The following sample demonstrates creation of a custom mediator/colleague set that includes a revocation status mediator that will check a trusted OCSP responder first, an AIA identified OCSP responders second and CRLs as a last resort.
Supported Languages
void
EnablingOCSP_LowLevel()
{
//Create and
initialize a crypto mediator with the default colleagues
CPKIFCryptoMediator2Ptr cryptoMed(new CPKIFCryptoMediator2(true));
cryptoMed->InitializeMediator(NULL);
//Create and
initialize a cache mediator with the default colleagues
CPKIFCacheMediator2Ptr cacheMed(new CPKIFCacheMediator2(true));
cacheMed->InitializeMediator(NULL);
//Create and
initialize a path mediator with the default colleagues
CPKIFPathProcessingMediator2Ptr pathMed(new CPKIFPathProcessingMediator2(true));
pathMed->InitializeMediator(NULL);
//Create and
initialize a revocation status mediator with no colleagues.
CPKIFRevocationStatusMediator2Ptr rsm(new CPKIFRevocationStatusMediator2());
rsm->InitializeMediator(NULL);
//Add the
mediators created in the above to the revocation status mediator
rsm->AddMediator(dynamic_pointer_cast<IPKIFMediator,
CPKIFCryptoMediator2>(cryptoMed));
rsm->AddMediator(dynamic_pointer_cast<IPKIFMediator,
CPKIFCacheMediator2>(cacheMed));
rsm->AddMediator(dynamic_pointer_cast<IPKIFMediator,
CPKIFPathProcessingMediator2>(pathMed));
//Create an OCSP
object to reference a trusted responder.
This must be
//be the first colleague
added to the collection held by the revocation
//status
mediator if it is to always be consulted prior to trying
//CRLs or
AIA-based OCSP responders. By specifying
a host, this instance
//will behave as
a locally configured client and will not perform consult
//responders
identified via AIA extensions.
CPKIFOCSPCheckerPtr
localOCSP(new CPKIFOCSPChecker());
localOCSP->SetHost("http://trustedresponder.com");
localOCSP->Set_Port(80);
//Create an OCSP
colleage to consult responders identified in
//AIA extensions
if necessary. Do not specify a host or
port.
CPKIFOCSPCheckerPtr aiaOCSP(new CPKIFOCSPChecker());
//Create an
object to check CRLs in the event that OCSP
//processing
does not yield a definitive answer.
CPKIFX509CRLCheckerPtr crlChecker(new CPKIFX509CRLChecker());
//Set up the
mediator so the local responder is checked first
//followed by
AIA then CRLs.
rsm->AddColleague(dynamic_pointer_cast<IPKIFColleague,
CPKIFOCSPChecker>(localOCSP));
rsm->AddColleague(dynamic_pointer_cast<IPKIFColleague,
CPKIFOCSPChecker>(aiaOCSP));
rsm->AddColleague(dynamic_pointer_cast<IPKIFColleague,
CPKIFX509CRLChecker>(crlChecker));
}
public void EnablingOCSP_LowLevel()
{
//Create and
initialize a crypto mediator with the default colleagues
IPKIFColleaguePtr
cryptoMedInter = pkif_module.make_NewCPKIFCryptoMediator2(true);
CPKIFCryptoMediator2
cryptoMed = pkif_module.Get_CryptoMediator(cryptoMedInter);
cryptoMed.Initialize();
//Create and
initialize a cache mediator with the default colleagues
IPKIFColleaguePtr
cacheMedInter = pkif_module.make_NewCPKIFCacheMediator2(true);
CPKIFCacheMediator2
cacheMed = pkif_module.Get_CacheMediator(cacheMedInter);
cacheMed.Initialize();
//Create and
initialize a path mediator with the default colleagues
IPKIFColleaguePtr
pathMedInter = pkif_module.make_NewCPKIFPathProcessingMediator2(true);
CPKIFPathProcessingMediator2
pathMed = pkif_module.Get_PathProcessingMediator(pathMedInter);
pathMed.Initialize();
//Create and
initialize a revocation status mediator with no colleagues.
IPKIFColleaguePtr
rsmInter = pkif_module.make_NewCPKIFRevocationStatusMediator2(false);
CPKIFRevocationStatusMediator2
rsm = pkif_module.Get_RevocationStatusMediator(rsmInter);
rsm.Initialize();
//Add the
mediators created in the above to the revocation status mediator
rsm.AddMediator(cryptoMedInter);
rsm.AddMediator(cacheMedInter);
rsm.AddMediator(pathMedInter);
//Create an OCSP
object to reference a trusted responder.
This must be
//be the first
colleague added to the collection held by the revocation
//status mediator
if it is to always be consulted prior to trying
//CRLs or
AIA-based OCSP responders. By specifying
a host, this instance
//will behave as
a locally configured client and will not perform consult
//responders
identified via AIA extensions.
IPKIFColleaguePtr
localOCSPCol = pkif_module.make_NewCPKIFOCSPChecker();
CPKIFOCSPCheckerPtr
localOCSP = pkif_module.cast_ToCPKIFOCSPChecker(localOCSPCol);
localOCSP.SetHost("http://trustedresponder.com");
localOCSP.Set_Port(80);
//Create an OCSP
colleage to consult responders identified in
//AIA extensions
if necessary. Do not specify a host or
port.
IPKIFColleaguePtr
aiaOCSPCol = pkif_module.make_NewCPKIFOCSPChecker();
CPKIFOCSPCheckerPtr
aiaOCSP = pkif_module.cast_ToCPKIFOCSPChecker(aiaOCSPCol);
//Create an
object to check CRLs in the event that OCSP
//processing does
not yield a definitive answer.
IPKIFColleaguePtr
crlCheckerCol = pkif_module.make_NewCPKIFX509CRLChecker();
CPKIFX509CRLCheckerPtr
crlChecker = pkif_module.cast_ToCPKIFX509CRLChecker(crlCheckerCol);
//Set up the
mediator so the local responder is checked first
//followed by AIA
then CRLs.
rsm.AddColleague(localOCSPCol);
rsm.AddColleague(aiaOCSPCol);
rsm.AddColleague(crlCheckerCol);
}
public void
EnablingOCSP_LowLevel()
{
//Create and initialize a crypto
mediator with the default colleagues
IPKIFColleaguePtr cryptoMedInter =
pkif_module.make_NewCPKIFCryptoMediator2(true);
CPKIFCryptoMediator2 cryptoMed =
pkif_module.Get_CryptoMediator(cryptoMedInter);
cryptoMed.Initialize();
//Create and initialize a cache
mediator with the default colleagues
IPKIFColleaguePtr cacheMedInter =
pkif_module.make_NewCPKIFCacheMediator2(true);
CPKIFCacheMediator2 cacheMed = pkif_module.Get_CacheMediator(cacheMedInter);
cacheMed.Initialize();
//Create and initialize a path
mediator with the default colleagues
IPKIFColleaguePtr pathMedInter =
pkif_module.make_NewCPKIFPathProcessingMediator2(true);
CPKIFPathProcessingMediator2 pathMed =
pkif_module.Get_PathProcessingMediator(pathMedInter);
pathMed.Initialize();
//Create and initialize a revocation
status mediator with no colleagues.
IPKIFColleaguePtr rsmInter = pkif_module.make_NewCPKIFRevocationStatusMediator2(false);
CPKIFRevocationStatusMediator2 rsm =
pkif_module.Get_RevocationStatusMediator(rsmInter);
rsm.Initialize();
//Add the mediators created in the
above to the revocation status mediator
rsm.AddMediator(cryptoMedInter);
rsm.AddMediator(cacheMedInter);
rsm.AddMediator(pathMedInter);
//Create an OCSP object to reference a
trusted responder. This must be
//be the first colleague added to the
collection held by the revocation
//status mediator if it is to always
be consulted prior to trying
//CRLs or AIA-based OCSP
responders. By specifying a host, this
instance
//will behave as a locally configured
client and will not perform consult
//responders identified via AIA
extensions.
IPKIFColleaguePtr localOCSPCol =
pkif_module.make_NewCPKIFOCSPChecker();
CPKIFOCSPCheckerPtr localOCSP =
pkif_module.cast_ToCPKIFOCSPChecker(localOCSPCol);
localOCSP.SetHost("http://trustedresponder.com");
localOCSP.Set_Port(80);
//Create an OCSP colleage to consult
responders identified in
//AIA extensions if necessary. Do not specify a host or port.
IPKIFColleaguePtr aiaOCSPCol = pkif_module.make_NewCPKIFOCSPChecker();
CPKIFOCSPCheckerPtr aiaOCSP = pkif_module.cast_ToCPKIFOCSPChecker(aiaOCSPCol);
//Create an object to check CRLs in
the event that OCSP
//processing does not yield a
definitive answer.
IPKIFColleaguePtr crlCheckerCol =
pkif_module.make_NewCPKIFX509CRLChecker();
CPKIFX509CRLCheckerPtr crlChecker =
pkif_module.cast_ToCPKIFX509CRLChecker(crlCheckerCol);
//Set up the mediator so the local
responder is checked first
//followed by AIA then CRLs. This example does not transfer
//lifetime management of the objects
to the mediator so they
//must be deleted below after the
mediator is no longer needed.
rsm.AddColleague(localOCSPCol);
rsm.AddColleague(aiaOCSPCol);
rsm.AddColleague(crlCheckerCol);
}