Isode API Customer Documentation

// -*- C++ -*-
 
//  Copyright (c) 2008-2009, Isode Limited, London, England.
//  All rights reserved.
//                                                                       
//  Acquisition and use of this software and related materials for any      
//  purpose requires a written licence agreement from Isode Limited,
//  or a written licence from an organisation licenced by Isode Limited
//  to grant such a licence.
 
// 
//
// x509_context.C
//
// @VERSION@
 
#include "Event_p.h"
#include "../include/X509Context.h"
#include <isode/crypto/x509.h>
#include <algorithm>
#include <stdexcept>
#include <cctype>
 
namespace {
    bool
    lists_equiv(const std::list<std::string>& a, const std::list<std::string>& b)
    {
        if (a.size() != b.size())
            return false;
 
        if (a.empty())
            return true;
 
        return std::equal(a.begin(), a.end(), b.begin());
    }
 
}
 
namespace X509_Context {
    bool Config::set_ldap_url(const std::string& url) {
        if (url.compare(0, 7, "ldap://") != 0) {
            return false;
        }
        ldap_host = "";
        size_t pos = 7;
        while (pos < url.length() && url[pos] != ':' && url[pos] != '/') {
            ldap_host += url[pos];
            ++pos;
        }
        if (pos == url.length() || url[pos] == '/') {
            return true;
        }
        std::string port(url.substr(pos+1));
        if (port[port.length()-1] == '/')
            port = port.substr(0, port.length()-1);
        for (pos=0; pos < port.length(); ++pos)
            if (!std::isdigit(port[pos]))
                return false;
        ldap_port = atoi(port.c_str());
        return true;
    }
 
    Identity::Identity(Config& confobj)
    {
        const std::string pkcs12_file(confobj.ident_file);
        const std::string pphr_file(confobj.ident_pphr_file);
        if (pkcs12_file.empty() || pphr_file.empty())
            throw std::invalid_argument("no private key info");
 
        identity = x509_create_identity_from_file(pkcs12_file.c_str(),
                                                  pphr_file.c_str(), 1);
        if (!identity)
            throw std::runtime_error("unable to create identity");
        cert_ctx = x509_create_cert_ctx();
        if (!cert_ctx)
            throw std::runtime_error("unable to create cert_ctx");
        x509_cert_ctx_add_identity(cert_ctx, identity);
 
        for (std::list<std::string>::const_iterator
                 i = confobj.trust_anchors.begin();
             i != confobj.trust_anchors.end(); ++i) {
            const std::string& name = *i;
            X509 *ta = x509_read_cert(name.c_str());
            if (ta)
                x509_cert_ctx_add_cert(cert_ctx, ta, 1);
            X509_free(ta);
        }
 
        for (std::list<std::string>::const_iterator i = confobj.certs.begin();
             i != confobj.certs.end(); ++i) {
            const std::string& name = *i;
            X509 *cert = x509_read_cert(name.c_str());
            if (cert)
                x509_cert_ctx_add_cert(cert_ctx, cert, 0);
            X509_free(cert);
        }
 
        x509_cert_ctx_set_ldap(cert_ctx, confobj.ldap_host.empty() ?
                               0:confobj.ldap_host.c_str(), confobj.ldap_port);
        x509_cert_ctx_check_revocation(cert_ctx, confobj.check_revocation);
 
        X509* OCSPresponder = 0;
        if (!confobj.OCSPresponder.empty()) {
            OCSPresponder = x509_read_cert(confobj.OCSPresponder.c_str());
        }
        x509_cert_ctx_set_ocsp(cert_ctx, confobj.OCSPuri.c_str(), OCSPresponder,
                               confobj.OCSPnonce, 0, 0);
 
        x509_cert_ctx_set_lookup_flags(cert_ctx, confobj.lookup_flags);
    }
 
    Identity::Identity(PKCS12 * p12, const char * passphrase)
    {
        identity = x509_create_identity_from_pkcs12(p12, passphrase);
 
        if (!identity)
            throw std::runtime_error("unable to create identity");
        cert_ctx = x509_create_cert_ctx();
        if (!cert_ctx)
            throw std::runtime_error("unable to create cert_ctx");
        x509_cert_ctx_add_identity(cert_ctx, identity);
    }
 
    bool Config::operator!=(const Config&that) const {
        if (ident_file != that.ident_file)
            return true;
        if (ident_pphr_file != that.ident_pphr_file)
            return true;
        if (ldap_host != that.ldap_host)
            return true;
        if (ldap_port != that.ldap_port)
            return true;
        if (check_revocation != that.check_revocation)
            return true;
        if (!lists_equiv(certs, that.certs))
            return true;
        if (!lists_equiv(trust_anchors, that.trust_anchors))
            return true;
 
        return false;
    }
}