BasicChecksUtils.cpp File Reference
Detailed Description
Subsystem: Certification Path Processing (PKIFPATH)Module: Miscellaneous
- Id
- BasicChecksUtils.cpp 11926 2010-10-21 18:16:11Z agalustyan
Definition in file BasicChecksUtils.cpp.
#include "AlgorithmIdentifier.h"
#include "BasicChecksUtils.h"
#include "Buffer.h"
#include "Certificate.h"
#include "CertificateNodeListWithSourceInfo.h"
#include "GeneralName.h"
#include "GeneralSubtree.h"
#include "GottaMatch.h"
#include "IPKIFCryptoMisc.h"
#include "IPKIFCryptoRawOperations.h"
#include "IPKIFHashContext.h"
#include "Name.h"
#include "OID.h"
#include "PKIFCertStatus.h"
#include "PKIFCertificateNodeEntry.h"
#include "PKIFCertificatePath.h"
#include "PKIFCommonErrors.h"
#include "PKIFKeyMaterial.h"
#include "PKIFNameAndKeyWithScore.h"
#include "PKIFPATHErrors.h"
#include "PKIFPathException.h"
#include "PKIFPathSettings.h"
#include "PKIFTrustRoot.h"
#include "PathResults.h"
#include "PolicyInformation.h"
#include "PolicyInformationSet.h"
#include "PolicyMapping.h"
#include "PolicyMappings.h"
#include "SubjectAltName.h"
#include "SubjectPublicKeyInfo.h"
#include "SubtreeMatch.h"
#include "ToolkitUtils.h"
#include "ooasn1.h"
#include "asn1ber.h"
#include "boost/numeric/conversion/cast.hpp"
#include <iterator>
Go to the source code of this file.
Functions | |
| bool | RowContainsAnyPolicy (const CPKIFPolicyInformationListPtr &test) |
| void | ProcessPolicyMapping (const CPKIFPolicyMappingsPtr &policyMappings, const std::bitset< 3 > &indicators, vector< CPKIFPolicyInformationListPtr > &authSet) |
| void | AddPoliciesToAuthSet (const CPKIFPolicyInformationSetPtr &certPols, const std::bitset< 3 > &indicators, vector< CPKIFPolicyInformationListPtr > &authSet, bool isSelfIssued, bool isIntermediate) |
| void CAC_API | IntersectSets (CPKIFPolicyInformationListPtr &authSetCondensed, CPKIFPolicyInformationListPtr &initSet, CPKIFPolicyInformationListPtr &userSet) |
| void CAC_API | IntersectSubtrees (CPKIFGeneralSubtreeListPtr &fromExtension, CPKIFGeneralSubtreeListPtr &curTrees, CPKIFGeneralSubtreeListPtr &newSet) |
| bool | IsInSubtree (CPKIFGeneralSubtreeListPtr &subtree, CPKIFCertificatePtr &curCert, bool bIsPerm) |
| bool | CheckNameConstraints (CPKIFCertificatePtr &curCert, CPKIFGeneralSubtreeListPtr &permSubtrees, CPKIFGeneralSubtreeListPtr &exclSubtrees, bool permSubtreesHasBeenSet) |
| bool | IsEmpty (CPKIFCertificateNodeListWithSourceInfoPtr &node) |
| bool | IsEmptyNameAndKey (CPKIFNameAndKeyWithScoreListPtr &node) |
| bool | IsNullCertificateSourceList (CPKIFCertificateSourceListPtr &node) |
| bool | _GetHashOfToBeSignedCert (const CPKIFCertificate &cert, IPKIFCryptoMisc *cryptoMisc, PKIFCRYPTO::HASH_ALG hashAlg, unsigned char *hashResult, int *hashResultLen) |
| bool CAC_API | PathSigChecker (const CPKIFCertificatePath &path, IPKIFCryptoRawOperations *crypto, IPKIFCryptoMisc *cryptoMisc, CPKIFPathValidationResults &results) |
| void CAC_API | FindErrorAndSetOnResults (const CPKIFCertificatePath &path, CPKIFPathValidationResults &results) |
Function Documentation
| bool _GetHashOfToBeSignedCert | ( | const CPKIFCertificate & | cert, | |
| IPKIFCryptoMisc * | cryptoMisc, | |||
| PKIFCRYPTO::HASH_ALG | hashAlg, | |||
| unsigned char * | hashResult, | |||
| int * | hashResultLen | |||
| ) |
Interface: Subsystem
This function takes a cert, a pointer to a crypto misc interface, a hash alg and length of return buffer and returns the hash value of the to-be-signed cert and the length of the hash.
