MCL/sf/mw/securitysrv: pkiutilities/ocsp/src/validator.cpp@164170e6151a (annotated)

0 164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2	// All rights reserved.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3	// This component and the accompanying materials are made available
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4	// under the terms of "Eclipse Public License v1.0"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5	// which accompanies this distribution, and is available
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	// at the URL "http://www.eclipse.org/legal/epl-v10.html".
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	// Initial Contributors:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9	// Nokia Corporation - initial contribution.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	// Contributors:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	// Description:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14	// Define methods for validating a response.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18	#include "validator.h"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19	#include "ocsp.h"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20	#include "panic.h"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21	#include "transaction.h"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	#include <x509cert.h>
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	23
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	24	// We allow a certain amount of leeway when checking times. This specifies the
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	25	// default value.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	26	const TInt KDefaultLeewaySeconds = 5 * 60; // 5 minutes
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	27
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	28	// The spec says we must check that the thisUpdate field is "sufficiently
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	29	// recent". This specifies the default value for the maximum age we tolerate
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	30	// (in seconds).
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	31	const TInt KDefaultMaxStatusAge = 30 * 24 * 60 * 60; // 30 days
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	32
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	33	COCSPValidator* COCSPValidator::NewL( const COCSPParameters& aParameters)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	34	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	35	COCSPValidator* self = new (ELeave) COCSPValidator(aParameters);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	36	CleanupStack::PushL(self);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	37	self->ConstructL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	38	CleanupStack::Pop(self);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	39	CActiveScheduler::Add(self);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	40	return self;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	41	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	42
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	43
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	44	COCSPValidator::~COCSPValidator()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	45	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	46	Cancel();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	47
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	48	iAuthorisationScheme.Close();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	49	iRequestIndex.Close();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	50
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	51	delete iValidationTime;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	52	delete iResponderCertRequest;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	53	delete iResponderCertResponse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	54	delete iTransaction;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	55	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	56
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	57
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	58	COCSPValidator::COCSPValidator( const COCSPParameters& aParameters) :
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	59	CActive(CActive::EPriorityStandard),
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	60	iMaxStatusAge(KDefaultMaxStatusAge),
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	61	iLeewaySeconds(KDefaultLeewaySeconds),
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	62	iResponderCertCheck(EFalse),
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	63	iUseNonce(ETrue),
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	64	iParameters(&aParameters)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	65	{}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	66
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	67	void COCSPValidator::ConstructL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	68	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	69	for (TUint j = 0 ; j < iParameters->AuthSchemeCount() ; ++j)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	70	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	71	User::LeaveIfError(iAuthorisationScheme.Append(&iParameters->AuthScheme(j)));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	72	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	73	if (iParameters->ValidationTime())
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	74	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	75	iValidationTime = new (ELeave) TTime(*iParameters->ValidationTime());
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	76	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	77	if (iParameters->MaxStatusAge())
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	78	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	79	iMaxStatusAge = *iParameters->MaxStatusAge();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	80	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	81	if (iParameters->TimeLeeway())
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	82	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	83	iLeewaySeconds = *iParameters->TimeLeeway();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	84	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	85	iResponderCertCheck = iParameters->ReponderCertCheck();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	86	iUseNonce = iParameters->UseNonce();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	87	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	88
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	89	void COCSPValidator::Validate(const COCSPRequest& aRequest, COCSPResponse& aResponse,
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	90	TOCSPOutcome& aOutcome, TRequestStatus& aStatus)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	91	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	92	TRAPD(err, DoValidateL(aRequest, aResponse, aOutcome, aStatus));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	93
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	94	if (err != KErrNone)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	95	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	96	TRequestStatus* status = &aStatus;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	97	User::RequestComplete(status, err);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	98	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	99	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	100
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	101	void COCSPValidator::DoValidateL(const COCSPRequest& aRequest, COCSPResponse& aResponse,
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	102	TOCSPOutcome& aOutcome, TRequestStatus& aStatus)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	103	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	104	iRequest = &aRequest;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	105	iResponse = &aResponse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	106
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	107	iValidationStatus = &aStatus;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	108	aStatus = KRequestPending;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	109
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	110	iOutcome = &aOutcome;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	111	iOutcome->iStatus = OCSP::EClientInternalError;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	112	// this has been set to EUnknown at client side, but still making sure that this
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	113	// value is being used.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	114	iOutcome->iResult = OCSP::EUnknown;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	115
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	116	if ( !IsResponseWellFormed())
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	117	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	118	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	119	return;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	120	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	121
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	122	// points to the current scheme being used for validation of the certificate
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	123	// in question.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	124	iIndexScheme = -1;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	125	ProcessSchemeValidationL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	126	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	127
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	128	TBool COCSPValidator::IsResponseWellFormed()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	129	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	130	// Check the certificates in the response were indeed those we asked for
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	131	// Make lookup table indexing request/response while we're at it
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	132
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	133	TInt numResponseCerts = iResponse->CertCount();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	134	TInt numRequestCerts = iRequest->CertCount();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	135
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	136	if (numRequestCerts < numResponseCerts)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	137	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	138	iOutcome->iStatus = OCSP::EMalformedResponse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	139	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	140	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	141	else if (numRequestCerts > numResponseCerts)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	142	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	143	iOutcome->iStatus = OCSP::EMissingCertificates;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	144	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	145	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	146
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	147	// Check each cert to verify that each request has a corresponding response present.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	148	// In process, set up array giving the position in the request of each cert in the response
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	149	iRequestIndex.Reset();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	150
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	151	for (TInt requestIndex = 0; requestIndex < numRequestCerts; ++requestIndex)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	152	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	153	// This is what we're after
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	154	const COCSPCertID& requestCertID = iRequest->CertInfo(requestIndex).CertID();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	155
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	156	// This is where it is in the response
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	157	TInt responseIndex = iResponse->Find(requestCertID);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	158
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	159	if (responseIndex < 0)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	160	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	161	iOutcome->iStatus = OCSP::EMissingCertificates;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	162	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	163	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	164	iRequestIndex.Append(responseIndex);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	165	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	166	// All found
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	167	return ETrue;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	168	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	169
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	170	void COCSPValidator::ProcessSchemeValidationL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	171	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	172	TInt count = iAuthorisationScheme.Count();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	173	__ASSERT_ALWAYS(count, Panic(KErrNoAuthorisationSchemes));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	174	if (++iIndexScheme < count)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	175	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	176	iSchemeInUse = iAuthorisationScheme[iIndexScheme];
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	177	TTime validationTime = ValidationTime();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	178	iSchemeInUse->ValidateL(iOutcome->iStatus, iResponse, validationTime, iStatus, iRequest);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	179	iState = EWaitingResponse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	180	SetActive();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	181	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	182	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	183	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	184	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	185	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	186	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	187
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	188	// Get status of least trusted cert
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	189	void COCSPValidator::FinalResponseValidationL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	190	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	191	// Do nonce last so can still trust rest of validation if nonce is missing.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	192	if(ValidateTimeL())
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	193	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	194	ValidateNonce();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	195	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	196
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	197	if (iOutcome->iStatus == OCSP::EMissingNonce \|\|
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	198	iOutcome->iStatus == OCSP::EValid )
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	199	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	200	iOutcome->iResult = CheckOCSPStatus(iResponse);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	201	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	202	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	203	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	204	// If the response is not valid, result is always unknown
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	205	iOutcome->iResult = OCSP::EUnknown;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	206	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	207
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	208	if(iResponderCertCheck)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	209	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	210	iResponderCert = iSchemeInUse->ResponderCert();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	211
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	212	if(iResponderCert != NULL)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	213	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	214	iIssuerCert = &iRequest->CertInfo(0).Issuer();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	215	SendResponderCertL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	216	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	217	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	218	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	219	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	220	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	221	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	222	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	223	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	224	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	225	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	226	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	227
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	228	TBool COCSPValidator::ValidateTimeL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	229	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	230	const TTime validationTime = ValidationTime();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	231	const TTime producedAt = iResponse->ProducedAt();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	232
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	233	// For each certificate request, do the following:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	234	// 1. Check thisUpdate
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	235	// 2. Check producedAt
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	236	TInt numCerts = iRequest->CertCount();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	237	for (TInt requestIndex = 0; requestIndex < numCerts; ++requestIndex)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	238	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	239	const COCSPResponseCertInfo& responseCertInfo = iResponse->CertInfo(iRequestIndex[requestIndex]);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	240	const TTime thisUpdate = responseCertInfo.ThisUpdate();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	241	const TTime* nextUpdate = responseCertInfo.NextUpdate();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	242
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	243	// Check validity interval of response includes validation time
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	244	// and producedAt time (if different). Give iLeewaySeconds second's lee-way.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	245
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	246	// 4.2.2.1 "Responses whose thisUpdate time is later than the local
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	247	// system time SHOULD be considered unreliable"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	248	if (TimeIsBeforeL(validationTime, thisUpdate))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	249	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	250	iOutcome->iStatus = OCSP::EThisUpdateTooLate;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	251	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	252	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	253
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	254	// Check producedAt later than thisUpdate. This is not mandated by the spec.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	255	if (TimeIsBeforeL(producedAt, thisUpdate))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	256	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	257	iOutcome->iStatus = OCSP::EThisUpdateTooLate;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	258	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	259	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	260
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	261	if (nextUpdate)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	262	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	263	// 4.2.2.1 "Responses whose nextUpdate value is earlier than the
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	264	// local system time value SHOULD be considered unreliable"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	265	// 3.2.6 "OCSP clients shall confirm that ... nextUpdate is greater
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	266	// than the current time."
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	267	if (TimeIsBeforeL(*nextUpdate, validationTime))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	268	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	269	iOutcome->iStatus = OCSP::ENextUpdateTooEarly;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	270	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	271	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	272
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	273	// Check nextUpdate later than producedAt. This is not mandated by the spec.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	274	if (TimeIsBeforeL(*nextUpdate, producedAt))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	275	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	276	iOutcome->iStatus = OCSP::ENextUpdateTooEarly;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	277	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	278	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	279	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	280
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	281	// 3.2.5 "OCSP clients SHALL confirm that ... thisUpdate is sufficiently
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	282	// recent"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	283	if (iMaxStatusAge)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	284	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	285	TTimeIntervalSeconds difference;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	286
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	287	User::LeaveIfError(validationTime.SecondsFrom(thisUpdate, difference));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	288	const TTimeIntervalSeconds maxUpdateAge(iMaxStatusAge + iLeewaySeconds);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	289	if (difference > maxUpdateAge)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	290	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	291	iOutcome->iStatus = OCSP::EThisUpdateTooEarly;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	292	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	293	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	294	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	295
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	296	// Check certificate validity period against validation time.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	297	//
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	298	// Strictly speaking, the OCSP protcol is about checking revocation
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	299	// rather then checking whether a certificate has just expired.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	300	// However, it's difficult to check this on a device when you don't have
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	301	// an accurate value for the current time. We do the check here for
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	302	// completeness, and trust the time given to us by the ocsp server. If
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	303	// we are using a nonce, as we will be most of the time, we can
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	304	// guarantee that the producedAt time is current.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	305
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	306	const CX509Certificate& cert = iRequest->CertInfo(requestIndex).Subject();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	307	const CValidityPeriod& validityPeriod = cert.ValidityPeriod();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	308
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	309	if (!validityPeriod.Valid(validationTime))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	310	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	311	iOutcome->iStatus = OCSP::ECertificateNotValidAtValidationTime;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	312	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	313	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	314
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	315	} // Continue with next cert
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	316
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	317	// If we've got this far, we're fine
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	318	return ETrue;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	319	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	320
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	321	TBool COCSPValidator::ValidateNonce()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	322	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	323	const TDesC8* requestNonce = iRequest->Nonce();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	324	const TPtrC8* responseNonce = iResponse->DataElementEncoding(COCSPResponse::ENonce);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	325
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	326	if (requestNonce)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	327	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	328	if (responseNonce)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	329	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	330	if (requestNonce == responseNonce)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	331	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	332	return ETrue;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	333	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	334	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	335	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	336	iOutcome->iStatus = OCSP::ENonceMismatch;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	337	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	338	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	339	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	340	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	341	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	342	iOutcome->iStatus = OCSP::EMissingNonce;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	343	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	344	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	345	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	346	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	347	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	348	if (responseNonce)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	349	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	350	// Shouldn't have a nonce!
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	351	iOutcome->iStatus = OCSP::EMalformedResponse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	352	return EFalse;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	353	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	354	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	355	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	356	// No nonces - fine
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	357	return ETrue;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	358	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	359	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	360	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	361
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	362	// Return true if first argument is iLeewaySeconds or more before the second
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	363	// argument. Hence it is conservative, and should be always used "positively"
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	364	// to check for error conditions.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	365	TBool COCSPValidator::TimeIsBeforeL(const TTime& aBefore, const TTime& aAfter)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	366	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	367	TTimeIntervalSeconds difference;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	368	const TTimeIntervalSeconds leeway(iLeewaySeconds);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	369
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	370	User::LeaveIfError(aAfter.SecondsFrom(aBefore, difference));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	371	return (difference > leeway);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	372	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	373
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	374	void COCSPValidator::RunL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	375	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	376	User::LeaveIfError(iStatus.Int());
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	377
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	378	switch (iState)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	379	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	380	case EWaitingResponse:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	381	CheckSchemeValidationL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	382	break;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	383	case EValidating:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	384	ProcessSchemeValidationL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	385	break;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	386	case EValidateResponderCert:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	387	ValidateResponderCertL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	388	break;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	389	default:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	390	ASSERT(FALSE);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	391	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	392	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	393
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	394	void COCSPValidator::DoCancel()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	395	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	396	TInt count = iAuthorisationScheme.Count();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	397	__ASSERT_ALWAYS(count, Panic(KErrNoAuthorisationSchemes));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	398	if (iState == EWaitingResponse)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	399	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	400	ASSERT(iSchemeInUse != NULL);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	401	iSchemeInUse->CancelValidate();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	402	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	403	User::RequestComplete(iValidationStatus, KErrCancel);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	404	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	405
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	406	TInt COCSPValidator::RunError(TInt aError)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	407	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	408	User::RequestComplete(iValidationStatus, aError);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	409	return KErrNone;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	410	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	411
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	412	void COCSPValidator::CheckSchemeValidationL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	413	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	414	// If any scheme says it's OK, we're happy, otherwise we'll return
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	415	// with whatever the last scheme said.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	416	if (iOutcome->iStatus == OCSP::EValid)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	417	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	418	FinalResponseValidationL();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	419	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	420	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	421	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	422	iState = EValidating;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	423	// Fire off AO
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	424	TRequestStatus* status = &iStatus;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	425	User::RequestComplete(status, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	426	SetActive();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	427	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	428	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	429
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	430	TTime COCSPValidator::ValidationTime() const
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	431	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	432	__ASSERT_ALWAYS(iResponse, Panic(KErrNotReady));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	433	if (iValidationTime)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	434	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	435	return *iValidationTime;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	436	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	437	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	438	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	439	TTime gmt;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	440
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	441	// if secure time is not available then fall back to the insecure version.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	442	if(gmt.UniversalTimeSecure() == KErrNoSecureTime)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	443	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	444	gmt.UniversalTime();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	445	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	446	return gmt;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	447	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	448	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	449
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	450	/**
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	451	* For the response in question there can be more than one authentication scheme initialized.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	452	* We need to find out whether the schemes initialized contain at least delegate or direct auth scheme,
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	453	* if any of them is present we can send the request for validation for responder certificate, as
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	454	* validation of responder certificate should only work for these 2 schemes.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	455	*
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	456	* If we get a valid scheme, following would be the sequence of operation:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	457	* 1. Retrieve the responder certificate and the issuer(should be the CA who issued the certificate
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	458	* in question) who has issued the responder certificate.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	459	* 2. Check whether the responder certificate contains the id-pkix-ocsp-nocheck, if present there is no need for
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	460	* sending it for OCSP check, if not present send it for OCSP check.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	461
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	462	* Send the responder certificate for OCSP checking. Here we would use the existing parameters
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	463	* for creating the responder certificate request, as this check is an extension of the original
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	464	* certificate OCSP check.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	465	*/
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	466	void COCSPValidator::SendResponderCertL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	467	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	468	if( OCSPUtils::DoesCertHaveOCSPNoCheckExt(*iResponderCert))
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	469	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	470	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	471	return;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	472	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	473
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	474	iResponderCertRequest = COCSPRequest::NewL(iUseNonce);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	475	iResponderCertRequest->AddCertificateL(iResponderCert, iIssuerCert);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	476
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	477	// Only add further requests if there is:
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	478	// a URI (either AIA URI or default URI)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	479	TDesC8* uri = NULL;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	480	TRAPD(error, uri = OCSPUtils::ServerUriL(iResponderCertRequest->CertInfo(0).Subject(),iParameters));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	481
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	482	if(error == KErrArgument)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	483	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	484	iOutcome->iStatus = OCSP::ENoServerSpecified;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	485	TRequestStatus* status = &iStatus;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	486	User::RequestComplete(status, OCSP::ENoServerSpecified);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	487	iState = EValidateResponderCert;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	488	SetActive();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	489	return;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	490	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	491
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	492	User::LeaveIfError(error);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	493	CleanupStack::PushL(uri);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	494
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	495	// if state is valid it means that uri has been retrieved.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	496	__ASSERT_ALWAYS(uri != NULL, Panic(OCSP::EInvalidURI));
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	497	MOCSPTransport& transport = *iParameters->Transport();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	498	delete iTransaction;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	499	iTransaction = NULL;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	500	iTransaction = COCSPTransaction::NewL(*uri, transport, iParameters->RetryCount(), iParameters->Timeout());
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	501	iTransaction->SendRequest(*iResponderCertRequest, iStatus);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	502	CleanupStack::PopAndDestroy(uri);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	503	iState = EValidateResponderCert;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	504	SetActive();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	505	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	506
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	507	/**
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	508	* Receive the response for responder certificate OCSP check.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	509	* Leave if there is any problem with the received response.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	510	* If the response is well formed then send it for further validation.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	511	*/
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	512	void COCSPValidator::ValidateResponderCertL()
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	513	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	514	TInt status = iStatus.Int();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	515
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	516	if (status == KErrNone)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	517	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	518	iResponderCertResponse = iTransaction->TakeResponse();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	519	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	520	else if (status == OCSP::KErrTransportFailure)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	521	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	522	User::Leave(OCSP::ETransportError);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	523	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	524	else if (status == OCSP::KErrInvalidURI)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	525	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	526	User::Leave(OCSP::EInvalidURI);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	527	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	528	else
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	529	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	530	User::Leave(status);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	531	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	532
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	533	iOutcome->iResult = CheckOCSPStatus(iResponderCertResponse);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	534	if(iOutcome->iResult != OCSP::EGood )
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	535	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	536	// as the responder certificate is either revoked or unknown the final status returned
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	537	// should be unknown.
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	538	iOutcome->iResult = OCSP::EUnknown;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	539	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	540	User::RequestComplete(iValidationStatus, KErrNone);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	541
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	542	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	543
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	544	OCSP::TResult COCSPValidator::CheckOCSPStatus(const COCSPResponse* aResponse) const
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	545	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	546	OCSP::TResult result = OCSP::EGood;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	547	TInt numCerts = aResponse->CertCount();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	548	for (TInt index = 0; index < numCerts; ++index)
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	549	{
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	550	const COCSPResponseCertInfo& info = aResponse->CertInfo(index);
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	551
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	552	OCSP::TResult certStatus = info.Status();
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	553	result = certStatus > result? certStatus : result;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	554	}
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	555	return result;
164170e6151a Revision: 201004 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	556	}

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Tue, 26 Jan 2010 15:20:08 +0200
changeset 0	164170e6151a
permissions	-rw-r--r--