17 #define _OSSPEC_DEFINED
18 #define VC_LT_2005( version ) ( version < 1400 )
22 #if defined( __MVS__ ) || defined( __VMCMS__ )
24 #pragma convlit( suspend )
26 #if defined( __ILEC400__ )
47 #define ONE_YEAR_TIME ( 365 * 86400L )
48 #if defined( __MWERKS__ ) || defined( SYMANTEC_C ) || defined( __MRC__ )
49 #define CERTTIME_DATETEST ( ( ( 2008 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L )
50 #define CERTTIME_Y2KTEST ( ( ( 2020 - 1970 ) * ONE_YEAR_TIME ) + 2082844800L )
52 #define CERTTIME_DATETEST ( ( 2008 - 1970 ) * ONE_YEAR_TIME )
53 #define CERTTIME_Y2KTEST ( ( 2020 - 1970 ) * ONE_YEAR_TIME )
76 if( oldTrustValue != NULL )
116 #if defined( _MSC_VER ) && ( _MSC_VER <= 800 )
117 time_t testTime = time( NULL ), newTime;
119 newTime = mktime( localtime( &testTime ) );
120 if( newTime == testTime )
122 puts(
"Illogical local/GMT time detected. VC++ 1.5x occasionally "
123 "exhibits a bug in\nits time zone handling in which it thinks "
124 "that the local time zone is GMT and\nGMT itself is some "
125 "negative offset from the current time. This upsets\n"
126 "cryptlibs certificate date validity checking, since "
127 "certificates appear to\nhave inconsistent dates. Deleting "
128 "all the temporary files and rebuilding\ncryptlib after "
129 "restarting your machine may fix this.\n" );
134 puts(
"Testing certificate creation/export..." );
145 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
154 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
162 return(
attrErrorExit( cryptCert,
"cryptDeleteAttribute()", status,
181 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
191 puts(
"Untrusted certificate signature check succeeded, should "
205 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
209 puts(
"Exported certificate size != actual data size." );
219 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
229 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
236 int errorType, errorLocus;
238 attrErrorExit( cryptCert,
"cryptCheckCert()", status, __LINE__ );
249 puts(
" (If this test was run within +/- 12 hours of a "
250 "daylight savings time (DST)\n switchover then this is "
251 "a false positive caused by problems in\n performing "
252 "date calculations using the C standard libraries on days "
253 "that\n have 23 or 25 hours due to hours missing or "
254 "being repeated. This problem\n will correct itself "
255 "once the time is more than 12 hours away from the DST\n"
256 " switchover, and only affects the certificate-creation "
265 puts(
"Certificate creation succeeded.\n" );
312 puts(
"Testing CA certificate creation/export..." );
323 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
330 #if defined( __WINDOWS__ ) && defined( _WIN32 ) && defined( _MSC_VER ) && \
337 &time64,
sizeof( time64 ) );
342 &time32,
sizeof( time32 ) );
347 printf(
"Automatic 32 <-> 32-bit time_t correction failed, "
348 "line %d.\n", __LINE__ );
358 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
381 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
385 puts(
"Exported certificate size != actual data size." );
395 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
410 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
418 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
421 &startTime, &value );
427 printf(
"Certificate time read failed with error code %d, line "
428 "%d.\n", status, __LINE__ );
433 printf(
"Warning: Certificate start time is wrong, got %lX, should be "
434 "%lX.\n This is probably due to problems in the "
435 "system time handling routines.\n",
440 printf(
"Warning: Certificate end time is wrong, got %lX, should be "
441 "%lX.\n This is probably due to problems in the "
442 "system time handling routines.\n",
446 #if defined( __WINDOWS__ ) || defined( __linux__ ) || defined( sun )
468 puts(
"CA certificate creation succeeded.\n" );
488 puts(
"Testing XYZZY certificate creation/export..." );
499 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
508 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
526 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
533 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
542 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
552 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
558 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
563 puts(
"XYZZY certificate creation succeeded.\n" );
569 static const wchar_t FAR_BSS unicodeStr[] = {
570 0x0414, 0x043E, 0x0432, 0x0435, 0x0440, 0x044F, 0x0439, 0x002C,
571 0x0020, 0x043D, 0x043E, 0x0020, 0x043F, 0x0440, 0x043E, 0x0432,
572 0x0435, 0x0440, 0x044F, 0x0439, 0x0000 };
573 static const wchar_t FAR_BSS unicode2Str[] = {
574 0x004D, 0x0061, 0x0072, 0x0074, 0x0069, 0x006E, 0x0061, 0x0020,
575 0x0160, 0x0069, 0x006B, 0x006F, 0x0076, 0x006E, 0x00E1, 0x0000 };
600 puts(
"Testing complex string type certificate creation/export..." );
611 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
620 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
622 if( !
