📄 tokentransport.c
字号:
VoltTransportCtx *transCtx = (VoltTransportCtx *)transportCtx;
VoltDelegatedTransCtx *localCtx = (VoltDelegatedTransCtx *)(transCtx->localCtx);
VoltIdentityObject *obj = (VoltIdentityObject *)identity;
VoltCertRequestObject *certReq = (VoltCertRequestObject *)certRequest;
VoltCertObject *certObj = (VoltCertObject *)signingCert;
VoltKeyObject *priKey = (VoltKeyObject *)ibePriKey;
VoltDistrictObject *distObj;
VoltLibCtx *libCtx = (VoltLibCtx *)(obj->voltObject.libraryCtx);
unsigned char *temp;
Asn1P10Request *asnCertReq = (Asn1P10Request *)0;
mIcServerObject *icServer = (mIcServerObject *)0;
char *component = "TKCOM/2.3.0.0";
char *policyServer = (char *)0;
unsigned char *secret = (unsigned char *)0;
unsigned char *distQualName = (unsigned char *)0;
unsigned int secretLen, tokenLen ;
unsigned char *token = (unsigned char *)0;
VtVoltageAuthTokenInfo tokenInfo;
VoltSurrenderCtx *surrCtx = (VoltSurrenderCtx *)0;
VOLT_DECLARE_ERROR_TYPE (errorType)
VOLT_DECLARE_FNCT_LINE (fnctLine)
do
{
/* This transport function performs network access. Check the no net
* access bit in the libCtx->flags field to make sure the caller
* allows it.
*/
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_UNKNOWN_DISTRICT;
if ((libCtx->flags & VOLT_LIB_CTX_NO_NETWORK_ACCESS) != 0)
break;
/* This provider will always make a private key request,
* Cert request is optional. If the caller doesn't want to store
* any of the private key or cert received in the response.
* Then there is No point in making the request itself.
*/
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_INVALID_PROVIDER_USE;
if ( (ibePriKey == (VtKeyObject)0) && (signingCert == (VtCertObject)0) )
break;
/* If we have a cert object make sure we have the Cert request too.
* The opposite is not true though. We can pass a cert request but
* pass a null cert object if we just want to ignore the
* cert received in the response.
*/
VOLT_SET_FNCT_LINE (fnctLine)
if ( (certReq == (VoltCertRequestObject *)0) &&
(certObj != (VoltCertObject *)0) )
break;
/* One of the keys may already contain data (it was in storage, the
* other was not). So clear the private key data or the pub key cert.
*/
if (priKey != (VoltKeyObject *)0)
{
if (priKey->keyData != (Pointer)0)
{
if (priKey->KeyDataDestroy != (VCtxDestroy)0)
{
priKey->KeyDataDestroy ((Pointer)priKey, priKey->keyData);
priKey->keyData = (Pointer)0;
priKey->KeyDataDestroy = (VCtxDestroy)0;
priKey->keyType = 0;
}
}
}
if (certObj != (VoltCertObject *)0)
{
VtDestroyKeyObject (&(certObj->pubKey));
if (certObj->certificate.data != (unsigned char *)0)
{
libCtx = (VoltLibCtx *)(certObj->voltObject.libraryCtx);
Z2Free (certObj->certificate.data);
certObj->certificate.data = (unsigned char *)0;
certObj->certificate.len = 0;
libCtx = (VoltLibCtx *)(transCtx->voltObject.libraryCtx);
}
}
if ( ((transCtx->voltObject.objectType & VOLT_OBJECT_TYPE_SURRENDER) != 0) &&
(transCtx->voltObject.surrenderCtx != (Pointer)0) )
{
surrCtx = (VoltSurrenderCtx *)(transCtx->voltObject.surrenderCtx);
surrCtx->surrenderInfo.callingFlag = VT_SURRENDER_FNCT_IBE_KEY_DOWNLOAD;
surrCtx->surrenderInfo.callCount = 2;
surrCtx->surrenderInfo.callNumber = 1;
VOLT_SET_FNCT_LINE (fnctLine)
status = surrCtx->Surrender (
surrCtx->libraryCtx, surrCtx->appData, &(surrCtx->surrenderInfo));
if (status != 0)
break;
}
/* If the incoming identity object does not contain the encoded
* identity, get it now.
*/
VOLT_SET_ERROR_TYPE (errorType, 0)
if (obj->encoding.data == (unsigned char *)0)
{
VOLT_SET_FNCT_LINE (fnctLine)
status = VtEncodeIdentity (
identity, VT_ENCODE_IBCS_2_V_DISTRICT | VT_ENCODE_FOR_SIGNING,
policyCtx, storageCtx, transportCtx, (unsigned char *)0, 0, &index);
if (status == 0)
status = VT_ERROR_GENERAL;
if (status != VT_ERROR_BUFFER_TOO_SMALL)
break;
}
distQualName = obj->district->qualDistrictName.data;
/* currently only * is supported as regular expression
*/
VOLT_SET_FNCT_LINE (fnctLine)
status = GetDistrictSecretAlloc (
transCtx, distQualName, "*", &secret, &secretLen);
if (status != 0)
break;
/* Get the district parameters.
