CPKIFSignedData Class Reference

#include <SignedData.h>

Inheritance diagram for CPKIFSignedData:

Inheritance graph
[legend]
Collaboration diagram for CPKIFSignedData:

Collaboration graph
[legend]

List of all members.

Detailed Description

This class supports generation of digital signatures covering arbitrary content using the CMS SignedData format.

When creating SignedData objects, CPKIFSignedData requires access to the following interfaces:

When verifying SignedData objects, the following interfaces are required:

Additionally, path processing interfaces may be used during verification if accessible and requested, e.g. where the minStatus parameter is not set to PVS_NOT_VALIDATED.

This class can be used to create SignedData messages covering content that is encapsulated by the SignedData message or content that is separate from the SignedData message. To sign encapsulated content, create a CPKIFEncapsulatedContentInfo object containing the content to sign and pass the object to the CPKIFSignedData instance using the SetEncapsulatedContentInfo method. To sign detached content, pass the content to the CPKIFSignedData containing the intended signers via the UpdateMessage function.

Signatures are generated when the Encode method is invoked.

TSP-enforcing: Yes

Definition at line 59 of file SignedData.h.


Public Types

enum  CMSVersion {
  CMSv0 = 0, CMSv1 = 1, CMSv2 = 2, CMSv3 = 3,
  CMSv4 = 4
}

Public Member Functions

 CPKIFSignedData (void)
virtual ~CPKIFSignedData (void)
CMSVersion GetVersion () const
void SetEncapsulatedContent (CPKIFEncapsulatedContentInfoPtr &ecip)
CPKIFEncapsulatedContentInfoPtr GetEncapsulatedContent () const
void UpdateMessage (unsigned char *buf, int bufLen)
void AddCertificate (CPKIFCertificatePtr &cert)
void GetCertificates (CPKIFCertificateList &certs)
void AddCRL (CPKIFCRLPtr &crl)
void GetCRLs (CPKIFCRLList &crls)
void AddSignerInfo (CPKIFSignerInfoPtr &si)
void GetSignerInfos (CPKIFSignerInfoList &sis)
CPKIFBufferPtr Encode ()
void Decode (CPKIFBufferPtr &buf)
bool Verify (int signerIndex, CMSVerificationStatus &status, CMSPathValidationStatus minStatus=PVS_REV_STATUS_VERIFIED)
bool Verify (int signerIndex, CMSVerificationStatus &status, CPKIFCertificatePtr &signersCert, CMSPathValidationStatus minStatus=PVS_REV_STATUS_VERIFIED)
void SetKeyUsageChecker (CPKIFFuncStoragePtr &kuChecker)
void SetPathSettings (CPKIFPathSettingsPtr &settings)
CPKIFCertificatePathPtr GetPath () const
CPKIFPathValidationResultsPtr GetValidationResults () const
void GetSignersCert (int signerIndex, CPKIFCertificatePtr &cert)
size_t GetNumberOfSigners () const
CPKIFSignerInfoPtr GetSignersInfo (int signerIndex)
void ClearContent (bool removeMediatorAssociations=true)
CPKIFBufferPtr GetSignersCert (CPKIFBufferPtr tmpSignerInfoBuf)
void AddMediator (IPKIFMediatorPtr &m)
IPKIFMediatorPtr GetMediator ()

Friends

struct CPKIFSignedDataImpl

Member Enumeration Documentation

enum CPKIFSignedData::CMSVersion

Enumerator:
CMSv0 
CMSv1 
CMSv2 
CMSv3 
CMSv4 

Definition at line 65 of file SignedData.h.

Constructor & Destructor Documentation

CPKIFSignedData::CPKIFSignedData ( void   ) 

Interface: External

CPKIFSignedData has one default constructor. Following construction, it is necessary to associate a mediator object via a call to AddMediator prior to performing any PKI-related operations. All internal member variables are initialized to NULL or empty. The version property is initialized to CMSv0.

Returns:
None

Definition at line 160 of file SignedData.cpp.

References CMSv0, g_signedData, LOG_STRING_DEBUG, CPKIFContentType::SetContentType(), and TOOLKIT_CRYPTO_MISC.

CPKIFSignedData::~CPKIFSignedData ( void   )  [virtual]

Interface: External

This function destroys an instance of CPKIFSignedData.

Returns:
None

Definition at line 183 of file SignedData.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

Member Function Documentation

CPKIFSignedData::CMSVersion CPKIFSignedData::GetVersion (  )  const

Interface: External

The possible values returned by this function are shown in the following definition:

typedef enum 
{
	CMSv0 = 0,
	CMSv1 = 1,
	CMSv2 = 2,
	CMSv3 = 3,
	CMSv4 = 4
} CMSVersion;

Returns:
This function returns an enumerated value indicating the version of the SignedData message.

Definition at line 337 of file SignedData.cpp.

Referenced by Encode().

void CPKIFSignedData::SetEncapsulatedContent ( CPKIFEncapsulatedContentInfoPtr &  ecip  ) 

Interface: External

This function stores the provided encapsulated content info in the SignedData object. This data will be signed and included in the encoded SignedData object when Encode is invoked. If the ecip parameter contains a NULL pointer or a NULL object identifier, a CPKIFMessageException object indicating COMMON_INVALID_INPUT is thrown. (The Content property of ecip can be NULL, to accommodate detached messages or certs-only messages).

Applications must invoke this function and specify an object identifier via the OID property of ecip prior to calling Encode when created a SignedData message.

The object passed to this function is a reference counted smart pointer. Thus, if the application maintains a reference to the object and makes modifications after calling this function but before calling Encode, those changes will be included in the resulting SignedData message. This function should not be invoked on decoded messages. Re-encoding decoded messages with modified content will result in broken digital signatures.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
ecip  [in] Reference to a smart pointer to a CPKIFEncapsulatedContentInfo object

Definition at line 417 of file SignedData.cpp.

References COMMON_INVALID_INPUT, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().

CPKIFEncapsulatedContentInfoPtr CPKIFSignedData::GetEncapsulatedContent (  )  const

Interface: External

This function is used to retrieve the encapsulated data associated with a signed data object. Not all SignedData messages include encapsulated content. Where content is detached from the SignedData message, the only the content type may be available from the CPKIFEncapsulatedContentInfo object returned by this function. The object returned by this function is a reference counted smart pointer. Thus, it can live beyond the life of the CPKIFSignedData object from which it was retrieved.

Returns:
This function returns a smart pointer to a CPKIFEncapsulatedContentInfo object containing the encapsulated content info, if any, associated with an instance of CPKIFSignedData via a call to SetEncapsulatedContent or through a call to Decode.

Definition at line 354 of file SignedData.cpp.

References LOG_STRING_DEBUG, m_impl, and TOOLKIT_CRYPTO_MISC.

Referenced by _tmain(), Encode(), CPKIFArchiveTimestamp::GetEffectiveDigestAlgorithm(), GetHashAlgorithmFromTimestamp(), GetTimeFromTimestamp(), CPKIFTimestampVerifier::Verify(), and IPKIFScvpClient::VerifyValPol().

void CPKIFSignedData::UpdateMessage ( unsigned char *  buf,
int  bufLen 
)

Interface: External

This function is used to create or update a running hash value to sign when the data to sign is for detached, i.e. the data is not included in the resulting CMS blob. This function can be iteratively invoked to create a running hash over a large block of data. The operative hash algorithms are retrieved from the SignerInfos associated with the instance. Thus, all applicable SignerInfos must be specified prior to calling UpdateMessage. A mediator object containing the IPKIFCryptoMisc interface must be added via AddMediator prior to invoking this function. If a pointer to the IPKIFCryptoMisc interface is not available, a CPKIFMessageException indicating the COMMON_MEDIATOR_MISSING is thrown.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_MEDIATOR_MISSING) 
Parameters:
buf  [in] Pointer to a buffer containing the data to hash
bufLen  [in] Integer that indicates the length of the buffer pointed to by buf

Definition at line 450 of file SignedData.cpp.

References CACASNWRAPPER_CREATE, COMMON_MEDIATOR_MISSING, data, GetMediator(), LOG_STRING_DEBUG, PKIFCMSMessageMemoryHelper::pSignedData, and TOOLKIT_CRYPTO_MISC.

Referenced by Encode().

void CPKIFSignedData::AddCertificate ( CPKIFCertificatePtr &  cert  ) 

Interface: External

This function can be used to add certificates to a SignedData message. This function can be invoked, possibly multiple times, prior to invoking Encode.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
cert  [in] Reference to a smart pointer to a CPKIFCertificate object containing the certificate that should be added to the certificate bag

Definition at line 526 of file SignedData.cpp.

References COMMON_INVALID_INPUT, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().

void CPKIFSignedData::GetCertificates ( CPKIFCertificateList certs  ) 

Interface: External

This function will add the contents of the certificate bag to the certs parameter.

Returns:
None
Parameters:
certs  [out] Reference to a certificate list object

Definition at line 551 of file SignedData.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

void CPKIFSignedData::AddCRL ( CPKIFCRLPtr &  crl  ) 

Interface: External

This function can be used to add CRLs to a SignedData message. This function can be invoked, possibly multiple times, prior to invoking Encode.

Returns:
None
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
crl  [in] Pointer to a CRL that should be added to the CRL bag

Definition at line 617 of file SignedData.cpp.

References COMMON_INVALID_INPUT, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

void CPKIFSignedData::GetCRLs ( CPKIFCRLList crls  ) 

Interface: External

This function is used to retrieve the bag of CRLs that may be included in the CMS message.

Returns:
None
Parameters:
crls  [out] Reference to a CRL list

Definition at line 641 of file SignedData.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

void CPKIFSignedData::AddSignerInfo ( CPKIFSignerInfoPtr &  si  ) 

Interface: External

This function should be called prior to calling Encode to identify the entities for which a signature should be generated over the associated content. Multiple signers can be specified by invoking this function multiple times prior to calling Encode. Alternatively, a SignedData message containing one signer may be decoded via a call to Decode, a signer added via a call to this function and an updated message containing two signers generated by a call to Encode. In other words, using this function, additional signers can be added to decoded messages that contain one of more signers. When Encode is subsequently invoked, signatures will be generated for the signers added using this function since the invocation of Decode alongside the signers in the decoded message.

This function must not be called after specifying detached content via calls to UpdateMessage. An exception indicating MSG_INVALID_STATE will be thrown if this function is invoked after detached content has been specified. An exception indicating COMMON_INVALID_INPUT will be thrown if si parameter is NULL.

Returns:
None
Exceptions:
CPKIFMessageException(MSG_INVALID_STATE) 
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
si  [in] Reference to a smart pointer to a CPKIFSignerInfo object containing information to use when generating a signature. Minimally, this object must contain a digest algorithm identifier and a credential object for use in generating a digital signature.

Definition at line 717 of file SignedData.cpp.

References COMMON_INVALID_INPUT, LOG_STRING_DEBUG, MSG_INVALID_STATE, and TOOLKIT_CRYPTO_MISC.

Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().

void CPKIFSignedData::GetSignerInfos ( CPKIFSignerInfoList sis  ) 

Interface: External

This function is used retrieve all SignerInfos associated with a SignedData message. The CPKIFSignerInfoList type is a typedef for a vector containing smart pointers to CPKIFSignerInfo objects.

Returns:
This function returns a pointer to each SignerInfo object via the sis parameter.
Parameters:
sis  [out] Reference to list of SignerInfo objects

Definition at line 744 of file SignedData.cpp.

References CACASNWRAPPER_CREATE, data, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

Referenced by CPKIFTimestampVerifier::Verify().

CPKIFBufferPtr CPKIFSignedData::Encode (  )  [virtual]

Interface: External

This function should be invoked after the message has been completely prepared (minimally a mediator must have been added via a call to AddMediator and an encapsulated content type must have been specified). Typically, the resulting encoded message is wrapped in a content info object with the content type set to g_signedData.

This function requires access to the IPKIFCryptoMisc and IPKIFCryptoKeyIDOperations interfaces. The mediator object providing access to these interfaces must be specified via a call to AddMediator prior to invoking this function. If the necessary interfaces are not available, an exception indicating COMMON_MEDIATOR_MISSING will be thrown. This holds true even in cases where signatures are not generated, i.e. when creating a certs-only or CRLs-only message.

