1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * test_cert.c
6 *
7 * Test Cert Type
8 *
9 */
10
11 #include "testutil.h"
12 #include "testutil_nss.h"
13
14 static PKIX_PL_Cert *altNameNoneCert = NULL;
15 static PKIX_PL_Cert *altNameOtherCert = NULL;
16 static PKIX_PL_Cert *altNameOtherCert_diff = NULL;
17 static PKIX_PL_Cert *altNameRfc822Cert = NULL;
18 static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL;
19 static PKIX_PL_Cert *altNameDnsCert = NULL;
20 static PKIX_PL_Cert *altNameDnsCert_diff = NULL;
21 static PKIX_PL_Cert *altNameX400Cert = NULL;
22 static PKIX_PL_Cert *altNameX400Cert_diff = NULL;
23 static PKIX_PL_Cert *altNameDnCert = NULL;
24 static PKIX_PL_Cert *altNameDnCert_diff = NULL;
25 static PKIX_PL_Cert *altNameEdiCert = NULL;
26 static PKIX_PL_Cert *altNameEdiCert_diff = NULL;
27 static PKIX_PL_Cert *altNameUriCert = NULL;
28 static PKIX_PL_Cert *altNameUriCert_diff = NULL;
29 static PKIX_PL_Cert *altNameIpCert = NULL;
30 static PKIX_PL_Cert *altNameIpCert_diff = NULL;
31 static PKIX_PL_Cert *altNameOidCert = NULL;
32 static PKIX_PL_Cert *altNameOidCert_diff = NULL;
33 static PKIX_PL_Cert *altNameMultipleCert = NULL;
34
35 static void *plContext = NULL;
36
37 static void
createCerts(char * dataCentralDir,char * goodInput,char * diffInput,PKIX_PL_Cert ** goodObject,PKIX_PL_Cert ** equalObject,PKIX_PL_Cert ** diffObject)38 createCerts(
39 char *dataCentralDir,
40 char *goodInput,
41 char *diffInput,
42 PKIX_PL_Cert **goodObject,
43 PKIX_PL_Cert **equalObject,
44 PKIX_PL_Cert **diffObject)
45 {
46 subTest("PKIX_PL_Cert_Create <goodObject>");
47 *goodObject = createCert(dataCentralDir, goodInput, plContext);
48
49 subTest("PKIX_PL_Cert_Create <equalObject>");
50 *equalObject = createCert(dataCentralDir, goodInput, plContext);
51
52 subTest("PKIX_PL_Cert_Create <diffObject>");
53 *diffObject = createCert(dataCentralDir, diffInput, plContext);
54 }
55
56 static void
createCertsWithSubjectAltNames(char * dataCentralDir)57 createCertsWithSubjectAltNames(char *dataCentralDir)
58 {
59 subTest("PKIX_PL_Cert_Create <altNameDNS>");
60 altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext);
61
62 subTest("PKIX_PL_Cert_Create <altNameDNS_diff>");
63 altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext);
64
65 subTest("PKIX_PL_Cert_Create <altNameRFC822>");
66 altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext);
67
68 subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>");
69 altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext);
70
71 subTest("PKIX_PL_Cert_Create <altNameX400Cert>");
72 altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext);
73
74 subTest("PKIX_PL_Cert_Create <altNameX400_diff>");
75 altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext);
76
77 subTest("PKIX_PL_Cert_Create <altNameDN>");
78 altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext);
79
80 subTest("PKIX_PL_Cert_Create <altNameDN_diff>");
81 altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext);
82
83 subTest("PKIX_PL_Cert_Create <altNameEdiCert>");
84 altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext);
85
86 subTest("PKIX_PL_Cert_Create <altNameEdi_diff>");
87 altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext);
88
89 subTest("PKIX_PL_Cert_Create <altNameURI>");
90 altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext);
91
92 subTest("PKIX_PL_Cert_Create <altNameURI_diff>");
93 altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext);
94
95 subTest("PKIX_PL_Cert_Create <altNameIP>");
96 altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext);
97
98 subTest("PKIX_PL_Cert_Create <altNameIP_diff>");
99 altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext);
100
101 subTest("PKIX_PL_Cert_Create <altNameOID>");
102 altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext);
103
104 subTest("PKIX_PL_Cert_Create <altNameOID_diff>");
105 altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext);
106
107 subTest("PKIX_PL_Cert_Create <altNameOther>");
108 altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext);
109
110 subTest("PKIX_PL_Cert_Create <altNameOther_diff>");
111 altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext);
112
113 subTest("PKIX_PL_Cert_Create <altNameNone>");
114 altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext);
115
116 subTest("PKIX_PL_Cert_Create <altNameMultiple>");
117 altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext);
118 }
119
120 static void
testGetVersion(PKIX_PL_Cert * goodObject)121 testGetVersion(
122 PKIX_PL_Cert *goodObject)
123 {
124 PKIX_UInt32 goodVersion;
125
126 PKIX_TEST_STD_VARS();
127
128 subTest("PKIX_PL_Cert_GetVersion");
129
130 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext));
131
132 if (goodVersion != 2) {
133 testError("unexpected mismatch");
134 (void)printf("Actual value:\t%d\n", goodVersion);
135 (void)printf("Expected value:\t2\n");
136 goto cleanup;
137 }
138
139 cleanup:
140
141 PKIX_TEST_RETURN();
142 }
143
144 static void
testGetSerialNumber(PKIX_PL_Cert * goodObject,PKIX_PL_Cert * equalObject,PKIX_PL_Cert * diffObject)145 testGetSerialNumber(
146 PKIX_PL_Cert *goodObject,
147 PKIX_PL_Cert *equalObject,
148 PKIX_PL_Cert *diffObject)
149 {
150 PKIX_PL_BigInt *goodSN = NULL;
151 PKIX_PL_BigInt *equalSN = NULL;
152 PKIX_PL_BigInt *diffSN = NULL;
153 char *expectedAscii = "37bc66ec";
154
155 PKIX_TEST_STD_VARS();
156
157 subTest("PKIX_PL_Cert_GetSerialNumber");
158
159 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext));
160
161 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext));
162
163 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext));
164
165 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE);
166
167 cleanup:
168
169 PKIX_TEST_DECREF_AC(goodSN);
170 PKIX_TEST_DECREF_AC(equalSN);
171 PKIX_TEST_DECREF_AC(diffSN);
172
173 PKIX_TEST_RETURN();
174 }
175
176 static void
testGetSubject(PKIX_PL_Cert * goodObject,PKIX_PL_Cert * equalObject,PKIX_PL_Cert * diffObject)177 testGetSubject(
178 PKIX_PL_Cert *goodObject,
179 PKIX_PL_Cert *equalObject,
180 PKIX_PL_Cert *diffObject)
181 {
182 PKIX_PL_X500Name *goodSubject = NULL;
183 PKIX_PL_X500Name *equalSubject = NULL;
184 PKIX_PL_X500Name *diffSubject = NULL;
185 char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us";
186
187 PKIX_TEST_STD_VARS();
188
189 subTest("PKIX_PL_Cert_GetSubject");
190
191 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext));
192
193 if (!goodSubject) {
194 testError("Certificate Subject should not be NULL");
195 goto cleanup;
196 }
197
198 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext));
199
200 if (!equalSubject) {
201 testError("Certificate Subject should not be NULL");
202 goto cleanup;
203 }
204
205 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext));
206
207 if (!diffSubject) {
208 testError("Certificate Subject should not be NULL");
209 goto cleanup;
210 }
211
212 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject,
213 equalSubject,
214 diffSubject,
215 expectedAscii,
216 X500Name,
217 PKIX_TRUE);
218
219 cleanup:
220
221 PKIX_TEST_DECREF_AC(goodSubject);
222 PKIX_TEST_DECREF_AC(equalSubject);
223 PKIX_TEST_DECREF_AC(diffSubject);
224
225 PKIX_TEST_RETURN();
226 }
227
228 static void
testGetIssuer(PKIX_PL_Cert * goodObject,PKIX_PL_Cert * equalObject,PKIX_PL_Cert * diffObject)229 testGetIssuer(
230 PKIX_PL_Cert *goodObject,
231 PKIX_PL_Cert *equalObject,
232 PKIX_PL_Cert *diffObject)
233 {
234 PKIX_PL_X500Name *goodIssuer = NULL;
235 PKIX_PL_X500Name *equalIssuer = NULL;
236 PKIX_PL_X500Name *diffIssuer = NULL;
237 char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
238
239 PKIX_TEST_STD_VARS();
240
241 subTest("PKIX_PL_Cert_GetIssuer");
242
243 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext));
244
245 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext));
246
247 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext));
248
249 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
250 equalIssuer,
251 diffIssuer,
252 expectedAscii,
253 X500Name,
254 PKIX_TRUE);
255
256 cleanup:
257
258 PKIX_TEST_DECREF_AC(goodIssuer);
259 PKIX_TEST_DECREF_AC(equalIssuer);
260 PKIX_TEST_DECREF_AC(diffIssuer);
261
262 PKIX_TEST_RETURN();
263 }
264
265 static void
testAltNames(PKIX_PL_Cert * goodCert,PKIX_PL_Cert * diffCert,char * expectedAscii)266 testAltNames(
267 PKIX_PL_Cert *goodCert,
268 PKIX_PL_Cert *diffCert,
269 char *expectedAscii)
270 {
271 PKIX_List *goodAltNames = NULL;
272 PKIX_List *diffAltNames = NULL;
273 PKIX_PL_GeneralName *goodAltName = NULL;
274 PKIX_PL_GeneralName *diffAltName = NULL;
275
276 PKIX_TEST_STD_VARS();
277
278 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext));
279
280 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames,
281 0,
282 (PKIX_PL_Object **)&goodAltName,
283 plContext));
284
285 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext));
286
287 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames,
288 0,
289 (PKIX_PL_Object **)&diffAltName,
290 plContext));
291
292 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName,
293 expectedAscii, GeneralName, PKIX_TRUE);
294
295 cleanup:
296 PKIX_TEST_DECREF_AC(goodAltNames);
297 PKIX_TEST_DECREF_AC(goodAltName);
298 PKIX_TEST_DECREF_AC(diffAltNames);
299 PKIX_TEST_DECREF_AC(diffAltName);
300 PKIX_TEST_RETURN();
301 }
302
303 static void
testAltNamesNone(PKIX_PL_Cert * cert)304 testAltNamesNone(PKIX_PL_Cert *cert)
305 {
306
307 PKIX_List *altNames = NULL;
308
309 PKIX_TEST_STD_VARS();
310
311 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext));
312
313 if (altNames != NULL) {
314 testError("unexpected mismatch");
315 (void)printf("Actual value:\t%p\n", (void *)altNames);
316 (void)printf("Expected value:\tNULL\n");
317 goto cleanup;
318 }
319
320 cleanup:
321
322 PKIX_TEST_DECREF_AC(altNames);
323 PKIX_TEST_RETURN();
324 }
325 static void
testAltNamesMultiple()326 testAltNamesMultiple()
327 {
328 PKIX_List *altNames = NULL;
329 PKIX_PL_GeneralName *firstAltName = NULL;
330 PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME;
331 PKIX_PL_GeneralName *secondAltName = NULL;
332 PKIX_Int32 secondExpectedType = PKIX_DNS_NAME;
333
334 char *expectedAscii =
335 "[\n"
336 "\tVersion: v3\n"
337 "\tSerialNumber: 2d\n"
338 "\tIssuer: OU=labs,O=sun,C=us\n"
339 "\tSubject: CN=yassir,OU=labs,O=sun,C=us\n"
340 "\tValidity: [From: Mon Feb 09, 2004\n"
341 /* "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */
342 "\t To: Mon Feb 09, 2004]\n"
343 /* "\t To: Mon Feb 09 14:43:52 2004]\n" */
344 "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n"
345 "\tAuthorityKeyId: (null)\n"
346 "\tSubjectKeyId: (null)\n"
347 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
348 "\tCritExtOIDs: (EMPTY)\n"
349 "\tExtKeyUsages: (null)\n"
350 "\tBasicConstraint: (null)\n"
351 "\tCertPolicyInfo: (null)\n"
352 "\tPolicyMappings: (null)\n"
353 "\tExplicitPolicy: -1\n"
354 "\tInhibitMapping: -1\n"
355 "\tInhibitAnyPolicy:-1\n"
356 "\tNameConstraints: (null)\n"
357 "\tAuthorityInfoAccess: (null)\n"
358 "\tSubjectInfoAccess: (null)\n"
359 "\tCacheFlag: 0\n"
360 "]\n";
361
362 PKIX_TEST_STD_VARS();
363
364 testToStringHelper((PKIX_PL_Object *)altNameMultipleCert,
365 expectedAscii,
366 plContext);
367
368 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext));
369
370 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext));
371
372 if (firstAltName->type != firstExpectedType) {
373 testError("unexpected mismatch");
374 (void)printf("Actual value:\t%d\n", firstAltName->type);
375 (void)printf("Expected value:\t%d\n", firstExpectedType);
376 goto cleanup;
377 }
378
379 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext));
380
381 if (secondAltName->type != secondExpectedType) {
382 testError("unexpected mismatch");
383 (void)printf("Actual value:\t%d\n", secondAltName->type);
384 (void)printf("Expected value:\t%d\n", secondExpectedType);
385 goto cleanup;
386 }
387
388 cleanup:
389 PKIX_TEST_DECREF_AC(altNames);
390 PKIX_TEST_DECREF_AC(firstAltName);
391 PKIX_TEST_DECREF_AC(secondAltName);
392 PKIX_TEST_RETURN();
393 }
394
395 static void
testGetSubjectAltNames(char * dataCentralDir)396 testGetSubjectAltNames(char *dataCentralDir)
397 {
398
399 char *expectedAscii = NULL;
400
401 createCertsWithSubjectAltNames(dataCentralDir);
402
403 subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>");
404 expectedAscii = "east.sun.com";
405 testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii);
406
407 subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>");
408 expectedAscii = "alice.barnes@bcn.east.sun.com";
409 testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii);
410
411 /*
412 *this should work once bugzilla bug #233586 is fixed.
413 *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>");
414 *expectedAscii = "X400Address: <DER-encoded value>";
415 *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii);
416 */
417
418 subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>");
419 expectedAscii = "CN=elley,OU=labs,O=sun,C=us";
420 testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii);
421
422 /*
423 * this should work once bugzilla bug #233586 is fixed.
424 * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>");
425 * expectedAscii = "EDIPartyName: <DER-encoded value>";
426 * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii);
427 */
428
429 subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>");
430 expectedAscii = "http://www.sun.com";
431 testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii);
432
433 subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>");
434 expectedAscii = "1.2.3.4";
435 testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii);
436
437 subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>");
438 expectedAscii = "1.2.39";
439 testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii);
440
441 subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>");
442 expectedAscii = "1.7.26.97";
443 testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii);
444
445 subTest("PKIX_PL_Cert_GetSubjectAltNames <none>");
446 testAltNamesNone(altNameNoneCert);
447
448 subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>");
449 testAltNamesMultiple();
450 }
451
452 static void
testGetSubjectPublicKey(PKIX_PL_Cert * goodObject,PKIX_PL_Cert * equalObject,PKIX_PL_Cert * diffObject)453 testGetSubjectPublicKey(
454 PKIX_PL_Cert *goodObject,
455 PKIX_PL_Cert *equalObject,
456 PKIX_PL_Cert *diffObject)
457 {
458 PKIX_PL_PublicKey *goodPubKey = NULL;
459 PKIX_PL_PublicKey *equalPubKey = NULL;
460 PKIX_PL_PublicKey *diffPubKey = NULL;
461 char *expectedAscii = "ANSI X9.57 DSA Signature";
462
463 PKIX_TEST_STD_VARS();
464
465 subTest("PKIX_PL_Cert_GetSubjectPublicKey");
466
467 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext));
468
469 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext));
470
471 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext));
472
473 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey,
474 expectedAscii, PublicKey, PKIX_TRUE);
475
476 cleanup:
477
478 PKIX_TEST_DECREF_AC(goodPubKey);
479 PKIX_TEST_DECREF_AC(equalPubKey);
480 PKIX_TEST_DECREF_AC(diffPubKey);
481
482 PKIX_TEST_RETURN();
483 }
484
485 static void
testGetSubjectPublicKeyAlgId(PKIX_PL_Cert * goodObject)486 testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject)
487 {
488 PKIX_PL_OID *pkixPubKeyOID = NULL;
489 char *expectedAscii = "1.2.840.10040.4.1";
490
491 PKIX_TEST_STD_VARS();
492
493 subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
494
495 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext));
496
497 testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext);
498
499 cleanup:
500
501 PKIX_TEST_DECREF_AC(pkixPubKeyOID);
502 PKIX_TEST_RETURN();
503 }
504
505 static void
testCritExtensionsPresent(PKIX_PL_Cert * cert)506 testCritExtensionsPresent(PKIX_PL_Cert *cert)
507 {
508 PKIX_List *critOIDList = NULL;
509 char *firstOIDAscii = "2.5.29.15";
510 PKIX_PL_OID *firstOID = NULL;
511 char *secondOIDAscii = "2.5.29.19";
512 PKIX_PL_OID *secondOID = NULL;
513
514 PKIX_TEST_STD_VARS();
515
516 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext));
517
518 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext));
519 testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext);
520
521 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext));
522
523 testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext);
524
525 cleanup:
526
527 PKIX_TEST_DECREF_AC(critOIDList);
528 PKIX_TEST_DECREF_AC(firstOID);
529 PKIX_TEST_DECREF_AC(secondOID);
530
531 PKIX_TEST_RETURN();
532 }
533
534 static void
testCritExtensionsAbsent(PKIX_PL_Cert * cert)535 testCritExtensionsAbsent(PKIX_PL_Cert *cert)
536 {
537 PKIX_List *oidList = NULL;
538 PKIX_Boolean empty;
539
540 PKIX_TEST_STD_VARS();
541
542 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
543
544 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
545
546 if (!empty) {
547 pkixTestErrorMsg = "unexpected mismatch";
548 }
549
550 cleanup:
551
552 PKIX_TEST_DECREF_AC(oidList);
553 PKIX_TEST_RETURN();
554 }
555
556 static void
testAllExtensionsAbsent(char * dataCentralDir)557 testAllExtensionsAbsent(char *dataCentralDir)
558 {
559 PKIX_List *oidList = NULL;
560 PKIX_PL_Cert *cert = NULL;
561 PKIX_Boolean empty;
562
563 PKIX_TEST_STD_VARS();
564
565 subTest("PKIX_PL_Cert_Create <noExtensionsCert>");
566 cert = createCert(dataCentralDir, "noExtensionsCert", plContext);
567
568 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
569
570 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
571
572 if (!empty) {
573 pkixTestErrorMsg = "unexpected mismatch";
574 }
575
576 cleanup:
577 PKIX_TEST_DECREF_AC(oidList);
578 PKIX_TEST_DECREF_AC(cert);
579
580 PKIX_TEST_RETURN();
581 }
582
583 static void
testGetCriticalExtensionOIDs(char * dataCentralDir,PKIX_PL_Cert * goodObject)584 testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject)
585 {
586 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
587 "<CritExtensionsPresent>");
588 testCritExtensionsPresent(goodObject);
589
590 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
591 "<CritExtensionsAbsent>");
592 testCritExtensionsAbsent(altNameOidCert);
593
594 subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
595 "<AllExtensionsAbsent>");
596 testAllExtensionsAbsent(dataCentralDir);
597 }
598
599 static void
testKeyIdentifiersMatching(char * dataCentralDir)600 testKeyIdentifiersMatching(char *dataCentralDir)
601 {
602 PKIX_PL_Cert *subjKeyIDCert = NULL;
603 PKIX_PL_Cert *authKeyIDCert = NULL;
604 PKIX_PL_ByteArray *subjKeyID = NULL;
605 PKIX_PL_ByteArray *authKeyID = NULL;
606 PKIX_PL_ByteArray *subjKeyID_diff = NULL;
607
608 char *expectedAscii =
609 "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225,"
610 " 139, 009, 126, 127, 234, 025, 072, 078, 097]";
611
612 PKIX_TEST_STD_VARS();
613
614 subTest("PKIX_PL_Cert_Create <subjKeyIDCert>");
615 subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext);
616
617 subTest("PKIX_PL_Cert_Create <authKeyIDCert>");
618 authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext);
619
620 subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>");
621 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext));
622
623 subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>");
624 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext));
625
626 subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>");
627 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext));
628
629 PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID,
630 authKeyID,
631 subjKeyID_diff,
632 expectedAscii,
633 ByteArray,
634 PKIX_TRUE);
635
636 cleanup:
637
638 PKIX_TEST_DECREF_AC(subjKeyIDCert);
639 PKIX_TEST_DECREF_AC(authKeyIDCert);
640 PKIX_TEST_DECREF_AC(subjKeyID);
641 PKIX_TEST_DECREF_AC(authKeyID);
642 PKIX_TEST_DECREF_AC(subjKeyID_diff);
643
644 PKIX_TEST_RETURN();
645 }
646
647 static void
testKeyIdentifierAbsent(PKIX_PL_Cert * cert)648 testKeyIdentifierAbsent(PKIX_PL_Cert *cert)
649 {
650 PKIX_PL_ByteArray *subjKeyID = NULL;
651 PKIX_PL_ByteArray *authKeyID = NULL;
652
653 PKIX_TEST_STD_VARS();
654
655 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext));
656
657 if (subjKeyID != NULL) {
658 pkixTestErrorMsg = "unexpected mismatch";
659 }
660
661 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext));
662
663 if (authKeyID != NULL) {
664 pkixTestErrorMsg = "unexpected mismatch";
665 }
666
667 cleanup:
668
669 PKIX_TEST_DECREF_AC(subjKeyID);
670 PKIX_TEST_DECREF_AC(authKeyID);
671
672 PKIX_TEST_RETURN();
673 }
674
675 static void
testGetKeyIdentifiers(char * dataCentralDir,PKIX_PL_Cert * goodObject)676 testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject)
677 {
678 testKeyIdentifiersMatching(dataCentralDir);
679 testKeyIdentifierAbsent(goodObject);
680 }
681
682 static void
testVerifyKeyUsage(char * dataCentralDir,char * dataDir,PKIX_PL_Cert * multiKeyUsagesCert)683 testVerifyKeyUsage(
684 char *dataCentralDir,
685 char *dataDir,
686 PKIX_PL_Cert *multiKeyUsagesCert)
687 {
688 PKIX_PL_Cert *encipherOnlyCert = NULL;
689 PKIX_PL_Cert *decipherOnlyCert = NULL;
690 PKIX_PL_Cert *noKeyUsagesCert = NULL;
691 PKIX_TEST_STD_VARS();
692
693 subTest("PKIX_PL_Cert_Create <encipherOnlyCert>");
694 encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext);
695
696 subTest("PKIX_PL_Cert_Create <decipherOnlyCert>");
697 decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext);
698
699 subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>");
700 noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext);
701
702 subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>");
703 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext));
704
705 subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>");
706 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert,
707 PKIX_KEY_CERT_SIGN |
708 PKIX_DIGITAL_SIGNATURE,
709 plContext));
710
711 subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>");
712 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext));
713
714 subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>");
715 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext));
716
717 subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>");
718 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext));
719
720 cleanup:
721 PKIX_TEST_DECREF_AC(encipherOnlyCert);
722 PKIX_TEST_DECREF_AC(decipherOnlyCert);
723 PKIX_TEST_DECREF_AC(noKeyUsagesCert);
724
725 PKIX_TEST_RETURN();
726 }
727
728 static void
testGetExtendedKeyUsage(char * dataCentralDir)729 testGetExtendedKeyUsage(char *dataCentralDir)
730 {
731
732 PKIX_PL_Cert *codeSigningEKUCert = NULL;
733 PKIX_PL_Cert *multiEKUCert = NULL;
734 PKIX_PL_Cert *noEKUCert = NULL;
735 PKIX_List *firstExtKeyUsage = NULL;
736 PKIX_List *secondExtKeyUsage = NULL;
737 PKIX_List *thirdExtKeyUsage = NULL;
738 PKIX_PL_OID *firstOID = NULL;
739 char *oidAscii = "1.3.6.1.5.5.7.3.3";
740 PKIX_PL_OID *secondOID = NULL;
741 char *secondOIDAscii = "1.3.6.1.5.5.7.3.1";
742 PKIX_PL_OID *thirdOID = NULL;
743 char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2";
744 PKIX_PL_OID *fourthOID = NULL;
745 PKIX_UInt32 length = 0;
746
747 PKIX_TEST_STD_VARS();
748
749 subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>");
750 codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext);
751
752 subTest("PKIX_PL_Cert_Create <multiEKUCert>");
753 multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext);
754
755 subTest("PKIX_PL_Cert_Create <noEKUCert>");
756 noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext);
757
758 subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>");
759 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext));
760
761 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext));
762 testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext);
763
764 subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>");
765 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext));
766
767 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext));
768
769 if (length != 3) {
770 testError("unexpected mismatch");
771 (void)printf("Actual value:\t%d\n", length);
772 (void)printf("Expected value:\t3\n");
773 goto cleanup;
774 }
775
776 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
777 0,
778 (PKIX_PL_Object **)&secondOID,
779 plContext));
780
781 testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext);
782
783 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
784 1,
785 (PKIX_PL_Object **)&thirdOID,
786 plContext));
787
788 testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext);
789
790 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
791 2,
792 (PKIX_PL_Object **)&fourthOID,
793 plContext));
794
795 testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext);
796
797 subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>");
798 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext));
799
800 if (thirdExtKeyUsage != NULL) {
801 testError("unexpected mismatch");
802 (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage);
803 (void)printf("Expected value:\tNULL\n");
804 goto cleanup;
805 }
806
807 cleanup:
808
809 PKIX_TEST_DECREF_AC(firstOID);
810 PKIX_TEST_DECREF_AC(secondOID);
811 PKIX_TEST_DECREF_AC(thirdOID);
812 PKIX_TEST_DECREF_AC(fourthOID);
813
814 PKIX_TEST_DECREF_AC(firstExtKeyUsage);
815 PKIX_TEST_DECREF_AC(secondExtKeyUsage);
816 PKIX_TEST_DECREF_AC(thirdExtKeyUsage);
817
818 PKIX_TEST_DECREF_AC(codeSigningEKUCert);
819 PKIX_TEST_DECREF_AC(multiEKUCert);
820 PKIX_TEST_DECREF_AC(noEKUCert);
821
822 PKIX_TEST_RETURN();
823 }
824
825 static void
testMakeInheritedDSAPublicKey(char * dataCentralDir)826 testMakeInheritedDSAPublicKey(char *dataCentralDir)
827 {
828 PKIX_PL_PublicKey *firstKey = NULL;
829 PKIX_PL_PublicKey *secondKey = NULL;
830 PKIX_PL_PublicKey *resultKeyPositive = NULL;
831 PKIX_PL_PublicKey *resultKeyNegative = NULL;
832 PKIX_PL_Cert *firstCert = NULL;
833 PKIX_PL_Cert *secondCert = NULL;
834
835 PKIX_TEST_STD_VARS();
836
837 subTest("PKIX_PL_Cert_Create <dsaWithoutParams>");
838 firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext);
839
840 subTest("PKIX_PL_Cert_Create <dsaWithParams>");
841 secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext);
842
843 subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>");
844 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext));
845
846 subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>");
847 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext));
848
849 subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>");
850 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext));
