Mercurial Mercurial > oss > FCL > sf > mw > securitysrv / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pkiutilities/ocsp/src/delegateauthorisation.cpp
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Tue, 26 Jan 2010 15:20:08 +0200
changeset 0 164170e6151a
permissions -rw-r--r--
Revision: 201004
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     1
 
// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     2
 
// All rights reserved.
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     3
 
// This component and the accompanying materials are made available
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     4
 
// under the terms of "Eclipse Public License v1.0"
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     5
 
// which accompanies this distribution, and is available
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     6
 
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     7
 
//
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     8
 
// Initial Contributors:
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
     9
 
// Nokia Corporation - initial contribution.
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    10
 
//
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    11
 
// Contributors:
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    12
 
//
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    13
 
// Description:
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    14
 
//
164170e6151a Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff changeset 
    15
 












164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    16


#include <asn1dec.h>













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    17


#include <x509certext.h>













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    18


#include "oids.h"













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    19


#include "pkixcertchain.h"













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    20


#include "ocsp.h"













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    21


#include <mcertstore.h>













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    22


#include <ccertattributefilter.h>













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    23


#include "ocsprequestandresponse.h"













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    24














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    25


const TInt CERT_SIZE = 1000;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    26














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    27


EXPORT_C COCSPDelegateAuthorisationScheme* COCSPDelegateAuthorisationScheme::NewLC(













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    28


	MCertStore& aCertStore)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    29


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    30


	Factory function allocates new instance of













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    31


	COCSPDelegateAuthorisationScheme.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    32


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    33


	@param	aCertStore		Cert store interface.  This is used to













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    34


							construct a certificate chain builder with













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    35


							CPKIXCertChainBase::NewL().  Certificates from













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    36


							the store are not used for validation if the response 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    37


							contains the responder certificate. If it does not contain 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    38


							the responder cert then validation would be done from store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    39


	@return					New instance of COCSPDelegateAuthorisationScheme.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    40


							Leaves if cannot successfully construct.  The new













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    41


							object is placed on the cleanup stack.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    42


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    43


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    44


	COCSPDelegateAuthorisationScheme* scheme =













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    45


		new(ELeave) COCSPDelegateAuthorisationScheme(aCertStore);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    46


	CleanupStack::PushL(scheme);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    47


	scheme->ConstructL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    48


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    49


	return scheme;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    50


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    51














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    52


COCSPDelegateAuthorisationScheme::COCSPDelegateAuthorisationScheme(













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    53


	MCertStore& aCertStore)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    54


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    55


	Initializes the CActive base class object and adds













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    56


	this object to the active scheduler.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    57


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    58


	@param	aCertStore		Cert store interface.  This is only used to













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    59


							construct a certificate chain builder with













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    60


							CPKIXCertChainBase::NewL().  Certificates from













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    61


							the store are not used for validation if the response 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    62


							contains the responder certificate. If it does not contain 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    63


							the responder cert then validation would be done from store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    64


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    65


:	CActive(EPriorityStandard),













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    66


	iCertStore(aCertStore)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    67


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    68


	CActiveScheduler::Add(this);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    69


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    70














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    71


void COCSPDelegateAuthorisationScheme::ConstructL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    72


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    73


	Strictly, none of the resources owned by this object













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    74


	are required for all of its lifetime need to be preserved













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    75


	between validations.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    76


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    77


	Some of the resources, such as the CPKIXCertChain













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    78


	instance have to be reallocated for every validation.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    79


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    80


	The resources which can be allocated for the lifetime













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    81


	of this object are allocated here.  This improves performance













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    82


	and simplifies the validation process, at a RAM cost.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    83


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    84


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    85


	// iRespSignCertChainBase is the array of intermediate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    86


	// certificates which CPKIXCertChain will use to













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    87


	// chain (T->I) to (I->E).  Because only immediate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    88


	// delegates are supported, there will only be one













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    89


	// intermediate (or trusted root from CPKIXCertChain's













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    90


	// point-of-view.)  Therefore the array can be













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    91


	// sized here.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    92


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    93


	// RPointerArray<> doesn't have a Reserve() function.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    94


	const CX509Certificate* nullCert = 0;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    95


	User::LeaveIfError(iRespSignIntCert.Append(nullCert));













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    96


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    97


	iCertFilter = CCertAttributeFilter::NewL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    98


	iCertFilter->SetOwnerType(ECACertificate);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




    99


	iCertFilter->SetFormat(EX509Certificate);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   100














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   101


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   102














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   103


COCSPDelegateAuthorisationScheme::~COCSPDelegateAuthorisationScheme()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   104


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   105


	Cancels any outstanding validation and frees all resources













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   106


	owned by this object.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   107


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   108


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   109


	delete iCertFilter;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   110


	iCertStoreEntries.Close();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   111


	iRespSignIntCert.Close();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   112


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   113


	delete iEncodedCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   114


	delete iResponseCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   115


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   116


	delete iPKIXResultBase;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   117


	delete iRespSignCertChainBase;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   118


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   119


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   120














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   121


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   122


	Implement MOCSPAuthorisationScheme.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   123


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   124


	Validate the response if it is signed by an	immediate delegate of the intermediate entity.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   125


	I.e. if the request has the form













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   126


		(T->I) (I->E)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   127


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   128


	where T is trusted (at least for the purposes of this validation) and I is an intermediate, 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   129


	the response can be signed by R if (I->R).













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   130


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   131


	I is the CA, and can be equal to T, i.e. the certificate which is being tested for 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   132


	revocation can be signed by a root certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   133


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   134


	R must be immediately signed by I, and must have id-kp-OCSPSigning in its extended key usage.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   135


	(RFC 2560 S4.2.2.2)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   136


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   137


void COCSPDelegateAuthorisationScheme::ValidateL(













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   138


	OCSP::TStatus& aOCSPStatus, COCSPResponse& aResponse,













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   139


	const TTime aValidationTime, TRequestStatus& aStatus,













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   140


	const COCSPRequest& aRequest)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   141


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   142


	// store the client status, so that it can be used for request













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   143


	// completion later.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   144


	iClientStatus = &aStatus;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   145


	aStatus = KRequestPending;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   146


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   147


	// By assuming there is only one request / response pair,













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   148


	// there is no need to iterate through each response, which













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   149


	// simplifies this scheme's implementation.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   150


	// the OCSP requests are constructed in













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   151


	// COCSPClient::ConstructL() such that exactly one certificate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   152


	// and its signer are sent in each request.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   153


	// (RFC 2560 S4.1.1 allows multiple pairs)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   154


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   155


	iResponse = &aResponse;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   156


	iRequest = &aRequest;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   157


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   158


	iValidationTime = aValidationTime;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   159


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   160


	// This default value is changed once the whole validation 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   161


	// process has completed successfully else the default value 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   162


	// is returned on failure.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   163


	aOCSPStatus = OCSP::EResponseSignatureValidationFailure;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   164


	iOCSPStatus = &aOCSPStatus;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   165


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   166


	// set this to false before starting the scheme validation













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   167


	// for multiple certificates are being validated through 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   168


	// this scheme.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   169


	iValidateFromResponse = EFalse;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   170


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   171


	// This authentication scheme supports 2 ways of validation:













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   172


	// 1. If the response contains responder cert then validation 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   173


	// would be performed against the responder cert included in response. 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   174


	// This validation would also check whether the responder cert has been 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   175


	// issued by the CA cert which issued the certificate in question.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   176


	// 2. If the response does not contain responder cert, search for it 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   177


	// in the store based on the ResponderId which is included in the 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   178


	// response. If the responder cert is found in the store which has signed













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   179


	// the response then authorize the response, in both the cases we check whether 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   180


	// responder cert has been issued by the CA which issued the cert in question, 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   181


	// and the CA should be present in the store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   182


	const TPtrC8* certChainData = aResponse.DataElementEncoding(COCSPResponse::ECertificateChain);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   183


	if (certChainData == 0)		// no signing certs













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   184


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   185


		ValidateFromRootsL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   186


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   187


	else













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   188


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   189


		iValidateFromResponse = ETrue;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   190


		ValidateDelegateCertL(*certChainData, iValidationTime);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   191


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   192


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   193














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   194


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   195


	Initialize this object to validate the certificate which was sent with the 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   196


	response against the CA which was used	to sign the certificate in question.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   197


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   198


	@param	aResponseCertChain	DER-encoded cert chain that	was either sent with the response.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   199


								or was retrieved from the store as a single certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   200


	@param 	aValidationTime		Time to be used for chain validation of the delegate certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   201


	@post If successful, asynchronous validation will be set up.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   202


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   203














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   204


void COCSPDelegateAuthorisationScheme::ValidateDelegateCertL(













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   205


	const TDesC8& aResponseCertChain, const TTime aValidationTime)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   206


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   207


	// the response received can contain a chain of certificate, we need to extract the 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   208


	// responder certificate from the chain for further processing. If the certificate has been













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   209


	// retrieved from store then there would be no chain but the delegate certificate would be













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   210


	// retrieved.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   211


	CX509Certificate* decodedResponseCert = OCSPUtils::GetResponderCertLC(aResponseCertChain);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   212


	CleanupStack::Pop(decodedResponseCert);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   213


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   214


	delete iResponseCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   215


	iResponseCert = NULL;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   216


	iResponseCert = decodedResponseCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   217


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   218


	// First check the responder certificate in accordance to RFC 2560 for the following:













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   219


	// 1. Does it contain extension id-kp-OCSPSigning













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   220


	// 2. The responder id in the response matches the response certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   221


	// 3. The response is signed by the responder certificate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   222


	if( OCSPUtils::DoesCertHaveOCSPSigningExtL(*iResponseCert) 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   223


		&&	OCSPUtils::DoesResponderIdMatchCertL(*iResponse, *iResponseCert)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   224


		&&	OCSPUtils::IsResponseSignedByCertL(iResponse, *iResponseCert) )













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   225


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   226


		// construct a certificate chain containing the X -> R with T -> I as the intermediate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   227


		delete iPKIXResultBase;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   228


		iPKIXResultBase = NULL;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   229


		iPKIXResultBase = CPKIXValidationResultBase::NewL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   230


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   231


		// get the intermediate which signed the EE













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   232


		const CX509Certificate& caCert = iRequest->CertInfo(0).Issuer();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   233


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   234


		// use the intermediate cert as the trusted root for













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   235


		// the purpose of building the chain.  ("Intermediate"













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   236


		// in this context is the certificate which signed the EE.)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   237


		iRespSignIntCert[0] = CONST_CAST(CX509Certificate*,&caCert);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   238


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   239


		delete iRespSignCertChainBase;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   240


		iRespSignCertChainBase = NULL;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   241


		iRespSignCertChainBase = CPKIXCertChainBase::NewL(iCertStore, iResponseCert->Encoding(), iRespSignIntCert);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   242


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   243


		// attempt to validate the chain.  I.e. test that X = I.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   244


		iRespSignCertChainBase->ValidateL(*iPKIXResultBase, aValidationTime, iStatus);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   245


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   246


		iState = EOnChainValidation;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   247


		SetActive();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   248


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   249


	else













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   250


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   251


		if(iValidateFromResponse)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   252


			{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   253


			User::RequestComplete(iClientStatus, KErrNone);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   254


			return;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   255


			}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   256


		// this means that we are trying to retrieve the responder certificate from the store













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   257


		// and perform validation against it. As this certificate is not the valid responder













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   258


		// hence set the state to retrieve the next certificate from the store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   259


		else













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   260


			{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   261


			iState = ERetrieveNext;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   262


			TRequestStatus* status = &iStatus;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   263


			User::RequestComplete(status,KErrNone);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   264


			SetActive();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   265


			return;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   266


			}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   267


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   268


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   269














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   270


void COCSPDelegateAuthorisationScheme::CancelValidate()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   271


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   272


	Implement MOCSPAuthorisationScheme.  This is an active













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   273


	object, and this function just calls Cancel().  See













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   274


	DoCancel() for information about the cancellation process.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   275


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   276


	@see DoCancel













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   277


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   278


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   279


	ASSERT(iRespSignCertChainBase != 0);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   280


	iRespSignCertChainBase->CancelValidate();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   281


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   282














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   283


void COCSPDelegateAuthorisationScheme::RunL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   284


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   285


	User::LeaveIfError(iStatus.Int());













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   286


	switch(iState)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   287


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   288


		//Response validation after chain building.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   289


		case EOnChainValidation:













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   290


			OnChainValidationL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   291


			break;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   292


		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   293


		// state used to allocate sufficient memory for retrieving the next certificate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   294


		case ERetrieveNext:













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   295


			OnRetrieveNextL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   296


			break;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   297














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   298


		// state used to retrieve the next certificate













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   299


		case ERetrievingEntry:













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   300


			OnRetrievingEntryL();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   301


			break;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   302


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   303


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   304














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   305


void COCSPDelegateAuthorisationScheme::OnChainValidationL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   306


	{	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   307


	TValidationError error = iPKIXResultBase->Error().iReason;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   308


	if (error != EValidatedOK)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   309


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   310


		User::Leave(error);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   311


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   312


	*iOCSPStatus = OCSP::EValid;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   313


	User::RequestComplete(iClientStatus, KErrNone);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   314


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   315














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   316


void COCSPDelegateAuthorisationScheme::DoCancel()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   317


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   318


	If a validation request is outstanding, then it is cancelled.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   319


	This objects client, i.e. the owner of the TRequestStatus which













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   320


	was passed to Validate(), is completed with KErrCancel.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   321


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   322


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   323


	// object should be waiting for the chain builder to complete.  













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   324


	// Therefore there must be a valid client request status pointer 













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   325


	// and an instance of CPKIXCertChain.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   326


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   327


	iRespSignCertChainBase->CancelValidate();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   328


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   329


	if (iClientStatus)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   330


		{		













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   331


		User::RequestComplete(iClientStatus, KErrCancel);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   332


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   333


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   334














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   335


TInt COCSPDelegateAuthorisationScheme::RunError(TInt aError)













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   336


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   337


	User::RequestComplete(iClientStatus, aError);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   338


	return KErrNone;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   339


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   340














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   341


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   342


 * Initiates request to retrieve the responder certificate from store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   343


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   344


void COCSPDelegateAuthorisationScheme::ValidateFromRootsL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   345


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   346


	iCertCount = -1;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   347


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   348


	iCertStoreEntries.Close();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   349


	iCertStore.List(iCertStoreEntries, *iCertFilter, iStatus);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   350


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   351


	delete iEncodedCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   352


	iEncodedCert = NULL;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   353


	iEncodedCert = HBufC8::NewL(CERT_SIZE);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   354


	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   355


	iState = ERetrieveNext;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   356


	SetActive();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   357


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   358














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   359


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   360


 * For list of certificate entries in the store retrieve each certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   361


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   362


void COCSPDelegateAuthorisationScheme::OnRetrieveNextL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   363


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   364


	if(++iCertCount < iCertStoreEntries.Count() )













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   365


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   366


		iState = ERetrievingEntry;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   367


		TInt size = iCertStoreEntries[iCertCount]->Size();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   368


		if( size > iEncodedCert->Des().MaxLength() )













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   369


			{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   370


			delete iEncodedCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   371


			iEncodedCert = NULL;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   372


			iEncodedCert = HBufC8::NewL(size);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   373


			}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   374


		TPtr8 encodedCertDesc = iEncodedCert->Des();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   375


		iCertStore.Retrieve(*iCertStoreEntries[iCertCount],	encodedCertDesc,iStatus);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   376


		SetActive();













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   377


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   378


	else













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   379


		{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   380


		User::RequestComplete(iClientStatus,OCSP::EResponseSignatureValidationFailure);	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   381


		}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   382


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   383














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   384


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   385


 * Once the certificate has been retrieved from the store, it should be sent for chain validation.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   386


 * This intermediate state is required so that we can retrieve the certificate from the store.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   387


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   388


void COCSPDelegateAuthorisationScheme::OnRetrievingEntryL()













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   389


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   390


	ValidateDelegateCertL(*iEncodedCert, iValidationTime);













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   391


	}













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   392














164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   393


/**













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   394


 * Returns the responder certificate.













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   395


 */













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   396


const CX509Certificate* COCSPDelegateAuthorisationScheme::ResponderCert() const	













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   397


	{













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   398


	return iResponseCert;













164170e6151a
Revision: 201004



Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>


parents: 

diff
changeset




   399


	}















FCL/sf/mw/securitysrv