SCVPUtils.cpp

Go to the documentation of this file.

//PKIF includes
#include "AlgorithmIdentifier.h"
#include "ASN1Helper.h"
#include "Buffer.h"
#include "Certificate.h"
#include "CRL.h"
#include "Duration.h"
#include "IPKIFCryptoMisc.h"
#include "IPKIFHashContext.h"
#include "KeyUsage.h"
#include "Name.h"
#include "OID.h"
#include "Period.h"
#include "PKIFAlgorithm.h"
#include "PKIFCertificatePath.h"
#include "PKIFMediators.h"
#include "PKIFCryptUtils.h"
#include "PKIFPathSettings.h"
#include "PKIFTime.h"
#include "PolicyInformation.h"
#include "ToolkitUtils.h"

//PKIFSCVP includes
#include "PKIFSCVP.h"
#include "private/SCVPUtils.h"

//PKIFCMS includes
#include "ContentInfo.h"
#include "EncapsulatedContentInfo.h"
#include "PKIFCMSUtils.h"
#include "SignedData.h"
#include "SignerInfo.h"

void PopulateKeyAgreePublicKey(CACX509V3AlgorithmIdentifier* objAlgID, CPKIFAlgorithmIdentifierPtr algID)
{
    CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
    ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
    CopyOID(&objAlgID->algorithm, tmpOid);

    if(NULL != tmpOid)
        delete tmpOid;

    if(algID->hasParameters())
    {
        objAlgID->m.parametersPresent = 1;

        objAlgID->parameters.data = algID->parameters()->GetBuffer();
        objAlgID->parameters.numocts = algID->parameters()->GetLength();
    }
}
void PopulateKeyUsage(
    CACX509V3KeyUsage* keyUsageStruct,
    CPKIFKeyUsagePtr& keyUsage)
{
    int num = 0;
    if(keyUsage->DigitalSignature())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3digitalSignature;
        if(num == 0 || num < 1)
            num = 1;
    }
    if(keyUsage->NonRepudiation())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3nonRepudiation;
        if(num == 0 || num < 2)
            num = 2;
    }
    if(keyUsage->KeyEncipherment())  
    {
        keyUsageStruct->data[0] |= BitMCACX509V3keyEncipherment;
        if(num == 0 || num > 3)
            num = 3;
    }
    if(keyUsage->DataEncipherment()) 
    {
        keyUsageStruct->data[0] |= BitMCACX509V3dataEncipherment;
        if(num == 0 || num < 4)
            num = 4;
    }
    if(keyUsage->KeyAgreement())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3keyAgreement;
        if(num == 0 || num < 5)
            num = 5;
    }
    if(keyUsage->KeyCertSign())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3keyCertSign;
        if(num == 0 || num < 6)
            num = 6;
    }
    if(keyUsage->CRLSign())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3cRLSign;
        if(num == 0 || num < 7)
            num = 7;
    }
    if(keyUsage->EncipherOnly())
    {
        keyUsageStruct->data[0] |= BitMCACX509V3encipherOnly;
        if(num == 0 || num < 8)
            num = 8;
    }
    if(keyUsage->DecipherOnly())
    {
        keyUsageStruct->data[1] |= BitMCACX509V3decipherOnly;
        if(num == 0 || num < 9) 
            num = 9;
    }

    keyUsageStruct->numbits = num;
}


void PopulateValidationPolicy(ValidationPolicy* valPolResponse, CPKIFValidationPolicyPtr valPol, OOCTXT& ctxt)
{

    //ValidationPolRef
    CPKIFValidationPolRefPtr valPolRef = valPol->GetValidationPolRef();
    if(valPolRef == (CPKIFValidationPolRef*)NULL)
    {
        throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "ValidationPolRef value not specified.");
    }
    else
    {

        valPolResponse->validationPolRef.m.valPolParamsPresent = valPolRef->hasParameters();
        if(valPolRef->hasParameters())
        {
            valPolResponse->validationPolRef.valPolParams.data = valPolRef->parameters()->GetBuffer();
            valPolResponse->validationPolRef.valPolParams.numocts = valPolRef->parameters()->GetLength();
        }
        CPKIFStringPtr str2(new std::string(valPolRef->oid()->ToString()));
        ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str2);

        CopyOID(&valPolResponse->validationPolRef.valPolId, tmpOid);
        if(tmpOid != NULL)
            delete tmpOid;
    }

    //ValidationAlg
    CPKIFValidationAlgPtr valAlg = valPol->GetValidationAlg();
    if(valAlg != (CPKIFValidationAlg*)NULL)
    {
        valPolResponse->validationAlg.m.parametersPresent = valAlg->hasParameters();
        if(valAlg->hasParameters())
        {
            valPolResponse->validationAlg.parameters.data = valAlg->parameters()->GetBuffer();
            valPolResponse->validationAlg.parameters.numocts = valAlg->parameters()->GetLength();
        }
        CPKIFStringPtr str2(new std::string(valAlg->oid()->ToString()));
        ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str2);

        CopyOID(&valPolResponse->validationAlg.valAlgId, tmpOid);
        if(tmpOid != NULL)
            delete tmpOid;
        
        valPolResponse->m.validationAlgPresent = 1;
    }
    //UserPolicySet
    CPKIFPolicyInformationListPtr userPolicyList;
    valPol->GetInitialPolicySet(userPolicyList);
    if(userPolicyList != (CPKIFOIDList*)NULL && !userPolicyList->empty())
    {
        DListNode* curPol = NULL;
        //iterate over oids
        CPKIFPolicyInformationList::iterator oidPos;    
        CPKIFPolicyInformationList::iterator oidEnd = userPolicyList->end();
        for(oidPos = userPolicyList->begin(); oidPos != oidEnd; ++oidPos)
        {
            if(NULL == curPol)
            {
                NEW_NODE(curPol)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curPol)
            }

            ASN1OBJID* tmpOid = new ASN1OBJID;
            
            CPKIFStringPtr str(new std::string((*oidPos)->PolicyOID()->ToString())); 
            ASN1OBJID* tmpOid2 = ConvertStringToASN1OBJID(str);
            CopyOID(tmpOid, tmpOid2);

            if(NULL != tmpOid2)
                delete tmpOid2;
            
            curPol->data = tmpOid;

            SET_HEAD_TAIL_INCREMENT(valPolResponse->userPolicySet, curPol)
        }
        valPolResponse->m.userPolicySetPresent = 1;
    }


    //inhibitPolicyMapping
    if(valPol->GetInitialPolicyMappingInhibitIndicator())
    {
        valPolResponse->inhibitPolicyMapping = true;
        valPolResponse->m.inhibitPolicyMappingPresent = 1;
    }
    //requireExplicitPolicy
    if(valPol->GetInitialExplicitPolicyIndicator())
    {
        valPolResponse->requireExplicitPolicy = true;
        valPolResponse->m.requireExplicitPolicyPresent = 1;
    }
    //inhibitAnyPolicy
    if(valPol->GetInitialInhibitAnyPolicyIndicator())
    {
        valPolResponse->inhibitAnyPolicy = true;
        valPolResponse->m.inhibitAnyPolicyPresent = 1;
    }

    //TAs
    CPKIFPKCReferenceListPtr taList;
    valPol->GetTAs(taList);
    if(taList != (CPKIFPKCReferenceList*)NULL && !taList->empty())
    {
        DListNode* curTA = NULL;
        //iterate over oids
        CPKIFPKCReferenceList::iterator taPos;  
        CPKIFPKCReferenceList::iterator taEnd = taList->end();
        for(taPos = taList->begin(); taPos != taEnd; ++taPos)
        {
            if(NULL == curTA)
            {
                NEW_NODE(curTA)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curTA)
            }

            PKCReference* tmpTA = new PKCReference;
            memset(tmpTA, 0, sizeof(PKCReference));
            
            if((*taPos)->GetCert() != (CPKIFCertificate*)NULL)
            {
                tmpTA->t = T_PKCReference_cert;

                tmpTA->u.cert = new CACX509V3Certificate;
                setBERDecBufPtr(&ctxt, (unsigned char*)(*taPos)->GetCert()->Encoded()->GetBuffer(), (*taPos)->GetCert()->Encoded()->GetLength(), NULL, NULL);
                BERDecCACX509V3Certificate(&ctxt, tmpTA->u.cert, ASN1EXPL, NULL);
                                
