CPKIFCryptoMediator2.cpp

Go to the documentation of this file.
00001 
00010 #include "CPKIFCryptoMediator2.h"
00011 #include "IPKIFCryptoKeyID.h"
00012 #include "IPKIFCryptoRaw.h"
00013 #include "IPKIFCryptContext.h"
00014 #include "IPKIFKeyAgreeContext.h"
00015 
00016 #include "ScopeGuard.h"
00017 
00018 #include "PKIFCryptUtils.h"
00019 #include "ToolkitUtils.h"
00020 #include "PKIFLog.h"
00021 
00022 #include "PKIFException.h"
00023 #include "PKIFErrors.h"
00024 #include "PKIFCryptoErrors.h"
00025 #include "PKIFCryptoException.h"
00026 #include "KeyUsage.h"
00027 
00028 #include "boost/thread/recursive_mutex.hpp"
00029 
00030 #ifdef _WIN32
00031 #ifdef _DEBUG
00032 #include "crtdbg.h"
00033 #endif //_DEBUG
00034 #endif //_WIN32
00035 
00036 using namespace std;
00037 using namespace boost;
00038 
00040 struct CPKIFCryptoMediator2Impl
00041 {   
00042     CPKIFCryptoMediator2* m_parent;
00050     CPKIFCryptoMediator2Impl ():m_me() 
00051     {
00052         m_parent = NULL;
00053     }
00061     CPKIFCryptoMediator2Impl (CPKIFCryptoMediator2  *p) 
00062     {
00063         m_parent = p;
00064     }
00065     //CACMonitorDataPtr m_md;
00066     boost::recursive_mutex m_me;
00067 
00068     std::vector<IPKIFColleaguePtr> m_vModules;
00069     //std::vector<IPKIFColleague*> m_vModulesToDelete;
00070 
00071     std::vector<IPKIFCryptoKeyIDPtr> m_vCryptoKeyIDModules;
00072     std::vector<IPKIFCryptoRawPtr> m_vCryptoRawModules;
00073     std::vector<IPKIFCryptoMiscPtr> m_vCryptoMiscModules;
00074     std::vector<IPKIFCryptoKeyAgreePtr> m_vCryptoKeyAgreeModules;
00075 
00076     CPKIFCredentialPtr m_defKeys[PKIFCRYPTO::NUMDEFTYPES];
00077     void FreeDefaultKey(PKIFCRYPTO::DefaultKeyType op);
00078 
00079     bool m_addDefaultColleagues;
00080 };
00082 
00083 
00094 CPKIFCryptoMediator2::CPKIFCryptoMediator2(
00096     bool addDefaultColleagues)
00097     :m_impl (new CPKIFCryptoMediator2Impl)
00098 {
00099     LOG_STRING_DEBUG("CPKIFCryptoMediator2::CPKIFCryptoMediator2(void)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00100 
00101     m_impl->m_parent = this;
00102     m_impl->m_addDefaultColleagues = addDefaultColleagues;
00103     //set all default key pointers to NULL
00104     CPKIFCredentialPtr tmp;
00105     for(int ii = PKIFCRYPTO::SIGNATURE; ii < PKIFCRYPTO::NUMDEFTYPES; ++ii)
00106         m_impl->m_defKeys[ii] = tmp;
00107 }
00108 
00116 CPKIFCryptoMediator2::~CPKIFCryptoMediator2(void)
00117 {
00118     LOG_STRING_DEBUG("CPKIFCryptoMediator2::~CPKIFCryptoMediator2(void)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00119 
00120     Terminate();
00121 
00122     delete m_impl;
00123     m_impl = NULL;
00124 }
00125 
00135 void CPKIFCryptoMediator2::Terminate()
00136 {
00137     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Terminate()", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00138 
00139     //CCACSynchronizedObject so(m_impl->m_md);
00140     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00141     try
00142     {
00143         //inform our children that we are dying
00144         RemoveParentRelationships(m_impl->m_vModules, this);
00145 
00146         RemoveMediatorAssociations();
00147 
00148         //clean up any modules that were added using AddColleague
00149 //      FreeAdditionalModules(m_impl->m_vModulesToDelete, this);
00150 
00151         //added 7/17/2004
00152         IPKIFMediator::Terminate();
00153 
00154         m_impl->m_vModules.clear();
00155         m_impl->m_vCryptoKeyIDModules.clear();
00156         m_impl->m_vCryptoRawModules.clear();
00157         m_impl->m_vCryptoMiscModules.clear();
00158         m_impl->m_vCryptoKeyAgreeModules.clear();
00159     }
00160     catch(CPKIFException& )
00161     {
00162         //EXCEPTION DELETION
00163         //no purpose is served by passing on this exception - log it and forget it
00164         LOG_STRING_ERROR("CPKIFException encountered during CPKIFCryptoMediator2 mediator termination", thisComponent, COMMON_TERMINATION_ERROR, this);
00165         //delete e;
00166         _ASSERT(false);
00167     }
00168     catch(...)
00169     {
00170         LOG_STRING_FATAL("Unknown exception encountered during CPKIFCryptoMediator2 mediator termination", thisComponent, COMMON_TERMINATION_ERROR, this);
00171         _ASSERT(false);
00172     }}
00173 
00183 void CPKIFCryptoMediator2Impl::FreeDefaultKey(
00185     PKIFCRYPTO::DefaultKeyType op)
00186 {
00187     LOG_STRING_DEBUG("CPKIFCryptoMediator2::FreeDefaultKey(DefaultKeyType op)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00188 
00189     //CCACSynchronizedObject so(m_md);
00190     boost::recursive_mutex::scoped_lock lock(m_me);
00191     if(op >= PKIFCRYPTO::NUMDEFTYPES)
00192         throw CPKIFCryptoException(m_parent->thisComponent, CRYPTO_DEFAULT_KEY_TYPE_UNKNOWN, "Unknown default key type.");
00193 
00194     try
00195     {
00196         CPKIFCredentialPtr tmp;
00197         m_defKeys[op] = tmp;
00198     }
00199     catch(...)
00200     {
00201         _ASSERT(false);
00202     }
00203 }
00204 
00216 void CPKIFCryptoMediator2::Initialize()
00217 {
00218     InitializeMediator(NULL);
00219 }
00220 
00235 void CPKIFCryptoMediator2::InitializeMediator(
00238     std::vector<CPKIFException*>* errorInfo)
00239 {
00240     LOG_STRING_DEBUG("CPKIFCryptoMediator2::InitializeMediator(std::vector<CPKIFException*>* errorInfo)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00241 
00242     //CCACSynchronizedObject so(m_impl->m_md);
00243     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00244     LOG_STRING_DEBUG("Initializing CPKIFCryptoMediator2 mediator", thisComponent, 0, this);
00245 //  if(!m_vModules.empty())
00246     if(!m_impl->m_vModules.empty())
00247         throw CPKIFCryptoException(thisComponent, COMMON_ALREADY_INITIALIZED, "This instance has already been initialized.  Call Terminate prior to re-initializing.");
00248 
00249     if(m_impl->m_addDefaultColleagues)
00250     {
00251 //#if 0
00252         IPKIFColleaguePtr x1 = MakeDefaultKeyIDColleague();
00253         IPKIFColleaguePtr x2 = MakeDefaultRawColleague();
00254         AddColleague(x1);
00255         AddColleague(x2);
00256 //#endif
00257     }
00258 }
00259 
00271 void CPKIFCryptoMediator2::AddColleague(
00273     IPKIFColleaguePtr& module)
00274 {
00275     LOG_STRING_DEBUG("CPKIFCryptoMediator2::AddColleague(IPKIFColleague* module, bool transferOwnership)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00276 
00277     //CCACSynchronizedObject so(m_impl->m_md);
00278     boost::recursive_mutex l_mutex;
00279     boost::recursive_mutex::scoped_lock lock(l_mutex);
00280     if(!module)
00281         return;
00282 
00283     //if the module throws an exception let the caller catch it
00284     module->Initialize();
00285     module->AddParent(this);//added 3/12/2003 CRW
00286 
00287     try
00288     {
00289         //set upa n array of pointers that we will need to delete
00290         //if(transferOwnership)
00291         //  m_impl->m_vModulesToDelete.push_back(module);
00292 
00293         //create a guard on the vector so if the push onto the primary vector fails we can
00294         //pop the one off of m_vModulesToDelete
00295 //      ScopeGuard guard = MakeObjGuard(m_impl->m_vModulesToDelete, &vector<IPKIFColleague*>::pop_back);
00296         m_impl->m_vModules.push_back(module);
00297         if(dynamic_pointer_cast<IPKIFCryptoKeyID, IPKIFColleague>(module))
00298             m_impl->m_vCryptoKeyIDModules.push_back(dynamic_pointer_cast<IPKIFCryptoKeyID, IPKIFColleague>(module));
00299         if(dynamic_pointer_cast<IPKIFCryptoRaw, IPKIFColleague>(module))
00300             m_impl->m_vCryptoRawModules.push_back(dynamic_pointer_cast<IPKIFCryptoRaw, IPKIFColleague>(module));
00301         if(dynamic_pointer_cast<IPKIFCryptoMisc, IPKIFColleague>(module))
00302             m_impl->m_vCryptoMiscModules.push_back(dynamic_pointer_cast<IPKIFCryptoMisc, IPKIFColleague>(module));
00303         if(dynamic_pointer_cast<IPKIFCryptoKeyAgree, IPKIFColleague>(module))
00304             m_impl->m_vCryptoKeyAgreeModules.push_back(dynamic_pointer_cast<IPKIFCryptoKeyAgree, IPKIFColleague>(module));
00305 //      guard.Dismiss();
00306     }
00307     catch(...)
00308     {
00309         throw;
00310     }
00311 }
00312 
00313 //This function unsets any previously set default for the given type of key, then sets the default to a newly created
00314 //key *if possible*.  Thus, all calls unset defaults but not all actually set a default.  When the set fails NULL is returned.
00315 //Otherwise, a pointer to the default is returned.  The pointer should NOT be freed by the caller.
00332 const CPKIFCredentialPtr CPKIFCryptoMediator2::SetDefaultKey(
00336     const std::string& asciiHexKeyID,
00339     PKIFCRYPTO::DefaultKeyType op)
00340 {
00341     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SetDefaultKey(const std::string& asciiHexKeyID, DefaultKeyType op)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00342 
00343     //CCACSynchronizedObject so(m_impl->m_md);
00344     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00345     //if the op is unknown the following call will throw an exception
00346     m_impl->FreeDefaultKey(op);
00347 
00348     IPKIFCryptoKeyID* crypto = NULL;
00349     CPKIFCredentialPtr newKeyID;
00350 
00351     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
00352     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
00353     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
00354     {   
00355             //MakeKeyID should return NULL if key is not associated with the
00356             //module and throw an exception if the key is associated with the
00357             //module but cannot be created for some reason.
00358             newKeyID = (*pos)->MakeKeyID(asciiHexKeyID);
00359             if(newKeyID != (CPKIFCredential*)NULL)
00360                 break;
00361     }
00362 
00363     m_impl->m_defKeys[op] = newKeyID;
00364     std::string auditStr = "A new default key with an identifier equal to ";
00365     if(newKeyID != (CPKIFCredential*)NULL)
00366         auditStr.append(newKeyID->ID());
00367     else
00368         auditStr.append("NULL");
00369     auditStr.append(" has been defined for ");
00370     if(PKIFCRYPTO::SIGNATURE == op)
00371         auditStr.append("signature operations.");
00372     else
00373         auditStr.append("decryption operations.");
00374     AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_DEFAULT_KEY_DESIGNATION, auditStr.c_str(), thisComponent, 0, 0);
00375 
00376     return newKeyID;
00377 }
00378 
00388 CPKIFCredentialPtr CPKIFCryptoMediator2::GetDefaultKey(
00390     PKIFCRYPTO::DefaultKeyType op)
00391 {
00392     LOG_STRING_DEBUG("CPKIFCryptoMediator2::GetDefaultKey(DefaultKeyType op)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00393 
00394     //CCACSynchronizedObject so(m_impl->m_md);
00395     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00396     if(PKIFCRYPTO::SIGNATURE == op || PKIFCRYPTO::DECRYPTION == op)
00397         return m_impl->m_defKeys[op];
00398     else
00399     {
00400         CPKIFCredentialPtr tmp;
00401         return tmp;
00402     }
00403 }
00404 
00405 //GENERAL PHILOSOPHY OF FOLLOWING FUNCTIONS
00406 //  This mediator does not catch all exceptions that emanate from lower-level PKIF objects.  Unlike
00407 //other mediators this one does not iterate over all colleagues in search of one that can perform
00408 //an operation after a colleague has tried and failed.  It searches for the colleague that should be
00409 //able to perform the operation then invokes it propagating any exceptions back to the caller.  If
00410 //no colleague is found that can perform the operation and exception is thrown indicating that fact.
00411 
00425 void CPKIFCryptoMediator2::GenRandom(unsigned char* buf, int len)
00426 {
00427     LOG_STRING_DEBUG("CPKIFCryptoMediator2::GenRandom(unsigned char* buf, int len)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00428 
00429     //CCACSynchronizedObject so(m_impl->m_md);
00430     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00431     vector<IPKIFCryptoMiscPtr>::iterator pos;
00432     vector<IPKIFCryptoMiscPtr>::iterator end = m_impl->m_vCryptoMiscModules.end();
00433     for(pos = m_impl->m_vCryptoMiscModules.begin(); pos != end; ++pos)
00434     {
00435             (*pos)->GenRandom(buf, len);
00436             return;
00437         
00438     }
00439 
00440     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00441 }
00442 
00456 IPKIFHashContext* CPKIFCryptoMediator2::HashInit(
00458     PKIFCRYPTO::HASH_ALG alg)
00459 {
00460     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HashInit(HASH_ALG alg)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00461 
00462     //CCACSynchronizedObject so(m_impl->m_md);
00463     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00464     vector<IPKIFCryptoMiscPtr>::iterator pos;
00465     vector<IPKIFCryptoMiscPtr>::iterator end = m_impl->m_vCryptoMiscModules.end();
00466     for(pos = m_impl->m_vCryptoMiscModules.begin(); pos != end; ++pos)
00467     {
00468         try
00469         {
00470             IPKIFHashContext* hc = (*pos)->HashInit(alg);
00471             if(hc) return hc;
00472         }
00473         catch(...)
00474         {
00475         }
00476     }
00477 
00478     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00479 }
00480 
00492 void CPKIFCryptoMediator2::HashUpdate(
00494     IPKIFHashContext* hash,
00496     unsigned char* pData,
00498     int nDataLen)
00499 {
00500     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HashUpdate(IPKIFHashContext* hash, unsigned char* pData, int nDataLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00501 
00502     //CCACSynchronizedObject so(m_impl->m_md);
00503     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00504     vector<IPKIFCryptoMiscPtr>::iterator pos;
00505     vector<IPKIFCryptoMiscPtr>::iterator end = m_impl->m_vCryptoMiscModules.end();
00506     for(pos = m_impl->m_vCryptoMiscModules.begin(); pos != end; ++pos)
00507     {
00508         try
00509         {
00510             (*pos)->HashUpdate(hash, pData, nDataLen);
00511             return;
00512         }
00513         catch(...)
00514         {
00515         }
00516     }
00517 
00518     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00519 }
00520 
00560 void CPKIFCryptoMediator2::HashFinal(
00562     IPKIFHashContext* hash,
00564     unsigned char* pResult,
00567     int* pnResultLen)
00568 {
00569     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HashFinal(IPKIFHashContext* hash, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00570 
00571     //CCACSynchronizedObject so(m_impl->m_md);
00572     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00573     vector<IPKIFCryptoMiscPtr>::iterator pos;
00574     vector<IPKIFCryptoMiscPtr>::iterator end = m_impl->m_vCryptoMiscModules.end();
00575     for(pos = m_impl->m_vCryptoMiscModules.begin(); pos != end; ++pos)
00576     {
00577         try
00578         {
00579             (*pos)->HashFinal(hash, pResult, pnResultLen);
00580             return;
00581         }
00582         catch(...)
00583         {
00584         }
00585     }
00586 
00587     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00588 }
00589 
00602 IPKIFRawCryptContext* CPKIFCryptoMediator2::HMACInit(
00604     const CPKIFKeyMaterial &key,
00606     PKIFCRYPTO::HASH_ALG ha)
00607 {
00608     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HMACInit(const CPKIFKeyMaterial& key, HASH_ALG ha)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00609 
00610     //CCACSynchronizedObject so(m_impl->m_md);
00611     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00612     vector<IPKIFCryptoRawPtr>::iterator pos;
00613     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
00614     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
00615     {
00616             return (*pos)->HMACInit(key,ha);
00617     }
00618 
00619     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00620 }
00621 
00632 void CPKIFCryptoMediator2::HMACUpdate(
00634     IPKIFRawCryptContext* ctx,
00636     unsigned char* pData,
00638     int nDataLen)
00639 {
00640     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HMACUpdate(IPKIFRawCryptContext* ctx, unsigned char* pData, int nDataLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00641 
00642     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00643     vector<IPKIFCryptoRawPtr>::iterator pos;
00644     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
00645     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
00646     {
00647             return (*pos)->HMACUpdate(ctx,pData,nDataLen);
00648     }
00649 
00650     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00651 }
00652 
00665 void CPKIFCryptoMediator2::HMACFinal(
00667     IPKIFRawCryptContext* ctx,
00669     unsigned char* pResult,
00672     int* pnResultLen)
00673 {
00674     LOG_STRING_DEBUG("CPKIFCryptoMediator2::HMACFinal(IPKIFRawCryptContext* ctx, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00675 
00676     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00677     vector<IPKIFCryptoRawPtr>::iterator pos;
00678     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
00679     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
00680     {
00681             return (*pos)->HMACFinal(ctx,pResult,pnResultLen);
00682     }
00683 
00684     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00685 }
00686 
00706 void CPKIFCryptoMediator2::Sign(
00709     const CPKIFCredentialPtr& key, 
00711     unsigned char* pHashData,
00713     int nHashDataLen,
00715     unsigned char* pSignature,
00718     int* nSignatureLen,
00720     PKIFCRYPTO::HASH_ALG hashAlg
00721     )
00722 {
00723     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Sign(const CPKIFCredentialPtr& key, unsigned char* pHashData, int nHashDataLen, unsigned char* pSignature, int* nSignatureLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00724 
00725     //CCACSynchronizedObject so(m_impl->m_md);
00726     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00727 
00728     if(key != (CPKIFCredential*)NULL)
00729     {
00730         Sign(*key, pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
00731     }
00732     else if(m_impl->m_defKeys[PKIFCRYPTO::SIGNATURE] != (CPKIFCredential*)NULL)
00733     {
00734         Sign(*m_impl->m_defKeys[PKIFCRYPTO::SIGNATURE], pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
00735     }
00736     else
00737         throw CPKIFCryptoException(TOOLKIT_CRYPTO_MEDIATOR, COMMON_INVALID_INPUT, "No credential provided and no default credential set.");
00738 }
00739 
00757 void CPKIFCryptoMediator2::Sign(
00759     const CPKIFCredential& key, 
00761     unsigned char* pHashData,
00763     int nHashDataLen,
00765     unsigned char* pSignature,
00768     int* nSignatureLen,
00770     PKIFCRYPTO::HASH_ALG hashAlg
00771     )
00772 {
00773     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Sign(const CPKIFCredential& key, unsigned char* pHashData, int nHashDataLen, unsigned char* pSignature, int* nSignatureLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00774 
00775     //CCACSynchronizedObject so(m_impl->m_md);
00776     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00777     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
00778     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
00779     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
00780     {
00781             if((*pos)->OwnsKey(key))
00782             {
00783                 try
00784                 {
00785                     (*pos)->Sign(key, pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
00786 #ifdef FULL_AUDIT
00787                     std::string auditStr = "A signature was successfully generated using the private key with the following identifier: ";
00788                     auditStr.append(key.ID());
00789                     auditStr.append(".");
00790                     AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_PRIVATE_KEY_OPERATION_PERFORMED, auditStr.c_str(), thisComponent);
00791 #endif
00792                 }
00793                 catch(CPKIFException& e)
00794                 {
00795                     std::string auditStr = "A signature could not be generated using the private key with the following identifier: ";
00796                     auditStr.append(key.ID());
00797                     auditStr.append(".  ");
00798                     auditStr.append(*e.print());
00799                     AuditString(EVENTLOG_ERROR_TYPE, CAT_PKIF_CRYPTO, PKIF_PRIVATE_KEY_OPERATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_SIGN_FAILED, this);
00800                     
00801                     if(pos+1 == end)
00802                         throw e;
00803                 }
00804                 return;
00805             }
00806         
00807     }
00808 
00809     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00810 }
00825 IPKIFCryptContext* CPKIFCryptoMediator2::CryptInit(
00828     CPKIFCredentialPtr& key,
00829     bool pad)
00830 {
00831     LOG_STRING_DEBUG("CPKIFCryptoMediator2::CryptInit(CPKIFCredentialPtr& key)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00832 
00833     //CCACSynchronizedObject so(m_impl->m_md);
00834     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00835     CPKIFCredentialPtr keyToUse = key;
00836     if(keyToUse == (CPKIFCredential*)NULL)
00837         keyToUse = m_impl->m_defKeys[PKIFCRYPTO::DECRYPTION];
00838     if(keyToUse == (CPKIFCredential*)NULL)
00839         throw CPKIFCryptoException(TOOLKIT_CRYPTO_MEDIATOR, COMMON_INVALID_INPUT, "No credential provided and no default credential set.");
00840 
00841     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
00842     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
00843     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
00844     {
00845             if((*pos)->OwnsKey(*keyToUse))
00846             {
00847                 return (*pos)->CryptInit(keyToUse);
00848             }
00849     }
00850 
00851     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00852 }
00875 void CPKIFCryptoMediator2::Decrypt(
00878     IPKIFCryptContext* cryptContext,
00880     unsigned char* pData,
00882     int nDataLen,
00884     unsigned char* pResult,
00887     int* pnResultLen,
00890     bool final)
00891 {
00892     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Decrypt(IPKIFCryptContext* cryptContext, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, bool final)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00893 
00894     if(NULL == cryptContext)
00895         throw CPKIFCryptoException(thisComponent, COMMON_INVALID_INPUT, "NULL or invalid credential passed to CPKIFCryptoMediator2::Decrypt.");
00896 
00897     //CCACSynchronizedObject so(m_impl->m_md);
00898     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00899     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
00900     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
00901     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
00902     {
00903             if((*pos)->OwnsKey(*cryptContext->GetCredential()))
00904             {
00905                 try
00906                 {
00907                     (*pos)->Decrypt(cryptContext, pData, nDataLen, pResult, pnResultLen, final);
00908 #ifdef FULL_AUDIT
00909                     std::string auditStr = "A decryption operation was successfully performed using the private key with the following identifier: ";
00910                     auditStr.append(cryptContext->GetCredential()->ID());
00911                     auditStr.append(".");
00912                     AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_PRIVATE_KEY_OPERATION_PERFORMED, auditStr.c_str(), thisComponent);
00913 #endif
00914                     return;
00915                 }
00916                 catch(CPKIFException& e)
00917                 {
00918                     std::string auditStr = "A decryption operation failed using the private key with the following identifier: ";
00919                     auditStr.append(cryptContext->GetCredential()->ID());
00920                     auditStr.append(".");
00921                     AuditString(EVENTLOG_ERROR_TYPE, CAT_PKIF_CRYPTO, PKIF_PRIVATE_KEY_OPERATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_DECRYPT_FAILED, this);
00922 
00923                     if(pos+1 == end)
00924                         throw e;
00925                 }
00926             }
00927     }
00928 
00929     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00930 }
00950 void CPKIFCryptoMediator2::Encrypt(
00953     IPKIFCryptContext* cryptContext,
00955     unsigned char* pData,
00957     int nDataLen,
00959     unsigned char* pResult,
00962     int* pnResultLen,
00965     bool final)
00966 {
00967     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Encrypt(IPKIFCryptContext* cryptContext, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, bool final)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
00968 
00969     if(NULL == cryptContext)
00970         throw CPKIFCryptoException(thisComponent, COMMON_INVALID_INPUT, "NULL or invalid credential passed to CPKIFCryptoMediator2::Encrypt.");
00971 
00972     //CCACSynchronizedObject so(m_impl->m_md);
00973     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00974     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
00975     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
00976     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
00977     {
00978             if((*pos)->OwnsKey(*cryptContext->GetCredential()))
00979             {
00980                 (*pos)->Encrypt(cryptContext, pData, nDataLen, pResult, pnResultLen, final);
00981                 return;
00982             }
00983     }
00984 
00985     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
00986 }
00987 
01009 void CPKIFCryptoMediator2::Decrypt(
01012     const CPKIFCredentialPtr& key,
01014     unsigned char* pData,
01016     int nDataLen,
01018     unsigned char* pResult,
01021     int* pnResultLen)
01022 {
01023     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Decrypt(const CPKIFCredentialPtr& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01024 
01025     //CCACSynchronizedObject so(m_impl->m_md);
01026     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01027 
01028     if(key != (CPKIFCredential*)NULL)
01029     {
01030         //* operator added 03/02/2005 Armen 
01031         Decrypt(*key, pData, nDataLen, pResult, pnResultLen);
01032     }
01033     else if(m_impl->m_defKeys[PKIFCRYPTO::DECRYPTION] != (CPKIFCredential*)NULL)
01034     {
01035         Decrypt(m_impl->m_defKeys[PKIFCRYPTO::DECRYPTION], pData, nDataLen, pResult, pnResultLen);
01036     }
01037     else
01038         throw CPKIFCryptoException(TOOLKIT_CRYPTO_MEDIATOR, COMMON_INVALID_INPUT, "No credential provided and no default credential set.");
01039 }
01040 
01062 void CPKIFCryptoMediator2::Decrypt(
01064     const CPKIFCredential& key,
01066     unsigned char* pData,
01068     int nDataLen,
01070     unsigned char* pResult,
01073     int* pnResultLen)
01074 {
01075     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Decrypt(const CPKIFCredential& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01076 
01077     //CCACSynchronizedObject so(m_impl->m_md);
01078     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01079     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
01080     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
01081     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
01082     {
01083             if((*pos)->OwnsKey(key))
01084             {
01085                 (*pos)->Decrypt(key, pData, nDataLen, pResult, pnResultLen);
01086                 return;
01087             }
01088     }
01089 
01090     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01091 }
01110 void CPKIFCryptoMediator2::Encrypt(
01113     const CPKIFCredentialPtr& key,
01115     unsigned char* pData,
01117     int nDataLen,
01119     unsigned char* pResult,
01122     int* pnResultLen)
01123 {
01124     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Encrypt(const CPKIFCredentialPtr& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01125 
01126     //CCACSynchronizedObject so(m_impl->m_md);
01127     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01128     if(key == (CPKIFCredential*)NULL)
01129         throw CPKIFCryptoException(TOOLKIT_CRYPTO_MEDIATOR, COMMON_INVALID_INPUT, "No key provided.");
01130     Encrypt(*key, pData, nDataLen, pResult, pnResultLen);
01131 }
01132 
01151 void CPKIFCryptoMediator2::Encrypt(
01153     const CPKIFCredential& key,
01155     unsigned char* pData,
01157     int nDataLen,
01159     unsigned char* pResult,
01162     int* pnResultLen)
01163 {
01164     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Encrypt(const CPKIFCredential& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01165 
01166     //CCACSynchronizedObject so(m_impl->m_md);
01167     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01168     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
01169     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
01170     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
01171     {
01172             if((*pos)->OwnsKey(key))
01173             {
01174                 (*pos)->Encrypt(key, pData, nDataLen, pResult, pnResultLen);
01175                 return;
01176             }
01177     }
01178 
01179     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01180 }
01181 
01200 bool CPKIFCryptoMediator2::Verify(
01203     const CPKIFCredentialPtr& key,
01206     unsigned char* pHashData,
01208     int nHashDataLen,
01210     unsigned char* pSignature,
01212     int nSignatureLen,
01214     PKIFCRYPTO::HASH_ALG hashAlg
01215     )
01216 {
01217     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Verify(const CPKIFCredentialPtr& key, unsigned char* pHashData, int nHashDataLen, unsigned char* pSignature, int nSignatureLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01218 
01219     //CCACSynchronizedObject so(m_impl->m_md);
01220     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01221     if(key == (CPKIFCredential*)NULL)
01222         throw CPKIFCryptoException(TOOLKIT_CRYPTO_MEDIATOR, COMMON_INVALID_INPUT, "No key provided.");
01223     
01224     return Verify(*key, pHashData, nHashDataLen, pSignature, nSignatureLen,hashAlg);
01225 }
01244 bool CPKIFCryptoMediator2::Verify(
01247     const CPKIFCredential& key,
01250     unsigned char* pHashData,
01252     int nHashDataLen,
01254     unsigned char* pSignature,
01256     int nSignatureLen,
01258     PKIFCRYPTO::HASH_ALG hashAlg
01259     )
01260 {
01261     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Verify(const CPKIFCredential& key, unsigned char* pHashData, int nHashDataLen, unsigned char* pSignature, int nSignatureLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01262 
01263     //CCACSynchronizedObject so(m_impl->m_md);
01264     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01265     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
01266     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
01267     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
01268     {
01269             if((*pos)->OwnsKey(key))
01270             {
01271                 try
01272                 {
01273                     bool b = (*pos)->Verify(key, pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
01274                     if(b)
01275                     {
01276 #ifdef FULL_AUDIT
01277                         std::string auditStr = "A signature verification was successfully performed using the key with the following identifier: ";
01278                         auditStr.append(key.ID());
01279                         auditStr.append(".");
01280                         AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_SUCCEEDED, auditStr.c_str(), thisComponent);
01281 #endif
01282                     }
01283                     else
01284                     {
01285                         std::string auditStr = "A signature verification failed using the key with the following identifier: ";
01286                         auditStr.append(key.ID());
01287                         auditStr.append(".");
01288                         AuditString(EVENTLOG_ERROR_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_VERIFY_FAILED, this);
01289                     }
01290                     return b;
01291                 }
01292                 catch(CPKIFException& e)
01293                 {
01294                     std::string auditStr = "An exception was thrown during a signature verification operation using the key with the following identifier: ";
01295                     auditStr.append(key.ID());
01296                     auditStr.append(".  ");
01297                     auditStr.append(*e.print());
01298                     AuditString(EVENTLOG_ERROR_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_VERIFY_FAILED, this);
01299                     if(pos+1 == end)
01300                         throw e;
01301                 }
01302             }
01303     }
01304 
01305     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01306 }
01307 
01318 bool CPKIFCryptoMediator2::VerifyCertificate(
01321     const CPKIFCertificate& issCert,
01324     const CPKIFCertificate& subCert)
01325 {
01326     LOG_STRING_DEBUG("CPKIFCryptoMediator2::VerifyCertificate(const CPKIFCertificate& issCert, const CPKIFCertificate& subCert)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01327 
01328     //CCACSynchronizedObject so(m_impl->m_md);
01329     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01330     vector<IPKIFCryptoRawPtr>::iterator pos;
01331     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01332     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01333     {
01334             return (*pos)->VerifyCertificate(issCert, subCert);
01335     }
01336 
01337     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01338 }
01339 
01357 void CPKIFCryptoMediator2::Sign(
01359     const CPKIFKeyMaterial& key, 
01361     unsigned char* pHashData,
01363     int nHashDataLen,
01365     unsigned char* pSignature,
01368     int* nSignatureLen,
01370     PKIFCRYPTO::HASH_ALG hashAlg
01371     )
01372 {
01373     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Sign(const CPKIFKeyMaterial& key, unsigned char* pHashData, int nHashDataLen, unsigned char* pSignature, int* nSignatureLen)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01374 
01375     //CCACSynchronizedObject so(m_impl->m_md);
01376     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01377     vector<IPKIFCryptoRawPtr>::iterator pos;
01378     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01379     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01380     {
01381             (*pos)->Sign(key, pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
01382             return;
01383     }
01384 
01385     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01386 }
01405 void CPKIFCryptoMediator2::Encrypt(
01407     const CPKIFKeyMaterial& key,
01409     unsigned char* pData,
01411     int nDataLen,
01413     unsigned char* pResult,
01416     int* pnResultLen,
01419     bool pad)
01420 {
01421     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Encrypt(const CPKIFKeyMaterial& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, PADDING padding)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01422 
01423     //CCACSynchronizedObject so(m_impl->m_md);
01424     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01425     vector<IPKIFCryptoRawPtr>::iterator pos;
01426     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01427     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01428     {
01429         if((*pos)->SupportsAlgorithm(key))
01430         {
01431             (*pos)->Encrypt(key, pData, nDataLen, pResult, pnResultLen,pad);
01432             return;
01433         }
01434     }
01435 
01436     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01437 }
01438 
01460 void CPKIFCryptoMediator2::Decrypt(
01462     const CPKIFKeyMaterial& key,
01464     unsigned char* pData,
01466     int nDataLen,
01468     unsigned char* pResult,
01471     int* pnResultLen,
01474     bool pad)
01475 {
01476     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Decrypt(const CPKIFKeyMaterial& key, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, PADDING padding)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01477 
01478     //CCACSynchronizedObject so(m_impl->m_md);
01479     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01480     vector<IPKIFCryptoRawPtr>::iterator pos;
01481     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01482     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01483     {
01484         if((*pos)->SupportsAlgorithm(key))
01485         {
01486             (*pos)->Decrypt(key, pData, nDataLen, pResult, pnResultLen,pad);
01487             return;
01488         }
01489     }
01490 
01491     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01492 }
01493 
01507 IPKIFRawCryptContext* CPKIFCryptoMediator2::CryptInit(
01510     const CPKIFKeyMaterial& key,
01511     bool pad)
01512 {
01513     LOG_STRING_DEBUG("CPKIFCryptoMediator2::CryptInit(const CPKIFKeyMaterial& key)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01514 
01515     //CCACSynchronizedObject so(m_impl->m_md);
01516     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01517     vector<IPKIFCryptoRawPtr>::iterator pos;
01518     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01519     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01520     {
01521         if((*pos)->SupportsAlgorithm(key))
01522         {
01523             return (*pos)->CryptInit(key,pad);
01524         }
01525     }
01526 
01527     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01528 }
01550 void CPKIFCryptoMediator2::Decrypt(
01553     IPKIFRawCryptContext* cryptContext,
01555     unsigned char* pData,
01557     int nDataLen,
01559     unsigned char* pResult,
01562     int* pnResultLen,
01565     bool final)
01566 {
01567     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Decrypt(IPKIFRawCryptContext* cryptContext, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, bool final)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01568 
01569     //CCACSynchronizedObject so(m_impl->m_md);
01570     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01571     vector<IPKIFCryptoRawPtr>::iterator pos;
01572     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01573     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01574     {
01575         try
01576         {
01577             (*pos)->Decrypt(cryptContext,pData,nDataLen,pResult,pnResultLen,final);
01578             return;
01579         }
01580         catch(...)
01581         {
01582         }
01583     }
01584 
01585     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01586 }
01587 
01606 void CPKIFCryptoMediator2::Encrypt(
01609     IPKIFRawCryptContext* cryptContext,
01611     unsigned char* pData,
01613     int nDataLen,
01615     unsigned char* pResult,
01618     int* pnResultLen,
01621     bool final)
01622 {
01623     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Encrypt(IPKIFRawCryptContext* cryptContext, unsigned char* pData, int nDataLen, unsigned char* pResult, int* pnResultLen, bool final)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01624 
01625     //CCACSynchronizedObject so(m_impl->m_md);
01626     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01627     vector<IPKIFCryptoRawPtr>::iterator pos;
01628     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01629     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01630     {
01631         try
01632         {
01633             (*pos)->Encrypt(cryptContext,pData,nDataLen,pResult,pnResultLen,final);
01634             return;
01635         }
01636         catch(...)
01637         {
01638         }
01639     }
01640 
01641     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01642 }
01643 
01662 bool CPKIFCryptoMediator2::Verify(
01664     const CPKIFKeyMaterial& key,
01667     unsigned char* pHashData,
01669     int nHashDataLen,
01671     unsigned char* pSignature,
01673     int nSignatureLen,
01675     PKIFCRYPTO::HASH_ALG hashAlg
01676     )
01677 {
01678     LOG_STRING_DEBUG("CPKIFCryptoMediator2::Verify", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01679 
01680     //CCACSynchronizedObject so(m_impl->m_md);
01681     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01682     vector<IPKIFCryptoRawPtr>::iterator pos;
01683     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
01684     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
01685     {
01686         bool supportsAlg = false;
01687         try
01688         {
01689             supportsAlg = (*pos)->SupportsAlgorithm(key);
01690         }
01691         catch(CPKIFException &){} // just try another mediator
01692         if(supportsAlg)
01693         {
01694             try
01695             {
01696                 bool b = (*pos)->Verify(key, pHashData, nHashDataLen, pSignature, nSignatureLen, hashAlg);
01697                 if(b)
01698                 {
01699                     std::string auditStr = "A signature verification was successfully performed.";
01700 #ifdef FULL_AUDIT
01701                     AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_SUCCEEDED, auditStr.c_str(), thisComponent);
01702 #endif
01703                 }
01704                 else
01705                 {
01706                     std::string auditStr = "A signature verification operation failed.";
01707                     AuditString(EVENTLOG_ERROR_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_VERIFY_FAILED, this);
01708                 }
01709                 return b;
01710             }
01711             catch(CPKIFException& e)
01712             {
01713                 std::string auditStr = "An exception was thrown performing a signature verification.";
01714                 AuditString(EVENTLOG_INFORMATION_TYPE, CAT_PKIF_CRYPTO, PKIF_SIGNATURE_VERIFICATION_FAILED, auditStr.c_str(), thisComponent, CRYPTO_VERIFY_FAILED, this);
01715                 
01716                 //if we are not at the end of the list, try again
01717                 if(pos+1 == end)
01718                     throw e;
01719             }
01720         }
01721     }
01722 
01723     throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01724 }
01725 
01744 void CPKIFCryptoMediator2::GetKeyList(
01746     CPKIFCredentialList& v,
01748     CPKIFKeyUsagePtr& ku)
01749 {   
01750     bitset<9> tmp = ku->GetKeyUsage();
01751     GetKeyList(v, &tmp);
01752 }
01753 
01779 void CPKIFCryptoMediator2::GetKeyList(
01781     CPKIFCredentialList& v,
01783     bitset<9>*  ku)
01784 {
01785     LOG_STRING_DEBUG("CPKIFCryptoMediator2::GetKeyList", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01786 
01787     //CCACSynchronizedObject so(m_impl->m_md);
01788     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01789     vector<IPKIFCryptoKeyIDPtr>::iterator pos;
01790     vector<IPKIFCryptoKeyIDPtr>::iterator end = m_impl->m_vCryptoKeyIDModules.end();
01791     bool opAttempted = false, opSucceeded = false;
01792     for(pos = m_impl->m_vCryptoKeyIDModules.begin(); pos != end; ++pos)
01793     {
01794         try
01795         {
01796             opAttempted = true;
01797             (*pos)->GetKeyList(v, ku);
01798             opSucceeded = true;
01799         }
01800         catch(CPKIFException& e)
01801         {
01802             //EXCEPTION DELETION
01803             //mediators eat exceptions and throw an "op not handled" exception
01804             //if no colleagues are able to successfully complete an operation
01805             std::string reason = "A crypto-related exception was thrown.  ";
01806             reason.append(*e.print());
01807             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
01808         }
01809     }
01810 
01811     if(!opAttempted)
01812         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01813 
01814     if(!opSucceeded)
01815         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
01816 }
01824 void CPKIFCryptoMediator2::GetColleagues(
01826     std::vector<IPKIFColleaguePtr>& v) const
01827 {
01828     copy(m_impl->m_vModules.begin(),m_impl->m_vModules.end(), back_inserter(v));
01829 }
01830 
01844 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
01847                                         CPKIFCredentialPtr& myPrivateKey,
01849                                         const CPKIFCertificatePtr& theirCert,
01851                                         const CPKIFAlgorithm * alg)
01852 {
01853     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01854 
01855     //CCACSynchronizedObject so(m_impl->m_md);
01856     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01857     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
01858     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
01859     bool opAttempted = false, opSucceeded = false;
01860     IPKIFKeyAgreeContextPtr ctx;
01861     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
01862     {
01863         try
01864         {
01865             opAttempted = true;
01866             ctx = (*pos)->SecretAgree(myPrivateKey, theirCert, alg);
01867             if(ctx) opSucceeded = true;
01868         }
01869         catch(CPKIFException& e)
01870         {
01871             //EXCEPTION DELETION
01872             //mediators eat exceptions and throw an "op not handled" exception
01873             //if no colleagues are able to successfully complete an operation
01874             std::string reason = "A crypto-related exception was thrown.  ";
01875             reason.append(*e.print());
01876             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
01877         }
01878     }
01879 
01880     if(!opAttempted)
01881         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01882 
01883     if(!opSucceeded)
01884         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
01885     return ctx;
01886 }
01887 
01905 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
01908                                         CPKIFCredentialPtr& myPrivateKey,
01912                                         const CPKIFBufferPtr& theirPublicKey,
01914                                         const CPKIFAlgorithm * alg)
01915 {
01916     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01917 
01918     //CCACSynchronizedObject so(m_impl->m_md);
01919     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01920     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
01921     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
01922     bool opAttempted = false, opSucceeded = false;
01923     IPKIFKeyAgreeContextPtr ctx;
01924     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
01925     {
01926         try
01927         {
01928             opAttempted = true;
01929             ctx = (*pos)->SecretAgree(myPrivateKey, theirPublicKey, alg);
01930             if(ctx) opSucceeded = true;
01931         }
01932         catch(CPKIFException& e)
01933         {
01934             //EXCEPTION DELETION
01935             //mediators eat exceptions and throw an "op not handled" exception
01936             //if no colleagues are able to successfully complete an operation
01937             std::string reason = "A crypto-related exception was thrown.  ";
01938             reason.append(*e.print());
01939             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
01940         }
01941     }
01942 
01943     if(!opAttempted)
01944         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
01945 
01946     if(!opSucceeded)
01947         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
01948 
01949     return ctx;
01950 }
01951 
01966 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
01968                                         const CPKIFCredentialPtr& myPrivateKey,
01970                                         CPKIFCredentialPtr & ephemeralKeyPair,
01972                                         const CPKIFCertificatePtr& theirCert,
01974                                         const CPKIFAlgorithm * alg)
01975 {
01976     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
01977 
01978     //CCACSynchronizedObject so(m_impl->m_md);
01979     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
