static void Test_ExtendSignatureUsingAggregator(CuTest* tc) {
int res = KSI_UNKNOWN_ERROR;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_CTX *ctx = NULL;
/* Create the context. */
res = KSI_CTX_new(&ctx);
CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL);
res = KSI_CTX_setPublicationUrl(ctx, conf.publications_file_url);
CuAssert(tc, "Unable to set publications file url.", res == KSI_OK);
res = KSI_CTX_setExtender(ctx, conf.aggregator_url, conf.aggregator_user, conf.aggregator_pass);
CuAssert(tc, "Unable to set configure aggregator as extender.", res == KSI_OK);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "The extending of signature must fail.", ext == NULL);
CuAssert(tc, "Invalid KSI status code for mixed up request.", res == KSI_HTTP_ERROR);
CuAssert(tc, "External error (HTTP) must be 400.", ctx_get_base_external_error(ctx) == 400);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_CTX_free(ctx);
return;
}
static void Test_OKExtendSignatureDefProvider(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to read signature frome file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "Unable to extend signature", res == KSI_OK && ext != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify signature", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
}
static void Test_ExtendSignature_useProvider(CuTest* tc, const char *uri_host, unsigned port, const char *user, const char *key, const char *pub_uri,
int (*createProvider)(KSI_CTX *ctx, KSI_NetworkClient **http),
int (*setPubfail)(KSI_NetworkClient *client, const char *url),
int (*setExtender)(KSI_NetworkClient *client, const char *url_host, unsigned port, const char *user, const char *pass)) {
int res = KSI_UNKNOWN_ERROR;
KSI_Signature *sig = NULL;
KSI_Signature *ext = NULL;
KSI_NetworkClient *client = NULL;
KSI_CTX *ctx = NULL;
/* Create the context. */
res = KSI_CTX_new(&ctx);
CuAssert(tc, "Unable to create ctx.", res == KSI_OK && ctx != NULL);
res = createProvider(ctx, &client);
CuAssert(tc, "Unable to create network client.", res == KSI_OK && client != NULL);
res = setExtender(client, uri_host, port, user, key);
CuAssert(tc, "Unable to set extender specific service information.", res == KSI_OK);
res = setPubfail(client, pub_uri);
CuAssert(tc, "Unable to set publications file url.", res == KSI_OK);
res = KSI_CTX_setNetworkProvider(ctx, client);
CuAssert(tc, "Unable to set new network client.", res == KSI_OK);
client = NULL;
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-07-01.1.ksig"), &sig);
CuAssert(tc, "Unable to set read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_extend(sig, ctx, NULL, &ext);
CuAssert(tc, "The extending of signature must not fail.", res == KSI_OK && ext != NULL);
KSI_NetworkClient_free(client);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_CTX_free(ctx);
return;
}
/**
* This function extends the signature to the given publication.
* \param[in] sig Initial signature.
* \param[in] pubStr Null-terminated c string of the publication.
* \param[out] ext Pointer to the receiving pointer to the extended signature.
* \return Returns KSI_OK if successful.
*/
static int extendToPublication(KSI_Signature *sig, const char *pubStr, KSI_Signature **ext) {
int res = KSI_UNKNOWN_ERROR;
/* Only the published data. */
KSI_PublicationData *pubData = NULL;
/* Published data and the references to the actual publications. */
KSI_PublicationRecord *pubRec = NULL;
/* Publication time. */
KSI_Integer *pubTime = NULL;
/* Signature signing time. */
KSI_Integer *signTime = NULL;
/* Parse the publications string. */
res = KSI_PublicationData_fromBase32(ksi, pubStr, &pubData);
if (res != KSI_OK) {
fprintf(stderr, "Invalid publication: '%s'\n", pubStr);
goto cleanup;
}
/* Verify the publication is newer than the signature. */
res = KSI_Signature_getSigningTime(sig, &signTime);
if (res != KSI_OK) goto cleanup;
res = KSI_PublicationData_getTime(pubData, &pubTime);
if (res != KSI_OK) goto cleanup;
if (KSI_Integer_compare(signTime, pubTime) > 0) {
fprintf(stderr, "Signature created after publication.\n");
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
/* Create a publication record. */
res = KSI_PublicationRecord_new(ksi, &pubRec);
if (res != KSI_OK) goto cleanup;
/* Set the published data value. */
res = KSI_PublicationRecord_setPublishedData(pubRec, pubData);
if (res != KSI_OK) goto cleanup;
/* The pointer will be free by KSI_PublicatioinRecord_free. */
pubData = NULL;
/* NB! If the user wants to store the extended signature, some publication references should
* be added to the publication reference. As we are going to discard the signature after
* verification, the references are not important. */
/* Extend the signature to the publication. */
res = KSI_Signature_extend(sig, ksi, pubRec, ext);
if (res != KSI_OK) {
fprintf(stderr, "Unable to to extend the signature to the given publication: '%s'\n", pubStr);
goto cleanup;
}
res = KSI_OK;
cleanup:
/* We can cleanup the values. */
KSI_PublicationData_free(pubData);
KSI_PublicationRecord_free(pubRec);
return res;
}
