PKIFCacheMediator2.cpp

Go to the documentation of this file.

#include "PKIFCacheMediator2.h"
#include "PKIFCacheErrors.h"
#include "PKIFCacheException.h"
#include "PKIFLog.h"
#include "PKIFCRLDPRetrieval.h"
#include "ToolkitUtils.h"
#include "ScopeGuard.h"
#include "PKIFCRLNodeEntry.h"
#include "GottaMatch.h"


#ifdef _WIN32
#include "PKIFCAPIRepository2.h"
#include "PKIFCAPITrustStore2.h"
#include "CAPITrustRootCRLRepository2.h"
#else
// NSS is needed for the default on non-win32 systems
#include "PKIFNSSRepository.h"
#include "PKIFNSSTrustStore.h"
#include "PKIFNSSCertUpdate.h"
#include "PKIFNSSCRLUpdate.h"
#endif //_WIN32


#include "boost/thread/recursive_mutex.hpp"

#ifdef _WIN32
#ifdef _DEBUG
#include "crtdbg.h"
#endif //_DEBUG
#endif //_WIN32

using namespace std;
using namespace boost;

struct CPKIFCacheMediator2Impl
{   
    CPKIFCacheMediator2Impl(): m_me() 
    {
        m_bInitialized = false;
        m_addDefaultColleagues = false; //false to align with default value passed to CPKIFCacheMediator2 constructor
    };

    boost::recursive_mutex m_me;

    //Declare a bunch of vectors to contain pointers to specific interfaces implemented
    //by colleagues associated with this instance.  m_vModules contains all colleagues.  
    //Each other vector contains 0 or more pointers to specific interfaces.  This is 
    //done to avoid repeatedly performing the same cast operations.
    
    std::vector<IPKIFColleaguePtr> m_vModules;

    std::vector<IPKIFCRLRepositoryUpdatePtr> m_vCRLRepUptadeModules;
    std::vector<IPKIFCRLRepositoryPtr> m_vCRLRepModules;
    std::vector<IPKIFCertRepositoryUpdatePtr> m_vCertRepUpdateModules;
    std::vector<IPKIFCertRepositoryPtr> m_vCertRepModules;
    std::vector<IPKIFCertSearchPtr> m_vCertSearchModules;
    std::vector<IPKIFTrustCachePtr> m_vTrustCacheModules;
    std::vector<IPKIFSupportsSynonymousCRLSourcesPtr> m_vSynonymousCRLSources;
    std::vector<IPKIFSupportsSynonymousCertSourcesPtr> m_vSynonymousCertSources;
    std::vector<IPKIFSynonymousSourceStorePtr> m_vSynonymousStore;

    std::vector<IPKIFCRLRepositoryPtr> m_vNoCRLSynSourceSupport;
    std::vector<IPKIFCertRepositoryPtr> m_vNoCertSynSourceSupport;

    bool m_addDefaultColleagues;

    bool m_bInitialized;

    //functions to check synonymous stores and to add certs to the stores
    void GetCerts(CPKIFCertificateSourceList& certSources, CPKIFCertificateNodeList& certNodeList);
    void GetCerts(CPKIFCertificateSourcePtr& certSource, CPKIFCertificateNodeList& certNodeList);
    void AddCerts(CPKIFCertificateNodeList& certNodeList);

    void GetCrls(const CPKIFCertificatePtr& cert,CPKIFCrlSourceList& crlSources, CPKIFCRLNodeList& crlNodeList);
    void GetCrls(const CPKIFCertificatePtr& cert,CPKIFCrlSourcePtr& crlSource, CPKIFCRLNodeList& crlNodeList);
    void AddCrls(CPKIFCRLNodeList& crlNodeList);
};
void CPKIFCacheMediator2Impl::AddCerts(
    CPKIFCertificateNodeList& certNodeList)
{
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storePos;
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storeEnd = m_vSynonymousStore.end();
    for(storePos = m_vSynonymousStore.begin(); storePos != storeEnd; ++storePos)
    {
        CPKIFCertificateNodeList::iterator certNodePos;
        CPKIFCertificateNodeList::iterator certNodeEnd = certNodeList.end();
        for(certNodePos = certNodeList.begin(); certNodePos != certNodeEnd; ++certNodePos)
        {
            (*storePos)->AddCert(*certNodePos);
        }
    }
}

void CPKIFCacheMediator2Impl::AddCrls(
    CPKIFCRLNodeList& crlNodeList)
{
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storePos;
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storeEnd = m_vSynonymousStore.end();
    for(storePos = m_vSynonymousStore.begin(); storePos != storeEnd; ++storePos)
    {
        CPKIFCRLNodeList::iterator crlNodePos;
        CPKIFCRLNodeList::iterator crlNodeEnd = crlNodeList.end();
        for(crlNodePos = crlNodeList.begin(); crlNodePos != crlNodeEnd; ++crlNodePos)
        {
            (*storePos)->AddCRL(*crlNodePos);
        }
    }
}
void CPKIFCacheMediator2Impl::GetCerts(
    CPKIFCertificateSourcePtr& certSource,
    CPKIFCertificateNodeList& certNodeList)
{
    CPKIFCertificateSourceList list;
    list.push_back(certSource);
    GetCerts(list, certNodeList);
}

