/[resiprocate]/main/sip/resiprocate/dum/EncryptionManager.cxx
ViewVC logotype

Contents of /main/sip/resiprocate/dum/EncryptionManager.cxx

Parent Directory Parent Directory | Revision Log Revision Log


Revision 5214 - (show annotations) (download)
Tue Aug 9 18:16:29 2005 UTC (14 years, 5 months ago) by daniel
File size: 30031 byte(s)
bug fixes.
1 #include <cassert>
2 #include <list>
3 #include "resiprocate/os/BaseException.hxx"
4 #include "resiprocate/SipMessage.hxx"
5 #include "resiprocate/Helper.hxx"
6 #include "resiprocate/dum/BaseUsage.hxx"
7 #include "resiprocate/dum/Handles.hxx"
8 #include "resiprocate/dum/DialogUsageManager.hxx"
9 #include "resiprocate/Security.hxx"
10 #include "resiprocate/Contents.hxx"
11 #include "resiprocate/MultipartSignedContents.hxx"
12 #include "resiprocate/MultipartMixedContents.hxx"
13 #include "resiprocate/MultipartAlternativeContents.hxx"
14 #include "resiprocate/MultipartRelatedContents.hxx"
15 #include "resiprocate/Pkcs7Contents.hxx"
16 #include "resiprocate/dum/RemoteCertStore.hxx"
17 #include "resiprocate/SecurityAttributes.hxx"
18 #include "resiprocate/dum/CertMessage.hxx"
19 #include "resiprocate/dum/TargetCommand.hxx"
20 #include "resiprocate/dum/EncryptionManager.hxx"
21 #include "resiprocate/dum/DumDecrypted.hxx"
22 #include "resiprocate/dum/DumFeature.hxx"
23 #include "resiprocate/dum/DumFeatureChain.hxx"
24 #include "resiprocate/dum/OutgoingEvent.hxx"
25 #include "resiprocate/os/Logger.hxx"
26
27 #if defined(USE_SSL)
28
29 using namespace resip;
30 using namespace std;
31
32 #define RESIPROCATE_SUBSYSTEM Subsystem::DUM
33
34 EncryptionManager::Exception::Exception(const Data& msg, const Data& file, const int line)
35 : BaseException(msg,file,line)
36 {
37 }
38
39 EncryptionManager::EncryptionManager(DialogUsageManager& dum, TargetCommand::Target& target)
40 : DumFeature(dum, target),
41 mCounter(0)
42 {
43 }
44
45 EncryptionManager::~EncryptionManager()
46 {
47 for (list<Request*>::iterator it = mRequests.begin(); it != mRequests.end(); ++it)
48 {
49 delete *it;
50 }
51 mRequests.clear();
52 }
53
54 void EncryptionManager::setRemoteCertStore(std::auto_ptr<RemoteCertStore> store)
55 {
56 mRemoteCertStore = store;
57 }
58
59 DumFeature::ProcessingResult EncryptionManager::process(Message* msg)
60 {
61 SipMessage* sipMsg = dynamic_cast<SipMessage*>(msg);
62 if (sipMsg)
63 {
64 if (decrypt(*sipMsg))
65 {
66 return DumFeature::FeatureDone;
67 }
68 else
69 {
70 return DumFeature::EventTaken;
71 }
72 }
73
74 OutgoingEvent* event = dynamic_cast<OutgoingEvent*>(msg);
75 if (event)
76 {
77 if (!event->message().getContents())
78 {
79 return DumFeature::FeatureDone;
80 }
81
82 Data senderAor;
83 Data recipAor;
84 if (event->message().isRequest())
85 {
86 senderAor = event->message().header(h_From).uri().getAor();
87 recipAor = event->message().header(h_To).uri().getAor();
88 }
89 else
90 {
91 senderAor = event->message().header(h_To).uri().getAor();
92 recipAor = event->message().header(h_From).uri().getAor();
93 }
94
95 Contents* contents = event->message().getContents();
96 bool setContents = true;
97 switch (event->encryptionLevel())
98 {
99 case DialogUsageManager::None:
100 setContents = false;
101 break;
102 case DialogUsageManager::Encrypt:
103 contents = encrypt(event->message(), recipAor);
104 break;
105 case DialogUsageManager::Sign:
106 contents = sign(event->message(), senderAor);
107 break;
108 case DialogUsageManager::SignAndEncrypt:
109 contents = signAndEncrypt(event->message(), senderAor, recipAor);
110 break;
111 }
112
113 if (contents)
114 {
115 if (setContents)
116 {
117 event->message().setContents(auto_ptr<Contents>(contents));
118 }
119 return DumFeature::FeatureDone;
120 }
121 else
122 {
123 return DumFeature::EventTaken;
124 }
125 }
126
127 CertMessage* certMsg = dynamic_cast<CertMessage*>(msg);
128 if (certMsg)
129 {
130 if (processCertMessage(*certMsg) == Complete)
131 {
132 return DumFeature::FeatureDoneAndEventDone;
133 }
134 else
135 {
136 return DumFeature::EventTaken;
137 }
138 }
139
140 return DumFeature::FeatureDone;
141 }
142
143 EncryptionManager::Result EncryptionManager::processCertMessage(const CertMessage& message)
144 {
145 InfoLog( << "Received a cert message: " << message << endl);
146 Result ret = Pending;
147 list<Request*>::iterator it;
148 for (it = mRequests.begin(); it != mRequests.end(); ++it)
149 {
150 if ((*it)->getId() == message.id().mId) break;
151 }
152
153 if (it != mRequests.end())
154 {
155 InfoLog ( << "Processing the cert message" << endl);
156 Result result = (*it)->received(message.success(), message.id().mType, message.id().mAor, message.body());
157 if (Complete == result)
158 {
159 delete *it;
160 mRequests.erase(it);
161 }
162 }
163 return ret;
164 }
165
166 Contents* EncryptionManager::sign(const SipMessage& msg,
167 const Data& senderAor)
168 {
169 Sign* request = new Sign(mDum, mRemoteCertStore.get(), msg, senderAor, *this);
170 Contents* contents;
171 bool async = request->sign(&contents);
172 if (async)
173 {
174 InfoLog(<< "Async sign" << endl);
175 mRequests.push_back(request);
176 }
177 else
178 {
179 delete request;
180 }
181 return contents;
182 }
183
184 Contents* EncryptionManager::encrypt(const SipMessage& msg,
185 const Data& recipientAor)
186 {
187 Encrypt* request = new Encrypt(mDum, mRemoteCertStore.get(), msg, recipientAor, *this);
188 Contents* contents;
189 bool async = request->encrypt(&contents);
190 if (async)
191 {
192 InfoLog(<< "Async encrypt" << endl);
193 mRequests.push_back(request);
194 }
195 else
196 {
197 delete request;
198 }
199 return contents;
200 }
201
202 Contents* EncryptionManager::signAndEncrypt(const SipMessage& msg,
203 const Data& senderAor,
204 const Data& recipAor)
205 {
206 SignAndEncrypt* request = new SignAndEncrypt(mDum, mRemoteCertStore.get(), msg, senderAor, recipAor, *this);
207 Contents* contents;
208 bool async = request->signAndEncrypt(&contents);
209 if (!async)
210 {
211 delete request;
212 }
213 else
214 {
215 InfoLog(<< "Async sign and encrypt" << endl);
216 mRequests.push_back(request);
217 }
218 return contents;
219 }
220
221 bool EncryptionManager::decrypt(SipMessage& msg)
222 {
223 Decrypt* request = new Decrypt(mDum, mRemoteCertStore.get(), msg, *this);
224 Helper::ContentsSecAttrs csa;
225 bool ret = request->decrypt(csa);
226 if (ret)
227 {
228 if (csa.mContents.get())
229 {
230 msg.setContents(csa.mContents);
231 }
232 if (csa.mAttributes.get())
233 {
234 msg.setSecurityAttributes(csa.mAttributes);
235 }
236 delete request;
237 }
238 else
239 {
240 InfoLog(<< "Async decrypt" << endl);
241 mRequests.push_back(request);
242 }
243 return ret;
244 }
245
246 EncryptionManager::Request::Request(DialogUsageManager& dum,
247 RemoteCertStore* store,
248 const SipMessage& msg,
249 DumFeature& feature)
250 : mDum(dum),
251 mStore(store),
252 mMsg(msg),
253 mPendingRequests(0),
254 mFeature(feature)
255 {
256 }
257
258 EncryptionManager::Request::~Request()
259 {
260 }
261
262 void EncryptionManager::Request::response415()
263 {
264 SipMessage* response = Helper::makeResponse(mMsg, 415);
265 mDum.post(response);
266 InfoLog(<< "Generated 415" << endl);
267 }
268
269 EncryptionManager::Sign::Sign(DialogUsageManager& dum,
270 RemoteCertStore* store,
271 const SipMessage& msg,
272 const Data& senderAor,
273 DumFeature& feature)
274 : Request(dum, store, msg, feature),
275 mSenderAor(senderAor)
276 {
277 }
278
279 EncryptionManager::Sign::~Sign()
280 {
281 }
282
283 bool EncryptionManager::Sign::sign(Contents** contents)
284 {
285 *contents = 0;
286 bool async = false;
287 if (0 != mPendingRequests) return 0;
288
289 MultipartSignedContents* msc = 0;
290 bool missingCert = !mDum.getSecurity()->hasUserCert(mSenderAor);
291 bool missingKey = !mDum.getSecurity()->hasUserPrivateKey(mSenderAor);
292
293 if (!missingCert && !missingKey)
294 {
295 InfoLog(<< "Signing message" << endl);
296 msc = mDum.getSecurity()->sign(mSenderAor, mMsg.getContents());
297 *contents = msc;
298 }
299 else
300 {
301 if (mStore)
302 {
303 if (missingCert)
304 {
305 InfoLog(<< "Fetching cert for " << mSenderAor << endl);
306 ++mPendingRequests;
307 MessageId id(mMsg.getTransactionId(), mSenderAor, MessageId::UserCert);
308 mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum);
309 }
310 if (missingKey)
311 {
312 InfoLog(<< "Fetching private key for " << mSenderAor << endl);
313 ++mPendingRequests;
314 MessageId id(mMsg.getTransactionId(), mSenderAor, MessageId::UserPrivateKey);
315 mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum);
316 }
317 async = true;
318 }
319 else
320 {
321 InfoLog(<< "No remote cert store installed" << endl);
322 response415();
323 }
324 }
325
326 return async;
327 }
328
329 EncryptionManager::Result EncryptionManager::Sign::received(bool success,
330 MessageId::Type type,
331 const Data& aor,
332 const Data& data)
333 {
334 assert(mSenderAor==aor);
335 assert(mPendingRequests>0&&mPendingRequests<=2);
336 Result result = Pending;
337 if (success)
338 {
339 if (type == MessageId::UserCert)
340 {
341 InfoLog(<< "Adding cert for: " << aor << endl);
342 mDum.getSecurity()->addUserCertDER(aor, data);
343 }
344 else
345 {
346 InfoLog(<< "Adding private key for " << aor << endl);
347 mDum.getSecurity()->addUserPrivateKeyDER(aor, data);
348 }
349 if (--mPendingRequests == 0)
350 {
351 InfoLog(<< "Signing message" << endl);
352 MultipartSignedContents* msc = mDum.getSecurity()->sign(aor, mMsg.getContents());
353 auto_ptr<Contents> contents(msc);
354 mMsg.setContents(contents);
355 OutgoingEvent* event = new OutgoingEvent(mMsg, DialogUsageManager::None);
356 mFeature.postCommand(auto_ptr<Message>(event));
357 result = Complete;
358 }
359 }
360 else
361 {
362 InfoLog(<< "Failed to fetch " << ((type==MessageId::UserCert)? "cert " : "private key ") << "for " << aor <<endl);
363 response415();
364 result = Complete;
365 }
366 return result;
367 }
368
369 EncryptionManager::Encrypt::Encrypt(DialogUsageManager& dum,
370 RemoteCertStore* store,
371 const SipMessage& msg,
372 const Data& recipientAor,
373 DumFeature& feature)
374 : Request(dum, store, msg, feature),
375 mRecipientAor(recipientAor)
376 {
377 }
378
379 EncryptionManager::Encrypt::~Encrypt()
380 {
381 }
382
383 bool EncryptionManager::Encrypt::encrypt(Contents** contents)
384 {
385 *contents = 0;
386 bool async = false;
387 if (0 != mPendingRequests) return 0;
388
389 if (mDum.getSecurity()->hasUserCert(mRecipientAor))
390 {
391 InfoLog(<< "Encrypting message" << endl);
392 MultipartAlternativeContents* alt = dynamic_cast<MultipartAlternativeContents*>(mMsg.getContents());
393 if (alt)
394 {
395 // encrypt the last part.
396 MultipartMixedContents::Parts parts = alt->parts();
397 Contents* last = mDum.getSecurity()->encrypt(parts.back(), mRecipientAor);
398 if (last)
399 {
400 MultipartAlternativeContents* mac = new MultipartAlternativeContents(*alt);
401 delete mac->parts().back();
402 mac->parts().pop_back();
403 mac->parts().push_back(last);
404 *contents = mac;
405 }
406 }
407 else
408 {
409 *contents = mDum.getSecurity()->encrypt(mMsg.getContents(), mRecipientAor);
410 }
411 }
412 else
413 {
414 if (mStore)
415 {
416 InfoLog(<< "Fetching cert for " << mRecipientAor << endl);
417 ++mPendingRequests;
418 MessageId id(mMsg.getTransactionId(), mRecipientAor, MessageId::UserCert);
419 mStore->fetch(mRecipientAor, MessageId::UserCert, id, mDum);
420 async = true;
421 }
422 else
423 {
424 InfoLog(<< "No remote cert store installed" << endl);
425 response415();
426 }
427 }
428 return async;
429 }
430
431 EncryptionManager::Result EncryptionManager::Encrypt::received(bool success,
432 MessageId::Type type,
433 const Data& aor,
434 const Data& data)
435 {
436 assert(mRecipientAor==aor);
437 assert(type==MessageId::UserCert);
438 assert(mPendingRequests==1);
439 if (success)
440 {
441 InfoLog(<< "Adding user cert for " << aor << endl);
442 mDum.getSecurity()->addUserCertDER(aor, data);
443 --mPendingRequests;
444 InfoLog(<< "Encrypting message" << endl);
445 Pkcs7Contents* encrypted = mDum.getSecurity()->encrypt(mMsg.getContents(), aor);
446 mMsg.setContents(auto_ptr<Contents>(encrypted));
447 OutgoingEvent* event = new OutgoingEvent(mMsg, DialogUsageManager::None);
448 mFeature.postCommand(auto_ptr<Message>(event));
449 }
450 else
451 {
452 InfoLog(<< "Failed to fetch cert for " << aor << endl);
453 response415();
454 }
455 return Complete;
456 }
457
458 EncryptionManager::SignAndEncrypt::SignAndEncrypt(DialogUsageManager& dum,
459 RemoteCertStore* store,
460 const SipMessage& msg,
461 const Data& senderAor,
462 const Data& recipientAor,
463 DumFeature& feature)
464 : Request(dum, store, msg, feature),
465 mSenderAor(senderAor),
466 mRecipientAor(recipientAor)
467 {
468 }
469
470 EncryptionManager::SignAndEncrypt::~SignAndEncrypt()
471 {
472 }
473
474 bool EncryptionManager::SignAndEncrypt::signAndEncrypt(Contents** contents)
475 {
476 *contents = 0;
477 bool async = false;
478 if (0 != mPendingRequests) return 0;
479
480 bool missingCert = !mDum.getSecurity()->hasUserCert(mSenderAor);
481 bool missingKey = !mDum.getSecurity()->hasUserPrivateKey(mSenderAor);
482 bool missingRecipCert = !mDum.getSecurity()->hasUserCert(mRecipientAor);
483
484 if (!missingCert && !missingKey && !missingRecipCert)
485 {
486 InfoLog(<< "Encrypting and signing message" << endl);
487 *contents = doWork();
488 }
489 else
490 {
491 if (mStore)
492 {
493 if (missingCert)
494 {
495 InfoLog(<< "Fetching cert for " << mSenderAor << endl);
496 ++mPendingRequests;
497 MessageId id(mMsg.getTransactionId(), mSenderAor, MessageId::UserCert);
498 mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum);
499 }
500 if (missingKey)
501 {
502 InfoLog(<< "Fetching private key for " << mSenderAor << endl);
503 ++mPendingRequests;
504 MessageId id(mMsg.getTransactionId(), mSenderAor, MessageId::UserPrivateKey);
505 mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum);
506 }
507 if (missingRecipCert)
508 {
509 InfoLog(<< "Fetching cert for " << mRecipientAor << endl);