Returns:
This function returns a smart pointer to a CPKIFBuffer object containing the encoded SignedData message. The returned object may then be passed to SetContent on a CPKIFContentInfo object to produce a complete CMS, ContentInfo message.
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
CPKIFMessageException(COMMON_MEDIATOR_MISSING) 
CPKIFMessageException(COMMON_UNSUPPORTED_ALG) 
CPKIFMessageException(MSG_INVALID_STATE) 
CPKIFMessageException(MSG_DECODE_FAILED) 
CPKIFMessageException(COMMON_UNSUPPORTED_ALG) 
CPKIFException(ASN1_ENCODE_ERROR) 
CPKIFException(ASN1_DECODE_ERROR) 

Implements CPKIFContentType.

Definition at line 806 of file SignedData.cpp.

References CACASNWRAPPER_CREATE, ClearContent(), COMMON_INVALID_INPUT, COMMON_MEDIATOR_MISSING, ConvertStringToASN1OBJID(), CopyOID(), Decode(), GetEncapsulatedContent(), GetMediator(), GetVersion(), LOG_STRING_DEBUG, PKIFCMSMessageMemoryHelper::pSignedData, TOOLKIT_CRYPTO_MISC, and UpdateMessage().

Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), and CPKIFScvpPathBuild::BuildPath().

void CPKIFSignedData::Decode ( CPKIFBufferPtr &  buf  )  [virtual]

Interface: External

This function is used to decode an encoded SignedData message. An exception indicating COMMON_INVALID_INPUT will be thrown if buf parameter is NULL. The function will throw an exception indicating MSG_DECODE_FAILED if decode operation fails.

Following a successful call to this function, information from the decoded message can be retrieved using the various GetXXX methods of CPKIFSignedData. Messages can be repeatedly decoded, altered and re-encoded. For example, a message with a single signer may be decoded, a new signer added to the message and then the message re-encoded to produce a message containing two signers.

When this function is entered, most internal state is reset. Any previously specified message components or previously decoded message information will no longer be available. Previously specified path processing settings and mediator/colleague set will remain in effect.

Returns:
None
Exceptions:
CPKIFMessageException(MSG_DECODE_FAILED) 
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
buf  [in] Reference to a smart pointer to a CPKIFBuffer object containing an encoded SignedData message to decode

Implements CPKIFContentType.

Definition at line 969 of file SignedData.cpp.

References ClearContent(), CMSv0, CMSv1, CMSv2, CMSv3, CMSv4, COMMON_INVALID_INPUT, LOG_STRING_DEBUG, MSG_DECODE_FAILED, PEMDecode(), CPKIFException::push_info(), and TOOLKIT_CRYPTO_MISC.

Referenced by _tmain(), Encode(), CPKIFArchiveTimestamp::GetEffectiveDigestAlgorithm(), GetHashAlgorithmFromTimestamp(), GetTimeFromTimestamp(), CPKIFTimestampVerifier::Verify(), and IPKIFScvpClient::VerifyValPol().

bool CPKIFSignedData::Verify ( int  signerIndex,
CMSVerificationStatus status,
CMSPathValidationStatus  minStatus = PVS_REV_STATUS_VERIFIED 
)

Interface: External

This function requires access to the IPKIFCryptoMisc and IPKIFCryptoRawOperations interfaces. If the value passed via minStatus is greater than PVS_NOT_VALIDATED, access to IPKIFPathBuild and IPKIFPathValidate are also required. The mediator object providing access to these interfaces must be specified via a call to AddMediator prior to invoking this function. If the necessary interfaces are not available, an exception indicating COMMON_MEDIATOR_MISSING will be thrown.

The SignedData message must have been decoded prior to calling Verify. Otherwise, an exception indicating MSG_INVALID_STATE will be thrown.

This function is used to verify the signature within a SignerInfo in the SignedData message. CMS SignedData objects can contain many signatures. The signerIndex parameter is used to indicate which SignerInfo is the target of verification. If the index specified by signerIndex is not valid, an exception indicating MSG_INVALID_INDEX will be thrown.

The status parameter is used to return generic status information following the verification operation in the form of a CMSVerificationStatus value. The Boolean value returned by Verify is true when the status indicated by the minStatus parameter is met or exceeded. For example, if a signature can be verified, a path to the signer verified but revocation status not determined, the Verify function will return true when minStatus is set to PVS_CERT_PATH_VERIFIED (or PVS_NOT_VALIDATED) and false when minStatus is set to PVS_REV_STATUS_VERIFIED. If this function throws an exception, the status parameter will be set to NOT_VERIFIED.

