Mixe for Privacy and Anonymity in the Internet
Public Member Functions | Static Public Member Functions | Private Attributes | List of all members
CACertStore Class Reference

#include <CACertStore.hpp>

Collaboration diagram for CACertStore:

Public Member Functions

 CACertStore ()
 
 ~CACertStore ()
 
SINT32 add (CACertificate *cert)
 Adds a COPY of a given certifcate to this CertStore. More...
 
CACertificategetFirst ()
 
CACertificategetNext ()
 
UINT32 getNumber ()
 
CACertificateverifyMixCert (DOMNode *mixNode)
 This function parses the certificates from a <Mix>-node and tries to build a certPath to the trusted root certificates loaded from the config file. More...
 
SINT32 encode (UINT8 *buff, UINT32 *bufflen, UINT32 type)
 
SINT32 encode (DOMElement *&elemnRoot, XERCES_CPP_NAMESPACE::DOMDocument *doc)
 Creates a XML DocumentFragment which represenst all the Certifcates in this CertStore. More...
 

Static Public Member Functions

static CACertStoredecode (UINT8 *buff, UINT32 bufflen, UINT32 type)
 
static CACertStoredecode (const DOMNode *node, UINT32 type)
 

Private Attributes

LP_CERTSTORE_ENTRY m_pCertList
 
UINT32 m_cCerts
 
LP_CERTSTORE_ENTRY m_pCurrent
 

Detailed Description

Definition at line 41 of file CACertStore.hpp.

Constructor & Destructor Documentation

◆ CACertStore()

CACertStore::CACertStore ( )

Definition at line 34 of file CACertStore.cpp.

35  {
36  m_pCertList=NULL;
37  m_cCerts=0;
38  m_pCurrent=NULL;
39  }
CACertStore::m_cCerts
UINT32 m_cCerts
Definition: CACertStore.hpp:57
CACertStore::m_pCurrent
LP_CERTSTORE_ENTRY m_pCurrent
Definition: CACertStore.hpp:58
CACertStore::m_pCertList
LP_CERTSTORE_ENTRY m_pCertList
Definition: CACertStore.hpp:56

References m_cCerts, m_pCertList, and m_pCurrent.

Referenced by decode().

Here is the caller graph for this function:

◆ ~CACertStore()

CACertStore::~CACertStore ( )

Definition at line 41 of file CACertStore.cpp.

42  {
43  LP_CERTSTORE_ENTRY tmp;
44  while(m_pCertList!=NULL)
45  {
46  delete m_pCertList->pCert;
47  m_pCertList->pCert = NULL;
48  tmp=m_pCertList;
49  m_pCertList=m_pCertList->next;
50  delete tmp;
51  tmp = NULL;
52  }
53  }
__t_certstore_list
Definition: CACertStore.hpp:34
__t_certstore_list::next
struct __t_certstore_list * next
Definition: CACertStore.hpp:36
__t_certstore_list::pCert
CACertificate * pCert
Definition: CACertStore.hpp:35

References m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

Member Function Documentation

◆ add()

SINT32 CACertStore::add ( CACertificate cert)

Adds a COPY of a given certifcate to this CertStore.

Parameters
certCertifcate of which a copy is added to this cert store
Return values
E_SUCCESSif successfull
E_UNKNOWNif not (for instance if cert==NULL)

Definition at line 60 of file CACertStore.cpp.

61  {
62  if(cert==NULL)
63  {
64  return E_UNKNOWN;
65  }
66  LP_CERTSTORE_ENTRY newEntry=new CERTSTORE_ENTRY;
67  newEntry->pCert=cert->clone();
68  newEntry->next=m_pCertList;
69  m_pCertList=newEntry;
70  m_cCerts++;
71  return E_SUCCESS;
72  }
CERTSTORE_ENTRY
struct __t_certstore_list CERTSTORE_ENTRY
Definition: CACertStore.hpp:38
CACertificate::clone
CACertificate * clone() const
Definition: CACertificate.hpp:53
E_SUCCESS
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
E_UNKNOWN
#define E_UNKNOWN
Definition: errorcodes.hpp:3

References CACertificate::clone(), E_SUCCESS, E_UNKNOWN, m_cCerts, m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

Referenced by decode(), CACmdLnOptions::setOwnCertificate(), and CACmdLnOptions::setTrustedRootCertificates().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ decode() [1/2]

CACertStore * CACertStore::decode ( const DOMNode *  node,
UINT32  type 
)
static

Definition at line 245 of file CACertStore.cpp.

246 {
247  switch(type)
248  {
249  case XML_X509DATA:
250  CACertStore* store = new CACertStore();
251  DOMNodeList* certs = ::getElementsByTagName((DOMElement*)node, "X509Certificate");
252 
253  for(UINT32 i=0; i<certs->getLength(); i++)
254  {
255  CACertificate* cert = CACertificate::decode(certs->item(i), CERT_X509CERTIFICATE);
256  if(cert != NULL)
257  {
258  store->add(cert);
259  }
260  }
261  return store;
262  }
263  return NULL;
264 }
XML_X509DATA
#define XML_X509DATA
Definition: CACertStore.hpp:32
CERT_X509CERTIFICATE
#define CERT_X509CERTIFICATE
Definition: CACertificate.hpp:34
getElementsByTagName
DOMNodeList * getElementsByTagName(DOMElement *pElem, const char *const name)
Definition: CAUtil.cpp:1711
UINT32
unsigned int UINT32
Definition: basetypedefs.h:131
CACertStore::add
SINT32 add(CACertificate *cert)
Adds a COPY of a given certifcate to this CertStore.
Definition: CACertStore.cpp:60
CACertificate::decode
static CACertificate * decode(const UINT8 *const buff, UINT32 bufflen, UINT32 type, const char *const passwd=NULL)
Extracts a certificate from an encoded (DER,XML) form.
Definition: CACertificate.cpp:154
type
UINT8 type
Definition: typedefs.hpp:1

References add(), CACertStore(), CERT_X509CERTIFICATE, CACertificate::decode(), getElementsByTagName(), type, and XML_X509DATA.

Here is the call graph for this function:

◆ decode() [2/2]

static CACertStore* CACertStore::decode ( UINT8 buff,
UINT32  bufflen,
UINT32  type 
)
static

Referenced by verifyMixCert().

Here is the caller graph for this function:

◆ encode() [1/2]

SINT32 CACertStore::encode ( DOMElement *&  elemRoot,
XERCES_CPP_NAMESPACE::DOMDocument *  doc 
)

Creates a XML DocumentFragment which represenst all the Certifcates in this CertStore.

Parameters
docFragon ouput holds the created DOMElement
docowner document of the new DOM_DocumentFragment
Return values
E_SUCCESSif successful
E_UNKNOWNotherwise

Definition at line 230 of file CACertStore.cpp.

231  {
232  elemRoot=createDOMElement(doc,"X509Data");
233  LP_CERTSTORE_ENTRY tmp;
234  tmp=m_pCertList;
235  while(tmp!=NULL)
236  {
237  DOMElement* tmpElem=NULL;
238  tmp->pCert->encode(tmpElem,doc);
239  elemRoot->appendChild(tmpElem);
240  tmp=tmp->next;
241  }
242  return E_SUCCESS;
243  }
createDOMElement
DOMElement * createDOMElement(XERCES_CPP_NAMESPACE::DOMDocument *pOwnerDoc, const char *const name)
Creates a new DOMElement with the given name which belongs to the DOMDocument owernDoc.
Definition: CAUtil.cpp:814
CACertificate::encode
SINT32 encode(UINT8 *buff, UINT32 *bufflen, UINT32 type) const
Definition: CACertificate.cpp:226

References createDOMElement(), E_SUCCESS, CACertificate::encode(), m_pCertList, __t_certstore_list::next, and __t_certstore_list::pCert.

Here is the call graph for this function:

◆ encode() [2/2]

SINT32 CACertStore::encode ( UINT8 buff,
UINT32 bufflen,
UINT32  type 
)

Definition at line 196 of file CACertStore.cpp.

197  {
198  switch (type)
199  {
200  case XML_X509DATA:
201  memcpy(buff,"<X509Data>",10);
202  UINT32 len=10;
203  LP_CERTSTORE_ENTRY tmp;
204  tmp=m_pCertList;
205  UINT32 space=*bufflen-10;
206  while(tmp!=NULL)
207  {
208  *bufflen=space;
209  tmp->pCert->encode(buff+len,bufflen,CERT_XML_X509CERTIFICATE);
210  len+=*bufflen;
211  space-=*bufflen;
212  tmp=tmp->next;
213  }
214  memcpy(buff+len,"</X509Data>",11);
215  len+=11;
216  *bufflen=len;
217  break;
218  }
219  return E_SUCCESS;
220  }
CERT_XML_X509CERTIFICATE
#define CERT_XML_X509CERTIFICATE
Definition: CACertificate.hpp:32
len
UINT16 len
Definition: typedefs.hpp:0

References CERT_XML_X509CERTIFICATE, E_SUCCESS, CACertificate::encode(), len, m_pCertList, __t_certstore_list::next, __t_certstore_list::pCert, type, and XML_X509DATA.

Referenced by CAMultiSignature::signXML().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getFirst()

CACertificate * CACertStore::getFirst ( )

Definition at line 74 of file CACertStore.cpp.

75 {
76  m_pCurrent = m_pCertList;
77  return m_pCurrent->pCert;
78 }

References m_pCertList, m_pCurrent, and __t_certstore_list::pCert.

Referenced by verifyMixCert().

Here is the caller graph for this function:

◆ getNext()

CACertificate * CACertStore::getNext ( )

Definition at line 80 of file CACertStore.cpp.

81 {
82  if(m_pCurrent != NULL)
83  {
84  m_pCurrent = m_pCurrent->next;
85  if(m_pCurrent != NULL && m_pCurrent != m_pCertList)
86  {
87  return m_pCurrent->pCert;
88  }
89  }
90  return NULL;
91 }

References m_pCertList, m_pCurrent, __t_certstore_list::next, and __t_certstore_list::pCert.

Referenced by verifyMixCert().

Here is the caller graph for this function:

◆ getNumber()

UINT32 CACertStore::getNumber ( )
inline

Definition at line 49 of file CACertStore.hpp.

49 {return m_cCerts;}

References m_cCerts.

Referenced by CACmdLnOptions::setOwnCertificate(), and CACmdLnOptions::setTrustedRootCertificates().

Here is the caller graph for this function:

◆ verifyMixCert()

CACertificate * CACertStore::verifyMixCert ( DOMNode *  mixNode)

This function parses the certificates from a <Mix>-node and tries to build a certPath to the trusted root certificates loaded from the config file.

The certificates are parsed from any <Signature>-node that is a direct child of <Mix> (MultiSignature compatible). The function will return a certificate in the following cases:

  • The certificate is signed by a root CA and there is no other certificate in the <Signature>-element.
  • The certificate is signed by another ceritificate of the same <Signature>-element which itself was issued by a root CA.
Parameters
mixNode- a <Mix>-Node containing one or more signatures
Returns
the first end certificate that has a certPath to a trusted root certificate or NULL if no cert was found (or something went wrong)

Definition at line 110 of file CACertStore.cpp.

111 {
112  UINT32 signatureElementsCount = MAX_SIGNATURE_ELEMENTS;
113  DOMNode* signatureElements[MAX_SIGNATURE_ELEMENTS];
114  DOMNode* x509Data;
115  CACertStore* certPath;
116  CACertificate* trustedCert;
117  CACertificate* cert;
118  CACertificate* mixCert;
119 
120  //try to decode the certificates from the Signature elements
121  if(mixNode == NULL || m_pCertList == NULL)
122  {
123  CAMsg::printMsg(LOG_DEBUG , "Error initializing verification.\n");
124  return NULL;
125  }
126  getSignatureElements((DOMElement*)mixNode, signatureElements, &signatureElementsCount);
127  if(signatureElementsCount < 1)
128  {
129  CAMsg::printMsg(LOG_DEBUG , "Error no Signature-Node found!\n");
130  return NULL;
131  }
132  //try to find a valid cert in one of the signature Elements
133  for(UINT32 i=0; i<signatureElementsCount; i++)
134  {
135  getDOMChildByName(signatureElements[i], "X509Data", x509Data, true);
136  if(x509Data == NULL)
137  {
138  CAMsg::printMsg(LOG_DEBUG , "Error X509Data-Node is NULL!\n");
139  continue;
140  }
141  certPath = CACertStore::decode(x509Data, XML_X509DATA);
142  if(certPath == NULL)
143  {
144  continue;
145  }
146 
147  //now try to find a cert that was signed by a trusted CA
148  trustedCert = getFirst();
149 
150  while(trustedCert != NULL)
151  {
152  cert = certPath->getFirst();
153  while(cert != NULL)
154  {
155  if(cert->verify(trustedCert) == E_SUCCESS)
156  {
157  break;
158  }
159  cert = certPath->getNext();
160  }
161  if(cert != NULL)
162  {
163  break;
164  }
165  trustedCert = getNext();
166  }
167  if(trustedCert != NULL && cert != NULL)
168  {
169  //we found a verified cert
170  if(certPath->m_cCerts > 1)
171  {
172  //try to build a longer certPath
173  mixCert = certPath->getFirst();
174  while(mixCert != NULL)
175  {
176  if(mixCert->verify(cert) == E_SUCCESS)
177  {
178  break;
179  }
180  mixCert = certPath->getNext();
181  }
182  if(mixCert != NULL)
183  {
184  return mixCert;
185  }
186  }
187  else //tricky because there might be a longer certPath in another Signature Element
188  {
189  return cert;
190  }
191  }
192  }
193  return NULL;
194 }
getDOMChildByName
SINT32 getDOMChildByName(const DOMNode *pNode, const char *const name, DOMElement *&child, bool deep)
Definition: CAUtil.cpp:458
getSignatureElements
SINT32 getSignatureElements(DOMNode *parent, DOMNode **signatureNodes, UINT32 *length)
Definition: CAUtil.cpp:496
MAX_SIGNATURE_ELEMENTS
#define MAX_SIGNATURE_ELEMENTS
Definition: StdAfx.h:220
CACertStore::getNext
CACertificate * getNext()
Definition: CACertStore.cpp:80
CACertStore::decode
static CACertStore * decode(UINT8 *buff, UINT32 bufflen, UINT32 type)
CACertStore::getFirst
CACertificate * getFirst()
Definition: CACertStore.cpp:74
CACertificate::verify
SINT32 verify(const CACertificate *a_cert) const
Definition: CACertificate.cpp:363
CAMsg::printMsg
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251

References decode(), E_SUCCESS, getDOMChildByName(), getFirst(), getNext(), getSignatureElements(), m_cCerts, m_pCertList, MAX_SIGNATURE_ELEMENTS, CAMsg::printMsg(), CACertificate::verify(), and XML_X509DATA.

Referenced by CALastMix::processKeyExchange(), and CAMiddleMix::processKeyExchange().

Here is the call graph for this function:
Here is the caller graph for this function:

Member Data Documentation

◆ m_cCerts

UINT32 CACertStore::m_cCerts
private

Definition at line 57 of file CACertStore.hpp.

Referenced by add(), CACertStore(), getNumber(), and verifyMixCert().

◆ m_pCertList

LP_CERTSTORE_ENTRY CACertStore::m_pCertList
private

Definition at line 56 of file CACertStore.hpp.

Referenced by add(), CACertStore(), encode(), getFirst(), getNext(), verifyMixCert(), and ~CACertStore().

◆ m_pCurrent

LP_CERTSTORE_ENTRY CACertStore::m_pCurrent
private

Definition at line 58 of file CACertStore.hpp.

Referenced by CACertStore(), getFirst(), and getNext().

The documentation for this class was generated from the following files:
Generated on Sat Jul 22 2023 00:20:19 for Mixe for Privacy and Anonymity in the Internet by doxygen 1.9.1