1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * test_comcertselparams.c
6 *
7 * Test Common Cert Selector Params
8 *
9 */
10
11 #include "testutil.h"
12 #include "testutil_nss.h"
13
14 static void *plContext = NULL;
15
16 static void
test_CreateOIDList(PKIX_List * certPolicyInfos,PKIX_List ** pPolicyOIDs)17 test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs)
18 {
19 PKIX_UInt32 i = 0;
20 PKIX_UInt32 numInfos = 0;
21 PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
22 PKIX_PL_OID *policyOID = NULL;
23 PKIX_List *certPolicies = NULL;
24
25 PKIX_TEST_STD_VARS();
26
27 /* Convert from List of CertPolicyInfos to List of OIDs */
28 if (certPolicyInfos) {
29 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext));
30 }
31
32 if (numInfos > 0) {
33 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext));
34 }
35 for (i = 0; i < numInfos; i++) {
36 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos,
37 i,
38 (PKIX_PL_Object **)&certPolicyInfo,
39 plContext));
40 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext));
41 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext));
42 PKIX_TEST_DECREF_BC(certPolicyInfo);
43 PKIX_TEST_DECREF_BC(policyOID);
44 }
45
46 *pPolicyOIDs = certPolicies;
47
48 cleanup:
49
50 PKIX_TEST_DECREF_AC(certPolicyInfo);
51 PKIX_TEST_DECREF_AC(policyOID);
52
53 PKIX_TEST_RETURN();
54 }
55
56 static void
test_NameConstraints(char * dirName)57 test_NameConstraints(char *dirName)
58 {
59 PKIX_PL_Cert *goodCert = NULL;
60 PKIX_PL_CertNameConstraints *getNameConstraints = NULL;
61 PKIX_PL_CertNameConstraints *setNameConstraints = NULL;
62 PKIX_ComCertSelParams *goodParams = NULL;
63 char *expectedAscii =
64 "[\n"
65 "\t\tPermitted Name: (OU=permittedSubtree1,"
66 "O=Test Certificates,C=US, OU=permittedSubtree2,"
67 "O=Test Certificates,C=US)\n"
68 "\t\tExcluded Name: (EMPTY)\n"
69 "\t]\n";
70
71 PKIX_TEST_STD_VARS();
72
73 subTest("Create Cert for NameConstraints test");
74
75 goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
76
77 subTest("PKIX_PL_Cert_GetNameConstraints");
78 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext));
79
80 subTest("PKIX_ComCertSelParams_Create");
81 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
82
83 subTest("PKIX_ComCertSelParams_SetNameConstraints");
84 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext));
85
86 subTest("PKIX_ComCertSelParams_GetNameConstraints");
87 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext));
88
89 subTest("Compare NameConstraints");
90 testEqualsHelper((PKIX_PL_Object *)setNameConstraints,
91 (PKIX_PL_Object *)getNameConstraints,
92 PKIX_TRUE,
93 plContext);
94
95 subTest("Compare NameConstraints with canned string");
96 testToStringHelper((PKIX_PL_Object *)getNameConstraints,
97 expectedAscii,
98 plContext);
99
100 cleanup:
101
102 PKIX_TEST_DECREF_AC(goodCert);
103 PKIX_TEST_DECREF_AC(getNameConstraints);
104 PKIX_TEST_DECREF_AC(setNameConstraints);
105 PKIX_TEST_DECREF_AC(goodParams);
106
107 PKIX_TEST_RETURN();
108 }
109
110 static void
test_PathToNames(void)111 test_PathToNames(void)
112 {
113 PKIX_ComCertSelParams *goodParams = NULL;
114 PKIX_List *setGenNames = NULL;
115 PKIX_List *getGenNames = NULL;
116 PKIX_PL_GeneralName *rfc822GenName = NULL;
117 PKIX_PL_GeneralName *dnsGenName = NULL;
118 PKIX_PL_GeneralName *dirGenName = NULL;
119 PKIX_PL_GeneralName *uriGenName = NULL;
120 PKIX_PL_GeneralName *oidGenName = NULL;
121 char *rfc822Name = "john.doe@labs.com";
122 char *dnsName = "comcast.net";
123 char *dirName = "cn=john, ou=labs, o=sun, c=us";
124 char *uriName = "http://comcast.net";
125 char *oidName = "1.2.840.11";
126 char *expectedAscii =
127 "(john.doe@labs.com, "
128 "comcast.net, "
129 "CN=john,OU=labs,O=sun,C=us, "
130 "http://comcast.net)";
131 char *expectedAsciiAll =
132 "(john.doe@labs.com, "
133 "comcast.net, "
134 "CN=john,OU=labs,O=sun,C=us, "
135 "http://comcast.net, "
136 "1.2.840.11)";
137
138 PKIX_TEST_STD_VARS();
139
140 subTest("PKIX_PL_GeneralName_Create");
141 dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
142 uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
143 oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
144 dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
145 rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
146 rfc822Name,
147 plContext);
148
149 subTest("PKIX_PL_GeneralName List create and append");
150 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
151
152 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
153
154 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
155
156 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
157
158 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
159
160 subTest("PKIX_ComCertSelParams_Create");
161 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
162
163 subTest("PKIX_ComCertSelParams_SetPathToNames");
164 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext));
165
166 subTest("PKIX_ComCertSelParams_GetPathToNames");
167 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
168
169 subTest("Compare GeneralName List");
170 testEqualsHelper((PKIX_PL_Object *)setGenNames,
171 (PKIX_PL_Object *)getGenNames,
172 PKIX_TRUE,
173 plContext);
174
175 subTest("Compare GeneralName List with canned string");
176 testToStringHelper((PKIX_PL_Object *)getGenNames,
177 expectedAscii,
178 plContext);
179
180 subTest("PKIX_ComCertSelParams_AddPathToName");
181 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext));
182
183 PKIX_TEST_DECREF_BC(getGenNames);
184
185 subTest("PKIX_ComCertSelParams_GetPathToNames");
186 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
187
188 subTest("Compare GeneralName List with canned string");
189 testToStringHelper((PKIX_PL_Object *)getGenNames,
190 expectedAsciiAll,
191 plContext);
192
193 cleanup:
194
195 PKIX_TEST_DECREF_AC(goodParams);
196 PKIX_TEST_DECREF_AC(setGenNames);
197 PKIX_TEST_DECREF_AC(getGenNames);
198 PKIX_TEST_DECREF_AC(rfc822GenName);
199 PKIX_TEST_DECREF_AC(dnsGenName);
200 PKIX_TEST_DECREF_AC(dirGenName);
201 PKIX_TEST_DECREF_AC(uriGenName);
202 PKIX_TEST_DECREF_AC(oidGenName);
203
204 PKIX_TEST_RETURN();
205 }
206
207 static void
test_SubjAltNames(void)208 test_SubjAltNames(void)
209 {
210 PKIX_ComCertSelParams *goodParams = NULL;
211 PKIX_List *setGenNames = NULL;
212 PKIX_List *getGenNames = NULL;
213 PKIX_PL_GeneralName *rfc822GenName = NULL;
214 PKIX_PL_GeneralName *dnsGenName = NULL;
215 PKIX_PL_GeneralName *dirGenName = NULL;
216 PKIX_PL_GeneralName *uriGenName = NULL;
217 PKIX_PL_GeneralName *oidGenName = NULL;
218 PKIX_Boolean matchAll = PKIX_TRUE;
219 char *rfc822Name = "john.doe@labs.com";
220 char *dnsName = "comcast.net";
221 char *dirName = "cn=john, ou=labs, o=sun, c=us";
222 char *uriName = "http://comcast.net";
223 char *oidName = "1.2.840.11";
224 char *expectedAscii =
225 "(john.doe@labs.com, "
226 "comcast.net, "
227 "CN=john,OU=labs,O=sun,C=us, "
228 "http://comcast.net)";
229 char *expectedAsciiAll =
230 "(john.doe@labs.com, "
231 "comcast.net, "
232 "CN=john,OU=labs,O=sun,C=us, "
233 "http://comcast.net, "
234 "1.2.840.11)";
235
236 PKIX_TEST_STD_VARS();
237
238 subTest("PKIX_PL_GeneralName_Create");
239 dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
240 uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
241 oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
242 dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
243 rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
244 rfc822Name,
245 plContext);
246
247 subTest("PKIX_PL_GeneralName List create and append");
248 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
249
250 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
251
252 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
253
254 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
255
256 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
257
258 subTest("PKIX_ComCertSelParams_Create");
259 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
260
261 subTest("PKIX_ComCertSelParams_SetSubjAltNames");
262 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext));
263
264 subTest("PKIX_ComCertSelParams_GetSubjAltNames");
265 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
266
267 subTest("Compare GeneralName List");
268 testEqualsHelper((PKIX_PL_Object *)setGenNames,
269 (PKIX_PL_Object *)getGenNames,
270 PKIX_TRUE,
271 plContext);
272
273 subTest("Compare GeneralName List with canned string");
