|
sl@0
|
1 |
/*
|
|
sl@0
|
2 |
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
sl@0
|
3 |
* All rights reserved.
|
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
sl@0
|
8 |
*
|
|
sl@0
|
9 |
* Initial Contributors:
|
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
|
sl@0
|
11 |
*
|
|
sl@0
|
12 |
* Contributors:
|
|
sl@0
|
13 |
*
|
|
sl@0
|
14 |
* Description:
|
|
sl@0
|
15 |
*
|
|
sl@0
|
16 |
*/
|
|
sl@0
|
17 |
|
|
sl@0
|
18 |
|
|
sl@0
|
19 |
#if !defined(__E32STD_H__)
|
|
sl@0
|
20 |
#include <e32std.h>
|
|
sl@0
|
21 |
#endif
|
|
sl@0
|
22 |
|
|
sl@0
|
23 |
#if !defined (__BADESCA_H__)
|
|
sl@0
|
24 |
#include <badesca.h>
|
|
sl@0
|
25 |
#endif
|
|
sl@0
|
26 |
|
|
sl@0
|
27 |
#include <x509certchain.h>
|
|
sl@0
|
28 |
|
|
sl@0
|
29 |
_LIT(KCorrectFile1, "correctchain.txt");
|
|
sl@0
|
30 |
|
|
sl@0
|
31 |
//certs
|
|
sl@0
|
32 |
//thawte root
|
|
sl@0
|
33 |
_LIT(KTWSSRoot, "thawteserverca.cer");
|
|
sl@0
|
34 |
//rsa/verisign root
|
|
sl@0
|
35 |
_LIT(KRSASSCA, "vsignss.cer");
|
|
sl@0
|
36 |
_LIT(KRSASSCA_OLD, "rsassca_old.crt");
|
|
sl@0
|
37 |
_LIT(KDashnet, "dashnet.crt");
|
|
sl@0
|
38 |
_LIT(K3Do, "3do.crt");
|
|
sl@0
|
39 |
|
|
sl@0
|
40 |
_LIT(KVSignCA3, "verisignclass3primaryca.cer");
|
|
sl@0
|
41 |
_LIT(KVSignServer3, "verisignserverclass3.crt");
|
|
sl@0
|
42 |
_LIT(KLloyds, "lloyds.crt");
|
|
sl@0
|
43 |
|
|
sl@0
|
44 |
_LIT(KRoot, "CA3_root.crt");
|
|
sl@0
|
45 |
_LIT(KCA2, "CA2.crt");
|
|
sl@0
|
46 |
_LIT(KCA1, "CA1.crt");
|
|
sl@0
|
47 |
_LIT(KEE, "EE.crt");
|
|
sl@0
|
48 |
//noise
|
|
sl@0
|
49 |
_LIT(KCA1SameDN, "CA1_H_sameDN.crt");
|
|
sl@0
|
50 |
_LIT(KCA2SameDN, "CA2_H_sameDN.crt");
|
|
sl@0
|
51 |
_LIT(KExtra, "interclear.crt");
|
|
sl@0
|
52 |
//
|
|
sl@0
|
53 |
_LIT(KGSRoot, "globalsignroot.cer");
|
|
sl@0
|
54 |
_LIT(KGSPC1, "globalsignprimaryclass1ca.cer");
|
|
sl@0
|
55 |
_LIT(KGSC1, "globalsignclass1ca.cer");
|
|
sl@0
|
56 |
_LIT(KGSWB, "willsglobalsign.crt");
|
|
sl@0
|
57 |
|
|
sl@0
|
58 |
//fortezza test certs
|
|
sl@0
|
59 |
//1st hierachy
|
|
sl@0
|
60 |
_LIT(KFortezzaPAA1, "x22paa.crt");
|
|
sl@0
|
61 |
_LIT(KFortezzaPCA1, "x22pca1.crt");
|
|
sl@0
|
62 |
_LIT(KFortezzaCA1, "x22ca1.crt");
|
|
sl@0
|
63 |
//user certs off this...
|
|
sl@0
|
64 |
_LIT(KFortezzaCA1EE1, "rich1.crt");
|
|
sl@0
|
65 |
_LIT(KFortezzaCA1EE2, "david1.crt");
|
|
sl@0
|
66 |
_LIT(KFortezzaExpired, "expired.crt");
|
|
sl@0
|
67 |
_LIT(KFortezzaFuture, "future.crt");
|
|
sl@0
|
68 |
_LIT(KFortezzaNameMismatch, "nameMismatch.crt");
|
|
sl@0
|
69 |
_LIT(KFortezzaInvalidSig, "invalidSig.crt");
|
|
sl@0
|
70 |
//next one just tests CRL-related errors, so should validate OK
|
|
sl@0
|
71 |
_LIT(KFortezzaKeyCompromise, "KeyCompromise.crt");
|
|
sl@0
|
72 |
_LIT(KFortezzaBadSubjName1, "BadSubjName1.crt");
|
|
sl@0
|
73 |
_LIT(KFortezzaBadSubjName2, "BadSubjName2.crt");
|
|
sl@0
|
74 |
_LIT(KFortezzaInvalidConstraints, "InvalidConstraints.crt");
|
|
sl@0
|
75 |
//other sub-hierachies
|
|
sl@0
|
76 |
_LIT(KFortezzaTestCA2, "testCA2.crt");
|
|
sl@0
|
77 |
_LIT(KFortezzaTestSubCA2, "testSubCA.crt");
|
|
sl@0
|
78 |
_LIT(KFortezzaPathLen, "pathLen.crt");
|
|
sl@0
|
79 |
_LIT(KFortezzaBadCA1, "BadCA1.crt");
|
|
sl@0
|
80 |
_LIT(KFortezzaInvalidCAUser1, "InvalidCAUser1.crt");
|
|
sl@0
|
81 |
_LIT(KFortezzaBadCA2, "BadCA2.crt");
|
|
sl@0
|
82 |
_LIT(KFortezzaInvalidCAUser2, "InvalidCAUser2.crt");
|
|
sl@0
|
83 |
//2nd hierachy
|
|
sl@0
|
84 |
_LIT(KFortezzaPAA2, "rn_paa.crt");
|
|
sl@0
|
85 |
_LIT(KFortezzaPCA2, "rn_pca.crt");
|
|
sl@0
|
86 |
_LIT(KFortezzaCA2, "rn_ca.crt");
|
|
sl@0
|
87 |
_LIT(KFortezzaCA2EE1, "rn_user1.crt");
|
|
sl@0
|
88 |
_LIT(KFortezzaCA2BadAltName, "rn_BadAltName.crt");
|
|
sl@0
|
89 |
_LIT(KFortezzaCA2BadPolicy, "rn_BadPolicy.crt");
|
|
sl@0
|
90 |
|
|
sl@0
|
91 |
//3rd hierachy
|
|
sl@0
|
92 |
_LIT(KMedRootCA, "1A.cer");
|
|
sl@0
|
93 |
_LIT(KMedCA1, "24.cer");
|
|
sl@0
|
94 |
_LIT(KMedCA1EE1, "11C5.cer");
|
|
sl@0
|
95 |
_LIT(KMedCA1EE2, "139F.cer");
|
|
sl@0
|
96 |
|
|
sl@0
|
97 |
//cross certificate
|
|
sl@0
|
98 |
_LIT(KFortezzaX22RNCrossCert, "rn_cross.crt");
|
|
sl@0
|
99 |
|
|
sl@0
|
100 |
//FINEID certificates
|
|
sl@0
|
101 |
_LIT(KFINEIDCitizenCA, "citizen-ca.crt");
|
|
sl@0
|
102 |
_LIT(KFINEIDLipponenSign, "lipponen-sign.crt");
|
|
sl@0
|
103 |
_LIT(KFINEIDLipponenEncrypt, "lipponen-encrypt.crt");
|
|
sl@0
|
104 |
_LIT(KFINEIDTestCA3, "finsign-test3-ca.crt");
|
|
sl@0
|
105 |
_LIT(KFINEIDHelsinkiSign, "helsinki-sign.crt");
|
|
sl@0
|
106 |
_LIT(KFINEIDHelsinkiEncrypt, "helsinki-encrypt.crt");
|
|
sl@0
|
107 |
|
|
sl@0
|
108 |
//apache
|
|
sl@0
|
109 |
_LIT(KApacheRSARoot, "ca-rsa.crt");
|
|
sl@0
|
110 |
_LIT(KApacheRSAServer, "rsa.crt");
|
|
sl@0
|
111 |
_LIT(KApacheDSARoot, "ca-dsa.crt");
|
|
sl@0
|
112 |
_LIT(KApacheDSAServer, "dsa.crt");
|
|
sl@0
|
113 |
|
|
sl@0
|
114 |
//policy testing
|
|
sl@0
|
115 |
_LIT(KX22Policy, "2.16.840.1.101.2.1.11");
|
|
sl@0
|
116 |
_LIT(KRNPolicy, "2.16.840.1.101.2.1.11.2");
|
|
sl@0
|
117 |
//_LIT(KExtraBogusPolicy, "2.16.840.1.101.2.1.11.4");
|
|
sl@0
|
118 |
_LIT(KExtraBogusPolicy, "bogus!!");
|
|
sl@0
|
119 |
|
|
sl@0
|
120 |
class CTestChain : public CBase
|
|
sl@0
|
121 |
{
|
|
sl@0
|
122 |
public:
|
|
sl@0
|
123 |
~CTestChain();
|
|
sl@0
|
124 |
CTestChain();
|
|
sl@0
|
125 |
virtual void ConstructL();
|
|
sl@0
|
126 |
CDesCArray* iServerCerts;
|
|
sl@0
|
127 |
CDesCArray* iRootCerts;
|
|
sl@0
|
128 |
CDesCArray* iExtraCerts;
|
|
sl@0
|
129 |
};
|
|
sl@0
|
130 |
|
|
sl@0
|
131 |
class CTestChainBuild : public CTestChain
|
|
sl@0
|
132 |
{
|
|
sl@0
|
133 |
public:
|
|
sl@0
|
134 |
static CTestChainBuild* NewL();
|
|
sl@0
|
135 |
static CTestChainBuild* NewLC();
|
|
sl@0
|
136 |
~CTestChainBuild();
|
|
sl@0
|
137 |
HBufC* iCorrectChain;
|
|
sl@0
|
138 |
};
|
|
sl@0
|
139 |
|
|
sl@0
|
140 |
class CTestChainValidate : public CTestChain
|
|
sl@0
|
141 |
{
|
|
sl@0
|
142 |
public:
|
|
sl@0
|
143 |
static CTestChainValidate* NewL();
|
|
sl@0
|
144 |
static CTestChainValidate* NewLC();
|
|
sl@0
|
145 |
void ConstructL();
|
|
sl@0
|
146 |
~CTestChainValidate();
|
|
sl@0
|
147 |
TValidationStatus* iError;
|
|
sl@0
|
148 |
CArrayFixFlat<TValidationStatus>* iWarnings;
|
|
sl@0
|
149 |
CDesCArray* iPolicies;
|
|
sl@0
|
150 |
};
|
|
sl@0
|
151 |
|
|
sl@0
|
152 |
class TestSpec
|
|
sl@0
|
153 |
{
|
|
sl@0
|
154 |
public:
|
|
sl@0
|
155 |
TestSpec();
|
|
sl@0
|
156 |
//chain build tests
|
|
sl@0
|
157 |
CTestChainBuild* TestBuildSpec1();
|
|
sl@0
|
158 |
CTestChainBuild* TestBuildSpec2();
|
|
sl@0
|
159 |
CTestChainBuild* TestBuildSpec3();
|
|
sl@0
|
160 |
CTestChainBuild* TestBuildSpec4();
|
|
sl@0
|
161 |
CTestChainBuild* TestBuildSpec5();
|
|
sl@0
|
162 |
CTestChainBuild* TestBuildSpec6();
|
|
sl@0
|
163 |
|
|
sl@0
|
164 |
CTestChainBuild* TestBuildSpec7();
|
|
sl@0
|
165 |
CTestChainBuild* TestBuildSpec8();
|
|
sl@0
|
166 |
CTestChainBuild* TestBuildSpec9();
|
|
sl@0
|
167 |
CTestChainBuild* TestBuildSpec10();
|
|
sl@0
|
168 |
CTestChainBuild* TestBuildSpec11();
|
|
sl@0
|
169 |
CTestChainBuild* TestBuildSpec12();
|
|
sl@0
|
170 |
|
|
sl@0
|
171 |
//chain validate tests
|
|
sl@0
|
172 |
//Fortezza tests
|
|
sl@0
|
173 |
CTestChainValidate* TestValidateSpec1();
|
|
sl@0
|
174 |
CTestChainValidate* TestValidateSpec2();
|
|
sl@0
|
175 |
CTestChainValidate* TestValidateSpec3();
|
|
sl@0
|
176 |
CTestChainValidate* TestValidateSpec4();
|
|
sl@0
|
177 |
CTestChainValidate* TestValidateSpec5();
|
|
sl@0
|
178 |
CTestChainValidate* TestValidateSpec6();
|
|
sl@0
|
179 |
CTestChainValidate* TestValidateSpec7();
|
|
sl@0
|
180 |
CTestChainValidate* TestValidateSpec8();
|
|
sl@0
|
181 |
CTestChainValidate* TestValidateSpec9();
|
|
sl@0
|
182 |
CTestChainValidate* TestValidateSpec10();
|
|
sl@0
|
183 |
CTestChainValidate* TestValidateSpec11();
|
|
sl@0
|
184 |
CTestChainValidate* TestValidateSpec12();
|
|
sl@0
|
185 |
CTestChainValidate* TestValidateSpec13();
|
|
sl@0
|
186 |
CTestChainValidate* TestValidateSpec14();
|
|
sl@0
|
187 |
CTestChainValidate* TestValidateSpec15();
|
|
sl@0
|
188 |
CTestChainValidate* TestValidateSpec16();
|
|
sl@0
|
189 |
CTestChainValidate* TestValidateSpec17();
|
|
sl@0
|
190 |
//lloyds chain
|
|
sl@0
|
191 |
CTestChainValidate* TestValidateSpec18();
|
|
sl@0
|
192 |
//test case where only one self signed trusted cert is supplied
|
|
sl@0
|
193 |
CTestChainValidate* TestValidateSpec19();
|
|
sl@0
|
194 |
//test case where only one self signed untrusted cert is supplied
|
|
sl@0
|
195 |
CTestChainValidate* TestValidateSpec20();
|
|
sl@0
|
196 |
//test case where no certs are supplied (this one should leave)
|
|
sl@0
|
197 |
CTestChainValidate* TestValidateSpec21();
|
|
sl@0
|
198 |
//test case for chain using RSA+SHA1
|
|
sl@0
|
199 |
CTestChainValidate* TestValidateSpec22();
|
|
sl@0
|
200 |
CTestChainValidate* TestValidateSpec23();
|
|
sl@0
|
201 |
//FINEID test cases
|
|
sl@0
|
202 |
CTestChainValidate* TestValidateSpec24();
|
|
sl@0
|
203 |
CTestChainValidate* TestValidateSpec25();
|
|
sl@0
|
204 |
CTestChainValidate* TestValidateSpec26();
|
|
sl@0
|
205 |
CTestChainValidate* TestValidateSpec27();
|
|
sl@0
|
206 |
//test warning generated when root cert not self signed
|
|
sl@0
|
207 |
CTestChainValidate* TestValidateSpec28();
|
|
sl@0
|
208 |
//test case with Apache default certs
|
|
sl@0
|
209 |
CTestChainValidate* TestValidateSpec29();
|
|
sl@0
|
210 |
CTestChainValidate* TestValidateSpec30();
|
|
sl@0
|
211 |
//policy processing tests
|
|
sl@0
|
212 |
CTestChainValidate* TestValidateSpec31();
|
|
sl@0
|
213 |
CTestChainValidate* TestValidateSpec32();
|
|
sl@0
|
214 |
CTestChainValidate* TestValidateSpec33();
|
|
sl@0
|
215 |
CTestChainValidate* TestValidateSpec34();
|
|
sl@0
|
216 |
CTestChainValidate* TestValidateSpec35();
|
|
sl@0
|
217 |
};
|
|
sl@0
|
218 |
|
|
sl@0
|
219 |
|