BuilderUtils.cpp File Reference

Detailed Description

Subsystem: Certification Path Processing (PKIFPATH)

Module: Miscellaneous

Id
BuilderUtils.cpp 11361 2010-04-23 15:46:40Z cwallace

Definition in file BuilderUtils.cpp.

#include "BuilderUtils.h"
#include "PKIFPathBasicChecks2.h"
#include "ToolkitUtils.h"
#include "PKIFPathException.h"
#include "PKIFFuncStorage.h"
#include "PKIFCryptUtils.h"
#include "IPKIFCryptoRaw.h"
#include "PKIFX509Extensions2.h"
#include "AuthorityKeyIdentifier.h"
#include "SubjectKeyIdentifier.h"
#include "PKIFPathSettings.h"
#include "BasicConstraints.h"
#include "PolicyMappings.h"
#include "PolicyInformationSet.h"
#include "Certificate.h"
#include "KeyUsage.h"
#include "ExtendedKeyUsage.h"
#include "PathResults.h"
#include "CertificateNodeListWithSourceInfo.h"
#include "NodeNotInNodeListAndNotIgnoredAndIssuedBy.h"
#include "OID.h"
#include "GottaMatch.h"
#include "PolicyInformation.h"
#include "IssuedBy.h"
#include "IgnoreNotIssuedByOp.h"
#include "PKIFCertificateNodeEntry.h"
#include "Name.h"
#include "PKIFCertificatePath.h"
#include "IPKIFTrustAnchor.h"
#include "PKIFReversePathState.h"
#include "PKIFNameAndKeyWithScore.h"
#include <vector>
#include <iostream>
#include <fstream>

Include dependency graph for BuilderUtils.cpp:

Go to the source code of this file.

Functions

bool SomeMatch (CPKIFPolicyInformationSetPtr &fromCert, CPKIFPolicyInformationSetPtr &fromPrevCert, CPKIFPolicyMappingsPtr &policyMappings)
bool SomeMatch (CPKIFPolicyInformationSetPtr &fromCert, CPKIFPolicyInformationListPtr &polsFromPrevCert, CPKIFPolicyMappingsPtr &policyMappings)
bool KeyIDsMatch (CPKIFAuthorityKeyIdentifierPtr &akid, CPKIFCertificatePtr &curCert)
bool CheckPolicies (CPKIFCertificatePtr &subjectCert, CPKIFCertificatePtr &issuerCert, CPKIFPathSettingsPtr &settings)
bool CheckKIDsAndSignatures (CPKIFCertificatePtr &subjectCert, CPKIFCertificatePtr &issuerCert)
void ClearAllIgnore (CPKIFCertificateNodeListWithSourceInfoPtr &tablePos)
void ClearAllIgnore (CPKIFNameAndKeyWithScoreListPtr &tablePos)
bool SetNextToIgnore (CPKIFCertificateNodeListWithSourceInfoPtr &tablePos)
bool SetNextToIgnore (CPKIFNameAndKeyWithScoreListPtr &tablePos)
void RemoveAllIssuedBy (CPKIFCertificateNodeListWithSourceInfoPtr &pos, CPKIFNamePtr &prevName)
void RemoveAllIssuedBy (CPKIFNameAndKeyWithScoreListPtr &pos, CPKIFNamePtr &prevName)
void RemoveAllIssuedTo (CPKIFNameAndKeyWithScoreListPtr &pos, CPKIFNamePtr &prevName)
void IgnoreNotIssuedBy (CPKIFCertificateNodeListWithSourceInfoPtr &pos, CPKIFNamePtr &issuerName)
void IgnoreNotIssuedBy (CPKIFNameAndKeyWithScoreListPtr &pos, CPKIFNamePtr &issuerName)
CPKIFCertificateNodeEntryPtr GetFirstNonIgnoredNodeNotAlreadyInPathIssuedBy (CPKIFCertificateNodeListWithSourceInfoPtr &pos, CPKIFCertificateNodeList &builtPath, IPKIFNameAndKey *issuer, CPKIFPathSettingsPtr &settings)
CPKIFNameAndKeyWithScorePtr GetFirstNonIgnoredNodeNotAlreadyInPathIssuedBy (CPKIFNameAndKeyWithScoreListPtr &pos, CPKIFNameAndKeyWithScoreList &builtPath, IPKIFNameAndKeyPtr &issuer, CPKIFPathSettingsPtr &settings)
void DumpTable (vector< CPKIFCertificateNodeListWithSourceInfoPtr > &table, const char *title)
void anythingGoes (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
bool PathOK (CPKIFCertificateNodeList &builtPath, IPKIFTrustAnchorPtr &curRoot, CPKIFPathSettingsPtr &settings, CPKIFPathValidationResults &tmpResults)

Variables

ofstream g_pathTableLogFile
CPKIFOIDPtr g_entuOid

Function Documentation

void anythingGoes ( const CPKIFCertificateNodeEntryPtr certNode,
CPKIFPathValidationResults results,
CertificateType  type 
)

Parameters:
certNode  [in] Pointer to the certificate node
results  [in] Reference to a CPKIFPathValidationResults object containing the result information that should be written to the log
type  [in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 526 of file BuilderUtils.cpp.

References CPKIFX509ExtensionMediator2::GetInstance().

Referenced by PathOK().

bool CheckKIDsAndSignatures ( CPKIFCertificatePtr &  subjectCert,
CPKIFCertificatePtr &  issuerCert 
)

Interface: Subsystem

This is a helper function that checks key identifiers and signatures

Return values:
True if key ids match or signature is verified
False if signature verification failed
Parameters:
subjectCert  [in] Subject certificate
issuerCert  [in] Issuer certificate

Definition at line 106 of file BuilderUtils.cpp.

References GetPlatformCryptoRaw(), KeyIDsMatch(), and IPKIFCryptoRawOperations::VerifyCertificate().

bool CheckPolicies ( CPKIFCertificatePtr &  subjectCert,
CPKIFCertificatePtr &  issuerCert,
CPKIFPathSettingsPtr &  settings 
)

Interface: Subsystem

This is a helper function that checks policies on subject and issuer certificates

Returns:
True if there is no intersection, false otherwise
Parameters:
subjectCert  [in] Subject certificate
issuerCert  [in] Issuer certificate
settings  [in] Reference to a smart pointer to a CPKIFPathSettings object containing the path processing settings to use when checking policies

Definition at line 58 of file BuilderUtils.cpp.

References g_anyPolicy, and SomeMatch().

void ClearAllIgnore ( CPKIFNameAndKeyWithScoreListPtr &  tablePos  ) 

Interface: Subsystem

This function walks a cert node list and clears the ignore flag on each entry.

Returns:
None
Parameters:
tablePos  [in] The certificate node list to clear.

Definition at line 156 of file BuilderUtils.cpp.

void ClearAllIgnore ( CPKIFCertificateNodeListWithSourceInfoPtr &  tablePos  ) 

Interface: Subsystem

This function walks a cert node list and clears the ignore flag on each entry.

Returns:
None
Parameters:
tablePos  [in] The certificate node list to clear.

Definition at line 140 of file BuilderUtils.cpp.

void DumpTable ( vector< CPKIFCertificateNodeListWithSourceInfoPtr > &  table,
const char *  title 
)

Interface: External

This function outputs the path building table

Returns:
None
Parameters:
table  [in] A vector of certificate nodes

Definition at line 473 of file BuilderUtils.cpp.

References g_pathTableLogFile, and CPKIFException::print().

CPKIFNameAndKeyWithScorePtr GetFirstNonIgnoredNodeNotAlreadyInPathIssuedBy ( CPKIFNameAndKeyWithScoreListPtr &  pos,
CPKIFNameAndKeyWithScoreList builtPath,
IPKIFNameAndKeyPtr &  issuer,
CPKIFPathSettingsPtr &  settings 
)

Interface: Subsystem

This function return first not that is not ignored and not already in the path issued by the provided certificate

Now also checks signatures, where KIDs miss, and policies

Returns:
A smart pointer to CPKIFNameAndKeyWithScorePtr object
Parameters:
pos  [in] The certificate node list
builtPath  [in] Pointer to a CPKIFCertificateNodeList object containing the CPKIFCertificateNodeEntry objects
issuer  [in] Issuer certificate
settings  [in] Reference to a smart pointer to a CPKIFPathSettings object containing the path processing settings

Definition at line 409 of file BuilderUtils.cpp.

References NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetIssuer(), NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetNodeList(), and NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetPathSettings().

CPKIFCertificateNodeEntryPtr GetFirstNonIgnoredNodeNotAlreadyInPathIssuedBy ( CPKIFCertificateNodeListWithSourceInfoPtr &  pos,
CPKIFCertificateNodeList builtPath,
IPKIFNameAndKey issuer,
CPKIFPathSettingsPtr &  settings 
)

Interface: Subsystem

This function return first not that is not ignored and not already in the path issued by the provided certificate

Now also checks signatures, where KIDs miss, and policies

Returns:
A smart pointer to CPKIFCertificateNodeEntry object
Parameters:
pos  [in] The certificate node list
builtPath  [in] Pointer to a CPKIFCertificateNodeList object containing the CPKIFCertificateNodeEntry objects
issuer  [in] Issuer certificate
settings  [in] Reference to a smart pointer to a CPKIFPathSettings object containing the path processing settings

Definition at line 348 of file BuilderUtils.cpp.

References IPKIFNameAndKey::GetSubjectName(), NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetIssuer(), NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetNodeList(), and NodeNotInNodeListAndNotIgnoredAndIssuedBy::SetPathSettings().

void IgnoreNotIssuedBy ( CPKIFNameAndKeyWithScoreListPtr &  pos,
CPKIFNamePtr &  issuerName 
)

Interface: Subsystem

This function removes all nodes from the node list that were not issued by prevName

Returns:
None
Parameters:
pos  [in] The name and key node list
issuerName  [in] A reference to a smart pointer to CPKIFName object that contains the name of the issuer

Definition at line 328 of file BuilderUtils.cpp.

References IgnoreNotIssuedByOp::SetRHS().

void IgnoreNotIssuedBy ( CPKIFCertificateNodeListWithSourceInfoPtr &  pos,
CPKIFNamePtr &  issuerName 
)

Interface: Subsystem

This function removes all nodes from the node list that were not issued by prevName

Returns:
None
Parameters:
pos  [in] The certificate node list
issuerName  [in] A reference to a smart pointer to CPKIFName object that contains the name of the issuer

Definition at line 311 of file BuilderUtils.cpp.

References IgnoreNotIssuedByOp::SetRHS().

bool KeyIDsMatch ( CPKIFAuthorityKeyIdentifierPtr &  akid,
CPKIFCertificatePtr &  curCert 
)

Interface: Subsystem

This is a helper function that compares the AKID and SKID for a match

Returns:
A Boolean indicating whether the curCert’s subject key identifier matches the akid parameter value.
Parameters:
akid  [in] The authority key id to compare
curCert  [in] Certificate from which SKID will be obtained

Definition at line 133 of file CACDefaultScoring.cpp.

bool PathOK ( CPKIFCertificateNodeList builtPath,
IPKIFTrustAnchorPtr &  curRoot,
CPKIFPathSettingsPtr &  settings,
CPKIFPathValidationResults tmpResults 
)

Interface: Subsystem

This function is a helper function that calls PKIFPathBasicChecks2::DoChecks and returns true if DoChecks succeeds

Returns:
True if DoChecks was successful, false otherwise
Parameters:
builtPath  [in] Reference to a CPKIFCertificateNodeList object which contains the constructed path
curRoot  [in] Reference to a CPKIFTrustRoot object containing the trust anchor information
settings  [in] Reference to a CPKIFPathSettings object containing path settings to use when performing path processing operations
tmpResults  [in/out] Reference to a CPKIFPathValidationResults object containing the result information

Definition at line 560 of file BuilderUtils.cpp.

References anythingGoes(), CPKIFPathBasicChecks2::DoChecks(), g_entuOid, CPKIFCertificatePath::SetPath(), CPKIFCertificatePath::SetPathSettings(), and CPKIFCertificatePath::SetTrustRoot().

void RemoveAllIssuedBy ( CPKIFNameAndKeyWithScoreListPtr &  pos,
CPKIFNamePtr &  prevName 
)

Interface: Subsystem

This function removes all nodes from the node list that are issued by prevName

Returns:
None
Parameters:
pos  [in] The certificate node list
prevName  [in] A reference to a smart pointer to CPKIFName object that contains the name of the issuer

Definition at line 270 of file BuilderUtils.cpp.

References IssuedByNameAndKey::SetRHS().

void RemoveAllIssuedBy ( CPKIFCertificateNodeListWithSourceInfoPtr &  pos,
CPKIFNamePtr &  prevName 
)

Interface: Subsystem

This function removes all nodes from the node list that are issued by prevName

Returns:
None
Parameters:
pos  [in] The certificate node list
prevName  [in] A reference to a smart pointer to CPKIFName object that contains the name of the issuer

Definition at line 250 of file BuilderUtils.cpp.

References IssuedBy::SetRHS().

void RemoveAllIssuedTo ( CPKIFNameAndKeyWithScoreListPtr &  pos,
CPKIFNamePtr &  prevName 
)

Interface: Subsystem

This function removes all nodes from the node list that are issued by prevName

Returns:
None
Parameters:
pos  [in] The certificate node list
prevName  [in] A reference to a smart pointer to CPKIFName object that contains the name of the issuer

Definition at line 290 of file BuilderUtils.cpp.

References IssuedTo::SetRHS().

bool SetNextToIgnore ( CPKIFNameAndKeyWithScoreListPtr &  tablePos  ) 

Interface: Subsystem

This function sets the first non-ignored node to ignored

Returns:
Boolean value
Parameters:
tablePos  [in] The certificate node list

Definition at line 219 of file BuilderUtils.cpp.

bool SetNextToIgnore ( CPKIFCertificateNodeListWithSourceInfoPtr &  tablePos  ) 

Interface: Subsystem

This function sets the first non-ignored node to ignored

Returns:
Boolean value
Parameters:
tablePos  [in] The certificate node list

Definition at line 188 of file BuilderUtils.cpp.

bool SomeMatch ( CPKIFPolicyInformationSetPtr &  fromCert,
CPKIFPolicyInformationListPtr &  polsFromPrevCert,
CPKIFPolicyMappingsPtr &  policyMappings 
)

Interface: Subsystem

This is a helper function that compares policy information for some match

Returns:
True if some match was found, false otherwise
Parameters:
fromCert  [in]A pointer to a reference to CPKIFPolicyInformationSet object containing the policies from certificate
polsFromPrevCert  [in]A pointer to a reference to CPKIFPolicyInformationSet object containing the policies from the previous certificate
policyMappings  [in]A pointer to a reference to CPKIFPolicyInformationSet object

Definition at line 306 of file CACDefaultScoring.cpp.

bool SomeMatch ( CPKIFPolicyInformationSetPtr &  fromCert,
CPKIFPolicyInformationSetPtr &  fromPrevCert,
CPKIFPolicyMappingsPtr &  policyMappings 
)

Interface: Subsystem

This is a helper function that compares policy information for some match.

Returns:
None
Parameters:
fromCert  [in]A pointer to a reference to CPKIFPolicyInformationSet object containing the policies from certificate
fromPrevCert  [in]A pointer to a reference to CPKIFPolicyInformationSet object containing the policies from the previous certificate
policyMappings  [in]A pointer to a reference to CPKIFPolicyInformationSet object

Definition at line 384 of file CACDefaultScoring.cpp.

References SomeMatch().

Variable Documentation

CPKIFOIDPtr g_entuOid

Definition at line 550 of file BuilderUtils.cpp.

Referenced by PathOK().

ofstream g_pathTableLogFile

Definition at line 465 of file BuilderUtils.cpp.

Referenced by DumpTable().

Generated on Mon Nov 15 11:16:10 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6