01980     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
01981     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
01982     bool opAttempted = false, opSucceeded = false;
01983     IPKIFKeyAgreeContextPtr ctx;
01984     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
01985     {
01986         try
01987         {
01988             opAttempted = true;
01989             ctx = (*pos)->SecretAgree(myPrivateKey, ephemeralKeyPair, theirCert, alg);
01990             if(ctx) opSucceeded = true;
01991         }
01992         catch(CPKIFException& e)
01993         {
01994             //EXCEPTION DELETION
01995             //mediators eat exceptions and throw an "op not handled" exception
01996             //if no colleagues are able to successfully complete an operation
01997             std::string reason = "A crypto-related exception was thrown.  ";
01998             reason.append(*e.print());
01999             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
02000         }
02001     }
02002 
02003     if(!opAttempted)
02004         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02005 
02006     if(!opSucceeded)
02007         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
02008 
02009     return ctx;
02010 }
02011 
02029 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
02031                                         const CPKIFCredentialPtr& myPrivateKey,
02033                                         CPKIFCredentialPtr & ephemeralKeyPair,
02035                                         const CPKIFBufferPtr& theirPublicKey,
02037                                         const CPKIFAlgorithm * alg)
02038 {
02039     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
02040 
02041     //CCACSynchronizedObject so(m_impl->m_md);
02042     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
02043     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
02044     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
02045     bool opAttempted = false, opSucceeded = false;
02046     IPKIFKeyAgreeContextPtr ctx;
02047     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
02048     {
02049         try
02050         {
02051             opAttempted = true;
02052             ctx = (*pos)->SecretAgree(myPrivateKey, ephemeralKeyPair, theirPublicKey, alg);
02053             if(ctx) opSucceeded = true;
02054         }
02055         catch(CPKIFException& e)
02056         {
02057             //EXCEPTION DELETION
02058             //mediators eat exceptions and throw an "op not handled" exception
02059             //if no colleagues are able to successfully complete an operation
02060             std::string reason = "A crypto-related exception was thrown.  ";
02061             reason.append(*e.print());
02062             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
02063         }
02064     }
02065 
02066     if(!opAttempted)
02067         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02068 
02069     if(!opSucceeded)
02070         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
02071 
02072     return ctx;
02073 }
02074 
02090 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
02092                                         const CPKIFCredentialPtr& myPrivateKey,
02095                                         const CPKIFBufferPtr& ephemeralPublicKey,
02097                                         const CPKIFCertificatePtr& theirCert,
02099                                         const CPKIFAlgorithm * alg)
02100 {
02101     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
02102 
02103     //CCACSynchronizedObject so(m_impl->m_md);
02104     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
02105     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
02106     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
02107     bool opAttempted = false, opSucceeded = false;
02108     IPKIFKeyAgreeContextPtr ctx;
02109     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
02110     {
02111         try
02112         {
02113             opAttempted = true;
02114             ctx = (*pos)->SecretAgree(myPrivateKey, ephemeralPublicKey, theirCert, alg);
02115             if(ctx) opSucceeded = true;
02116         }
02117         catch(CPKIFException& e)
02118         {
02119             //EXCEPTION DELETION
02120             //mediators eat exceptions and throw an "op not handled" exception
02121             //if no colleagues are able to successfully complete an operation
02122             std::string reason = "A crypto-related exception was thrown.  ";
02123             reason.append(*e.print());
02124             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
02125         }
02126     }
02127 
02128     if(!opAttempted)
02129         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02130 
02131     if(!opSucceeded)
02132         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
02133 
02134     return ctx;
02135 }
02136 
02155 IPKIFKeyAgreeContextPtr CPKIFCryptoMediator2::SecretAgree(
02157                                         const CPKIFCredentialPtr& myPrivateKey,
02160                                         const CPKIFBufferPtr& ephemeralPublicKey,
02162                                         const CPKIFBufferPtr& theirPublicKey,
02164                                         const CPKIFAlgorithm * alg)
02165 {
02166     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SecretAgree", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
02167 
02168     //CCACSynchronizedObject so(m_impl->m_md);
02169     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
02170     vector<IPKIFCryptoKeyAgreePtr>::iterator pos;
02171     vector<IPKIFCryptoKeyAgreePtr>::iterator end = m_impl->m_vCryptoKeyAgreeModules.end();
02172     bool opAttempted = false, opSucceeded = false;
02173     IPKIFKeyAgreeContextPtr ctx;
02174     for(pos = m_impl->m_vCryptoKeyAgreeModules.begin(); pos != end; ++pos)
02175     {
02176         try
02177         {
02178             opAttempted = true;
02179             ctx = (*pos)->SecretAgree(myPrivateKey, ephemeralPublicKey, theirPublicKey, alg);
02180             if(ctx) opSucceeded = true;
02181         }
02182         catch(CPKIFException& e)
02183         {
02184             //EXCEPTION DELETION
02185             //mediators eat exceptions and throw an "op not handled" exception
02186             //if no colleagues are able to successfully complete an operation
02187             std::string reason = "A crypto-related exception was thrown.  ";
02188             reason.append(*e.print());
02189             AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CRYPTO, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
02190         }
02191     }
02192 
02193     if(!opAttempted)
02194         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02195 
02196     if(!opSucceeded)
02197         throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
02198 
02199     return ctx;
02200 }
02201 
02210 CPKIFKeyMaterialPtr CPKIFCryptoMediator2::DeriveKey(
02212                                                     const IPKIFKeyAgreeContextPtr & context,
02214                                                     unsigned long keyLen
02215                                                     )
02216 {
02217     IPKIFCryptoKeyAgree * owner = context->GetOwner();
02218     if(!owner) throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02219     CPKIFKeyMaterialPtr key = owner->DeriveKey(context,keyLen);
02220     if(!key) throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
02221     return key;
02222 }
02223 
02231 bool CPKIFCryptoMediator2::SupportsAlgorithm(
02233                                 const CPKIFKeyMaterial& key)
02234 {
02235     LOG_STRING_DEBUG("CPKIFCryptoMediator2::SupportsAlgorithm(const CPKIFKeyMaterial& key)", TOOLKIT_CRYPTO_MEDIATOR, 0, this);
02236 
02237     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
02238     vector<IPKIFCryptoRawPtr>::iterator pos;
02239     vector<IPKIFCryptoRawPtr>::iterator end = m_impl->m_vCryptoRawModules.end();
02240     bool handled = false;
02241     for(pos = m_impl->m_vCryptoRawModules.begin(); pos != end; ++pos)
02242     {
02243         handled = true;
02244         if((*pos)->SupportsAlgorithm(key)) return true;
02245     }
02246 
02247     if(!handled) throw CPKIFCryptoException(thisComponent, COMMON_OPERATION_NOT_HANDLED);
02248 
02249     return false;
02250 }
Generated on Mon Nov 15 11:15:48 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6