1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/cmd/libpkix/sample_apps/build_chain.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,265 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * buildChain.c
1.9 + *
1.10 + * Tests Cert Chain Building
1.11 + *
1.12 + */
1.13 +
1.14 +#include <stdio.h>
1.15 +#include <string.h>
1.16 +#include <stddef.h>
1.17 +
1.18 +#include "pkix_pl_generalname.h"
1.19 +#include "pkix_pl_cert.h"
1.20 +#include "pkix.h"
1.21 +#include "testutil.h"
1.22 +#include "prlong.h"
1.23 +#include "plstr.h"
1.24 +#include "prthread.h"
1.25 +#include "nspr.h"
1.26 +#include "prtypes.h"
1.27 +#include "prtime.h"
1.28 +#include "pk11func.h"
1.29 +#include "secasn1.h"
1.30 +#include "cert.h"
1.31 +#include "cryptohi.h"
1.32 +#include "secoid.h"
1.33 +#include "certdb.h"
1.34 +#include "secitem.h"
1.35 +#include "keythi.h"
1.36 +#include "nss.h"
1.37 +
1.38 +static void *plContext = NULL;
1.39 +
1.40 +static
1.41 +void printUsage(void){
1.42 + (void) printf("\nUSAGE:\tbuildChain "
1.43 + "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
1.44 + (void) printf
1.45 + ("Builds a chain of certificates between "
1.46 + "<trustedCert> and <targetCert>\n"
1.47 + "using the certs and CRLs in <certStoreDirectory>.\n");
1.48 +}
1.49 +
1.50 +static PKIX_PL_Cert *
1.51 +createCert(char *inFileName)
1.52 +{
1.53 + PKIX_PL_ByteArray *byteArray = NULL;
1.54 + void *buf = NULL;
1.55 + PRFileDesc *inFile = NULL;
1.56 + PKIX_UInt32 len;
1.57 + SECItem certDER;
1.58 + SECStatus rv;
1.59 + /* default: NULL cert (failure case) */
1.60 + PKIX_PL_Cert *cert = NULL;
1.61 +
1.62 + PKIX_TEST_STD_VARS();
1.63 +
1.64 + certDER.data = NULL;
1.65 +
1.66 + inFile = PR_Open(inFileName, PR_RDONLY, 0);
1.67 +
1.68 + if (!inFile){
1.69 + pkixTestErrorMsg = "Unable to open cert file";
1.70 + goto cleanup;
1.71 + } else {
1.72 + rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
1.73 + if (!rv){
1.74 + buf = (void *)certDER.data;
1.75 + len = certDER.len;
1.76 +
1.77 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
1.78 + (buf, len, &byteArray, plContext));
1.79 +
1.80 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
1.81 + (byteArray, &cert, plContext));
1.82 +
1.83 + SECITEM_FreeItem(&certDER, PR_FALSE);
1.84 + } else {
1.85 + pkixTestErrorMsg = "Unable to read DER from cert file";
1.86 + goto cleanup;
1.87 + }
1.88 + }
1.89 +
1.90 +cleanup:
1.91 +
1.92 + if (inFile){
1.93 + PR_Close(inFile);
1.94 + }
1.95 +
1.96 + if (PKIX_TEST_ERROR_RECEIVED){
1.97 + SECITEM_FreeItem(&certDER, PR_FALSE);
1.98 + }
1.99 +
1.100 + PKIX_TEST_DECREF_AC(byteArray);
1.101 +
1.102 + PKIX_TEST_RETURN();
1.103 +
1.104 + return (cert);
1.105 +}
1.106 +
1.107 +int build_chain(int argc, char *argv[])
1.108 +{
1.109 + PKIX_BuildResult *buildResult = NULL;
1.110 + PKIX_ComCertSelParams *certSelParams = NULL;
1.111 + PKIX_CertSelector *certSelector = NULL;
1.112 + PKIX_TrustAnchor *anchor = NULL;
1.113 + PKIX_List *anchors = NULL;
1.114 + PKIX_List *certs = NULL;
1.115 + PKIX_PL_Cert *cert = NULL;
1.116 + PKIX_ProcessingParams *procParams = NULL;
1.117 + char *trustedCertFile = NULL;
1.118 + char *targetCertFile = NULL;
1.119 + char *storeDirAscii = NULL;
1.120 + PKIX_PL_String *storeDirString = NULL;
1.121 + PKIX_PL_Cert *trustedCert = NULL;
1.122 + PKIX_PL_Cert *targetCert = NULL;
1.123 + PKIX_UInt32 actualMinorVersion, numCerts, i;
1.124 + PKIX_UInt32 j = 0;
1.125 + PKIX_CertStore *certStore = NULL;
1.126 + PKIX_List *certStores = NULL;
1.127 + char * asciiResult = NULL;
1.128 + PKIX_Boolean useArenas = PKIX_FALSE;
1.129 + void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
1.130 + void *nbioContext = NULL;
1.131 +
1.132 + PKIX_TEST_STD_VARS();
1.133 +
1.134 + if (argc < 4){
1.135 + printUsage();
1.136 + return (0);
1.137 + }
1.138 +
1.139 + useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
1.140 +
1.141 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
1.142 + (PKIX_TRUE, /* nssInitNeeded */
1.143 + useArenas,
1.144 + PKIX_MAJOR_VERSION,
1.145 + PKIX_MINOR_VERSION,
1.146 + PKIX_MINOR_VERSION,
1.147 + &actualMinorVersion,
1.148 + &plContext));
1.149 +
1.150 + /* create processing params with list of trust anchors */
1.151 + trustedCertFile = argv[j+1];
1.152 + trustedCert = createCert(trustedCertFile);
1.153 +
1.154 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
1.155 + (trustedCert, &anchor, plContext));
1.156 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
1.157 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
1.158 + (anchors, (PKIX_PL_Object *)anchor, plContext));
1.159 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
1.160 + (anchors, &procParams, plContext));
1.161 +
1.162 +
1.163 + /* create CertSelector with target certificate in params */
1.164 + PKIX_TEST_EXPECT_NO_ERROR
1.165 + (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
1.166 +
1.167 + targetCertFile = argv[j+2];
1.168 + targetCert = createCert(targetCertFile);
1.169 +
1.170 + PKIX_TEST_EXPECT_NO_ERROR
1.171 + (PKIX_ComCertSelParams_SetCertificate
1.172 + (certSelParams, targetCert, plContext));
1.173 +
1.174 + PKIX_TEST_EXPECT_NO_ERROR
1.175 + (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
1.176 +
1.177 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
1.178 + (certSelector, certSelParams, plContext));
1.179 +
1.180 + PKIX_TEST_EXPECT_NO_ERROR
1.181 + (PKIX_ProcessingParams_SetTargetCertConstraints
1.182 + (procParams, certSelector, plContext));
1.183 +
1.184 + /* create CertStores */
1.185 +
1.186 + storeDirAscii = argv[j+3];
1.187 +
1.188 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
1.189 + (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
1.190 +
1.191 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
1.192 + (storeDirString, &certStore, plContext));
1.193 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
1.194 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
1.195 + (certStores, (PKIX_PL_Object *)certStore, plContext));
1.196 +
1.197 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
1.198 + (procParams, certStores, plContext));
1.199 +
1.200 + /* build cert chain using processing params and return buildResult */
1.201 +
1.202 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain
1.203 + (procParams,
1.204 + &nbioContext,
1.205 + &buildState,
1.206 + &buildResult,
1.207 + NULL,
1.208 + plContext));
1.209 +
1.210 + /*
1.211 + * As long as we use only CertStores with blocking I/O, we can omit
1.212 + * checking for completion with nbioContext.
1.213 + */
1.214 +
1.215 + PKIX_TEST_EXPECT_NO_ERROR
1.216 + (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
1.217 +
1.218 + PKIX_TEST_EXPECT_NO_ERROR
1.219 + (PKIX_List_GetLength(certs, &numCerts, plContext));
1.220 +
1.221 + printf("\n");
1.222 +
1.223 + for (i = 0; i < numCerts; i++){
1.224 + PKIX_TEST_EXPECT_NO_ERROR
1.225 + (PKIX_List_GetItem
1.226 + (certs, i, (PKIX_PL_Object**)&cert, plContext));
1.227 +
1.228 + asciiResult = PKIX_Cert2ASCII(cert);
1.229 +
1.230 + printf("CERT[%d]:\n%s\n", i, asciiResult);
1.231 +
1.232 + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
1.233 + asciiResult = NULL;
1.234 +
1.235 + PKIX_TEST_DECREF_BC(cert);
1.236 + }
1.237 +
1.238 +cleanup:
1.239 +
1.240 + if (PKIX_TEST_ERROR_RECEIVED){
1.241 + (void) printf("FAILED TO BUILD CHAIN\n");
1.242 + } else {
1.243 + (void) printf("SUCCESSFULLY BUILT CHAIN\n");
1.244 + }
1.245 +
1.246 + PKIX_PL_Free(asciiResult, plContext);
1.247 +
1.248 + PKIX_TEST_DECREF_AC(certs);
1.249 + PKIX_TEST_DECREF_AC(cert);
1.250 + PKIX_TEST_DECREF_AC(certStore);
1.251 + PKIX_TEST_DECREF_AC(certStores);
1.252 + PKIX_TEST_DECREF_AC(storeDirString);
1.253 + PKIX_TEST_DECREF_AC(trustedCert);
1.254 + PKIX_TEST_DECREF_AC(targetCert);
1.255 + PKIX_TEST_DECREF_AC(anchor);
1.256 + PKIX_TEST_DECREF_AC(anchors);
1.257 + PKIX_TEST_DECREF_AC(procParams);
1.258 + PKIX_TEST_DECREF_AC(certSelParams);
1.259 + PKIX_TEST_DECREF_AC(certSelector);
1.260 + PKIX_TEST_DECREF_AC(buildResult);
1.261 +
1.262 + PKIX_TEST_RETURN();
1.263 +
1.264 + PKIX_Shutdown(plContext);
1.265 +
1.266 + return (0);
1.267 +
1.268 +}
