encryptionmanager.cxx

这是国外的resip协议栈

         alt->parts();
      }
      catch (BaseException& e)
      {
         ErrLog(<< e.name() << endl << e.getMessage());
         if (*contents == mMsgToDecrypt->getContents())
         {
            mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(alt)));
         }
         else
         {
            *contents = createInvalidContents(alt);
            delete alt;
         }
         return false;
      }

      for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
           i != alt->parts().rend(); ++i)
      {
         if (isEncryptedRecurse(&(*i)))
         {
            return true;
         }
      }

      return false;
   }

   if (dynamic_cast<MultipartMixedContents*>(*contents))
   {
      return false;
   }

   return false;
}

bool EncryptionManager::Decrypt::isSignedRecurse(Contents** contents,
                                                 const Data& decryptorAor,
                                                 bool noDecryptionKey)
{
   InvalidContents* ic;
   if ((ic = dynamic_cast<InvalidContents*>(*contents)))
   {
      return false;
   }

   Pkcs7Contents* pk;
   if ((pk = dynamic_cast<Pkcs7Contents*>(*contents)))
   {
      if (noDecryptionKey) 
      {
         return false;
      }

      Contents* decrypted = mDum.getSecurity()->decrypt(decryptorAor, pk);
      bool ret = false;
      
      if (decrypted)
      {
         if (*contents == mMsgToDecrypt->getContents())
         {
            mOriginalMsgContents = Data(decrypted->getHeaderField().mField, decrypted->getHeaderField().mFieldLength);
            mOriginalMsgContentsType = decrypted->getType();
         }
         
         try
         {
            decrypted->checkParsed();
            if (isMultipart(decrypted))
            {
               if (dynamic_cast<MultipartSignedContents*>(decrypted))
               {
                  ret = true;
               }
               else
               {
                  if (*contents == mMsgToDecrypt->getContents())
                  {
                     mMsgToDecrypt->setContents(auto_ptr<Contents>(decrypted));
                     *contents = mMsgToDecrypt->getContents();
                  }
                  else
                  {
                     *contents = decrypted;
                     delete pk;
                  }
                  return isSignedRecurse(contents, decryptorAor, noDecryptionKey);
               }
            }
         }
         catch (BaseException& e)
         {
            ErrLog(<< e.name() << endl << e.getMessage());

            if (*contents == mMsgToDecrypt->getContents())
            {
               mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(decrypted)));
            }
            else
            {
               *contents = createInvalidContents(decrypted);
               delete pk;
            }
         }

         delete decrypted;
      }

      return ret;
   }

   MultipartSignedContents* mps;
   if ((mps = dynamic_cast<MultipartSignedContents*>(*contents)))
   {
      return true;
   }

   MultipartAlternativeContents* alt = dynamic_cast<MultipartAlternativeContents*>(*contents);
   if (alt)
   {
      try
      {
         alt->parts();
      }
      catch (BaseException& e)
      {
         // structure of multipart is bad. this is unrecoverable error,
         // replace the whole multipart contents with an InvalidContents.
         ErrLog(<< e.name() << endl << e.getMessage());

         if (*contents == mMsgToDecrypt->getContents())
         {
            mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(alt)));
         }
         else
         {
            *contents = createInvalidContents(alt);
            delete alt;
         }

         return false;
      }

      for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
           i != alt->parts().rend(); ++i)
      {
         if (isSignedRecurse(&(*i), decryptorAor, noDecryptionKey))
         {
            return true;
         }
      }

      return false;
   }

   if (dynamic_cast<MultipartMixedContents*>(*contents))
   {
      return false;
   }

   return false;
}

Helper::ContentsSecAttrs EncryptionManager::Decrypt::getContents(SipMessage* message,
                                                                 Security& security,
                                                                 bool noDecryptionKey)
{
   SecurityAttributes* attr = new SecurityAttributes;
   attr->setIdentity(message->header(h_From).uri().getAor());
   Contents* contents = message->getContents();
   if (contents)
   {
      contents = getContentsRecurse(&contents, security, noDecryptionKey, attr);
   }

   if (contents)
   {
      if (mIsEncrypted)
      {
         attr->setEncrypted();
      }
   }

   std::auto_ptr<Contents> c(contents);
   std::auto_ptr<SecurityAttributes> a(attr);
   return Helper::ContentsSecAttrs(c, a);
}

Contents* EncryptionManager::Decrypt::getContentsRecurse(Contents** tree,
                                                         Security& security,
                                                         bool noDecryptionKey,
                                                         SecurityAttributes* attributes)
{
   InvalidContents* ic;
   if ((ic = dynamic_cast<InvalidContents*>(*tree)))
   {
      return 0;
   }

   Pkcs7Contents* pk;
   if ((pk = dynamic_cast<Pkcs7Contents*>(*tree)))
   {
      if (noDecryptionKey) 
      {
         return 0;
      }

      Contents* contents = security.decrypt(mDecryptor, pk);
      if (contents)
      {
         if (*tree == mMsgToDecrypt->getContents())
         {
            mOriginalMsgContents = Data(contents->getHeaderField().mField, contents->getHeaderField().mFieldLength);
            mOriginalMsgContentsType = contents->getType();
         }

         try
         {
            contents->checkParsed();
            if (isMultipart(contents))
            {
               if (*tree == mMsgToDecrypt->getContents())
               {
                  mMsgToDecrypt->setContents(auto_ptr<Contents>(contents));
                  *tree = mMsgToDecrypt->getContents();
               }
               else
               {
                  *tree = contents;
                  delete pk;
               }

               return getContentsRecurse(tree, security, noDecryptionKey, attributes);
            }
            else
            {
               attributes->setEncrypted();
            }
         }
         catch (BaseException& e)
         {
            ErrLog(<< e.name() << endl << e.getMessage());

            if (*tree == mMsgToDecrypt->getContents())
            {
               mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(contents)));
            }
            else
            {
               *tree = createInvalidContents(contents);
               delete pk;
            }

            delete contents;
            return 0;
         }
      }

      return contents;
   }

   MultipartSignedContents* mps;
   if ((mps = dynamic_cast<MultipartSignedContents*>(*tree)))
   {
      Data signer;
      SignatureStatus sigStatus = SignatureIsBad;
      Contents* tmp = security.checkSignature(mps, &signer, &sigStatus);
      Contents* contents = getContentsRecurse(&tmp,
                                              security, noDecryptionKey, attributes);
      attributes->setSigner(signer);
      attributes->setSignatureStatus(sigStatus);
      return contents;
   }

   MultipartAlternativeContents* alt;
   if ((alt = dynamic_cast<MultipartAlternativeContents*>(*tree)))
   {
      try
      {
         alt->parts();
      }
      catch (BaseException& e)
      {
         // structure of multipart is bad. this is an unrecoverable error,
         // replace the whole multipart contents with an InvalidContents.
         ErrLog(<< e.name() << endl << e.getMessage());

         if (*tree == mMsgToDecrypt->getContents())
         {
            mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(alt)));
         }
         else
         {
            *tree = createInvalidContents(alt);
            delete alt;
         }

         return 0;
      }

      for (MultipartAlternativeContents::Parts::reverse_iterator i = alt->parts().rbegin();
           i != alt->parts().rend(); ++i)
      {
         Contents* contents = getContentsRecurse(&(*i), security, noDecryptionKey, attributes);
         if (contents)
         {
            return contents;
         }
      }

      return 0;
   }

   MultipartMixedContents* mult;
   if ((mult = dynamic_cast<MultipartMixedContents*>(*tree)))
   {
      try
      {
         mult->parts();
      }
      catch (BaseException& e)
      {
         // structure of multipart is bad. this is unrecoverable error,
         // replace the whole multipart contents with an InvalidContents.
         ErrLog(<< e.name() << endl << e.getMessage());

         if (*tree == mMsgToDecrypt->getContents())
         {
            mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(mult)));
         }
         else
         {
            *tree = createInvalidContents(mult);
            delete mult;
         }

         return 0;
      }

      // for now, the multipart/mixed is returned untouched.
      return mult->clone();
   }

   Contents* ret = 0;

   try
   {
      (*tree)->checkParsed();
      ret = (*tree)->clone();
   }
   catch (BaseException& e)
   {
      ErrLog(<< e.name() << endl << e.getMessage());

      if (*tree == mMsgToDecrypt->getContents())
      {
         mMsgToDecrypt->setContents(auto_ptr<Contents>(createInvalidContents(*tree)));
      }
      else
      {
         Contents* tmp = *tree;
         *tree = createInvalidContents(*tree);
         delete tmp;
      }
   }

   return ret;

}

// Todo: move to DumHelper.
InvalidContents*
EncryptionManager::Decrypt::createInvalidContents(Contents* orig)
{
   Data original(orig->getHeaderField().mField, orig->getHeaderField().mFieldLength);
   return new InvalidContents(original, orig->getType());
}

bool
EncryptionManager::Decrypt::isMultipart(Contents* contents)
{
   return (
      dynamic_cast<MultipartSignedContents*>(contents) ||
      dynamic_cast<MultipartAlternativeContents*>(contents) ||
      dynamic_cast<MultipartMixedContents*>(contents)
      );
}

void
EncryptionManager::Decrypt::handleInvalidContents()
{
   if (mMsgToDecrypt->isRequest())
   {
      if (isAckOrCancelOrBye(*mMsgToDecrypt))
      {
         DebugLog(<< "No valid contents in the request" << endl);
         InvalidContents* invalid = new InvalidContents(mOriginalMsgContents, mOriginalMsgContentsType);
         mMsgToDecrypt->setContents(auto_ptr<Contents>(invalid));
      }
      else
      {
         DebugLog(<< "No valid contents in the request -- reject with 400" << endl);
         SipMessage response;
         Helper::makeResponse(response, *mMsgToDecrypt, 400, Data::Empty, mMsgToDecrypt->header(h_RequestLine).uri().host() , "Invalid message body");
         mDum.getSipStack().send(response);
      }
   }
   else
   {
      DebugLog(<< "No valid contents in the response" << endl);
      InvalidContents* invalid = new InvalidContents(mOriginalMsgContents, mOriginalMsgContentsType);
      mMsgToDecrypt->setContents(auto_ptr<Contents>(invalid));
   }
}

#endif

/* ====================================================================
 * The Vovida Software License, Version 1.0 
 * 
 * Copyright (c) 2000 Vovida Networks, Inc.  All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 * 
 * 3. The names "VOCAL", "Vovida Open Communication Application Library",
 *    and "Vovida Open Communication Application Library (VOCAL)" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact vocal@vovida.org.
 *
 * 4. Products derived from this software may not be called "VOCAL", nor
 *    may "VOCAL" appear in their name, without prior written
 *    permission of Vovida Networks, Inc.
 * 
 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
 * NON-INFRINGEMENT ARE DISCLAIMED.  IN NO EVENT SHALL VOVIDA
 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEOR
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 * 
 * ====================================================================
 * 
 * This software consists of voluntary contributions made by Vovida
 * Networks, Inc. and many individuals on behalf of Vovida Networks,
 * Inc.  For more information on Vovida Networks, Inc., please see
 * <http://www.vovida.org/>.
 *
 */