// Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
//
#include "panic.h"
#include "log.h"
#include <ocsp.h>
#include <x509certchain.h>
#include <ocsppolicy.h>
#include "ocsprequestandresponse.h"
EXPORT_C COCSPParameters* COCSPParameters::NewL()
{
COCSPParameters* self = NewLC();
CleanupStack::Pop(self);
return self;
}
EXPORT_C COCSPParameters* COCSPParameters::NewLC()
{
COCSPParameters* self = new (ELeave) COCSPParameters();
CleanupStack::PushL(self);
self->ConstructL();
return self;
}
COCSPParameters::COCSPParameters() :
iUseNonce(ETrue),
iUseAIA(ETrue),
iGenerateResponseForMissingUri(ETrue),
iResponderCertCheck(EFalse), // should be turned off by default
iRetryCount(KTransportDefaultRequestRetryCount),
iTimeout(KTransportDefaultRequestTimeout),
iCheckCertsWithAiaOnly(EFalse) // should be turned off by default
{}
void COCSPParameters::ConstructL()
{
DEBUG_PRINTF(_L8("Reading policy."));
iDefaultURI = KNullDesC8().AllocL();
COcspPolicy* ocspPolicy = COcspPolicy::NewL();
iGenerateResponseForMissingUri = ocspPolicy->IsGenerateResponseForMissingUriEnabled();
delete ocspPolicy;
DEBUG_PRINTF2(_L8("Generate response when no AIA URI and no default OCSP URI: %d."), iGenerateResponseForMissingUri);
}
COCSPParameters::~COCSPParameters()
{
iSubjectCerts.Close();
iIssuerCerts.Close();
delete iDefaultURI;
delete iTransport;
iAuthSchemes.ResetAndDestroy();
delete iValidationTime;
delete iMaxStatusAge;
delete iTimeLeeway;
}
EXPORT_C void COCSPParameters::AddCertificateL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer)
{
User::LeaveIfError(iSubjectCerts.Append(&aSubject));
User::LeaveIfError(iIssuerCerts.Append(&aIssuer));
}
EXPORT_C void COCSPParameters::AddCertificatesL(const CX509CertChain& aChain)
{
TInt numCerts = aChain.Count();
if (numCerts >= 2)
{
// Go through all but last cert (last = root)
const CX509Certificate* issuerCert = &aChain.Cert(0);
const CX509Certificate* subjectCert = NULL;
for (TInt index = 1; index < numCerts; ++index)
{
subjectCert = issuerCert;
issuerCert = &aChain.Cert(index);
AddCertificateL(*subjectCert, *issuerCert);
}
}
}
EXPORT_C void COCSPParameters::SetUseNonce(TBool aUseNonce)
{
iUseNonce = aUseNonce;
}
EXPORT_C void COCSPParameters::SetURIL(const TDesC8& aURI, TBool aUseAIA)
{
delete iDefaultURI;
iDefaultURI = NULL;
iDefaultURI = aURI.AllocL();
iUseAIA = aUseAIA;
}
EXPORT_C void COCSPParameters::SetTransport(MOCSPTransport* aTransport)
{
delete iTransport;
iTransport = aTransport;
}
EXPORT_C void COCSPParameters::SetRetryCount(const TUint aRetryCount)
{
iRetryCount = aRetryCount;
}
EXPORT_C void COCSPParameters::SetTimeout(const TInt aTimeout)
{
iTimeout = aTimeout;
}
EXPORT_C void COCSPParameters::AddAuthorisationSchemeL(MOCSPAuthorisationScheme* aScheme)
{
__ASSERT_ALWAYS(aScheme, ::Panic(KErrArgument));
User::LeaveIfError(iAuthSchemes.Append(aScheme));
}
EXPORT_C void COCSPParameters::AddAllAuthorisationSchemesL(const TUid& aCertStoreUid, MCertStore& aCertStore)
/**
This function adds all of the currently supported authorisation schemes
to this object. It is more convenient than having the client to allocate
each scheme.
This function allocates the authorisation schemes defined in RFC2560 S2.2 -
direct authorisation, CA delegate, and CA direct.
@param aCertStoreUid UID of trusted root certificates. E.g.,
KCertStoreUIDForSWInstallOCSPSigning.
@param aCertStore Certificate store which contains the
the trust anchors used to validate the
response.
@pre No authorisation schemes should have been added to this object before
this function is called.
@see AddAuthorisationSchemeL
*/
{
__ASSERT_DEBUG(iAuthSchemes.Count() == 0, Panic(EAAASAlreadyHaveSchemes));
COCSPDirectAuthorisationScheme* directScheme =
COCSPDirectAuthorisationScheme::NewLC(aCertStoreUid, aCertStore);
AddAuthorisationSchemeL(directScheme);
CleanupStack::Pop(directScheme);
COCSPDelegateAuthorisationScheme* caDelgScheme =
COCSPDelegateAuthorisationScheme::NewLC(aCertStore);
AddAuthorisationSchemeL(caDelgScheme);
CleanupStack::Pop(caDelgScheme);
COCSPCaDirectAuthorisationScheme* caDirectScheme = COCSPCaDirectAuthorisationScheme::NewLC();
AddAuthorisationSchemeL(caDirectScheme);
CleanupStack::Pop(caDirectScheme);
}
EXPORT_C void COCSPParameters::SetValidationTimeL(const TTime& aValidationTime)
{
delete iValidationTime;
iValidationTime = NULL;
iValidationTime = new (ELeave) TTime(aValidationTime);
}
EXPORT_C void COCSPParameters::SetMaxStatusAgeL(TUint aMaxAge)
{
delete iMaxStatusAge;
iMaxStatusAge = NULL;
iMaxStatusAge = new (ELeave) TUint(aMaxAge);
}
EXPORT_C void COCSPParameters::SetTimeLeewayL(TUint aLeewaySeconds)
{
delete iTimeLeeway;
iTimeLeeway = NULL;
iTimeLeeway = new (ELeave) TUint(aLeewaySeconds);
}
EXPORT_C void COCSPParameters::SetCheckCertsWithAiaOnly(const TBool aCheckCertsWithAiaOnly)
{
iCheckCertsWithAiaOnly = aCheckCertsWithAiaOnly;
}
EXPORT_C void COCSPParameters::SetOCSPCheckForResponderCert(const TBool aResponderCertCheck)
{
iResponderCertCheck = aResponderCertCheck;
}
EXPORT_C void COCSPParameters::SetUseAIA(const TBool aUseAIA)
{
iUseAIA = aUseAIA;
}
TUint COCSPParameters::CertCount() const
{
return iSubjectCerts.Count();
}
const CX509Certificate& COCSPParameters::SubjectCert(TUint aIndex) const
{
return *iSubjectCerts[aIndex];
}
const CX509Certificate& COCSPParameters::IssuerCert(TUint aIndex) const
{
return *iIssuerCerts[aIndex];
}
TBool COCSPParameters::UseNonce() const
{
return iUseNonce;
}
const TDesC8& COCSPParameters::DefaultURI() const
{
return static_cast<TDesC8&>(*iDefaultURI);
}
TBool COCSPParameters::UseAIA() const
{
return iUseAIA;
}
MOCSPTransport* COCSPParameters::Transport() const
{
return iTransport;
}
TUint COCSPParameters::AuthSchemeCount() const
{
return iAuthSchemes.Count();
}
MOCSPAuthorisationScheme& COCSPParameters::AuthScheme(TUint aIndex) const
{
// Modified so when backported to typhoon this stil compiles, required because of the
// RArrayPointer operator[] changes,
return const_cast<MOCSPAuthorisationScheme&>(*iAuthSchemes[aIndex]);
}
const TTime* COCSPParameters::ValidationTime() const
{
return iValidationTime;
}
const TUint* COCSPParameters::MaxStatusAge() const
{
return iMaxStatusAge;
}
const TUint* COCSPParameters::TimeLeeway() const
{
return iTimeLeeway;
}
TBool COCSPParameters::GenerateResponseForMissingUri() const
{
return iGenerateResponseForMissingUri;
}
TUint COCSPParameters::RetryCount() const
{
return iRetryCount;
}
TInt COCSPParameters::Timeout() const
{
return iTimeout;
}
TBool COCSPParameters::ReponderCertCheck() const
{
return iResponderCertCheck;
}
TBool COCSPParameters::CheckCertsWithAiaOnly() const
{
return iCheckCertsWithAiaOnly;
}
#ifdef _DEBUG
void COCSPParameters::Panic(COCSPParameters::TPanic aPanic)
/**
Halt the current thread with the supplied panic code.
The thread is halted with category "OCSPParam" and the supplied
reason.
@param aPanic Panic reason.
*/
{
_LIT(KPanicCat, "OCSPParam");
User::Panic(KPanicCat, aPanic);
}
#endif // #ifdef _DEBUG