Changeset 60334 in vbox for trunk

Timestamp:

Apr 5, 2016 1:55:31 PM (9 years ago)

Author:

vboxsync

Message:

CertificateImpl,ApplianceImpl: Drop the unwanted presence attribute and replaced by returning NULL object in IAppliance::getCertificate. Move the certificate object to the data structure. Dropped the clearly unwanted init() method that (a) kept wanting to relate to IAppliance which I though I made clear several times it should not, (b) create an Certificate object in a unready state where most attributes would assert in debug builds and possibly crash. Renamed the CertificateVersion bits and redid the query method to no assume stuff.

Location:

trunk/src/VBox/Main

Files:

• idl/VirtualBox.xidl (modified) (5 diffs)
• include/ApplianceImpl.h (modified) (1 diff)
• include/ApplianceImplPrivate.h (modified) (3 diffs)
• include/CertificateImpl.h (modified) (4 diffs)
• src-server/ApplianceImpl.cpp (modified) (2 diffs)
• src-server/ApplianceImplImport.cpp (modified) (1 diff)
• src-server/CertificateImpl.cpp (modified) (6 diffs)

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -2982 +2982 @@
   <enum
     name="CertificateVersion"
-    uuid="394b00ce-4b60-45ff-abe1-f58221d4f73b"
-    >
-    <desc>
-        Possible version of certificate
-    </desc>
-    <const name="Unknown"    value="0"/>
-    <const name="One"    value="1"/>
-    <const name="Two"    value="2"/>
-    <const name="Three"    value="3"/>
-    <const name="Four"    value="4"/>
+    uuid="9e232a99-51d0-4dbd-96a0-ffac4bc3e2a8"
+    >
+    <desc>
+        X.509 certificate version numbers.
+    </desc>
+    <const name="V1"       value="1"/>
+    <const name="V2"       value="2"/>
+    <const name="V3"       value="3"/>
+    <const name="Unknown"  value="99"/>
   </enum>
 
@@ -3000 +2999 @@
   <interface
     name="ICertificate" extends="$unknown"
-    uuid="336064ce-c853-4bd0-ad6c-b42d8ed99e5e"
+    uuid="c85f71ef-dd7f-4b9c-aa58-5c186a95d7f9"
     wsmap="managed"
-    reservedAttributes="4" reservedMethods="2"
-    >
-    <desc>
-        X509 certificate details.
+    reservedAttributes="12" reservedMethods="2"
+    >
+    <desc>
+        X.509 certificate details.
     </desc>
     <attribute name="versionNumber" type="CertificateVersion" readonly="yes">
@@ -3029 +3028 @@
     </attribute>
     <attribute name="validityPeriodNotBefore" type="wstring" readonly="yes">
-      <desc>Time stamp in milliseconds since 1970-01-01 UTC.</desc>
+      <desc>Certificate not valid before ISO time stamp.</desc>
     </attribute>
     <attribute name="validityPeriodNotAfter" type="wstring" readonly="yes">
-      <desc>Time stamp in milliseconds since 1970-01-01 UTC.</desc>
+      <desc>Certificate not valid after ISO time stamp.</desc>
     </attribute>
     <attribute name="publicKeyAlgorithmOID" type="wstring" readonly="yes">
@@ -3068 +3067 @@
     <attribute name="trusted" type="boolean" readonly="yes">
       <desc>Set if the certificate is trusted.</desc>
-    </attribute>
-    <attribute name="presence" type="boolean" readonly="yes">
-      <desc>Returns true in case of presence of certificate.</desc>
-    </attribute>
-    <attribute name="verified" type="boolean" readonly="yes">
-      <desc>Check whether certificate was verified or not during import.</desc>
     </attribute>
 
@@ -3235 +3228 @@
 
     <attribute name="certificate" type="ICertificate" readonly="yes">
-      <desc> X509 certificate information given to user if certificate exists in the OVF package
+      <desc>
+        The X.509 signing certificate, if the imported OVF was signed, @c null
+        if not signed.  This is available after calling <link to="#read"/>.
       </desc>
     </attribute>

trunk/src/VBox/Main/include/ApplianceImpl.h

@@ -115 +115 @@
     VirtualBox* const mVirtualBox;
 
-    ComObjPtr<Certificate> mptrCertificateInfo;
     struct ImportStack;
     class TaskOVF;

trunk/src/VBox/Main/include/ApplianceImplPrivate.h

@@ -137 +137 @@
         fDeterminedDigestTypes   = false;
         fDigestTypes             = RTMANIFEST_ATTR_SHA1 | RTMANIFEST_ATTR_SHA256 | RTMANIFEST_ATTR_SHA512;
+        ptrCertificateInfo.setNull();
         strCertError.setNull();
     }
@@ -168 +169 @@
     RTVFSFILE           hMemFileTheirManifest;
 
-    /** The signer certificate from the signature fiel (.cert).
+    /** The signer certificate from the signature file (.cert).
      * This will be used in the future provide information about the signer via
      * the API. */
@@ -192 +193 @@
     /** The digest type used to sign the manifest. */
     RTDIGESTTYPE        enmSignedDigestType;
+    /** The certificate info object.  This is NULL if no signature and
+     *  successfully loaded certificate. */
+    ComObjPtr<Certificate> ptrCertificateInfo;
     /** @} */
 

trunk/src/VBox/Main/include/CertificateImpl.h

@@ -28 +28 @@
 using namespace std;
 
-class Appliance;
-
 class ATL_NO_VTABLE Certificate :
     public CertificateWrap
@@ -38 +36 @@
     DECLARE_EMPTY_CTOR_DTOR(Certificate)
 
-    HRESULT init(Appliance* appliance);
     HRESULT initCertificate(PCRTCRX509CERTIFICATE a_pCert, bool a_fTrusted);
     void uninit();
@@ -46 +43 @@
 
 private:
-    const Appliance* m_appliance;
-
     // wrapped ICertificate properties
     HRESULT getVersionNumber(CertificateVersion_T *aVersionNumber);
@@ -68 +63 @@
     HRESULT getSelfSigned(BOOL *aSelfSigned);
     HRESULT getTrusted(BOOL *aTrusted);
-    HRESULT getVerified(BOOL *aVerified);
-    HRESULT getPresence(BOOL *aPresence);
     // wrapped ICertificate methods
     HRESULT queryInfo(LONG aWhat, com::Utf8Str &aResult);

trunk/src/VBox/Main/src-server/ApplianceImpl.cpp

@@ -410 +410 @@
     AssertReturn(m->m_pSecretKeyStore, E_FAIL);
 
-    mptrCertificateInfo.createObject();
-    mptrCertificateInfo->init(this);
-
     i_initApplianceIONameMap();
 
@@ -527 +524 @@
         return E_ACCESSDENIED;
 
-/** @todo r=bird: What about when there is no signature and certificate? */
-    mptrCertificateInfo.queryInterfaceTo(aCertificateInfo.asOutParam());
+    /* Can be NULL at this point, queryInterfaceto handles that. */
+    m->ptrCertificateInfo.queryInterfaceTo(aCertificateInfo.asOutParam());
     return S_OK;
 }

trunk/src/VBox/Main/src-server/ApplianceImplImport.cpp

@@ -1951 +1951 @@
     /** @todo provide details about the signatory, signature, etc.  */
     if (m->fSignerCertLoaded)
-        mptrCertificateInfo->initCertificate(&m->SignerCert, m->fCertificateValid && !m->fCertificateMissingPath);
+    {
+        m->ptrCertificateInfo.createObject();
+        m->ptrCertificateInfo->initCertificate(&m->SignerCert, m->fCertificateValid && !m->fCertificateMissingPath);
+    }
 
     /*

trunk/src/VBox/Main/src-server/CertificateImpl.cpp

@@ -22 +22 @@
 
 #include "ProgressImpl.h"
-#include "ApplianceImpl.h"
-#include "ApplianceImplPrivate.h"
 #include "CertificateImpl.h"
 #include "AutoCaller.h"
@@ -86 +84 @@
 }
 
-HRESULT Certificate::init(Appliance* appliance)
-{
-    HRESULT rc = S_OK;
-    LogFlowThisFuncEnter();
-
-    /* Enclose the state transition NotReady->InInit->Ready */
-    AutoInitSpan autoInitSpan(this);
-    AssertReturn(autoInitSpan.isOk(), E_FAIL);
-    if(appliance!=NULL)
-    {
-        LogFlowThisFunc(("m_appliance: %d \n", m_appliance));
-        m_appliance = appliance;
-    }
-    else
-        rc = E_FAIL;
-
-    /* Confirm a successful initialization when it's the case */
-    if (SUCCEEDED(rc))
-        autoInitSpan.setSucceeded();
-
-    LogFlowThisFunc(("rc=%Rhrc\n", rc));
-    LogFlowThisFuncLeave();
-
-    return rc;
-}
-
 /**
  * Initializes a certificate instance.
@@ -124 +96 @@
     LogFlowThisFuncEnter();
 
+    AutoInitSpan autoInitSpan(this);
+    AssertReturn(autoInitSpan.isOk(), E_FAIL);
+
     mData = new Data();
     mData->m.allocate();
@@ -132 +107 @@
         mData->m->fValidX509 = true;
         mData->m->fTrusted  = a_fTrusted;
+        autoInitSpan.setSucceeded();
     }
     else
         rc = Global::vboxStatusCodeToCOM(vrc);
 
-    LogFlowThisFunc(("rc=%Rhrc\n", rc));
-    LogFlowThisFuncLeave();
-
+    LogFlowThisFunc(("returns rc=%Rhrc\n", rc));
     return rc;
 }
@@ -164 +138 @@
 
     Assert(mData->m->fValidX509);
-    /* version 1 has value 0, so +1.*/
-    *aVersionNumber = (CertificateVersion_T)(mData->m->X509.TbsCertificate.T0.Version.uValue.u + 1);
-
+    switch (mData->m->X509.TbsCertificate.T0.Version.uValue.u)
+    {
+        case RTCRX509TBSCERTIFICATE_V1: *aVersionNumber = (CertificateVersion_T)CertificateVersion_V1; break;
+        case RTCRX509TBSCERTIFICATE_V2: *aVersionNumber = (CertificateVersion_T)CertificateVersion_V2; break;
+        case RTCRX509TBSCERTIFICATE_V3: *aVersionNumber = (CertificateVersion_T)CertificateVersion_V3; break;
+        default: AssertFailed();        *aVersionNumber = (CertificateVersion_T)CertificateVersion_Unknown; break;
+    }
     return S_OK;
 }
@@ -421 +399 @@
     NOREF(aResult);
     return setError(E_FAIL, "Unknown item %u", aWhat);
-}
-
-/**
- * Private method implementation.
- * @param aPresence
- * @return aPresence
- */
-HRESULT Certificate::getPresence(BOOL *aPresence)
-{
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    *aPresence = m_appliance->m->fSignerCertLoaded;
-
-    return S_OK;
-}
-
-/**
- * Private method implementation.
- * @param aVerified
- * @return aVerified
- */
-HRESULT Certificate::getVerified(BOOL *aVerified)
-{
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    *aVerified = (m_appliance->m->pbSignedDigest &&
-                  m_appliance->m->fCertificateValid && 
-                  m_appliance->m->fCertificateValidTime) ? true:false;
-
-    return S_OK;
 }