static PARCCryptoHash *
_GetCertificateDigest(PARCPkcs12KeyStore *keystore)
{
parcSecurity_AssertIsInitialized();
assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore");
if (keystore->certificate_digest == NULL) {
uint8_t digestBuffer[SHA256_DIGEST_LENGTH];
int result = X509_digest(keystore->x509_cert, EVP_sha256(), digestBuffer, NULL);
if (result) {
keystore->certificate_digest =
parcBuffer_Flip(parcBuffer_PutArray(parcBuffer_Allocate(SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH, digestBuffer));
}
}
PARCCryptoHash *hash = parcCryptoHash_Create(PARC_HASH_SHA256, keystore->certificate_digest);
return hash;
}
static PARCCryptoHash *
_GetPublickKeyDigest(PARCPkcs12KeyStore *keystore)
{
parcSecurity_AssertIsInitialized();
assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore");
if (keystore->public_key_digest == NULL) {
AUTHORITY_KEYID *akid = X509_get_ext_d2i(keystore->x509_cert, NID_authority_key_identifier, NULL, NULL);
if (akid != NULL) {
ASN1_OCTET_STRING *skid = X509_get_ext_d2i(keystore->x509_cert, NID_subject_key_identifier, NULL, NULL);
if (skid != NULL) {
keystore->public_key_digest =
parcBuffer_PutArray(parcBuffer_Allocate(skid->length), skid->length, skid->data);
parcBuffer_Flip(keystore->public_key_digest);
ASN1_OCTET_STRING_free(skid);
}
AUTHORITY_KEYID_free(akid);
}
}
// If we could not load the digest from the certificate, then calculate it from the public key.
if (keystore->public_key_digest == NULL) {
uint8_t digestBuffer[SHA256_DIGEST_LENGTH];
int result = ASN1_item_digest(ASN1_ITEM_rptr(X509_PUBKEY),
EVP_sha256(),
X509_get_X509_PUBKEY(keystore->x509_cert),
digestBuffer,
NULL);
if (result != 1) {
assertTrue(0, "Could not compute digest over certificate public key");
} else {
keystore->public_key_digest =
parcBuffer_PutArray(parcBuffer_Allocate(SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH, digestBuffer);
parcBuffer_Flip(keystore->public_key_digest);
}
}
// This stores a reference, so keystore->public_key_digest will remain valid
// even if the cryptoHasher is destroyed
return parcCryptoHash_Create(PARC_HASH_SHA256, keystore->public_key_digest);
}
LONGBOW_TEST_CASE(Global, parcSigner_SignDigest)
{
_MockSigner *mock = _createSigner();
PARCSigner *signer = parcSigner_Create(mock, _MockSignerInterface);
_mockSigner_Release(&mock);
PARCBuffer *buffer = parcBuffer_Allocate(10);
PARCCryptoHash *hash = parcCryptoHash_Create(PARCCryptoHashType_SHA256, buffer);
PARCSignature *signature = parcSigner_SignDigest(signer, hash);
assertNotNull(signature, "Expected non-NULL PARCSignature");
PARCBuffer *bits = parcSignature_GetSignature(signature);
char *bitstring = parcBuffer_ToString(bits);
char *expectedString = FAKE_SIGNATURE;
assertTrue(strcmp(bitstring, expectedString) == 0, "Expected the forced signature as output %s, got %s", expectedString, bitstring);
parcMemory_Deallocate(&bitstring);
parcCryptoHash_Release(&hash);
parcBuffer_Release(&buffer);
parcSignature_Release(&signature);
parcSigner_Release(&signer);
}
