OCSPRequest.cpp

Go to the documentation of this file.
00001 
00009 #include "OCSPRequest.h"
00010 #include "TBSRequest.h"
00011 #include "Buffer.h"
00012 #include "PKIFCredential.h"
00013 #include "GeneralName.h"
00014 #include "PKIFOCSPMemoryHelper.h"
00015 #include "AlgorithmIdentifier.h"
00016 #include "Certificate.h"
00017 
00018 #include "ASN1Helper.h"
00019 #include "OCSP.h"
00020 
00021 #include "IPKIFHashContext.h"
00022 #include "IPKIFCryptoMisc.h"
00023 #include "IPKIFCryptoKeyID.h"
00024 
00025 #include "OCSPException.h"
00026 #include "ToolkitUtils.h"
00027 #include "PKIFMediators.h"
00028 #include "PKIFX509Extensions2.h"
00029 #include "SubjectPublicKeyInfo.h"
00030 #include "PKIFCommonErrors.h"
00031 using namespace std;
00032 
00034 struct CPKIFOCSPRequestImpl
00035 {
00036     CPKIFOCSPRequest* m_parent;
00044     CPKIFOCSPRequestImpl ()
00045     {
00046         m_parent = NULL;
00047     }
00055     CPKIFOCSPRequestImpl (CPKIFOCSPRequest  *p) 
00056     {
00057         m_parent = p;
00058     }
00059     //member for building
00060     CPKIFTBSRequestPtr m_tbsRequest;
00061 
00062     //member for decoding
00063     CPKIFASNWrapper<OCSPRequest>* m_ocspReq;
00064 
00065     void ClearAllMembers();
00066     void MakeReq();
00067     void FreeReq();
00068 
00069     //member to maintain state when calling Set functions
00070     void CallingAllGets();
00071 
00072     CPKIFCredentialPtr m_cred;
00073     IPKIFMediator* m_mediator;
00074 };
00076 
00084 CPKIFOCSPRequest::CPKIFOCSPRequest()
00085     :m_impl (new CPKIFOCSPRequestImpl)
00086 {
00087     LOG_STRING_DEBUG("CPKIFOCSPRequest::CPKIFOCSPRequest()", TOOLKIT_OCSP_ASN, 0, this);
00088 
00089     m_impl->m_parent = this;
00090     m_impl->m_ocspReq = NULL;
00091     m_impl->m_mediator = NULL;
00092 }
00100 CPKIFOCSPRequest::~CPKIFOCSPRequest()
00101 {
00102     LOG_STRING_DEBUG("CPKIFOCSPRequest::~CPKIFOCSPRequest()", TOOLKIT_OCSP_ASN, 0, this);
00103 
00104     if(NULL != m_impl->m_ocspReq)
00105         delete m_impl->m_ocspReq;
00106 
00107     delete m_impl;
00108     m_impl = NULL;
00109 }
00117 void CPKIFOCSPRequestImpl::ClearAllMembers()
00118 {
00119     LOG_STRING_DEBUG("CPKIFOCSPRequest::ClearAllMembers()", TOOLKIT_OCSP_ASN, 0, this);
00120 
00121     CPKIFTBSRequestPtr tmpReq;
00122     m_tbsRequest = tmpReq;
00123 
00124     FreeReq();
00125 }
00133 void CPKIFOCSPRequestImpl::CallingAllGets()
00134 {
00135     LOG_STRING_DEBUG("CPKIFOCSPRequest::CallingAllGets()", TOOLKIT_OCSP_ASN, 0, this);
00136 
00137     m_parent->GetRequest();
00138     FreeReq();
00139 }
00147 void CPKIFOCSPRequestImpl::MakeReq()
00148 {
00149     LOG_STRING_DEBUG("CPKIFOCSPRequest::MakeReq()", TOOLKIT_OCSP_ASN, 0, this);
00150 
00151     FreeReq();
00152     m_ocspReq = new CPKIFASNWrapper<OCSPRequest>( BEREncOCSPRequest, BERDecOCSPRequest );
00153 }
00161 void CPKIFOCSPRequestImpl::FreeReq()
00162 {
00163     LOG_STRING_DEBUG("CPKIFOCSPRequest::FreeReq()", TOOLKIT_OCSP_ASN, 0, this);
00164 
00165     if(NULL != m_ocspReq)
00166         delete m_ocspReq;
00167     m_ocspReq = NULL;
00168 }
00169 
00170 //tbsRequest
00180 CPKIFTBSRequestPtr CPKIFOCSPRequest::GetRequest() const
00181 {
00182     if(m_impl->m_tbsRequest == (CPKIFTBSRequest*)NULL && NULL != m_impl->m_ocspReq)
00183     {
00184         LOG_STRING_DEBUG("CPKIFOCSPRequest::GetRequest()", TOOLKIT_OCSP_ASN, 0, this);
00185 
00186         CPKIFASNWrapper<TBSRequest> tbsReq(BEREncTBSRequest, BERDecTBSRequest);
00187         tbsReq.Decode((*m_impl->m_ocspReq)->tbsRequest.data, (*m_impl->m_ocspReq)->tbsRequest.numocts);
00188         //CPKIFTBSRequest* tmpReq = new CPKIFTBSRequest(*tbsReq.data());