            }
            else
            {
                CPKIFSCVPCertIDPtr sCVPCertID = (*taPos)->GetSCVPCertID();

                if(sCVPCertID != (CPKIFSCVPCertID*)NULL)
                {
                    tmpTA->t = T_PKCReference_pkcRef;

                    tmpTA->u.pkcRef = new SCVPCertID;
                    memset(tmpTA->u.pkcRef, 0, sizeof(SCVPCertID));
                    

                    tmpTA->u.pkcRef->certHash.data = sCVPCertID->GetCertHash()->GetBuffer();
                    tmpTA->u.pkcRef->certHash.numocts = sCVPCertID->GetCertHash()->GetLength();

                    tmpTA->u.pkcRef->issuerSerial.serialNumber = new  char[strlen(sCVPCertID->GetSerialNumber())];
                    memcpy((void*)tmpTA->u.pkcRef->issuerSerial.serialNumber, sCVPCertID->GetSerialNumber(),
                            strlen(sCVPCertID->GetSerialNumber()));
     
                    CPKIFGeneralNameListPtr nameList;
                    sCVPCertID->GetIssuerName(nameList);
                    if(nameList == (CPKIFGeneralNameList*)NULL)
                    {
                        throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Issuer Names value not specified.");
                    }
                    DListNode* curName = NULL;
                    CPKIFGeneralNameList::iterator namePos; 
                    CPKIFGeneralNameList::iterator nameEnd = nameList->end();
                    for(namePos = nameList->begin(); namePos != nameEnd; ++namePos)
                    {

                        if(NULL == curName)
                        {
                            NEW_NODE(curName)
                        }
                        else
                        {
                            NEW_NEXT_AND_ADVANCE(curName)
                        }

                        CACX509V3GeneralName *name = new CACX509V3GeneralName;
                        memset(name, 0, sizeof(CACX509V3GeneralName));

                        CopyGeneralName((*name), (*namePos));   

                        curName->data = name;

                        SET_HEAD_TAIL_INCREMENT(tmpTA->u.pkcRef->issuerSerial.issuer, curName)
                    }
                    
                    CPKIFAlgorithmIdentifierPtr algID = sCVPCertID->GetHashAlgorithm();
                    if(algID != (CPKIFAlgorithmIdentifier*)NULL)
                    {
                        CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
                        ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                        CopyOID(&tmpTA->u.pkcRef->hashAlgorithm.algorithm, tmpOid);

                        if(NULL != tmpOid)
                            delete tmpOid;

                        if(algID->hasParameters())
                        {
                            tmpTA->u.pkcRef->hashAlgorithm.m.parametersPresent = 1;

                            tmpTA->u.pkcRef->hashAlgorithm.parameters.data = algID->parameters()->GetBuffer();
                            tmpTA->u.pkcRef->hashAlgorithm.parameters.numocts = algID->parameters()->GetLength();
                        }
                        tmpTA->u.pkcRef->m.hashAlgorithmPresent = 1;
                    }


                }
            }           
            
            curTA->data = tmpTA;

            SET_HEAD_TAIL_INCREMENT(valPolResponse->trustAnchors, curTA)
        }
        valPolResponse->m.trustAnchorsPresent = 1;
    }

    //KeyUsages
    CPKIFKeyUsageListPtr keyUsageList;
    valPol->GetKeyUsages(keyUsageList);
    if(keyUsageList != (CPKIFKeyUsageList*)NULL && !keyUsageList->empty())
    {
        DListNode* curKeyUsage = NULL;
        //iterate over oids
        CPKIFKeyUsageList::iterator keyUsagePos;    
        CPKIFKeyUsageList::iterator keyUsageEnd = keyUsageList->end();
        for(keyUsagePos = keyUsageList->begin(); keyUsagePos != keyUsageEnd; ++keyUsagePos)
        {
            if(NULL == curKeyUsage)
            {
                NEW_NODE(curKeyUsage)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curKeyUsage)
            }

            CACX509V3KeyUsage* tmpKeyUsage = new CACX509V3KeyUsage;
            memset(tmpKeyUsage, 0, sizeof(CACX509V3KeyUsage));
            
            PopulateKeyUsage(tmpKeyUsage, (*keyUsagePos));
            
            
            curKeyUsage->data = tmpKeyUsage;

            SET_HEAD_TAIL_INCREMENT(valPolResponse->keyUsages, curKeyUsage)
        }
        valPolResponse->m.keyUsagesPresent = 1;
    }

    //EKUs
    CPKIFOIDListPtr eKUList;
    valPol->GetEKUs(eKUList);
    PopulateDListWithASN1OBJID(&valPolResponse->extendedKeyUsages, eKUList);
    if(eKUList != (CPKIFOIDList*)NULL && !eKUList->empty())
    {
        valPolResponse->m.extendedKeyUsagesPresent = 1;
    }

    //SKUs
    CPKIFOIDListPtr sKUList;
    valPol->GetSKUs(sKUList);
    PopulateDListWithASN1OBJID(&valPolResponse->specifiedKeyUsages, sKUList);
    if(sKUList != (CPKIFOIDList*)NULL && !sKUList->empty())
    {
        valPolResponse->m.specifiedKeyUsagesPresent = 1;
    }

}

CPKIFGeneralNameListPtr PopulatePKIFGeneralNameList(DList* list)
{
    CPKIFGeneralNameListPtr tmpList(new CPKIFGeneralNameList());
    DListNode* cur = list->head;
    while(NULL != cur)
    {
        CACX509V3GeneralName* tmp = (CACX509V3GeneralName*)cur->data;
        CACASNWRAPPER_CREATE(CACX509V3GeneralName, objPDU);
        ASN1OpenType* data1 = objPDU.Encode(tmp);
        CPKIFBufferPtr tmpBuf(new CPKIFBuffer(data1->data, data1->numocts));
        CPKIFGeneralNamePtr tmpName(new CPKIFGeneralName(tmpBuf));

        if(NULL != data1)
            delete data1;

        tmpList->push_back(tmpName);

        cur = cur->next;
    }
    return tmpList;
}

CPKIFOIDListPtr PopulatePKIFOIDList(DList* list)
{
    CPKIFOIDListPtr tmpList(new CPKIFOIDList());
    DListNode* cur = list->head;
    while(NULL != cur)
    {
        ASN1OBJID* tmp = (ASN1OBJID*)cur->data;
        CPKIFOIDPtr tmpOID(new CPKIFOID(tmp->subid, tmp->numids));
        tmpList->push_back(tmpOID);
        cur = cur->next;
    }
    return tmpList;
}
void PopulateDListWithCACX509V3GeneralName(DList* list, CPKIFGeneralNameListPtr pkifGenNameList)
{
    if(pkifGenNameList != (CPKIFGeneralNameList*)NULL && !pkifGenNameList->empty())
    {
        DListNode* curName = NULL;
        CPKIFGeneralNameList::iterator namePos; 
        CPKIFGeneralNameList::iterator nameEnd = pkifGenNameList->end();
        for(namePos = pkifGenNameList->begin(); namePos != nameEnd; ++namePos)
        {
            if(NULL == curName)
            {
                NEW_NODE(curName)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curName)
            }

            CACX509V3GeneralName* tmpName= new CACX509V3GeneralName;
            memset(tmpName, 0, sizeof(CACX509V3GeneralName));
            

            CopyGeneralName((*tmpName), (*namePos));
            
            curName->data = tmpName;

            SET_HEAD_TAIL_INCREMENT((*list), curName)
        }
    
    }
}

void PopulateDListWithASN1OBJID(DList* list, CPKIFOIDListPtr pkifOIDList)
{
    if(pkifOIDList != (CPKIFOIDList*)NULL && !pkifOIDList->empty())
    {
        DListNode* cur = NULL;
        //iterate over oids
        CPKIFOIDList::iterator pos; 
        CPKIFOIDList::iterator end = pkifOIDList->end();
        for(pos = pkifOIDList->begin(); pos != end; ++pos)
        {
            if(NULL == cur)
            {
                NEW_NODE(cur)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(cur)
            }

            ASN1OBJID* tmpOID = new ASN1OBJID;
            memset(tmpOID, 0, sizeof(ASN1OBJID));
            
            CPKIFStringPtr str(new std::string((*pos)->ToString())); 
            ASN1OBJID* tmpOid2 = ConvertStringToASN1OBJID(str);
            CopyOID(tmpOID, tmpOid2);           

            if(NULL != tmpOid2)
                delete tmpOid2;
            
            cur->data = tmpOID;

            SET_HEAD_TAIL_INCREMENT((*list), cur)
        }
    }
}


void PopulateDListWithCACX509V3AlgorithmIdentifier(DList* list, CPKIFAlgorithmIdentifierListPtr pkifOIDList)
{
    if(pkifOIDList!= (CPKIFAlgorithmIdentifierList*)NULL && !pkifOIDList->empty())
    {
        DListNode* cur = NULL;
        //iterate over oids
        CPKIFAlgorithmIdentifierList::iterator pos; 
        CPKIFAlgorithmIdentifierList::iterator end = pkifOIDList->end();
        for(pos = pkifOIDList->begin(); pos != end; ++pos)
        {
            if(NULL == cur)
            {
                NEW_NODE(cur)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(cur)
            }
                CACX509V3AlgorithmIdentifier* tmpAlgID = new CACX509V3AlgorithmIdentifier;              
                memset(tmpAlgID, 0, sizeof(CACX509V3AlgorithmIdentifier));

