static void Test_ExtendSignature_useProvider(CuTest* tc, const char *uri_host, unsigned port, const char *user, const char *key, const char *pub_uri,
int (*createProvider)(KSI_CTX *ctx, KSI_NetworkClient **http),
int (*setPubfail)(KSI_NetworkClient *client, const char *url),
int (*setExtender)(KSI_NetworkClient *client, const char *url_host, unsigned port, const char *user, const char *pass)) {
int res = KSI_UNKNOWN_ERROR;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_NetworkClient *client = NULL;
KSI_CTX *ctx = NULL;
/* Create the context. */
res = KSI_CTX_new(&ctx);
CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL);
res = createProvider(ctx, &client);
CuAssert(tc, "Unable to create network client.", res == KSI_OK && client != NULL);
res = setExtender(client, uri_host, port, user, key);
CuAssert(tc, "Unable to set extender specific service information.", res == KSI_OK);
res = setPubfail(client, pub_uri);
CuAssert(tc, "Unable to set publications file url.", res == KSI_OK);
res = KSI_CTX_setNetworkProvider(ctx, client);
CuAssert(tc, "Unable to set new network client.", res == KSI_OK);
client = NULL;
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "The extending of signature must not fail.", res == KSI_OK && ext != NULL);
KSI_NetworkClient_free(client);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_CTX_free(ctx);
return;
}
int main(int argc, char **argv) {
KSI_CTX *ksi = NULL;
int res;
FILE *out = NULL;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_HttpClient *net = NULL;
unsigned char *raw = NULL;
unsigned raw_len;
unsigned count;
FILE *logFile = NULL;
if (argc != 5) {
printf("Usage:\n"
" %s <signature> <extended> <extender uri> <pub-file uri| ->\n", argv[0]);
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
/* Init KSI context */
res = KSI_CTX_new(&ksi);
if (res != KSI_OK) {
fprintf(stderr, "Unable to init KSI context.\n");
goto cleanup;
}
logFile = fopen("ksi_extend.log", "w");
if (logFile == NULL) {
fprintf(stderr, "Unable to open log file.\n");
}
KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile);
KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG);
KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());
res = KSI_HttpClient_new(ksi, &net);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create new network provider.\n");
goto cleanup;
}
res = KSI_HttpClient_setExtender(net, argv[3], "anon", "anon");
if (res != KSI_OK) goto cleanup;
if (strcmp(argv[4], "-")) {
res = KSI_HttpClient_setPublicationUrl(net, argv[4]);
if (res != KSI_OK) goto cleanup;
}
res = KSI_CTX_setNetworkProvider(ksi, (KSI_NetworkClient *)net);
if (res != KSI_OK) {
fprintf(stderr, "Unable to set new network provider.\n");
goto cleanup;
}
/* Read the signature. */
res = KSI_Signature_fromFile(ksi, argv[1], &sig);
if (res != KSI_OK) {
KSI_ERR_statusDump(ksi, stdout);
fprintf(stderr, "Unable to read signature from '%s'\n", argv[1]);
goto cleanup;
}
/* Make sure the signature is ok. */
res = KSI_verifySignature(ksi, sig);
if (res != KSI_OK) {
fprintf(stderr, "Unable to verify signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* Extend the signature. */
res = KSI_extendSignature(ksi, sig, &ext);
if (res != KSI_OK) {
if (res == KSI_EXTEND_NO_SUITABLE_PUBLICATION) {
printf("No suitable publication to extend to.\n");
goto cleanup;
}
fprintf(stderr, "Unable to extend signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* To be extra sure, lets verify the extended signature. */
res = KSI_verifySignature(ksi, ext);
if (res != KSI_OK) {
fprintf(stderr, "Unable to verify the extended signature.\n");
KSI_ERR_statusDump(ksi, stderr);
goto cleanup;
}
/* Serialize the extended signature. */
res = KSI_Signature_serialize(ext, &raw, &raw_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable to serialize extended signature.\n");
goto cleanup;
}
/* Open output file. */
out = fopen(argv[2], "wb");
if (out == NULL) {
fprintf(stderr, "Unable to open output file '%s'\n", argv[2]);
res = KSI_IO_ERROR;
goto cleanup;
}
count = (unsigned)fwrite(raw, 1, raw_len, out);
if (count != raw_len) {
fprintf(stderr, "Failed to write output file.\n");
res = KSI_IO_ERROR;
goto cleanup;
}
printf("Signature extended.");
cleanup:
if (logFile != NULL) fclose(logFile);
if (out != NULL) fclose(out);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_free(raw);
KSI_CTX_free(ksi);
return res;
}
int KSI_CTX_new(KSI_CTX **context) {
int res = KSI_UNKNOWN_ERROR;
KSI_CTX *ctx = NULL;
KSI_NetworkClient *client = NULL;
ctx = KSI_new(KSI_CTX);
if (ctx == NULL) {
res = KSI_OUT_OF_MEMORY;
goto cleanup;
}
/* Init error stack */
ctx->errors_size = KSI_ERR_STACK_LEN;
ctx->errors = KSI_malloc(sizeof(KSI_ERR) * ctx->errors_size);
if (ctx->errors == NULL) {
res = KSI_OUT_OF_MEMORY;
goto cleanup;
}
ctx->errors_count = 0;
ctx->publicationsFile = NULL;
ctx->pkiTruststore = NULL;
ctx->netProvider = NULL;
ctx->publicationCertEmail_DEPRECATED = NULL;
ctx->loggerCB = NULL;
ctx->requestHeaderCB = NULL;
ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_AGGREGATION_PDU_VERSION;
ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_EXTENDING_PDU_VERSION;
ctx->loggerCtx = NULL;
ctx->certConstraints = NULL;
ctx->freeCertConstraintsArray = freeCertConstraintsArray;
ctx->lastFailedSignature = NULL;
KSI_ERR_clearErrors(ctx);
/* Create global cleanup list as the first thing. */
res = KSI_List_new(NULL, &ctx->cleanupFnList);
if (res != KSI_OK) goto cleanup;
/* Create and set the logger. */
res = KSI_CTX_setLoggerCallback(ctx, KSI_LOG_StreamLogger, stdout);
if (res != KSI_OK) goto cleanup;
res = KSI_CTX_setLogLevel(ctx, KSI_LOG_NONE);
if (res != KSI_OK) goto cleanup;
res = KSI_UriClient_new(ctx, &client);
if (res != KSI_OK) goto cleanup;
res = KSI_CTX_setNetworkProvider(ctx, client);
if (res != KSI_OK) goto cleanup;
ctx->isCustomNetProvider = 0;
client = NULL;
/* Initialize truststore. */
res = KSI_PKITruststore_registerGlobals(ctx);
if (res != KSI_OK) goto cleanup;
/* Return the context. */
*context = ctx;
ctx = NULL;
res = KSI_OK;
cleanup:
KSI_NetworkClient_free(client);
KSI_CTX_free(ctx);
return res;
}
