CPKIFPathSettings Class Reference

#include <PKIFPathSettings.h>

Collaboration diagram for CPKIFPathSettings:

Collaboration graph
[legend]

List of all members.


Detailed Description

The CPKIFPathSettings class is the means for specifying inputs to path building and path validation operations. This class provides an interface to specify standard path validation inputs including the following:


The related values output from a path validation operation are returned via an instance of CPKIFPathValidationResults.

The following additional information may be input via this class:


 TSP-enforcing: Yes 

Definition at line 54 of file PKIFPathSettings.h.


Public Types

enum  { EXPLICIT_POLICY, POLICY_MAPPING, ANY_POLICY }

Public Member Functions

 CPKIFPathSettings (void)
 CPKIFPathSettings (const CPKIFPathSettings &settings)
virtual ~CPKIFPathSettings (void)
void SetUseValidatorFilterWhenBuilding (bool b)
bool GetUseValidatorFilterWhenBuilding () const
void SetInitialExplicitPolicyIndicator (bool b)
void SetInitialPolicyMappingInhibitIndicator (bool b)
void SetInitialInhibitAnyPolicyIndicator (bool b)
void SetInitialExplicitPolicyIndicator ()
bool GetInitialExplicitPolicyIndicator ()
void SetInitialPolicyMappingInhibitIndicator ()
bool GetInitialPolicyMappingInhibitIndicator ()
void SetInitialInhibitAnyPolicyIndicator ()
bool GetInitialInhibitAnyPolicyIndicator ()
void SetInitialPolicySet (CPKIFPolicyInformationListPtr &initPolSet)
void GetInitialPolicySet (CPKIFPolicyInformationListPtr &initPolSet, bool bReturnAnyPolicyWhenEmpty=true) const
void SetInitialPermSubtrees (CPKIFGeneralSubtreeListPtr &permSubtrees)
void GetInitialPermSubtrees (CPKIFGeneralSubtreeListPtr &permSubtrees) const
void SetInitialExclSubtrees (CPKIFGeneralSubtreeListPtr &exclSubtrees)
void GetInitialExclSubtrees (CPKIFGeneralSubtreeListPtr &exclSubtrees) const
void SetRequireFreshRevocationData (bool b)
bool GetRequireFreshRevocationData () const
void SetOverrideCallback (bool(*overrideCallback)(int, CPKIFCertificatePtr &, const CPKIFCertificatePath &))
bool(* GetOverrideCallback ())(int, CPKIFCertificatePtr &, const CPKIFCertificatePath &)
void SetCheckRevocationStatus (bool checkRevStatus)
bool GetCheckRevocationStatus () const
void SetValidationTime (CPKIFTimePtr &time)
CPKIFTimePtr GetValidationTime () const
void SetRequireValidationTimeNesting (bool b)
bool GetRequireValidationTimeNesting ()
int GetDepth () const
void SetDepth (int d)
void SetRequireSufficientlyRecent (bool requireSufficientlyRecent)
bool GetRequireSufficientlyRecent () const
void SetSufficientlyRecent (int seconds)
CPKIFDurationPtr GetDuration () const

Member Enumeration Documentation

anonymous enum

Enumerator:
EXPLICIT_POLICY 
POLICY_MAPPING 
ANY_POLICY 

Definition at line 64 of file PKIFPathSettings.h.


Constructor & Destructor Documentation

CPKIFPathSettings::CPKIFPathSettings ( void   ) 

Interface: External

This function creates and initializes CPKIFPathSettings objects. The default constructor 
uses the following default values:

  • UseValidatorFilterWhenBuilding – true,
  • RequireFreshRevocationData – false,
  • OverrideCallback – NULL,
  • CheckRevocationStatus – true,
  • InitialExplicitPolicyIndicator – false,
  • InhibitPolicyMappingIndicator – false,
  • InitialInhibitAnyPolicyIndicator – false,
  • InitialPolicySet – false

The current system time is always used during path validation except where an alternative time is specified via a call to SetValidationTime.

