📄 cldappgpkeyserver.cpp
字号:
/*____________________________________________________________________________
Copyright (C) 2002 PGP Corporation
All rights reserved.
$Id: CLDAPPGPKeyServer.cpp,v 1.23 2002/11/05 00:40:51 dallen Exp $
____________________________________________________________________________*/
#include <string.h>
#include "pgpConfig.h"
#include "CLDAPPGPKeyServer.h"
#include "pgpEventPriv.h"
#include "pgpKeys.h"
#include "pgpUtilities.h"
#include "pgpMem.h"
#include "pgpStrings.h"
#define ThrowIfLDAPCanceled_() if (mCanceled) \
ThrowPGPError_(kPGPError_UserAbort);
#define ThrowIfPGPErrorOrLDAPCanceled_(x) { ThrowIfPGPError_(x); \
ThrowIfLDAPCanceled_(); }
#define kNamingContextsAttr "namingContexts"
#define kEmptyBaseDN ""
#define kObjectclassAny "(objectclass=*)"
#define kPGPServerInfoCN "cn=PGPServerInfo"
#define kBaseKeySpaceAttr "pgpBaseKeySpaceDN"
#define kPGPKeyObjectClass "pgpkeyinfo"
#define kObjectclassAttr "objectclass"
#define kPGPKeyAttr "pgpkey"
#define kPGPCertIDAttr "pgpcertid"
#define kPGPDisabledAttr "pgpdisabled"
#define kPGPKeyIDAttr "pgpkeyid"
#define kPGPKeyTypeAttr "pgpkeytype"
#define kPGPUserIDAttr "pgpuserid"
#define kPGPKeyCreateTime "pgpkeycreatetime"
#define kPGPKeyExpireTime "pgpkeyexpiretime"
#define kPGPSignerIDAttr "pgpsignerid"
#define kPGPRevokedAttr "pgprevoked"
#define kPGPSubKeyIDAttr "pgpsubkeyid"
#define kPGPKeySizeAttr "pgpkeysize"
#define kPGPNumberOfAttrs 13
#define kPGPAlgorithmString_RSA "RSA"
#define kPGPAlgorithmString_DSSDH "DSS/DH"
#define kMaxKeySizeStringLength 6 /* 5 for the number, 1 for the '\0' */
CLDAPPGPKeyServer::CLDAPPGPKeyServer(
PGPContextRef inContext,
const char * inHostName,
PGPUInt32 inHostAddress,
PGPUInt16 inHostPort,
PGPKeyServerProtocol inType,
PGPKeyServerClass inClass,
PGPKeyServerAccessType inAccessType,
const char * inKeyStoreDN)
: CKeyServer( inContext, inHostName, inHostAddress, inHostPort, NULL, inType, inClass ),
mContext( inContext ),
mAccessType( inAccessType ),
mLDAP( kInvalidPGPldapContextRef ),
mBaseKeySpaceDN( NULL ),
mExportFormat( kPGPExportFormat_Complete )
{
// if base keyspace dn was passed to us remember the same
if( ( IsntNull( inKeyStoreDN ) ) && ( inKeyStoreDN[0] != '\0' ) )
{
// allocate as much as required
mBaseKeySpaceDN = (char *) PGPNewData(
PGPPeekContextMemoryMgr( mContext ),
strlen( inKeyStoreDN ) + 1,
kPGPMemoryMgrFlags_Clear );
// copy string param to member
if( IsntNull( mBaseKeySpaceDN ) )
strcpy( mBaseKeySpaceDN, inKeyStoreDN );
}
return;
}
CLDAPPGPKeyServer::~CLDAPPGPKeyServer( )
{
if( IsntNull( mBaseKeySpaceDN ) )
{
(void) PGPFreeData( mBaseKeySpaceDN );
mBaseKeySpaceDN = NULL;
}
return;
}
void
CLDAPPGPKeyServer::Cancel( )
{
CKeyServer::Cancel();
if( PGPldapContextRefIsValid( mLDAP ) )
{
PGPError err = kPGPError_NoErr;
PGPSocketRef sock = kInvalidPGPSocketRef;
err = PGPldapGetOption( mLDAP, kPGPldapOpt_Desc, &sock );
if( IsntPGPError( err ) )
(void) PGPCloseSocket( sock );
}
else
return;
return;
}
void
CLDAPPGPKeyServer::Open(
PGPtlsSessionRef inTLSSession )
{
StPreserveSocketsEventHandler preserve(this);
PGPldapResult result;
char * szError = NULL;
const char * namingContextsAttrs[] = { kNamingContextsAttr,
NULL };
char * serverInfoCN = NULL;
PGPldapMessageRef firstMessage = kInvalidPGPldapMessageRef;
PGPldapMessageRef currentMessage = kInvalidPGPldapMessageRef;
char ** namingContexts = NULL;
char ** keySpaceAttrs = NULL;
PGPUInt32 namingContextIndex = 0;
char ** values = NULL;
PGPUInt32 i = 0;
PGPSocketRef sock = kInvalidPGPSocketRef;
PGPError err = kPGPError_NoErr;
SetErrorString( NULL );
try
{
CKeyServer::Open(inTLSSession);
err = pgpEventKeyServer( mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_Opening );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = PGPNewLDAPContext( mContext, &mLDAP );
if( !PGPldapContextRefIsValid( mLDAP ) || IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
err = PGPldapOpen( mLDAP, mHostName, mHostPort );
ThrowIfLDAPCanceled_();
if( IsPGPError( err ) )
ThrowPGPError_( err == kPGPError_SocketsNotConnected ? err : kPGPError_ServerOpenFailed );
// Secure connection for LDAPS
if( mType == kPGPKeyServerProtocol_LDAPS)
{
err = PGPldapGetOption( mLDAP, kPGPldapOpt_Desc, &sock );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
if( ( mTLSSession == kInvalidPGPtlsSessionRef ) ||
( PGPSocketsEstablishTLSSession(
(PGPSocketRef) sock, mTLSSession )
!= kPGPError_NoErr ) )
{
err = pgpEventKeyServerTLS(
mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_TLSUnableToSecureConnection,
mTLSSession );
}
else
{
err = pgpEventKeyServerTLS(
mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_TLSConnectionSecured,
mTLSSession );
mSecured = true;
}
ThrowIfPGPErrorOrLDAPCanceled_( err );
}
mIsOpen = true;
if(NULL != mBaseKeySpaceDN)// if dn was passed to us
return; // we are done ie. we dont need to find out what the base dn would be
/* Look for the keyspace DN */
err = PGPNewLDAPMessage( mLDAP, &firstMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
err = PGPldapSearchSync( mLDAP,
(char *) kEmptyBaseDN,
kPGPldapScope_Base,
(char *) kObjectclassAny,
(char **) namingContextsAttrs,
FALSE,
firstMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
err = PGPldapGetValues( mLDAP,
firstMessage,
(char *) kNamingContextsAttr,
&namingContexts );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
if( PGPldapMessageRefIsValid( firstMessage ) )
{
(void) PGPFreeLDAPMessage( firstMessage );
firstMessage = kInvalidPGPldapMessageRef;
}
for( namingContextIndex = 0;
IsntNull( namingContexts[namingContextIndex] ) &&
IsNull( mBaseKeySpaceDN );
namingContextIndex++ )
{
err = PGPNewLDAPMessage( mLDAP, &firstMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
serverInfoCN = (char *) PGPNewData(
PGPPeekContextMemoryMgr( mContext ),
strlen( namingContexts[namingContextIndex] ) +
strlen( ", " ) +
strlen( kPGPServerInfoCN ) + 1 /* '\0' */,
kPGPMemoryMgrFlags_Clear );
if( IsNull( serverInfoCN ) )
ThrowPGPError_( kPGPError_OutOfMemory );
sprintf( serverInfoCN, "%s, %s", kPGPServerInfoCN,
namingContexts[namingContextIndex] );
err = PGPldapSearchSync( mLDAP,
serverInfoCN,
kPGPldapScope_Base,
(char *) kObjectclassAny,
keySpaceAttrs,
FALSE,
firstMessage );
if( IsntNull( serverInfoCN ) )
{
(void) PGPFreeData( serverInfoCN );
serverInfoCN = NULL;
}
if( IsPGPError( err ) )
{
if( PGPldapMessageRefIsValid( firstMessage ) )
{
(void) PGPFreeLDAPMessage( firstMessage );
firstMessage = kInvalidPGPldapMessageRef;
}
continue;
}
err = PGPldapFirstEntry( mLDAP, firstMessage, ¤tMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
while( PGPldapMessageRefIsValid( currentMessage ) && IsNull( mBaseKeySpaceDN ) )
{
err = PGPldapGetValues( mLDAP,
currentMessage,
(char *) kBaseKeySpaceAttr,
&values );
if( err != kPGPError_LDAPNoSuchAttribute )
{
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
for( i = 0; IsntNull( values[i] ) && IsNull( mBaseKeySpaceDN ); i++ )
{
if( IsNull( mBaseKeySpaceDN ) )
{
mBaseKeySpaceDN = (char *) PGPNewData(
PGPPeekContextMemoryMgr( mContext ),
strlen( values[i] ) + 1,
kPGPMemoryMgrFlags_Clear );
if( IsNull( mBaseKeySpaceDN ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
pgpCopyMemory( values[i], mBaseKeySpaceDN,
strlen( values[i] ) + 1 );
}
}
(void) PGPFreeLDAPValues( values );
values = NULL;
}
err = PGPldapNextEntry( mLDAP, currentMessage, ¤tMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
}
if( PGPldapMessageRefIsValid( firstMessage ) )
{
(void) PGPFreeLDAPMessage( firstMessage );
firstMessage = kInvalidPGPldapMessageRef;
}
}
/*
* If mBaseKeySpaceDN is still NULL, there wasn't a cn=PGPServerInfo
* entry. The server hasn't been set up correctly, so we need to
* return an error.
*/
if( IsNull( mBaseKeySpaceDN ) )
ThrowPGPError_( kPGPError_ServerOpenFailed );
if( IsntNull( namingContexts ) )
(void) PGPFreeLDAPValues( namingContexts );
}
catch( ... )
{
mIsOpen = false;
if( PGPldapContextRefIsValid( mLDAP ) )
{
if( !mCanceled )
{
(void) PGPldapGetErrno( mLDAP, NULL, &szError, &result );
SetErrorString( szError );
}
}
if( IsntNull( serverInfoCN ) )
(void) PGPFreeData( serverInfoCN );
if( IsntNull( values ) )
(void) PGPFreeLDAPValues( values );
if( IsntNull( namingContexts ) )
(void) PGPFreeLDAPValues( namingContexts );
if( PGPldapMessageRefIsValid( firstMessage ) )
(void) PGPFreeLDAPMessage( firstMessage );
if( mCanceled )
{
mCanceled = false;
ThrowPGPError_( kPGPError_UserAbort );
}
else
throw;
}
return;
}
void
CLDAPPGPKeyServer::Close( )
{
StPreserveSocketsEventHandler preserve(this);
(void) pgpEventKeyServer( mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_Closing);
if( PGPldapContextRefIsValid( mLDAP ) )
{
(void) PGPldapUnbind( mLDAP );
mSecured = false;
(void) PGPFreeLDAPContext( mLDAP );
mLDAP = kInvalidPGPldapContextRef;
}
CKeyServer::Close();
return;
}
void
CLDAPPGPKeyServer::Query(
PGPFilterRef inFilterRef,
PGPKeyDBRef * outFoundKeys )
{
StPreserveSocketsEventHandler preserve(this);
PGPError err = kPGPError_NoErr;
char * query = NULL;
const char * pgpKeyAttrs[] = { kPGPKeyAttr, NULL };
PGPldapMessageRef firstMessage = kInvalidPGPldapMessageRef;
PGPldapMessageRef currentMessage = kInvalidPGPldapMessageRef;
PGPberValue ** berValues = NULL;
PGPBoolean receivedBadKeys = false;
PGPBoolean partialResults = false;
PGPKeyDBRef singleKeyDB = kInvalidPGPKeyDBRef;
PGPKeyDBRef foundKeys = kInvalidPGPKeyDBRef;
PGPKeySetRef singleKeySet = kInvalidPGPKeySetRef;
char * szError = NULL;
PGPldapResult ldapResult = kPGPldapResult_Success;
PGPUInt32 i = 0;
SetErrorString( NULL );
if( !mIsOpen )
ThrowPGPError_( kPGPError_ServerNotOpen );
try
{
err = PGPLDAPQueryFromFilter( inFilterRef, &query );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = pgpEventKeyServer( mContext,
mEventHandler,
mEventHandlerData,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -