CACCMSUtils.cpp File Reference

Detailed Description

Subsystem: Cryptographic Message Syntax (PKIFCMS)

Module: Miscellaneous

Id: CACCMSUtils.cpp 11150 2010-01-21 17:00:11Z agalustyan

Include dependency graph for CACCMSUtils.cpp:

Go to the source code of this file.

Functions

void PKIFCMS_API keyUsageChecker_Signature (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)

void PKIFCMS_API keyUsageChecker_Encryption (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)

void PKIFCMS_API keyUsageChecker_KeyAgreement (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)

CPKIFAlgorithm * GetCACHashAlg (CACX509V3AlgorithmIdentifier *alg)

CPKIFAlgorithm * GetCACSymAlg (CACX509V3AlgorithmIdentifier *alg)

bool ModeRequiresIV (PKIFCRYPTO::SYMKEY_MODE mode)

void EncodeDSASignature (unsigned char *sig, int nSigLen, unsigned char **sigData, int *numocts)

void AddSignedAttributes (unsigned char *hashResult, int nHashResult, CPKIFOIDPtr &eContentType, CPKIFAttributeList &sas)

void SetupAttributesInObjectiveStructure (CPKIFAttributeList &attrs, DList &objAttrs)

void GetSignerInfo (CACCMSSignerInfo *tmpSignerInfo, CPKIFSignerInfoPtr &siPos, unsigned char *hashResult, int nHashResult, IPKIFMediatorPtr m, CPKIFOIDPtr &eContentType, PKIFCRYPTO::HASH_ALG hashAlg, bool useSKIDIfPresent)

HashInfo * ComputeSignedAttrHash (CACCMSSignerInfo *si, IPKIFCryptoMisc *cMisc)

bool CompareHashes (HashInfo *hi2, CACCMSSignerInfo *si)

bool RIDMatch (CACCMSRecipientIdentifier *rid, CPKIFNamePtr &issuer, const char *serial, CPKIFSubjectKeyIdentifierPtr &skid)

bool RIDMatch (CACCMSKeyAgreeRecipientIdentifier *rid, CPKIFNamePtr &issuer, const char *serial, CPKIFSubjectKeyIdentifierPtr &skid)

CPKIFKeyMaterialPtr GetSymmetricKey (const CPKIFKEKRecipInfoDetailsPtr &kek, IPKIFCryptoRawOperations *cKeyID, CACCMSRecipientInfos *ris)

CPKIFCertificatePtr GetOriginatorCertFromOriginatorInfo (CACCMSKeyAgreeRecipientInfo *kari, CACCMSOriginatorInfo *oi)

CPKIFBufferPtr GetOriginatorPublicKey (CACCMSKeyAgreeRecipientInfo *kari, CACCMSOriginatorInfo *oi, CPKIFCertificatePtr &origCert)

CPKIFKeyMaterialPtr GetSymmetricKey (CPKIFCredentialPtr &cred, IPKIFCryptoKeyIDOperations *cKeyID, CACCMSRecipientInfos *ris, IPKIFCryptoKeyAgree *ka, IPKIFCryptoRawOperations *cRaw, CACCMSOriginatorInfo *oi)

CPKIFCredentialPtr AutoDiscoverDecryptionKey (IPKIFCryptoKeyIDOperations *cKeyID, CACCMSRecipientInfos *ris)

void EncodeIVAsOctetString (unsigned char *iv, int ivLen, unsigned char **encodedIV, int *encodedIVLen)

CPKIFBufferPtr PKIFCMS_API Countersign (CPKIFSignerInfoPtr &siToCounterSign, CPKIFSignerInfoPtr &countersignerSI, IPKIFMediatorPtr &mediator)

void PKIFCMS_API VerifyCounterSignatures (CPKIFSignedDataPtr &sd, CPKIFSignerInfoPtr &si, IPKIFMediatorPtr &mediator, CPKIFPathSettingsPtr &settings, CPKIFSignerInfoList &sis, vector< CMSVerificationStatus > &statusVector, CPKIFCertificateList &certVector, vector< CPKIFCertificatePathPtr > &pathVector)

void PopulateKARIDFromKeyMaterial (CACCMSKeyAgreeRecipientIdentifier *rid, CPKIFKeyMaterialPtr &km)

Function Documentation

void AddSignedAttributes	(	unsigned char *	hashResult,
		int	nHashResult,
		CPKIFOIDPtr &	eContentType,
		CPKIFAttributeList &	sas
	)

Interface: Subsystem

This function adds signed attributes

Returns:: None

Parameters:

hashResult	[in] Buffer containing hash result
nHashResult	[in] Hash result length
eContentType	[in] A smart poiter to CPKIFOID object
sas	[out] Attribute list to which the signed attributes are added

Definition at line 312 of file CACCMSUtils.cpp.

References g_contentTypeAttribute, g_data, g_messageDigestAttribute, and AttrMatch::SetRHS().

Referenced by GetSignerInfo().

CPKIFCredentialPtr AutoDiscoverDecryptionKey	(	IPKIFCryptoKeyIDOperations *	cKeyID,
		CACCMSRecipientInfos *	ris
	)

Interface: Subsystem

This function discovers the decryption key

Returns:: A smart pointer to CPKIFCredential object

Parameters:

cKeyID	[in] A pointer to IPKIFCryptoKeyIDOperations interface
ris	[in] Pointer to CACCMSRecipientInfos object

Definition at line 1581 of file CACCMSUtils.cpp.

References IPKIFCryptoKeyIDOperations::GetKeyList(), PKIFCRYPTO::KeyEncipherment, and RIDMatch().

Referenced by CPKIFEnvelopedData::Decrypt().

bool CompareHashes	(	HashInfo *	hi2,
		CACCMSSignerInfo *	si
	)

Interface: Subsystem

This is a helper function that compares 2 hashes

Return values:

	True	if hashes are the same
	False	if hashes are not the same

Exceptions:

CPKIFMessageException(ASN1_DECODE_ERROR)

Parameters:

hi2	[in] Pointer to HashInfo object
si	[in] Poiter to CACCMSSignerInfo object

Definition at line 909 of file CACCMSUtils.cpp.

References ASN1_DECODE_ERROR, CACASNWRAPPER_CREATE, g_messageDigestAttribute, HashInfo::m_hashAlg, HashInfo::m_hashResult, and TOOLKIT_MESSAGE_ASN.

Referenced by VerifyCounterSignatures().

HashInfo* ComputeSignedAttrHash	(	CACCMSSignerInfo *	si,
		IPKIFCryptoMisc *	cMisc
	)

Interface: Subsystem

This function computes signed attribute hash

Returns:: Pointer to HashInfo object

Parameters:

si	[in] Pointer to CACCMSSignerInfo object
cMisc	[in] Pointer to IPKIFCryptoMisc interface

Definition at line 842 of file CACCMSUtils.cpp.

References GetCACHashAlg(), CPKIFAlgorithm::HashAlg(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), HashInfo::m_hashAlg, HashInfo::m_hashResult, and MAXHASH.

Referenced by GetSignerInfo(), and VerifyCounterSignatures().

CPKIFBufferPtr PKIFCMS_API Countersign	(	CPKIFSignerInfoPtr &	siToCounterSign,
		CPKIFSignerInfoPtr &	countersignerSI,
		IPKIFMediatorPtr &	mediator
	)

Interface: External

This function produces a counter signature on the signature in the siToCounterSign parameter. It returns the counter signature.

Returns:: None

Exceptions:

	CPKIFMessageException(COMMON_INVALID_INPUT)
	CPKIFMessageException(COMMON_UNSUPPORTED_ALG)

Parameters:

siToCounterSign	[in] The signer information to sign.
countersignerSI	[in] Signer information of the counter signer
mediator	[in] The mediator to provide crypto functionality

Definition at line 1699 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, COMMON_UNSUPPORTED_ALG, g_data, GetCACHashAlg(), GetSignerInfo(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), MAXHASH, PKIFCMSMessageMemoryHelper::pSignerInfo, PKIFCRYPTO::SHA1, and TOOLKIT_MESSAGE.

void EncodeDSASignature	(	unsigned char *	sig,
		int	nSigLen,
		unsigned char **	sigData,
		int *	numocts
	)

Interface: Subsystem

This function encodes DSA signature

Returns:: None

Exceptions:

CPKIFMessageException(COMMON_INVALID_INPUT)

Parameters:

sig	[in]Buffer containing the signature to encode
nSigLen	[in] Length of the buffer containing the signature to encode
sigData	[out] Buffer containing the resulting signature
numocts	[out] Length of the resulting signature

Definition at line 258 of file CACCMSUtils.cpp.

References btoa(), CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, MAXHASH, and TOOLKIT_MESSAGE_ASN.

Referenced by GetSignerInfo().

void EncodeIVAsOctetString	(	unsigned char *	iv,
		int	ivLen,
		unsigned char **	encodedIV,
		int *	encodedIVLen
	)

Interface: Subsystem

This is a helper function that encodes an IV as an octet string

Returns:: None

Exceptions:

CPKIFMessageException(ASN1_ENCODE_ERROR)

Parameters:

iv	[in] Buffer that contains the IV
ivLen	[in] IV length
encodedIV	[out] Buffer that contains the encoded IV
encodedIVLen	[out] Encoded IN length

Definition at line 1654 of file CACCMSUtils.cpp.

References ASN1_ENCODE_ERROR, and TOOLKIT_MESSAGE_ASN.

CPKIFAlgorithm* GetCACHashAlg ( CACX509V3AlgorithmIdentifier * alg )

Interface: Subsystem

This function takes a pointer to a CACX509V3AlgorithmIdentifier object and based on that object returns a PKIFAlgorithm object describing the properties of the hash alg

Returns:: pointer to a CPKIFAlgorithm object if successful, NULL otherwise

Parameters:

alg

[in] A pointer to CACX509V3AlgorithmIdentifier object

Definition at line 192 of file CACCMSUtils.cpp.

References CPKIFAlgorithm::GetAlg(), and CPKIFAlgorithm::OID().

CPKIFAlgorithm* GetCACSymAlg ( CACX509V3AlgorithmIdentifier * alg )

Interface: Subsystem

This function retrives symmetric algorithm

Returns:: True if successful, false otherwise

Parameters:

alg

[in] A pointer to CACX509V3AlgorithmIdentifier object

Definition at line 213 of file CACCMSUtils.cpp.

References CPKIFAlgorithm::GetAlg(), and CPKIFAlgorithm::OID().

Referenced by CPKIFEnvelopedData::Decrypt().

CPKIFCertificatePtr GetOriginatorCertFromOriginatorInfo	(	CACCMSKeyAgreeRecipientInfo *	kari,
		CACCMSOriginatorInfo *	oi
	)

Interface: Subsystem

This function retrives originator certificate from OriginatorInfo object

Returns:: A smart poniter to CPKIFCertificate object containing originator certificate

Parameters:

kari	[in] A pointer to CACCMSKeyAgreeRecipientInfo object containing key agreement recipient info
oi	[in] A pointer to CACCMSOriginatorInfo object containing originator info

Definition at line 1250 of file CACCMSUtils.cpp.

Referenced by GetOriginatorPublicKey().

CPKIFBufferPtr GetOriginatorPublicKey	(	CACCMSKeyAgreeRecipientInfo *	kari,
		CACCMSOriginatorInfo *	oi,
		CPKIFCertificatePtr &	origCert
	)

Interface: Subsystem

This function will search the CACCMSKeyAgreeRecipientInfo, CACCMSOriginatorInfo and any available certificate sources for the originator public key and certificate. If the originator public key is specified directly in the CACCMSOriginatorInfo structure, then it is returned. Otherwise the public key from the certificate (if found) is returned.

The CACCMSOriginatorInfo bag is searched first for the certificate. If it is not found there, then any sources available in the mediator/colleague set are searched.

Returns:: A smart pointer to CPKIFBuffer object containing originator public key

Parameters:

kari	[in] A pointer to CACCMSKeyAgreeRecipientInfo object containing key agreement recipient info
oi	[in] A pointer to CACCMSOriginatorInfo object containing originator info
origCert	[in] A smart pointer to CPKIFCertificate object containing originator certificate

Definition at line 1327 of file CACCMSUtils.cpp.

References GetOriginatorCertFromOriginatorInfo().