Following execution of Verify, additional status information may be retrieved via calls to GetPath or GetValidationResults. The nature of the information available via these calls will vary depending on the value of status returned by this function and the value of minStatus passed to this function. For example, if path validation was not performed, no path or validation results will be available. If an exception is thrown, the state of the objects returned by GetPath and GetValidationResults is indeterminate and the objects be used for diagnostic purposes only.

This function will automatically verify the signature using a certificate from the certificate bag associated with the message (i.e. the set of certificates available via a call to GetCertificates, provided the signer’s certificate is present in the bag, or via an associated colleague that implements the IPKIFCertSearch interface, if available. Alternatively, applications can provide the signer’s certificate via the signersCert parameter. When signersCert is provided, additional candidate signer certificates are not considered.

Returns:
This function returns a Boolean that indicates if the CMS signature was successfully verified and path validation met the minimum acceptable path validation status.
Exceptions:
CPKIFMessageException(COMMON_MEDIATOR_MISSING) 
CPKIFMessageException(COMMON_UNSUPPORTED_ALG) 
CPKIFMessageException(COMMON_INVALID_INPUT) 
CPKIFCryptoException(PKIFCAPI_VERIFY_FAILED) 
CPKIFCryptoException(COMMON_OPERATION_NOT_HANDLED) 
CPKIFCryptoException(COMMON_INVALID_INPUT) 
CPKIFPathException(COMMON_INVALID_INPUT) 
CPKIFPathException(COMMON_UNSUPPORTED_ALG) 
CPKIFPathException(COMMON_MEDIATOR_MISSING) 
CPKIFCacheException(CACHE_PARSE_ERROR) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(CACHE_UPDATE_FAILED) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(CACHE_CERT_STORE_OPEN_FAILED) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(COMMON_INVALID_INPUT) 
CPKIFCacheException(CACHE_LDAP_ERROR) 
CPKIFException(COMMON_INVALID_INPUT) 
CPKIFException(COMMON_NOT_IMPLEMENTED) 
Parameters:
signerIndex  [in] Integer containing the zero-based index that identifies the SignerInfo to verify
status  [out] Reference to a CMSVerificationStatus that indicates the outcome of the verification operation
minStatus  [in] CMSPathValidationStatus value that specifies the minimum acceptable path validation outcome

Definition at line 1140 of file SignedData.cpp.

Referenced by CPKIFTimestampVerifier::Verify(), and IPKIFScvpClient::VerifyValPol().

bool CPKIFSignedData::Verify ( int  signerIndex,
CMSVerificationStatus status,
CPKIFCertificatePtr &  signersCert,
CMSPathValidationStatus  minStatus = PVS_REV_STATUS_VERIFIED 
)

Interface: External

This function requires access to the IPKIFCryptoMisc and IPKIFCryptoRawOperations interfaces. If the value passed via minStatus is greater than PVS_NOT_VALIDATED, access to IPKIFPathBuild and IPKIFPathValidate are also required. The mediator object providing access to these interfaces must be specified via a call to AddMediator prior to invoking this function. If the necessary interfaces are not available, an exception indicating COMMON_MEDIATOR_MISSING will be thrown.

The SignedData message must have been decoded prior to calling Verify. Otherwise, an exception indicating MSG_INVALID_STATE will be thrown.

This function is used to verify the signature within a SignerInfo in the SignedData message. CMS SignedData objects can contain many signatures. The signerIndex parameter is used to indicate which SignerInfo is the target of verification. If the index specified by signerIndex is not valid, an exception indicating MSG_INVALID_INDEX will be thrown.

The status parameter is used to return generic status information following the verification operation in the form of a CMSVerificationStatus value. The Boolean value returned by Verify is true when the status indicated by the minStatus parameter is met or exceeded. For example, if a signature can be verified, a path to the signer verified but revocation status not determined, the Verify function will return true when minStatus is set to PVS_CERT_PATH_VERIFIED (or PVS_NOT_VALIDATED) and false when minStatus is set to PVS_REV_STATUS_VERIFIED. If this function throws an exception, the status parameter will be set to NOT_VERIFIED.

