static int initPublicationsFile(KSI_VerificationResult *info, KSI_CTX *ctx) {
int res = KSI_UNKNOWN_ERROR;
KSI_PublicationsFile *tmp = NULL;
if (info->publicationsFile == NULL) {
bool verifyPubFile = (ctx->publicationsFile == NULL);
res = KSI_receivePublicationsFile(ctx, &tmp);
if (res != KSI_OK) goto cleanup;
if (verifyPubFile == true) {
res = KSI_verifyPublicationsFile(ctx, tmp);
if (res != KSI_OK) goto cleanup;
}
info->publicationsFile = tmp;
tmp = NULL;
}
res = KSI_OK;
cleanup:
KSI_PublicationsFile_free(tmp);
return res;
}
static void testFindPublicationByPubStr(CuTest *tc) {
static const char publication[] = "AAAAAA-CTJR3I-AANBWU-RY76YF-7TH2M5-KGEZVA-WLLRGD-3GKYBG-AM5WWV-4MCLSP-XPRDDI-UFMHBA";
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_PublicationData *pub = NULL;
KSI_DataHash *pubHsh = NULL;
KSI_Integer *pubTime = NULL;
KSI_DataHash *expHsh = NULL;
unsigned char buf[0xff];
size_t len;
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create KSI context.", res == KSI_OK && ctx != NULL);
res = KSITest_setDefaultPubfileAndVerInfo(ctx);
CuAssert(tc, "Unable to set default values to context.", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE));
CuAssert(tc, "Unable to set pubfile URI.", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Unable to verify publications file.", res == KSI_OK);
res = KSI_PublicationsFile_getPublicationDataByPublicationString(pubFile, publication, &pubRec);
CuAssert(tc, "Unable to get publication record by publication string.", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pub);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pub != NULL);
res = KSI_PublicationData_getImprint(pub, &pubHsh);
CuAssert(tc, "Unable to get published hash", res == KSI_OK && pubHsh != NULL);
res = KSI_PublicationData_getTime(pub, &pubTime);
CuAssert(tc, "Unable to get publication time.", res == KSI_OK && pubTime != NULL);
KSITest_decodeHexStr("01a1b5238ffb05fccfa67546266a0b2d7130f6656026033b6b578c12e4fbbe231a", buf, sizeof(buf), &len);
res = KSI_DataHash_fromImprint(ctx, buf, len, &expHsh);
CuAssert(tc, "Unable to get data hash from imprint.", res == KSI_OK && expHsh != NULL);
CuAssert(tc, "Publication hash mismatch.", KSI_DataHash_equals(expHsh, pubHsh));
CuAssert(tc, "Publication time mismatch", KSI_Integer_equalsUInt(pubTime, 1397520000));
KSI_DataHash_free(expHsh);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
static void testFindPublicationRef(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *pubTime = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
size_t i;
int isPubRefFound = 0;
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create KSI context.", res == KSI_OK && ctx != NULL);
res = KSITest_setDefaultPubfileAndVerInfo(ctx);
CuAssert(tc, "Unable to set default values to context.", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE));
CuAssert(tc, "Unable to set pubfile URI.", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Unable to verify publications file.", res == KSI_OK);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
for (i = 0; i < KSI_Utf8StringList_length(pubRefList); i++) {
KSI_Utf8String *pubRef = NULL;
res = KSI_Utf8StringList_elementAt(pubRefList, i, &pubRef);
CuAssert(tc, "Unable to get element from list", res == KSI_OK && pubRef != NULL);
if (!strcmp("Financial Times, ISSN: 0307-1766, 2014-04-17", KSI_Utf8String_cstr(pubRef))) {
isPubRefFound = 1;
}
}
CuAssert(tc, "Financial times publication not found", isPubRefFound);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
static void testFindPublicationByTime(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_PublicationData *pub = NULL;
KSI_DataHash *pubHsh = NULL;
KSI_Integer *pubTime = NULL;
KSI_DataHash *expHsh = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
unsigned char buf[0xff];
unsigned len;
KSI_ERR_clearErrors(ctx);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pub);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pub != NULL);
res = KSI_PublicationData_getImprint(pub, &pubHsh);
CuAssert(tc, "Unable to get published hash", res == KSI_OK && pubHsh != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationData_getTime(pub, &pubTime);
CuAssert(tc, "Unable to get publication time.", res == KSI_OK && pubTime != NULL);
KSITest_decodeHexStr("01a1b5238ffb05fccfa67546266a0b2d7130f6656026033b6b578c12e4fbbe231a", buf, sizeof(buf), &len);
res = KSI_DataHash_fromImprint(ctx, buf, len, &expHsh);
CuAssert(tc, "Unable to get datahash from imprint", res == KSI_OK && expHsh != NULL);
CuAssert(tc, "Publication hash mismatch.", KSI_DataHash_equals(expHsh, pubHsh));
CuAssert(tc, "Publication time mismatch", KSI_Integer_equalsUInt(pubTime, 1397520000));
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
KSI_DataHash_free(expHsh);
}
static int verifyPublication(KSI_CTX *ctx, KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_VerificationStep step = KSI_VERIFY_PUBLICATION_WITH_PUBFILE;
KSI_VerificationResult *info = &sig->verificationResult;
bool verifyPubFile = (ctx->publicationsFile == NULL);
if (sig->publication == NULL) {
res = KSI_OK;
goto cleanup;
}
KSI_LOG_info(sig->ctx, "Verifying publication");
if (sig->verificationResult.useUserPublication) {
res = KSI_OK;
goto cleanup;
}
res = KSI_receivePublicationsFile(ctx, &pubFile);
if (res != KSI_OK) goto cleanup;
if (verifyPubFile == true) {
res = KSI_verifyPublicationsFile(ctx, pubFile);
if (res != KSI_OK) goto cleanup;
}
res = KSI_PublicationsFile_findPublication(pubFile, sig->publication, &pubRec);
if (res != KSI_OK) goto cleanup;
if (pubRec == NULL) {
res = KSI_VerificationResult_addFailure(info, step, "Publication not trusted.");
goto cleanup;
}
res = KSI_VerificationResult_addSuccess(info, step, "Publication trusted.");
if (res != KSI_OK) goto cleanup;
res = KSI_OK;
cleanup:
KSI_PublicationRecord_free(pubRec);
KSI_PublicationsFile_free(pubFile);
return res;
}
static void testReceivePublicationsFileInvalidPki(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PKITruststore *pki = NULL;
KSI_CertConstraint arr[] = {
{KSI_CERT_EMAIL, "*****@*****.**"},
{NULL, NULL}
};
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create new context.", res == KSI_OK && ctx != NULL);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE_INVALID_PKI));
CuAssert(tc, "Unable to clear pubfile URI.", res == KSI_OK);
/* Configure expected PIK cert and constraints for pub. file. */
res = KSI_PKITruststore_new(ctx, 0, &pki);
CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL);
res = KSI_CTX_setPKITruststore(ctx, pki);
CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK);
res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt"));
CuAssert(tc, "Unable to read certificate", res == KSI_OK);
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 2.5.4.10", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to receive publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Publications file should NOT verify as PKI signature is wrong.", res == KSI_INVALID_PKI_SIGNATURE);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
static void testFindPublicationByPubStr(CuTest *tc) {
static const char publication[] = "AAAAAA-CTJR3I-AANBWU-RY76YF-7TH2M5-KGEZVA-WLLRGD-3GKYBG-AM5WWV-4MCLSP-XPRDDI-UFMHBA";
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_PublicationData *pub = NULL;
KSI_DataHash *pubHsh = NULL;
KSI_Integer *pubTime = NULL;
KSI_DataHash *expHsh = NULL;
unsigned char buf[0xff];
unsigned len;
KSI_ERR_clearErrors(ctx);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_PublicationsFile_getPublicationDataByPublicationString(pubFile, publication, &pubRec);
CuAssert(tc, "Unable to get publication record by publication string.", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pub);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pub != NULL);
res = KSI_PublicationData_getImprint(pub, &pubHsh);
CuAssert(tc, "Unable to get published hash", res == KSI_OK && pubHsh != NULL);
res = KSI_PublicationData_getTime(pub, &pubTime);
CuAssert(tc, "Unable to get publication time.", res == KSI_OK && pubTime != NULL);
KSITest_decodeHexStr("01a1b5238ffb05fccfa67546266a0b2d7130f6656026033b6b578c12e4fbbe231a", buf, sizeof(buf), &len);
res = KSI_DataHash_fromImprint(ctx, buf, len, &expHsh);
