root/middleware-offline/trunk/_src/eidmw/applayer/APLCertif.h @ 271

Revision 271, 24.2 KB (checked in by vsilva, 6 years ago)

First official release

Line 
1/* ****************************************************************************
2
3 * eID Middleware Project.
4 * Copyright (C) 2008-2009 FedICT.
5 *
6 * This is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU Lesser General Public License version
8 * 3.0 as published by the Free Software Foundation.
9 *
10 * This software is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this software; if not, see
17 * http://www.gnu.org/licenses/.
18
19**************************************************************************** */
20#pragma once
21
22#ifndef __CERTIF_H__
23#define __CERTIF_H__
24
25#include <string>
26#include <map>
27
28
29#include "openssl/evp.h"
30#include "openssl/ocsp.h"
31#include "openssl/ssl.h"
32#include "openssl/bio.h"
33
34#include "Export.h"
35#include "P15Objects.h"
36#include "ByteArray.h"
37#include "APLCard.h"
38#include "APLCardFile.h"
39#include "APLCrypto.h"
40#include <limits.h>
41
42namespace eIDMW
43{
44
45#define ANY_INDEX ULONG_MAX
46
47enum APL_CertifType
48{
49        APL_CERTIF_TYPE_UNKNOWN,                /**< Type unknown */
50        APL_CERTIF_TYPE_ROOT,                   /**< Root certificate */
51        APL_CERTIF_TYPE_ROOT_AUTH,              /**< CA certificate */
52        APL_CERTIF_TYPE_ROOT_SIGN,              /**< CA certificate */
53        APL_CERTIF_TYPE_AUTHENTICATION, /**< Authentication certificate */
54        APL_CERTIF_TYPE_SIGNATURE,              /**< Signature certificate */
55};
56
57enum APL_CertifStatus
58{
59        APL_CERTIF_STATUS_UNCHECK,              /**< Validity not check yet */
60        APL_CERTIF_STATUS_VALID,                /**< Valid certificate */
61        APL_CERTIF_STATUS_VALID_CRL,    /**< Valid certificate through CRL process */
62        APL_CERTIF_STATUS_VALID_OCSP,   /**< Valid certificate through OCSP process */
63        APL_CERTIF_STATUS_REVOKED,              /**< Revoked certificate */
64        APL_CERTIF_STATUS_TEST,                 /**< Test certificate */
65        APL_CERTIF_STATUS_DATE,                 /**< Certificate no more valid */
66        APL_CERTIF_STATUS_CONNECT,              /**< Connection problem */
67        APL_CERTIF_STATUS_ISSUER,               /**< An issuer is missing in the chain */
68        APL_CERTIF_STATUS_ERROR,                /**< Error during validation */
69        APL_CERTIF_STATUS_UNKNOWN               /**< Validity unknown */
70};
71
72enum APL_CrlStatus
73{
74        APL_CRL_STATUS_UNKNOWN,                 /**< Validity unknown */
75        APL_CRL_STATUS_VALID,                   /**< Valid Crl */
76        APL_CRL_STATUS_CONNECT,                 /**< Connection problem */
77        APL_CRL_STATUS_ERROR                    /**< Error during validation */
78};
79
80enum APL_ValidationProcess
81{
82        APL_VALIDATION_PROCESS_NONE=0,
83        APL_VALIDATION_PROCESS_CRL,
84        APL_VALIDATION_PROCESS_OCSP
85};
86
87enum APL_ValidationLevel
88{
89        APL_VALIDATION_LEVEL_NONE=0,
90        APL_VALIDATION_LEVEL_OPTIONAL,
91        APL_VALIDATION_LEVEL_MANDATORY
92};
93
94enum APL_HashAlgo {
95        APL_ALGO_MD5,      // 16-byte hash
96        APL_ALGO_SHA1     // 20-byte hash
97};
98
99class APL_CryptoFwk;
100class APL_CardFile_Certificate;
101class APL_Certif;
102
103/******************************************************************************//**
104  * Class that represents a certificates store
105  *
106  * The store is linked to a smart card
107  * It contains the P15 certificates that are on this card
108  * and can contain other certificates
109  *
110  * To get a APL_Certifs object, we have to ask it from the APL_SmartCard
111  *********************************************************************************/
112class APL_Certifs : public APL_Crypto
113{
114public:
115        /**
116          * Create an APL_Certifs store without any link to a card
117          * This store is not link to any Card so some methods could not be used
118          * these methods throw EIDMW_ERR_BAD_USAGE exception
119          */
120        EIDMW_APL_API APL_Certifs();                           
121
122        /**
123          * Destructor
124          *
125          * Destroy all the certificate hold in m_certifsAll
126          */
127        EIDMW_APL_API virtual ~APL_Certifs(void);
128
129        EIDMW_APL_API virtual bool isAllowed();                                                 /**< The document is allowed*/
130
131        EIDMW_APL_API virtual CByteArray getXML(bool bNoHeader=false);  /**< Build the XML document */
132        EIDMW_APL_API virtual CByteArray getCSV();                                              /**< Build the CSV document */
133        EIDMW_APL_API virtual CByteArray getTLV();                                              /**< Build the TLV document */
134
135        /**
136          * Return the number of P15 certificates on the card
137          */
138        EIDMW_APL_API unsigned long countFromCard();
139
140        /**
141          * Return the number of certificates in the store (P15 on the card or not)
142          */
143        EIDMW_APL_API unsigned long countAll(bool bOnlyVisible);
144
145        /**
146          * Return the certificate with the number ulIndexCard from the card
147          *
148          * If the APL_Certif object does not yet exist,
149          * it is create and add to both maps m_certifsOnCard and m_certifsAll
150          */
151        EIDMW_APL_API APL_Certif *getCertFromCard(unsigned long ulIndexCard);
152
153        /**
154          * Return the certificate with the number ulIndexAll
155          *
156          * First load all the certificates from the card
157          * Then return the certificate with index ulIndexAll
158          * ATTENTION ulIndexAll and ulIndexCard are two different index)
159          */
160        EIDMW_APL_API APL_Certif *getCert(unsigned long ulIndex, bool bOnlyVisible);
161       
162        /**
163          * Add a certificate to the store
164          *
165          * If the unique ID is not yet in the map m_certifsAll
166          * it is create and add to this map only
167          */
168        EIDMW_APL_API APL_Certif *addCert(const CByteArray &cert,APL_CertifType type=APL_CERTIF_TYPE_UNKNOWN,bool bHidden=false);
169
170        /**
171          * Return the certificate from its unique ID
172          *
173          * If it is not yet in the map (m_certifsAll), we throw an exception
174          */
175        EIDMW_APL_API APL_Certif *getCertUniqueId(unsigned long ulUniqueId);
176
177        /**
178          * Return the number of certificates by type in the store
179          */
180        EIDMW_APL_API unsigned long countCert(APL_CertifType type,bool bOnlyVisible=true);
181
182        /**
183          * Return the certificate by type in the store
184          *
185          * If no certificate is found, we throw an exception
186          */
187        EIDMW_APL_API APL_Certif *getCert(APL_CertifType type,unsigned long ulIndex=ANY_INDEX, bool bOnlyVisible=true);
188
189        /**
190          * Return the number of root certificates in the store
191          */
192        EIDMW_APL_API unsigned long countRoot(bool bOnlyVisible=true);
193
194        /**
195          * Return the root certificate in the store
196          *
197          * If no root is found, we throw an exception
198          */
199        EIDMW_APL_API APL_Certif *getRoot(unsigned long ulIndex=ANY_INDEX, bool bOnlyVisible=true);
200
201        /**
202          * Return the number of authentication certificates in the store
203          */
204        EIDMW_APL_API unsigned long countAuthentication(bool bOnlyVisible=true);
205
206        /**
207          * Return the authentication certificate in the store
208          *
209          * If no authentication certificate is found, we throw an exception
210          */
211        EIDMW_APL_API APL_Certif *getAuthentication(unsigned long ulIndex=ANY_INDEX, bool bOnlyVisible=true);
212
213        /**
214          * Return the number of signature certificates in the store
215          */
216        EIDMW_APL_API unsigned long countSignature(bool bOnlyVisible=true);
217
218        /**
219          * Return the signature certificate in the store
220          *
221          * If no signature certificate is found, we throw an exception
222          */
223        EIDMW_APL_API APL_Certif *getSignature(unsigned long ulIndex=ANY_INDEX, bool bOnlyVisible=true);
224
225        /**
226          * Return the number of CA certificates in the store
227          */
228        EIDMW_APL_API unsigned long countCA(bool bOnlyVisible=true);
229
230        /**
231          * Return the CA certificate in the store
232          *
233          * If no CA certificate is found, we throw an exception
234          */
235        EIDMW_APL_API APL_Certif *getCA(unsigned long ulIndex=ANY_INDEX, bool bOnlyVisible=true);
236
237        /**
238          * Return the number of children for cert in the store
239          */