510 ++mPendingRequests;
511 MessageId id(mMsg.getTransactionId(), mRecipientAor, MessageId::UserCert);
512 mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum);
513 }
514 async = true;
515 }
516 else
517 {
518 InfoLog(<< "No remote cert store installed" << endl);
519 response415();
520 }
521 }
522
523 return async;
524 }
525
526 EncryptionManager::Result EncryptionManager::SignAndEncrypt::received(bool success,
527 MessageId::Type type,
528 const Data& aor,
529 const Data& data)
530 {
531 assert(mPendingRequests>0&&mPendingRequests<=3);
532 Result result = Pending;
533 if (success)
534 {
535 if (type == MessageId::UserCert)
536 {
537 assert(aor==mSenderAor||aor==mRecipientAor);
538 InfoLog(<< "Adding user cert for " << aor << endl);
539 mDum.getSecurity()->addUserCertDER(aor, data);
540 }
541 else
542 {
543 assert(aor==mSenderAor);
544 InfoLog(<< "Adding private key for " << aor << endl);
545 mDum.getSecurity()->addUserPrivateKeyDER(aor, data);
546 }
547
548 if (--mPendingRequests == 0)
549 {
550 InfoLog(<< "Encrypting and signing message" << endl);
551 Contents* contents = doWork();
552 mMsg.setContents(auto_ptr<Contents>(contents));
553 OutgoingEvent* event = new OutgoingEvent(mMsg, DialogUsageManager::None);
554 mFeature.postCommand(auto_ptr<Message>(event));
555 result = Complete;
556 }
557 }
558 else
559 {
560 InfoLog(<< "Failed to fetch cert for " << aor << endl);
561 response415();
562 result = Complete;
563 }
564 return result;
565 }
566
567 Contents* EncryptionManager::SignAndEncrypt::doWork()
568 {
569 Contents* contents = 0;
570 MultipartAlternativeContents* mac = dynamic_cast<MultipartAlternativeContents*>(mMsg.getContents());
571 if (mac)
572 {
573 MultipartMixedContents::Parts parts = mac->parts();
574 Pkcs7Contents* pkcs7 = mDum.getSecurity()->encrypt(parts.back(), mRecipientAor);
575 if (pkcs7)
576 {
577 MultipartAlternativeContents* alt = new MultipartAlternativeContents(*mac);
578 delete alt->parts().back();
579 alt->parts().pop_back();
580 alt->parts().push_back(pkcs7);
581 contents = alt;
582 }
583 }
584 else
585 {
586 contents = mDum.getSecurity()->encrypt(mMsg.getContents() , mRecipientAor);
587 }
588
589 if (contents)
590 {
591 contents = mDum.getSecurity()->sign(mSenderAor, contents);
592 }
593
594 return contents;
595 }
596
597 EncryptionManager::Decrypt::Decrypt(DialogUsageManager& dum,
598 RemoteCertStore* store,
599 const SipMessage& msg,
600 DumFeature& feature)
601 : Request(dum, store, msg, feature)
602 {
603 if (msg.isResponse())
604 {
605 mDecryptor = msg.header(h_From).uri().getAor();
606 mSigner = msg.header(h_To).uri().getAor();
607 }
608 else
609 {
610 mDecryptor = msg.header(h_To).uri().getAor();
611 mSigner = msg.header(h_From).uri().getAor();
612 }
613
614 if (msg.getContents())
615 {
616 mContents.reset(msg.getContents()->clone());
617 }
618 }
619
620 EncryptionManager::Decrypt::~Decrypt()
621 {
622 }
623
624 bool EncryptionManager::Decrypt::decrypt(Helper::ContentsSecAttrs& csa)
625 {
626 if (0 != mPendingRequests) return false;
627
628 bool noDecryptionKey = false;
629
630 if (isEncrypted())
631 {
632 bool missingDecryptorCert = !mDum.getSecurity()->hasUserCert(mDecryptor);
633 bool missingDecryptorKey = !mDum.getSecurity()->hasUserPrivateKey(mDecryptor);
634 if (missingDecryptorCert || missingDecryptorKey)
635 {
636 if (mStore)
637 {
638 if (missingDecryptorCert)
