class COCSPCaDirectAuthorisationScheme : public CBase |
Implement part of S2.2 of RFC 2560.
"The key used to sign the response MUST belong to one of the following...
-- the CA who issued the certificate in question"
Public Member Functions | |
---|---|
IMPORT_C COCSPCaDirectAuthorisationScheme * | NewLC() |
const CX509Certificate * | ResponderCert() |
Private Member Functions | |
---|---|
void | CancelValidate() |
TBool | CertChainMatchesCertL(const TDesC8 &, const CX509Certificate &) |
TBool | DoValidateL(const COCSPRequest &, COCSPResponse &) |
void | ValidateL(OCSP::TStatus &, COCSPResponse &, const TTime, TRequestStatus &, const COCSPRequest &) |
void | CancelValidate | ( | ) | [private, virtual] |
This is a no-op because this implementation is not an active object.
TBool | CertChainMatchesCertL | ( | const TDesC8 & | aCertChainData, |
const CX509Certificate & | aCert | |||
) | [private] |
Checks whether the encoded cert chain contains exactly one cert which matches the supplied cert.
This is used to verify that, when a cert chain is sent with the response, it contains exactly the CA cert.
const TDesC8 & aCertChainData | DER-encoded certificate chain data extracted from response. |
const CX509Certificate & aCert | Certificate to look for. |
TBool | DoValidateL | ( | const COCSPRequest & | aRequest, |
COCSPResponse & | aResponse | |||
) | [private] |
Checks if the response is signed by the CA. If the response has a certificate chain, it must contain exactly the CA cert. It is acceptable for the response to have no certificate chain.
The responder ID in the certificate must match the CA cert, and the whole response must be signed by the CA cert's signer.
const COCSPRequest & aRequest | |
COCSPResponse & aResponse |
void | ValidateL | ( | OCSP::TStatus & | aOCSPStatus, |
COCSPResponse & | aResponse, | |||
const TTime | aValidationTime, | |||
TRequestStatus & | aStatus, | |||
const COCSPRequest & | aRequest | |||
) | [private, virtual] |
Validate the response if it is signed by the CA. The response can optionally contain a copy of the CA's certificate.
OCSP::TStatus & aOCSPStatus | |
COCSPResponse & aResponse | |
const TTime aValidationTime | |
TRequestStatus & aStatus | |
const COCSPRequest & aRequest |
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.