   PKIX_TEST_EXPECT_NO_ERROR(
       PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));

   if (argc < 3 + j) {
       printUsage();
       return (0);
   }

   dataCentralDir = argv[2 + j];

   createCRLs(dataCentralDir,
              goodInput,
              diffInput,
              &goodObject,
              &equalObject,
              &diffObject);

   PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
                               equalObject,
                               diffObject,
                               expectedAscii,
                               CRL,
                               PKIX_TRUE);

   testGetIssuer(goodObject, equalObject, diffObject);

   testGetCriticalExtensionOIDs(goodObject);

   testGetCRLEntryForSerialNumber(goodObject);

   testVerifySignature(dataCentralDir, goodObject);

cleanup:

   PKIX_TEST_DECREF_AC(goodObject);
   PKIX_TEST_DECREF_AC(equalObject);
   PKIX_TEST_DECREF_AC(diffObject);

   PKIX_Shutdown(plContext);

   PKIX_TEST_RETURN();

   endTests("CRL");

   return (0);
}