1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * testutil_nss.c
6 *
7 * NSS-specific utility functions for handling test errors
8 *
9 */
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stddef.h>
14
15 #include "pkix_pl_generalname.h"
16 #include "pkix_pl_cert.h"
17 #include "pkix.h"
18 #include "testutil.h"
19 #include "prlong.h"
20 #include "plstr.h"
21 #include "prthread.h"
22 #include "secutil.h"
23 #include <nspr.h>
24 #include "prtypes.h"
25 #include "prtime.h"
26 #include "pk11func.h"
27 #include "secasn1.h"
28 #include "cert.h"
29 #include "cryptohi.h"
30 #include "secoid.h"
31 #include "certdb.h"
32 #include "secitem.h"
33 #include "keythi.h"
34 #include "nss.h"
35
36 static char *
catDirName(char * dir,char * name,void * plContext)37 catDirName(char *dir, char *name, void *plContext)
38 {
39 char *pathName = NULL;
40 PKIX_UInt32 nameLen;
41 PKIX_UInt32 dirLen;
42
43 PKIX_TEST_STD_VARS();
44
45 nameLen = PL_strlen(name);
46 dirLen = PL_strlen(dir);
47
48 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2,
49 (void **)&pathName,
50 plContext));
51
52 PL_strcpy(pathName, dir);
53 PL_strcat(pathName, "/");
54 PL_strcat(pathName, name);
55 printf("pathName = %s\n", pathName);
56
57 cleanup:
58
59 PKIX_TEST_RETURN();
60
61 return (pathName);
62 }
63
64 PKIX_PL_Cert *
createCert(char * dirName,char * certFileName,void * plContext)65 createCert(
66 char *dirName,
67 char *certFileName,
68 void *plContext)
69 {
70 PKIX_PL_ByteArray *byteArray = NULL;
71 void *buf = NULL;
72 PRFileDesc *certFile = NULL;
73 PKIX_UInt32 len;
74 SECItem certDER;
75 SECStatus rv;
76 /* default: NULL cert (failure case) */
77 PKIX_PL_Cert *cert = NULL;
78 char *pathName = NULL;
79
80 PKIX_TEST_STD_VARS();
81
82 certDER.data = NULL;
83
84 pathName = catDirName(dirName, certFileName, plContext);
85 certFile = PR_Open(pathName, PR_RDONLY, 0);
86
87 if (!certFile) {
88 pkixTestErrorMsg = "Unable to open cert file";
89 goto cleanup;
90 } else {
91 rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE);
92 if (!rv) {
93 buf = (void *)certDER.data;
94 len = certDER.len;
95
96 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
97
98 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
99
100 SECITEM_FreeItem(&certDER, PR_FALSE);
101 } else {
102 pkixTestErrorMsg = "Unable to read DER from cert file";
103 goto cleanup;
104 }
105 }
106
107 cleanup:
108
109 pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);
110
111 if (certFile) {
112 PR_Close(certFile);
113 }
114
115 if (PKIX_TEST_ERROR_RECEIVED) {
116 SECITEM_FreeItem(&certDER, PR_FALSE);
117 }
118
119 PKIX_TEST_DECREF_AC(byteArray);
120
121 PKIX_TEST_RETURN();
122
123 return (cert);
124 }
125
126 PKIX_PL_CRL *
createCRL(char * dirName,char * crlFileName,void * plContext)127 createCRL(
128 char *dirName,
129 char *crlFileName,
130 void *plContext)
131 {
132 PKIX_PL_ByteArray *byteArray = NULL;
133 PKIX_PL_CRL *crl = NULL;
134 PKIX_Error *error = NULL;
135 PRFileDesc *inFile = NULL;
136 SECItem crlDER;
137 void *buf = NULL;
138 PKIX_UInt32 len;
139 SECStatus rv;
140 char *pathName = NULL;
141
142 PKIX_TEST_STD_VARS();
143
144 crlDER.data = NULL;
145
146 pathName = catDirName(dirName, crlFileName, plContext);
147 inFile = PR_Open(pathName, PR_RDONLY, 0);
148
149 if (!inFile) {
150 pkixTestErrorMsg = "Unable to open crl file";
151 goto cleanup;
152 } else {
153 rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
154 if (!rv) {
155 buf = (void *)crlDER.data;
156 len = crlDER.len;
157
158 error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
159
160 if (error) {