274 testToStringHelper((PKIX_PL_Object *)getGenNames,
275 expectedAscii,
276 plContext);
277
278 subTest("PKIX_ComCertSelParams_AddSubjAltName");
279 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext));
280
281 PKIX_TEST_DECREF_BC(getGenNames);
282
283 subTest("PKIX_ComCertSelParams_GetSubjAltNames");
284 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
285
286 subTest("Compare GeneralName List with canned string");
287 testToStringHelper((PKIX_PL_Object *)getGenNames,
288 expectedAsciiAll,
289 plContext);
290
291 subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
292 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
293 if (matchAll != PKIX_TRUE) {
294 testError("unexpected mismatch <expect TRUE>");
295 }
296
297 subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
298 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext));
299 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
300 if (matchAll != PKIX_FALSE) {
301 testError("unexpected mismatch <expect FALSE>");
302 }
303
304 cleanup:
305
306 PKIX_TEST_DECREF_AC(goodParams);
307 PKIX_TEST_DECREF_AC(setGenNames);
308 PKIX_TEST_DECREF_AC(getGenNames);
309 PKIX_TEST_DECREF_AC(rfc822GenName);
310 PKIX_TEST_DECREF_AC(dnsGenName);
311 PKIX_TEST_DECREF_AC(dirGenName);
312 PKIX_TEST_DECREF_AC(uriGenName);
313 PKIX_TEST_DECREF_AC(oidGenName);
314
315 PKIX_TEST_RETURN();
316 }
317
318 static void
test_KeyUsages(void)319 test_KeyUsages(void)
320 {
321 PKIX_ComCertSelParams *goodParams = NULL;
322 PKIX_PL_OID *ekuOid = NULL;
323 PKIX_List *setExtKeyUsage = NULL;
324 PKIX_List *getExtKeyUsage = NULL;
325 PKIX_UInt32 getKeyUsage = 0;
326 PKIX_UInt32 setKeyUsage = 0x1FF;
327 PKIX_Boolean isEqual = PKIX_FALSE;
328
329 PKIX_TEST_STD_VARS();
330
331 subTest("PKIX_ComCertSelParams_Create");
332 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
333
334 subTest("PKIX_ComCertSelParams_SetKeyUsage");
335 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext));
336
337 subTest("PKIX_ComCertSelParams_GetKeyUsage");
338 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext));
339
340 if (setKeyUsage != getKeyUsage) {
341 testError("unexpected KeyUsage mismatch <expect equal>");
342 }
343
344 subTest("PKIX_PL_OID List create and append");
345 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext));
346 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext));
347 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
348 PKIX_TEST_DECREF_BC(ekuOid);
349
350 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext));
351 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
352 PKIX_TEST_DECREF_BC(ekuOid);
353
354 subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
355 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext));
356
357 subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage");
358 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext));
359
360 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage,
361 (PKIX_PL_Object *)getExtKeyUsage,
362 &isEqual,
363 plContext));
364
365 if (isEqual == PKIX_FALSE) {
366 testError("unexpected ExtKeyUsage mismatch <expect equal>");
367 }
368
369 cleanup:
370
371 PKIX_TEST_DECREF_AC(ekuOid);
372 PKIX_TEST_DECREF_AC(setExtKeyUsage);
373 PKIX_TEST_DECREF_AC(getExtKeyUsage);
374 PKIX_TEST_DECREF_AC(goodParams);
375
376 PKIX_TEST_RETURN();
377 }
378
379 static void
test_Version_Issuer_SerialNumber(void)380 test_Version_Issuer_SerialNumber(void)
381 {
382 PKIX_ComCertSelParams *goodParams = NULL;
383 PKIX_UInt32 version = 0;
384 PKIX_PL_X500Name *setIssuer = NULL;
385 PKIX_PL_X500Name *getIssuer = NULL;
386 PKIX_PL_String *str = NULL;
387 PKIX_PL_BigInt *setSerialNumber = NULL;
388 PKIX_PL_BigInt *getSerialNumber = NULL;
389 PKIX_Boolean isEqual = PKIX_FALSE;
390 char *bigInt = "999999999999999999";
391
392 PKIX_TEST_STD_VARS();
393
394 subTest("PKIX_ComCertSelParams_Create");
395 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
396
397 /* Version */
398 subTest("PKIX_ComCertSelParams_SetVersion");
399 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
400
401 subTest("PKIX_ComCertSelParams_GetVersion");
402 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext));
403
404 if (version != 2) {
