static void testVerifyPublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PKITruststore *pki = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PKITruststore_new(ctx, 0, &pki);
CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL);
res = KSI_CTX_setPKITruststore(ctx, pki);
CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK);
/* Verification should fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK);
/* Verification should succeed. */
res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt"));
CuAssert(tc, "Unable to read certificate", res == KSI_OK);
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
static void testVerifyCalendarChainAlgoChange(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath("resource/tlv/cal_algo_switch.ksig"), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/cal_algo_switch-extend_resposne.tlv"));
ctx->requestCounter = 0;
res = KSI_Signature_verifyOnline(sig, ctx);
CuAssert(tc, "Failed to verify valid document", res == KSI_OK);
KSI_Signature_free(sig);
}
static void TestRdrFileFileReading(CuTest* tc) {
int res;
unsigned char tmpBuf[0xffff];
size_t readCount;
static char testStr[] = "Randomness is too important to be left to chance";
FILE *f = NULL;
KSI_RDR *rdr = NULL;
/* Write some data to file */
f = fopen(getFullResourcePath(TMP_FILE) , "w");
CuAssert(tc, "Unable to create temporary file", f != NULL);
CuAssert(tc, "Unable to write temporary file", fprintf(f, "%s", testStr) > 0);
CuAssert(tc, "Unable to close temporary file", !fclose(f));
f = fopen(getFullResourcePath(TMP_FILE), "rb");
/* Try reading it back. */
res = KSI_RDR_fromStream(ctx, f, &rdr);
CuAssert(tc, "Error creating reader from file.", res == KSI_OK);
CuAssert(tc, "Creating reader from file did not fail, but object is still NULL", rdr != NULL);
/* Read as a single block. */
KSI_RDR_read_ex(rdr, tmpBuf, sizeof(tmpBuf), &readCount);
CuAssert(tc, "Wrong length read", readCount == strlen(testStr));
CuAssert(tc, "Reader is not at EOF", rdr->eof);
fclose(f);
KSI_RDR_close(rdr);
/* Remove temporary file */
CuAssert(tc, "Unable to remove temporary file", remove(getFullResourcePath(TMP_FILE)) == 0);
}
static void testSerializePublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
char *raw = NULL;
unsigned raw_len = 0;
FILE *f = NULL;
int symbol = 0;
unsigned i= 0;
KSI_ERR_clearErrors(ctx);
setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE));
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PublicationsFile_serialize(ctx, pubFile, &raw, &raw_len);
CuAssert(tc, "Unable to serialize publications file", res == KSI_OK && raw != NULL && raw_len != 0);
f = fopen(getFullResourcePath(TEST_PUBLICATIONS_FILE), "rb");
CuAssert(tc, "Unable to open publications file", res == KSI_OK && f != NULL);
while ((symbol = getc(f)) != EOF && i<raw_len){
CuAssert(tc, "Serialized publications file mismatch", (char)symbol == raw[i]);
i++;
}
CuAssert(tc, "Serialized publications file length mismatch", i == raw_len);
KSI_PublicationsFile_free(pubFile);
KSI_free(raw);
if (f) fclose(f);
}
static void aggregationPduVer2Test(CuTest *tc) {
ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_PDU_VERSION_2;
testObjectSerialization(tc, getFullResourcePath("resource/tlv/aggr_request_v2.tlv"),
(int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_AggregationPdu_parse,
(int (*)(void *, unsigned char **, size_t *))KSI_AggregationPdu_serialize,
( void (*)(void *))KSI_AggregationPdu_free);
testObjectSerialization(tc, getFullResourcePath("resource/tlv/aggr_response_v2.tlv"),
(int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_AggregationPdu_parse,
(int (*)(void *, unsigned char **, size_t *))KSI_AggregationPdu_serialize,
( void (*)(void *))KSI_AggregationPdu_free);
ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_AGGREGATION_PDU_VERSION;
}
static void extendPduVer2Test(CuTest *tc) {
ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_PDU_VERSION_2;
testObjectSerialization(tc, getFullResourcePath("resource/tlv/extend_request_v2.tlv"),
(int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_ExtendPdu_parse,
(int (*)(void *, unsigned char **, size_t *))KSI_ExtendPdu_serialize,
( void (*)(void *))KSI_ExtendPdu_free);
testObjectSerialization(tc, getFullResourcePath("resource/tlv/extend_response_v2.tlv"),
(int (*)(KSI_CTX *, unsigned char *, size_t, void **))KSI_ExtendPdu_parse,
(int (*)(void *, unsigned char **, size_t *))KSI_ExtendPdu_serialize,
( void (*)(void *))KSI_ExtendPdu_free);
ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_EXTENDING_PDU_VERSION;
}
static void testOnlyStrongestProofReturned(CuTest* tc) {
int res;
KSI_Signature *sig1 = NULL;
KSI_Signature *sig2 = NULL;
KSI_Signature *sig3 = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_PublicationRecord *publication = NULL;
KSI_CalendarAuthRec *calAuth = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig1);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig1 != NULL);
res = KSI_MultiSignature_add(ms, sig1);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_EX_SIGNATURE_FILE), &sig2);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig2 != NULL);
res = KSI_MultiSignature_add(ms, sig2);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_getDocumentHash(sig1, &hsh);
CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL);
res = KSI_MultiSignature_get(ms, hsh, &sig3);
CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig3 != NULL);
res = KSI_verifySignature(ctx, sig3);
CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK);
/* Verify the signature has a publication attached to it. */
res = KSI_Signature_getPublicationRecord(sig3, &publication);
CuAssert(tc, "Publication must be present", res == KSI_OK && publication != NULL);
/* Verify the signature does not contain a calendar authentication record. */
res = KSI_Signature_getCalendarAuthRec(sig3, &calAuth);
CuAssert(tc, "Signature may not have a calendar auth record and a publication.", res == KSI_OK && calAuth == NULL);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig1);
KSI_Signature_free(sig2);
KSI_Signature_free(sig3);
}
static void testLoadPublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_ERR_clearErrors(ctx);
setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE));
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
KSI_PublicationsFile_free(pubFile);
}
static void testVerifySignatureWithUserPublication(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
const char pubStr[] = "AAAAAA-CTOQBY-AAMJYH-XZPM6T-UO6U6V-2WJMHQ-EJMVXR-JEAGID-2OY7P5-XFFKYI-QIF2LG-YOV7SO";
const char pubStr_bad[] = "AAAAAA-CT5VGY-AAPUCF-L3EKCC-NRSX56-AXIDFL-VZJQK4-WDCPOE-3KIWGB-XGPPM3-O5BIMW-REOVR4";
KSI_PublicationData *pubData = NULL;
KSI_PublicationData *pubData_bad = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationData_fromBase32(ctx, pubStr, &pubData);
CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData != NULL);
res = KSI_PublicationData_fromBase32(ctx, pubStr_bad, &pubData_bad);
CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData_bad != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extended.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_verifyWithPublication(sig, ctx, pubData);
CuAssert(tc, "Unable to verify signature with publication.", res == KSI_OK);
res = KSI_Signature_verifyWithPublication(sig, ctx, pubData_bad);
CuAssert(tc, "Unable to verify signature with publication.", res != KSI_OK);
KSI_PublicationData_free(pubData);
KSI_PublicationData_free(pubData_bad);
KSI_Signature_free(sig);
}
static void testVerifyDocument(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
char doc[] = "LAPTOP";
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
res = KSI_Signature_verifyDocument(sig, ctx, doc, strlen(doc));
CuAssert(tc, "Failed to verify valid document", res == KSI_OK);
res = KSI_Signature_verifyDocument(sig, ctx, doc, sizeof(doc));
CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);
KSI_Signature_free(sig);
}
static void testSerializeSignature(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
unsigned char *out = NULL;
unsigned out_len = 0;
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
res = KSI_Signature_serialize(sig, &out, &out_len);
CuAssert(tc, "Failed to serialize signature", res == KSI_OK);
CuAssert(tc, "Serialized signature length mismatch", in_len == out_len);
CuAssert(tc, "Serialized signature content mismatch", !memcmp(in, out, in_len));
KSI_free(out);
KSI_Signature_free(sig);
}
static void testErrorMessage(CuTest* tc, const char *expected, const char *tlv_file,
int (*obj_new)(KSI_CTX *ctx, void **),
void (*obj_free)(void*),
const KSI_TlvTemplate *tmplete) {
int res;
void *obj = NULL;
char buf[1024];
size_t len;
FILE *f = NULL;
KSI_FTLV ftlv;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(tlv_file), "rb");
CuAssert(tc, "Failed to open file.", f != NULL);
res = KSI_FTLV_fileRead(f, (unsigned char *)buf, sizeof(buf), &len, &ftlv);
CuAssert(tc, "Failed read from file.", res == KSI_OK);
res = obj_new(ctx, &obj);
CuAssert(tc, "Unable create new obj.", res == KSI_OK);
res = KSI_TlvTemplate_parse(ctx, (unsigned char *)buf, (unsigned)len, tmplete, obj);
CuAssert(tc, "Parsing invalid obj must fail.", res != KSI_OK);
res = KSI_ERR_getBaseErrorMessage(ctx, buf, sizeof(buf), NULL, NULL);
CuAssert(tc, "Unable to get base error message.", res == KSI_OK);
CuAssert(tc, "Wrong error message.", strcmp(buf, expected) == 0);
if (f != NULL) fclose(f);
obj_free(obj);
}
static void Test_ExtendSignatureUsingAggregator(CuTest* tc) {
int res = KSI_UNKNOWN_ERROR;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_CTX *ctx = NULL;
/* Create the context. */
res = KSI_CTX_new(&ctx);
CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL);
res = KSI_CTX_setPublicationUrl(ctx, conf.publications_file_url);
CuAssert(tc, "Unable to set publications file url.", res == KSI_OK);
res = KSI_CTX_setExtender(ctx, conf.aggregator_url, conf.aggregator_user, conf.aggregator_pass);
CuAssert(tc, "Unable to set configure aggregator as extender.", res == KSI_OK);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "The extending of signature must fail.", ext == NULL);
CuAssert(tc, "Invalid KSI status code for mixed up request.", res == KSI_HTTP_ERROR);
CuAssert(tc, "External error (HTTP) must be 400.", ctx_get_base_external_error(ctx) == 400);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_CTX_free(ctx);
return;
}
static void testExtend(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
KSI_PublicationRecord *pubRec = NULL;
res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);
res = KSI_CTX_setExtender(ctx, getFullResourcePathUri("resource/multi_sig/test2-extend_response-multiple.tlv"), "anon", "anon");
CuAssert(tc, "Unable to set extender response from file", res == KSI_OK);
res = KSI_MultiSignature_extend(ms);
CuAssert(tc, "Unable to perform multi signature container extension.", res == KSI_OK);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
res = KSI_Signature_getPublicationRecord(sig, &pubRec);
CuAssert(tc, "Signature should be extended.", res == KSI_OK && pubRec != NULL);
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testGetLatestPublicationOfLast(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *tm = NULL;
KSI_PublicationData *pubDat = NULL;
KSI_Integer *pubTm = NULL;
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_Integer_new(ctx, 1405382400, &tm);
CuAssert(tc, "Unable to create integer", res == KSI_OK && tm != NULL);
res = KSI_PublicationsFile_getLatestPublication(pubFile, tm, &pubRec);
CuAssert(tc, "Unable to find nearest publication", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pubDat);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pubDat != NULL);
res = KSI_PublicationData_getTime(pubDat, &pubTm);
CuAssert(tc, "Unable to get publication time", res == KSI_OK && pubTm != NULL);
CuAssert(tc, "Unexpected publication time (this test might fail, if you have recently updated the publications file in the tests)", KSI_Integer_equalsUInt(pubTm, 1405382400));
KSI_PublicationsFile_free(pubFile);
KSI_Integer_free(tm);
}
static void testGetOldest(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sig = NULL;
KSI_Integer *tm = NULL;
res = KSI_MultiSignature_fromFile(ctx, getFullResourcePath("resource/multi_sig/test2.mksi"), &ms);
CuAssert(tc, "Unable to read multi signature container from file.", res == KSI_OK && ms != NULL);
KSITest_DataHash_fromStr(ctx, "0111a700b0c8066c47ecba05ed37bc14dcadb238552d86c659342d1d7e87b8772d", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to get signature from container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature extracted from container.", res == KSI_OK);
res = KSI_Signature_getSigningTime(sig, &tm);
CuAssert(tc, "Wrong signing time (probably returning the newer signature).", res == KSI_OK && KSI_Integer_equalsUInt(tm, 1398866256));
KSI_Signature_free(sig);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
}
static void testgetUsedHashAlgorithmsFromSingleLegacy(CuTest *tc) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_Signature *sig = NULL;
KSI_HashAlgorithm *arr = NULL;
size_t arr_len;
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-legacy-sig-2014-06.gtts.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
res = KSI_MultiSignature_getUsedHashAlgorithms(ms, &arr, &arr_len);
CuAssert(tc, "Function should be successful", res == KSI_OK);
CuAssert(tc, "Unexpected number of hash algorithms", arr_len == 1);
CuAssert(tc, "If there are used algorithms, the output pointer should not be NULL", arr != NULL);
CuAssert(tc, "Unexpected hash algorithm", arr[0] == KSI_HASHALG_SHA2_256);
KSI_MultiSignature_free(ms);
KSI_free(arr);
}
static void testExtractingNotExisting(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
sig = NULL;
KSITest_DataHash_fromStr(ctx, "01db27c0db0aebb8d3963c3a720985cedb600f91854cdb1e45ad631611c39284dd", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Get should fail with KSI_MULTISIG_NOT_FOUND", res == KSI_MULTISIG_NOT_FOUND && sig == NULL);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig);
}
static void testGetNearestPublicationWithPubTime(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *tm = NULL;
KSI_PublicationData *pubDat = NULL;
KSI_Integer *pubTm = NULL;
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
/* With time set to 0, the result should be the first publication record in the publications file. */
res = KSI_Integer_new(ctx, 1208217600, &tm);
CuAssert(tc, "Unable to create integer", res == KSI_OK && tm != NULL);
res = KSI_PublicationsFile_getNearestPublication(pubFile, tm, &pubRec);
CuAssert(tc, "Unable to find nearest publication", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pubDat);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pubDat != NULL);
res = KSI_PublicationData_getTime(pubDat, &pubTm);
CuAssert(tc, "Unable to get publication time", res == KSI_OK && pubTm != NULL);
CuAssert(tc, "Unexpected publication time", KSI_Integer_equalsUInt(pubTm, 1208217600));
KSI_PublicationRecord_free(pubRec);
KSI_PublicationsFile_free(pubFile);
KSI_Integer_free(tm);
}
static void testVerifyPublicationsFileWithAttributeNotPresent(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_CertConstraint arr[] = {
{NULL, NULL},
{NULL, NULL}
};
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
arr[0].oid = "2.5.4.9";
arr[0].val = "Local pub";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to delete OID 2.5.4.9", res == KSI_OK);
/* Verification should fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify with address.", res != KSI_OK);
arr[0].oid = KSI_CERT_EMAIL;
arr[0].val = "*****@*****.**";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 2.5.4.9 back to normal", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
static void testLoadPublicationsFileWithNoCerts(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_LIST(KSI_CertificateRecord) *certList = NULL;
KSI_PKICertificate *cert = NULL;
unsigned char dummy[] = {0xca, 0xfe, 0xba, 0xbe};
KSI_OctetString *certId = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath("resource/publications/publications-nocerts.bin"), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PublicationsFile_getCertificates(pubFile, &certList);
CuAssert(tc, "Unable to get certificate list", res == KSI_OK);
CuAssert(tc, "Unexpected certificate list length.", KSI_CertificateRecordList_length(certList) == 0);
res = KSI_OctetString_new(ctx, dummy, sizeof(dummy), &certId);
CuAssert(tc, "Creating an octetstring failed", res == KSI_OK && certId != NULL);
res = KSI_PublicationsFile_getPKICertificateById(pubFile, certId, &cert);
CuAssert(tc, "Searching for a non existend certificate failed", res == KSI_OK && cert == NULL);
KSI_OctetString_free(certId);
KSI_PublicationsFile_free(pubFile);
}
static void testVerifyPublicationsFileWithNoConstraints(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_CertConstraint arr[] = {
{NULL, NULL},
{NULL, NULL}
};
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to delete OID 1.2.840.113549.1.9.1", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file may not verify with no constraints.", res == KSI_PUBFILE_VERIFICATION_NOT_CONFIGURED);
arr[0].oid = KSI_CERT_EMAIL;
arr[0].val = "*****@*****.**";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 1.2.840.113549.1.9.1 back to normal", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify with e-mail.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
static void testVerifyDocumentHash(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
char doc[] = "LAPTOP";
KSI_DataHash *hsh = NULL;
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
/* Chech correct document. */
res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_256, &hsh);
CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);
res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
CuAssert(tc, "Failed to verify valid document", res == KSI_OK);
KSI_DataHash_free(hsh);
hsh = NULL;
/* Chech wrong document. */
res = KSI_DataHash_create(ctx, doc, sizeof(doc), KSI_HASHALG_SHA2_256, &hsh);
CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);
res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);
KSI_DataHash_free(hsh);
hsh = NULL;
/* Check correct document with wrong hash algorithm. */
res = KSI_DataHash_create(ctx, doc, strlen(doc), KSI_HASHALG_SHA2_512, &hsh);
CuAssert(tc, "Failed to create data hash", res == KSI_OK && hsh != NULL);
res = KSI_Signature_verifyDataHash(sig, ctx, hsh);
CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);
KSI_DataHash_free(hsh);
KSI_Signature_free(sig);
}
static void testSignatureWith2Anchors(CuTest *tc) {
KSI_Signature *sig = NULL;
int res;
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/nok-sig-two-anchors.tlv"), &sig);
CuAssert(tc, "Reading a signature with more than one trust anchor should result in format error.", res == KSI_INVALID_FORMAT && sig == NULL);
KSI_Signature_free(sig);
}
static void testVerifySignatureNew(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
/* Set the extend response. */
KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extend_response.tlv"));
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature online.", res == KSI_OK);
KSI_Signature_free(sig);
}
static void testVerifySignatureExtendedToHead(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-head.ksig"), &sig);
CuAssert(tc, "Signature should have either a calendar auth record or publication", res == KSI_OK && sig != NULL);
/* Set the extend response. */
KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-head-extend_response.tlv"));
ctx->requestCounter = 0;
res = KSI_Signature_verifyOnline(sig, ctx);
CuAssert(tc, "Signature should verify", res == KSI_OK);
KSI_Signature_free(sig);
}
static void testVerifyPublicationsFileAdditionalPublications(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TAMPERED_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "This publications file does not follow the correct format.", res != KSI_OK && pubFile == NULL);
KSI_PublicationsFile_free(pubFile);
}
static void testLoadSignatureFromFile(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
KSI_Signature_free(sig);
}
static void TestClone(CuTest *tc) {
int res;
KSI_TLV *tlv = NULL;
KSI_TLV *clone = NULL;
unsigned char in[0xffff + 4];
unsigned char out1[0xffff + 4];
char errstr[1024];
size_t out_len;
size_t in_len;
FILE *f = NULL;
int i = 0;
KSI_ERR_clearErrors(ctx);
while (ok_sample[i] != NULL) {
f = fopen(getFullResourcePath(ok_sample[i]), "rb");
CuAssert(tc, "Unable to open test file.", f != NULL);
in_len = (unsigned) fread(in, 1, sizeof(in), f);
fclose(f);
f = NULL;
res = KSI_TLV_parseBlob2(ctx, in, in_len, 0, &tlv);
CuAssert(tc, "Unable to parse TLV.", res == KSI_OK);
res = parseStructure(tlv, 0);
CuAssert(tc, "Unable to parse TLV structure.", res == KSI_OK);
res = KSI_TLV_clone(tlv, &clone);
CuAssert(tc, "Unsable to clone TLV.", res == KSI_OK && clone != NULL);
/* Re assemble TLV */
res = KSI_TLV_serialize_ex(clone, out1, sizeof(out1), &out_len);
CuAssert(tc, "Unable to serialize TLV.", res == KSI_OK);
CuAssert(tc, "Serialized TLV size mismatch.", in_len == out_len);
sprintf(errstr, "Serialised TLV content does not match original: '%s'.", ok_sample[i]);
CuAssert(tc, errstr, !memcmp(in, out1, in_len));
KSI_TLV_free(clone);
clone = NULL;
KSI_TLV_free(tlv);
tlv = NULL;
i++;
}
}
static void createMultiSignature(KSI_MultiSignature **ms) {
const char *signatures[] = {TEST_SIGNATURE_FILE, TEST_EX_SIGNATURE_FILE, NULL};
KSI_MultiSignature *tmp = NULL;
KSI_Signature *sig = NULL;
size_t i;
KSI_MultiSignature_new(ctx, &tmp);
for (i = 0; signatures[i] != NULL; i++) {
KSI_Signature_fromFile(ctx, getFullResourcePath(signatures[i]), &sig);
KSI_MultiSignature_add(tmp, sig);
KSI_Signature_free(sig);
}
*ms = tmp;
}
