Mixe for Privacy and Anonymity in the Internet
CACertStore.cpp
Go to the documentation of this file.
1 /*
2 Copyright (c) 2000, The JAP-Team
3 All rights reserved.
4 Redistribution and use in source and binary forms, with or without modification,
5 are permitted provided that the following conditions are met:
6 
7  - Redistributions of source code must retain the above copyright notice,
8  this list of conditions and the following disclaimer.
9 
10  - Redistributions in binary form must reproduce the above copyright notice,
11  this list of conditions and the following disclaimer in the documentation and/or
12  other materials provided with the distribution.
13 
14  - Neither the name of the University of Technology Dresden, Germany nor the names of its contributors
15  may be used to endorse or promote products derived from this software without specific
16  prior written permission.
17 
18 
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
20 OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
22 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
27 */
28 #include "StdAfx.h"
29 #if !defined ONLY_LOCAL_PROXY || defined INCLUDE_MIDDLE_MIX
30 #include "CACertStore.hpp"
31 #include "CAUtil.hpp"
32 #include "CAMsg.hpp"
33 
34 CACertStore::CACertStore()
35  {
36  m_pCertList=NULL;
37  m_cCerts=0;
38  m_pCurrent=NULL;
39  }
40 
41 CACertStore::~CACertStore()
42  {
43  LP_CERTSTORE_ENTRY tmp;
44  while(m_pCertList!=NULL)
45  {
46  delete m_pCertList->pCert;
47  m_pCertList->pCert = NULL;
48  tmp=m_pCertList;
49  m_pCertList=m_pCertList->next;
50  delete tmp;
51  tmp = NULL;
52  }
53  }
54 
60 SINT32 CACertStore::add(CACertificate* cert)
61  {
62  if(cert==NULL)
63  {
64  return E_UNKNOWN;
65  }
66  LP_CERTSTORE_ENTRY newEntry=new CERTSTORE_ENTRY;
67  newEntry->pCert=cert->clone();
68  newEntry->next=m_pCertList;
69  m_pCertList=newEntry;
70  m_cCerts++;
71  return E_SUCCESS;
72  }
73 
74 CACertificate* CACertStore::getFirst()
75 {
76  m_pCurrent = m_pCertList;
77  return m_pCurrent->pCert;
78 }
79 
80 CACertificate* CACertStore::getNext()
81 {
82  if(m_pCurrent != NULL)
83  {
84  m_pCurrent = m_pCurrent->next;
85  if(m_pCurrent != NULL && m_pCurrent != m_pCertList)
86  {
87  return m_pCurrent->pCert;
88  }
89  }
90  return NULL;
91 }
92 
110 CACertificate* CACertStore::verifyMixCert(DOMNode* mixNode)
111 {
112  UINT32 signatureElementsCount = MAX_SIGNATURE_ELEMENTS;
113  DOMNode* signatureElements[MAX_SIGNATURE_ELEMENTS];
114  DOMNode* x509Data;
115  CACertStore* certPath;
116  CACertificate* trustedCert;
117  CACertificate* cert;
118  CACertificate* mixCert;
119 
120  //try to decode the certificates from the Signature elements
121  if(mixNode == NULL || m_pCertList == NULL)
122  {
123  CAMsg::printMsg(LOG_DEBUG , "Error initializing verification.\n");
124  return NULL;
125  }
126  getSignatureElements((DOMElement*)mixNode, signatureElements, &signatureElementsCount);
127  if(signatureElementsCount < 1)
128  {
129  CAMsg::printMsg(LOG_DEBUG , "Error no Signature-Node found!\n");
130  return NULL;
131  }
132  //try to find a valid cert in one of the signature Elements
133  for(UINT32 i=0; i<signatureElementsCount; i++)
134  {
135  getDOMChildByName(signatureElements[i], "X509Data", x509Data, true);
136  if(x509Data == NULL)
137  {
138  CAMsg::printMsg(LOG_DEBUG , "Error X509Data-Node is NULL!\n");
139  continue;
140  }
141  certPath = CACertStore::decode(x509Data, XML_X509DATA);
142  if(certPath == NULL)
143  {
144  continue;
145  }
146 
147  //now try to find a cert that was signed by a trusted CA
148  trustedCert = getFirst();
149 
150  while(trustedCert != NULL)
151  {
152  cert = certPath->getFirst();
153  while(cert != NULL)
154  {
155  if(cert->verify(trustedCert) == E_SUCCESS)
156  {
157  break;
158  }
159  cert = certPath->getNext();
160  }
161  if(cert != NULL)
162  {
163  break;
164  }
165  trustedCert = getNext();
166  }
167  if(trustedCert != NULL && cert != NULL)
168  {
169  //we found a verified cert
170  if(certPath->m_cCerts > 1)
171  {
172  //try to build a longer certPath
173  mixCert = certPath->getFirst();
174  while(mixCert != NULL)
175  {
176  if(mixCert->verify(cert) == E_SUCCESS)
177  {
178  break;
179  }
180  mixCert = certPath->getNext();
181  }
182  if(mixCert != NULL)
183  {
184  return mixCert;
185  }
186  }
187  else //tricky because there might be a longer certPath in another Signature Element
188  {
189  return cert;
190  }
191  }
192  }
193  return NULL;
194 }
195 
196 SINT32 CACertStore::encode(UINT8* buff,UINT32* bufflen,UINT32 type)
197  {
198  switch (type)
199  {
200  case XML_X509DATA:
201  memcpy(buff,"<X509Data>",10);
202  UINT32 len=10;
203  LP_CERTSTORE_ENTRY tmp;
204  tmp=m_pCertList;
205  UINT32 space=*bufflen-10;
206  while(tmp!=NULL)
207  {
208  *bufflen=space;
209  tmp->pCert->encode(buff+len,bufflen,CERT_XML_X509CERTIFICATE);
210  len+=*bufflen;
211  space-=*bufflen;
212  tmp=tmp->next;
213  }
214  memcpy(buff+len,"</X509Data>",11);
215  len+=11;
216  *bufflen=len;
217  break;
218  }
219  return E_SUCCESS;
220  }
221 
230 SINT32 CACertStore::encode(DOMElement* & elemRoot,XERCES_CPP_NAMESPACE::DOMDocument* doc)
231  {
232  elemRoot=createDOMElement(doc,"X509Data");
233  LP_CERTSTORE_ENTRY tmp;
234  tmp=m_pCertList;
235  while(tmp!=NULL)
236  {
237  DOMElement* tmpElem=NULL;
238  tmp->pCert->encode(tmpElem,doc);
239  elemRoot->appendChild(tmpElem);
240  tmp=tmp->next;
241  }
242  return E_SUCCESS;
243  }
244 
245 CACertStore* CACertStore::decode(const DOMNode* node, UINT32 type)
246 {
247  switch(type)
248  {
249  case XML_X509DATA:
250  CACertStore* store = new CACertStore();
251  DOMNodeList* certs = ::getElementsByTagName((DOMElement*)node, "X509Certificate");
252 
253  for(UINT32 i=0; i<certs->getLength(); i++)
254  {
255  CACertificate* cert = CACertificate::decode(certs->item(i), CERT_X509CERTIFICATE);
256  if(cert != NULL)
257  {
258  store->add(cert);
259  }
260  }
261  return store;
262  }
263  return NULL;
264 }
265 #endif //ONLY_LOCAL_PROXY
CERTSTORE_ENTRY
struct __t_certstore_list CERTSTORE_ENTRY
Definition: CACertStore.hpp:38
XML_X509DATA
#define XML_X509DATA
Definition: CACertStore.hpp:32
CERT_X509CERTIFICATE
#define CERT_X509CERTIFICATE
Definition: CACertificate.hpp:34
CERT_XML_X509CERTIFICATE
#define CERT_XML_X509CERTIFICATE
Definition: CACertificate.hpp:32
getElementsByTagName
DOMNodeList * getElementsByTagName(DOMElement *pElem, const char *const name)
Definition: CAUtil.cpp:1711
createDOMElement
DOMElement * createDOMElement(XERCES_CPP_NAMESPACE::DOMDocument *pOwnerDoc, const char *const name)
Creates a new DOMElement with the given name which belongs to the DOMDocument owernDoc.
Definition: CAUtil.cpp:814
getDOMChildByName
SINT32 getDOMChildByName(const DOMNode *pNode, const char *const name, DOMElement *&child, bool deep)
Definition: CAUtil.cpp:458
getSignatureElements
SINT32 getSignatureElements(DOMNode *parent, DOMNode **signatureNodes, UINT32 *length)
Definition: CAUtil.cpp:496
MAX_SIGNATURE_ELEMENTS
#define MAX_SIGNATURE_ELEMENTS
Definition: StdAfx.h:220
SINT32
signed int SINT32
Definition: basetypedefs.h:132
UINT8
unsigned char UINT8
Definition: basetypedefs.h:135
UINT32
unsigned int UINT32
Definition: basetypedefs.h:131
CACertStore::m_cCerts
UINT32 m_cCerts
Definition: CACertStore.hpp:57
CACertStore::getNext
CACertificate * getNext()
Definition: CACertStore.cpp:80
CACertStore::encode
SINT32 encode(UINT8 *buff, UINT32 *bufflen, UINT32 type)
Definition: CACertStore.cpp:196
CACertStore::verifyMixCert
CACertificate * verifyMixCert(DOMNode *mixNode)
This function parses the certificates from a <Mix>-node and tries to build a certPath to the trusted ...
Definition: CACertStore.cpp:110
CACertStore::m_pCurrent
LP_CERTSTORE_ENTRY m_pCurrent
Definition: CACertStore.hpp:58
CACertStore::decode
static CACertStore * decode(UINT8 *buff, UINT32 bufflen, UINT32 type)
CACertStore::getFirst
CACertificate * getFirst()
Definition: CACertStore.cpp:74
CACertStore::add
SINT32 add(CACertificate *cert)
Adds a COPY of a given certifcate to this CertStore.
Definition: CACertStore.cpp:60
CACertStore::m_pCertList
LP_CERTSTORE_ENTRY m_pCertList
Definition: CACertStore.hpp:56
CACertificate::encode
SINT32 encode(UINT8 *buff, UINT32 *bufflen, UINT32 type) const
Definition: CACertificate.cpp:226
CACertificate::clone
CACertificate * clone() const
Definition: CACertificate.hpp:53
CACertificate::verify
SINT32 verify(const CACertificate *a_cert) const
Definition: CACertificate.cpp:363
CACertificate::decode
static CACertificate * decode(const UINT8 *const buff, UINT32 bufflen, UINT32 type, const char *const passwd=NULL)
Extracts a certificate from an encoded (DER,XML) form.
Definition: CACertificate.cpp:154
CAMsg::printMsg
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
E_SUCCESS
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
E_UNKNOWN
#define E_UNKNOWN
Definition: errorcodes.hpp:3
__t_certstore_list
Definition: CACertStore.hpp:34
__t_certstore_list::next
struct __t_certstore_list * next
Definition: CACertStore.hpp:36
__t_certstore_list::pCert
CACertificate * pCert
Definition: CACertStore.hpp:35
type
UINT8 type
Definition: typedefs.hpp:1
len
UINT16 len
Definition: typedefs.hpp:0
Generated on Sat Jul 22 2023 00:20:07 for Mixe for Privacy and Anonymity in the Internet by doxygen 1.9.1