|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 #include "panic.h" |
|
17 #include "log.h" |
|
18 #include <ocsp.h> |
|
19 #include <x509certchain.h> |
|
20 #include <ocsppolicy.h> |
|
21 #include "ocsprequestandresponse.h" |
|
22 |
|
23 EXPORT_C COCSPParameters* COCSPParameters::NewL() |
|
24 { |
|
25 COCSPParameters* self = NewLC(); |
|
26 CleanupStack::Pop(self); |
|
27 return self; |
|
28 } |
|
29 |
|
30 EXPORT_C COCSPParameters* COCSPParameters::NewLC() |
|
31 { |
|
32 COCSPParameters* self = new (ELeave) COCSPParameters(); |
|
33 CleanupStack::PushL(self); |
|
34 self->ConstructL(); |
|
35 return self; |
|
36 } |
|
37 |
|
38 COCSPParameters::COCSPParameters() : |
|
39 iUseNonce(ETrue), |
|
40 iUseAIA(ETrue), |
|
41 iGenerateResponseForMissingUri(ETrue), |
|
42 iResponderCertCheck(EFalse), // should be turned off by default |
|
43 iRetryCount(KTransportDefaultRequestRetryCount), |
|
44 iTimeout(KTransportDefaultRequestTimeout), |
|
45 iCheckCertsWithAiaOnly(EFalse) // should be turned off by default |
|
46 {} |
|
47 |
|
48 void COCSPParameters::ConstructL() |
|
49 { |
|
50 DEBUG_PRINTF(_L8("Reading policy.")); |
|
51 iDefaultURI = KNullDesC8().AllocL(); |
|
52 |
|
53 COcspPolicy* ocspPolicy = COcspPolicy::NewL(); |
|
54 iGenerateResponseForMissingUri = ocspPolicy->IsGenerateResponseForMissingUriEnabled(); |
|
55 |
|
56 delete ocspPolicy; |
|
57 |
|
58 DEBUG_PRINTF2(_L8("Generate response when no AIA URI and no default OCSP URI: %d."), iGenerateResponseForMissingUri); |
|
59 } |
|
60 |
|
61 COCSPParameters::~COCSPParameters() |
|
62 { |
|
63 iSubjectCerts.Close(); |
|
64 iIssuerCerts.Close(); |
|
65 delete iDefaultURI; |
|
66 delete iTransport; |
|
67 iAuthSchemes.ResetAndDestroy(); |
|
68 delete iValidationTime; |
|
69 delete iMaxStatusAge; |
|
70 delete iTimeLeeway; |
|
71 } |
|
72 |
|
73 EXPORT_C void COCSPParameters::AddCertificateL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer) |
|
74 { |
|
75 User::LeaveIfError(iSubjectCerts.Append(&aSubject)); |
|
76 User::LeaveIfError(iIssuerCerts.Append(&aIssuer)); |
|
77 } |
|
78 |
|
79 EXPORT_C void COCSPParameters::AddCertificatesL(const CX509CertChain& aChain) |
|
80 { |
|
81 TInt numCerts = aChain.Count(); |
|
82 if (numCerts >= 2) |
|
83 { |
|
84 // Go through all but last cert (last = root) |
|
85 const CX509Certificate* issuerCert = &aChain.Cert(0); |
|
86 const CX509Certificate* subjectCert = NULL; |
|
87 for (TInt index = 1; index < numCerts; ++index) |
|
88 { |
|
89 subjectCert = issuerCert; |
|
90 issuerCert = &aChain.Cert(index); |
|
91 |
|
92 AddCertificateL(*subjectCert, *issuerCert); |
|
93 } |
|
94 } |
|
95 } |
|
96 |
|
97 EXPORT_C void COCSPParameters::SetUseNonce(TBool aUseNonce) |
|
98 { |
|
99 iUseNonce = aUseNonce; |
|
100 } |
|
101 |
|
102 EXPORT_C void COCSPParameters::SetURIL(const TDesC8& aURI, TBool aUseAIA) |
|
103 { |
|
104 delete iDefaultURI; |
|
105 iDefaultURI = NULL; |
|
106 iDefaultURI = aURI.AllocL(); |
|
107 iUseAIA = aUseAIA; |
|
108 } |
|
109 |
|
110 EXPORT_C void COCSPParameters::SetTransport(MOCSPTransport* aTransport) |
|
111 { |
|
112 delete iTransport; |
|
113 iTransport = aTransport; |
|
114 } |
|
115 |
|
116 EXPORT_C void COCSPParameters::SetRetryCount(const TUint aRetryCount) |
|
117 { |
|
118 iRetryCount = aRetryCount; |
|
119 } |
|
120 |
|
121 EXPORT_C void COCSPParameters::SetTimeout(const TInt aTimeout) |
|
122 { |
|
123 iTimeout = aTimeout; |
|
124 } |
|
125 |
|
126 EXPORT_C void COCSPParameters::AddAuthorisationSchemeL(MOCSPAuthorisationScheme* aScheme) |
|
127 { |
|
128 __ASSERT_ALWAYS(aScheme, ::Panic(KErrArgument)); |
|
129 User::LeaveIfError(iAuthSchemes.Append(aScheme)); |
|
130 } |
|
131 |
|
132 EXPORT_C void COCSPParameters::AddAllAuthorisationSchemesL(const TUid& aCertStoreUid, MCertStore& aCertStore) |
|
133 /** |
|
134 This function adds all of the currently supported authorisation schemes |
|
135 to this object. It is more convenient than having the client to allocate |
|
136 each scheme. |
|
137 |
|
138 This function allocates the authorisation schemes defined in RFC2560 S2.2 - |
|
139 direct authorisation, CA delegate, and CA direct. |
|
140 |
|
141 @param aCertStoreUid UID of trusted root certificates. E.g., |
|
142 KCertStoreUIDForSWInstallOCSPSigning. |
|
143 @param aCertStore Certificate store which contains the |
|
144 the trust anchors used to validate the |
|
145 response. |
|
146 @pre No authorisation schemes should have been added to this object before |
|
147 this function is called. |
|
148 @see AddAuthorisationSchemeL |
|
149 */ |
|
150 { |
|
151 __ASSERT_DEBUG(iAuthSchemes.Count() == 0, Panic(EAAASAlreadyHaveSchemes)); |
|
152 |
|
153 COCSPDirectAuthorisationScheme* directScheme = |
|
154 COCSPDirectAuthorisationScheme::NewLC(aCertStoreUid, aCertStore); |
|
155 AddAuthorisationSchemeL(directScheme); |
|
156 CleanupStack::Pop(directScheme); |
|
157 |
|
158 COCSPDelegateAuthorisationScheme* caDelgScheme = |
|
159 COCSPDelegateAuthorisationScheme::NewLC(aCertStore); |
|
160 AddAuthorisationSchemeL(caDelgScheme); |
|
161 CleanupStack::Pop(caDelgScheme); |
|
162 |
|
163 COCSPCaDirectAuthorisationScheme* caDirectScheme = COCSPCaDirectAuthorisationScheme::NewLC(); |
|
164 AddAuthorisationSchemeL(caDirectScheme); |
|
165 CleanupStack::Pop(caDirectScheme); |
|
166 } |
|
167 |
|
168 EXPORT_C void COCSPParameters::SetValidationTimeL(const TTime& aValidationTime) |
|
169 { |
|
170 delete iValidationTime; |
|
171 iValidationTime = NULL; |
|
172 iValidationTime = new (ELeave) TTime(aValidationTime); |
|
173 } |
|
174 |
|
175 EXPORT_C void COCSPParameters::SetMaxStatusAgeL(TUint aMaxAge) |
|
176 { |
|
177 delete iMaxStatusAge; |
|
178 iMaxStatusAge = NULL; |
|
179 iMaxStatusAge = new (ELeave) TUint(aMaxAge); |
|
180 } |
|
181 |
|
182 EXPORT_C void COCSPParameters::SetTimeLeewayL(TUint aLeewaySeconds) |
|
183 { |
|
184 delete iTimeLeeway; |
|
185 iTimeLeeway = NULL; |
|
186 iTimeLeeway = new (ELeave) TUint(aLeewaySeconds); |
|
187 } |
|
188 |
|
189 EXPORT_C void COCSPParameters::SetCheckCertsWithAiaOnly(const TBool aCheckCertsWithAiaOnly) |
|
190 { |
|
191 iCheckCertsWithAiaOnly = aCheckCertsWithAiaOnly; |
|
192 } |
|
193 |
|
194 EXPORT_C void COCSPParameters::SetOCSPCheckForResponderCert(const TBool aResponderCertCheck) |
|
195 { |
|
196 iResponderCertCheck = aResponderCertCheck; |
|
197 } |
|
198 |
|
199 EXPORT_C void COCSPParameters::SetUseAIA(const TBool aUseAIA) |
|
200 { |
|
201 iUseAIA = aUseAIA; |
|
202 } |
|
203 |
|
204 TUint COCSPParameters::CertCount() const |
|
205 { |
|
206 return iSubjectCerts.Count(); |
|
207 } |
|
208 |
|
209 const CX509Certificate& COCSPParameters::SubjectCert(TUint aIndex) const |
|
210 { |
|
211 return *iSubjectCerts[aIndex]; |
|
212 } |
|
213 |
|
214 const CX509Certificate& COCSPParameters::IssuerCert(TUint aIndex) const |
|
215 { |
|
216 return *iIssuerCerts[aIndex]; |
|
217 } |
|
218 |
|
219 TBool COCSPParameters::UseNonce() const |
|
220 { |
|
221 return iUseNonce; |
|
222 } |
|
223 |
|
224 const TDesC8& COCSPParameters::DefaultURI() const |
|
225 { |
|
226 return static_cast<TDesC8&>(*iDefaultURI); |
|
227 } |
|
228 |
|
229 TBool COCSPParameters::UseAIA() const |
|
230 { |
|
231 return iUseAIA; |
|
232 } |
|
233 |
|
234 MOCSPTransport* COCSPParameters::Transport() const |
|
235 { |
|
236 return iTransport; |
|
237 } |
|
238 |
|
239 TUint COCSPParameters::AuthSchemeCount() const |
|
240 { |
|
241 return iAuthSchemes.Count(); |
|
242 } |
|
243 |
|
244 MOCSPAuthorisationScheme& COCSPParameters::AuthScheme(TUint aIndex) const |
|
245 { |
|
246 // Modified so when backported to typhoon this stil compiles, required because of the |
|
247 // RArrayPointer operator[] changes, |
|
248 return const_cast<MOCSPAuthorisationScheme&>(*iAuthSchemes[aIndex]); |
|
249 } |
|
250 |
|
251 const TTime* COCSPParameters::ValidationTime() const |
|
252 { |
|
253 return iValidationTime; |
|
254 } |
|
255 |
|
256 const TUint* COCSPParameters::MaxStatusAge() const |
|
257 { |
|
258 return iMaxStatusAge; |
|
259 } |
|
260 |
|
261 const TUint* COCSPParameters::TimeLeeway() const |
|
262 { |
|
263 return iTimeLeeway; |
|
264 } |
|
265 |
|
266 TBool COCSPParameters::GenerateResponseForMissingUri() const |
|
267 { |
|
268 return iGenerateResponseForMissingUri; |
|
269 } |
|
270 |
|
271 TUint COCSPParameters::RetryCount() const |
|
272 { |
|
273 return iRetryCount; |
|
274 } |
|
275 |
|
276 TInt COCSPParameters::Timeout() const |
|
277 { |
|
278 return iTimeout; |
|
279 } |
|
280 |
|
281 TBool COCSPParameters::ReponderCertCheck() const |
|
282 { |
|
283 return iResponderCertCheck; |
|
284 } |
|
285 |
|
286 TBool COCSPParameters::CheckCertsWithAiaOnly() const |
|
287 { |
|
288 return iCheckCertsWithAiaOnly; |
|
289 } |
|
290 |
|
291 #ifdef _DEBUG |
|
292 |
|
293 void COCSPParameters::Panic(COCSPParameters::TPanic aPanic) |
|
294 /** |
|
295 Halt the current thread with the supplied panic code. |
|
296 The thread is halted with category "OCSPParam" and the supplied |
|
297 reason. |
|
298 |
|
299 @param aPanic Panic reason. |
|
300 */ |
|
301 { |
|
302 _LIT(KPanicCat, "OCSPParam"); |
|
303 User::Panic(KPanicCat, aPanic); |
|
304 } |
|
305 |
|
306 #endif // #ifdef _DEBUG |