Changeset 60328 in vbox for trunk

Timestamp:

Apr 5, 2016 10:44:40 AM (9 years ago)

Author:

vboxsync

Message:

bugref:8249. Improvement ICertificate interface.

Location:

trunk/src/VBox/Main

Files:

• idl/VirtualBox.xidl (modified) (4 diffs)
• include/CertificateImpl.h (modified) (6 diffs)
• src-server/ApplianceImplImport.cpp (modified) (4 diffs)
• src-server/CertificateImpl.cpp (modified) (30 diffs)

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -2980 +2980 @@
   </enum>
 
+  <enum
+    name="CertificateVersion"
+    uuid="394b00ce-4b60-45ff-abe1-f58221d4f73b"
+    >
+    <desc>
+        Possible version of certificate
+    </desc>
+    <const name="Unknown"    value="0"/>
+    <const name="One"    value="1"/>
+    <const name="Two"    value="2"/>
+    <const name="Three"    value="3"/>
+    <const name="Four"    value="4"/>
+  </enum>
+
   <!--
   // ICertificate
@@ -2993 +3007 @@
         X509 certificate details.
     </desc>
-    <attribute name="versionNumber" type="wstring" readonly="yes">
-      <desc>Certificate version.</desc>
+    <attribute name="versionNumber" type="CertificateVersion" readonly="yes">
+      <desc>Certificate version number.</desc>
     </attribute>
     <attribute name="serialNumber" type="wstring" readonly="yes">
@@ -3055 +3069 @@
       <desc>Set if the certificate is trusted.</desc>
     </attribute>
+    <attribute name="presence" type="boolean" readonly="yes">
+      <desc>Returns true in case of presence of certificate.</desc>
+    </attribute>
+    <attribute name="verified" type="boolean" readonly="yes">
+      <desc>Check whether certificate was verified or not during import.</desc>
+    </attribute>
 
     <method name="queryInfo">
@@ -3060 +3080 @@
       <param name="what" type="long" dir="in"/>
       <param name="result" type="wstring" dir="return" />
-    </method>
-
-    <method name="checkExistence">
-      <desc>
-        Check whether certificate exists or not in the OVF appliance.
-      </desc>
-
-      <param name="presence" type="boolean" dir="return">
-        <desc>Returns true in case of presence of certificate.</desc>
-      </param>
-    </method>
-
-    <method name="isVerified">
-      <desc>
-        Check whether certificate was verified or not during import.
-      </desc>
-
-      <param name="verified" type="boolean" dir="return">
-        <desc>Returns true if certificate was verified.</desc>
-      </param>
     </method>
 

trunk/src/VBox/Main/include/CertificateImpl.h

@@ -19 +19 @@
 #define ____H_CERTIFICATEIMPL
 
-//#define DONT_DUPLICATE_ALL_THE_DATA
-
 /* VBox includes */
 #include <VBox/settings.h>
@@ -28 +26 @@
 #include <vector>
 
-
 using namespace std;
 
-#ifndef DONT_DUPLICATE_ALL_THE_DATA
-/* VBox forward declarations */
 class Appliance;
-#endif
 
 class ATL_NO_VTABLE Certificate :
@@ -44 +38 @@
     DECLARE_EMPTY_CTOR_DTOR(Certificate)
 
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+    HRESULT init(Appliance* appliance);
     HRESULT initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted);
-#else
-    HRESULT init(Appliance* appliance);
-#endif
     void uninit();
 
@@ -54 +45 @@
     void FinalRelease();
 