405 testError("unexpected Version mismatch <expect 2>");
406 }
407
408 /* Issuer */
409 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext));
410
411 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext));
412
413 PKIX_TEST_DECREF_BC(str);
414
415 subTest("PKIX_ComCertSelParams_SetIssuer");
416 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext));
417
418 subTest("PKIX_ComCertSelParams_GetIssuer");
419 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext));
420
421 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer,
422 (PKIX_PL_Object *)getIssuer,
423 &isEqual,
424 plContext));
425
426 if (isEqual == PKIX_FALSE) {
427 testError("unexpected Issuer mismatch <expect equal>");
428 }
429
430 /* Serial Number */
431 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext));
432
433 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext));
434
435 subTest("PKIX_ComCertSelParams_SetSerialNumber");
436 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext));
437
438 subTest("PKIX_ComCertSelParams_GetSerialNumber");
439 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext));
440
441 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber,
442 (PKIX_PL_Object *)getSerialNumber,
443 &isEqual,
444 plContext));
445
446 if (isEqual == PKIX_FALSE) {
447 testError("unexpected Serial Number mismatch <expect equal>");
448 }
449
450 cleanup:
451
452 PKIX_TEST_DECREF_AC(str);
453 PKIX_TEST_DECREF_AC(setIssuer);
454 PKIX_TEST_DECREF_AC(getIssuer);
455 PKIX_TEST_DECREF_AC(setSerialNumber);
456 PKIX_TEST_DECREF_AC(getSerialNumber);
457 PKIX_TEST_DECREF_AC(goodParams);
458
459 PKIX_TEST_RETURN();
460 }
461
462 static void
test_SubjKeyId_AuthKeyId(void)463 test_SubjKeyId_AuthKeyId(void)
464 {
465 PKIX_ComCertSelParams *goodParams = NULL;
466 PKIX_PL_ByteArray *setKeyId = NULL;
467 PKIX_PL_ByteArray *getKeyId = NULL;
468 PKIX_Boolean isEqual = PKIX_FALSE;
469
470 PKIX_TEST_STD_VARS();
471
472 /* Subject Key Identifier */
473 subTest("PKIX_PL_ByteArray_Create");
474 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext));
475
476 subTest("PKIX_ComCertSelParams_Create");
477 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
478
479 subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier");
480 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext));
481
482 subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier");
483 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext));
484
485 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
486 (PKIX_PL_Object *)getKeyId,
487 &isEqual,
488 plContext));
489
490 if (isEqual == PKIX_FALSE) {
491 testError("unexpected Subject Key Id mismatch <expect equal>");
492 }
493
494 PKIX_TEST_DECREF_BC(setKeyId);
495 PKIX_TEST_DECREF_BC(getKeyId);
496
497 /* Authority Key Identifier */
498 subTest("PKIX_PL_ByteArray_Create");
499 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext));
500
501 subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
502 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext));
503
504 subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
505 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext));
506
507 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
508 (PKIX_PL_Object *)getKeyId,
509 &isEqual,
510 plContext));
511
512 if (isEqual == PKIX_FALSE) {
513 testError("unexpected Auth Key Id mismatch <expect equal>");
514 }
515
516 cleanup:
517
518 PKIX_TEST_DECREF_AC(setKeyId);
519 PKIX_TEST_DECREF_AC(getKeyId);
520 PKIX_TEST_DECREF_AC(goodParams);
521
522 PKIX_TEST_RETURN();
523 }
524
525 static void
test_SubjAlgId_SubjPublicKey(char * dirName)526 test_SubjAlgId_SubjPublicKey(char *dirName)
527 {
528 PKIX_ComCertSelParams *goodParams = NULL;
529 PKIX_PL_OID *setAlgId = NULL;
530 PKIX_PL_OID *getAlgId = NULL;
531 PKIX_PL_Cert *goodCert = NULL;
532 PKIX_PL_PublicKey *setPublicKey = NULL;
533 PKIX_PL_PublicKey *getPublicKey = NULL;
534 PKIX_Boolean isEqual = PKIX_FALSE;
535
536 PKIX_TEST_STD_VARS();
537
538 /* Subject Algorithm Identifier */
539 subTest("PKIX_PL_OID_Create");
540 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext));
541
542 subTest("PKIX_ComCertSelParams_Create");
543 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
544