*/
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
status = VtDetermineDistrict (
identity, policyCtx, storageCtx, transportCtx,
(unsigned char *)0, 0, &districtNameLen);
if (status == 0)
status = VT_ERROR_INVALID_INPUT;
if (status != VT_ERROR_BUFFER_TOO_SMALL)
break;
VOLT_SET_FNCT_LINE (fnctLine)
status = VtObtainIBEParams (
obj->district, policyCtx, storageCtx, transportCtx);
if (status != 0)
break;
/* Get the policy server extension out of the district.
* Run through all the extensions, search for the one with the OID
* we want.
*/
distObj = (VoltDistrictObject *)(obj->district);
status = VtGetDistrictParam (
obj->district, VtDistrictParamPolicyServer, (Pointer *)&policyServer);
if (status != 0)
break;
/* Create the icServer object.
*/
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
status = mIcServerCreateObject (
(VtLibCtx)libCtx, localCtx->defCtx.DoHttp, localCtx->defCtx.uiHandle,
localCtx->defCtx.trustStore, transCtx->timeout, &icServer);
if (status != 0)
break;
/* We need the cert request in X509_REQ form.
*/
if (certReq != (VoltCertRequestObject *)0 )
{
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_MEMORY;
asnCertReq = Asn1P10Request_new ();
if (asnCertReq == (Asn1P10Request *)0)
break;
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_INVALID_ENCODING;
temp = certReq->certRequest.data;
d2i_Asn1P10Request (&asnCertReq, &temp, certReq->certRequest.len);
if (asnCertReq == (Asn1P10Request *)0)
break;
}
/* Create auth tokens based on the secret, identity and district
* to send in the key request.
*/
tokenInfo.sharedSecret.data = secret;
tokenInfo.sharedSecret.len = secretLen;
tokenInfo.policyCtx = policyCtx;
tokenInfo.storageCtx = storageCtx;
tokenInfo.transportCtx = transportCtx;
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
status = VtConstructAuthToken (
identity, VtAuthTokenImplVoltage, (Pointer)&tokenInfo,
(unsigned char *)0, 0, &tokenLen);
if (status != VT_ERROR_BUFFER_TOO_SMALL)
break;
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_MEMORY;
token = (unsigned char *)Z2Malloc (tokenLen, VOLT_MEMORY_SENSITIVE);
if (token == (unsigned char *)0 )
break;
VOLT_SET_ERROR_TYPE (errorType, 0)
VOLT_SET_FNCT_LINE (fnctLine)
status = VtConstructAuthToken (
identity, VtAuthTokenImplVoltage, (Pointer)&tokenInfo,
token, tokenLen, &tokenLen);
if (status != 0)
break;
/* Fill in the fields of the serverRequestData.
*/
icServer->uiHandle = localCtx->defCtx.uiHandle;
/* The server is the policy server.
*/
icServer->serverRequestData.server = policyServer;
icServer->serverRequestData.components = component;
icServer->serverRequestData.authTokens = (char **)&token,
icServer->serverRequestData.authTokensCount = 1;
icServer->serverRequestData.id = obj->encoding.data;
icServer->serverRequestData.idLen = obj->encoding.len;
icServer->serverRequestData.request = asnCertReq;
/* This call downloads the info.
*/
VOLT_SET_FNCT_LINE (fnctLine)
status = mIcServerRequest (icServer, obj, transCtx);
if (status != 0)
break;
/* If we completed the download, one more call to surrender.
*/
if (surrCtx != (VoltSurrenderCtx *)0)
{
surrCtx->surrenderInfo.callingFlag = VT_SURRENDER_FNCT_IBE_KEY_DOWNLOAD;
surrCtx->surrenderInfo.callCount = 2;
surrCtx->surrenderInfo.callNumber = 2;
VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
VOLT_SET_FNCT_LINE (fnctLine)
status = surrCtx->Surrender (
surrCtx->libraryCtx, surrCtx->appData, &(surrCtx->surrenderInfo));
if (status != 0)
break;
}
/* Extract the private key and cert from the ServerResponse struct.
* If any of these objects are NULL it means caller is not interested
* in receiving that value.
*/
if (ibePriKey != (VtKeyObject) 0 )
{
VOLT_SET_FNCT_LINE (fnctLine)
status = VoltSetPrivateKeyObject (
libCtx, distObj->paramObj, obj->encoding.data, obj->encoding.len,
icServer->serverResponseData.privateKey,
(unsigned int)(icServer->serverResponseData.privateKeyLen), ibePriKey);
if (status != 0)
break;
}
if (signingCert != (VtCertObject)0)
{
VOLT_SET_FNCT_LINE (fnctLine)
status = VoltSetCertObject (
libCtx, icServer->serverResponseData.asn1Cert, signingCert);
if (status != 0)
break;
}
} while (0);
if (token != (unsigned char *)0)
Z2Free (token);
if (asnCertReq != (Asn1P10Request *)0)
Asn1P10Request_free (asnCertReq);
if (secret != (unsigned char *)0 )
Z2Free (secret);
if (policyServer != (char *)0)
Z2Free (policyServer);
if (icServer != (mIcServerObject *)0)
{
/* Null the fields we took care of explicitly in this routine.
*/
icServer->serverRequestData.server = (char *)0;
icServer->serverRequestData.authTokens = (char **)0;
icServer->serverRequestData.authTokensCount = 0;
icServer->serverRequestData.id = (unsigned char *)0;
icServer->serverRequestData.idLen = 0;
icServer->serverRequestData.request = (Asn1P10Request *)0;
mIcServerDestroyObject (&icServer);
}
VOLT_LOG_ERROR_COMPARE (
status, (VtLibCtx)libCtx, status, errorType, fnctLine,
"VoltTokenDownloadKeyAndCert", (char *)0)
return (status);
}
static int GetDistrictSecretAlloc (
VoltTransportCtx *transCtx,
unsigned char *distQualName,
unsigned char *email,
unsigned char **secret,
unsigned int *outLen
)
{
int status;
unsigned int index, districtLen1, districtLen2, secretLen;
VoltDelegatedTransCtx *localCtx =
(VoltDelegatedTransCtx *)(transCtx->localCtx);
VoltLibCtx *libCtx = (VoltLibCtx *)(transCtx->voltObject.libraryCtx);
unsigned char *sharedSecret = (unsigned char *)0;
VOLT_DECLARE_FNCT_LINE (fnctLine)
do
{
status = VT_ERROR_NO_DISTRICT_SECRET;
/* First, check to see if we can find a match with the qualified
* name.
*/
districtLen1 = Z2Strlen (distQualName);
for (index = 0; index < localCtx->numSecrets; ++index)
{
districtLen2 = Z2Strlen (localCtx->secretList[index]->districtName);
if (districtLen1 != districtLen2)
continue;
if (Z2Memcmp (
distQualName , localCtx->secretList[index]->districtName,
districtLen1) == 0)
break;
}
/* If we went through the entire list without finding a match, search
* for the unqualified name.
*/
if (index >= localCtx->numSecrets)
{
index = districtLen1 - 1;
while (index != 0)
{
if (distQualName[index] == (unsigned char)'#')
break;
index--;
}
/* If we didn't find '#', we couldn't find the unqualified name.
*/
VOLT_SET_FNCT_LINE (fnctLine)
if (index == 0)
break;
districtLen1 = index;
for (index = 0; index < localCtx->numSecrets; ++index)
{
districtLen2 = Z2Strlen (localCtx->secretList[index]->districtName);
if (districtLen1 != districtLen2)
continue;
if (Z2Memcmp (
distQualName , localCtx->secretList[index]->districtName,
districtLen1) == 0)
break;
}
/* If we went through the entire list without finding a match, we
* can give up now.
*/
VOLT_SET_FNCT_LINE (fnctLine)
if (index >= localCtx->numSecrets)
break;
}
/* Copy the secret from the chosen index.
*/
VOLT_SET_FNCT_LINE (fnctLine)
status = VT_ERROR_MEMORY;
secretLen = localCtx->secretList[index]->sharedSecret.len;
sharedSecret = (unsigned char *) Z2Malloc (
secretLen + 1, VOLT_MEMORY_SENSITIVE);
if (sharedSecret == (unsigned char *) 0 )
break;
Z2Memcpy (
sharedSecret, localCtx->secretList[index]->sharedSecret.data, secretLen);
sharedSecret[secretLen] = 0;
*secret = sharedSecret;
*outLen = secretLen;
status = 0;
} while (0);
if (status == 0)
return (0);
if (sharedSecret != (unsigned char *)0)
Z2Free (sharedSecret);
VOLT_LOG_ERROR (
(VtLibCtx)libCtx, status, VT_ERROR_TYPE_PRIMARY, fnctLine,
"GetDistrictSecretAlloc", (char *)0)
return (status);
}
void LocalTokenTransCtxDestroy (
Pointer obj,
Pointer ctx
)
{
unsigned int index;
VoltLibCtx *libCtx;
VoltDelegatedTransCtx *localCtx;
/* If there's nothing to destroy, don't do anything.
*/
if ( (obj == (Pointer)0) || (ctx == (Pointer)0) )
return;
localCtx = (VoltDelegatedTransCtx *)ctx;
libCtx = (VoltLibCtx *)(((VoltObject *)obj)->libraryCtx);
for (index = 0; index < localCtx->numSecrets; ++index)
{
if (localCtx->secretList[index]->districtName != (unsigned char *)0)
Z2Free (localCtx->secretList[index]->districtName);
if (localCtx->secretList[index]->regularExpression != (unsigned char *)0)
Z2Free (localCtx->secretList[index]->regularExpression);
if (localCtx->secretList[index]->sharedSecret.data != (unsigned char *)0)
Z2Free (localCtx->secretList[index]->sharedSecret.data);
Z2Free (localCtx->secretList[index]);
}
if (localCtx->secretList != (VtDelegatedSecretInfo **) 0)
Z2Free (localCtx->secretList);
Z2Free (ctx);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -