security/nss/cmd/libpkix/sample_apps/build_chain.c@4ab42b5ab56c
security/nss/cmd/libpkix/sample_apps/build_chain.c
Wed, 31 Dec 2014 07:53:36 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 07:53:36 +0100
- branch
- TOR_BUG_3246
- changeset 5
- 4ab42b5ab56c
- permissions
- -rw-r--r--
Correct small whitespace inconsistency, lost while renaming variables.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * buildChain.c
6 *
7 * Tests Cert Chain Building
8 *
9 */
11 #include <stdio.h>
12 #include <string.h>
13 #include <stddef.h>
15 #include "pkix_pl_generalname.h"
16 #include "pkix_pl_cert.h"
17 #include "pkix.h"
18 #include "testutil.h"
19 #include "prlong.h"
20 #include "plstr.h"
21 #include "prthread.h"
22 #include "nspr.h"
23 #include "prtypes.h"
24 #include "prtime.h"
25 #include "pk11func.h"
26 #include "secasn1.h"
27 #include "cert.h"
28 #include "cryptohi.h"
29 #include "secoid.h"
30 #include "certdb.h"
31 #include "secitem.h"
32 #include "keythi.h"
33 #include "nss.h"
35 static void *plContext = NULL;
37 static
38 void printUsage(void){
39 (void) printf("\nUSAGE:\tbuildChain "
40 "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
41 (void) printf
42 ("Builds a chain of certificates between "
43 "<trustedCert> and <targetCert>\n"
44 "using the certs and CRLs in <certStoreDirectory>.\n");
45 }
47 static PKIX_PL_Cert *
48 createCert(char *inFileName)
49 {
50 PKIX_PL_ByteArray *byteArray = NULL;
51 void *buf = NULL;
52 PRFileDesc *inFile = NULL;
53 PKIX_UInt32 len;
54 SECItem certDER;
55 SECStatus rv;
56 /* default: NULL cert (failure case) */
57 PKIX_PL_Cert *cert = NULL;
59 PKIX_TEST_STD_VARS();
61 certDER.data = NULL;
63 inFile = PR_Open(inFileName, PR_RDONLY, 0);
65 if (!inFile){
66 pkixTestErrorMsg = "Unable to open cert file";
67 goto cleanup;
68 } else {
69 rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
70 if (!rv){
71 buf = (void *)certDER.data;
72 len = certDER.len;
74 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create
75 (buf, len, &byteArray, plContext));
77 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create
78 (byteArray, &cert, plContext));
80 SECITEM_FreeItem(&certDER, PR_FALSE);
81 } else {
82 pkixTestErrorMsg = "Unable to read DER from cert file";
83 goto cleanup;
84 }
85 }
87 cleanup:
89 if (inFile){
90 PR_Close(inFile);
91 }
93 if (PKIX_TEST_ERROR_RECEIVED){
94 SECITEM_FreeItem(&certDER, PR_FALSE);
95 }
97 PKIX_TEST_DECREF_AC(byteArray);
99 PKIX_TEST_RETURN();
101 return (cert);
102 }
104 int build_chain(int argc, char *argv[])
105 {
106 PKIX_BuildResult *buildResult = NULL;
107 PKIX_ComCertSelParams *certSelParams = NULL;
108 PKIX_CertSelector *certSelector = NULL;
109 PKIX_TrustAnchor *anchor = NULL;
110 PKIX_List *anchors = NULL;
111 PKIX_List *certs = NULL;
112 PKIX_PL_Cert *cert = NULL;
113 PKIX_ProcessingParams *procParams = NULL;
114 char *trustedCertFile = NULL;
115 char *targetCertFile = NULL;
116 char *storeDirAscii = NULL;
117 PKIX_PL_String *storeDirString = NULL;
118 PKIX_PL_Cert *trustedCert = NULL;
119 PKIX_PL_Cert *targetCert = NULL;
120 PKIX_UInt32 actualMinorVersion, numCerts, i;
121 PKIX_UInt32 j = 0;
122 PKIX_CertStore *certStore = NULL;
123 PKIX_List *certStores = NULL;
124 char * asciiResult = NULL;
125 PKIX_Boolean useArenas = PKIX_FALSE;
126 void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
127 void *nbioContext = NULL;
129 PKIX_TEST_STD_VARS();
131 if (argc < 4){
132 printUsage();
133 return (0);
134 }
136 useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
138 PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize
139 (PKIX_TRUE, /* nssInitNeeded */
140 useArenas,
141 PKIX_MAJOR_VERSION,
142 PKIX_MINOR_VERSION,
143 PKIX_MINOR_VERSION,
144 &actualMinorVersion,
145 &plContext));
147 /* create processing params with list of trust anchors */
148 trustedCertFile = argv[j+1];
149 trustedCert = createCert(trustedCertFile);
151 PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert
152 (trustedCert, &anchor, plContext));
153 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
154 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
155 (anchors, (PKIX_PL_Object *)anchor, plContext));
156 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create
157 (anchors, &procParams, plContext));
160 /* create CertSelector with target certificate in params */
161 PKIX_TEST_EXPECT_NO_ERROR
162 (PKIX_ComCertSelParams_Create(&certSelParams, plContext));
164 targetCertFile = argv[j+2];
165 targetCert = createCert(targetCertFile);
167 PKIX_TEST_EXPECT_NO_ERROR
168 (PKIX_ComCertSelParams_SetCertificate
169 (certSelParams, targetCert, plContext));
171 PKIX_TEST_EXPECT_NO_ERROR
172 (PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
174 PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams
175 (certSelector, certSelParams, plContext));
177 PKIX_TEST_EXPECT_NO_ERROR
178 (PKIX_ProcessingParams_SetTargetCertConstraints
179 (procParams, certSelector, plContext));
181 /* create CertStores */
183 storeDirAscii = argv[j+3];
185 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create
186 (PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
188 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create
189 (storeDirString, &certStore, plContext));
190 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
191 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem
192 (certStores, (PKIX_PL_Object *)certStore, plContext));
194 PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores
195 (procParams, certStores, plContext));
197 /* build cert chain using processing params and return buildResult */
199 PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain
200 (procParams,
201 &nbioContext,
202 &buildState,
203 &buildResult,
204 NULL,
205 plContext));
207 /*
208 * As long as we use only CertStores with blocking I/O, we can omit
209 * checking for completion with nbioContext.
210 */
212 PKIX_TEST_EXPECT_NO_ERROR
213 (PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
215 PKIX_TEST_EXPECT_NO_ERROR
216 (PKIX_List_GetLength(certs, &numCerts, plContext));
218 printf("\n");
220 for (i = 0; i < numCerts; i++){
221 PKIX_TEST_EXPECT_NO_ERROR
222 (PKIX_List_GetItem
223 (certs, i, (PKIX_PL_Object**)&cert, plContext));
225 asciiResult = PKIX_Cert2ASCII(cert);
227 printf("CERT[%d]:\n%s\n", i, asciiResult);
229 PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
230 asciiResult = NULL;
232 PKIX_TEST_DECREF_BC(cert);
233 }
235 cleanup:
237 if (PKIX_TEST_ERROR_RECEIVED){
238 (void) printf("FAILED TO BUILD CHAIN\n");
239 } else {
240 (void) printf("SUCCESSFULLY BUILT CHAIN\n");
241 }
243 PKIX_PL_Free(asciiResult, plContext);
245 PKIX_TEST_DECREF_AC(certs);
246 PKIX_TEST_DECREF_AC(cert);
247 PKIX_TEST_DECREF_AC(certStore);
248 PKIX_TEST_DECREF_AC(certStores);
249 PKIX_TEST_DECREF_AC(storeDirString);
250 PKIX_TEST_DECREF_AC(trustedCert);
251 PKIX_TEST_DECREF_AC(targetCert);
252 PKIX_TEST_DECREF_AC(anchor);
253 PKIX_TEST_DECREF_AC(anchors);
254 PKIX_TEST_DECREF_AC(procParams);
255 PKIX_TEST_DECREF_AC(certSelParams);
256 PKIX_TEST_DECREF_AC(certSelector);
257 PKIX_TEST_DECREF_AC(buildResult);
259 PKIX_TEST_RETURN();
261 PKIX_Shutdown(plContext);
263 return (0);
265 }