Following execution of Verify, additional status information may be retrieved via calls to GetPath or GetValidationResults. The nature of the information available via these calls will vary depending on the value of status returned by this function and the value of minStatus passed to this function. For example, if path validation was not performed, no path or validation results will be available. If an exception is thrown, the state of the objects returned by GetPath and GetValidationResults is indeterminate and the objects be used for diagnostic purposes only.

This function will automatically verify the signature using a certificate from the certificate bag associated with the message (i.e. the set of certificates available via a call to GetCertificates, provided the signer’s certificate is present in the bag, or via an associated colleague that implements the IPKIFCertSearch interface, if available. Alternatively, applications can provide the signer’s certificate via the signersCert parameter. When signersCert is provided, additional candidate signer certificates are not considered.

Returns:
This function returns a Boolean that indicates if the CMS signature was successfully verified and path validation met the minimum acceptable path validation status.
Exceptions:
CPKIFMessageException(COMMON_MEDIATOR_MISSING) 
CPKIFMessageException(COMMON_UNSUPPORTED_ALG) 
CPKIFMessageException(COMMON_INVALID_INPUT) 
CPKIFCryptoException(PKIFCAPI_VERIFY_FAILED) 
CPKIFCryptoException(COMMON_OPERATION_NOT_HANDLED) 
CPKIFCryptoException(COMMON_INVALID_INPUT) 
CPKIFPathException(COMMON_INVALID_INPUT) 
CPKIFPathException(COMMON_UNSUPPORTED_ALG) 
CPKIFPathException(COMMON_MEDIATOR_MISSING) 
CPKIFCacheException(CACHE_PARSE_ERROR) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(CACHE_UPDATE_FAILED) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(CACHE_CERT_STORE_OPEN_FAILED) 
CPKIFCacheException(COMMON_NOT_INITIALIZED) 
CPKIFCacheException(COMMON_INVALID_INPUT) 
CPKIFCacheException(CACHE_LDAP_ERROR) 
CPKIFException(COMMON_INVALID_INPUT) 
CPKIFException(COMMON_NOT_IMPLEMENTED) 
Parameters:
signerIndex  [in] Integer containing the zero-based index that identifies the SignerInfo to verify
status  [out] Reference to a CMSVerificationStatus that indicates the outcome of the verification operation
signersCert  [in] Reference to a smart pointer to a CPKIFCertificate object containing the certificate that should be used to verify the signature of the indicated SignerInfo
minStatus  [in] CMSPathValidationStatus value that specifies the minimum acceptable path validation outcome

Definition at line 1213 of file SignedData.cpp.

void CPKIFSignedData::SetKeyUsageChecker ( CPKIFFuncStoragePtr &  kuChecker  ) 

Definition at line 2612 of file SignedData.cpp.

void CPKIFSignedData::SetPathSettings ( CPKIFPathSettingsPtr &  settings  ) 

Interface: External

This function is used to set the path settings used by subsequent calls to Verify. When the pointer passed via settings is NULL, subsequent calls to Verify will use default path settings values. The PathSettings property and the Mediator properties of CPKIFSignedData are the only properties not reset to default values by calls to Decode. These values can be reset by calling ClearContent with true passed as the parameter.

Returns:
None
Parameters:
settings  [in] Reference to a smart pointer to a CPKIFPathSettings object, possibly containing a NULL pointer

Definition at line 1493 of file SignedData.cpp.

Referenced by CPKIFTimestampVerifier::Verify(), and IPKIFScvpClient::VerifyValPol().

CPKIFCertificatePathPtr CPKIFSignedData::GetPath (  )  const

Interface: External

CPKIFSIgnedData objects store only the path generated by the most recent call to Verify. If Verify is invoked multiple times, when verifying multiple signatures, for example, it is necessary to call GetPath after each call if the certification path for each is desired.

Returns:
None

Definition at line 1509 of file SignedData.cpp.

Referenced by CPKIFTimestampVerifier::Verify().

CPKIFPathValidationResultsPtr CPKIFSignedData::GetValidationResults (  )  const

Interface: External

This function is used to get the validation results obtained during the previous call to Verify.

Returns:
Returns a smart pointer to a CPKIFPathValidationResults object containing the path validation results assembled during the most recent call to Verify.

Definition at line 1520 of file SignedData.cpp.

