http_response_builder(
const byte_string& content_hook,
int response_code = 200,
const std::string& content_type = "text/plain",
bool autodelete = true
):
_content_hook(std::string(content_hook.get_content_hook(), content_hook.get_content_length())),
_response_code(response_code),
_autodelete(autodelete),
_realm(""),
_opaque(""),
_reload_nonce(false),
_headers(std::map<std::string, std::string, http::header_comparator>()),
_footers(std::map<std::string, std::string, http::header_comparator>()),
_cookies(std::map<std::string, std::string, http::header_comparator>()),
_topics(std::vector<std::string>()),
_keepalive_secs(-1),
_keepalive_msg(""),
_send_topic(""),
_cycle_callback(NULL),
_ce(0x0),
_get_raw_response(&http_response::get_raw_response_str),
_decorate_response(&http_response::decorate_response_str),
_enqueue_response(&http_response::enqueue_response_str)
{
_headers[http::http_utils::http_header_content_type] = content_type;
}
//debugged and working properly... do not disturb.
string BASE64Encode(const byte_string& input)
{
string output;
const byte* data = input.c_str();
size_t length = input.length();
int value, value2;
//handle input in 3 byte blocks
while( length > 2 )
{
value = data[0]; value >>= 2;
output.push_back(Base64EncodeTable[value]);
value = data[0]; value2 = data[1];
value &= 0x03; value <<= 4;
value2 &= 0xF0; value2 >>= 4; value |= value2;
output.push_back(Base64EncodeTable[value]);
value = data[1]; value2 = data[2];
value &= 0x0F; value <<= 2;
value2 &= 0xC0; value2 >>= 6; value |= value2;
output.push_back(Base64EncodeTable[value]);
value = data[2]; value &= 0x3F;
output.push_back(Base64EncodeTable[value]);
data += 3; length -= 3;
}
//handle remainder
switch(length)
{
case 0: //no remainder to process
break;
case 1: //process and pad with two =
value = data[0]; value >>= 2;
output.push_back(Base64EncodeTable[value]);
value = data[0]; value &= 0x03; value <<= 4;
output.push_back(Base64EncodeTable[value]);
output.push_back(Base64EncodeTable[64]);
output.push_back(Base64EncodeTable[64]);
break;
case 2: //process and pad with one =
value = data[0]; value >>= 2;
output.push_back(Base64EncodeTable[value]);
value = data[0]; value2 = data[1];
value &= 0x03; value <<= 4;
value2 &= 0xF0; value2 >>= 4; value |= value2;
output.push_back(Base64EncodeTable[value]);
value = data[1]; value &= 0x0F; value <<= 2;
output.push_back(Base64EncodeTable[value]);
output.push_back(Base64EncodeTable[64]);
break;
}
return output;
}
bool AvHNexus::TunnelToClient::recv(const Nexus::ClientID local_id, byte_string& data)
{
std::pair<const Nexus::ClientID,const byte_string> item = messages.front();
if( item.first != local_id )
{ return false; }
data.assign(item.second);
messages.pop_front();
return true;
}
/// Get hash value for byte_string.
