diff options
Diffstat (limited to 'base/tps/src/selftests/TPSValidity.cpp')
-rw-r--r-- | base/tps/src/selftests/TPSValidity.cpp | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/base/tps/src/selftests/TPSValidity.cpp b/base/tps/src/selftests/TPSValidity.cpp new file mode 100644 index 000000000..e70263e80 --- /dev/null +++ b/base/tps/src/selftests/TPSValidity.cpp @@ -0,0 +1,215 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2010 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +#ifdef __cplusplus +extern "C" +{ +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> + +#include "prmem.h" +#include "prsystem.h" +#include "plstr.h" +#include "prio.h" + +#include "cert.h" +#include "certt.h" + +#ifdef __cplusplus +} +#endif + +#include "engine/RA.h" +#include "main/ConfigStore.h" +#include "selftests/TPSValidity.h" + + +int TPSValidity::initialized = 0; +bool TPSValidity::startupEnabled = false; +bool TPSValidity::onDemandEnabled = false; +bool TPSValidity::startupCritical = false; +bool TPSValidity::onDemandCritical = false; +char *TPSValidity::nickname = 0; +const char *TPSValidity::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]"; +const char *TPSValidity::NICKNAME_NAME = "selftests.plugin.TPSValidity.nickname"; +const char *TPSValidity::CRITICAL_TEST_NAME = "TPSValidity:critical"; +const char *TPSValidity::TEST_NAME = "TPSValidity"; + + +//default constructor +TPSValidity::TPSValidity() +{ +} + +TPSValidity::~TPSValidity() +{ +} + +void TPSValidity::Initialize (ConfigStore *cfg) +{ + if (TPSValidity::initialized == 0) { + TPSValidity::initialized = 1; + const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP); + if (s != NULL) { + if (PL_strstr (s, TPSValidity::CRITICAL_TEST_NAME) != NULL) { + startupCritical = true; + startupEnabled = true; + } else if (PL_strstr (s, TPSValidity::TEST_NAME) != NULL) { + startupEnabled = true; + } + } + const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND); + if (d != NULL) { + if (PL_strstr (d, TPSValidity::CRITICAL_TEST_NAME) != NULL) { + onDemandCritical = true; + onDemandEnabled = true; + } else if (PL_strstr (d, TPSValidity::TEST_NAME) != NULL) { + onDemandEnabled = true; + } + } + char* n = (char*)(cfg->GetConfigAsString(TPSValidity::NICKNAME_NAME)); + if (n != NULL && PL_strlen(n) > 0) { + if (PL_strstr (n, TPSValidity::UNINITIALIZED_NICKNAME) != NULL) { + TPSValidity::initialized = 0; + } else { + TPSValidity::nickname = n; + } + } + if (TPSValidity::initialized == 1) { + TPSValidity::initialized = 2; + } + } + RA::SelfTestLog("TPSValidity::Initialize", "%s", ((initialized==2)?"successfully completed":"failed")); +} + +// Error codes: +// -1 - missing cert db handle +// 2 - missing cert +// -3 - missing cert nickname +// 4 - secCertTimeExpired +// 5 - secCertTimeNotValidYet +// critical errors are negative + +int TPSValidity::runSelfTest () +{ + int rc = 0; + + if (TPSValidity::initialized == 2) { + if (TPSValidity::nickname != NULL && PL_strlen(TPSValidity::nickname) > 0) { + rc = TPSValidity::runSelfTest (TPSValidity::nickname); + } else { + rc = -3; + } + } + + return rc; +} + +int TPSValidity::runSelfTest (const char *nick_name) +{ + SECCertTimeValidity certTimeValidity; + PRTime now; + int rc = 0; + CERTCertDBHandle *handle = 0; + CERTCertificate *cert = 0; + + if (TPSValidity::initialized == 2) { + handle = CERT_GetDefaultCertDB(); + if (handle != 0) { + cert = CERT_FindCertByNickname( handle, (char *) nick_name); + if (cert != 0) { + now = PR_Now(); + certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE); + if (certTimeValidity == secCertTimeExpired) { + rc = 4; + } else if (certTimeValidity == secCertTimeNotValidYet) { + rc = 5; + } + CERT_DestroyCertificate (cert); + cert = 0; + } else { + rc = 2; + } + } else { + rc = -1; + } + } + + return rc; +} + +int TPSValidity::runSelfTest (const char *nick_name, CERTCertificate *cert) +{ + SECCertTimeValidity certTimeValidity; + PRTime now; + int rc = 0; + + if (TPSValidity::initialized == 2) { + if (cert != 0) { + now = PR_Now(); + certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE); + if (certTimeValidity == secCertTimeExpired) { + rc = 4; + } else if (certTimeValidity == secCertTimeNotValidYet) { + rc = 5; + } + CERT_DestroyCertificate (cert); + cert = 0; + } else if (nick_name != 0 && PL_strlen(nick_name) > 0) { + rc = TPSValidity::runSelfTest (nick_name); + } else { + rc = TPSValidity::runSelfTest (); + } + } + + return rc; + +} + +bool TPSValidity::isStartupEnabled () +{ + return startupEnabled; +} + +bool TPSValidity::isOnDemandEnabled () +{ + return onDemandEnabled; +} + +bool TPSValidity::isStartupCritical () +{ + return startupCritical; +} + +bool TPSValidity::isOnDemandCritical () +{ + return onDemandCritical; +} + |