WvStreams
wvocsp.h
1/* -*- Mode: C++ -*-
2 *
3 * OCSP request and response abstractions.
4 *
5 * OCSP provides a quick way of checking whether a certificate is valid or
6 * not. For more information, see: http://en.wikipedia.org/wiki/OCSP
7 *
8 * For the sake of both ease of implementation and use, these classes only
9 * expose a simplified subset of OCSP functionality.
10 * - A nonce (unique identifier for the request) is always sent in the
11 * request.
12 * - Both the request and response objects assume only one certificate is to
13 * be validated.
14 *
15 */
16#ifndef __WVOCSP_H
17#define __WVOCSP_H
18#include "wvx509.h"
19
20#include <openssl/ocsp.h>
21
22
24{
25public:
26 WvOCSPReq(const WvX509 &cert, const WvX509 &issuer);
27 virtual ~WvOCSPReq();
28
29 void encode(WvBuf &buf);
30
31private:
32 WvOCSPReq(WvOCSPReq &); // not implemented yet
33 friend class WvOCSPResp;
34 OCSP_CERTID *id;
35 OCSP_REQUEST *req;
36};
37
38
40{
41public:
42 WvOCSPResp();
43 virtual ~WvOCSPResp();
44
45 void decode(WvBuf &buf);
46
47 bool isok() const;
48 bool check_nonce(const WvOCSPReq &req) const;
49 bool signedbycert(const WvX509 &cert) const;
50 WvX509 get_signing_cert() const;
51
52 enum Status { Error, Good, Revoked, Unknown };
53 Status get_status(const WvX509 &cert, const WvX509 &issuer) const;
54 static WvString status_str(Status status);
55
56private:
57 WvOCSPResp(WvOCSPResp &); // not implemented yet
58 OCSP_RESPONSE *resp;
59 OCSP_BASICRESP * bs;
60 mutable WvLog log;
61};
62
63#endif // __WVOCSP_H
Specialization of WvBufBase for unsigned char type buffers intended for use with raw memory buffers.
Definition: wvbuf.h:24
A WvLog stream accepts log messages from applications and forwards them to all registered WvLogRcv's.
Definition: wvlog.h:57
WvString is an implementation of a simple and efficient printable-string class.
Definition: wvstring.h:330
X509 Class to handle certificates and their related functions.
Definition: wvx509.h:42