Referenced by GetSymmetricKey().

void GetSignerInfo	(	CACCMSSignerInfo *	tmpSignerInfo,
		CPKIFSignerInfoPtr &	siPos,
		unsigned char *	hashResult,
		int	nHashResult,
		IPKIFMediatorPtr	m,
		CPKIFOIDPtr &	eContentType,
		PKIFCRYPTO::HASH_ALG	hashAlg,
		bool	useSKIDIfPresent
	)

Interface: Subsystem

Helper function that retrives signer info

Returns:: None

Exceptions:

	CPKIFMessageException(COMMON_UNSUPPORTED_CHOICE)
	CPKIFMessageException(COMMON_UNSUPPORTED_ALG)

Parameters:

tmpSignerInfo	[in] Pointer to CACCMSSignerInfo object
siPos	[out] Smart pointer to CPKIFSignerInfo object
hashResult	[in] Buffer containing hash result
nHashResult	[in] Hash result length
m	[in] Poiter to a mediator object
eContentType	[in] A smart poiter to CPKIFOID object which indicates content type
hashAlg	[in] Hash algorithm itentifier
useSKIDIfPresent	[in] Boolean value

Definition at line 471 of file CACCMSUtils.cpp.

References AddSignedAttributes(), CACASNWRAPPER_CREATE, COMMON_UNSUPPORTED_ALG, COMMON_UNSUPPORTED_CHOICE, ComputeSignedAttrHash(), ConvertStringToASN1OBJID(), CopyName(), CopyOID(), CPKIFAlgorithm::DigestSize(), DSA_CLASS, ECDSA_CLASS, EncodeDSASignature(), g_dsaWithSHA1, g_ecdsa_sha1, g_ecdsa_sha224, g_ecdsa_sha256, g_ecdsa_sha384, g_ecdsa_sha512, g_md5WithRSAEncryption, g_sha1WithRSAEncryption, g_sha224WithRSAEncryption, g_sha256WithRSAEncryption, g_sha384WithRSAEncryption, g_sha512WithRSAEncryption, CPKIFAlgorithm::GetAlg(), GetAlgClass(), CPKIFSignerInfo::ISSUERANDSERIAL, HashInfo::m_hashAlg, HashInfo::m_hashResult, PKIFCRYPTO::MD5, MSG_SIGNATURE_GENERATION_ERROR, nullParams, RSA_CLASS, SetupAttributesInObjectiveStructure(), PKIFCRYPTO::SHA1, PKIFCRYPTO::SHA224, PKIFCRYPTO::SHA256, PKIFCRYPTO::SHA384, PKIFCRYPTO::SHA512, IPKIFCryptoKeyIDOperations::Sign(), CPKIFSignerInfo::SKID, TOOLKIT_MESSAGE, and TOOLKIT_MESSAGE_ASN.

Referenced by Countersign().

CPKIFKeyMaterialPtr GetSymmetricKey	(	CPKIFCredentialPtr &	cred,
		IPKIFCryptoKeyIDOperations *	cKeyID,
		CACCMSRecipientInfos *	ris,
		IPKIFCryptoKeyAgree *	ka,
		IPKIFCryptoRawOperations *	cRaw,
		CACCMSOriginatorInfo *	oi
	)

Interface: Subsystem

This is a helper function that retrives symmmetric key. At present, this function supports ktri and kari. For kekri, use the other GetSymmetricKey call.

Returns:: A smart pointer to CPKIFKeyMaterial object

Parameters:

cred	[in] A smart pointer to CPKIFCredential object
cKeyID	[in] Pointer to IPKIFCryptoKeyIDOperations interface
ris	[in] Pointer to CACCMSRecipientInfos object

Definition at line 1374 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, IPKIFCryptoRawOperations::Decrypt(), IPKIFCryptoKeyIDOperations::Decrypt(), IPKIFCryptoKeyAgree::DeriveKey(), g_ecdh_std_sha1kdf, g_ecmqv_sha1kdf, CPKIFAlgorithm::GetAlg(), GetOriginatorPublicKey(), CPKIFAlgorithm::KeySize(), RIDMatch(), IPKIFCryptoKeyAgree::SecretAgree(), CPKIFAlgorithm::SymkeyAlg(), and CPKIFAlgorithm::SymkeyMode().

CPKIFKeyMaterialPtr GetSymmetricKey	(	const CPKIFKEKRecipInfoDetailsPtr &	kek,
		IPKIFCryptoRawOperations *	cKeyID,
		CACCMSRecipientInfos *	ris
	)

Interface: Subsystem

Given a credential, a crypto interface pointer and a recipient bag find the recipient info that matches the credential and return decrypted key material.

Returns:: A smart ponter to CPKIFKeyMaterial object

Exceptions:

CPKIFMessageException(ASN1_DECODE_ERROR)

Parameters:

kek	[in] A smart pointer to CPKIFKEKRecipInfoDetails object
cKeyID	[in] Pointer to IPKIFCryptoRawOperations interface
ris	[in] Pointer to CACCMSRecipientInfos object

Definition at line 1135 of file CACCMSUtils.cpp.

References ASN1_DECODE_ERROR, IPKIFCryptoRawOperations::Decrypt(), and TOOLKIT_MESSAGE_ASN.

Referenced by CPKIFEnvelopedData::Decrypt().

void PKIFCMS_API keyUsageChecker_Encryption	(	const CPKIFCertificateNodeEntryPtr &	certNode,
		CPKIFPathValidationResults &	results,
		CertificateType	type
	)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the key encipherment bit set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the key encipherment bit is set. The keyUsageChecker_Signature function can be used in cases where the digital signature or non-repudiation bits must be set.

This function is TSP-enforcing.

Returns:: None

Parameters:

certNode	[in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results	[in] Reference to a CPKIFPathValidationResults object (not used by this function)
type	[in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 111 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

Referenced by CPKIFEnvelopedData::AddRecipient().

void PKIFCMS_API keyUsageChecker_KeyAgreement	(	const CPKIFCertificateNodeEntryPtr &	certNode,
		CPKIFPathValidationResults &	results,
		CertificateType	type
	)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the key agreement bit set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the key agreement bit is set. The keyUsageChecker_Signature function can be used in cases where the digital signature or non-repudiation bits must be set.

This function is TSP-enforcing.

Returns:: None

Parameters:

certNode	[in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results	[in] Reference to a CPKIFPathValidationResults object (not used by this function)
type	[in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 145 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

void PKIFCMS_API keyUsageChecker_Signature	(	const CPKIFCertificateNodeEntryPtr &	certNode,
		CPKIFPathValidationResults &	results,
		CertificateType	type
	)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the digital signature and/or non-repudiation bits set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the digital signature and/or non-repudiation bits are set. The keyUsageChecker_Encryption function can be used in cases where the key encipherment bit must be set.

This function is TSP-enforcing.

Returns:: None

added non-repudiation 7/14/2003

Parameters:

certNode	[in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results	[in] Reference to a CPKIFPathValidationResults object (not used by this function)
type	[in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 78 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

Referenced by VerifyCounterSignatures().

bool ModeRequiresIV ( PKIFCRYPTO::SYMKEY_MODE mode )

Interface: Subsystem

Thos function checks if a symmetric mode requires an IV

Returns:: True if requres IV, false otherwise

Parameters:

mode

[in] Mode

Definition at line 234 of file CACCMSUtils.cpp.

References PKIFCRYPTO::ECB.

Referenced by CPKIFEncryptedData::Decrypt().

void PopulateKARIDFromKeyMaterial	(	CACCMSKeyAgreeRecipientIdentifier *	rid,
		CPKIFKeyMaterialPtr &	km
	)

Interface: Subsystem

This is a helper function that populates objective CACCMSKeyAgreeRecipientIdentifier structure using information from CPKIFKeyMaterial object,

Returns:: None

Parameters:

rid	[in/out] A pointer to CACCMSKeyAgreeRecipientIdentifier structure to be populated
km	[in] A reference to a smart pointer to CPKIFKeyMaterial containing the information that will be used to populate CACCMSKeyAgreeRecipientIdentifier

Definition at line 2143 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, and CopyName().

bool RIDMatch	(	CACCMSKeyAgreeRecipientIdentifier *	rid,
		CPKIFNamePtr &	issuer,
		const char *	serial,
		CPKIFSubjectKeyIdentifierPtr &	skid
	)

Interface: Subsystem

This function compares RID info with info from a cert that is also passed as parameters

Returns:: True if RID info matches, false otherwise

Parameters:

rid	[in] Pointer to CACCMSKeyAgreeRecipientIdentifier object
issuer	[in] A smart pointer to CPKIFName object
serial	[in] buffer containing the serial number
skid	[in] A smart pointer to CPKIFSubjectKeyIdentifier object

Definition at line 1058 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, and stricmp.

bool RIDMatch	(	CACCMSRecipientIdentifier *	rid,
		CPKIFNamePtr &	issuer,
		const char *	serial,
		CPKIFSubjectKeyIdentifierPtr &	skid
	)

Interface: Subsystem

This function compares RID info with info from a cert that is also passed as parameters

Returns:: True if RID info matches, false otherwise

Parameters:

rid	[in] Pointer to CACCMSRecipientIdentifier object
issuer	[in] A smart pointer to CPKIFName object
serial	[in] buffer containing the serial number
skid	[in] A smart pointer to CPKIFSubjectKeyIdentifier object

Definition at line 986 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, and stricmp.

Referenced by AutoDiscoverDecryptionKey(), and GetSymmetricKey().

void SetupAttributesInObjectiveStructure	(	CPKIFAttributeList &	attrs,
		DList &	objAttrs
	)

Interface: Subsystem

This function sets up attributes in an objective structure

Returns:: None

Parameters:

attrs	[in]List of attributes
objAttrs	[out]Objective structure that will contain the attributes

Definition at line 363 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, ConvertStringToASN1OBJID(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, and SET_HEAD_TAIL_INCREMENT.

Referenced by CPKIFEnvelopedData::Encode(), CPKIFEncryptedData::Encode(), and GetSignerInfo().

void PKIFCMS_API VerifyCounterSignatures	(	CPKIFSignedDataPtr &	sd,
		CPKIFSignerInfoPtr &	si,
		IPKIFMediatorPtr &	mediator,
		CPKIFPathSettingsPtr &	settings,
		CPKIFSignerInfoList &	sis,
		vector< CMSVerificationStatus > &	statusVector,
		CPKIFCertificateList &	certVector,
		vector< CPKIFCertificatePathPtr > &	pathVector
	)

Interface: External

This function is used to verify all countersignatures present in the unsigned attribute collection of the SignerInfo passed via the si parameter. A countersignature attribute is itself a SignerInfo object. This function will iterate over all countersignature attributes and verify each. The sis, statusVector, certVector and pathVector parameters are used to return status information. If there is one countersignature, each vector will contain a single value. If there are three countersignature attributes, each vector will contain three values where the [0] entry in each vector corresponds to the first countersignature, the [1] entry in each vector corresponds to the second entry, and so forth.

Returns:: None

Exceptions:

	CPKIFMessageException(COMMON_MEDIATOR_MISSING)
	CPKIFMessageException(COMMON_INVALID_INPUT)

Parameters:

sd	[in] Reference to a smart pointer to a CPKIFSignedData object contained the SignedData message that is the target of verification
si	[in] Reference to a smart pointer to a CPKIFSignerInfo object containing the countersignature attribute(s) to verify
mediator	[in] Pointer to an IPKIFMediator object that provides the functionality used to verify the countersignature(s)
settings	[in] Reference to a smart pointer to a CPKIFPathSettings object containing the path processing settings to used when verifying the countersignature(s)
sis	[out] Reference to a CPKIFSignerInfoList object to receive the SignerInfo objects from each verified countersignature
statusVector	[out] Reference to a vector of CMSVerificationStatus values to receive the values indicating the result of the verification of each countersignature
certVector	[out] Reference to a CPKIFCertificateList object to receive the certificate used to verify each countersignature
pathVector	[out] Reference to a vector of CPKIFCertificatePathPtr object to receive the certification paths used to verify each of the countersignatures

Definition at line 1800 of file CACCMSUtils.cpp.

References IPKIFPathBuild::BuildPath(), CACASNWRAPPER_CREATE, CERT_PATH_INVALID, CERT_PATH_VERIFIED, CMS_SIGNATURE_INVALID, CMS_SIGNATURE_VERIFIED, COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, CompareHashes(), ComputeSignedAttrHash(), CPKIFAlgorithm::DigestSize(), CPKIFAlgorithm::GetAlg(), GetCACHashAlg(), CPKIFException::GetErrorCode(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), keyUsageChecker_Signature(), HashInfo::m_hashAlg, HashInfo::m_hashResult, MAXHASH, NOT_REVOKED, NOT_VERIFIED, PKIF_CRYPTOPP_RAW_IMPORT_FAILED, PKIFCAPI_KEY_IMPORT_FAILED, PKIFCAPING_KEY_IMPORT_FAILED, PKIFNSS_CERT_IMPORT_FAILED, REV_STATUS_INVALID, REV_STATUS_VERIFIED, REVOKED, CPKIFKeyMaterial::SetCertificate(), CPKIFKeyMaterial::SetWorkingParameters(), PKIFCRYPTO::SHA1, TOOLKIT_MESSAGE, IPKIFPathValidate::ValidatePath(), and IPKIFCryptoRawOperations::Verify().


