assert_positive(ckmc_save_cert, alias, *cert, policy);
}
-// list gets copies of aliases
-AliasListPtr create_alias_list(const char* alias, ...) {
- AliasListPtr aliasList(NULL, ckmc_alias_list_all_free);
-
- va_list ap;
-
- va_start(ap, alias);
- ckmc_alias_list_s* last = NULL;
- for (const char* a = alias; a != NULL; a = va_arg(ap, const char*)) {
- if (aliasList == NULL) {
- ckmc_alias_list_s* tmp = NULL;
- assert_positive(ckmc_alias_list_new, strdup(a), &tmp);
- aliasList = AliasListPtr(tmp, ckmc_alias_list_all_free);
- RUNNER_ASSERT_MSG(!!aliasList, "Alias list is NULL");
- last = aliasList.get();
- } else {
- assert_positive(ckmc_alias_list_add, last, strdup(a), &last);
- RUNNER_ASSERT_MSG(last != NULL, "Last alias on the list is NULL");
- }
- }
- va_end(ap);
-
- return aliasList;
-}
-
// list takes ownership of provided certificates
CertListPtr create_cert_list(ckmc_cert_s* cert, ...) {
CertListPtr certList(NULL, ckmc_cert_list_all_free);
return certList;
}
-const ckmc_alias_list_s* NULL_ALIASES = NULL;
const ckmc_cert_s* NULL_CERT = NULL;
ckmc_cert_list_s** NULL_CHAIN = NULL;
-// old api wrapper
-class ChainApiOld {
-public:
- static int createChain(const ckmc_cert_s *cert,
- const ckmc_cert_list_s *untrustedcerts,
- const ckmc_cert_list_s* /*trustedcerts*/,
- const bool /*use_trustedsystemcerts*/,
- ckmc_cert_list_s **ppcert_chain_list)
- {
- return ckmc_get_cert_chain(cert, untrustedcerts, ppcert_chain_list);
- }
-
- static int createChainWithAlias(const ckmc_cert_s *cert,
- const ckmc_alias_list_s *untrustedcerts,
- const ckmc_alias_list_s* /*trustedcerts*/,
- const bool /*use_trustedsystemcerts*/,
- ckmc_cert_list_s **ppcert_chain_list)
- {
- return ckmc_get_cert_chain_with_alias(cert, untrustedcerts, ppcert_chain_list);
- }
-};
-
-// new api wrapper
-class ChainApiNew {
-public:
- static int createChain(const ckmc_cert_s *cert,
- const ckmc_cert_list_s *untrustedcerts,
- const ckmc_cert_list_s *trustedcerts,
- const bool use_trustedsystemcerts,
- ckmc_cert_list_s **ppcert_chain_list)
- {
- return ckmc_get_cert_chain_with_trustedcert(cert,
- untrustedcerts,
- trustedcerts,
- use_trustedsystemcerts,
- ppcert_chain_list);
- }
-
- static int createChainWithAlias(const ckmc_cert_s *cert,
- const ckmc_alias_list_s *untrustedcerts,
- const ckmc_alias_list_s *trustedcerts,
- const bool use_trustedsystemcerts,
- ckmc_cert_list_s **ppcert_chain_list)
- {
- return ckmc_get_cert_chain_with_trustedcert_alias(cert,
- untrustedcerts,
- trustedcerts,
- use_trustedsystemcerts,
- ppcert_chain_list);
- }
-};
-
/*
* Helper class for certificate verification
*/
-template <typename T=ChainApiNew>
-class ChainVerifier
-{
+class ChainVerifierBase {
public:
- ChainVerifier();
- ~ChainVerifier();
+ ChainVerifierBase();
+ virtual ~ChainVerifierBase();
void addTrusted(TestData::certificateID idx);
void addUntrusted(TestData::certificateID idx);
void enableSystem(bool enable);
- void verifyPositive(TestData::certificateID idx, size_t expected);
- void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+ virtual void verifyPositive(TestData::certificateID idx, size_t expected) = 0;
+ virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED) = 0;
-private:
+protected:
void addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert);
void addAlias(ckmc_alias_list_s*& list, const char* alias);
bool m_system;
};
-template <typename T>
-ChainVerifier<T>::ChainVerifier() :
+
+ChainVerifierBase::ChainVerifierBase() :
m_trustedCerts(NULL),
m_trustedAliases(NULL),
m_untrustedCerts(NULL),
{
}
-template <typename T>
-ChainVerifier<T>::~ChainVerifier()
+ChainVerifierBase::~ChainVerifierBase()
{
ckmc_cert_list_all_free(m_trustedCerts);
ckmc_cert_list_all_free(m_untrustedCerts);
ckmc_alias_list_all_free(m_untrustedAliases);
}
-template <typename T>
-void ChainVerifier<T>::addTrusted(TestData::certificateID idx)
+void ChainVerifierBase::addTrusted(TestData::certificateID idx)
{
size_t size = list_size(m_trustedCerts);
ckmc_cert_s* cert = create_cert(idx);
addAlias(m_trustedAliases, ss.str().c_str());
}
-template <typename T>
-void ChainVerifier<T>::addUntrusted(TestData::certificateID idx)
+void ChainVerifierBase::addUntrusted(TestData::certificateID idx)
{
size_t size = list_size(m_untrustedCerts);
ckmc_cert_s* cert = create_cert(idx);
addAlias(m_untrustedAliases, ss.str().c_str());
}
-template <typename T>
-void ChainVerifier<T>::enableSystem(bool enable)
+void ChainVerifierBase::enableSystem(bool enable)
{
m_system = enable;
}
-template <typename T>
-void ChainVerifier<T>::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
+void ChainVerifierBase::addCert(ckmc_cert_list_s*& list, ckmc_cert_s* cert)
{
if (!list) {
ckmc_cert_list_s* tmp = NULL;
}
}
-template <typename T>
-void ChainVerifier<T>::addAlias(ckmc_alias_list_s*& list, const char* alias)
+void ChainVerifierBase::addAlias(ckmc_alias_list_s*& list, const char* alias)
{
if (!list) {
ckmc_alias_list_s* tmp = NULL;
}
}
-template <typename T>
-void ChainVerifier<T>::verifyPositive(TestData::certificateID idx, size_t expected)
+class ChainVerifierOld : public ChainVerifierBase {
+public:
+ virtual void verifyPositive(TestData::certificateID idx, size_t expected);
+ virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+};
+
+class ChainVerifier : public ChainVerifierBase {
+public:
+ virtual void verifyPositive(TestData::certificateID idx, size_t expected);
+ virtual void verifyNegative(TestData::certificateID idx, int error = CKMC_ERROR_VERIFICATION_FAILED);
+};
+
+void ChainVerifierOld::verifyPositive(TestData::certificateID idx, size_t expected)
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_list_s* chain = NULL;
- assert_positive(T::createChain,
+ assert_positive(ckmc_get_cert_chain,
cert,
m_untrustedCerts,
- m_trustedCerts,
- m_system,
&chain);
size_t size = list_size(chain);
chain = NULL;
RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
- assert_positive(T::createChainWithAlias,
+ assert_positive(ckmc_get_cert_chain_with_alias,
cert,
m_untrustedAliases,
- m_trustedAliases,
- m_system,
&chain);
size = list_size(chain);
ckmc_cert_list_all_free(chain);
chain = NULL;
RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
+
ckmc_cert_free(cert);
}
-template <typename T>
-void ChainVerifier<T>::verifyNegative(TestData::certificateID idx, int error)
+void ChainVerifier::verifyPositive(TestData::certificateID idx, size_t expected)
+{
+ ckmc_cert_s* cert = create_cert(idx);
+
+ ckmc_cert_list_s* chain = NULL;
+
+ assert_positive(ckmc_get_cert_chain_with_trustedcert,
+ cert,
+ m_untrustedCerts,
+ m_trustedCerts,
+ m_system,
+ &chain);
+
+ size_t size = list_size(chain);
+ ckmc_cert_list_all_free(chain);
+ chain = NULL;
+ RUNNER_ASSERT_MSG(size == expected, "Expected chain size: " << expected << " got: " << size);
+
+ ckmc_cert_free(cert);
+}
+
+void ChainVerifierOld::verifyNegative(TestData::certificateID idx, int error)
{
ckmc_cert_s* cert = create_cert(idx);
ckmc_cert_list_s* chain = NULL;
assert_result(error,
- T::createChain,
+ ckmc_get_cert_chain,
cert,
m_untrustedCerts,
- m_trustedCerts,
- m_system,
&chain);
RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
assert_result(error,
- T::createChainWithAlias,
+ ckmc_get_cert_chain_with_alias,
cert,
m_untrustedAliases,
- m_trustedAliases,
- m_system,
&chain);
RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
+
+ ckmc_cert_free(cert);
+}
+
+void ChainVerifier::verifyNegative(TestData::certificateID idx, int error)
+{
+ ckmc_cert_s* cert = create_cert(idx);
+
+ ckmc_cert_list_s* chain = NULL;
+
+ assert_result(error,
+ ckmc_get_cert_chain_with_trustedcert,
+ cert,
+ m_untrustedCerts,
+ m_trustedCerts,
+ m_system,
+ &chain);
+ RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
+
ckmc_cert_free(cert);
}
} // namespace anonymous
{
remove_user_data(0);
- ChainVerifier<ChainApiOld> cv;
+ ChainVerifierOld cv;
cv.verifyNegative(TestData::GOOGLE_COM);
cv.addUntrusted(TestData::GIAG2);
{
remove_user_data(0);
- ChainVerifier<ChainApiOld> cv;
+ ChainVerifierOld cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
}
true,
NULL_CHAIN);
- // alias
- ca1 = create_cert(TestData::GEOTRUST);
- save_cert(ca1, sharedDatabase("GEOTRUST").c_str());
- AliasListPtr untrusted_a = create_alias_list(sharedDatabase("GEOTRUST").c_str(), NULL);
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
- NULL_CERT,
- untrusted_a.get(),
- untrusted_a.get(),
- true,
- &chain);
-
- assert_invalid_param(ckmc_get_cert_chain_with_trustedcert_alias,
- ca2,
- untrusted_a.get(),
- untrusted_a.get(),
- true,
- NULL_CHAIN);
-
- ckmc_cert_free(ca2);
-}
-
-// check invalid arguments
-RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
-{
- remove_user_data(0);
-
- ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
- ckmc_cert_list_s* chain = NULL;
-
- AliasListPtr non_existing = create_alias_list(sharedDatabase("NON_EXISTING_ALIAS").c_str(), NULL);
- assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
- ckmc_get_cert_chain_with_trustedcert_alias,
- ca2,
- non_existing.get(),
- NULL_ALIASES,
- true,
- &chain);
-
- assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
- ckmc_get_cert_chain_with_trustedcert_alias,
- ca2,
- NULL_ALIASES,
- non_existing.get(),
- true,
- &chain);
ckmc_cert_free(ca2);
}
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.enableSystem(false);
cv.verifyNegative(TestData::EQUIFAX);
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.enableSystem(false);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2);
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
cv.verifyNegative(TestData::GOOGLE_COM);
}
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.verifyPositive(TestData::TEST_IM_CA, 2);// signed by trusted cert (TEST_ROOT_CA)
cv.verifyPositive(TestData::GIAG2, 2); // signed by system cert (GEOTRUST)
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.addUntrusted(TestData::GIAG2);
cv.verifyPositive(TestData::GOOGLE_COM,3); // including system cert
cv.verifyNegative(TestData::TEST_LEAF);
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.enableSystem(false);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addUntrusted(TestData::TEST_IM_CA);
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.enableSystem(false);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addTrusted(TestData::TEST_IM_CA);
{
remove_user_data(0);
- ChainVerifier<> cv;
+ ChainVerifier cv;
cv.enableSystem(true);
cv.addTrusted(TestData::TEST_ROOT_CA);
cv.addUntrusted(TestData::GEOTRUST);