SCVPUtils_WantBacks.cpp File Reference
Detailed Description
Subsystem: Server-based Certificate Validation Protocol (PKIFSCVP)Module: Miscellaneous
- Id
- SCVPUtils_WantBacks.cpp 12012 2010-11-05 11:59:06Z agalustyan
Definition in file SCVPUtils_WantBacks.cpp.
#include "pkif.h"
#include "PKIFCryptUtils.h"
#include "CertBundle.h"
#include "CertReferences.h"
#include "IPKIFScvpClient.h"
#include "PKCReference.h"
#include "ReplyWantBack.h"
#include "RevocationInfo.h"
#include "RevInfoWantBack.h"
#include "ValidationPolicy.h"
#include "ValPolResponse.h"
#include "ERSConstants.h"
#include "EvidenceRecord.h"
#include "EvidenceRecordBundle.h"
#include "EvidenceRecordVerifier.h"
#include <cstring>
Go to the source code of this file.
Functions | |
| CPKIFRevocationInfoListPtr PKIFSCVP_API | GetRevInfos (CPKIFBufferPtr &revInfoWB) |
| bool | CrlCoversCert (CPKIFCRLPtr &crl, CPKIFCertificatePtr &cert) |
| CPKIFBufferPtr | _HashIssuerName (const CPKIFCertificate &cert, IPKIFCryptoMisc *cMisc) |
| bool | _CertIDMatchesCert (CPKIFCertIDPtr &cid, const CPKIFCertificate &cert, IPKIFCryptoMisc *m) |
| bool | OcspResponseCoversCertificate (CPKIFOCSPResponsePtr &ocsp, CPKIFCertificatePtr &cert) |
| void | AssociateRevInfoWithCertStatusIfPossible (CPKIFRevocationInfoListPtr &revInfos, CPKIFCertStatusPtr &status, CPKIFCertificatePtr &cert) |
| CPKIFTrustRootPtr | GetTrustRootFromValPol (CPKIFValPolResponsePtr &vpr, CPKIFCertificatePtr &issuedByTheRoot, IPKIFCryptoRawOperations *cryptoRaw) |
| void | AssociateEvidenceRecordResultsWithWantBack (SeqResultsPtr &seqResults, CPKIFOIDPtr &wantBackType, CPKIFReplyWantBack_ExtDataHandlerPtr &wantBacks) |
| void | VerifyCertPathWB_ER (CPKIFBufferPtr &bestCertPathWB, CPKIFBufferPtr &bestCertPathWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyPartialPathWB_ER (CPKIFBufferPtr &partialPathWB, CPKIFBufferPtr &partialPathWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyRevInfoWB_ER (CPKIFBufferPtr &revInfoWB, CPKIFBufferPtr &revInfoWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | VerifyPKCCertWB_ER (CPKIFCertificatePtr &pkcCert, CPKIFBufferPtr &pkcCertWB_ER, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient) |
| void | StickCrlsFromWantBackInCrlStore (CPKIFBufferPtr &revInfoWB, IPKIFScvpClient *scvpClient, IPKIFColleague *iCol) |
| void | CertPathWantBackToResultsAndStores (CPKIFBufferPtr &certPathWB, CPKIFBufferPtr &revInfoWB, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient, CPKIFPathValidationResults &results, IPKIFColleague *iCol) |
| bool | CertPathWantBackToResultsAndStoresForDpd (CPKIFBufferPtr &certPathWB, CPKIFBufferPtr &revInfoWB, CPKIFCertificatePath &path, IPKIFScvpClient *scvpClient, IPKIFColleague *iCol) |
Function Documentation
| bool _CertIDMatchesCert | ( | CPKIFCertIDPtr & | cid, | |
| const CPKIFCertificate & | cert, | |||
| IPKIFCryptoMisc * | m | |||
| ) |
Interface: Subsystem
This is a helper function that determines if Cert ID matches the certificate
- Returns:
- True if cert ID matches the certificate, false otherwise
- Parameters:
-
cid [in] A reference to a smart pointer to a CPKIFCertID object cert [in] A reference to a CPKIFCertificate object m [in] [in] Pointer to an object that implements the IPKIFColleague interface
Definition at line 167 of file SCVPUtils_WantBacks.cpp.
References _HashIssuerName(), LOG_STRING_DEBUG, CPKIFCertificate::SerialNumber(), stricmp, and TOOLKIT_OCSP_CHECKER.
| CPKIFBufferPtr _HashIssuerName | ( | const CPKIFCertificate & | cert, | |
| IPKIFCryptoMisc * | cMisc | |||
| ) |
Interface: Subsystem
This function calculates the has of the issuer name
- Returns:
- A smart pointer to CPKIFBuffer object
- Exceptions:
-
CPKIFException(COMMON_MEDIATOR_MISSING) CPKIFException(COMMON_INVALID_INPUT) CPKIFException(COMMON_UNSUPPORTED_ALG)
- Parameters:
-
cert [in] A reference to CPKIFCertificate object from which we will obtain issuer name cMisc [in] [in] Pointer to an object that implements the IPKIFColleague interface
Definition at line 110 of file SCVPUtils_WantBacks.cpp.
References COMMON_INVALID_INPUT, COMMON_UNSUPPORTED_ALG, IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), CPKIFCertificate::Issuer(), MAXHASH, PKIFCRYPTO::SHA1, and TOOLKIT_OCSP_CHECKER.
| void AssociateEvidenceRecordResultsWithWantBack | ( | SeqResultsPtr & | seqResults, | |
| CPKIFOIDPtr & | wantBackType, | |||
| CPKIFReplyWantBack_ExtDataHandlerPtr & | wantBacks | |||
| ) |
Interface: Subsystem
This function associates evidence rocord results with a want back
- Returns:
- None
- Parameters:
-
seqResults [in] Evidence record results wantBackType [in] Want back type wantBacks [out] Want backs
Definition at line 405 of file SCVPUtils_WantBacks.cpp.
Referenced by VerifyCertPathWB_ER(), VerifyPartialPathWB_ER(), VerifyPKCCertWB_ER(), and VerifyRevInfoWB_ER().
| void AssociateRevInfoWithCertStatusIfPossible | ( | CPKIFRevocationInfoListPtr & | revInfos, | |
| CPKIFCertStatusPtr & | status, | |||
| CPKIFCertificatePtr & | cert | |||
| ) |
Interface: Subsystem
This function tries to associate revocation information with a certificate, if so that rev info is stuffed into the status object.
Caller must ensure both values are non-NULL.
- Returns:
- None
- Parameters:
-
revInfos [in] Revocation info list to be checked status [out] Certificate status object to which rev info will be added cert [in] Target certificate
Definition at line 266 of file SCVPUtils_WantBacks.cpp.
References CrlCoversCert(), OcspResponseCoversCertificate(), REV_INFO_CAST, REVINFOTYPE_CRL, REVINFOTYPE_DELTACRL, REVINFOTYPE_NONE, REVINFOTYPE_OCSPRESP, REVINFOTYPE_OTHER, REVSOURCE_CRL, REVSOURCE_OCSP, and SERVER_CHECKED.
Referenced by CertPathWantBackToResultsAndStores().
| void CertPathWantBackToResultsAndStores | ( | CPKIFBufferPtr & | certPathWB, | |
| CPKIFBufferPtr & | revInfoWB, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient, | |||
| CPKIFPathValidationResults & | results, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function will take a certificate path want back and populate certificate path object and add certificates to certificate stores
- Returns:
- None
- Parameters:
-
certPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy results [in] Used to set the status values
Definition at line 695 of file SCVPUtils_WantBacks.cpp.
References IPKIFCertRepositoryUpdate::AddCertificate(), AssociateRevInfoWithCertStatusIfPossible(), PKIFENUMS::CA, CPKIFCertBundle::Decode(), IPKIFScvpClient::FetchValPol(), CPKIFPathValidationResults::GetBasicChecksSuccessfullyPerformed(), CPKIFCertBundle::GetCertList(), CPKIFPathValidationResults::GetCertSignaturesVerified(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), CPKIFCertificatePath::GetTrustRoot(), GetTrustRootFromValPol(), IPKIFTrustCache::GetTrustRoots(), IPKIFScvpClient::GetValPol(), PKIFENUMS::REMOTE, SERVER_CHECKED, CPKIFCertificatePath::SetPath(), CPKIFCertificatePath::SetTrustRoot(), IPKIFCryptoRawOperations::VerifyCertificate(), and IPKIFScvpClient::VerifyValPol().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| bool CertPathWantBackToResultsAndStoresForDpd | ( | CPKIFBufferPtr & | certPathWB, | |
| CPKIFBufferPtr & | revInfoWB, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function will take a certificate path want back and populate certificate path object and add certificates to certificate stores dedicated path discovery
- Returns:
- None
- Parameters:
-
certPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 882 of file SCVPUtils_WantBacks.cpp.
References IPKIFCertRepositoryUpdate::AddCertificate(), IPKIFCRLRepositoryUpdate::AddCRL(), PKIFENUMS::CA, CPKIFCertBundle::Decode(), IPKIFScvpClient::FetchValPol(), CPKIFCertBundle::GetCertList(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), GetTrustRootFromValPol(), IPKIFTrustCache::GetTrustRoots(), IPKIFScvpClient::GetValPol(), PKIFENUMS::REMOTE, REVINFOTYPE_CRL, REVINFOTYPE_DELTACRL, CPKIFCertificatePath::SetPath(), CPKIFCertificatePath::SetTrustRoot(), IPKIFCryptoRawOperations::VerifyCertificate(), and IPKIFScvpClient::VerifyValPol().
Referenced by CPKIFScvpPathBuild::BuildPath().
| bool CrlCoversCert | ( | CPKIFCRLPtr & | crl, | |
| CPKIFCertificatePtr & | cert | |||
| ) |
Interface: Subsystem
This function determines if a crl covers given certificate
- Returns:
- True if CRL covers the cert, false otherwise
- Parameters:
-
crl [in] CRL to be checked cert [in] Target certificate
Definition at line 67 of file SCVPUtils_WantBacks.cpp.
Referenced by AssociateRevInfoWithCertStatusIfPossible().
| CPKIFRevocationInfoListPtr PKIFSCVP_API GetRevInfos | ( | CPKIFBufferPtr & | revInfoWB | ) |
Interface: External
This function returns revocation info list based on encoded revocation info want back
- Returns:
- Smart pointer to CPKIFRevocationInfoList object containing decoded revocation info list
Definition at line 42 of file SCVPUtils_WantBacks.cpp.
References CPKIFRevInfoWantBack::GetRevInfos().
Referenced by CertPathWantBackToResultsAndStores(), CertPathWantBackToResultsAndStoresForDpd(), StickCrlsFromWantBackInCrlStore(), and VerifyRevInfoWB_ER().
| CPKIFTrustRootPtr GetTrustRootFromValPol | ( | CPKIFValPolResponsePtr & | vpr, | |
| CPKIFCertificatePtr & | issuedByTheRoot, | |||
| IPKIFCryptoRawOperations * | cryptoRaw | |||
| ) |
Interface: Subsystem
This function extracts trust root from validation policy given a target certificate
- Returns:
- Smart pointer to CPKIFTrustRoot object containing the trust root
- Parameters:
-
vpr [in] Validation policy from which trust root will be taken issuedByTheRoot [in] Target certificate cryptoRaw [in] Interface to crypto operations, used to verify target certificate using the extracted TA
Definition at line 356 of file SCVPUtils_WantBacks.cpp.
References IPKIFCryptoRawOperations::VerifyCertificate().
Referenced by CertPathWantBackToResultsAndStores(), and CertPathWantBackToResultsAndStoresForDpd().
| bool OcspResponseCoversCertificate | ( | CPKIFOCSPResponsePtr & | ocsp, | |
| CPKIFCertificatePtr & | cert | |||
| ) |
Interface: Subsystem
This function determines if an OCSP response covers given certificate
- Returns:
- True if OCSP response covers the cert, false otherwise
- Parameters:
-
ocsp [in] OCSP response to be checked cert [in] Target certificate
Definition at line 205 of file SCVPUtils_WantBacks.cpp.
References _CertIDMatchesCert(), g_ocspBasic, and GetPlatformCryptoMisc().
Referenced by AssociateRevInfoWithCertStatusIfPossible().
| void StickCrlsFromWantBackInCrlStore | ( | CPKIFBufferPtr & | revInfoWB, | |
| IPKIFScvpClient * | scvpClient, | |||
| IPKIFColleague * | iCol | |||
| ) |
Interface: Subsystem
This function adds CRLs found in a want back to CRL store
- Returns:
- None
- Parameters:
-
revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded RevInfoWantBack scvpClient [in] Mediator set from which IPKIFCrlUpdate pointer is obtained iCol [in] IPKIFColleague pointer if not NULL IPKIFCRLRepositoryUpdate will be obtained from it
Definition at line 625 of file SCVPUtils_WantBacks.cpp.
References IPKIFCRLRepositoryUpdate::AddCRL(), IPKIFColleague::GetMediator(), IPKIFScvpClient::GetMediator(), GetRevInfos(), REVINFOTYPE_CRL, and REVINFOTYPE_DELTACRL.
Referenced by CPKIFScvpPathBuild::BuildPath().
| void VerifyCertPathWB_ER | ( | CPKIFBufferPtr & | bestCertPathWB, | |
| CPKIFBufferPtr & | bestCertPathWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given best cert want back as input
- Returns:
- None
- Parameters:
-
bestCertPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle bestCertPathWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 434 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFCertBundle::Decode(), g_idSwbErsBestCertPath, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| void VerifyPartialPathWB_ER | ( | CPKIFBufferPtr & | partialPathWB, | |
| CPKIFBufferPtr & | partialPathWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given partial path want back as input
- Returns:
- None
- Parameters:
-
partialPathWB [in] CPKIFBufferPtr that points to buffer containing encoded CertBundle partialPathWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 470 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFCertBundle::Decode(), g_idSwbErsPartialCertPath, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| void VerifyPKCCertWB_ER | ( | CPKIFCertificatePtr & | pkcCert, | |
| CPKIFBufferPtr & | pkcCertWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given PKC cert want back as input
- Returns:
- None
- Parameters:
-
pkcCert [in] CPKIFCertificatePtr that points to certificate pkcCertWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 585 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), g_idSwbErsPkcCert, IPKIFScvpClient::GetEvidenceRecordVerifier(), and IPKIFScvpClient::GetWantBacksFromResponse().
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
| void VerifyRevInfoWB_ER | ( | CPKIFBufferPtr & | revInfoWB, | |
| CPKIFBufferPtr & | revInfoWB_ER, | |||
| CPKIFCertificatePath & | path, | |||
| IPKIFScvpClient * | scvpClient | |||
| ) |
Interface: Subsystem
This function verifies an evidence record given revocation info want back as input
- Returns:
- None
- Parameters:
-
revInfoWB [in] CPKIFBufferPtr that points to buffer containing encoded sequence of rev infos revInfoWB_ER [in] CPKIFBufferPtr that points to buffer containing encoded sequence of EvidenceRecord path [in/out] Path object to populate with the path contents scvpClient [in] Scvp client instance that will be consulted for validation policy
Definition at line 514 of file SCVPUtils_WantBacks.cpp.
References AssociateEvidenceRecordResultsWithWantBack(), CPKIFEvidenceRecordBundle::Decode(), g_idSwbErsRevocationInfo, CPKIFEvidenceRecordBundle::GetERList(), IPKIFScvpClient::GetEvidenceRecordVerifier(), GetRevInfos(), IPKIFScvpClient::GetWantBacksFromResponse(), REVINFOTYPE_CRL, and REVINFOTYPE_DELTACRL.
Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath().
