00001
00009 #define _DISABLE_LOG4CXX_PATH_LOGGING 1
00010 #include "PKIFPathLogger.h"
00011
00012 #include "ToolkitUtils.h"
00013 #include "components.h"
00014
00015 #include "PKIFCertificateNodeEntry.h"
00016 #include "Certificate.h"
00017 #include "Name.h"
00018 #include "Validity.h"
00019 #include "PolicyInformation.h"
00020 #include "PKIFTime.h"
00021 #include "BuilderStatistics.h"
00022 #include "PKIFCertificatePath.h"
00023 #include "PKIFCertStatus.h"
00024 #include "RevocationSource.h"
00025 #include "PKIFCRLInfo.h"
00026 #include "CRL.h"
00027 #include "CRLEntry.h"
00028 #include "PKIFOCSPInfo.h"
00029 #include "OCSPResponse.h"
00030 #include "ResponseBytes.h"
00031 #include "BasicOCSPResponse.h"
00032 #include "ResponseData.h"
00033 #include "ResponderID.h"
00034 #include "SingleResponse.h"
00035 #include "CertID.h"
00036 #include "PKIFTrustRoot.h"
00037 #include "PKIFPathSettings.h"
00038 #include "CSingletonLDAPConnection.h"
00039 #include "HttpServerBlacklist.h"
00040
00041 #include "Buffer.h"
00042 #include "OID.h"
00043 #include "AlgorithmIdentifier.h"
00044 #include "PathResults.h"
00045
00046 #include "ooasn1.h"
00047 #include "asn1ber.h"
00048 #include "OCSP.h"
00049
00050 #include <iostream>
00051 #include <fstream>
00052 #include <sstream>
00053 #ifndef _DISABLE_LOG4CXX_PATH_LOGGING
00054 #include "log4cxx/logger.h"
00055 #endif
00056
00057
00058 #include "boost/thread/recursive_mutex.hpp"
00059
00060 using namespace std;
00061 using namespace boost;
00062
00063 boost::recursive_mutex g_me;
00064
00073 CPKIFPathLogger::CPKIFPathLogger(void)
00074 {
00075 LOG_STRING_DEBUG("CPKIFPathLogger::CPKIFPathLogger()", TOOLKIT_PATH_MISC, 0, this);
00076 }
00085 CPKIFPathLogger::~CPKIFPathLogger()
00086 {
00087 LOG_STRING_DEBUG("CPKIFPathLogger::~CPKIFPathLogger()", TOOLKIT_PATH_MISC, 0, this);
00088
00089 }
00090
00091
00092
00093
00094 std::ostringstream g_pathLogFile;
00095
00096 void PrintCertInfo(
00098 CPKIFCertificatePtr& cert,
00100 char* token,
00102 ostream* o)
00103 {
00104 *o << token << "Issuer DN\t: " << cert->Issuer()->ToString() << endl;
00105 *o << token << "Serial Number\t: " << cert->SerialNumber() << endl;
00106 *o << token << "Subject DN\t: " << cert->Subject()->ToString() << endl;
00107 *o << token << "Not Before\t: " << cert->Validity()->notBefore()->GetTime() << endl;
00108 *o << token << "Not After\t: " << cert->Validity()->notAfter()->GetTime() << endl;
00109 }
00110
00119 void PrintCertInfo(
00121 CPKIFCertificateNodeEntry& certNode,
00123 char* token,
00125 ostream* o)
00126 {
00127 CPKIFCertificatePtr cert = certNode.GetCert();
00128 PrintCertInfo(cert, token, o);
00129 }
00137 void DumpPolicyTable(
00139 const vector<CPKIFPolicyInformationListPtr>& authSet,
00141 ostream* o )
00142 {
00143 vector<CPKIFPolicyInformationListPtr>::const_iterator authSetPos;
00144 vector<CPKIFPolicyInformationListPtr>::const_iterator authSetEnd = authSet.end();
00145 int rowCount = 0;
00146 for(authSetPos = authSet.begin(); authSetPos != authSetEnd; ++authSetPos,++rowCount)
00147 {
00148 *o << "\t+ Row: " << rowCount << endl;
00149 CPKIFPolicyInformationList::const_iterator authSetPolPos;
00150 CPKIFPolicyInformationList::const_iterator authSetPolEnd = (*authSetPos)->end();
00151 for(authSetPolPos = (*authSetPos)->begin(); authSetPolPos != authSetPolEnd; ++authSetPolPos)
00152 {
00153 *o << "\t\t* " << (*authSetPolPos)->PolicyOID()->ToString() << endl;
00154 }
00155 }
00156 if(authSet.empty())
00157 *o << "\t+ Empty" << endl;
00158
00159 }
00167 void DumpPolicySet(
00169 CPKIFPolicyInformationListPtr& polSet,
00171 ostream* o )
00172 {
00173 if(polSet == (CPKIFPolicyInformationList*)NULL)
00174 {
00175 *o << "\t+ NULL" << endl;
00176 return;
00177 }
00178
00179 if(polSet->empty())
00180 {
00181 *o << "\t+ Empty" << endl;
00182 return;
00183 }
00184
00185 CPKIFPolicyInformationList::const_iterator authSetPolPos;
00186 CPKIFPolicyInformationList::const_iterator authSetPolEnd = polSet->end();
00187 for(authSetPolPos = polSet->begin(); authSetPolPos != authSetPolEnd; ++authSetPolPos)
00188 {
00189 *o << "\t+ " << (*authSetPolPos)->PolicyOID()->ToString() << endl;
00190 }
00191 }
00201 void CPKIFPathLogger::LogPath(
00204 CPKIFCertificatePath& path,
00207 const char* appInfo,
00209 ostream* out)
00210 {
00211 LOG_STRING_DEBUG("CPKIFPathLogger::LogPath", TOOLKIT_PATH_MISC, 0, NULL);
00212
00213 boost::recursive_mutex::scoped_lock lock(g_me);
00214 ostream* o = out;
00215 bool bClearGlobal = false;
00216
00217 if(0 == o && 0 != g_pathLogFile.tellp())
00218 {
00219
00220
00221
00222
00223 }
00224 if(0 == o)
00225 return;
00226
00227 char errBuf[MAX_ERROR_CODE_STRING_SIZE];
00228
00229
00230
00231
00232 *o << endl;
00233 *o << "---------------------------------------------------------------------------------------" << endl;
00234 if(NULL != appInfo)
00235 *o << appInfo << endl;
00236 *o << "Printing information from certificate path" << endl;
00237 *o << "---------------------------------------------------------------------------------------" << endl;
00238 CPKIFBuilderStatisticsPtr bs;
00239 path.GetBuilderStats(bs);
00240 if(bs != (CPKIFBuilderStatistics*)NULL)
00241 {
00242 *o << "- Discovered " << bs->m_nTotalPathsDiscovered << " total paths." << endl;
00243 *o << "- Discovered " << bs->m_nPathsRejectedDueToValidationErrors << " paths that failed basic validation checks." << endl;
00244 *o << "- Returned " << bs->m_nReturnedPaths << " paths for external inspection." << endl;
00245
00246 if(0 < bs->m_nPathsRejectedDueToValidationErrors)
00247 {
00248 vector<int>::iterator fPos = bs->m_vFailureCodes.begin();
00249 vector<int>::iterator fEnd = bs->m_vFailureCodes.end();
00250 *o << "The following diagnostic codes were associated with the validation failures: ";
00251 for(;fPos != fEnd; ++fPos)
00252 {
00253 *o << *fPos;
00254 if(fPos + 1 == fEnd)
00255 *o << "." << endl;
00256 else
00257 *o << ", ";
00258 }
00259 }
00260 }
00261 else
00262 *o << "- No builder statistics available" << endl;
00263
00264 std::vector<std::string> blacklist;
00265 PKIFLDAP::GetServerBlacklist(blacklist);
00266
00267 *o << "- Blacklisted LDAP servers: ";
00268 if(!blacklist.empty())
00269 {
00270 std::vector<std::string>::iterator blPos;
00271 std::vector<std::string>::iterator blEnd = blacklist.end();
00272 for(blPos = blacklist.begin(); blPos != blEnd; ++blPos)
00273 {
00274 if(blPos != blacklist.begin())
00275 *o << ", ";
00276 *o << (*blPos).c_str();
00277 }
00278 *o << endl;
00279 }
00280 else
00281 {
00282 *o << "none" << endl;
00283 }
00284
00285 blacklist.clear();
00286 PKIFHTTP::GetHttpServerBlacklist(blacklist);
00287
00288 *o << "- Blacklisted HTTP servers: ";
00289 if(!blacklist.empty())
00290 {
00291 std::vector<std::string>::iterator blPos;
00292 std::vector<std::string>::iterator blEnd = blacklist.end();
00293 for(blPos = blacklist.begin(); blPos != blEnd; ++blPos)
00294 {
00295 if(blPos != blacklist.begin())
00296 *o << ", ";
00297 *o << (*blPos).c_str();
00298 }
00299 *o << endl;
00300 }
00301 else
00302 {
00303 *o << "none" << endl;
00304 }
00305
00306 CPKIFCertificateNodeList certList;
00307 path.GetPath(certList);
00308
00309 *o << "- Dumping certificate path and certificate status info" << endl;
00310
00311
00312 IPKIFTrustAnchorPtr root;
00313 path.GetTrustRoot(root);
00314 if(root)
00315 {
00316 *o << "\t+ Trust Anchor" << endl;
00317
00318 CPKIFCertificatePtr rootCert;
00319 CPKIFTrustRootPtr taPtr = dynamic_pointer_cast<CPKIFTrustRoot, IPKIFTrustAnchor>(root);
00320 if(taPtr)
00321 {
00322 taPtr->GetCert(rootCert);
00323 }
00324
00325 if(rootCert)
00326 {
00327 PrintCertInfo(rootCert, "\t\t* ", o);
00328 }
00329 else
00330 {
00331 *o << "\t\t* " << "Trust Anchor DN\t: " << root->GetSubjectName()->ToString() << endl;
00332 }
00333 }
00334
00335 CPKIFCertificateNodeList::iterator pos;
00336 CPKIFCertificateNodeList::iterator end = certList.end();
00337 int ii = 1;
00338 for(pos = certList.begin(); pos != end; ++pos, ++ii)
00339 {
00340 *o << "\t+ Certificate #" << ii << endl;
00341
00342 PrintCertInfo(*(*pos), "\t\t* ", o);
00343
00344 PKIInfoSource source = (*pos)->GetSource();
00345 *o << "\t\t\t+ Source: ";
00346 switch(source)
00347 {
00348 case LOCAL:
00349 *o << "LOCAL" << endl;
00350 break;
00351 case REMOTE:
00352 *o << "REMOTE" << endl;
00353 break;
00354 case ALL:
00355 *o << "ALL" << endl;
00356 break;
00357 default:
00358 *o << "UNKNOWN" << endl;
00359 break;
00360 }
00361
00362 *o << "\t\t\t+ Builder score: " << (*pos)->GetScore() << endl;
00363
00364 vector<string> sourceURIs;
00365 (*pos)->GetSources(sourceURIs);
00366 if(!sourceURIs.empty())
00367 {
00368 *o << "\t\t\t+ Retrieved from: ";
00369 vector<string>::iterator uriPos;
00370 vector<string>::iterator uriEnd = sourceURIs.end();
00371 for(uriPos = sourceURIs.begin(); uriPos != uriEnd; ++uriPos)
00372 {
00373 if(sourceURIs.begin() != uriPos)
00374 *o << ", ";
00375 *o << *uriPos;
00376 }
00377 *o << endl;
00378 }
00379
00380 CPKIFCertStatusPtr posStatus = (*pos)->GetStatus();
00381 if(posStatus == (CPKIFCertStatus*)NULL)
00382 {
00383 *o << "\t\t\t+ NO CERT STATUS INFO" << endl;
00384 continue;
00385 }
00386 if(posStatus->GetIsTrustAnchor())
00387 *o << "\t\t\t+ Is a trust anchor" << endl;
00388 else
00389 *o << "\t\t\t+ Is not a trust anchor" << endl;
00390
00391 *o << "\t\t\t+ diagnostic code: " << posStatus->GetDiagnosticCode() << " : " << GetErrorCodeString(posStatus->GetDiagnosticCode(), errBuf) << endl;
00392
00393 if(posStatus->GetPassedValidationChecks())
