diff options
Diffstat (limited to 'security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c')
| -rw-r--r-- | security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c | 800 |
1 files changed, 800 insertions, 0 deletions
diff --git a/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c new file mode 100644 index 000000000..57f192a42 --- /dev/null +++ b/security/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c @@ -0,0 +1,800 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * test_comcertselparams.c + * + * Test Common Cert Selector Params + * + */ + +#include "testutil.h" +#include "testutil_nss.h" + +static void *plContext = NULL; + +static void +test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs) +{ + PKIX_UInt32 i = 0; + PKIX_UInt32 numInfos = 0; + PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL; + PKIX_PL_OID *policyOID = NULL; + PKIX_List *certPolicies = NULL; + + PKIX_TEST_STD_VARS(); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + if (certPolicyInfos) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext)); + } + + if (numInfos > 0) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext)); + } + for (i = 0; i < numInfos; i++) { + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos, + i, + (PKIX_PL_Object **)&certPolicyInfo, + plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext)); + PKIX_TEST_DECREF_BC(certPolicyInfo); + PKIX_TEST_DECREF_BC(policyOID); + } + + *pPolicyOIDs = certPolicies; + +cleanup: + + PKIX_TEST_DECREF_AC(certPolicyInfo); + PKIX_TEST_DECREF_AC(policyOID); + + PKIX_TEST_RETURN(); +} + +static void +test_NameConstraints(char *dirName) +{ + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_CertNameConstraints *getNameConstraints = NULL; + PKIX_PL_CertNameConstraints *setNameConstraints = NULL; + PKIX_ComCertSelParams *goodParams = NULL; + char *expectedAscii = + "[\n" + "\t\tPermitted Name: (OU=permittedSubtree1," + "O=Test Certificates,C=US, OU=permittedSubtree2," + "O=Test Certificates,C=US)\n" + "\t\tExcluded Name: (EMPTY)\n" + "\t]\n"; + + PKIX_TEST_STD_VARS(); + + subTest("Create Cert for NameConstraints test"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext)); + + subTest("PKIX_ComCertSelParams_GetNameConstraints"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext)); + + subTest("Compare NameConstraints"); + testEqualsHelper((PKIX_PL_Object *)setNameConstraints, + (PKIX_PL_Object *)getNameConstraints, + PKIX_TRUE, + plContext); + + subTest("Compare NameConstraints with canned string"); + testToStringHelper((PKIX_PL_Object *)getNameConstraints, + expectedAscii, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(getNameConstraints); + PKIX_TEST_DECREF_AC(setNameConstraints); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_PathToNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddPathToName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetPathToNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAltNames(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_List *setGenNames = NULL; + PKIX_List *getGenNames = NULL; + PKIX_PL_GeneralName *rfc822GenName = NULL; + PKIX_PL_GeneralName *dnsGenName = NULL; + PKIX_PL_GeneralName *dirGenName = NULL; + PKIX_PL_GeneralName *uriGenName = NULL; + PKIX_PL_GeneralName *oidGenName = NULL; + PKIX_Boolean matchAll = PKIX_TRUE; + char *rfc822Name = "john.doe@labs.com"; + char *dnsName = "comcast.net"; + char *dirName = "cn=john, ou=labs, o=sun, c=us"; + char *uriName = "http://comcast.net"; + char *oidName = "1.2.840.11"; + char *expectedAscii = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net)"; + char *expectedAsciiAll = + "(john.doe@labs.com, " + "comcast.net, " + "CN=john,OU=labs,O=sun,C=us, " + "http://comcast.net, " + "1.2.840.11)"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_PL_GeneralName_Create"); + dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext); + uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext); + oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext); + dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext); + rfc822GenName = createGeneralName(PKIX_RFC822_NAME, + rfc822Name, + plContext); + + subTest("PKIX_PL_GeneralName List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List"); + testEqualsHelper((PKIX_PL_Object *)setGenNames, + (PKIX_PL_Object *)getGenNames, + PKIX_TRUE, + plContext); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAscii, + plContext); + + subTest("PKIX_ComCertSelParams_AddSubjAltName"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext)); + + PKIX_TEST_DECREF_BC(getGenNames); + + subTest("PKIX_ComCertSelParams_GetSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext)); + + subTest("Compare GeneralName List with canned string"); + testToStringHelper((PKIX_PL_Object *)getGenNames, + expectedAsciiAll, + plContext); + + subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_TRUE) { + testError("unexpected mismatch <expect TRUE>"); + } + + subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext)); + if (matchAll != PKIX_FALSE) { + testError("unexpected mismatch <expect FALSE>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(setGenNames); + PKIX_TEST_DECREF_AC(getGenNames); + PKIX_TEST_DECREF_AC(rfc822GenName); + PKIX_TEST_DECREF_AC(dnsGenName); + PKIX_TEST_DECREF_AC(dirGenName); + PKIX_TEST_DECREF_AC(uriGenName); + PKIX_TEST_DECREF_AC(oidGenName); + + PKIX_TEST_RETURN(); +} + +static void +test_KeyUsages(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *ekuOid = NULL; + PKIX_List *setExtKeyUsage = NULL; + PKIX_List *getExtKeyUsage = NULL; + PKIX_UInt32 getKeyUsage = 0; + PKIX_UInt32 setKeyUsage = 0x1FF; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext)); + + if (setKeyUsage != getKeyUsage) { + testError("unexpected KeyUsage mismatch <expect equal>"); + } + + subTest("PKIX_PL_OID List create and append"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext)); + PKIX_TEST_DECREF_BC(ekuOid); + + subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext)); + + subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage, + (PKIX_PL_Object *)getExtKeyUsage, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected ExtKeyUsage mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(ekuOid); + PKIX_TEST_DECREF_AC(setExtKeyUsage); + PKIX_TEST_DECREF_AC(getExtKeyUsage); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_Version_Issuer_SerialNumber(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_UInt32 version = 0; + PKIX_PL_X500Name *setIssuer = NULL; + PKIX_PL_X500Name *getIssuer = NULL; + PKIX_PL_String *str = NULL; + PKIX_PL_BigInt *setSerialNumber = NULL; + PKIX_PL_BigInt *getSerialNumber = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + char *bigInt = "999999999999999999"; + + PKIX_TEST_STD_VARS(); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + /* Version */ + subTest("PKIX_ComCertSelParams_SetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext)); + + subTest("PKIX_ComCertSelParams_GetVersion"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext)); + + if (version != 2) { + testError("unexpected Version mismatch <expect 2>"); + } + + /* Issuer */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext)); + + PKIX_TEST_DECREF_BC(str); + + subTest("PKIX_ComCertSelParams_SetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext)); + + subTest("PKIX_ComCertSelParams_GetIssuer"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer, + (PKIX_PL_Object *)getIssuer, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Issuer mismatch <expect equal>"); + } + + /* Serial Number */ + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_SetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext)); + + subTest("PKIX_ComCertSelParams_GetSerialNumber"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber, + (PKIX_PL_Object *)getSerialNumber, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Serial Number mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(str); + PKIX_TEST_DECREF_AC(setIssuer); + PKIX_TEST_DECREF_AC(getIssuer); + PKIX_TEST_DECREF_AC(setSerialNumber); + PKIX_TEST_DECREF_AC(getSerialNumber); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjKeyId_AuthKeyId(void) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_ByteArray *setKeyId = NULL; + PKIX_PL_ByteArray *getKeyId = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Key Id mismatch <expect equal>"); + } + + PKIX_TEST_DECREF_BC(setKeyId); + PKIX_TEST_DECREF_BC(getKeyId); + + /* Authority Key Identifier */ + subTest("PKIX_PL_ByteArray_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext)); + + subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId, + (PKIX_PL_Object *)getKeyId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Auth Key Id mismatch <expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setKeyId); + PKIX_TEST_DECREF_AC(getKeyId); + PKIX_TEST_DECREF_AC(goodParams); + + PKIX_TEST_RETURN(); +} + +static void +test_SubjAlgId_SubjPublicKey(char *dirName) +{ + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_PL_OID *setAlgId = NULL; + PKIX_PL_OID *getAlgId = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_PublicKey *setPublicKey = NULL; + PKIX_PL_PublicKey *getPublicKey = NULL; + PKIX_Boolean isEqual = PKIX_FALSE; + + PKIX_TEST_STD_VARS(); + + /* Subject Algorithm Identifier */ + subTest("PKIX_PL_OID_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_Create"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPKAlgId"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId, + (PKIX_PL_Object *)getAlgId, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key Alg mismatch " + "<expect equal>"); + } + + /* Subject Public Key */ + subTest("Getting Cert for Subject Public Key"); + + goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext); + + subTest("PKIX_PL_Cert_GetSubjectPublicKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_SetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext)); + + subTest("PKIX_ComCertSelParams_GetSubjPubKey"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey, + (PKIX_PL_Object *)getPublicKey, + &isEqual, + plContext)); + + if (isEqual == PKIX_FALSE) { + testError("unexpected Subject Public Key mismatch " + "<expect equal>"); + } + +cleanup: + + PKIX_TEST_DECREF_AC(setAlgId); + PKIX_TEST_DECREF_AC(getAlgId); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(setPublicKey); + PKIX_TEST_DECREF_AC(getPublicKey); + + PKIX_TEST_RETURN(); +} + +static void +printUsage(void) +{ + (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n"); +} + +int +test_comcertselparams(int argc, char *argv[]) +{ + + PKIX_UInt32 actualMinorVersion; + PKIX_UInt32 j = 0; + + PKIX_PL_Cert *testCert = NULL; + PKIX_PL_Cert *goodCert = NULL; + PKIX_PL_Cert *equalCert = NULL; + PKIX_PL_Cert *diffCert = NULL; + PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; + PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; + PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ + PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ + + PKIX_ComCertSelParams *goodParams = NULL; + PKIX_ComCertSelParams *equalParams = NULL; + PKIX_PL_X500Name *goodSubject = NULL; + PKIX_PL_X500Name *equalSubject = NULL; + PKIX_PL_X500Name *diffSubject = NULL; + PKIX_PL_X500Name *testSubject = NULL; + PKIX_Int32 goodMinPathLength = 0; + PKIX_Int32 equalMinPathLength = 0; + PKIX_Int32 diffMinPathLength = 0; + PKIX_Int32 testMinPathLength = 0; + PKIX_List *goodPolicies = NULL; /* OIDs */ + PKIX_List *equalPolicies = NULL; /* OIDs */ + PKIX_List *testPolicies = NULL; /* OIDs */ + PKIX_List *cert2Policies = NULL; /* OIDs */ + + PKIX_PL_Date *testDate = NULL; + PKIX_PL_Date *goodDate = NULL; + PKIX_PL_Date *equalDate = NULL; + PKIX_PL_String *stringRep = NULL; + char *asciiRep = NULL; + char *dirName = NULL; + + PKIX_TEST_STD_VARS(); + + if (argc < 2) { + printUsage(); + return (0); + } + + startTests("ComCertSelParams"); + + PKIX_TEST_EXPECT_NO_ERROR( + PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); + + dirName = argv[j + 1]; + + asciiRep = "050501000000Z"; + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); + + testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); + + /* Convert from List of CertPolicyInfos to List of OIDs */ + test_CreateOIDList(testPolicyInfos, &testPolicies); + + subTest("Create goodParams and set its fields"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); + + subTest("Duplicate goodParams and verify copy"); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, + (PKIX_PL_Object **)&equalParams, + plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_TRUE, + plContext); + + if (goodMinPathLength != equalMinPathLength) { + testError("unexpected mismatch"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodCert, + (PKIX_PL_Object *)equalCert, + PKIX_TRUE, + plContext); + + testEqualsHelper((PKIX_PL_Object *)goodDate, + (PKIX_PL_Object *)equalDate, + PKIX_TRUE, + plContext); + + PKIX_TEST_DECREF_BC(equalSubject); + PKIX_TEST_DECREF_BC(equalPolicies); + PKIX_TEST_DECREF_BC(equalCert); + PKIX_TEST_DECREF_AC(equalDate); + + subTest("Set different values and verify differences"); + + diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); + test_CreateOIDList(cert2PolicyInfos, &cert2Policies); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( + equalParams, diffSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); + + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); + PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); + + testEqualsHelper((PKIX_PL_Object *)goodSubject, + (PKIX_PL_Object *)equalSubject, + PKIX_FALSE, + plContext); + + if (goodMinPathLength == equalMinPathLength) { + testError("unexpected match"); + (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); + (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); + } + + testEqualsHelper((PKIX_PL_Object *)goodPolicies, + (PKIX_PL_Object *)equalPolicies, + PKIX_FALSE, + plContext); + + test_NameConstraints(dirName); + test_PathToNames(); + test_SubjAltNames(); + test_KeyUsages(); + test_Version_Issuer_SerialNumber(); + test_SubjKeyId_AuthKeyId(); + test_SubjAlgId_SubjPublicKey(dirName); + +cleanup: + + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodSubject); + PKIX_TEST_DECREF_AC(equalSubject); + PKIX_TEST_DECREF_AC(diffSubject); + PKIX_TEST_DECREF_AC(testSubject); + PKIX_TEST_DECREF_AC(goodPolicies); + PKIX_TEST_DECREF_AC(equalPolicies); + PKIX_TEST_DECREF_AC(testPolicies); + PKIX_TEST_DECREF_AC(cert2Policies); + PKIX_TEST_DECREF_AC(goodParams); + PKIX_TEST_DECREF_AC(equalParams); + PKIX_TEST_DECREF_AC(goodCert); + PKIX_TEST_DECREF_AC(diffCert); + PKIX_TEST_DECREF_AC(testCert); + PKIX_TEST_DECREF_AC(goodBasicConstraints); + PKIX_TEST_DECREF_AC(diffBasicConstraints); + PKIX_TEST_DECREF_AC(testPolicyInfos); + PKIX_TEST_DECREF_AC(cert2PolicyInfos); + PKIX_TEST_DECREF_AC(stringRep); + PKIX_TEST_DECREF_AC(testDate); + PKIX_TEST_DECREF_AC(goodDate); + + PKIX_Shutdown(plContext); + + PKIX_TEST_RETURN(); + + endTests("ComCertSelParams"); + + return (0); +} |