int KSI_TlvTemplate_serializeObject(KSI_CTX *ctx, const void *obj, unsigned tag, int isNc, int isFwd, const KSI_TlvTemplate *tmpl, unsigned char **raw, unsigned *raw_len) {
int res = KSI_UNKNOWN_ERROR;
KSI_TLV *tlv = NULL;
unsigned char *tmp = NULL;
unsigned tmp_len = 0;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || obj == NULL || tmpl == NULL || raw == NULL || raw_len == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
/* Create TLV for the PDU object. */
res = KSI_TLV_new(ctx, KSI_TLV_PAYLOAD_TLV, tag, isFwd, isNc, &tlv);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
/* Evaluate the TLV. */
res = KSI_TlvTemplate_construct(ctx, tlv, obj, tmpl);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
KSI_LOG_logTlv(ctx, KSI_LOG_DEBUG, "Serializing object", tlv);
/* Serialize the TLV. */
res = KSI_TLV_serialize(tlv, &tmp, &tmp_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*raw = tmp;
tmp = NULL;
*raw_len = tmp_len;
res = KSI_OK;
cleanup:
KSI_free(tmp);
KSI_TLV_free(tlv);
return res;
}
static int verifyCalAuthRec(KSI_CTX *ctx, KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_OctetString *certId = NULL;
KSI_PKICertificate *cert = NULL;
KSI_OctetString *signatureValue = NULL;
KSI_Utf8String *sigtype = NULL;
const unsigned char *rawSignature = NULL;
size_t rawSignature_len;
unsigned char *rawData = NULL;
size_t rawData_len;
KSI_VerificationStep step = KSI_VERIFY_CALAUTHREC_WITH_SIGNATURE;
KSI_VerificationResult *info = &sig->verificationResult;
if (sig->calendarAuthRec == NULL) {
res = KSI_OK;
goto cleanup;
}
KSI_LOG_info(sig->ctx, "Verifying calendar authentication record.");
res = KSI_PKISignedData_getCertId(sig->calendarAuthRec->signatureData, &certId);
if (res != KSI_OK) goto cleanup;
if (certId == NULL) {
res = KSI_INVALID_FORMAT;
goto cleanup;
}
res = initPublicationsFile(&sig->verificationResult, ctx);
if (res != KSI_OK) goto cleanup;
res = KSI_PublicationsFile_getPKICertificateById(sig->verificationResult.publicationsFile, certId, &cert);
if (res != KSI_OK) goto cleanup;
if (cert == NULL) {
res = KSI_VerificationResult_addFailure(info, step, "Certificate not found.");
goto cleanup;
}
res = KSI_PKISignedData_getSignatureValue(sig->calendarAuthRec->signatureData, &signatureValue);
if (res != KSI_OK) goto cleanup;
res = KSI_OctetString_extract(signatureValue, &rawSignature, &rawSignature_len);
if (res != KSI_OK) goto cleanup;
res = KSI_TLV_serialize(sig->calendarAuthRec->pubData->baseTlv, &rawData, &rawData_len);
if (res != KSI_OK) goto cleanup;
res = KSI_PKISignedData_getSigType(sig->calendarAuthRec->signatureData, &sigtype);
if (res != KSI_OK) goto cleanup;
res = KSI_PKITruststore_verifyRawSignature(sig->ctx, rawData, rawData_len, KSI_Utf8String_cstr(sigtype), rawSignature, rawSignature_len, cert);
if (res != KSI_OK) {
res = KSI_VerificationResult_addFailure(info, step, "Calendar authentication record signature not verified.");
goto cleanup;
}
res = KSI_VerificationResult_addSuccess(info, step, "Calendar authentication record verified.");
cleanup:
KSI_free(rawData);
return res;
}