michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * testutil_nss.c michael@0: * michael@0: * NSS-specific utility functions for handling test errors michael@0: * michael@0: */ michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: michael@0: #include "pkix_pl_generalname.h" michael@0: #include "pkix_pl_cert.h" michael@0: #include "pkix.h" michael@0: #include "testutil.h" michael@0: #include "prlong.h" michael@0: #include "plstr.h" michael@0: #include "prthread.h" michael@0: #include "secutil.h" michael@0: #include "nspr.h" michael@0: #include "prtypes.h" michael@0: #include "prtime.h" michael@0: #include "pk11func.h" michael@0: #include "secasn1.h" michael@0: #include "cert.h" michael@0: #include "cryptohi.h" michael@0: #include "secoid.h" michael@0: #include "certdb.h" michael@0: #include "secitem.h" michael@0: #include "keythi.h" michael@0: #include "nss.h" michael@0: michael@0: static char *catDirName(char *dir, char *name, void *plContext) michael@0: { michael@0: char *pathName = NULL; michael@0: PKIX_UInt32 nameLen; michael@0: PKIX_UInt32 dirLen; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: nameLen = PL_strlen(name); michael@0: dirLen = PL_strlen(dir); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc michael@0: (dirLen + nameLen + 2, michael@0: (void **)&pathName, michael@0: plContext)); michael@0: michael@0: PL_strcpy(pathName, dir); michael@0: PL_strcat(pathName, "/"); michael@0: PL_strcat(pathName, name); michael@0: printf("pathName = %s\n", pathName); michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (pathName); michael@0: } michael@0: michael@0: PKIX_PL_Cert * michael@0: createCert( michael@0: char *dirName, michael@0: char *certFileName, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_ByteArray *byteArray = NULL; michael@0: void *buf = NULL; michael@0: PRFileDesc *certFile = NULL; michael@0: PKIX_UInt32 len; michael@0: SECItem certDER; michael@0: SECStatus rv; michael@0: /* default: NULL cert (failure case) */ michael@0: PKIX_PL_Cert *cert = NULL; michael@0: char *pathName = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: michael@0: certDER.data = NULL; michael@0: michael@0: pathName = catDirName(dirName, certFileName, plContext); michael@0: certFile = PR_Open(pathName, PR_RDONLY, 0); michael@0: michael@0: if (!certFile){ michael@0: pkixTestErrorMsg = "Unable to open cert file"; michael@0: goto cleanup; michael@0: } else { michael@0: rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE); michael@0: if (!rv){ michael@0: buf = (void *)certDER.data; michael@0: len = certDER.len; michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_PL_ByteArray_Create michael@0: (buf, len, &byteArray, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create michael@0: (byteArray, &cert, plContext)); michael@0: michael@0: SECITEM_FreeItem(&certDER, PR_FALSE); michael@0: } else { michael@0: pkixTestErrorMsg = "Unable to read DER from cert file"; michael@0: goto cleanup; michael@0: } michael@0: } michael@0: michael@0: cleanup: michael@0: michael@0: pkixTestErrorResult = PKIX_PL_Free(pathName, plContext); michael@0: michael@0: if (certFile){ michael@0: PR_Close(certFile); michael@0: } michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: SECITEM_FreeItem(&certDER, PR_FALSE); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(byteArray); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (cert); michael@0: } michael@0: michael@0: PKIX_PL_CRL * michael@0: createCRL( michael@0: char *dirName, michael@0: char *crlFileName, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_ByteArray *byteArray = NULL; michael@0: PKIX_PL_CRL *crl = NULL; michael@0: PKIX_Error *error = NULL; michael@0: PRFileDesc *inFile = NULL; michael@0: SECItem crlDER; michael@0: void *buf = NULL; michael@0: PKIX_UInt32 len; michael@0: SECStatus rv; michael@0: char *pathName = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: crlDER.data = NULL; michael@0: michael@0: pathName = catDirName(dirName, crlFileName, plContext); michael@0: inFile = PR_Open(pathName, PR_RDONLY, 0); michael@0: michael@0: if (!inFile){ michael@0: pkixTestErrorMsg = "Unable to open crl file"; michael@0: goto cleanup; michael@0: } else { michael@0: rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); michael@0: if (!rv){ michael@0: buf = (void *)crlDER.data; michael@0: len = crlDER.len; michael@0: michael@0: error = PKIX_PL_ByteArray_Create michael@0: (buf, len, &byteArray, plContext); michael@0: michael@0: if (error){ michael@0: pkixTestErrorMsg = michael@0: "PKIX_PL_ByteArray_Create failed"; michael@0: goto cleanup; michael@0: } michael@0: michael@0: error = PKIX_PL_CRL_Create(byteArray, &crl, plContext); michael@0: if (error){ michael@0: pkixTestErrorMsg = "PKIX_PL_Crl_Create failed"; michael@0: goto cleanup; michael@0: } michael@0: michael@0: SECITEM_FreeItem(&crlDER, PR_FALSE); michael@0: } else { michael@0: pkixTestErrorMsg = "Unable to read DER from crl file"; michael@0: goto cleanup; michael@0: } michael@0: } michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext)); michael@0: michael@0: if (inFile){ michael@0: PR_Close(inFile); michael@0: } michael@0: michael@0: if (error){ michael@0: SECITEM_FreeItem(&crlDER, PR_FALSE); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(byteArray); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (crl); michael@0: michael@0: } michael@0: michael@0: PKIX_TrustAnchor * michael@0: createTrustAnchor( michael@0: char *dirName, michael@0: char *certFileName, michael@0: PKIX_Boolean useCert, michael@0: void *plContext) michael@0: { michael@0: PKIX_TrustAnchor *anchor = NULL; michael@0: PKIX_PL_Cert *cert = NULL; michael@0: PKIX_PL_X500Name *name = NULL; michael@0: PKIX_PL_PublicKey *pubKey = NULL; michael@0: PKIX_PL_CertNameConstraints *nameConstraints = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: cert = createCert(dirName, certFileName, plContext); michael@0: michael@0: if (useCert){ michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert michael@0: (cert, &anchor, plContext)); michael@0: } else { michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject michael@0: (cert, &name, plContext)); michael@0: michael@0: if (name == NULL){ michael@0: goto cleanup; michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey michael@0: (cert, &pubKey, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints michael@0: (cert, &nameConstraints, NULL)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_TrustAnchor_CreateWithNameKeyPair michael@0: (name, pubKey, nameConstraints, &anchor, plContext)); michael@0: } michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(anchor); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(cert); michael@0: PKIX_TEST_DECREF_AC(name); michael@0: PKIX_TEST_DECREF_AC(pubKey); michael@0: PKIX_TEST_DECREF_AC(nameConstraints); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (anchor); michael@0: } michael@0: michael@0: PKIX_List * michael@0: createCertChain( michael@0: char *dirName, michael@0: char *firstCertFileName, michael@0: char *secondCertFileName, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_Cert *firstCert = NULL; michael@0: PKIX_PL_Cert *secondCert = NULL; michael@0: PKIX_List *certList = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); michael@0: michael@0: firstCert = createCert(dirName, firstCertFileName, plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem michael@0: (certList, (PKIX_PL_Object *)firstCert, plContext)); michael@0: michael@0: if (secondCertFileName){ michael@0: secondCert = createCert(dirName, secondCertFileName, plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem michael@0: (certList, (PKIX_PL_Object *)secondCert, plContext)); michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable michael@0: (certList, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(certList); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(firstCert); michael@0: PKIX_TEST_DECREF_AC(secondCert); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (certList); michael@0: } michael@0: michael@0: PKIX_List * michael@0: createCertChainPlus( michael@0: char *dirName, michael@0: char *certNames[], michael@0: PKIX_PL_Cert *certs[], michael@0: PKIX_UInt32 numCerts, michael@0: void *plContext) michael@0: { michael@0: PKIX_List *certList = NULL; michael@0: PKIX_UInt32 i; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext)); michael@0: michael@0: for (i = 0; i < numCerts; i++) { michael@0: michael@0: certs[i] = createCert(dirName, certNames[i], plContext); michael@0: michael@0: /* Create Cert may fail */ michael@0: if (certs[i] == NULL) { michael@0: PKIX_TEST_DECREF_BC(certList); michael@0: goto cleanup; michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem michael@0: (certList, michael@0: (PKIX_PL_Object *)certs[i], michael@0: plContext)); michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable michael@0: (certList, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(certList); michael@0: } michael@0: michael@0: for (i = 0; i < numCerts; i++) { michael@0: PKIX_TEST_DECREF_AC(certs[i]); michael@0: } michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (certList); michael@0: michael@0: } michael@0: michael@0: PKIX_PL_Date * michael@0: createDate( michael@0: char *asciiDate, michael@0: void *plContext) michael@0: { michael@0: PKIX_PL_Date *date = NULL; michael@0: PKIX_PL_String *plString = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create michael@0: (PKIX_ESCASCII, asciiDate, 0, &plString, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime michael@0: (plString, &date, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_TEST_DECREF_AC(plString); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (date); michael@0: } michael@0: michael@0: PKIX_ProcessingParams * michael@0: createProcessingParams( michael@0: char *dirName, michael@0: char *firstAnchorFileName, michael@0: char *secondAnchorFileName, michael@0: char *dateAscii, michael@0: PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ michael@0: PKIX_Boolean isCrlEnabled, michael@0: void *plContext) michael@0: { michael@0: michael@0: PKIX_TrustAnchor *firstAnchor = NULL; michael@0: PKIX_TrustAnchor *secondAnchor = NULL; michael@0: PKIX_List *anchorsList = NULL; michael@0: PKIX_ProcessingParams *procParams = NULL; michael@0: PKIX_PL_String *dateString = NULL; michael@0: PKIX_PL_Date *testDate = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext)); michael@0: michael@0: firstAnchor = createTrustAnchor michael@0: (dirName, firstAnchorFileName, PKIX_FALSE, plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem michael@0: (anchorsList, michael@0: (PKIX_PL_Object *)firstAnchor, michael@0: plContext)); michael@0: michael@0: if (secondAnchorFileName){ michael@0: secondAnchor = michael@0: createTrustAnchor michael@0: (dirName, secondAnchorFileName, PKIX_FALSE, plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem michael@0: (anchorsList, michael@0: (PKIX_PL_Object *)secondAnchor, michael@0: plContext)); michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create michael@0: (anchorsList, &procParams, plContext)); michael@0: michael@0: if (dateAscii){ michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_PL_String_Create michael@0: (PKIX_ESCASCII, michael@0: dateAscii, michael@0: 0, michael@0: &dateString, michael@0: plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_PL_Date_Create_UTCTime michael@0: (dateString, &testDate, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_ProcessingParams_SetDate michael@0: (procParams, testDate, plContext)); michael@0: } michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies michael@0: (procParams, initialPolicies, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled michael@0: (procParams, isCrlEnabled, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(procParams); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(dateString); michael@0: PKIX_TEST_DECREF_AC(testDate); michael@0: PKIX_TEST_DECREF_AC(anchorsList); michael@0: PKIX_TEST_DECREF_AC(firstAnchor); michael@0: PKIX_TEST_DECREF_AC(secondAnchor); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (procParams); michael@0: } michael@0: michael@0: PKIX_ValidateParams * michael@0: createValidateParams( michael@0: char *dirName, michael@0: char *firstAnchorFileName, michael@0: char *secondAnchorFileName, michael@0: char *dateAscii, michael@0: PKIX_List *initialPolicies, /* List of PKIX_PL_OID */ michael@0: PKIX_Boolean initialPolicyMappingInhibit, michael@0: PKIX_Boolean initialAnyPolicyInhibit, michael@0: PKIX_Boolean initialExplicitPolicy, michael@0: PKIX_Boolean isCrlEnabled, michael@0: PKIX_List *chain, michael@0: void *plContext) michael@0: { michael@0: michael@0: PKIX_ProcessingParams *procParams = NULL; michael@0: PKIX_ValidateParams *valParams = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: procParams = michael@0: createProcessingParams michael@0: (dirName, michael@0: firstAnchorFileName, michael@0: secondAnchorFileName, michael@0: dateAscii, michael@0: NULL, michael@0: isCrlEnabled, michael@0: plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies michael@0: (procParams, initialPolicies, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_ProcessingParams_SetPolicyMappingInhibited michael@0: (procParams, initialPolicyMappingInhibit, NULL)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited michael@0: (procParams, initialAnyPolicyInhibit, NULL)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (PKIX_ProcessingParams_SetExplicitPolicyRequired michael@0: (procParams, initialExplicitPolicy, NULL)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create michael@0: (procParams, chain, &valParams, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(valParams); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(procParams); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (valParams); michael@0: } michael@0: michael@0: PKIX_ValidateResult * michael@0: createValidateResult( michael@0: char *dirName, michael@0: char *anchorFileName, michael@0: char *pubKeyCertFileName, michael@0: void *plContext) michael@0: { michael@0: michael@0: PKIX_TrustAnchor *anchor = NULL; michael@0: PKIX_ValidateResult *valResult = NULL; michael@0: PKIX_PL_Cert *cert = NULL; michael@0: PKIX_PL_PublicKey *pubKey = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: anchor = createTrustAnchor michael@0: (dirName, anchorFileName, PKIX_FALSE, plContext); michael@0: cert = createCert(dirName, pubKeyCertFileName, plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey michael@0: (cert, &pubKey, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (pkix_ValidateResult_Create michael@0: (pubKey, anchor, NULL, &valResult, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(valResult); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(anchor); michael@0: PKIX_TEST_DECREF_AC(cert); michael@0: PKIX_TEST_DECREF_AC(pubKey); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (valResult); michael@0: } michael@0: michael@0: PKIX_PL_GeneralName * michael@0: createGeneralName( michael@0: PKIX_UInt32 nameType, michael@0: char *asciiName, michael@0: void *plContext) michael@0: { michael@0: michael@0: PKIX_PL_GeneralName *generalName = NULL; michael@0: PKIX_PL_String *plString = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create michael@0: (PKIX_ESCASCII, asciiName, 0, &plString, plContext)); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create michael@0: (nameType, plString, &generalName, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: PKIX_TEST_DECREF_AC(plString); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (generalName); michael@0: } michael@0: michael@0: PKIX_BuildResult * michael@0: createBuildResult( michael@0: char *dirName, michael@0: char *anchorFileName, michael@0: char *pubKeyCertFileName, michael@0: char *firstChainCertFileName, michael@0: char *secondChainCertFileName, michael@0: void *plContext) michael@0: { michael@0: PKIX_BuildResult *buildResult = NULL; michael@0: PKIX_ValidateResult *valResult = NULL; michael@0: PKIX_List *certChain = NULL; michael@0: michael@0: PKIX_TEST_STD_VARS(); michael@0: michael@0: valResult = createValidateResult michael@0: (dirName, anchorFileName, pubKeyCertFileName, plContext); michael@0: certChain = createCertChain michael@0: (dirName, michael@0: firstChainCertFileName, michael@0: secondChainCertFileName, michael@0: plContext); michael@0: michael@0: PKIX_TEST_EXPECT_NO_ERROR michael@0: (pkix_BuildResult_Create michael@0: (valResult, certChain, &buildResult, plContext)); michael@0: michael@0: cleanup: michael@0: michael@0: if (PKIX_TEST_ERROR_RECEIVED){ michael@0: PKIX_TEST_DECREF_AC(buildResult); michael@0: } michael@0: michael@0: PKIX_TEST_DECREF_AC(valResult); michael@0: PKIX_TEST_DECREF_AC(certChain); michael@0: michael@0: PKIX_TEST_RETURN(); michael@0: michael@0: return (buildResult); michael@0: }