Functions
void PKIFCMS_API	keyUsageChecker_Signature (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
void PKIFCMS_API	keyUsageChecker_Encryption (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
void PKIFCMS_API	keyUsageChecker_KeyAgreement (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
CPKIFAlgorithm *	GetCACHashAlg (CACX509V3AlgorithmIdentifier *alg)
CPKIFAlgorithm *	GetCACSymAlg (CACX509V3AlgorithmIdentifier *alg)
bool	ModeRequiresIV (PKIFCRYPTO::SYMKEY_MODE mode)
void	EncodeDSASignature (unsigned char sig, int nSigLen, unsigned char sigData, int numocts)
void	AddSignedAttributes (unsigned char *hashResult, int nHashResult, CPKIFOIDPtr &eContentType, CPKIFAttributeList &sas)
void	SetupAttributesInObjectiveStructure (CPKIFAttributeList &attrs, DList &objAttrs)
void	GetSignerInfo (CACCMSSignerInfo tmpSignerInfo, CPKIFSignerInfoPtr &siPos, unsigned char hashResult, int nHashResult, IPKIFMediatorPtr m, CPKIFOIDPtr &eContentType, PKIFCRYPTO::HASH_ALG hashAlg, bool useSKIDIfPresent)
HashInfo *	ComputeSignedAttrHash (CACCMSSignerInfo si, IPKIFCryptoMisc cMisc)
bool	CompareHashes (HashInfo hi2, CACCMSSignerInfo si)
bool	RIDMatch (CACCMSRecipientIdentifier rid, CPKIFNamePtr &issuer, const char serial, CPKIFSubjectKeyIdentifierPtr &skid)
bool	RIDMatch (CACCMSKeyAgreeRecipientIdentifier rid, CPKIFNamePtr &issuer, const char serial, CPKIFSubjectKeyIdentifierPtr &skid)
CPKIFKeyMaterialPtr	GetSymmetricKey (const CPKIFKEKRecipInfoDetailsPtr &kek, IPKIFCryptoRawOperations cKeyID, CACCMSRecipientInfos ris)
CPKIFCertificatePtr	GetOriginatorCertFromOriginatorInfo (CACCMSKeyAgreeRecipientInfo kari, CACCMSOriginatorInfo oi)
CPKIFBufferPtr	GetOriginatorPublicKey (CACCMSKeyAgreeRecipientInfo kari, CACCMSOriginatorInfo oi, CPKIFCertificatePtr &origCert)
CPKIFKeyMaterialPtr	GetSymmetricKey (CPKIFCredentialPtr &cred, IPKIFCryptoKeyIDOperations cKeyID, CACCMSRecipientInfos ris, IPKIFCryptoKeyAgree ka, IPKIFCryptoRawOperations cRaw, CACCMSOriginatorInfo *oi)
CPKIFCredentialPtr	AutoDiscoverDecryptionKey (IPKIFCryptoKeyIDOperations cKeyID, CACCMSRecipientInfos ris)
void	EncodeIVAsOctetString (unsigned char iv, int ivLen, unsigned char encodedIV, int encodedIVLen)
CPKIFBufferPtr PKIFCMS_API	Countersign (CPKIFSignerInfoPtr &siToCounterSign, CPKIFSignerInfoPtr &countersignerSI, IPKIFMediatorPtr &mediator)
void PKIFCMS_API	VerifyCounterSignatures (CPKIFSignedDataPtr &sd, CPKIFSignerInfoPtr &si, IPKIFMediatorPtr &mediator, CPKIFPathSettingsPtr &settings, CPKIFSignerInfoList &sis, vector< CMSVerificationStatus > &statusVector, CPKIFCertificateList &certVector, vector< CPKIFCertificatePathPtr > &pathVector)
void	PopulateKARIDFromKeyMaterial (CACCMSKeyAgreeRecipientIdentifier *rid, CPKIFKeyMaterialPtr &km)