#include <PKIFDefaultScoring.h>
The scoring is performed by calculating an integer score for each certificate node in the list and ordering the nodes from highest score to lowest score. The following table describes the scoring criteria including exact weights used in score calculation.
TSP-enforcing: No
Definition at line 35 of file PKIFDefaultScoring.h.
Public Member Functions | |
| CPKIFDefaultScoring () | |
| virtual | ~CPKIFDefaultScoring () |
| void | ScoreAndSortNodes (CPKIFCertificateNodeListWithSourceInfoPtr &nodeList, CPKIFCertificatePtr &prevCert, CPKIFPathSettingsPtr &settings, IPKIFTrustCache *trustCache, int numOfCAsBelowCurInPath, IPKIFCertRepository *iCert) |
| void | ScoreAndSortNodes (CPKIFNameAndKeyWithScoreListPtr &nodeList, CPKIFCertificatePtr &prevCert, CPKIFPathSettingsPtr &settings, IPKIFTrustCache *trustCache, int numOfCAsBelowCurInPath, IPKIFCertRepository *iCert) |
| CPKIFDefaultScoring::CPKIFDefaultScoring | ( | ) |
Interface: External
This function creates and initializes a CPKIFDefaultScoring object.
Definition at line 59 of file CACDefaultScoring.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
| CPKIFDefaultScoring::~CPKIFDefaultScoring | ( | ) | [virtual] |
Interface: External
Definition at line 70 of file CACDefaultScoring.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
| void CPKIFDefaultScoring::ScoreAndSortNodes | ( | CPKIFCertificateNodeListWithSourceInfoPtr & | nodeList, | |
| CPKIFCertificatePtr & | prevCert, | |||
| CPKIFPathSettingsPtr & | settings, | |||
| IPKIFTrustCache * | trustCache, | |||
| int | numOfCAsBelowCurInPath, | |||
| IPKIFCertRepository * | iCert | |||
| ) |
Interface: External
This function applies a small set of sorting criteria to order the certificate node list passed as nodeList. This function will sort the node list based on analysis of the certificates in the node list and the environment information passed as prevCert, settings, trustCache, numOfCAsBelowCurInPath and iCert.
The prevCert parameter should contain a pointer to the certificate that caused discovery of the certificates in nodeList (used to perform name and algorithm chaining).
The settings parameter should contain the inputs to the path validator used to validate the path resulting from the current path building operation.
The trustCache parameter should contain a pointer to a trusted root store interface.
The numOfCAsBelowCurInPath should indicate the number of certificates that comprise the current partial path (used to perform path length analysis of basicConstraints extensions found in certificates in nodeList).
The iCert parameter should contain a point to a certificate store interface.
| nodeList | [in/out] The list of certificate nodes to sort |
| prevCert | [in] The next certificate in the path (closest to the target) |
| settings | [in] The active path settings |
| trustCache | [in] Pointer to an interface to the active trust anchor store(s) |
| numOfCAsBelowCurInPath | [in] Unsigned integer indicating the current path depth for basicConstraints processing purposes |
| iCert | [in] Pointer to an interface to the active certificate store(s) |
Definition at line 421 of file CACDefaultScoring.cpp.
References ALGS_MATCH, BASIC_CONSTRAINTS_PRESENT_AND_SET, CertIsSelfIssued(), GetAlgClass(), GetPlatformCryptoRaw(), IPKIFTrustCache::GetTrustRoots(), HAS_AT_ONE_POLICY, ISSUED_BY_TRUST_ROOT, KEY_IDS_MATCH, KeyIDsMatch(), LOG_STRING_DEBUG, MATCH_POLICY_WITH_PREV_CERT, MATCH_POLICY_WITH_SETTINGS, NOT_SELF_ISSUED, NOT_SELF_SIGNED, scoreCompare(), SomeMatch(), TOOLKIT_PATH_MISC, VAL_PERIOD_OK, and IPKIFCryptoRawOperations::VerifyCertificate().
| void CPKIFDefaultScoring::ScoreAndSortNodes | ( | CPKIFNameAndKeyWithScoreListPtr & | nodeList, | |
| CPKIFCertificatePtr & | prevCert, | |||
| CPKIFPathSettingsPtr & | settings, | |||
| IPKIFTrustCache * | trustCache, | |||
| int | numOfCAsBelowCurInPath, | |||
| IPKIFCertRepository * | iCert | |||
| ) |
Interface: External
This function applies a small set of sorting criteria to order the nodes list passed as nodeList. This function will sort the node list based on analysis of the certificates in the node list and the environment information passed as prevCert, settings, trustCache, numOfCAsBelowCurInPath and iCert.
The prevCert parameter should contain a pointer to the certificate that caused discovery of the certificates in nodeList (used to perform name and algorithm chaining).
The settings parameter should contain the inputs to the path validator used to validate the path resulting from the current path building operation.
The trustCache parameter should contain a pointer to a trusted root store interface.
The numOfCAsBelowCurInPath should indicate the number of certificates that comprise the current partial path (used to perform path length analysis of basicConstraints extensions found in certificates in nodeList).
The iCert parameter should contain a point to a certificate store interface.
| nodeList | [in/out] The list of certificate nodes to sort |
| prevCert | [in] The next certificate in the path (closest to the target) |
| settings | [in] The active path settings |
| trustCache | [in] Pointer to an interface to the active trust anchor store(s) |
| numOfCAsBelowCurInPath | [in] Unsigned integer indicating the current path depth for basicConstraints processing purposes |
| iCert | [in] Pointer to an interface to the active certificate store(s) |
Definition at line 676 of file CACDefaultScoring.cpp.
References ALGS_MATCH, BASIC_CONSTRAINTS_PRESENT_AND_SET, CertIsSelfIssued(), GetAlgClass(), GetPlatformCryptoRaw(), IPKIFTrustCache::GetTrustRoots(), HAS_AT_ONE_POLICY, ISSUED_BY_TRUST_ROOT, KEY_IDS_MATCH, KeyIDsMatch(), LOG_STRING_DEBUG, MATCH_POLICY_WITH_PREV_CERT, MATCH_POLICY_WITH_SETTINGS, NOT_SELF_ISSUED, NOT_SELF_SIGNED, scoreCompareNK(), SomeMatch(), TOOLKIT_PATH_MISC, VAL_PERIOD_OK, and IPKIFCryptoRawOperations::VerifyCertificate().
1.5.6