CPKIFEvidenceRecord Class Reference
#include <EvidenceRecord.h>
Detailed Description
CPKIFEvidenceRecord provides a means of generating and processing EvidenceRecord structures, which are defined in the Evidence Record Syntax (ERS) specification as follows:EvidenceRecord ::= SEQUENCE { version INTEGER { v1(1) } , digestAlgorithms SEQUENCE OF AlgorithmIdentifier, cryptoInfos [0] CryptoInfos OPTIONAL, encryptionInfo [1] EncryptionInfo OPTIONAL, archiveTimeStampSequence ArchiveTimeStampSequence }
At present, this implementation does not support generation or processing of CryptoInfo or EncryptionInfo objects. Upon decoding, these fields will be parsed but are not used and are not available.
There is no means of specifying an algorithm identifier to include in the digestAlgorithms field when encoding. These values are automatically collected from the archive timestamps present in the archive timestamp sequence pass to SetArchiveTimestampSequence.
No SetVersion function is provided. This implementation only supports generation of v1 EvidenceRecords.
There are four fundamental operations that are performed on an instance of CPKIFEvidenceRecord:
- initial evidence record creation
- evidence record update following a timestamp refresh
- evidence record update following a hashtree renewal
- evidence record verification
These operations are not self-contained. Generally, the CPKIFEvidenceRecord class is structural in nature with most interesting operations performed outside of the class and the results passed in. For example, to prepare an initial evidence record, the following steps are performed:
- prepare a hash tree containing the data objects, or groups of objects, requiring preservation
- obtain a timestamp for the root of the hash tree
- for each leaf node in the hash tree (possibly the only node in the tree)
- prepare an Timestamp that covers the object
- prepare an EvidenceRecord containing the Timestamp as the initial Archive Timestamp
When a timestamp refresh is necessary, parse the existing evidence record. Extract the archive timestamp sequence and select the chain at the rear of the sequence. Calculate the hash of the timestamp field from the last archive timestamp in the selected chain. Obtain a timestamp for that hash, create an archive timestamp containing that timestamp, add the new archive timestamp to the end of the selected chain and re-encode the evidence record containing the new timestamp (digestAlgorithms field in the EvidenceRecord will be automatically updated by this class).
When a hashtree renewal is necessary, parse the existing evidence record. Extract the archive timestamp sequence and select the chaing at the rear of the sequence. Calculate the hash of the selected chain. Prepare a hash tree containing the data objects, or groups of objects, requiring preservation. Concatenate the root hash with the hash of the selected chain and obtain a new timestamp. Create a new archive timestamp containing the new timestamp and create a new archive timestamp chain containing the new archive timestamp. Append the new chain to the existing archive timestamp sequence.
TSP-enforcing: No
Definition at line 93 of file EvidenceRecord.h.
Public Member Functions | |
| CPKIFEvidenceRecord (void) | |
| Default constructor. | |
| virtual | ~CPKIFEvidenceRecord (void) |
| Default destructor. | |
| CPKIFBufferPtr | Encode () const |
| Encode generates an encoded EvidenceRecord. At least one well-formed ArchiveTimeStamp must be present. | |
| void | Decode (CPKIFBufferPtr &msg) |
| Decode parses an encoded EvidenceRecord and makes the contents available via the GetXXX functions. | |
| int | GetVersion () const |
| GetVersion returns the version of the EvidenceRecord structure. | |
| CPKIFAlgorithmIdentifierListPtr | GetDigestAlgorithms () const |
| GetDigestAlgorithms returns the list of digest algorithms that appear in the archive timestamps contained by the evidence record. | |
| CPKIFArchiveTimestampSequencePtr | GetArchiveTimestampSequence () const |
| GetArchiveTimestampSequence returns a pointer to a CPKIFArchiveTimestampSequence object containing the archive timestamps included. | |
| void | SetArchiveTimestampSequence (CPKIFArchiveTimestampSequencePtr &ats) |
| SetArchiveTimestampSequence is used to specify the archive timestamp sequence to include in the evidence record generated by. | |
Constructor & Destructor Documentation
| CPKIFEvidenceRecord::CPKIFEvidenceRecord | ( | void | ) |
Default constructor.
Interface: External
This function creates and initializes an instance of CPKIFEvidenceRecord. The Version property is initialized to PKIFERSv1. The GenerateNonce property is initialized to false. The ReqCert property is initialized to false.
- Returns:
- None
Definition at line 236 of file EvidenceRecord.cpp.
| CPKIFEvidenceRecord::~CPKIFEvidenceRecord | ( | void | ) | [virtual] |
Default destructor.
