--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkiutilities/ocsp/src/parameters.cpp Tue Jan 26 15:20:08 2010 +0200
@@ -0,0 +1,306 @@
+// Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+//
+
+#include "panic.h"
+#include "log.h"
+#include <ocsp.h>
+#include <x509certchain.h>
+#include <ocsppolicy.h>
+#include "ocsprequestandresponse.h"
+
+EXPORT_C COCSPParameters* COCSPParameters::NewL()
+ {
+ COCSPParameters* self = NewLC();
+ CleanupStack::Pop(self);
+ return self;
+ }
+
+EXPORT_C COCSPParameters* COCSPParameters::NewLC()
+ {
+ COCSPParameters* self = new (ELeave) COCSPParameters();
+ CleanupStack::PushL(self);
+ self->ConstructL();
+ return self;
+ }
+
+COCSPParameters::COCSPParameters() :
+ iUseNonce(ETrue),
+ iUseAIA(ETrue),
+ iGenerateResponseForMissingUri(ETrue),
+ iResponderCertCheck(EFalse), // should be turned off by default
+ iRetryCount(KTransportDefaultRequestRetryCount),
+ iTimeout(KTransportDefaultRequestTimeout),
+ iCheckCertsWithAiaOnly(EFalse) // should be turned off by default
+ {}
+
+void COCSPParameters::ConstructL()
+ {
+ DEBUG_PRINTF(_L8("Reading policy."));
+ iDefaultURI = KNullDesC8().AllocL();
+
+ COcspPolicy* ocspPolicy = COcspPolicy::NewL();
+ iGenerateResponseForMissingUri = ocspPolicy->IsGenerateResponseForMissingUriEnabled();
+
+ delete ocspPolicy;
+
+ DEBUG_PRINTF2(_L8("Generate response when no AIA URI and no default OCSP URI: %d."), iGenerateResponseForMissingUri);
+ }
+
+COCSPParameters::~COCSPParameters()
+ {
+ iSubjectCerts.Close();
+ iIssuerCerts.Close();
+ delete iDefaultURI;
+ delete iTransport;
+ iAuthSchemes.ResetAndDestroy();
+ delete iValidationTime;
+ delete iMaxStatusAge;
+ delete iTimeLeeway;
+ }
+
+EXPORT_C void COCSPParameters::AddCertificateL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer)
+ {
+ User::LeaveIfError(iSubjectCerts.Append(&aSubject));
+ User::LeaveIfError(iIssuerCerts.Append(&aIssuer));
+ }
+
+EXPORT_C void COCSPParameters::AddCertificatesL(const CX509CertChain& aChain)
+ {
+ TInt numCerts = aChain.Count();
+ if (numCerts >= 2)
+ {
+ // Go through all but last cert (last = root)
+ const CX509Certificate* issuerCert = &aChain.Cert(0);
+ const CX509Certificate* subjectCert = NULL;
+ for (TInt index = 1; index < numCerts; ++index)
+ {
+ subjectCert = issuerCert;
+ issuerCert = &aChain.Cert(index);
+
+ AddCertificateL(*subjectCert, *issuerCert);
+ }
+ }
+ }
+
+EXPORT_C void COCSPParameters::SetUseNonce(TBool aUseNonce)
+ {
+ iUseNonce = aUseNonce;
+ }
+
+EXPORT_C void COCSPParameters::SetURIL(const TDesC8& aURI, TBool aUseAIA)
+ {
+ delete iDefaultURI;
+ iDefaultURI = NULL;
+ iDefaultURI = aURI.AllocL();
+ iUseAIA = aUseAIA;
+ }
+
+EXPORT_C void COCSPParameters::SetTransport(MOCSPTransport* aTransport)
+ {
+ delete iTransport;
+ iTransport = aTransport;
+ }
+
+EXPORT_C void COCSPParameters::SetRetryCount(const TUint aRetryCount)
+ {
+ iRetryCount = aRetryCount;
+ }
+
+EXPORT_C void COCSPParameters::SetTimeout(const TInt aTimeout)
+ {
+ iTimeout = aTimeout;
+ }
+
+EXPORT_C void COCSPParameters::AddAuthorisationSchemeL(MOCSPAuthorisationScheme* aScheme)
+ {
+ __ASSERT_ALWAYS(aScheme, ::Panic(KErrArgument));
+ User::LeaveIfError(iAuthSchemes.Append(aScheme));
+ }
+
+EXPORT_C void COCSPParameters::AddAllAuthorisationSchemesL(const TUid& aCertStoreUid, MCertStore& aCertStore)
+/**
+ This function adds all of the currently supported authorisation schemes
+ to this object. It is more convenient than having the client to allocate
+ each scheme.
+
+ This function allocates the authorisation schemes defined in RFC2560 S2.2 -
+ direct authorisation, CA delegate, and CA direct.
+
+ @param aCertStoreUid UID of trusted root certificates. E.g.,
+ KCertStoreUIDForSWInstallOCSPSigning.
+ @param aCertStore Certificate store which contains the
+ the trust anchors used to validate the
+ response.
+ @pre No authorisation schemes should have been added to this object before
+ this function is called.
+ @see AddAuthorisationSchemeL
+ */
+ {
+ __ASSERT_DEBUG(iAuthSchemes.Count() == 0, Panic(EAAASAlreadyHaveSchemes));
+
+ COCSPDirectAuthorisationScheme* directScheme =
+ COCSPDirectAuthorisationScheme::NewLC(aCertStoreUid, aCertStore);
+ AddAuthorisationSchemeL(directScheme);
+ CleanupStack::Pop(directScheme);
+
+ COCSPDelegateAuthorisationScheme* caDelgScheme =
+ COCSPDelegateAuthorisationScheme::NewLC(aCertStore);
+ AddAuthorisationSchemeL(caDelgScheme);
+ CleanupStack::Pop(caDelgScheme);
+
+ COCSPCaDirectAuthorisationScheme* caDirectScheme = COCSPCaDirectAuthorisationScheme::NewLC();
+ AddAuthorisationSchemeL(caDirectScheme);
+ CleanupStack::Pop(caDirectScheme);
+ }
+
+EXPORT_C void COCSPParameters::SetValidationTimeL(const TTime& aValidationTime)
+ {
+ delete iValidationTime;
+ iValidationTime = NULL;
+ iValidationTime = new (ELeave) TTime(aValidationTime);
+ }
+
+EXPORT_C void COCSPParameters::SetMaxStatusAgeL(TUint aMaxAge)
+ {
+ delete iMaxStatusAge;
+ iMaxStatusAge = NULL;
+ iMaxStatusAge = new (ELeave) TUint(aMaxAge);
+ }
+
+EXPORT_C void COCSPParameters::SetTimeLeewayL(TUint aLeewaySeconds)
+ {
+ delete iTimeLeeway;
+ iTimeLeeway = NULL;
+ iTimeLeeway = new (ELeave) TUint(aLeewaySeconds);
+ }
+
+EXPORT_C void COCSPParameters::SetCheckCertsWithAiaOnly(const TBool aCheckCertsWithAiaOnly)
+ {
+ iCheckCertsWithAiaOnly = aCheckCertsWithAiaOnly;
+ }
+
+EXPORT_C void COCSPParameters::SetOCSPCheckForResponderCert(const TBool aResponderCertCheck)
+ {
+ iResponderCertCheck = aResponderCertCheck;
+ }
+
+EXPORT_C void COCSPParameters::SetUseAIA(const TBool aUseAIA)
+ {
+ iUseAIA = aUseAIA;
+ }
+
+TUint COCSPParameters::CertCount() const
+ {
+ return iSubjectCerts.Count();
+ }
+
+const CX509Certificate& COCSPParameters::SubjectCert(TUint aIndex) const
+ {
+ return *iSubjectCerts[aIndex];
+ }
+
+const CX509Certificate& COCSPParameters::IssuerCert(TUint aIndex) const
+ {
+ return *iIssuerCerts[aIndex];
+ }
+
+TBool COCSPParameters::UseNonce() const
+ {
+ return iUseNonce;
+ }
+
+const TDesC8& COCSPParameters::DefaultURI() const
+ {
+ return static_cast<TDesC8&>(*iDefaultURI);
+ }
+
+TBool COCSPParameters::UseAIA() const
+ {
+ return iUseAIA;
+ }
+
+MOCSPTransport* COCSPParameters::Transport() const
+ {
+ return iTransport;
+ }
+
+TUint COCSPParameters::AuthSchemeCount() const
+ {
+ return iAuthSchemes.Count();
+ }
+
+MOCSPAuthorisationScheme& COCSPParameters::AuthScheme(TUint aIndex) const
+ {
+ // Modified so when backported to typhoon this stil compiles, required because of the
+ // RArrayPointer operator[] changes,
+ return const_cast<MOCSPAuthorisationScheme&>(*iAuthSchemes[aIndex]);
+ }
+
+const TTime* COCSPParameters::ValidationTime() const
+ {
+ return iValidationTime;
+ }
+
+const TUint* COCSPParameters::MaxStatusAge() const
+ {
+ return iMaxStatusAge;
+ }
+
+const TUint* COCSPParameters::TimeLeeway() const
+ {
+ return iTimeLeeway;
+ }
+
+TBool COCSPParameters::GenerateResponseForMissingUri() const
+ {
+ return iGenerateResponseForMissingUri;
+ }
+
+TUint COCSPParameters::RetryCount() const
+ {
+ return iRetryCount;
+ }
+
+TInt COCSPParameters::Timeout() const
+ {
+ return iTimeout;
+ }
+
+TBool COCSPParameters::ReponderCertCheck() const
+ {
+ return iResponderCertCheck;
+ }
+
+TBool COCSPParameters::CheckCertsWithAiaOnly() const
+ {
+ return iCheckCertsWithAiaOnly;
+ }
+
+#ifdef _DEBUG
+
+void COCSPParameters::Panic(COCSPParameters::TPanic aPanic)
+/**
+ Halt the current thread with the supplied panic code.
+ The thread is halted with category "OCSPParam" and the supplied
+ reason.
+
+ @param aPanic Panic reason.
+ */
+ {
+ _LIT(KPanicCat, "OCSPParam");
+ User::Panic(KPanicCat, aPanic);
+ }
+
+#endif // #ifdef _DEBUG