diff -r 000000000000 -r 164170e6151a pkiutilities/ocsp/src/parameters.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pkiutilities/ocsp/src/parameters.cpp Tue Jan 26 15:20:08 2010 +0200 @@ -0,0 +1,306 @@ +// Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// + +#include "panic.h" +#include "log.h" +#include +#include +#include +#include "ocsprequestandresponse.h" + +EXPORT_C COCSPParameters* COCSPParameters::NewL() + { + COCSPParameters* self = NewLC(); + CleanupStack::Pop(self); + return self; + } + +EXPORT_C COCSPParameters* COCSPParameters::NewLC() + { + COCSPParameters* self = new (ELeave) COCSPParameters(); + CleanupStack::PushL(self); + self->ConstructL(); + return self; + } + +COCSPParameters::COCSPParameters() : + iUseNonce(ETrue), + iUseAIA(ETrue), + iGenerateResponseForMissingUri(ETrue), + iResponderCertCheck(EFalse), // should be turned off by default + iRetryCount(KTransportDefaultRequestRetryCount), + iTimeout(KTransportDefaultRequestTimeout), + iCheckCertsWithAiaOnly(EFalse) // should be turned off by default + {} + +void COCSPParameters::ConstructL() + { + DEBUG_PRINTF(_L8("Reading policy.")); + iDefaultURI = KNullDesC8().AllocL(); + + COcspPolicy* ocspPolicy = COcspPolicy::NewL(); + iGenerateResponseForMissingUri = ocspPolicy->IsGenerateResponseForMissingUriEnabled(); + + delete ocspPolicy; + + DEBUG_PRINTF2(_L8("Generate response when no AIA URI and no default OCSP URI: %d."), iGenerateResponseForMissingUri); + } + +COCSPParameters::~COCSPParameters() + { + iSubjectCerts.Close(); + iIssuerCerts.Close(); + delete iDefaultURI; + delete iTransport; + iAuthSchemes.ResetAndDestroy(); + delete iValidationTime; + delete iMaxStatusAge; + delete iTimeLeeway; + } + +EXPORT_C void COCSPParameters::AddCertificateL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer) + { + User::LeaveIfError(iSubjectCerts.Append(&aSubject)); + User::LeaveIfError(iIssuerCerts.Append(&aIssuer)); + } + +EXPORT_C void COCSPParameters::AddCertificatesL(const CX509CertChain& aChain) + { + TInt numCerts = aChain.Count(); + if (numCerts >= 2) + { + // Go through all but last cert (last = root) + const CX509Certificate* issuerCert = &aChain.Cert(0); + const CX509Certificate* subjectCert = NULL; + for (TInt index = 1; index < numCerts; ++index) + { + subjectCert = issuerCert; + issuerCert = &aChain.Cert(index); + + AddCertificateL(*subjectCert, *issuerCert); + } + } + } + +EXPORT_C void COCSPParameters::SetUseNonce(TBool aUseNonce) + { + iUseNonce = aUseNonce; + } + +EXPORT_C void COCSPParameters::SetURIL(const TDesC8& aURI, TBool aUseAIA) + { + delete iDefaultURI; + iDefaultURI = NULL; + iDefaultURI = aURI.AllocL(); + iUseAIA = aUseAIA; + } + +EXPORT_C void COCSPParameters::SetTransport(MOCSPTransport* aTransport) + { + delete iTransport; + iTransport = aTransport; + } + +EXPORT_C void COCSPParameters::SetRetryCount(const TUint aRetryCount) + { + iRetryCount = aRetryCount; + } + +EXPORT_C void COCSPParameters::SetTimeout(const TInt aTimeout) + { + iTimeout = aTimeout; + } + +EXPORT_C void COCSPParameters::AddAuthorisationSchemeL(MOCSPAuthorisationScheme* aScheme) + { + __ASSERT_ALWAYS(aScheme, ::Panic(KErrArgument)); + User::LeaveIfError(iAuthSchemes.Append(aScheme)); + } + +EXPORT_C void COCSPParameters::AddAllAuthorisationSchemesL(const TUid& aCertStoreUid, MCertStore& aCertStore) +/** + This function adds all of the currently supported authorisation schemes + to this object. It is more convenient than having the client to allocate + each scheme. + + This function allocates the authorisation schemes defined in RFC2560 S2.2 - + direct authorisation, CA delegate, and CA direct. + + @param aCertStoreUid UID of trusted root certificates. E.g., + KCertStoreUIDForSWInstallOCSPSigning. + @param aCertStore Certificate store which contains the + the trust anchors used to validate the + response. + @pre No authorisation schemes should have been added to this object before + this function is called. + @see AddAuthorisationSchemeL + */ + { + __ASSERT_DEBUG(iAuthSchemes.Count() == 0, Panic(EAAASAlreadyHaveSchemes)); + + COCSPDirectAuthorisationScheme* directScheme = + COCSPDirectAuthorisationScheme::NewLC(aCertStoreUid, aCertStore); + AddAuthorisationSchemeL(directScheme); + CleanupStack::Pop(directScheme); + + COCSPDelegateAuthorisationScheme* caDelgScheme = + COCSPDelegateAuthorisationScheme::NewLC(aCertStore); + AddAuthorisationSchemeL(caDelgScheme); + CleanupStack::Pop(caDelgScheme); + + COCSPCaDirectAuthorisationScheme* caDirectScheme = COCSPCaDirectAuthorisationScheme::NewLC(); + AddAuthorisationSchemeL(caDirectScheme); + CleanupStack::Pop(caDirectScheme); + } + +EXPORT_C void COCSPParameters::SetValidationTimeL(const TTime& aValidationTime) + { + delete iValidationTime; + iValidationTime = NULL; + iValidationTime = new (ELeave) TTime(aValidationTime); + } + +EXPORT_C void COCSPParameters::SetMaxStatusAgeL(TUint aMaxAge) + { + delete iMaxStatusAge; + iMaxStatusAge = NULL; + iMaxStatusAge = new (ELeave) TUint(aMaxAge); + } + +EXPORT_C void COCSPParameters::SetTimeLeewayL(TUint aLeewaySeconds) + { + delete iTimeLeeway; + iTimeLeeway = NULL; + iTimeLeeway = new (ELeave) TUint(aLeewaySeconds); + } + +EXPORT_C void COCSPParameters::SetCheckCertsWithAiaOnly(const TBool aCheckCertsWithAiaOnly) + { + iCheckCertsWithAiaOnly = aCheckCertsWithAiaOnly; + } + +EXPORT_C void COCSPParameters::SetOCSPCheckForResponderCert(const TBool aResponderCertCheck) + { + iResponderCertCheck = aResponderCertCheck; + } + +EXPORT_C void COCSPParameters::SetUseAIA(const TBool aUseAIA) + { + iUseAIA = aUseAIA; + } + +TUint COCSPParameters::CertCount() const + { + return iSubjectCerts.Count(); + } + +const CX509Certificate& COCSPParameters::SubjectCert(TUint aIndex) const + { + return *iSubjectCerts[aIndex]; + } + +const CX509Certificate& COCSPParameters::IssuerCert(TUint aIndex) const + { + return *iIssuerCerts[aIndex]; + } + +TBool COCSPParameters::UseNonce() const + { + return iUseNonce; + } + +const TDesC8& COCSPParameters::DefaultURI() const + { + return static_cast(*iDefaultURI); + } + +TBool COCSPParameters::UseAIA() const + { + return iUseAIA; + } + +MOCSPTransport* COCSPParameters::Transport() const + { + return iTransport; + } + +TUint COCSPParameters::AuthSchemeCount() const + { + return iAuthSchemes.Count(); + } + +MOCSPAuthorisationScheme& COCSPParameters::AuthScheme(TUint aIndex) const + { + // Modified so when backported to typhoon this stil compiles, required because of the + // RArrayPointer operator[] changes, + return const_cast(*iAuthSchemes[aIndex]); + } + +const TTime* COCSPParameters::ValidationTime() const + { + return iValidationTime; + } + +const TUint* COCSPParameters::MaxStatusAge() const + { + return iMaxStatusAge; + } + +const TUint* COCSPParameters::TimeLeeway() const + { + return iTimeLeeway; + } + +TBool COCSPParameters::GenerateResponseForMissingUri() const + { + return iGenerateResponseForMissingUri; + } + +TUint COCSPParameters::RetryCount() const + { + return iRetryCount; + } + +TInt COCSPParameters::Timeout() const + { + return iTimeout; + } + +TBool COCSPParameters::ReponderCertCheck() const + { + return iResponderCertCheck; + } + +TBool COCSPParameters::CheckCertsWithAiaOnly() const + { + return iCheckCertsWithAiaOnly; + } + +#ifdef _DEBUG + +void COCSPParameters::Panic(COCSPParameters::TPanic aPanic) +/** + Halt the current thread with the supplied panic code. + The thread is halted with category "OCSPParam" and the supplied + reason. + + @param aPanic Panic reason. + */ + { + _LIT(KPanicCat, "OCSPParam"); + User::Panic(KPanicCat, aPanic); + } + +#endif // #ifdef _DEBUG