00394 *o << "\t\t\t+ Basic checks successfully performed" << endl;
00395 else
00396 *o << "\t\t\t+ Basic checks not successfully performed" << endl;
00397
00398 if(posStatus->GetSignatureVerified())
00399 *o << "\t\t\t+ Signature successfully verified" << endl;
00400 else
00401 *o << "\t\t\t+ Signature not successfully verified" << endl;
00402
00403 RevocationStatus rs = posStatus->GetRevocationStatus();
00404 switch(rs)
00405 {
00406 case REVOKED:
00407 *o << "\t\t\t+ Revocation status: REVOKED" << endl;
00408 break;
00409 case NOT_CHECKED:
00410 *o << "\t\t\t+ Revocation status: NOT CHECKED" << endl;
00411 break;
00412 case NOT_REVOKED:
00413 *o << "\t\t\t+ Revocation status: NOT REVOKED" << endl;
00414 break;
00415 case SERVER_CHECKED:
00416 *o << "\t\t\t+ Revocation status: SERVER CHECKED" << endl;
00417 break;
00418 default:
00419 *o << "\t\t\t+ Revocation status: UNKNOWN" << endl;
00420 }
00421
00422
00423 RevocationSourceList rsl;
00424 posStatus->GetRevocationSources(rsl);
00425
00426 RevocationSourceList::iterator rslPos;
00427 RevocationSourceList::iterator rslEnd = rsl.end();
00428 int count = 0;
00429 for(rslPos = rsl.begin(), count = 1; rslPos != rslEnd; ++rslPos, ++count)
00430 {
00431 *o << "\t\t\t+ Revocation source #" << count << endl;
00432 *o << "\t\t\t\t- Revocation source error code: " << (*rslPos)->m_errorCode << " : " << GetErrorCodeString((*rslPos)->m_errorCode, errBuf) << endl;
00433 *o << "\t\t\t\t- Revocation source type: " << (*rslPos)->m_sourceType << endl;
00434 switch((*rslPos)->m_status)
00435 {
00436 case REVOKED:
00437 *o << "\t\t\t\t- Revocation source status: REVOKED" << endl;
00438 break;
00439 case NOT_REVOKED:
00440 *o << "\t\t\t\t- Revocation source status: NOT_REVOKED" << endl;
00441 break;
00442 case NOT_CHECKED:
00443 *o << "\t\t\t\t- Revocation source status: NOT_CHECKED" << endl;
00444 break;
00445 case SERVER_CHECKED:
00446 *o << "\t\t\t\t- Revocation source status: SERVER_CHECKED" << endl;
00447 break;
00448 }
00449
00450 IPKIFRevSourceInfoPtr rsip = (*rslPos)->m_sourceInfo;
00451 switch((*rslPos)->m_sourceType)
00452 {
00453 case REVSOURCE_CRL:
00454 {
00455
00456 CPKIFCRLInfoPtr crlInfo = RevInfoCast<CPKIFCRLInfo>(rsip);
00457
00458 CPKIFCRLList crls;
00459 crlInfo->GetCRLs(crls);
00460
00461 CPKIFCRLList::iterator crlPos;
00462 CPKIFCRLList::iterator crlEnd = crls.end();
00463 int crlCount = 1;
00464 for(crlPos = crls.begin(); crlPos != crlEnd; ++crlPos, ++crlCount)
00465 {
00466 *o << "\t\t\t\t- CRL #" << crlCount << endl;
00467 *o << "\t\t\t\t\t+ CRL issuer: " << (*crlPos)->Issuer()->ToString() << endl;
00468 CPKIFTimePtr thisUpdate = (*crlPos)->ThisUpdate();
00469 if(thisUpdate != (CPKIFTime*)NULL)
00470 {
00471 *o << "\t\t\t\t\t+ thisUpdate: " << thisUpdate->GetTime() << endl;
00472 }
00473 CPKIFTimePtr nextUpdate = (*crlPos)->NextUpdate();
00474 if(nextUpdate != (CPKIFTime*)NULL)
00475 {
00476 *o << "\t\t\t\t\t+ nextUpdate: " << nextUpdate->GetTime() << endl;
00477 }
00478 }
00479
00480 CPKIFCRLEntryPtr crlEntry = crlInfo->GetCRLEntry();
00481 if(crlEntry != (CPKIFCRLEntry*)NULL)
00482 {
00483 *o << "\t\t\t\t\t+ serial number from CRL entry: " << crlEntry->SerialNumber() << endl;
00484 CPKIFTimePtr revDate = crlEntry->RevocationDate();
00485 if(revDate != (CPKIFTime*)NULL)
00486 {
00487 *o << "\t\t\t\t\t+ revocation date from CRL entry: " << revDate->GetTime() << endl;
00488 }
00489 }
00490 }
00491 break;
00492 case REVSOURCE_OCSP:
00493 {
00494 if(rsip != (IPKIFRevSourceInfo*)NULL)
00495 {
00496 CPKIFOCSPInfoPtr ocspInfo = RevInfoCast<CPKIFOCSPInfo>(rsip);
00497
00498 if(ocspInfo != (CPKIFOCSPInfo*)NULL)
00499 {
00500
00501
00502
00503 CPKIFOCSPResponsePtr ocspResponse = ocspInfo->GetOCSPResponse();
00504 if(ocspResponse != (CPKIFOCSPResponse*)NULL)
00505 {
00506 *o << "\t\t\t\t- OCSP response information:" << endl;
00507 char statusString[30];
00508 OCSPResponseStatus ors = ocspResponse->GetResponseStatus();
00509 switch(ors)
00510 {
00511 case successful:
00512
00513 strcpy(statusString, "successful");
00514 break;
00515 case malformedRequest:
00516
00517 strcpy(statusString, "malformedRequest");
00518 break;
00519 case internalError:
00520
00521 strcpy(statusString, "internalError");
00522 break;
00523 case tryLater:
00524
00525 strcpy(statusString, "tryLater");
00526 break;
00527 case sigRequired:
00528
00529 strcpy(statusString, "sigRequired");
00530 break;
00531 case unauthorized:
00532
00533 strcpy(statusString, "unauthorized");
00534 break;
00535 }
00536 *o << "\t\t\t\t\t+ Response status: " << statusString << endl;
00537
00538 if(successful == ors)
00539 {
00540 CPKIFResponseBytesPtr rb = ocspResponse->GetResponseBytes();
00541 *o << "\t\t\t\t\t+ Response type: " << rb->GetResponseType()->ToString() << endl;
00542
00543 CPKIFBasicOCSPResponse bor;
00544 bor.Decode(rb->GetResponse());
00545
00546 CPKIFResponseDataPtr rd = bor.GetResponseData();
00547
00548 CPKIFResponderIDPtr rid = rd->GetResponderID();
00549 *o << "\t\t\t\t\t+ Produced at: " << rd->GetProducedAt()->GetTime() << endl;
00550 if(CPKIFResponderID::NAME == rid->GetChoice())
00551 *o << "\t\t\t\t\t+ Responder name: " << rid->GetName()->ToString() << endl;
00552 else if(CPKIFResponderID::KEYHASH == rid->GetChoice())
00553 {
00554 unsigned char * ascval = new unsigned char[rid->GetHash()->GetLength()*2 + 1];
00555 btoa((const char*)rid->GetHash()->GetBuffer(), (char *)ascval, rid->GetHash()->GetLength());
00556 *o << "\t\t\t\t\t+ Responder key ID: " << ascval << endl;
00557 delete ascval;
00558 }
00559 }
00560
00561
00562
00563
00564 CPKIFSingleResponsePtr singleResponse = ocspInfo->GetSingleResponse();
00565 if(singleResponse != (CPKIFSingleResponse*)NULL)
00566 {
00567 *o << "\t\t\t\t\t+ OCSP single response information:" << endl;
00568 CPKIFTimePtr thisUpdate = singleResponse->GetThisUpdate();
00569 if(thisUpdate != NULL)
00570 *o << "\t\t\t\t\t\t* This update: " << thisUpdate->GetTime() << endl;
00571 CPKIFTimePtr nextUpdate = singleResponse->GetNextUpdate();
00572 if(nextUpdate != NULL)
00573 *o << "\t\t\t\t\t\t* Next update: " << nextUpdate->GetTime() << endl;
00574
00575 CPKIFCertIDPtr certID = singleResponse->GetCertID();
00576 *o << "\t\t\t\t\t\t* Cert serial number: " << certID->GetSerialNumber() << endl;
00577 }
00578 else
00579 *o << "\t\t\t\t\t+ OCSP single response not present" << endl;
00580 }
00581 else
00582 *o << "\t\t\t\t- OCSP basic response not present" << endl;
