class COCSPDirectAuthorisationScheme : public CActive |
Implement part of S2.2 of RFC 2560.
"The key used to sign the response MUST belong to one of the following...
-- a Trusted Responder whose public key is trusted by the requester"
Public Member Functions | |
---|---|
~COCSPDirectAuthorisationScheme () | |
void | CancelValidate () |
IMPORT_C COCSPDirectAuthorisationScheme * | NewLC (const TUid &, MCertStore &) |
const CX509Certificate * | ResponderCert () |
void | ValidateL ( OCSP::TStatus &, COCSPResponse &, const TTime , TRequestStatus &, const COCSPRequest &) |
Protected Member Functions | |
---|---|
void | DoCancel () |
TInt | RunError ( TInt ) |
void | RunL () |
Private Member Functions | |
---|---|
COCSPDirectAuthorisationScheme (const TUid &, MCertStore &) | |
void | ConstructL () |
void | OnListCertEntries () |
void | OnRetrieveNextL () |
void | OnRetrievingEntryL () |
void | OnValidateCertChainL () |
void | StartValidateL () |
void | ValidateCertChainL () |
void | ValidateFromRoots () |
TBool | ValidateSignatureL () |
Private Member Enumerations | |
---|---|
enum | TStatus { EValidateCertChain , EListCertEntries , ERetrieveNext , ERetrievingEntry } |
Inherited Enumerations | |
---|---|
CActive:TPriority |
Private Attributes | |
---|---|
CPKIXCertChainBase * | iCertChain |
CCertAttributeFilter * | iCertFilter |
MCertStore & | iCertStore |
RMPointerArray < CCTCertInfo > | iCertStoreEntries |
TUid | iCertStoreUid |
TRequestStatus * | iClientStatus |
TInt | iCurEntry |
HBufC8 * | iEncodedCertBuf |
TPtr8 * | iEncodedCertPtr |
RFs | iFs |
OCSP::TStatus * | iOCSPStatus |
CPKIXValidationResultBase * | iPKIXResult |
const COCSPRequest * | iRequest |
COCSPResponse * | iResponse |
const CX509Certificate * | iResponseCert |
TStatus | iState |
TTime | iValidationTime |
Inherited Attributes | |
---|---|
CActive::iStatus |
COCSPDirectAuthorisationScheme | ( | const TUid & | aCertStoreUid, |
MCertStore & | aCertStore | ||
) | [private] |
const TUid & aCertStoreUid | |
MCertStore & aCertStore |
void | DoCancel | ( | ) | [protected, virtual] |
Implements cancellation of an outstanding request.
This function is called as part of the active object's Cancel() .
It must call the appropriate cancel function offered by the active object's asynchronous service provider. The asynchronous service provider's cancel is expected to act immediately.
DoCancel() must not wait for event completion; this is handled by Cancel() .
IMPORT_C COCSPDirectAuthorisationScheme * | NewLC | ( | const TUid & | aCertStoreUid, |
MCertStore & | aCertStore | |||
) | [static] |
const TUid & aCertStoreUid | |
MCertStore & aCertStore |
void | RunL | ( | ) | [protected, virtual] |
Handles an active object's request completion event.
A derived class must provide an implementation to handle the completed request. If appropriate, it may issue another request.
The function is called by the active scheduler when a request completion event occurs, i.e. after the active scheduler's WaitForAnyRequest() function completes.
Before calling this active object's RunL() function, the active scheduler has:
1. decided that this is the highest priority active object with a completed request
2. marked this active object's request as complete (i.e. the request is no longer outstanding)
RunL() runs under a trap harness in the active scheduler. If it leaves, then the active scheduler calls RunError() to handle the leave.
Note that once the active scheduler's Start() function has been called, all user code is run under one of the program's active object's RunL() or RunError() functions.
CActiveScheduler::Start CActiveScheduler::Error CActiveScheduler::WaitForAnyRequest TRAPD
void | StartValidateL | ( | ) | [private] |
If the response contains the certificate which signed the response, create the certificate chain till the responder certificate. Otherwise validate directly from root certificates contained in the store initialized by the client.
void | ValidateCertChainL | ( | ) | [private] |
If response contains responder's certificate, chain validation would be done till the CA certificate which should be located in the store.
void | ValidateL | ( | OCSP::TStatus & | aOCSPStatus, |
COCSPResponse & | aResponse, | |||
const TTime | aValidationTime, | |||
TRequestStatus & | aStatus, | |||
const COCSPRequest & | aRequest | |||
) |
Starts the process of validating the response. The initial value of the OCSP Status is set to signature validation failure.
OCSP::TStatus & aOCSPStatus | |
COCSPResponse & aResponse | |
const TTime aValidationTime | |
TRequestStatus & aStatus | |
const COCSPRequest & aRequest |
RMPointerArray < CCTCertInfo > | iCertStoreEntries | [private] |
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.