                CPKIFStringPtr str(new std::string((*pos)->oid()->ToString())); 
                ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                CopyOID(&tmpAlgID->algorithm, tmpOid);

                if(NULL != tmpOid)
                    delete tmpOid;

                if((*pos)->hasParameters())
                {
                    tmpAlgID->m.parametersPresent = 1;

                    tmpAlgID->parameters.data = (*pos)->parameters()->GetBuffer();
                    tmpAlgID->parameters.numocts = (*pos)->parameters()->GetLength();
                }
            
            cur->data = tmpAlgID;

            SET_HEAD_TAIL_INCREMENT((*list), cur)
        }
    }
}

CPKIFAlgorithmIdentifierListPtr PopulatePKIFAlgorithmIdentifierList(DList* list)
{

    CPKIFAlgorithmIdentifierListPtr tmpList(new CPKIFAlgorithmIdentifierList());
    DListNode* cur = list->head;
    while(NULL != cur)
    {

        CACX509V3AlgorithmIdentifier* tmp = (CACX509V3AlgorithmIdentifier*)cur->data;
        CPKIFOIDPtr algOID(new CPKIFOID(tmp->algorithm.subid, tmp->algorithm.numids));

        CPKIFBufferPtr algParams; 
        if(tmp->m.parametersPresent == 1)
        {
            CPKIFBufferPtr tmpAlgParams(new CPKIFBuffer(tmp->parameters.data, tmp->parameters.numocts));

            algParams = tmpAlgParams;
        }
        CPKIFAlgorithmIdentifierPtr tmpAlg(new CPKIFAlgorithmIdentifier(algOID, algParams));            

        tmpList->push_back(tmpAlg);
        cur = cur->next;
    }
    
    return  tmpList;
}

void PopulateACReference(ACReference* pACReference, CPKIFACReferencePtr& acRef, OOCTXT& ctxt)
{
    
    if(NULL == pACReference)
    {
        throw CPKIFSCVPException(TOOLKIT_SCVP_ASN, COMMON_INVALID_INPUT);
    }

    if(acRef->GetACCert() != (CPKIFBuffer*)NULL)
    {
        pACReference->t = T_ACReference_attrCert;

        pACReference->u.attrCert = new AttributeCertificate;

        setBERDecBufPtr(&ctxt, (unsigned char*)acRef->GetACCert()->GetBuffer(), acRef->GetACCert()->GetLength(), NULL, NULL);
        BERDecAttributeCertificate(&ctxt, pACReference->u.attrCert, ASN1EXPL, NULL);

        
    }
    else if(acRef->GetSCVPCertID() != (CPKIFSCVPCertIDPtr*)NULL)
    {
        CPKIFSCVPCertIDPtr sCVPCertID = acRef->GetSCVPCertID();

        if(sCVPCertID != (CPKIFSCVPCertID*)NULL)
        {
            pACReference->t = T_ACReference_acRef;

            pACReference->u.acRef = new SCVPCertID;
            memset(pACReference->u.acRef, 0, sizeof(SCVPCertID));
            

            pACReference->u.acRef->certHash.data = sCVPCertID->GetCertHash()->GetBuffer();
            pACReference->u.acRef->certHash.numocts = sCVPCertID->GetCertHash()->GetLength();

            pACReference->u.acRef->issuerSerial.serialNumber = new  char[strlen(sCVPCertID->GetSerialNumber())];
            memcpy((void*)pACReference->u.acRef->issuerSerial.serialNumber, sCVPCertID->GetSerialNumber(),
                    strlen(sCVPCertID->GetSerialNumber()));

            CPKIFGeneralNameListPtr nameList;
            sCVPCertID->GetIssuerName(nameList);
            if(nameList == (CPKIFGeneralNameList*)NULL)
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Issuer Names value not specified.");
            }
            DListNode* curName = NULL;
            CPKIFGeneralNameList::iterator namePos; 
            CPKIFGeneralNameList::iterator nameEnd = nameList->end();
            for(namePos = nameList->begin(); namePos != nameEnd; ++namePos)
            {

                if(NULL == curName)
                {
                    NEW_NODE(curName)
                }
                else
                {
                    NEW_NEXT_AND_ADVANCE(curName)
                }

                CACX509V3GeneralName *name = new CACX509V3GeneralName;
                memset(name, 0, sizeof(CACX509V3GeneralName));

                CopyGeneralName((*name), (*namePos));   

                curName->data = name;

                SET_HEAD_TAIL_INCREMENT(pACReference->u.acRef->issuerSerial.issuer, curName)
            }
            
            CPKIFAlgorithmIdentifierPtr algID = sCVPCertID->GetHashAlgorithm();
            if(algID != (CPKIFAlgorithmIdentifier*)NULL)
            {
                CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
                ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                CopyOID(&pACReference->u.acRef->hashAlgorithm.algorithm, tmpOid);

                if(NULL != tmpOid)
                    delete tmpOid;

                if(algID->hasParameters())
                {
                    pACReference->u.acRef->hashAlgorithm.m.parametersPresent = 1;

                    pACReference->u.acRef->hashAlgorithm.parameters.data = algID->parameters()->GetBuffer();
                    pACReference->u.acRef->hashAlgorithm.parameters.numocts = algID->parameters()->GetLength();
                }
                pACReference->u.acRef->m.hashAlgorithmPresent = 1;
            }


        }
    }
}
void PopulatePKCReference(
    PKCReference* pkcReferenceStruct,
    CPKIFPKCReferencePtr& pkcRef,
    OOCTXT& ctxt)
{
    
    if(NULL == pkcReferenceStruct)
    {
        throw CPKIFSCVPException(TOOLKIT_SCVP_ASN, COMMON_INVALID_INPUT);
    }

    if(pkcRef->GetCert() != (CPKIFCertificate*)NULL)
    {
        pkcReferenceStruct->t = T_PKCReference_cert;

        pkcReferenceStruct->u.cert = new CACX509V3Certificate;
        setBERDecBufPtr(&ctxt, (unsigned char*)pkcRef->GetCert()->Encoded()->GetBuffer(), pkcRef->GetCert()->Encoded()->GetLength(), NULL, NULL);
        BERDecCACX509V3Certificate(&ctxt, pkcReferenceStruct->u.cert, ASN1EXPL, NULL);
    }
    else if(pkcRef->GetSCVPCertID() != (CPKIFSCVPCertIDPtr*)NULL)
    {
        CPKIFSCVPCertIDPtr sCVPCertID = pkcRef->GetSCVPCertID();

        if(sCVPCertID != (CPKIFSCVPCertID*)NULL)
        {
            pkcReferenceStruct->t = T_PKCReference_pkcRef;

            pkcReferenceStruct->u.pkcRef = new SCVPCertID;
            memset(pkcReferenceStruct->u.pkcRef, 0, sizeof(SCVPCertID));
            

            pkcReferenceStruct->u.pkcRef->certHash.data = sCVPCertID->GetCertHash()->GetBuffer();
            pkcReferenceStruct->u.pkcRef->certHash.numocts = sCVPCertID->GetCertHash()->GetLength();

            pkcReferenceStruct->u.pkcRef->issuerSerial.serialNumber = new  char[strlen(sCVPCertID->GetSerialNumber()) + 1];
            memcpy((void*)pkcReferenceStruct->u.pkcRef->issuerSerial.serialNumber, sCVPCertID->GetSerialNumber(),
                    strlen(sCVPCertID->GetSerialNumber()) + 1);

            CPKIFGeneralNameListPtr nameList;
            sCVPCertID->GetIssuerName(nameList);
            if(nameList == (CPKIFGeneralNameList*)NULL)
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Issuer Names value not specified.");
            }
            DListNode* curName = NULL;
            CPKIFGeneralNameList::iterator namePos; 
            CPKIFGeneralNameList::iterator nameEnd = nameList->end();
            for(namePos = nameList->begin(); namePos != nameEnd; ++namePos)
            {

                if(NULL == curName)
                {
                    NEW_NODE(curName)
                }
                else
                {
                    NEW_NEXT_AND_ADVANCE(curName)
                }

                CACX509V3GeneralName *name = new CACX509V3GeneralName;
                memset(name, 0, sizeof(CACX509V3GeneralName));

                CopyGeneralName((*name), (*namePos));   

                curName->data = name;

                SET_HEAD_TAIL_INCREMENT(pkcReferenceStruct->u.pkcRef->issuerSerial.issuer, curName)
            }
            
            CPKIFAlgorithmIdentifierPtr algID = sCVPCertID->GetHashAlgorithm();
            if(algID != (CPKIFAlgorithmIdentifier*)NULL)
            {
                CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
                ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                CopyOID(&pkcReferenceStruct->u.pkcRef->hashAlgorithm.algorithm, tmpOid);

                if(NULL != tmpOid)
                    delete tmpOid;

                if(algID->hasParameters())
                {
                    pkcReferenceStruct->u.pkcRef->hashAlgorithm.m.parametersPresent = 1;

                    pkcReferenceStruct->u.pkcRef->hashAlgorithm.parameters.data = algID->parameters()->GetBuffer();
                    pkcReferenceStruct->u.pkcRef->hashAlgorithm.parameters.numocts = algID->parameters()->GetLength();
                }
                pkcReferenceStruct->u.pkcRef->m.hashAlgorithmPresent = 1;
            }


        }
    }
}

void PopulateQuery(
    Query* queryOut,
    CPKIFQueryPtr query,
    OOCTXT& ctxt
    )
{
        
    if(query == (CPKIFQuery*)NULL)
    {
        throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Query value not specified.");
    }
    //validationPolicy
    PopulateValidationPolicy(&queryOut->validationPolicy, query->GetValidationPolicy(), ctxt);

    //queriedCerts
    CPKIFCertReferencesPtr certReferences;
    query->GetCertRef(certReferences);
    if(certReferences != (CPKIFCertReferences*)NULL)
    {
        CPKIFPKCReferenceListPtr pkcReferenceList;
        certReferences->GetPKCList(pkcReferenceList);
        CPKIFACReferenceListPtr acReferenceList;
        certReferences->GetACList(acReferenceList);
        if(pkcReferenceList != (CPKIFPKCReferenceList*)NULL)
        {
            queryOut->queriedCerts.t = T_CertReferences_pkcRefs;
            queryOut->queriedCerts.u.pkcRefs = new CertReferences_pkcRefs;          
            memset(queryOut->queriedCerts.u.pkcRefs, 0, sizeof(CertReferences_pkcRefs));

            DListNode* curCertRef = NULL;
            CPKIFPKCReferenceList::iterator certRefPos; 
            CPKIFPKCReferenceList::iterator certRefEnd = pkcReferenceList->end();
            for(certRefPos = pkcReferenceList->begin(); certRefPos != certRefEnd; ++certRefPos)
            {
                if(NULL == curCertRef)
                {
                    NEW_NODE(curCertRef)
                }
                else
                {
                    NEW_NEXT_AND_ADVANCE(curCertRef)
                }
                                    
                PKCReference* tmpCertRef = new PKCReference;
                memset(tmpCertRef, 0, sizeof(PKCReference));
                
                PopulatePKCReference(tmpCertRef, (*certRefPos), ctxt);
                
                curCertRef->data = tmpCertRef;

                SET_HEAD_TAIL_INCREMENT((*queryOut->queriedCerts.u.pkcRefs), curCertRef)
            }
        }
        else if(acReferenceList != (CPKIFACReferenceList*)NULL)
        {
            queryOut->queriedCerts.t = T_CertReferences_acRefs;
            queryOut->queriedCerts.u.acRefs = new CertReferences_acRefs;
            memset(queryOut->queriedCerts.u.acRefs, 0, sizeof(CertReferences_acRefs));

            DListNode* curCertRef = NULL;
            CPKIFACReferenceList::iterator acRefPos;    
            CPKIFACReferenceList::iterator acRefEnd = acReferenceList->end();
            for(acRefPos = acReferenceList->begin(); acRefEnd != acRefEnd; ++acRefPos)
            {
                if(NULL == curCertRef)
                {
                    NEW_NODE(curCertRef)
                }
                else
                {
                    NEW_NEXT_AND_ADVANCE(curCertRef)
                }
                                    
                ACReference* tmpACRef = new ACReference;
                memset(tmpACRef, 0, sizeof(ACReference));
                
                PopulateACReference(tmpACRef, (*acRefPos), ctxt);
                
                curCertRef->data = tmpACRef;

                SET_HEAD_TAIL_INCREMENT((*queryOut->queriedCerts.u.acRefs), curCertRef)
            }
        }

    }


    //checks
    CPKIFOIDListPtr checksList;
    query->GetChecks(checksList);
    if(checksList == (CPKIFQuery*)NULL || checksList->empty())
    {
        throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "checks value not specified.");
    }
    else
    {       
        PopulateDListWithASN1OBJID(&queryOut->checks, checksList);
    }

    //WantBack
    CPKIFOIDListPtr wantBackList;
    query->GetWantBack(wantBackList);
    PopulateDListWithASN1OBJID(&queryOut->wantBack, wantBackList);
    if(wantBackList != (CPKIFOIDList*)NULL && !wantBackList->empty())
    {
    
        queryOut->m.wantBackPresent = 1;
    }

    //Response Flags
    CPKIFResponseFlagsPtr resFlags = query->GetResponseFlags();
    if(resFlags != (CPKIFResponseFlags*)NULL)
    {
        if(!(resFlags->DefaultsSet()))
        {
            queryOut->responseFlags.cachedResponse = resFlags->GetCachedResponse();
            queryOut->responseFlags.fullRequestInResponse = resFlags->GetFullRequestInResponse();
            queryOut->responseFlags.protectResponse = resFlags->GetProtectResponse();
            queryOut->responseFlags.responseValidationPolByRef = resFlags->GetResponseValidationPolByRef();
        }

        queryOut->m.responseFlagsPresent = 1;
    }

    //serverContexInfo
    CPKIFBufferPtr serverContextInfo = query->GetServerContextInfo();
    if(serverContextInfo != (CPKIFBuffer*)NULL)
    {
        queryOut->serverContextInfo.data = serverContextInfo->GetBuffer();
        queryOut->serverContextInfo.numocts = serverContextInfo->GetLength();
        queryOut->m.serverContextInfoPresent = 1;
    }


    //validation Time
    CPKIFTimePtr valTime = query->GetValidationTime();
    if(valTime != (CPKIFTime*)NULL)
    {
        queryOut->validationTime = valTime->GetTime();

        queryOut->m.validationTimePresent = 1;
    }

    //producedAt Time
    CPKIFTimePtr producedAtTime = query->GetProducedAt();
    if(producedAtTime != (CPKIFTime*)NULL)
    {
        queryOut->producedAt = producedAtTime->GetTime();
    
        queryOut->m.producedAtPresent = 1;
    }


    //extensions XXX*** NOT IMPLEMENTED FOR NOW
    //if(!m_impl->m_exts.empty())
    //{
    //  throw CPKIFSCVPException(TOOLKIT_SCVP_ASN, COMMON_NOT_IMPLEMENTED, "There is currently no support for including extensions in a CPKIFTimeStampRequest");
    //}

    //IntermidiateCerts
    CPKIFCertificateListPtr certList;
    query->GetCertBundle(certList);

    if(certList != (CPKIFCertificateList*)NULL && !certList->empty())
    {
        DListNode* curCert = NULL;
        CPKIFCertificateList::iterator certPos; 
        CPKIFCertificateList::iterator certEnd = certList->end();
        for(certPos = certList->begin(); certPos != certEnd; ++certPos)
        {
            if(NULL == curCert)
            {
                NEW_NODE(curCert)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curCert)
            }

            ASN1OpenType* tmpCert = new ASN1OpenType;
            memset(tmpCert, 0, sizeof(ASN1OpenType));
            
            //certs were screened when added to make sure the encoded buffer existed
            tmpCert->data = (*certPos)->Encoded()->GetBuffer();
            tmpCert->numocts = (*certPos)->Encoded()->GetLength();
            
            curCert->data = tmpCert;

            SET_HEAD_TAIL_INCREMENT(queryOut->intermediateCerts, curCert)
        }

        queryOut->m.intermediateCertsPresent = 1;
    }

    //Revocation Infos
    CPKIFRevocationInfoListPtr revInfoList;
    query->GetRevInfos(revInfoList);

    if(revInfoList != (CPKIFRevocationInfoList*)NULL && !revInfoList->empty())
    {
        DListNode* curRevInfo = NULL;
        CPKIFRevocationInfoList::iterator revInfoPos;   
        CPKIFRevocationInfoList::iterator revInfoEnd = revInfoList->end();
        for(revInfoPos = revInfoList->begin(); revInfoPos != revInfoEnd; ++revInfoPos)
        {
            if(NULL == curRevInfo)
            {
                NEW_NODE(curRevInfo)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curRevInfo)
            }

            if((*revInfoPos)->GetCRL() != (CPKIFCRL*)NULL)
            {
                RevocationInfo* tmpCRL = new RevocationInfo;
                memset(tmpCRL, 0, sizeof(RevocationInfo));

                tmpCRL->t = T_RevocationInfo_crl;


                tmpCRL->u.crl = new CACX509V3CertificateList;
                memset(tmpCRL->u.crl, 0, sizeof(CACX509V3CertificateList));

                setBERDecBufPtr(&ctxt, (unsigned char*)(*revInfoPos)->GetCRL()->Encoded()->GetBuffer(), (*revInfoPos)->GetCRL()->Encoded()->GetLength(), NULL, NULL);
                BERDecCACX509V3CertificateList(&ctxt, tmpCRL->u.crl, ASN1EXPL, NULL);
                
                curRevInfo->data = tmpCRL;
            }
            else if((*revInfoPos)->GetDeltaCRL() != (CPKIFCRL*)NULL)
            {
                RevocationInfo* tmpDeltaCRL = new RevocationInfo;
                memset(tmpDeltaCRL, 0, sizeof(RevocationInfo));

                tmpDeltaCRL->t = T_RevocationInfo_delta_crl;

                tmpDeltaCRL->u.delta_crl = new CACX509V3CertificateList;
                memset(tmpDeltaCRL->u.delta_crl, 0, sizeof(CACX509V3CertificateList));

                setBERDecBufPtr(&ctxt, (unsigned char*)(*revInfoPos)->GetDeltaCRL()->Encoded()->GetBuffer(), (*revInfoPos)->GetDeltaCRL()->Encoded()->GetLength(), NULL, NULL);
                BERDecCACX509V3CertificateList(&ctxt, tmpDeltaCRL->u.delta_crl, ASN1EXPL, NULL);

                curRevInfo->data = tmpDeltaCRL;
            }
            else if((*revInfoPos)->GetOCSPResp() != (CPKIFBuffer*)NULL)
            {
                RevocationInfo* tmpOCSPResp = new RevocationInfo;
                memset(tmpOCSPResp, 0, sizeof(RevocationInfo));

                tmpOCSPResp->t = T_RevocationInfo_ocsp;

                tmpOCSPResp->u.ocsp = new OCSPResponse;
                memset(tmpOCSPResp->u.ocsp, 0, sizeof(OCSPResponse));

                setBERDecBufPtr(&ctxt, (unsigned char*)(*revInfoPos)->GetOCSPResp()->GetBuffer(), (*revInfoPos)->GetOCSPResp()->GetLength(), NULL, NULL);
                BERDecOCSPResponse(&ctxt, tmpOCSPResp->u.ocsp, ASN1EXPL, NULL);

                
                curRevInfo->data = tmpOCSPResp;
            }
            else
            {
                RevocationInfo* tmpOther = new RevocationInfo;
                memset(tmpOther, 0, sizeof(RevocationInfo));

                tmpOther->t = T_RevocationInfo_other;
                tmpOther->u.other = new OtherRevInfo;

                CPKIFOIDPtr oid;
                CPKIFBufferPtr buf;
                (*revInfoPos)->GetOtherRevInfo(oid, buf);

                CPKIFStringPtr str(new std::string(oid->ToString())); 
                ASN1OBJID* tmpOid2 = ConvertStringToASN1OBJID(str);
                CopyOID(&tmpOther->u.other->riType, tmpOid2);

                if(NULL != tmpOid2)
                    delete tmpOid2;

                tmpOther->u.other->riValue.data = (*revInfoPos)->GetOCSPResp()->GetBuffer();
                tmpOther->u.other->riValue.numocts = (*revInfoPos)->GetOCSPResp()->GetLength();

                curRevInfo->data = tmpOther;
                
            }


            SET_HEAD_TAIL_INCREMENT(queryOut->revInfos, curRevInfo)
        }

        queryOut->m.revInfosPresent = 1;
    }


}

void PopulateReplyObjects(
    ReplyObjects* list,
    CPKIFCertReplyListPtr& replyObjects,
    OOCTXT &ctxt)
{
    if(replyObjects != (CPKIFCertReplyList*)NULL && !replyObjects->empty())
    {
        DListNode* curReply = NULL;
        CPKIFCertReplyList::iterator replyPos;  
        CPKIFCertReplyList::iterator replyEnd = replyObjects->end();
        for(replyPos = replyObjects->begin(); replyPos != replyEnd; ++replyPos)
        {
            if(NULL == curReply)
            {
                NEW_NODE(curReply)
            }
            else
            {
                NEW_NEXT_AND_ADVANCE(curReply)
            }

            CertReply* tmpReply= new CertReply;
            memset(tmpReply, 0, sizeof(CertReply));

            //CertReference


            CPKIFCertReferencePtr certRef = (*replyPos)->GetCertRef();

            if(certRef == (CPKIFCertReference*)NULL)
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "CertReference value not specified.");
            }

            if(certRef->GetPKC() != (CPKIFPKCReference*)NULL)
            {
                tmpReply->cert.t = T_CertReference_pkc;
                tmpReply->cert.u.pkc = new PKCReference;
                memset(tmpReply->cert.u.pkc, 0, sizeof(PKCReference));

                CPKIFPKCReferencePtr pkcRef = certRef->GetPKC();
                if(pkcRef->GetCert() != (CPKIFCertificate*)NULL)
                {
                    tmpReply->cert.u.pkc->t = T_PKCReference_cert;                              

                    tmpReply->cert.u.pkc->u.cert = new CACX509V3Certificate;
                    memset(tmpReply->cert.u.pkc->u.cert, 0, sizeof(CACX509V3Certificate));

                    setBERDecBufPtr(&ctxt, (unsigned char*)pkcRef->GetCert()->Encoded()->GetBuffer(), pkcRef->GetCert()->Encoded()->GetLength(), NULL, NULL);
                    BERDecCACX509V3Certificate(&ctxt, tmpReply->cert.u.pkc->u.cert, ASN1EXPL, NULL);
                    
                }
                else
                {
                    CPKIFSCVPCertIDPtr sCVPCertID = pkcRef->GetSCVPCertID();

                    if(sCVPCertID != (CPKIFSCVPCertID*)NULL)
                    {
                        tmpReply->cert.u.pkc->t = T_PKCReference_pkcRef;

                        tmpReply->cert.u.pkc->u.pkcRef = new SCVPCertID;
                        memset(tmpReply->cert.u.pkc->u.pkcRef, 0, sizeof(SCVPCertID));
                        

                        tmpReply->cert.u.pkc->u.pkcRef->certHash.data = sCVPCertID->GetCertHash()->GetBuffer();
                        tmpReply->cert.u.pkc->u.pkcRef->certHash.numocts = sCVPCertID->GetCertHash()->GetLength();

                        tmpReply->cert.u.pkc->u.pkcRef->issuerSerial.serialNumber = new  char[strlen(sCVPCertID->GetSerialNumber())];
                        memcpy((void*)tmpReply->cert.u.pkc->u.pkcRef->issuerSerial.serialNumber, sCVPCertID->GetSerialNumber(),
                                strlen(sCVPCertID->GetSerialNumber()));
         
                        CPKIFGeneralNameListPtr nameList;
                        sCVPCertID->GetIssuerName(nameList);
                        if(nameList == (CPKIFGeneralNameList*)NULL)
                        {
                            throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Issuer Names value not specified.");
                        }
                        DListNode* curName = NULL;
                        CPKIFGeneralNameList::iterator namePos; 
                        CPKIFGeneralNameList::iterator nameEnd = nameList->end();
                        for(namePos = nameList->begin(); namePos != nameEnd; ++namePos)
                        {

                            if(NULL == curName)
                            {
                                NEW_NODE(curName)
                            }
                            else
                            {
                                NEW_NEXT_AND_ADVANCE(curName)
                            }

                            CACX509V3GeneralName *name = new CACX509V3GeneralName;
                            memset(name, 0, sizeof(CACX509V3GeneralName));

                            CopyGeneralName((*name), (*namePos));   

                            curName->data = name;

                            SET_HEAD_TAIL_INCREMENT(tmpReply->cert.u.pkc->u.pkcRef->issuerSerial.issuer, curName)
                        }
                        
                        CPKIFAlgorithmIdentifierPtr algID = sCVPCertID->GetHashAlgorithm();
                        if(algID != (CPKIFAlgorithmIdentifier*)NULL)
                        {
                            CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
                            ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                            CopyOID(&tmpReply->cert.u.pkc->u.pkcRef->hashAlgorithm.algorithm, tmpOid);

                            if(NULL != tmpOid)
                                delete tmpOid;

                            if(algID->hasParameters())
                            {
                                tmpReply->cert.u.pkc->u.pkcRef->hashAlgorithm.m.parametersPresent = 1;

                                tmpReply->cert.u.pkc->u.pkcRef->hashAlgorithm.parameters.data = algID->parameters()->GetBuffer();
                                tmpReply->cert.u.pkc->u.pkcRef->hashAlgorithm.parameters.numocts = algID->parameters()->GetLength();
                            }
                            tmpReply->cert.u.pkc->u.pkcRef->m.hashAlgorithmPresent = 1;
                        }


