WvStreams
|
00001 /* -*- Mode: C++ -*- 00002 * 00003 * OCSP request and response abstractions. 00004 * 00005 * OCSP provides a quick way of checking whether a certificate is valid or 00006 * not. For more information, see: http://en.wikipedia.org/wiki/OCSP 00007 * 00008 * For the sake of both ease of implementation and use, these classes only 00009 * expose a simplified subset of OCSP functionality. 00010 * - A nonce (unique identifier for the request) is always sent in the 00011 * request. 00012 * - Both the request and response objects assume only one certificate is to 00013 * be validated. 00014 * 00015 */ 00016 #ifndef __WVOCSP_H 00017 #define __WVOCSP_H 00018 #include "wvx509.h" 00019 00020 #include <openssl/ocsp.h> 00021 00022 00023 class WvOCSPReq 00024 { 00025 public: 00026 WvOCSPReq(const WvX509 &cert, const WvX509 &issuer); 00027 virtual ~WvOCSPReq(); 00028 00029 void encode(WvBuf &buf); 00030 00031 private: 00032 WvOCSPReq(WvOCSPReq &); // not implemented yet 00033 friend class WvOCSPResp; 00034 OCSP_CERTID *id; 00035 OCSP_REQUEST *req; 00036 }; 00037 00038 00039 class WvOCSPResp 00040 { 00041 public: 00042 WvOCSPResp(); 00043 virtual ~WvOCSPResp(); 00044 00045 void decode(WvBuf &buf); 00046 00047 bool isok() const; 00048 bool check_nonce(const WvOCSPReq &req) const; 00049 bool signedbycert(const WvX509 &cert) const; 00050 WvX509 get_signing_cert() const; 00051 00052 enum Status { Error, Good, Revoked, Unknown }; 00053 Status get_status(const WvX509 &cert, const WvX509 &issuer) const; 00054 static WvString status_str(Status status); 00055 00056 private: 00057 WvOCSPResp(WvOCSPResp &); // not implemented yet 00058 OCSP_RESPONSE *resp; 00059 OCSP_BASICRESP * bs; 00060 mutable WvLog log; 00061 }; 00062 00063 #endif // __WVOCSP_H