CPKIFTimestampVerifier Class Reference
#include <TimestampVerifier.h>
Detailed Description
CPKIFTimestampVerifier implements timestamp verification. See Obtaining a timestamp sample for sample code that generates a timestamp request, posts the request and verifies the response.TSP-enforcing: No
Definition at line 37 of file TimestampVerifier.h.
Public Member Functions | |
| CPKIFTimestampVerifier () | |
| ~CPKIFTimestampVerifier () | |
| void | SetMediator (IPKIFMediatorPtr &m) |
| void | SetMinimumVerificationStatus (CMSPathValidationStatus v) |
| void | SetPathSettings (CPKIFPathSettingsPtr &p) |
| void | SetSkew (int seconds) |
| void | SetComparisonTime (CPKIFTimePtr &time) |
| IPKIFMediatorPtr | GetMediator () const |
| CMSPathValidationStatus | GetMinimumVerificationStatus () const |
| CPKIFPathSettingsPtr | GetPathSettings () const |
| int | GetSkew () const |
| CPKIFTimePtr | GetComparisonTime () const |
| void | SetDataComplete (CPKIFBufferPtr &origData) |
| void | SetDataHash (CPKIFBufferPtr &hash, PKIFCRYPTO::HASH_ALG ha) |
| void | SetDataHashSet (CPKIFParallelHashPtr &ph) |
| CPKIFBufferPtr | GetDataComplete () const |
| CPKIFBufferPtr | GetDataHash (PKIFCRYPTO::HASH_ALG &ha) const |
| CPKIFParallelHashPtr | GetDataHashSet () const |
| void | Verify (CPKIFContentInfoPtr ×tamp) |
| CMSVerificationStatus | GetVerificationStatus () const |
| CPKIFCertificatePathPtr | GetCertificatePath () const |
| CPKIFPathValidationResultsPtr | GetPathValidationResults () const |
| CPKIFCertificatePtr | GetTSACertificate () const |
| CPKIFTimePtr | GetTSADateTime () const |
Constructor & Destructor Documentation
| CPKIFTimestampVerifier::CPKIFTimestampVerifier | ( | ) |
Interface: External
This function creates and initializes an instance of CPKIFTimestampVerifier. The MinimumVerificationStatus property is initialized to PVS_REV_STATUS_VERIFIED, meaning any path validation status less than complete success will result in failure. The Skew property is set to 3600, meaning timestamps must contain a time within one hour of the comparison time.
- Returns:
- None
Definition at line 241 of file TimestampVerifier.cpp.
References LOG_STRING_DEBUG, NOT_VERIFIED, PVS_REV_STATUS_VERIFIED, and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
| CPKIFTimestampVerifier::~CPKIFTimestampVerifier | ( | ) |
Interface: External
This function destroys an instance of CPKIFTimestampVerifier.
- Returns:
- None
Definition at line 259 of file TimestampVerifier.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
Member Function Documentation
| void CPKIFTimestampVerifier::SetMediator | ( | IPKIFMediatorPtr & | m | ) |
Interface: External
This function is used to associate a mediator for use when verifying signatures, validating paths, determining revocation status, etc. in the course of verifying a timestamp.
- Returns:
- None
- Parameters:
-
m [in] Pointer to an IPKIFMediator object to use when verifying a timestamp, e.g. signature verification, certification path processing, revocation status determination, etc.
Definition at line 278 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::SetMinimumVerificationStatus | ( | CMSPathValidationStatus | v | ) |
Interface: External
This function is used to set the minimum path validation status that must be met when verifying a timestamp. It can be used to establish that path validation need not be performed or that revocation status need not be checked. When set to PVS_REV_STATUS_VERIFIED, a revoked TSA certificate is acceptable provided the revocation date occurs after the time contained in the timestamp.
- Returns:
- None
- Parameters:
-
v [in] CMSPathValidationStatus value indicating the minimum acceptable verification status
Definition at line 295 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::SetPathSettings | ( | CPKIFPathSettingsPtr & | p | ) |
Interface: External
This function is used to establish the path settings used when validating a path to the certificate of the TSA that issued the timestamp to verify. If path settings are not specified then the default path settings associated with the mediator object in use will be used. If no default settings have been associated with the mediator object then a default CPKIFPathSettings object will be used.
- Returns:
- None
- Parameters:
-
p [in] Reference to a CPKIFPathSettings object containing path settings to use when performing path processing operations in support of a timestamp verification operation
Definition at line 311 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::SetSkew | ( | int | seconds | ) |
Interface: External
This function is used to set the maximum skew from comparison time to the time in the timestamp. The comparison time is either time set via a call to SetComparisonTime or the current time if no time has been manually set.
- Returns:
- None
- Parameters:
-
seconds [in] Integer value representing the number of seconds to add to the comparison time to derive the acceptable time window for the timestamp being verified
Definition at line 326 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::SetComparisonTime | ( | CPKIFTimePtr & | time | ) |
Interface: External
This function is used to set the time against which the time in the timestamp should be compared.
- Returns:
- None
- Parameters:
-
time [in] Reference to a smart pointer to a CPKIFTime object containing a time value to use instead of the current time when verifying a timestamp (including path processing associated with the TSA certificate)
Definition at line 340 of file TimestampVerifier.cpp.
| IPKIFMediatorPtr CPKIFTimestampVerifier::GetMediator | ( | ) | const |
Interface: External
This function returns the current active mediator
- Returns:
- Smart pointer to IPKIFMediator object
Definition at line 874 of file TimestampVerifier.cpp.
Referenced by Verify().
| CMSPathValidationStatus CPKIFTimestampVerifier::GetMinimumVerificationStatus | ( | ) | const |
Interface: External
This function returns minimum verification status
- Returns:
- Minimum verification status
Definition at line 891 of file TimestampVerifier.cpp.
| CPKIFPathSettingsPtr CPKIFTimestampVerifier::GetPathSettings | ( | ) | const |
Interface: External
This function returns path settings
- Returns:
- Smart pointer to CPKIFPathSettings object containing path settings
Definition at line 902 of file TimestampVerifier.cpp.
| int CPKIFTimestampVerifier::GetSkew | ( | ) | const |
Interface: External
This function returns time skew
- Returns:
- Time skew
Definition at line 913 of file TimestampVerifier.cpp.
| CPKIFTimePtr CPKIFTimestampVerifier::GetComparisonTime | ( | ) | const |
Interface: External
This function returns comparison time
- Returns:
- Smart pointer to CPKIFTime object containing compaison time
Definition at line 924 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::SetDataComplete | ( | CPKIFBufferPtr & | origData | ) |
Interface: External
This function is used to specify the data against which a timestamp should be verified, i.e. the data corresponding to the message digest included in a TimeStampRequest.
- Returns:
- None
- Parameters:
-
origData [in] Reference to a smart pointer to a CPKIFBuffer object containing the entire contents of data against which a timestamp should be verif
Definition at line 412 of file TimestampVerifier.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
| void CPKIFTimestampVerifier::SetDataHash | ( | CPKIFBufferPtr & | hash, | |
| PKIFCRYPTO::HASH_ALG | ha | |||
| ) |
Interface: External
This function provides an alternative means of specifying the data against which a timestamp should be verified.
- Returns:
- None
- Parameters:
-
hash [in] Reference to a smart pointer to a CPKIFBuffer object containing the message digest of the data against which the timestamp should be verified ha [in] HASH_ALG value indicating the algorithm used to generate the message digest passed via the hash parameter
Definition at line 433 of file TimestampVerifier.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
| void CPKIFTimestampVerifier::SetDataHashSet | ( | CPKIFParallelHashPtr & | ph | ) |
Interface: External
This function provides an alternative means of specifying the data against which a timestamp should be verified. The ph object MUST contain a message digest generated with the hash algorithm identified in the timestamp token for verification to succeed.
- Returns:
- None
- Parameters:
-
ph [in] Reference to a smart pointer to a CPKIFParallelHash object containing one or more message digests of the data against which a timestamp should be verified
Definition at line 459 of file TimestampVerifier.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_TSP_TIMESTAMP_VERIFIER.
| CPKIFBufferPtr CPKIFTimestampVerifier::GetDataComplete | ( | ) | const |
Definition at line 929 of file TimestampVerifier.cpp.
| CPKIFBufferPtr CPKIFTimestampVerifier::GetDataHash | ( | PKIFCRYPTO::HASH_ALG & | ha | ) | const |
Interface: External
This function returns hash data and hash algorithm
- Returns:
- Smart pointer to CPKIFBuffer object containing hash data
- Parameters:
-
ha [out] Hash algorithm
Definition at line 940 of file TimestampVerifier.cpp.
| CPKIFParallelHashPtr CPKIFTimestampVerifier::GetDataHashSet | ( | ) | const |
Interface: External
This function returns hash data set
- Returns:
- Smart pointer to CPKIFParallelHash object containing hash data set
Definition at line 954 of file TimestampVerifier.cpp.
| void CPKIFTimestampVerifier::Verify | ( | CPKIFContentInfoPtr & | timestamp | ) |
Interface: External
This function is used to verify a timestamp. It takes two parameters: the timestamp to verify and a hash of the message for which the timestamp was obtained. The timestamp is verified per RFC 3161.