                    }
                }
            }
            else if(certRef->GetAC() != (CPKIFPKCReference*)NULL)
            {
                tmpReply->cert.t = T_CertReference_ac;
                tmpReply->cert.u.ac = new ACReference;
                memset(tmpReply->cert.u.ac, 0, sizeof(ACReference));

                CPKIFACReferencePtr acRef = certRef->GetAC();
                if(acRef->GetACCert() != (CPKIFBuffer*)NULL)
                {
                    tmpReply->cert.u.ac->t = T_CertReference_ac;
                

                    tmpReply->cert.u.ac->u.attrCert = new AttributeCertificate;
                    memset(tmpReply->cert.u.ac->u.attrCert, 0, sizeof(AttributeCertificate));

                    setBERDecBufPtr(&ctxt, (unsigned char*)acRef->GetACCert()->GetBuffer(), acRef->GetACCert()->GetLength(), NULL, NULL);
                    BERDecAttributeCertificate(&ctxt, tmpReply->cert.u.ac->u.attrCert, ASN1EXPL, NULL);

                }
                else
                {
                    CPKIFSCVPCertIDPtr sCVPCertID = acRef->GetSCVPCertID();

                    if(sCVPCertID != (CPKIFSCVPCertID*)NULL)
                    {
                        tmpReply->cert.u.ac->t = T_CertReference_ac;

                        tmpReply->cert.u.ac->u.acRef = new SCVPCertID;
                        memset(tmpReply->cert.u.ac->u.acRef , 0, sizeof(SCVPCertID));
                        

                        tmpReply->cert.u.ac->u.acRef->certHash.data = sCVPCertID->GetCertHash()->GetBuffer();
                        tmpReply->cert.u.ac->u.acRef->certHash.numocts = sCVPCertID->GetCertHash()->GetLength();

                        tmpReply->cert.u.ac->u.acRef->issuerSerial.serialNumber = new  char[strlen(sCVPCertID->GetSerialNumber())];
                        memcpy((void*)tmpReply->cert.u.ac->u.acRef->issuerSerial.serialNumber, sCVPCertID->GetSerialNumber(),
                                strlen(sCVPCertID->GetSerialNumber()));
         
                        CPKIFGeneralNameListPtr nameList;
                        sCVPCertID->GetIssuerName(nameList);
                        if(nameList == (CPKIFGeneralNameList*)NULL)
                        {
                            throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "Issuer Names value not specified.");
                        }
                        DListNode* curName = NULL;
                        CPKIFGeneralNameList::iterator namePos; 
                        CPKIFGeneralNameList::iterator nameEnd = nameList->end();
                        for(namePos = nameList->begin(); namePos != nameEnd; ++namePos)
                        {

                            if(NULL == curName)
                            {
                                NEW_NODE(curName)
                            }
                            else
                            {
                                NEW_NEXT_AND_ADVANCE(curName)
                            }

                            CACX509V3GeneralName *name = new CACX509V3GeneralName;
                            memset(name, 0, sizeof(CACX509V3GeneralName));

                            CopyGeneralName((*name), (*namePos));   

                            curName->data = name;

                            SET_HEAD_TAIL_INCREMENT(tmpReply->cert.u.ac->u.acRef->issuerSerial.issuer, curName)
                        }
                        
                        CPKIFAlgorithmIdentifierPtr algID = sCVPCertID->GetHashAlgorithm();
                        if(algID != (CPKIFAlgorithmIdentifier*)NULL)
                        {
                            CPKIFStringPtr str(new std::string(algID->oid()->ToString())); 
                            ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
                            CopyOID(&tmpReply->cert.u.ac->u.acRef->hashAlgorithm.algorithm, tmpOid);

                            if(NULL != tmpOid)
                                delete tmpOid;

                            if(algID->hasParameters())
                            {
                                tmpReply->cert.u.ac->u.acRef->hashAlgorithm.m.parametersPresent = 1;

                                tmpReply->cert.u.ac->u.acRef->hashAlgorithm.parameters.data = algID->parameters()->GetBuffer();
                                tmpReply->cert.u.ac->u.acRef->hashAlgorithm.parameters.numocts = algID->parameters()->GetLength();
                            }
                            tmpReply->cert.u.pkc->u.pkcRef->m.hashAlgorithmPresent = 1;
                        }


                    }
                }
            }
            else
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "CertReference value not specified.");
            }

            //replyStatus
            int replyStatus = (*replyPos)->GetReplyStatus();

            if(-1 != replyStatus)
            {
                tmpReply->replyStatus = replyStatus;
                tmpReply->m.replyStatusPresent = 1;
            }
            
            //replyValTime
            CPKIFTimePtr replyValTime = (*replyPos)->GetReplyValTime();
            if(replyValTime != (CPKIFTime*)NULL)
            {
                tmpReply->replyValTime = replyValTime->GetTime();
            }
            else
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "replyValTime value not specified.");
            }

            //ReplyChecks
            CPKIFReplyCheckListPtr replyChecks;
            (*replyPos)->GetReplyChecks(replyChecks);

            if(replyChecks != (CPKIFReplyCheckList*)NULL && !replyChecks->empty())
            {
                DListNode* curReplyCheck = NULL;
                CPKIFReplyCheckList::iterator replyCheckPos;    
                CPKIFReplyCheckList::iterator replyCheckEnd = replyChecks->end();
                for(replyCheckPos = replyChecks->begin(); replyCheckPos != replyCheckEnd; ++replyCheckPos)
                {
                    if(NULL == curReplyCheck)
                    {
                        NEW_NODE(curReplyCheck)
                    }
                    else
                    {
                        NEW_NEXT_AND_ADVANCE(curReplyCheck)
                    }

                    ReplyCheck* tmpReplyCheck = new ReplyCheck;
                    memset(tmpReplyCheck, 0, sizeof(ReplyCheck));
                    
                    CPKIFStringPtr str(new std::string((*replyCheckPos)->GetCheck()->ToString())); 
                    ASN1OBJID* tmpOid2 = ConvertStringToASN1OBJID(str);
                    CopyOID(&tmpReplyCheck->check, tmpOid2);

                    if(NULL != tmpOid2)
                        delete tmpOid2;

                    tmpReplyCheck->status = (*replyCheckPos)->GetStatus();
                    
                    curReplyCheck->data = tmpReplyCheck;

                    SET_HEAD_TAIL_INCREMENT(tmpReply->replyChecks, curReplyCheck)
                }
            }
            else
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "ReplyChecks value not specified.");
            }

            //ReplyWantBack
            CPKIFReplyWantBackListPtr replyWantBacks;
            (*replyPos)->GetReplyWantBacks(replyWantBacks);

            if(replyWantBacks != (CPKIFReplyWantBackList*)NULL && !replyWantBacks->empty())
            {
                DListNode* curReplyWantBack = NULL;
                CPKIFReplyWantBackList::iterator replyWantBackPos;  
                CPKIFReplyWantBackList::iterator replyWantBackEnd = replyWantBacks->end();
                for(replyWantBackPos = replyWantBacks->begin(); replyWantBackPos != replyWantBackEnd; ++replyWantBackPos)
                {
                    if(NULL == curReplyWantBack)
                    {
                        NEW_NODE(curReplyWantBack)
                    }
                    else
                    {
                        NEW_NEXT_AND_ADVANCE(curReplyWantBack)
                    }

                    ReplyWantBack* tmpReplyWantBack = new ReplyWantBack;
                    memset(tmpReplyWantBack, 0, sizeof(ReplyWantBack));
                    
                    CPKIFStringPtr str(new std::string((*replyWantBackPos)->GetWB()->ToString())); 
                    ASN1OBJID* tmpOid2 = ConvertStringToASN1OBJID(str);
                    CopyOID(&tmpReplyWantBack->wb, tmpOid2);

                    if(NULL != tmpOid2)
                        delete tmpOid2;

                    tmpReplyWantBack->value.data = (*replyWantBackPos)->GetValue()->GetBuffer();
                    tmpReplyWantBack->value.numocts = (*replyWantBackPos)->GetValue()->GetLength();
                    
                    curReplyWantBack->data = tmpReplyWantBack;

                    SET_HEAD_TAIL_INCREMENT(tmpReply->replyWantBacks, curReplyWantBack)
                }
            }
            // GIB: Allow an empty sequence of replyWantBacks when they're not necessary
            /*else
            {
                throw CPKIFSCVPException(TOOLKIT_SCVP, SCVP_MISSING_REQUIRED_FIELD, "ReplyWantBack value not specified.");
            }*/