Referenced by CPKIFTimestampVerifier::Verify().

void CPKIFSignedData::GetSignersCert ( int  signerIndex,
CPKIFCertificatePtr &  cert 
)

Interface: External

This function returns the certificate associated with the signer indicated by the signerIndex parameter, if available. This function is only available after calling Decode or Encode. If this function is invoked prior to calling one of these functions, a CPKIFMessageException will be thrown indicating MSG_INVALID_STATE. If an invalid index is passed via signerIndex, a reference to a smart pointer to a CPKIFCertificate containing a NULL pointer will be returned.

Returns:
None
Exceptions:
CPKIFMessageException(MSG_INVALID_STATE) 
Parameters:
signerIndex  [in] Integer containing the zero-based index of the signer whose certificate is being requested
cert  [out] Reference to a smart pointer to a CPKIFCertificate object to receive the signer’s certificate, if available

Definition at line 1537 of file SignedData.cpp.

References LOG_STRING_DEBUG, MSG_INVALID_STATE, and TOOLKIT_CRYPTO_MISC.

Referenced by CPKIFTimestampVerifier::Verify().

size_t CPKIFSignedData::GetNumberOfSigners (  )  const

Interface: External

This function returns the number of SignerInfo objects held by a SignedData object. Countersignatures are not included in the count returned by this function.

Returns:
This function returns an integer indicating the number of SignerInfo objects present in the SignedData message.

Definition at line 1580 of file SignedData.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

CPKIFSignerInfoPtr CPKIFSignedData::GetSignersInfo ( int  signerIndex  ) 

Interface: External

This function can be used to access a specific SignerInfo object, for example, when adding an unsigned attribute following creation of a SignedData message.

Returns:
This function returns a pointer to the requested SignerInfo object.
Exceptions:
CPKIFMessageException(COMMON_INVALID_INPUT) 
Parameters:
signerIndex  [in] Integer indicating the SignerInfo to retrieve

Definition at line 1605 of file SignedData.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, data, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

void CPKIFSignedData::ClearContent ( bool  removeMediatorAssociationsAndPathSettings = true  ) 

Interface: External

This function resets the state of a CPKIFSignedData object. If the removeMediatorAssociationsAndPathSettings parameter is set to true, then the base class RemoveMediatorAssociations function is invoked to disassociate the instance of CPKIFSignedData from the mediators added via AddMediator. Additionally, the internal member variable containing application-specified path settings is reset to contain default settings when removeMediatorAssociationsAndPathSettings is set to true.

Returns:
None
Parameters:
removeMediatorAssociationsAndPathSettings  [in] Boolean value that indicates mediators and path settings associated with an instance of CPKIFSignedData should be removed

Definition at line 266 of file SignedData.cpp.

References CMSv0, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

Referenced by Decode(), and Encode().

CPKIFBufferPtr CPKIFSignedData::GetSignersCert ( CPKIFBufferPtr  tmpSignerInfoBuf  ) 

Interface: Module

This is a helper function that retrives signers certificate

Returns:
A smart pointer to CPKIFBuffer object that contains signers cert
Parameters:
tmpSignerInfoBuf  Pointer to CACCMSSignerInfo object

Definition at line 2110 of file SignedData.cpp.

References CACASNWRAPPER_CREATE, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_MISC.

void CPKIFSignedData::AddMediator ( IPKIFMediatorPtr m  ) 

Interface: External

This function added a mediator object to the SignedData for purposes of obtaining pointers to desired interfaces.

Returns:
None
Parameters:
m  [in] Smart Pointer to a mediator obejct

Definition at line 201 of file SignedData.cpp.

Referenced by CPKIFScvpPathBuildAndValidate::BuildAndValidatePath(), CPKIFScvpPathBuild::BuildPath(), CPKIFTimestampVerifier::Verify(), and IPKIFScvpClient::VerifyValPol().

IPKIFMediatorPtr CPKIFSignedData::GetMediator (  ) 

Interface: External

This function returns the Mediator object stored in SignedData

Returns:
None

Definition at line 214 of file SignedData.cpp.

Referenced by Encode(), UpdateMessage(), and CPKIFTimestampVerifier::Verify().

Friends And Related Function Documentation

friend struct CPKIFSignedDataImpl [friend]

Definition at line 61 of file SignedData.h.

The documentation for this class was generated from the following files:
Generated on Mon Nov 15 11:20:42 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6