639 {
640 InfoLog(<< "Fetching user cert for " << mDecryptor << endl);
641 ++mPendingRequests;
642 MessageId id(mMsg.getTransactionId(), mDecryptor, MessageId::UserCert);
643 mStore->fetch(mDecryptor, MessageId::UserCert, id, mDum);
644 }
645
646 if (missingDecryptorKey)
647 {
648 InfoLog(<< "Fetching private key for " << mDecryptor << endl);
649 ++mPendingRequests;
650 MessageId id(mMsg.getTransactionId(), mDecryptor, MessageId::UserPrivateKey);
651 mStore->fetch(mDecryptor, MessageId::UserPrivateKey, id, mDum);
652 }
653 return false;
654 }
655 else
656 {
657 InfoLog(<< "No remote cert store installed" << endl);
658 noDecryptionKey = true;
659 }
660 }
661 }
662
663 if (!noDecryptionKey && isSigned())
664 {
665 if (!mDum.getSecurity()->hasUserCert(mSigner))
666 {
667 if (mStore)
668 {
669 InfoLog(<< "Fetching user cert for " << mSigner << endl);
670 ++mPendingRequests;
671 MessageId id(mMsg.getTransactionId(), mSigner, MessageId::UserCert);
672 mStore->fetch(mSigner, MessageId::UserCert, id, mDum);
673 return false;
674 }
675 else
676 {
677 InfoLog(<< "No remote cert store installed" << endl);
678 }
679 }
680 }
681
682 csa = getContents(mMsg, *mDum.getSecurity(), noDecryptionKey);
683
684 return true;
685 }
686
687 EncryptionManager::Result EncryptionManager::Decrypt::received(bool success,
688 MessageId::Type type,
689 const Data& aor,
690 const Data& data)
691 {
692 Result result = Complete;
693 assert(mPendingRequests>0 && mPendingRequests<=2);
694 if (success)
695 {
696 if (aor == mSigner)
697 {
698 assert(MessageId::UserCert == type);
699 assert(mPendingRequests==1);
700 --mPendingRequests;
701 InfoLog(<< "Adding user cert for " << aor << endl);
702 mDum.getSecurity()->addUserCertDER(aor, data);
703 }
704 else
705 {
706 assert(aor == mDecryptor);
707 if (MessageId::UserCert == type)
708 {
709 InfoLog(<< "Adding user cert for " << aor << endl);
710 mDum.getSecurity()->addUserCertDER(aor, data);
711 }
712 else
713 {
714 InfoLog(<< "Adding private key for " << aor << endl);
715 mDum.getSecurity()->addUserPrivateKeyDER(aor, data);
716 }
717
718 if (--mPendingRequests == 0)
719 {
720 if (isSigned())
721 {
722 if (!mDum.getSecurity()->hasUserCert(mSigner))
723 {
724 InfoLog(<< "Fetching user cert for " << mSigner << endl);
725 ++mPendingRequests;
726 MessageId id(mMsg.getTransactionId(), mSigner, MessageId::UserCert);
727 mStore->fetch(mSigner, MessageId::UserCert, id, mDum);
728 result = Pending;
729 }
730 }
731 }
732 else
733 {
734 result = Pending;
735 }
736 }
737 }
738 else
739 {
740 InfoLog(<< "Failed to fetch cert for " << aor << endl);
741 }
742
743 if (Complete == result)
744 {
745 Helper::ContentsSecAttrs csa;
746 csa = getContents(mMsg, *mDum.getSecurity(),
747 (!mDum.getSecurity()->hasUserCert(mDecryptor) || !mDum.getSecurity()->hasUserPrivateKey(mDecryptor)));
748 if (csa.mContents.get())
749 {
750 mMsg.setContents(csa.mContents);
751 }
752 if (csa.mAttributes.get())
753 {
754 mMsg.setSecurityAttributes(csa.mAttributes);
755 }
756 DumDecrypted* decrypted = new DumDecrypted(mMsg);
757 mDum.post(decrypted);
758 }
759
760 return result;
761 }
762
763 bool EncryptionManager::Decrypt::isEncrypted()
764 {
765 return isEncryptedRecurse(mMsg.getContents());
766 }
767
768 bool EncryptionManager::Decrypt::isSigned()
769 {
770 return isSignedRecurse(mMsg.getContents(), mDecryptor);
771 }
772
