BasicConstraintsViolation Class Reference
#include <BasicConstraintsViolation.h>
Detailed Description
This helper class is used in conjunction with the standard remove_if algorithm in CPKIFDefaultScoring to identify certificates that create a basic constraints violation when building in the forward direction (i.e., from the target). If a candidate certificate includes a basicConstraints extension with a pathLength component, the pathLength is evaluated against the number of certificates already in the candidate path. If the length results in a violation then the certificate need not be considered within the context of that candidate path.TSP-enforcing: No
Definition at line 27 of file BasicConstraintsViolation.h.
Public Member Functions | |
| BasicConstraintsViolation () | |
| bool | operator() (const CPKIFCertificateNodeEntryPtr &entry) |
| void | SetCACount (int caCount) |
Constructor & Destructor Documentation
| BasicConstraintsViolation::BasicConstraintsViolation | ( | ) |
Interface: Subsystem
The constructor initializes the CA count to a negative number. Users of this class must set the CA count using SetCACount prior to invoking remove_if.
- Returns:
- None
Definition at line 32 of file BasicConstraintsViolation.cpp.
Member Function Documentation
| bool BasicConstraintsViolation::operator() | ( | const CPKIFCertificateNodeEntryPtr & | entry | ) |
Interface: Subsystem
This class is invoked when a standard algorithm that accepts a predicate class is invoked using an instance of this class, e.g., remove_if. The certificate passed as the entry parameter is inspected to determine if a basic constraints extension with a length constraint is present. If not, this function returns false and the algorithm instance should not flag the certificate. If true, the value is compared to the value passed to SetCACount. If the path length constraint is less than the number of CAs, then true is returned and the certificate is flagged as creating a constraint violation. If the parameter passed as entry is NULL or does not contain a certificate, true is returned and the node is flagged. The caller should make sure this does not occur.
- Returns:
- None
- Parameters:
-
entry [in] CPKIFCertificateNodeEntry object containing a certificate to inspect for basicConstraints violation
Definition at line 68 of file BasicConstraintsViolation.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
| void BasicConstraintsViolation::SetCACount | ( | int | caCount | ) |
Interface: Subsystem
This function is used to specify the number of CAs below the CA certificates evaluated by a subsequent call to remove_if. The aim is to identify certificates that introduce a constraint that would yield a validation given the indicated number of CAs. For example, if SetCACount is set to 3 and a path length constraint in a certificate presented to the () operation, e.g., such as during a call to remove_if, that certificate will be flagged and can be removed from the list or have its score set to zero, etc.
- Returns:
- None
- Parameters:
-
caCount [in] CA count
Definition at line 48 of file BasicConstraintsViolation.cpp.
The documentation for this class was generated from the following files:
