Implementing SECPKI_CA_CERTGEN TPs

/**

f_verify_rca_certificate/**

 *  @author   ETSI / STF544

 *  @version  $Url$

 *            $Id$

                                      in boolean p_check_reconstruction_value := false,

                                      in boolean p_check_no_signature := false,

                                      in boolean p_check_region_restriction := false,

                                      in boolean p_check_signature_content := false

                                      in boolean p_check_signature_content := false,

                                      in boolean p_check_app_permissions := false

                                      ) return boolean {

      var CertificateType v_type_ := explicit;

      var template Signature v_signature_ := ?;

          return false;

        }

      }

      // Check appPermissions

      if (p_check_app_permissions == true) {

        var integer v_idx, v_jdx;

        var charstring v_psid := ""; // 'psid' currently processed

        var charstring v_psidsFound := ";"; // Used to build the list of the 'psid' already processed

        var template charstring m_found_pattern; // Used in regex to verify that 'psid' was not found before

        var Certificate v_authorized_certificate;

        if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) {

          log("f_verify_rca_certificate: Fail to load p_authorized_certificate");

          return false;

        }

        log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate);

        if (match(v_authorized_certificate.toBeSigned.certIssuePermissions, { mw_psidGroupPermissions }) == false) {

          log("f_verify_rca_certificate: eeType mismatch");

          return false;

        }

        for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) {

          log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]);

          if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions) == false) {

            log("f_verify_rca_certificate: PsidSsp mismatch");

            return false;

          }

          // Check uniqueness of PSIDs

          v_psid := int2str(p_certificate.toBeSigned.appPermissions[v_idx].psid);

          m_found_pattern := pattern "*({v_psid})*";

          if (regexp(v_psidsFound, m_found_pattern, 0) == v_psid) {

            log("f_verify_rca_certificate: Psid uniqueness is not verified");

            return false; // v_psid exist at least 2 times, uniqueness is not verified

          }

          // v_psid non found, add it into the built list

          v_psidsFound := v_psidsFound & v_psid & ";";

          // Check that 'psid' is in the certIssuePermissions component in the issuing certificate

          if (match(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions, mw_subjectPermissions_explicit) == false) {

            for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) {

              if (int2str(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid) == v_psid) {

                break;

              }

            } // End of 'for'statement

            if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) {

              log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate");

              return false;

            }

          }

        } // End of 'for'statement

      }

      return true;

    }