773 bool EncryptionManager::Decrypt::isEncryptedRecurse(Contents* contents)
774 {
775 Pkcs7Contents* pk;
776 if ((pk = dynamic_cast<Pkcs7Contents*>(contents)))
777 {
778 return true;
779 }
780
781 MultipartSignedContents* mps;
782 if ((mps = dynamic_cast<MultipartSignedContents*>(contents)))
783 {
784 return isEncryptedRecurse(*(mps->parts().begin()));
785 }
786
787 MultipartAlternativeContents* alt;
788 if ((alt = dynamic_cast<MultipartAlternativeContents*>(contents)))
789 {
790 for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
791 i != alt->parts().rend(); ++i)
792 {
793 if (isEncryptedRecurse(*i))
794 {
795 return true;
796 }
797 }
798 }
799
800 MultipartMixedContents* mult;
801 if ((mult = dynamic_cast<MultipartMixedContents*>(contents)))
802 {
803 for (MultipartMixedContents::Parts::iterator i = mult->parts().begin();
804 i != mult->parts().end(); ++i)
805 {
806 if (isEncryptedRecurse(*i))
807 {
808 return true;
809 }
810 }
811 }
812
813 return false;
814 }
815
816 bool EncryptionManager::Decrypt::isSignedRecurse(Contents* contents,
817 const Data& decryptorAor)
818 {
819 Pkcs7Contents* pk;
820 if ((pk = dynamic_cast<Pkcs7Contents*>(contents)))
821 {
822 Contents* decrypted = mDum.getSecurity()->decrypt(decryptorAor, pk);
823 bool ret = isSignedRecurse(decrypted, decryptorAor);
824 delete decrypted;
825 return ret;
826 }
827
828 MultipartSignedContents* mps;
829 if ((mps = dynamic_cast<MultipartSignedContents*>(contents)))
830 {
831 return true;
832 }
833
834 MultipartAlternativeContents* alt;
835 if ((alt = dynamic_cast<MultipartAlternativeContents*>(contents)))
836 {
837 for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
838 i != alt->parts().rend(); ++i)
839 {
840 if (isSignedRecurse(*i, decryptorAor))
841 {
842 return true;
843 }
844 }
845 }
846
847 MultipartMixedContents* mult;
848 if ((mult = dynamic_cast<MultipartMixedContents*>(contents)))
849 {
850 for (MultipartMixedContents::Parts::iterator i = mult->parts().begin();
851 i != mult->parts().end(); ++i)
852 {
853 if (isSignedRecurse(*i, decryptorAor))
854 {
855 return true;
856 }
857 }
858 }
859
860 return false;
861 }
862
863 Helper::ContentsSecAttrs EncryptionManager::Decrypt::getContents(const SipMessage& message,
864 Security& security,
865 bool noDecryptionKey)
866 {
867 SecurityAttributes* attr = new SecurityAttributes;
868 attr->setIdentity(message.header(h_From).uri().getAor());
869 Contents* contents = message.getContents();
870 if (contents)
871 {
872 contents = getContentsRecurse(contents, security, noDecryptionKey, attr);
873 }
874
875 std::auto_ptr<Contents> c(contents);
876 std::auto_ptr<SecurityAttributes> a(attr);
877 return Helper::ContentsSecAttrs(c, a);
878 }
879
880 Contents* EncryptionManager::Decrypt::getContentsRecurse(Contents* tree,
881 Security& security,
882 bool noDecryptionKey,
883 SecurityAttributes* attributes)
884 {
885 Pkcs7Contents* pk;
886 if ((pk = dynamic_cast<Pkcs7Contents*>(tree)))
887 {
888 if (noDecryptionKey) return 0;
889 Contents* contents = security.decrypt(mDecryptor, pk);
890 if (contents)
891 {
892 attributes->setEncrypted();
893 }
894 return contents;
895 }
896
897 MultipartSignedContents* mps;
898 if ((mps = dynamic_cast<MultipartSignedContents*>(tree)))
899 {
900 Data signer;
901 SignatureStatus sigStatus = SignatureIsBad;
902 Contents* contents = getContentsRecurse(security.checkSignature(mps, &signer, &sigStatus),
