SimpleRootStore.cpp

Go to the documentation of this file.
00001 
00009 #include "pkif.h"
00010 #include "GottaMatch.h"
00011 
00012 #include <sstream>
00013 
00014 #include "boost/thread/recursive_mutex.hpp"
00015 using boost::dynamic_pointer_cast;
00016 
00018 struct SimpleRootStoreImpl
00019 {
00027     SimpleRootStoreImpl ():m_me()
00028     {
00029     };
00031     IPKIFTrustAnchorList m_trustList;
00032     boost::recursive_mutex m_me;
00033 
00034     //IPKIFCertSearch support
00035     void GetAllCertificates(IPKIFNameAndKeyList& keyList);
00036     void GetCertificatesBySubjectName(CPKIFNamePtr& n, IPKIFNameAndKeyList& keyList);
00037     void GetCertificatesByIssuerName(CPKIFNamePtr& n, IPKIFNameAndKeyList& keyList);
00038     void GetCertificatesByIssuerAndSerial(CPKIFNamePtr& n, const char* serial, IPKIFNameAndKeyList& keyList);
00039     void GetCertificatesByKeyIdentifier(CPKIFBufferPtr& keyId, IPKIFNameAndKeyList& keyList);
00040 
00041 };
00042 
00043 void SimpleRootStoreImpl::GetAllCertificates(IPKIFNameAndKeyList& keyList)
00044 {
00045     if(!m_trustList.empty())
00046     {
00047         IPKIFTrustAnchorList::iterator pos;
00048         IPKIFTrustAnchorList::iterator end = m_trustList.end();
00049         for(pos = m_trustList.begin(); pos != end; ++pos)
00050         {
00051             keyList.push_back(*pos);
00052         }
00053     }
00054 }
00055 void SimpleRootStoreImpl::GetCertificatesBySubjectName(CPKIFNamePtr& n, IPKIFNameAndKeyList& keyList)
00056 {
00057     if(!m_trustList.empty())
00058     {
00059         IPKIFTrustAnchorList::iterator pos;
00060         IPKIFTrustAnchorList::iterator end = m_trustList.end();
00061         for(pos = m_trustList.begin(); pos != end; ++pos)
00062         {
00063             if(*n == *(*pos)->GetSubjectName())
00064                 keyList.push_back(*pos);
00065         }
00066     }
00067 }
00068 void SimpleRootStoreImpl::GetCertificatesByIssuerName(CPKIFNamePtr& n, IPKIFNameAndKeyList& keyList)
00069 {
00070     if(!m_trustList.empty())
00071     {
00072         IPKIFTrustAnchorList::iterator pos;
00073         IPKIFTrustAnchorList::iterator end = m_trustList.end();
00074         for(pos = m_trustList.begin(); pos != end; ++pos)
00075         {
00076             if(*n == *(*pos)->GetIssuerName())
00077                 keyList.push_back(*pos);
00078         }
00079     }
00080 }
00081 void SimpleRootStoreImpl::GetCertificatesByIssuerAndSerial(CPKIFNamePtr& n, const char* serial, IPKIFNameAndKeyList& keyList)
00082 {
00083     if(!m_trustList.empty())
00084     {
00085         IPKIFTrustAnchorList::iterator pos;
00086         IPKIFTrustAnchorList::iterator end = m_trustList.end();
00087         for(pos = m_trustList.begin(); pos != end; ++pos)
00088         {
00089             CPKIFCertificatePtr cert = (*pos)->GetCertificate();
00090             if(cert && ((*n == *cert->GetIssuerName()) && 0 == stricmp(serial, cert->SerialNumber())))
00091                 keyList.push_back(*pos);
00092         }
00093     }
00094 }
00095 void SimpleRootStoreImpl::GetCertificatesByKeyIdentifier(CPKIFBufferPtr& keyId, IPKIFNameAndKeyList& keyList)
00096 {
00097     if(!m_trustList.empty())
00098     {
00099         IPKIFTrustAnchorList::iterator pos;
00100         IPKIFTrustAnchorList::iterator end = m_trustList.end();
00101         for(pos = m_trustList.begin(); pos != end; ++pos)
00102         {
00103             CPKIFCertificatePtr cert = (*pos)->GetCertificate();
00104             CPKIFBufferPtr kidFromCert;
00105             if(cert)
00106             {
00107                 CPKIFSubjectKeyIdentifierPtr skid = cert->GetExtension<CPKIFSubjectKeyIdentifier>();
00108                 if(skid)
00109                     kidFromCert = skid->KeyIdentifier();
00110             }
00111             else
00112             {
00113                 IPKIFTrustAnchorPtr ta = dynamic_pointer_cast<IPKIFTrustAnchor, IPKIFNameAndKey>(*pos);
00114                 if(ta)
00115                 {
00116                     CPKIFSubjectKeyIdentifierPtr skid = ta->GetKeyIdentifier();
00117                     if(skid)
00118                         kidFromCert = skid->KeyIdentifier();
00119                 }
00120             }
00121             if(kidFromCert && (*keyId == *kidFromCert))
00122                 keyList.push_back(*pos);
00123         }
00124     }
00125 }
00126 
00128 
00136 CAC_API SimpleRootStore* MakeSimpleRootStore()
00137 {
00138     return new SimpleRootStore();
00139 }
00140 
00148 CAC_API void FreeSimpleRootStore(
00150     SimpleRootStore* s)
00151 {
00152     if(s)
00153     {
00154         delete s;
00155     }
00156 }
00157 
00158 
00166 SimpleRootStore::SimpleRootStore(void)
00167     :m_impl (new SimpleRootStoreImpl)
00168 {
00169     LOG_STRING_DEBUG("SimpleRootStore::SimpleRootStore(void)", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00170 }
00178 SimpleRootStore::~SimpleRootStore(void)
00179 {
00180     LOG_STRING_DEBUG("SimpleRootStore::~SimpleRootStore(void)", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00181 
00182     delete m_impl;
00183     m_impl = NULL;
00184 }
00185 
00186 //IPKIFColleague functions
00194 void SimpleRootStore::Initialize(void)
00195 {
00196     LOG_STRING_DEBUG("SimpleRootStore::Initialize(void)", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00197 }
00198 
00206 void SimpleRootStore::Clear()
00207 {
00208     LOG_STRING_DEBUG("SimpleRootStore::Clear()", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00209 
00210     //CCACSynchronizedObject so(m_impl->m_md);
00211     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00212 
00213     LOG_STRING_DEBUG("Emptying SimpleRootStore instance", thisComponent, 0, this);
00214 
00215     m_impl->m_trustList.clear();
00216 }
00217 
00218 
00228 bool SimpleRootStore::GetTrustRoots(const CPKIFNamePtr& subDN, IPKIFTrustAnchorList& trustList)
00229 {
00230     LOG_STRING_DEBUG("SimpleRootStore::GetTrustRoots(const CPKIFNamePtr& subDN, IPKIFTrustAnchorList& trustList)", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00231 
00232     //CCACSynchronizedObject so(m_impl->m_md);
00233     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00234 
00235     const size_t origSize = trustList.size();
00236 
00237     //changed operation of this function to return all trust anchors when a NULL subDN is passed
00238     if(subDN == (CPKIFName*)NULL)
00239     {
00240         copy(m_impl->m_trustList.begin(), m_impl->m_trustList.end(), back_inserter(trustList));
00241         return origSize < trustList.size();
00242     }
00243     else
00244     {
00245 #ifdef _DEBUG
00246         const char* subNameToFindString = NULL;
00247         if(subDN)
00248             subNameToFindString = subDN->ToString();
00249 #endif
00250 
00251         IPKIFTrustAnchorList::iterator pos;
00252         IPKIFTrustAnchorList::iterator end = m_impl->m_trustList.end();
00253         for(pos = m_impl->m_trustList.begin(); pos != end; ++pos)
00254         {
00255             CPKIFNamePtr subjectNameFromTA = (*pos)->GetSubjectName();
00256 
00257 #ifdef _DEBUG
00258             const char* subNameString = NULL;
00259             if(subjectNameFromTA)
00260                 subNameString = subjectNameFromTA->ToString();
00261 #endif
00262 
00263             GottaMatch<IPKIFTrustAnchorPtr> gm;
00264             gm.SetRHS(*pos);
00265 
00266             if(subjectNameFromTA && *subDN == *subjectNameFromTA && trustList.end() == find_if(trustList.begin(), trustList.end(), gm))
00267                 trustList.push_back(*pos);
00268         }
00269 
00270         if(origSize != trustList.size())
00271         {
00272             std::string logStr = "Found one or more trusted certificates with subject name ";
00273             logStr.append(subDN->ToString());
00274             LOG_STRING_DEBUG(logStr.c_str(), thisComponent, 0, NULL);
00275             return true;
00276         }
00277         else
00278         {
00279             std::string logStr = "Failed to find a trusted certificate with subject name ";
00280             logStr.append(subDN->ToString());
00281             LOG_STRING_DEBUG(logStr.c_str(), thisComponent, 0, NULL);
00282             return false;
00283         }
00284     }
00285 }
00286 
00287 //Unlike the cert store equivalent, this class simply pushes certs into the vector
00288 //and does not screen for duplicates.  Since the trust store is not updated automatically
00289 //like the cert store, it shouldn't matter.  
00298 void SimpleRootStore::AddTrustRoot(const IPKIFTrustAnchorPtr& cert)
00299 {
00300     LOG_STRING_DEBUG("SimpleRootStore::AddTrustRoot(const CPKIFTrustRootPtr& cert)", TOOLKIT_SR_SIMPLEROOTSTORE, 0, this);
00301 
00302     //CCACSynchronizedObject so(m_impl->m_md);
00303     boost::recursive_mutex::scoped_lock lock(m_impl->m_me);
00304 
00305     GottaMatch<IPKIFTrustAnchorPtr> gm;
00306     gm.SetRHS(cert);
00307 
00308     //avoid growing the cache with duplicates
00309     if(m_impl->m_trustList.end() == find_if(m_impl->m_trustList.begin(), m_impl->m_trustList.end(), gm))
00310     {
00311         m_impl->m_trustList.push_back(cert);
00312 
00313         std::ostringstream os;
00314         os << "Successfully added trust anchor to SimpleRootStore instance.  Size =  " << m_impl->m_trustList.size() << " after addition.";
00315         LOG_STRING_DEBUG(os.str().c_str(), thisComponent, 0, this)
00316     }
00317 }
00326 void SimpleRootStore::GetTrustRoots(
00328     IPKIFTrustAnchorList& v)
00329 {
00330     IPKIFTrustAnchorList::iterator pos;
00331     IPKIFTrustAnchorList::iterator end = m_impl->m_trustList.end();
00332     for(pos = m_impl->m_trustList.begin(); pos != end; ++pos)
00333     {
00334         v.push_back(*pos);
00335     }
00336 }
00337 
00338 void SimpleRootStore::FindCertificates(IPKIFSearchCriteria* searchCriteria, CPKIFCertificateList& certList, PKIInfoSource source)
00339 {
00340     if(!searchCriteria)
00341         return;
00342 
00343     IPKIFNameAndKeyList keyList;
00344     FindKeys(searchCriteria, keyList, source);
00345 
00346     IPKIFNameAndKeyList::iterator pos;
00347     IPKIFNameAndKeyList::iterator end = keyList.end();
00348     for(pos = keyList.begin(); pos != end; ++pos)
00349     {
00350         CPKIFCertificatePtr cert = dynamic_pointer_cast<CPKIFCertificate, IPKIFNameAndKey>(*pos);
00351         if(cert)
00352             certList.push_back(cert);
00353     }
00354 }
00355 
00356 void SimpleRootStore::FindKeys(IPKIFSearchCriteria* searchCriteria, IPKIFNameAndKeyList& keyList, PKIInfoSource source)
00357 {
00358     if(!searchCriteria)
00359         return;
00360 
00361     switch(searchCriteria->GetSearchType())
00362     {
00363     case ALLCERTS:
00364         m_impl->GetAllCertificates(keyList);
00365         break;
00366     case ISSUERNAME:
00367         {
00368             CPKIFNameBasedSearch* nbs = dynamic_cast<CPKIFNameBasedSearch*>(searchCriteria);
00369 
00370             CPKIFNamePtr tmpName = nbs->GetName();
00371             m_impl->GetCertificatesBySubjectName(tmpName, keyList);
00372         }
00373         break;
00374     case SUBJECTNAME:
00375         {
00376             CPKIFNameBasedSearch* nbs = dynamic_cast<CPKIFNameBasedSearch*>(searchCriteria);
00377 
00378             CPKIFNamePtr tmpName = nbs->GetName();
00379             m_impl->GetCertificatesByIssuerName(tmpName, keyList);
00380         }
00381         break;
00382     case ISSUERSERIAL:
00383         {
00384             CPKIFIssuerNameAndSerialNumberBasedSearch* inasnbs = dynamic_cast<CPKIFIssuerNameAndSerialNumberBasedSearch*>(searchCriteria);
00385 
00386             CPKIFNamePtr tmpName = inasnbs->GetIssuerName();
00387             m_impl->GetCertificatesByIssuerAndSerial(tmpName, inasnbs->GetSerialNumber(), keyList);
00388             break;
00389         }
00390     case KEYID:
00391         {
00392             CPKIFKeyIDBasedSearch* kidbs = dynamic_cast<CPKIFKeyIDBasedSearch*>(searchCriteria);
00393             if(!kidbs)
00394                 return;
00395 
00396             CPKIFBufferPtr kid = kidbs->GetKeyID();
00397             m_impl->GetCertificatesByKeyIdentifier(kid, keyList);
00398             break;
00399         }
00400     default:
00401         return;
00402     };
00403 }
Generated on Mon Nov 15 11:15:56 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6