Mercurial Mercurial > oss > FCL > sf > mw > securitysrv / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pkiutilities/ocsp/inc/validator.h
changeset 0 164170e6151a 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkiutilities/ocsp/inc/validator.h	Tue Jan 26 15:20:08 2010 +0200
@@ -0,0 +1,156 @@
+// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// request.h
+// Header for OCSP validator object.
+// 
+//
+
+/**
+ @file 
+ @internalComponent 
+*/
+
+#ifndef __OCSP_VALIDATOR_H__
+#define __OCSP_VALIDATOR_H__
+
+#include <ocsp.h>
+#include "ocsprequestandresponse.h"
+/**
+ * Validator.  Used to verify the legitimacy of an OCSP response, and the
+ * certificates therein.  May specify time for certificate validation - if
+ * omitted, the producedAt time in the response is used instead.
+ */
+
+NONSHARABLE_CLASS(COCSPValidator) : public CActive
+	{
+public:
+	static COCSPValidator* NewL( const COCSPParameters& aParameters);
+	
+	~COCSPValidator();
+
+	/**
+	 * Specify Authorisation scheme(s) - doesn't take ownership
+	 */
+	
+	void AddAuthorisationSchemeL(MOCSPAuthorisationScheme& aScheme);
+
+	/**
+	 * Specify the authorisation time (NULL => use producedAt from response)
+	 * Default is to use producedAt.
+	 */
+	
+	void SetValidationTimeL(const TTime* aValidationTime);
+
+	/**
+	 * Specify the permissable maximum age of the thisUpdate field in
+	 * seconds. zero => don't check, default is 30 days. 
+	 */
+
+	void SetMaxStatusAge(TUint aMaxAge);
+
+	/**
+	 * Specify how much leeway we allow when comparing times - if we're using
+	 * the device clock, this allows for the fact that it may be out by a
+	 * certain amount.  Default is 5 seconds.
+	 */
+	
+	void SetTimeLeeway(TUint aLeewaySeconds);
+
+	/**
+	 * Validate a request/response pair, setting aOutcome to the result.
+	 * This is an asynchronous method.
+	 */
+	
+	void Validate(const COCSPRequest& aRequest, COCSPResponse& aResponse,
+				  TOCSPOutcome& aOutcome, TRequestStatus& aStatus);
+		
+protected:
+	virtual void DoCancel();
+	virtual void RunL();
+	virtual TInt RunError(TInt aError);
+
+ private:
+ 	void ConstructL();
+	COCSPValidator( const COCSPParameters& aParameters);
+
+	void DoValidateL(const COCSPRequest& aRequest, COCSPResponse& aResponse,
+					 TOCSPOutcome& aOutcome, TRequestStatus& aStatus);
+
+	// Specific validation areas - return false if we should give up now.
+	TBool IsResponseWellFormed(); // Checks correct certs present in response.
+	TBool ValidateTimeL();
+	TBool ValidateNonce();
+
+	void ProcessSchemeValidationL();
+	void CheckSchemeValidationL();
+	void FinalResponseValidationL();
+	
+	TTime ValidationTime() const;
+
+	TBool TimeIsBeforeL(const TTime& aBefore, const TTime& aAfter);
+	
+	 void SendResponderCertL();
+	 void ValidateResponderCertL();
+	 
+	 OCSP::TResult CheckOCSPStatus(const COCSPResponse* aResponse) const;
+	 
+private:
+
+	// Array of integers, giving for each cert in the response the corresponding position in
+	// the request
+	RArray<TInt> iRequestIndex;
+	
+	const COCSPRequest* iRequest;
+	COCSPResponse* iResponse;
+
+	// User-supplied time for validation
+	TTime* iValidationTime;
+
+	// How old to allow thisUpdate to be
+	TUint iMaxStatusAge;
+
+	// Authorisation objects
+	RPointerArray<MOCSPAuthorisationScheme> iAuthorisationScheme;
+
+	TOCSPOutcome* iOutcome;
+	TRequestStatus* iValidationStatus;
+
+	enum TState
+		{
+		EValidating,
+		EWaitingResponse,
+		EValidateResponderCert,
+		};
+
+	TState iState;
+
+	// index of the last authorisation scheme we used
+	TInt iIndexScheme; 
+
+	TUint iLeewaySeconds;
+	
+	TBool iResponderCertCheck;
+	TBool iUseNonce;
+	// ownership lies with the relevant auth scheme
+	const CX509Certificate* iResponderCert;
+	const CX509Certificate* iIssuerCert;
+	COCSPRequest* iResponderCertRequest;
+	COCSPResponse* iResponderCertResponse;
+	COCSPTransaction* iTransaction;
+	// ownership lies with COCSPClient
+	const COCSPParameters* iParameters;
+	MOCSPAuthorisationScheme* iSchemeInUse;
+	};
+
+#endif
FCL/sf/mw/securitysrv