The Verify function will override any additional certificate checks that may have been associated with the path validator at runtime, i.e. via a call to SetAdditionalCertificateChecks.
If the messageHash parameter is NULL, a message digest will be calculated based the most recent call to one of the following functions: SetDataComplete, SetDataHash, SetHashSet.
This function may generate an exception containing one of the following error codes
- Returns:
- None
- Exceptions:
-
CPKIFTSPException(TSP_MISSING_REQUIRED_FIELD) CPKIFTSPException(TSP_MISSING_REQUIRED_EKU) CPKIFTSPException(TSP_HASH_MISMATCH) CPKIFTSPException(TSP_NOT_WITHIN_SKEN) CPKIFTSPException(TSP_NOT_WITHIN_VALIDITY_PERIOD) CPKIFTSPException(TSP_REVOCATION_DATE_PRECEDES_TIME) CPKIFTSPException(TSP_VERIFICATION_FAILED) CPKIFTSPException(COMMON_UNKNOWN_ERROR)
- Parameters:
-
timestamp [in] Reference to a smart pointer to a CPKIFContentInfo object containing the timestamp token to verify
Definition at line 499 of file TimestampVerifier.cpp.
References CPKIFSignedData::AddMediator(), COMMON_UNKNOWN_ERROR, COMMON_UNSUPPORTED_VERSION, CPKIFPeriod::contains(), CPKIFTime::CurrentTime(), CPKIFTSTInfo::Decode(), CPKIFSignedData::Decode(), EKUChecker_TimestampTSP(), g_anyEKU, g_timestampingEKU, GetCACHashAlg(), CPKIFSignedData::GetEncapsulatedContent(), CPKIFTSTInfo::GetGeneralizedTime(), GetMediator(), CPKIFSignedData::GetMediator(), CPKIFTSTInfo::GetMessageImprint(), CPKIFSignedData::GetPath(), CPKIFSignedData::GetSignerInfos(), CPKIFSignedData::GetSignersCert(), CPKIFSignedData::GetValidationResults(), CPKIFTSTInfo::GetVersion(), IPKIFCryptoMisc::HashFinal(), IPKIFCryptoMisc::HashInit(), IPKIFCryptoMisc::HashUpdate(), LOG_STRING_DEBUG, NOT_VERIFIED, CPKIFException::push_info(), REV_STATUS_INVALID, REVOKED, REVSOURCE_CRL, REVSOURCE_OCSP, IPKIFPathValidate::SetAdditionalCertificateChecks(), CPKIFSignedData::SetPathSettings(), GottaMatch< T >::SetRHS(), PKIFCRYPTO::SHA1, TOOLKIT_TSP_TIMESTAMP_VERIFIER, and CPKIFSignedData::Verify().
| CMSVerificationStatus CPKIFTimestampVerifier::GetVerificationStatus | ( | ) | const |
Interface: External
This function is used to retrieve the CMS verification status following a call to Verify.
- Returns:
- CMS verification status
Definition at line 356 of file TimestampVerifier.cpp.
| CPKIFCertificatePathPtr CPKIFTimestampVerifier::GetCertificatePath | ( | ) | const |
Interface: External
This function is used to retrieve a certificate path following a call to Verify
- Returns:
- A smart pointer to CPKIFCertificatePath object containing the certificate path
Definition at line 367 of file TimestampVerifier.cpp.
| CPKIFPathValidationResultsPtr CPKIFTimestampVerifier::GetPathValidationResults | ( | ) | const |
Interface: External
This function is used to retrieve path validation results following a call to Verify.
- Returns:
- A smart pointer to CPKIFPathValidationResults object containing the path validation results.
Definition at line 378 of file TimestampVerifier.cpp.
| CPKIFCertificatePtr CPKIFTimestampVerifier::GetTSACertificate | ( | ) | const |
Interface: External
This function is used to retrieve the certificate of the TSA that issued the timestamp verified by a previous call to Verify.
- Returns:
- A smart pointer to CPKIFCertificate object containing the TSA certificate.
Definition at line 389 of file TimestampVerifier.cpp.
| CPKIFTimePtr CPKIFTimestampVerifier::GetTSADateTime | ( | ) | const |
Interface: External
This function is used to the time specified by a timestamp following a call to Verify.
- Returns:
- smart pointer to CPKIFTime object containing the time specified by a timestamp
Definition at line 400 of file TimestampVerifier.cpp.
The documentation for this class was generated from the following files:
