author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
Tue, 26 Jan 2010 15:20:08 +0200 | |
changeset 0 | 164170e6151a |
permissions | -rw-r--r-- |
0
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1 |
// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
2 |
// All rights reserved. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
3 |
// This component and the accompanying materials are made available |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
4 |
// under the terms of "Eclipse Public License v1.0" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
5 |
// which accompanies this distribution, and is available |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html". |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
7 |
// |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
8 |
// Initial Contributors: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
9 |
// Nokia Corporation - initial contribution. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
10 |
// |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
11 |
// Contributors: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
12 |
// |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
13 |
// Description: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
14 |
// |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
15 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
16 |
#include <asn1dec.h> |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
17 |
#include <x509certext.h> |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
18 |
#include "oids.h" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
19 |
#include "pkixcertchain.h" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
20 |
#include "ocsp.h" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
21 |
#include <mcertstore.h> |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
22 |
#include <ccertattributefilter.h> |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
23 |
#include "ocsprequestandresponse.h" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
24 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
25 |
const TInt CERT_SIZE = 1000; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
26 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
27 |
EXPORT_C COCSPDelegateAuthorisationScheme* COCSPDelegateAuthorisationScheme::NewLC( |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
28 |
MCertStore& aCertStore) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
29 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
30 |
Factory function allocates new instance of |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
31 |
COCSPDelegateAuthorisationScheme. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
32 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
33 |
@param aCertStore Cert store interface. This is used to |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
34 |
construct a certificate chain builder with |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
35 |
CPKIXCertChainBase::NewL(). Certificates from |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
36 |
the store are not used for validation if the response |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
37 |
contains the responder certificate. If it does not contain |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
38 |
the responder cert then validation would be done from store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
39 |
@return New instance of COCSPDelegateAuthorisationScheme. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
40 |
Leaves if cannot successfully construct. The new |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
41 |
object is placed on the cleanup stack. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
42 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
43 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
44 |
COCSPDelegateAuthorisationScheme* scheme = |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
45 |
new(ELeave) COCSPDelegateAuthorisationScheme(aCertStore); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
46 |
CleanupStack::PushL(scheme); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
47 |
scheme->ConstructL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
48 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
49 |
return scheme; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
50 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
51 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
52 |
COCSPDelegateAuthorisationScheme::COCSPDelegateAuthorisationScheme( |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
53 |
MCertStore& aCertStore) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
54 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
55 |
Initializes the CActive base class object and adds |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
56 |
this object to the active scheduler. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
57 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
58 |
@param aCertStore Cert store interface. This is only used to |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
59 |
construct a certificate chain builder with |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
60 |
CPKIXCertChainBase::NewL(). Certificates from |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
61 |
the store are not used for validation if the response |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
62 |
contains the responder certificate. If it does not contain |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
63 |
the responder cert then validation would be done from store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
64 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
65 |
: CActive(EPriorityStandard), |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
66 |
iCertStore(aCertStore) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
67 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
68 |
CActiveScheduler::Add(this); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
69 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
70 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
71 |
void COCSPDelegateAuthorisationScheme::ConstructL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
72 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
73 |
Strictly, none of the resources owned by this object |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
74 |
are required for all of its lifetime need to be preserved |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
75 |
between validations. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
76 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
77 |
Some of the resources, such as the CPKIXCertChain |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
78 |
instance have to be reallocated for every validation. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
79 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
80 |
The resources which can be allocated for the lifetime |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
81 |
of this object are allocated here. This improves performance |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
82 |
and simplifies the validation process, at a RAM cost. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
83 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
84 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
85 |
// iRespSignCertChainBase is the array of intermediate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
86 |
// certificates which CPKIXCertChain will use to |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
87 |
// chain (T->I) to (I->E). Because only immediate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
88 |
// delegates are supported, there will only be one |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
89 |
// intermediate (or trusted root from CPKIXCertChain's |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
90 |
// point-of-view.) Therefore the array can be |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
91 |
// sized here. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
92 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
93 |
// RPointerArray<> doesn't have a Reserve() function. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
94 |
const CX509Certificate* nullCert = 0; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
95 |
User::LeaveIfError(iRespSignIntCert.Append(nullCert)); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
96 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
97 |
iCertFilter = CCertAttributeFilter::NewL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
98 |
iCertFilter->SetOwnerType(ECACertificate); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
99 |
iCertFilter->SetFormat(EX509Certificate); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
100 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
101 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
102 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
103 |
COCSPDelegateAuthorisationScheme::~COCSPDelegateAuthorisationScheme() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
104 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
105 |
Cancels any outstanding validation and frees all resources |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
106 |
owned by this object. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
107 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
108 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
109 |
delete iCertFilter; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
110 |
iCertStoreEntries.Close(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
111 |
iRespSignIntCert.Close(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
112 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
113 |
delete iEncodedCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
114 |
delete iResponseCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
115 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
116 |
delete iPKIXResultBase; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
117 |
delete iRespSignCertChainBase; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
118 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
119 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
120 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
121 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
122 |
Implement MOCSPAuthorisationScheme. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
123 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
124 |
Validate the response if it is signed by an immediate delegate of the intermediate entity. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
125 |
I.e. if the request has the form |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
126 |
(T->I) (I->E) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
127 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
128 |
where T is trusted (at least for the purposes of this validation) and I is an intermediate, |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
129 |
the response can be signed by R if (I->R). |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
130 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
131 |
I is the CA, and can be equal to T, i.e. the certificate which is being tested for |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
132 |
revocation can be signed by a root certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
133 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
134 |
R must be immediately signed by I, and must have id-kp-OCSPSigning in its extended key usage. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
135 |
(RFC 2560 S4.2.2.2) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
136 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
137 |
void COCSPDelegateAuthorisationScheme::ValidateL( |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
138 |
OCSP::TStatus& aOCSPStatus, COCSPResponse& aResponse, |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
139 |
const TTime aValidationTime, TRequestStatus& aStatus, |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
140 |
const COCSPRequest& aRequest) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
141 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
142 |
// store the client status, so that it can be used for request |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
143 |
// completion later. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
144 |
iClientStatus = &aStatus; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
145 |
aStatus = KRequestPending; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
146 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
147 |
// By assuming there is only one request / response pair, |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
148 |
// there is no need to iterate through each response, which |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
149 |
// simplifies this scheme's implementation. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
150 |
// the OCSP requests are constructed in |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
151 |
// COCSPClient::ConstructL() such that exactly one certificate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
152 |
// and its signer are sent in each request. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
153 |
// (RFC 2560 S4.1.1 allows multiple pairs) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
154 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
155 |
iResponse = &aResponse; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
156 |
iRequest = &aRequest; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
157 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
158 |
iValidationTime = aValidationTime; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
159 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
160 |
// This default value is changed once the whole validation |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
161 |
// process has completed successfully else the default value |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
162 |
// is returned on failure. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
163 |
aOCSPStatus = OCSP::EResponseSignatureValidationFailure; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
164 |
iOCSPStatus = &aOCSPStatus; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
165 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
166 |
// set this to false before starting the scheme validation |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
167 |
// for multiple certificates are being validated through |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
168 |
// this scheme. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
169 |
iValidateFromResponse = EFalse; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
170 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
171 |
// This authentication scheme supports 2 ways of validation: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
172 |
// 1. If the response contains responder cert then validation |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
173 |
// would be performed against the responder cert included in response. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
174 |
// This validation would also check whether the responder cert has been |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
175 |
// issued by the CA cert which issued the certificate in question. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
176 |
// 2. If the response does not contain responder cert, search for it |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
177 |
// in the store based on the ResponderId which is included in the |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
178 |
// response. If the responder cert is found in the store which has signed |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
179 |
// the response then authorize the response, in both the cases we check whether |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
180 |
// responder cert has been issued by the CA which issued the cert in question, |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
181 |
// and the CA should be present in the store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
182 |
const TPtrC8* certChainData = aResponse.DataElementEncoding(COCSPResponse::ECertificateChain); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
183 |
if (certChainData == 0) // no signing certs |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
184 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
185 |
ValidateFromRootsL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
186 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
187 |
else |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
188 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
189 |
iValidateFromResponse = ETrue; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
190 |
ValidateDelegateCertL(*certChainData, iValidationTime); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
191 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
192 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
193 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
194 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
195 |
Initialize this object to validate the certificate which was sent with the |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
196 |
response against the CA which was used to sign the certificate in question. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
197 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
198 |
@param aResponseCertChain DER-encoded cert chain that was either sent with the response. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
199 |
or was retrieved from the store as a single certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
200 |
@param aValidationTime Time to be used for chain validation of the delegate certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
201 |
@post If successful, asynchronous validation will be set up. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
202 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
203 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
204 |
void COCSPDelegateAuthorisationScheme::ValidateDelegateCertL( |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
205 |
const TDesC8& aResponseCertChain, const TTime aValidationTime) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
206 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
207 |
// the response received can contain a chain of certificate, we need to extract the |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
208 |
// responder certificate from the chain for further processing. If the certificate has been |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
209 |
// retrieved from store then there would be no chain but the delegate certificate would be |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
210 |
// retrieved. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
211 |
CX509Certificate* decodedResponseCert = OCSPUtils::GetResponderCertLC(aResponseCertChain); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
212 |
CleanupStack::Pop(decodedResponseCert); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
213 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
214 |
delete iResponseCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
215 |
iResponseCert = NULL; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
216 |
iResponseCert = decodedResponseCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
217 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
218 |
// First check the responder certificate in accordance to RFC 2560 for the following: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
219 |
// 1. Does it contain extension id-kp-OCSPSigning |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
220 |
// 2. The responder id in the response matches the response certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
221 |
// 3. The response is signed by the responder certificate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
222 |
if( OCSPUtils::DoesCertHaveOCSPSigningExtL(*iResponseCert) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
223 |
&& OCSPUtils::DoesResponderIdMatchCertL(*iResponse, *iResponseCert) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
224 |
&& OCSPUtils::IsResponseSignedByCertL(iResponse, *iResponseCert) ) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
225 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
226 |
// construct a certificate chain containing the X -> R with T -> I as the intermediate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
227 |
delete iPKIXResultBase; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
228 |
iPKIXResultBase = NULL; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
229 |
iPKIXResultBase = CPKIXValidationResultBase::NewL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
230 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
231 |
// get the intermediate which signed the EE |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
232 |
const CX509Certificate& caCert = iRequest->CertInfo(0).Issuer(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
233 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
234 |
// use the intermediate cert as the trusted root for |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
235 |
// the purpose of building the chain. ("Intermediate" |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
236 |
// in this context is the certificate which signed the EE.) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
237 |
iRespSignIntCert[0] = CONST_CAST(CX509Certificate*,&caCert); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
238 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
239 |
delete iRespSignCertChainBase; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
240 |
iRespSignCertChainBase = NULL; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
241 |
iRespSignCertChainBase = CPKIXCertChainBase::NewL(iCertStore, iResponseCert->Encoding(), iRespSignIntCert); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
242 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
243 |
// attempt to validate the chain. I.e. test that X = I. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
244 |
iRespSignCertChainBase->ValidateL(*iPKIXResultBase, aValidationTime, iStatus); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
245 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
246 |
iState = EOnChainValidation; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
247 |
SetActive(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
248 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
249 |
else |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
250 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
251 |
if(iValidateFromResponse) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
252 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
253 |
User::RequestComplete(iClientStatus, KErrNone); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
254 |
return; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
255 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
256 |
// this means that we are trying to retrieve the responder certificate from the store |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
257 |
// and perform validation against it. As this certificate is not the valid responder |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
258 |
// hence set the state to retrieve the next certificate from the store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
259 |
else |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
260 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
261 |
iState = ERetrieveNext; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
262 |
TRequestStatus* status = &iStatus; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
263 |
User::RequestComplete(status,KErrNone); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
264 |
SetActive(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
265 |
return; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
266 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
267 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
268 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
269 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
270 |
void COCSPDelegateAuthorisationScheme::CancelValidate() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
271 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
272 |
Implement MOCSPAuthorisationScheme. This is an active |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
273 |
object, and this function just calls Cancel(). See |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
274 |
DoCancel() for information about the cancellation process. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
275 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
276 |
@see DoCancel |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
277 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
278 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
279 |
ASSERT(iRespSignCertChainBase != 0); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
280 |
iRespSignCertChainBase->CancelValidate(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
281 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
282 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
283 |
void COCSPDelegateAuthorisationScheme::RunL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
284 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
285 |
User::LeaveIfError(iStatus.Int()); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
286 |
switch(iState) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
287 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
288 |
//Response validation after chain building. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
289 |
case EOnChainValidation: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
290 |
OnChainValidationL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
291 |
break; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
292 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
293 |
// state used to allocate sufficient memory for retrieving the next certificate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
294 |
case ERetrieveNext: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
295 |
OnRetrieveNextL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
296 |
break; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
297 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
298 |
// state used to retrieve the next certificate |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
299 |
case ERetrievingEntry: |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
300 |
OnRetrievingEntryL(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
301 |
break; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
302 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
303 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
304 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
305 |
void COCSPDelegateAuthorisationScheme::OnChainValidationL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
306 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
307 |
TValidationError error = iPKIXResultBase->Error().iReason; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
308 |
if (error != EValidatedOK) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
309 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
310 |
User::Leave(error); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
311 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
312 |
*iOCSPStatus = OCSP::EValid; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
313 |
User::RequestComplete(iClientStatus, KErrNone); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
314 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
315 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
316 |
void COCSPDelegateAuthorisationScheme::DoCancel() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
317 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
318 |
If a validation request is outstanding, then it is cancelled. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
319 |
This objects client, i.e. the owner of the TRequestStatus which |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
320 |
was passed to Validate(), is completed with KErrCancel. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
321 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
322 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
323 |
// object should be waiting for the chain builder to complete. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
324 |
// Therefore there must be a valid client request status pointer |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
325 |
// and an instance of CPKIXCertChain. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
326 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
327 |
iRespSignCertChainBase->CancelValidate(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
328 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
329 |
if (iClientStatus) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
330 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
331 |
User::RequestComplete(iClientStatus, KErrCancel); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
332 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
333 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
334 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
335 |
TInt COCSPDelegateAuthorisationScheme::RunError(TInt aError) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
336 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
337 |
User::RequestComplete(iClientStatus, aError); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
338 |
return KErrNone; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
339 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
340 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
341 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
342 |
* Initiates request to retrieve the responder certificate from store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
343 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
344 |
void COCSPDelegateAuthorisationScheme::ValidateFromRootsL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
345 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
346 |
iCertCount = -1; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
347 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
348 |
iCertStoreEntries.Close(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
349 |
iCertStore.List(iCertStoreEntries, *iCertFilter, iStatus); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
350 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
351 |
delete iEncodedCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
352 |
iEncodedCert = NULL; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
353 |
iEncodedCert = HBufC8::NewL(CERT_SIZE); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
354 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
355 |
iState = ERetrieveNext; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
356 |
SetActive(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
357 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
358 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
359 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
360 |
* For list of certificate entries in the store retrieve each certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
361 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
362 |
void COCSPDelegateAuthorisationScheme::OnRetrieveNextL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
363 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
364 |
if(++iCertCount < iCertStoreEntries.Count() ) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
365 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
366 |
iState = ERetrievingEntry; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
367 |
TInt size = iCertStoreEntries[iCertCount]->Size(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
368 |
if( size > iEncodedCert->Des().MaxLength() ) |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
369 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
370 |
delete iEncodedCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
371 |
iEncodedCert = NULL; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
372 |
iEncodedCert = HBufC8::NewL(size); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
373 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
374 |
TPtr8 encodedCertDesc = iEncodedCert->Des(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
375 |
iCertStore.Retrieve(*iCertStoreEntries[iCertCount], encodedCertDesc,iStatus); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
376 |
SetActive(); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
377 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
378 |
else |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
379 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
380 |
User::RequestComplete(iClientStatus,OCSP::EResponseSignatureValidationFailure); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
381 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
382 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
383 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
384 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
385 |
* Once the certificate has been retrieved from the store, it should be sent for chain validation. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
386 |
* This intermediate state is required so that we can retrieve the certificate from the store. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
387 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
388 |
void COCSPDelegateAuthorisationScheme::OnRetrievingEntryL() |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
389 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
390 |
ValidateDelegateCertL(*iEncodedCert, iValidationTime); |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
391 |
} |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
392 |
|
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
393 |
/** |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
394 |
* Returns the responder certificate. |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
395 |
*/ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
396 |
const CX509Certificate* COCSPDelegateAuthorisationScheme::ResponderCert() const |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
397 |
{ |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
398 |
return iResponseCert; |
164170e6151a
Revision: 201004
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
399 |
} |