Typically, communication with the VA is handled by the Toolkit using the Vtk_ValidationValidate function. With this function, the Toolkit can send validation queries to one or more VAs to perform validation. The application can then retrieve validation status using Vtk_ValidationGetRevStatus or Vtk_ValHdlGetRevStatus (if the Vtk_ValHdl auxiliary structure is obtained for the certificate).
Under some circumstances, you may want your application to handle the communication with the VA instead of the Toolkit. Some of the reasons your application should handle the communication with the VA are as follows:
to use SSL for the communication with the VA
to use asynchronous I/O with the VA
to use your own source of validation responses or CRLs
The Toolkit imposes no restrictions on how the application handles the communication with the VA. Instead, the Toolkit provides the Vtk_ValidationGetQueries function with the Vtk_ValQuery structure for the application to obtain the validation queries to be sent to the VA and provides the Vtk_ValidationFromQueries to check the information in the responses.
Note: The application is responsible for releasing the memory occupied by the response buffers.
Code Sample for Communicating with VA
This code sample demonstrates certificate validation when the application handles the communication with VA.
/* * QueryValidation * * * Parameters: * pCtxt - pointer to Toolkit context * pUserCert - user certificate to be validated * pIssuerCert - issuer certificate of the user certificate * */ void QueryValidation(Vtk_Ctxt *pCtxt, const Vtk_Cert *pUserCert, const Vtk_Cert *pIssuerCert) { Vtk_Validation *pVal = NULL; Vtk_uint32 ret, status; Vtk_ValQuery **ppValQueries = NULL; int valQueryCount; int i; /* * Create a Validation structure. * Validation structures encapsulate the validation query sent to * the VA. The application can send the query using any of the * supported validation protocols. */ pVal = Vtk_ValidationNew(pCtxt);assert(pVal); /* * Add the passed in certificate to the validation structure. * For each certificate to be validated, the Toolkit requires the * CA certificate as well as the certificate to be validated. * * An application can repeat this operation to add other * certificates to the validation structure. */ ret = Vtk_ValidationAddCert(pCtxt, pVal, pUserCert, pIssuerCert, NULL); if (ret != VTK_OK) { showError("Vtk_ValidationAddCert", ret); goto done; } /* * Vtk_ValidationGetQueries * * Obtains an array of validation query messages to allow the * application instead of the Toolkit to perform the I/O with the * VA. The application should set the response field for each * query. The returned array should be deleted using * Vtk_ValQueriesDelete. */ ret = Vtk_ValidationGetQueries(pCtxt, pVal, &valQueryCount, &ppValQueries); if (ret != VTK_OK) { showError("Vtk_ValidationGetQueries", ret); goto done; } /* * Set Response field for each valQuery */ for (i=0; i<valQueryCount; i++) { /* * Get Response from VA - using application's communication * function. This function will use data such as host, port, * and request obtained using the Vtk_ValidationGetQueries * function to get response from the VA. * * Application is responsible for deleting memory occupied by * response member of validation query which is set by the * GetVAResponse function. * Note: Function GetVAResponse is not part of the Toolkit. * An application must provide such a function that * would handle the communication with the VA. */ ret = GetVARepsonse(ppValQueries[i]->host, ppValQueries[i]->port,ppValQueries[i]->request, &(ppValQueries[i]->response)); if (ret != VTK_OK) { showError("Vtk_ValidationGetQueries", ret); goto done; } } /* * Vtk_ValidationValidateFromQueries * * Validates response obtained from VA */ ret = Vtk_ValidationValidateFromQueries(pCtxt, pVal, ppValQueries, &status); if (ret != VTK_OK) { showError("Vtk_ValidationValidateFromQueries", ret); goto done; } /* * IMPORTANT * * At this point, the application would continue processing * validation results such as display, store, or would call * another function * */ done: /* * Cleanup memory */ /* * Application is responsible for deleting memory occupied by * validation queries and the response part of each * query obtained by the GetVAResponse function, which handles * the communication with the VA. */ if (ppValQueries) { for (i=0; i<valQueryCount; i++) { if (ppValQueries[i]->response.dPtr) { free(ppValQueries[i]->response.dPtr); ppValQueries[i]->response.dPtr = NULL; } } Vtk_ValQueriesDelete(ppValQueries); } if (pVal) Vtk_ValidationDelete(pVal); } /* QueryValidation */