- Returns:
- True if the function was successfully executed, false otherwise
- Exceptions:
-
CPKIFPathException(COMMON_INVALID_INPUT)
- Parameters:
-
cert [in] A reference to CPKIFCertificate object which contains the certificate tbsCertificate part of which will be hashed cryptoMisc [in] A pointer to IPKIFCryptoMisc colleague object. hashAlg [in] Hash algorithm hashResult [out] Buffer containing the resulting hash hashResultLen [in/out] Length of the resulting hash
Definition at line 738 of file BasicChecksUtils.cpp.
References COMMON_INVALID_INPUT, CPKIFCertificate::Encoded(), and TOOLKIT_PATH_VALIDATOR.
Referenced by PathSigChecker().
| void AddPoliciesToAuthSet | ( | const CPKIFPolicyInformationSetPtr & | certPols, | |
| const std::bitset< 3 > & | indicators, | |||
| vector< CPKIFPolicyInformationListPtr > & | authSet, | |||
| bool | isSelfIssued, | |||
| bool | isIntermediate | |||
| ) |
Interface: Subsystem
This is a helper function that adds policies to an authority set
- Returns:
- None
- Parameters:
-
certPols [in] A referece to a smaart pointer to CPKIFPolicyInformationSet object which contains policies that will be added indicators [in] Indicators authSet [in/out] A vector of CPKIFPolicyInformationListPtr objects to which policies will be added isSelfIssued [in] Boolean value which indicates if certificate is self issued isIntermediate [in] Boolean value which indicates if certificate is an intermidiate
Definition at line 293 of file BasicChecksUtils.cpp.
References CPKIFPathSettings::ANY_POLICY, DumpPolicySet(), RowContainsAnyPolicy(), RowDoesNotContainPolicyInSet::SetPolicySet(), and GottaMatch< T >::SetRHS().
Referenced by CPKIFPathBasicChecks2::DoChecks().
| bool CheckNameConstraints | ( | CPKIFCertificatePtr & | curCert, | |
| CPKIFGeneralSubtreeListPtr & | permSubtrees, | |||
| CPKIFGeneralSubtreeListPtr & | exclSubtrees, | |||
| bool | permSubtreesHasBeenSet | |||
| ) |
Interface: Subsystem
This is a helper function checks name constraints
- Returns:
- True if name constraints check is passes, false otherwise
- Parameters:
-
curCert [in] A reference to a pointer to CPKIFCertificate containing the current certificate permSubtrees [in] A reference to a pointer to CPKIFGeneralSubtreeList which contains permited subtrees exclSubtrees [in] A reference to a pointer to CPKIFGeneralSubtreeList which contains excluded subtrees permSubtreesHasBeenSet [in] Boolean value which indicates if permited subtrees have been set
Definition at line 670 of file BasicChecksUtils.cpp.
References IsInSubtree().
Referenced by CPKIFPathBasicChecks2::DoChecks().
| void CAC_API FindErrorAndSetOnResults | ( | const CPKIFCertificatePath & | path, | |
| CPKIFPathValidationResults & | results | |||
| ) |
Interface: External
This function iterates through the certificate path and looks for certificates for which the DiagnosticCode is non-zero, which indicates a validation errors. It sets a reference to the errant certificate b invoking the SetCertificate and SetCertStatus functions on the results object, and if necessary adjusts the most severe revocation status property. It will return the first error found. If no certificate with a non-zero diagnostic code is found, the function returns and the results object is unchanged.
