The Tor Browser / file revision

security/nss/cmd/libpkix/sample_apps/validate_chain.c@4ab42b5ab56c

security/nss/cmd/libpkix/sample_apps/validate_chain.c

Wed, 31 Dec 2014 07:53:36 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:53:36 +0100
branch
TOR_BUG_3246
changeset 5
4ab42b5ab56c
permissions
-rw-r--r--

Correct small whitespace inconsistency, lost while renaming variables.

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     4 /*

     5  * validateChain.c

     6  *

     7  * Tests Cert Chain Validation

     8  *

     9  */

    10 

    11 #include <stdio.h>

    12 #include <string.h>

    13 #include <stddef.h>

    14 

    15 #include "pkix_pl_generalname.h"

    16 #include "pkix_pl_cert.h"

    17 #include "pkix.h"

    18 #include "testutil.h"

    19 #include "prlong.h"

    20 #include "plstr.h"

    21 #include "prthread.h"

    22 #include "nspr.h"

    23 #include "prtypes.h"

    24 #include "prtime.h"

    25 #include "pk11func.h"

    26 #include "secasn1.h"

    27 #include "cert.h"

    28 #include "cryptohi.h"

    29 #include "secoid.h"

    30 #include "certdb.h"

    31 #include "secitem.h"

    32 #include "keythi.h"

    33 #include "nss.h"

    34 

    35 static void *plContext = NULL;

    36 

    37 static 

    38 void printUsage(void){

    39         (void) printf("\nUSAGE:\tvalidateChain <trustedCert> "

    40                 "<cert_1> <cert_2> ... <cert_n>\n");

    41         (void) printf("\tValidates a chain of n certificates "

    42                 "using the given trust anchor.\n");

    43 

    44 }

    45 

    46 static PKIX_PL_Cert *

    47 createCert(char *inFileName)

    48 {

    49         PKIX_PL_ByteArray *byteArray = NULL;

    50         void *buf = NULL;

    51         PRFileDesc *inFile = NULL;

    52         PKIX_UInt32 len;

    53         SECItem certDER;

    54         SECStatus rv;

    55         /* default: NULL cert (failure case) */

    56         PKIX_PL_Cert *cert = NULL;

    57 

    58         PKIX_TEST_STD_VARS();

    59 

    60         certDER.data = NULL;

    61 

    62         inFile = PR_Open(inFileName, PR_RDONLY, 0);

    63 

    64         if (!inFile){

    65                 pkixTestErrorMsg = "Unable to open cert file";

    66                 goto cleanup;

    67         } else {

    68                 rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);

    69                 if (!rv){

    70                         buf = (void *)certDER.data;

    71                         len = certDER.len;

    72 

    73                         PKIX_TEST_EXPECT_NO_ERROR

    74                                 (PKIX_PL_ByteArray_Create

    75                                 (buf, len, &byteArray, plContext));

    76 

    77                         PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create

    78                                                 (byteArray, &cert, plContext));

    79 

    80                         SECITEM_FreeItem(&certDER, PR_FALSE);

    81                 } else {

    82                         pkixTestErrorMsg = "Unable to read DER from cert file";

    83                         goto cleanup;

    84                 }

    85         }

    86 

    87 cleanup:

    88 

    89         if (inFile){

    90                 PR_Close(inFile);

    91         }

    92 

    93         if (PKIX_TEST_ERROR_RECEIVED){

    94                 SECITEM_FreeItem(&certDER, PR_FALSE);

    95         }

    96 

    97         PKIX_TEST_DECREF_AC(byteArray);

    98 

    99         PKIX_TEST_RETURN();

   100 

   101         return (cert);

   102 }

   103 

   104 int validate_chain(int argc, char *argv[])

   105 {

   106         PKIX_TrustAnchor *anchor = NULL;

   107         PKIX_List *anchors = NULL;

   108         PKIX_List *certs = NULL;

   109         PKIX_ProcessingParams *procParams = NULL;

   110         PKIX_ValidateParams *valParams = NULL;

   111         PKIX_ValidateResult *valResult = NULL;

   112         PKIX_PL_X500Name *subject = NULL;

   113         PKIX_ComCertSelParams *certSelParams = NULL;

   114         PKIX_CertSelector *certSelector = NULL;

   115 	PKIX_VerifyNode *verifyTree = NULL;

   116 	PKIX_PL_String *verifyString = NULL;

   117 

   118         char *trustedCertFile = NULL;

   119         char *chainCertFile = NULL;

   120         PKIX_PL_Cert *trustedCert = NULL;

   121         PKIX_PL_Cert *chainCert = NULL;

   122         PKIX_UInt32 chainLength = 0;

   123         PKIX_UInt32 i = 0;

   124         PKIX_UInt32 j = 0;

   125         PKIX_UInt32 actualMinorVersion;

   126 

   127         PKIX_TEST_STD_VARS();

   128 

   129         if (argc < 3){

   130                 printUsage();

   131                 return (0);

   132         }

   133 

   134         PKIX_TEST_EXPECT_NO_ERROR(

   135             PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));

   136 

   137         chainLength = (argc - j) - 2;

   138 

   139         /* create processing params with list of trust anchors */

   140         trustedCertFile = argv[1+j];

   141         trustedCert = createCert(trustedCertFile);

   142 

   143         PKIX_TEST_EXPECT_NO_ERROR

   144                 (PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));

   145 

   146         PKIX_TEST_EXPECT_NO_ERROR

   147                 (PKIX_ComCertSelParams_Create(&certSelParams, plContext));

   148 

   149 #if 0

   150         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject

   151                                     (certSelParams, subject, plContext));

   152 #endif

   153 

   154         PKIX_TEST_EXPECT_NO_ERROR

   155                 (PKIX_CertSelector_Create

   156                 (NULL, NULL, &certSelector, plContext));

   157 

   158         PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams

   159                                 (certSelector, certSelParams, plContext));

   160 

   161         PKIX_TEST_DECREF_BC(subject);

   162         PKIX_TEST_DECREF_BC(certSelParams);

   163 

   164         PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert

   165                                     (trustedCert, &anchor, plContext));

   166 

   167         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));

   168         PKIX_TEST_EXPECT_NO_ERROR

   169                 (PKIX_List_AppendItem

   170                 (anchors, (PKIX_PL_Object *)anchor, plContext));

   171         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create

   172                                     (anchors, &procParams, plContext));

   173 

   174         PKIX_TEST_EXPECT_NO_ERROR

   175                 (PKIX_ProcessingParams_SetTargetCertConstraints

   176                 (procParams, certSelector, plContext));

   177 

   178         PKIX_TEST_DECREF_BC(certSelector);

   179 

   180         /* create cert chain */

   181         PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));

   182         for (i = 0; i < chainLength; i++){

   183                 chainCertFile = argv[(i + j) + 2];

   184                 chainCert = createCert(chainCertFile);

   185 

   186                 PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem

   187                                             (certs,

   188                                             (PKIX_PL_Object *)chainCert,

   189                                             plContext));

   190 

   191                 PKIX_TEST_DECREF_BC(chainCert);

   192                 chainCert = NULL;

   193         }

   194         /* create validate params with processing params and cert chain */

   195         PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create

   196                                     (procParams, certs, &valParams, plContext));

   197 

   198         PKIX_TEST_DECREF_BC(trustedCert); trustedCert = NULL;

   199         PKIX_TEST_DECREF_BC(anchor); anchor = NULL;

   200         PKIX_TEST_DECREF_BC(anchors); anchors = NULL;

   201         PKIX_TEST_DECREF_BC(certs); certs = NULL;

   202         PKIX_TEST_DECREF_BC(procParams); procParams = NULL;

   203 

   204         /* validate cert chain using processing params and return valResult */

   205 

   206         PKIX_TEST_EXPECT_NO_ERROR

   207                 (PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));

   208 

   209         if (valResult != NULL){

   210                 (void) printf("SUCCESSFULLY VALIDATED\n");

   211         }

   212 

   213 cleanup:

   214 

   215         if (PKIX_TEST_ERROR_RECEIVED){

   216                 (void) printf("FAILED TO VALIDATE\n");

   217 	        (void) PKIX_PL_Object_ToString

   218         	        ((PKIX_PL_Object*)verifyTree, &verifyString, plContext);

   219 	        (void) printf("verifyTree is\n%s\n", verifyString->escAsciiString);

   220 	        PKIX_TEST_DECREF_AC(verifyString);

   221 

   222         }

   223 

   224         PKIX_TEST_DECREF_AC(verifyTree);

   225         PKIX_TEST_DECREF_AC(valResult);

   226         PKIX_TEST_DECREF_AC(valParams);

   227 

   228         PKIX_TEST_RETURN();

   229 

   230         PKIX_Shutdown(plContext);

   231 

   232         return (0);

   233 

   234 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial