1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * test_basicchecker.c
6 *
7 * Test Basic Checking
8 *
9 */
10
11 #include "testutil.h"
12 #include "testutil_nss.h"
13
14 static void *plContext = NULL;
15
16 static void
testPass(char * dirName,char * goodInput,char * diffInput,char * dateAscii)17 testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii)
18 {
19
20 PKIX_List *chain = NULL;
21 PKIX_ValidateParams *valParams = NULL;
22 PKIX_ValidateResult *valResult = NULL;
23 PKIX_VerifyNode *verifyTree = NULL;
24 PKIX_PL_String *verifyString = NULL;
25
26 PKIX_TEST_STD_VARS();
27
28 subTest("Basic-Common-Fields <pass>");
29 /*
30 * Tests the Expiration, NameChaining, and Signature Checkers
31 */
32
33 chain = createCertChain(dirName, goodInput, diffInput, plContext);
34
35 valParams = createValidateParams(dirName,
36 goodInput,
37 diffInput,
38 dateAscii,
39 NULL,
40 PKIX_FALSE,
41 PKIX_FALSE,
42 PKIX_FALSE,
43 PKIX_FALSE,
44 chain,
45 plContext);
46
47 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
48
49 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
50 (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
51
52 cleanup:
53
54 PKIX_TEST_DECREF_AC(verifyString);
55 PKIX_TEST_DECREF_AC(verifyTree);
56 PKIX_TEST_DECREF_AC(chain);
57 PKIX_TEST_DECREF_AC(valParams);
58 PKIX_TEST_DECREF_AC(valResult);
59
60 PKIX_TEST_RETURN();
61 }
62
63 static void
testNameChainingFail(char * dirName,char * goodInput,char * diffInput,char * dateAscii)64 testNameChainingFail(
65 char *dirName,
66 char *goodInput,
67 char *diffInput,
68 char *dateAscii)
69 {
70 PKIX_List *chain = NULL;
71 PKIX_ValidateParams *valParams = NULL;
72 PKIX_ValidateResult *valResult = NULL;
73 PKIX_VerifyNode *verifyTree = NULL;
74 PKIX_PL_String *verifyString = NULL;
75
76 PKIX_TEST_STD_VARS();
77
78 subTest("NameChaining <fail>");
79
80 chain = createCertChain(dirName, diffInput, goodInput, plContext);
81
82 valParams = createValidateParams(dirName,
83 goodInput,
84 diffInput,
85 dateAscii,
86 NULL,
87 PKIX_FALSE,
88 PKIX_FALSE,
89 PKIX_FALSE,
90 PKIX_FALSE,
91 chain,
92 plContext);
93
94 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
95
96 cleanup:
97
98 PKIX_TEST_DECREF_AC(verifyString);
99 PKIX_TEST_DECREF_AC(verifyTree);
100 PKIX_TEST_DECREF_AC(chain);
101 PKIX_TEST_DECREF_AC(valParams);
102 PKIX_TEST_DECREF_AC(valResult);
103
104 PKIX_TEST_RETURN();
105 }
106
107 static void
testDateFail(char * dirName,char * goodInput,char * diffInput)108 testDateFail(char *dirName, char *goodInput, char *diffInput)
109 {
110
111 PKIX_List *chain = NULL;
112 PKIX_ValidateParams *valParams = NULL;
113 PKIX_ValidateResult *valResult = NULL;
114
115 PKIX_TEST_STD_VARS();
116
117 chain = createCertChain(dirName, goodInput, diffInput, plContext);
118
119 subTest("Expiration <fail>");
120 valParams = createValidateParams(dirName,
121 goodInput,
122 diffInput,
123 NULL,
124 NULL,
125 PKIX_FALSE,
126 PKIX_FALSE,
127 PKIX_FALSE,
128 PKIX_FALSE,
129 chain,
130 plContext);
131
132 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
133
134 cleanup:
135
136 PKIX_TEST_DECREF_AC(chain);
137 PKIX_TEST_DECREF_AC(valParams);
138 PKIX_TEST_DECREF_AC(valResult);
139
140 PKIX_TEST_RETURN();
141 }
142
143 static void
testSignatureFail(char * dirName,char * goodInput,char * diffInput,char * dateAscii)144 testSignatureFail(
145 char *dirName,
146 char *goodInput,
147 char *diffInput,
148 char *dateAscii)
149 {
150 PKIX_List *chain = NULL;
151 PKIX_ValidateParams *valParams = NULL;
152 PKIX_ValidateResult *valResult = NULL;
153
154 PKIX_TEST_STD_VARS();
155
156 subTest("Signature <fail>");
157
158 chain = createCertChain(dirName, diffInput, goodInput, plContext);
159
160 valParams = createValidateParams(dirName,
161 goodInput,
162 diffInput,
163 dateAscii,
164 NULL,
165 PKIX_FALSE,
166 PKIX_FALSE,
167 PKIX_FALSE,
168 PKIX_FALSE,
169 chain,
170 plContext);
171
172 PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
173
174 cleanup:
175
176 PKIX_TEST_DECREF_AC(chain);
177 PKIX_TEST_DECREF_AC(valParams);
178 PKIX_TEST_DECREF_AC(valResult);
179
180 PKIX_TEST_RETURN();
181 }
182
183 static void
printUsage(char * pName)184 printUsage(char *pName)
185 {
186 printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
187 }
188
189 int
test_basicchecker(int argc,char * argv[])190 test_basicchecker(int argc, char *argv[])
191 {
192
193 char *goodInput = "yassir2yassir";
194 char *diffInput = "yassir2bcn";
195 char *dateAscii = "991201000000Z";
196 char *dirName = NULL;
197 PKIX_UInt32 j = 0;
198 PKIX_UInt32 actualMinorVersion;
199
200 PKIX_TEST_STD_VARS();
201
202 startTests("SignatureChecker");
203
204 PKIX_TEST_EXPECT_NO_ERROR(
205 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
206
207 if (argc < 2) {
208 printUsage(argv[0]);
209 return (0);
210 }
211
212 dirName = argv[j + 1];
213
214 /* The NameChaining, Expiration, and Signature Checkers all pass */
215 testPass(dirName, goodInput, diffInput, dateAscii);
216
217 /* Individual Checkers fail */
218 testNameChainingFail(dirName, goodInput, diffInput, dateAscii);
219 testDateFail(dirName, goodInput, diffInput);
220
221 /*
222 * XXX
223 * since the signature check is done last, we need to create
224 * certs whose name chaining passes, but their signatures fail;
225 * we currently don't have any such certs.
226 */
227 /* testSignatureFail(goodInput, diffInput, dateAscii); */
228
229 cleanup:
230
231 PKIX_Shutdown(plContext);
232
233 PKIX_TEST_RETURN();
234
235 endTests("SignatureChecker");
236
237 return (0);
238 }
239