diff -r 000000000000 -r 95b198f216e5 omadrm/drmengine/roapstorage/inc/RoapOcsp.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/omadrm/drmengine/roapstorage/inc/RoapOcsp.h Thu Dec 17 08:52:27 2009 +0200 @@ -0,0 +1,275 @@ +/* +* Copyright (c) 2002-2008 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: OCSP response classes +* +*/ + + +#ifndef __ROAPOCSP_H__ +#define __ROAPOCSP_H__ + +#include +#include +#include + +static const TInt KOCSPNonceBytes( 16 ); + +class COCSPResponseCertInfo; +class COCSPCertID; +class COCSPResponse; +class COCSPResponseDecoder; + +class CASN1EncBase; +class CASN1EncContainer; +class TASN1DecGeneric; + +class CX509Certificate; +class CX509CertChain; +class CPKIXCertChain; + +// Enums placed in OCSP namespace +namespace OCSP + { + // Globally-reserved error codes - range is -7601 to -7649 + enum + { + KErrTransportFailure = -7601, + KErrInvalidURI = -7602, + KErrNoCertificates = -7603 + }; + + // What we think of the response, or why we haven't got one + enum TStatus + { + // Error in communication with server + ETransportError = 1, + + // Internal problem processing response + EClientInternalError = 2, + + // No OCSP server specified + ENoServerSpecified = 3, + + // Invalid sever URI + EInvalidURI = 4, + + // Problems understanding the response + EMalformedResponse = 10, + EUnknownResponseType = 11, + EUnknownCriticalExtension = 12, + + // Unsuccessful responses from server + EMalformedRequest = 20, + EServerInternalError = 21, + ETryLater = 22, + ESignatureRequired = 23, + EClientUnauthorised = 24, + + // Response validation failures + EMissingCertificates = 30, + EResponseSignatureValidationFailure = 31, + + // Time problems + EThisUpdateTooLate = 40, + EThisUpdateTooEarly = 41, + ENextUpdateTooEarly = 42, + ECertificateNotValidAtValidationTime = 43, + + // Nonce error + ENonceMismatch = 50, + + // Response sufficiently valid to use - clients to decide if + // missing nonce is sufficiently serious to require rejection + EMissingNonce = 51, + + EValid = 100, + }; + + // What does the response say about the certificates? + // IMPORTANT: Do not change the order these are in + enum TResult + { + EGood = 10, EUnknown = 20, ERevoked = 30 + }; + } + +/** +* Information about a certificate sent as part of an OCSP request. +*/ + +NONSHARABLE_CLASS( COCSPRequestCertInfo ) : public CBase + { +public: + + /** + * Get the certificate present in the request. + */ + + const CX509Certificate& Subject() const; + + /** + * Get the issuer of the certificate present in the request. + */ + + const CX509Certificate& Issuer() const; + +public: + + // Not exported + static COCSPRequestCertInfo* NewLC( + const CX509Certificate& aSubject, + const CX509Certificate& aIssuer ); + + ~COCSPRequestCertInfo(); + + const COCSPCertID& CertID() const; + +private: + + COCSPRequestCertInfo( const CX509Certificate& aIssuer, + const CX509Certificate& aSubject ); + void ConstructL(); + +private: + + const CX509Certificate& iSubject; + const CX509Certificate& iIssuer; + COCSPCertID* iCertID; + }; + +/** +* Represents an OCSP protocol response. +*/ + +NONSHARABLE_CLASS( COCSPResponse ) : public CSignedObject + { +public: + + /** + * Get the number of certificates statuses present in the response. + */ + + TInt CertCount() const; + + /** + * Get a COCSPResponseCertInfo object containing details about one of the + * certificate statuses present in the response. + */ + + COCSPResponseCertInfo* CertInfo( TUint aIndex ) const; + + /** + * Get the producedAt time for the response. + */ + + TTime ProducedAt() const; + + /** + * Get the archiveCutoff time for the response, or NULL if it was not present. + */ + + const TTime* ArchiveCutoff() const; + + const TPtrC8* SigningCerts() const; + +public: + + // This class is created and initialised by the response decoder + friend class COCSPResponseDecoder; + + ~COCSPResponse(); + + /** + * Get the index for the given cert, or KErrNotFound. + */ + + TInt Find( const COCSPCertID& aCertID ) const; + + // Enums to use in DataElementEncoding + enum + { + ECertificateChain, + ENonce, + EResponderIDName, // Only one of the ResponderIDs won't be NULL + EResponderIDKeyHash + }; + + // From CSignedObject + const TPtrC8* DataElementEncoding( const TUint aIndex ) const; + +private: + + COCSPResponse(); + + // From CSignedObject + const TPtrC8 SignedDataL() const; + void InternalizeL( RReadStream& aStream ); + +private: + + // Time of response, and of archiveCutoff extension (if present) + TTime iProducedAt; + TTime* iArchiveCutoff; + + // Value of nonce in response extension (if present) + TPtrC8 iNonce; + + // Point to the signing certificates in the response + TPtrC8 iSigningCerts; + + // Point to the signed portion of the data + TPtrC8 iSignedData; + + // There are two ways the responder ID can be specified - only + // one of these will be used + TPtrC8 iResponderIDName; + TPtrC8 iResponderIDKeyHash; + + RPointerArray iCertInfos; + }; + +/** +* Information about a certificate status, as given in OCSP response +* singleResponse data item. +*/ + +NONSHARABLE_CLASS( COCSPResponseCertInfo ) : public CBase + { +public: + + OCSP::TResult Status() const; + TTime ThisUpdate() const; + const TTime* NextUpdate() const; // NULL if nextUpdate not set + const TTime* RevocationTime() const; // NULL if not revoked + +public: + + static COCSPResponseCertInfo* NewLC( CArrayPtr& items ); + ~COCSPResponseCertInfo(); + COCSPCertID* CertID() const; + +private: + void ConstructL( CArrayPtr& items ); + +private: + OCSP::TResult iStatus; + + TTime iThisUpdate; + TTime* iNextUpdate; + TTime* iRevocationTime; + + COCSPCertID* iCertID; + }; + +#endif // __ROAPOCSP_H__