00189         CPKIFBufferPtr buffPtr(new CPKIFBuffer((*m_impl->m_ocspReq)->tbsRequest.data, (*m_impl->m_ocspReq)->tbsRequest.numocts));
00190         CPKIFTBSRequest* tmpReq = new CPKIFTBSRequest(buffPtr);
00191         CPKIFTBSRequestPtr tmpRef(tmpReq); 
00192 
00193         CPKIFOCSPRequest* nonConst = const_cast<CPKIFOCSPRequest*>(this);
00194         nonConst->m_impl->m_tbsRequest = tmpRef;
00195     }
00196 
00197     return m_impl->m_tbsRequest;
00198 }
00199 
00200 //the cred parameter is ignored because this version of PKIF does not support
00201 //generation of signed OCSP requests
00212 void CPKIFOCSPRequest::SetRequest(
00215     CPKIFTBSRequestPtr& request,
00218     CPKIFCredentialPtr& cred, 
00220     IPKIFMediator* m)
00221 {
00222     LOG_STRING_DEBUG("CPKIFOCSPRequest::SetRequest(CPKIFTBSRequestPtr& request, CPKIFCredential* cred)", TOOLKIT_OCSP_ASN, 0, this);
00223 
00224     m_impl->CallingAllGets();
00225     m_impl->m_tbsRequest = request;
00226     m_impl->m_cred = cred;
00227     m_impl->m_mediator = m;
00228 }
00236 CPKIFBufferPtr CPKIFOCSPRequest::Encode()
00237 {
00238     LOG_STRING_DEBUG("CPKIFOCSPRequest::Encode()", TOOLKIT_OCSP_ASN, 0, this);
00239 
00240     //first encode the tbs structure
00241     
00242     if(m_impl->m_mediator && m_impl->m_cred != (CPKIFCredential*)NULL)
00243     {   
00244         CPKIFGeneralNamePtr genName(new CPKIFGeneralName(m_impl->m_cred->GetCertificate()->Subject()));
00245         m_impl->m_tbsRequest->SetRequestorName(genName);
00246     }
00247     CPKIFBufferPtr tbs = m_impl->m_tbsRequest->Encode();
00248 
00249     PKIFOCSPMemoryHelper mhOCSPRequest;
00250     mhOCSPRequest.pRequest = new OCSPRequest;
00251     memset(mhOCSPRequest.pRequest, 0, sizeof(OCSPRequest));
00252 
00253     mhOCSPRequest.pRequest->tbsRequest.data = tbs->GetBuffer();
00254     mhOCSPRequest.pRequest->tbsRequest.numocts = tbs->GetLength();
00255 
00256     if(m_impl->m_mediator && m_impl->m_cred != (CPKIFCredential*)NULL)
00257     {
00258         IPKIFCryptoKeyIDOperations* cm = m_impl->m_mediator->GetMediator<IPKIFCryptoKeyIDOperations>();
00259         IPKIFCryptoMisc* cMisc = m_impl->m_mediator->GetMediator<IPKIFCryptoMisc>();
00260 
00261         if(cm && cMisc)
00262         {
00263             unsigned char sha1Hash[PKIFCRYPTO::SHA1];
00264             int sha1HashLen = PKIFCRYPTO::SHA1;
00265             IPKIFHashContext* hash = cMisc->HashInit(PKIFCRYPTO::SHA1);
00266             try
00267             {
00268                 if(hash)
00269                 {
00270                     cMisc->HashUpdate(hash, (unsigned char*)mhOCSPRequest.pRequest->tbsRequest.data, mhOCSPRequest.pRequest->tbsRequest.numocts);
00271                     cMisc->HashFinal(hash, sha1Hash, &sha1HashLen);
00272                     delete hash; hash = NULL;
00273                 }
00274 
00275                 unsigned char sig[500]; memset(sig, 0, 500);
00276                 int nSigLen = 500;
00277                 cm->Sign(*m_impl->m_cred, sha1Hash, sha1HashLen, sig, &nSigLen, PKIFCRYPTO::SHA1);
00278 
00279                 mhOCSPRequest.pRequest->m.optionalSignaturePresent = 1;
00280                 mhOCSPRequest.pRequest->optionalSignature.signature.data = new unsigned char[nSigLen];
00281                 mhOCSPRequest.pRequest->optionalSignature.signature.numbits = nSigLen*8;
00282                 memcpy((void*)mhOCSPRequest.pRequest->optionalSignature.signature.data, sig, nSigLen);
00283 
00284                 CPKIFCertificatePtr cert = m_impl->m_cred->GetCertificate();
00285                 CPKIFAlgorithmIdentifierPtr certAlg = cert->SubjectPublicKeyInfo()->alg();
00286                 CPKIFOID dsaWithSha1("1.2.840.10040.4.3");
00287                 if(*(certAlg->oid()) == *g_dsa)     
00288                 {
00289                     CPKIFStringPtr str(new std::string(dsaWithSha1.ToString())); 
00290                     ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
00291                     //CopyOID(&mhOCSPRequest.pRequest->optionalSignature.signatureAlgorithm.algorithm, dsaWithSha1.raw());
00292                     CopyOID(&mhOCSPRequest.pRequest->optionalSignature.signatureAlgorithm.algorithm, tmpOid);
00293                     if(tmpOid)
00294                         delete tmpOid;
00295                 }
00296                 else
00297                 {
00298                     CPKIFStringPtr str(new std::string(g_sha1WithRSAEncryption->ToString()));
00299                     ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
00300                     //CopyOID(&mhOCSPRequest.pRequest->optionalSignature.signatureAlgorithm.algorithm, g_sha1WithRSAEncryption->raw());
00301                     CopyOID(&mhOCSPRequest.pRequest->optionalSignature.signatureAlgorithm.algorithm, tmpOid);
00302                     if(tmpOid)
00303                         delete tmpOid;
00304                 }
00305                 mhOCSPRequest.pRequest->optionalSignature.m.certsPresent = 1;
00306                 mhOCSPRequest.pRequest->optionalSignature.certs.head = new DListNode;
00307                 mhOCSPRequest.pRequest->optionalSignature.certs.tail = mhOCSPRequest.pRequest->optionalSignature.certs.head;
00308                 mhOCSPRequest.pRequest->optionalSignature.certs.head->next = NULL;
00309                 mhOCSPRequest.pRequest->optionalSignature.certs.head->prev = NULL;
00310                 ASN1OpenType* c = new ASN1OpenType;
00311                 CPKIFBufferPtr encCert = cert->Encoded();
00312                 c->data = encCert->GetBuffer();
00313                 c->numocts = encCert->GetLength();
00314                 mhOCSPRequest.pRequest->optionalSignature.certs.head->data = c;
00315                 mhOCSPRequest.pRequest->optionalSignature.certs.count = 1;
00316             }
00317             catch(CPKIFException&)
00318             {
00319                 if(NULL != hash)
00320                     delete hash;
00321 
00322                 //if signature generation fails, attempt without a signature
00323             }
00324         }
00325     }
00326 
00327     CACASNWRAPPER_CREATE(OCSPRequest, objPDU);
00328     ASN1OpenType* data1 = objPDU.Encode(mhOCSPRequest.pRequest);
00329 
00330     if (data1 != NULL )
00331     {
00332       CPKIFBufferPtr tmp(new CPKIFBuffer(data1->data, data1->numocts));
00333       delete data1;
00334       return tmp;
00335     }
00336     else
00337     {
00338       CPKIFBufferPtr tmp(new CPKIFBuffer());
00339       delete data1;
00340       return tmp;
00341     }
00342 }
00353 void CPKIFOCSPRequest::Decode(
00355     CPKIFBufferPtr& msg)
00356 {
00357     LOG_STRING_DEBUG("CPKIFOCSPRequest::Decode(CPKIFBufferPtr& msg)", TOOLKIT_OCSP_ASN, 0, this);
00358 
00359     m_impl->ClearAllMembers();
00360 
00361     //if the input is empty - fail now
00362     if(msg == (CPKIFBuffer*)NULL || 0 == msg->GetLength())
00363     {
00364         throw CPKIFOCSPException(TOOLKIT_OCSP_ASN, COMMON_INVALID_INPUT);
00365     }
00366 
00367     m_impl->MakeReq();
00368 
00369     try
00370     {
00371         //otherwise try to parse it into the m_tsr member
00372         (*m_impl->m_ocspReq).Decode(msg->GetBuffer(), msg->GetLength());
00373     }
00374     catch(CPKIFException&)
00375     {
00376         //delete e;
00377         //changed error code 3/2/2004
00378         throw CPKIFOCSPException(TOOLKIT_OCSP_ASN, ASN1_DECODE_ERROR);
00379     }
00380 }
Generated on Mon Nov 15 11:15:51 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6