CPKIFNSSTrustStore Class Reference
#include <PKIFNSSTrustStore.h>
Detailed Description
The CPKIFNSSTrustStore class can be used to retrieve trust anchors from a NSS certificate store. It implements one PKI-related interface: IPKIFTrustCache.Typically, this class is not used directly by applications and is primarily intended for as a colleague associated with a cache mediator used by the path builder.
TSP-enforcing: No
Definition at line 28 of file PKIFNSSTrustStore.h.
Public Member Functions | |
| CPKIFNSSTrustStore (const std::string &dbdir="") | |
| ~CPKIFNSSTrustStore () | |
| bool | GetTrustRoots (const CPKIFNamePtr &subDN, IPKIFTrustAnchorList &root) |
| void | Initialize (void) |
Constructor & Destructor Documentation
| CPKIFNSSTrustStore::CPKIFNSSTrustStore | ( | const std::string & | dbdir = "" |
) |
Interface: External
This function creates and initializes CPKIFCAPITrustStore2 objects. The parameter determines which NSS database is associated with an instance of CPKIFNSSTrustStore.
If no dbdir is apecified an already open database is used. An exception is thrown if the database already been opened with a different directory.
- Returns:
- None
Definition at line 46 of file PKIFNSSTrustStore.cpp.
References CPKIFNSSDatabase::GetInstance(), LOG_STRING_DEBUG, and TOOLKIT_SR_NSSTRUSTSTORE.
| CPKIFNSSTrustStore::~CPKIFNSSTrustStore | ( | void | ) |
Interface: External
This function destroys CPKIFNSSTrustStore objects
- Returns:
- None
Definition at line 70 of file PKIFNSSTrustStore.cpp.
References LOG_STRING_DEBUG, PKIFDelete(), and TOOLKIT_SR_NSSTRUSTSTORE.
Member Function Documentation
| bool CPKIFNSSTrustStore::GetTrustRoots | ( | const CPKIFNamePtr & | subDN, | |
| IPKIFTrustAnchorList & | root | |||
| ) | [virtual] |
Interface: External
This function appends pointers to trust roots that are issued to subDN to rootList. This function will search the NSS database identified by the constructor parameter.
The way PKIF will determine that a cert from an NSS database is a trust anchor is based on the trust flags as stored in NSS. We'll use the CERTDB_TRUSTED_CA flag. To add certs with this flag using certutil, use certutil -A -n nickname -d dbdir -t "C,,," -i certfile
To add intermediate CA certs, use certutil -A -n nickname -d dbdir -t "c,,," -i certfile
Since PKIF is not concerned with email-vs-ssl-vs-object signing wrt cert stores any of the three applications may be flagged.
- Returns:
- True if at least one trust anchor was found matching the specific distinguished name; false if no trust anchors were found.
- Exceptions:
-
CPKIFCacheException(COMMON_NOT_INITIALIZED)
Implements IPKIFTrustCache.
Definition at line 97 of file PKIFNSSTrustStore.cpp.
References CACHE_ENTRY_BAD, CACHE_PARSE_ERROR, COMMON_NOT_INITIALIZED, LOG_STRING_DEBUG, LOG_STRING_ERROR, RAISE_CACHE_EXCEPTION, and TOOLKIT_SR_NSSTRUSTSTORE.
| void CPKIFNSSTrustStore::Initialize | ( | void | ) | [virtual] |
Interface: External
This function initializes an instance for use in a collection of IPKIFColleague objects held by a mediator.
- Returns:
- None
Reimplemented from IPKIFColleague.
Definition at line 169 of file PKIFNSSTrustStore.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_SR_NSSTRUSTSTORE.
The documentation for this class was generated from the following files:
