static void Test_ExtendSignature_useProvider(CuTest* tc, const char *uri_host, unsigned port, const char *user, const char *key, const char *pub_uri, int (*createProvider)(KSI_CTX *ctx, KSI_NetworkClient **http), int (*setPubfail)(KSI_NetworkClient *client, const char *url), int (*setExtender)(KSI_NetworkClient *client, const char *url_host, unsigned port, const char *user, const char *pass)) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_NetworkClient *client = NULL; KSI_CTX *ctx = NULL; /* Create the context. */ res = KSI_CTX_new(&ctx); CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL); res = createProvider(ctx, &client); CuAssert(tc, "Unable to create network client.", res == KSI_OK && client != NULL); res = setExtender(client, uri_host, port, user, key); CuAssert(tc, "Unable to set extender specific service information.", res == KSI_OK); res = setPubfail(client, pub_uri); CuAssert(tc, "Unable to set publications file url.", res == KSI_OK); res = KSI_CTX_setNetworkProvider(ctx, client); CuAssert(tc, "Unable to set new network client.", res == KSI_OK); client = NULL; res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig); CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_extend(sig, ctx, NULL, &ext); CuAssert(tc, "The extending of signature must not fail.", res == KSI_OK && ext != NULL); KSI_NetworkClient_free(client); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_CTX_free(ctx); return; }
int main(int argc, char **argv) { KSI_CTX *ksi = NULL; int res; FILE *out = NULL; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_HttpClient *net = NULL; unsigned char *raw = NULL; unsigned raw_len; unsigned count; FILE *logFile = NULL; if (argc != 5) { printf("Usage:\n" " %s <signature> <extended> <extender uri> <pub-file uri| ->\n", argv[0]); res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Init KSI context */ res = KSI_CTX_new(&ksi); if (res != KSI_OK) { fprintf(stderr, "Unable to init KSI context.\n"); goto cleanup; } logFile = fopen("ksi_extend.log", "w"); if (logFile == NULL) { fprintf(stderr, "Unable to open log file.\n"); } KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile); KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG); KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion()); res = KSI_HttpClient_new(ksi, &net); if (res != KSI_OK) { fprintf(stderr, "Unable to create new network provider.\n"); goto cleanup; } res = KSI_HttpClient_setExtender(net, argv[3], "anon", "anon"); if (res != KSI_OK) goto cleanup; if (strcmp(argv[4], "-")) { res = KSI_HttpClient_setPublicationUrl(net, argv[4]); if (res != KSI_OK) goto cleanup; } res = KSI_CTX_setNetworkProvider(ksi, (KSI_NetworkClient *)net); if (res != KSI_OK) { fprintf(stderr, "Unable to set new network provider.\n"); goto cleanup; } /* Read the signature. */ res = KSI_Signature_fromFile(ksi, argv[1], &sig); if (res != KSI_OK) { KSI_ERR_statusDump(ksi, stdout); fprintf(stderr, "Unable to read signature from '%s'\n", argv[1]); goto cleanup; } /* Make sure the signature is ok. */ res = KSI_verifySignature(ksi, sig); if (res != KSI_OK) { fprintf(stderr, "Unable to verify signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* Extend the signature. */ res = KSI_extendSignature(ksi, sig, &ext); if (res != KSI_OK) { if (res == KSI_EXTEND_NO_SUITABLE_PUBLICATION) { printf("No suitable publication to extend to.\n"); goto cleanup; } fprintf(stderr, "Unable to extend signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* To be extra sure, lets verify the extended signature. */ res = KSI_verifySignature(ksi, ext); if (res != KSI_OK) { fprintf(stderr, "Unable to verify the extended signature.\n"); KSI_ERR_statusDump(ksi, stderr); goto cleanup; } /* Serialize the extended signature. */ res = KSI_Signature_serialize(ext, &raw, &raw_len); if (res != KSI_OK) { fprintf(stderr, "Unable to serialize extended signature.\n"); goto cleanup; } /* Open output file. */ out = fopen(argv[2], "wb"); if (out == NULL) { fprintf(stderr, "Unable to open output file '%s'\n", argv[2]); res = KSI_IO_ERROR; goto cleanup; } count = (unsigned)fwrite(raw, 1, raw_len, out); if (count != raw_len) { fprintf(stderr, "Failed to write output file.\n"); res = KSI_IO_ERROR; goto cleanup; } printf("Signature extended."); cleanup: if (logFile != NULL) fclose(logFile); if (out != NULL) fclose(out); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_free(raw); KSI_CTX_free(ksi); return res; }
int KSI_CTX_new(KSI_CTX **context) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *ctx = NULL; KSI_NetworkClient *client = NULL; ctx = KSI_new(KSI_CTX); if (ctx == NULL) { res = KSI_OUT_OF_MEMORY; goto cleanup; } /* Init error stack */ ctx->errors_size = KSI_ERR_STACK_LEN; ctx->errors = KSI_malloc(sizeof(KSI_ERR) * ctx->errors_size); if (ctx->errors == NULL) { res = KSI_OUT_OF_MEMORY; goto cleanup; } ctx->errors_count = 0; ctx->publicationsFile = NULL; ctx->pkiTruststore = NULL; ctx->netProvider = NULL; ctx->publicationCertEmail_DEPRECATED = NULL; ctx->loggerCB = NULL; ctx->requestHeaderCB = NULL; ctx->flags[KSI_CTX_FLAG_AGGR_PDU_VER] = KSI_AGGREGATION_PDU_VERSION; ctx->flags[KSI_CTX_FLAG_EXT_PDU_VER] = KSI_EXTENDING_PDU_VERSION; ctx->loggerCtx = NULL; ctx->certConstraints = NULL; ctx->freeCertConstraintsArray = freeCertConstraintsArray; ctx->lastFailedSignature = NULL; KSI_ERR_clearErrors(ctx); /* Create global cleanup list as the first thing. */ res = KSI_List_new(NULL, &ctx->cleanupFnList); if (res != KSI_OK) goto cleanup; /* Create and set the logger. */ res = KSI_CTX_setLoggerCallback(ctx, KSI_LOG_StreamLogger, stdout); if (res != KSI_OK) goto cleanup; res = KSI_CTX_setLogLevel(ctx, KSI_LOG_NONE); if (res != KSI_OK) goto cleanup; res = KSI_UriClient_new(ctx, &client); if (res != KSI_OK) goto cleanup; res = KSI_CTX_setNetworkProvider(ctx, client); if (res != KSI_OK) goto cleanup; ctx->isCustomNetProvider = 0; client = NULL; /* Initialize truststore. */ res = KSI_PKITruststore_registerGlobals(ctx); if (res != KSI_OK) goto cleanup; /* Return the context. */ *context = ctx; ctx = NULL; res = KSI_OK; cleanup: KSI_NetworkClient_free(client); KSI_CTX_free(ctx); return res; }