00583 }
00584 else
00585 *o << "\t\t\t\t- OCSP information not present" << endl;
00586 }
00587 }
00588 break;
00589 }
00590 }
00591 }
00592
00593 *o << endl;
00594 }
00595
00607 void CPKIFPathLogger::LogValidationResults(
00610 CPKIFPathValidationResults& tmpPVR,
00614 CPKIFCertificatePath& path,
00617 const char* appInfo,
00619 ostream* out)
00620 {
00621 LOG_STRING_DEBUG("CPKIFPathLogger::LogValidationResults", TOOLKIT_PATH_MISC, 0, NULL);
00622
00623 boost::recursive_mutex::scoped_lock lock(g_me);
00624
00625 std::ostringstream os;
00626
00627 ostream* o = &os;
00628 ostream* o2 = out;
00629 bool bClearGlobal = false;
00630 if(0 == o2 && 0 != g_pathLogFile.tellp())
00631 {
00632 o2 = &g_pathLogFile;
00633 bClearGlobal = true;
00634 }
00635 if(0 == o2)
00636 return;
00637
00638 char errBuf[MAX_ERROR_CODE_STRING_SIZE];
00639 IPKIFTrustAnchorPtr rootObj;
00640 CPKIFCertificatePtr target, root;
00641 path.GetTarget(target);
00642 path.GetTrustRoot(rootObj);
00643 if(rootObj != (IPKIFTrustAnchor*)NULL)
00644 {
00645 root = rootObj->GetCertificate();
00646 }
00647
00648
00649
00650
00651 *o << "----------------------------------------------------------------------------------------------------" << endl;
00652 *o << endl;
00653 if(NULL != appInfo)
00654 *o << appInfo << endl;
00655 *o << "Current time: " << CPKIFTime::CurrentTime()->GetTime() << endl;
00656
00657
00658 CPKIFPathSettingsPtr ps;
00659 path.GetPathSettings(ps);
00660 if(ps != NULL)
00661 {
00662 *o << "Validation time of interest: " << ps->GetValidationTime()->GetTime() << endl;
00663 }
00664
00665 *o << "Root certificate information" << endl;
00666 if(root != (CPKIFCertificate*)NULL)
00667 {
00668 *o << "\tSubject: " << root->Subject()->ToString() << endl;
00669 *o << "\tIssuer: " << root->Issuer()->ToString() << endl;
00670 *o << "\tSerial number: " << root->SerialNumber() << endl;
00671 }
00672 else if(rootObj != (IPKIFTrustAnchor*)NULL)
00673 {
00674 *o << "\tSubject: " << rootObj->GetSubjectName()->ToString() << endl;
00675 }
00676 else
00677 *o << "\tNo root information present" << endl;
00678
00679 *o << "Target certificate information" << endl;
00680 if(target != (CPKIFCertificate*)NULL)
00681 {
00682 *o << "\tSubject: " << target->Subject()->ToString() << endl;
00683 *o << "\tIssuer: " << target->Issuer()->ToString() << endl;
00684 *o << "\tSerial number: " << target->SerialNumber() << endl;
00685 }
00686 else
00687 *o << "\tNo target information present" << endl;
00688 *o << endl;
00689 *o << "----------------------------------------------------------------------------------------------------" << endl;
00690
00691
00692
00693
00694
00695
00696
00697
00698
00699
00700 *o << "---------------------------------------------------------------------------------------" << endl;
00701 *o << "Printing information from path validation results:" << endl;
00702 *o << "---------------------------------------------------------------------------------------" << endl;
00703
00704 if(tmpPVR.PathSuccessfullyValidated())
00705 {
00706 *o << "- Path successfully validated" << endl;
00707 }
00708 else
00709 {
00710 *o << "- Path not successfully validated" << endl;