161 pkixTestErrorMsg =
162 "PKIX_PL_ByteArray_Create failed";
163 goto cleanup;
164 }
165
166 error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
167 if (error) {
168 pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
169 goto cleanup;
170 }
171
172 SECITEM_FreeItem(&crlDER, PR_FALSE);
173 } else {
174 pkixTestErrorMsg = "Unable to read DER from crl file";
175 goto cleanup;
176 }
177 }
178
179 cleanup:
180
181 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));
182
183 if (inFile) {
184 PR_Close(inFile);
185 }
186
187 if (error) {
188 SECITEM_FreeItem(&crlDER, PR_FALSE);
189 }
190
191 PKIX_TEST_DECREF_AC(byteArray);
192
193 PKIX_TEST_RETURN();
194
195 return (crl);
196 }
197
198 PKIX_TrustAnchor *
createTrustAnchor(char * dirName,char * certFileName,PKIX_Boolean useCert,void * plContext)199 createTrustAnchor(
200 char *dirName,
201 char *certFileName,
202 PKIX_Boolean useCert,
203 void *plContext)
204 {
205 PKIX_TrustAnchor *anchor = NULL;
206 PKIX_PL_Cert *cert = NULL;
207 PKIX_PL_X500Name *name = NULL;
208 PKIX_PL_PublicKey *pubKey = NULL;
209 PKIX_PL_CertNameConstraints *nameConstraints = NULL;
210
211 PKIX_TEST_STD_VARS();
212
213 cert = createCert(dirName, certFileName, plContext);
214
215 if (useCert) {
216 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext));
217 } else {
218 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext));
219
220 if (name == NULL) {
221 goto cleanup;
222 }
223
224 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
225
226 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL));
227
228 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext));
229 }
230
231 cleanup:
232
233 if (PKIX_TEST_ERROR_RECEIVED) {
234 PKIX_TEST_DECREF_AC(anchor);
235 }
236
237 PKIX_TEST_DECREF_AC(cert);
238 PKIX_TEST_DECREF_AC(name);
239 PKIX_TEST_DECREF_AC(pubKey);
240 PKIX_TEST_DECREF_AC(nameConstraints);
241
242 PKIX_TEST_RETURN();
243
244 return (anchor);
245 }
246
247 PKIX_List *
createCertChain(char * dirName,char * firstCertFileName,char * secondCertFileName,void * plContext)248 createCertChain(
249 char *dirName,
250 char *firstCertFileName,
251 char *secondCertFileName,
252 void *plContext)
253 {
254 PKIX_PL_Cert *firstCert = NULL;
255 PKIX_PL_Cert *secondCert = NULL;
256 PKIX_List *certList = NULL;
257
258 PKIX_TEST_STD_VARS();
259
260 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
261
262 firstCert = createCert(dirName, firstCertFileName, plContext);
263
264 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext));
265
266 if (secondCertFileName) {
267 secondCert = createCert(dirName, secondCertFileName, plContext);
268
269 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext));
270 }
271
272 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
273
274 cleanup:
275
276 if (PKIX_TEST_ERROR_RECEIVED) {
277 PKIX_TEST_DECREF_AC(certList);
278 }
279
280 PKIX_TEST_DECREF_AC(firstCert);
281 PKIX_TEST_DECREF_AC(secondCert);
282
283 PKIX_TEST_RETURN();
284
285 return (certList);
286 }
287
288 PKIX_List *
createCertChainPlus(char * dirName,char * certNames[],PKIX_PL_Cert * certs[],PKIX_UInt32 numCerts,void * plContext)289 createCertChainPlus(
290 char *dirName,
291 char *certNames[],
292 PKIX_PL_Cert *certs[],
293 PKIX_UInt32 numCerts,
294 void *plContext)
295 {
296 PKIX_List *certList = NULL;
297 PKIX_UInt32 i;
298
299 PKIX_TEST_STD_VARS();
300
301 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
302
303 for (i = 0; i < numCerts; i++) {
304
305 certs[i] = createCert(dirName, certNames[i], plContext);
306
307 /* Create Cert may fail */
308 if (certs[i] == NULL) {
309 PKIX_TEST_DECREF_BC(certList);
310 goto cleanup;
311 }
312
313 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList,
314 (PKIX_PL_Object *)certs[i],
315 plContext));
316 }
317
318 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
319
320 cleanup:
321
322 if (PKIX_TEST_ERROR_RECEIVED) {
323 PKIX_TEST_DECREF_AC(certList);
324 }
325
326 for (i = 0; i < numCerts; i++) {
327 PKIX_TEST_DECREF_AC(certs[i]);
328 }
329
330 PKIX_TEST_RETURN();
331
332 return (certList);
333 }
334
335 PKIX_PL_Date *
createDate(char * asciiDate,void * plContext)336 createDate(
337 char *asciiDate,
338 void *plContext)
339 {
340 PKIX_PL_Date *date = NULL;
341 PKIX_PL_String *plString = NULL;
342
343 PKIX_TEST_STD_VARS();
344
345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext));
346
347 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext));
348
349 cleanup:
350
351 PKIX_TEST_DECREF_AC(plString);
352
353 PKIX_TEST_RETURN();
354
355 return (date);
356 }
357
358 PKIX_ProcessingParams *
createProcessingParams(char * dirName,char * firstAnchorFileName,char * secondAnchorFileName,char * dateAscii,PKIX_List * initialPolicies,PKIX_Boolean isCrlEnabled,void * plContext)359 createProcessingParams(
360 char *dirName,
361 char *firstAnchorFileName,
362 char *secondAnchorFileName,
363 char *dateAscii,
364 PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
365 PKIX_Boolean isCrlEnabled,
366 void *plContext)
367 {
368
369 PKIX_TrustAnchor *firstAnchor = NULL;
370 PKIX_TrustAnchor *secondAnchor = NULL;
371 PKIX_List *anchorsList = NULL;
372 PKIX_ProcessingParams *procParams = NULL;
373 PKIX_PL_String *dateString = NULL;
374 PKIX_PL_Date *testDate = NULL;
375
376 PKIX_TEST_STD_VARS();
377
378 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
379
380 firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext);
381
382 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
383 (PKIX_PL_Object *)firstAnchor,
384 plContext));
385
386 if (secondAnchorFileName) {
387 secondAnchor =
388 createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext);
389
390 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
391 (PKIX_PL_Object *)secondAnchor,
392 plContext));
393 }
394
395 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext));
396
397 if (dateAscii) {
398 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
399 dateAscii,
400 0,
401 &dateString,
402 plContext));
403
404 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext));
405
406 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext));
407 }
408
409 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
410
411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext));
412
413 cleanup:
414
415 if (PKIX_TEST_ERROR_RECEIVED) {
416 PKIX_TEST_DECREF_AC(procParams);
417 }
418
419 PKIX_TEST_DECREF_AC(dateString);
420 PKIX_TEST_DECREF_AC(testDate);
421 PKIX_TEST_DECREF_AC(anchorsList);
422 PKIX_TEST_DECREF_AC(firstAnchor);
423 PKIX_TEST_DECREF_AC(secondAnchor);
424
425 PKIX_TEST_RETURN();
426
427 return (procParams);
428 }
429
430 PKIX_ValidateParams *
createValidateParams(char * dirName,char * firstAnchorFileName,char * secondAnchorFileName,char * dateAscii,PKIX_List * initialPolicies,PKIX_Boolean initialPolicyMappingInhibit,PKIX_Boolean initialAnyPolicyInhibit,PKIX_Boolean initialExplicitPolicy,PKIX_Boolean isCrlEnabled,PKIX_List * chain,void * plContext)431 createValidateParams(
432 char *dirName,
433 char *firstAnchorFileName,
434 char *secondAnchorFileName,
435 char *dateAscii,
436 PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
437 PKIX_Boolean initialPolicyMappingInhibit,
438 PKIX_Boolean initialAnyPolicyInhibit,
439 PKIX_Boolean initialExplicitPolicy,
440 PKIX_Boolean isCrlEnabled,
441 PKIX_List *chain,
442 void *plContext)
443 {
444
445 PKIX_ProcessingParams *procParams = NULL;
446 PKIX_ValidateParams *valParams = NULL;
447
448 PKIX_TEST_STD_VARS();
449
450 procParams =
451 createProcessingParams(dirName,
452 firstAnchorFileName,
453 secondAnchorFileName,
454 dateAscii,
455 NULL,
456 isCrlEnabled,
457 plContext);
458
459 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
460
461 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL));
462
463 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL));
464
465 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL));
466
467 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext));
468
469 cleanup:
470
471 if (PKIX_TEST_ERROR_RECEIVED) {
472 PKIX_TEST_DECREF_AC(valParams);
473 }
474
475 PKIX_TEST_DECREF_AC(procParams);
476
477 PKIX_TEST_RETURN();
478
479 return (valParams);
480 }
481
482 PKIX_ValidateResult *
createValidateResult(char * dirName,char * anchorFileName,char * pubKeyCertFileName,void * plContext)483 createValidateResult(
484 char *dirName,
485 char *anchorFileName,
486 char *pubKeyCertFileName,
487 void *plContext)
488 {
489
490 PKIX_TrustAnchor *anchor = NULL;
491 PKIX_ValidateResult *valResult = NULL;
492 PKIX_PL_Cert *cert = NULL;
493 PKIX_PL_PublicKey *pubKey = NULL;
494
495 PKIX_TEST_STD_VARS();
496
497 anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext);
498 cert = createCert(dirName, pubKeyCertFileName, plContext);
499
500 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
501
502 PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext));
503
504 cleanup:
505
506 if (PKIX_TEST_ERROR_RECEIVED) {
507 PKIX_TEST_DECREF_AC(valResult);
508 }
509
510 PKIX_TEST_DECREF_AC(anchor);
511 PKIX_TEST_DECREF_AC(cert);
512 PKIX_TEST_DECREF_AC(pubKey);
513
514 PKIX_TEST_RETURN();
515
516 return (valResult);
517 }
518
519 PKIX_PL_GeneralName *
createGeneralName(PKIX_UInt32 nameType,char * asciiName,void * plContext)520 createGeneralName(
521 PKIX_UInt32 nameType,
522 char *asciiName,
523 void *plContext)
524 {
525
526 PKIX_PL_GeneralName *generalName = NULL;
527 PKIX_PL_String *plString = NULL;
528
529 PKIX_TEST_STD_VARS();
530
531 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
532
533 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext));
534
535 cleanup:
536
537 PKIX_TEST_DECREF_AC(plString);
538
539 PKIX_TEST_RETURN();
540
541 return (generalName);
542 }
543
544 PKIX_BuildResult *
createBuildResult(char * dirName,char * anchorFileName,char * pubKeyCertFileName,char * firstChainCertFileName,char * secondChainCertFileName,void * plContext)545 createBuildResult(
546 char *dirName,
547 char *anchorFileName,
548 char *pubKeyCertFileName,
549 char *firstChainCertFileName,
550 char *secondChainCertFileName,
551 void *plContext)
552 {
553 PKIX_BuildResult *buildResult = NULL;
554 PKIX_ValidateResult *valResult = NULL;
555 PKIX_List *certChain = NULL;
556
557 PKIX_TEST_STD_VARS();
558
559 valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext);
560 certChain = createCertChain(dirName,
561 firstChainCertFileName,
562 secondChainCertFileName,
563 plContext);
564
565 PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext));
566
567 cleanup:
568
569 if (PKIX_TEST_ERROR_RECEIVED) {
570 PKIX_TEST_DECREF_AC(buildResult);
571 }
572
573 PKIX_TEST_DECREF_AC(valResult);
574 PKIX_TEST_DECREF_AC(certChain);
575
576 PKIX_TEST_RETURN();
577
578 return (buildResult);
579 }
580