1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "crypto_x509_test_common.h"
17
18 #include <gtest/gtest.h>
19 #include <openssl/x509v3.h>
20
21 #include "cert_crl_common.h"
22 #include "certificate_openssl_common.h"
23 #include "cf_blob.h"
24 #include "cf_log.h"
25 #include "fwk_class.h"
26 #include "memory_mock.h"
27 #include "securec.h"
28 #include "x509_certificate.h"
29 #include "x509_certificate_openssl.h"
30 #include "certificate_openssl_class.h"
31
32 #define CONSTRUCT_CERTPOLICY_DATA_SIZE 1
33
34 using namespace std;
35
36 const int g_deviceTestCertSize = sizeof(g_deviceTestCert);
37
38 const int g_rootCertSize = sizeof(g_rootCert);
39
40 const int g_secondCertSize = sizeof(g_secondCert);
41
42 const int g_testInvalidCertSize = sizeof(g_testInvalidCert);
43 /* g_testSelfSignedCaCert
44 Certificate:
45 Data:
46 Version: 3 (0x2)
47 Serial Number: 272 (0x110)
48 Signature Algorithm: sha256WithRSAEncryption
49 Issuer: C = CN, ST = BJ, L = BJ, O = HD, OU = dev, CN = ca, emailAddress = ca@cryptoframework.com
50 Validity
51 Not Before: Aug 19 12:49:06 2022 GMT
52 Not After : Aug 16 12:49:06 2032 GMT
53 Subject: C = CN, ST = BJ, L = BJ, O = HD, OU = dev, CN = ca, emailAddress = ca@cryptoframework.com
54 Subject Public Key Info:
55 Public Key Algorithm: rsaEncryption
56 RSA Public-Key: (2048 bit)
57 Modulus:
58 00:9f:29:d0:85:84:ed:6c:30:6e:d0:13:83:e0:1b:
59 61:08:f7:dd:63:41:06:4b:54:fb:f0:15:7f:e4:e5:
60 d5:a0:1a:e1:33:9e:5b:6f:d9:01:17:38:b1:dc:0b:
61 55:3c:5d:5c:28:a9:16:c7:ae:88:63:77:d2:1c:17:
62 ad:71:54:1e:b7:0c:7f:4c:36:b0:29:33:9c:95:59:
63 fe:b4:1c:7c:43:b9:29:bd:6f:07:3e:83:10:47:20:
64 21:26:04:86:1a:8e:05:f6:01:8a:de:6a:7e:9a:b9:
65 47:6f:b6:47:f4:e1:ff:26:d5:fa:40:6b:52:5f:86:
66 b2:c5:db:0c:07:ba:a1:90:b2:e7:a9:46:a6:10:ef:
67 98:73:14:3b:b6:b5:de:3f:92:16:64:e1:31:b2:36:
68 c9:ec:ae:6b:52:da:81:2a:1a:04:97:d8:d4:9f:a2:
69 ee:35:8f:9a:61:05:47:47:50:da:9d:04:1a:31:d3:
70 81:01:a1:46:8e:55:bb:00:c7:8a:93:52:bf:45:cf:
71 f0:e5:00:fc:f6:1b:2f:f4:81:8f:51:6a:e0:2d:e0:
72 b5:fb:e3:7a:cc:14:6f:35:5a:32:8a:bf:c0:2b:b2:
73 d6:a7:17:23:cd:19:2d:ed:f0:85:1d:b8:73:47:17:
74 60:53:b4:b8:68:bd:7a:03:e9:db:87:f0:ef:26:06:
75 aa:01
76 Exponent: 65537 (0x10001)
77 X509v3 extensions:
78 X509v3 Subject Key Identifier:
79 8C:A3:3B:42:63:01:B3:4D:51:F6:E4:2D:B5:83:7F:18:39:2F:B7:B5
80 X509v3 Authority Key Identifier:
81 keyid:8C:A3:3B:42:63:01:B3:4D:51:F6:E4:2D:B5:83:7F:18:39:2F:B7:B5
82
83 X509v3 Basic Constraints: critical
84 CA:TRUE, pathlen:2
85 X509v3 Key Usage:
86 Certificate Sign, CRL Sign
87 X509v3 Extended Key Usage:
88 TLS Web Server Authentication, TLS Web Client Authentication
89 X509v3 Subject Alternative Name:
90 email:ca@cryptoframework.com
91 X509v3 Issuer Alternative Name:
92 email:ca@cryptoframework.com
93 Signature Algorithm: sha256WithRSAEncryption
94 87:ee:11:13:a7:09:eb:6f:e0:2d:8b:2c:2e:47:3b:11:28:3b:
95 7b:12:b0:66:59:a2:b0:7c:81:89:cb:b2:ff:e5:da:80:e6:77:
96 71:36:e0:40:d5:e5:42:86:4a:6f:0f:e4:b3:f0:7f:70:89:db:
97 40:66:1b:a4:09:b8:ed:2b:9d:a3:e2:3f:1b:dc:63:d1:7e:e0:
98 40:1f:70:b5:2a:db:4a:d3:ac:e9:28:e7:2e:26:14:d3:11:5c:
99 16:c7:34:8f:a9:36:4a:b9:72:8b:04:50:72:34:b8:3c:e2:a2:
100 51:2d:02:9b:71:77:0c:71:9d:8f:9e:4f:94:19:17:c6:e7:57:
101 0a:ad:95:dc:9d:d5:c0:a7:f6:6d:58:d0:6f:3c:f6:f8:cf:d0:
102 d6:6f:8f:ec:58:41:f8:99:9e:3b:c7:9e:9a:4a:8c:43:4b:45:
103 31:4d:c4:33:8e:35:36:97:a3:0b:98:85:54:01:a0:a3:09:c2:
104 f1:2d:01:f9:fc:47:f5:d0:49:b8:73:3a:be:9c:44:5b:0d:dc:
105 91:91:43:65:0d:64:77:dd:58:46:0a:fb:8d:8f:1f:73:4b:ff:
106 4f:4b:73:1d:66:ce:11:5c:e4:94:42:01:58:bd:66:a2:6a:4b:
107 04:2c:1e:d3:f1:b0:f8:13:ba:d1:b7:e2:d8:ca:09:c3:cb:76:
108 21:c0:75:43
109 */
110
111 const int g_testSelfSignedCaCertSize = sizeof(g_testSelfSignedCaCert);
112
113 const int g_testSubjectAndIssuerNameDerDataSize =
114 sizeof(g_testSubjectAndIssuerNameDerData) / sizeof(g_testSubjectAndIssuerNameDerData[0]);
115
116 const int g_testPublicKeyDerDataSize = sizeof(g_testPublicKeyDerData);
117
118 const int g_crlDerDataSize = sizeof(g_crlDerData);
119
120 const int g_testCrlSubAndIssNameDerDataSize =
121 sizeof(g_testCrlSubAndIssNameDerData) / sizeof(g_testCrlSubAndIssNameDerData[0]);
122
123 const int g_testErrorCertSize = sizeof(g_testErrorCert);
124
125 const int g_testCertSize = sizeof(g_testCert);
126
127 const int g_testCrlSize = sizeof(g_testCrl);
128
129 const int g_testCrlWithoutExtsSize = sizeof(g_testCrlWithoutExts);
130
131 const int g_testCrlWithBignumSerialSize = sizeof(g_testCrlWithBignumSerial);
132
133 const int g_testCrlWhichEntryWithExtSize = sizeof(g_testCrlWhichEntryWithExt);
134
135 const int g_testCertChainPemSize = sizeof(g_testCertChainPem) / sizeof(char);
136
137 const int g_testCertChainPem163Size = sizeof(g_testCertChainPem163) / sizeof(char);
138
139 const int g_testOcspResponderCertSize = sizeof(g_testOcspResponderCert) / sizeof(char);
140
141 const int g_testCertChainPemMidSize = sizeof(g_testCertChainPemMid) / sizeof(char);
142
143 const int g_testCertChainPemMidCRLSize = sizeof(g_testCertChainPemMidCRL) / sizeof(char);
144
145 const int g_testCertChainPemRootSize = sizeof(g_testCertChainPemRoot) / sizeof(char);
146
147 const int g_testCertChainPemRoot163Size = sizeof(g_testCertChainPemRoot163) / sizeof(char);
148
149 const int g_testCertChainPemNoRootSize = sizeof(g_testCertChainPemNoRoot) / sizeof(char);
150
151 const int g_testCertChainPemNoRootHasPubKeySize = sizeof(g_testCertChainPemNoRootHasPubKey) / sizeof(char);
152
153 const int g_testCertChainPemNoRootLastSize = sizeof(g_testCertChainPemNoRootLast) / sizeof(char);
154
155 const int g_testChainDataP7bSize = sizeof(g_testChainDataP7b) / sizeof(g_testChainDataP7b[0]);
156
157 const int g_testChainDataDerSize = sizeof(g_testChainDataDer) / sizeof(g_testChainDataDer[0]);
158
159 const int g_testChainPubkeyPemRootDataSize =
