r3082 - in trunk/libmikey: include/libmikey keyagreement mikey
mikma at minisip.org
mikma at minisip.org
Wed Jan 3 23:09:48 CET 2007
Author: mikma
Date: 2007-01-03 23:09:47 +0100 (Wed, 03 Jan 2007)
New Revision: 3082
Modified:
trunk/libmikey/include/libmikey/MikeyMessage.h
trunk/libmikey/include/libmikey/keyagreement_dh.h
trunk/libmikey/keyagreement/keyagreement_dh.cxx
trunk/libmikey/mikey/MikeyMessage.cxx
trunk/libmikey/mikey/MikeyMessageDH.cxx
Log:
* Move MIKEY KeyAgreement certificates to a new class (PeerCertificates),
which can be reused for all MIKEY methods which needs certificates. I.e.
DH, PK and RSA-R.
* Add extractCertificateChain and const payload iterators to MikeyPayloads
Modified: trunk/libmikey/include/libmikey/MikeyMessage.h
===================================================================
--- trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-03 19:27:29 UTC (rev 3081)
+++ trunk/libmikey/include/libmikey/MikeyMessage.h 2007-01-03 22:09:47 UTC (rev 3082)
@@ -90,10 +90,15 @@
int encrAlg, int macAlg,
bool kemacOnly = false );
+ MRef<certificate_chain*> extractCertificateChain() const;
+
std::string debugDump();
byte_t * rawMessageData();
int rawMessageLength();
+ std::list<MikeyPayload *>::const_iterator firstPayload() const;
+ std::list<MikeyPayload *>::const_iterator lastPayload() const;
+
std::list<MikeyPayload *>::iterator firstPayload();
std::list<MikeyPayload *>::iterator lastPayload();
Modified: trunk/libmikey/include/libmikey/keyagreement_dh.h
===================================================================
--- trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-03 19:27:29 UTC (rev 3081)
+++ trunk/libmikey/include/libmikey/keyagreement_dh.h 2007-01-03 22:09:47 UTC (rev 3082)
@@ -40,8 +40,27 @@
class ca_db;
class SipSim;
-class LIBMIKEY_API KeyAgreementDH : public KeyAgreement{
+class LIBMIKEY_API PeerCertificates {
public:
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<ca_db *> aCaDb );
+ PeerCertificates( MRef<certificate_chain*> aCert,
+ MRef<certificate_chain*> aPeerCert );
+ virtual ~PeerCertificates();
+ virtual MRef<certificate_chain *> certificateChain();
+ virtual MRef<certificate_chain *> peerCertificateChain();
+ virtual void setPeerCertificateChain( MRef<certificate_chain *> chain );
+ virtual int controlPeerCertificate();
+
+ private:
+ MRef<certificate_chain *> certChainPtr;
+ MRef<certificate_chain *> peerCertChainPtr;
+ MRef<ca_db *> certDbPtr;
+};
+
+class LIBMIKEY_API KeyAgreementDH : public KeyAgreement,
+ public PeerCertificates{
+ public:
KeyAgreementDH( MRef<certificate_chain *> cert,
MRef<ca_db *> ca_db );
KeyAgreementDH( MRef<certificate_chain *> cert,
@@ -65,11 +84,6 @@
int publicKeyLength();
byte_t * publicKey();
- MRef<certificate_chain *> certificateChain();
- MRef<certificate_chain *> peerCertificateChain();
- void addPeerCertificate( MRef<certificate *> cert );
- int controlPeerCertificate();
-
MikeyMessage* createMessage();
MRef<SipSim*> getSim();
@@ -79,9 +93,6 @@
OakleyDH * dh;
byte_t * peerKeyPtr;
int peerKeyLengthValue;
- MRef<certificate_chain *> certChainPtr;
- MRef<certificate_chain *> peerCertChainPtr;
- MRef<ca_db *> certDbPtr;
MRef<SipSim *> sim;
};
Modified: trunk/libmikey/keyagreement/keyagreement_dh.cxx
===================================================================
--- trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-03 19:27:29 UTC (rev 3081)
+++ trunk/libmikey/keyagreement/keyagreement_dh.cxx 2007-01-03 22:09:47 UTC (rev 3082)
@@ -32,34 +32,52 @@
using namespace std;
+//
+// PeerCertificates
+//
+PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
+ MRef<ca_db *> aCaDb ):
+ certChainPtr( aCert ),
+ certDbPtr( aCaDb )
+{
+ peerCertChainPtr = certificate_chain::create();
+}
+
+PeerCertificates::PeerCertificates( MRef<certificate_chain *> aCert,
+ MRef<certificate_chain *> aPeerCert ):
+ certChainPtr( aCert ),
+ peerCertChainPtr( aPeerCert )
+{
+}
+
+PeerCertificates::~PeerCertificates(){
+}
+
+//
+// KeyAgreementDH
+//
KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
MRef<ca_db *> certDbPtr ):
KeyAgreement(),
+ PeerCertificates( certChainPtr, certDbPtr ),
useSim(false),
peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 ),
- certChainPtr( certChainPtr ),
- certDbPtr( certDbPtr )
+ peerKeyLengthValue( 0 )
{
//policy = list<Policy_type *>::list();
dh = new OakleyDH();
- peerCertChainPtr = certificate_chain::create();
-
}
KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s ):
KeyAgreement(),
+ PeerCertificates( s->getCertificateChain(), s->getCAs() ),
useSim(true),
peerKeyPtr( NULL ),
peerKeyLengthValue( 0 ),
- certChainPtr( NULL ),
- certDbPtr( NULL ),
sim(s)
{
//policy = list<Policy_type *>::list();
dh = new OakleyDH();
- peerCertChainPtr = certificate_chain::create();
-
}
KeyAgreementDH::~KeyAgreementDH(){
@@ -72,12 +90,11 @@
KeyAgreementDH::KeyAgreementDH( MRef<certificate_chain *> certChainPtr,
MRef<ca_db *> certDbPtr, int groupValue ):
+ PeerCertificates( certChainPtr, certDbPtr ),
useSim(false),
peerKeyPtr( NULL ),
- peerKeyLengthValue( 0 ),
- certChainPtr( certChainPtr ),
- peerCertChainPtr( NULL ),
- certDbPtr( certDbPtr ){
+ peerKeyLengthValue( 0 )
+{
//policy = list<Policy_type *>::list();
dh = new OakleyDH();
if( dh == NULL )
@@ -90,17 +107,14 @@
throw MikeyException( "Could not set the "
"DH group." );
}
- peerCertChainPtr = certificate_chain::create();
}
KeyAgreementDH::KeyAgreementDH( MRef<SipSim*> s, int groupValue ):
+ PeerCertificates( s->getCertificateChain(), s->getCAs() ),
useSim(true),
peerKeyPtr( NULL ),
peerKeyLengthValue( 0 ),
- certChainPtr( NULL ),
- peerCertChainPtr( NULL ),
- certDbPtr( NULL ),
sim(s)
{
//policy = list<Policy_type *>::list();
@@ -115,7 +129,6 @@
throw MikeyException( "Could not set the "
"DH group." );
}
- peerCertChainPtr = certificate_chain::create();
}
int32_t KeyAgreementDH::type(){
@@ -179,29 +192,19 @@
return peerKeyPtr;
}
-MRef<certificate_chain *> KeyAgreementDH::certificateChain(){
- if (useSim){
- return sim->getCertificateChain();
- }else{
- return certChainPtr;
- }
+MRef<certificate_chain *> PeerCertificates::certificateChain(){
+ return certChainPtr;
}
-MRef<certificate_chain *> KeyAgreementDH::peerCertificateChain(){
+MRef<certificate_chain *> PeerCertificates::peerCertificateChain(){
return peerCertChainPtr;
}
-void KeyAgreementDH::addPeerCertificate( MRef<certificate *> peerCertPtr ){
- if( this->peerCertChainPtr.isNull() ){
- this->peerCertChainPtr = certificate_chain::create();
- }
-
- this->peerCertChainPtr->lock();
- this->peerCertChainPtr->add_certificate( peerCertPtr );
- this->peerCertChainPtr->unlock();
+void PeerCertificates::setPeerCertificateChain( MRef<certificate_chain *> peerChain ){
+ peerCertChainPtr = peerChain;
}
-int KeyAgreementDH::controlPeerCertificate(){
+int PeerCertificates::controlPeerCertificate(){
if( peerCertChainPtr.isNull() || certDbPtr.isNull() )
return 0;
return peerCertChainPtr->control( certDbPtr );
Modified: trunk/libmikey/mikey/MikeyMessage.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessage.cxx 2007-01-03 19:27:29 UTC (rev 3081)
+++ trunk/libmikey/mikey/MikeyMessage.cxx 2007-01-03 22:09:47 UTC (rev 3082)
@@ -544,6 +544,14 @@
return ret;
}
+list<MikeyPayload *>::const_iterator MikeyPayloads::firstPayload() const{
+ return payloads.begin();
+}
+
+list<MikeyPayload *>::const_iterator MikeyPayloads::lastPayload() const{
+ return --payloads.end();
+}
+
list<MikeyPayload *>::iterator MikeyPayloads::firstPayload(){
return payloads.begin();
}
@@ -756,3 +764,34 @@
ka->authKeyLength = authKeyLength;
return !error;
}
+
+MRef<certificate_chain*> MikeyPayloads::extractCertificateChain() const{
+ MRef<certificate_chain *> peerChain;
+
+ /* Try to find the certificate chain in the message */
+ list<MikeyPayload *>::const_iterator i;
+ list<MikeyPayload *>::const_iterator last = lastPayload();
+
+ for( i = firstPayload(); i != last; i++ ){
+ MikeyPayload *payload = *i;
+
+ if( payload->payloadType() != MIKEYPAYLOAD_CERT_PAYLOAD_TYPE )
+ continue;
+
+ MikeyPayloadCERT * certPayload =
+ dynamic_cast<MikeyPayloadCERT*>(payload);
+ MRef<certificate*> peerCert =
+ certificate::load( certPayload->certData(),
+ certPayload->certLength() );
+
+ if( peerChain.isNull() ){
+ peerChain = certificate_chain::create();
+ }
+
+// cerr << "Add certificate: " << peerCert->get_name() << endl;
+
+ peerChain->add_certificate( peerCert );
+ }
+
+ return peerChain;
+}
Modified: trunk/libmikey/mikey/MikeyMessageDH.cxx
===================================================================
--- trunk/libmikey/mikey/MikeyMessageDH.cxx 2007-01-03 19:27:29 UTC (rev 3081)
+++ trunk/libmikey/mikey/MikeyMessageDH.cxx 2007-01-03 22:09:47 UTC (rev 3082)
@@ -180,20 +180,13 @@
* (for instance during authentication of the message),
* try to get it now */
- if( ka->peerCertificateChain()->get_first().isNull() ){
- i = extractPayload( MIKEYPAYLOAD_CERT_PAYLOAD_TYPE );
+ // Fetch peer certificate chain
+ MRef<certificate_chain *> peerChain = ka->peerCertificateChain();
+ if( peerChain.isNull() || peerChain->get_first().isNull() ){
+ peerChain = extractCertificateChain();
- while( i != NULL )
- {
- peerCert = certificate::load(
- ((MikeyPayloadCERT *)i)->certData(),
- ((MikeyPayloadCERT *)i)->certLength()
- );
-
- ka->addPeerCertificate( peerCert );
- payloads.remove( i );
-
- i = extractPayload( MIKEYPAYLOAD_CERT_PAYLOAD_TYPE );
+ if( !peerChain.isNull() ){
+ ka->setPeerCertificateChain( peerChain );
}
}
@@ -353,20 +346,13 @@
addPolicyTo_ka(ka); //Is in MikeyMessage.cxx
- if( ka->peerCertificateChain()->get_first().isNull() ){
- i = extractPayload( MIKEYPAYLOAD_CERT_PAYLOAD_TYPE );
+ // Fetch peer certificate chain
+ MRef<certificate_chain *> peerChain = ka->peerCertificateChain();
+ if( peerChain.isNull() || peerChain->get_first().isNull() ){
+ peerChain = extractCertificateChain();
- while( i != NULL )
- {
- peerCert = certificate::load(
- ((MikeyPayloadCERT *)i)->certData(),
- ((MikeyPayloadCERT *)i)->certLength()
- );
-
- ka->addPeerCertificate( peerCert );
- payloads.remove( i );
-
- i = extractPayload( MIKEYPAYLOAD_CERT_PAYLOAD_TYPE );
+ if( !peerChain.isNull() ){
+ ka->setPeerCertificateChain( peerChain );
}
}
@@ -450,35 +436,20 @@
}
MikeyPayload * sign = (*lastPayload());
+
+ // Fetch peer certificate chain
MRef<certificate_chain *> peerCert = ka->peerCertificateChain();
+ if( peerCert.isNull() || peerCert->get_first().isNull() ){
+ peerCert = extractCertificateChain();
- if( peerCert.isNull() || peerCert->get_first().isNull() )
- {
- /* Try to find the certificate chain in the message */
- list<MikeyPayload *>::iterator i;
- list<MikeyPayload *>::iterator last = lastPayload();
-
- for( i = firstPayload(); i != last; i++ ){
- MikeyPayload *payload = *i;
-
- if( payload->payloadType() != MIKEYPAYLOAD_CERT_PAYLOAD_TYPE )
- continue;
-
- MikeyPayloadCERT * certPayload = (MikeyPayloadCERT*)payload;
- ka->addPeerCertificate(
- certificate::load(
- certPayload->certData(),
- certPayload->certLength() ));
-// payloads.remove( certPayload );
+ if( peerCert.isNull() ){
+ ka->setAuthError( "No certificate was found" );
+ return true;
}
- }
- if( peerCert->get_first().isNull() ){
- ka->setAuthError( "No certificate was found" );
- return true;
+ ka->setPeerCertificateChain( peerCert );
}
-
if( sign->payloadType() != MIKEYPAYLOAD_SIGN_PAYLOAD_TYPE ){
ka->setAuthError( "No signature payload found" );
return true;
More information about the Minisip-devel
mailing list