📄 encryptionmanager.cxx
字号:
if (mDum.getSecurity()->hasUserCert(mRecipientAor)) { InfoLog(<< "Encrypting message" << endl); MultipartAlternativeContents* alt = dynamic_cast<MultipartAlternativeContents*>(mMsgToEncrypt->getContents()); if (alt) { // encrypt the last part. MultipartMixedContents::Parts parts = alt->parts(); Contents* last = mDum.getSecurity()->encrypt(parts.back(), mRecipientAor); if (last) { MultipartAlternativeContents* mac = new MultipartAlternativeContents(*alt); delete mac->parts().back(); mac->parts().pop_back(); mac->parts().push_back(last); *contents = mac; } } else { *contents = mDum.getSecurity()->encrypt(mMsgToEncrypt->getContents(), mRecipientAor); } } else { if (mStore) { InfoLog(<< "Fetching cert for " << mRecipientAor << endl); ++mPendingRequests; MessageId id(mMsgToEncrypt->getTransactionId(), mRecipientAor, MessageId::UserCert); mStore->fetch(mRecipientAor, MessageId::UserCert, id, mDum); async = true; } else { InfoLog(<< "No remote cert store installed" << endl); *noCerts = true; response415(); } } return async;}EncryptionManager::Result EncryptionManager::Encrypt::received(bool success, MessageId::Type type, const Data& aor, const Data& data){ assert(mRecipientAor==aor); assert(type==MessageId::UserCert); assert(mPendingRequests==1); if (success) { InfoLog(<< "Adding user cert for " << aor << endl); mDum.getSecurity()->addUserCertDER(aor, data); --mPendingRequests; InfoLog(<< "Encrypting message" << endl); Pkcs7Contents* encrypted = mDum.getSecurity()->encrypt(mMsgToEncrypt->getContents(), aor); mMsgToEncrypt->setContents(auto_ptr<Contents>(encrypted)); DumHelper::setEncryptionPerformed(*mMsgToEncrypt); OutgoingEvent* event = new OutgoingEvent(mMsgToEncrypt); //mTaken = false; mDum.post(new TargetCommand(mDum.dumOutgoingTarget(), auto_ptr<Message>(event))); } else { InfoLog(<< "Failed to fetch cert for " << aor << endl); response415(); } return Complete;}EncryptionManager::SignAndEncrypt::SignAndEncrypt(DialogUsageManager& dum, RemoteCertStore* store, SharedPtr<SipMessage> msg, const Data& senderAor, const Data& recipientAor, DumFeature& feature) : Request(dum, store, msg, feature), mSenderAor(senderAor), mRecipientAor(recipientAor){}EncryptionManager::SignAndEncrypt::~SignAndEncrypt(){}bool EncryptionManager::SignAndEncrypt::signAndEncrypt(Contents** contents, bool* noCerts){ *contents = 0; *noCerts = false; bool async = false; bool missingCert = !mDum.getSecurity()->hasUserCert(mSenderAor); bool missingKey = !mDum.getSecurity()->hasUserPrivateKey(mSenderAor); bool missingRecipCert = !mDum.getSecurity()->hasUserCert(mRecipientAor); if (!missingCert && !missingKey && !missingRecipCert) { InfoLog(<< "Encrypting and signing message" << endl); *contents = doWork(); } else { if (mStore) { if (missingCert) { InfoLog(<< "Fetching cert for " << mSenderAor << endl); ++mPendingRequests; MessageId id(mMsgToEncrypt->getTransactionId(), mSenderAor, MessageId::UserCert); mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum); } if (missingKey) { InfoLog(<< "Fetching private key for " << mSenderAor << endl); ++mPendingRequests; MessageId id(mMsgToEncrypt->getTransactionId(), mSenderAor, MessageId::UserPrivateKey); mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum); } if (missingRecipCert) { InfoLog(<< "Fetching cert for " << mRecipientAor << endl); ++mPendingRequests; MessageId id(mMsgToEncrypt->getTransactionId(), mRecipientAor, MessageId::UserCert); mStore->fetch(mSenderAor, MessageId::UserCert, id, mDum); } async = true; } else { InfoLog(<< "No remote cert store installed" << endl); *noCerts = true; response415(); } } return async;}EncryptionManager::Result EncryptionManager::SignAndEncrypt::received(bool success, MessageId::Type type, const Data& aor, const Data& data){ assert(mPendingRequests>0&&mPendingRequests<=3); Result result = Pending; if (success) { if (type == MessageId::UserCert) { assert(aor==mSenderAor||aor==mRecipientAor); InfoLog(<< "Adding user cert for " << aor << endl); mDum.getSecurity()->addUserCertDER(aor, data); } else { assert(aor==mSenderAor); InfoLog(<< "Adding private key for " << aor << endl); mDum.getSecurity()->addUserPrivateKeyDER(aor, data); } if (--mPendingRequests == 0) { InfoLog(<< "Encrypting and signing message" << endl); Contents* contents = doWork(); mMsgToEncrypt->setContents(auto_ptr<Contents>(contents)); DumHelper::setEncryptionPerformed(*mMsgToEncrypt); OutgoingEvent* event = new OutgoingEvent(mMsgToEncrypt); //mTaken = false; mDum.post(new TargetCommand(mDum.dumOutgoingTarget(), auto_ptr<Message>(event))); result = Complete; } } else { InfoLog(<< "Failed to fetch cert for " << aor << endl); response415(); result = Complete; } return result;}Contents* EncryptionManager::SignAndEncrypt::doWork(){ Contents* contents = 0; MultipartAlternativeContents* mac = dynamic_cast<MultipartAlternativeContents*>(mMsgToEncrypt->getContents()); if (mac) { MultipartMixedContents::Parts parts = mac->parts(); Pkcs7Contents* pkcs7 = mDum.getSecurity()->encrypt(parts.back(), mRecipientAor); if (pkcs7) { MultipartAlternativeContents* alt = new MultipartAlternativeContents(*mac); delete alt->parts().back(); alt->parts().pop_back(); alt->parts().push_back(pkcs7); contents = alt; } } else { contents = mDum.getSecurity()->encrypt(mMsgToEncrypt->getContents() , mRecipientAor); } if (contents) { contents = mDum.getSecurity()->sign(mSenderAor, contents); } return contents;}EncryptionManager::Decrypt::Decrypt(DialogUsageManager& dum, RemoteCertStore* store, SipMessage* msg, DumFeature& feature) : Request(dum, store, SharedPtr<SipMessage>(), feature), mIsEncrypted(false), mMsgToDecrypt(msg), mMessageTaken(false){ if (msg->isResponse()) { mDecryptor = msg->header(h_From).uri().getAor(); mSigner = msg->header(h_To).uri().getAor(); } else { mDecryptor = msg->header(h_To).uri().getAor(); mSigner = msg->header(h_From).uri().getAor(); }}EncryptionManager::Decrypt::~Decrypt(){ if (mMessageTaken) { delete mMsgToDecrypt; }}bool EncryptionManager::Decrypt::decrypt(Helper::ContentsSecAttrs& csa){ bool noDecryptionKey = false; if (!dynamic_cast<Pkcs7Contents*>(mMsgToDecrypt->getContents())) { mOriginalMsgContents = Data(mMsgToDecrypt->getContents()->getHeaderField().mField, mMsgToDecrypt->getContents()->getHeaderField().mFieldLength); mOriginalMsgContentsType = mMsgToDecrypt->getContents()->getType(); } else { mIsEncrypted = true; } if (isEncrypted()) { bool missingDecryptorCert = !mDum.getSecurity()->hasUserCert(mDecryptor); bool missingDecryptorKey = !mDum.getSecurity()->hasUserPrivateKey(mDecryptor); if (missingDecryptorCert || missingDecryptorKey) { if (mStore) { if (missingDecryptorCert) { InfoLog(<< "Fetching user cert for " << mDecryptor << endl); ++mPendingRequests; MessageId id(mMsgToDecrypt->getTransactionId(), mDecryptor, MessageId::UserCert); mStore->fetch(mDecryptor, MessageId::UserCert, id, mDum); } if (missingDecryptorKey) { InfoLog(<< "Fetching private key for " << mDecryptor << endl); ++mPendingRequests; MessageId id(mMsgToDecrypt->getTransactionId(), mDecryptor, MessageId::UserPrivateKey); mStore->fetch(mDecryptor, MessageId::UserPrivateKey, id, mDum); } mMessageTaken = true; return false; } else { InfoLog(<< "No remote cert store installed" << endl); noDecryptionKey = true; } } } if (isSigned(noDecryptionKey)) { if (!mDum.getSecurity()->hasUserCert(mSigner)) { if (mStore) { InfoLog(<< "Fetching user cert for " << mSigner << endl); ++mPendingRequests; MessageId id(mMsgToDecrypt->getTransactionId(), mSigner, MessageId::UserCert); mStore->fetch(mSigner, MessageId::UserCert, id, mDum); mMessageTaken = true; return false; } else { InfoLog(<< "No remote cert store installed" << endl); } } } csa = getContents(mMsgToDecrypt, *mDum.getSecurity(), noDecryptionKey); return true;}EncryptionManager::Result EncryptionManager::Decrypt::received(bool success, MessageId::Type type, const Data& aor, const Data& data){ Result result = Complete; assert(mPendingRequests>0 && mPendingRequests<=2); if (success) { if (aor == mSigner) { assert(MessageId::UserCert == type); assert(mPendingRequests==1); --mPendingRequests; InfoLog(<< "Adding user cert for " << aor << endl); mDum.getSecurity()->addUserCertDER(aor, data); } else { assert(aor == mDecryptor); if (MessageId::UserCert == type) { InfoLog(<< "Adding user cert for " << aor << endl); mDum.getSecurity()->addUserCertDER(aor, data); } else { InfoLog(<< "Adding private key for " << aor << endl); mDum.getSecurity()->addUserPrivateKeyDER(aor, data); } if (--mPendingRequests == 0) { if (isSigned(false)) { if (!mDum.getSecurity()->hasUserCert(mSigner)) { InfoLog(<< "Fetching user cert for " << mSigner << endl); ++mPendingRequests; MessageId id(mMsgToDecrypt->getTransactionId(), mSigner, MessageId::UserCert); mStore->fetch(mSigner, MessageId::UserCert, id, mDum); result = Pending; } } } else { result = Pending; } } } else { InfoLog(<< "Failed to fetch cert for " << aor << endl); } if (Complete == result) { Helper::ContentsSecAttrs csa; csa = getContents(mMsgToDecrypt, *mDum.getSecurity(), (!mDum.getSecurity()->hasUserCert(mDecryptor) || !mDum.getSecurity()->hasUserPrivateKey(mDecryptor))); if (csa.mContents.get()) { csa.mContents->checkParsed(); mMsgToDecrypt->setContents(csa.mContents); if (csa.mAttributes.get()) { mMsgToDecrypt->setSecurityAttributes(csa.mAttributes); } } else { // no valid contents. ErrLog(<< "No valid contents in message received" << endl); handleInvalidContents(); if (mMsgToDecrypt->isRequest() && !isAckOrCancelOrBye(*mMsgToDecrypt)) { return result; } } // Todo: make CertMessage DumFeatureMessage and get rid of DumDecrypted. // Currently the message will not be processed by // any features in the chain after EncryptionManager. DumDecrypted* decrypted = new DumDecrypted(*mMsgToDecrypt); mDum.post(decrypted); } return result;}bool EncryptionManager::Decrypt::isEncrypted(){ Contents* contents = mMsgToDecrypt->getContents(); return isEncryptedRecurse(&contents);}bool EncryptionManager::Decrypt::isSigned(bool noDecryptionKey){ Contents* contents = mMsgToDecrypt->getContents(); return isSignedRecurse(&contents, mDecryptor, noDecryptionKey);}bool EncryptionManager::Decrypt::isEncryptedRecurse(Contents** contents){ InvalidContents* ic; if ((ic = dynamic_cast<InvalidContents*>(*contents))) { return false; } Pkcs7Contents* pk; if ((pk = dynamic_cast<Pkcs7Contents*>(*contents))) { return true; } MultipartSignedContents* mps; if ((mps = dynamic_cast<MultipartSignedContents*>(*contents))) { try { mps->parts(); } catch (BaseException& e) { // structure of multipart is bad. this is unrecoverable error, // replace the whole multipart contents with an InvalidContents. ErrLog(<< e.name() << endl << e.getMessage()); if (*contents == mMsgToDecrypt->getContents()) { mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(mps))); } else { *contents = createInvalidContents(mps); delete mps; } return false; } return isEncryptedRecurse(&(*(mps->parts().begin()))); } MultipartAlternativeContents* alt = dynamic_cast<MultipartAlternativeContents*>(*contents); if (alt) { try {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -