ToolkitUtils.cpp

Go to the documentation of this file.
00001 
00011 #include "ToolkitUtils.h"
00012 #include "PKIFAlgorithm.h"
00013 
00014 
00015 #ifdef _WIN32
00016 #ifdef _DEBUG
00017 #include <crtdbg.h>
00018 #endif
00019 #include "PKIFCAPIRepository2.h"
00020 #include "PKIFCAPIUserRepository2.h"
00021 #include "PKIFCAPITrustStore2.h"
00022 #include "PKIFPathBuildAndValidate.h"
00023 #include "PKIFCAPIRaw.h"
00024 #include "PKIFCNGCAPIRaw.h"
00025 #include "PKIFCNGCAPI.h"
00026 #include "PKIFBCryptGuard.h"
00027 #include "CAPITrustRootCRLRepository2.h"
00028 #include "CAPICRLUpdate2.h"
00029 #include "CAPICertUpdate2.h"
00030 #include "PKIFCAPI2.h"
00031 #endif
00032 
00033 #include "PKIFAiaOrSiaRetrieval.h"
00034 #include "PKIFMediators.h"
00035 #include "IPKIFTrustCacheUpdate.h"
00036 #include "IPKIFCryptoKeyManagement.h"
00037 #include "IPKIFCryptoKeyIDOperations.h"
00038 #include "IPKIFDefaultPathManagement.h"
00039 #include "PKIFCacheMediator2.h"
00040 #include "CPKIFPathProcessingMediator2.h"
00041 #include "CPKIFRevocationStatusMediator2.h"
00042 #include "CPKIFCryptoMediator2.h"
00043 #include "SimpleCertCache.h"
00044 #include "SimpleCRLCache.h"
00045 #include "PKIFCRLDPRetrieval.h"
00046 #include "PKIFX509CRLChecker.h"
00047 #include "PKIFCryptUtils.h"
00048 #include "HttpServerBlacklist.h"
00049 
00050 #include "PKIFOCSPChecker.h"
00051 
00052 #include "CRLDistributionPoints.h"
00053 #include "GeneralSubtree.h"
00054 #include "DistributionPointName.h"
00055 #include "CRLDistributionPoint.h"
00056 
00057 #include "ASN1Helper.h"
00058 #include "PKIX1Implicit88.h"
00059 #include "PKIX1Explicit88.h"
00060 
00061 #include "PKIFNameMemoryHelper.h"
00062 #include "PKIFErrors.h"
00063 
00064 #include "Buffer.h"
00065 #include "OID.h"
00066 #include "GeneralName.h"
00067 #include "AlgorithmIdentifier.h"
00068 #include "Certificate.h"
00069 #include "ExtendedKeyUsage.h"
00070 #include "GottaMatch.h"
00071 #include "KeyUsage.h"
00072 
00073 #include "IPKIFCryptoAlgSupport.h"
00074 
00075 #include "PKIFNSSRepository.h"
00076 #include "PKIFNSSPasswordStorage.h"
00077 #include "PKIFNSSCertUpdate.h"
00078 #include "PKIFNSSCRLUpdate.h"
00079 #include "PKIFNSSTrustStore.h"
00080 #include "PKIFNSSRaw.h"
00081 #include "PKIFNSS.h"
00082 
00083 #include "ASN1HelperLib.h"
00084 #include "ToolkitutilsPrivate.h"
00085 #include "LDAP_URL_Header.h"
00086 #include "CSingletonLDAPConnection.h"
00087 
00088 #include "boost/cstdint.hpp"
00089 #include "boost/numeric/conversion/cast.hpp"
00090 #include "boost/asio/io_service.hpp"
00091 #include "boost/asio/ip/address.hpp"
00092 #include "boost/asio/ip/address_v4.hpp"
00093 #include "boost/asio/ip/address_v6.hpp"
00094 
00095 using boost::numeric_cast;
00096 using boost::bad_numeric_cast;
00097 using boost::asio::ip::address_v4;
00098 using boost::asio::ip::address_v6;
00099 using boost::asio::ip::address;
00100 using boost::asio::io_service;
00101 
00102 using namespace boost;
00103 using namespace boost::asio;
00104 //namespace ip = boost::asio::ip;
00105 
00106 #if defined(_WIN32) || defined(WIN32)
00107 #define STRCASECMP stricmp
00108 #else
00109 #define STRCASECMP strcasecmp
00110 #endif
00111 
00112 #include <sstream>
00113 #include <cstdio>
00114 
00115 // GIB: wininet is not server-safe. Replacing with libcurl
00116 // #include "wininet.h"
00117 #include "curl/curl.h"
00118 
00119 #ifdef _NO_GETTICKCOUNT
00120 #include <sys/time.h>
00121 #endif //_NO_GETTICKCOUNT
00122 
00123 // these are normally defined in wincrypt.h
00124 #ifndef _WIN32
00125 // Byte[0]
00126 #define CERT_DIGITAL_SIGNATURE_KEY_USAGE     0x80
00127 #define CERT_NON_REPUDIATION_KEY_USAGE       0x40
00128 #define CERT_KEY_ENCIPHERMENT_KEY_USAGE      0x20
00129 #define CERT_DATA_ENCIPHERMENT_KEY_USAGE     0x10
00130 #define CERT_KEY_AGREEMENT_KEY_USAGE         0x08
00131 #define CERT_KEY_CERT_SIGN_KEY_USAGE         0x04
00132 #define CERT_OFFLINE_CRL_SIGN_KEY_USAGE      0x02
00133 #define CERT_CRL_SIGN_KEY_USAGE              0x02
00134 #define CERT_ENCIPHER_ONLY_KEY_USAGE         0x01
00135 // Byte[1]
00136 #define CERT_DECIPHER_ONLY_KEY_USAGE         0x80
00137 #endif 
00138 
00139 using namespace std;
00140 //added 11/26/2003 to support VC6
00141 
00142 using namespace PKIFLDAP;
00150 CAC_API IPKIFCertRepository* Get_IPKIFCertRepository(
00152     IPKIFMediatorPtr& m)
00153 {
00154     if(m) return m->GetMediator<IPKIFCertRepository>(); else return NULL;
00155 }
00163 CAC_API IPKIFCertRepositoryUpdate* Get_IPKIFCertRepositoryUpdate(
00165     IPKIFMediatorPtr& m)
00166 {
00167     if(m) return m->GetMediator<IPKIFCertRepositoryUpdate>(); else return NULL;
00168 }
00176 CAC_API IPKIFCertSearch* Get_IPKIFCertSearch(
00178     IPKIFMediatorPtr& m)
00179 {
00180     if(m) return m->GetMediator<IPKIFCertSearch>(); else return NULL;
00181 }
00189 CAC_API IPKIFCRLRepository* Get_IPKIFCRLRepository(
00191     IPKIFMediatorPtr& m)
00192 {
00193     if(m) return m->GetMediator<IPKIFCRLRepository>(); else return NULL;
00194 }
00202 CAC_API IPKIFCRLRepositoryUpdate* Get_IPKIFCRLRepositoryUpdate(
00204     IPKIFMediatorPtr& m)
00205 {
00206     if(m) return m->GetMediator<IPKIFCRLRepositoryUpdate>(); else return NULL;
00207 }
00215 CAC_API IPKIFTrustCache* Get_IPKIFTrustCache(
00217     IPKIFMediatorPtr& m)
00218 {
00219     if(m) return m->GetMediator<IPKIFTrustCache>(); else return NULL;
00220 }
00228 CAC_API IPKIFTrustCacheUpdate* Get_IPKIFTrustCacheUpdate(
00230     IPKIFMediatorPtr& m)
00231 {
00232     if(m) return m->GetMediator<IPKIFTrustCacheUpdate>(); else return NULL;
00233 }
00234 
00235 //crypto
00243 CAC_API IPKIFCryptoKeyManagement* Get_IPKIFCryptoKeyManagement(
00245     IPKIFMediatorPtr& m)
00246 {
00247     if(m) return m->GetMediator<IPKIFCryptoKeyManagement>(); else return NULL;
00248 }
00256 CAC_API IPKIFCryptoKeyIDOperations* Get_IPKIFCryptoKeyIDOperations(
00258     IPKIFMediatorPtr& m)
00259 {
00260     if(m) return m->GetMediator<IPKIFCryptoKeyIDOperations>(); else return NULL;
00261 }
00269 CAC_API IPKIFCryptoMisc* Get_IPKIFCryptoMisc(
00271     IPKIFMediatorPtr& m)
00272 {
00273     if(m) return m->GetMediator<IPKIFCryptoMisc>(); else return NULL;
00274 }
00282 CAC_API IPKIFCryptoRawOperations* Get_IPKIFCryptoRawOperations(
00284     IPKIFMediatorPtr& m)
00285 {
00286     if(m) return m->GetMediator<IPKIFCryptoRawOperations>(); else return NULL;
00287 }
00295 CAC_API IPKIFCryptoAlgSupport* Get_IPKIFCryptoAlgSupport(
00297     IPKIFMediatorPtr& m)
00298 {
00299     if(m) return m->GetMediator<IPKIFCryptoAlgSupport>(); else return NULL;
00300 }
00301 
00302 //path
00310 CAC_API IPKIFDefaultPathManagement* Get_IPKIFDefaultPathManagement(
00312     IPKIFMediatorPtr& m)
00313 {
00314     if(m) return m->GetMediator<IPKIFDefaultPathManagement>(); else return NULL;
00315 }
00316 //CAC_API IPKIFPathBuild* Get_IPKIFPathBuild(IPKIFMediatorPtr& m)
00317 //{
00318 //  if(m) return m->GetMediator<IPKIFPathBuild>(); else return NULL;
00319 //}
00320 //CAC_API IPKIFPathValidate* Get_IPKIFPathValidate(IPKIFMediatorPtr& m)
00321 //{
00322 //  if(m) return m->GetMediator<IPKIFPathValidate>(); else return NULL;
00323 //}
00324 //
00326 //CAC_API IPKIFRevocationStatus* Get_IPKIFRevocationStatus(IPKIFMediatorPtr& m)
00327 //{
00328 //  if(m) return m->GetMediator<IPKIFRevocationStatus>(); else return NULL;
00329 //}
00337 CAC_API void AddCacheColleague(
00339     IPKIFMediatorPtr& m,
00341     IPKIFColleaguePtr& c)
00342 {
00343     CPKIFCacheMediator2 * i = m->GetMediator<CPKIFCacheMediator2>();
00344         if(i)
00345             i->AddColleague(c);
00346 }
00347 
00364 CAC_API IPKIFMediatorPtr MakeDefaultMediator(
00366     bool isService)
00367 {
00368     CPKIFOCSPCheckerPtr empty;
00369     return MakeDefaultMediator(isService, empty, empty);
00370 }
00371 
00388 CAC_API IPKIFMediatorPtr MakeDefaultMediator(
00390     bool isService,
00392     CPKIFOCSPCheckerPtr& trustedResponder)
00393 {
00394     CPKIFOCSPCheckerPtr empty;
00395     return MakeDefaultMediator(isService, trustedResponder, empty);
00396 }
00397 
00398 //added aiaColleague parameter to accomodate adding a signer to the AIA-focused responder
00433 CAC_API IPKIFMediatorPtr MakeDefaultMediator(
00435     bool isService, 
00437     CPKIFOCSPCheckerPtr& trustedResponder,
00439     CPKIFOCSPCheckerPtr& aiaColleague)
00440 {
00441     LOG_STRING_DEBUG("MakeDefaultMediator", TOOLKIT_UTILS_SUBCOMPONENT, 0, NULL);
00442 
00443     //began migration to template free mediators/colleagues 6/30/2004
00444 
00445     //create four mediators
00446     CPKIFCacheMediator2Ptr cache;       
00447     CPKIFCryptoMediator2Ptr crypto;                 
00448     CPKIFRevocationStatusMediator2Ptr revStatus;
00449     CPKIFPathProcessingMediator2Ptr path;
00450 
00451     try
00452     {
00453         //-----------------------------------------------------------------------------
00454         //  CPKIFCacheMediator2
00455         //      Not using the defaults, thus false to the constructor
00456         //-----------------------------------------------------------------------------
00457         CPKIFCacheMediator2Ptr tmpCache(new CPKIFCacheMediator2(false));        
00458         cache = tmpCache;
00459         cache->InitializeMediator(NULL);
00460 
00461 #ifdef _WIN32
00462         if(!isService)
00463         {
00464             CPKIFCAPITrustStore2Ptr rootStoreCerts(new CPKIFCAPITrustStore2());
00465             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague, CPKIFCAPITrustStore2>(rootStoreCerts));
00466 
00467             CPKIFCAPITrustRootCRLRepository2Ptr rootStoreCRLs(new CPKIFCAPITrustRootCRLRepository2);
00468             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPITrustRootCRLRepository2>(rootStoreCRLs));
00469         }
00470         else
00471         {
00472             CPKIFCAPITrustStore2Ptr rootStoreCerts(new CPKIFCAPITrustStore2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00473             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPITrustStore2>(rootStoreCerts));
00474 
00475             CPKIFCAPITrustRootCRLRepository2Ptr rootStoreCRLs(new CPKIFCAPITrustRootCRLRepository2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00476             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPITrustRootCRLRepository2>(rootStoreCRLs));
00477         }
00478 
00479         if(!isService)
00480         {
00481             CPKIFCAPIRepository2Ptr caStoreCerts(new CPKIFCAPIRepository2());
00482             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIRepository2>(caStoreCerts));
00483 
00484             CPKIFCAPICRLUpdate2Ptr crlUpdate(new CPKIFCAPICRLUpdate2());
00485             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICRLUpdate2>(crlUpdate));
00486 
00487             CPKIFCAPICRLUpdate2Ptr crlUpdate2(new CPKIFCAPICRLUpdate2(CERT_SYSTEM_STORE_CURRENT_USER, g_defCACCAPITrustStore));
00488             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICRLUpdate2>(crlUpdate2));
00489 
00490             CPKIFCAPICertUpdate2Ptr certUpdate(new CPKIFCAPICertUpdate2());
00491             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICertUpdate2>(certUpdate));
00492 
00493             //added 11/6/2003
00494             CPKIFCAPIUserRepository2Ptr userRep(new CPKIFCAPIUserRepository2());
00495             try
00496             {
00497                 cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIUserRepository2>(userRep));
00498             }
00499             catch(CPKIFException&)
00500             {
00501                 //OtherPeople store is not necessarily present
00502                 //if(userRep)
00503                 //  delete userRep;
00504             }
00505 
00506             CPKIFCAPIUserRepository2Ptr userRep2(new CPKIFCAPIUserRepository2(CERT_SYSTEM_STORE_CURRENT_USER, "My"));
00507             try
00508             {
00509                 cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIUserRepository2>(userRep2));
00510             }
00511             catch(CPKIFException&)
00512             {
00513                 //My store is not necessarily present
00514                 //if(userRep2)
00515                 //  delete userRep2;
00516             }
00517 
00518             //added 6/4/2004
00519             CPKIFCAPIUserRepository2Ptr userRepIntermediateCAs(new CPKIFCAPIUserRepository2(CERT_SYSTEM_STORE_CURRENT_USER, g_defCACCAPIStore));
00520             try
00521             {
00522                 cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIUserRepository2>(userRepIntermediateCAs));
00523             }
00524             catch(CPKIFException&)
00525             {
00526                 //if(userRepIntermediateCAs)
00527                 //  delete userRepIntermediateCAs;
00528             }
00529             CPKIFCAPIUserRepository2Ptr userRepTAs(new CPKIFCAPIUserRepository2(CERT_SYSTEM_STORE_CURRENT_USER, g_defCACCAPITrustStore));
00530             try
00531             {
00532                 cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIUserRepository2>(userRepTAs));
00533             }
00534             catch(CPKIFException&)
00535             {
00536                 //if(userRepIntermediateCAs)
00537                 //  delete userRepIntermediateCAs;
00538             }
00539         }
00540         else
00541         {
00542             CPKIFCAPIRepository2Ptr caStoreCerts(new CPKIFCAPIRepository2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00543             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIRepository2>(caStoreCerts));
00544 
00545             CPKIFCAPICRLUpdate2Ptr crlUpdate(new CPKIFCAPICRLUpdate2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00546             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICRLUpdate2>(crlUpdate));
00547 
00548             //added 3/6/2004
00549             CPKIFCAPICRLUpdate2Ptr crlUpdate2(new CPKIFCAPICRLUpdate2(CERT_SYSTEM_STORE_LOCAL_MACHINE, g_defCACCAPITrustStore));
00550             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICRLUpdate2>(crlUpdate2));
00551 
00552             CPKIFCAPICertUpdate2Ptr certUpdate(new CPKIFCAPICertUpdate2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00553             cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPICertUpdate2>(certUpdate));
00554 
00555             //added 11/6/2003
00556             CPKIFCAPIUserRepository2Ptr userRep(new CPKIFCAPIUserRepository2(CERT_SYSTEM_STORE_LOCAL_MACHINE));
00557             try
00558             {
00559                 cache->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIUserRepository2>(userRep));
00560             }
00561             catch(CPKIFException&)
00562             {
00563                 //OtherPeople store is not necessarily present
00564                 //if(userRep)
00565                 //  delete userRep;
00566             }
00567 
00568             //no My store for services
00569         }
00570 
00571 #endif
00572 
00573         SimpleCertCachePtr certCache(new SimpleCertCache);
00574         certCache->Initialize();
00575         // GCC does not consider the result of dynamic_pointer_cast to be a reference when
00576         // included in the function call.
00577         IPKIFColleaguePtr cp = dynamic_pointer_cast<IPKIFColleague,SimpleCertCache>(certCache);
00578         cache->AddColleague(cp);
00579 
00580         SimpleCRLCachePtr crlCache(new SimpleCRLCache);
00581         crlCache->Initialize();
00582         cp = dynamic_pointer_cast<IPKIFColleague,SimpleCRLCache>(crlCache);
00583         cache->AddColleague(cp);
00584 
00585         //uncommented this (3/6/2004)
00586         CPKIFCRLDPRetrievalPtr crldpRetrieval(new CPKIFCRLDPRetrieval);
00587         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCRLDPRetrieval>(crldpRetrieval);
00588         cache->AddColleague(cp);
00589 
00590         CPKIFAiaOrSiaRetrievalPtr siaAia(new CPKIFAiaOrSiaRetrieval);
00591         cp = dynamic_pointer_cast<IPKIFColleague, CPKIFAiaOrSiaRetrieval>(siaAia);
00592         cache->AddColleague(cp);
00593 
00594         //-----------------------------------------------------------------------------
00595         //  CPKIFCryptoMediator2
00596         //      For non-service usage, the defaults are fine.  For services, need non-default
00597         //  colleagues that target the local machine store.
00598         //-----------------------------------------------------------------------------
00599         if(!isService)
00600         {
00601             //defaults will be included when true is passed to constructor
00602             CPKIFCryptoMediator2Ptr tmpCrypto(new CPKIFCryptoMediator2(true));                  
00603             crypto = tmpCrypto;
00604             crypto->InitializeMediator(NULL);
00605         }
00606         else
00607         {
00608             //defaults are not desirable so false is passed (or parameter not specified)
00609             CPKIFCryptoMediator2Ptr tmpCrypto(new CPKIFCryptoMediator2(false));                 
00610             crypto = tmpCrypto;
00611             crypto->InitializeMediator(NULL);
00612 #ifdef _WIN32
00613             CPKIFBCryptGuard cngGuard;
00614             if(!cngGuard.IsCNGAvailable())
00615             {
00616                 CPKIFCAPI2Ptr newCAPI(new CPKIFCAPI2(NULL, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE));
00617                 CPKIFCAPIRawPtr newCAPIRaw(new CPKIFCAPIRaw());
00618 
00619                 crypto->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPI2>(newCAPI));
00620                 crypto->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCAPIRaw>(newCAPIRaw));
00621             } else {
00622                 CPKIFCNGCAPIPtr newCAPI(new CPKIFCNGCAPI(NULL, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE));
00623                 CPKIFCNGCAPIRawPtr newCAPIRaw(new CPKIFCNGCAPIRaw());
00624 
00625                 crypto->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCNGCAPI>(newCAPI));
00626                 crypto->AddColleague(dynamic_pointer_cast<IPKIFColleague,CPKIFCNGCAPIRaw>(newCAPIRaw));
00627             }
00628 #endif
00629         }
00630 
00631         //-----------------------------------------------------------------------------
00632         //  CPKIFRevocationStatusMediator2
00633         //      Do not include the default colleagues in case there was a
00634         // trusted OCSP reponder specified by the caller.
00635         //-----------------------------------------------------------------------------
00636         CPKIFRevocationStatusMediator2Ptr tmpRevStatus(new CPKIFRevocationStatusMediator2(false));
00637         revStatus = tmpRevStatus;
00638         revStatus->InitializeMediator(NULL);
00639 
00640         if(trustedResponder)
00641         {
00642             // GCC does not consider the result of dynamic_pointer_cast to be a reference when
00643             // included in the function call.
00644             IPKIFColleaguePtr trcp = dynamic_pointer_cast<IPKIFColleague,CPKIFOCSPChecker>(trustedResponder);
00645             revStatus->AddColleague(trcp); //added 12/11/2003
00646         }
00647 
00648         CPKIFOCSPCheckerPtr ocspChecker(new CPKIFOCSPChecker());
00649         // GCC does not consider the result of dynamic_pointer_cast to be a reference when
00650         // included in the function call.
00651         IPKIFColleaguePtr ocp = dynamic_pointer_cast<IPKIFColleague,CPKIFOCSPChecker>(ocspChecker);
00652         revStatus->AddColleague(ocp);
00653 
00654         if(aiaColleague != (CPKIFOCSPChecker*)NULL)
00655         {
00656             aiaColleague = ocspChecker;
00657         }
00658 
00659         CPKIFX509CRLCheckerPtr crlChecker(new CPKIFX509CRLChecker());
00660         // GCC does not consider the result of dynamic_pointer_cast to be a reference when
00661         // included in the function call.
00662         IPKIFColleaguePtr crlcp = dynamic_pointer_cast<IPKIFColleague,CPKIFX509CRLChecker>(crlChecker);
00663         revStatus->AddColleague(crlcp);
00664 
00665         //-----------------------------------------------------------------------------
00666         //  CPKIFPathProcessingMediator2
00667         //      - This mediator will include all of the desirable default colleagues
00668         //  when true is passed to the constructor.
00669         //-----------------------------------------------------------------------------
00670         CPKIFPathProcessingMediator2Ptr tmpPath(new CPKIFPathProcessingMediator2(true));
00671         path = tmpPath;
00672         path->InitializeMediator(NULL);
00673 
00674         //-----------------------------------------------------------------------------
00675         // Assemble the collection.   
00676         //-----------------------------------------------------------------------------
00677         IPKIFMediatorPtr mp = dynamic_pointer_cast<IPKIFMediator, CPKIFCacheMediator2>(cache);
00678         path->AddMediator(mp);
00679         mp = dynamic_pointer_cast<IPKIFMediator, CPKIFCryptoMediator2>(crypto);
00680         path->AddMediator(mp);
00681         mp = dynamic_pointer_cast<IPKIFMediator, CPKIFRevocationStatusMediator2>(revStatus);
00682         path->AddMediator(mp);
00683 
00684         return dynamic_pointer_cast<IPKIFMediator, CPKIFPathProcessingMediator2>(path);
00685     }
00686     catch(...)
00687     {
00688         throw;
00689     }
00690 }
00700 void CAC_API FreeDefaultMediator(
00702     IPKIFMediator* p)
00703 {
00704     if(p) {
00705         delete p;
00706         // this should currently NOP if NSS isn't in use
00707         ShutdownCrypto();
00708     }
00709 }
00710 
00722 CAC_API IPKIFMediatorPtr MakeDefaultMediatorNSS(const char *db)
00723 {
00724     CPKIFOCSPCheckerPtr empty;
00725     return MakeDefaultMediatorNSS(db, empty, empty);
00726 }
00727 
00739 CAC_API IPKIFMediatorPtr MakeDefaultMediatorNSS(const char *db, CPKIFOCSPCheckerPtr& trustedResponder)
00740 {
00741     CPKIFOCSPCheckerPtr empty;
00742     return MakeDefaultMediatorNSS(db, trustedResponder, empty);
00743 }
00744 
00745 //added aiaColleague parameter to accomodate adding a signer to the AIA-focused responder
00774 CAC_API IPKIFMediatorPtr MakeDefaultMediatorNSS(
00776     const char *dbdir, 
00778     CPKIFOCSPCheckerPtr& trustedResponder, 
00780     CPKIFOCSPCheckerPtr& aiaColleague)
00781 {   
00782 
00783     CPKIFCacheMediator2Ptr cache;       
00784     CPKIFCryptoMediator2Ptr crypto;                 
00785     CPKIFRevocationStatusMediator2Ptr revStatus;
00786     CPKIFPathProcessingMediator2Ptr path;
00787     IPKIFColleaguePtr cp;
00788     try
00789     {
00790         CPKIFCacheMediator2Ptr tmpCache(new CPKIFCacheMediator2(false));        
00791         cache = tmpCache;
00792         cache->InitializeMediator(NULL);
00793 
00794         //Setting up SR (Cache)
00795         SimpleCertCachePtr certCache(new SimpleCertCache);
00796         certCache->Initialize();
00797         cp = dynamic_pointer_cast<IPKIFColleague,SimpleCertCache>(certCache);
00798         cache->AddColleague(cp);
00799 
00800         SimpleCRLCachePtr crlCache(new SimpleCRLCache);
00801         crlCache->Initialize();
00802         cp = dynamic_pointer_cast<IPKIFColleague,SimpleCRLCache>(crlCache);
00803         cache->AddColleague(cp);
00804 
00805 
00806         CPKIFNSSRepositoryPtr repo(new CPKIFNSSRepository(dbdir));
00807         repo->Initialize();
00808         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSRepository>(repo);
00809         cache->AddColleague(cp);
00810         
00811         CPKIFNSSCertUpdatePtr certup(new CPKIFNSSCertUpdate(dbdir));
00812         certup->Initialize();
00813         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSCertUpdate>(certup);
00814         cache->AddColleague(cp);
00815 
00816         CPKIFNSSCRLUpdatePtr crlup(new CPKIFNSSCRLUpdate(dbdir));
00817         crlup->Initialize();
00818         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSCRLUpdate>(crlup);
00819         cache->AddColleague(cp);
00820 
00821         CPKIFNSSTrustStorePtr trust(new CPKIFNSSTrustStore(dbdir));
00822         trust->Initialize();
00823         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSTrustStore>(trust);
00824         cache->AddColleague(cp);
00825         
00826         CPKIFCRLDPRetrievalPtr crldpRetrieval(new CPKIFCRLDPRetrieval);
00827         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFCRLDPRetrieval>(crldpRetrieval);
00828         cache->AddColleague(cp);
00829 
00830         CPKIFAiaOrSiaRetrievalPtr siaAia(new CPKIFAiaOrSiaRetrieval);
00831         cp = dynamic_pointer_cast<IPKIFColleague, CPKIFAiaOrSiaRetrieval>(siaAia);
00832         cache->AddColleague(cp);
00833         
00834 
00835         CPKIFCryptoMediator2Ptr tmpCrypto(new CPKIFCryptoMediator2(false));                 
00836         crypto = tmpCrypto;
00837         crypto->InitializeMediator(NULL);
00838 
00839         //Setting up Crypto
00840         CPKIFNSSPtr newNSS(new CPKIFNSS(dbdir));
00841         newNSS->Initialize();
00842         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSS>(newNSS);
00843         crypto->AddColleague(cp);
00844 
00845         CPKIFNSSRawPtr newNSSRaw(new CPKIFNSSRaw());
00846         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFNSSRaw>(newNSSRaw);
00847         crypto->AddColleague(cp);
00848 
00849 
00850         //Setting up revocation
00851         CPKIFRevocationStatusMediator2Ptr tmpRevStatus(new CPKIFRevocationStatusMediator2(false));
00852         revStatus = tmpRevStatus;
00853         revStatus->InitializeMediator(NULL);
00854 
00855         if(trustedResponder)
00856         {
00857             cp = dynamic_pointer_cast<IPKIFColleague,CPKIFOCSPChecker>(trustedResponder);
00858             revStatus->AddColleague(cp); //added 12/11/2003
00859         }
00860 
00861         CPKIFOCSPCheckerPtr ocspChecker(new CPKIFOCSPChecker());
00862         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFOCSPChecker>(ocspChecker);
00863         revStatus->AddColleague(cp);
00864 
00865         if(aiaColleague != (CPKIFOCSPChecker*)NULL)
00866         {
00867             aiaColleague = ocspChecker;
00868         }
00869         
00870         CPKIFX509CRLCheckerPtr crlChecker(new CPKIFX509CRLChecker());
00871         cp = dynamic_pointer_cast<IPKIFColleague,CPKIFX509CRLChecker>(crlChecker);
00872         revStatus->AddColleague(cp);
00873 
00874         CPKIFPathProcessingMediator2Ptr tmpPath(new CPKIFPathProcessingMediator2(true));
00875         path = tmpPath;
00876         path->InitializeMediator(NULL);
00877         IPKIFMediatorPtr mp = dynamic_pointer_cast<IPKIFMediator, CPKIFCacheMediator2>(cache);
00878         path->AddMediator(mp);
00879         mp = dynamic_pointer_cast<IPKIFMediator, CPKIFCryptoMediator2>(crypto);
00880         path->AddMediator(mp);
00881         mp = dynamic_pointer_cast<IPKIFMediator, CPKIFRevocationStatusMediator2>(revStatus);
00882         path->AddMediator(mp);
00883 
00884         return dynamic_pointer_cast<IPKIFMediator, CPKIFPathProcessingMediator2>(path);
00885     }
00886     catch(...)
00887     {
00888         throw;
00889     }
00890 
00891 }
00901 void CAC_API FreeDefaultMediatorNSS(
00903     IPKIFMediator* p)
00904 {
00905     if(p) {
00906         delete p;
00907         // this should currently NOP if NSS isn't in use
00908         ShutdownCrypto();
00909     }
00910 }
00911 
00912 
00913 // GIB: These headers shouldn't be CRLF terminated for curl. It does that.
00914 char* g_tspHeaders = "Content-Type: application/timestamp-query";
00915 char* g_scvpHeaders = "Content-Type: application/scvp-cv-request";
00916 char* g_scvpValPolHeaders = "Content-Type: application/scvp-vp-request";
00917 char* g_ocspHeaders = "Content-Type: application/ocsp-request";
00925 size_t WriteCB(
00927     void * ptr,
00929     size_t size, 
00931     size_t count, 
00933     void * data)
00934 {
00935     size_t realsize = size * count;
00936     CPKIFBuffer * buf = (CPKIFBuffer *) data;
00937     unsigned int oldLen = buf->GetLength();
00938     unsigned char * oldData = NULL;
00939     if(oldLen > 0)
00940     {
00941         oldData = new unsigned char[oldLen];
00942         if(NULL == oldData) return 0;
00943         memcpy(oldData,buf->GetBuffer(),oldLen);
00944     }
00945 
00946     size_t stOldLen = oldLen;
00947 
00948     int buffsize = 0;
00949     try 
00950     {
00951         buffsize = numeric_cast<int>(realsize + stOldLen);
00952     }
00953     catch(bad_numeric_cast &) 
00954     {
00955         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Size is an impossibly long number.");
00956     }
00957 
00958     unsigned char * newData = buf->AllocateBuffer(buffsize);
00959     if(NULL != oldData)
00960     {
00961         memcpy(newData,oldData,oldLen);
00962         delete[] oldData;
00963     }
00964     memcpy(newData+oldLen,ptr,realsize);
00965     //newData[buf->GetLength()] = 0x00;
00966     return realsize;
00967 }
00968 
00980 BOOL CAC_API PostRequestURL(
00983     CPKIFBufferPtr& encTSR, 
00985     CPKIFBufferPtr& resp, 
00988     const char* pstrURL, 
00990     PKIFServiceType pst)
00991 {
00992 #undef RETURN
00993 #define RETURN(rv) \
00994 { \
00995     if (NULL != headers) \
00996     { curl_slist_free_all(headers); } \
00997     if (NULL != hCurl) \
00998     { curl_easy_cleanup(hCurl); } \
00999     return rv;  \
01000 } 
01001     CURL * hCurl = NULL;
01002     CURLcode curlRes = CURLE_OK;
01003     unsigned char* buf = NULL;
01004     char * url = NULL;
01005     curl_slist * headers = NULL;
01006 
01007     // GIB: Should this be an exception instead?
01008     if(!pstrURL || strlen(pstrURL) == 0)
01009     {
01010         std::ostringstream os;
01011         os << "PostRequestURL() called without a valid URL"; 
01012         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01013         RETURN(FALSE);
01014     }
01015 
01016     //commented out pending implementation of proper HTTP blacklist
01017     std::string pstrURLString = pstrURL;
01018     if(PKIFHTTP::IsHttpServerBlacklisted(pstrURLString))
01019     {
01020         std::ostringstream os;
01021         os << pstrURL << " has been blacklisted"; 
01022         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01023         RETURN(FALSE);
01024     }
01025 
01026     // empty/initialize the buffer for the response. This needs to be done
01027     // before it gets passed to the callback function
01028     resp.reset(new CPKIFBuffer());
01029     
01030     // add a custom Content-type: header for protocols that want it
01031     switch(pst)
01032     {
01033     case PKIF_TSA:
01034         headers = curl_slist_append(headers,g_tspHeaders);
01035         break;
01036     case PKIF_SCVP:
01037         headers = curl_slist_append(headers,g_scvpHeaders);
01038         break;
01039     case PKIF_SCVP_VAL_POL:
01040         headers = curl_slist_append(headers,g_scvpValPolHeaders);
01041         break;
01042     case PKIF_OCSP:
01043         headers = curl_slist_append(headers,g_ocspHeaders);
01044         break;
01045     case PKIF_NONE: 
01046         //kill the no-cache pragma
01047         headers = curl_slist_append(headers,"Pragma: ");
01048         break;
01049     default:
01050         return FALSE;
01051     };
01052 
01053     // the curl "easy" API should be good enough here.
01054     // if this becomes a bottleneck use the "multi" api in a pool that's
01055     // initialized and torn down at startup/shutdown
01056     hCurl = curl_easy_init();
01057 
01058     if(!hCurl)
01059     {
01060         std::ostringstream os;
01061         os << "curl_easy_init() failed"; 
01062         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01063         RETURN(FALSE);
01064     }
01065 
01066     // GIB: The code i'm replacing was setting the HTTP version to 1.0. 