00711 *o << "- Diagnostic code: " << tmpPVR.DiagnosticCode() << " -> " << GetErrorCodeString(tmpPVR.DiagnosticCode(), errBuf) << endl;
00712 }
00713
00714 if(tmpPVR.GetBasicChecksSuccessfullyPerformed())
00715 *o << "- Basic checks successfully performed" << endl;
00716 else
00717 *o << "- Basic checks not successfully performed" << endl;
00718
00719 if(tmpPVR.GetCertSignaturesVerified())
00720 *o << "- Cert signatures successfully verified" << endl;
00721 else
00722 *o << "- Cert signatures not successfully verified" << endl;
00723
00724 RevocationStatus rs = tmpPVR.GetRevocationStatusMostSevere();
00725 switch(rs)
00726 {
00727 case REVOKED:
00728 *o << "- Most severe revocation status: REVOKED" << endl;
00729 break;
00730 case NOT_CHECKED:
00731 *o << "- Most severe revocation status: NOT CHECKED" << endl;
00732 break;
00733 case NOT_REVOKED:
00734 *o << "- Most severe revocation status: NOT REVOKED" << endl;
00735 break;
00736 case SERVER_CHECKED:
00737 *o << "- Most severe revocation status: SERVER CHECKED" << endl;
00738 break;
00739 default:
00740 *o << "- Most severe revocation status: UNKNOWN" << endl;
00741 }
00742
00743 bool explicitPolicyIndicator = tmpPVR.GetExplicitPolicyIndicator();
00744 if(explicitPolicyIndicator)
00745 *o << "- Explicit policy indicator: TRUE" << endl;
00746 else
00747 *o << "- Explicit policy indicator: FALSE" << endl;
00748
00749 CPKIFPolicyInformationListPtr authSet, userSet;
00750 tmpPVR.GetAuthorityConstrainedSet(authSet);
00751 tmpPVR.GetUserConstrainedSet(userSet);
00752
00753 const vector<CPKIFPolicyInformationListPtr>* asTable = tmpPVR.GetAuthorityConstrainedSetTable();
00754 *o << "- Authority constrained policy table" << endl;
00755 if(NULL != asTable)
00756 DumpPolicyTable(*asTable, o);
00757 else
00758 *o << "\t NULL" << endl;
00759
00760 *o << "- User constrained policy set" << endl;
00761 DumpPolicySet(userSet, o);
00762
00763 *o << "- Authority constrained policy set" << endl;
00764 DumpPolicySet(authSet, o);
00765
00766 CPKIFCertStatusPtr cs = tmpPVR.GetCertStatus();
00767
00768 if(!tmpPVR.PathSuccessfullyValidated())
00769 {
00770
00771 CPKIFCertificateNodeEntryPtr certNode = tmpPVR.GetCertificate();
00772 if(certNode != (CPKIFCertificateNodeEntry*)NULL)
00773 {
00774 CPKIFCertStatusPtr certStatus;
00775 certNode->GetStatus(certStatus);
00776
00777 *o << "- Certificate with following information failed with diagnostic code " << certStatus->GetDiagnosticCode() << " : " << GetErrorCodeString(certStatus->GetDiagnosticCode(), errBuf) << endl;
00778 PrintCertInfo(*certNode, "\t+ ", o);
00779 }
00780 else
00781 {
00782 *o << "Validation failed but no cert was highlighted." << endl;
00783 }
00784 }
00785
00786 LogPath(path, NULL, o);
00787 *o2 << os.str().c_str();
00788
00789 std::ostringstream *logOutput = dynamic_cast<std::ostringstream*>(o2);
00790 #ifndef _DISABLE_LOG4CXX_PATH_LOGGING
00791 if (logOutput) {
00792 log4cxx::LoggerPtr logger = log4cxx::Logger::getLogger("PKIF");
00793 LOG4CXX_DEBUG (logger, logOutput->str());
00794 }
00795 #endif
00796 o2->flush();
00797
00798 if(bClearGlobal)
00799 {
00800 logOutput->str("");
00801 logOutput->clear();
00802 }
00803 }