addCertFields( cryptCert, textStringCertData, __LINE__ ) )
638 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
645 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
654 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
664 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
670 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
675 puts(
"Complex string type certificate creation succeeded.\n" );
707 #ifdef USE_CERTLEVEL_PKIX_FULL
723 #ifdef USE_CERT_OBSOLETE
730 #ifdef USE_CERTLEVEL_PKIX_PARTIAL
745 C_CHR buffer1[ 64 ], buffer2[ 64 ];
748 puts(
"Testing complex certificate creation/export..." );
759 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
768 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
786 memcmp( buffer1,
TEXT(
"1 2 3 4 5" ), length1 ) ) )
788 printf(
"Error in OID en/decoding, line %d.\n", __LINE__ );
796 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
801 return(
attrErrorExit( cryptCert,
"cryptDeleteAttribute()", status,
806 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
814 #ifndef USE_CERT_OBSOLETE
819 printf(
"Addition of disabled attribute %d wasn't detected, "
824 #ifndef USE_CERTLEVEL_PKIX_FULL
829 printf(
"Indirect addition of disabled attribute %d wasn't "
855 printf(
"Attempt to read and re-read email address failed, line "
859 #ifdef UNICODE_STRINGS
860 buffer1[ length1 /
sizeof(
wchar_t ) ] =
TEXT(
'\0' );
861 buffer2[ length2 /
sizeof(
wchar_t ) ] =
TEXT(
'\0' );
863 buffer1[ length1 ] =
'\0';
864 buffer2[ length2 ] =
'\0';
867 ( length1 != length2 ) || \
871 printf(
"Email address on read #1 = '%s',\n read #2 = '%s', should "
872 "have been '%s', line %d.\n", buffer1, buffer2,
881 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
890 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
900 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
906 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
911 puts(
"Complex certificate creation succeeded.\n" );
920 const char *extensionData =
"\x0C\x04Test";
923 puts(
"Testing certificate with nonstd.extension creation/export..." );
934 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
943 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
951 return(
attrErrorExit( cryptCert,
"cryptAddCertExtension()", status,
978 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
987 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
998 printf(
"Certificate with unrecognised critical extension was "
999 "accepted when it should\nhave been rejected, line %d.\n",
1011 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1019 return(
attrErrorExit( cryptCert,
"cryptGetCertExtension()", status,
1021 if( value !=
TRUE || length != 6 || memcmp( extensionData, buffer, 6 ) )
1023 printf(
"Recovered nonstandard extension data differs from what was "
1024 "written, line %d.\n", __LINE__ );
1030 puts(
"Certificate with nonstd.extension creation succeeded.\n" );
1036 #ifdef USE_CERT_DNSTRING
1039 const C_STR customDN = \
1040 TEXT(
"cn=Dave Taylor + sn=12345, ou=Org.Unit 2\\=1, " )
1041 TEXT(
"ou=Org.Unit 2, ou=Org.Unit 1, " )
1042 TEXT(
"o=Dave's Big Organisation, c=PT" );
1043 const C_STR invalidDnStrings[] = {
1044 TEXT(
"abc\x01\x64" )
TEXT(
"def" ),
1058 puts(
"Testing certificate with custom DN creation/export..." );
1069 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1080 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1084 for( i = 0; invalidDnStrings[ i ] != NULL; i++ )
1087 invalidDnStrings[ i ],
1091 printf(
"Addition of invalid DN string '%s' wasn't detected, "
1092 "line %d.\n", invalidDnStrings[ i ], __LINE__ );
1101 return(
attrErrorExit( cryptCert,
"cryptSetAttributeString()", status,
1107 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1118 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1127 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1133 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1141 return(
attrErrorExit( cryptCert,
"cryptGetAttributeString()", status,
1143 if( length != (
int )
paramStrlen( customDN ) || \
1144 memcmp( customDN, buffer, length ) )
1146 printf(
"Recovered custom DN differs from what was written, line "
1147 "%d.\n", __LINE__ );
1153 puts(
"Certificate with custom DN creation succeeded.\n" );
1155 puts(
"Skipping custom DN certificate creation/export test because "
1156 "support for\nthis capability has been disabled via the cryptlib "
1157 "config options.\n" );
1164 #ifdef USE_CERT_DNSTRING
1167 const C_STR customDN = \
1168 TEXT(
"cn=Dave Taylor, ou=Org.Unit 3, ou=Org.Unit 2, " )
1169 TEXT(
"ou=Org.Unit 1, o=Dave's Big Organisation, c=PT" );
1171 const char *
errorString =
"(Generic attribute get/set/select error)";
1175 puts(
"Testing certificate attribute handling..." );
1186 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1195 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1205 return(
attrErrorExit( cryptCert,
"cryptSetAttributeString()", status,
1211 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1226 errorString =
"Current attribute != subject altName after "
