bool CredentialSet::VerifyInternally() const
{
if (!m_MasterCredential) {
otOut << __FUNCTION__
<< ": This credential set does not have a master credential.\n";
return false;
}
// Check for a valid master credential, including whether or not the NymID
// and MasterID in the CredentialSet match the master credentials's versions.
if (!(m_MasterCredential->Validate())) {
otOut << __FUNCTION__
<< ": Master Credential failed to verify: " << GetMasterCredID()
<< "\nNymID: " << GetNymID() << "\n";
return false;
}
// Check each child credential for validity.
for (const auto& it : m_mapCredentials) {
std::string str_sub_id = it.first;
Credential* pSub = it.second;
OT_ASSERT(nullptr != pSub);
if (!pSub->Validate()) {
otOut << __FUNCTION__
<< ": Child credential failed to verify: " << str_sub_id
<< "\nNymID: " << GetNymID() << "\n";
return false;
}
}
return true;
}
void OTSubkey::UpdateContents()
{
m_xmlUnsigned.Release();
Tag tag("keyCredential");
// a hash of the nymIDSource
tag.add_attribute("nymID", GetNymID().Get());
// Hash of the master credential that signed this subcredential.
tag.add_attribute("masterID", GetMasterCredID().Get());
if (GetNymIDSource().Exists()) {
OTASCIIArmor ascSource;
// A nym should always verify through its own
// source. (Whatever that may be.)
ascSource.SetString(GetNymIDSource());
tag.add_tag("nymIDSource", ascSource.Get());
}
// MASTER-SIGNED INFO
if (OTSubcredential::credMasterSigned == m_StoreAs ||
OTSubcredential::credPrivateInfo == m_StoreAs) {
UpdatePublicContentsToTag(tag);
}
// PUBLIC INFO (signed by subkey, contains master signed info.)
if (OTSubcredential::credPublicInfo == m_StoreAs ||
OTSubcredential::credPrivateInfo == m_StoreAs) {
// GetMasterSigned() returns the contract
// containing the master-signed contents
// from the above block.
OTASCIIArmor ascMasterSigned(GetMasterSigned());
// Contains all the public info, signed by the master key.
// Packaged up here inside a final, subkey-signed credential.
tag.add_tag("masterSigned", ascMasterSigned.Get());
}
// PRIVATE INFO
//
// If we're saving the private credential info...
if (OTSubcredential::credPrivateInfo == m_StoreAs) {
UpdatePublicCredentialToTag(tag);
UpdatePrivateContentsToTag(tag);
}
// <=== SET IT BACK TO DEFAULT BEHAVIOR. Any other state
// processes ONCE, and then goes back to this again.
m_StoreAs = OTSubcredential::credPrivateInfo;
std::string str_result;
tag.output(str_result);
m_xmlUnsigned.Concatenate("%s", str_result.c_str());
}
bool OTSubkey::VerifySignedByMaster()
{
// See if m_strMasterSigned was signed by my master credential.
OTSubkey masterKey(*m_pOwner);
if (m_strMasterSigned.Exists() &&
masterKey.LoadContractFromString(m_strMasterSigned)) {
// Here we need to MAKE SURE that the "master signed" version contains
// the same CONTENTS as the actual version.
if (!GetNymID().Compare(masterKey.GetNymID())) {
Log::vOutput(0, "%s: Failure, NymID of this key credential "
"doesn't match NymID of master-signed version of "
"this key credential.\n",
__FUNCTION__);
return false;
}
if (!GetNymIDSource().Compare(masterKey.GetNymIDSource())) {
Log::vOutput(0, "%s: Failure, NymIDSource of this key credential "
"doesn't match NymIDSource of master-signed "
"version of this key credential.\n",
__FUNCTION__);
return false;
}
if (!GetMasterCredID().Compare(masterKey.GetMasterCredID())) {
Log::vOutput(0, "%s: Failure, MasterCredID of this key "
"credential doesn't match MasterCredID of "
"master-signed version of this key credential.\n",
__FUNCTION__);
return false;
}
if (GetPublicMap().size() > 0 &&
GetPublicMap() != masterKey.GetPublicMap()) {
Log::vOutput(0, "%s: Failure, public info of this key credential "
"doesn't match public info of master-signed "
"version of this key credential.\n",
__FUNCTION__);
return false;
}
// Master-signed version of subkey does not contain the private keys,
// since normally the master is signing
// the public version of the sub credential (to validate it) and you
// don't want the public seeing your private keys.
// So we would never expect these to match, since the master signed
// version should have no private keys in it.
//
// if (GetPrivateMap() != masterKey.GetPrivateMap())
// {
// OTLog::vOutput(0, "%s: Failure, private info of this key
// credential doesn't match private info of master-signed version of
// this key credential.\n", __FUNCTION__);
// return false;
// }
bool verifiedWithKey = masterKey.VerifyWithKey(
m_pOwner->GetMasterkey().m_SigningKey.GetPublicKey());
// ON SERVER SIDE, THE ACTUAL SUBKEY doesn't have any public key, only
// the master-signed version of it.
// (The master-signed version being basically the only contents of the
// public version.)
// So we need to be able to, after verifying, load up those contents so
// they are available on the
// subkey itself, and not just on some master-signed version of itself
// hidden inside itself.
// Otherwise I would have to load up the master-signed version anytime
// the server-side wanted to
// mess with any of the keys.
// Thus: copy the public info from master signed, to* this, if the above
// call was successful
if (verifiedWithKey && GetPublicMap().size() == 0) {
// For master credential.
return SetPublicContents(masterKey.GetPublicMap());
}
return verifiedWithKey;
}
return false;
}
