static void testVerifyPublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PKITruststore *pki = NULL; KSI_ERR_clearErrors(ctx); setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE)); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PKITruststore_new(ctx, 0, &pki); CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL); res = KSI_CTX_setPKITruststore(ctx, pki); CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK); /* Verification should fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK); /* Verification should succeed. */ res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt")); CuAssert(tc, "Unable to read certificate", res == KSI_OK); res = KSI_PublicationsFile_verify(pubFile, ctx); // KSI_ERR_statusDump(ctx, stdout); // exit(1); CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
static void testReceivePublicationsFileInvalidPki(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PKITruststore *pki = NULL; KSI_CertConstraint arr[] = { {KSI_CERT_EMAIL, "*****@*****.**"}, {NULL, NULL} }; KSI_CTX *ctx = NULL; res = KSITest_CTX_clone(&ctx); CuAssert(tc, "Unable to create new context.", res == KSI_OK && ctx != NULL); KSI_ERR_clearErrors(ctx); res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE_INVALID_PKI)); CuAssert(tc, "Unable to clear pubfile URI.", res == KSI_OK); /* Configure expected PIK cert and constraints for pub. file. */ res = KSI_PKITruststore_new(ctx, 0, &pki); CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL); res = KSI_CTX_setPKITruststore(ctx, pki); CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK); res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt")); CuAssert(tc, "Unable to read certificate", res == KSI_OK); res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to set OID 2.5.4.10", res == KSI_OK); res = KSI_receivePublicationsFile(ctx, &pubFile); CuAssert(tc, "Unable to receive publications file.", res == KSI_OK && pubFile != NULL); res = KSI_verifyPublicationsFile(ctx, pubFile); CuAssert(tc, "Publications file should NOT verify as PKI signature is wrong.", res == KSI_INVALID_PKI_SIGNATURE); KSI_PublicationsFile_free(pubFile); KSI_CTX_free(ctx); }