160 sizeof(g_testChainPubkeyPemRootData) / sizeof(g_testChainPubkeyPemRootData[0]);
161
162 const int g_testChainPubkeyPemRootHasPubKeySize =
163 sizeof(g_testChainPubkeyPemRootHasPubKey) / sizeof(g_testChainPubkeyPemRootHasPubKey[0]);
164
165 const int g_testChainSubjectPemRootDataSize =
166 sizeof(g_testChainSubjectPemRootData) / sizeof(g_testChainSubjectPemRootData[0]);
167
168 const int g_testChainSubjectPemOtherSubjectDataSize =
169 sizeof(g_testChainSubjectPemOtherSubjectData) / sizeof(g_testChainSubjectPemOtherSubjectData[0]);
170
171 const int g_testIssuerCertSize = sizeof(g_testIssuerCert);
172
173 const int g_testCertChainPemDisorderSize = sizeof(g_testCertChainPemDisorder) / sizeof(char);
174
175 const int g_testChainPubkeyPemNoRootLastSize =
176 sizeof(g_testChainPubkeyPemNoRootLast) / sizeof(g_testChainPubkeyPemNoRootLast[0]);
177
178 const int g_testChainSubjectPemNoRootLastUpSize =
179 sizeof(g_testChainSubjectPemNoRootLastUp) / sizeof(g_testChainSubjectPemNoRootLastUp[0]);
180
181 const int g_testChainPubkeyPemNoRootLastUpSize =
182 sizeof(g_testChainPubkeyPemNoRootLastUp) / sizeof(g_testChainPubkeyPemNoRootLastUp[0]);
183
184 const int g_testChainSubjectPemNoRootLastSize =
185 sizeof(g_testChainSubjectPemNoRootLast) / sizeof(g_testChainSubjectPemNoRootLast[0]);
186
187 const CfEncodingBlob g_crlDerInStream = { const_cast<uint8_t *>(g_crlDerData), sizeof(g_crlDerData), CF_FORMAT_DER };
188
189 const CfEncodingBlob g_invalidCrlDerInStream = { const_cast<uint8_t *>(g_crlDerData), sizeof(g_crlDerData),
190 (enum CfEncodingFormat)(-1) };
191
192 const CfEncodingBlob g_inStreamCrl = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCrl)), sizeof(g_testCrl),
193 CF_FORMAT_PEM };
194
195 const CfEncodingBlob g_crlWithoutExtPemInStream = {
196 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCrlWithoutExts)), sizeof(g_testCrlWithoutExts), CF_FORMAT_PEM
197 };
198
199 const CfEncodingBlob g_crlWithBignumSerialInStream = { reinterpret_cast<uint8_t *>(
200 const_cast<char *>(g_testCrlWithBignumSerial)),
201 sizeof(g_testCrlWithBignumSerial), CF_FORMAT_PEM };
202
203 const CfEncodingBlob g_crlWhichEntryWithExtInStream = { reinterpret_cast<uint8_t *>(
204 const_cast<char *>(g_testCrlWhichEntryWithExt)),
205 sizeof(g_testCrlWhichEntryWithExt), CF_FORMAT_PEM };
206
207 const CfEncodingBlob g_inStreamCert = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCert)), sizeof(g_testCert),
208 CF_FORMAT_PEM };
209
210 const CfEncodingBlob g_inStreamSelfSignedCaCert = {
211 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testSelfSignedCaCert)), g_testSelfSignedCaCertSize, CF_FORMAT_PEM
212 };
213
214 const CfEncodingBlob g_inStreamIssuerCert = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testIssuerCert)),
215 sizeof(g_testIssuerCert), CF_FORMAT_PEM };
216
217 const CfEncodingBlob g_inStreamChainDataP7b = { const_cast<uint8_t *>(g_testChainDataP7b), g_testChainDataP7bSize,
