#include <PKIFPathSettings.h>
The related values output from a path validation operation are returned via an instance of CPKIFPathValidationResults.
The following additional information may be input via this class:
TSP-enforcing: Yes
Definition at line 54 of file PKIFPathSettings.h.
anonymous enum |
Definition at line 64 of file PKIFPathSettings.h.
CPKIFPathSettings::CPKIFPathSettings | ( | void | ) |
Interface: External
This function creates and initializes CPKIFPathSettings objects. The default constructor uses the following default values:
The current system time is always used during path validation except where an alternative time is specified via a call to SetValidationTime.
Definition at line 99 of file CACPathSettings.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
CPKIFPathSettings::CPKIFPathSettings | ( | const CPKIFPathSettings & | settings | ) |
Interface: External
This function creates and initializes CPKIFPathSettings objects. This is a copy constructor.
settings | [in] Reference to CPKIFPathSettings object to copy |
Definition at line 143 of file CACPathSettings.cpp.
References GetDepth(), GetDuration(), GetRequireSufficientlyRecent(), LOG_STRING_DEBUG, m_impl, and TOOLKIT_PATH_MISC.
CPKIFPathSettings::~CPKIFPathSettings | ( | void | ) | [virtual] |
Interface: External
This function destroys an instance of CPKIFPathSettings.
Definition at line 129 of file CACPathSettings.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
void CPKIFPathSettings::SetUseValidatorFilterWhenBuilding | ( | bool | b | ) |
Interface: External
This function is used to set Boolean value indicating whether basic validation checks should be performed during path development. The default value is true.
b | [in] Boolean value indicating whether basic path validation checks should be performed during path development |
Definition at line 56 of file CACPathSettings.cpp.
bool CPKIFPathSettings::GetUseValidatorFilterWhenBuilding | ( | ) | const |
Interface: External
This function is used to get Boolean value indicating whether basic validation checks should be performed during path development. The default value is true.
Definition at line 72 of file CACPathSettings.cpp.
void CPKIFPathSettings::SetInitialExplicitPolicyIndicator | ( | bool | b | ) |
Interface: External
This function is used to set the Boolean value of the initial require explicit policy indicator during path validation. The default value is false (i.e. an explicit policy is not required).
b | [in] Boolean value to assign to the initial require explicit policy indicator |
Definition at line 575 of file CACPathSettings.cpp.
References EXPLICIT_POLICY.
void CPKIFPathSettings::SetInitialPolicyMappingInhibitIndicator | ( | bool | b | ) |
Interface: External
This function is used to retrieve a Boolean value that serves as the initial inhibit policy mapping indicator for path validation operations. The default value is false (i.e. policy mapping is not inhibited).
b | [in] Boolean value of the the initial inhibit policy mapping indicator |
Definition at line 594 of file CACPathSettings.cpp.
References POLICY_MAPPING.
void CPKIFPathSettings::SetInitialInhibitAnyPolicyIndicator | ( | bool | b | ) |
Interface: External
This function is used to set a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.
b | [in] Boolean value of the the initial inhibit any policy indicator |
Definition at line 613 of file CACPathSettings.cpp.
References ANY_POLICY.
void CPKIFPathSettings::SetInitialExplicitPolicyIndicator | ( | ) |
Interface: External
This function sets the value of the initial require explicit policy indicator to true.
Definition at line 213 of file CACPathSettings.cpp.
References EXPLICIT_POLICY.
bool CPKIFPathSettings::GetInitialExplicitPolicyIndicator | ( | ) |
Interface: External
This function is used to retrieve the Boolean value of the initial require explicit policy indicator during path validation. The default value is false (i.e. an explicit policy is not required).
Definition at line 222 of file CACPathSettings.cpp.
References EXPLICIT_POLICY.
void CPKIFPathSettings::SetInitialPolicyMappingInhibitIndicator | ( | ) |
Interface: External
This function sets the value of the initial inhibit policy mapping indicator to true.
Definition at line 230 of file CACPathSettings.cpp.
References POLICY_MAPPING.
bool CPKIFPathSettings::GetInitialPolicyMappingInhibitIndicator | ( | ) |
Interface: External
This function is used to retrieve a Boolean value that serves as the initial inhibit policy mapping indicator for path validation operations. The default value is false (i.e. policy mapping is not inhibited).
Definition at line 241 of file CACPathSettings.cpp.
References POLICY_MAPPING.
void CPKIFPathSettings::SetInitialInhibitAnyPolicyIndicator | ( | ) |
Interface: External
This function is used to set a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.
Definition at line 253 of file CACPathSettings.cpp.
References ANY_POLICY.
bool CPKIFPathSettings::GetInitialInhibitAnyPolicyIndicator | ( | ) |
Interface: External
This function is used to retrieve a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.
Definition at line 265 of file CACPathSettings.cpp.
References ANY_POLICY.
void CPKIFPathSettings::SetInitialPolicySet | ( | CPKIFPolicyInformationListPtr & | initPolSet | ) |
Interface: External
This function is used to set the set of policies that comprise the initial policy set used for path validation operations. For the SetInitialPolicySet function, the initPolSet parameter should contain the policies that comprise the initial policy set to use during path validation operations. For the GetInitialPolicySet function, the initPolSet parameter receives the list of policies that comprise the initial policy set to use during path validation. The object returned by GetInitialPolicySet is a reference counted smart pointer to the policy set held by the instance of CPKIFPathSettings and should not be modified.
initPolSet | [in or out] Reference to a smart pointer to a CPKIFPolicyInformationList object. This parameter serves as input to SetInitialPolicySet and as output for GetInitialPolicySet. |
Definition at line 278 of file CACPathSettings.cpp.
void CPKIFPathSettings::GetInitialPolicySet | ( | CPKIFPolicyInformationListPtr & | initPolSet, | |
bool | bReturnAnyPolicyWhenEmpty = true | |||
) | const |
Interface: External
This function is used to retrieve the set of policies that comprise the initial policy set used for path validation operations. For the SetInitialPolicySet function, the initPolSet parameter should contain the policies that comprise the initial policy set to use during path validation operations. For the GetInitialPolicySet function, the initPolSet parameter receives the list of policies that comprise the initial policy set to use during path validation. The object returned by GetInitialPolicySet is a reference counted smart pointer to the policy set held by the instance of CPKIFPathSettings and should not be modified.
initPolSet | [out] Reference to a smart pointer to a CPKIFPolicyInformationList object. This parameter serves as input to SetInitialPolicySet and as output for GetInitialPolicySet. |
Definition at line 484 of file CACPathSettings.cpp.
References LOG_STRING_DEBUG, m_impl, and TOOLKIT_PATH_MISC.
void CPKIFPathSettings::SetInitialPermSubtrees | ( | CPKIFGeneralSubtreeListPtr & | permSubtrees | ) |
Interface: External
This function is used to set the set of GeneralSubtree that comprise the initial permitted GeneralSubtree set used for path validation operations.
permSubtrees | [in or out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees. |
Definition at line 294 of file CACPathSettings.cpp.
void CPKIFPathSettings::GetInitialPermSubtrees | ( | CPKIFGeneralSubtreeListPtr & | permSubtrees | ) | const |
Interface: External
This function is used to retrieve the set of general subtrees that comprise the initial permitted general subtree set used for path validation operations.
permSubtrees | [out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees. |
Definition at line 514 of file CACPathSettings.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
void CPKIFPathSettings::SetInitialExclSubtrees | ( | CPKIFGeneralSubtreeListPtr & | exclSubtrees | ) |
Interface: External
This function is used to set the set of GeneralSubtree that comprise the initial excluded GeneralSubtree set used for path validation operations.
exclSubtrees | [in or out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees. |
Definition at line 310 of file CACPathSettings.cpp.
void CPKIFPathSettings::GetInitialExclSubtrees | ( | CPKIFGeneralSubtreeListPtr & | exclSubtrees | ) | const |
Interface: External
This function is used to retrieve the set of general subtrees that comprise the initial permitted general subtree set used for path validation operations.
exclSubtrees | [out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialExclSubtrees and as output for GetInitialExclSubtrees. |
Definition at line 532 of file CACPathSettings.cpp.
References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.
void CPKIFPathSettings::SetRequireFreshRevocationData | ( | bool | b | ) |
Interface: External
This function is used to set a Boolean value indicating whether fresh revocation sources must be checked during path validation. The default value is false. If this value is set to true, the validation time of interest must be before the nextUpdate value present in revocation information. If this value is set to false, the validation time of interest may be after the nextUpdate value present in revocation information. Revocation information that is not fresh will be discarded during path validation.
b | [in] Boolean value indicating whether revocation information must be fresh |
Definition at line 386 of file CACPathSettings.cpp.
bool CPKIFPathSettings::GetRequireFreshRevocationData | ( | ) | const |
Interface: External
This function is used to retrieve a Boolean value indicating whether fresh revocation sources must be checked during path validation. The default value is false. If this value is set to true, the validation time of interest must be before the nextUpdate value present in revocation information. If this value is set to false, the validation time of interest may be after the nextUpdate value present in revocation information. Revocation information that is not fresh will be discarded during path validation.
Definition at line 403 of file CACPathSettings.cpp.
void CPKIFPathSettings::SetOverrideCallback | ( | bool(*)(int, CPKIFCertificatePtr &, const CPKIFCertificatePath &) | overrideCallback | ) |
Interface: Module
This function is used to set override callback
Definition at line 550 of file CACPathSettings.cpp.
bool(* CPKIFPathSettings::GetOverrideCallback | ( | ) | const |
void CPKIFPathSettings::SetCheckRevocationStatus | ( | bool | checkRevStatus | ) |
Interface: External
This function is used to set a Boolean value indicating whether revocation status should be checked during path validation. The default value is true. If this value is set to false, revocation checking will not be performed during path validation operations.
checkRevStatus | [in] Boolean value that indicates whether a revocation status determination should be attempted during path validation operations |
Definition at line 413 of file CACPathSettings.cpp.
bool CPKIFPathSettings::GetCheckRevocationStatus | ( | ) | const |
Interface: External
This function is used to retrieve a Boolean value indicating whether revocation status should be checked during path validation. The default value is true. If this value is set to false, revocation checking will not be performed during path validation operations.
Definition at line 430 of file CACPathSettings.cpp.
void CPKIFPathSettings::SetValidationTime | ( | CPKIFTimePtr & | time | ) |
Interface: External
This function is used to set the validation time to use during a path validation operation. This value should only be specified when the time of interest is not the current system time. Typically, this would be invoked when determining if a digital signature was valid some time in the past, possibly motivated by expiration of one or more relevant certificates.
time | [in] A reference to a smart pointer to CPKIFTime object intidating the validation time to be set. |
Definition at line 443 of file CACPathSettings.cpp.
References SetRequireValidationTimeNesting().
CPKIFTimePtr CPKIFPathSettings::GetValidationTime | ( | ) | const |
Interface: External
This function is used to retrieve the validation time to use during a path validation operation. This value should only be specified when the time of interest is not the current system time. Typically, this would be invoked when determining if a digital signature was valid some time in the past, possibly motivated by expiration of one or more relevant certificates.
Definition at line 464 of file CACPathSettings.cpp.
References CPKIFTime::CurrentTime().
void CPKIFPathSettings::SetRequireValidationTimeNesting | ( | bool | b | ) |
bool CPKIFPathSettings::GetRequireValidationTimeNesting | ( | ) |
Definition at line 660 of file CACPathSettings.cpp.
int CPKIFPathSettings::GetDepth | ( | ) | const |
Interface: External
This function is used to get the maximum depth value. The depth value determines the maximum length path that the path builder implementation will return, i.e. path development will not proceed beyond depth certificates. The path validation implementation does not process this value and will attempt to validate paths of any length.
Definition at line 634 of file CACPathSettings.cpp.
Referenced by CPKIFPathSettings().
void CPKIFPathSettings::SetDepth | ( | int | d | ) |
Interface: External
This functions are used to set the maximum depth value. The depth value determines the maximum length path that the path builder implementation will return, i.e. path development will not proceed beyond depth certificates. The path validation implementation does not process this value and will attempt to validate paths of any length.
d | [in] Integer value that indicates what the new maximum path depth will be. |
Definition at line 649 of file CACPathSettings.cpp.
void CPKIFPathSettings::SetRequireSufficientlyRecent | ( | bool | requireSufficientlyRecent | ) |
Interface: External
The default value for the RequireSufficientlyRecent property is true.
requireSufficientlyRecent | [in] Boolean value indicating if OCSP responses and CRLs are required to have a thisUpdate value within a specified time window |
Definition at line 342 of file CACPathSettings.cpp.
bool CPKIFPathSettings::GetRequireSufficientlyRecent | ( | ) | const |
Interface: External
The default value for the RequireSufficientlyRecent property is true.
Definition at line 371 of file CACPathSettings.cpp.
Referenced by CPKIFPathSettings().
void CPKIFPathSettings::SetSufficientlyRecent | ( | int | seconds | ) |
Interface: External
The default value for the SufficientlyRecent property is 2,592,000 seconds, e.g. 30 days. Revocation information containing a thisUpdate value that is not "sufficiently recent" will be discarded.
seconds | [in] Integer that specifies the number of seconds that when applied to the current time yields the time window in which the thisUpdate value of an OCSP response or CRL must fall when the RequireSufficientlyRecent property is set to true |
Definition at line 327 of file CACPathSettings.cpp.
CPKIFDurationPtr CPKIFPathSettings::GetDuration | ( | ) | const |
Interface: External
This function returns a smart pointer to a CPKIFDuration object. The CPKIFDuration object was created by the call to SetSufficientlyRecent function. It specifies a time window in which the thisUpdate value of an OCSP response or CRL must fall when the RequireSufficientlyRecent property is set to true. The duration value is subtracted from the validation time of interest and compared to the thisUpdate value present in revocation information. Revocation information that is not sufficiently recent will be discarded during path validation.
Definition at line 359 of file CACPathSettings.cpp.
Referenced by CPKIFPathSettings().