HRESULT CLongTermAuth::DoAuthCheck(AuthAttributes* pAuthAttributes, AuthResponse* pResponse) { HRESULT hr = S_OK; pResponse->authCredMech = AuthCredLongTerm; // Go ahead and generate a new nonce and set the realm. // The realm and nonce attributes will only get sent back to the client when there is an auth error CreateNonce(pResponse->szNonce); strcpy(pResponse->szRealm, c_szRealm); // if we're missing any authentication attributes, then just return back a 401. // This will trigger the server to send back the nonce and realm attributes to the client within the 401 resposne if ((pAuthAttributes->fMessageIntegrityPresent == false) || (pAuthAttributes->szNonce[0] == 0) || (pAuthAttributes->szUser[0] == 0)) { pResponse->responseType = Unauthorized; return S_OK; } // copy the user's password into szPassword hr = LookupPassword(true, pAuthAttributes->szUser, pAuthAttributes->szNonce, pResponse->szPassword); if (FAILED(hr)) { // if not a valid user, same as before. Just send back a 401 pResponse->responseType = Unauthorized; return S_OK; } // validate the nonce if (FAILED(ValidateNonce(pAuthAttributes->szNonce))) { pResponse->responseType = StaleNonce; return S_OK; } // returning "AllowConditional" indicates that the request can be accepted if and only if the // message integrity attribute can be validated with the value placed into pResponse->szPassword pResponse->responseType = AllowConditional; return S_OK; }
// Get status of least trusted cert void COCSPValidator::FinalResponseValidationL() { // Do nonce last so can still trust rest of validation if nonce is missing. if(ValidateTimeL()) { ValidateNonce(); } if (iOutcome->iStatus == OCSP::EMissingNonce || iOutcome->iStatus == OCSP::EValid ) { iOutcome->iResult = CheckOCSPStatus(iResponse); } else { // If the response is not valid, result is always unknown iOutcome->iResult = OCSP::EUnknown; } if(iResponderCertCheck) { iResponderCert = iSchemeInUse->ResponderCert(); if(iResponderCert != NULL) { iIssuerCert = &iRequest->CertInfo(0).Issuer(); SendResponderCertL(); } else { User::RequestComplete(iValidationStatus, KErrNone); } } else { User::RequestComplete(iValidationStatus, KErrNone); } }