WvStreams
wvocsp.h
00001 /* -*- Mode: C++ -*-
00002  *
00003  * OCSP request and response abstractions.
00004  *
00005  * OCSP provides a quick way of checking whether a certificate is valid or 
00006  * not. For more information, see: http://en.wikipedia.org/wiki/OCSP
00007  *
00008  * For the sake of both ease of implementation and use, these classes only 
00009  * expose a simplified subset of OCSP functionality.
00010  *  - A nonce (unique identifier for the request) is always sent in the 
00011  *    request.
00012  *  - Both the request and response objects assume only one certificate is to 
00013  *    be validated.
00014  *
00015  */ 
00016 #ifndef __WVOCSP_H
00017 #define __WVOCSP_H
00018 #include "wvx509.h"
00019 
00020 #include <openssl/ocsp.h>
00021 
00022 
00023 class WvOCSPReq
00024 {
00025 public:
00026     WvOCSPReq(const WvX509 &cert, const WvX509 &issuer);
00027     virtual ~WvOCSPReq();
00028 
00029     void encode(WvBuf &buf);
00030 
00031 private:
00032     WvOCSPReq(WvOCSPReq &); // not implemented yet
00033     friend class WvOCSPResp;
00034     OCSP_CERTID *id;
00035     OCSP_REQUEST *req;
00036 };
00037 
00038 
00039 class WvOCSPResp
00040 {
00041 public:
00042     WvOCSPResp();
00043     virtual ~WvOCSPResp();
00044 
00045     void decode(WvBuf &buf);
00046 
00047     bool isok() const;
00048     bool check_nonce(const WvOCSPReq &req) const;    
00049     bool signedbycert(const WvX509 &cert) const;
00050     WvX509 get_signing_cert() const;
00051 
00052     enum Status { Error, Good, Revoked, Unknown };
00053     Status get_status(const WvX509 &cert, const WvX509 &issuer) const;
00054     static WvString status_str(Status status);
00055 
00056 private:
00057     WvOCSPResp(WvOCSPResp &); // not implemented yet
00058     OCSP_RESPONSE *resp;
00059     OCSP_BASICRESP * bs;
00060     mutable WvLog log;
00061 };
00062 
00063 #endif // __WVOCSP_H