851
852 if (resultKeyPositive == NULL) {
853 testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed");
854 }
855
856 subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>");
857 PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext));
858
859 cleanup:
860
861 PKIX_TEST_DECREF_AC(firstCert);
862 PKIX_TEST_DECREF_AC(secondCert);
863
864 PKIX_TEST_DECREF_AC(firstKey);
865 PKIX_TEST_DECREF_AC(secondKey);
866 PKIX_TEST_DECREF_AC(resultKeyPositive);
867 PKIX_TEST_DECREF_AC(resultKeyNegative);
868
869 PKIX_TEST_RETURN();
870 }
871
872 static void
testVerifySignature(char * dataCentralDir)873 testVerifySignature(char *dataCentralDir)
874 {
875 PKIX_PL_Cert *firstCert = NULL;
876 PKIX_PL_Cert *secondCert = NULL;
877 PKIX_PL_PublicKey *firstPubKey = NULL;
878 PKIX_PL_PublicKey *secondPubKey = NULL;
879
880 PKIX_TEST_STD_VARS();
881
882 subTest("PKIX_PL_Cert_Create <labs2yassir>");
883 firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext);
884
885 subTest("PKIX_PL_Cert_Create <yassir2labs>");
886 secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext);
887
888 subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>");
889 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
890
891 subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>");
892 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
893
894 subTest("PKIX_PL_Cert_VerifySignature <positive>");
895 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext));
896
897 subTest("PKIX_PL_Cert_VerifySignature <negative>");
898 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext));
899
900 cleanup:
901
902 PKIX_TEST_DECREF_AC(firstCert);
903 PKIX_TEST_DECREF_AC(secondCert);
904 PKIX_TEST_DECREF_AC(firstPubKey);
905 PKIX_TEST_DECREF_AC(secondPubKey);
906
907 PKIX_TEST_RETURN();
908 }
909
910 static void
testCheckValidity(PKIX_PL_Cert * olderCert,PKIX_PL_Cert * newerCert)911 testCheckValidity(
912 PKIX_PL_Cert *olderCert,
913 PKIX_PL_Cert *newerCert)
914 {
915 /*
916 * olderCert has the following Validity:
917 * notBefore = August 19, 1999: 20:19:56 GMT
918 * notAfter = August 18, 2000: 20:19:56 GMT
919 *
920 * newerCert has the following Validity:
921 * notBefore = November 13, 2003: 16:46:03 GMT
922 * notAfter = February 13, 2009: 16:46:03 GMT
923 */
924
925 /* olderDateAscii = March 29, 2000: 13:48:47 GMT */
926 char *olderAscii = "000329134847Z";
927 PKIX_PL_String *olderString = NULL;
928 PKIX_PL_Date *olderDate = NULL;
929
930 /* newerDateAscii = March 29, 2004: 13:48:47 GMT */
931 char *newerAscii = "040329134847Z";
932 PKIX_PL_String *newerString = NULL;
933 PKIX_PL_Date *newerDate = NULL;
934
935 PKIX_TEST_STD_VARS();
936
937 subTest("PKIX_PL_Cert_CheckValidity <creating Dates>");
938
939 /* create newer date when newer cert is valid but older cert is not */
940 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext));
941 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext));
942
943 /* create older date when older cert is valid but newer cert is not */
944 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext));
945 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext));
946
947 /* check validity of both certificates using olderDate */
948 subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>");
949 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext));
950
951 subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>");
952 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext));
953
954 /* check validity of both certificates using newerDate */
955 subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>");
956 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext));
957
958 subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>");
959 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext));
960
961 /*
962 * check validity of both certificates using current time
963 * NOTE: these "now" tests will not work when the current
964 * time is after newerCert.notAfter (~ February 13, 2009)
965 */
966 subTest("PKIX_PL_Cert_CheckValidity <now:positive>");
967 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext));
968
969 subTest("PKIX_PL_Cert_CheckValidity <now:negative>");
970 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext));
971
972 cleanup:
973 PKIX_TEST_DECREF_AC(olderString);
974 PKIX_TEST_DECREF_AC(newerString);
975 PKIX_TEST_DECREF_AC(olderDate);
976 PKIX_TEST_DECREF_AC(newerDate);
977
978 PKIX_TEST_RETURN();
979 }
980
981 static void
readCertBasicConstraints(char * dataDir,char * goodCertName,char * diffCertName,PKIX_PL_CertBasicConstraints ** goodBasicConstraints,PKIX_PL_CertBasicConstraints ** equalBasicConstraints,PKIX_PL_CertBasicConstraints ** diffBasicConstraints)982 readCertBasicConstraints(
983 char *dataDir,
984 char *goodCertName,
985 char *diffCertName,
986 PKIX_PL_CertBasicConstraints **goodBasicConstraints,
987 PKIX_PL_CertBasicConstraints **equalBasicConstraints,
988 PKIX_PL_CertBasicConstraints **diffBasicConstraints)
989 {
990
991 PKIX_PL_Cert *goodCert = NULL;
992 PKIX_PL_Cert *equalCert = NULL;
993 PKIX_PL_Cert *diffCert = NULL;
994
995 PKIX_TEST_STD_VARS();
996
997 createCerts(dataDir, goodCertName, diffCertName,
998 &goodCert, &equalCert, &diffCert);
999 /*
1000 * Warning: pointer will be NULL if BasicConstraints
1001 * extension is not present in the certificate. */
1002 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext));
1003 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext));
1004 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext));
1005
1006 cleanup:
1007
1008 PKIX_TEST_DECREF_AC(goodCert);
1009 PKIX_TEST_DECREF_AC(equalCert);
1010 PKIX_TEST_DECREF_AC(diffCert);
1011
1012 PKIX_TEST_RETURN();
1013 }
1014
1015 static void
testBasicConstraintsHelper(char * dataDir,char * goodCertName,char * diffCertName,char * expectedAscii)1016 testBasicConstraintsHelper(
1017 char *dataDir,
1018 char *goodCertName,
1019 char *diffCertName,
1020 char *expectedAscii)
1021 {
1022 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
1023 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
1024 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
1025
1026 PKIX_TEST_STD_VARS();
1027
1028 readCertBasicConstraints(dataDir,
1029 goodCertName,
1030 diffCertName,
1031 &goodBasicConstraints,
1032 &equalBasicConstraints,
1033 &diffBasicConstraints);
1034
1035 /*
1036 * The standard test macro is applicable only
1037 * if BasicConstraint extension is present
1038 * in the certificate. Otherwise some
1039 * pointers will be null.
1040 */
1041 if ((goodBasicConstraints) &&
1042 (equalBasicConstraints) &&
1043 (diffBasicConstraints)) {
1044 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints,
1045 equalBasicConstraints,
1046 diffBasicConstraints,
1047 expectedAscii,
1048 BasicConstraints,
1049 PKIX_TRUE);
1050 } else {
1051 /* Test what we can */
1052 if (goodBasicConstraints) {
1053 if (!equalBasicConstraints) {
1054 testError("Unexpected NULL value of equalBasicConstraints");
1055 goto cleanup;
1056 }
1057 subTest("PKIX_PL_BasicConstraints_Equals <match>");
1058 testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
1059 (PKIX_PL_Object *)(equalBasicConstraints),
1060 PKIX_TRUE,
1061 plContext);
1062 subTest("PKIX_PL_BasicConstraints_Hashcode <match>");
1063 testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
1064 (PKIX_PL_Object *)(equalBasicConstraints),
1065 PKIX_TRUE,
1066 plContext);
1067 if (diffBasicConstraints) {
1068 subTest("PKIX_PL_BasicConstraints_Equals <non-match>");
1069 testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
1070 (PKIX_PL_Object *)(diffBasicConstraints),
1071 PKIX_FALSE,
1072 plContext);
1073 subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>");
1074 testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
1075 (PKIX_PL_Object *)(diffBasicConstraints),
1076 PKIX_FALSE,
1077 plContext);
1078 }
1079 subTest("PKIX_PL_BasicConstraints_Duplicate");
1080 testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext);
1081 }
1082 if (expectedAscii) {
1083 subTest("PKIX_PL_BasicConstraints_ToString");
1084 testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints),
1085 expectedAscii,
1086 plContext);
1087 }
1088 }
1089
1090 cleanup:
1091
1092 PKIX_TEST_DECREF_AC(goodBasicConstraints);
1093 PKIX_TEST_DECREF_AC(equalBasicConstraints);
1094 PKIX_TEST_DECREF_AC(diffBasicConstraints);
1095
1096 PKIX_TEST_RETURN();
1097 }
1098
1099 static void
testBasicConstraints_GetCAFlag(char * dataCentralDir)1100 testBasicConstraints_GetCAFlag(char *dataCentralDir)
1101 {
1102 /*
1103 * XXX When we have a certificate with a non-null Basic
1104 * Constraints field and a value of FALSE for CAFlag,
1105 * this test should be modified to use that
1106 * certificate for diffCertName, and to verify that
1107 * GetCAFlag returns a FALSE value. But our certificates for
1108 * non-CAs are created with no BasicConstraints extension.