1227 "subject altName was selected";
1236 errorString =
"Fetch of email address from altName failed";
1246 errorString =
"OU was returned after altName was selected";
1254 printf(
"%s, line %d.\n", errorString, __LINE__ );
1266 errorString =
"Current attribute != subject DN after subject DN "
1288 errorString =
"email from altName was returned after subject DN was selected";
1301 errorString =
"Fetch of first OU failed";
1310 errorString =
"CURSOR_NEXT succeeded when no attribute selected";
1323 errorString =
"CURSOR_NEXT succeeded when no attribute instance selected";
1331 printf(
"%s, line %d.\n", errorString, __LINE__ );
1347 errorString =
"Current instance != OU after OU was selected";
1358 errorString =
"CURSOR_NEXT succeeded when no attribute selected";
1369 errorString =
"Move to second OU failed";
1377 errorString =
"Fetch of second OU failed";
1384 errorString =
"Move to last (third) OU failed";
1392 errorString =
"Fetch of third OU failed";
1396 printf(
"%s, line %d.\n", errorString, __LINE__ );
1402 puts(
"Certificate attribute handling succeeded.\n" );
1404 puts(
"Skipping certificate attribute handling test because support "
1405 "for the\nrequired custom DN creation has been disabled via the "
1406 "cryptlib config\noptions.\n" );
1438 #ifdef USE_CERT_OBSOLETE
1443 puts(
"Testing SET certificate creation/export..." );
1454 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1463 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1471 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1480 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1489 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1499 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1505 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1511 puts(
"SET certificate creation succeeded.\n" );
1513 puts(
"Skipping SET certificate creation/export test because support "
1514 "for this\ncertificate type has been disabled via the cryptlib "
1515 "config options.\n" );
1536 puts(
"Testing attribute certificate creation/export..." );
1543 printf(
"Authority private key read failed with error code %d, "
1544 "line %d.\n", status, __LINE__ );
1553 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1561 if( !
addCertFields( cryptCert, attributeCertData, __LINE__ ) )
1567 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1576 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1585 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1595 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1601 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1607 puts(
"Attribute certificate creation succeeded.\n" );
1630 puts(
"Testing certification request creation/export..." );
1641 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1650 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1652 if( !
addCertFields( cryptCert, certRequestData, __LINE__ ) )
1658 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1667 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1674 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1676 printf(
"Exported certification request is %d bytes long.\n",
1684 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1694 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1700 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1706 puts(
"Certification request creation succeeded.\n" );
1739 puts(
"Testing complex certification request creation/export..." );
1750 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1759 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1761 if( !
addCertFields( cryptCert, complexCertRequestData, __LINE__ ) )
1767 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1776 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1783 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1785 printf(
"Exported certification request is %d bytes long.\n",
1793 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1803 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1809 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1815 puts(
"Complex certification request creation succeeded.\n" );
1827 puts(
"Testing CRMF certification request creation/export..." );
1838 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1847 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1849 if( !
addCertFields( cryptCert, certRequestData, __LINE__ ) )
1855 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1864 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1871 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1873 printf(
"Exported certification request is %d bytes long.\n",
1881 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1891 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1897 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1903 puts(
"CRMF certification request creation succeeded.\n" );
1913 puts(
"Testing complex CRMF certification request creation/export..." );
1924 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1933 return(
attrErrorExit( cryptCert,
"cryptSetAttribute()", status,
1935 if( !
addCertFields( cryptCert, complexCertRequestData, __LINE__ ) )
1941 return(
attrErrorExit( cryptCert,
"cryptSignCert()", status,
1950 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1957 return(
attrErrorExit( cryptCert,
"cryptExportCert()", status,
1959 printf(
"Exported certification request is %d bytes long.\n",
1967 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
1977 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
1983 return(
attrErrorExit( cryptCert,
"cryptCheckCert()", status,
1989 puts(
"Complex CRMF certification request creation succeeded.\n" );
2005 puts(
"Testing CRL creation/export..." );
2012 printf(
"CA private key read failed with error code %d, line %d.\n",
2021 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2031 return(
attrErrorExit( cryptCRL,
"cryptSetAttribute()", status,
2048 return(
attrErrorExit( cryptCRL,
"cryptCheckCert()", status,
2055 return(
attrErrorExit( cryptCRL,
"cryptExportCert()", status,
2064 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2074 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2080 return(
attrErrorExit( cryptCRL,
"cryptCheckCert()", status,
2086 puts(
"CRL creation succeeded.\n" );
2112 time_t revocationTime;
2115 puts(
"Testing complex CRL creation/export..." );
2122 printf(
"CA private key read failed with error code %d, line %d.\n",
2131 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2167 #ifdef USE_CERTLEVEL_PKIX_FULL
2177 printf(
"Addition of disabled attribute %d wasn't "
2178 "detected, line %d.\n",
2187 return(
attrErrorExit( cryptCRL,
"cryptSetAttribute(), certificate #1",
2188 status, __LINE__ ) );
2209 return(
attrErrorExit( cryptCRL,
"cryptSetAttribute(), certificate #2",
2210 status, __LINE__ ) );
2226 return(
attrErrorExit( cryptCRL,
"cryptCheckCert()", status,
2233 return(
attrErrorExit( cryptCRL,
"cryptExportCert()", status,
2242 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2252 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2258 return(
attrErrorExit( cryptCRL,
"cryptCheckCert()", status,
2265 printf(
"Revoked certificate wasn't reported as being revoked, "
2266 "line %d.\n", __LINE__ );
2270 &revocationTime, &dummy );
2273 &revocationReason );
2275 return(
attrErrorExit( cryptCRL,
"cryptGetAttribute()", status,
2279 printf(
"Revocation reason was %d, should have been %d, line %d.\n",
2287 puts(
"CRL creation succeeded.\n" );
2310 puts(
"Testing revocation request creation/export..." );
2313 if( ( filePtr = fopen( buffer,
"rb" ) ) == NULL )
2315 puts(
"Couldn't find certificate file for revocation request test." );
2323 puts(
"Certificate import failed, skipping test of revocation "
2334 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2342 return(
attrErrorExit( cryptRequest,
"cryptSetAttribute()", status,
2344 if( !
addCertFields( cryptRequest, revRequestData, __LINE__ ) )
2358 return(
attrErrorExit( cryptRequest,
"cryptExportCert()", status,
2360 printf(
"Exported revocation request is %d bytes long.\n",
2368 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2378 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2386 puts(
"Revocation request creation succeeded.\n" );
2413 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2426 certRequestNoDNData : certRequestData,
2432 printf(
"Certificate creation failed with status %d, line %d.\n",
2444 return(
attrErrorExit( *cryptCertChain,
"cryptSignCert()", status,
2457 puts(
"Testing certificate chain creation/export..." );
2464 printf(
"CA private key read failed with error code %d, line %d.\n",
2470 if( !createChain( &cryptCertChain, cryptCAKey,
FALSE,
TRUE ) )
2479 return(
attrErrorExit( cryptCertChain,
"Setting certificate chain "
2480 "trusted", status, __LINE__ ) );
2484 return(
attrErrorExit( cryptCertChain,
"cryptCheckCert()", status,
2492 return(
attrErrorExit( cryptCertChain,
"Setting chain signing key "
2493 "trusted", status, __LINE__ ) );
2497 return(
attrErrorExit( cryptCertChain,
"cryptCheckCert()", status,
2504 printf(
"Certificate chain verified OK even though it wasn't "
2505 "trusted, line %d.\n", __LINE__ );
2513 return(
attrErrorExit( cryptCertChain,
"cryptExportCert()", status,
2515 printf(
"Exported certificate chain is %d bytes long.\n",
2523 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2533 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2537 printf(
"Checking signatures... " );
2540 return(
attrErrorExit( cryptCertChain,
"Setting certificate chain "
2541 "trusted", status, __LINE__ ) );
2545 return(
attrErrorExit( cryptCertChain,
"cryptCheckCert()", status,
2547 puts(
"signatures verified." );
2557 status = createChain( &cryptCertChain, cryptCAKey,
TRUE,
FALSE );
2560 printf(
"Attempt to create certificate with null DN %s, line %d.\n",
2561 ( status ==
FALSE ) ? \
2562 "failed" :
"succeeded when it should have failed",
2578 printf(
"Attempt to set compliance level to "
2579 "CRYPT_COMPLIANCELEVEL_PKIX_FULL failed with error code "
2580 "%d, line %d.\n", status, __LINE__ );
2583 puts(
"(Couldn't set compliance level to "
2584 "CRYPT_COMPLIANCELEVEL_PKIX_FULL, probably\n because cryptlib "
2585 "has been configured not to use this level, skipping final\n"
2590 status = createChain( &cryptCertChain, cryptCAKey,
TRUE,
TRUE );
2593 if( status !=
TRUE )
2595 puts(
" (This may be because the internal compliance-level "
2596 "handling is wrong)." );
2604 status, __LINE__ ) );
2610 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2619 puts(
"Certificate chain creation succeeded.\n" );
2640 puts(
"Testing CMS attribute creation..." );
2647 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2653 if( !