CuAssert(tc, "Unable to get data hash from imprint.", res == KSI_OK && expHsh != NULL);
CuAssert(tc, "Publication hash mismatch.", KSI_DataHash_equals(expHsh, pubHsh));
CuAssert(tc, "Publication time mismatch", KSI_Integer_equalsUInt(pubTime, 1397520000));
KSI_DataHash_free(expHsh);
}
static void testFindPublicationRef(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *pubTime = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
size_t i;
int isPubRefFound = 0;
KSI_ERR_clearErrors(ctx);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
for (i = 0; i < KSI_Utf8StringList_length(pubRefList); i++) {
KSI_Utf8String *pubRef = NULL;
res = KSI_Utf8StringList_elementAt(pubRefList, i, &pubRef);
CuAssert(tc, "Unable to get element from list", res == KSI_OK && pubRef != NULL);
if (!strcmp("Financial Times, ISSN: 0307-1766, 2014-04-17", KSI_Utf8String_cstr(pubRef))) {
isPubRefFound = 1;
}
}
CuAssert(tc, "Financial times publication not found", isPubRefFound);
}
static void testFindPublicationByTime(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_PublicationData *pub = NULL;
KSI_DataHash *pubHsh = NULL;
KSI_Integer *pubTime = NULL;
KSI_DataHash *expHsh = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
unsigned char buf[0xff];
size_t len;
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create KSI context.", res == KSI_OK && ctx != NULL);
res = KSITest_setDefaultPubfileAndVerInfo(ctx);
CuAssert(tc, "Unable to set default values to context.", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE));
CuAssert(tc, "Unable to set pubfile URI.", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Unable to verify publications file.", res == KSI_OK);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
res = KSI_PublicationRecord_getPublishedData(pubRec, &pub);
CuAssert(tc, "Unable to get published data", res == KSI_OK && pub != NULL);
res = KSI_PublicationData_getImprint(pub, &pubHsh);
CuAssert(tc, "Unable to get published hash", res == KSI_OK && pubHsh != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationData_getTime(pub, &pubTime);
CuAssert(tc, "Unable to get publication time.", res == KSI_OK && pubTime != NULL);
KSITest_decodeHexStr("01a1b5238ffb05fccfa67546266a0b2d7130f6656026033b6b578c12e4fbbe231a", buf, sizeof(buf), &len);
res = KSI_DataHash_fromImprint(ctx, buf, len, &expHsh);
CuAssert(tc, "Unable to get datahash from imprint", res == KSI_OK && expHsh != NULL);
CuAssert(tc, "Publication hash mismatch.", KSI_DataHash_equals(expHsh, pubHsh));
CuAssert(tc, "Publication time mismatch", KSI_Integer_equalsUInt(pubTime, 1397520000));
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
KSI_DataHash_free(expHsh);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
int KSI_extendSignatureWithPolicy(KSI_CTX *ctx, KSI_Signature *sig, const KSI_Policy *policy, KSI_VerificationContext *context, KSI_Signature **extended) {
int res = KSI_UNKNOWN_ERROR;
KSI_PublicationsFile *pubFile = NULL;
KSI_Integer *signingTime = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Signature *extSig = NULL;
bool verifyPubFile = (ctx->publicationsFile == NULL);
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || sig == NULL || extended == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_receivePublicationsFile(ctx, &pubFile);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
if (verifyPubFile == true) {
res = KSI_verifyPublicationsFile(ctx, pubFile);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
}
res = KSI_Signature_getSigningTime(sig, &signingTime);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_PublicationsFile_getNearestPublication(pubFile, signingTime, &pubRec);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
if (pubRec == NULL) {
KSI_pushError(ctx, res = KSI_EXTEND_NO_SUITABLE_PUBLICATION, NULL);
goto cleanup;
}
res = KSI_Signature_extendWithPolicy(sig, ctx, pubRec, policy, context, &extSig);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
*extended = extSig;
extSig = NULL;
cleanup:
KSI_PublicationRecord_free(pubRec);
KSI_PublicationsFile_free(pubFile);
KSI_Signature_free(extSig);
return res;
}
