include/wvocsp.h

   1 /* -*- Mode: C++ -*-
   2  *
   3  * OCSP request and response abstractions.
   4  *
   5  * OCSP provides a quick way of checking whether a certificate is valid or
   6  * not. For more information, see: http://en.wikipedia.org/wiki/OCSP
   7  *
   8  * For the sake of both ease of implementation and use, these classes only
   9  * expose a simplified subset of OCSP functionality.
  10  *  - A nonce (unique identifier for the request) is always sent in the
  11  *    request.
  12  *  - Both the request and response objects assume only one certificate is to
  13  *    be validated.
  14  *
  15  */
  16 #ifndef __WVOCSP_H
  17 #define __WVOCSP_H
  18 #include "wvx509.h"
  19
  20 #include <openssl/ocsp.h>
  21
  22
  23 class WvOCSPReq
  24 {
  25 public:
  26     WvOCSPReq(const WvX509 &cert, const WvX509 &issuer);
  27     virtual ~WvOCSPReq();
  28
  29     void encode(WvBuf &buf);
  30
  31 private:
  32     WvOCSPReq(WvOCSPReq &); // not implemented yet
  33     friend class WvOCSPResp;
  34     OCSP_CERTID *id;
  35     OCSP_REQUEST *req;
  36 };
  37
  38
  39 class WvOCSPResp
  40 {
  41 public:
  42     WvOCSPResp();
  43     virtual ~WvOCSPResp();
  44
  45     void decode(WvBuf &buf);
  46
  47     bool isok() const;
  48     bool check_nonce(const WvOCSPReq &req) const;
  49     bool signedbycert(const WvX509 &cert) const;
  50     WvX509 get_signing_cert() const;
  51
  52     enum Status { Error, Good, Revoked, Unknown };
  53     Status get_status(const WvX509 &cert, const WvX509 &issuer) const;
  54     static WvString status_str(Status status);
  55
  56 private:
  57     WvOCSPResp(WvOCSPResp &); // not implemented yet
  58     OCSP_RESPONSE *resp;
  59     OCSP_BASICRESP * bs;
  60     mutable WvLog log;
  61 };
  62
  63 #endif // __WVOCSP_H