Module: CPKIFOCSPChecker
Definition in file CACOCSPChecker.cpp.
#include "PKIFOCSPChecker.h"
#include "PKIFCRLInfo.h"
#include "SingleResponse.h"
#include "OID.h"
#include "Buffer.h"
#include "Certificate.h"
#include "TBSRequest.h"
#include "BasicOCSPResponse.h"
#include "PKIFOCSPInfo.h"
#include "CertID.h"
#include "Request.h"
#include "ResponderID.h"
#include "ResponseData.h"
#include "OCSPCertStatus.h"
#include "GeneralName.h"
#include "X509Extension.h"
#include "AuthorityInfoAccess.h"
#include "ResponseBytes.h"
#include "OCSPResponse.h"
#include "AlgorithmIdentifier.h"
#include "IPKIFCryptoRaw.h"
#include "SubjectKeyIdentifier.h"
#include "PKIFTime.h"
#include "ToolkitUtils.h"
#include "GottaMatch.h"
#include "PKIFFuncStorage.h"
#include "PKIFKeyMaterial.h"
#include "PKIFCertStatus.h"
#include "PKIFCertificatePath.h"
#include "PKIFPathSettings.h"
#include "PathResults.h"
#include "IPKIFPathBuild.h"
#include "IPKIFPathValidate.h"
#include "IPKIFCryptoMisc.h"
#include "IPKIFHashContext.h"
#include "IPKIFCryptoRawOperations.h"
#include "RevocationSource.h"
#include "OCSPException.h"
#include "PKIFOCSPErrors.h"
#include "PKIFPATHErrors.h"
#include "SearchCriteria.h"
#include "SubjectPublicKeyInfo.h"
#include "AccessDescription.h"
#include "ExtendedKeyUsage.h"
#include "OCSPRequest.h"
#include "ASN1Helper.h"
#include "OCSP.h"
#include "PKIFMediators.h"
#include "IPKIFNameAndKey.h"
#include "GeneralSubtree.h"
Go to the source code of this file.
Functions | |
| void | keyUsageChecker_Any (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type) |
| void | EKUChecker_OcspSigning (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type) |
| CAC_API CPKIFOIDPtr | g_adOCSP (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1")))) |
| CAC_API CPKIFOIDPtr | g_ocspBasic (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.1")))) |
| CAC_API CPKIFOIDPtr | g_ocspNonce (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.2")))) |
| CAC_API CPKIFOIDPtr | g_ocspNoCheck (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.5")))) |
| CAC_API CPKIFOCSPChecker * | MakeOCSPChecker () |
| CAC_API void | FreeOCSPChecker (CPKIFOCSPChecker *s) |
| CPKIFBufferPtr | _HashIssuerName (const CPKIFCertificate &cert, IPKIFColleague *m) |
| CPKIFBufferPtr | _HashPublicKey (const IPKIFNameAndKey &cert, IPKIFColleague *m) |
| CPKIFBufferPtr | _CreateSimpleOCSPRequest (const CPKIFCertificate &cert, const IPKIFNameAndKey *issuersCert, IPKIFColleague *m, CPKIFBufferPtr &nonce, bool generateNonce, CPKIFCredentialPtr &cred) |
| CPKIFBufferPtr | _CreateComplexOCSPRequest (const CPKIFCertificatePath &path, IPKIFColleague *m, CPKIFBufferPtr &nonce, bool generateNonce, CPKIFCredentialPtr &cred) |
| bool | _CertIDMatchesCert (CPKIFCertIDPtr &cid, const CPKIFCertificate &cert, IPKIFColleague *m) |
| bool | _MatchSignersCertAndResponderID (CPKIFBasicOCSPResponse &basicOCSPResponse, CPKIFCertificatePtr &signersCert, IPKIFColleague *m) |
| bool | VerifyCertificateWithCryptoPP (CPKIFSubjectPublicKeyInfoPtr &spki, const CPKIFCertificate &subCert) |
| bool _CertIDMatchesCert | ( | CPKIFCertIDPtr & | cid, | |
| const CPKIFCertificate & | cert, | |||
| IPKIFColleague * | m | |||
| ) |
Interface: Subsystem
This is a helper function that determines if Cert ID matches the certificate
| cid | [in] A reference to a smart pointer to a CPKIFCertID object |
| cert | [in] A reference to a CPKIFCertificate object |
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
Definition at line 620 of file CACOCSPChecker.cpp.
References _HashIssuerName(), LOG_STRING_DEBUG, CPKIFCertificate::SerialNumber(), stricmp, and TOOLKIT_OCSP_CHECKER.
Referenced by OcspResponseCoversCertificate().
| CPKIFBufferPtr _CreateComplexOCSPRequest | ( | const CPKIFCertificatePath & | path, | |
| IPKIFColleague * | m, | |||
| CPKIFBufferPtr & | nonce, | |||
| bool | generateNonce, | |||
| CPKIFCredentialPtr & | cred | |||
| ) |
Interface: Subsystem
This is a helper function that creates a OCSPRequest with multiple requests
| path | [in]A reference to a CPKIFCertificatePath obejct |
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
| nonce | [in] A reference to a smart pointer to a CPKIFBuffer object that contain a nonce that will be added to the OCSPRequest |
| generateNonce | [in] Boolean value which indicates if nonce should be added to the OCSPRequest |
Definition at line 539 of file CACOCSPChecker.cpp.
References _HashIssuerName(), _HashPublicKey(), CPKIFOCSPRequest::Encode(), g_sha1AI, IPKIFColleague::GetMediatorFromParent(), CPKIFCertificatePath::GetPath(), CPKIFCertificatePath::GetTrustRoot(), LOG_STRING_DEBUG, NOT_CHECKED, CPKIFOCSPRequest::SetRequest(), and TOOLKIT_OCSP_CHECKER.
| CPKIFBufferPtr _CreateSimpleOCSPRequest | ( | const CPKIFCertificate & | cert, | |
| const IPKIFNameAndKey * | issuersCert, | |||
| IPKIFColleague * | m, | |||
| CPKIFBufferPtr & | nonce, | |||
| bool | generateNonce, | |||
| CPKIFCredentialPtr & | cred | |||
| ) |
Interface: Subsystem
This is a helper function that creates a SimpleOCSPRequest
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
| nonce | [in] A smart pointer to CPKIFBuffer object which contains the nonce that will be included in the request |
| generateNonce | [in] Boolen value which indicates if nonce will be added to the request |
Definition at line 481 of file CACOCSPChecker.cpp.
References _HashIssuerName(), _HashPublicKey(), CPKIFOCSPRequest::Encode(), g_sha1AI, IPKIFColleague::GetMediatorFromParent(), LOG_STRING_DEBUG, CPKIFCertificate::SerialNumber(), CPKIFOCSPRequest::SetRequest(), and TOOLKIT_OCSP_CHECKER.
| CPKIFBufferPtr _HashIssuerName | ( | const CPKIFCertificate & | cert, | |
| IPKIFColleague * | m | |||
| ) |
Interface: Subsystem
This function calculates the has of the issuer name
| CPKIFException(COMMON_MEDIATOR_MISSING) | ||
| CPKIFException(COMMON_INVALID_INPUT) | ||
| CPKIFException(COMMON_UNSUPPORTED_ALG) |
| cert | [in] A reference to CPKIFCertificate object from which we will obtain issuer name |
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
Definition at line 352 of file CACOCSPChecker.cpp.
References COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, COMMON_UNSUPPORTED_ALG, IPKIFColleague::GetMediatorFromParent(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), CPKIFCertificate::Issuer(), LOG_STRING_DEBUG, MAXHASH, PKIFCRYPTO::SHA1, and TOOLKIT_OCSP_CHECKER.
Referenced by _CertIDMatchesCert(), _CreateComplexOCSPRequest(), and _CreateSimpleOCSPRequest().
| CPKIFBufferPtr _HashPublicKey | ( | const IPKIFNameAndKey & | cert, | |
| IPKIFColleague * | m | |||
| ) |
Interface: Subsystem
This function calculates the hash of the public key accessed by calling GetKey on the object passed in via the cert parameter.
| CPKIFException(COMMON_MEDIATOR_MISSING) | ||
| CPKIFException(COMMON_UNSUPPORTED_ALG) | ||
| CPKIFException(COMMON_INVALID_INPUT) |
| cert | [in] A reference to CPKIFCertificate object from where the public key is obtained |
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
Definition at line 420 of file CACOCSPChecker.cpp.
References COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, COMMON_UNSUPPORTED_ALG, IPKIFNameAndKey::GetKey(), IPKIFColleague::GetMediatorFromParent(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), LOG_STRING_DEBUG, MAXHASH, PKIFCRYPTO::SHA1, and TOOLKIT_OCSP_CHECKER.
Referenced by _CreateComplexOCSPRequest(), _CreateSimpleOCSPRequest(), and _MatchSignersCertAndResponderID().
| bool _MatchSignersCertAndResponderID | ( | CPKIFBasicOCSPResponse & | basicOCSPResponse, | |
| CPKIFCertificatePtr & | signersCert, | |||
| IPKIFColleague * | m | |||
| ) |
Interface: Subsystem
This is a helper function that checks if signers certificate matches the responder ID
| basicOCSPResponse | [in] A reference to CPKIFBasicOCSPResponse object |
| signersCert | [in] A reference to a smart pointer to a CPKIFCertificate object |
| m | [in] [in] Pointer to an object that implements the IPKIFColleague interface |
Definition at line 658 of file CACOCSPChecker.cpp.
References _HashPublicKey(), CPKIFBasicOCSPResponse::GetResponseData(), CPKIFResponderID::KEYHASH, LOG_STRING_DEBUG, CPKIFResponderID::NAME, and TOOLKIT_OCSP_CHECKER.
| void EKUChecker_OcspSigning | ( | const CPKIFCertificateNodeEntryPtr & | certNode, | |
| CPKIFPathValidationResults & | results, | |||
| CertificateType | type | |||
| ) |
Interface: Subsystem
This function processes the extended key usage extension of the certificate pointed to by certNode, confirming that id-kp-OCSPSigning ("1.3.6.1.5.5.7.3.9") is present. If the extension is present and has the correct value, the certNode will mark that extension as processed.
| certNode | [in] The certificate to process. |
| results | [in] Not processed. |
| type | [in] The certificate type. |
Definition at line 3671 of file ToolkitUtils.cpp.
References PKIFENUMS::EE, g_anyEKU, g_ocspSigningEKU, LOG_STRING_DEBUG, GottaMatch< T >::SetRHS(), and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
| CAC_API void FreeOCSPChecker | ( | CPKIFOCSPChecker * | s | ) |
Interface: External
This function frees the CPKIFOCSPChecker object that was passed in
| s | [in] Pointer to CPKIFOCSPChecker object |
Definition at line 324 of file CACOCSPChecker.cpp.
| CAC_API CPKIFOIDPtr g_adOCSP | ( | new | CPKIFOIDCPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1")) | ) |
| CAC_API CPKIFOIDPtr g_ocspBasic | ( | new | CPKIFOIDCPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.1")) | ) |
| CAC_API CPKIFOIDPtr g_ocspNoCheck | ( | new | CPKIFOIDCPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.5")) | ) |
| CAC_API CPKIFOIDPtr g_ocspNonce | ( | new | CPKIFOIDCPKIFStringPtr(new std::string("1.3.6.1.5.5.7.48.1.2")) | ) |
| void keyUsageChecker_Any | ( | const CPKIFCertificateNodeEntryPtr & | certNode, | |
| CPKIFPathValidationResults & | results, | |||
| CertificateType | type | |||
| ) |
Interface: External
This is a helper function that checks key usage for for any key usage
| certNode | [in] A reference to a pointer to CPKIFCertificateNodeEntry object |
| results | [in] Path validation results |
| type | [in] Certificate type (EE, CA) |
Definition at line 62 of file PKIFPathBuildAndValidate.cpp.
References PKIFENUMS::EE.
Referenced by CPKIFPathBuildAndValidate::BuildAndValidatePath().
| CAC_API CPKIFOCSPChecker* MakeOCSPChecker | ( | ) |
Interface: External
This function creates a new CPKIFOCSPChecker object
Definition at line 313 of file CACOCSPChecker.cpp.
References CPKIFOCSPChecker::CPKIFOCSPChecker().
| bool VerifyCertificateWithCryptoPP | ( | CPKIFSubjectPublicKeyInfoPtr & | spki, | |
| const CPKIFCertificate & | subCert | |||
| ) |
Definition at line 581 of file PKIFCryptoPPRaw.cpp.
References _Verify(), CPKIFAlgorithm::GetAlg(), GetPlatformCryptoMisc(), GetTBSCertSequence(), CPKIFAlgorithm::HashAlg(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), PKIF_CRYPTOPP_UNSUPPORTED_ALG, CPKIFCertificate::Signature(), CPKIFCertificate::SignatureAlgorithm(), and TOOLKIT_CRYPTO_CRYPTOPPRAW.
1.5.6