- Returns:
- None
- Parameters:
-
path [in] Reference to a CPKIFCertificatePath object to examine for validation errors results [out] Reference to a CPKIFPathValidationResults object containing an indicating of the validation error, if a validation error was found
Definition at line 1013 of file BasicChecksUtils.cpp.
References CPKIFCertificatePath::GetPath(), CPKIFPathValidationResults::GetRevocationStatusMostSevere(), REVOKED, CPKIFPathValidationResults::SetCertificate(), CPKIFPathValidationResults::SetCertStatus(), and CPKIFPathValidationResults::SetRevocationStatusMostSevere().
Referenced by CPKIFPathValidator2::ValidatePath().
| void CAC_API IntersectSets | ( | CPKIFPolicyInformationListPtr & | authSetCondensed, | |
| CPKIFPolicyInformationListPtr & | initSet, | |||
| CPKIFPolicyInformationListPtr & | userSet | |||
| ) |
Interface: Subsystem
This function determines the intersection of the authority constrained policy set and the initial policy set.
- Returns:
- None
- Parameters:
-
authSetCondensed [in] authority constrainted set. initSet [in] Initial policy set. userSet [out] The intersection of the above sets.
Definition at line 473 of file BasicChecksUtils.cpp.
References MatchesPolicy::SetPolicyToMatch().
Referenced by CPKIFPathBasicChecks2::DoChecks(), and CPKIFPathValidator2::ValidatePath().
| void CAC_API IntersectSubtrees | ( | CPKIFGeneralSubtreeListPtr & | fromExtension, | |
| CPKIFGeneralSubtreeListPtr & | curTrees, | |||
| CPKIFGeneralSubtreeListPtr & | newSet | |||
| ) |
Interface: Subsystem
This is a helper function that outputs intersecting GeneralSubtrees
- Returns:
- None
- Parameters:
-
fromExtension [in] A reference to a pointer to CPKIFGeneralSubtreeList object curTrees [in] A reference to a pointer to CPKIFGeneralSubtreeList object newSet [out] A reference to a pointer to CPKIFGeneralSubtreeList object
Definition at line 511 of file BasicChecksUtils.cpp.
References SubtreeMatch::SetRHS().
Referenced by CPKIFPathBasicChecks2::DoChecks(), and CPKIFPathValidator2::ValidatePath().
| bool IsEmpty | ( | CPKIFCertificateNodeListWithSourceInfoPtr & | node | ) |
Interface: Subsystem
This is a helper function that checks if node is empty
- Returns:
- True if node if empty, false otherwise
Definition at line 698 of file BasicChecksUtils.cpp.
| bool IsEmptyNameAndKey | ( | CPKIFNameAndKeyWithScoreListPtr & | node | ) |
Interface: Subsystem
This is a helper function that checks if nameAndKey list is empty
- Returns:
- True if node if empty, false otherwise
- Parameters:
-
node [in] A reference to a smart pointer to CPKIFNameAndKeyWithScoreList
Definition at line 709 of file BasicChecksUtils.cpp.
| bool IsInSubtree | ( | CPKIFGeneralSubtreeListPtr & | subtree, | |
| CPKIFCertificatePtr & | curCert, | |||
| bool | bIsPerm | |||
| ) |
Interface: Subsystem
This is a helper function checks if a certificate is in the subtree
- Returns:
- True if the certificate’s subject DN was found in the provided subtree, false otherwise
- Parameters:
-
subtree [in] A reference to a pointer to CPKIFGeneralSubtreeList object containing the subtree to search. curCert [in] A reference to a pointer to CPKIFCertificate object containing the certificate being searched for.
Definition at line 590 of file BasicChecksUtils.cpp.
References CPKIFGeneralName::DIRECTORYNAME, CPKIFGeneralSubtree::MATCH, CPKIFGeneralSubtree::NO_MATCH, CPKIFGeneralSubtree::NOT_APPLICABLE, and CPKIFGeneralName::RFC822.
Referenced by CheckNameConstraints().
| bool IsNullCertificateSourceList | ( | CPKIFCertificateSourceListPtr & | node | ) |
Interface: Subsystem
This is a predicate function determines if a certificate source list is NULL.
- Returns:
- True if node parameter is empty, false otherwise
Definition at line 722 of file BasicChecksUtils.cpp.
| bool CAC_API PathSigChecker | ( | const CPKIFCertificatePath & | path, | |
| IPKIFCryptoRawOperations * | crypto, | |||
| IPKIFCryptoMisc * | cryptoMisc, | |||
| CPKIFPathValidationResults & | results | |||
| ) |
Interface: External
This is a utility function that walks a constructed path and validates all the certificates in that path. If the validation was successful the function returns true, if not it returns false.
- Returns:
- If the validation was successful the function returns true, if not it returns false.
- Exceptions:
-
CPKIFPathException(COMMON_INVALID_INPUT) CPKIFPathException(PATH_TRUST_ROOT_NOT_SET) CPKIFPathException(COMMON_UNSUPPORTED_ALG)
XXX*** Added untill NSS supports public keys
- Parameters:
-
path [in] A smart pointer to a CPKIFCertificatePath object. crypto [in] A pointer to IPKIFCryptoRawOperations colleague object. cryptoMisc [in] A pointer to IPKIFCryptoMisc colleague object. results [in] A reference to CPKIFPathValidationResults object.
Definition at line 850 of file BasicChecksUtils.cpp.
References _GetHashOfToBeSignedCert(), COMMON_INVALID_INPUT, COMMON_UNSUPPORTED_ALG, GetAlgClass(), GetCACHashAlg(), CPKIFCertificatePath::GetPath(), CPKIFCertificatePath::GetTrustRoot(), MAXHASH, PATH_SIGNATURE_VERIFICATION_FAILED, PATH_TRUST_ROOT_NOT_SET, RAISE_PATH_EXCEPTION, CPKIFPathValidationResults::SetCertificate(), CPKIFKeyMaterial::SetCertificate(), CPKIFPathValidationResults::SetCertSignaturesVerified(), CPKIFKeyMaterial::SetSubjectPublicKeyInfo(), CPKIFKeyMaterial::SetWorkingParameters(), CPKIFPathValidationResults::SetWorkingParams(), PKIFCRYPTO::SHA1, TOOLKIT_PATH_CRL_CHECKER, TOOLKIT_PATH_VALIDATOR, and IPKIFCryptoRawOperations::Verify().
Referenced by CPKIFPathValidator2::ValidatePath().
| void ProcessPolicyMapping | ( | const CPKIFPolicyMappingsPtr & | policyMappings, | |
| const std::bitset< 3 > & | indicators, | |||
| vector< CPKIFPolicyInformationListPtr > & | authSet | |||
| ) |
Interface: Subsystem
This is a helper function that processes Policy mapping
process any policy mappings extension by, for each mapping identified in the extension, locate all rows in the authorities-constrained-policy-set table whose [path-depth] column entry is equal to the issuer domain policy value in the extension and delete the row.
- Returns:
- True if set contains any policy, false otherwise
- Exceptions:
-
CPKIFPathException(COMMON_INVALID_INPUT)
- Parameters:
-
policyMappings [in] A reference to a smart pointer to CPKIFPolicyMappings object indicators [in] Indicators authSet [in] Authorities constrained policy set
Definition at line 127 of file BasicChecksUtils.cpp.
References CIssuerDomainMappingList::AddMapping(), COMMON_INVALID_INPUT, DumpPolicySet(), CIssuerDomainMappingList::GetList(), CPKIFPathSettings::POLICY_MAPPING, RowDoesContainPolicyInSet::SetPolicySet(), and TOOLKIT_PATH_VALIDATOR.
Referenced by CPKIFPathBasicChecks2::DoChecks().
| bool RowContainsAnyPolicy | ( | const CPKIFPolicyInformationListPtr & | test | ) |
Interface: Subsystem
This is a helper function that checks if poilicy set has any policy then return true
- Returns:
- True if set contains any policy, false otherwise
- Parameters:
-
test [in] A reference to a smart pointer to CPKIFPolicyInformationList
Definition at line 104 of file BasicChecksUtils.cpp.
References g_anyPolicy.
Referenced by AddPoliciesToAuthSet().