size_t calculate_hash_value(const byte_string& v)
{
return v.hash_value();
}
void PIVKeyRecord::computeCrypt(PIVToken &pivToken, bool sign, // MODIFY
const AccessCredentials *cred,
const byte_string &data, byte_string &output)
{
if (data.size() != sizeInBits() / 8)
CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
/* Allow all key usage, certificates determine validity */
unsigned char algRef;
switch (sizeInBits()) {
case 1024:
algRef = PIV_KEYALG_RSA_1024;
break;
case 2048:
algRef = PIV_KEYALG_RSA_2048;
break;
default:
/* Cannot use a key ~= 1024 or 2048 bits yet */
CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
break;
}
/* Build the BER-Encoded message */
/* Template: 0x7C L { 0x82 0x00, 0x81 L data } .. 2 tag+lengths + 1 tag-0 */
TLVList commandList;
commandList.push_back(TLV_ref(new TLV(0x81, data)));
commandList.push_back(TLV_ref(new TLV(0x82)));
TLV_ref command = TLV_ref(new TLV(0x7C, commandList));
/* TODO: Evaluate result length handling */
/* At least enough to contain BER-TLV */
size_t resultLength = sizeInBits() / 8;
resultLength += 1 + TLV::encodedLength(resultLength); // RESPONSE
resultLength += 1 + 1; // Potential empty response-tlv
resultLength += 1 + TLV::encodedLength(resultLength); // TLV containing response
/* Round out resultLength to a multiple of 256 */
resultLength = resultLength + resultLength % 256 + 256;
// Ensure that there's enough space to prevent unnecessary resizing
output.reserve(resultLength);
PCSC::Transaction _(pivToken);
pivToken.selectDefault();
/* Support for the signing key w/ user-consent pin */
if (cred)
{
uint32 size = cred->size();
for (uint32 ix = 0; ix < size; ++ix)
{
const TypedList &sample = (*cred)[ix];
if (sample.type() == CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD
&& sample.length() == 2)
{
CssmData &pin = sample[1].data();
if (pin.Length > 0)
{
pivToken.verifyPIN(1, pin.Data, pin.Length);
break;
}
else if (pin.Length == 0)
{
// %%% <rdar://4334623>
// PIN previously verified by securityd;
// continue to look at remaining samples
}
else
{
CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
}
}
}
}
byte_string commandString = command->encode();
PIVError::check(pivToken.exchangeChainedAPDU(0x00, 0x87, algRef, keyRef, commandString, output));
/* DECODE 0x7C */
TLV_ref tlv;
try {
tlv = TLV::parse(output);
} catch(...) {
secure_zero(output);
PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
}
secure_zero(output);
if(tlv->getTag() != (unsigned char*)"\x7C") {
secdebug("piv", " %s: computeCrypt: missing response tag: 0x%.2X",
description(), 0x7C);
PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
}
byte_string tagData;
try {
TLVList list = tlv->getInnerValues();
TLVList::const_iterator iter = find_if(list.begin(), list.end(), TagPredicate(0x82));
if(iter != list.end())
tagData = (*iter)->getValue();
} catch(...) {
}
if(tagData.size() == 0) {
secdebug("piv", " %s: computeCrypt: missing response value tag: 0x%.2X",
description(), 0x82);
PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
}
if(tagData.size() != sizeInBits() / 8) { // Not enough data at all..
secure_zero(tagData);
secdebug("piv", " %s: computeCrypt: expected contained response length: %ld, got: %ld",
description(), sizeInBits() / 8, tagData.size());
PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
}
output.swap(tagData);
/* zero-out tagData */
secure_zero(tagData);
}
bool AvHNexus::TunnelToClient::send(const Nexus::ClientID local_id, const byte_string& data)
{
return AvHNexus::send( VARS(local_id), data.c_str(), data.length() );
}
inline bool operator < (char const * lhs, byte_string const & rhs)
{
return rhs.compare(lhs) > 0;
}
inline bool operator < (byte_string const & lhs, const char * rhs)
{
return lhs.compare(rhs) < 0;
}
inline bool operator == (std::string const & lhs, byte_string const & rhs)
{
return rhs.compare(lhs) == 0;
}
inline bool operator == (byte_string::const_pointer lhs, byte_string const & rhs)
{
return rhs.compare(lhs) == 0;
}
inline bool operator == (byte_string const & lhs, byte_string const & rhs)
{
return lhs.compare(rhs) == 0;
}
byte_string_ref (byte_string & bs)
: p(& bs)
, max_size(bs.size())
{}
inline bool operator < (byte_string const & lhs, std::string const & rhs)
{
return lhs.compare(rhs) < 0;
}
inline bool operator < (byte_string const & lhs, byte_string::const_pointer rhs)
{
return lhs.compare(rhs) < 0;
}
