IPKIFScvpClient.cpp

Go to the documentation of this file.
00001 
00009 //PKIFSCVP includes
00010 #include "IPKIFScvpClient.h"
00011 #include "PKIFSCVP_OIDs.h"
00012 #include "ValPolRequest.h"
00013 #include "ValPolResponse.h"
00014 
00015 //PKIF includes
00016 #include "Certificate.h"
00017 #include "components.h"
00018 #include "GeneralSubtree.h"
00019 #include "Name.h"
00020 #include "PKIFErrors.h"
00021 #include "PKIFException.h"
00022 #include "ToolkitUtils.h"
00023 
00024 //PKIFCMS includes
00025 #include "ContentInfo.h"
00026 #include "EncapsulatedContentInfo.h"
00027 #include "SignedData.h"
00028 
00029 //PKIFERS includes
00030 #include "EvidenceRecordVerifier.h"
00031 #include "EvidenceRecordBundle.h"
00032 
00033 #include <iterator>
00034 
00036 struct PKIFScvpClientImpl
00037 {
00045     PKIFScvpClientImpl()
00046     {
00047         m_bGenerateNonce = false;
00048         m_bRequireNonceMatch = true;
00049         m_bRequireSignedDPD = false;
00050         m_bFetchWhenLoading = true;
00051     }
00052 
00053     bool CheckNamespaces(const CPKIFCertificatePtr& cert);
00054 
00055     //HTTP URL to which requests are posted
00056     std::string m_url;
00057 
00058     //credential used to sign outbound requests
00059     CPKIFCredentialPtr m_cred;
00060 
00061     //list of wantBacks that are included in a CVRequest
00062     CPKIFOIDListPtr m_wantBacks;
00063 
00064     //evidence record verifier
00065     CPKIFEvidenceRecordVerifierPtr m_erv;
00066 
00067     //instruction that determines is a request includes a nonce
00068     bool m_bGenerateNonce;
00069 
00070     //instruction that determines if a nonce match is required
00071     bool m_bRequireNonceMatch;
00072 
00073     //instruction that determines if DPD requests require a signature
00074     bool m_bRequireSignedDPD;
00075 
00077     IPKIFMediatorPtr m_mediator;
00078 
00079     //path settings that are used to verify signed SCVP responses
00080     CPKIFPathSettingsPtr m_settings;
00081 
00082     //path settings that are used to customize the val pol stuff in CVRequests
00083     CPKIFPathSettingsPtr m_settingsForValPol;
00084 
00085     //namespace/get namespaces that determine if the colleague is consulted during path processing
00086     CPKIFGeneralSubtreeList m_namespaces;
00087 
00088     //ContentInfo containing a SignedData that encapsulates a val pol response
00089     CPKIFContentInfoPtr m_valPol;
00090 
00091     //ValPolResponse retrieved from m_valPol following successful verification
00092     CPKIFValPolResponsePtr m_parsedValPol;
00093 
00094     //instruction that determines if a validation policy is retrieved when loading the SCVP client
00095     bool m_bFetchWhenLoading;
00096 
00097     //want backs collected during a path processing operation
00098     CPKIFReplyWantBack_ExtDataHandlerPtr m_wantBacksFromResponse;
00099 
00100     CPKIFOIDPtr m_valPolOid;
00101 };
00102 
00111 bool PKIFScvpClientImpl::CheckNamespaces(const CPKIFCertificatePtr& cert)
00112 {
00113     if(cert == (CPKIFCertificate*)NULL)
00114         return false;
00115 
00116     CPKIFNamePtr subjectName = cert->GetSubjectName();
00117     CPKIFGeneralSubtreeList::iterator pos;
00118     CPKIFGeneralSubtreeList::iterator end = m_namespaces.end();
00119     for(pos = m_namespaces.begin(); pos != end; ++pos)
00120     {
00121         if(CPKIFGeneralSubtree::MATCH == (*pos)->IsInSubtree(subjectName))
00122             return true;
00123     }
00124 
00125     //if we get here then either it's not a match (cause the list isn't empty)
00126     //or it is a match (cause the list is empty).  when the list is empty, we
00127     //accept all comers.
00128     return m_namespaces.empty();
00129 }
00131 
00132 
00140 IPKIFScvpClient::IPKIFScvpClient(void) : m_impl(new PKIFScvpClientImpl)
00141 {
00142 }
00143 
00151 IPKIFScvpClient::~IPKIFScvpClient(void)
00152 {
00153     if(m_impl)
00154         delete m_impl;
00155 }
00156 
00157 bool IPKIFScvpClient::CheckNamespaces(const CPKIFCertificatePtr& cert)
00158 {
00159     return m_impl->CheckNamespaces(cert);
00160 }
00161 
00169 void IPKIFScvpClient::SetResponderUrl(const char* url)
00170 {
00171     m_impl->m_url = url;
00172 }
00173 
00181 const char* IPKIFScvpClient::GetResponderUrl() const
00182 {
00183     return m_impl->m_url.c_str();
00184 }
00185 
00193 void IPKIFScvpClient::SetSigningCredential(CPKIFCredentialPtr& cred)
00194 {   
00195     m_impl->m_cred = cred;
00196 }
00197 
00205 CPKIFCredentialPtr IPKIFScvpClient::GetSigningCredential() const
00206 {
00207     return m_impl->m_cred;
00208 }
00209 
00217 void IPKIFScvpClient::SetWantBacks(CPKIFOIDListPtr& wantBack)
00218 {
00219     CPKIFOIDListPtr tmp(new CPKIFOIDList);
00220     m_impl->m_wantBacks = tmp;
00221     if(wantBack && !wantBack->empty())
00222         copy(wantBack->begin(),wantBack->end(), back_inserter(*tmp)); 
00223 }
00224 
00232 CPKIFOIDListPtr IPKIFScvpClient::GetWantBacks() const
00233 {
00234     return m_impl->m_wantBacks;
00235 }
00236 
00244 void IPKIFScvpClient::SetEvidenceRecordVerifier(CPKIFEvidenceRecordVerifierPtr& erv)
00245 {
00246     m_impl->m_erv = erv;
00247 }
00248 
00256 CPKIFEvidenceRecordVerifierPtr IPKIFScvpClient::GetEvidenceRecordVerifier() const
00257 {
00258     return m_impl->m_erv;
00259 }
00260 
00268 void IPKIFScvpClient::SetGenerateNonce(bool b)
00269 {
00270     m_impl->m_bGenerateNonce = b;
00271 }
00272 
00280 bool IPKIFScvpClient::GetGenerateNonce() const
00281 {
00282     return m_impl->m_bGenerateNonce;
00283 }
00284 
00292 void IPKIFScvpClient::SetRequireNonceMatch(bool bRequireNonceMatch)
00293 {
00294     m_impl->m_bRequireNonceMatch = bRequireNonceMatch;
00295 }
00296 
00304 bool IPKIFScvpClient::GetRequireNonceMatch()
00305 {
00306     return m_impl->m_bRequireNonceMatch;
00307 }
00308 
00316 void IPKIFScvpClient::SetRequireSignedDPD(bool b)
00317 {
00318     m_impl->m_bRequireSignedDPD = b;
00319 }
00320 
00328 bool IPKIFScvpClient::GetRequireSignedDPD() const
00329 {
00330     return m_impl->m_bRequireSignedDPD;
00331 }
00332 
00340 void IPKIFScvpClient::SetMediator(IPKIFMediatorPtr& m)
00341 {
00342     m_impl->m_mediator = m;
00343 }
00344 
00352 IPKIFMediatorPtr IPKIFScvpClient::GetMediator() const
00353 {
00354     return m_impl->m_mediator;
00355 }
00356 
00364 void IPKIFScvpClient::SetPathSettings(CPKIFPathSettingsPtr& settings)
00365 {
00366     m_impl->m_settings = settings;
00367 }
00368 
00376 CPKIFPathSettingsPtr IPKIFScvpClient::GetPathSettings() const
00377 {
00378     return m_impl->m_settings;
00379 }
00380 
00388 void IPKIFScvpClient::SetPathSettingsForValPol(CPKIFPathSettingsPtr& settings)
00389 {
00390     m_impl->m_settingsForValPol = settings;
00391 }
00392 
00400 CPKIFPathSettingsPtr IPKIFScvpClient::GetPathSettingsForValPol() const
00401 {
00402     return m_impl->m_settingsForValPol;
00403 }
00404 
00413 void IPKIFScvpClient::SetFetchValPolWhenLoading(bool b)
00414 {
00415     m_impl->m_bFetchWhenLoading = b;
00416 }
00417 
00426 bool IPKIFScvpClient::GetFetchValPolWhenLoading() const
00427 {
00428     return m_impl->m_bFetchWhenLoading;
00429 }
00430 
00438 void IPKIFScvpClient::AddNamespace(CPKIFGeneralSubtreePtr& name)
00439 {
00440     if(name == (CPKIFGeneralSubtree*)NULL)
00441         return;
00442 
00443     m_impl->m_namespaces.push_back(name);
00444 }
00445 
00453 CPKIFGeneralSubtreeList IPKIFScvpClient::GetNamespaces()
00454 {
00455     return m_impl->m_namespaces;
00456 }
00457 
00465 void IPKIFScvpClient::SetValPol(CPKIFContentInfoPtr& vp)
00466 {
00467     m_impl->m_valPol = vp;
00468 
00469     //clear the parsed val pol response, if any
00470     CPKIFValPolResponsePtr empty;
00471     m_impl->m_parsedValPol = empty;
00472 }
00473 
00481 CPKIFContentInfoPtr IPKIFScvpClient::GetValPol() const
00482 {
00483     return m_impl->m_valPol;
00484 }
00485 
00486 CPKIFOIDPtr IPKIFScvpClient::GetValidationPolicy() const
00487 {
00488     return m_impl->m_valPolOid;
00489 }
00490 void IPKIFScvpClient::SetValidationPolicy(CPKIFOIDPtr& valPol)
00491 {
00492     m_impl->m_valPolOid = valPol;
00493 }
00494 
00507 CPKIFValPolResponsePtr IPKIFScvpClient::VerifyValPol()
00508 {
00509     if(!m_impl->m_valPol || !m_impl->m_mediator)
00510         throw CPKIFException(TOOLKIT_SCVP_SUBCOMPONENT, COMMON_INVALID_INPUT, "Either SetValPol or SetMediator has not been called prior to VerifyValPol.");
00511 
00512     if(!m_impl->m_parsedValPol)
00513     {
00514         CPKIFOIDPtr contentType = m_impl->m_valPol->GetContentType();
00515         if(!contentType || (*g_signedData != *contentType))
00516             throw CPKIFException(TOOLKIT_SCVP_SUBCOMPONENT, COMMON_INVALID_INPUT, "Unexpected ValPol contents.  SignedData not present.");
00517 
00518         CPKIFBufferPtr content = m_impl->m_valPol->GetContent();
00519 
00520         CPKIFSignedData sd;
00521         sd.Decode(content);
00522 
00523         sd.AddMediator(m_impl->m_mediator);
00524 
00525         if(m_impl->m_settings)
00526             sd.SetPathSettings(m_impl->m_settings);
00527 
00528         CMSVerificationStatus status;
00529         if(!sd.Verify(0, status))
00530             throw CPKIFException(TOOLKIT_SCVP_SUBCOMPONENT, COMMON_INVALID_INPUT, "ValPol verification failed.");
00531 
00532         CPKIFEncapsulatedContentInfoPtr ecip = sd.GetEncapsulatedContent();
00533         CPKIFOIDPtr ecipOid = ecip->GetOID();
00534         if(!ecipOid || (*g_id_ct_scvp_valPolResponse != *ecipOid))
00535             throw CPKIFException(TOOLKIT_SCVP_SUBCOMPONENT, COMMON_INVALID_INPUT, "Unexpected ValPol contents.  ValPolRepsonse not present.");
00536 
00537         CPKIFBufferPtr ecipBuf = ecip->GetContent();
00538         CPKIFValPolResponsePtr vp(new CPKIFValPolResponse);
00539         vp->Decode(ecipBuf);
00540         m_impl->m_parsedValPol = vp;
00541     }
00542 
00543     return m_impl->m_parsedValPol;
00544 }
00545 
00556 CPKIFContentInfoPtr IPKIFScvpClient::FetchValPol()
00557 {
00558     //create a new val pol request object
00559     CPKIFValPolRequest vr;
00560 
00561     //declare a buffer to catch the val pol response
00562     CPKIFBufferPtr encValPolResponse;
00563 
00564     //clear any previously set val pol response
00565     CPKIFContentInfoPtr emptyCI;
00566     SetValPol(emptyCI);
00567 
00568     //read the current nonce instruction and pass it to the val pol req
00569     vr.SetGenerateNonce(GetGenerateNonce());
00570 
00571     //encode it...
00572     CPKIFBufferPtr encVR = vr.Encode();
00573 
00574     //then pack it in a ContentInfo...
00575     CPKIFContentInfo ci;
00576     ci.SetContent(encVR);
00577     ci.SetContentType(g_id_ct_scvp_valPolRequest);
00578 
00579     //encode that then...
00580     CPKIFBufferPtr encReq = ci.Encode();
00581 
00582     //post...
00583     if(PostRequestURL(encReq, encValPolResponse, GetResponderUrl(), PKIF_SCVP_VAL_POL)) 
00584     {
00585         CPKIFContentInfoPtr ci(new CPKIFContentInfo);
00586         ci->Decode(encValPolResponse);
00587         SetValPol(ci);
00588     }
00589 
00590     return GetValPol();
00591 }
00599 void IPKIFScvpClient::SetWantBacksFromResponse(CPKIFReplyWantBack_ExtDataHandlerPtr& wantBacks)
00600 {
00601     m_impl->m_wantBacksFromResponse = wantBacks;
00602 }
00603 
00604 
00612 CPKIFReplyWantBack_ExtDataHandlerPtr IPKIFScvpClient::GetWantBacksFromResponse() const
00613 {
00614     return m_impl->m_wantBacksFromResponse;
00615 }
Generated on Mon Nov 15 11:15:51 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6