Source code

Revision control

Copy as Markdown

Other Tools

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* test_ekuchecker.c
*
* Test Extend Key Usage Checker
*
*/
#include "testutil.h"
#include "testutil_nss.h"
#define PKIX_TEST_MAX_CERTS 10
static void *plContext = NULL;
static void
printUsage1(char *pName)
{
printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
}
static void
printUsageMax(PKIX_UInt32 numCerts)
{
printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
numCerts, PKIX_TEST_MAX_CERTS);
}
static PKIX_Error *
testCertSelectorMatchCallback(
PKIX_CertSelector *selector,
PKIX_PL_Cert *cert,
PKIX_Boolean *pResult,
void *plContext)
{
*pResult = PKIX_TRUE;
return (0);
}
static PKIX_Error *
testEkuSetup(
PKIX_ValidateParams *valParams,
char *ekuOidString,
PKIX_Boolean *only4EE)
{
PKIX_ProcessingParams *procParams = NULL;
PKIX_List *ekuList = NULL;
PKIX_PL_OID *ekuOid = NULL;
PKIX_ComCertSelParams *selParams = NULL;
PKIX_CertSelector *certSelector = NULL;
PKIX_Boolean last_token = PKIX_FALSE;
PKIX_UInt32 i, tokeni;
PKIX_TEST_STD_VARS();
subTest("PKIX_ValidateParams_GetProcessingParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
/* Get extended key usage OID(s) from command line, separated by "," */
if (ekuOidString[0] == '"') {
/* erase doble quotes, if any */
i = 1;
while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
ekuOidString[i - 1] = ekuOidString[i];
i++;
}
ekuOidString[i - 1] = '\0';
}
if (ekuOidString[0] == '\0') {
ekuList = NULL;
} else {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));
/* if OID string start with E, only check for last cert */
if (ekuOidString[0] == 'E') {
*only4EE = PKIX_TRUE;
tokeni = 2;
i = 1;
} else {
*only4EE = PKIX_FALSE;
tokeni = 1;
i = 0;
}
while (last_token != PKIX_TRUE) {
while (ekuOidString[tokeni] != ',' &&
ekuOidString[tokeni] != '\0') {
tokeni++;
}
if (ekuOidString[tokeni] == '\0') {
last_token = PKIX_TRUE;
} else {
ekuOidString[tokeni] = '\0';
tokeni++;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));
PKIX_TEST_DECREF_BC(ekuOid);
i = tokeni;
}
}
/* Set extended key usage link to processing params */
subTest("PKIX_ComCertSelParams_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));
subTest("PKIX_CertSelector_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
NULL,
&certSelector,
plContext));
subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));
subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
cleanup:
PKIX_TEST_DECREF_AC(selParams);
PKIX_TEST_DECREF_AC(certSelector);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(ekuOid);
PKIX_TEST_DECREF_AC(ekuList);
PKIX_TEST_RETURN();
return (0);
}
static PKIX_Error *
testEkuChecker(
PKIX_ValidateParams *valParams,
PKIX_Boolean only4EE)
{
PKIX_ProcessingParams *procParams = NULL;
PKIX_TEST_STD_VARS();
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
if (only4EE == PKIX_FALSE) {
subTest("PKIX_PL_EkuChecker_Create");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
}
cleanup:
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_RETURN();
return (0);
}
int
test_ekuchecker(int argc, char *argv[])
{
PKIX_List *chain = NULL;
PKIX_ValidateParams *valParams = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 actualMinorVersion;
char *certNames[PKIX_TEST_MAX_CERTS];
char *dirName = NULL;
PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
PKIX_UInt32 chainLength = 0;
PKIX_UInt32 i = 0;
PKIX_UInt32 j = 0;
PKIX_Boolean testValid = PKIX_FALSE;
PKIX_Boolean only4EE = PKIX_FALSE;
PKIX_TEST_STD_VARS();
if (argc < 5) {
printUsage1(argv[0]);
return (0);
}
startTests("EKU Checker");
PKIX_TEST_EXPECT_NO_ERROR(
PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
/* ENE = expect no error; EE = expect error */
if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
testValid = PKIX_TRUE;
} else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
testValid = PKIX_FALSE;
} else {
printUsage1(argv[0]);
return (0);
}
dirName = argv[4 + j];
chainLength = (argc - j) - 6;
if (chainLength > PKIX_TEST_MAX_CERTS) {
printUsageMax(chainLength);
}
for (i = 0; i < chainLength; i++) {
certNames[i] = argv[6 + i + j];
certs[i] = NULL;
}
subTest(argv[1 + j]);
subTest("Extended-Key-Usage-Checker");
subTest("Extended-Key-Usage-Checker - Create Cert Chain");
chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
subTest("Extended-Key-Usage-Checker - Create Params");
valParams = createValidateParams(dirName,
argv[5 +
j],
NULL,
NULL,
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chain,
plContext);
subTest("Default CertStore");
testEkuSetup(valParams, argv[3 + j], &only4EE);
testEkuChecker(valParams, only4EE);
subTest("Extended-Key-Usage-Checker - Validate Chain");
if (testValid == PKIX_TRUE) {
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
} else {
PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
}
cleanup:
PKIX_TEST_DECREF_AC(chain);
PKIX_TEST_DECREF_AC(valParams);
PKIX_TEST_DECREF_AC(valResult);
PKIX_Shutdown(plContext);
PKIX_TEST_RETURN();
endTests("EKU Checker");
return (0);
}