bool CredentialSet::VerifyInternally() const { if (!m_MasterCredential) { otOut << __FUNCTION__ << ": This credential set does not have a master credential.\n"; return false; } // Check for a valid master credential, including whether or not the NymID // and MasterID in the CredentialSet match the master credentials's versions. if (!(m_MasterCredential->Validate())) { otOut << __FUNCTION__ << ": Master Credential failed to verify: " << GetMasterCredID() << "\nNymID: " << GetNymID() << "\n"; return false; } // Check each child credential for validity. for (const auto& it : m_mapCredentials) { std::string str_sub_id = it.first; Credential* pSub = it.second; OT_ASSERT(nullptr != pSub); if (!pSub->Validate()) { otOut << __FUNCTION__ << ": Child credential failed to verify: " << str_sub_id << "\nNymID: " << GetNymID() << "\n"; return false; } } return true; }
void OTSubkey::UpdateContents() { m_xmlUnsigned.Release(); Tag tag("keyCredential"); // a hash of the nymIDSource tag.add_attribute("nymID", GetNymID().Get()); // Hash of the master credential that signed this subcredential. tag.add_attribute("masterID", GetMasterCredID().Get()); if (GetNymIDSource().Exists()) { OTASCIIArmor ascSource; // A nym should always verify through its own // source. (Whatever that may be.) ascSource.SetString(GetNymIDSource()); tag.add_tag("nymIDSource", ascSource.Get()); } // MASTER-SIGNED INFO if (OTSubcredential::credMasterSigned == m_StoreAs || OTSubcredential::credPrivateInfo == m_StoreAs) { UpdatePublicContentsToTag(tag); } // PUBLIC INFO (signed by subkey, contains master signed info.) if (OTSubcredential::credPublicInfo == m_StoreAs || OTSubcredential::credPrivateInfo == m_StoreAs) { // GetMasterSigned() returns the contract // containing the master-signed contents // from the above block. OTASCIIArmor ascMasterSigned(GetMasterSigned()); // Contains all the public info, signed by the master key. // Packaged up here inside a final, subkey-signed credential. tag.add_tag("masterSigned", ascMasterSigned.Get()); } // PRIVATE INFO // // If we're saving the private credential info... if (OTSubcredential::credPrivateInfo == m_StoreAs) { UpdatePublicCredentialToTag(tag); UpdatePrivateContentsToTag(tag); } // <=== SET IT BACK TO DEFAULT BEHAVIOR. Any other state // processes ONCE, and then goes back to this again. m_StoreAs = OTSubcredential::credPrivateInfo; std::string str_result; tag.output(str_result); m_xmlUnsigned.Concatenate("%s", str_result.c_str()); }
bool OTSubkey::VerifySignedByMaster() { // See if m_strMasterSigned was signed by my master credential. OTSubkey masterKey(*m_pOwner); if (m_strMasterSigned.Exists() && masterKey.LoadContractFromString(m_strMasterSigned)) { // Here we need to MAKE SURE that the "master signed" version contains // the same CONTENTS as the actual version. if (!GetNymID().Compare(masterKey.GetNymID())) { Log::vOutput(0, "%s: Failure, NymID of this key credential " "doesn't match NymID of master-signed version of " "this key credential.\n", __FUNCTION__); return false; } if (!GetNymIDSource().Compare(masterKey.GetNymIDSource())) { Log::vOutput(0, "%s: Failure, NymIDSource of this key credential " "doesn't match NymIDSource of master-signed " "version of this key credential.\n", __FUNCTION__); return false; } if (!GetMasterCredID().Compare(masterKey.GetMasterCredID())) { Log::vOutput(0, "%s: Failure, MasterCredID of this key " "credential doesn't match MasterCredID of " "master-signed version of this key credential.\n", __FUNCTION__); return false; } if (GetPublicMap().size() > 0 && GetPublicMap() != masterKey.GetPublicMap()) { Log::vOutput(0, "%s: Failure, public info of this key credential " "doesn't match public info of master-signed " "version of this key credential.\n", __FUNCTION__); return false; } // Master-signed version of subkey does not contain the private keys, // since normally the master is signing // the public version of the sub credential (to validate it) and you // don't want the public seeing your private keys. // So we would never expect these to match, since the master signed // version should have no private keys in it. // // if (GetPrivateMap() != masterKey.GetPrivateMap()) // { // OTLog::vOutput(0, "%s: Failure, private info of this key // credential doesn't match private info of master-signed version of // this key credential.\n", __FUNCTION__); // return false; // } bool verifiedWithKey = masterKey.VerifyWithKey( m_pOwner->GetMasterkey().m_SigningKey.GetPublicKey()); // ON SERVER SIDE, THE ACTUAL SUBKEY doesn't have any public key, only // the master-signed version of it. // (The master-signed version being basically the only contents of the // public version.) // So we need to be able to, after verifying, load up those contents so // they are available on the // subkey itself, and not just on some master-signed version of itself // hidden inside itself. // Otherwise I would have to load up the master-signed version anytime // the server-side wanted to // mess with any of the keys. // Thus: copy the public info from master signed, to* this, if the above // call was successful if (verifiedWithKey && GetPublicMap().size() == 0) { // For master credential. return SetPublicContents(masterKey.GetPublicMap()); } return verifiedWithKey; } return false; }