PKIFNSSCRLUpdate.cpp

Go to the documentation of this file.
00001 
00009 #include "PKIFNSSCRLUpdate.h"
00010 
00011 #include "PKIFNSSDatabase.h"
00012 #include "ToolkitUtils.h"
00013 #include "components.h"
00014 #include "PKIFCacheErrors.h"
00015 #include "Buffer.h"
00016 #include "Certificate.h"
00017 #include "CRL.h"
00018 #include "Name.h"
00019 #include "GeneralName.h"
00020 #include "PKIFCacheException.h"
00021 #include "GottaMatch.h"
00022 
00023 #include "PKIFNSSConfig.h"
00024 #include <sstream>
00025 using namespace std;
00026 
00028 struct PKIFNSSCRLUpdateImpl
00029 {
00030     CERTCertDBHandle * m_certDbHandle; //WEAK
00031     CPKIFNSSDatabase * m_db; //WEAK
00032 };
00034 
00035 // throws if this is a different database than the one that's open
00047 CPKIFNSSCRLUpdate::CPKIFNSSCRLUpdate(
00049     const std::string & dbdir)
00050 :m_impl(new PKIFNSSCRLUpdateImpl)
00051 {
00052     LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_SR_NSSCRLUPDATE,0,this);
00053     m_impl->m_certDbHandle = 0;
00054     m_impl->m_db = 0;
00055     // since it doesn't make since in SR to use NSS without a DB,
00056     // if no dbdir is specified, we'll use whatever is open already
00057     if(dbdir == "") {
00058         m_impl->m_db = CPKIFNSSDatabase::GetInstance();
00059     } else {
00060         // this will throw if the database has already been opened
00061         // with a diferent directory, as we can only have one open
00062         // at a time
00063         m_impl->m_db = CPKIFNSSDatabase::GetInstance(dbdir);
00064     }
00065 }
00073 CPKIFNSSCRLUpdate::~CPKIFNSSCRLUpdate(void)
00074 {
00075     LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_SR_NSSCRLUPDATE,0,this);
00076     PKIFDelete(m_impl);
00077     m_impl = 0;
00078 }
00089 void CPKIFNSSCRLUpdate::AddCRL(
00091     const CPKIFCRLPtr& crl, 
00093     const CPKIFGeneralNamePtr& dp)
00094 {   
00095     LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_SR_NSSCRLUPDATE,0,this);
00096     if(0 == m_impl->m_certDbHandle)
00097     {
00098         RAISE_CACHE_EXCEPTION("CPKIFNSSRepository instance not initialized.", thisComponent, COMMON_NOT_INITIALIZED, this)
00099     }
00100     SECItem siCRL;
00101     siCRL.type = siBuffer;
00102     CPKIFBufferPtr encoded = crl->Encoded();
00103     siCRL.data = (unsigned char *)encoded->GetBuffer();
00104     siCRL.len = encoded->GetLength();
00105 
00106     // by the time the CRL gets here, there's no need for NSS to check it again
00107     CERTSignedCrl * imported = 0;
00108     char * uri = 0;
00109     if(dp) {
00110         uri = const_cast<char *>(dp->uri());
00111     }
00112     imported = SEC_NewCrl(m_impl->m_certDbHandle,(char *)uri,&siCRL,SEC_CRL_TYPE);
00113 
00114     if(!imported) {
00115         LOG_STRING_ERROR("Unable to import CRL into NSS",TOOLKIT_SR_NSSCRLUPDATE,
00116             CACHE_UPDATE_FAILED,this);
00117     } else {
00118         LOG_STRING_INFO("Added CRL to NSS store",TOOLKIT_SR_NSSCRLUPDATE,0,this);
00119         SEC_DestroyCrl(imported);
00120     }
00121 }
00130 void CPKIFNSSCRLUpdate::Initialize(void)
00131 {
00132     LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_SR_NSSCRLUPDATE,0,this);
00133     m_impl->m_certDbHandle = CERT_GetDefaultCertDB();
00134 }