Returns:
None

Definition at line 99 of file CACPathSettings.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.

CPKIFPathSettings::CPKIFPathSettings ( const CPKIFPathSettings settings  ) 

Interface: External

This function creates and initializes CPKIFPathSettings objects. This is a copy constructor.

Returns:
None
Parameters:
settings  [in] Reference to CPKIFPathSettings object to copy

Definition at line 143 of file CACPathSettings.cpp.

References GetDepth(), GetDuration(), GetRequireSufficientlyRecent(), LOG_STRING_DEBUG, m_impl, and TOOLKIT_PATH_MISC.

CPKIFPathSettings::~CPKIFPathSettings ( void   )  [virtual]

Interface: External

This function destroys an instance of CPKIFPathSettings.

Returns:
None

Definition at line 129 of file CACPathSettings.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.


Member Function Documentation

void CPKIFPathSettings::SetUseValidatorFilterWhenBuilding ( bool  b  ) 

Interface: External

This function is used to set Boolean value indicating whether basic validation checks should be performed during path development. The default value is true.

Returns:
None
Parameters:
b  [in] Boolean value indicating whether basic path validation checks should be performed during path development

Definition at line 56 of file CACPathSettings.cpp.

bool CPKIFPathSettings::GetUseValidatorFilterWhenBuilding (  )  const

Interface: External

This function is used to get Boolean value indicating whether basic validation checks should be performed during path development. The default value is true.

Returns:
True if basic checks should be performed during path validation operations and false otherwise.

Definition at line 72 of file CACPathSettings.cpp.

void CPKIFPathSettings::SetInitialExplicitPolicyIndicator ( bool  b  ) 

Interface: External

This function is used to set the Boolean value of the initial require explicit policy indicator during path validation. The default value is false (i.e. an explicit policy is not required).

Returns:
None
Parameters:
b  [in] Boolean value to assign to the initial require explicit policy indicator

Definition at line 575 of file CACPathSettings.cpp.

References EXPLICIT_POLICY.

void CPKIFPathSettings::SetInitialPolicyMappingInhibitIndicator ( bool  b  ) 

Interface: External

This function is used to retrieve a Boolean value that serves as the initial inhibit policy mapping indicator for path validation operations. The default value is false (i.e. policy mapping is not inhibited).

Returns:
None
Parameters:
b  [in] Boolean value of the the initial inhibit policy mapping indicator

Definition at line 594 of file CACPathSettings.cpp.

References POLICY_MAPPING.

void CPKIFPathSettings::SetInitialInhibitAnyPolicyIndicator ( bool  b  ) 

Interface: External

This function is used to set a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.

Returns:
None
Parameters:
b  [in] Boolean value of the the initial inhibit any policy indicator

Definition at line 613 of file CACPathSettings.cpp.

References ANY_POLICY.

void CPKIFPathSettings::SetInitialExplicitPolicyIndicator (  ) 

Interface: External

This function sets the value of the initial require explicit policy indicator to true.

Returns:
None

Definition at line 213 of file CACPathSettings.cpp.

References EXPLICIT_POLICY.

bool CPKIFPathSettings::GetInitialExplicitPolicyIndicator (  ) 

Interface: External

This function is used to retrieve the Boolean value of the initial require explicit policy indicator during path validation. The default value is false (i.e. an explicit policy is not required).

Returns:
True if initial require explicit policy indicator set to true.

Definition at line 222 of file CACPathSettings.cpp.

References EXPLICIT_POLICY.

void CPKIFPathSettings::SetInitialPolicyMappingInhibitIndicator (  ) 

Interface: External

This function sets the value of the initial inhibit policy mapping indicator to true.

Returns:
None

Definition at line 230 of file CACPathSettings.cpp.

References POLICY_MAPPING.

bool CPKIFPathSettings::GetInitialPolicyMappingInhibitIndicator (  ) 

Interface: External

This function is used to retrieve a Boolean value that serves as the initial inhibit policy mapping indicator for path validation operations. The default value is false (i.e. policy mapping is not inhibited).