Interface: External
This function destroys an instance of CPKIFEvidenceRecord.
- Returns:
- None
Definition at line 247 of file EvidenceRecord.cpp.
Member Function Documentation
| CPKIFBufferPtr CPKIFEvidenceRecord::Encode | ( | ) | const |
Encode generates an encoded EvidenceRecord. At least one well-formed ArchiveTimeStamp must be present.
Interface: External
This function encode an ER
- Returns:
- CPKIFBufferPtrPtr containing encoded ER
Definition at line 407 of file EvidenceRecord.cpp.
References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, ConvertStringToASN1OBJID(), CopyOID(), Decode(), g_nullParams, GetDigestAlgorithms(), NEW_NEXT_AND_ADVANCE, NEW_NODE, SET_HEAD_TAIL_INCREMENT, and TOOLKIT_ERS_ASN.
Referenced by _tmain().
| void CPKIFEvidenceRecord::Decode | ( | CPKIFBufferPtr & | msg | ) |
Decode parses an encoded EvidenceRecord and makes the contents available via the GetXXX functions.
Interface: External
This function is used to decode an encoded evidence record.
- Returns:
- None
- Exceptions:
-
CPKIFERSException(COMMON_INVALID_INPUT) CPKIFERSException(MSG_DECODE_FAILED)
- Parameters:
-
msg [in] Encoded evidence record
Definition at line 570 of file EvidenceRecord.cpp.
References COMMON_INVALID_INPUT, LOG_STRING_DEBUG, MSG_DECODE_FAILED, and TOOLKIT_ERS_ASN.
| int CPKIFEvidenceRecord::GetVersion | ( | ) | const |
GetVersion returns the version of the EvidenceRecord structure.
Interface: External
This function is returns the ERS version of an EvidenceRecord. PKIFERS only supports version 1 EvidenceRecords.
- Returns:
- The ERS version of the EvidenceRecord.
Definition at line 263 of file EvidenceRecord.cpp.
References LOG_STRING_DEBUG, m_impl, and TOOLKIT_ERS_ASN.
Referenced by _tmain().
| CPKIFAlgorithmIdentifierListPtr CPKIFEvidenceRecord::GetDigestAlgorithms | ( | ) | const |
GetDigestAlgorithms returns the list of digest algorithms that appear in the archive timestamps contained by the evidence record.
Interface: External
This function returns the union of the digest algorithms that appear in the archive timestamps available via a call to GetArchiveTimestampSequence. This list is calculated from the actual archive timestamp sequence. The list included by the evidence record creator may be different.
This list returned by this function is a copy of the algorithm identifier objects that appear in the archive timestamp sequence. Edits to the list or its members will not effect subsequent calls to this function nor subsequent calls to Encode.
- Returns:
- The ERS version of the EvidenceRecord.
Definition at line 290 of file EvidenceRecord.cpp.
References GottaMatch< T >::SetRHS().
| CPKIFArchiveTimestampSequencePtr CPKIFEvidenceRecord::GetArchiveTimestampSequence | ( | ) | const |
GetArchiveTimestampSequence returns a pointer to a CPKIFArchiveTimestampSequence object containing the archive timestamps included.
Interface: External
This function retrives archive timestamp sequence
- Returns:
- CPKIFArchiveTimestampSequencePtr containing archive timestamp sequence
Definition at line 357 of file EvidenceRecord.cpp.
References CACASNWRAPPER_CREATE, LOG_STRING_DEBUG, m_impl, and TOOLKIT_ERS_ASN.
Referenced by _tmain().
| void CPKIFEvidenceRecord::SetArchiveTimestampSequence | ( | CPKIFArchiveTimestampSequencePtr & | ats | ) |
SetArchiveTimestampSequence is used to specify the archive timestamp sequence to include in the evidence record generated by.
Interface: External
SetArchiveTimestampSequence replaces the archive timestamp sequence held by an instance of CPKIFEvidenceRecord. Following a call to SetArchiveTimestampSequence, subsequent calls to Encode will result in generation of an evidence record containing the archive timestamps contained in the CPKIFArchiveTimestampSequencePtr passed to this function. Subsequent calls to GetDigestAlgorithms will return the union of algorithm identifiers containined in the archive timestamps contained in the CPKIFArchiveTimestampSequencePtr passed to this function.
If a NULL CPKIFArchiveTimestampSequencePtr is passed to this function, subsequent calls to Encode will fail and subsequent calls to GetDigestAlgorithms will return an empty list.
- Returns:
- None
Definition at line 613 of file EvidenceRecord.cpp.
The documentation for this class was generated from the following files:
