CAPICRLUpdate2.cpp

Go to the documentation of this file.
00001 
00009 #include "CAPICRLUpdate2.h"
00010 #include "CAPIUtils.h"
00011 #include "ToolkitUtils.h"
00012 #include "PKIFCacheErrors.h"
00013 #include "PKIFMediators.h"
00014 #include "PKIFCacheException.h"
00015 #include "IPKIFTrustCache.h"
00016 
00017 #include "Buffer.h"
00018 #include "CRL.h"
00019 
00020 #include <atlbase.h>
00021 #include <sstream>
00022 
00023 
00025 struct CPKIFCAPICRLUpdate2Impl
00026 {
00027     HCERTSTORE m_hSto;
00028     bool m_bSuppressUpdateErrors;
00029     int m_nSysStoRegLoc;
00030     char* m_szStore;
00031 };
00033 
00051 CPKIFCAPICRLUpdate2::CPKIFCAPICRLUpdate2(
00053     int sysStoRegLoc,
00055     const char* store)
00056     :m_impl (new CPKIFCAPICRLUpdate2Impl), IPKIFCAPISource(sysStoRegLoc, store)
00057 {
00058     LOG_STRING_DEBUG("CPKIFCAPICRLUpdate2::CPKIFCAPICRLUpdate2(void)", TOOLKIT_SR_CAPICRLUPDATE, 0, this);
00059 
00060     m_impl->m_hSto = NULL;
00061     m_impl->m_bSuppressUpdateErrors = true;
00062 
00063     m_impl->m_nSysStoRegLoc = sysStoRegLoc;
00064 
00065     m_impl->m_szStore = NULL;
00066     size_t len = 0;
00067     if(store)
00068     {
00069         len = strlen(store);
00070         m_impl->m_szStore = new char[len + 1];
00071 
00072         //reviewed 4/24
00073         strcpy(m_impl->m_szStore, store);
00074     }
00075 }
00083 CPKIFCAPICRLUpdate2::~CPKIFCAPICRLUpdate2(void)
00084 {
00085     LOG_STRING_DEBUG("CPKIFCAPICRLUpdate2::~CPKIFCAPICRLUpdate2(void)", TOOLKIT_SR_CAPICRLUPDATE, 0, this);
00086 
00087     if(m_impl->m_szStore)
00088         delete[] m_impl->m_szStore;
00089 
00090     if(NULL != m_impl->m_hSto)
00091     {
00092         CertCloseStore(m_impl->m_hSto, 0); m_impl->m_hSto = NULL;
00093     }
00094 
00095     delete m_impl;
00096     m_impl = NULL;
00097 }
00109 void CPKIFCAPICRLUpdate2::Initialize(void)
00110 {
00111     LOG_STRING_DEBUG("CPKIFCAPICRLUpdate2::Initialize(void)", TOOLKIT_SR_CAPICRLUPDATE, 0, this);
00112 
00113     if(NULL != m_impl->m_hSto)
00114     {
00115         LOG_STRING_WARN("Skipping initialization - CPKIFCAPICRLUpdate2 instance already initialized", TOOLKIT_SR_CAPIREPOSITORY, COMMON_ALREADY_INITIALIZED, this);
00116         return; //already initialized - just log it, return and don't bother with exception
00117     }
00118 
00119     USES_CONVERSION;
00120     m_impl->m_hSto =  CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING, NULL, 
00121                                 CERT_STORE_OPEN_EXISTING_FLAG | m_impl->m_nSysStoRegLoc , T2OLE(m_impl->m_szStore));
00122     if(NULL == m_impl->m_hSto)
00123     {
00124         std::ostringstream os;
00125         os << "CertOpenStore failed: " << GetLastError();
00126         RAISE_CACHE_EXCEPTION(os.str().c_str(), thisComponent, CACHE_CERT_STORE_OPEN_FAILED, this)
00127     }
00128 }
00129 
00144 void CPKIFCAPICRLUpdate2::AddCRL(
00146     const CPKIFCRLPtr& crl,
00148     const CPKIFGeneralNamePtr& dp)
00149 {
00150     LOG_STRING_DEBUG("CPKIFCAPICRLUpdate2::AddCRL(const CPKIFCRLPtr& crl, const CPKIFGeneralNamePtr& dp)", TOOLKIT_SR_CAPICRLUPDATE, 0, this);
00151 
00152     if(NULL == m_impl->m_hSto)
00153     {
00154         RAISE_CACHE_EXCEPTION("CPKIFCAPICRLUpdate2 instance not initialized.", thisComponent, COMMON_NOT_INITIALIZED, this)
00155     }
00156 
00157     //make sure a cert for this CRL issuer is present in the current store (this will permit one
00158     //instance to serve trust roots and one to serve intermediate CAs)
00159     //PCCRL_CONTEXT crlCtx = NULL;
00160     //PCCERT_CONTEXT certCtx = NULL;
00161     //PCCERT_CONTEXT issuerCtx = NULL;
00162 
00163     if(crl == (CPKIFCRL*)NULL)
00164     {
00165         if(!m_impl->m_bSuppressUpdateErrors)
00166         {
00167             RAISE_CACHE_EXCEPTION("NULL CRL passed to AddCRL.", thisComponent, COMMON_INVALID_INPUT, this)
00168         }
00169         else
00170         {
00171             LOG_STRING_WARN("NULL CRL passed to AddCRL.", thisComponent, COMMON_INVALID_INPUT, this);
00172             return;
00173         }
00174     }
00175 
00176     //reviewed 4/24
00177     if(strlen("Root") == strlen(m_impl->m_szStore) && 0 == stricmp("Root", m_impl->m_szStore))
00178     {
00179         IPKIFTrustCache* iTrust = GetMediatorFromParent<IPKIFTrustCache>();
00180         if(iTrust)
00181         {
00182             IPKIFTrustAnchorList trustRootList;
00183             if(!iTrust->GetTrustRoots(crl->Issuer(), trustRootList))
00184             {
00185                 LOG_STRING_INFO("Skipping AddCRL on root store for non-trust-anchor CRL issuer.", thisComponent, COMMON_INVALID_INPUT, this);
00186                 return;
00187             }
00188         }
00189     }
00190 
00191     //crlCtx = CertCreateCRLContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, crl->Encoded()->GetBuffer(), crl->Encoded()->GetLength());
00192     //if(NULL == crlCtx)
00193     //{
00194     //  std::ostringstream os;
00195     //  os << "Failed to parse CRL passed to AddCRL.  CertCreateCRLContext failed: " << GetLastError();
00196     //  if(!m_bSuppressUpdateErrors)
00197     //  {
00198     //      RAISE_CACHE_EXCEPTION(os.str().c_str(), thisComponent, COMMON_INVALID_INPUT, this)
00199     //  }
00200     //  else
00201     //  {
00202     //      LOG_STRING_WARN(os.str().c_str(), thisComponent, COMMON_INVALID_INPUT, this);
00203     //      return;
00204     //  }
00205     //}
00206 
00207     CPKIFBufferPtr crlBuf = crl->Encoded();
00208     if(!CertAddEncodedCRLToStore(m_impl->m_hSto, X509_ASN_ENCODING, crlBuf->GetBuffer(), crlBuf->GetLength(),CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES, NULL))
00209     {
00210         //this is for debugging only -  we don't really care if we failed to add it to the cache
00211         int err = GetLastError();
00212     }
00213 }
00214 
00224 void CPKIFCAPICRLUpdate2::SetSuppressUpdateErrors(
00226     bool b)
00227 {
00228     m_impl->m_bSuppressUpdateErrors = b; 
00229 }
00239 bool CPKIFCAPICRLUpdate2::GetSuppressUpdateErrors() const 
00240 {
00241     return m_impl->m_bSuppressUpdateErrors; 
00242 }