SCVPUtils.h File Reference
Detailed Description
Subsystem: Server-based Certificate Validation Protocol (PKIFSCVP)Module: Miscellaneous
- Id
- SCVPUtils.h 12005 2010-11-04 13:18:33Z agalustyan
Definition in file SCVPUtils.h.
#include "PKIFSCVPDLL.h"
#include "PKIFdll.h"
#include "SCVP.h"
#include "IPKIFScvpClient.h"
#include "PathResults.h"
Go to the source code of this file.
Enumerations | |
| enum | SCVP_SignatureState { SS_OK = 0, SS_SIGNATURE_NOT_VERIFIED = 1, SS_NOT_SIGNED = 2, SS_UNSUPPORTED_PAYLOAD = 3, SS_UNPROTECTED_PAYLOAD = 4, SS_BAD_RESPONSE_STATUS = 5, SS_MISSING_NONCE = 6, SS_NONCE_MISMATCH = 7, SS_OTHER_ERROR } |
Functions | |
| FD_SMART_PTR (CPKIFValidationPolicy) | |
| FD_SMART_PTR (CPKIFQuery) | |
| FD_SMART_PTR (CPKIFPKCReference) | |
| FD_LIST_PTR (CPKIFOID) | |
| FD_LIST_PTR (CPKIFAlgorithmIdentifier) | |
| FD_LIST_PTR (CPKIFCertReply) | |
| FD_LIST_PTR (CPKIFGeneralName) | |
| FD_SMART_PTR (CPKIFKeyAgreePublicKey) | |
| FD_SMART_PTR (CPKIFCertificatePath) | |
| FD_SMART_PTR (CPKIFBuffer) | |
| FD_SMART_PTR (CPKIFCVRequest) | |
| FD_SMART_PTR (CPKIFCVResponse) | |
| FD_SMART_PTR (CPKIFCertReference) | |
| CPKIFOIDListPtr | PopulatePKIFOIDList (DList *list) |
| void | PopulateValidationPolicy (ValidationPolicy *, CPKIFValidationPolicyPtr valPol, OOCTXT &ctxt) |
| CPKIFAlgorithmIdentifierListPtr | PopulatePKIFAlgorithmIdentifierList (DList *list) |
| void | PopulateDListWithASN1OBJID (DList *list, CPKIFOIDListPtr pkifOIDList) |
| void | PopulateDListWithCACX509V3AlgorithmIdentifier (DList *list, CPKIFAlgorithmIdentifierListPtr pkifOIDList) |
| void | PopulateQuery (Query *queryOut, CPKIFQueryPtr query, OOCTXT &ctxt) |
| void | PopulatePKCReference (PKCReference *keyUsageStruct, CPKIFPKCReferencePtr &pkcRef, OOCTXT &ctxt) |
| void | PopulateReplyObjects (ReplyObjects *list, CPKIFCertReplyListPtr &replyObjects, OOCTXT &ctxt) |
| CPKIFGeneralNameListPtr | PopulatePKIFGeneralNameList (DList *list) |
| void | PopulateDListWithCACX509V3GeneralName (DList *list, CPKIFGeneralNameListPtr pkifOIDList) |
| void | PopulateKeyAgreePublicKey (CACX509V3AlgorithmIdentifier *objPubKey, CPKIFAlgorithmIdentifierPtr pubKey) |
| CPKIFQueryPtr | MakeQueryForPath (CPKIFCertificatePath &path, CPKIFOIDPtr &certCheck, IPKIFScvpClient *scvpClient) |
| SCVP_SignatureState | VerifyResponseSignature (CPKIFBufferPtr &encResp, IPKIFScvpClient *scvpClient, CPKIFCVRequestPtr &req, bool reqIsDpd, CPKIFCVResponsePtr &parsedResponse) |
| CPKIFCertReplyPtr | GetReplyObject (CPKIFCertReplyListPtr &replyObjects, CPKIFCertificatePtr &targetCert) |
| bool | CertReferenceMatchesCertificate (CPKIFCertReferencePtr &cr, CPKIFCertificatePtr &targetCert) |
| void | CertPathWantBackToResultsAndStores (CPKIFBufferPtr &certPathWB, CPKIFBufferPtr &revInfoWB, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient, CPKIFPathValidationResults &results, IPKIFColleague *iCol) |
| bool | CertPathWantBackToResultsAndStoresForDpd (CPKIFBufferPtr &certPathWB, CPKIFBufferPtr &revInfoWB, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient, IPKIFColleague *iCol) |
| void | StickCrlsFromWantBackInCrlStore (CPKIFBufferPtr &revInfoWB, IPKIFScvpClient *scvpClient, IPKIFColleague *iCol) |
| void | RevInfoWantBackToResults (CPKIFBufferPtr &encWB, CPKIFCertificatePath &path) |
| bool | MakeSureReplyChecksAreSuccessfulAndValErrorsAreAbsent (CPKIFCertReplyPtr &replyObject) |
| void | VerifyCertPathWB_ER (CPKIFBufferPtr &bestCertPathWB, CPKIFBufferPtr &bestCertPathWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyPartialPathWB_ER (CPKIFBufferPtr &partialPathWB, CPKIFBufferPtr &partialPathWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyRevInfoWB_ER (CPKIFBufferPtr &revInfoWB, CPKIFBufferPtr &revInfoWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyPKCCertWB_ER (CPKIFCertificatePtr &pkcCert, CPKIFBufferPtr &pkcCertWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
Enumeration Type Documentation
| enum SCVP_SignatureState |
- Enumerator:
-
SS_OK SS_SIGNATURE_NOT_VERIFIED SS_NOT_SIGNED SS_UNSUPPORTED_PAYLOAD SS_UNPROTECTED_PAYLOAD SS_BAD_RESPONSE_STATUS SS_MISSING_NONCE SS_NONCE_MISMATCH SS_OTHER_ERROR
Definition at line 44 of file SCVPUtils.h.
Function Documentation
| void CertPathWantBackToResultsAndStores | ( | CPKIFBufferPtr & | certPathWB, | |
| CPKIFBufferPtr & | revInfoWB, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient, | |||
| CPKIFPathValidationResults & | results, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function will take a certificate path want back and populate certificate path object and add certificates to certificate stores
- Returns:
- None
- Parameters:
-
certPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy results [in] Used to set the status values
Definition at line 695 of file SCVPUtils_WantBacks.cpp.
References IPKIFCertRepositoryUpdate::AddCertificate(), AssociateRevInfoWithCertStatusIfPossible(), PKIFENUMS::CA, CPKIFCertBundle::Decode(), IPKIFScvpClient::FetchValPol(), CPKIFPathValidationResults::GetBasicChecksSuccessfullyPerformed(), CPKIFCertBundle::GetCertList(), CPKIFPathValidationResults::GetCertSignaturesVerified(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), CPKIFCertificatePath::GetTrustRoot(), GetTrustRootFromValPol(), IPKIFTrustCache::GetTrustRoots(), IPKIFScvpClient::GetValPol(), PKIFENUMS::REMOTE, SERVER_CHECKED, CPKIFCertificatePath::SetPath(), CPKIFCertificatePath::SetTrustRoot(), IPKIFCryptoRawOperations::VerifyCertificate(), and IPKIFScvpClient::VerifyValPol().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| bool CertPathWantBackToResultsAndStoresForDpd | ( | CPKIFBufferPtr & | certPathWB, | |
| CPKIFBufferPtr & | revInfoWB, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function will take a certificate path want back and populate certificate path object and add certificates to certificate stores dedicated path discovery
- Returns:
- None
- Parameters:
-
certPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 882 of file SCVPUtils_WantBacks.cpp.
