This section describes basic tasks that an application must perform to add validation functionality. These tasks can all be done using the Toolkit API and are described as steps within a procedure. The steps listed in this procedure are also indicated in the sample application to demonstrate how an application can implement these functions.
To integrate validation into your application
Initialize the Toolkit
Before your application can use the Toolkit functions, your application must first initialize the Toolkit. Your application must call the Vtk_Init function. Your application should call this function only once. See
* STEP 1 in sample application.
Create a Context
A context is the global Toolkit environment that your application creates using the Vtk_CtxtNew function.
When your application creates the Toolkit context, your application establishes the default VA URL and the validation protocol employed (using the Vtk_CtxtSetDefaultVa function). See
* STEP 2a in sample application.
Your application also establishes the list of trusted certificates for the VAs and CAs (using the Vtk_CtxtAddCerts or Vtk_CtxtAddCert function) and the default VA and protocol (using the Vtk_CtxtSetDefaultVa function). It can set the default protocol to OCSP or CRT. See
* STEP 2b in sample application.
Note: If your application does not call the Vtk_CtxtSetDefaultVa function, the default VA is set to Global Validation Authority Service (GVAS) using the CRT protocol.
Your application passes this context in every Toolkit function it calls, thereby making the information contained in the context structure persistent across Toolkit calls.
Once the context is created, your application can perform a variety of operations using the Toolkit.
Create a validation structure.
Your application must call the Vtk_ValidationNew function to allocate memory for a validation. The structure can encapsulate one or more validation queries. See
* STEP 3 in sample application.
Obtain user and issuer certificates to place in the validation structure.
Your application can call the Vtk_CertNew to create an empty certificate structure. See
* STEP 4a in sample application. Once created, your application can call the Vtk_CertInit or the Vtk_CertLoadFromFile function to populate the certificate structure with data. See
* STEP 4b in sample application.
Once the certificate structure is created and populated, your application can add the certificates to validation structure.
Note: Your application can skip this step if it uses the Vtk_ValidationAddCertRaw function in Step 5.
Add certificates to the validation structure.
Your application must add certificates to the validation structure that it created in Step 3. It can call the Vtk_ValidationAddCert and Vtk_ValidationAddCertRaw functions. See
* STEP 5 in sample application.
Note: Steps 4 and 5 can be repeated to add other certificates to the validation structure.
Validate certificates.
When your application uses the Toolkit functions, most of the work is done locally between your application and the Toolkit using the API. However, when actual validation is to be performed, the application calls the Vtk_ValidationValidate function which requires interaction with the VA, usually over a TCP/IP based network. See
* STEP 6 in sample application.
Clean up the memory allocations.
Your application must delete all the structures that it has created. In this example, your application must call Vtk_CertDelete, Vtk_ValidationDelete, and Vtk_CtxtDelete. See
* STEP 7 in sample application.
Release Toolkit resources
When all other functions complete, your application must call the Vtk_Finish function to release the resources allocated to the Toolkit. It must call this function only once. See
* STEP 8 in sample application.