-#ifndef DONT_DUPLICATE_ALL_THE_DATA
-    HRESULT setData(RTCRX509CERTIFICATE const *inCert);
-#endif
-
 private:
-#ifndef DONT_DUPLICATE_ALL_THE_DATA /* This is a generic information object, not something that is exclusive to Appliance! */
     const Appliance* m_appliance;
-#endif
-
-#ifndef DONT_DUPLICATE_ALL_THE_DATA /* This is a generic information object, not something that is exclusive to Appliance! */
-    HRESULT setVersionNumber(uint64_t inVersionNumber);
-    HRESULT setSerialNumber(uint64_t inSerialNumber);
-    HRESULT setPublicKeyAlgorithmOID(const char *aPublicKeyAlgorithmOID);
-    HRESULT setPublicKeyAlgorithmName(const char *aPublicKeyAlgorithmOID);
-    HRESULT setSignatureAlgorithmOID(const char *aSignatureAlgorithmOID);
-    HRESULT setSignatureAlgorithmName(const char *aSignatureAlgorithmOID);
-    HRESULT setIssuerName(com::Utf8Str &aIssuerName);
-    HRESULT setSubjectName(com::Utf8Str &aSubjectName);
-    HRESULT setValidityPeriodNotBefore(PCRTTIME aValidityPeriodNotBefore);
-    HRESULT setValidityPeriodNotAfter(PCRTTIME aValidityPeriodNotAfter);
-    HRESULT setCertificateAuthority(BOOL aCertificateAuthority);
-    HRESULT setSelfSigned(BOOL aSelfSigned);
-    HRESULT setTrusted(BOOL aTrusted);
-//  HRESULT setSubjectPublicKey(std::vector<BYTE> aSubjectPublicKey);
-//  HRESULT setIssuerUniqueIdentifier(std::vector<BYTE> aIssuerUniqueIdentifier);
-//  HRESULT setSubjectUniqueIdentifier(std::vector<BYTE> aSubjectUniqueIdentifier);
-//  HRESULT setKeyUsage(std::vector<ULONG> aKeyUsage);
-//  HRESULT setExtendedKeyUsage(std::vector<com::Utf8Str> aExtendedKeyUsage);
-//  HRESULT setRawCertData(std::vector<BYTE> aRawCertData);
-#endif
 
     // wrapped ICertificate properties
-    HRESULT getVersionNumber(com::Utf8Str &aVersionNumber);
+    HRESULT getVersionNumber(CertificateVersion_T *aVersionNumber);
     HRESULT getSerialNumber(com::Utf8Str &aSerialNumber);
     HRESULT getSignatureAlgorithmOID(com::Utf8Str &aSignatureAlgorithmOID);
@@ -105 +68 @@
     HRESULT getSelfSigned(BOOL *aSelfSigned);
     HRESULT getTrusted(BOOL *aTrusted);
-
+    HRESULT getVerified(BOOL *aVerified);
+    HRESULT getPresence(BOOL *aPresence);
     // wrapped ICertificate methods
     HRESULT queryInfo(LONG aWhat, com::Utf8Str &aResult);
-#ifndef DONT_DUPLICATE_ALL_THE_DATA
-    HRESULT checkExistence(BOOL *aPresence);
-    HRESULT isVerified(BOOL *aVerified);
-#endif
 
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
     /** @name Methods extracting COM data from the certificate object
      * @{  */
@@ -122 +81 @@
     HRESULT i_getEncodedBytes(PRTASN1CORE a_pAsn1Obj, std::vector<BYTE> &a_rReturn);
     /** @} */
-#endif
+
     //data
     struct Data;

trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp

@@ -1716 +1716 @@
      * digest that is encrypted with the certificate in the latter part.
      */
+    bool lTrusted = false;
+
     if (m->pbSignedDigest)
     {
@@ -1829 +1831 @@
                 if (   !m->SignerCert.TbsCertificate.T3.pBasicConstraints
                     || !m->SignerCert.TbsCertificate.T3.pBasicConstraints->CA.fValue)
+                {
                     i_addWarning(tr("Self signed certificate used to sign '%s' is not marked as certificate authority (CA)"),
                                  pTask->locInfo.strPath.c_str());
+                }
+                else
+                    lTrusted = true;
             }
             else
@@ -1914 +1920 @@
                             else
                                 hrc2 = setErrorVrc(vrc, "RTCrX509CertPathsSetValidTimeSpec failed: %Rrc", vrc);
+
+                            if(RT_SUCCESS(vrc))
+                                lTrusted = true;
                         }
                         else if (vrc == VERR_CR_X509_CPV_NO_TRUSTED_PATHS)
@@ -1952 +1961 @@
     if(m->fSignerCertLoaded)
     {
-        pCertificateInfo->setData(&m->SignerCert);
+        pCertificateInfo->initCertificate(&m->SignerCert, lTrusted);
     }
 

