static void Test_ExtendSignatureUsingAggregator(CuTest* tc) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_CTX *ctx = NULL; /* Create the context. */ res = KSI_CTX_new(&ctx); CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL); res = KSI_CTX_setPublicationUrl(ctx, conf.publications_file_url); CuAssert(tc, "Unable to set publications file url.", res == KSI_OK); res = KSI_CTX_setExtender(ctx, conf.aggregator_url, conf.aggregator_user, conf.aggregator_pass); CuAssert(tc, "Unable to set configure aggregator as extender.", res == KSI_OK); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig); CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_extend(sig, ctx, NULL, &ext); CuAssert(tc, "The extending of signature must fail.", ext == NULL); CuAssert(tc, "Invalid KSI status code for mixed up request.", res == KSI_HTTP_ERROR); CuAssert(tc, "External error (HTTP) must be 400.", ctx_get_base_external_error(ctx) == 400); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_CTX_free(ctx); return; }
static void Test_OKExtendSignatureDefProvider(CuTest* tc) { int res; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig); CuAssert(tc, "Unable to read signature frome file.", res == KSI_OK && sig != NULL); res = KSI_Signature_extend(sig, ctx, NULL, &ext); CuAssert(tc, "Unable to extend signature", res == KSI_OK && ext != NULL); res = KSI_verifySignature(ctx, sig); CuAssert(tc, "Unable to verify signature", res == KSI_OK); KSI_ERR_clearErrors(ctx); KSI_Signature_free(sig); KSI_Signature_free(ext); }
static void Test_ExtendSignature_useProvider(CuTest* tc, const char *uri_host, unsigned port, const char *user, const char *key, const char *pub_uri, int (*createProvider)(KSI_CTX *ctx, KSI_NetworkClient **http), int (*setPubfail)(KSI_NetworkClient *client, const char *url), int (*setExtender)(KSI_NetworkClient *client, const char *url_host, unsigned port, const char *user, const char *pass)) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *sig = NULL; KSI_Signature *ext = NULL; KSI_NetworkClient *client = NULL; KSI_CTX *ctx = NULL; /* Create the context. */ res = KSI_CTX_new(&ctx); CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL); res = createProvider(ctx, &client); CuAssert(tc, "Unable to create network client.", res == KSI_OK && client != NULL); res = setExtender(client, uri_host, port, user, key); CuAssert(tc, "Unable to set extender specific service information.", res == KSI_OK); res = setPubfail(client, pub_uri); CuAssert(tc, "Unable to set publications file url.", res == KSI_OK); res = KSI_CTX_setNetworkProvider(ctx, client); CuAssert(tc, "Unable to set new network client.", res == KSI_OK); client = NULL; res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig); CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_extend(sig, ctx, NULL, &ext); CuAssert(tc, "The extending of signature must not fail.", res == KSI_OK && ext != NULL); KSI_NetworkClient_free(client); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_CTX_free(ctx); return; }
/** * This function extends the signature to the given publication. * \param[in] sig Initial signature. * \param[in] pubStr Null-terminated c string of the publication. * \param[out] ext Pointer to the receiving pointer to the extended signature. * \return Returns KSI_OK if successful. */ static int extendToPublication(KSI_Signature *sig, const char *pubStr, KSI_Signature **ext) { int res = KSI_UNKNOWN_ERROR; /* Only the published data. */ KSI_PublicationData *pubData = NULL; /* Published data and the references to the actual publications. */ KSI_PublicationRecord *pubRec = NULL; /* Publication time. */ KSI_Integer *pubTime = NULL; /* Signature signing time. */ KSI_Integer *signTime = NULL; /* Parse the publications string. */ res = KSI_PublicationData_fromBase32(ksi, pubStr, &pubData); if (res != KSI_OK) { fprintf(stderr, "Invalid publication: '%s'\n", pubStr); goto cleanup; } /* Verify the publication is newer than the signature. */ res = KSI_Signature_getSigningTime(sig, &signTime); if (res != KSI_OK) goto cleanup; res = KSI_PublicationData_getTime(pubData, &pubTime); if (res != KSI_OK) goto cleanup; if (KSI_Integer_compare(signTime, pubTime) > 0) { fprintf(stderr, "Signature created after publication.\n"); res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Create a publication record. */ res = KSI_PublicationRecord_new(ksi, &pubRec); if (res != KSI_OK) goto cleanup; /* Set the published data value. */ res = KSI_PublicationRecord_setPublishedData(pubRec, pubData); if (res != KSI_OK) goto cleanup; /* The pointer will be free by KSI_PublicatioinRecord_free. */ pubData = NULL; /* NB! If the user wants to store the extended signature, some publication references should * be added to the publication reference. As we are going to discard the signature after * verification, the references are not important. */ /* Extend the signature to the publication. */ res = KSI_Signature_extend(sig, ksi, pubRec, ext); if (res != KSI_OK) { fprintf(stderr, "Unable to to extend the signature to the given publication: '%s'\n", pubStr); goto cleanup; } res = KSI_OK; cleanup: /* We can cleanup the values. */ KSI_PublicationData_free(pubData); KSI_PublicationRecord_free(pubRec); return res; }