            //errors
            CPKIFOIDListPtr errorList;
            (*replyPos)->GetValErrors(errorList);
            PopulateDListWithASN1OBJID(&tmpReply->validationErrors, errorList);
            if(errorList != (CPKIFOIDList*)NULL && !errorList->empty())
            {
                tmpReply->m.validationErrorsPresent = 1;
            }

            //nextUpdate Time
            CPKIFTimePtr nextUpdate = (*replyPos)->GetNextUpdate();
            if(nextUpdate != (CPKIFTime*)NULL)
            {
                tmpReply->nextUpdate = nextUpdate->GetTime();
            
                tmpReply->m.nextUpdatePresent = 1;
            }


            curReply->data = tmpReply;

            SET_HEAD_TAIL_INCREMENT((*list), curReply)
        }   
    }
}
bool ValPolAndPathSettingsMatch(
    CPKIFValPolResponsePtr& vpr, 
    CPKIFPathSettingsPtr& ps)
{
    if(!vpr || !ps) return false;

    CPKIFValidationPolicyPtr vp = vpr->GetRespValidationPolicy();
    if(!vp) return false;

    //compare the flags
    if(vp->GetInitialExplicitPolicyIndicator() == ps->GetInitialExplicitPolicyIndicator() &&
        vp->GetInitialPolicyMappingInhibitIndicator() == ps->GetInitialPolicyMappingInhibitIndicator() &&
        vp->GetInitialPolicyMappingInhibitIndicator() == ps->GetInitialPolicyMappingInhibitIndicator())
    {
        //if those check out, compare the policy sets
        CPKIFPolicyInformationListPtr vpPolSet, psPolSet;
        vp->GetInitialPolicySet(vpPolSet);
        ps->GetInitialPolicySet(psPolSet);
        
        if(!vpPolSet && !psPolSet)
            return true;
        else if(!vpPolSet)
            return false;
        else if(!psPolSet)
            return false;

        CPKIFPolicyInformationList::iterator vpPos;
        CPKIFPolicyInformationList::iterator vpEnd = vpPolSet->end();
        for(vpPos = vpPolSet->begin(); vpPos != vpEnd; ++vpPos)
        {
            bool bFoundMatch = false;
            CPKIFPolicyInformationPtr curPol = *vpPos;

            CPKIFPolicyInformationList::iterator psPos;
            CPKIFPolicyInformationList::iterator psEnd = psPolSet->end();
            for(psPos = psPolSet->begin(); psPos != psEnd; ++psPos)
            {
                if(*(*psPos) == *curPol)
                {
                    bFoundMatch = true;
                    break;
                }
            }

            if(!bFoundMatch)
                return false;
        }

        //if we get here, all of the policies matched
        return true;
    }

    return false;
}

CPKIFValidationPolicyPtr PrepareCustomValidationPolicyIfNecessary(
    CPKIFPathSettingsPtr& ps, 
    IPKIFScvpClient* scvpClient)
{
    //declare a NULL validation policy object that can be returned when the default val pol is sufficient
    CPKIFValidationPolicyPtr defaultIsFine;
    
    //if we don't have a path settings object, then the default val pol will have to do
    if(!ps) return defaultIsFine;

    //try to get a verified validation policy from the scvp client (verified policies are cached by the client)
    CPKIFValPolResponsePtr vpr;
    CPKIFContentInfoPtr ci = scvpClient->GetValPol();
    if(ci)
    {
        try
        {
            vpr = scvpClient->VerifyValPol();
        }
        catch(...)
        {
        }
    }

    //if we have a validation policy from the server and it matches the path settings, return defaultIsFine
    if(vpr && ValPolAndPathSettingsMatch(vpr, ps))
        return defaultIsFine;
    else
    {
        //if we get here, then we need a new validation policy with the settings from CPKIFPathSettings
        CPKIFValidationPolicyPtr newVP(new CPKIFValidationPolicy);

        CPKIFValidationPolRefPtr defVPR(new CPKIFValidationPolRef(g_id_svp_defaultValPolicy));
        newVP->SetValidationPolRef(defVPR);

        //set the flags
        if(ps->GetInitialExplicitPolicyIndicator())
            newVP->SetInitialExplicitPolicyIndicator();
        if(ps->GetInitialInhibitAnyPolicyIndicator())
            newVP->SetInitialInhibitAnyPolicyIndicator();
        if(ps->GetInitialPolicyMappingInhibitIndicator())
            newVP->SetInitialPolicyMappingInhibitIndicator();

        //get the user policy set
        CPKIFPolicyInformationListPtr initPolSet;
        ps->GetInitialPolicySet(initPolSet);
        if(initPolSet)
            newVP->SetInitialPolicySet(initPolSet);

        return newVP;
    }
}

CPKIFQueryPtr MakeQueryForPath(
    CPKIFCertificatePath& path, 
    CPKIFOIDPtr& certCheck, 
    IPKIFScvpClient* scvpClient)
{
    //create the new Query object
    CPKIFQueryPtr query(new CPKIFQuery);

    //*****************************************************************************************
    //queriedCerts            CertReferences,
    //*****************************************************************************************
    //read the target certificate
    CPKIFCertificatePtr targetCert;
    path.GetTarget(targetCert);

    //prepare the cert references objects necessary to hold a certificate
    CPKIFCertReferencesPtr certRefs(new CPKIFCertReferences);
    CPKIFPKCReferenceListPtr pkcRefs(new CPKIFPKCReferenceList);
    CPKIFPKCReferencePtr pkcRef(new CPKIFPKCReference);

    //prepare the objects necessary to hold a certificate
    pkcRef->SetCert(targetCert);
    pkcRefs->push_back(pkcRef);
    certRefs->SetPKCList(pkcRefs);

    //and stick them in the query
    query->SetCertRef(certRefs);

    //*****************************************************************************************
    //checks                  CertChecks,
    //*****************************************************************************************
    //create an OID list to contain the request check
    CPKIFOIDListPtr checks(new CPKIFOIDList);
    checks->push_back(certCheck);

    //and stick it in the query
    query->SetChecks(checks);

    //*****************************************************************************************
    //wantBack            [1] WantBack OPTIONAL,
    //*****************************************************************************************
    CPKIFOIDListPtr wantBacks = scvpClient->GetWantBacks();
    if(wantBacks)
    {
        query->SetWantBack(wantBacks);
    }

    //*****************************************************************************************
    //validationPolicy        ValidationPolicy,
    //*****************************************************************************************
    CPKIFPathSettingsPtr ps;
    path.GetPathSettings(ps);

    if(ps)
    {
        CPKIFValidationPolicyPtr vp = PrepareCustomValidationPolicyIfNecessary(ps, scvpClient);
        if(vp)
            query->SetValidationPolicy(vp);
    }

    //*****************************************************************************************
    //responseFlags           ResponseFlags OPTIONAL,
    //*****************************************************************************************
    CPKIFResponseFlagsPtr rf;

    //when requested DPD service and not requiring signed responses, we can set the response
    //flag that tells the responder the response need not be protected
    if(*g_id_stc_build_pkc_path == *certCheck && false == scvpClient->GetRequireSignedDPD())
    {
        if(!rf)
        {
            CPKIFResponseFlagsPtr tmpRF(new CPKIFResponseFlags);
            rf = tmpRF;
        }
        rf->SetProtectResponse(false);
    }

    //if the client is configured to include a nonce and requires the nonce to match in the response
    //the a cached response won't do
    if(scvpClient->GetGenerateNonce() && scvpClient->GetRequireNonceMatch())
    {
        if(!rf)
        {
            CPKIFResponseFlagsPtr tmpRF(new CPKIFResponseFlags);
            rf = tmpRF;
        }
        rf->SetcachedResponse(false);
    }

    //if we needed to set a response flag to something other than the default value, stick it in
    if(rf)
        query->SetResponseFlags(rf);

    //*****************************************************************************************
    //serverContextInfo   [2] OCTET STRING OPTIONAL,
    //*****************************************************************************************
    //NOT SUPPORTED

    //*****************************************************************************************
    //validationTime      [3] GeneralizedTime OPTIONAL,
    //*****************************************************************************************
    if(ps)
    {
        CPKIFTimePtr timeOfInterest = ps->GetValidationTime();
        if(timeOfInterest)
        {
            //path settings always return a time object.  if no custom time was set then the current time
            //is used.  if the request is within 5 minutes of the current time, we omit it from the request.
            CPKIFDurationPtr d(new CPKIFDuration);
            d->setSeconds(300);

            CPKIFTimePtr curTime = CPKIFTime::CurrentTime();
            
            //subtract 5 minutes from the current time
            *curTime -= *d;
            d->setSeconds(600);

            //then set up a 10 minute period from curTime-5
            CPKIFPeriod p(curTime, d);
            bool b = p.contains(timeOfInterest);
            if(!b)
                query->SetValidationTime(timeOfInterest);
        }
    }

    //*****************************************************************************************
    //intermediateCerts   [4] CertBundle OPTIONAL,
    //revInfos            [5] RevocationInfos OPTIONAL,
    //producedAt          [6] GeneralizedTime OPTIONAL,
    //queryExtensions     [7] Extensions OPTIONAL }
    //*****************************************************************************************
    //NOT SUPPORTED

    return query;
}

SCVP_SignatureState VerifyResponseSignature(
    CPKIFBufferPtr& encResp, 
    IPKIFScvpClient* scvpClient, 
    CPKIFCVRequestPtr& req, 
    bool reqIsDpd,
    CPKIFCVResponsePtr& parsedCvResponse)
{
    //if we're missing anything important, bail out now
    if(!encResp || !scvpClient || !req)
        return SS_OTHER_ERROR;

    //outer layer is always a ContentInfo
    CPKIFContentInfo ci;
    ci.Decode(encResp);

    //Content type should be one of the following: CVResponse, SignedData.  Other types are
    //not supported (by this function at least).