trunk/src/VBox/Main/src-server/CertificateImpl.cpp

@@ -33 +33 @@
 struct CertificateData
 {
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
     CertificateData()
         : fTrusted(false)
@@ -61 +60 @@
     CertificateData(const CertificateData &rTodo) { AssertFailed(); NOREF(rTodo); }
     CertificateData &operator=(const CertificateData &rTodo) { AssertFailed(); NOREF(rTodo); return *this; }
-
-#else
-    CertificateData() :
-        mVersionNumber(0),
-        mSerialNumber(0),
-        mSelfSigned(FALSE),
-        mTrusted(FALSE),
-        mCertificateAuthority(FALSE)
-    {}
-
-    uint64_t mVersionNumber;
-    uint64_t mSerialNumber;
-    Utf8Str mSignatureAlgorithmOID;
-    Utf8Str mSignatureAlgorithmName;
-    Utf8Str mPublicKeyAlgorithmOID;
-    Utf8Str mPublicKeyAlgorithmName;
-    PCRTTIME mValidityPeriodNotBefore;
-    PCRTTIME mValidityPeriodNotAfter;
-    BOOL mSelfSigned;
-    BOOL mTrusted;
-    BOOL mCertificateAuthority;
-
-    std::vector<Utf8Str> mIssuerName;
-    std::vector<Utf8Str> mSubjectName;
-    std::vector<BYTE> mSubjectPublicKey;
-    std::vector<BYTE> mIssuerUniqueIdentifier;
-    std::vector<BYTE> mSubjectUniqueIdentifier;
-    std::vector<ULONG> mKeyUsage;
-    std::vector<Utf8Str> mExtendedKeyUsage;
-    std::vector<BYTE> mRawCertData;
-#endif
 };
 
@@ -98 +66 @@
     Backupable<CertificateData> m;
 };
-
-#ifndef DONT_DUPLICATE_ALL_THE_DATA
-const char* const strUnknownAlgorithm = "Unknown Algorithm";
-const char* const strRsaEncription = "rsaEncryption";
-const char* const strMd2WithRSAEncryption = "md2WithRSAEncryption";
-const char* const strMd4WithRSAEncryption = "md4WithRSAEncryption";
-const char* const strMd5WithRSAEncryption = "md5WithRSAEncryption";
-const char* const strSha1WithRSAEncryption = "sha1WithRSAEncryption";
-const char* const strSha256WithRSAEncryption = "sha256WithRSAEncryption";
-const char* const strSha384WithRSAEncryption = "sha384WithRSAEncryption";
-const char* const strSha512WithRSAEncryption = "sha512WithRSAEncryption";
-const char* const strSha224WithRSAEncryption = "sha224WithRSAEncryption";
-#endif
 
 ///////////////////////////////////////////////////////////////////////////////////
@@ -131 +86 @@
 }
 
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+HRESULT Certificate::init(Appliance* appliance)
+{
+    HRESULT rc = S_OK;
+    LogFlowThisFuncEnter();
+
+    /* Enclose the state transition NotReady->InInit->Ready */
+    AutoInitSpan autoInitSpan(this);
+    AssertReturn(autoInitSpan.isOk(), E_FAIL);
+    if(appliance!=NULL)
+    {
+        LogFlowThisFunc(("m_appliance: %d \n", m_appliance));
+        m_appliance = appliance;
+    }
+    else
+        rc = E_FAIL;
+
+    /* Confirm a successful initialization when it's the case */
+    if (SUCCEEDED(rc))
+        autoInitSpan.setSucceeded();
+
+    LogFlowThisFunc(("rc=%Rhrc\n", rc));
+    LogFlowThisFuncLeave();
+
+    return rc;
+}
+
 /**
  * Initializes a certificate instance.
@@ -140 +120 @@
  */
 HRESULT Certificate::initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted)
-#else
-HRESULT Certificate::init(Appliance* appliance)
-#endif
 {
     HRESULT rc = S_OK;
     LogFlowThisFuncEnter();
 
-    /* Enclose the state transition NotReady->InInit->Ready */
-    AutoInitSpan autoInitSpan(this);
-    AssertReturn(autoInitSpan.isOk(), E_FAIL);
-
-#ifndef DONT_DUPLICATE_ALL_THE_DATA
-    if(appliance!=NULL)
-    {
-        LogFlowThisFunc(("m_appliance: %d \n", m_appliance));
-        m_appliance = appliance;
-    }
-    else
-        rc = E_FAIL;
-#endif
-
     mData = new Data();
     mData->m.allocate();
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     int vrc = RTCrX509Certificate_Clone(&mData->m->X509, a_pCert, &g_RTAsn1DefaultAllocator);
     if (RT_SUCCESS(vrc))
@@ -172 +135 @@
     else
         rc = Global::vboxStatusCodeToCOM(vrc);
-#else
-    mData->m->mSignatureAlgorithmOID.setNull();
-    mData->m->mSignatureAlgorithmName.setNull();
-    mData->m->mPublicKeyAlgorithmOID.setNull();
-    mData->m->mPublicKeyAlgorithmName.setNull();
-    mData->m->mIssuerName.resize(0);
-    mData->m->mSubjectName.resize(0);
-
-    mData->m->mSubjectPublicKey.resize(0);
-    mData->m->mIssuerUniqueIdentifier.resize(0);
-    mData->m->mSubjectUniqueIdentifier.resize(0);
-    mData->m->mKeyUsage.resize(0);
-    mData->m->mExtendedKeyUsage.resize(0);
-    mData->m->mRawCertData.resize(0);
-#endif
-
-    /* Confirm a successful initialization when it's the case */
-    if (SUCCEEDED(rc))
-        autoInitSpan.setSucceeded();
 
     LogFlowThisFunc(("rc=%Rhrc\n", rc));
@@ -210 +154 @@
 }
 
-#ifndef DONT_DUPLICATE_ALL_THE_DATA /* We'll query the data from the RTCrX509* API. */
-
-/**
- * Public method implementation.
- * @param aSignatureAlgorithmOID
- * @return
- */
-HRESULT Certificate::setData(PCRTCRX509CERTIFICATE inCert)
-{
-
-    /*set mData.m->mVersionNumber */
-    setVersionNumber(inCert->TbsCertificate.T0.Version.uValue.u);
-
-    /*set mData.m->mSerialNumber */
-    setSerialNumber(inCert->TbsCertificate.SerialNumber.uValue.u);
-
-    /*set mData.m->mValidityPeriodNotBefore */
-    setValidityPeriodNotBefore(&inCert->TbsCertificate.Validity.NotBefore.Time);
-
-    /*set mData.m->mValidityPeriodNotAfter */
-    setValidityPeriodNotAfter(&inCert->TbsCertificate.Validity.NotAfter.Time);
-
-    /*set mData.m->mPublicKeyAlgorithmOID and mData.m->mPublicKeyAlgorithmName*/
-    setPublicKeyAlgorithmOID(inCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId);
-
-    /*set mData.m->mSignatureAlgorithmOID and mData.m->mSignatureAlgorithmName*/
-    setSignatureAlgorithmOID(inCert->TbsCertificate.Signature.Algorithm.szObjId);
-
-    if (   inCert->TbsCertificate.T3.pBasicConstraints
-        && inCert->TbsCertificate.T3.pBasicConstraints->CA.fValue)
-    {
-        /*set mData.m->mCertificateAuthority TRUE*/
-        setCertificateAuthority(true);
-    }
-
-    if (RTCrX509Certificate_IsSelfSigned(inCert))
-    {
-        /*set mData.m->mSelfSigned TRUE*/
-        setSelfSigned(true);
-    }
-
-    char szCharArray[512];
-    szCharArray[sizeof(szCharArray) - 1] = '\0';
-
-    /* 
-    * get inCert->TbsCertificate.Subject as string 
-    * and set mData.m->mSignatureAlgorithmName 
-    */ 
-    RTCrX509Name_FormatAsString(&inCert->TbsCertificate.Subject, szCharArray, sizeof(szCharArray) - 1, NULL);
-    com::Utf8Str aSubjectName = szCharArray;
-    setSubjectName(aSubjectName);
-    /* 
-    * get inCert->TbsCertificate.Issuer as string 
-    * and set mData.m->mSignatureAlgorithmName 
-    */ 
-    RTCrX509Name_FormatAsString(&inCert->TbsCertificate.Issuer, szCharArray, sizeof(szCharArray) - 1, NULL);
-    com::Utf8Str aIssuerName = szCharArray;
-    setIssuerName(aIssuerName);
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aSignatureAlgorithmOID
- * @return
- */
-HRESULT Certificate::setSignatureAlgorithmName(const char *aSignatureAlgorithmOID)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    HRESULT rc = S_OK;
-    const char *actualName = strUnknownAlgorithm;
-
-    if (aSignatureAlgorithmOID == NULL)
-        rc = E_FAIL;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_MD2_WITH_RSA))
-        actualName = strMd2WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_MD4_WITH_RSA))
-        actualName = strMd4WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_MD5_WITH_RSA))
-        actualName = strMd5WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_SHA1_WITH_RSA))
-        actualName = strSha1WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_SHA224_WITH_RSA))
-        actualName = strSha224WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_SHA256_WITH_RSA))
-        actualName = strSha256WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_SHA384_WITH_RSA))
-        actualName = strSha384WithRSAEncryption;
-    else if(!strcmp(aSignatureAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_SHA512_WITH_RSA))
-        actualName = strSha512WithRSAEncryption;
-    else
-    {
-        rc = E_FAIL;
-    }
-
-    mData->m->mSignatureAlgorithmName = actualName;
-
-    if(FAILED(rc))
-        Log1Warning(("Can't find an appropriate signature algorithm name for given OID %s", aSignatureAlgorithmOID));
-
-    return rc;
-
-}
-
-/**
- * Public method implementation.
- * @param aSignatureAlgorithmOID
- * @return
- */
-HRESULT Certificate::setSignatureAlgorithmOID(const char *aSignatureAlgorithmOID)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mSignatureAlgorithmOID = aSignatureAlgorithmOID;
-
-    setSignatureAlgorithmName(mData->m->mSignatureAlgorithmOID.c_str());
-
-    return S_OK;
-}
-
-/**
- * Private method implementation.
- * @param aPublicKeyAlgorithm
- * @return
- */
-HRESULT Certificate::setPublicKeyAlgorithmName(const char *aPublicKeyAlgorithmOID)
-{
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    HRESULT rc = S_OK;
-    const char *foundName = strUnknownAlgorithm;
-
-    if (!strcmp(aPublicKeyAlgorithmOID, RTCRX509ALGORITHMIDENTIFIERID_RSA))
-        foundName = strRsaEncription;
-    else
-    {
-        rc = E_FAIL;
-    }
-
-    mData->m->mPublicKeyAlgorithmName = foundName;
-
-    if(FAILED(rc))
-        Log1Warning(("Can't find an appropriate public key name for given OID %s", aPublicKeyAlgorithmOID));
-
-    return rc;
-}
-
-
-/**
- * Private method implementation.
- * @param aPublicKeyAlgorithmOID
- * @return
- */
-HRESULT Certificate::setPublicKeyAlgorithmOID(const char *aPublicKeyAlgorithmOID)
-{
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mPublicKeyAlgorithmOID = aPublicKeyAlgorithmOID;
-
-    setPublicKeyAlgorithmName(mData->m->mPublicKeyAlgorithmOID.c_str());
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param inVersionNumber
- * @return
- */
-HRESULT Certificate::setVersionNumber(uint64_t inVersionNumber)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mVersionNumber = inVersionNumber;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param inVersionNumber
- * @return
- */
-HRESULT Certificate::setSerialNumber(uint64_t inSerialNumber)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mSerialNumber = inSerialNumber;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aCertificateAuthority
- * @return
- */
-HRESULT Certificate::setCertificateAuthority(BOOL aCertificateAuthority)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mCertificateAuthority = aCertificateAuthority;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aIssuerName
- * @return
- */
-HRESULT Certificate::setIssuerName(com::Utf8Str &aIssuerName)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    RTCList<RTCString> l_IssueNameAsList = aIssuerName.split(",");
-    uint32_t l_sz = l_IssueNameAsList.size();
-    if(l_sz!=0)
-        mData->m->mIssuerName.clear();
-    for(uint32_t i = 0; i<l_sz; ++i)
-        mData->m->mIssuerName.push_back(l_IssueNameAsList[i]);
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aSubjectName
- * @return
- */
-HRESULT Certificate::setSubjectName(com::Utf8Str &aSubjectName)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    RTCList<RTCString> l_SubjectNameAsList = aSubjectName.split(",");
-    uint32_t l_sz = l_SubjectNameAsList.size();
-    if(l_sz!=0)
-        mData->m->mSubjectName.clear();
-    for(uint32_t i = 0; i<l_sz; ++i)
-        mData->m->mSubjectName.push_back(l_SubjectNameAsList[i]);
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aSelfSigned
- * @return
- */
-HRESULT Certificate::setSelfSigned(BOOL aSelfSigned)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mSelfSigned = aSelfSigned;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aTrusted
- * @return
- */
-HRESULT Certificate::setTrusted(BOOL aTrusted)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mTrusted = aTrusted;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aValidityPeriodNotBefore
- * @return
- */
-HRESULT Certificate::setValidityPeriodNotBefore(PCRTTIME aValidityPeriodNotBefore)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mValidityPeriodNotBefore = aValidityPeriodNotBefore;
-
-    return S_OK;
-}
-
-/**
- * Public method implementation.
- * @param aValidityPeriodNotAfter
- * @return
- */
-HRESULT Certificate::setValidityPeriodNotAfter(PCRTTIME aValidityPeriodNotAfter)
-{
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mData->m->mValidityPeriodNotAfter = aValidityPeriodNotAfter;
-
-    return S_OK;
-}
-
-#endif /* !DONT_DUPLICATE_ALL_THE_DATA */
-
 /**
  * Private method implementation.
@@ -519 +159 @@
  * @return
  */
-HRESULT Certificate::getVersionNumber(com::Utf8Str &aVersionNumber)
-{
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+HRESULT Certificate::getVersionNumber(CertificateVersion_T *aVersionNumber)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+
     Assert(mData->m->fValidX509);
     /** @todo make this ULONG, or better, an ENUM. */
-    aVersionNumber = Utf8StrFmt("%RU64", mData->m->X509.TbsCertificate.T0.Version.uValue.u + 1); /* version 1 has value 0, so +1. */
-#else
-    Utf8StrFmt strVer("%Lu", mData->m->mVersionNumber);
-    aVersionNumber = strVer;
-#endif
+    //aVersionNumber = Utf8StrFmt("%RU64", mData->m->X509.TbsCertificate.T0.Version.uValue.u + 1);                                */
+    /* version 1 has value 0, so +1.*/
+
+    *aVersionNumber = mData->m->X509.TbsCertificate.T0.Version.uValue.u + 1;
+
     return S_OK;
 }
@@ -541 +181 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
 
@@ -550 +190 @@
     else
         return Global::vboxStatusCodeToCOM(vrc);
-#else
-    Utf8StrFmt strVer("%llx", mData->m->mSerialNumber);
-    aSerialNumber = strVer;
-#endif
+
     return S_OK;
 }
@@ -565 +202 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     aSignatureAlgorithmOID = mData->m->X509.TbsCertificate.Signature.Algorithm.szObjId;
-#else
-    aSignatureAlgorithmOID = mData->m->mSignatureAlgorithmOID;
-#endif
+
     return S_OK;
 }
@@ -582 +217 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getAlgorithmName(&mData->m->X509.TbsCertificate.Signature, aSignatureAlgorithmName);
-#else
-    aSignatureAlgorithmName = mData->m->mSignatureAlgorithmName;
-
-    return S_OK;
-#endif
 }
 
@@ -600 +230 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getX509Name(&mData->m->X509.TbsCertificate.Issuer, aIssuerName);
-#else
-    aIssuerName = mData->m->mIssuerName;
-
-    return S_OK;
-#endif
 }
 
@@ -618 +243 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getX509Name(&mData->m->X509.TbsCertificate.Subject, aSubjectName);
-#else
-
-    aSubjectName = mData->m->mSubjectName;
-
-    return S_OK;
-#endif
 }
 
@@ -637 +256 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getTime(&mData->m->X509.TbsCertificate.Validity.NotBefore, aValidityPeriodNotBefore);
-#else
-    HRESULT rc = S_OK;
-
-    size_t arrSize = 40;
-    char* charArr = new char[arrSize];
-    char* strTimeFormat = RTTimeToString(mData->m->mValidityPeriodNotBefore, charArr, arrSize);
-
-    if (strTimeFormat == NULL)
-    {
-        rc=E_FAIL;
-    }
-
-    aValidityPeriodNotBefore = charArr;
-    delete[] charArr;
-
-    return rc;
-#endif
 }
 
@@ -667 +269 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getTime(&mData->m->X509.TbsCertificate.Validity.NotAfter, aValidityPeriodNotAfter);
-#else
-
-    HRESULT rc = S_OK;
-    size_t arrSize = 40;
-    char* charArr = new char[arrSize];
-    char* strTimeFormat = RTTimeToString(mData->m->mValidityPeriodNotAfter, charArr, arrSize);
-
-    if (strTimeFormat == NULL)
-    {
-        rc = E_FAIL;
-    }
-
-    aValidityPeriodNotAfter = charArr;
-    delete[] charArr;
-    return rc;
-#endif
 }
 
@@ -691 +277 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     aPublicKeyAlgorithmOID = mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId;
     return S_OK;
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -708 +291 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     return i_getAlgorithmName(&mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm, aPublicKeyAlgorithm);
-#else
-    aPublicKeyAlgorithm = mData->m->mPublicKeyAlgorithmName;
-
-    return S_OK;
-#endif
 }
 
@@ -725 +303 @@
 HRESULT Certificate::getSubjectPublicKey(std::vector<BYTE> &aSubjectPublicKey)
 {
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); /* Getting encoded ASN.1 bytes may make changes to X509. */
     return i_getEncodedBytes(&mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey.Asn1Core, aSubjectPublicKey);
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -741 +316 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     return i_getUniqueIdentifier(&mData->m->X509.TbsCertificate.T1.IssuerUniqueId, aIssuerUniqueIdentifier);
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -756 +328 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     return i_getUniqueIdentifier(&mData->m->X509.TbsCertificate.T2.SubjectUniqueId, aSubjectUniqueIdentifier);
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -771 +340 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     *aCertificateAuthority = mData->m->X509.TbsCertificate.T3.pBasicConstraints
                           && mData->m->X509.TbsCertificate.T3.pBasicConstraints->CA.fValue;
-#else
-    *aCertificateAuthority = mData->m->mCertificateAuthority;
-#endif
+
     return S_OK;
 }
@@ -788 +355 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     *aKeyUsage = mData->m->X509.TbsCertificate.T3.fKeyUsage;
     return S_OK;
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -815 +379 @@
 HRESULT Certificate::getRawCertData(std::vector<BYTE> &aRawCertData)
 {
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); /* Getting encoded ASN.1 bytes may make changes to X509. */
     return i_getEncodedBytes(&mData->m->X509.SeqCore.Asn1Core, aRawCertData);
-#else
-    return E_NOTIMPL;
-#endif
 }
 
@@ -831 +391 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     Assert(mData->m->fValidX509);
     *aSelfSigned = RTCrX509Certificate_IsSelfSigned(&mData->m->X509);
-#else
-    *aSelfSigned = mData->m->mSelfSigned;
-#endif
+
     return S_OK;
 }
@@ -848 +406 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-#ifdef DONT_DUPLICATE_ALL_THE_DATA
+
     *aTrusted = mData->m->fTrusted;
-#else
-    *aTrusted = mData->m->mTrusted;
-#endif
+
     return S_OK;
 }
@@ -870 +426 @@
 }
 
-#ifndef DONT_DUPLICATE_ALL_THE_DATA  /* These are out of place. */
-
-/**
- * Private method implementation. 
+/**
+ * Private method implementation.
  * @param aPresence
  * @return aPresence
  */
-HRESULT Certificate::checkExistence(BOOL *aPresence)
+HRESULT Certificate::getPresence(BOOL *aPresence)
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
@@ -887 +441 @@
 
 /**
- * Private method implementation. 
- * @param aVerified 
+ * Private method implementation.
+ * @param aVerified
  * @return aVerified
  */
-HRESULT Certificate::isVerified(BOOL *aVerified)
+HRESULT Certificate::getVerified(BOOL *aVerified)
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
@@ -901 +455 @@
     return S_OK;
 }
-
-#else  /* DONT_DUPLICATE_ALL_THE_DATA */
 
 HRESULT Certificate::i_getAlgorithmName(PCRTCRX509ALGORITHMIDENTIFIER a_pAlgId, com::Utf8Str &a_rReturn)
@@ -1009 +561 @@
 }
 
-#endif /* DONT_DUPLICATE_ALL_THE_DATA */
-
+