Symbian^3 Application Developer Library >

COCSPCaDirectAuthorisationScheme Class Reference

class COCSPCaDirectAuthorisationScheme : public CBase

Implement part of S2.2 of RFC 2560.

"The key used to sign the response MUST belong to one of the following...

-- the CA who issued the certificate in question"

Inherits from

  • COCSPCaDirectAuthorisationScheme
Public Member Functions
IMPORT_C COCSPCaDirectAuthorisationScheme * NewLC ()
const CX509Certificate * ResponderCert ()
Private Member Functions
void CancelValidate ()
TBool CertChainMatchesCertL (const TDesC8 &, const CX509Certificate &)
TBool DoValidateL (const COCSPRequest &, COCSPResponse &)
void ValidateL ( OCSP::TStatus &, COCSPResponse &, const TTime , TRequestStatus &, const COCSPRequest &)
Inherited Functions
CBase::CBase()
CBase::Delete(CBase *)
CBase::Extension_(TUint,TAny *&,TAny *)
CBase::operator new(TUint)
CBase::operator new(TUint,TAny *)
CBase::operator new(TUint,TLeave)
CBase::operator new(TUint,TLeave,TUint)
CBase::operator new(TUint,TUint)
CBase::~CBase()

Member Functions Documentation

CancelValidate()

void CancelValidate ( ) [private, virtual]

This is a no-op because this implementation is not an active object.

CertChainMatchesCertL(const TDesC8 &, const CX509Certificate &)

TBool CertChainMatchesCertL ( const TDesC8 & aCertChainData,
const CX509Certificate & aCert
) [private]

Checks whether the encoded cert chain contains exactly one cert which matches the supplied cert.

This is used to verify that, when a cert chain is sent with the response, it contains exactly the CA cert.

Parameters

const TDesC8 & aCertChainData DER-encoded certificate chain data extracted from response.
const CX509Certificate & aCert Certificate to look for.

DoValidateL(const COCSPRequest &, COCSPResponse &)

TBool DoValidateL ( const COCSPRequest & aRequest,
COCSPResponse & aResponse
) [private]

Checks if the response is signed by the CA. If the response has a certificate chain, it must contain exactly the CA cert. It is acceptable for the response to have no certificate chain.

The responder ID in the certificate must match the CA cert, and the whole response must be signed by the CA cert's signer.

Parameters

const COCSPRequest & aRequest
COCSPResponse & aResponse

NewLC()

IMPORT_C COCSPCaDirectAuthorisationScheme * NewLC ( ) [static]

ResponderCert()

const CX509Certificate * ResponderCert ( ) const

ValidateL(OCSP::TStatus &, COCSPResponse &, const TTime, TRequestStatus &, const COCSPRequest &)

void ValidateL ( OCSP::TStatus & aOCSPStatus,
COCSPResponse & aResponse,
const TTime aValidationTime,
TRequestStatus & aStatus,
const COCSPRequest & aRequest
) [private, virtual]

Validate the response if it is signed by the CA. The response can optionally contain a copy of the CA's certificate.

Parameters

OCSP::TStatus & aOCSPStatus
COCSPResponse & aResponse
const TTime aValidationTime
TRequestStatus & aStatus
const COCSPRequest & aRequest

Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License v1.0.