Commit 53850b92 authored by Franziskus Kiefer's avatar Franziskus Kiefer

Bug 1479787 - build mozpkix as part of NSS, r=mt,keeler

Differential Revision: https://phabricator.services.mozilla.com/D2719
Differential Revision: https://phabricator.services.mozilla.com/D2720
Differential Revision: https://phabricator.services.mozilla.com/D2861

--HG--
rename : cpputil/scoped_ptrs.h => cpputil/nss_scoped_ptrs.h
rename : lib/mozpkix/test/gtest/README.txt => gtests/mozpkix_gtest/README.txt
rename : lib/mozpkix/test/gtest/pkixbuild_tests.cpp => gtests/mozpkix_gtest/pkixbuild_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcert_extension_tests.cpp => gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcert_signature_algorithm_tests.cpp => gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_CheckIssuer_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_CheckKeyUsage_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_CheckValidity_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckValidity_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_ParseValidity_tests.cpp => gtests/mozpkix_gtest/pkixcheck_ParseValidity_tests.cpp
rename : lib/mozpkix/test/gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp => gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp
rename : lib/mozpkix/test/gtest/pkixder_input_tests.cpp => gtests/mozpkix_gtest/pkixder_input_tests.cpp
rename : lib/mozpkix/test/gtest/pkixder_pki_types_tests.cpp => gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp
rename : lib/mozpkix/test/gtest/pkixder_universal_types_tests.cpp => gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
rename : lib/mozpkix/test/gtest/pkixgtest.cpp => gtests/mozpkix_gtest/pkixgtest.cpp
rename : lib/mozpkix/test/gtest/pkixgtest.h => gtests/mozpkix_gtest/pkixgtest.h
rename : lib/mozpkix/test/gtest/pkixnames_tests.cpp => gtests/mozpkix_gtest/pkixnames_tests.cpp
rename : lib/mozpkix/test/gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp => gtests/mozpkix_gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp
rename : lib/mozpkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp => gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp
rename : lib/mozpkix/test/lib/pkixtestnss.h => lib/mozpkix/include/pkix-test/pkixtestnss.h
rename : lib/mozpkix/test/lib/pkixtestutil.h => lib/mozpkix/include/pkix-test/pkixtestutil.h
rename : lib/mozpkix/lib/pkixcheck.h => lib/mozpkix/include/pkix/pkixcheck.h
rename : lib/mozpkix/lib/pkixder.h => lib/mozpkix/include/pkix/pkixder.h
rename : lib/mozpkix/lib/pkixutil.h => lib/mozpkix/include/pkix/pkixutil.h
rename : lib/mozpkix/test/lib/pkixtestalg.cpp => lib/mozpkix/test-lib/pkixtestalg.cpp
rename : lib/mozpkix/test/lib/pkixtestnss.cpp => lib/mozpkix/test-lib/pkixtestnss.cpp
rename : lib/mozpkix/test/lib/pkixtestutil.cpp => lib/mozpkix/test-lib/pkixtestutil.cpp
extra : rebase_source : 7b1375fef0c8e0c361f44d16f69c31d0bd6d0b41
parent bac43587
......@@ -99,6 +99,7 @@ while [ $# -gt 0 ]; do
--system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
--enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
--enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
--mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
*) show_help; exit 2 ;;
esac
shift
......
......@@ -108,8 +108,12 @@
'emit_llvm%': 0,
'nss_public_dist_dir%': '<(nss_dist_dir)/public',
'nss_private_dist_dir%': '<(nss_dist_dir)/private',
# This is only needed when building with --mozpkix-only and might not work
# on all machines.
'nss_include_dir%': '/usr/include/nss',
'only_dev_random%': 1,
'disable_fips%': 1,
'mozpkix_only%': 0,
},
'target_defaults': {
# Settings specific to targets should go here.
......@@ -126,6 +130,11 @@
'<(nss_dist_dir)/private/<(module)',
],
'conditions': [
[ 'mozpkix_only==1 and OS=="linux"', {
'include_dirs': [
'<(nss_include_dir)',
],
}],
[ 'disable_fips==1', {
'defines': [
'NSS_FIPS_DISABLED',
......
......@@ -8,7 +8,7 @@
#include "prerror.h"
#include "prio.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
class DummyIOLayerMethods {
public:
......
......@@ -4,8 +4,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef scoped_ptrs_h__
#define scoped_ptrs_h__
#ifndef nss_scoped_ptrs_h__
#define nss_scoped_ptrs_h__
#include <memory>
#include "cert.h"
......@@ -13,7 +13,6 @@
#include "p12.h"
#include "pk11pub.h"
#include "pkcs11uri.h"
#include "sslexp.h"
struct ScopedDelete {
void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
......@@ -29,6 +28,9 @@ struct ScopedDelete {
void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
void operator()(PRFileDesc* fd) { PR_Close(fd); }
void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
void operator()(SECKEYEncryptedPrivateKeyInfo* e) {
SECKEY_DestroyEncryptedPrivateKeyInfo(e, true);
}
void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
......@@ -39,9 +41,6 @@ struct ScopedDelete {
void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); }
void operator()(PK11Context* context) { PK11_DestroyContext(context, true); }
void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); }
void operator()(SSLResumptionTokenInfo* token) {
SSL_DestroyResumptionTokenInfo(token);
}
void operator()(SEC_PKCS12DecoderContext* dcx) {
SEC_PKCS12DecoderFinish(dcx);
}
......@@ -69,6 +68,7 @@ SCOPED(PK11SlotInfo);
SCOPED(PK11SymKey);
SCOPED(PRFileDesc);
SCOPED(SECAlgorithmID);
SCOPED(SECKEYEncryptedPrivateKeyInfo);
SCOPED(SECItem);
SCOPED(SECKEYPublicKey);
SCOPED(SECKEYPrivateKey);
......@@ -77,10 +77,9 @@ SCOPED(PK11URI);
SCOPED(PLArenaPool);
SCOPED(PK11Context);
SCOPED(PK11GenericObject);
SCOPED(SSLResumptionTokenInfo);
SCOPED(SEC_PKCS12DecoderContext);
SCOPED(CERTDistNames);
#undef SCOPED
#endif // scoped_ptrs_h__
#endif // nss_scoped_ptrs_h__
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef scoped_ptrs_ssl_h__
#define scoped_ptrs_ssl_h__
#include <memory>
#include "sslexp.h"
struct ScopedDeleteSSL {
void operator()(SSLResumptionTokenInfo* token) {
SSL_DestroyResumptionTokenInfo(token);
}
};
template <class T>
struct ScopedMaybeDeleteSSL {
void operator()(T* ptr) {
if (ptr) {
ScopedDeleteSSL del;
del(ptr);
}
}
};
#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDeleteSSL<x> > Scoped##x
SCOPED(SSLResumptionTokenInfo);
#undef SCOPED
#endif // scoped_ptrs_ssl_h__
......@@ -5,9 +5,82 @@
'includes': [
'coreconf/config.gypi'
],
'conditions': [
[ 'mozpkix_only==0', {
'targets': [
{
'target_name': 'nss_exports',
'type': 'none',
'direct_dependent_settings': {
'include_dirs': [
'<(nss_public_dist_dir)/nss',
]
},
'dependencies': [
'cmd/lib/exports.gyp:cmd_lib_exports',
'lib/base/exports.gyp:lib_base_exports',
'lib/certdb/exports.gyp:lib_certdb_exports',
'lib/certhigh/exports.gyp:lib_certhigh_exports',
'lib/ckfw/builtins/exports.gyp:lib_ckfw_builtins_exports',
'lib/ckfw/exports.gyp:lib_ckfw_exports',
'lib/crmf/exports.gyp:lib_crmf_exports',
'lib/cryptohi/exports.gyp:lib_cryptohi_exports',
'lib/dev/exports.gyp:lib_dev_exports',
'lib/freebl/exports.gyp:lib_freebl_exports',
'lib/jar/exports.gyp:lib_jar_exports',
'lib/nss/exports.gyp:lib_nss_exports',
'lib/pk11wrap/exports.gyp:lib_pk11wrap_exports',
'lib/pkcs12/exports.gyp:lib_pkcs12_exports',
'lib/pkcs7/exports.gyp:lib_pkcs7_exports',
'lib/pki/exports.gyp:lib_pki_exports',
'lib/smime/exports.gyp:lib_smime_exports',
'lib/softoken/exports.gyp:lib_softoken_exports',
'lib/sqlite/exports.gyp:lib_sqlite_exports',
'lib/ssl/exports.gyp:lib_ssl_exports',
'lib/util/exports.gyp:lib_util_exports',
'lib/zlib/exports.gyp:lib_zlib_exports',
],
'conditions': [
[ 'disable_libpkix==0', {
'dependencies': [
'lib/libpkix/include/exports.gyp:lib_libpkix_include_exports',
'lib/libpkix/pkix/certsel/exports.gyp:lib_libpkix_pkix_certsel_exports',
'lib/libpkix/pkix/checker/exports.gyp:lib_libpkix_pkix_checker_exports',
'lib/libpkix/pkix/crlsel/exports.gyp:lib_libpkix_pkix_crlsel_exports',
'lib/libpkix/pkix/params/exports.gyp:lib_libpkix_pkix_params_exports',
'lib/libpkix/pkix/results/exports.gyp:lib_libpkix_pkix_results_exports',
'lib/libpkix/pkix/store/exports.gyp:lib_libpkix_pkix_store_exports',
'lib/libpkix/pkix/top/exports.gyp:lib_libpkix_pkix_top_exports',
'lib/libpkix/pkix/util/exports.gyp:lib_libpkix_pkix_util_exports',
'lib/libpkix/pkix_pl_nss/module/exports.gyp:lib_libpkix_pkix_pl_nss_module_exports',
'lib/libpkix/pkix_pl_nss/pki/exports.gyp:lib_libpkix_pkix_pl_nss_pki_exports',
'lib/libpkix/pkix_pl_nss/system/exports.gyp:lib_libpkix_pkix_pl_nss_system_exports',
],
}],
],
},
{
'target_name': 'dbm_exports',
'type': 'none',
'conditions': [
['disable_dbm==0', {
'direct_dependent_settings': {
'include_dirs': [
'<(nss_public_dist_dir)/dbm'
]
},
'dependencies': [
'lib/dbm/include/exports.gyp:lib_dbm_include_exports'
],
}],
],
}
],
}],
],
'targets': [
{
'target_name': 'nss_exports',
'target_name': 'nss_mozpkix_exports',
'type': 'none',
'direct_dependent_settings': {
'include_dirs': [
......@@ -15,63 +88,9 @@
]
},
'dependencies': [
'cmd/lib/exports.gyp:cmd_lib_exports',
'lib/base/exports.gyp:lib_base_exports',
'lib/certdb/exports.gyp:lib_certdb_exports',
'lib/certhigh/exports.gyp:lib_certhigh_exports',
'lib/ckfw/builtins/exports.gyp:lib_ckfw_builtins_exports',
'lib/ckfw/exports.gyp:lib_ckfw_exports',
'lib/crmf/exports.gyp:lib_crmf_exports',
'lib/cryptohi/exports.gyp:lib_cryptohi_exports',
'lib/dev/exports.gyp:lib_dev_exports',
'lib/freebl/exports.gyp:lib_freebl_exports',
'lib/jar/exports.gyp:lib_jar_exports',
'lib/nss/exports.gyp:lib_nss_exports',
'lib/pk11wrap/exports.gyp:lib_pk11wrap_exports',
'lib/pkcs12/exports.gyp:lib_pkcs12_exports',
'lib/pkcs7/exports.gyp:lib_pkcs7_exports',
'lib/pki/exports.gyp:lib_pki_exports',
'lib/smime/exports.gyp:lib_smime_exports',
'lib/softoken/exports.gyp:lib_softoken_exports',
'lib/sqlite/exports.gyp:lib_sqlite_exports',
'lib/ssl/exports.gyp:lib_ssl_exports',
'lib/util/exports.gyp:lib_util_exports',
'lib/zlib/exports.gyp:lib_zlib_exports'
],
'conditions': [
[ 'disable_libpkix==0', {
'dependencies': [
'lib/libpkix/include/exports.gyp:lib_libpkix_include_exports',
'lib/libpkix/pkix/certsel/exports.gyp:lib_libpkix_pkix_certsel_exports',
'lib/libpkix/pkix/checker/exports.gyp:lib_libpkix_pkix_checker_exports',
'lib/libpkix/pkix/crlsel/exports.gyp:lib_libpkix_pkix_crlsel_exports',
'lib/libpkix/pkix/params/exports.gyp:lib_libpkix_pkix_params_exports',
'lib/libpkix/pkix/results/exports.gyp:lib_libpkix_pkix_results_exports',
'lib/libpkix/pkix/store/exports.gyp:lib_libpkix_pkix_store_exports',
'lib/libpkix/pkix/top/exports.gyp:lib_libpkix_pkix_top_exports',
'lib/libpkix/pkix/util/exports.gyp:lib_libpkix_pkix_util_exports',
'lib/libpkix/pkix_pl_nss/module/exports.gyp:lib_libpkix_pkix_pl_nss_module_exports',
'lib/libpkix/pkix_pl_nss/pki/exports.gyp:lib_libpkix_pkix_pl_nss_pki_exports',
'lib/libpkix/pkix_pl_nss/system/exports.gyp:lib_libpkix_pkix_pl_nss_system_exports',
],
}],
'lib/mozpkix/exports.gyp:lib_mozpkix_exports',
'lib/mozpkix/exports.gyp:lib_mozpkix_test_exports',
],
},
{
'target_name': 'dbm_exports',
'type': 'none',
'conditions': [
['disable_dbm==0', {
'direct_dependent_settings': {
'include_dirs': [
'<(nss_public_dist_dir)/dbm'
]
},
'dependencies': [
'lib/dbm/include/exports.gyp:lib_dbm_include_exports'
],
}],
],
}
]
],
}
......@@ -8,7 +8,7 @@
#include "ssl.h"
#include "cpputil.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
#include "tls_server_certs.h"
const uint8_t kP256ServerCert[] = {
......
......@@ -9,7 +9,7 @@
#include "gtest/gtest.h"
#include "nss.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
#include "prprf.h"
namespace nss_test {
......
......@@ -8,7 +8,7 @@
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
#include "cryptohi.h"
#include "secitem.h"
#include "secerr.h"
......
......@@ -11,7 +11,7 @@
#include "secutil.h"
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
namespace nss_test {
......
......@@ -8,7 +8,7 @@
#include "p12.h"
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
namespace nss_test {
......
......@@ -7,7 +7,7 @@
#include <stdint.h>
#include "blapi.h"
#include "scoped_ptrs.h"
#include "nss_scoped_ptrs.h"
#include "secerr.h"
namespace nss_test {
......
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../common/gtest.gypi',
],
'targets': [
{
'target_name': 'mozpkix_gtest',
'type': 'executable',
'sources': [
'<(DEPTH)/gtests/common/gtests.cc',
'pkixbuild_tests.cpp',
'pkixcert_extension_tests.cpp',
'pkixcert_signature_algorithm_tests.cpp',
'pkixcheck_CheckExtendedKeyUsage_tests.cpp',
'pkixcheck_CheckIssuer_tests.cpp',
'pkixcheck_CheckKeyUsage_tests.cpp',
'pkixcheck_CheckSignatureAlgorithm_tests.cpp',
'pkixcheck_CheckValidity_tests.cpp',
'pkixcheck_ParseValidity_tests.cpp',
'pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp',
'pkixder_input_tests.cpp',
'pkixder_pki_types_tests.cpp',
'pkixder_universal_types_tests.cpp',
'pkixgtest.cpp',
'pkixnames_tests.cpp',
'pkixocsp_CreateEncodedOCSPRequest_tests.cpp',
'pkixocsp_VerifyEncodedOCSPResponse.cpp',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/util/util.gyp:nssutil',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib',
],
'include_dirs': [
'<(DEPTH)/lib/mozpkix/',
'<(DEPTH)/lib/mozpkix/lib',
'<(DEPTH)/lib/mozpkix/include/',
'<(DEPTH)/lib/mozpkix/include/pkix-test/',
],
'conditions': [
[ 'OS=="win"', {
'libraries': [
'advapi32.lib',
],
}],
],
'defines': [
'NSS_USE_STATIC_LIBS'
],
}
],
'variables': {
'module': 'nss',
'use_static_libs': 1,
}
}
......@@ -37,9 +37,10 @@
#pragma warning(pop)
#endif
#include "pkixder.h"
#include "pkixgtest.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......@@ -683,8 +684,8 @@ private:
TEST_F(pkixbuild, BadEmbeddedSCTWithMultiplePaths)
{
MultiplePathTrustDomain trustDomain;
trustDomain.SetUpCerts();
MultiplePathTrustDomain localTrustDomain;
localTrustDomain.SetUpCerts();
// python security/pkix/tools/DottedOIDToCode.py --tlv
// id-embeddedSctList 1.3.6.1.4.1.11129.2.4.2
......@@ -709,7 +710,7 @@ TEST_F(pkixbuild, BadEmbeddedSCTWithMultiplePaths)
Input certDERInput;
ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
ASSERT_EQ(Result::ERROR_BAD_DER,
BuildCertChain(trustDomain, certDERInput, Now(),
BuildCertChain(localTrustDomain, certDERInput, Now(),
EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::id_kp_serverAuth,
......@@ -734,15 +735,15 @@ public:
TEST_F(pkixbuild, RevokedEndEntityWithMultiplePaths)
{
RevokedEndEntityTrustDomain trustDomain;
trustDomain.SetUpCerts();
RevokedEndEntityTrustDomain localTrustDomain;
localTrustDomain.SetUpCerts();
ByteString certDER(CreateCert("Intermediate", "RevokedEndEntity",
EndEntityOrCA::MustBeEndEntity));
ASSERT_FALSE(ENCODING_FAILED(certDER));
Input certDERInput;
ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE,
BuildCertChain(trustDomain, certDERInput, Now(),
BuildCertChain(localTrustDomain, certDERInput, Now(),
EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::id_kp_serverAuth,
......@@ -846,7 +847,7 @@ private:
TEST_F(pkixbuild, AvoidUnboundedPathSearchingFailure)
{
SelfIssuedCertificatesTrustDomain trustDomain;
SelfIssuedCertificatesTrustDomain localTrustDomain;
// This creates a few hundred million potential paths of length 8 (end entity
// + 6 sub-CAs + root). It would be prohibitively expensive to enumerate all
// of these, so we give mozilla::pkix a budget that is spent when searching
......@@ -854,15 +855,15 @@ TEST_F(pkixbuild, AvoidUnboundedPathSearchingFailure)
// error. In the future it might be nice to return a specific error that would
// give the front-end a hint that maybe it shouldn't have so many certificates
// that all have the same subject and issuer DN but different SPKIs.
trustDomain.SetUpCerts(18);
localTrustDomain.SetUpCerts(18);
ByteString certDER(CreateCert("DN", "DN", EndEntityOrCA::MustBeEndEntity,
nullptr, nullptr,
trustDomain.GetFirstIssuerKey()));
localTrustDomain.GetFirstIssuerKey()));
ASSERT_FALSE(ENCODING_FAILED(certDER));
Input certDERInput;
ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
ASSERT_EQ(Result::ERROR_UNKNOWN_ISSUER,
BuildCertChain(trustDomain, certDERInput, Now(),
BuildCertChain(localTrustDomain, certDERInput, Now(),
EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::id_kp_serverAuth,
......@@ -872,19 +873,19 @@ TEST_F(pkixbuild, AvoidUnboundedPathSearchingFailure)
TEST_F(pkixbuild, AvoidUnboundedPathSearchingSuccess)
{
SelfIssuedCertificatesTrustDomain trustDomain;
SelfIssuedCertificatesTrustDomain localTrustDomain;
// This creates a few hundred thousand possible potential paths of length 8
// (end entity + 6 sub-CAs + root). This will nearly exhaust mozilla::pkix's
// search budget, so this should succeed.
trustDomain.SetUpCerts(10);
localTrustDomain.SetUpCerts(10);
ByteString certDER(CreateCert("DN", "DN", EndEntityOrCA::MustBeEndEntity,
nullptr, nullptr,
trustDomain.GetFirstIssuerKey()));
localTrustDomain.GetFirstIssuerKey()));
ASSERT_FALSE(ENCODING_FAILED(certDER));
Input certDERInput;
ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
ASSERT_EQ(Success,
BuildCertChain(trustDomain, certDERInput, Now(),
BuildCertChain(localTrustDomain, certDERInput, Now(),
EndEntityOrCA::MustBeEndEntity,
KeyUsage::noParticularKeyUsageRequired,
KeyPurposeId::id_kp_serverAuth,
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixder.h"
#include "pkixgtest.h"
#include "pkixtestutil.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/test/pkixtestutil.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -3,9 +3,10 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
#include "pkixder.h"
#include "pkixgtest.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixder.h"
#include "pkixgtest.h"
#include "pkixutil.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/pkixutil.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixcheck.h"
#include "pkixgtest.h"
#include "mozpkix/pkixcheck.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixder.h"
#include "pkixgtest.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixcheck.h"
#include "pkixgtest.h"
#include "mozpkix/pkixcheck.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixcheck.h"
#include "pkixgtest.h"
#include "mozpkix/pkixcheck.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -22,9 +22,10 @@
* limitations under the License.
*/
#include "pkixder.h"
#include "pkixgtest.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::test;
......
......@@ -26,7 +26,7 @@
#include <vector>
#include "pkixgtest.h"
#include "pkixder.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::der;
......
......@@ -26,8 +26,9 @@
#include <vector>
#include "pkixgtest.h"
#include "pkix/pkixtypes.h"
#include "pkixder.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::der;
......
......@@ -26,9 +26,10 @@
#include <stdint.h>
#include <vector>
#include "pkixder.h"
#include "pkixgtest.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;
using namespace mozilla::pkix::der;
using namespace mozilla::pkix::test;
......
......@@ -26,7 +26,7 @@
#include <ctime>
#include "pkix/Time.h"
#include "mozpkix/Time.h"
namespace mozilla { namespace pkix { namespace test {
......
......@@ -56,8 +56,8 @@
#pragma warning(pop)
#endif
#include "pkix/pkix.h"
#include "pkixtestutil.h"
#include "mozpkix/pkix.h"
#include "mozpkix/test/pkixtestutil.h"
// PrintTo must be in the same namespace as the type we're overloading it for.
namespace mozilla { namespace pkix {
......
......@@ -21,10 +21,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "pkixcheck.h"
#include "pkixder.h"
#include "pkixgtest.h"
#include "pkixutil.h"
#include "mozpkix/pkixcheck.h"
#include "mozpkix/pkixder.h"
#include "mozpkix/pkixutil.h"
namespace mozilla { namespace pkix {
......
......@@ -23,7 +23,8 @@
*/
#include "pkixgtest.h"
#include "pkixder.h"
#include "mozpkix/pkixder.h"
using namespace mozilla::pkix;