References IPKIFCertRepositoryUpdate::AddCertificate(), IPKIFCRLRepositoryUpdate::AddCRL(), PKIFENUMS::CA, CPKIFCertBundle::Decode(), IPKIFScvpClient::FetchValPol(), CPKIFCertBundle::GetCertList(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), GetTrustRootFromValPol(), IPKIFTrustCache::GetTrustRoots(), IPKIFScvpClient::GetValPol(), PKIFENUMS::REMOTE, REVINFOTYPE_CRL, REVINFOTYPE_DELTACRL, CPKIFCertificatePath::SetPath(), CPKIFCertificatePath::SetTrustRoot(), IPKIFCryptoRawOperations::VerifyCertificate(), and IPKIFScvpClient::VerifyValPol().
Referenced by CPKIFScvpPathBuild::BuildPath().
| bool CertReferenceMatchesCertificate | ( | CPKIFCertReferencePtr & | cr, | |
| CPKIFCertificatePtr & | targetCert | |||
| ) |
Interface: Subsystem
This function compares a certificate with certificate reference and returns true if they match, false otherwise
- Returns:
- True if they match, false otherwise
Definition at line 1968 of file SCVPUtils.cpp.
References CPKIFAlgorithm::DigestSize(), CPKIFAlgorithm::GetAlg(), GetPlatformCryptoMisc(), CPKIFAlgorithm::HashAlg(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), and NameMatchesSCVPCertId().
Referenced by GetReplyObject().
| FD_LIST_PTR | ( | CPKIFGeneralName | ) |
| FD_LIST_PTR | ( | CPKIFCertReply | ) |
| FD_LIST_PTR | ( | CPKIFAlgorithmIdentifier | ) |
| FD_LIST_PTR | ( | CPKIFOID | ) |
| FD_SMART_PTR | ( | CPKIFCertReference | ) |
| FD_SMART_PTR | ( | CPKIFCVResponse | ) |
| FD_SMART_PTR | ( | CPKIFCVRequest | ) |
| FD_SMART_PTR | ( | CPKIFBuffer | ) |
| FD_SMART_PTR | ( | CPKIFCertificatePath | ) |
| FD_SMART_PTR | ( | CPKIFKeyAgreePublicKey | ) |
| FD_SMART_PTR | ( | CPKIFPKCReference | ) |
| FD_SMART_PTR | ( | CPKIFQuery | ) |
| FD_SMART_PTR | ( | CPKIFValidationPolicy | ) |
| CPKIFCertReplyPtr GetReplyObject | ( | CPKIFCertReplyListPtr & | replyObjects, | |
| CPKIFCertificatePtr & | targetCert | |||
| ) |
Interface: Subsystem
This function returns SCVP reply object that matches the certificate
- Returns:
- Smart pointer to CPKIFCertReply object
- Parameters:
-
replyObjects [in] List of reply object to search targetCert [in] Target certificate
Definition at line 2047 of file SCVPUtils.cpp.
References CertReferenceMatchesCertificate().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().
| CPKIFQueryPtr MakeQueryForPath | ( | CPKIFCertificatePath & | path, | |
| CPKIFOIDPtr & | certCheck, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
MakeQueryForPath looks at a certificate path and an IPKIFScvpClient and creates a Query object consistent with those inputs for the type of check indicated by the certCheck parameter. This function always includes the full certificate obtained via calling GetTarget on the path parameter in the Query.
Query ::= SEQUENCE { queriedCerts CertReferences, checks CertChecks, -- Note: tag [0] not used -- wantBack [1] WantBack OPTIONAL, validationPolicy ValidationPolicy, responseFlags ResponseFlags OPTIONAL, serverContextInfo [2] OCTET STRING OPTIONAL, validationTime [3] GeneralizedTime OPTIONAL, intermediateCerts [4] CertBundle OPTIONAL, revInfos [5] RevocationInfos OPTIONAL, producedAt [6] GeneralizedTime OPTIONAL, queryExtensions [7] Extensions OPTIONAL }
- Returns:
- CPKIFQueryPtr
- Parameters:
-
path [in] Certification path object containing the target of the path processing operation certCheck [in] Object identifier that indicates the type of check to perform (expected to be g_id_stc_build_pkc_path or g_id_stc_build_status_checked_pkc_path) scvpClient [in] Pointer to the SCVP client (used to collect various settings that influence the query)
Definition at line 1670 of file SCVPUtils.cpp.