Returns:
True if initial inhibit policy mapping indicator set to true.

Definition at line 241 of file CACPathSettings.cpp.

References POLICY_MAPPING.

void CPKIFPathSettings::SetInitialInhibitAnyPolicyIndicator (  ) 

Interface: External

This function is used to set a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.

Returns:
None

Definition at line 253 of file CACPathSettings.cpp.

References ANY_POLICY.

bool CPKIFPathSettings::GetInitialInhibitAnyPolicyIndicator (  ) 

Interface: External

This function is used to retrieve a Boolean value that serves as the initial inhibit any policy indicator for path validation operations. The default value is false (i.e. any policy is not inhibited). The parameter-less SetInitialInhibitAnyPolicyIndicator function sets the value of the initial inhibit any policy indicator to true.

Returns:
The GetInitialInhibitAnyPolicyIndicator function returns true if initial inhibit any policy indicator set to true.

Definition at line 265 of file CACPathSettings.cpp.

References ANY_POLICY.

void CPKIFPathSettings::SetInitialPolicySet ( CPKIFPolicyInformationListPtr &  initPolSet  ) 

Interface: External

This function is used to set the set of policies that comprise the initial policy set used for path validation operations. For the SetInitialPolicySet function, the initPolSet parameter should contain the policies that comprise the initial policy set to use during path validation operations. For the GetInitialPolicySet function, the initPolSet parameter receives the list of policies that comprise the initial policy set to use during path validation. The object returned by GetInitialPolicySet is a reference counted smart pointer to the policy set held by the instance of CPKIFPathSettings and should not be modified.

Returns:
None
Parameters:
initPolSet  [in or out] Reference to a smart pointer to a CPKIFPolicyInformationList object. This parameter serves as input to SetInitialPolicySet and as output for GetInitialPolicySet.

Definition at line 278 of file CACPathSettings.cpp.

void CPKIFPathSettings::GetInitialPolicySet ( CPKIFPolicyInformationListPtr &  initPolSet,
bool  bReturnAnyPolicyWhenEmpty = true 
) const

Interface: External

This function is used to retrieve the set of policies that comprise the initial policy set used for path validation operations. For the SetInitialPolicySet function, the initPolSet parameter should contain the policies that comprise the initial policy set to use during path validation operations. For the GetInitialPolicySet function, the initPolSet parameter receives the list of policies that comprise the initial policy set to use during path validation. The object returned by GetInitialPolicySet is a reference counted smart pointer to the policy set held by the instance of CPKIFPathSettings and should not be modified.

Returns:
None
Parameters:
initPolSet  [out] Reference to a smart pointer to a CPKIFPolicyInformationList object. This parameter serves as input to SetInitialPolicySet and as output for GetInitialPolicySet.

Definition at line 484 of file CACPathSettings.cpp.

References LOG_STRING_DEBUG, m_impl, and TOOLKIT_PATH_MISC.

void CPKIFPathSettings::SetInitialPermSubtrees ( CPKIFGeneralSubtreeListPtr &  permSubtrees  ) 

Interface: External

This function is used to set the set of GeneralSubtree that comprise the initial permitted GeneralSubtree set used for path validation operations.

Returns:
None
Parameters:
permSubtrees  [in or out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees.

Definition at line 294 of file CACPathSettings.cpp.

void CPKIFPathSettings::GetInitialPermSubtrees ( CPKIFGeneralSubtreeListPtr &  permSubtrees  )  const

Interface: External

This function is used to retrieve the set of general subtrees that comprise the initial permitted general subtree set used for path validation operations.

Returns:
None
Parameters:
permSubtrees  [out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees.

Definition at line 514 of file CACPathSettings.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.

void CPKIFPathSettings::SetInitialExclSubtrees ( CPKIFGeneralSubtreeListPtr &  exclSubtrees  ) 

Interface: External

This function is used to set the set of GeneralSubtree that comprise the initial excluded GeneralSubtree set used for path validation operations.

