#include <CACertStore.hpp>

Collaboration diagram for CACertStore:

Public Member Functions
	CACertStore ()
	~CACertStore ()
SINT32	add (CACertificate *cert)
	Adds a COPY of a given certifcate to this CertStore.
CACertificate *	getFirst ()
CACertificate *	getNext ()
UINT32	getNumber ()
CACertificate *	verifyMixCert (DOMNode *mixNode)
	This function parses the certificates from a <Mix>-node and tries to build a certPath to the trusted root certificates loaded from the config file.
SINT32	encode (UINT8 buff, UINT32 bufflen, UINT32 type)
SINT32	encode (DOMElement &elemnRoot, XERCES_CPP_NAMESPACE::DOMDocument doc)
	Creates a XML DocumentFragment which represenst all the Certifcates in this CertStore.
Static Public Member Functions
static CACertStore *	decode (UINT8 *buff, UINT32 bufflen, UINT32 type)
static CACertStore *	decode (const DOMNode *node, UINT32 type)
Private Attributes
LP_CERTSTORE_ENTRY	m_pCertList
UINT32	m_cCerts
LP_CERTSTORE_ENTRY	m_pCurrent

Detailed Description

Definition at line 41 of file CACertStore.hpp.

Constructor & Destructor Documentation

CACertStore::CACertStore ( )

Definition at line 34 of file CACertStore.cpp.

References m_cCerts, m_pCertList, and m_pCurrent.

Referenced by decode().

  {
    m_pCertList=NULL;
    m_cCerts=0;
    m_pCurrent=NULL;
  }

CACertStore::~CACertStore ( )

Definition at line 41 of file CACertStore.cpp.

References m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

  {
    LP_CERTSTORE_ENTRY tmp;
    while(m_pCertList!=NULL)
      {
        delete m_pCertList->pCert;
        m_pCertList->pCert = NULL;
        tmp=m_pCertList;
        m_pCertList=m_pCertList->next;
        delete tmp;
        tmp = NULL;
      }
  }

Member Function Documentation

SINT32 CACertStore::add ( CACertificate * cert )

Adds a COPY of a given certifcate to this CertStore.

Parameters:

cert	Certifcate of which a copy is added to this cert store

Return values:

E_SUCCESS	if successfull
E_UNKNOWN	if not (for instance if cert==NULL)

Definition at line 60 of file CACertStore.cpp.

References CACertificate::clone(), E_SUCCESS, E_UNKNOWN, m_cCerts, m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

Referenced by decode(), CACmdLnOptions::setOwnCertificate(), and CACmdLnOptions::setTrustedRootCertificates().

  {
    if(cert==NULL)
    {
      return E_UNKNOWN;
    }
    LP_CERTSTORE_ENTRY newEntry=new CERTSTORE_ENTRY;
    newEntry->pCert=cert->clone();
    newEntry->next=m_pCertList;
    m_pCertList=newEntry;
    m_cCerts++;
    return E_SUCCESS;
  }

Here is the call graph for this function:

static CACertStore* CACertStore::decode	(	UINT8 *	buff,
		UINT32	bufflen,
		UINT32	type
	)		`[static]`

Referenced by decode(), and verifyMixCert().

CACertStore * CACertStore::decode	(	const DOMNode *	node,
		UINT32	type
	)		`[static]`

Definition at line 245 of file CACertStore.cpp.

References add(), CACertStore(), CERT_X509CERTIFICATE, decode(), getElementsByTagName(), and XML_X509DATA.

{
  switch(type)
  {
    case XML_X509DATA:
      CACertStore* store = new CACertStore();
      DOMNodeList* certs = getElementsByTagName((DOMElement*)node, "X509Certificate");

      for(UINT32 i=0; i<certs->getLength(); i++)
      {
        CACertificate* cert = CACertificate::decode(certs->item(i), CERT_X509CERTIFICATE);
        if(cert != NULL)
        {
          store->add(cert);
        }
      }
      return store;
  }
  return NULL;
}

Here is the call graph for this function:

SINT32 CACertStore::encode	(	UINT8 *	buff,
		UINT32 *	bufflen,
		UINT32	type
	)

Definition at line 196 of file CACertStore.cpp.

References CERT_XML_X509CERTIFICATE, E_SUCCESS, CACertificate::encode(), len, m_pCertList, __t_certstore_list::next, __t_certstore_list::pCert, and XML_X509DATA.

Referenced by CAMultiSignature::signXML().

  {
    switch (type)
      {
        case XML_X509DATA:
          memcpy(buff,"<X509Data>",10);
          UINT32 len=10;
          LP_CERTSTORE_ENTRY tmp;
          tmp=m_pCertList;
          UINT32 space=*bufflen-10;
          while(tmp!=NULL)
            {
              *bufflen=space;
              tmp->pCert->encode(buff+len,bufflen,CERT_XML_X509CERTIFICATE);
              len+=*bufflen;
              space-=*bufflen;
              tmp=tmp->next;
            }
          memcpy(buff+len,"</X509Data>",11);
          len+=11;
          *bufflen=len;
        break;
      }
    return E_SUCCESS;
  }

Here is the call graph for this function:

SINT32 CACertStore::encode	(	DOMElement *&	elemRoot,
		XERCES_CPP_NAMESPACE::DOMDocument *	doc
	)

Creates a XML DocumentFragment which represenst all the Certifcates in this CertStore.

Parameters:

docFrag	on ouput holds the created DOMElement
doc	owner document of the new DOM_DocumentFragment

Return values:

E_SUCCESS	if successful
E_UNKNOWN	otherwise

Definition at line 230 of file CACertStore.cpp.

References createDOMElement(), E_SUCCESS, CACertificate::encode(), m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

  {
    elemRoot=createDOMElement(doc,"X509Data");
    LP_CERTSTORE_ENTRY tmp;
    tmp=m_pCertList;
    while(tmp!=NULL)
      {
        DOMElement* tmpElem=NULL;
        tmp->pCert->encode(tmpElem,doc);
        elemRoot->appendChild(tmpElem);
        tmp=tmp->next;
      }
    return E_SUCCESS;
  }

Here is the call graph for this function:

CACertificate * CACertStore::getFirst ( )

Definition at line 74 of file CACertStore.cpp.

References m_pCertList, m_pCurrent, and __t_certstore_list::pCert.

Referenced by verifyMixCert().

{
  m_pCurrent = m_pCertList;
  return m_pCurrent->pCert;
}

CACertificate * CACertStore::getNext ( )

Definition at line 80 of file CACertStore.cpp.

References m_pCertList, m_pCurrent, __t_certstore_list::next, and __t_certstore_list::pCert.

Referenced by verifyMixCert().

{
  if(m_pCurrent != NULL)
  {
    m_pCurrent = m_pCurrent->next;
    if(m_pCurrent != NULL && m_pCurrent != m_pCertList)
    {
      return m_pCurrent->pCert;
    }
  }
  return NULL;
}

UINT32 CACertStore::getNumber ( ) [inline]

Definition at line 49 of file CACertStore.hpp.

References m_cCerts.

Referenced by CACmdLnOptions::setOwnCertificate(), and CACmdLnOptions::setTrustedRootCertificates().

{return m_cCerts;}

CACertificate * CACertStore::verifyMixCert ( DOMNode * mixNode )

This function parses the certificates from a <Mix>-node and tries to build a certPath to the trusted root certificates loaded from the config file.

The certificates are parsed from any <Signature>-node that is a direct child of <Mix> (MultiSignature compatible). The function will return a certificate in the following cases:

The certificate is signed by a root CA and there is no other certificate in the <Signature>-element.
The certificate is signed by another ceritificate of the same <Signature>-element which itself was issued by a root CA.

Parameters:

mixNode - a <Mix>-Node containing one or more signatures

Returns:: the first end certificate that has a certPath to a trusted root certificate or NULL if no cert was found (or something went wrong)

Definition at line 110 of file CACertStore.cpp.

References decode(), E_SUCCESS, getDOMChildByName(), getFirst(), getNext(), getSignatureElements(), m_cCerts, m_pCertList, MAX_SIGNATURE_ELEMENTS, CAMsg::printMsg(), CACertificate::verify(), and XML_X509DATA.

Referenced by CAMiddleMix::processKeyExchange(), CALastMix::processKeyExchange(), and CAFirstMix::processKeyExchange().

{
  UINT32 signatureElementsCount = MAX_SIGNATURE_ELEMENTS;
  DOMNode* signatureElements[MAX_SIGNATURE_ELEMENTS];
  DOMNode* x509Data;
  CACertStore* certPath;
  CACertificate* trustedCert;
  CACertificate* cert;
  CACertificate* mixCert;

  //try to decode the certificates from the Signature elements
  if(mixNode == NULL || m_pCertList == NULL)
  {
    CAMsg::printMsg(LOG_DEBUG , "Error initializing verification.\n");
    return NULL;
  }
  getSignatureElements((DOMElement*)mixNode, signatureElements, &signatureElementsCount);
  if(signatureElementsCount < 1)
  {
    CAMsg::printMsg(LOG_DEBUG , "Error no Signature-Node found!\n");
    return NULL;
  }
  //try to find a valid cert in one of the signature Elements
  for(UINT32 i=0; i<signatureElementsCount; i++)
  {
    getDOMChildByName(signatureElements[i], "X509Data", x509Data, true);
    if(x509Data == NULL)
    {
      CAMsg::printMsg(LOG_DEBUG , "Error X509Data-Node is NULL!\n");
      continue;
    }
    certPath = CACertStore::decode(x509Data, XML_X509DATA);
    if(certPath == NULL)
    {
      continue;
    }

    //now try to find a cert that was signed by a trusted CA
    trustedCert = getFirst();

    while(trustedCert != NULL)
    {
      cert = certPath->getFirst();
      while(cert != NULL)
      {
        if(cert->verify(trustedCert) == E_SUCCESS)
        {
          break;
        }
        cert = certPath->getNext();
      }
      if(cert != NULL)
      {
        break;
      }
      trustedCert = getNext();
    }
    if(trustedCert != NULL && cert != NULL)
    {
      //we found a verified cert
      if(certPath->m_cCerts > 1)
      {
        //try to build a longer certPath
        mixCert = certPath->getFirst();
        while(mixCert != NULL)
        {
          if(mixCert->verify(cert) == E_SUCCESS)
          {
            break;
          }
          mixCert = certPath->getNext();
        }
        if(mixCert != NULL)
        {
          return mixCert;
        }
      }
      else //tricky because there might be a longer certPath in another Signature Element
      {
        return cert;
      }
    }
  }
  return NULL;
}