01067     // The equivalent for curl would be:
01068     // curl_easy_setopt(hCurl,CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);
01069     // but there's no real reason to do this. the library does the right thing
01070     
01071     // make sure libcurl can parse the URL
01072     curlRes = curl_easy_setopt(hCurl,CURLOPT_URL,pstrURL);
01073     if(curlRes != CURLE_OK) {
01074         std::ostringstream os;
01075         os << "curl_easy_setopt(CURLOPT_URL) failed: " << curl_easy_strerror(curlRes);
01076         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01077         RETURN(FALSE);
01078     }
01079 
01080     // tell libcurl not to build and validate paths for SSL servers
01081     curlRes = curl_easy_setopt(hCurl,CURLOPT_SSL_VERIFYPEER,0L);
01082 
01083     if(curlRes != CURLE_OK) {
01084         std::ostringstream os;
01085         os << "curl_easy_setopt(CURLOPT_SSL_VERIFYPEER) failed: " << curl_easy_strerror(curlRes);
01086         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01087         RETURN(FALSE);
01088     }
01089 
01090     curlRes = curl_easy_setopt(hCurl,CURLOPT_FOLLOWLOCATION,1L);
01091 
01092     if(curlRes != CURLE_OK) {
01093         std::ostringstream os;
01094         os << "curl_easy_setopt(CURLOPT_FOLLOWLOCATION) failed: " << curl_easy_strerror(curlRes);
01095         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01096         RETURN(FALSE);
01097     }
01098 
01099     // set up the callback we use to write the response into a buffer
01100     curlRes = curl_easy_setopt(hCurl,CURLOPT_WRITEFUNCTION,WriteCB);
01101     if(curlRes != CURLE_OK) {
01102         std::ostringstream os;
01103         os << "curl_easy_setopt(CURLOPT_WRITEFUNCTION) failed: " << curl_easy_strerror(curlRes);
01104         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01105         RETURN(FALSE);
01106     }
01107 
01108     // give curl a pointer to the buffer
01109     // the nasty cast is necessary because libcurl wouldn't know what to do
01110     // with a smart pointer, and when I just tried to cast it and pass opaquely
01111     // reference counts got confused
01112     curlRes = curl_easy_setopt(hCurl,CURLOPT_WRITEDATA,(void *)&(*resp));
01113     if(curlRes != CURLE_OK) {
01114         std::ostringstream os;
01115         os << "curl_easy_setopt(CURLOPT_WRITEDATA) failed: " << curl_easy_strerror(curlRes);
01116         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01117         RETURN(FALSE);
01118     }
01119     
01120     // set up any needed custom headers. if more than one is needed, it should
01121     // be added to the list (without crlfs) when it's constructed at the beginning
01122     // of this function
01123     if(headers != NULL)
01124     {
01125         curlRes = curl_easy_setopt(hCurl,CURLOPT_HTTPHEADER,headers);
01126         if(curlRes != CURLE_OK) {
01127             std::ostringstream os;
01128             os << "curl_easy_setopt(CURLOPT_HTTPHEADER) failed: " << curl_easy_strerror(curlRes);
01129             LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01130             RETURN(FALSE);
01131         }
01132     }
01133     
01134     // give libcurl the data to be posted
01135     //if we're not POSTing any data, it's a GET
01136     if(0 != encTSR->GetLength()) {
01137         curlRes = curl_easy_setopt(hCurl,CURLOPT_POSTFIELDS,encTSR->GetBuffer());
01138         if(curlRes != CURLE_OK) {
01139             std::ostringstream os;
01140             os << "curl_easy_setopt(CURLOPT_POSTFIELDS) failed: " << curl_easy_strerror(curlRes);
01141             LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01142             RETURN(FALSE);
01143         }
01144 
01145         // we need to tell libcurl the length because (e.g. OCSP requests) this
01146         // POST data can contain 0x00 and libcurl will use strlen otherwise
01147         curlRes = curl_easy_setopt(hCurl,CURLOPT_POSTFIELDSIZE,encTSR->GetLength());
01148         if(curlRes != CURLE_OK) {
01149             std::ostringstream os;
01150             os << "curl_easy_setopt(CURLOPT_POSTFIELDSIZE) failed: " << curl_easy_strerror(curlRes);
01151             LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01152             RETURN(FALSE);
01153         }
01154     }
01155     
01156     // post the request. it'll be written into the response buffer by our callback
01157     curlRes = curl_easy_perform(hCurl);
01158     if(curlRes != CURLE_OK) 
01159     {
01160         if(CURLE_COULDNT_CONNECT == curlRes)
01161         {
01162             PKIFHTTP::AddBlacklistedHttpServer(pstrURLString);
01163         }
01164 
01165         std::ostringstream os;
01166         os << "curl_easy_setopt(CURLOPT_POSTFIELDSIZE) failed: " << curl_easy_strerror(curlRes);
01167         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01168         RETURN(FALSE);
01169     }
01170 
01171     RETURN(TRUE);
01172 }
01183 BOOL CAC_API PostRequest(
01186     CPKIFBufferPtr& encTSR,
01188     CPKIFBufferPtr& resp, 
01191     const char* pstrServer, 
01194     int port, 
01197     const char* pstrObject, 
01199     PKIFServiceType pst)
01200 {
01201 #undef RETURN
01202 #define RETURN(rv) \
01203 { \
01204     if (NULL != url) \
01205     { free(url); url = NULL; } \
01206     return rv;  \
01207 } 
01208     char * url;
01209     std::ostringstream us;
01210     // this function assumes it's been passed info for an HTTP URL
01211     us << "http://" << pstrServer << ":" << port << pstrObject;
01212     url = strdup(us.str().c_str());
01213     if(NULL == url)
01214     {
01215         std::ostringstream os;
01216         os << "Unable to allocate buffer for URL"; //<< GetLastError();
01217         LOG_STRING_ERROR(os.str().c_str(), TOOLKIT_UTILS, COMMON_URL_OPERATION_FAILED, NULL);
01218         RETURN(FALSE);
01219     }
01220     BOOL rv = PostRequestURL(encTSR,resp,url,pst);
01221     RETURN(rv);
01222 }
01223 
01224 //removed export declarations 8/18/2004
01232 BOOL CAC_API GetRequest(
01235     const char* pstrURL, 
01237     CPKIFBufferPtr& resp)
01238 {
01239     CPKIFBufferPtr tmp(new CPKIFBuffer());
01240     return PostRequestURL(tmp, resp, pstrURL, PKIF_NONE);
01241 }
01242 /*
01243 //----------------------------------------------------------------------------------------------------
01244 // globals OIDs
01245 //----------------------------------------------------------------------------------------------------
01246 //algorithms
01247 CAC_API CPKIFOIDPtr g_md2WithRSAEncryption
01248     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.1.2"))));//md2WithRSA
01249 CAC_API CPKIFOIDPtr g_md5WithRSAEncryption
01250     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.1.4"))));//md5WithRSA
01251 CAC_API CPKIFOIDPtr g_sha1WithRSAEncryption
01252     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.1.5"))));//sha1WithRSA
01253 CAC_API CPKIFOIDPtr g_dsaWithSHA1
01254     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.10040.4.3"))));//dsaWithSHA1
01255 CAC_API CPKIFOIDPtr g_rsa
01256     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.1.1"))));//rsa
01257 CAC_API CPKIFOIDPtr g_dsa
01258     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.10040.4.1"))));//dsa
01259 
01260 CAC_API CPKIFOIDPtr g_sha1
01261     (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.14.3.2.26"))));//sha1
01262 CAC_API CPKIFOIDPtr g_sha256
01263     (new CPKIFOID(CPKIFStringPtr(new std::string("2.16.840.1.101.3.4.2.1"))));//sha256
01264 CAC_API CPKIFOIDPtr g_sha384
01265     (new CPKIFOID(CPKIFStringPtr(new std::string("2.16.840.1.101.3.4.2.2"))));//sha384
01266 CAC_API CPKIFOIDPtr g_sha512
01267     (new CPKIFOID(CPKIFStringPtr(new std::string("2.16.840.1.101.3.4.2.3"))));//sha512
01268 CAC_API CPKIFOIDPtr g_md5
01269     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.2.5"))));//md5
01270 
01271 CAC_API CPKIFOIDPtr g_desCBC
01272     (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.14.3.2.7"))));//desCBC (OIW)
01273 CAC_API CPKIFOIDPtr g_tdesCBC
01274     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.3.7"))));//tdesCBC (RSA)
01275 CAC_API CPKIFOIDPtr g_desECB
01276     (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.14.3.2.6"))));//desECB (OIW)
01277 
01278 //CMS message types
01279 CAC_API CPKIFOIDPtr g_contentInfo
01280     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.16.1.6"))));//contentInfo
01281 CAC_API CPKIFOIDPtr g_data
01282     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.7.1"))));//data
01283 CAC_API CPKIFOIDPtr g_signedData
01284     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.7.2"))));//signedData
01285 CAC_API CPKIFOIDPtr g_envelopedData
01286     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.7.3"))));//envelopedData
01287 
01288 //CMS attribute types
01289 CAC_API CPKIFOIDPtr g_contentTypeAttribute
01290     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.3"))));//contentType attribute
01291 CAC_API CPKIFOIDPtr g_messageDigestAttribute
01292     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.4"))));//messageDigest attribute
01293 CAC_API CPKIFOIDPtr g_signingTimeAttribute
01294     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.5"))));//signing time attribute
01295 CAC_API CPKIFOIDPtr g_countersignatureAttribute
01296     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.6"))));//countersignature attribute
01297 CAC_API CPKIFOIDPtr g_timestampAttribute
01298     (new CPKIFOID(CPKIFStringPtr(new std::string("1.2.840.113549.1.9.16.2.14"))));//timestamp attribute
01299 
01300 //EKU OIDs
01301 CAC_API CPKIFOIDPtr g_timestampingEKU
01302     (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.3.8"))));//id-kp-timeStamping
01303 CAC_API CPKIFOIDPtr g_ocspSigningEKU
01304     (new CPKIFOID(CPKIFStringPtr(new std::string("1.3.6.1.5.5.7.3.9"))));//id-kp-OCSPSigning
01305 CAC_API CPKIFOIDPtr g_anyEKU
01306     (new CPKIFOID(CPKIFStringPtr(new std::string("2.5.29.37.0"))));//  anyExtendedKeyUsage
01307 
01308 CAC_API CPKIFOIDPtr g_anyPolicyOID
01309     (new CPKIFOID(CPKIFStringPtr(new std::string("2.5.29.32.0"))));
01310 
01311 //----------------------------------------------------------------------------------------------------
01312 // globals Alg IDs
01313 //----------------------------------------------------------------------------------------------------
01314 CAC_API CPKIFAlgorithmIdentifierPtr g_md5AI(new CPKIFAlgorithmIdentifier(g_md5));
01315 CAC_API CPKIFAlgorithmIdentifierPtr g_sha1AI(new CPKIFAlgorithmIdentifier(g_sha1));
01316 CAC_API CPKIFAlgorithmIdentifierPtr g_sha256AI(new CPKIFAlgorithmIdentifier(g_sha256));
01317 CAC_API CPKIFAlgorithmIdentifierPtr g_sha384AI(new CPKIFAlgorithmIdentifier(g_sha384));
01318 CAC_API CPKIFAlgorithmIdentifierPtr g_sha512AI(new CPKIFAlgorithmIdentifier(g_sha512));
01319 */
01320 //----------------------------------------------------------------------------------------------------
01321 // algorithm utils
01322 //----------------------------------------------------------------------------------------------------
01331 CPKIFAlgorithmIdentifierPtr CAC_API GetHashAlgAI(
01333     PKIFCRYPTO::HASH_ALG hashAlgorithm)
01334 {
01335     switch(hashAlgorithm)
01336     {
01337     case PKIFCRYPTO::MD5:
01338         return g_md5AI;
01339     case PKIFCRYPTO::SHA1:
01340         return g_sha1AI;
01341     case PKIFCRYPTO::SHA256:
01342         return g_sha256AI;
01343     case PKIFCRYPTO::SHA384:
01344         return g_sha384AI;
01345     case PKIFCRYPTO::SHA512:
01346         return g_sha512AI;
01347     default:
01348         CPKIFAlgorithmIdentifierPtr tmpAI;
01349         return tmpAI;
01350     }
01351 }
01370 AlgClass GetAlgClass(
01372     const CPKIFAlgorithmIdentifierPtr& alg)
01373 {
01374     CPKIFOIDPtr sigAlgOID = alg->oid();
01375     if(*g_md5WithRSAEncryption == *sigAlgOID || *g_rsa == *sigAlgOID || *g_sha1WithRSAEncryption == *sigAlgOID ||
01376         *g_md2WithRSAEncryption == *sigAlgOID || *g_sha224WithRSAEncryption == *sigAlgOID || 
01377         *g_sha256WithRSAEncryption == *sigAlgOID || *g_sha384WithRSAEncryption == *sigAlgOID || 
01378         *g_sha512WithRSAEncryption == *sigAlgOID)
01379         return RSA_CLASS;
01380     else if(*g_dsaWithSHA1 == *sigAlgOID || *g_dsa == *sigAlgOID)
01381         return DSA_CLASS;
01382     else if(*g_ecc == *sigAlgOID ||
01383         *g_ecdsa_sha1 == *sigAlgOID || 
01384         *g_ecdsa_sha224 == *sigAlgOID ||
01385         *g_ecdsa_sha256 == *sigAlgOID ||
01386         *g_ecdsa_sha384 == *sigAlgOID ||
01387         *g_ecdsa_sha512 == *sigAlgOID)
01388         return ECDSA_CLASS;
01389     else
01390         throw CPKIFException(TOOLKIT_UTILS_SUBCOMPONENT, COMMON_UNSUPPORTED_ALG, "Unable to determine algorithm class");
01391 }
01392 
01393 //for now we are supporting MD5 and SHA1 only adjust the below code accordingly when and if that changes
01401 bool CAC_API GetCACHashAlg(
01403     const CPKIFOIDPtr& alg,
01405     PKIFCRYPTO::HASH_ALG* hashAlg)
01406 {
01407     CPKIFAlgorithm* a = CPKIFAlgorithm::GetAlg(alg);
01408     if(a && hashAlg)
01409     {
01410         *hashAlg = a->HashAlg();
01411         return true;
01412     }
01413     else
01414         return false;
01415 }
01416 
01417 //----------------------------------------------------------------------------------------------------
01418 // Miscellaneous utility functions
01419 //----------------------------------------------------------------------------------------------------
01420 
01421 CPKIFBufferPtr CAC_API EncodeCPKIFNameAsGenName(
01423     const CPKIFNamePtr& name)
01424 {
01425     CACX509V3GeneralName* objname = new CACX509V3GeneralName;
01426     memset(objname, 0, sizeof(CACX509V3GeneralName));
01427 
01428     //objname->u.directoryName = new CACX509V3Name;
01429     //CACX509V3RelativeDistinguishedName* pCacTmpRDN = new CACX509V3RelativeDistinguishedName;
01430     //BuildCACX509V3DistinguishedName((unsigned char *)name->ToString(), pCacTmpRDN);
01431     //objname->u.directoryName->t = T_CACX509V3Name_rdnSequence;
01432     //objname->u.directoryName->u.rdnSequence = pCacTmpRDN;
01433     //objname->t = T_CACX509V3GeneralName_directoryName;
01434 
01435     CPKIFBufferPtr encodedName = name->Encoded();
01436     CACASNWRAPPER_CREATE(CACX509V3Name, rdnPDU);
01437     objname->u.directoryName = rdnPDU.Decode(encodedName->GetBuffer(), encodedName->GetLength());
01438     objname->t = T_CACX509V3GeneralName_directoryName;
01439 
01440     CACASNWRAPPER_CREATE(CACX509V3GeneralName, objPDU);
01441     ASN1OpenType* data1 = objPDU.Encode(objname);
01442     CPKIFBufferPtr tmpBuf;
01443     if(data1 != NULL)
01444     {
01445         tmpBuf = CPKIFBufferPtr(new CPKIFBuffer(data1->data, data1->numocts));
01446         delete data1;
01447     }
01448 
01449     if(objname)
01450     {
01451         if(objname->u.directoryName)
01452             objname->u.directoryName = NULL;
01453         delete objname;
01454     }
01455 
01456     return tmpBuf;
01457 }
01458 //added 4/10/03 CWW
01459 //takes a char* to an DN string (e.g. "cn=Joe, ou=Gen Pop, c=US") and returns CPKIFNamePtr
01470 CPKIFNamePtr CAC_API GetPKIFNameFromStr(
01472     unsigned char* dn)
01473 {
01474     PKIFNameMemoryHelper mhX509V3Name;
01475     mhX509V3Name.pCACX509V3Name = new CACX509V3Name;
01476     memset(mhX509V3Name.pCACX509V3Name, 0, sizeof(CACX509V3Name));
01477 
01478     CACX509V3RelativeDistinguishedName* pCacTmpRDN = new CACX509V3RelativeDistinguishedName; //list of CACX509V3RelativeDistinguishedNames
01479     
01480     if(NULL == dn || 3 > strlen((char*)dn))
01481     {
01482         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL DN string or DN less than three characters passed to GetPKIFNameFromStr");
01483     }
01484 
01485     BuildCACX509V3DistinguishedName(dn, pCacTmpRDN);
01486     mhX509V3Name.pCACX509V3Name->t = T_CACX509V3Name_rdnSequence;
01487     mhX509V3Name.pCACX509V3Name->u.rdnSequence = pCacTmpRDN;
01488 
01489     //create CPKIFName obj & return ptr
01490     CACASNWRAPPER_CREATE(CACX509V3Name, objPDU2);
01491     ASN1OpenType* data1 = objPDU2.Encode((mhX509V3Name.pCACX509V3Name));
01492     CPKIFBufferPtr tmpBuf;
01493     if(data1 != NULL)
01494     {
01495          tmpBuf = CPKIFBufferPtr(new CPKIFBuffer(data1->data, data1->numocts));
01496         delete data1;
01497     }
01498 
01499     CPKIFNamePtr pCacName(new CPKIFName(tmpBuf));
01500     //CPKIFNamePtr pCacName(new CPKIFName(*(mhX509V3Name.pCACX509V3Name)));
01501 
01502     return pCacName;
01503 }
01504 
01505 
01506 //added 4/10/03 CWW
01507 //takes a char* to an DN string (e.g. "cn=Joe, ou=Gen Pop, c=US") and returns ptr to populated CACX509V3DistinguishedName
01517 void BuildCACX509V3DistinguishedName(
01519     unsigned char* dn, 
01521     CACX509V3DistinguishedName* cacx509v3dn)
01522 {
01523     if(NULL == cacx509v3dn)
01524     {
01525         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL CACX509V3DistinguishedName* passed to BuildCACX509V3DistinguishedName");
01526     }
01527     if(NULL == dn || 3 > strlen((char*)dn))
01528     {
01529         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL DN string or DN less than three characters passed to BuildCACX509V3DistinguishedName");
01530     }
01531     
01532 
01533     cacx509v3dn->count = 0;
01534     DListNode *rdnNode = NULL;
01535 
01536     enum State 
01537     {
01538         START,
01539         VALUE,   
01540         ESCAPED,        //looking for AttributeType
01541         QUOTE_OPEN      //found an open quote
01542     };
01543 
01544     State eState = START;
01545     State eStatePrevious = START;
01546     size_t nStart = 0;
01547     size_t nIndex = 0;  
01548 
01549     size_t nLen = strlen((char*)dn);
01550     for( nIndex; nIndex < nLen; nIndex++ ) 
01551     {
01552         switch( eState ) 
01553         {
01554             case START:
01555                 if(dn[nIndex] != ' ' && dn[nIndex] != ',')
01556                 {
01557                     nStart = nIndex;
01558                     eState = VALUE;
01559                 }
01560                 break;
01561             case VALUE:
01562                 if(dn[nIndex] == ',' ) 
01563                 {
01564                     unsigned char* rdn = new unsigned char[nIndex - nStart + 1];
01565                     memcpy(rdn, &dn[nStart], nIndex - nStart);  
01566                     rdn[nIndex - nStart] = '\0';
01567                     
01568                     //Create RDN object and encode
01569                     PKIFNameMemoryHelper mhCACX509V3RDN; //list of encoded attr type and value pairs
01570                     mhCACX509V3RDN.pCACX509V3RDN = new CACX509V3RelativeDistinguishedName;
01571                     memset(mhCACX509V3RDN.pCACX509V3RDN, 0, sizeof(CACX509V3RelativeDistinguishedName));
01572                     
01573                     BuildCACX509V3RelativeDistinguishedName(rdn, mhCACX509V3RDN.pCACX509V3RDN);
01574                     CACASNWRAPPER_CREATE(CACX509V3RelativeDistinguishedName, objPDU);
01575                     ASN1OpenType* asn1ot = objPDU.Encode(mhCACX509V3RDN.pCACX509V3RDN);
01576 
01577                     if(NULL == rdnNode)
01578                     {
01579                         NEW_NODE(rdnNode)
01580                     }
01581                     else
01582                     {
01583                         NEW_NEXT_AND_ADVANCE(rdnNode)
01584                     }
01585 
01586                     rdnNode->data = new ASN1OpenType;
01587                     ((ASN1OpenType*)rdnNode->data)->data = new unsigned char[asn1ot->numocts];
01588                     memcpy((void*)((ASN1OpenType*)rdnNode->data)->data, asn1ot->data, asn1ot->numocts);
01589                     ((ASN1OpenType*)rdnNode->data)->numocts = asn1ot->numocts;
01590                             
01591                     //add encoded RDN to DN
01592                     SET_HEAD_TAIL_INCREMENT((*cacx509v3dn), rdnNode)
01593                     
01594                     delete rdn;
01595                     delete asn1ot;
01596                     eState = START;
01597                 }
01598                 else if(dn[nIndex] == '\"') 
01599                 {
01600                     eState = QUOTE_OPEN;
01601                 }
01602                 else if(dn[nIndex] == '\\') 
01603                 {
01604                     eStatePrevious = VALUE;
01605                     eState = ESCAPED;
01606                 }
01607                 break;
01608             case ESCAPED:
01609                 eState = eStatePrevious;
01610                 break;
01611             case QUOTE_OPEN:
01612                 if(dn[nIndex] == '\"' )
01613                 {
01614                     eState = VALUE;
01615                 } 
01616                 else if(dn[nIndex] == '\\') 
01617                 {
01618                     eStatePrevious = QUOTE_OPEN;
01619                     eState = ESCAPED;
01620                 }
01621                 break;
01622         }
01623     }
01624     if(eState == VALUE) 
01625     {
01626         unsigned char* rdn = new unsigned char[nLen - nStart + 1];
01627         memcpy(rdn, &dn[nStart], nLen - nStart);
01628         
01629         //trim leading and trailing white spaces
01630         unsigned char *tmp = rdn;   
01631         int n = 0;
01632         while (tmp[n] == ' ') n++;
01633         tmp = &(tmp[n]);
01634 
01635         int size = 0;
01636         try 
01637         {
01638             size = numeric_cast<int>(nLen - nStart);
01639         }
01640         catch(bad_numeric_cast &) 
01641         {
01642             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Size is an impossibly long number.");
01643         }
01644 
01645         n = size - n - 1;
01646         while (tmp[n] == ' ') n--;
01647         tmp[n+1] = '\0';
01648 
01649         //create RDN object and encode
01650         PKIFNameMemoryHelper mhCACX509V3RDN;
01651         mhCACX509V3RDN.pCACX509V3RDN = new CACX509V3RelativeDistinguishedName;
01652         memset(mhCACX509V3RDN.pCACX509V3RDN, 0, sizeof(CACX509V3RelativeDistinguishedName));
01653 
01654         BuildCACX509V3RelativeDistinguishedName(tmp, mhCACX509V3RDN.pCACX509V3RDN);
01655         CACASNWRAPPER_CREATE(CACX509V3RelativeDistinguishedName, objPDU);
01656         ASN1OpenType* asn1ot = objPDU.Encode(mhCACX509V3RDN.pCACX509V3RDN);
01657 
01658         if(NULL == rdnNode)
01659         {
01660             NEW_NODE(rdnNode)
01661         }
01662         else
01663         {
01664             NEW_NEXT_AND_ADVANCE(rdnNode)
01665         }
01666 
01667         rdnNode->data = new ASN1OpenType;
01668         ((ASN1OpenType*)rdnNode->data)->data = new unsigned char[asn1ot->numocts];
01669         memcpy((void*)((ASN1OpenType*)rdnNode->data)->data, asn1ot->data, asn1ot->numocts);
01670         ((ASN1OpenType*)rdnNode->data)->numocts = asn1ot->numocts;
01671                 
01672         //add encoded RDN to DN
01673         SET_HEAD_TAIL_INCREMENT((*cacx509v3dn), rdnNode)
01674         delete rdn;
01675         delete asn1ot;
01676     }
01677 
01678     //reverse the rdn list... lest tbe dn be bassackwards
01679     DListNode* currNode = cacx509v3dn->head;
01680     for(unsigned int ii = 0; ii < cacx509v3dn->count; ++ii)
01681     {
01682         DListNode* tmpNext = currNode->next;
01683         currNode->next = currNode->prev;
01684         currNode = currNode->prev = tmpNext;
01685     }
01686     DListNode* tail = cacx509v3dn->head;
01687     cacx509v3dn->head = cacx509v3dn->tail;
01688     cacx509v3dn->tail = tail;
01689 }
01690 
01691 //added 4/10/03 CWW
01692 //takes a char* to an RDN string (e.g. "cn=Joe+serialNumber=123") and returns ptr to populated CACX509V3RelativeDistinguishedName
01702 void BuildCACX509V3RelativeDistinguishedName(
01704     unsigned char* rdn,
01706     CACX509V3RelativeDistinguishedName* cacx509v3rdn)
01707 {
01708     if(NULL == cacx509v3rdn)
01709     {
01710         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL CACX509V3RelativeDistinguishedName* passed to BuildCACX509V3RelativeDistinguishedName"); 
01711     }
01712 
01713     if(NULL == rdn || 3 > strlen((char*)rdn))
01714     {
01715         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL RDN string or RDN less than three characters passed to BuildCACX509V3RelativeDistinguishedName"); 
01716     }
01717 
01718     cacx509v3rdn->count = 0;
01719     DListNode *typeAndValNode = NULL;
01720 
01721     enum State 
01722     {
01723         START,
01724         VALUE,   
01725         ESCAPED,        //looking for AttributeType
01726         QUOTE_OPEN      //found an open quote
01727     };
01728 
01729     State eState = START;
01730     State eStatePrevious = START;
01731     size_t nStart = 0;
01732     size_t nIndex = 0;  
01733 
01734     size_t nLen = strlen((char*)rdn);
01735     for(nIndex; nIndex < nLen; nIndex++) 
01736     {
01737         switch(eState) 
01738         {
01739             case START:
01740                 if(rdn[nIndex] != ' ' && rdn[nIndex] != '+')
01741                 {
01742                     nStart = nIndex;
01743                     eState = VALUE;
01744                 }
01745                 break;
01746             case VALUE:
01747                 if(rdn[nIndex] == '+') 
01748                 {
01749                     char* attrTypeAndVal = new char[nIndex - nStart + 1];
01750                     memcpy(attrTypeAndVal, &rdn[nStart], nIndex - nStart);  
01751                     
01752                     //trim leading and trailing white spaces
01753                     char *tmp = attrTypeAndVal; 
01754                     int n = 0;
01755                     while (tmp[n] == ' ') n++;
01756                     tmp = &(tmp[n]);
01757 
01758                     int size = 0;
01759                     try 
01760                     {
01761                         size = numeric_cast<int>(nIndex - nStart);
01762                     }
01763                     catch(bad_numeric_cast &) 
01764                     {
01765                         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Size is an impossibly long number.");
01766                     }
01767 
01768                     n = size - n - 1;
01769                     while (tmp[n] == ' ') n--;
01770                     tmp[n+1] = '\0';
01771                     
01772                     CACX509V3AttributeTypeAndValue* atadv = new CACX509V3AttributeTypeAndValue;
01773                     BuildCACX509V3AttributeTypeAndValue(tmp, atadv);
01774                     if(NULL == typeAndValNode)
01775                     {
01776                         NEW_NODE(typeAndValNode)
01777                     }
01778                     else
01779                     {
01780                         NEW_NEXT_AND_ADVANCE(typeAndValNode)
01781                     }
01782 
01783                     typeAndValNode->data = atadv;
01784 
01785                     //add encoded directory string to RDN
01786                     SET_HEAD_TAIL_INCREMENT((*cacx509v3rdn), typeAndValNode)
01787 
01788                     delete attrTypeAndVal;
01789                     eState = START;
01790                 } 
01791                 else if(rdn[nIndex] == '\"') 
01792                 {
01793                     eState = QUOTE_OPEN;
01794                 } 
01795                 else if(rdn[nIndex] == '\\') 
01796                 {
01797                     eStatePrevious = VALUE;
01798                     eState = ESCAPED;
01799                 }
01800                 break;
01801 
01802             case ESCAPED:
01803                 eState = eStatePrevious;
01804                 break;
01805 
01806             case QUOTE_OPEN:
01807                 if(rdn[nIndex] == '\"') 
01808                 {
01809                     eState = VALUE;
01810                 }
01811                 else if(rdn[nIndex] == '\\' ) 
01812                 {
01813                     eStatePrevious = QUOTE_OPEN;
01814                     eState = ESCAPED;
01815                 }
01816                 break;
01817         };
01818     }
01819     if(eState == VALUE) 
01820     {
01821         char* attrTypeAndVal = new char[nLen - nStart + 1];
01822         memcpy(attrTypeAndVal, &rdn[nStart], nLen - nStart);
01823 
01824         //trim leading and trailing white spaces
01825         char *tmp = attrTypeAndVal; 
01826         int n = 0;
01827         while (tmp[n] == ' ') n++;
01828         tmp = &(tmp[n]);
01829         
01830         int size = 0;
01831         try 
01832         {
01833             size = numeric_cast<int>(nLen - nStart);
01834         }
01835         catch(bad_numeric_cast &) 
01836         {
01837             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Size is an impossibly long number.");
01838         }
01839         n = size - n - 1;
01840         while (tmp[n] == ' ') n--;
01841         tmp[n+1] = '\0';
01842 
01843         CACX509V3AttributeTypeAndValue* atdv;
01844         atdv = new CACX509V3AttributeTypeAndValue;
01845         BuildCACX509V3AttributeTypeAndValue(tmp, atdv);
01846         if(NULL == typeAndValNode)
01847         {
01848             NEW_NODE(typeAndValNode)
01849         }
01850         else
01851         {
01852             NEW_NEXT_AND_ADVANCE(typeAndValNode)
01853         }
01854 
01855         typeAndValNode->data = atdv;
01856 
01857         //add encoded directory string to RDN
01858         SET_HEAD_TAIL_INCREMENT((*cacx509v3rdn), typeAndValNode)
01859 
01860         delete attrTypeAndVal;
01861     }
01862 }
01863 
01864 //added 4/10/03 CWW
01865 //takes a char* to an attribute type and value string from an RDN (e.g. "cn=Joe") and returns ptr to populated CACX509V3AttributeTypeAndValue
01876 void BuildCACX509V3AttributeTypeAndValue(
01878     char* attrTypeAndValue,
01880     CACX509V3AttributeTypeAndValue* cacx509v3atadv)
01881 {
01882     if(NULL == cacx509v3atadv)
01883     {
01884         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL CACX509V3AttributeTypeAndValue* passed to BuildCACX509V3AttributeTypeAndValue");
01885     }
01886 
01887     if(NULL == attrTypeAndValue || 3 > strlen(attrTypeAndValue))
01888     {
01889         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL attribute type and value string or atav string less than three characters passed to BuildCACX509V3AttributeTypeAndValue");
01890     }
01891 
01892     size_t attrTypeAndValLen = strlen(attrTypeAndValue);
01893     char equalChar[] = "=";
01894     char* pEqual = strstr(attrTypeAndValue, (const char*)equalChar);
01895     if(NULL == pEqual)
01896     {
01897         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Attribute type and distinguished value string passed to BuildCACX509V3AttributeTypeAndValue is missing equal sign");
01898     }
01899 
01900     //get attrType
01901     size_t tmpLen = pEqual - attrTypeAndValue;
01902     char* attrType = new char[tmpLen + 1];
01903     memcpy(attrType, attrTypeAndValue, tmpLen);
01904     while(attrType[tmpLen-1] == ' ' && &attrType[tmpLen-1] > attrType)
01905         --tmpLen;//remove trailing white space
01906     attrType[tmpLen] = '\0';
01907 
01908     //get attrVal
01909     tmpLen = &(attrTypeAndValue[attrTypeAndValLen - 1]) - pEqual;
01910     char* attrVal = new char[tmpLen + 1];
01911     memcpy(attrVal, pEqual + 1, tmpLen);
01912     attrVal[tmpLen] = '\0';
01913 
01914     //get attr oid
01915     //made some minor mods to cover additional attributes
01916     char oidBuf[MAXOID];
01917     if(0 == /*stricmp*/STRCASECMP(attrType, "cn"))
01918         strcpy((char*)oidBuf, "2.5.4.3");
01919     else if(0 == /*stricmp*/STRCASECMP(attrType, "c"))
01920         strcpy((char*)oidBuf, "2.5.4.6");
01921     else if(0 == /*stricmp*/STRCASECMP(attrType, "l") || 0 == /*stricmp*/STRCASECMP(attrType, "locality"))
01922         strcpy((char*)oidBuf, "2.5.4.7");
01923     else if(0 == /*stricmp*/STRCASECMP(attrType, "o") || 0 == /*stricmp*/STRCASECMP(attrType, "organization"))
01924         strcpy((char*)oidBuf, "2.5.4.10");
01925     else if(0 == /*stricmp*/STRCASECMP(attrType, "ou"))
01926         strcpy((char*)oidBuf, "2.5.4.11");
01927     else if(0 == /*stricmp*/STRCASECMP(attrType, "e") || 0 == /*stricmp*/STRCASECMP(attrType, "email"))
01928         strcpy((char*)oidBuf, "1.2.840.113549.1.9.1");
01929     else if(0 == /*stricmp*/STRCASECMP(attrType, "surname") || 0 == /*stricmp*/STRCASECMP(attrType, "SN"))
01930         strcpy((char*)oidBuf, "2.5.4.4");
01931     else if(0 == /*stricmp*/STRCASECMP(attrType, "serialNumber") || 0 == /*stricmp*/STRCASECMP(attrType, "Serial Number"))
01932         strcpy((char*)oidBuf, "2.5.4.5");
01933     else if(0 == /*stricmp*/STRCASECMP(attrType, "stateOrProvinceName") || 0 == /*stricmp*/STRCASECMP(attrType, "S") || 0 == /*stricmp*/STRCASECMP(attrType, "ST"))
01934         strcpy((char*)oidBuf, "2.5.4.8");
01935     else if(0 == /*stricmp*/STRCASECMP(attrType, "streetAddress") || 0 == /*stricmp*/STRCASECMP(attrType, "street"))
01936         strcpy((char*)oidBuf, "2.5.4.9");
01937     else if(0 == /*stricmp*/STRCASECMP(attrType, "title") || 0 == /*stricmp*/STRCASECMP(attrType, "t"))
01938         strcpy((char*)oidBuf, "2.5.4.12");
01939     else if(0 == /*stricmp*/STRCASECMP(attrType, "dnQualifier"))
01940         strcpy((char*)oidBuf, "2.5.4.46");
01941     else if(0 == /*stricmp*/STRCASECMP(attrType, "i") || 0 == /*stricmp*/STRCASECMP(attrType, "initials"))
01942         strcpy((char*)oidBuf, "2.5.4.43");
01943     else if(0 == /*stricmp*/STRCASECMP(attrType, "givenName") || 0 == /*stricmp*/STRCASECMP(attrType, "g"))
01944         strcpy((char*)oidBuf, "2.5.4.42");
01945     else if(0 == /*stricmp*/STRCASECMP(attrType, "generationQualifier"))
01946         strcpy((char*)oidBuf, "2.5.4.44");
01947     else if(0 == /*stricmp*/STRCASECMP(attrType, "pseudonym"))
01948         strcpy((char*)oidBuf, "2.5.4.65");
01949     else if(0 == /*stricmp*/STRCASECMP(attrType, "dc") || 0 == /*stricmp*/STRCASECMP(attrType, "domainComponent"))
01950         strcpy((char*)oidBuf, "0.9.2342.19200300.100.1.25");
01951     else
01952     {
01953         //not one of the attr types we were expecting or possibly is already in oid form
01954         //assume it's alreay in oid form... if it's not the call to *oid->raw() below will except
01955         strcpy(oidBuf, attrType);
01956     }
01957     CPKIFOIDPtr oid(new CPKIFOID(CPKIFStringPtr(new std::string(oidBuf)))); 
01958 
01959     try
01960     {
01961         //cacx509v3atadv->type = *oid->raw();
01962         CPKIFStringPtr str(new std::string(oid->ToString())); 
01963         ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
01964         CopyOID(&cacx509v3atadv->type, tmpOid);
01965 
01966         if(NULL != tmpOid)
01967             delete tmpOid;
01968         //cacx509v3atadv->type = *tmpOid;
01969     }
01970     catch(...)
01971     {
01972         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Attribute type and distinguished value string passed to BuildCACX509V3AttributeTypeAndValue contains an unexpected attribute type");
01973     }
01974 
01975     //attr to encoded directory string 
01976     //treating dc and email as ia5String
01977     ASN1OpenType* ds = NULL;
01978     if(0 == /*stricmp*/STRCASECMP(attrType, "dc") || 0 == /*stricmp*/STRCASECMP(attrType, "domainComponent"))
01979     {
01980         CACASNWRAPPER_CREATE(CACX509V3CACDirectoryString, objPDU);  
01981         CACX509V3CACDirectoryString dirStr;
01982         dirStr.t = T_CACX509V3CACDirectoryString_ia5String;
01983         dirStr.u.ia5String = attrVal;
01984         ds = objPDU.Encode(&dirStr);
01985 
01986         cacx509v3atadv->value.data = new unsigned char[ds->numocts + 1];
01987         memcpy((void*)(cacx509v3atadv->value.data), (void*)ds->data, ds->numocts);
01988         cacx509v3atadv->value.numocts = ds->numocts;
01989     }
01990     else if(0 == /*stricmp*/STRCASECMP(attrType, "e") || 0 == /*stricmp*/STRCASECMP(attrType, "email"))
01991     {
01992         CACASNWRAPPER_CREATE(CACX509V3CACDirectoryString, objPDU);  
01993         CACX509V3CACDirectoryString dirStr;
01994         dirStr.t = T_CACX509V3CACDirectoryString_ia5String;
01995         dirStr.u.ia5String = attrVal;
01996         ds = objPDU.Encode(&dirStr);
01997 
01998         cacx509v3atadv->value.data = new unsigned char[ds->numocts + 1];
01999         memcpy((void*)(cacx509v3atadv->value.data), (void*)ds->data, ds->numocts);
02000         cacx509v3atadv->value.numocts = ds->numocts;
02001     }
02002     else
02003     {
02004         CACASNWRAPPER_CREATE(CACX509V3CACDirectoryString, objPDU);  
02005         CACX509V3CACDirectoryString dirStr;
02006         dirStr.t = T_CACX509V3CACDirectoryString_printableString;
02007         dirStr.u.printableString = attrVal;
02008         ds = objPDU.Encode(&dirStr);
02009         
02010         cacx509v3atadv->value.data = new unsigned char[ds->numocts + 1];
02011         memcpy((void*)(cacx509v3atadv->value.data), (void*)ds->data, ds->numocts);
02012         cacx509v3atadv->value.numocts = ds->numocts;
02013     }
02014 
02015     delete attrVal;
02016     delete attrType;
02017     delete ds;
02018 }
02019 
02026 void split(const string & text, string & separators, vector<string> & words)
02027  {
02028     size_t n = text.length();
02029     size_t start, stop;
02030 
02031     start = text.find_first_not_of(separators);
02032     while ((start >= 0) && (start < n)) {
02033        stop = text.find_first_of(separators, start);
02034        if ((stop < 0) || (stop > n)) stop = n;
02035        words.push_back(text.substr(start, stop - start));
02036        start = text.find_first_not_of(separators, stop+1);
02037        }
02038  }
02039 //added 4/14/03 CWW
02072 CPKIFGeneralNamePtr GetPKIFGenNameFromStr(
02074     unsigned char* name, 
02076     int nameType)
02077 {
02078         //added NULL check 8/13/04
02079     if(name == (unsigned char*)NULL)
02080         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL pointer passed to GetPKIFGenNameFromStr");
02081 
02082     PKIFNameMemoryHelper mhCACX509V3GN;
02083     mhCACX509V3GN.pCACX509V3GN = new CACX509V3GeneralName;
02084     memset(mhCACX509V3GN.pCACX509V3GN, 0, sizeof(CACX509V3GeneralName));
02085 
02086     switch(nameType)
02087     {
02088     case T_CACX509V3GeneralName_otherName:
02089         mhCACX509V3GN.pCACX509V3GN->u.otherName = new ASN1OpenType;
02090         mhCACX509V3GN.pCACX509V3GN->u.otherName->data = new unsigned char[strlen((char*)name) + 1];
02091         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.otherName->data, (char*)name);
02092         try {
02093             mhCACX509V3GN.pCACX509V3GN->u.otherName->numocts = boost::numeric_cast<boost::uint32_t,size_t>(strlen((char*)name));
02094         }catch(boost::numeric::bad_numeric_cast & ){
02095             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid character string passed to GetPKIFGenNameFromStr");
02096         }
02097         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_otherName;
02098         break;
02099 
02100     case T_CACX509V3GeneralName_rfc822Name:
02101         mhCACX509V3GN.pCACX509V3GN->u.rfc822Name = new char[strlen((char*)name) + 1];
02102         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.rfc822Name, (char*)name);
02103         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_rfc822Name;
02104         break;
02105 
02106     case T_CACX509V3GeneralName_dNSName:
02107         mhCACX509V3GN.pCACX509V3GN->u.dNSName = new char[strlen((char*)name) + 1];
02108         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.dNSName, (char*)name);
02109         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_dNSName;
02110         break;
02111 
02112     case T_CACX509V3GeneralName_x400Address:
02113         mhCACX509V3GN.pCACX509V3GN->u.x400Address = new ASN1OpenType;
02114         mhCACX509V3GN.pCACX509V3GN->u.x400Address->data = new unsigned char[strlen((char*)name) + 1];
02115         memcpy((void*)(mhCACX509V3GN.pCACX509V3GN->u.x400Address->data), (void*)name, strlen((char*)name));
02116         try {
02117             mhCACX509V3GN.pCACX509V3GN->u.x400Address->numocts = boost::numeric_cast<boost::uint32_t,size_t>(strlen((char*)name));
02118         }catch(boost::numeric::bad_numeric_cast &){
02119             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid character string passed to GetPKIFGenNameFromStr");
02120         }
02121         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_x400Address;
02122         break;
02123 
02124     case T_CACX509V3GeneralName_directoryName:
02125         {
02126             mhCACX509V3GN.pCACX509V3GN->u.directoryName = new CACX509V3Name;
02127             CACX509V3RelativeDistinguishedName* pCacTmpRDN = new CACX509V3RelativeDistinguishedName;
02128             BuildCACX509V3DistinguishedName(name, pCacTmpRDN);
02129             mhCACX509V3GN.pCACX509V3GN->u.directoryName->t = T_CACX509V3Name_rdnSequence;
02130             mhCACX509V3GN.pCACX509V3GN->u.directoryName->u.rdnSequence = pCacTmpRDN;
02131             mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_directoryName;
02132         }
02133         break;
02134 
02135     case T_CACX509V3GeneralName_ediPartyName:
02136         //XXX-DEFER implement me
02137         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_ediPartyName;
02138         break;
02139 
02140     case T_CACX509V3GeneralName_uniformResourceIdentifier:
02141         mhCACX509V3GN.pCACX509V3GN->u.uniformResourceIdentifier = new char[strlen((char*)name) + 1];
02142         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.uniformResourceIdentifier, (char*)name);
02143         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_uniformResourceIdentifier;
02144         break;
02145 
02146     case T_CACX509V3GeneralName_iPAddress:
02147         {
02148             string  base = (char*)name; 
02149             vector<string> components;
02150             vector<string>::iterator iter;
02151             string tmp = "/";
02152             split(string((char *)base.c_str()),tmp,components);
02153 
02154             boost::asio::io_service io_service;
02155             ip::address addr;
02156             try {
02157                 addr = ip::address::from_string(components[0].c_str());
02158             }catch(std::exception & ){
02159                 throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid IP address passed to GetPKIFGenNameFromStr");
02160             }
02161 
02162             if(addr.is_v4())
02163             {
02164                 ip::address_v4 v4Addr = addr.to_v4();
02165                 mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_iPAddress;
02166                 mhCACX509V3GN.pCACX509V3GN->u.iPAddress = new ASN1DynOctStr;
02167 
02168                 ip::address_v4::bytes_type v4Addr_bytes_value = v4Addr.to_bytes();
02169 
02170                 
02171                 int v4_len = 4;
02172                 int size = v4_len;
02173                 if(components.size() > 1)
02174                 {
02175                     ip::address mask;
02176                     try {
02177                         mask = ip::address::from_string(components[1].c_str());
02178                     }catch(std::exception & ){
02179                         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid mask passed to GetPKIFGenNameFromStr");
02180                     }
02181                     ip::address_v4 v4Mask = mask.to_v4();
02182 
02183                     ip::address_v4::bytes_type mask_bytes_value = v4Mask.to_bytes();
02184 
02185                     size += v4_len; 
02186                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02187                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02188                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v4Addr_bytes_value.c_array(),v4_len);
02189                     memcpy((void*)(mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data + v4_len), mask_bytes_value.c_array(),v4_len);
02190                 }
02191                 else
02192                 { 
02193                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02194                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02195                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v4Addr_bytes_value.c_array(),v4_len);
02196                 }
02197                 
02198             }
02199             else if(addr.is_v6())
02200             {
02201                 ip::address_v6 v6Addr = addr.to_v6();
02202 
02203                 mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_iPAddress;
02204                 mhCACX509V3GN.pCACX509V3GN->u.iPAddress = new ASN1DynOctStr;
02205 
02206                 ip::address_v6::bytes_type v6Addr_bytes_value = v6Addr.to_bytes();
02207 
02208                 int v6_len = 16;
02209                 int size = v6_len;
02210                 if(components.size() > 1)
02211                 {
02212                     ip::address mask;
02213                     try {
02214                         mask = ip::address::from_string(components[1].c_str());
02215                     }catch(std::exception & ){
02216                         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid mask passed to GetPKIFGenNameFromStr");
02217                     }
02218                     ip::address_v6 v6Mask = mask.to_v6();
02219 
02220                     ip::address_v6::bytes_type mask_bytes_value = v6Mask.to_bytes();
02221 
02222                     size += v6_len; 
02223                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02224                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02225                     memcpy((void *)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data,v6Addr_bytes_value.c_array(),v6_len);
02226                     memcpy((void *)(mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data + v6_len),mask_bytes_value.c_array(),v6_len);
02227 
02228                 }
02229                 else
02230                 { 
02231                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02232                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02233                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v6Addr_bytes_value.c_array(), v6_len);
02234 
02235                 }
02236             }
02237 
02238         }
02239         break;
02240 
02241     case T_CACX509V3GeneralName_registeredID:
02242         { 
02243             mhCACX509V3GN.pCACX509V3GN->u.registeredID = new ASN1OBJID;
02244             CPKIFOIDPtr oid(new CPKIFOID(CPKIFStringPtr(new std::string((char*)name)))); 
02245             try
02246             {
02247                 CPKIFStringPtr str(new std::string(oid->ToString())); 
02248                 ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
02249                 CopyOID(mhCACX509V3GN.pCACX509V3GN->u.registeredID, tmpOid); 
02250                 if(tmpOid)
02251                     delete tmpOid;
02252                 //CopyOID(mhCACX509V3GN.pCACX509V3GN->u.registeredID, oid->raw()); 
02253             }
02254             catch(...)
02255             {
02256                 throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Invalid OID passed to BuildCACX509V3AttributeTypeAndValue");
02257             }
02258             mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_registeredID;
02259         }
02260         break;
02261     default:
02262         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Unexpected general name type passed to GetPKIFGenNameFromStr");
02263     }
02264     
02265     CACASNWRAPPER_CREATE(CACX509V3GeneralName, objPDU);
02266     ASN1OpenType* data1 = objPDU.Encode((CACX509V3GeneralName*)mhCACX509V3GN.pCACX509V3GN);
02267     CPKIFBufferPtr tmpBuf;
02268     if(data1 != NULL)
02269     {
02270          tmpBuf = CPKIFBufferPtr(new CPKIFBuffer(data1->data, data1->numocts));
02271         delete data1;
02272     }
02273     //CPKIFGeneralNamePtr pCacGenName(new CPKIFGeneralName(*(CACX509V3GeneralName*)mhCACX509V3GN.pCACX509V3GN));
02274     CPKIFGeneralNamePtr pCacGenName(new CPKIFGeneralName(tmpBuf));
02275         
02276     return pCacGenName;
02277 }
02311 CPKIFBufferPtr GetEncGenNameFromStr(
02313     unsigned char* name, 
02315     int nameType)
02316 {
02317     //added NULL check 8/13/04
02318     if(name == (unsigned char*)NULL)
02319         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL pointer passed to GetPKIFGenNameFromStr");
02320 
02321     PKIFNameMemoryHelper mhCACX509V3GN;
02322     mhCACX509V3GN.pCACX509V3GN = new CACX509V3GeneralName;
02323     memset(mhCACX509V3GN.pCACX509V3GN, 0, sizeof(CACX509V3GeneralName));
02324 
02325     switch(nameType)
02326     {
02327     case T_CACX509V3GeneralName_otherName:
02328         mhCACX509V3GN.pCACX509V3GN->u.otherName = new ASN1OpenType;
02329         mhCACX509V3GN.pCACX509V3GN->u.otherName->data = new unsigned char[strlen((char*)name) + 1];
02330         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.otherName->data, (char*)name);
02331         try {
02332             mhCACX509V3GN.pCACX509V3GN->u.otherName->numocts = boost::numeric_cast<boost::uint32_t,size_t>(strlen((char*)name));
02333         }catch(boost::numeric::bad_numeric_cast & ){
02334             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid character string passed to GetPKIFGenNameFromStr");
02335         }
02336         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_otherName;
02337         break;
02338 
02339     case T_CACX509V3GeneralName_rfc822Name:
02340         mhCACX509V3GN.pCACX509V3GN->u.rfc822Name = new char[strlen((char*)name) + 1];
02341         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.rfc822Name, (char*)name);
02342         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_rfc822Name;
02343         break;
02344 
02345     case T_CACX509V3GeneralName_dNSName:
02346         mhCACX509V3GN.pCACX509V3GN->u.dNSName = new char[strlen((char*)name) + 1];
02347         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.dNSName, (char*)name);
02348         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_dNSName;
02349         break;
02350 
02351     case T_CACX509V3GeneralName_x400Address:
02352         mhCACX509V3GN.pCACX509V3GN->u.x400Address = new ASN1OpenType;
02353         mhCACX509V3GN.pCACX509V3GN->u.x400Address->data = new unsigned char[strlen((char*)name) + 1];
02354         memcpy((void*)(mhCACX509V3GN.pCACX509V3GN->u.x400Address->data), (void*)name, strlen((char*)name));
02355         try {
02356             mhCACX509V3GN.pCACX509V3GN->u.x400Address->numocts = boost::numeric_cast<boost::uint32_t,size_t>(strlen((char*)name));
02357         }catch(boost::numeric::bad_numeric_cast &){
02358             throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid character string passed to GetPKIFGenNameFromStr");
02359         }
02360         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_x400Address;
02361         break;
02362 
02363     case T_CACX509V3GeneralName_directoryName:
02364         {
02365             mhCACX509V3GN.pCACX509V3GN->u.directoryName = new CACX509V3Name;
02366             CACX509V3RelativeDistinguishedName* pCacTmpRDN = new CACX509V3RelativeDistinguishedName;
02367             BuildCACX509V3DistinguishedName(name, pCacTmpRDN);
02368             mhCACX509V3GN.pCACX509V3GN->u.directoryName->t = T_CACX509V3Name_rdnSequence;
02369             mhCACX509V3GN.pCACX509V3GN->u.directoryName->u.rdnSequence = pCacTmpRDN;
02370             mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_directoryName;
02371         }
02372         break;
02373 
02374     case T_CACX509V3GeneralName_ediPartyName:
02375         //XXX-DEFER implement me
02376         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_ediPartyName;
02377         break;
02378 
02379     case T_CACX509V3GeneralName_uniformResourceIdentifier:
02380         mhCACX509V3GN.pCACX509V3GN->u.uniformResourceIdentifier = new char[strlen((char*)name) + 1];
02381         strcpy((char*)mhCACX509V3GN.pCACX509V3GN->u.uniformResourceIdentifier, (char*)name);
02382         mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_uniformResourceIdentifier;
02383         break;
02384 
02385     case T_CACX509V3GeneralName_iPAddress:
02386         {
02387             string  base = (char*)name; 
02388             vector<string> components;
02389             vector<string>::iterator iter;
02390             string tmp = "/";
02391             split(string((char *)base.c_str()),tmp,components);
02392 
02393             boost::asio::io_service io_service;
02394             ip::address addr;
02395             try {
02396                 addr = ip::address::from_string(components[0].c_str());
02397             }catch(std::exception & ){
02398                 throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid IP address passed to GetPKIFGenNameFromStr");
02399             }
02400 
02401             if(addr.is_v4())
02402             {
02403                 ip::address_v4 v4Addr = addr.to_v4();
02404                 mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_iPAddress;
02405                 mhCACX509V3GN.pCACX509V3GN->u.iPAddress = new ASN1DynOctStr;
02406 
02407                 ip::address_v4::bytes_type v4Addr_bytes_value = v4Addr.to_bytes();
02408 
02409                 
02410                 int v4_len = 4;
02411                 int size = v4_len;
02412                 if(components.size() > 1)
02413                 {
02414                     ip::address mask;
02415                     try {
02416                         mask = ip::address::from_string(components[1].c_str());
02417                     }catch(std::exception & ){
02418                         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid mask passed to GetPKIFGenNameFromStr");
02419                     }
02420                     ip::address_v4 v4Mask = mask.to_v4();
02421 
02422                     ip::address_v4::bytes_type mask_bytes_value = v4Mask.to_bytes();
02423 
02424                     size += v4_len; 
02425                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02426                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02427                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v4Addr_bytes_value.c_array(),v4_len);
02428                     memcpy((void*)(mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data + v4_len), mask_bytes_value.c_array(),v4_len);
02429                 }
02430                 else
02431                 { 
02432                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02433                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02434                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v4Addr_bytes_value.c_array(),v4_len);
02435                 }
02436                 
02437             }
02438             else if(addr.is_v6())
02439             {
02440                 ip::address_v6 v6Addr = addr.to_v6();
02441 
02442                 mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_iPAddress;
02443                 mhCACX509V3GN.pCACX509V3GN->u.iPAddress = new ASN1DynOctStr;
02444 
02445                 ip::address_v6::bytes_type v6Addr_bytes_value = v6Addr.to_bytes();
02446 
02447                 int v6_len = 16;
02448                 int size = v6_len;
02449                 if(components.size() > 1)
02450                 {
02451                     ip::address mask;
02452                     try {
02453                         mask = ip::address::from_string(components[1].c_str());
02454                     }catch(std::exception & ){
02455                         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "invalid mask passed to GetPKIFGenNameFromStr");
02456                     }
02457                     ip::address_v6 v6Mask = mask.to_v6();
02458 
02459                     ip::address_v6::bytes_type mask_bytes_value = v6Mask.to_bytes();
02460 
02461                     size += v6_len; 
02462                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02463                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02464                     memcpy((void *)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data,v6Addr_bytes_value.c_array(),v6_len);
02465                     memcpy((void *)(mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data + v6_len),mask_bytes_value.c_array(),v6_len);
02466 
02467                 }
02468                 else
02469                 { 
02470                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->numocts = size;
02471                     mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data = new unsigned char[size];
02472                     memcpy((void*)mhCACX509V3GN.pCACX509V3GN->u.iPAddress->data, v6Addr_bytes_value.c_array(), v6_len);
02473 
02474                 }
02475             }
02476 
02477         }
02478         break;
02479 
02480     case T_CACX509V3GeneralName_registeredID:
02481         { 
02482             mhCACX509V3GN.pCACX509V3GN->u.registeredID = new ASN1OBJID;
02483             CPKIFOIDPtr oid(new CPKIFOID(CPKIFStringPtr(new std::string((char*)name)))); 
02484             try
02485             {
02486                 CPKIFStringPtr str(new std::string(oid->ToString())); 
02487                 ASN1OBJID* tmpOid = ConvertStringToASN1OBJID(str);
02488                 CopyOID(mhCACX509V3GN.pCACX509V3GN->u.registeredID, tmpOid); 
02489                 if(tmpOid)
02490                     delete tmpOid;
02491                 //CopyOID(mhCACX509V3GN.pCACX509V3GN->u.registeredID, oid->raw()); 
02492             }
02493             catch(...)
02494             {
02495                 throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Invalid OID passed to BuildCACX509V3AttributeTypeAndValue");
02496             }
02497             mhCACX509V3GN.pCACX509V3GN->t = T_CACX509V3GeneralName_registeredID;
02498         }
02499         break;
02500     default:
02501         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "Unexpected general name type passed to GetPKIFGenNameFromStr");
02502     }
02503     
02504     CACASNWRAPPER_CREATE(CACX509V3GeneralName, objPDU);
02505     ASN1OpenType* data1 = objPDU.Encode((CACX509V3GeneralName*)mhCACX509V3GN.pCACX509V3GN);
02506     CPKIFBufferPtr tmpBuf;
02507     if(data1 != NULL)
02508     {
02509          tmpBuf = CPKIFBufferPtr(new CPKIFBuffer(data1->data, data1->numocts));
02510         delete data1;
02511     }
02512         
02513     return tmpBuf;
02514 }
02515 
02516 
02518 //@b Interface: External
02519 //
02520 //This function frees memory used by OOCTXT structure. These structures are created and used internally. 
02521 //Applications need not invoke this function. The OOCTXT structure is defined as follows.
02522 //
02523 // 
02524 //<pre>
02525 //typedef struct _OOCTXT {   // ASN.1 context block 
02526 //
02527 //  ASN1BUFFER buffer; // data buffer 
02528 //  ASN1BUFSAVE savedInfo; // saved buffer info 
02529 //  ASN1ErrInfo errInfo; // run-time error info 
02530 //  ASN1MemBlk* memBlk_p; // memory block list 
02531 //  OSUINT32 initCode; // code double word to indicate init 
02532 //  OSUINT16 flags; // flag bits 
02533 //  DList fieldList; // PER field list 
02534 //  Asn1SizeCnst* pSizeConstraint; // Size constraint list 
02535 //  const char* pCharSet; // String of permitted characters 
02536 //  Asn1RTStack nameStack; // Element name stack 
02537 //  DList evtHndlrList; // Event handler object list 
02538 //  void* errHndlrCB; // Error handler callback function 
02539 //
02540 //} OOCTXT;
02541 //</pre>
02542 //
02543 //@return None
02544 //*/
02545 //void FreeASN1Context(
02546 //  //![in] A pointer to an OOCTXT structure
02547 //  OOCTXT* ctx)
02548 //{
02549 //  freeEncodeBuffer(ctx);
02550 //  memFreeAll(ctx);
02551 //}
02562 CPKIFBufferPtr CAC_API EncodeGeneralName(
02564     CPKIFGeneralNamePtr& gn)
02565 {
02566     //added NULL check 8/13/04
02567     if(gn == (CPKIFGeneralName*)NULL || CPKIFGeneralName::NOTSET == gn->GetType())
02568         throw CPKIFException(TOOLKIT_UTILS, COMMON_INVALID_INPUT, "NULL pointer passed to EncodeGeneralName");
02569 
02570     //CACX509V3GeneralName tmpGN; //changed this to use memory helper, 4/22/03 CWW
02571     PKIFNameMemoryHelper mhCACX509V3GN;
02572     mhCACX509V3GN.pCACX509V3GN = new CACX509V3GeneralName; 
02573     memset(mhCACX509V3GN.pCACX509V3GN, 0, sizeof(CACX509V3GeneralName)); 
02574 
02575     //CopyGeneralName(tmpGN, gn); 
02576     CopyGeneralName(*mhCACX509V3GN.pCACX509V3GN, gn);
02577 
02578     CACASNWRAPPER_CREATE(CACX509V3GeneralName, objPDU);
02579     //ASN1OpenType* data1 = objPDU.Encode(&tmpGN);
02580     ASN1OpenType* data1 = objPDU.Encode(mhCACX509V3GN.pCACX509V3GN); 
02581     
02582     if (data1 != NULL)
02583     {
02584       CPKIFBufferPtr tmp(new CPKIFBuffer(data1->data, data1->numocts));
02585       delete data1;
02586       return tmp;
02587     }
02588     else
02589     {
02590       CPKIFBufferPtr tmp(new CPKIFBuffer());
02591       delete data1;
02592       return tmp;
02593     }
02594 }
02595 
02603 void FreeName(
02605     CACX509V3Name** dest)
02606 {
02607     if(!dest || ! *dest)
02608         return;
02609 
02610     DListNode* cur = (*dest)->u.rdnSequence->head, *tmpNext = NULL;
02611     ASN1OpenType* curAT = NULL;
02612     while(cur)
02613     {
02614         curAT = (ASN1OpenType*)cur->data;
02615 
02616         if(curAT)
02617         {
02618             if(curAT->data)
02619             {
02620                 delete curAT->data;
02621             }
02622 
02623             delete curAT;
02624         }
02625 
02626         tmpNext = cur->next;
02627         delete cur;
02628         cur = tmpNext;
02629     }
02630 
02631     delete (*dest)->u.rdnSequence;
02632     delete *dest; *dest = NULL;
02633 }
02641 void FreeGeneralName(
02643     CACX509V3GeneralName& objName)
02644 {
02645     switch(objName.t)
02646     {
02647     case 9:
02648     case 8:
02649     case 7:
02650     case 6:
02651     case 4:
02652     case 3:
02653     case 1:
02654         //nothing was done
02655         break;
02656     case 5:
02657         FreeName(&objName.u.directoryName);
02658         break;
02659     case 2:
02660         if(objName.u.rfc822Name)
02661         {
02662             delete[] objName.u.rfc822Name; objName.u.rfc822Name = NULL;
02663         }
02664         break;
02665     }
02666 }
02667 
02668 //removed export declarations 8/18/2004
02676 CPKIFStringPtr GetCertInfo(
02679     CPKIFCertificatePtr& targetCert)
02680 {
02681     CPKIFStringPtr result(new std::string());
02682     //std::auto_ptr<std::string> result(new std::string());
02683     if(targetCert != (CPKIFCertificate*)NULL)
02684     {
02685         result->append("Issuer DN: ");
02686         result->append(targetCert->Issuer()->ToString());
02687         result->append(".  Serial number: ");
02688         result->append(targetCert->SerialNumber());
02689         result->append(".  Subject DN: ");
02690         result->append(targetCert->Subject()->ToString());
02691         result->append(".");
02692     }
02693     return result;
02694 }
02695 
02696 //removed export declarations 8/18/2004
02704 bool CertIsSelfIssued(
02706     const CPKIFCertificatePtr& cert)
02707 {
02708     return *cert->Subject() == *cert->Issuer();
02709 }
02717 void CollectNamesFromCRLDP(
02719     const CPKIFCertificatePtr& cert,
02721     CPKIFGeneralNameList& namesFromCert)
02722 {
02723     CPKIFCRLDistributionPointsPtr crldp = cert->GetExtension<CPKIFCRLDistributionPoints>();
02724     if(crldp == (CPKIFCRLDistributionPoints*)NULL)
02725         return;
02726 
02727     CPKIFCRLDistributionPointListPtr crlDPs = crldp->DPs();
02728     CPKIFCRLDistributionPointList::iterator pos;
02729     CPKIFCRLDistributionPointList::iterator end = crlDPs->end();
02730     bool issuerAdded = false;
02731     for(pos = crlDPs->begin(); pos != end; ++pos)
02732     {
02733         CPKIFGeneralNameList crlIssuer;
02734         (*pos)->CRLIssuer(crlIssuer);
02735         
02736         //if there are any names in the distribution point field - add those
02737         CPKIFDistributionPointNamePtr dpName = (*pos)->DistributionPoint();
02738         if(dpName != (CPKIFDistributionPointName*)NULL)//added 12/2/2003
02739         {
02740             CPKIFGeneralNameList dpNames;
02741             dpName->FullName(dpNames);
02742             CPKIFGeneralNameList::iterator dpNamesPos;
02743             CPKIFGeneralNameList::iterator dpNamesEnd = dpNames.end();
02744             for(dpNamesPos = dpNames.begin(); dpNamesPos != dpNamesEnd; ++dpNamesPos)
02745             {
02746                 if(CPKIFGeneralName::URI == (*dpNamesPos)->GetType())
02747                 {
02748                     const char* uri = (*dpNamesPos)->uri();
02749                     PKIFLDAP::LDAPURLDesc *ldapInfo = NULL;
02750                     PKIFLDAP::ldap_url_parse(uri, &ldapInfo);
02751                     if(NULL != ldapInfo && (0 == ldapInfo->lud_host && 0 != ldapInfo->lud_dn))
02752                     {
02753                         CPKIFNamePtr dn = GetPKIFNameFromStr((unsigned char*)ldapInfo->lud_dn);
02754                         PKIFLDAP::ldap_free_urldesc( ldapInfo );
02755                         ldapInfo = NULL;
02756 
02757                         CPKIFGeneralNamePtr gnp(new CPKIFGeneralName(dn));
02758                         namesFromCert.push_back(gnp);
02759                     }
02760                 }
02761                 else
02762                 {
02763                     namesFromCert.push_back(*dpNamesPos);
02764                 }
02765             }
02766 
02767             if(dpName->NameRelativeToIssuerPresent())
02768             {
02769                 CPKIFNamePtr iss = cert->Issuer();
02770                 CPKIFNamePtr relName = dpName->GetRelativeNameAsFullName(iss);
02771                 CPKIFGeneralNamePtr gnp(new CPKIFGeneralName(relName));
02772                 namesFromCert.push_back(gnp);
02773 
02774                 if(!crlIssuer.empty())
02775                 {
02776                     CPKIFGeneralNameList::iterator issuerPos;
02777                     CPKIFGeneralNameList::iterator issuerEnd = crlIssuer.end();
02778                     for(issuerPos = crlIssuer.begin(); issuerPos != issuerEnd; ++issuerPos)
02779                     {
02780                         if(CPKIFGeneralName::DIRECTORYNAME == (*issuerPos)->GetType())
02781                         {
02782                             CPKIFNamePtr dn = (*issuerPos)->directoryName();
02783                             CPKIFNamePtr relName = dpName->GetRelativeNameAsFullName(dn);
02784                             CPKIFGeneralNamePtr gnp(new CPKIFGeneralName(relName));
02785                             namesFromCert.push_back(gnp);
02786                         }
02787                     }
02788                 }
02789             }
02790         }
02791 
02792         //if there are any names in the crlIssuer field - add those
02793         CPKIFGeneralNameList::iterator issuerPos;
02794         CPKIFGeneralNameList::iterator issuerEnd = crlIssuer.end();
02795         for(issuerPos = crlIssuer.begin(); issuerPos != issuerEnd; ++issuerPos)
02796         {
02797             namesFromCert.push_back(*issuerPos);
02798         }
02799     }
02800 }
02801 
02802 // Lookup table
02803 static const unsigned char binVal[256] =
02804 {/* 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xA 0xB 0xC 0xD 0xE 0xF */
02805     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 0x .............. */
02806     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 1x .............. */
02807     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 2x  !"#$%&'()*+,-./   */
02808     0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 3x 0123456789:;<=>?   */
02809     0xF0,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 4x @ABCDEFGHIJKLMNO   */
02810     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 5X PQRSTUVWXYZ[\]^_   */
02811     0xF0,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 6x `abcdefghijklmno   */
02812     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 7X PQRSTUVWXYZ[\]^_   */
02813     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 8X PQRSTUVWXYZ[\]^_   */
02814     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* 9X PQRSTUVWXYZ[\]^_   */
02815     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* AX PQRSTUVWXYZ[\]^_   */
02816     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* BX PQRSTUVWXYZ[\]^_   */
02817     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* CX PQRSTUVWXYZ[\]^_   */
02818     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* DX PQRSTUVWXYZ[\]^_   */
02819     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0, /* EX PQRSTUVWXYZ[\]^_   */
02820     0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0,0xF0  /* FX PQRSTUVWXYZ[\]^_   */
02821 };
02822 
02823 // Test ASCII char for validity
02824 #define ACCEPTABLE(a)   ( binVal[a] != 0xF0 )
02825 
02826 // define the following for max speed, partial conversion len will NOT be returned
02827 //#define ATOB_ABS_MAX_SPEED
02828 // if not defined, the length until an error was encountered will be returned.
02837 int CAC_API atob(
02839     char* byteval, 
02841     char* ascval, 
02843     unsigned int *alength)
02844 {
02845     //unsigned char *binstr = (unsigned char*)byteval;
02846 
02847     if( NULL == ascval || NULL == byteval || NULL == alength)
02848         return -1;
02849 
02850     size_t alen = strlen(ascval);
02851 
02852     unsigned int outlen = 0;
02853 
02854     if( 0 == alen )
02855     {
02856         return -2;
02857     }   
02858 
02859 
02860     if( 0 != (alen % 2) )
02861     {
02862         // odd length string
02863         if( ACCEPTABLE( ascval[0] )  )
02864         {
02865             *byteval++ = binVal[(int)ascval[0]];
02866             ascval++;
02867             alen--;
02868             outlen++;
02869         }
02870         else
02871         {
02872             return -3;
02873         }
02874     }
02875 
02876 
02877     for(unsigned int  XX = 0; XX < alen; XX += 2 )
02878     {
02879         if( ACCEPTABLE(ascval[XX]) && ACCEPTABLE(ascval[XX+1])  )
02880         {
02881             *byteval++ = ( binVal[ascval[XX]] << 4 ) + ( binVal[ascval[XX+1]] );
02882             outlen++;
02883         }
02884         else
02885         {
02886             return -4;
02887         }
02888     }
02889 
02890     *alength = outlen;
02891     return 0;
02892 }
02893 
02894 static const char *hex_list = "0123456789abcdef";
02903 void CAC_API btoa(
02905     const char* byteval, 
02907     char* ascval, 
02909     unsigned int blength)
02910 {
02911     if( 0 == blength || NULL == byteval || NULL == ascval )
02912         return;
02913 
02914     for( unsigned int XX = 0; XX < blength; XX++ )
02915     {
02916             *ascval++ = hex_list[(((unsigned char)(byteval[XX])) >> 4)];
02917             *ascval++ = hex_list[(byteval[XX] & 15)];
02918     }
02919 
02920     *ascval = '\0';
02921 }
02929 void FormatErrorMessage(
02931     std::string& result,
02933     const char* primaryMessage,
02935     unsigned int code, 
02937     const char* file, 
02939     int lineNum)
02940 {
02941     result = primaryMessage;
02942     result += ": ";
02943 
02944     char asciiHexCode[25];
02945     sprintf(asciiHexCode, "0x%x", code);
02946     result += asciiHexCode;
02947     result += ".  ";
02948 
02949     if(NULL != file)
02950     {
02951         result += file;
02952         result += " line #";
02953         sprintf (asciiHexCode, "%u", lineNum);
02954         result += asciiHexCode;
02955                 //result += itoa(lineNum, asciiHexCode, 10);
02956     }
02957 }
02958 
02959 //this function checks key usage in terms of CAPI-defined key usage bits (i.e.
02960 //the macros are defined in wincrypt.h
02979 bool keyUsageTest(BYTE keyUse[2], bitset<9>* ku)
02980 {
02981     if(NULL == ku)
02982         return true;
02983 
02984     bool matchesAtLeastOne = false;
02985 
02986     if((*ku)[0] && (CERT_DIGITAL_SIGNATURE_KEY_USAGE == (keyUse[0] & CERT_DIGITAL_SIGNATURE_KEY_USAGE)))
02987         matchesAtLeastOne = true;
02988     if((*ku)[1] && (CERT_NON_REPUDIATION_KEY_USAGE == (keyUse[0] & CERT_NON_REPUDIATION_KEY_USAGE)))
02989         matchesAtLeastOne = true;
02990     if((*ku)[2] && (CERT_KEY_ENCIPHERMENT_KEY_USAGE == (keyUse[0] & CERT_KEY_ENCIPHERMENT_KEY_USAGE)))
02991         matchesAtLeastOne = true;
02992     if((*ku)[3] && (CERT_DATA_ENCIPHERMENT_KEY_USAGE == (keyUse[0] & CERT_DATA_ENCIPHERMENT_KEY_USAGE)))
02993         matchesAtLeastOne = true;
02994     if((*ku)[4] && (CERT_KEY_AGREEMENT_KEY_USAGE == (keyUse[0] & CERT_KEY_AGREEMENT_KEY_USAGE)))
02995         matchesAtLeastOne = true;
02996     if((*ku)[5] && (CERT_KEY_CERT_SIGN_KEY_USAGE == (keyUse[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)))
02997         matchesAtLeastOne = true;
02998     if((*ku)[6] && (CERT_OFFLINE_CRL_SIGN_KEY_USAGE != (keyUse[0] & CERT_OFFLINE_CRL_SIGN_KEY_USAGE)))
02999         matchesAtLeastOne = true;
03000     if((*ku)[7] && (CERT_ENCIPHER_ONLY_KEY_USAGE == (keyUse[0] & CERT_ENCIPHER_ONLY_KEY_USAGE)))
03001         matchesAtLeastOne = true;
03002     if((*ku)[8] && (CERT_DECIPHER_ONLY_KEY_USAGE == (keyUse[1] & CERT_DECIPHER_ONLY_KEY_USAGE)))
03003         matchesAtLeastOne = true;
03004 
03005     return matchesAtLeastOne;
03006 }
03007 
03008 //removed export declarations 8/18/2004
03016 void RemoveParentRelationships(
03018     std::vector<IPKIFColleaguePtr>& modules, 
03020     IPKIFMediator* mediator)
03021 {
03022     vector<IPKIFColleaguePtr>::iterator pos;
03023     vector<IPKIFColleaguePtr>::iterator end = modules.end();
03024     for(pos = modules.begin(); pos != end; ++pos)
03025     {
03026         try
03027         {
03028             (*pos)->RemoveParent(mediator);
03029         }
03030         catch(...)
03031         {
03032 //          _ASSERT(false);
03033         }
03034     }
03035 }
03036 
03037 //removed export declarations 8/18/2004
03045 void FreeAdditionalModules(
03047     std::vector<IPKIFColleague*>& modules, 
03049     IPKIFMediator* mediator)
03050 {
03051     vector<IPKIFColleague*>::iterator pos;
03052     vector<IPKIFColleague*>::iterator end = modules.end();
03053     for(pos = modules.begin(); pos != end; ++pos)
03054     {
03055         try
03056         {
03057             (*pos)->RemoveParent(mediator);
03058             delete (*pos);
03059         }
03060         catch(...)
03061         {
03062 //          _ASSERT(false);
03063         }
03064     }
03065 
03066     modules.clear();//added 04/21/2003 CRW
03067 }
03068 
03069 //removed export declarations 8/18/2004
03077 void FreeAdditionalModules2(
03079     std::vector<IPKIFColleague*>& modules, 
03081     IPKIFMediator* mediator, 
03083     std::vector<void (*)( void * )>& vDeleteFuncs)
03084 {
03085     vector<IPKIFColleague*>::iterator pos;
03086     vector<IPKIFColleague*>::iterator end = modules.end();
03087     std::vector<void (*)( void * )>::iterator dPos;
03088     std::vector<void (*)( void * )>::iterator dEnd = vDeleteFuncs.end();
03089     for(pos = modules.begin(), dPos = vDeleteFuncs.begin(); pos != end; ++pos, ++dPos)
03090     {
03091         try
03092         {
03093             (*pos)->RemoveParent(mediator);
03094             if(*dPos)
03095                 (*dPos)(*pos);
03096             else 
03097                 delete *pos;
03098         }
03099         catch(...)
03100         {
03101 //          _ASSERT(false);
03102         }
03103     }
03104 
03105     vDeleteFuncs.clear();
03106     modules.clear();//added 04/21/2003 CRW
03107 }
03117 CAC_API char* GetErrorCodeString(
03119     int errorCode, 
03122     char* buf) //buf is assumed to be at least MAX_ERROR_CODE_STRING_SIZE in size
03123 {
03124     switch(errorCode)
03125     {
03126     case 0:
03127         strcpy(buf, "Success");
03128         break;
03129 
03130     //errors from ASN1Errors.h
03131     case ASN1_DECODE_ERROR:
03132         strcpy(buf, "ASN1_DECODE_ERROR");
03133         break;
03134     case ASN1_ENCODE_ERROR:
03135         strcpy(buf, "ASN1_ENCODE_ERROR");
03136         break;
03137     case ASN1_UNRECOGNIZED_TIME_FORMAT:
03138         strcpy(buf, "ASN1_UNRECOGNIZED_TIME_FORMAT");
03139         break;
03140     case ASN1_INVALID_PERIOD:
03141         strcpy(buf, "ASN1_INVALID_PERIOD");
03142         break;
03143     case ASN1_INVALID_TIME:
03144         strcpy(buf, "ASN1_INVALID_TIME");
03145         break;
03146 
03147     //errors from PKIFCacheErrors.h
03148     case CACHE_TRUST_STORE_OPEN_FAILED:
03149         strcpy(buf, "CACHE_TRUST_STORE_OPEN_FAILED");
03150         break;
03151     case CACHE_LDAP_CONNECT_AND_BIND_FAILED:
03152         strcpy(buf, "CACHE_LDAP_CONNECT_AND_BIND_FAILED");
03153         break;
03154     case CACHE_LDAP_ERROR:
03155         strcpy(buf, "CACHE_LDAP_ERROR");
03156         break;
03157     case CACHE_PARSE_ERROR:
03158         strcpy(buf, "CACHE_PARSE_ERROR");
03159         break;
03160     case CACHE_CERT_STORE_OPEN_FAILED:
03161         strcpy(buf, "CACHE_CERT_STORE_OPEN_FAILED");
03162         break;
03163     case CACHE_UPDATE_FAILED:
03164         strcpy(buf, "CACHE_UPDATE_FAILED");
03165         break;
03166 
03167     //errors from PKIFCryptoErrors.h
03168     case CRYPTO_ALG_NOT_SUPPORTED:
03169         strcpy(buf, "CRYPTO_ALG_NOT_SUPPORTED");
03170         break;
03171     case CRYPTO_UNRECOGNIZED_CREDENTIAL:
03172         strcpy(buf, "CRYPTO_UNRECOGNIZED_CREDENTIAL");
03173         break;
03174     case CRYPTO_DEFAULT_KEY_TYPE_UNKNOWN:
03175         strcpy(buf, "CRYPTO_DEFAULT_KEY_TYPE_UNKNOWN");
03176         break;
03177     case CRYPTO_MODE_NOT_SUPPORTED:
03178         strcpy(buf, "CRYPTO_MODE_NOT_SUPPORTED");
03179         break;
03180     case CRYPTO_MISSING_IV:
03181         strcpy(buf, "CRYPTO_MISSING_IV");
03182         break;
03183     case CRYPTO_ENCRYPT_FAILED:
03184         strcpy(buf, "CRYPTO_ENCRYPT_FAILED");
03185         break;
03186     case CRYPTO_DECRYPT_FAILED:
03187         strcpy(buf, "CRYPTO_DECRYPT_FAILED");
03188         break;
03189     case CRYPTO_KEY_USAGE_NOT_COMPATIBLE:
03190         strcpy(buf, "CRYPTO_KEY_USAGE_NOT_COMPATIBLE");
03191         break;
03192     case CRYPTO_SIGN_FAILED:
03193         strcpy(buf, "CRYPTO_SIGN_FAILED");
03194         break;
03195     case CRYPTO_VERIFY_FAILED:
03196         strcpy(buf, "CRYPTO_VERIFY_FAILED");
03197         break;
03198 
03199     //errors from PKIFCAPIErrors.h
03200     case PKIFCAPI_ACQUIRE_CONTEXT_FAILED:
03201         strcpy(buf, "PKIFCAPI_ACQUIRE_CONTEXT_FAILED");
03202         break;
03203     case PKIFCAPI_GEN_RANDOM_FAILED:
03204         strcpy(buf, "PKIFCAPI_GEN_RANDOM_FAILED");
03205         break;
03206     case PKIFCAPI_INCORRECT_HASH_CONTEXT:
03207         strcpy(buf, "PKIFCAPI_INCORRECT_HASH_CONTEXT");
03208         break;
03209     case PKIFCAPI_EMPTY_HASH_CONTEXT:
03210         strcpy(buf, "PKIFCAPI_EMPTY_HASH_CONTEXT");
03211         break;
03212     case PKIFCAPI_KEY_MATERIAL_NOT_SUPPORTED:
03213         strcpy(buf, "PKIFCAPI_KEY_MATERIAL_NOT_SUPPORTED");
03214         break;
03215     case PKIFCAPI_FAILED_TO_OPEN_CERT_STORE:
03216         strcpy(buf, "PKIFCAPI_FAILED_TO_OPEN_CERT_STORE");
03217         break;
03218     case PKIFCAPI_GET_NAME_FAILED:
03219         strcpy(buf, "PKIFCAPI_GET_NAME_FAILED");
03220         break;
03221     case PKIFCAPI_CREATE_HASH_FAILED:
03222         strcpy(buf, "PKIFCAPI_CREATE_HASH_FAILED");
03223         break;
03224     case PKIFCAPI_MISC_HASH_CALL_FAILED:
03225         strcpy(buf, "PKIFCAPI_MISC_HASH_CALL_FAILED");
03226         break;
03227     case PKIFCAPI_SIGN_FAILED:
03228         strcpy(buf, "PKIFCAPI_SIGN_FAILED");
03229         break;
03230     case PKIFCAPI_DECRYPT_FAILED:
03231         strcpy(buf, "PKIFCAPI_DECRYPT_FAILED");
03232         break;
03233     case PKIFCAPI_INVALID_HASH_STATE:
03234         strcpy(buf, "PKIFCAPI_INVALID_HASH_STATE");
03235         break;
03236     case PKIFCAPI_CREATE_CERT_FAILED:
03237         strcpy(buf, "PKIFCAPI_CREATE_CERT_FAILED");
03238         break;
03239     case PKIFCAPI_KEY_IMPORT_FAILED:
03240         strcpy(buf, "PKIFCAPI_KEY_IMPORT_FAILED");
03241         break;
03242     case PKIFCAPI_VERIFY_FAILED:
03243         strcpy(buf, "PKIFCAPI_VERIFY_FAILED");
03244         break;
03245     case PKIFCAPI_SESSION_KEY_ENCRYPT_FAILED:
03246         strcpy(buf, "PKIFCAPI_SESSION_KEY_ENCRYPT_FAILED");
03247         break;
03248     case PKIFCAPI_SET_MODE_FAILED:
03249         strcpy(buf, "PKIFCAPI_SET_MODE_FAILED");
03250         break;
03251     case PKIFCAPI_SET_IV_FAILED:
03252         strcpy(buf, "PKIFCAPI_SET_IV_FAILED");
03253         break;
03254 
03255     //credential-related PKIFCAPI errors
03256     case PKIFCAPI_GET_USER_KEY_FAILED:
03257         strcpy(buf, "PKIFCAPI_GET_USER_KEY_FAILED");
03258         break;
03259     case PKIFCAPI_SET_PASSWORD_FAILED:
03260         strcpy(buf, "PKIFCAPI_SET_PASSWORD_FAILED");
03261         break;
03262     case PKIFCAPI_KEY_PROV_INFO_FAILED:
03263         strcpy(buf, "PKIFCAPI_KEY_PROV_INFO_FAILED");
03264         break;
03265     case PKIFCAPI_NO_KEY_ASSOCIATED:
03266         strcpy(buf, "PKIFCAPI_NO_KEY_ASSOCIATED");
03267         break;
03268 
03269 #if BUILD_CMS_STUFF // moving CMS into separate DLL...
03270     //errors from PKIFMessageErrors.h
03271     case MSG_DECODE_FAILED:
03272         strcpy(buf, "MSG_DECODE_FAILED");
03273         break;
03274     case MSG_INCOMPLETE:
03275         strcpy(buf, "MSG_INCOMPLETE");
03276         break;
03277     case MSG_ENCODE_FAILED:
03278         strcpy(buf, "MSG_ENCODE_FAILED");
03279         break;
03280     case MSG_SYMKEY_DECRYPT_FAILED:
03281         strcpy(buf, "MSG_SYMKEY_DECRYPT_FAILED");
03282         break;
03283     case MSG_MISSING_PARAMS:
03284         strcpy(buf, "MSG_MISSING_PARAMS");
03285         break;
03286     case MSG_INVALID_INDEX:
03287         strcpy(buf, "MSG_INVALID_INDEX");
03288         break;
03289     case MSG_INVALID_CREDENTIAL:
03290         strcpy(buf, "MSG_INVALID_CREDENTIAL");
03291         break;
03292     case MSG_INVALID_RECIP:
03293         strcpy(buf, "MSG_INVALID_RECIP");
03294         break;
03295     case MSG_SIGNATURE_GENERATION_ERROR:
03296         strcpy(buf, "MSG_SIGNATURE_GENERATION_ERROR");
03297         break;
03298     case MSG_INVALID_STATE:
03299         strcpy(buf, "MSG_INVALID_STATE");
03300         break;
03301     case MSG_NO_CERTIFICATE:
03302         strcpy(buf, "MSG_NO_CERTIFICATE");
03303         break;
03304 #endif //CMS_MESSAGE_STUFF
03305 
03306     //errors from PKIFOCSPErrors.h
03307     case OCSP_MISSING_REQUIRED_FIELD:
03308         strcpy(buf, "OCSP_MISSING_REQUIRED_FIELD");
03309         break;
03310     case OCSP_UNRECOGNIZED_CHOICE:
03311         strcpy(buf, "OCSP_UNRECOGNIZED_CHOICE");
03312         break;
03313     case OCSP_FAILED_TO_OBTAIN_RESPONSE:
03314         strcpy(buf, "OCSP_FAILED_TO_OBTAIN_RESPONSE");
03315         break;
03316     case OCSP_RECEIVED_NON_SUCCESSFUL_RESPONSE:
03317         strcpy(buf, "OCSP_RECEIVED_NON_SUCCESSFUL_RESPONSE");
03318         break;
03319     case OCSP_NO_RESPONSE_BODY:
03320         strcpy(buf, "OCSP_NO_RESPONSE_BODY");
03321         break;
03322     case OCSP_UNSUPPORTED_RESPONSE_TYPE:
03323         strcpy(buf, "OCSP_UNSUPPORTED_RESPONSE_TYPE");
03324         break;
03325     case OCSP_RESPONSE_SIG_VERIFICATION_FAILED:
03326         strcpy(buf, "OCSP_RESPONSE_SIG_VERIFICATION_FAILED");
03327         break;
03328     case OCSP_SIGNER_MISMATCH:
03329         strcpy(buf, "OCSP_SIGNER_MISMATCH");
03330         break;
03331     case OCSP_RESPONDER_IS_TARGET:
03332         strcpy(buf, "OCSP_RESPONDER_IS_TARGET");
03333         break;
03334     case OCSP_RESPONDER_NOT_AUTHORIZED:
03335         strcpy(buf, "OCSP_RESPONDER_NOT_AUTHORIZED");
03336         break;
03337     case OCSP_TIME_CHECK_FAILED:
03338         strcpy(buf, "OCSP_TIME_CHECK_FAILED");
03339         break;
03340     case OCSP_UNKNOWN_CERT_STATUS:
03341         strcpy(buf, "OCSP_UNKNOWN_CERT_STATUS");
03342         break;
03343     case OCSP_PATH_BUILDING_FAILED:
03344         strcpy(buf, "OCSP_PATH_BUILDING_FAILED");
03345         break;
03346     case OCSP_PATH_VALIDATION_FAILED:
03347         strcpy(buf, "OCSP_PATH_VALIDATION_FAILED");
03348         break;
03349     case OCSP_AIA_URL_PARSE_FAILED:
03350         strcpy(buf, "OCSP_AIA_URL_PARSE_FAILED");
03351         break;
03352     case OCSP_NONCE_MISMATCH:
03353         strcpy(buf, "OCSP_NONCE_MISMATCH");
03354         break;
03355     case OCSP_NONCE_MISSING:
03356         strcpy(buf, "OCSP_NONCE_MISSING");
03357         break;
03358     case OCSP_PATH_STATUS_NOT_DETERMINED:
03359         strcpy(buf, "OCSP_PATH_STATUS_NOT_DETERMINED");
03360         break;
03361     case OCSP_NEXT_UPDATE_PASSED:
03362         strcpy(buf, "OCSP_NEXT_UPDATE_PASSED");
03363         break;
03364     case OCSP_STATUS_NOT_SUFFICIENTLY_RECENT:
03365         strcpy(buf, "OCSP_STATUS_NOT_SUFFICIENTLY_RECENT");
03366         break;
03367     case OCSP_UNPROCESSED_CRITICAL_EXTENSION:
03368         strcpy(buf, "OCSP_UNPROCESSED_CRITICAL_EXTENSION");
03369         break;
03370     case OCSP_TARGET_RESPONSE_NOT_INCLUDED:
03371         strcpy(buf, "OCSP_TARGET_RESPONSE_NOT_INCLUDED");
03372         break;
03373 
03374     //errors from PKIFPathErrors.h
03375     case PATH_LENGTH_VIOLATION:
03376         strcpy(buf, "PATH_LENGTH_VIOLATION");
03377         break;
03378     case PATH_NAME_CHAINING_VIOLATION:
03379         strcpy(buf, "PATH_NAME_CHAINING_VIOLATION");
03380         break;
03381     case PATH_BASIC_CONSTRAINTS_VIOLATION:
03382         strcpy(buf, "PATH_BASIC_CONSTRAINTS_VIOLATION");
03383         break;
03384     case PATH_VALIDITY_PERIOD_VIOLATION_NOT_YET_VALID:
03385         strcpy(buf, "PATH_VALIDITY_PERIOD_VIOLATION");
03386         break;
03387     case PATH_VALIDITY_PERIOD_VIOLATION_EXPIRED:
03388         strcpy(buf, "PATH_VALIDITY_PERIOD_VIOLATION");
03389         break;
03390     case PATH_KEY_USAGE_VIOLATION:
03391         strcpy(buf, "PATH_KEY_USAGE_VIOLATION");
03392         break;
03393     case PATH_SIGNATURE_VERIFICATION_FAILED:
03394         strcpy(buf, "PATH_SIGNATURE_VERIFICATION_FAILED");
03395         break;
03396     case PATH_CERT_REVOKED:
03397         strcpy(buf, "PATH_CERT_REVOKED");
03398         break;
03399     case PATH_UNPROCESSED_CRITICAL_EXTENSION:
03400         strcpy(buf, "PATH_UNPROCESSED_CRITICAL_EXTENSION");
03401         break;
03402     case PATH_TRUST_ROOT_NOT_SET:
03403         strcpy(buf, "PATH_TRUST_ROOT_NOT_SET");
03404         break;
03405     case PATH_TRUST_ROOT_NO_CERT:
03406         strcpy(buf, "PATH_TRUST_ROOT_NO_CERT");
03407         break;
03408     case PATH_NAME_CONSTRAINTS_VIOLATION:
03409         strcpy(buf, "PATH_NAME_CONSTRAINTS_VIOLATION");
03410         break;
03411     case PATH_APP_DEFINED_CHECK_FAILED:
03412         strcpy(buf, "PATH_APP_DEFINED_CHECK_FAILED");
03413         break;
03414     case PATH_ALG_CHAINING_FAILURE:
03415         strcpy(buf, "PATH_ALG_CHAINING_FAILURE");
03416         break;
03417     case PATH_NULL_USER_POLICY_SET:
03418         strcpy(buf, "PATH_NULL_USER_POLICY_SET");
03419         break;
03420     case PATH_CERT_REVOCATION_STATUS_NOT_DETERMINED:
03421         strcpy(buf, "PATH_CERT_REVOCATION_STATUS_NOT_DETERMINED");
03422         break;
03423     case PATH_NULL_AUTH_POLICY_SET:
03424         strcpy(buf, "PATH_NULL_AUTH_POLICY_SET");
03425         break;
03426 
03427 #if BUILD_TAPTSP_STUFF // moving TAP/TSP into separate DLL
03428     //errors from PKIFTAPErrors.h
03429     case TAP_MISSING_REQUIRED_FIELD:
03430         strcpy(buf, "TAP_MISSING_REQUIRED_FIELD");
03431         break;
03432     case TAP_UNRECOGNIZED_CHOICE:
03433         strcpy(buf, "TAP_UNRECOGNIZED_CHOICE");
03434         break;
03435 
03436     //errors from PKIFTSPErrors.h
03437     case TSP_MISSING_REQUIRED_FIELD:
03438         strcpy(buf, "TSP_MISSING_REQUIRED_FIELD");
03439         break;
03440     case TSP_MISSING_REQUIRED_EKU:
03441         strcpy(buf, "TSP_MISSING_REQUIRED_EKU");
03442         break;
03443     case TSP_HASH_MISMATCH:
03444         strcpy(buf, "TSP_HASH_MISMATCH");
03445         break;
03446     case TSP_NOT_WITHIN_SKEW:
03447         strcpy(buf, "TSP_NOT_WITHIN_SKEW");
03448         break;
03449     case TSP_NOT_WITHIN_VALIDITY_PERIOD:
03450         strcpy(buf, "TSP_NOT_WITHIN_VALIDITY_PERIOD");
03451         break;
03452     case TSP_REVOCATION_DATE_PRECEDES_TIME:
03453         strcpy(buf, "TSP_REVOCATION_DATE_PRECEDES_TIME");
03454         break;
03455     case TSP_VERIFICATION_FAILED:
03456         strcpy(buf, "TSP_VERIFICATION_FAILED");
03457         break;
03458 #endif //BUILD_TAPTSP_STUFF
03459 
03460     //errors from CACCommonErrors.h
03461     case COMMON_NOT_IMPLEMENTED:
03462         strcpy(buf, "COMMON_NOT_IMPLEMENTED");
03463         break;
03464     case COMMON_ALREADY_INITIALIZED:
03465         strcpy(buf, "COMMON_ALREADY_INITIALIZED");
03466         break;
03467     case COMMON_NOT_INITIALIZED:
03468         strcpy(buf, "COMMON_NOT_INITIALIZED");
03469         break;
03470     case COMMON_OPERATION_NOT_HANDLED:
03471         strcpy(buf, "COMMON_OPERATION_NOT_HANDLED");
03472         break;
03473     case COMMON_INVALID_INPUT:
03474         strcpy(buf, "COMMON_INVALID_INPUT");
03475         break;
03476     case COMMON_MEMORY_ALLOC_FAILURE:
03477         strcpy(buf, "COMMON_MEMORY_ALLOC_FAILURE");
03478         break;
03479     case COMMON_UNKNOWN_ERROR:
03480         strcpy(buf, "COMMON_UNKNOWN_ERROR");
03481         break;
03482     case COMMON_MEDIATOR_MISSING:
03483         strcpy(buf, "COMMON_MEDIATOR_MISSING");
03484         break;
03485     case COMMON_UNSUPPORTED_ALG:
03486         strcpy(buf, "COMMON_UNSUPPORTED_ALG");
03487         break;
03488     case COMMON_TERMINATION_ERROR:
03489         strcpy(buf, "COMMON_TERMINATION_ERROR");
03490         break;
03491     case COMMON_OPERATION_NOT_SUCCESSFUL:
03492         strcpy(buf, "COMMON_OPERATION_NOT_SUCCESSFUL");
03493         break;
03494     case COMMON_INITIALIZATION_FAILED:
03495         strcpy(buf, "COMMON_INITIALIZATION_FAILED");
03496         break;
03497     case COMMON_URL_TOO_BIG:
03498         strcpy(buf, "COMMON_URL_TOO_BIG");
03499         break;
03500     case COMMON_URL_OPERATION_FAILED:
03501         strcpy(buf, "COMMON_URL_OPERATION_FAILED");
03502         break;
03503     case COMMON_UNSUPPORTED_VERSION:
03504         strcpy(buf, "COMMON_UNSUPPORTED_VERSION");
03505         break;
03506     case COMMON_UNSUPPORTED_CHOICE:
03507         strcpy(buf, "COMMON_UNSUPPORTED_CHOICE");
03508         break;
03509 
03510     default:
03511         strcpy(buf, "Unrecognized error code");
03512         break;
03513     }
03514 
03515     return buf;
03516 }
03517 
03520 //@b Interface: External
03521 //
03522 //This function makes a copy of an ASN1OBJID object.
03523 //
03524 //@return None
03525 //*/
03526 //void CopyOID(
03527 //  //![in/out] A pointer to an ASN1OBJID object.                
03528 //  ASN1OBJID* dest, 
03529 //  //![in] A pointer to an ASN1OBJID object.
03530 //  ASN1OBJID* src)
03531 //{
03532 //  dest->numids = src->numids;
03533 //  for(unsigned int ii = 0; ii < src->numids; ++ii)
03534 //      dest->subid[ii] = src->subid[ii];
03535 //}
03536 
03537 #ifdef _NO_GETTICKCOUNT
03538 
03546 unsigned long GetTickCount(void)
03547 {
03548     unsigned long rv;
03549     struct timeval now;
03550     gettimeofday(&now,NULL);
03551     rv = now.tv_sec * 1000;
03552     rv += now.tv_usec / 1000;
03553     return rv;
03554 }
03555 #endif //_NO_GETTICKCOUNT
03556 
03557 /*
03558 bool ExtensionsMatch::operator()(const CPKIFX509ExtensionPtr& lhs)
03559 {
03560     return *lhs == *m_rhs;
03561 }
03562 void ExtensionsMatch::SetRHS(CPKIFX509ExtensionPtr& rhs) {m_rhs = rhs;}
03563 */
03564 
03565 //removed completely 8/26/2004 - unused class
03566 //bool GenNamesMatch::operator()(const CPKIFGeneralNamePtr& lhs)
03567 //{
03568 //  //added NULL check - 8/13/2004
03569 //  if(lhs == (CPKIFGeneralName*)NULL || CPKIFGeneralName::NOTSET == lhs->GetType())
03570 //      return false;
03571 //  else
03572 //      return *lhs == *m_rhs;
03573 //}
03574 //void GenNamesMatch::SetRHS(CPKIFGeneralNamePtr& rhs) {m_rhs = rhs;}
03575 
03585 void CAC_API keyUsageChecker_AnyEE(
03587     const CPKIFCertificateNodeEntryPtr& certNode, 
03589     CPKIFPathValidationResults& results,
03591     CertificateType type)
03592 {
03593     if(EE == type)
03594     {
03595         CPKIFCertificatePtr curCert = certNode->GetCert();
03596         CPKIFKeyUsagePtr keyUsage = curCert->GetExtension<CPKIFKeyUsage>();
03597         if(keyUsage != (CPKIFKeyUsage*)NULL)
03598         {
03599             CPKIFX509ExtensionPtr keyUsage2 = keyUsage;
03600             certNode->MarkExtensionAsProcessed(keyUsage2);
03601         }
03602     }
03603 }
03604 
03605 //added this function - 7/13/2004
03615 void CAC_API EKUChecker_Timestamp(
03617     const CPKIFCertificateNodeEntryPtr& certNode, 
03619     CPKIFPathValidationResults& results, 
03621     CertificateType type)
03622 {
03623     LOG_STRING_DEBUG("EKUChecker_Timestamp", TOOLKIT_TSP_TIMESTAMP_VERIFIER, 0, NULL);
03624 
03625     if(EE == type)
03626     {
03627         CPKIFCertificatePtr curCert = certNode->GetCert();
03628 
03629         //TO BE RFC 3161 COMPLIANT WE SHOULD NOT PERMIT ANY EKU AND WE SHOULD
03630         //REQUIRE A SINGLE KEY PURPOSE IF AND SHOULD REQUIRE CRITICALITY.  WE
03631         //ARE NOT COMPLIANT.
03632 
03633         CPKIFExtendedKeyUsagePtr eku = curCert->GetExtension<CPKIFExtendedKeyUsage>();
03634         if(eku != (CPKIFExtendedKeyUsage*)NULL)
03635         {
03636             vector<CPKIFOIDPtr> keyPurposeIDs;
03637             eku->KeyPurposeIDs(keyPurposeIDs);
03638 
03639             GottaMatch<CPKIFOIDPtr> gm;
03640             gm.SetRHS(g_timestampingEKU);
03641 
03642             vector<CPKIFOIDPtr>::iterator end = keyPurposeIDs.end();
03643             if(end != find_if(keyPurposeIDs.begin(), keyPurposeIDs.end(), gm))
03644             {
03645                 CPKIFX509ExtensionPtr eku2 = eku;
03646                 certNode->MarkExtensionAsProcessed(eku2);
03647             }
03648             else
03649             {
03650                 gm.SetRHS(g_anyEKU);
03651                 if(end != find_if(keyPurposeIDs.begin(), keyPurposeIDs.end(), gm))
03652                 {
03653                     CPKIFX509ExtensionPtr eku2 = eku;
03654                     certNode->MarkExtensionAsProcessed(eku2);
03655                 }
03656             }
03657         }
03658     }
03659 }
03660 
03661 //added this function - 7/13/2004
03671 void CAC_API EKUChecker_OcspSigning(
03673     const CPKIFCertificateNodeEntryPtr& certNode, 
03675     CPKIFPathValidationResults& results, 
03677     CertificateType type)
03678 {
03679     LOG_STRING_DEBUG("EKUChecker_Timestamp", TOOLKIT_TSP_TIMESTAMP_VERIFIER, 0, NULL);
03680 
03681     if(EE == type)
03682     {
03683         CPKIFCertificatePtr curCert = certNode->GetCert();
03684 
03685         //TO BE RFC 3161 COMPLIANT WE SHOULD NOT PERMIT ANY EKU AND WE SHOULD
03686         //REQUIRE A SINGLE KEY PURPOSE IF AND SHOULD REQUIRE CRITICALITY.  WE
03687         //ARE NOT COMPLIANT.
03688 
03689         CPKIFExtendedKeyUsagePtr eku = curCert->GetExtension<CPKIFExtendedKeyUsage>();
03690         if(eku != (CPKIFExtendedKeyUsage*)NULL)
03691         {
03692             vector<CPKIFOIDPtr> keyPurposeIDs;
03693             eku->KeyPurposeIDs(keyPurposeIDs);
03694 
03695             GottaMatch<CPKIFOIDPtr> gm;
03696             gm.SetRHS(g_ocspSigningEKU);
03697 
03698             vector<CPKIFOIDPtr>::iterator end = keyPurposeIDs.end();
03699             if(end != find_if(keyPurposeIDs.begin(), keyPurposeIDs.end(), gm))
03700             {
03701                 CPKIFX509ExtensionPtr eku2 = eku;
03702                 certNode->MarkExtensionAsProcessed(eku2);
03703             }
03704             else
03705             {
03706                 gm.SetRHS(g_anyEKU);
03707                 if(end != find_if(keyPurposeIDs.begin(), keyPurposeIDs.end(), gm))
03708                 {
03709                     CPKIFX509ExtensionPtr eku2 = eku;
03710                     certNode->MarkExtensionAsProcessed(eku2);
03711                 }
03712             }
03713         }
03714     }
03715 }
03716 
03724 std::string DecodeIPAndMask(
03726     const CPKIFBufferPtr& encodedIP)
03727 {
03728     string rv = "";
03729     if(encodedIP->GetLength() == 32)
03730     {   
03731         ip::address_v6::bytes_type bytesAddr;
03732         memcpy(bytesAddr.c_array(), encodedIP->GetBuffer(),encodedIP->GetLength()/2);
03733         ip::address_v6 addr(bytesAddr);
03734         rv = addr.to_string();
03735 
03736         rv+="/";
03737 
03738         ip::address_v6::bytes_type bytesMask;
03739         memcpy(bytesMask.c_array(), encodedIP->GetBuffer()+encodedIP->GetLength()/2,encodedIP->GetLength()/2);
03740         ip::address_v6 mask(bytesMask);
03741         string sMask = mask.to_string();
03742 
03743         rv +=sMask;
03744 
03745     }
03746     else if(encodedIP->GetLength() == 8)
03747     {
03748         ip::address_v4::bytes_type bytesAddr;
03749         memcpy(bytesAddr.c_array(), encodedIP->GetBuffer(),encodedIP->GetLength()/2);
03750         ip::address_v4 addr(bytesAddr);
03751         rv = addr.to_string();
03752 
03753         rv+="/";
03754 
03755         ip::address_v4::bytes_type bytesMask;
03756         memcpy(bytesMask.c_array(), encodedIP->GetBuffer()+encodedIP->GetLength()/2,encodedIP->GetLength()/2);
03757         ip::address_v4 mask(bytesMask);
03758         string sMask = mask.to_string();
03759 
03760         rv +=sMask;
03761     }
03762     return rv;
03763 }