PKIFCMSUtils.h File Reference

Detailed Description

Subsystem: Cryptographic Message Syntax (PKIFCMS)

Module: Miscellaneous

Id
PKIFCMSUtils.h 11948 2010-10-26 14:47:35Z agalustyan

Definition in file PKIFCMSUtils.h.

#include "PKIFCMSDLL.h"
#include "PKIFEnums.h"
#include "PKIFCryptoConstants.h"
#include <vector>

Include dependency graph for PKIFCMSUtils.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define RAISE_MESSAGE_EXCEPTION(__errorMsg__, __component__, __errorCode__, __object__)
#define CMS_ATTR_CAST(item)   *((boost::shared_ptr<CPKIFAttribute>*)&(item))

Typedefs

typedef std::vector
< CPKIFAlgorithmIdentifierPtr,
PKIFAlloc
< CPKIFAlgorithmIdentifierPtr > > 		CCACDigestAlgorithmIdentifiers

Enumerations

enum  CMSVerificationStatus {
  REV_STATUS_INVALID = -3, CERT_PATH_INVALID = -2, CMS_SIGNATURE_INVALID = -1, NOT_VERIFIED = 0,
  CMS_SIGNATURE_VERIFIED = 1, CERT_PATH_VERIFIED = 2, REV_STATUS_VERIFIED = 3
}
enum  CMSPathValidationStatus { PVS_NOT_VALIDATED = 0, PVS_CERT_PATH_VERIFIED = 1, PVS_REV_STATUS_VERIFIED = 2 }

Functions

 FD_SMART_PTR (CPKIFCertificateNodeEntry)
 FD_SMART_PTR (CPKIFAlgorithmIdentifier)
 DECLARE_SMART_POINTERS (CCACDigestAlgorithmIdentifiers)
 FD_LIST_PTR (CPKIFSignerInfo)
 FD_SMART_PTR (CPKIFSignedData)
 FD_SMART_PTR (CPKIFPathSettings)
 FD_SMART_PTR (CPKIFBuffer)
 FD_LIST_PTR (CPKIFCertificate)
 FD_SMART_PTR (CPKIFCertificatePath)
 FD_MC_PTR ()
void PKIFCMS_API keyUsageChecker_Signature (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
void PKIFCMS_API keyUsageChecker_Encryption (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
void PKIFCMS_API keyUsageChecker_KeyAgreement (const CPKIFCertificateNodeEntryPtr &certNode, CPKIFPathValidationResults &results, CertificateType type)
CPKIFBufferPtr PKIFCMS_API Countersign (CPKIFSignerInfoPtr &siToCounterSign, CPKIFSignerInfoPtr &countersignerSI, IPKIFMediatorPtr &mediator)
void PKIFCMS_API VerifyCounterSignatures (CPKIFSignedDataPtr &sd, CPKIFSignerInfoPtr &si, IPKIFMediatorPtr &mediator, CPKIFPathSettingsPtr &settings, CPKIFSignerInfoList &sis, std::vector< CMSVerificationStatus > &status, CPKIFCertificateList &certVector, std::vector< CPKIFCertificatePathPtr > &pathVector)

Variables

unsigned char nullParams []

Define Documentation

#define CMS_ATTR_CAST ( item   )     *((boost::shared_ptr<CPKIFAttribute>*)&(item))

Definition at line 82 of file PKIFCMSUtils.h.

#define RAISE_MESSAGE_EXCEPTION ( __errorMsg__,
__component__,
__errorCode__,
__object__   ) 

Value:

{\
    LOG_STRING_ERROR(__errorMsg__, __component__, __errorCode__, __object__);\
    throw CPKIFMessageException(__component__, __errorCode__, __errorMsg__);\
}

Definition at line 76 of file PKIFCMSUtils.h.

Referenced by CPKIFContentWithAttributes::Encode(), and CPKIFContentCollection::Encode().

Typedef Documentation

typedef std::vector<CPKIFAlgorithmIdentifierPtr, PKIFAlloc<CPKIFAlgorithmIdentifierPtr> > CCACDigestAlgorithmIdentifiers

Definition at line 20 of file PKIFCMSUtils.h.

Enumeration Type Documentation

enum CMSPathValidationStatus

The CMSPathValidationStatus enum identifies the path validation status of a CMS message. It is often used to identify the minimum acceptable path validation status for a message.

Enumerator:
PVS_NOT_VALIDATED  Recipient certs need not be validated.
PVS_CERT_PATH_VERIFIED  A path that passes basic checks (including sig checks) must be built for each recipient.
PVS_REV_STATUS_VERIFIED  A valid path complete with rev status checks must be built for each recipient.

Definition at line 61 of file PKIFCMSUtils.h.

enum CMSVerificationStatus

The CMSVerificationStatus enum identifies the overall validation status of a CMS message.

REV_STATUS_INVALID – Signer certificate is revoked.
CERT_PATH_INVALID – The path constructed during the path building is invalid.
CMS_SIGNATURE_INVALID – CMS Signature was invalid.
NOT_VERIFIED – CMS signature was not successfully verified.
CMS_SIGNATURE_VERIFIED – CMS signature is verified.\
CERT_PATH_VERIFIED – CMS signature and certificate path for the signer cert is verified.
REV_STATUS_VERIFIED – CMS signature, certificate path and revocation status for the signer cert is verified.
Enumerator:
REV_STATUS_INVALID  Signature was verified, cert path was valid, a cert was revoked.
CERT_PATH_INVALID  Signature was verified, no valid path was found, rev status was not checked.
CMS_SIGNATURE_INVALID  Signature was not valid, path proc. was not attempted, rev status was not checked.
NOT_VERIFIED  No checks were performed.
CMS_SIGNATURE_VERIFIED  Signature was verified, path proc. was not attempted, rev status not checked.
CERT_PATH_VERIFIED  Signature was verified, valid path found, rev status not checked.
REV_STATUS_VERIFIED  Signature was verified, valid path found, rev status good.

Definition at line 47 of file PKIFCMSUtils.h.

Function Documentation

CPKIFBufferPtr PKIFCMS_API Countersign ( CPKIFSignerInfoPtr &  siToCounterSign,
CPKIFSignerInfoPtr &  countersignerSI,
IPKIFMediatorPtr mediator 
)

Interface: External

This function produces a counter signature on the signature in the siToCounterSign parameter. It returns the counter signature.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
CPKIFMessageException(COMMON_UNSUPPORTED_ALG) 
Parameters:
siToCounterSign  [in] The signer information to sign.
countersignerSI  [in] Signer information of the counter signer
mediator  [in] The mediator to provide crypto functionality

Definition at line 1699 of file CACCMSUtils.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, COMMON_UNSUPPORTED_ALG, g_data, GetCACHashAlg(), GetSignerInfo(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), MAXHASH, PKIFCMSMessageMemoryHelper::pSignerInfo, PKIFCRYPTO::SHA1, and TOOLKIT_MESSAGE.

DECLARE_SMART_POINTERS ( CCACDigestAlgorithmIdentifiers   ) 

FD_LIST_PTR ( CPKIFCertificate   ) 

FD_LIST_PTR ( CPKIFSignerInfo   ) 

FD_MC_PTR (  ) 

FD_SMART_PTR ( CPKIFCertificatePath   ) 

FD_SMART_PTR ( CPKIFBuffer   ) 

FD_SMART_PTR ( CPKIFPathSettings   ) 

FD_SMART_PTR ( CPKIFSignedData   ) 

FD_SMART_PTR ( CPKIFAlgorithmIdentifier   ) 

FD_SMART_PTR ( CPKIFCertificateNodeEntry   ) 

void PKIFCMS_API keyUsageChecker_Encryption ( const CPKIFCertificateNodeEntryPtr &  certNode,
CPKIFPathValidationResults results,
CertificateType  type 
)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the key encipherment bit set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the key encipherment bit is set. The keyUsageChecker_Signature function can be used in cases where the digital signature or non-repudiation bits must be set.

This function is TSP-enforcing.

Returns:
None
Parameters:
certNode  [in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results  [in] Reference to a CPKIFPathValidationResults object (not used by this function)
type  [in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 111 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

Referenced by CPKIFEnvelopedData::AddRecipient().

void PKIFCMS_API keyUsageChecker_KeyAgreement ( const CPKIFCertificateNodeEntryPtr &  certNode,
CPKIFPathValidationResults results,
CertificateType  type 
)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the key agreement bit set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the key agreement bit is set. The keyUsageChecker_Signature function can be used in cases where the digital signature or non-repudiation bits must be set.

This function is TSP-enforcing.

Returns:
None
Parameters:
certNode  [in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results  [in] Reference to a CPKIFPathValidationResults object (not used by this function)
type  [in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 145 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

void PKIFCMS_API keyUsageChecker_Signature ( const CPKIFCertificateNodeEntryPtr &  certNode,
CPKIFPathValidationResults results,
CertificateType  type 
)

Interface: External

This function is intended for use as a functor for use during path validation to handle key usage extensions with the digital signature and/or non-repudiation bits set. This function will extract the certificate from the certNode parameter and mark the key usage extension present in the certificate as processed if present the extension is present and the digital signature and/or non-repudiation bits are set. The keyUsageChecker_Encryption function can be used in cases where the key encipherment bit must be set.

This function is TSP-enforcing.

Returns:
None

added non-repudiation 7/14/2003

Parameters:
certNode  [in] Reference to a smart pointer to a CPKIFCertificateNodeEntry object containing the certificate to process and associated information
results  [in] Reference to a CPKIFPathValidationResults object (not used by this function)
type  [in] CertificateType value indicating the type of certificate, e.g. EE or CA

Definition at line 78 of file CACCMSUtils.cpp.

References PKIFENUMS::EE.

Referenced by VerifyCounterSignatures().

void PKIFCMS_API VerifyCounterSignatures ( CPKIFSignedDataPtr &  sd,
CPKIFSignerInfoPtr &  si,
IPKIFMediatorPtr mediator,
CPKIFPathSettingsPtr &  settings,
CPKIFSignerInfoList sis,
vector< CMSVerificationStatus > &  statusVector,
CPKIFCertificateList certVector,
vector< CPKIFCertificatePathPtr > &  pathVector 
)

Interface: External

This function is used to verify all countersignatures present in the unsigned attribute collection of the SignerInfo passed via the si parameter. A countersignature attribute is itself a SignerInfo object. This function will iterate over all countersignature attributes and verify each. The sis, statusVector, certVector and pathVector parameters are used to return status information. If there is one countersignature, each vector will contain a single value. If there are three countersignature attributes, each vector will contain three values where the [0] entry in each vector corresponds to the first countersignature, the [1] entry in each vector corresponds to the second entry, and so forth.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_MEDIATOR_MISSING) 
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
sd  [in] Reference to a smart pointer to a CPKIFSignedData object contained the SignedData message that is the target of verification
si  [in] Reference to a smart pointer to a CPKIFSignerInfo object containing the countersignature attribute(s) to verify
mediator  [in] Pointer to an IPKIFMediator object that provides the functionality used to verify the countersignature(s)
settings  [in] Reference to a smart pointer to a CPKIFPathSettings object containing the path processing settings to used when verifying the countersignature(s)
sis  [out] Reference to a CPKIFSignerInfoList object to receive the SignerInfo objects from each verified countersignature
statusVector  [out] Reference to a vector of CMSVerificationStatus values to receive the values indicating the result of the verification of each countersignature
certVector  [out] Reference to a CPKIFCertificateList object to receive the certificate used to verify each countersignature
pathVector  [out] Reference to a vector of CPKIFCertificatePathPtr object to receive the certification paths used to verify each of the countersignatures

Definition at line 1800 of file CACCMSUtils.cpp.

References IPKIFPathBuild::BuildPath(), CACASNWRAPPER_CREATE, CERT_PATH_INVALID, CERT_PATH_VERIFIED, CMS_SIGNATURE_INVALID, CMS_SIGNATURE_VERIFIED, COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, CompareHashes(), ComputeSignedAttrHash(), CPKIFAlgorithm::DigestSize(), CPKIFAlgorithm::GetAlg(), GetCACHashAlg(), CPKIFException::GetErrorCode(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), keyUsageChecker_Signature(), HashInfo::m_hashAlg, HashInfo::m_hashResult, MAXHASH, NOT_REVOKED, NOT_VERIFIED, PKIF_CRYPTOPP_RAW_IMPORT_FAILED, PKIFCAPI_KEY_IMPORT_FAILED, PKIFCAPING_KEY_IMPORT_FAILED, PKIFNSS_CERT_IMPORT_FAILED, REV_STATUS_INVALID, REV_STATUS_VERIFIED, REVOKED, CPKIFKeyMaterial::SetCertificate(), CPKIFKeyMaterial::SetWorkingParameters(), PKIFCRYPTO::SHA1, TOOLKIT_MESSAGE, IPKIFPathValidate::ValidatePath(), and IPKIFCryptoRawOperations::Verify().

Variable Documentation

unsigned char nullParams[]

Definition at line 52 of file SignedData.cpp.

Referenced by GetSignerInfo().

Generated on Mon Nov 15 11:18:10 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6