218 CF_FORMAT_PKCS7 };
219
220 const CfEncodingBlob g_inStreamChainDataDer = { const_cast<uint8_t *>(g_testChainDataDer), g_testChainDataDerSize,
221 CF_FORMAT_DER };
222
223 const CfEncodingBlob g_inStreamChainDataPem = { reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem)),
224 g_testCertChainPemSize, CF_FORMAT_PEM };
225
226 const CfEncodingBlob g_inStreamChainDataPem163 = {
227 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPem163)), g_testCertChainPem163Size, CF_FORMAT_PEM
228 };
229
230 const CfEncodingBlob g_inStreamOcspResponderCert = {
231 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testOcspResponderCert)), g_testOcspResponderCertSize, CF_FORMAT_PEM
232 };
233
234 const CfEncodingBlob g_inStreamChainDataPemMid = {
235 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemMid)), g_testCertChainPemMidSize, CF_FORMAT_PEM
236 };
237
238 const CfEncodingBlob g_inStreamChainDataPemRoot = {
239 reinterpret_cast<uint8_t *>(const_cast<char *>(g_testCertChainPemRoot)), g_testCertChainPemRootSize, CF_FORMAT_PEM
240 };
241
242 const CfEncodingBlob g_inStreamChainDataPemRoot163 = { reinterpret_cast<uint8_t *>(
243 const_cast<char *>(g_testCertChainPemRoot163)),
244 g_testCertChainPemRoot163Size, CF_FORMAT_PEM };
245
246 const CfEncodingBlob g_inStreamChainDataPemNoRoot = { reinterpret_cast<uint8_t *>(
247 const_cast<char *>(g_testCertChainPemNoRoot)),
248 g_testCertChainPemNoRootSize, CF_FORMAT_PEM };
249
250 const CfEncodingBlob g_inStreamChainDataPemMidCRL = { reinterpret_cast<uint8_t *>(
251 const_cast<char *>(g_testCertChainPemMidCRL)),
252 g_testCertChainPemMidCRLSize, CF_FORMAT_PEM };
253
254 const CfEncodingBlob g_inStreamChainPemNoRootHasPubKey = { reinterpret_cast<uint8_t *>(
255 const_cast<char *>(g_testCertChainPemNoRootHasPubKey)),
256 g_testCertChainPemNoRootHasPubKeySize, CF_FORMAT_PEM };
257
258 const CfEncodingBlob g_inStreamChainPemNoRootLast = { reinterpret_cast<uint8_t *>(
259 const_cast<char *>(g_testCertChainPemNoRootLast)),
260 g_testCertChainPemNoRootLastSize, CF_FORMAT_PEM };
261
262 const CfEncodingBlob g_inStreamChainDataPemDisorder = { reinterpret_cast<uint8_t *>(
263 const_cast<char *>(g_testCertChainPemDisorder)),
264 g_testCertChainPemDisorderSize, CF_FORMAT_PEM };
265
GetInvalidCertClass(void)266 const char *GetInvalidCertClass(void)
267 {
268 return "INVALID_CERT_CLASS";
269 }
270
GetInvalidCrlClass(void)271 const char *GetInvalidCrlClass(void)
272 {
273 return "INVALID_CRL_CLASS";
274 }
275
ConstructSubAltNameArrayData()276 SubAltNameArray *ConstructSubAltNameArrayData()
277 {
278 SubAltNameArray *newSANArr = static_cast<SubAltNameArray *>(CfMalloc(sizeof(SubAltNameArray), 0));
279 if (newSANArr == nullptr) {
280 CF_LOG_E("Failed to allocate newSANArr memory!");
281 return nullptr;
282 }
283
284 newSANArr->count = TEST_SUBJECT_ALTERNATIVE_NAMES_SIZE;
285 newSANArr->data =
286 static_cast<SubjectAlternaiveNameData *>(CfMalloc(newSANArr->count * sizeof(SubjectAlternaiveNameData), 0));
287 if (newSANArr->data == nullptr) {
288 CF_LOG_E("Failed to allocate data memory!");
289 CfFree(newSANArr);
290 return nullptr;
291 }
292
293 for (uint32_t i = 0; i < newSANArr->count; i++) {
294 newSANArr->data[i].type = (CfGeneralNameType)GEN_DNS;
295 newSANArr->data[i].name.data = const_cast<uint8_t *>(g_testSubjectAlternativeNames[i].data);
296 newSANArr->data[i].name.size = g_testSubjectAlternativeNames[i].size;
297 }
298
299 return newSANArr;
300 }
301
ConstructCertPolicyData()302 CfArray *ConstructCertPolicyData()
303 {
304 CfArray *newBlobArr = static_cast<CfArray *>(CfMalloc(sizeof(CfArray), 0));
305 if (newBlobArr == nullptr) {
306 CF_LOG_E("Failed to allocate newBlobArr memory!");
307 return nullptr;
308 }
309
310 newBlobArr->count = CONSTRUCT_CERTPOLICY_DATA_SIZE;
311 newBlobArr->format = CF_FORMAT_DER;
312 newBlobArr->data = static_cast<CfBlob *>(CfMalloc(newBlobArr->count * sizeof(CfBlob), 0));
313 if (newBlobArr->data == nullptr) {
314 CF_LOG_E("Failed to allocate data memory!");
315 CfFree(newBlobArr);
316 return nullptr;
317 }
318
319 newBlobArr->data[0].data = const_cast<uint8_t *>(g_testCertPolicy);
320 newBlobArr->data[0].size = sizeof(g_testCertPolicy);
321
322 return newBlobArr;
323 }
324
GetValidCrlClass(void)325 const char *GetValidCrlClass(void)
326 {
327 return X509_CRL_OPENSSL_CLASS;
328 }
329
GetValidX509CertificateClass(void)330 const char *GetValidX509CertificateClass(void)
331 {
332 return HCF_X509_CERTIFICATE_CLASS;
333 }
334
FreeTrustAnchor(HcfX509TrustAnchor * & trustAnchor)335 void FreeTrustAnchor(HcfX509TrustAnchor *&trustAnchor)
336 {
337 if (trustAnchor == nullptr) {
338 return;
339 }
340 CfBlobFree(&trustAnchor->CAPubKey);
341 CfBlobFree(&trustAnchor->CASubject);
342 CfObjDestroy(trustAnchor->CACert);
343 trustAnchor->CACert = nullptr;
344 CfFree(trustAnchor);
345 trustAnchor = nullptr;
346 }
347
BuildAnchorArr(const CfEncodingBlob & certInStream,HcfX509TrustAnchorArray & trustAnchorArray)348 void BuildAnchorArr(const CfEncodingBlob &certInStream, HcfX509TrustAnchorArray &trustAnchorArray)
349 {
350 HcfX509TrustAnchor *anchor = static_cast<HcfX509TrustAnchor *>(CfMalloc(sizeof(HcfX509TrustAnchor), 0));
351 ASSERT_NE(anchor, nullptr);
352
353 (void)HcfX509CertificateCreate(&certInStream, &anchor->CACert);
354 trustAnchorArray.data = static_cast<HcfX509TrustAnchor **>(CfMalloc(1 * sizeof(HcfX509TrustAnchor *), 0));
355 ASSERT_NE(trustAnchorArray.data, nullptr);
356 trustAnchorArray.data[0] = anchor;
357 trustAnchorArray.count = 1;
358 }
359
FreeTrustAnchorArr(HcfX509TrustAnchorArray & trustAnchorArray)360 void FreeTrustAnchorArr(HcfX509TrustAnchorArray &trustAnchorArray)
361 {
362 for (uint32_t i = 0; i < trustAnchorArray.count; ++i) {
363 HcfX509TrustAnchor *anchor = trustAnchorArray.data[i];
364 FreeTrustAnchor(anchor);
365 }
366 CfFree(trustAnchorArray.data);
367 trustAnchorArray.data = nullptr;
368 trustAnchorArray.count = 0;
369 }
370
BuildCollectionArr(const CfEncodingBlob * certInStream,const CfEncodingBlob * crlInStream,HcfCertCRLCollectionArray & certCRLCollections)371 void BuildCollectionArr(const CfEncodingBlob *certInStream, const CfEncodingBlob *crlInStream,
372 HcfCertCRLCollectionArray &certCRLCollections)
373 {
374 CfResult ret = CF_SUCCESS;
375 HcfX509CertificateArray *certArray = nullptr;
376 if (certInStream != nullptr) {
377 certArray = static_cast<HcfX509CertificateArray *>(CfMalloc(sizeof(HcfX509CertificateArray), 0));
378 ASSERT_NE(certArray, nullptr);
379
380 HcfX509Certificate *x509CertObj = nullptr;
381 (void)HcfX509CertificateCreate(certInStream, &x509CertObj);
382 ASSERT_NE(x509CertObj, nullptr);
383
384 certArray->data = static_cast<HcfX509Certificate **>(CfMalloc(1 * sizeof(HcfX509Certificate *), 0));
385 ASSERT_NE(certArray->data, nullptr);
386 certArray->data[0] = x509CertObj;
387 certArray->count = 1;
388 }
389
390 HcfX509CrlArray *crlArray = nullptr;
391 if (crlInStream != nullptr) {
392 crlArray = static_cast<HcfX509CrlArray *>(CfMalloc(sizeof(HcfX509CrlArray), 0));
393 ASSERT_NE(crlArray, nullptr);
394
395 HcfX509Crl *x509Crl = nullptr;
396 ret = HcfX509CrlCreate(crlInStream, &x509Crl);
397 ASSERT_EQ(ret, CF_SUCCESS);
398 ASSERT_NE(x509Crl, nullptr);
399
400 crlArray->data = static_cast<HcfX509Crl **>(CfMalloc(1 * sizeof(HcfX509Crl *), 0));
401 ASSERT_NE(crlArray->data, nullptr);
402 crlArray->data[0] = x509Crl;
403 crlArray->count = 1;
404 }
405
406 HcfCertCrlCollection *x509CertCrlCollection = nullptr;
407 ret = HcfCertCrlCollectionCreate(certArray, crlArray, &x509CertCrlCollection);
408 ASSERT_EQ(ret, CF_SUCCESS);
409 ASSERT_NE(x509CertCrlCollection, nullptr);
410
411 certCRLCollections.data = static_cast<HcfCertCrlCollection **>(CfMalloc(1 * sizeof(HcfCertCrlCollection *), 0));
412 ASSERT_NE(certCRLCollections.data, nullptr);
413 certCRLCollections.data[0] = x509CertCrlCollection;
414 certCRLCollections.count = 1;
415
416 FreeCertArrayData(certArray);
417 CfFree(certArray);
418 FreeCrlArrayData(crlArray);
419 CfFree(crlArray);
420 }
421
FreeCertCrlCollectionArr(HcfCertCRLCollectionArray & certCRLCollections)422 void FreeCertCrlCollectionArr(HcfCertCRLCollectionArray &certCRLCollections)
423 {
424 for (uint32_t i = 0; i < certCRLCollections.count; ++i) {
425 HcfCertCrlCollection *collection = certCRLCollections.data[i];
426 CfObjDestroy(collection);
427 }
428 CfFree(certCRLCollections.data);
429 certCRLCollections.data = nullptr;
430 certCRLCollections.count = 0;
431 }
432
FreeValidateResult(HcfX509CertChainValidateResult & result)433 void FreeValidateResult(HcfX509CertChainValidateResult &result)
434 {
435 if (result.entityCert != nullptr) {
436 CfObjDestroy(result.entityCert);
437 result.entityCert = nullptr;
438 }
439
440 if (result.trustAnchor != nullptr) {
441 FreeTrustAnchor(result.trustAnchor);
442 }
443 }
444