SCVPUtils.h

Go to the documentation of this file.

#ifndef __SCVPUtils_H__
#define __SCVPUtils_H__

#include "PKIFSCVPDLL.h"
#include "PKIFdll.h"
#include "SCVP.h"
#include "IPKIFScvpClient.h"
#include "PathResults.h"

FD_SMART_PTR(CPKIFValidationPolicy);
FD_SMART_PTR(CPKIFQuery);
FD_SMART_PTR(CPKIFPKCReference);
FD_LIST_PTR(CPKIFOID);
FD_LIST_PTR(CPKIFAlgorithmIdentifier);
FD_LIST_PTR(CPKIFCertReply);
FD_LIST_PTR(CPKIFGeneralName);
FD_SMART_PTR(CPKIFKeyAgreePublicKey);
FD_SMART_PTR(CPKIFCertificatePath);
FD_SMART_PTR(CPKIFBuffer);
FD_SMART_PTR(CPKIFCVRequest);
FD_SMART_PTR(CPKIFCVResponse);
FD_SMART_PTR(CPKIFCertReference);

CPKIFOIDListPtr PopulatePKIFOIDList(DList* list);
void PopulateValidationPolicy(ValidationPolicy*, CPKIFValidationPolicyPtr valPol, OOCTXT& ctxt);
CPKIFAlgorithmIdentifierListPtr PopulatePKIFAlgorithmIdentifierList(DList* list);
void PopulateDListWithASN1OBJID(DList* list, CPKIFOIDListPtr pkifOIDList);
void PopulateDListWithCACX509V3AlgorithmIdentifier(DList* list, CPKIFAlgorithmIdentifierListPtr pkifOIDList);
void PopulateQuery(Query* queryOut, CPKIFQueryPtr query, OOCTXT& ctxt);
void PopulatePKCReference(PKCReference* keyUsageStruct, CPKIFPKCReferencePtr& pkcRef, OOCTXT& ctxt);
void PopulateReplyObjects(ReplyObjects* list,   CPKIFCertReplyListPtr& replyObjects, OOCTXT& ctxt);
CPKIFGeneralNameListPtr PopulatePKIFGeneralNameList(DList* list);
void PopulateDListWithCACX509V3GeneralName(DList* list, CPKIFGeneralNameListPtr pkifOIDList);
void PopulateKeyAgreePublicKey(CACX509V3AlgorithmIdentifier* objPubKey, CPKIFAlgorithmIdentifierPtr pubKey);

enum SCVP_SignatureState
{
    SS_OK = 0,  //either signature not required or signature verified
    SS_SIGNATURE_NOT_VERIFIED = 1,
    SS_NOT_SIGNED = 2,
    SS_UNSUPPORTED_PAYLOAD = 3,
    SS_UNPROTECTED_PAYLOAD = 4,
    SS_BAD_RESPONSE_STATUS = 5,
    SS_MISSING_NONCE = 6,
    SS_NONCE_MISMATCH = 7,
    SS_OTHER_ERROR
};

CPKIFQueryPtr MakeQueryForPath(CPKIFCertificatePath& path, CPKIFOIDPtr& certCheck, IPKIFScvpClient* scvpClient);
SCVP_SignatureState VerifyResponseSignature(CPKIFBufferPtr& encResp, IPKIFScvpClient* scvpClient, CPKIFCVRequestPtr& req, bool reqIsDpd, CPKIFCVResponsePtr& parsedResponse);
CPKIFCertReplyPtr GetReplyObject(CPKIFCertReplyListPtr& replyObjects, CPKIFCertificatePtr& targetCert);
bool CertReferenceMatchesCertificate(CPKIFCertReferencePtr& cr, CPKIFCertificatePtr& targetCert);

void CertPathWantBackToResultsAndStores(
    CPKIFBufferPtr& certPathWB,
    CPKIFBufferPtr& revInfoWB,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient,
    CPKIFPathValidationResults& results,
    IPKIFColleague* iCol
    );

bool CertPathWantBackToResultsAndStoresForDpd(
    CPKIFBufferPtr& certPathWB,
    CPKIFBufferPtr& revInfoWB,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient,
    IPKIFColleague* iCol
    );

void StickCrlsFromWantBackInCrlStore(
    CPKIFBufferPtr& revInfoWB,
    IPKIFScvpClient* scvpClient,
    IPKIFColleague* iCol);

void RevInfoWantBackToResults(
    CPKIFBufferPtr& encWB,
    CPKIFCertificatePath& path);

bool MakeSureReplyChecksAreSuccessfulAndValErrorsAreAbsent(CPKIFCertReplyPtr& replyObject);

void VerifyCertPathWB_ER(
    CPKIFBufferPtr& bestCertPathWB,
    CPKIFBufferPtr& bestCertPathWB_ER,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient
    );

void VerifyPartialPathWB_ER(
    CPKIFBufferPtr& partialPathWB,
    CPKIFBufferPtr& partialPathWB_ER,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient
    );

void VerifyRevInfoWB_ER(
    CPKIFBufferPtr& revInfoWB,
    CPKIFBufferPtr& revInfoWB_ER,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient
    );

void VerifyPKCCertWB_ER(
    CPKIFCertificatePtr& pkcCert,
    CPKIFBufferPtr& pkcCertWB_ER,
    CPKIFCertificatePath& path,
    IPKIFScvpClient* scvpClient
    );

#endif