addCertFields( cryptAttributes, cmsAttributeData, __LINE__ ) )
2666 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2672 puts(
"CMS attribute creation succeeded.\n" );
2686 C_CHR rtcsURL[ 512 ];
2707 puts(
"RTCS responder URL not present in certificate, server "
2708 "name must be provided\n externally." );
2712 printf(
"Attempt to read RTCS responder URL failed with error "
2713 "code %d, line %d.\n", status, __LINE__ );
2720 #ifdef UNICODE_STRINGS
2721 rtcsURL[ count /
sizeof(
wchar_t ) ] =
TEXT(
'\0' );
2722 printf(
"RTCS responder URL = %sS.\n", rtcsURL );
2724 rtcsURL[ count ] =
'\0';
2725 printf(
"RTCS responder URL = %s.\n", rtcsURL );
2734 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2743 cryptErrorObject = cryptCert;
2745 return(
attrErrorExit( cryptErrorObject,
"cryptSetAttribute()",
2746 status, __LINE__ ) );
2764 cryptErrorObject = cryptSecondCert;
2767 return(
attrErrorExit( cryptErrorObject,
"cryptSetAttribute()",
2768 status, __LINE__ ) );
2780 puts(
"Testing RTCS request creation..." );
2787 printf(
"cryptImportCert() failed with error code %d, line %d.\n",
2805 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
2810 puts(
"RTCS request creation succeeded.\n" );
2827 C_CHR ocspURL[ 512 ];
2839 printf(
"CA cryptImportCert() failed with error code %d, line "
2840 "%d.\n", status, __LINE__ );
2849 printf(
"EE cryptImportCert() failed with error code %d, line %d.\n",
2872 puts(
"OCSP responder URL not present in certificate, server "
2873 "name must be provided\n externally." );
2877 printf(
"Attempt to read OCSP responder URL failed with error "
2878 "code %d, line %d.\n", status, __LINE__ );
2885 #ifdef UNICODE_STRINGS
2886 ocspURL[ count /
sizeof(
wchar_t ) ] =
TEXT(
'\0' );
2887 printf(
"OCSP responder URL = %S.\n", ocspURL );
2889 ocspURL[ count ] =
'\0';
2890 printf(
"OCSP responder URL = %s.\n", ocspURL );
2899 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
2903 cryptErrorObject = *cryptOCSPRequest;
2913 cryptErrorObject = cryptOCSPCA;
2920 cryptErrorObject = cryptOCSPEE;
2923 return(
attrErrorExit( cryptErrorObject,
"cryptSetAttribute()",
2924 status, __LINE__ ) );
2939 cryptErrorObject = cryptOCSPEE;
2942 return(
attrErrorExit( *cryptOCSPRequest,
"cryptSetAttribute()",
2943 status, __LINE__ ) );
2952 return(
attrErrorExit( *cryptOCSPRequest,
"cryptSetAttribute()",
2953 status, __LINE__ ) );
2954 status =
cryptSignCert( *cryptOCSPRequest, privKeyContext );
2956 cryptErrorObject = privKeyContext;
2959 status, __LINE__ ) );
2976 puts(
"Testing OCSP request creation..." );
2983 puts(
"OCSPv1 succeeded." );
2992 printf(
"cryptDestroyCert() failed with error code %d, line %d.\n",
3004 puts(
"OCSPv2 succeeded." );
3014 printf(
"User private key read failed with error code %d, line "
3015 "%d.\n", status, __LINE__ );
3022 puts(
"Signed OCSP request succeeded." );
3027 puts(
"Signed OCSP request with single signing certificate succeeded." );
3032 puts(
"Signed OCSP request with signing certificate chain succeeded." );
3035 puts(
"OCSP request creation succeeded.\n" );
3080 #define PKIUSER_NAME_INDEX 3
3082 static int testPKIUserCreate(
const CERT_DATA *pkiUserInfo )
3093 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
3099 printf(
"Couldn't create PKI user info for user '%s', line %d.\n",
3111 puts(
"Testing PKI user information creation..." );
3112 if( !testPKIUserCreate( pkiUserData ) )
3114 if( !testPKIUserCreate( pkiUserExtData ) )
3116 if( !testPKIUserCreate( pkiUserCAData ) )
3118 puts(
"PKI user information creation succeeded.\n" );