Returns:
None
Parameters:
exclSubtrees  [in or out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialPermSubtrees and as output for GetInitialPermSubtrees.

Definition at line 310 of file CACPathSettings.cpp.

void CPKIFPathSettings::GetInitialExclSubtrees ( CPKIFGeneralSubtreeListPtr &  exclSubtrees  )  const

Interface: External

This function is used to retrieve the set of general subtrees that comprise the initial permitted general subtree set used for path validation operations.

Returns:
None
Parameters:
exclSubtrees  [out] Reference to a smart pointer to a CPKIFGeneralSubtreeList object. This parameter serves as input to SetInitialExclSubtrees and as output for GetInitialExclSubtrees.

Definition at line 532 of file CACPathSettings.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_PATH_MISC.

void CPKIFPathSettings::SetRequireFreshRevocationData ( bool  b  ) 

Interface: External

This function is used to set a Boolean value indicating whether fresh revocation sources must be checked during path validation. The default value is false. If this value is set to true, the validation time of interest must be before the nextUpdate value present in revocation information. If this value is set to false, the validation time of interest may be after the nextUpdate value present in revocation information. Revocation information that is not fresh will be discarded during path validation.

Returns:
None
Parameters:
b  [in] Boolean value indicating whether revocation information must be fresh

Definition at line 386 of file CACPathSettings.cpp.

bool CPKIFPathSettings::GetRequireFreshRevocationData (  )  const

Interface: External

This function is used to retrieve a Boolean value indicating whether fresh revocation sources must be checked during path validation. The default value is false. If this value is set to true, the validation time of interest must be before the nextUpdate value present in revocation information. If this value is set to false, the validation time of interest may be after the nextUpdate value present in revocation information. Revocation information that is not fresh will be discarded during path validation.

Returns:
The GetRequireFreshRevocationData function returns true if fresh revocation data is required and false otherwise.

Definition at line 403 of file CACPathSettings.cpp.

void CPKIFPathSettings::SetOverrideCallback ( bool(*)(int, CPKIFCertificatePtr &, const CPKIFCertificatePath &)  overrideCallback  ) 

Interface: Module

This function is used to set override callback

Returns:
None

Definition at line 550 of file CACPathSettings.cpp.

bool(* CPKIFPathSettings::GetOverrideCallback (  )  const

void CPKIFPathSettings::SetCheckRevocationStatus ( bool  checkRevStatus  ) 

Interface: External

This function is used to set a Boolean value indicating whether revocation status should be checked during path validation. The default value is true. If this value is set to false, revocation checking will not be performed during path validation operations.

Returns:
None
Parameters:
checkRevStatus  [in] Boolean value that indicates whether a revocation status determination should be attempted during path validation operations

Definition at line 413 of file CACPathSettings.cpp.

bool CPKIFPathSettings::GetCheckRevocationStatus (  )  const

Interface: External

This function is used to retrieve a Boolean value indicating whether revocation status should be checked during path validation. The default value is true. If this value is set to false, revocation checking will not be performed during path validation operations.

Returns:
The GetCheckRevocationStatus function returns true if revocation status determination should be performed for each path validation operation and false otherwise.

Definition at line 430 of file CACPathSettings.cpp.

void CPKIFPathSettings::SetValidationTime ( CPKIFTimePtr &  time  ) 

Interface: External

This function is used to set the validation time to use during a path validation operation. This value should only be specified when the time of interest is not the current system time. Typically, this would be invoked when determining if a digital signature was valid some time in the past, possibly motivated by expiration of one or more relevant certificates.

Returns:
None
Parameters:
time  [in] A reference to a smart pointer to CPKIFTime object intidating the validation time to be set.

Definition at line 443 of file CACPathSettings.cpp.

References SetRequireValidationTimeNesting().

CPKIFTimePtr CPKIFPathSettings::GetValidationTime (  )  const

Interface: External

This function is used to retrieve the validation time to use during a path validation operation. This value should only be specified when the time of interest is not the current system time. Typically, this would be invoked when determining if a digital signature was valid some time in the past, possibly motivated by expiration of one or more relevant certificates.

Returns:
GetValidationTime returns a smart pointer to a CPKIFTime object. If a time value has been specified by a previous call to SetValidationTime, a reference counted smart pointer to the object passed to SetValidationTime is returned. If no previous call has been made to SetValidationTime, a new CPKIFTime object containing the current time is created and returned.

Definition at line 464 of file CACPathSettings.cpp.

References CPKIFTime::CurrentTime().

void CPKIFPathSettings::SetRequireValidationTimeNesting ( bool  b  ) 

Definition at line 656 of file CACPathSettings.cpp.

Referenced by SetValidationTime().

bool CPKIFPathSettings::GetRequireValidationTimeNesting (  ) 

Definition at line 660 of file CACPathSettings.cpp.

int CPKIFPathSettings::GetDepth (  )  const

Interface: External

This function is used to get the maximum depth value. The depth value determines the maximum length path that the path builder implementation will return, i.e. path development will not proceed beyond depth certificates. The path validation implementation does not process this value and will attempt to validate paths of any length.

Returns:
The GetDepth function returns an integer value which is set to the maximum path depth.

Definition at line 634 of file CACPathSettings.cpp.

Referenced by CPKIFPathSettings().

void CPKIFPathSettings::SetDepth ( int  d  ) 

Interface: External

This functions are used to set the maximum depth value. The depth value determines the maximum length path that the path builder implementation will return, i.e. path development will not proceed beyond depth certificates. The path validation implementation does not process this value and will attempt to validate paths of any length.

Returns:
None
Parameters:
d  [in] Integer value that indicates what the new maximum path depth will be.

Definition at line 649 of file CACPathSettings.cpp.

void CPKIFPathSettings::SetRequireSufficientlyRecent ( bool  requireSufficientlyRecent  ) 

Interface: External

The default value for the RequireSufficientlyRecent property is true.

Returns:
None
Parameters:
requireSufficientlyRecent  [in] Boolean value indicating if OCSP responses and CRLs are required to have a thisUpdate value within a specified time window

Definition at line 342 of file CACPathSettings.cpp.

bool CPKIFPathSettings::GetRequireSufficientlyRecent (  )  const

Interface: External

The default value for the RequireSufficientlyRecent property is true.

Returns:
The GetRequireSufficientlyRecent function returns a boolean value which indicates if OCSP responses and CRLs are required to have a thisUpdate value within a specified time window.

Definition at line 371 of file CACPathSettings.cpp.

Referenced by CPKIFPathSettings().

void CPKIFPathSettings::SetSufficientlyRecent ( int  seconds  ) 

Interface: External

The default value for the SufficientlyRecent property is 2,592,000 seconds, e.g. 30 days. Revocation information containing a thisUpdate value that is not "sufficiently recent" will be discarded.

Returns:
None
Parameters:
seconds  [in] Integer that specifies the number of seconds that when applied to the current time yields the time window in which the thisUpdate value of an OCSP response or CRL must fall when the RequireSufficientlyRecent property is set to true

Definition at line 327 of file CACPathSettings.cpp.

CPKIFDurationPtr CPKIFPathSettings::GetDuration (  )  const

Interface: External

This function returns a smart pointer to a CPKIFDuration object. The CPKIFDuration object was created by the call to SetSufficientlyRecent function. It specifies a time window in which the thisUpdate value of an OCSP response or CRL must fall when the RequireSufficientlyRecent property is set to true. The duration value is subtracted from the validation time of interest and compared to the thisUpdate value present in revocation information. Revocation information that is not sufficiently recent will be discarded during path validation.

Returns:
This function returns a reference counted smart pointer to CPKIFDuration object.

Definition at line 359 of file CACPathSettings.cpp.

Referenced by CPKIFPathSettings().


The documentation for this class was generated from the following files:

Generated on Mon Nov 15 11:20:33 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6