545 subTest("PKIX_ComCertSelParams_SetSubjPKAlgId");
546 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext));
547
548 subTest("PKIX_ComCertSelParams_GetSubjPKAlgId");
549 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext));
550
551 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId,
552 (PKIX_PL_Object *)getAlgId,
553 &isEqual,
554 plContext));
555
556 if (isEqual == PKIX_FALSE) {
557 testError("unexpected Subject Public Key Alg mismatch "
558 "<expect equal>");
559 }
560
561 /* Subject Public Key */
562 subTest("Getting Cert for Subject Public Key");
563
564 goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
565
566 subTest("PKIX_PL_Cert_GetSubjectPublicKey");
567 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext));
568
569 subTest("PKIX_ComCertSelParams_SetSubjPubKey");
570 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext));
571
572 subTest("PKIX_ComCertSelParams_GetSubjPubKey");
573 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext));
574
575 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey,
576 (PKIX_PL_Object *)getPublicKey,
577 &isEqual,
578 plContext));
579
580 if (isEqual == PKIX_FALSE) {
581 testError("unexpected Subject Public Key mismatch "
582 "<expect equal>");
583 }
584
585 cleanup:
586
587 PKIX_TEST_DECREF_AC(setAlgId);
588 PKIX_TEST_DECREF_AC(getAlgId);
589 PKIX_TEST_DECREF_AC(goodParams);
590 PKIX_TEST_DECREF_AC(goodCert);
591 PKIX_TEST_DECREF_AC(setPublicKey);
592 PKIX_TEST_DECREF_AC(getPublicKey);
593
594 PKIX_TEST_RETURN();
595 }
596
597 static void
printUsage(void)598 printUsage(void)
599 {
600 (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n");
601 }
602
603 int
test_comcertselparams(int argc,char * argv[])604 test_comcertselparams(int argc, char *argv[])
605 {
606
607 PKIX_UInt32 actualMinorVersion;
608 PKIX_UInt32 j = 0;
609
610 PKIX_PL_Cert *testCert = NULL;
611 PKIX_PL_Cert *goodCert = NULL;
612 PKIX_PL_Cert *equalCert = NULL;
613 PKIX_PL_Cert *diffCert = NULL;
614 PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
615 PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
616 PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */
617 PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */
618
619 PKIX_ComCertSelParams *goodParams = NULL;
620 PKIX_ComCertSelParams *equalParams = NULL;
621 PKIX_PL_X500Name *goodSubject = NULL;
622 PKIX_PL_X500Name *equalSubject = NULL;
623 PKIX_PL_X500Name *diffSubject = NULL;
624 PKIX_PL_X500Name *testSubject = NULL;
625 PKIX_Int32 goodMinPathLength = 0;
626 PKIX_Int32 equalMinPathLength = 0;
627 PKIX_Int32 diffMinPathLength = 0;
628 PKIX_Int32 testMinPathLength = 0;
629 PKIX_List *goodPolicies = NULL; /* OIDs */
630 PKIX_List *equalPolicies = NULL; /* OIDs */
631 PKIX_List *testPolicies = NULL; /* OIDs */
632 PKIX_List *cert2Policies = NULL; /* OIDs */
633
634 PKIX_PL_Date *testDate = NULL;
635 PKIX_PL_Date *goodDate = NULL;
636 PKIX_PL_Date *equalDate = NULL;
637 PKIX_PL_String *stringRep = NULL;
638 char *asciiRep = NULL;
639 char *dirName = NULL;
640
641 PKIX_TEST_STD_VARS();
642
643 if (argc < 2) {
644 printUsage();
645 return (0);
646 }
647
648 startTests("ComCertSelParams");
649
650 PKIX_TEST_EXPECT_NO_ERROR(
651 PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
652
653 dirName = argv[j + 1];
654
655 asciiRep = "050501000000Z";
656
657 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
658 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
659
660 testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext);
661
662 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext));
663 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext));
664 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext));
665 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext));
666
667 /* Convert from List of CertPolicyInfos to List of OIDs */
668 test_CreateOIDList(testPolicyInfos, &testPolicies);
669
670 subTest("Create goodParams and set its fields");
671 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
672 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext));
673 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext));
674 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext));
675 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext));
