AuthorityCertificateManager::AuthorityCertificateManager(std::string &file, std::string &chain) { path certPath(file); path chainPath(chain); this->authority = readCredentialsFromFile(certPath, false); chainList.push_back(this->authority); if (!chain.empty()) { Certificate *chain = readCredentialsFromFile(chainPath, false); chainList.push_back(chain); } this->leafPair = buildKeysForClient(); }
bool Cacheable::validate(Session *s) { FUNC("Cacheable::validate()"); // Return true if the object is already valid if (isValid()) return true; // Set the mode to first search locally, then search remote s->setCacheMode(Session::LOCAL_THEN_REMOTE); // Construct the match info for this object's issuer acl::MatchInfo mi; getIssuerInfo(mi); // Find this object's issuer (clearance cert) CCList *pCCList = s->getCC(mi); if (pCCList == NULL) { char lpszBuf[2048]; strcpy(lpszBuf, "Issuer not found"); if (mi.getSubjectDN()) { strcat(lpszBuf, ", "); strcat(lpszBuf, *mi.getSubjectDN()); } throw ACL_EXCEPT(ACL_AC_VAL_ERROR, lpszBuf); } // END IF pCCList (no issuer(s)) // Create auto_ptr to automatically free the list std::auto_ptr<CCList> apCCList(pCCList); // If more than one issuer is returned, throw an exception if (pCCList->size() > 1) { char errorBuf[1024]; strcpy(errorBuf, "Multiple issuers found"); if (mi.getSubjectDN()) { strcat(errorBuf, ", "); strcat(errorBuf, *mi.getSubjectDN()); } throw ACL_EXCEPT(ACL_AC_VAL_ERROR, errorBuf); } // Validate the issuer's clearance cert CML::ValidatedKey validKey; CML::ErrorInfoList Errors; CML::CertPath certPath(pCCList->front().getEncodedCC(), false); short cml_status = certPath.BuildAndValidate(s->getCMLHandle(), CM_SEARCH_UNTIL_FOUND, &Errors, 0, &validKey); if (cml_status != CM_NO_ERROR) { char errorBuf[1024]; sprintf(errorBuf, "Issuer failed to validate: CML error %d: %s", cml_status, CMU_GetErrorString(cml_status)); if (mi.getSubjectDN()) { strcat(errorBuf, ", "); strcat(errorBuf, *mi.getSubjectDN()); } throw ACL_EXCEPT(ACL_VAL_ERROR, errorBuf); } // Perform any object specific path validation logic first vPathRules(s, certPath.base()); // Validate the object return validate(s, validKey.pubKeyInfo()); }