2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @author Bartlomiej Grzelewski (b.grzelewski@gmail.com)
19 * @file CertificateVerifier.h
20 * @brief This class integrates OCSP and CRL into one module.
22 #ifndef _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
23 #define _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
25 #include "Certificate.h"
26 #include "CertificateCollection.h"
27 #include "CachedCRL.h"
28 #include "CachedOCSP.h"
29 #include "VerificationStatus.h"
31 namespace ValidationCore {
33 class CertificateVerifier {
35 explicit CertificateVerifier(bool enableOcsp, bool enableCrl);
36 ~CertificateVerifier(){}
39 * Run OCSP and CRL for all certificates in collection.
40 * Collection must represent chain.
42 * Evaluate status. This function converts ocsp status set
43 * into one status - the most restricted. This one ocsp status
44 * and status from crl is evaluated to end result.
46 * Algorithm to evaluate result is represented in table:
48 * +--------------+-------+-------+-------+------------+---------+
49 * | OCSP |Good |Revoked|Unknown|Undetermined|Not |
50 * | | | | | |supported|
52 * +--------------+-------+-------+-------+------------+---------+
53 * | GOOD |GOOD |Revoked|Unknown|Undetermined|Good |
54 * +--------------+-------+-------+-------+------------+---------+
55 * | REVOKED |Revoked|Revoked|Revoked|Revoked |Revoked |
56 * +--------------+-------+-------+-------+------------+---------+
57 * | UNDETERMINED |Good |Revoked|Unknown|Undetermined|Good |
58 * +--------------+-------+-------+-------+------------+---------+
59 * | Not supported|Good |Revoked|Unknown|Undetermined|Good |
60 * +--------------+-------+-------+-------+------------+---------+
62 * As Undetermind function returns VERIFICATION_STATUS_ERROR.
65 VerificationStatus check(CertificateCollection &certCollection) const;
67 VerificationStatus checkEndEntity(
68 CertificateCollectionList &certCollectionList) const;
71 VerificationStatus obtainOcspStatus(
72 const CertificateCollection &chain) const;
73 VerificationStatus obtainCrlStatus(
74 const CertificateCollection &chain) const;
75 VerificationStatus getStatus(VerificationStatus ocsp,
76 VerificationStatus crl) const;
82 } // namespace ValidationCore
84 #endif // _SRC_VALIDATION_CORE_CERTIFICATE_VERIFIER_H_