|
1 // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // request.h |
|
15 // Header for OCSP validator object. |
|
16 // |
|
17 // |
|
18 |
|
19 /** |
|
20 @file |
|
21 @internalComponent |
|
22 */ |
|
23 |
|
24 #ifndef __OCSP_VALIDATOR_H__ |
|
25 #define __OCSP_VALIDATOR_H__ |
|
26 |
|
27 #include <ocsp.h> |
|
28 #include "ocsprequestandresponse.h" |
|
29 /** |
|
30 * Validator. Used to verify the legitimacy of an OCSP response, and the |
|
31 * certificates therein. May specify time for certificate validation - if |
|
32 * omitted, the producedAt time in the response is used instead. |
|
33 */ |
|
34 |
|
35 NONSHARABLE_CLASS(COCSPValidator) : public CActive |
|
36 { |
|
37 public: |
|
38 static COCSPValidator* NewL( const COCSPParameters& aParameters); |
|
39 |
|
40 ~COCSPValidator(); |
|
41 |
|
42 /** |
|
43 * Specify Authorisation scheme(s) - doesn't take ownership |
|
44 */ |
|
45 |
|
46 void AddAuthorisationSchemeL(MOCSPAuthorisationScheme& aScheme); |
|
47 |
|
48 /** |
|
49 * Specify the authorisation time (NULL => use producedAt from response) |
|
50 * Default is to use producedAt. |
|
51 */ |
|
52 |
|
53 void SetValidationTimeL(const TTime* aValidationTime); |
|
54 |
|
55 /** |
|
56 * Specify the permissable maximum age of the thisUpdate field in |
|
57 * seconds. zero => don't check, default is 30 days. |
|
58 */ |
|
59 |
|
60 void SetMaxStatusAge(TUint aMaxAge); |
|
61 |
|
62 /** |
|
63 * Specify how much leeway we allow when comparing times - if we're using |
|
64 * the device clock, this allows for the fact that it may be out by a |
|
65 * certain amount. Default is 5 seconds. |
|
66 */ |
|
67 |
|
68 void SetTimeLeeway(TUint aLeewaySeconds); |
|
69 |
|
70 /** |
|
71 * Validate a request/response pair, setting aOutcome to the result. |
|
72 * This is an asynchronous method. |
|
73 */ |
|
74 |
|
75 void Validate(const COCSPRequest& aRequest, COCSPResponse& aResponse, |
|
76 TOCSPOutcome& aOutcome, TRequestStatus& aStatus); |
|
77 |
|
78 protected: |
|
79 virtual void DoCancel(); |
|
80 virtual void RunL(); |
|
81 virtual TInt RunError(TInt aError); |
|
82 |
|
83 private: |
|
84 void ConstructL(); |
|
85 COCSPValidator( const COCSPParameters& aParameters); |
|
86 |
|
87 void DoValidateL(const COCSPRequest& aRequest, COCSPResponse& aResponse, |
|
88 TOCSPOutcome& aOutcome, TRequestStatus& aStatus); |
|
89 |
|
90 // Specific validation areas - return false if we should give up now. |
|
91 TBool IsResponseWellFormed(); // Checks correct certs present in response. |
|
92 TBool ValidateTimeL(); |
|
93 TBool ValidateNonce(); |
|
94 |
|
95 void ProcessSchemeValidationL(); |
|
96 void CheckSchemeValidationL(); |
|
97 void FinalResponseValidationL(); |
|
98 |
|
99 TTime ValidationTime() const; |
|
100 |
|
101 TBool TimeIsBeforeL(const TTime& aBefore, const TTime& aAfter); |
|
102 |
|
103 void SendResponderCertL(); |
|
104 void ValidateResponderCertL(); |
|
105 |
|
106 OCSP::TResult CheckOCSPStatus(const COCSPResponse* aResponse) const; |
|
107 |
|
108 private: |
|
109 |
|
110 // Array of integers, giving for each cert in the response the corresponding position in |
|
111 // the request |
|
112 RArray<TInt> iRequestIndex; |
|
113 |
|
114 const COCSPRequest* iRequest; |
|
115 COCSPResponse* iResponse; |
|
116 |
|
117 // User-supplied time for validation |
|
118 TTime* iValidationTime; |
|
119 |
|
120 // How old to allow thisUpdate to be |
|
121 TUint iMaxStatusAge; |
|
122 |
|
123 // Authorisation objects |
|
124 RPointerArray<MOCSPAuthorisationScheme> iAuthorisationScheme; |
|
125 |
|
126 TOCSPOutcome* iOutcome; |
|
127 TRequestStatus* iValidationStatus; |
|
128 |
|
129 enum TState |
|
130 { |
|
131 EValidating, |
|
132 EWaitingResponse, |
|
133 EValidateResponderCert, |
|
134 }; |
|
135 |
|
136 TState iState; |
|
137 |
|
138 // index of the last authorisation scheme we used |
|
139 TInt iIndexScheme; |
|
140 |
|
141 TUint iLeewaySeconds; |
|
142 |
|
143 TBool iResponderCertCheck; |
|
144 TBool iUseNonce; |
|
145 // ownership lies with the relevant auth scheme |
|
146 const CX509Certificate* iResponderCert; |
|
147 const CX509Certificate* iIssuerCert; |
|
148 COCSPRequest* iResponderCertRequest; |
|
149 COCSPResponse* iResponderCertResponse; |
|
150 COCSPTransaction* iTransaction; |
|
151 // ownership lies with COCSPClient |
|
152 const COCSPParameters* iParameters; |
|
153 MOCSPAuthorisationScheme* iSchemeInUse; |
|
154 }; |
|
155 |
|
156 #endif |