1109 */
1110 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
1111 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
1112 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
1113 char *goodCertName = "yassir2yassir";
1114 char *diffCertName = "nss2alice";
1115 PKIX_Boolean goodCAFlag = PKIX_FALSE;
1116 PKIX_Boolean diffCAFlag = PKIX_FALSE;
1117
1118 PKIX_TEST_STD_VARS();
1119
1120 subTest("PKIX_PL_BasicConstraints_GetCAFlag");
1121
1122 readCertBasicConstraints(dataCentralDir,
1123 goodCertName,
1124 diffCertName,
1125 &goodBasicConstraints,
1126 &equalBasicConstraints,
1127 &diffBasicConstraints);
1128
1129 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext));
1130 if (!goodCAFlag) {
1131 testError("BasicConstraint CAFlag unexpectedly FALSE");
1132 goto cleanup;
1133 }
1134
1135 if (diffBasicConstraints) {
1136 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext));
1137 if (diffCAFlag) {
1138 testError("BasicConstraint CAFlag unexpectedly TRUE");
1139 goto cleanup;
1140 }
1141 }
1142
1143 cleanup:
1144
1145 PKIX_TEST_DECREF_AC(goodBasicConstraints);
1146 PKIX_TEST_DECREF_AC(equalBasicConstraints);
1147 PKIX_TEST_DECREF_AC(diffBasicConstraints);
1148
1149 PKIX_TEST_RETURN();
1150 }
1151
1152 static void
testBasicConstraints_GetPathLenConstraint(char * dataCentralDir)1153 testBasicConstraints_GetPathLenConstraint(char *dataCentralDir)
1154 {
1155 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
1156 PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
1157 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
1158 char *goodCertName = "yassir2yassir";
1159 char *diffCertName = "sun2sun";
1160 PKIX_Int32 goodPathLen = 0;
1161 PKIX_Int32 diffPathLen = 0;
1162
1163 PKIX_TEST_STD_VARS();
1164
1165 subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint");
1166
1167 readCertBasicConstraints(dataCentralDir,
1168 goodCertName,
1169 diffCertName,
1170 &goodBasicConstraints,
1171 &equalBasicConstraints,
1172 &diffBasicConstraints);
1173
1174 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext));
1175 if (0 != goodPathLen) {
1176 testError("unexpected basicConstraint pathLen");
1177 (void)printf("Actual value:\t%d\n", goodPathLen);
1178 (void)printf("Expected value:\t0\n");
1179 goto cleanup;
1180 }
1181
1182 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext));
1183 if (1 != diffPathLen) {
1184 testError("unexpected basicConstraint pathLen");
1185 (void)printf("Actual value:\t%d\n", diffPathLen);
1186 (void)printf("Expected value:\t1\n");
1187 goto cleanup;
1188 }
1189
1190 cleanup:
1191
1192 PKIX_TEST_DECREF_AC(goodBasicConstraints);
1193 PKIX_TEST_DECREF_AC(equalBasicConstraints);
1194 PKIX_TEST_DECREF_AC(diffBasicConstraints);
1195
1196 PKIX_TEST_RETURN();
1197 }
1198
1199 static void
testGetBasicConstraints(char * dataCentralDir)1200 testGetBasicConstraints(char *dataCentralDir)
1201 {
1202 char *goodCertName = NULL;
1203 char *diffCertName = NULL;
1204
1205 PKIX_TEST_STD_VARS();
1206
1207 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>");
1208 goodCertName = "yassir2yassir";
1209 diffCertName = "nss2alice";
1210 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
1211
1212 subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>");
1213 goodCertName = "nss2alice";
1214 diffCertName = "sun2sun";
1215 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL);
1216
1217 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>");
1218 goodCertName = "yassir2bcn";
1219 diffCertName = "sun2sun";
1220 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
1221
1222 subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>");
1223 goodCertName = "anchor2dsa";
1224 diffCertName = "sun2sun";
1225 testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)");
1226
1227 PKIX_TEST_RETURN();
1228 }
1229
1230 static void
testGetPolicyInformation(char * dataDir)1231 testGetPolicyInformation(char *dataDir)
1232 {
1233
1234 char *goodCertName =
1235 "UserNoticeQualifierTest15EE.crt";
1236 char *equalCertName =
1237 "UserNoticeQualifierTest15EE.crt";
1238 char *diffCertName =
1239 "UserNoticeQualifierTest17EE.crt";
1240 PKIX_Boolean isImmutable = PKIX_FALSE;
1241 PKIX_PL_Cert *goodCert = NULL;
1242 PKIX_PL_Cert *equalCert = NULL;
1243 PKIX_PL_Cert *diffCert = NULL;
1244 PKIX_List *goodPolicyInfo = NULL;
1245 PKIX_List *equalPolicyInfo = NULL;
1246 PKIX_List *diffPolicyInfo = NULL;
1247 PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
1248 PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
1249 PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
1250
1251 PKIX_TEST_STD_VARS();
1252 subTest("PKIX_PL_Cert_GetPolicyInformation");
1253
1254 /*
1255 * Get the cert, then the list of policyInfos.
1256 * Take the first policyInfo from the list.
1257 */
1258
1259 /* Get the PolicyInfo objects */
1260 goodCert = createCert(dataDir, goodCertName, plContext);
1261 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
1262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
1263
1264 equalCert = createCert(dataDir, equalCertName, plContext);
1265 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
1266 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
1267 0,
1268 (PKIX_PL_Object **)&equalPolicy,
1269 plContext));
1270
1271 diffCert = createCert(dataDir, diffCertName, plContext);
1272 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
1273 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
1274
1275 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy,
1276 equalPolicy,
1277 diffPolicy,
1278 NULL,
1279 CertPolicyInfo,
1280 PKIX_FALSE);
1281
1282 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext));
1283
1284 if (isImmutable != PKIX_TRUE) {
1285 testError("PolicyInfo List is not immutable");
1286 }
1287
1288 cleanup:
1289
1290 PKIX_TEST_DECREF_AC(goodPolicy);
1291 PKIX_TEST_DECREF_AC(equalPolicy);
1292 PKIX_TEST_DECREF_AC(diffPolicy);
1293 PKIX_TEST_DECREF_AC(goodPolicyInfo);
1294 PKIX_TEST_DECREF_AC(equalPolicyInfo);
1295 PKIX_TEST_DECREF_AC(diffPolicyInfo);
1296 PKIX_TEST_DECREF_AC(goodCert);
1297 PKIX_TEST_DECREF_AC(equalCert);
1298 PKIX_TEST_DECREF_AC(diffCert);
1299 PKIX_TEST_RETURN();
1300 }
1301
1302 static void
testCertPolicy_GetPolicyId(char * dataDir)1303 testCertPolicy_GetPolicyId(char *dataDir)
1304 {
1305 char *goodCertName =
1306 "UserNoticeQualifierTest15EE.crt";
1307 char *equalCertName =
1308 "UserNoticeQualifierTest16EE.crt";
1309 char *diffCertName =
1310 "UserNoticeQualifierTest17EE.crt";
1311 PKIX_PL_Cert *goodCert = NULL;
1312 PKIX_PL_Cert *equalCert = NULL;
1313 PKIX_PL_Cert *diffCert = NULL;
1314 PKIX_List *goodPolicyInfo = NULL;
1315 PKIX_List *equalPolicyInfo = NULL;
1316 PKIX_List *diffPolicyInfo = NULL;
1317 PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
1318 PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
1319 PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
1320 PKIX_PL_OID *goodID = NULL;
1321 PKIX_PL_OID *equalID = NULL;
1322 PKIX_PL_OID *diffID = NULL;
1323
1324 PKIX_TEST_STD_VARS();
1325 subTest("PKIX_PL_CertPolicyInfo_GetPolicyId");
1326
1327 /*
1328 * Get the cert, then the list of policyInfos.
1329 * Take the first policyInfo from the list.
1330 * Finally, get the policyInfo's ID.
1331 */
1332
1333 /* Get the PolicyInfo objects */
1334 goodCert = createCert(dataDir, goodCertName, plContext);
1335 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
1336 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
1337 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext));
1338
1339 equalCert = createCert(dataDir, equalCertName, plContext);
1340 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
1341 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
1342 0,
1343 (PKIX_PL_Object **)&equalPolicy,
1344 plContext));
1345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext));
1346
1347 diffCert = createCert(dataDir, diffCertName, plContext);
1348 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
1349 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
1350 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext));
1351
1352 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
1353
1354 cleanup:
1355
1356 PKIX_TEST_DECREF_AC(goodID);
1357 PKIX_TEST_DECREF_AC(equalID);
1358 PKIX_TEST_DECREF_AC(diffID);
1359 PKIX_TEST_DECREF_AC(goodPolicy);
1360 PKIX_TEST_DECREF_AC(equalPolicy);
1361 PKIX_TEST_DECREF_AC(diffPolicy);
1362 PKIX_TEST_DECREF_AC(goodPolicyInfo);
1363 PKIX_TEST_DECREF_AC(equalPolicyInfo);
1364 PKIX_TEST_DECREF_AC(diffPolicyInfo);
1365 PKIX_TEST_DECREF_AC(goodCert);
1366 PKIX_TEST_DECREF_AC(equalCert);
1367 PKIX_TEST_DECREF_AC(diffCert);
1368 PKIX_TEST_RETURN();
1369 }
1370
1371 static void
testCertPolicy_GetPolQualifiers(char * dataDir)1372 testCertPolicy_GetPolQualifiers(char *dataDir)
1373 {
1374 char *goodCertName =
1375 "UserNoticeQualifierTest15EE.crt";
1376 char *equalCertName =
1377 "UserNoticeQualifierTest16EE.crt";
1378 char *diffCertName =
1379 "UserNoticeQualifierTest18EE.crt";
1380 PKIX_Boolean isImmutable = PKIX_FALSE;
1381 PKIX_PL_Cert *goodCert = NULL;
1382 PKIX_PL_Cert *equalCert = NULL;
1383 PKIX_PL_Cert *diffCert = NULL;
1384 PKIX_List *goodPolicyInfo = NULL;
1385 PKIX_List *equalPolicyInfo = NULL;
1386 PKIX_List *diffPolicyInfo = NULL;
1387 PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
1388 PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
1389 PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
1390 PKIX_List *goodQuals = NULL;
1391 PKIX_List *equalQuals = NULL;
1392 PKIX_List *diffQuals = NULL;
1393
1394 PKIX_TEST_STD_VARS();
1395 subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers");
1396
1397 /*
1398 * Get the cert, then the list of policyInfos.
1399 * Take the first policyInfo from the list.
1400 * Get its list of PolicyQualifiers.
1401 */
1402
1403 /* Get the PolicyInfo objects */
1404 goodCert = createCert(dataDir, goodCertName, plContext);
1405 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
1406 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
1407 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
1408
1409 equalCert = createCert(dataDir, equalCertName, plContext);
1410 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
1411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
1412 0,
1413 (PKIX_PL_Object **)&equalPolicy,
1414 plContext));
1415
1416 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
1417
1418 diffCert = createCert(dataDir, diffCertName, plContext);
1419 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
1420 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
1421 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
1422
1423 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals,
1424 equalQuals,
1425 diffQuals,
1426 NULL,
1427 List,
1428 PKIX_FALSE);
1429
1430 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext));
1431
1432 if (isImmutable != PKIX_TRUE) {
1433 testError("PolicyQualifier List is not immutable");
1434 }
1435
1436 cleanup:
1437
1438 PKIX_TEST_DECREF_AC(goodCert);
1439 PKIX_TEST_DECREF_AC(goodPolicyInfo);
1440 PKIX_TEST_DECREF_AC(goodPolicy);
1441 PKIX_TEST_DECREF_AC(goodQuals);
1442 PKIX_TEST_DECREF_AC(equalCert);
1443 PKIX_TEST_DECREF_AC(equalPolicyInfo);
1444 PKIX_TEST_DECREF_AC(equalQuals);
1445 PKIX_TEST_DECREF_AC(equalPolicy);
1446 PKIX_TEST_DECREF_AC(diffCert);
1447 PKIX_TEST_DECREF_AC(diffPolicyInfo);
1448 PKIX_TEST_DECREF_AC(diffPolicy);
1449 PKIX_TEST_DECREF_AC(diffQuals);
1450
1451 PKIX_TEST_RETURN();
1452 }
1453
1454 static void
testPolicyQualifier_GetQualifier(char * dataDir)1455 testPolicyQualifier_GetQualifier(char *dataDir)
1456 {
1457 char *goodCertName =
1458 "UserNoticeQualifierTest15EE.crt";
1459 char *equalCertName =
1460 "UserNoticeQualifierTest16EE.crt";
1461 char *diffCertName =
1462 "UserNoticeQualifierTest18EE.crt";
1463 PKIX_PL_Cert *goodCert = NULL;
1464 PKIX_PL_Cert *equalCert = NULL;
1465 PKIX_PL_Cert *diffCert = NULL;
1466 PKIX_List *goodPolicyInfo = NULL;
1467 PKIX_List *equalPolicyInfo = NULL;
1468 PKIX_List *diffPolicyInfo = NULL;
1469 PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
1470 PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
1471 PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
1472 PKIX_List *goodQuals = NULL;
1473 PKIX_List *equalQuals = NULL;
1474 PKIX_List *diffQuals = NULL;
1475 PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
1476 PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
1477 PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
1478 PKIX_PL_ByteArray *goodArray = NULL;
1479 PKIX_PL_ByteArray *equalArray = NULL;
1480 PKIX_PL_ByteArray *diffArray = NULL;
1481
1482 PKIX_TEST_STD_VARS();
1483 subTest("PKIX_PL_PolicyQualifier_GetQualifier");
1484
1485 /*
1486 * Get the cert, then the list of policyInfos.
1487 * Take the first policyInfo from the list.
1488 * Get its list of PolicyQualifiers.
1489 * Take the first policyQualifier from the list.
1490 * Finally, get the policyQualifier's ByteArray.
1491 */
1492
1493 /* Get the PolicyInfo objects */
1494 goodCert = createCert(dataDir, goodCertName, plContext);
1495 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
1496 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
1497 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
1498 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
1499 0,
1500 (PKIX_PL_Object **)&goodPolQualifier,
1501 plContext));
1502
1503 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext));
1504
1505 equalCert = createCert(dataDir, equalCertName, plContext);
1506 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
1507 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
1508 0,
1509 (PKIX_PL_Object **)&equalPolicy,
1510 plContext));
1511 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
1512 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
1513 0,
1514 (PKIX_PL_Object **)&equalPolQualifier,
1515 plContext));
1516
1517 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext));
1518
1519 diffCert = createCert(dataDir, diffCertName, plContext);
1520 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
1521 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
1522 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
1523 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
1524 0,
1525 (PKIX_PL_Object **)&diffPolQualifier,
1526 plContext));
1527
1528 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext));
1529
1530 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE);
1531
1532 cleanup:
1533
1534 PKIX_TEST_DECREF_AC(goodArray);
1535 PKIX_TEST_DECREF_AC(equalArray);
1536 PKIX_TEST_DECREF_AC(diffArray);
1537 PKIX_TEST_DECREF_AC(goodPolQualifier);
1538 PKIX_TEST_DECREF_AC(equalPolQualifier);
1539 PKIX_TEST_DECREF_AC(diffPolQualifier);
1540 PKIX_TEST_DECREF_AC(goodQuals);
1541 PKIX_TEST_DECREF_AC(equalQuals);
1542 PKIX_TEST_DECREF_AC(diffQuals);
1543 PKIX_TEST_DECREF_AC(goodPolicy);
1544 PKIX_TEST_DECREF_AC(equalPolicy);
1545 PKIX_TEST_DECREF_AC(diffPolicy);
1546 PKIX_TEST_DECREF_AC(goodPolicyInfo);
1547 PKIX_TEST_DECREF_AC(equalPolicyInfo);
1548 PKIX_TEST_DECREF_AC(diffPolicyInfo);
1549 PKIX_TEST_DECREF_AC(goodCert);
1550 PKIX_TEST_DECREF_AC(equalCert);
1551 PKIX_TEST_DECREF_AC(diffCert);
1552 PKIX_TEST_RETURN();
1553 }
1554
1555 static void
testPolicyQualifier_GetPolicyQualifierId(char * dataDir)1556 testPolicyQualifier_GetPolicyQualifierId(char *dataDir)
1557 {
1558 char *goodCertName =
1559 "UserNoticeQualifierTest15EE.crt";
1560 char *equalCertName =
1561 "UserNoticeQualifierTest16EE.crt";
1562 char *diffCertName =
1563 "CPSPointerQualifierTest20EE.crt";
1564 PKIX_PL_Cert *goodCert = NULL;
1565 PKIX_PL_Cert *equalCert = NULL;
1566 PKIX_PL_Cert *diffCert = NULL;
1567 PKIX_List *goodPolicyInfo = NULL;
1568 PKIX_List *equalPolicyInfo = NULL;
1569 PKIX_List *diffPolicyInfo = NULL;
1570 PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
1571 PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
1572 PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
1573 PKIX_List *goodQuals = NULL;
1574 PKIX_List *equalQuals = NULL;
1575 PKIX_List *diffQuals = NULL;
1576 PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
1577 PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
1578 PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
1579 PKIX_PL_OID *goodID = NULL;
1580 PKIX_PL_OID *equalID = NULL;
1581 PKIX_PL_OID *diffID = NULL;
1582
1583 PKIX_TEST_STD_VARS();
1584 subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
1585
1586 /*
1587 * Get the cert, then the list of policyInfos.
1588 * Take the first policyInfo from the list.
1589 * Get its list of PolicyQualifiers.
1590 * Take the first policyQualifier from the list.
1591 * Finally, get the policyQualifier's ID.
1592 */
1593
1594 /* Get the PolicyQualifier objects */
1595 goodCert = createCert(dataDir, goodCertName, plContext);
1596 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
1597 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
1598 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
1599 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
1600 0,
1601 (PKIX_PL_Object **)&goodPolQualifier,
1602 plContext));
1603
1604 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext));
1605
1606 equalCert = createCert(dataDir, equalCertName, plContext);
1607 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
1608 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
1609 0,
1610 (PKIX_PL_Object **)&equalPolicy,
1611 plContext));
1612 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
1613 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
1614 0,
1615 (PKIX_PL_Object **)&equalPolQualifier,
1616 plContext));
1617
1618 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext));
1619
1620 diffCert = createCert(dataDir, diffCertName, plContext);
1621 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
1622 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
1623 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
1624 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
1625 0,
1626 (PKIX_PL_Object **)&diffPolQualifier,
1627 plContext));
1628
1629 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext));
1630
1631 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
1632
1633 cleanup:
1634
1635 PKIX_TEST_DECREF_AC(goodID);
1636 PKIX_TEST_DECREF_AC(equalID);
1637 PKIX_TEST_DECREF_AC(diffID);
1638 PKIX_TEST_DECREF_AC(goodPolQualifier);
1639 PKIX_TEST_DECREF_AC(equalPolQualifier);
1640 PKIX_TEST_DECREF_AC(diffPolQualifier);
1641 PKIX_TEST_DECREF_AC(goodQuals);
1642 PKIX_TEST_DECREF_AC(equalQuals);
1643 PKIX_TEST_DECREF_AC(diffQuals);
1644 PKIX_TEST_DECREF_AC(goodPolicy);
1645 PKIX_TEST_DECREF_AC(equalPolicy);
1646 PKIX_TEST_DECREF_AC(diffPolicy);
1647 PKIX_TEST_DECREF_AC(goodPolicyInfo);
1648 PKIX_TEST_DECREF_AC(equalPolicyInfo);
1649 PKIX_TEST_DECREF_AC(diffPolicyInfo);
1650 PKIX_TEST_DECREF_AC(goodCert);
1651 PKIX_TEST_DECREF_AC(equalCert);
1652 PKIX_TEST_DECREF_AC(diffCert);
1653 PKIX_TEST_RETURN();
1654 }
1655
1656 static void
testAreCertPoliciesCritical(char * dataCentralDir,char * dataDir)1657 testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir)
1658 {
1659
1660 char *trueCertName = "CertificatePoliciesCritical.crt";
1661 char *falseCertName = "UserNoticeQualifierTest15EE.crt";
1662 PKIX_PL_Cert *trueCert = NULL;
1663 PKIX_PL_Cert *falseCert = NULL;
1664 PKIX_Boolean trueVal = PKIX_FALSE;
1665 PKIX_Boolean falseVal = PKIX_FALSE;
1666
1667 PKIX_TEST_STD_VARS();
1668 subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>");
1669
1670 trueCert = createCert(dataCentralDir, trueCertName, plContext);
1671
1672 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext));
1673
1674 if (trueVal != PKIX_TRUE) {
1675 testError("unexpected mismatch");
1676 (void)printf("Actual value:\t%d\n", trueVal);
1677 (void)printf("Expected value:\t1\n");
1678 goto cleanup;
1679 }
1680
1681 subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>");
1682
1683 falseCert = createCert(dataDir, falseCertName, plContext);
1684
1685 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext));
1686
1687 if (falseVal != PKIX_FALSE) {
1688 testError("unexpected mismatch");
1689 (void)printf("Actual value:\t%d\n", falseVal);
1690 (void)printf("Expected value:\t0\n");
1691 goto cleanup;
1692 }
1693
1694 cleanup:
1695
1696 PKIX_TEST_DECREF_AC(trueCert);
1697 PKIX_TEST_DECREF_AC(falseCert);
1698
1699 PKIX_TEST_RETURN();
1700 }
1701
1702 static void
testCertPolicyConstraints(char * dataDir)1703 testCertPolicyConstraints(char *dataDir)
1704 {
1705 char *requireExplicitPolicy2CertName =
1706 "requireExplicitPolicy2CACert.crt";
1707 char *inhibitPolicyMapping5CertName =
1708 "inhibitPolicyMapping5CACert.crt";
1709 char *inhibitAnyPolicy5CertName =
1710 "inhibitAnyPolicy5CACert.crt";
1711 char *inhibitAnyPolicy0CertName =
1712 "inhibitAnyPolicy0CACert.crt";
1713 PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL;
1714 PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL;
1715 PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL;
1716 PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL;
1717 PKIX_Int32 skipCerts = 0;
1718
1719 PKIX_TEST_STD_VARS();
1720
1721 subTest("PKIX_PL_Cert_GetRequireExplicitPolicy");
1722 requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext);
1723 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL));
1724 PR_ASSERT(skipCerts == 2);
1725
1726 subTest("PKIX_PL_Cert_GetPolicyMappingInhibited");
1727 inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext);
1728 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL));
1729 PR_ASSERT(skipCerts == 5);
1730
1731 subTest("PKIX_PL_Cert_GetInhibitAnyPolicy");
1732 inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext);
1733 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL));
1734 PR_ASSERT(skipCerts == 5);
1735
1736 inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext);
1737 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL));
1738 PR_ASSERT(skipCerts == 0);
1739
1740 cleanup:
1741
1742 PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert);
1743 PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert);
1744 PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert);
1745 PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert);
1746
1747 PKIX_TEST_RETURN();
1748 }
1749
1750 static void
testCertPolicyMaps(char * dataDir)1751 testCertPolicyMaps(char *dataDir)
1752 {
1753 char *policyMappingsCertName =
1754 "P1Mapping1to234CACert.crt";
1755 char *expectedAscii =
1756 "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2";
1757
1758 PKIX_PL_Cert *policyMappingsCert = NULL;
1759 PKIX_List *mappings = NULL;
1760 PKIX_PL_CertPolicyMap *goodMap = NULL;
1761 PKIX_PL_CertPolicyMap *equalMap = NULL;
1762 PKIX_PL_CertPolicyMap *diffMap = NULL;
1763 PKIX_PL_OID *goodOID = NULL;
1764 PKIX_PL_OID *equalOID = NULL;
1765 PKIX_PL_OID *diffOID = NULL;
1766
1767 PKIX_TEST_STD_VARS();
1768
1769 subTest("PKIX_PL_Cert_GetPolicyMappings");
1770
1771 policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext);
1772 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL));
1773
1774 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL));
1775 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL));
1776 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL));
1777
1778 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap,
1779 equalMap,
1780 diffMap,
1781 expectedAscii,
1782 CertPolicyMap,
1783 PKIX_TRUE);
1784
1785 subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
1786 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL));
1787 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL));
1788 subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
1789 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL));
1790
1791 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID,
1792 equalOID,
1793 diffOID,
1794 "2.16.840.1.101.3.2.1.48.1",
1795 OID,
1796 PKIX_FALSE);
1797
1798 subTest("pkix_pl_CertPolicyMap_Destroy");
1799 PKIX_TEST_DECREF_BC(goodMap);
1800 PKIX_TEST_DECREF_BC(equalMap);
1801 PKIX_TEST_DECREF_BC(diffMap);
1802
1803 cleanup:
1804 PKIX_TEST_DECREF_AC(policyMappingsCert);
1805 PKIX_TEST_DECREF_AC(mappings);
1806 PKIX_TEST_DECREF_AC(goodOID);
1807 PKIX_TEST_DECREF_AC(equalOID);
1808 PKIX_TEST_DECREF_AC(diffOID);
1809
1810 PKIX_TEST_RETURN();
1811 }
1812
1813 static void
testNameConstraints(char * dataDir)1814 testNameConstraints(char *dataDir)
1815 {
1816 char *firstPname = "nameConstraintsDN3subCA2Cert.crt";
1817 char *secondPname = "nameConstraintsDN4CACert.crt";
1818 char *thirdPname = "nameConstraintsDN5CACert.crt";
1819 char *lastPname = "InvalidDNnameConstraintsTest3EE.crt";
1820 PKIX_PL_Cert *firstCert = NULL;
1821 PKIX_PL_Cert *secondCert = NULL;
1822 PKIX_PL_Cert *thirdCert = NULL;
1823 PKIX_PL_Cert *lastCert = NULL;
1824 PKIX_PL_CertNameConstraints *firstNC = NULL;
1825 PKIX_PL_CertNameConstraints *secondNC = NULL;
1826 PKIX_PL_CertNameConstraints *thirdNC = NULL;
1827 PKIX_PL_CertNameConstraints *firstMergedNC = NULL;
1828 PKIX_PL_CertNameConstraints *secondMergedNC = NULL;
1829 char *firstExpectedAscii =
1830 "[\n"
1831 "\t\tPermitted Name: (O=Test Certificates,C=US)\n"
1832 "\t\tExcluded Name: (OU=excludedSubtree1,O=Test Certificates,"
1833 "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n"
1834 "\t]\n";
1835 char *secondExpectedAscii =
1836 "[\n"
1837 "\t\tPermitted Name: (O=Test Certificates,C=US, "
1838 "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
1839 "\t\tExcluded Name: (OU=excludedSubtree1,"
1840 "O=Test Certificates,"
1841 "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, "
1842 "OU=excludedSubtree1,OU=permittedSubtree1,"
1843 "O=Test Certificates,C=US)\n"
1844 "\t]\n";
1845
1846 PKIX_TEST_STD_VARS();
1847 subTest("PKIX_PL_CertNameConstraints");
1848
1849 firstCert = createCert(dataDir, firstPname, plContext);
1850 secondCert = createCert(dataDir, secondPname, plContext);
1851 thirdCert = createCert(dataDir, thirdPname, plContext);
1852 lastCert = createCert(dataDir, lastPname, plContext);
1853
1854 subTest("PKIX_PL_Cert_GetNameConstraints <total=3>");
1855
1856 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL));
1857
1858 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL));
1859
1860 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL));
1861
1862 subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>");
1863
1864 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL));
1865
1866 subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>");
1867
1868 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL));
1869
1870 testToStringHelper((PKIX_PL_Object *)firstMergedNC,
1871 firstExpectedAscii,
1872 plContext);
1873
1874 testToStringHelper((PKIX_PL_Object *)secondMergedNC,
1875 secondExpectedAscii,
1876 plContext);
1877
1878 subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>");
1879
1880 /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */
1881 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL));
1882
1883 subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>");
1884
1885 /*
1886 * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
1887 * OU=permittedSubtree1,O=Test Certificates,C=US
1888 */
1889 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL));
1890
1891 subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
1892
1893 /*
1894 * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
1895 * OU=permittedSubtree1,O=Test Certificates,C=US
1896 * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate
1897 * Test3,OU=excludedSubtree1,O=Test Certificates,C=US
1898 */
1899 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL));
1900
1901 subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
1902
1903 PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL));
1904
1905 cleanup:
1906
1907 PKIX_TEST_DECREF_AC(firstCert);
1908 PKIX_TEST_DECREF_AC(secondCert);
1909 PKIX_TEST_DECREF_AC(thirdCert);
1910 PKIX_TEST_DECREF_AC(lastCert);
1911 PKIX_TEST_DECREF_AC(firstNC);
1912 PKIX_TEST_DECREF_AC(secondNC);
1913 PKIX_TEST_DECREF_AC(thirdNC);
1914 PKIX_TEST_DECREF_AC(firstMergedNC);
1915 PKIX_TEST_DECREF_AC(secondMergedNC);
1916
1917 PKIX_TEST_RETURN();
1918 }
1919
1920 static void
testDestroy(void * goodObject,void * equalObject,void * diffObject)1921 testDestroy(void *goodObject, void *equalObject, void *diffObject)
1922 {
1923 PKIX_TEST_STD_VARS();
1924
1925 subTest("PKIX_PL_Cert_Destroy");
1926
1927 PKIX_TEST_DECREF_BC(goodObject);
1928 PKIX_TEST_DECREF_BC(equalObject);
1929 PKIX_TEST_DECREF_BC(diffObject);
1930
1931 PKIX_TEST_DECREF_BC(altNameNoneCert);
1932 PKIX_TEST_DECREF_BC(altNameOtherCert);
1933 PKIX_TEST_DECREF_BC(altNameOtherCert_diff);
1934 PKIX_TEST_DECREF_BC(altNameRfc822Cert);
1935 PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff);
1936 PKIX_TEST_DECREF_BC(altNameDnsCert);
1937 PKIX_TEST_DECREF_BC(altNameDnsCert_diff);
1938 PKIX_TEST_DECREF_BC(altNameX400Cert);
1939 PKIX_TEST_DECREF_BC(altNameX400Cert_diff);
1940 PKIX_TEST_DECREF_BC(altNameDnCert);
1941 PKIX_TEST_DECREF_BC(altNameDnCert_diff);
1942 PKIX_TEST_DECREF_BC(altNameEdiCert);
1943 PKIX_TEST_DECREF_BC(altNameEdiCert_diff);
1944 PKIX_TEST_DECREF_BC(altNameUriCert);
1945 PKIX_TEST_DECREF_BC(altNameUriCert_diff);
1946 PKIX_TEST_DECREF_BC(altNameIpCert);
1947 PKIX_TEST_DECREF_BC(altNameIpCert_diff);
1948 PKIX_TEST_DECREF_BC(altNameOidCert);
1949 PKIX_TEST_DECREF_BC(altNameOidCert_diff);
1950 PKIX_TEST_DECREF_BC(altNameMultipleCert);
1951
1952 cleanup:
1953
1954 PKIX_TEST_RETURN();
1955 }
1956
1957 static void
printUsage(void)1958 printUsage(void)
1959 {
1960 (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n");
1961 }
1962
1963 int
test_cert(int argc,char * argv[])1964 test_cert(int argc, char *argv[])
1965 {
1966
1967 PKIX_PL_Cert *goodObject = NULL;
1968 PKIX_PL_Cert *equalObject = NULL;
1969 PKIX_PL_Cert *diffObject = NULL;
1970 PKIX_UInt32 actualMinorVersion;
1971 PKIX_UInt32 j = 0;
1972
1973 char *dataCentralDir = NULL;
1974 char *dataDir = NULL;
1975 char *goodInput = "yassir2bcn";
1976 char *diffInput = "nss2alice";
1977
1978 char *expectedAscii =
1979 "[\n"
1980 "\tVersion: v3\n"
1981 "\tSerialNumber: 37bc66ec\n"
1982 "\tIssuer: CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
1983 "\tSubject: OU=bcn,OU=east,O=sun,C=us\n"
1984 "\tValidity: [From: Thu Aug 19, 1999\n"
1985 /* "\tValidity: [From: Thu Aug 19 16:19:56 1999\n" */
1986 "\t To: Fri Aug 18, 2000]\n"
1987 /* "\t To: Fri Aug 18 16:19:56 2000]\n" */
1988 "\tSubjectAltNames: (null)\n"
1989 "\tAuthorityKeyId: (null)\n"
1990 "\tSubjectKeyId: (null)\n"
1991 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
1992 "\tCritExtOIDs: (2.5.29.15, 2.5.29.19)\n"
1993 "\tExtKeyUsages: (null)\n"
1994 "\tBasicConstraint: CA(0)\n"
1995 "\tCertPolicyInfo: (null)\n"
1996 "\tPolicyMappings: (null)\n"
1997 "\tExplicitPolicy: -1\n"
1998 "\tInhibitMapping: -1\n"
1999 "\tInhibitAnyPolicy:-1\n"
2000 "\tNameConstraints: (null)\n"
2001 "\tAuthorityInfoAccess: (null)\n"
2002 "\tSubjectInfoAccess: (null)\n"
2003 "\tCacheFlag: 0\n"
2004 "]\n";
2005
2006 PKIX_TEST_STD_VARS();
2007
2008 startTests("Cert");
2009
2010 PKIX_TEST_EXPECT_NO_ERROR(
2011 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
2012
2013 if (argc < 3 + j) {
2014 printUsage();
2015 return (0);
2016 }
2017
2018 dataCentralDir = argv[2 + j];
2019 dataDir = argv[3 + j];
2020
2021 createCerts(dataCentralDir,
2022 goodInput,
2023 diffInput,
2024 &goodObject,
2025 &equalObject,
2026 &diffObject);
2027
2028 testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext);
2029
2030 PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
2031 equalObject,
2032 diffObject,
2033 expectedAscii,
2034 Cert,
2035 PKIX_TRUE);
2036
2037 testVerifyKeyUsage(dataCentralDir, dataDir, goodObject);
2038
2039 testGetExtendedKeyUsage(dataCentralDir);
2040 testGetKeyIdentifiers(dataCentralDir, goodObject);
2041
2042 testGetVersion(goodObject);
2043 testGetSerialNumber(goodObject, equalObject, diffObject);
2044
2045 testGetSubject(goodObject, equalObject, diffObject);
2046 testGetIssuer(goodObject, equalObject, diffObject);
2047
2048 testGetSubjectAltNames(dataCentralDir);
2049 testGetCriticalExtensionOIDs(dataCentralDir, goodObject);
2050
2051 testGetSubjectPublicKey(goodObject, equalObject, diffObject);
2052 testGetSubjectPublicKeyAlgId(goodObject);
2053 testMakeInheritedDSAPublicKey(dataCentralDir);
2054
2055 testCheckValidity(goodObject, diffObject);
2056
2057 testBasicConstraints_GetCAFlag(dataCentralDir);
2058 testBasicConstraints_GetPathLenConstraint(dataCentralDir);
2059 testGetBasicConstraints(dataCentralDir);
2060
2061 /* Basic Policy Processing */
2062 testGetPolicyInformation(dataDir);
2063 testCertPolicy_GetPolicyId(dataDir);
2064 testCertPolicy_GetPolQualifiers(dataDir);
2065 testPolicyQualifier_GetPolicyQualifierId(dataDir);
2066 testPolicyQualifier_GetQualifier(dataDir);
2067 testAreCertPoliciesCritical(dataCentralDir, dataDir);
2068
2069 /* Advanced Policy Processing */
2070 testCertPolicyConstraints(dataDir);
2071 testCertPolicyMaps(dataDir);
2072
2073 testNameConstraints(dataDir);
2074
2075 testVerifySignature(dataCentralDir);
2076
2077 testDestroy(goodObject, equalObject, diffObject);
2078
2079 cleanup:
2080
2081 PKIX_Shutdown(plContext);
2082
2083 PKIX_TEST_RETURN();
2084
2085 endTests("Cert");
2086
2087 return (0);
2088 }
2089