ServerState.cc

/*
 * Copyright 2003 Michael A. Marsh, Cornell University. All rights reserved.
 * This software is released under the modified BSD license.
 * See the file LICENSE in the top-level directory for details.
 */
//
// $Id: ServerState.cc,v 1.4 2004/05/19 15:56:59 mmarsh Exp $
//
// $Log: ServerState.cc,v $
// Revision 1.4  2004/05/19 15:56:59  mmarsh
// *** empty log message ***
//
// Revision 1.3  2003/11/04 22:19:55  mmarsh
// The ElGamal public key is handled here, not in CODEX_Client.  All
// black magic relating to switching between cryptosystems used for
// key service decryption has been moved to CODEX_KeyService, where
// it belongs.  This package is no longer dependent on CODEX_Client.
//
//

#include <fstream>
#include <sstream>
#include <openssl/conf.h>

#include "ServerState.h"
#include "CODEX_ASN1/Integer.h"
#include "CODEX_Exceptions/FileExceptions.h"
#include "ServerExceptions.h"
#include "ConfigurationExceptions.h"
#include "ShareLabelChallenge.h"

using namespace CODEX_Server;

ServerState* ServerState::m_instance = 0;


//=============================================================
// Constructors and destructors
//=============================================================

ServerState*
ServerState::instance()
{
   if ( 0 == m_instance )
   {
      m_instance = new ServerState;
   }
   return m_instance;
}

void
ServerState::destroy()
{
   if ( 0 != m_instance )
   {
      delete m_instance;
   }
   m_instance = 0;
}

ServerState::ServerState() :
   m_quorumSystem( 0 ),
   m_serverOutSocketBuilder( 0 ),
   m_serverInSocketBuilder( 0 ),
   m_rsa( 0 ),
   m_thresholdRSA( CODEX_ASN1::BigNumber() ),
   m_thresholdVarRSA( CODEX_ASN1::BigNumber() ),
   m_defaultRSAShareCB( 0 ),
   m_rsaShareCallback( 0 ),
   m_rsaDefaultLabel( 0 ),
   m_thresholdEG( CODEX_ASN1::BigNumber() ),
   m_defaultEGShareCB( 0 ),
   m_egShareCallback( 0 ),
   m_egDefaultLabel( 0 ),
   m_caKey( 0 )
{
   for ( unsigned int i = 0 ; i < nMID ; ++i )
   {
      m_seqNum[i] = 0U;
   }
}

ServerState::~ServerState()
{
   if ( 0 != m_caKey ) EVP_PKEY_free( m_caKey );
   if ( 0 != m_rsa ) RSA_free( m_rsa );
   if ( 0 != m_serverOutSocketBuilder ) delete m_serverOutSocketBuilder;
   if ( 0 != m_serverInSocketBuilder ) delete m_serverInSocketBuilder;
   if ( 0 != m_quorumSystem ) delete m_quorumSystem;
   if ( 0 != m_defaultRSAShareCB ) delete m_defaultRSAShareCB;
   if ( 0 != m_defaultEGShareCB ) delete m_defaultEGShareCB;
//   while ( ! m_serverList.empty() )
//   {
//      delete m_serverList.back();
//      m_serverList.pop_back();
//   }
   while ( ! m_deadServerList.empty() )
   {
      delete m_serverList.back();
      m_serverList.pop_back();
   }
}


//=============================================================
// Configuration
//=============================================================

void
ServerState::configure( const CONF* conf,
                        const char* sec,
                        const string& fname )
{
   // The number of servers is fixed at compile time, so this is just
   // a consistency check.  Later versions may have run-time-configured
   // systems, in which case nhosts will be a more meaningful field.
   long dummy;
   if ( ! NCONF_get_number_e(conf,sec,"nhosts",&dummy) )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "nhosts" );
   }
   unsigned long uDummy = dummy;
   if ( nServers > uDummy )
   {
      throw BCBadValueException( __FILE__ , __LINE__ , fname, "nhosts" );
   }

   if ( ! NCONF_get_number_e(conf,sec,"hostnum",&m_hostNum) )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "hostnum" );
   }
   if ( (m_hostNum < 0) || (m_hostNum >= nServers) )
   {
      throw BCBadValueException( __FILE__ , __LINE__ , fname, "hostnum" );
   }

   const char* ciphers = NCONF_get_string(conf,sec,"ciphers");
   if ( 0 == ciphers )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "ciphers" );
   }

   // Default server-to-server port.
   long serverPort;
   if ( ! NCONF_get_number_e(conf,sec,"server_port",&serverPort) )
   {
      serverPort = 0;
   }

   const char* file = 0;

   // CA's certificate
   const char* caCertFile = NCONF_get_string(conf,sec,"ca_cert_file");
   if ( 0 == caCertFile )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "ca_cert_file" );
   }
   readCACert( caCertFile );

   // Service certificate
   file = NCONF_get_string(conf,sec,"service_cert_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "service_cert_file" );
   }
   readServiceCert( file );

   // Service ElGamal public key
   file = NCONF_get_string(conf,sec,"service_eg_public_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "service_eg_public_file" );
   }
   readPublicEGKey( file );
   // Verify the signature
   bool okKey = m_signedEGKey.verify( serviceKey(), m_hashFunc );
//   BIGNUM * digest = m_signedEGKey.key().digest( m_hashFunc );
//   bool okKey = serviceKey().verifySignature( m_signedEGKey.signature(),
//                                              digest );
//   BN_free( digest );
   if ( ! okKey )
   {
      throw PublicKeyNotFoundException( __FILE__ , __LINE__ );
   }

   // Server private key
   file = NCONF_get_string(conf,sec,"server_private_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "server_private_file" );
   }
   readPrivateKey( file, NCONF_get_string(conf,sec,"private_key_passwd") );

   // Shares of the service RSA private key
   file = NCONF_get_string(conf,sec,"rsa_shares_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "rsa_shares_file" );
   }
   readRSAShares( file );
   m_thresholdRSA = ThresholdRSAType( m_serviceKey.n() );
   m_thresholdVarRSA = ThresholdVarRSAType( m_serviceKey.n() );
   m_defaultRSAShareCB =
      new DefaultShareCallback< ShareType , OneWay >( &m_rsaShares );
   m_rsaShareCallback = m_defaultRSAShareCB;
   m_rsaInitialLabel = m_rsaShares.label();
   m_rsaDefaultLabel = &m_rsaInitialLabel;

   // Witness for the RSA private key
   file = NCONF_get_string(conf,sec,"rsa_witness_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "rsa_witness_file" );
   }
   if ( 0 == m_rsaWitness.fromFile( file ) )
   {
      throw CODEX_Exceptions::FileCannotOpenException( __FILE__ , __LINE__ ,
                                                       file );
   }

   // Shares of the service ElGamal private key
   file = NCONF_get_string(conf,sec,"elgamal_shares_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "elgamal_shares_file" );
   }
   readElGamalShares( file );
   m_thresholdEG = ThresholdElGamalType( m_signedEGKey.key().key().p() );
   m_defaultEGShareCB =
      new DefaultShareCallback< ShareType , OneWay >( &m_elgamalShares );
   m_egShareCallback = m_defaultEGShareCB;
   m_egInitialLabel = m_elgamalShares.label();
   m_egDefaultLabel = &m_egInitialLabel;

   // Witness for the ElGamal private key
   file = NCONF_get_string(conf,sec,"elgamal_witness_file");
   if ( 0 == file )
   {
      throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                            fname, "elgamal_witness_file" );
   }
   if ( 0 == m_egWitness.fromFile( file ) )
   {
      throw CODEX_Exceptions::FileCannotOpenException( __FILE__ , __LINE__ ,
                                                       file );
   }

   const char* hostCertFile = 0;

   // Public information regarding each server in the quorum system
   for ( int i=0 ; i < nServers ; ++i )
   {
      ostringstream nstr;
      nstr << "host" << i;
      const char* ncstr = nstr.str().c_str();
      const char* hostname = NCONF_get_string(conf,sec,ncstr);
      if ( 0 == hostname )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, nstr.str() );
      }
      m_hostnames[i] = hostname;

      ostringstream pstr;
      pstr << "server_port" << i;
      const char* pcstr = pstr.str().c_str();
      long port;
      if ( NCONF_get_number_e(conf,sec,pcstr,&port) &&
           ( port > 0 ) )
      {
         m_serverPorts[i] = port;
      }
      else if ( serverPort > 0 )
      {
         m_serverPorts[i] = serverPort;
      }
      else
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, pstr.str() );
      }

      ostringstream cstr;
      cstr << "server" << i << "_cert_file";
      const char* ccstr = cstr.str().c_str();
      const char* certFile = NCONF_get_string(conf,sec,ccstr);
      if ( 0 == certFile )
      {
         throw BCParameterNotDefinedException( __FILE__ , __LINE__ ,
                                               fname, cstr.str() );
      }
      m_serverCerts[i].fromPEMFile( certFile );
      if ( i == m_hostNum )
      {
         hostCertFile = certFile;
      }
   }

   // Create the SSL socket builders
   SSL_METHOD * cmeth = TLSv1_client_method();
   SSL_METHOD * smeth = TLSv1_server_method();
   m_serverOutSocketBuilder =
      new CODEX_SSL::SSLSocketBuilder( cmeth,
                                       m_serverCerts[ m_hostNum ].value(),
                                       m_rsa,
                                       ciphers,
                                       caCertFile,
                                       hostCertFile,
                                       SSL_VERIFY_PEER
                                       // The rest of the args can default
         );
   m_serverInSocketBuilder =
      new CODEX_SSL::SSLSocketBuilder( smeth,
                                       m_serverCerts[ m_hostNum ].value(),
                                       m_rsa,
                                       ciphers,
                                       caCertFile,
                                       hostCertFile,
                                       ( SSL_VERIFY_PEER |
                                         SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
                                         SSL_VERIFY_CLIENT_ONCE )
                                       // The rest of the args can default
         );

   // Create the quorum system
   unsigned char* self = new unsigned char[nSID];
   self[0] = m_hostNum;
   m_quorumSystem = new QSType(
      new CODEX_Quorum::ConcreteResponseTracker< nSID , nMID >( self ) );
   // Connect to ourself
   addQuorumServer( m_hostNum,
                    new CODEX_Quorum::AsynchronousRemoteServer(
                       m_hostnames[ m_hostNum ],
                       m_serverPorts[ m_hostNum ],
                       m_loopbackSocketBuilder ) );
}

void
ServerState::readPrivateKey( const char* fname, const char* passwd )
{
   FILE* fp = 0;

   try
   {
      fp = fopen( fname, "r" );
      if ( 0 == fp )
      {
         throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                          __LINE__ , fname );
      }
      if ( ! PEM_read_RSAPrivateKey( fp, &m_rsa, 0, (void*)passwd ) )
      {
         throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                          __LINE__ , fname );
      }
      fclose( fp );
      fp = 0;
      m_privateKey = CODEX_Ciphers::RSAPrivateKey( BN_dup( m_rsa->p ),
                                                   BN_dup( m_rsa->q ),
                                                   BN_dup( m_rsa->d ),
                                                   BN_dup( m_rsa->n ) );
   }
   catch ( ... )
   {
      if ( 0 != fp ) fclose(fp);
      throw;
   }
}

const CODEX_ASN1::Certificate&
ServerState::serverCert( unsigned int i ) const
{
   if ( i >= nServers )
   {
      throw CODEX_Exceptions::IllegalIndexException( __FILE__ , __LINE__ );
   }
   return m_serverCerts[i];
}

const CODEX_Ciphers::RSAPublicKey&
ServerState::publicKey()
{
   if ( ! m_publicKeys[m_hostNum].initialized() )
   {
      if ( m_serverCerts[m_hostNum].initialized() )
      {
         m_publicKeys[m_hostNum] =
            CODEX_Ciphers::RSAPublicKey( m_serverCerts[m_hostNum].value() );
      }
   }
   return m_publicKeys[m_hostNum];
}

const CODEX_Ciphers::RSAPublicKey&
ServerState::publicKey( unsigned int i )
{
   if ( i >= nServers )
   {
      throw CODEX_Exceptions::IllegalIndexException( __FILE__ , __LINE__ );
   }

   if ( ! m_publicKeys[i].initialized() )
   {
      if ( m_serverCerts[i].initialized() )
      {
         m_publicKeys[i] =
            CODEX_Ciphers::RSAPublicKey( m_serverCerts[i].value() );
      }
   }
   return m_publicKeys[i];
}

void
ServerState::readCACert( const char* fname )
{
   if ( ! m_caCert.fromPEMFile( fname ) )
   {
      throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                       __LINE__ ,
                                                       fname );
   }
}

const EVP_PKEY*
ServerState::caKey()
{
   if ( 0 == m_caKey )
   {
      if ( ! m_caCert.initialized() )
      {
         return 0;
      }
      m_caKey = X509_get_pubkey( (X509*) m_caCert.value() );
   }
   return m_caKey;
}

void
ServerState::readServiceCert( const char* fname )
{
   m_serviceCert.fromPEMFile( fname );
}

const CODEX_Ciphers::RSAPublicKey&
ServerState::serviceKey()
{
   if ( ! m_serviceKey.initialized() )
   {
      if ( m_serviceCert.initialized() )
      {
         m_serviceKey = CODEX_Ciphers::RSAPublicKey( m_serviceCert.value() );
      }
   }
   return m_serviceKey;
}

void
ServerState::readPublicEGKey( const char* fname )
{
   ifstream is(fname);
   if ( ! is.is_open() )
   {
      throw CODEX_Exceptions::FileCannotOpenException( __FILE__ ,
                                                       __LINE__ ,
                                                       fname );
   }
   string s;
   char ch;
   while ( is.get(ch) )
   {
      s.push_back(ch);
   }
   //basic_string<unsigned char> s;
   //is >> s;
   unsigned int length = s.length();
   unsigned char* p = new unsigned char[length];
   unsigned char* pOrig = p;
   for ( unsigned int i = 0 ; i < length ; ++i )
   {
      p[i] = s.data()[i];
   }
   //unsigned char* p = (unsigned char*)s.data();
   if ( 0 == m_signedEGKey.unmarshal(0,&p,length) )
   {
      delete [] pOrig;
      throw PublicKeyNotFoundException( __FILE__ , __LINE__ );
   }
   delete [] pOrig;
}

void
ServerState::readRSAShares( const char* fname )
{
   if ( ! serviceKey().initialized() )
   {
      throw PublicKeyNotFoundException( __FILE__ , __LINE__ );
   }
   if ( 0 == m_rsaShares.fromFile( fname ) )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
}

void
ServerState::readElGamalShares( const char* fname )
{
   if ( ! m_signedEGKey.initialized() )
   {
      throw PublicKeyNotFoundException( __FILE__ , __LINE__ );
   }
   if ( 0 == m_elgamalShares.fromFile( fname ) )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
}


//=============================================================
// Server management
//=============================================================

void
ServerState::addServer( CODEX_Quorum::LocalServer* server )
{
   m_serverList.push_back( server );
}

void
ServerState::removeServer( CODEX_Quorum::LocalServer* server )
{
   m_serverList.remove( server );
}

void
ServerState::cleanServer( CODEX_Quorum::LocalServer* server )
{
   m_deadServerList.push_back( server );
}

void
ServerState::garbageCollectServers()
{
   while ( m_deadServerList.size() )
   {
      CODEX_Quorum::LocalServer* ls = m_deadServerList.front();
      m_deadServerList.pop_front();
      delete ls;
   }
}


//=============================================================
// Secret sharing utilities
//=============================================================
const ServerState::LSType&
ServerState::rsaShares( const LSType::LabelType& label,
                        unsigned int server ) const
{
   if ( 0 == m_rsaShareCallback )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
   return (*m_rsaShareCallback)( label, server );
}

const ServerState::LSType::LabelType&
ServerState::defaultRSALabel() const
{
   if ( 0 == m_rsaDefaultLabel )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
   return (*m_rsaDefaultLabel);
}

const ServerState::LSType&
ServerState::elgamalShares( const LSType::LabelType& label,
                        unsigned int server ) const
{
   if ( 0 == m_egShareCallback )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
   return (*m_egShareCallback)( label, server );
}

const ServerState::LSType::LabelType&
ServerState::defaultEGLabel() const
{
   if ( 0 == m_egDefaultLabel )
   {
      throw KeySharesNotFoundException( __FILE__ , __LINE__ );
   }
   return (*m_egDefaultLabel);
}

const ServerState::ThresholdSignatureType&
ServerState::thresholdSignature() const
{
   return thresholdRSA();
//   return thresholdTemplate< ThresholdSignatureType >();
}

const ServerState::LSType::LabelType&
ServerState::defaultLabel( unsigned int num ) const
{
   if ( RSAKeyNum == num )
   {
      return defaultRSALabel();
   }
   if ( EGKeyNum == num )
   {
      return defaultEGLabel();
   }
   throw UnknownSecretNumberException( __FILE__ , __LINE__ , num );
}

void
ServerState::setShareCallback( unsigned int num, const ShareCallback* cb )
{
   if ( RSAKeyNum == num )
   {
      setRSAShareCallback( cb );
      return;
   }
   if ( EGKeyNum == num )
   {
      setEGShareCallback( cb );
      return;
   }
   // otherwise ignore
}

void
ServerState::setDefaultLabel( const LSType::LabelType* label )
{
   if ( 0 == label )
   {
      return;
   }
   unsigned int num = label->num().value();
   if ( RSAKeyNum == num )
   {
      setRSADefaultLabel( label );
      return;
   }
   if ( EGKeyNum == num )
   {
      setEGDefaultLabel( label );
   }
   // otherwise ignore
}

void
ServerState::rationalizeSharings(
   const vector< ShareType* >& sharings,
   ShareSetType& result ) const
{
   typedef vector< ShareType > VSSVec;
   const unsigned int nShares = ShareType::NumShares;
   unsigned int bestGuess[nShares];
   unsigned int guessCount[nShares];
   unsigned int veclen = sharings.size();
   for ( unsigned int i = 0 ; i < nShares ; ++i )
   {
      guessCount[i] = 0;
      bestGuess[i] = veclen;
      for ( unsigned int j = 0 ; j < veclen ; ++j )
      {
         if ( sharings[j]->initialized() &&
              sharings[j]->share(i).initialized() )
         {
            bestGuess[i] = j;
            guessCount[i] = 1;
            break;
         }
      }
   }
   for ( unsigned int i = 0 ; i < nShares ; ++i )
   {
      while ( ( ! result(i).initialized() ) &&
              ( bestGuess[i] < veclen ) )
      {
         for ( unsigned int j = bestGuess[i] + 1 ; j < veclen ; ++j )
         {
            if ( sharings[j]->initialized() &&
                 sharings[j]->share(i).initialized() &&
                 ( 0 == BN_cmp( sharings[j]->share(i).value(),
                                sharings[bestGuess[i]]->share(i).value() ) ) )
            {
               ++guessCount[i];
            }
         }
         if ( guessCount[i] > ServerState::nFaults )
         {
            result.setShare(i,sharings[bestGuess[i]]->share(i));
         }
         else
         {
            guessCount[i] = 0;
            bestGuess[i] = veclen;
            for ( unsigned int j = bestGuess[i] + 1 ; j < veclen ; ++j )
            {
               if ( sharings[j]->initialized() &&
                    sharings[j]->share(i).initialized() )
               {
                  bestGuess[i] = j;
                  guessCount[i] = 1;
                  break;
               }
            }
         }
      }
   }
}

BIGNUM*
ServerState::thresholdOperation(
   const vector< ShareType* >& sharings,
   const BIGNUM * operand ) const
{
   ShareSetType consistent;
   rationalizeSharings( sharings, consistent );
   // "consistent" is now a trustable set of shares
   ShareSetType temp = consistent;

   // do the combinatorics
   const unsigned int nShares = ShareType::NumShares;
   unsigned int veclen = sharings.size();
   unsigned int firstGuess[nShares];
   unsigned int lastGuess[nShares];
   for ( unsigned int i = 0 ; i < nShares ; ++i )
   {
      if ( consistent(i).initialized() ) continue;
      firstGuess[i] = veclen;
      lastGuess[i] = veclen;
      for ( unsigned int j = 0 ; j < veclen ; ++j )
      {
         if ( sharings[j]->initialized() &&
              sharings[j]->share(i).initialized() )
         {
            firstGuess[i] = j;
            lastGuess[i] = j;
            temp.setShare(i,sharings[j]->share(i));
            break;
         }
      }
   }
   // This loop _will_ terminate.
   bool changed = true;
   while( changed )
   {
      changed = false;
      BIGNUM* tres = m_thresholdRSA.threshold( temp );
      CODEX_Ciphers::RSACipherText* ct = 0;
      if ( 0 != tres )
      {
         try
         {
            // Encryption is slightly more generic than signature verification.
            ct = m_serviceKey.encrypt( tres );
            if ( 0 == BN_cmp( ct->value(), operand ) )
            {
               return tres;
            }
         }
         catch ( ... )
         {
         }
      }
      if ( 0 != ct ) delete ct;
      if ( 0 != tres ) delete tres;
      for ( unsigned int i = 0 ; i < nShares ; ++i )
      {
         if ( consistent(i).initialized() ) continue;

         unsigned int j = lastGuess[i] + 1;
         lastGuess[i] = veclen;
         for ( ; j < veclen ; ++j )
         {
            if ( sharings[j]->initialized() &&
                 sharings[j]->share(i).initialized() )
            {
               lastGuess[i] = j;
               break;
            }
         }
         if ( lastGuess[i] < veclen )
         {
            temp.setShare(i,sharings[lastGuess[i]]->share(i));
            changed = true;
            break;
         }
         else
         {
            // Try moving the next unconfirmed share.
            // If this is the last one, then changed will not be set
            // true, and the loop will terminate.
            lastGuess[i] = firstGuess[i];
         }
      }
   }
   return 0;
}



unsigned char*
ServerState::newSequenceNumber()
{
   for ( unsigned int i = 0 ; i < nMID ; ++i )
   {
      if ( m_seqNum[i] < 255U )
      {
         ++m_seqNum[i];
         break;
      }
      m_seqNum[i] = 0U;
   }
   return m_seqNum;
}

void
ServerState::addChallenge( const unsigned char* request,
                           ShareLabelChallenge* challenge )
{
   ChallengeMap::iterator itr = m_challengeMap.find( request );
   if ( m_challengeMap.end() == itr )
   {
      unsigned char* s = new unsigned char[ ServerState::nMID ];
      memcpy( s, request, CODEX_Server::ServerState::nMID );
      m_challengeMap.insert( ChallengeMap::value_type( s,
                                                       ChallengeVector() ) );
   }
   m_challengeMap[request].push_back( challenge );
}

void
ServerState::removeChallenge( const unsigned char* request )
{
   ChallengeMap::iterator itr = m_challengeMap.find( request );
   if ( itr != m_challengeMap.end() )
   {
      delete [] itr->first;
      ChallengeVector::iterator vItr = itr->second.begin();
      ChallengeVector::iterator vEnd = itr->second.end();
      for ( ; vItr != vEnd ; ++vItr )
      {
         delete *vItr;
      }
      m_challengeMap.erase( itr );
   }
}


//=============================================================
// Quorum system management
//=============================================================

bool
ServerState::addQuorumServer( int host,
                              CODEX_Quorum::AsynchronousRemoteServer* server )
{
   if ( (host < 0) || (host >= nServers) )
   {
      return false;
   }
   if ( 0 == server )
   {
      return false;
   }
   if ( 0 == m_quorumSystem )
   {
      return false;
   }
   if ( 0 != m_quorumSystem->server(host) )
   {
      return false;
   }
   m_quorumSystem->setServer(host,server);
   return true;
}

const CODEX_Quorum::RemoteServer*
ServerState::getQuorumServer( int host )
{
   if ( 0 == m_quorumSystem )
   {
      return 0;
   }
   return m_quorumSystem->server(host);
}

bool
ServerState::haveQuorumServer( int host ) const
{
   if ( 0 == m_quorumSystem )
   {
      return false;
   }
   return ( 0 != m_quorumSystem->server(host) );
}

const string&
ServerState::hostName( long i )
{
   if ( (i < 0) || (i >= nServers) )
   {
      throw CODEX_Exceptions::IllegalIndexException( __FILE__ , __LINE__ );
   }
   return m_hostnames[i];
}
         
long
ServerState::serverPort( long i )
{
   if ( (i < 0) || (i >= nServers) )
   {
      throw CODEX_Exceptions::IllegalIndexException( __FILE__ , __LINE__ );
   }
   return m_serverPorts[i];
}

---