CAPITrustRootCRLRepository2.cpp

Go to the documentation of this file.

#include "CAPITrustRootCRLRepository2.h"
#include "CAPIUtils.h" 
#include "ToolkitUtils.h"
#include "PKIFCacheErrors.h"
#include "PKIFCacheException.h"

#include "Buffer.h"
#include "Certificate.h"
#include "Name.h"
#include "CRL.h"
#include "GottaMatch.h"

#include <atlbase.h>
#include <sstream>

struct CPKIFCAPITrustRootCRLRepository2Impl
{
    HCERTSTORE m_hSto;
    int m_nSysStoRegLoc;
    char* m_szStore;
};

CPKIFCAPITrustRootCRLRepository2::CPKIFCAPITrustRootCRLRepository2(
    int sysStoRegLoc,
    const char* store)
    :m_impl (new CPKIFCAPITrustRootCRLRepository2Impl), IPKIFCAPISource(sysStoRegLoc, store)
{
    LOG_STRING_DEBUG("CPKIFCAPITrustRootCRLRepository2::CPKIFCAPITrustRootCRLRepository2(void)", TOOLKIT_SR_CAPITRUSTROOTCRLSTORE, 0, this);

    m_impl->m_hSto = NULL;

    m_impl->m_nSysStoRegLoc = sysStoRegLoc;

    m_impl->m_szStore = NULL;
    size_t len = 0;
    if(store)
    {
        len = strlen(store);
        m_impl->m_szStore = new char[len + 1];

        strcpy(m_impl->m_szStore, store);
    }
}
CPKIFCAPITrustRootCRLRepository2::~CPKIFCAPITrustRootCRLRepository2(void)
{
    LOG_STRING_DEBUG("CPKIFCAPITrustRootCRLRepository2::~CPKIFCAPITrustRootCRLRepository2(void)", TOOLKIT_SR_CAPITRUSTROOTCRLSTORE, 0, this);

    if(m_impl->m_szStore)
        delete[]m_impl-> m_szStore;

    if(NULL != m_impl->m_hSto)
    {
        CertCloseStore(m_impl->m_hSto, 0); m_impl->m_hSto = NULL;
    }

    delete m_impl;
    m_impl = NULL;
}
void CPKIFCAPITrustRootCRLRepository2::Initialize(void)
{
    LOG_STRING_DEBUG("CPKIFCAPITrustRootCRLRepository2::Initialize(void)", TOOLKIT_SR_CAPITRUSTROOTCRLSTORE, 0, this);

    if(NULL != m_impl->m_hSto)
    {
        LOG_STRING_WARN("Skipping initialization - CPKIFCAPITrustRootCRLRepository2 instance already initialized", TOOLKIT_SR_CAPIREPOSITORY, COMMON_ALREADY_INITIALIZED, this);
        return; //already initialized - just log it, return and don't bother with exception
    }

    USES_CONVERSION;
    //read only access - 8/26/2004
    m_impl->m_hSto =  CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING, NULL, 
                                CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG | m_impl->m_nSysStoRegLoc , T2OLE(m_impl->m_szStore));
    if(NULL == m_impl->m_hSto)
    {
        std::ostringstream os;
        os << "CertOpenStore failed: " << GetLastError();
        RAISE_CACHE_EXCEPTION(os.str().c_str(), thisComponent, CACHE_CERT_STORE_OPEN_FAILED, this)
    }
}
void CPKIFCAPITrustRootCRLRepository2::GetCRLs(
    const CPKIFCertificatePtr& cert,
    CPKIFCRLList& crlList,
    PKIInfoSource source)
{
    LOG_STRING_DEBUG("CPKIFCAPITrustRootCRLRepository2::GetCRLs(const CPKIFCertificatePtr& cert, CPKIFCRLList& crlList, PKIInfoSource source)", TOOLKIT_SR_CAPITRUSTROOTCRLSTORE, 0, this);

    //ignore requests for remote certificates
    if(REMOTE == source)
    {
        LOG_STRING_DEBUG("Skipping CPKIFCAPITrustRootCRLRepository2 - searching REMOTE sources only", thisComponent, 0, this);
        return;
    }

    if(NULL == m_impl->m_hSto)
    {
        RAISE_CACHE_EXCEPTION("CPKIFCAPITrustRootCRLRepository2 instance not initialized.", thisComponent, COMMON_NOT_INITIALIZED, this)
    }

    const size_t origSize = crlList.size();

    PCCRL_CONTEXT crl = NULL;
    PCCERT_CONTEXT certCtx = NULL;
    PCCERT_CONTEXT issuerCtx = NULL;

    if(cert == (CPKIFCertificate*)NULL)
    {
        RAISE_CACHE_EXCEPTION("NULL certificate passed to GetCRLs.", thisComponent, COMMON_INVALID_INPUT, this)
    }

    certCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->Encoded()->GetBuffer(), cert->Encoded()->GetLength());
    if(NULL == certCtx)
    {
        std::ostringstream os;
        os << "Failed to find a CRL issued by: " << cert->Issuer()->ToString();
        LOG_STRING_ERROR(os.str().c_str(), thisComponent, CACHE_PARSE_ERROR, this)
        return;
    }

    issuerCtx = CertFindCertificateInStore(m_impl->m_hSto, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 
            0, CERT_FIND_SUBJECT_NAME, &certCtx->pCertInfo->Issuer, NULL);
    CertFreeCertificateContext(certCtx); certCtx = NULL;
    if(NULL == issuerCtx)
    {
        std::ostringstream os;
        os << "Failed to create certificate context: " << GetLastError();
        LOG_STRING_INFO(os.str().c_str(), thisComponent, 0, this)
        return;
    }

    CPKIFCRL* cacCRL = NULL;
    do
    {
        
        crl = CertFindCRLInStore(m_impl->m_hSto, 0, 0, CRL_FIND_ISSUED_BY, issuerCtx, crl);
        if(NULL == crl)
            break;

        //create a CPKIFCRL and stuff it into the list
        cacCRL = new CPKIFCRL();
        CPKIFCRLPtr tmpCRL(cacCRL);
        try
        {
            tmpCRL->Decode(crl->pbCrlEncoded, crl->cbCrlEncoded);
        }
        catch(CPKIFException& )
        {
            //EXCEPTION DELETION
            //don't fail due to parse errors - log the failure and continue searching
            //if nothing is found that actually parses then an error will be generated
            //delete e;

            std::ostringstream os;
            os << "Failed to parse CRL from CAPI store searching for certificates CRLs issued by: " << cert->Issuer()->ToString();
            LOG_STRING_ERROR(os.str().c_str(), thisComponent, CACHE_PARSE_ERROR, this)
        }
        
        GottaMatch<CPKIFCRLPtr> gm;
        gm.SetRHS(tmpCRL);
        if(crlList.end() == find_if(crlList.begin(), crlList.end(), gm))
            crlList.push_back(tmpCRL);

    }while(NULL != crl);

    CertFreeCertificateContext(issuerCtx);
    

    if(origSize != crlList.size())
    {
        std::ostringstream os;
        os << "Found one or more CRLs issued by: " << cert->Issuer()->ToString();
        LOG_STRING_DEBUG(os.str().c_str(), thisComponent, 0, this);
    }
    else
    {
        std::ostringstream os;
        os << "Failed to find a CRL issued by: " << cert->Issuer()->ToString();
        LOG_STRING_INFO(os.str().c_str(), thisComponent, 0, this);
    }
}