676 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext));
677
678 subTest("Duplicate goodParams and verify copy");
679 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams,
680 (PKIX_PL_Object **)&equalParams,
681 plContext));
682
683 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
684 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext));
685 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
686 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
687 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext));
688
689 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
690 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
691 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
692 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
693 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
694
695 testEqualsHelper((PKIX_PL_Object *)goodSubject,
696 (PKIX_PL_Object *)equalSubject,
697 PKIX_TRUE,
698 plContext);
699
700 if (goodMinPathLength != equalMinPathLength) {
701 testError("unexpected mismatch");
702 (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
703 (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
704 }
705
706 testEqualsHelper((PKIX_PL_Object *)goodPolicies,
707 (PKIX_PL_Object *)equalPolicies,
708 PKIX_TRUE,
709 plContext);
710
711 testEqualsHelper((PKIX_PL_Object *)goodCert,
712 (PKIX_PL_Object *)equalCert,
713 PKIX_TRUE,
714 plContext);
715
716 testEqualsHelper((PKIX_PL_Object *)goodDate,
717 (PKIX_PL_Object *)equalDate,
718 PKIX_TRUE,
719 plContext);
720
721 PKIX_TEST_DECREF_BC(equalSubject);
722 PKIX_TEST_DECREF_BC(equalPolicies);
723 PKIX_TEST_DECREF_BC(equalCert);
724 PKIX_TEST_DECREF_AC(equalDate);
725
726 subTest("Set different values and verify differences");
727
728 diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext);
729
730 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext));
731 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext));
732 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext));
733 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext));
734 test_CreateOIDList(cert2PolicyInfos, &cert2Policies);
735
736 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(
737 equalParams, diffSubject, plContext));
738 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext));
739 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext));
740
741 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
742 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
743 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
744
745 testEqualsHelper((PKIX_PL_Object *)goodSubject,
746 (PKIX_PL_Object *)equalSubject,
747 PKIX_FALSE,
748 plContext);
749
750 if (goodMinPathLength == equalMinPathLength) {
751 testError("unexpected match");
752 (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
753 (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
754 }
755
756 testEqualsHelper((PKIX_PL_Object *)goodPolicies,
757 (PKIX_PL_Object *)equalPolicies,
758 PKIX_FALSE,
759 plContext);
760
761 test_NameConstraints(dirName);
762 test_PathToNames();
763 test_SubjAltNames();
764 test_KeyUsages();
765 test_Version_Issuer_SerialNumber();
766 test_SubjKeyId_AuthKeyId();
767 test_SubjAlgId_SubjPublicKey(dirName);
768
769 cleanup:
770
771 PKIX_TEST_DECREF_AC(testSubject);
772 PKIX_TEST_DECREF_AC(goodSubject);
773 PKIX_TEST_DECREF_AC(equalSubject);
774 PKIX_TEST_DECREF_AC(diffSubject);
775 PKIX_TEST_DECREF_AC(testSubject);
776 PKIX_TEST_DECREF_AC(goodPolicies);
777 PKIX_TEST_DECREF_AC(equalPolicies);
778 PKIX_TEST_DECREF_AC(testPolicies);
779 PKIX_TEST_DECREF_AC(cert2Policies);
780 PKIX_TEST_DECREF_AC(goodParams);
781 PKIX_TEST_DECREF_AC(equalParams);
782 PKIX_TEST_DECREF_AC(goodCert);
783 PKIX_TEST_DECREF_AC(diffCert);
784 PKIX_TEST_DECREF_AC(testCert);
785 PKIX_TEST_DECREF_AC(goodBasicConstraints);
786 PKIX_TEST_DECREF_AC(diffBasicConstraints);
787 PKIX_TEST_DECREF_AC(testPolicyInfos);
788 PKIX_TEST_DECREF_AC(cert2PolicyInfos);
789 PKIX_TEST_DECREF_AC(stringRep);
790 PKIX_TEST_DECREF_AC(testDate);
791 PKIX_TEST_DECREF_AC(goodDate);
792
793 PKIX_Shutdown(plContext);
794
795 PKIX_TEST_RETURN();
796
797 endTests("ComCertSelParams");
798
799 return (0);
800 }
801