void CPKIFCacheMediator2Impl::GetCrls(
    const CPKIFCertificatePtr& cert,
    CPKIFCrlSourcePtr& crlSource,
    CPKIFCRLNodeList& crlNodeList)
{
    CPKIFCrlSourceList list;
    list.push_back(crlSource);
    GetCrls(cert, list, crlNodeList);
}

void CPKIFCacheMediator2Impl::GetCerts(
    CPKIFCertificateSourceList& certSources,
    CPKIFCertificateNodeList& certNodeList)
{
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storePos;
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storeEnd = m_vSynonymousStore.end();
    for(storePos = m_vSynonymousStore.begin(); storePos != storeEnd; ++storePos)
    {
        (*storePos)->GetCerts(certSources, certNodeList);
    } 
}

void CPKIFCacheMediator2Impl::GetCrls(
    const CPKIFCertificatePtr& cert, 
    CPKIFCrlSourceList& crlSources,
    CPKIFCRLNodeList& crlNodeList)
{
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storePos;
    std::vector<IPKIFSynonymousSourceStorePtr>::iterator storeEnd = m_vSynonymousStore.end();
    for(storePos = m_vSynonymousStore.begin(); storePos != storeEnd; ++storePos)
    {
        (*storePos)->GetCRLs(cert, crlSources, crlNodeList);
    } 
}


CPKIFCacheMediator2::CPKIFCacheMediator2(
    bool addDefaultColleagues) : m_impl (new CPKIFCacheMediator2Impl)
{
    m_impl->m_addDefaultColleagues = addDefaultColleagues;
    LOG_STRING_DEBUG("CPKIFCacheMediator2::CPKIFCacheMediator2(void)", TOOLKIT_SR_MEDIATOR, 0, this);
}


CPKIFCacheMediator2::~CPKIFCacheMediator2(void)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::~CPKIFCacheMediator2(void)", TOOLKIT_SR_MEDIATOR, 0, this);

    Terminate();

    if(m_impl) delete m_impl;
    m_impl = NULL;
}

void CPKIFCacheMediator2::Terminate()
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::Terminate()", TOOLKIT_SR_MEDIATOR, 0, this);

    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
    try
    {
        //inform our children that we are dying
        RemoveParentRelationships(m_impl->m_vModules, this);

        RemoveMediatorAssociations();

        //added 7/17/2004
        IPKIFMediator::Terminate();

        //empty all of the vectors of pointers to interfaces
        m_impl->m_vCRLRepUptadeModules.clear();
        m_impl->m_vCRLRepModules.clear();
        m_impl->m_vCertRepUpdateModules.clear();
        m_impl->m_vCertRepModules.clear();
        m_impl->m_vCertSearchModules.clear();
        m_impl->m_vTrustCacheModules.clear();
        m_impl->m_vSynonymousCRLSources.clear();
        m_impl->m_vSynonymousCertSources.clear();
        m_impl->m_vSynonymousStore.clear();
        m_impl->m_vNoCRLSynSourceSupport.clear();
        m_impl->m_vNoCertSynSourceSupport.clear();
        
        //empty the vector of all colleagues
        m_impl->m_vModules.clear(); 
    }
    catch(CPKIFException& )
    {
        //EXCEPTION DELETION
        //no purpose is served by passing on this exception - log it and forget it
        LOG_STRING_ERROR("CPKIFException encountered during CPKIFCacheMediator2 mediator termination", thisComponent, COMMON_TERMINATION_ERROR, this);
        //delete e;
        _ASSERT(false);
    }
    catch(...)
    {
        LOG_STRING_FATAL("Unknown exception encountered during CPKIFCacheMediator2 mediator termination", thisComponent, COMMON_TERMINATION_ERROR, this);
        _ASSERT(false);
    }
}

void CPKIFCacheMediator2::Initialize()
{
    InitializeMediator(NULL);
}

void CPKIFCacheMediator2::InitializeMediator(
    std::vector<CPKIFException*>* errorInfo)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::InitializeMediator(std::vector<CPKIFException*>* errorInfo)", TOOLKIT_SR_MEDIATOR, 0, this);

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
    LOG_STRING_DEBUG("Initializing CPKIFCacheMediator2 mediator", thisComponent, 0, this);

    //if we've already initialized ourselves, then we should throw an exception
    if(m_impl->m_bInitialized)
        throw CPKIFCacheException(thisComponent, COMMON_ALREADY_INITIALIZED, "This instance has already been initialized.  Call Terminate prior to re-initializing.");

    if(m_impl->m_addDefaultColleagues)
    {
#ifdef _WIN32
        // GCC doesn't consider the result of dynamic_pointer_cast to be a reference when
        // used in a function call. Even though VC8 is fine with it, it doesn't hurt
        // and reduces the likelihood of copy and paste errors breaking the tree later.
        IPKIFColleaguePtr cp;
        CPKIFCAPIRepository2Ptr x1(new CPKIFCAPIRepository2());
        CPKIFCAPITrustStore2Ptr x2(new CPKIFCAPITrustStore2());
        CPKIFCAPITrustRootCRLRepository2Ptr x3(new CPKIFCAPITrustRootCRLRepository2());
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIRepository2>(x1);
        AddColleague(cp);
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCAPITrustStore2>(x2);
        AddColleague(cp);
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCAPITrustRootCRLRepository2>(x3);
        AddColleague(cp);
#else
        // moving the UNIX code away from the x1..xn naming convention because
        // as UNIX gets more colleagues here, there's a naming conflict.
        CPKIFNSSRepositoryPtr repo(new CPKIFNSSRepository());
        CPKIFNSSTrustStorePtr trust(new CPKIFNSSTrustStore());
        CPKIFNSSCertUpdatePtr certup(new CPKIFNSSCertUpdate());
        CPKIFNSSCRLUpdatePtr crlup(new CPKIFNSSCRLUpdate());
        // GCC doesn't consider the result of dynamic_pointer_cast to be a reference when
        // used in a function call.
        IPKIFColleaguePtr cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSRepository>(repo);
        AddColleague(cp);
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSTrustStore>(trust);
        AddColleague(cp);
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSCertUpdate>(certup);
        AddColleague(cp);
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSCRLUpdate>(crlup);
        AddColleague(cp);
#endif
        CPKIFCRLDPRetrievalPtr x4(new CPKIFCRLDPRetrieval());
        cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCRLDPRetrieval>(x4);
        AddColleague(cp);
    }
    m_impl->m_bInitialized = true;
}

void CPKIFCacheMediator2::AddColleague(
    IPKIFColleaguePtr& module)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::AddColleague(IPKIFColleague* module, bool transferOwnership)", TOOLKIT_SR_MEDIATOR, 0, this);

    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    if(!module)
        return;

    //if the module throws an exception let the caller catch it
    module->Initialize();
    module->AddParent(this);//added 3/12/2003 CRW

    try
    {
        m_impl->m_vModules.push_back(module);       
        if(dynamic_pointer_cast<IPKIFCRLRepositoryUpdate, IPKIFColleague>(module))
            m_impl->m_vCRLRepUptadeModules.push_back(dynamic_pointer_cast<IPKIFCRLRepositoryUpdate, IPKIFColleague>(module));
        if(dynamic_pointer_cast<IPKIFCRLRepository, IPKIFColleague>(module))
            m_impl->m_vCRLRepModules.push_back(dynamic_pointer_cast<IPKIFCRLRepository, IPKIFColleague>(module));
        if(dynamic_pointer_cast<IPKIFCertRepositoryUpdate, IPKIFColleague>(module))
            m_impl->m_vCertRepUpdateModules.push_back(dynamic_pointer_cast<IPKIFCertRepositoryUpdate, IPKIFColleague>(module));
        if(dynamic_pointer_cast<IPKIFCertRepository, IPKIFColleague>(module))
            m_impl->m_vCertRepModules.push_back(dynamic_pointer_cast<IPKIFCertRepository, IPKIFColleague>(module));
        if(dynamic_pointer_cast<IPKIFCertSearch, IPKIFColleague>(module))
            m_impl->m_vCertSearchModules.push_back(dynamic_pointer_cast<IPKIFCertSearch, IPKIFColleague>(module));
        if(dynamic_pointer_cast<IPKIFTrustCache, IPKIFColleague>(module))
            m_impl->m_vTrustCacheModules.push_back(dynamic_pointer_cast<IPKIFTrustCache, IPKIFColleague>(module));

        if(dynamic_pointer_cast<IPKIFSupportsSynonymousCRLSources, IPKIFColleague>(module))
            m_impl->m_vSynonymousCRLSources.push_back(dynamic_pointer_cast<IPKIFSupportsSynonymousCRLSources, IPKIFColleague>(module));
        else if(dynamic_pointer_cast<IPKIFCRLRepository, IPKIFColleague>(module))
            m_impl->m_vNoCRLSynSourceSupport.push_back(dynamic_pointer_cast<IPKIFCRLRepository, IPKIFColleague>(module));

        if(dynamic_pointer_cast<IPKIFSupportsSynonymousCertSources, IPKIFColleague>(module))
            m_impl->m_vSynonymousCertSources.push_back(dynamic_pointer_cast<IPKIFSupportsSynonymousCertSources, IPKIFColleague>(module));
        else if(dynamic_pointer_cast<IPKIFCertRepository, IPKIFColleague>(module))
            m_impl->m_vNoCertSynSourceSupport.push_back(dynamic_pointer_cast<IPKIFCertRepository, IPKIFColleague>(module));
        
        if(dynamic_pointer_cast<IPKIFSynonymousSourceStore, IPKIFColleague>(module))
            m_impl->m_vSynonymousStore.push_back(dynamic_pointer_cast<IPKIFSynonymousSourceStore, IPKIFColleague>(module));
    }
    catch(...)
    {
        throw;
    }
}

//GENERAL PHILOSOPHY OF FOLLOWING FUNCTIONS
//  This mediator catches all exceptions that emanate from lower-level PKIF objects.  Exception
//contents are recorded in the audit log but the exceptions are NOT throw to the application.  The
//application will remain unaware of the exception.  This allows other colleagues an opportunity to
//satisfy the request.  In the event that an unsatisfied request leaves results in the failure of
//a higher level operation, the application will be notified of the higher level failure, possibly
//by an exception.  If no colleague supports the requested operation an exception is thrown indicating
//that the operation was not handled.

void CPKIFCacheMediator2::GetCRLs(const CPKIFCertificatePtr& cert, CPKIFCRLNodeList& crlNodeList, PKIInfoSource source)
{
    CPKIFPathSettingsPtr ps;
    GetCRLs(cert, crlNodeList, source, ps);
}
void CPKIFCacheMediator2::GetCRLs(const CPKIFCertificatePtr& cert, CPKIFCRLNodeList& crlNodeList, PKIInfoSource source, CPKIFPathSettingsPtr& ps)
{
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCRLRepositoryPtr>::iterator pos;
    vector<IPKIFCRLRepositoryPtr>::iterator end;

    bool opAttempted = false, opSucceeded = false;
    if(!m_impl->m_vSynonymousStore.empty() || !m_impl->m_vSynonymousCRLSources.empty())
    {
        //if there is a synonymous store, consult it first
        opAttempted = true;
        opSucceeded = true;

        CPKIFCrlSourceList crlSources;

        //get a list of sources
        std::vector<IPKIFSupportsSynonymousCRLSourcesPtr>::iterator sourcePos;
        std::vector<IPKIFSupportsSynonymousCRLSourcesPtr>::iterator sourceEnd = m_impl->m_vSynonymousCRLSources.end();
        for(sourcePos = m_impl->m_vSynonymousCRLSources.begin(); sourcePos != sourceEnd; ++sourcePos)
        {
            (*sourcePos)->GetCRLSources(cert, crlSources);
        }

        //attempt to retrieve sources.  try store first then retrieve if not in store
        //  - this should be async but isn't right now
        CPKIFCrlSourceList::iterator sourceListPos;
        CPKIFCrlSourceList::iterator sourceListEnd = crlSources.end();
        for(sourceListPos = crlSources.begin(); sourceListPos != sourceListEnd; ++sourceListPos)
        {
            bool bAddToSynStore = false;
            CPKIFCRLNodeList tempNodeList;

            m_impl->GetCrls(cert, *sourceListPos, tempNodeList);

            if(tempNodeList.empty() && PAS_PENDING == (*sourceListPos)->GetState() && LOCAL != source)
            {
                //nothing was in the syn store and the source is still pending.  try to retrieve from it.
                (*sourceListPos)->GetCrls(tempNodeList);
                bAddToSynStore = true;
            }

            if(!tempNodeList.empty())
            {
                //either the syn store or the source itself found something, mark it as available
                (*sourceListPos)->SetState(PAS_AVAILABLE);

                //add anything not already in the outbound node list to the list
                GottaMatch<CPKIFCRLNodeEntryPtr> gm;
                CPKIFCRLNodeList::iterator crlNodePos;
                CPKIFCRLNodeList::iterator crlNodeEnd = tempNodeList.end();
                for(crlNodePos = tempNodeList.begin(); crlNodePos != crlNodeEnd; ++crlNodePos)
                {
                    gm.SetRHS(*crlNodePos);
                    if(crlNodeList.end() == find_if(crlNodeList.begin(), crlNodeList.end(), gm))
                    {
                        crlNodeList.push_back(*crlNodePos);
                    }
                }

                //add stuff to the syn store (if not collected from there)
                if(bAddToSynStore)
                    m_impl->AddCrls(tempNodeList);
            }
            else if(LOCAL != source)
            {
                //the source is unavailable - record this fact in the store
                CPKIFCRLNodeEntryPtr newNode(new CPKIFCRLNodeEntry);
                newNode->SetState(PAS_UNAVAILABLE);
                vector<string> unavailableSources;
                (*sourceListPos)->GetSources(unavailableSources);
                vector<string>::iterator uapos;
                vector<string>::iterator uaend = unavailableSources.end();
                for(uapos = unavailableSources.begin(); uapos != uaend; ++uapos)
                    newNode->AddSource(*uapos);

                tempNodeList.push_back(newNode);
                m_impl->AddCrls(tempNodeList);
            }
        }

        //set up the iterators for the remaining stores (if any)
        pos = m_impl->m_vNoCRLSynSourceSupport.begin();
        end = m_impl->m_vNoCRLSynSourceSupport.end();
    }
    else
    {
        //set up the iterators for all stores
        pos = m_impl->m_vCRLRepModules.begin();
        end = m_impl->m_vCRLRepModules.end();
    }

/*

            PKIArtifactState state = (*crlSourcePos)->GetState();
            if(PAS_PENDING == state && LOCAL != source)
            {
                (*crlSourcePos)->GetCrls(tmpNodeList);

                CPKIFCRLNodeList::iterator crlNodePos;
                CPKIFCRLNodeList::iterator crlNodeEnd = tmpNodeList.end();
                for(crlNodePos = tmpNodeList.begin(); crlNodePos != crlNodeEnd; ++crlNodePos)
                {
                    if(PAS_PENDING != (*crlNodePos)->GetState())
                    {
                        if(PAS_AVAILABLE == (*crlNodePos)->GetState())
                        {
                            //if it's available, add the CRL to local stores
                            CPKIFGeneralNamePtr emptyDP;
                            AddCRL((*crlNodePos)->GetCRL(), emptyDP);

                            GottaMatch<CPKIFCRLNodeEntryPtr> gm;
                            gm.SetRHS(*crlNodePos);
                            if(crlNodeList.end() == find_if(crlNodeList.begin(), crlNodeList.end(), gm))
                                crlNodeList.push_back(*crlNodePos);
                        }

                        //either way, available or not, update syn store
                        std::vector<IPKIFSynonymousSourceStorePtr>::iterator storePos;
                        std::vector<IPKIFSynonymousSourceStorePtr>::iterator storeEnd = m_impl->m_vSynonymousStore.end();
                        for(storePos = m_impl->m_vSynonymousStore.begin(); storePos != storeEnd; ++storePos)
                        {
                            (*storePos)->AddCRL(*crlNodePos);
                        }
                    }
                }
            }
            else if(PAS_AVAILABLE == state)
            {
                CPKIFCRLNodeList tmpNodeList;
                (*crlSourcePos)->GetCrls(tmpNodeList);

                CPKIFCRLNodeList::iterator crlNodePos;
                CPKIFCRLNodeList::iterator crlNodeEnd = tmpNodeList.end();
                for(crlNodePos = tmpNodeList.begin(); crlNodePos != crlNodeEnd; ++crlNodePos)
                {
                    GottaMatch<CPKIFCRLNodeEntryPtr> gm;
                    gm.SetRHS(*crlNodePos);
                    if(crlNodeList.end() == find_if(crlNodeList.begin(), crlNodeList.end(), gm))
                        crlNodeList.push_back(*crlNodePos);
                }
            }
        }*/

        //then consult any colleagues that do not support synonymous sources
        IPKIFCRLRepository* crlRep = NULL;      
        for(; pos != end; ++pos)
        {
            try
            {
                opAttempted = true;
                (*pos)->GetCRLs(cert, crlNodeList, source, ps);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            }
        }
/*  }
    else
    {
        //if there isn't a synonymous store, try to retrieve CRLs from 
        //types of sources indicated by source
        vector<IPKIFCRLRepositoryPtr>::iterator pos;
        vector<IPKIFCRLRepositoryPtr>::iterator end = m_impl->m_vCRLRepModules.end();
        IPKIFCRLRepository* crlRep = NULL;
        bool opAttempted = false, opSucceeded = false;
        for(pos = m_impl->m_vCRLRepModules.begin(); pos != end; ++pos)
        {
            try
            {
                opAttempted = true;
                (*pos)->GetCRLs(cert, crlNodeList, source, ps);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            }
        }

        if(!opAttempted)
            throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

        if(!opSucceeded)
            throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
    }*/
}

void CPKIFCacheMediator2::GetCRLs(
    const CPKIFCertificatePtr& cert,
    CPKIFCRLList& crlList,
    PKIInfoSource source)
{
    CPKIFPathSettingsPtr ps;
    GetCRLs(cert, crlList, source, ps);
}
void CPKIFCacheMediator2::GetCRLs(const CPKIFCertificatePtr& cert, CPKIFCRLList& crlList, PKIInfoSource source, CPKIFPathSettingsPtr& ps)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCRLs", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCRLRepositoryPtr>::iterator pos;
    vector<IPKIFCRLRepositoryPtr>::iterator end = m_impl->m_vCRLRepModules.end();
    IPKIFCRLRepository* crlRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCRLRepModules.begin(); pos != end; ++pos)
    {
        try
        {
            opAttempted = true;
            (*pos)->GetCRLs(cert, crlList, source, ps);
            opSucceeded = true;
        }
        catch(CPKIFException& e)
        {
            //EXCEPTION DELETION
            //mediators eat exceptions and throw an "op not handled" exception
            //if no colleagues are able to successfully complete an operation
            std::string reason = "A cache-related exception was thrown.  ";
            reason.append(*e.print());
            AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            //delete e;
        }
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::GetCertificates(
    const CPKIFNamePtr& subDN, 
    CPKIFCertificateList& certList, 
    PKIInfoSource source)
{
    CPKIFPathSettingsPtr ps;
    GetCertificates(subDN, certList, source, ps);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFNamePtr& subDN, 
    CPKIFCertificateList& certList, 
    PKIInfoSource source,
    CPKIFPathSettingsPtr& ps)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCertificates", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertRepositoryPtr>::iterator pos;
    vector<IPKIFCertRepositoryPtr>::iterator end = m_impl->m_vCertRepModules.end();
    IPKIFCertRepository* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertRepModules.begin(); pos != end; ++pos)
    {
        
            try
            {
                opAttempted = true;
                (*pos)->GetCertificates(subDN, certList, source, ps);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::GetCertificates(
    const CPKIFNamePtr& subDN, 
    CPKIFCertificateNodeList& certList, 
    PKIInfoSource source)
{
    CPKIFPathSettingsPtr ps;
    GetCertificates(subDN, certList, source, ps);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFNamePtr& subDN, 
    CPKIFCertificateNodeList& certList, 
    PKIInfoSource source,
    CPKIFPathSettingsPtr& ps)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCertificates", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertRepositoryPtr>::iterator pos;
    vector<IPKIFCertRepositoryPtr>::iterator end = m_impl->m_vCertRepModules.end();
    IPKIFCertRepository* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertRepModules.begin(); pos != end; ++pos)
    {
            try
            {
                opAttempted = true;
                (*pos)->GetCertificates(subDN, certList, source, ps);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFCertificatePtr& cert, 
    CPKIFCertificateList& certList, 
    PKIInfoSource source, 
    PathBuildingDirection pbd)
{
    CPKIFPathSettingsPtr ps;
    GetCertificates(cert, certList, source, pbd, ps);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFCertificatePtr& cert, 
    CPKIFCertificateList& certList, 
    PKIInfoSource source, 
    PathBuildingDirection pbd,
    CPKIFPathSettingsPtr& ps)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCertificates", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertRepositoryPtr>::iterator pos;
    vector<IPKIFCertRepositoryPtr>::iterator end = m_impl->m_vCertRepModules.end();
    IPKIFCertRepository* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertRepModules.begin(); pos != end; ++pos)
    {
        try
        {
            opAttempted = true;
            (*pos)->GetCertificates(cert, certList, source, pbd, ps);
            opSucceeded = true;
        }
        catch(CPKIFException& e)
        {
            //EXCEPTION DELETION
            //mediators eat exceptions and throw an "op not handled" exception
            //if no colleagues are able to successfully complete an operation
            std::string reason = "A cache-related exception was thrown.  ";
            reason.append(*e.print());
            AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            //delete e;
        }
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFCertificatePtr& cert, 
    CPKIFCertificateNodeList& certNodeList, 
    PKIInfoSource source, 
    PathBuildingDirection pbd)
{
    CPKIFPathSettingsPtr ps;
    GetCertificates(cert, certNodeList, source, pbd, ps);
}
void CPKIFCacheMediator2::GetCertificates(
    const CPKIFCertificatePtr& cert, 
    CPKIFCertificateNodeList& certNodeList, 
    PKIInfoSource source, 
    PathBuildingDirection pbd,
    CPKIFPathSettingsPtr& ps)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCertificates", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me); 

    vector<IPKIFCertRepositoryPtr>::iterator pos;
    vector<IPKIFCertRepositoryPtr>::iterator end;

    bool opAttempted = false, opSucceeded = false;

    if(!m_impl->m_vSynonymousStore.empty() || !m_impl->m_vSynonymousCertSources.empty()) 
    {
        //if there is a synonymous store, consult it first
        opAttempted = true;
        opSucceeded = true;

        CPKIFCertificateSourceList certSources;

        //get a list of sources
        std::vector<IPKIFSupportsSynonymousCertSourcesPtr>::iterator sourcePos;
        std::vector<IPKIFSupportsSynonymousCertSourcesPtr>::iterator sourceEnd = m_impl->m_vSynonymousCertSources.end();
        for(sourcePos = m_impl->m_vSynonymousCertSources.begin(); sourcePos != sourceEnd; ++sourcePos)
        {
            (*sourcePos)->GetCertificateSources(cert, certSources, pbd);
        }

        //attempt to retrieve sources.  try store first then retrieve if not in store
        //  - this should be async but isn't right now
        CPKIFCertificateSourceList::iterator sourceListPos;
        CPKIFCertificateSourceList::iterator sourceListEnd = certSources.end();
        for(sourceListPos = certSources.begin(); sourceListPos != sourceListEnd; ++sourceListPos)
        {
            bool bAddToSynStore = false;
            CPKIFCertificateNodeList tempNodeList;

            //this function on the impl will try all of the syn stores
            m_impl->GetCerts(*sourceListPos, tempNodeList);

            if(tempNodeList.empty() && PAS_PENDING == (*sourceListPos)->GetState() && LOCAL != source)
            {
                //nothing was in the syn store and the source is still pending.  try to retrieve from it.
                (*sourceListPos)->GetCertificates(tempNodeList, pbd);
                bAddToSynStore = true;
            }
    
            if(!tempNodeList.empty())
            {
                //either the syn store or the source itself found something, mark it as available
                (*sourceListPos)->SetState(PAS_AVAILABLE);

                //add anything not already in the outbound node list to the list
                GottaMatch<CPKIFCertificateNodeEntryPtr> gm;
                CPKIFCertificateNodeList::iterator certNodePos;
                CPKIFCertificateNodeList::iterator certNodeEnd = tempNodeList.end();
                for(certNodePos = tempNodeList.begin(); certNodePos != certNodeEnd; ++certNodePos)
                {
                    gm.SetRHS(*certNodePos);
                    if(certNodeList.end() == find_if(certNodeList.begin(), certNodeList.end(), gm))
                    {
                        certNodeList.push_back(*certNodePos);
                    }
                }

                //add stuff to the syn store (if not collected from there)
                if(bAddToSynStore)
                    m_impl->AddCerts(tempNodeList);
            }
            else if(LOCAL != source)
            {
                //the source is unavailable - record this fact in the store
                CPKIFCertificateNodeEntryPtr newNode(new CPKIFCertificateNodeEntry);
                newNode->SetState(PAS_UNAVAILABLE);
                vector<string> unavailableSources;
                (*sourceListPos)->GetSources(unavailableSources);
                vector<string>::iterator uapos;
                vector<string>::iterator uaend = unavailableSources.end();
                for(uapos = unavailableSources.begin(); uapos != uaend; ++uapos)
                    newNode->AddSource(*uapos);

                tempNodeList.push_back(newNode);
                m_impl->AddCerts(tempNodeList);
            }
        }

        //set up the iterators for the remaining stores (if any)
        pos = m_impl->m_vNoCertSynSourceSupport.begin();
        end = m_impl->m_vNoCertSynSourceSupport.end();
    }
    else
    {
        //set up the iterators for all stores
        pos = m_impl->m_vCertRepModules.begin();
        end = m_impl->m_vCertRepModules.end();
    }

    IPKIFCertRepository* certRep = NULL;
    for(; pos != end; ++pos)
    {
        try
        {
            opAttempted = true;
            (*pos)->GetCertificates(cert, certNodeList, source, pbd, ps);
            opSucceeded = true;
        }
        catch(CPKIFException& e)
        {
            //EXCEPTION DELETION
            //mediators eat exceptions and throw an "op not handled" exception
            //if no colleagues are able to successfully complete an operation
            std::string reason = "A cache-related exception was thrown.  ";
            reason.append(*e.print());
            AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            //delete e;
        }
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

bool CPKIFCacheMediator2::GetTrustRoots(
    const CPKIFNamePtr& subDN, 
    IPKIFTrustAnchorList& rootList)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetTrustRoots", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated trust root cache objects and build up the rootList.
    //true is returned if the list is grown and false is returned if the list is not grown.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFTrustCachePtr>::iterator pos;
    vector<IPKIFTrustCachePtr>::iterator end = m_impl->m_vTrustCacheModules.end();
    IPKIFTrustCache* trustCache = NULL;
    const size_t origSize = rootList.size();
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vTrustCacheModules.begin(); pos != end; ++pos)
    {

            try
            {
                opAttempted = true;
                (*pos)->GetTrustRoots(subDN, rootList);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);

    return origSize != rootList.size();
}

void CPKIFCacheMediator2::AddCRL(
    const CPKIFCRLPtr& crl,
    const CPKIFGeneralNamePtr& dp)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::AddCRL", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will add the crl to all associated cert update objects that will act 
    //on the specified name type.  Currently no error is throw if nothing actually
    //handles the crl.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCRLRepositoryUpdatePtr>::iterator pos;
    vector<IPKIFCRLRepositoryUpdatePtr>::iterator end = m_impl->m_vCRLRepUptadeModules.end();
    IPKIFCRLRepositoryUpdate* crlRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCRLRepUptadeModules.begin(); pos != end; ++pos)
    {

            try
            {
                opAttempted = true;
                (*pos)->AddCRL(crl, dp);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }


    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::AddCertificate(
    CertType certType, 
    const CPKIFCertificatePtr& cert)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::AddCertificate(CertType certType, const CPKIFCertificatePtr& cert)", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will add the cert to all associated cert update objects that will act 
    //on the specified type of certificate.  Currently no error is throw if nothing actually
    //handles the cert. 

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertRepositoryUpdatePtr>::iterator pos;
    vector<IPKIFCertRepositoryUpdatePtr>::iterator end = m_impl->m_vCertRepUpdateModules.end();
    IPKIFCertRepositoryUpdate* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertRepUpdateModules.begin(); pos != end; ++pos)
    {
            try
            {
                opAttempted = true;
                (*pos)->AddCertificate(certType, cert);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::AddCertificate(
    CertType certType, 
    const CPKIFCertificateNodeEntryPtr& cert)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::AddCertificate(CertType certType, const CPKIFCertificateNodeEntryPtr& cert)", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will add the cert to all associated cert update objects that will act 
    //on the specified type of certificate.  Currently no error is throw if nothing actually
    //handles the cert. 

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertRepositoryUpdatePtr>::iterator pos;
    vector<IPKIFCertRepositoryUpdatePtr>::iterator end = m_impl->m_vCertRepUpdateModules.end();
    IPKIFCertRepositoryUpdate* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertRepUpdateModules.begin(); pos != end; ++pos)
    {

            try
            {
                opAttempted = true;
                (*pos)->AddCertificate(certType, cert);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::FindKeys(IPKIFSearchCriteria* searchCriteria, IPKIFNameAndKeyList& keyList, PKIInfoSource source)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::FindKeys", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertSearchPtr>::iterator pos;
    vector<IPKIFCertSearchPtr>::iterator end = m_impl->m_vCertSearchModules.end();
    IPKIFCertSearch* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertSearchModules.begin(); pos != end; ++pos)
    {
        try
        {
            opAttempted = true;
            (*pos)->FindKeys(searchCriteria, keyList, source);
            opSucceeded = true;
        }
        catch(CPKIFException& e)
        {
            //EXCEPTION DELETION
            //mediators eat exceptions and throw an  "op not handled" exception
            //if no colleagues are able to successfully complete an operation
            std::string reason = "A cache-related exception was thrown.  ";
            reason.append(*e.print());
            AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            //delete e;
        }
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}

void CPKIFCacheMediator2::FindCertificates(
    IPKIFSearchCriteria* searchCriteria,
    CPKIFCertificateList& certList,
    PKIInfoSource source)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::FindCertificates", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFCertSearchPtr>::iterator pos;
    vector<IPKIFCertSearchPtr>::iterator end = m_impl->m_vCertSearchModules.end();
    IPKIFCertSearch* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vCertSearchModules.begin(); pos != end; ++pos)
    {
            try
            {
                opAttempted = true;
                (*pos)->FindCertificates(searchCriteria, certList, source);
                opSucceeded = true;
            }
            catch(CPKIFException& e)
            {
                //EXCEPTION DELETION
                //mediators eat exceptions and throw an  "op not handled" exception
                //if no colleagues are able to successfully complete an operation
                std::string reason = "A cache-related exception was thrown.  ";
                reason.append(*e.print());
                AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
                //delete e;
            }
        
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}
void CPKIFCacheMediator2::GetColleagues(
    std::vector<IPKIFColleaguePtr>& v) const
{
    copy(m_impl->m_vModules.begin(),m_impl->m_vModules.end(), back_inserter(v));
}
void CPKIFCacheMediator2::GetCertificateSources(
    const CPKIFCertificatePtr& cert,
    CPKIFCertificateSourceList& certs, 
    PathBuildingDirection pbd)
{
    LOG_STRING_DEBUG("CPKIFCacheMediator2::GetCertificateSources", TOOLKIT_SR_MEDIATOR, 0, this);

    //This function will iterate over all associated cert cache objects and build up the certList.  This
    //function relies solely on the associated objects and does nothing with the source other than pass it on.

    //CCACSynchronizedObject so(m_impl->m_md);
    boost::recursive_mutex::scoped_lock lock(m_impl->m_me);

    vector<IPKIFSupportsSynonymousCertSourcesPtr>::iterator pos;
    vector<IPKIFSupportsSynonymousCertSourcesPtr>::iterator end = m_impl->m_vSynonymousCertSources.end();
    IPKIFCertSearch* certRep = NULL;
    bool opAttempted = false, opSucceeded = false;
    for(pos = m_impl->m_vSynonymousCertSources.begin(); pos != end; ++pos)
    {
        try
        {
            opAttempted = true;
            (*pos)->GetCertificateSources(cert, certs, pbd);
            opSucceeded = true;
        }
        catch(CPKIFException& e)
        {
            //EXCEPTION DELETION
            //mediators eat exceptions and throw an  "op not handled" exception
            //if no colleagues are able to successfully complete an operation
            std::string reason = "A cache-related exception was thrown.  ";
            reason.append(*e.print());
            AuditString(EVENTLOG_WARNING_TYPE, CAT_PKIF_CACHE, PKIF_UNEXPECTED_EXCEPTION, reason.c_str(), thisComponent, COMMON_UNKNOWN_ERROR, this);
            //delete e;
        }
    }

    if(!opAttempted)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_HANDLED);

    if(!opSucceeded)
        throw CPKIFCacheException(thisComponent, COMMON_OPERATION_NOT_SUCCESSFUL);
}