References CPKIFPeriod::contains(), CPKIFTime::CurrentTime(), g_id_stc_build_pkc_path, IPKIFScvpClient::GetGenerateNonce(), CPKIFCertificatePath::GetPathSettings(), IPKIFScvpClient::GetRequireNonceMatch(), IPKIFScvpClient::GetRequireSignedDPD(), CPKIFCertificatePath::GetTarget(), IPKIFScvpClient::GetWantBacks(), and PrepareCustomValidationPolicyIfNecessary().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().
| bool MakeSureReplyChecksAreSuccessfulAndValErrorsAreAbsent | ( | CPKIFCertReplyPtr & | replyObject | ) |
Interface: Subsystem
Returns true if all replyChecks indicate success and valErrors are absent and false otherwise.
- Returns:
- True is successful and no errors
- Parameters:
-
replyObject [in] Certy reply object
Definition at line 2076 of file SCVPUtils.cpp.
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().
| void PopulateDListWithASN1OBJID | ( | DList * | list, | |
| CPKIFOIDListPtr | pkifOIDList | |||
| ) |
Interface: Subsystem
This is a helper function that populates DList with ASN1OBJID objects
- Returns:
- None
Definition at line 509 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, and SET_HEAD_TAIL_INCREMENT.
Referenced by CPKIFValPolResponse::Encode(), PopulateQuery(), PopulateReplyObjects(), and PopulateValidationPolicy().
| void PopulateDListWithCACX509V3AlgorithmIdentifier | ( | DList * | list, | |
| CPKIFAlgorithmIdentifierListPtr | pkifOIDList | |||
| ) |
Interface: Subsystem
This is a helper function that populates DList with CACX509V3AlgorithmIdentifier objects
- Returns:
- None
Definition at line 553 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, and SET_HEAD_TAIL_INCREMENT.
Referenced by CPKIFValPolResponse::Encode().
| void PopulateDListWithCACX509V3GeneralName | ( | DList * | list, | |
| CPKIFGeneralNameListPtr | pkifGenNameList | |||
| ) |
Interface: Subsystem
This is a helper function that populates DList with ASN1OBJID objects
- Returns:
- None
Definition at line 470 of file SCVPUtils.cpp.
References CopyGeneralName(), NEW_NEXT_AND_ADVANCE, NEW_NODE, and SET_HEAD_TAIL_INCREMENT.
| void PopulateKeyAgreePublicKey | ( | CACX509V3AlgorithmIdentifier * | objAlgID, | |
| CPKIFAlgorithmIdentifierPtr | algID | |||
| ) |
Interface: Subsystem
This is a helper function that populates KeyAgreePublicKey object
- Returns:
- None
Definition at line 50 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), and CopyOID().
Referenced by CPKIFValPolResponse::Encode().
| void PopulatePKCReference | ( | PKCReference * | pkcReferenceStruct, | |
| CPKIFPKCReferencePtr & | pkcRef, | |||
| OOCTXT & | ctxt | |||
| ) |
Interface: Subsystem
This function populates PKCReference structure
- Returns:
- None
- Parameters:
-
pkcReferenceStruct [in/out] Pointer to PKCReference structure which will be populated pkcRef [in] Smart pointer to CPKIFPKCReference object which contains the values used in populating PKCReference structure
Definition at line 737 of file SCVPUtils.cpp.
References COMMON_INVALID_INPUT, ConvertStringToASN1OBJID(), CopyGeneralName(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, SET_HEAD_TAIL_INCREMENT, TOOLKIT_SCVP, and TOOLKIT_SCVP_ASN.
Referenced by PopulateQuery().
| CPKIFAlgorithmIdentifierListPtr PopulatePKIFAlgorithmIdentifierList | ( | DList * | list | ) |
Interface: Subsystem
This is a helper function that populates DList with ASN1OBJID objects
- Returns:
- None
Definition at line 603 of file SCVPUtils.cpp.
Referenced by CPKIFValPolResponse::Decode().
| CPKIFGeneralNameListPtr PopulatePKIFGeneralNameList | ( | DList * | list | ) |
Interface: Subsystem
This is a helper function that populates CPKIFGeneralNameList with object from DList
- Returns:
- None
Definition at line 421 of file SCVPUtils.cpp.
References CACASNWRAPPER_CREATE.
| CPKIFOIDListPtr PopulatePKIFOIDList | ( | DList * | list | ) |
Interface: Subsystem
This is a helper function that populates CPKIFOIDList with object from DList
- Returns:
- None
Definition at line 450 of file SCVPUtils.cpp.
Referenced by CPKIFValidationPolicy::CPKIFValidationPolicy(), and CPKIFValPolResponse::Decode().
| void PopulateQuery | ( | Query * | queryOut, | |
| CPKIFQueryPtr | query, | |||
| OOCTXT & | ctxt | |||
| ) |
Interface: Subsystem
This function populates query item of CVRequest
- Returns:
- None
- Parameters:
-
queryOut [in] A pointer to CVRequest structure. query [in] A reference to a smart pointer to CPKIFQueryPtr object
Definition at line 840 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, PopulateACReference(), PopulateDListWithASN1OBJID(), PopulatePKCReference(), PopulateValidationPolicy(), SET_HEAD_TAIL_INCREMENT, and TOOLKIT_SCVP.
Referenced by CPKIFCVRequest::Encode().
| void PopulateReplyObjects | ( | ReplyObjects * | list, | |
| CPKIFCertReplyListPtr & | replyObjects, | |||
| OOCTXT & | ctxt | |||
| ) |
Interface: Subsystem
This function populates ReplyObjects
- Returns:
- None
- Parameters:
-
list [out] A pointer to CVResponse structure. replyObjects [in] A reference to a smart pointer to CPKIFCertReplyList object
Definition at line 1146 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), CopyGeneralName(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, PopulateDListWithASN1OBJID(), SET_HEAD_TAIL_INCREMENT, and TOOLKIT_SCVP.
| void PopulateValidationPolicy | ( | ValidationPolicy * | valPolResponse, | |
| CPKIFValidationPolicyPtr | valPol, | |||
| OOCTXT & | ctxt | |||
| ) |
Interface: Subsystem
This is a helper function that populates validation policy object
- Returns:
- None
Definition at line 147 of file SCVPUtils.cpp.
References ConvertStringToASN1OBJID(), CopyGeneralName(), CopyOID(), NEW_NEXT_AND_ADVANCE, NEW_NODE, PopulateDListWithASN1OBJID(), PopulateKeyUsage(), SET_HEAD_TAIL_INCREMENT, and TOOLKIT_SCVP.
Referenced by CPKIFValPolResponse::Encode(), and PopulateQuery().
| void RevInfoWantBackToResults | ( | CPKIFBufferPtr & | encWB, | |
| CPKIFCertificatePath & | path | |||
| ) |
- Parameters:
-
encWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle path [in/out] Path object to populate with the path contents
| void StickCrlsFromWantBackInCrlStore | ( | CPKIFBufferPtr & | revInfoWB, | |
| IPKIFScvpClient * | scvpClient, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function adds CRLs found in a want back to CRL store
- Returns:
- None
- Parameters:
-
revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack scvpClient [in] Mediator set from which IPKIFCrlUpdate pointer is obtained iCol [in] IPKIFColleague pointer if not NULL IPKIFCRLRepositoryUpdate will be obtained from it
Definition at line 625 of file SCVPUtils_WantBacks.cpp.
References IPKIFCRLRepositoryUpdate::AddCRL(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), REVINFOTYPE_CRL, and REVINFOTYPE_DELTACRL.
Referenced by CPKIFScvpPathBuild::BuildPath().
| void VerifyCertPathWB_ER | ( | CPKIFBufferPtr & | bestCertPathWB, | |
| CPKIFBufferPtr & | bestCertPathWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given best cert want back as input
- Returns:
- None
- Parameters:
-
bestCertPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle bestCertPathWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 434 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFCertBundle::Decode(), g_idSwbErsBestCertPath, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| void VerifyPartialPathWB_ER | ( | CPKIFBufferPtr & | partialPathWB, | |
| CPKIFBufferPtr & | partialPathWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given partial path want back as input
- Returns:
- None
- Parameters:
-
partialPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle partialPathWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 470 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFCertBundle::Decode(), g_idSwbErsPartialCertPath, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| void VerifyPKCCertWB_ER | ( | CPKIFCertificatePtr & | pkcCert, | |
| CPKIFBufferPtr & | pkcCertWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given PKC cert want back as input
- Returns:
- None
- Parameters:
-
pkcCert [in] CPKIFCertificatePtr that points to certificate pkcCertWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 585 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), g_idSwbErsPkcCert, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| SCVP_SignatureState VerifyResponseSignature | ( | CPKIFBufferPtr & | encResp, | |
| IPKIFScvpClient * | scvpClient, | |||
| CPKIFCVRequestPtr & | req, | |||
| bool | reqIsDpd, | |||
| CPKIFCVResponsePtr & | parsedCvResponse | |||
| ) |
Interface: Subsystem
VerifyResponseSignature parses a CVResponse and, if necessary, verifies the signature. If the return value is either SS_OK or SS_SIGNATURE_NOT_VERIFIED, the parsed CVResponse is returned via the outbound parsedCvResponse parameter. This function also checks the value of the responseStatus field and checks the nonce, if the request included a nonce.
Possible errors include:
- SS_OTHER_ERROR: the input was NULL
- SS_UNPROTECTED_PAYLOAD: the payload was not protected but should've been
- SS_UNSUPPORTED_PAYLOAD: the payload was not a CVResponse
- SS_BAD_RESPONSE_STATUS: the overall response status was not okay or skipUnrecognizedItems
- SS_NONCE_MISMATCH: a nonce was required and the nonce that was returned did not request match
- SS_MISSING_NONCE: a nonce was required but the response had no nonce
- SS_SIGNATURE_NOT_VERIFIED: signature verification failed
- Returns:
- SCVP_SignatureState
- Parameters:
-
encResp [in] scvpClient [in] req [in] reqIsDpd [in] parsedCvResponse [out]
Definition at line 1829 of file SCVPUtils.cpp.
References CPKIFContentInfo::Decode(), g_id_ct_scvp_certValResponse, g_signedData, CPKIFContentInfo::GetContent(), CPKIFContentInfo::GetContentType(), IPKIFScvpClient::GetMediator(), IPKIFScvpClient::GetRequireSignedDPD(), NOT_VERIFIED, SS_BAD_RESPONSE_STATUS, SS_MISSING_NONCE, SS_NONCE_MISMATCH, SS_OK, SS_OTHER_ERROR, SS_SIGNATURE_NOT_VERIFIED, SS_UNPROTECTED_PAYLOAD, and SS_UNSUPPORTED_PAYLOAD.
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().
| void VerifyRevInfoWB_ER | ( | CPKIFBufferPtr & | revInfoWB, | |
| CPKIFBufferPtr & | revInfoWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given revocation info want back as input
- Returns:
- None
- Parameters:
-
revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded sequence of rev infos revInfoWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded sequence of EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 514 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFEvidenceRecordBundle::Decode(), g_idSwbErsRevocationInfo, CPKIFEvidenceRecordBundle::GetERList(), IPKIFScvpClient::GetEvidenceRecordVerifier(), GetRevInfos(), IPKIFScvpClient::GetWantBacksFromResponse(), REVINFOTYPE_CRL, and REVINFOTYPE_DELTACRL.
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
