11 #if defined( __MVS__ ) || defined( __VMCMS__ )
13 #pragma convlit( suspend )
15 #if defined( __ILEC400__ )
60 static int createCertRequest(
void *certRequest,
73 TEXT(
"Private key" ),
93 const time_t startTime = time( NULL ) - 1000;
94 const time_t endTime = time( NULL ) + 86400;
122 static int createCertificate(
void *
certificate,
const void *certRequest,
123 const int certReqLength,
160 static int createCertDirect(
void *certificate,
173 TEXT(
"Private key" ),
210 const char *certName = \
212 ( useCRMF ?
"prcrtrsa_c" :
"prcrtrsa" ) : \
220 printf(
"Testing %s certificate processing%s...\n", algoName,
221 useCRMF ?
" from CRMF request" :
"" );
228 const char *reqName = \
230 ( useCRMF ?
"prreqrsa_c" :
"prreqrsa" ) : \
235 status = length = createCertRequest(
certBuffer, cryptAlgo, useCRMF );
238 printf(
"Certification request creation failed with error code "
239 "%d, line %d.\n", status, __LINE__ );
249 status = createCertDirect(
certBuffer, cryptAlgo, cryptCAKey );
252 printf(
"Certificate creation failed with error code %d, line "
253 "%d.\n", status, __LINE__ );
268 printf(
"Certificate validation failed with error code %d, line %d.\n",
275 printf(
"%s certificate processing succeeded.\n\n", algoName );
289 printf(
"CA private key read failed with error code %d, line %d.\n",
326 status = certProcess(
CRYPT_ALGO_RSA,
"RSA with SHA-256", cryptCAKey,
459 CRYPT_KEYUSAGE_CRLSIGN },
463 #ifdef USE_CERT_DNSTRING
467 TEXT(
"cn=www.example.com + cn=www.wetaburgers.com, ou=Procurement, o=Wetaburgers, c=NZ" ) },
475 static int addCertRequest(
const CRYPT_KEYSET cryptCertStore,
489 TEXT(
"Private key" ),
494 printf(
"Creation of private key for certificate failed with error "
495 "code %d, line %d.\n", status, __LINE__ );
506 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
515 const time_t theTime = time( NULL ) + 5;
529 return(
attrErrorExit( cryptCertRequest,
"cryptSetAttribute()",
530 status, __LINE__ ) );
531 if( !
addCertFields( cryptCertRequest, certReqData, __LINE__ ) )
544 status, __LINE__ ) );
558 printf(
"Couldn't export/re-import certificate request, status = "
559 "%d, line %d.\n", status, __LINE__ );
566 return(
extErrorExit( cryptCertStore,
"cryptCAAddItem()", status,
569 return( cryptCertRequest );
579 static int addRevRequest(
const CRYPT_KEYSET cryptCertStore,
589 printf(
"Revoking certificate for '%s'.\n",
590 (
char * ) certReqData[ i ].stringValue );
592 certReqData[ i ].stringValue );
594 return(
extErrorExit( cryptCertStore,
"cryptGetPublicKey()", status,
602 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
609 return(
attrErrorExit( cryptCertRequest,
"cryptSetAttribute()",
610 status, __LINE__ ) );
611 if( !
addCertFields( cryptCertRequest, revRequestData, __LINE__ ) )
617 return(
extErrorExit( cryptCertStore,
"cryptCAAddItem()", status,
620 return( cryptCertRequest );
628 static int issueCert(
const CRYPT_KEYSET cryptCertStore,
641 printf(
"Issuing certificate for '%s'.\n",
642 (
char * ) certReqData[ i ].stringValue );
648 cryptCertRequest = addCertRequest( cryptCertStore, certReqData, isExpired );
649 if( !cryptCertRequest )
652 cryptCertStore, cryptCAKey,
659 puts(
"The short-expiry-time certificate has already expired at "
660 "the time of issue.\nThis happened because there was a "
661 "delay of more than 5s between adding the\nrequest and "
662 "issuing the certificate for it. Try re-running the test "
663 "on a\nless-heavily-loaded system, or increase the expiry "
664 "delay to more than 5s." );
667 return(
extErrorExit( cryptCertStore,
"cryptCACertManagement()",
668 status, __LINE__ ) );
674 static int checkInvalidIssueRejected(
const CRYPT_KEYSET cryptCertStore,
677 const BOOLEAN requestCreationShouldFail )
687 printf(
"Issuing certificate for '%s'.\n",
688 (
char * ) certReqData[ i ].stringValue );
696 puts(
"Issuing certificate for synthetic invalid DN." );
700 cryptCertRequest = addCertRequest( cryptCertStore, certReqData,
FALSE );
701 if( !cryptCertRequest )
709 if( requestCreationShouldFail )
711 puts(
" (This is an expected result since this test verifies "
712 "handling of\n invalid request data)." );
718 cryptCertStore, cryptCAKey,
740 int noEntries = 0,
status;
744 cryptCertStore, cryptCAKey,
747 return(
extErrorExit( cryptCertStore,
"cryptCACertManagement()",
748 status, __LINE__ ) );
759 printf(
"CRL has %d entr%s.\n", noEntries,
760 ( noEntries == 1 ) ?
