static void testVerifyPublicationsFile(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PKITruststore *pki = NULL;
KSI_ERR_clearErrors(ctx);
setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE));
res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile);
CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL);
res = KSI_PKITruststore_new(ctx, 0, &pki);
CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL);
res = KSI_CTX_setPKITruststore(ctx, pki);
CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK);
/* Verification should fail. */
res = KSI_PublicationsFile_verify(pubFile, ctx);
CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK);
/* Verification should succeed. */
res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt"));
CuAssert(tc, "Unable to read certificate", res == KSI_OK);
res = KSI_PublicationsFile_verify(pubFile, ctx);
// KSI_ERR_statusDump(ctx, stdout);
// exit(1);
CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK);
KSI_PublicationsFile_free(pubFile);
}
static void testReceivePublicationsFileInvalidPki(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PKITruststore *pki = NULL;
KSI_CertConstraint arr[] = {
{KSI_CERT_EMAIL, "*****@*****.**"},
{NULL, NULL}
};
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create new context.", res == KSI_OK && ctx != NULL);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE_INVALID_PKI));
CuAssert(tc, "Unable to clear pubfile URI.", res == KSI_OK);
/* Configure expected PIK cert and constraints for pub. file. */
res = KSI_PKITruststore_new(ctx, 0, &pki);
CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL);
res = KSI_CTX_setPKITruststore(ctx, pki);
CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK);
res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt"));
CuAssert(tc, "Unable to read certificate", res == KSI_OK);
res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr);
CuAssert(tc, "Unable to set OID 2.5.4.10", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to receive publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Publications file should NOT verify as PKI signature is wrong.", res == KSI_INVALID_PKI_SIGNATURE);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