    CPKIFSignedDataPtr sd;
    CPKIFOIDPtr innerContentType;
    CPKIFBufferPtr innerContent;

    CPKIFOIDPtr outerContentType = ci.GetContentType();
    CPKIFBufferPtr outerContent = ci.GetContent();

    //first collect the inner content type and content (may be the same as outer layer)
    if(*g_signedData == *outerContentType)
    {
        //if the outer layer is a SignedData, then we need to grab the encapsulated payload.
        CPKIFSignedDataPtr tmpSD(new CPKIFSignedData);
        tmpSD->Decode(outerContent);
        sd = tmpSD;

        CPKIFEncapsulatedContentInfoPtr ecip = sd->GetEncapsulatedContent();
        innerContentType = ecip->GetOID();
        innerContent = ecip->GetContent();
    }
    else
    {
        if(false == reqIsDpd || scvpClient->GetRequireSignedDPD())
            return SS_UNPROTECTED_PAYLOAD;

        //if the outer type is not a SignedData then we expect there to be no encapsulation layers
        innerContentType = outerContentType;
        innerContent = outerContent;
    }

    //check the inner content type - must be g_id_ct_scvp_certValResponse
    if(*g_id_ct_scvp_certValResponse != *innerContentType)
        return SS_UNSUPPORTED_PAYLOAD;
    else
    {
        CPKIFCVResponsePtr tmpCVR(new CPKIFCVResponse);
        tmpCVR->Decode(innerContent);
        parsedCvResponse = tmpCVR;

        //check response status
        CPKIFResponseStatusPtr responseStatus = parsedCvResponse->GetResponseStatus();
        int statusCode = responseStatus->GetStatusCode();
        if(0 != statusCode && 1 != statusCode)//okay and skipUnrecognizedItems
            return SS_BAD_RESPONSE_STATUS;

        //see if we need to check for a nonce
        CPKIFQueryPtr query = req->GetQuery();
        CPKIFResponseFlagsPtr responseFlags = query->GetResponseFlags();
        CPKIFBufferPtr reqNonce = req->GetNonce();
        if(reqNonce && responseFlags && false == responseFlags->GetCachedResponse())
        {
            //the nonce must match
            CPKIFBufferPtr respNonce = parsedCvResponse->GetNonce();
            if(respNonce)
            {
                if(*respNonce != *reqNonce)
                    return SS_NONCE_MISMATCH;
            }
            else
                return SS_MISSING_NONCE;
        }

        //no need to check requestorRef, requestorName or requestorText since we never populate those
    }

    if(*g_signedData == *outerContentType)
    {
        IPKIFMediatorPtr m = scvpClient->GetMediator();
        sd->AddMediator(m);

        CMSVerificationStatus status = NOT_VERIFIED;
        if(!sd->Verify(0, status))
            return SS_SIGNATURE_NOT_VERIFIED;
        else
            return SS_OK;
    }
    else
    {
        //the response was not signed and a signature was not required.  the parsed response
        //is being returned via parsedCvResponse
        return SS_OK;
    }
}
bool NameMatchesSCVPCertId(CPKIFSCVPCertIDPtr& certId, CPKIFNamePtr& issName)
{
    CPKIFGeneralNameListPtr gns;
    certId->GetIssuerName(gns);

    CPKIFGeneralNameList::iterator pos;
    CPKIFGeneralNameList::iterator end = gns->end();
    for(pos = gns->begin(); pos != end; ++pos)
    {
        if(CPKIFGeneralName::DIRECTORYNAME == (*pos)->GetType())
        {
            CPKIFNamePtr fromGN = (*pos)->directoryName();
            if(*fromGN == *issName)
                return true;
        }
    }

    return false;
}
bool CertReferenceMatchesCertificate(CPKIFCertReferencePtr& cr, CPKIFCertificatePtr& targetCert)
{
    CPKIFPKCReferencePtr pkcRef = cr->GetPKC();
    if(!pkcRef)
        return false;   //if the reference is not for a PKC, no match

    CPKIFCertificatePtr certFromPkcRef = pkcRef->GetCert();
    if(certFromPkcRef)
    {
        //if the ref has a complete certificate, compare it to the target
        return *certFromPkcRef == *targetCert;
    }
    else
    {
        //otherwise the reference has a certId, which could be hash or iss/serial
        CPKIFSCVPCertIDPtr certId = pkcRef->GetSCVPCertID();
        
        CPKIFBufferPtr hashFromId = certId->GetCertHash();
        //if hash, then hash the target with the same hash alg and see if the results match
        CPKIFAlgorithmIdentifierPtr ai = certId->GetHashAlgorithm();
        CPKIFOIDPtr oid = ai->oid();

        CPKIFAlgorithm* a = CPKIFAlgorithm::GetAlg(oid);
        if(a)
        {               
            IPKIFCryptoMisc* cryptoMisc = GetPlatformCryptoMisc();

            IPKIFHashContext* hc = NULL;
            try
            {
                hc = cryptoMisc->HashInit(a->HashAlg());
                CPKIFBufferPtr certBuf = targetCert->Encoded();
                cryptoMisc->HashUpdate(hc, (unsigned char*)certBuf->GetBuffer(), certBuf->GetLength());

                CPKIFBufferPtr targetHash(new CPKIFBuffer);
                int outLen = a->DigestSize();
                unsigned char* outBuf = targetHash->AllocateBuffer(outLen);
                cryptoMisc->HashFinal(hc, outBuf, &outLen);

                return *targetHash == *hashFromId;                  
            }
            catch(...)
            {
                if(hc)
                    delete hc;
                return false;
            }
        }
        else
            return false; //don't know this hash alg

        //if hash checks out, the iss/serial - grab both from the ref
        const char* serialNumFromId = certId->GetSerialNumber();
        if(serialNumFromId)
        {
            //check the serial number
            const char* targetSerialNum = targetCert->SerialNumber();
            size_t targetSerialNumLen = strlen(targetSerialNum);
            if(strlen(serialNumFromId) == targetSerialNumLen &&
                0 == memcmp(serialNumFromId, targetSerialNum, targetSerialNumLen))
            {
                //if that works, check the name
                CPKIFNamePtr targetIssName = targetCert->Issuer();
                return NameMatchesSCVPCertId(certId, targetIssName);
            }
            else
                return false; //serial doesn't match
        }
        else
            return false; //ref is malformed (i.e., either serial or iss name were NULL)
    }
}
CPKIFCertReplyPtr GetReplyObject(
    CPKIFCertReplyListPtr& replyObjects,
    CPKIFCertificatePtr& targetCert)
{
    CPKIFCertReplyPtr noMatch;
    if(!replyObjects || !targetCert)
        return noMatch;

    CPKIFCertReplyList::iterator pos;
    CPKIFCertReplyList::iterator end = replyObjects->end();
    for(pos = replyObjects->begin(); pos != end; ++pos)
    {
        CPKIFCertReferencePtr certRef = (*pos)->GetCertRef();
        if(CertReferenceMatchesCertificate(certRef, targetCert))
            return *pos;
    }

    return noMatch; 
}

bool MakeSureReplyChecksAreSuccessfulAndValErrorsAreAbsent(
    CPKIFCertReplyPtr& replyObject)
{
    if(!replyObject)
        return false;

    CPKIFOIDListPtr valErrors;
    replyObject->GetValErrors(valErrors);

    if(valErrors && !valErrors->empty())
        return false;

    CPKIFReplyCheckListPtr replyChecks;
    replyObject->GetReplyChecks(replyChecks);
    if(replyChecks)
    {
        CPKIFReplyCheckList::iterator pos;
        CPKIFReplyCheckList::iterator end = replyChecks->end();
        for(pos = replyChecks->begin(); pos != end; ++pos)
        {
            if(0 != (*pos)->GetStatus())
                return false;
        }
    }

    return true;
}