"y" :
"ies" );
762 puts(
" (This is probably because there haven't been any revocation "
763 "entries added\n via the CMP test yet)." );
782 certReqData[ i ].stringValue );
794 puts(
"Testing certificate management using certificate store..." );
801 printf(
"CA private key read failed with error code %d, line %d.\n",
831 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
845 puts(
"Issuing certificate for 'Test user 1'..." );
846 cryptCertRequest = addCertRequest( cryptCertStore, cert1Data,
FALSE );
847 if( !cryptCertRequest )
852 TEXT(
"Test user 1" ) );
854 return(
extErrorExit( cryptCertStore,
"cryptCAGetItem()", status,
857 cryptCertStore, cryptCAKey,
861 return(
extErrorExit( cryptCertStore,
"cryptCACertManagement()",
862 status, __LINE__ ) );
872 if( !issueCert( cryptCertStore, cryptCAKey, expiredCert1Data,
TRUE ) )
874 if( !issueCert( cryptCertStore, cryptCAKey, expiredCert2Data,
TRUE ) )
876 if( !issueCert( cryptCertStore, cryptCAKey, revokableCert1Data,
FALSE ) )
878 if( !issueCert( cryptCertStore, cryptCAKey, revokableCert2Data,
FALSE ) )
889 if( !checkInvalidIssueRejected( cryptCertStore, cryptCAKey,
890 certCA1Data,
TRUE ) || \
891 !checkInvalidIssueRejected( cryptCertStore, cryptCAKey,
892 certCA2Data,
FALSE ) )
894 printf(
"Issue of certificate from invalid request succeeded when "
895 "it should have failed,\nline %d.\n", __LINE__ );
899 #ifdef USE_CERT_DNSTRING
903 if( !checkInvalidIssueRejected( cryptCertStore, cryptCAKey,
904 certDodgyDNData,
FALSE ) )
906 printf(
"Issue of certificate from invalid request succeeded when "
907 "it should have failed,\nline %d.\n", __LINE__ );
914 status = cryptCert = getCertFromTemplate( cryptCertStore, cert1Data );
927 ( filePtr = fopen( fileName,
"wb" ) ) != NULL )
931 count = fwrite(
certBuffer, 1, length, filePtr );
936 puts(
"Warning: Couldn't save OCSP CA certificate to disk, "
937 "this will cause later\n OCSP server tests to "
938 "fail. Press a key to continue." );
949 ( filePtr = fopen( fileName,
"wb" ) ) != NULL )
953 count = fwrite(
certBuffer, 1, length, filePtr );
958 puts(
"Warning: Couldn't save OCSP non-revoked certificate "
959 "to disk, this will cause later\n OCSP server "
960 "tests to fail. Press a key to continue." );
967 status = cryptCert = getCertFromTemplate( cryptCertStore,
968 revokableCert1Data );
980 ( filePtr = fopen( fileName,
"wb" ) ) != NULL )
984 count = fwrite(
certBuffer, 1, length, filePtr );
989 puts(
"Warning: Couldn't save OCSP revoked certificate "
990 "to disk, this will cause later\n OCSP server "
991 "tests to fail. Press a key to continue." );
999 puts(
"Issued certificates couldn't be fetched from the certificate "
1000 "store and written\nto disk, the OCSP server test will abort "
1001 "when it fails to find\nthese certificates." );
1008 if( !issueCRL( cryptCertStore, cryptCAKey ) )
1013 status = cryptCert = getCertFromTemplate( cryptCertStore,
1017 &certTime, &dummy );
1020 puts(
"Couldn't get expiry information for expired certificate." );
1024 if( certTime >= time( NULL ) )
1026 printf(
"Waiting for certificates to expire.." );
1027 while( certTime >= time( NULL ) )
1038 puts(
"Expiring certificates..." );
1043 return(
extErrorExit( cryptCertStore,
"cryptCACertManagement()",
1044 status, __LINE__ ) );
1049 puts(
"Certificate management using certificate store succeeded.\n" );