240        EIDMW_APL_API unsigned long countChildren(const APL_Certif *cert);
241
242        /**
243          * Return the ulIndex'th children for cert (first is 0)
244          *
245          * If out of range, we throw an exception
246          */
247        EIDMW_APL_API APL_Certif *getChildren(const APL_Certif *cert,unsigned long ulIndex);
248
249        /**
250          * Loop through m_certifs to find the issuer of the certificate
251          *
252          * If no issuer is found, NULL is return
253          */
254        EIDMW_APL_API APL_Certif *findIssuer(const APL_Certif *cert);
255
256        /**
257          * Loop through m_certifs to find the issuer of the certificate
258          *
259          * If no issuer is found, NULL is return
260          */
261        EIDMW_APL_API APL_Certif *findIssuer(const CByteArray *data);
262
263        /**
264          * Loop through m_certifs to find the issuer of the crl
265          *
266          * If no issuer is found, NULL is return
267          */
268        EIDMW_APL_API APL_Certif *findCrlIssuer(const CByteArray &crldata);
269
270        /**
271          * Return true if test cards are allowed
272          */
273        EIDMW_APL_API bool getAllowTestCard();
274
275
276        void resetFlags();      /**< Reset flags (issuer, root and test) in the certifactes from the store */
277
278        /**
279          * Add a certificate to the store for internal use (virtual reader, RRn)
280          *
281          * No need to export
282          */
283        APL_Certif *addCert(APL_CardFile_Certificate *file,APL_CertifType type,bool bOnCard,bool bHidden,unsigned long ulIndex,const CByteArray *cert,const CByteArray *cert_tlv_struct);
284
285        /**
286          * Return the card from where the store comes (could be NULL)
287          *
288          * No need to export
289          */
290        APL_SmartCard *getCard();
291
292protected:
293        /**
294          * Constructor
295          *
296          * @param card is the smart card to which the store is linked
297          */
298        APL_Certifs(APL_SmartCard *card);
299
300private:
301        APL_Certifs(const APL_Certifs& certstore);                              /**< Copy not allowed - not implemented */
302        APL_Certifs &operator= (const APL_Certifs& certstore);  /**< Copy not allowed - not implemented */
303
304        void loadCard();                                                                                /**< Load all the certificates from the card */
305        void loadFromFile();                                                                    /**< Load all the certificates from the certificates directory */
306        void init(APL_SmartCard *card);
307
308        void resetIssuers(); /**< Reset issuer pointer in the certifactes from the store */
309        void resetRoots();      /**< Reset root flag in the certifactes from the store */
310        void resetTests();      /**< Reset test flag in the certifactes from the store */
311
312        /**
313         * This is a callback function for the scanDir
314         *
315         * @param SubDir is the sub directory relative the the Dir of scanDir
316         * @param File is the file to threat
317         * @param param must be this pointer
318         */
319        static void foundCertificate(const char *SubDir, const char *File, void *param);
320
321        APL_SmartCard *m_card;                                                                  /**< The smart card from which some certificate comes */
322        APL_CryptoFwk *m_cryptoFwk;                                                             /**< Pointer to the crypto framework */
323
324        /**
325          * Hold all the APL_Certif pointers in the store
326          *             coming from the card or not
327          *
328          * The index is the certificate unique ID
329          */
330        std::map<unsigned long,APL_Certif *> m_certifs;
331        std::vector<unsigned long> m_certifsOrder;
332        std::string m_certExtension;
333        std::string m_certs_dir;
334
335friend APL_Certifs *APL_SmartCard::getCertificates();   /**< This method must access protected constructor */
336};
337
338class APL_CertStatusCache;
339class APL_OcspResponse;
340class APL_Crl;
341struct tCertifInfo;
342
343/******************************************************************************//**
344  * Class that represents one certificate
345  *
346  * Can be constructed from a PKSC15 object from a smart card
347  * or from a certificates strore and a file.
348  *
349  * To get APL_Certif object, we have to ask it from APL_Certifs
350  *********************************************************************************/
351class APL_Certif : public APL_Crypto
352{
353
354public:
355        /**
356          * Destructor
357          *
358          * Destroy m_certFile if it has been created in the constructor
359          */
360        EIDMW_APL_API virtual ~APL_Certif(void);
361
362        EIDMW_APL_API virtual bool isAllowed();                                                 /**< The document is allowed*/
363
364        EIDMW_APL_API virtual CByteArray getXML(bool bNoHeader=false);  /**< Build the XML document */
365        EIDMW_APL_API virtual CByteArray getCSV();                      /**< Build the CSV document */
366        EIDMW_APL_API virtual CByteArray getTLV();                      /**< Build the TLV document */
367
368        EIDMW_APL_API unsigned long getIndexOnCard() const;     /**< Return Index off the certificate on card */
369        EIDMW_APL_API const char *getLabel();                   /**< Return P15 Label */
370        EIDMW_APL_API unsigned long getID() const;              /**< Return P15 ID */
371        EIDMW_APL_API unsigned long getUniqueId() const;        /**< Return the unique ID */
372        EIDMW_APL_API const CByteArray &getData() const;        /**< Return content of certificate file */
373        EIDMW_APL_API void getFormattedData(CByteArray &data) const;    /**< Return content of certificate file without ending zero */
374        EIDMW_APL_API APL_CertifType getType();                 /**< Return the type of the certificate */
375
376        /**
377          * Return the certificate issuer (NULL if not found)
378          *
379          * The certificate comes from the store
380          */
381        EIDMW_APL_API APL_Certif *getIssuer();
382
383        /**
384          * Return the root certificate at the end of the chain
385          */
386        EIDMW_APL_API APL_Certif *getRoot();
387
388        /**
389          * Return the number of children for this certificate;
390          */
391        EIDMW_APL_API unsigned long countChildren(bool bForceRecount=false);
392
393        /**
394          * Return the children certificate (certificate that has been issued by this one)
395          *
396          * @param ulIndex is the children index (the index for the first child is 0)
397          * @return if ulIndex is out of range, NULL is returned
398          *     Throw an exception EIDMW_ERR_PARAM_RANGE if index out of range
399          */
400        EIDMW_APL_API APL_Certif *getChildren(unsigned long ulIndex);
401
402        /**
403          * Return the test status
404          *
405          * @return true if test certificate
406          * @return false if good one
407          */
408        EIDMW_APL_API bool isTest();
409
410        /**
411          * @return true if the certificate is of that type
412          * @return false otherwise
413          */
414        EIDMW_APL_API bool isType(APL_CertifType type);
415
416        /**
417          * Return the root status
418          *
419          * @return true if it is a root certificate
420          * @return false otherwise
421          */
422        EIDMW_APL_API bool isRoot();
423
424        /**
425          * Return the authentication status
426          *
427          * @return true if it is a authentication certificate
428          * @return false otherwise
429          */
430        EIDMW_APL_API bool isAuthentication();
431
432        /**
433          * Return the signature status
434          *
435          * @return true if it is a signature certificate
436          * @return false otherwise
437          */
438        EIDMW_APL_API bool isSignature();
439
440        /**
441          * Return the CA status
442          *
443          * @return true if it is a CA certificate
444          * @return false otherwise
445          */
446        EIDMW_APL_API bool isCA();
447
448        /**
449          * Check if the certificate chain end by the one of pteid root;
450          *
451          * @return true if root ok
452          * @return false otherwise
453          */
454        EIDMW_APL_API bool isFromPteidValidChain();
455
456        /**
457          * Return the status of the certificate file
458          */
459        EIDMW_APL_API tCardFileStatus getFileStatus();
460
461        /**
462          * Return the status of the certificate
463          *
464          * Get the parameter crl/ocsp from config and call getStatus(bool crl, bool ocsp)
465          */
466        EIDMW_APL_API APL_CertifStatus getStatus();
467
468        /**
469          * Return the status of the certificate
470          *
471          * Call the CertStatusCache for finding or calculating this status
472          */
473        EIDMW_APL_API APL_CertifStatus getStatus(APL_ValidationLevel crl, APL_ValidationLevel ocsp);
474
475        /**
476          * Get the CRL from this certificate
477          */
478        EIDMW_APL_API APL_Crl *getCRL();
479
480        /**
481          * Get the OCSPResponder object from this certificate
482          */
483        EIDMW_APL_API APL_OcspResponse *getOcspResponse();
484
485        /**
486          * Make the CRL validation
487          */
488        EIDMW_APL_API APL_CertifStatus verifyCRL(bool forceDownload=false);
489
490        /**
491          * Make the OCSP validation
492          */
493        EIDMW_APL_API APL_CertifStatus verifyOCSP();
494
495        /**
496          * Return the OCSP Responce
497          */
498        EIDMW_APL_API CByteArray getOCSPResponse();
499
500        EIDMW_APL_API const char *x509TimeConversion (ASN1_TIME *time);
501        EIDMW_APL_API X509* ExternalCert(int cert);
502        EIDMW_APL_API const unsigned char * ExternalCertData(int certnr);
503        EIDMW_APL_API int ExternalCertDataSize(int certnr);
504        EIDMW_APL_API const char *ExternalCertSubject(int cert);
505        EIDMW_APL_API const char *ExternalCertIssuer(int cert);
506        EIDMW_APL_API unsigned long ExternalCertKeylenght(int cert);
507        EIDMW_APL_API const char *ExternalCertNotBefore(int cert);
508        EIDMW_APL_API const char *ExternalCertNotAfter(int cert);
509
510        EIDMW_APL_API const char *getSerialNumber();            /**< Return the serial number */
511        EIDMW_APL_API const char *getOwnerName();                       /**< Return the name of the owner */
512        EIDMW_APL_API const char *getIssuerName();                      /**< Return the name of the issuer */
513        EIDMW_APL_API const char *getValidityBegin();           /**< Return validity begin date */
514        EIDMW_APL_API const char *getValidityEnd();                     /**< Return validity end date */
515        EIDMW_APL_API unsigned long getKeyLength();                     /**< Return the length of public/private key */
516       
517        EIDMW_APL_API bool isHidden();                                          /**< This is an hidden certificate */
518        EIDMW_APL_API bool isFromCard();                                                /**< This certificate comes from the card */
519
520        EIDMW_APL_API APL_Certifs *getCertificates();           /**< Return a pointer to the store */
521
522        APL_CertifStatus validationCRL();       /**< Make the CRL validation (not exported, internal used from APL_CertStatusCache::checkCertValidation) */
523        APL_CertifStatus validationOCSP();      /**< Make the OCSP validation (not exported, internal used from APL_CertStatusCache::checkCertValidation) */
524
525        void resetIssuer();     /**< reset m_issuer pointer */
526        void resetRoot();       /**< reset m_root flag */
527        void resetTest();       /**< reset m_test flag */
528
529protected:
530
531        /**
532          * Constructor
533          *
534          * @param card is the smartcard where to read the file
535          * @param ulIndex is the index of the P15 object
536          */
537        APL_Certif(APL_SmartCard *card,APL_Certifs *store,unsigned long ulIndex);
538
539        /**
540          * Constructor
541          *
542          * @param store is the store in which the APL_Certif object is hold
543          * @param file is the certificate file
544          */
545        APL_Certif(APL_Certifs *store,APL_CardFile_Certificate *file,APL_CertifType type,bool bOnCard,bool bHidden,unsigned long ulIndex,const CByteArray *cert,const CByteArray *cert_tlv_struct);
546
547        /**
548          * Constructor
549          *
550          * @param store is the store in which the APL_Certif object is hold
551          * @param cert is the certificate
552          */
553        APL_Certif(APL_Certifs *store,const CByteArray &cert,APL_CertifType type,bool bHidden);
554
555private:
556        APL_Certif(const APL_Certif& certif);                           /**< Copy not allowed - not implemented */
557        APL_Certif &operator= (const APL_Certif& certif);       /**< Copy not allowed - not implemented */
558
559        /**
560          * Init m_info
561          */
562        void initInfo();
563
564        CByteArray getP15TLV();                                         /**< Return the P15 struct in a TLV CByteArray */
565        void setP15TLV(const CByteArray *bytearray);/**< Fill the P15 struct with the TLV CByteArray */
566
567        unsigned long m_ulIndex;                                                        /**< Index of the P15 object on the card */
568
569        tCert m_certP15;                                                                        /**< P15 structure load at construct time */
570        bool m_certP15Ok;                                                                       /**< P15 structure load at construct time */
571        APL_CardFile_Certificate *m_certFile;                           /**< The certificate file */
572        bool m_delCertFile;                                                                     /**< Mean that m_certFile must be deleted in destructor */
573
574        APL_CryptoFwk *m_cryptoFwk;                                                     /**< Pointer to the crypto framework */
575        APL_CertStatusCache *m_statusCache;                                     /**< Pointer to the status cache */
576
577        APL_Crl *m_crl;                                                                         /**< The crl link to the certificate */
578        APL_OcspResponse *m_ocsp;                                                       /**< The ocsp link to the certificate */
579
580        bool m_hidden;                                                                          /**< This is an hidden certificate */
581        bool m_onCard;                                                                          /**< This certificate comes from the card */
582
583        int m_test;                                                                                     /**< Test certificate : -1 = unknown, 1 = test, 0 = good certificate */
584        int m_root;                                                                                     /**< Root certificate : -1 = unknown, 1 = root, 0 = non-root */
585        APL_Certif *m_issuer;                                                           /**< Link to the certificate issuer */
586
587        APL_Certifs *m_store;                                                           /**< The store in which the APL_Certif object is hold */
588
589        bool m_initInfo;                                                                        /**< True when issuer, root and test has been set */
590        tCertifInfo *m_info;                                                            /**< Divers information about the certificate */
591
592        unsigned long m_countChildren;                                          /**< The number of children */
593
594        APL_CertifType m_type;
595
596friend APL_Certif *APL_Certifs::getCertFromCard(unsigned long ulIndex);                         /**< This method must access protected constructor */
597friend APL_Certif *APL_Certifs::addCert(APL_CardFile_Certificate *file,APL_CertifType type,bool bOnCard,bool bHidden,unsigned long ulIndex,const CByteArray *cert,const CByteArray *cert_tlv_struct);   /**< This method must access protected constructor */
598friend APL_Certif *APL_Certifs::addCert(const CByteArray &cert,APL_CertifType type,bool bHidden);               /**< This method must access protected constructor */
599};
600
601class APL_CrlDownloadingCache;
602struct tCrlInfo;
603
604/******************************************************************************//**
605  * Class that represents one crl
606  *
607  * To get APL_Crl object, we have to ask it from APL_Certif
608  *********************************************************************************/
609class APL_Crl
610{
611public:
612        /**
613          * Create an APL_Crl object from the URI only
614          * As there is no issuer, this CRL can't be verify and some method are not allowed
615          * (ex. getIssuer)
616          * Theses methods throw EIDMW_ERR_BAD_USAGE exception
617          */
618        EIDMW_APL_API APL_Crl(const char *uri);
619
620        EIDMW_APL_API virtual ~APL_Crl(void);           /**< Destructor */
621
622        /**
623          * Verify certificate trough CRL process
624          */
625        EIDMW_APL_API APL_CertifStatus verifyCert(bool forceDownload=false);
626
627        /**
628          * Return the CRL
629          * If it commes from a Certif we verify the signing
630          * If it's created from the URL only the signing is not verify
631          * @return the status of the crl
632          */
633        EIDMW_APL_API APL_CrlStatus getData(CByteArray &data,bool forceDownload=false);
634
635        /**
636          * Return the certificate issuer (NULL if not found)
637          *
638          * The certificate comes from the store
639          */
640        EIDMW_APL_API APL_Certif *getIssuer();
641
642        EIDMW_APL_API const char *getIssuerName();      /**< Return the name of the issuer */
643
644        EIDMW_APL_API const char *getUri();                     /**< Return the uri of the CRL */
645
646private:
647        APL_Crl(const char *uri,APL_Certif *certif);/**< Constructor */
648
649        APL_Crl(const APL_Crl& crl);                            /**< Copy not allowed - not implemented */
650        APL_Crl &operator= (const APL_Crl& crl);        /**< Copy not allowed - not implemented */
651
652        /**
653          * Init m_info,  m_issuer and verify the signature
654          */
655        void init();
656
657        std::string m_uri;                                                      /**< The url from where the crl comes */
658
659        bool m_initOk;                                                          /**< True when init has been done */
660        APL_Certif *m_certif;                                           /**< Link to the certificate */
661        APL_Certif *m_issuer;                                           /**< Link to the issuer certificate */
662        tCrlInfo *m_info;                                                       /**< Divers information about the crl */
663
664        APL_CrlDownloadingCache *m_cache;
665        APL_CryptoFwk *m_cryptoFwk;
666        CMutex m_Mutex;                                                                 /**< Mutex */
667
668friend APL_Crl *APL_Certif::getCRL();           /**< This method must access protected constructor */
669};
670
671struct tOcspCertID;
672
673/******************************************************************************//**
674  * Class that represents an OCSP response
675  *
676  * To get APL_OcspResponse object, we have to ask it from APL_Certif
677  *********************************************************************************/
678class APL_OcspResponse
679{
680public:
681        /**
682          * Create an APL_OcspResponse object from the URI only and CertID
683          * This OCSP Response is not link to any APL_Certif so some methods could not be used
684          * these methods throw EIDMW_ERR_BAD_USAGE exception
685          */
686        EIDMW_APL_API APL_OcspResponse(const char *uri,APL_HashAlgo hashAlgorithm,const CByteArray &issuerNameHash,const CByteArray &issuerKeyHash,const CByteArray &serialNumber);
687
688        EIDMW_APL_API virtual ~APL_OcspResponse(void);          /**< Destructor */
689
690        /**
691          * Verify certificate trough OCSP process
692          */
693        EIDMW_APL_API APL_CertifStatus verifyCert();
694
695        /**
696          * Get the OCSP Response
697          */
698        EIDMW_APL_API APL_CertifStatus getResponse(CByteArray &response);
699
700        EIDMW_APL_API const char *getUri();                     /**< Return the uri of the responder */
701
702private:
703        APL_OcspResponse(const char *uri,APL_Certif *certif);/**< Constructor */
704
705        APL_OcspResponse(const APL_OcspResponse& ocsp);                         /**< Copy not allowed - not implemented */
706        APL_OcspResponse &operator= (const APL_OcspResponse& pcsp);     /**< Copy not allowed - not implemented */
707
708        APL_CertifStatus getResponse(CByteArray *response);     /**< Get the OCSP Response */
709
710        std::string m_uri;                                                      /**< The url from where the crl comes */
711
712        APL_Certif *m_certif;                                           /**< Link to the certificate */
713
714        tOcspCertID     *m_certid;
715
716        CByteArray *m_response;
717        APL_CertifStatus m_status;
718        std::string m_validity;                                         /**<  Validity of the response */
719        unsigned long m_delay;
720
721        APL_CryptoFwk *m_cryptoFwk;
722        CMutex m_Mutex;                                                                 /**< Mutex */
723
724friend APL_OcspResponse *APL_Certif::getOcspResponse();         /**< This method must access protected constructor */
725};
726
727}
728
729#endif //__CERTIF_H__
730
Note: See TracBrowser for help on using the browser.