int KSI_Signature_verifyAggregatedHash(KSI_Signature *sig, KSI_CTX *ctx, KSI_DataHash *rootHash, KSI_uint64_t rootLevel) {
int res = KSI_UNKNOWN_ERROR;
KSI_CTX *useCtx = ctx;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || sig == NULL || rootHash == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
/* Pick a context to use. */
if (useCtx == NULL) {
useCtx = sig->ctx;
}
KSI_VerificationResult_reset(&sig->verificationResult);
/* Set the document hash. */
sig->verificationResult.documentHash = KSI_DataHash_ref(rootHash);
sig->verificationResult.docAggrLevel = rootLevel;
sig->verificationResult.verifyDocumentHash = true;
res = KSI_Signature_verifyPolicy(sig, KSI_VP_DOCUMENT, useCtx);
if (res != KSI_OK) {
KSI_pushError(sig->ctx, res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
static void testLoadPublicationsFileWithNoCerts(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_LIST(KSI_CertificateRecord) *certList = NULL;
KSI_PKICertificate *cert = NULL;
unsigned char dummy[] = {0xca, 0xfe, 0xba, 0xbe};
KSI_OctetString *certId = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath("resource/publications/publications-nocerts.bin"), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PublicationsFile_getCertificates(pubFile, &certList);
CuAssert(tc, "Unable to get certificate list", res == KSI_OK);
CuAssert(tc, "Unexpected certificate list length.", KSI_CertificateRecordList_length(certList) == 0);
res = KSI_OctetString_new(ctx, dummy, sizeof(dummy), &certId);
CuAssert(tc, "Creating an octetstring failed", res == KSI_OK && certId != NULL);
res = KSI_PublicationsFile_getPKICertificateById(pubFile, certId, &cert);
CuAssert(tc, "Searching for a non existend certificate failed", res == KSI_OK && cert == NULL);
KSI_OctetString_free(certId);
KSI_PublicationsFile_free(pubFile);
}
int KSI_PublicationRecord_toBase32(KSI_PublicationRecord *pubRec, char **pubStr) {
int res;
if (pubRec == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(pubRec->ctx);
if (pubStr == NULL) {
KSI_pushError(pubRec->ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_PublicationData_toBase32(pubRec->publishedData, pubStr);
if (res != KSI_OK) {
KSI_pushError(pubRec->ctx, res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
/*TODO: Not supported*/
int KSI_PKITruststore_addLookupFile(KSI_PKITruststore *trust, const char *path) {
int res = KSI_UNKNOWN_ERROR;
HCERTSTORE tmp_FileTrustStore = NULL;
char buf[1024];
if (trust == NULL || path == NULL){
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(trust->ctx);
/*Open new store */
tmp_FileTrustStore = CertOpenStore(CERT_STORE_PROV_FILENAME_A, 0, 0, 0, path);
if (tmp_FileTrustStore == NULL) {
KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf)));
KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL);
goto cleanup;
}
/*Update with priority 0 store*/
if (!CertAddStoreToCollection(trust->collectionStore, tmp_FileTrustStore, 0, 0)) {
KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf)));
KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL);
goto cleanup;
}
tmp_FileTrustStore = NULL;
res = KSI_OK;
cleanup:
if (tmp_FileTrustStore) CertCloseStore(tmp_FileTrustStore, CERT_CLOSE_STORE_CHECK_FLAG);
return res;
}
static void testVerifyPublicationsFileWithNoConstraints(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_CertConstraint arr[] = {
{NULL, NULL},
{NULL, NULL}
};
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to delete OID 1.2.840.113549.1.9.1", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file may not verify with no constraints.", res == KSI_PUBFILE_VERIFICATION_NOT_CONFIGURED);
arr[0].oid = KSI_CERT_EMAIL;
arr[0].val = "*****@*****.**";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 1.2.840.113549.1.9.1 back to normal", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify with e-mail.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
int KSI_createSignature(KSI_CTX *ctx, KSI_DataHash *dataHash, KSI_Signature **sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_Signature *tmp = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || dataHash == NULL || sig == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_Signature_sign(ctx, dataHash, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
*sig = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_Signature_free(tmp);
return res;
}
static int KSI_CTX_setTimeoutSeconds(KSI_CTX *ctx, int timeout, int (*setter)(KSI_NetworkClient*, int)){
int res = KSI_UNKNOWN_ERROR;
KSI_NetworkClient *client = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || ctx->netProvider == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
if (ctx->isCustomNetProvider){
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set timeout after initial network provider replacement.");
goto cleanup;
}
client = ctx->netProvider;
res = setter(client, timeout);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
static void testVerifySignatureWithUserPublication(CuTest *tc) {
int res;
KSI_Signature *sig = NULL;
const char pubStr[] = "AAAAAA-CTOQBY-AAMJYH-XZPM6T-UO6U6V-2WJMHQ-EJMVXR-JEAGID-2OY7P5-XFFKYI-QIF2LG-YOV7SO";
const char pubStr_bad[] = "AAAAAA-CT5VGY-AAPUCF-L3EKCC-NRSX56-AXIDFL-VZJQK4-WDCPOE-3KIWGB-XGPPM3-O5BIMW-REOVR4";
KSI_PublicationData *pubData = NULL;
KSI_PublicationData *pubData_bad = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationData_fromBase32(ctx, pubStr, &pubData);
CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData != NULL);
res = KSI_PublicationData_fromBase32(ctx, pubStr_bad, &pubData_bad);
CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData_bad != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extended.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_verifyWithPublication(sig, ctx, pubData);
CuAssert(tc, "Unable to verify signature with publication.", res == KSI_OK);
res = KSI_Signature_verifyWithPublication(sig, ctx, pubData_bad);
CuAssert(tc, "Unable to verify signature with publication.", res != KSI_OK);
KSI_PublicationData_free(pubData);
KSI_PublicationData_free(pubData_bad);
KSI_Signature_free(sig);
}
int KSI_OctetString_toTlv(KSI_CTX *ctx, KSI_OctetString *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) {
int res = KSI_UNKNOWN_ERROR;
KSI_TLV *tmp = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || o == NULL || tlv == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_TLV_new(ctx, tag, isNonCritical, isForward, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_TLV_setRawValue(tmp, o->data, o->data_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*tlv = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_TLV_free(tmp);
return res;
}
static void testVerifyDocument(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
char doc[] = "LAPTOP";
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
res = KSI_Signature_verifyDocument(sig, ctx, doc, strlen(doc));
CuAssert(tc, "Failed to verify valid document", res == KSI_OK);
res = KSI_Signature_verifyDocument(sig, ctx, doc, sizeof(doc));
CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE);
KSI_Signature_free(sig);
}
static void testVerifyCalendarChainAlgoChange(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath("resource/tlv/cal_algo_switch.ksig"), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/cal_algo_switch-extend_resposne.tlv"));
ctx->requestCounter = 0;
res = KSI_Signature_verifyOnline(sig, ctx);
CuAssert(tc, "Failed to verify valid document", res == KSI_OK);
KSI_Signature_free(sig);
}
static void testSerializeSignature(CuTest *tc) {
int res;
unsigned char in[0x1ffff];
unsigned in_len = 0;
unsigned char *out = NULL;
unsigned out_len = 0;
FILE *f = NULL;
KSI_Signature *sig = NULL;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb");
CuAssert(tc, "Unable to open signature file.", f != NULL);
in_len = (unsigned)fread(in, 1, sizeof(in), f);
CuAssert(tc, "Nothing read from signature file.", in_len > 0);
fclose(f);
res = KSI_Signature_parse(ctx, in, in_len, &sig);
CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL);
res = KSI_Signature_serialize(sig, &out, &out_len);
CuAssert(tc, "Failed to serialize signature", res == KSI_OK);
CuAssert(tc, "Serialized signature length mismatch", in_len == out_len);
CuAssert(tc, "Serialized signature content mismatch", !memcmp(in, out, in_len));
KSI_free(out);
KSI_Signature_free(sig);
}
static void testErrorMessage(CuTest* tc, const char *expected, const char *tlv_file,
int (*obj_new)(KSI_CTX *ctx, void **),
void (*obj_free)(void*),
const KSI_TlvTemplate *tmplete) {
int res;
void *obj = NULL;
char buf[1024];
size_t len;
FILE *f = NULL;
KSI_FTLV ftlv;
KSI_ERR_clearErrors(ctx);
f = fopen(getFullResourcePath(tlv_file), "rb");
CuAssert(tc, "Failed to open file.", f != NULL);
res = KSI_FTLV_fileRead(f, (unsigned char *)buf, sizeof(buf), &len, &ftlv);
CuAssert(tc, "Failed read from file.", res == KSI_OK);
res = obj_new(ctx, &obj);
CuAssert(tc, "Unable create new obj.", res == KSI_OK);
res = KSI_TlvTemplate_parse(ctx, (unsigned char *)buf, (unsigned)len, tmplete, obj);
CuAssert(tc, "Parsing invalid obj must fail.", res != KSI_OK);
res = KSI_ERR_getBaseErrorMessage(ctx, buf, sizeof(buf), NULL, NULL);
CuAssert(tc, "Unable to get base error message.", res == KSI_OK);
CuAssert(tc, "Wrong error message.", strcmp(buf, expected) == 0);
if (f != NULL) fclose(f);
obj_free(obj);
}
int KSI_Signature_verifyWithPublication(KSI_Signature *sig, KSI_CTX *ctx, const KSI_PublicationData *publication) {
int res;
KSI_CTX *useCtx = ctx;
if (sig == NULL || ctx == NULL || publication == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(sig->ctx);
if (useCtx == NULL) {
useCtx = sig->ctx;
}
KSI_VerificationResult_reset(&sig->verificationResult);
/* Set the document hash. */
sig->verificationResult.userPublication = publication;
sig->verificationResult.useUserPublication = true;
res = KSI_Signature_verifyPolicy(sig, KSI_VP_OFFLINE, useCtx);
if (res != KSI_OK) {
KSI_pushError(sig->ctx, res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
int KSI_sendExtendRequest(KSI_CTX *ctx, KSI_ExtendReq *request, KSI_RequestHandle **handle) {
int res = KSI_UNKNOWN_ERROR;
KSI_RequestHandle *tmp = NULL;
KSI_NetworkClient *netProvider = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || request == NULL || handle == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
netProvider = ctx->netProvider;
res = KSI_NetworkClient_sendExtendRequest(netProvider, request, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
*handle = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_RequestHandle_free(tmp);
return res;
}
int KSI_OctetString_LegacyId_getUtf8String(KSI_OctetString *id, KSI_Utf8String **str) {
int res = KSI_UNKNOWN_ERROR;
const unsigned char *raw = NULL;
size_t raw_len;
KSI_Utf8String *tmp = NULL;
if (id == NULL || str == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(id->ctx);
res = KSI_OctetString_extract(id, &raw, &raw_len);
if (res != KSI_OK) {
KSI_pushError(id->ctx, res, NULL);
goto cleanup;
}
res = KSI_Utf8String_new(id->ctx, (char *)(raw + LEGACY_ID_STR_POS), raw[LEGACY_ID_STR_LEN_POS] + 1, &tmp);
if (res != KSI_OK) {
KSI_pushError(id->ctx, res, NULL);
goto cleanup;
}
*str = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_Utf8String_free(tmp);
return res;
}
int KSI_sendPublicationRequest(KSI_CTX *ctx, const unsigned char *request, size_t request_length, KSI_RequestHandle **handle) {
int res = KSI_UNKNOWN_ERROR;
KSI_NetworkClient *netProvider = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || handle == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
netProvider = ctx->netProvider;
res = KSI_NetworkClient_sendPublicationsFileRequest(netProvider, handle);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
int KSI_Utf8StringNZ_fromTlv(KSI_TLV *tlv, KSI_Utf8String **o) {
int res = KSI_UNKNOWN_ERROR;
KSI_CTX *ctx = NULL;
KSI_Utf8String *tmp = NULL;
ctx = KSI_TLV_getCtx(tlv);
KSI_ERR_clearErrors(ctx);
if (tlv == NULL || o == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_Utf8String_fromTlv(tlv, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (tmp->len == 0 || (tmp->len == 1 && tmp->value[0] == 0)) {
KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed.");
goto cleanup;
}
*o = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_nofree(ctx);
KSI_Utf8String_free(tmp);
return res;
}
static int KSI_CTX_setUri(KSI_CTX *ctx,
const char *uri, const char *loginId, const char *key,
int (*setter)(KSI_NetworkClient*, const char*, const char *, const char *)){
int res = KSI_UNKNOWN_ERROR;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || uri == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
if (ctx->isCustomNetProvider){
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set url after initial network provider replacement.");
goto cleanup;
}
res = setter(ctx->netProvider, uri, loginId, key);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
int KSI_Utf8StringNZ_toTlv(KSI_CTX *ctx, KSI_Utf8String *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) {
int res = KSI_UNKNOWN_ERROR;
KSI_TLV *tmp = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || o == NULL || tlv == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
if (o->len == 0 || (o->len == 1 && o->value[0] == 0)) {
KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed.");
goto cleanup;
}
res = KSI_Utf8String_toTlv(ctx, o, tag, isNonCritical, isForward, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*tlv = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_TLV_free(tmp);
return res;
}
int KSI_DataHasher_addImprint(KSI_DataHasher *hasher, const KSI_DataHash *hsh) {
int res = KSI_UNKNOWN_ERROR;
const unsigned char *imprint;
size_t imprint_len;
if (hasher == NULL || hsh == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(hasher->ctx);
res = KSI_DataHash_getImprint(hsh, &imprint, &imprint_len);
if (res != KSI_OK) {
KSI_pushError(hasher->ctx, res, NULL);
goto cleanup;
}
res = KSI_DataHasher_add(hasher, imprint, imprint_len);
if (res != KSI_OK) {
KSI_pushError(hasher->ctx, res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
int KSI_TlvTemplate_parse(KSI_CTX *ctx, const unsigned char *raw, unsigned raw_len, const KSI_TlvTemplate *tmpl, void *payload) {
int res = KSI_UNKNOWN_ERROR;
KSI_TLV *tlv = NULL;
struct tlv_track_s tr[0xf];
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || raw == NULL || tmpl == NULL || payload == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_TLV_parseBlob2(ctx, (unsigned char *)raw, raw_len, 0, &tlv);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = extract(ctx, payload, tlv, tmpl, tr, 0, sizeof(tr));
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
KSI_LOG_logTlv(ctx, KSI_LOG_DEBUG, "Parsed TLV", tlv);
res = KSI_OK;
cleanup:
KSI_TLV_free(tlv);
return res;
}
int KSI_PKISignature_serialize(KSI_PKISignature *sig, unsigned char **raw, unsigned *raw_len) {
int res = KSI_UNKNOWN_ERROR;
unsigned char *tmp = NULL;
if (sig == NULL || raw == NULL || raw_len == NULL){
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(sig->ctx);
tmp = KSI_malloc(sig->pkcs7.cbData);
if (tmp == NULL) {
KSI_pushError(sig->ctx, res = KSI_OUT_OF_MEMORY, NULL);
goto cleanup;
}
memcpy(tmp, sig->pkcs7.pbData, sig->pkcs7.cbData);
*raw = tmp;
*raw_len = (unsigned)sig->pkcs7.cbData;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_free(tmp);
return res;
}
static void testSerializePublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
char *raw = NULL;
unsigned raw_len = 0;
FILE *f = NULL;
int symbol = 0;
unsigned i= 0;
KSI_ERR_clearErrors(ctx);
setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE));
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PublicationsFile_serialize(ctx, pubFile, &raw, &raw_len);
CuAssert(tc, "Unable to serialize publications file", res == KSI_OK && raw != NULL && raw_len != 0);
f = fopen(getFullResourcePath(TEST_PUBLICATIONS_FILE), "rb");
CuAssert(tc, "Unable to open publications file", res == KSI_OK && f != NULL);
while ((symbol = getc(f)) != EOF && i<raw_len){
CuAssert(tc, "Serialized publications file mismatch", (char)symbol == raw[i]);
i++;
}
CuAssert(tc, "Serialized publications file length mismatch", i == raw_len);
KSI_PublicationsFile_free(pubFile);
KSI_free(raw);
if (f) fclose(f);
}
static void testVerifyPublicationsFileWithAttributeNotPresent(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_CertConstraint arr[] = {
{NULL, NULL},
{NULL, NULL}
};
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
arr[0].oid = "2.5.4.9";
arr[0].val = "Local pub";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to delete OID 2.5.4.9", res == KSI_OK);
/* Verification should fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify with address.", res != KSI_OK);
arr[0].oid = KSI_CERT_EMAIL;
arr[0].val = "*****@*****.**";
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 2.5.4.9 back to normal", res == KSI_OK);
/* Verification should not fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file must verify.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
int KSI_PKICertificate_serialize(KSI_PKICertificate *cert, unsigned char **raw, size_t *raw_len) {
int res = KSI_UNKNOWN_ERROR;
unsigned char *tmp_serialized = NULL;
DWORD len = 0;
if (cert == NULL || raw == NULL || raw_len == NULL){
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(cert->ctx);
len = cert->x509->cbCertEncoded;
tmp_serialized = KSI_malloc(len);
if (tmp_serialized == NULL) {
KSI_pushError(cert->ctx, res = KSI_OUT_OF_MEMORY, NULL);
goto cleanup;
}
memcpy(tmp_serialized, cert->x509->pbCertEncoded, len);
*raw = tmp_serialized;
*raw_len = (size_t)len;
tmp_serialized = NULL;
res = KSI_OK;
cleanup:
KSI_free(tmp_serialized);
return res;
}
static void testVerifyPublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PKITruststore *pki = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PKITruststore_new(ctx, 0, &pki);
CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL);
res = KSI_CTX_setPKITruststore(ctx, pki);
CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK);
/* Verification should fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK);
/* Verification should succeed. */
res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt"));
CuAssert(tc, "Unable to read certificate", res == KSI_OK);
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
int KSI_CTX_setDefaultPubFileCertConstraints(KSI_CTX *ctx, const KSI_CertConstraint *arr) {
int res = KSI_UNKNOWN_ERROR;
KSI_CertConstraint *tmp = NULL;
size_t count = 0;
size_t i;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || arr == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
/* Count the input. */
while(arr[count++].oid != NULL);
/* Allocate buffer with extra space for the trailing {NULL, NULL}. */
tmp = KSI_calloc(count, sizeof(KSI_CertConstraint));
if (tmp == NULL) {
KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL);
goto cleanup;
}
/* Copy the values. */
for (i = 0; arr[i].oid != NULL; i++) {
res = KSI_strdup(arr[i].oid, &tmp[i].oid);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (arr[i].val == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Expected OID value may not be NULL");
goto cleanup;
}
res = KSI_strdup(arr[i].val, &tmp[i].val);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
}
/* Add terminator for the array. */
tmp[i].oid = NULL;
tmp[i].val = NULL;
/* Free the existing constraints. */
freeCertConstraintsArray(ctx->certConstraints);
ctx->certConstraints = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
freeCertConstraintsArray(tmp);
return res;
}
static void testExtractingNotExisting(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
sig = NULL;
KSITest_DataHash_fromStr(ctx, "01db27c0db0aebb8d3963c3a720985cedb600f91854cdb1e45ad631611c39284dd", &hsh);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Get should fail with KSI_MULTISIG_NOT_FOUND", res == KSI_MULTISIG_NOT_FOUND && sig == NULL);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig);
}
int KSI_Signature_verifyOnline(KSI_Signature *sig, KSI_CTX *ctx){
int res;
KSI_CTX *useCtx = ctx;
if (sig == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(sig->ctx);
if (useCtx == NULL) {
useCtx = sig->ctx;
}
res = KSI_Signature_verifyPolicy(sig, KSI_VP_ONLINE, useCtx);
if (res != KSI_OK) {
KSI_pushError(sig->ctx, res, NULL);
goto cleanup;
}
res = KSI_OK;
cleanup:
return res;
}