903 security, noDecryptionKey, attributes);
904 attributes->setSigner(signer);
905 attributes->setSignatureStatus(sigStatus);
906 return contents;
907 }
908
909 MultipartAlternativeContents* alt;
910 if ((alt = dynamic_cast<MultipartAlternativeContents*>(tree)))
911 {
912 for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
913 i != alt->parts().rend(); ++i)
914 {
915 Contents* contents = getContentsRecurse(*i, security, noDecryptionKey, attributes);
916 if (contents)
917 {
918 return contents;
919 }
920 }
921 }
922
923 MultipartMixedContents* mult;
924 if ((mult = dynamic_cast<MultipartMixedContents*>(tree)))
925 {
926 for (MultipartMixedContents::Parts::iterator i = mult->parts().begin();
927 i != mult->parts().end(); ++i)
928 {
929 Contents* contents = getContentsRecurse(*i, security, noDecryptionKey, attributes);
930 if (contents)
931 {
932 return contents;
933 }
934 }
935 }
936
937 return tree->clone();
938
939 }
940
941 #endif
942
943 /* ====================================================================
944 * The Vovida Software License, Version 1.0
945 *
946 * Copyright (c) 2000 Vovida Networks, Inc. All rights reserved.
947 *
948 * Redistribution and use in source and binary forms, with or without
949 * modification, are permitted provided that the following conditions
950 * are met:
951 *
952 * 1. Redistributions of source code must retain the above copyright
953 * notice, this list of conditions and the following disclaimer.
954 *
955 * 2. Redistributions in binary form must reproduce the above copyright
956 * notice, this list of conditions and the following disclaimer in
957 * the documentation and/or other materials provided with the
958 * distribution.
959 *
960 * 3. The names "VOCAL", "Vovida Open Communication Application Library",
961 * and "Vovida Open Communication Application Library (VOCAL)" must
962 * not be used to endorse or promote products derived from this
963 * software without prior written permission. For written
964 * permission, please contact vocal@vovida.org.
965 *
966 * 4. Products derived from this software may not be called "VOCAL", nor
967 * may "VOCAL" appear in their name, without prior written
968 * permission of Vovida Networks, Inc.
969 *
970 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
971 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
972 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
973 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA
974 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
975 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
976 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
977 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
978 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEOR
979 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
980 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
981 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
982 * DAMAGE.
983 *
984 * ====================================================================
985 *
986 * This software consists of voluntary contributions made by Vovida
987 * Networks, Inc. and many individuals on behalf of Vovida Networks,
988 * Inc. For more information on Vovida Networks, Inc., please see
989 * <http://www.vovida.org/>.
990 *
991 */

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27