Symaptic: os/security/cryptoservices/certificateandkeymgmt/inc/pkcs10.h@bde4ae8d615e (annotated)

sl@0	1	/*
sl@0	2	* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0	3	* All rights reserved.
sl@0	4	* This component and the accompanying materials are made available
sl@0	5	* under the terms of the License "Eclipse Public License v1.0"
sl@0	6	* which accompanies this distribution, and is available
sl@0	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0	8	*
sl@0	9	* Initial Contributors:
sl@0	10	* Nokia Corporation - initial contribution.
sl@0	11	*
sl@0	12	* Contributors:
sl@0	13	*
sl@0	14	* Description:
sl@0	15	* Declares classes for producing PKCS#10 certificate requests.
sl@0	16	*
sl@0	17	*/
sl@0	18
sl@0	19
sl@0	20	/**
sl@0	21	@file
sl@0	22	@publishedPartner
sl@0	23	@released
sl@0	24	*/
sl@0	25
sl@0	26	#ifndef __PKCS10_H__
sl@0	27	#define __PKCS10_H__
sl@0	28
sl@0	29	#include <e32base.h>
sl@0	30	#include <asn1enc.h>
sl@0	31	#include <mctkeystore.h>
sl@0	32	#include <signed.h>
sl@0	33
sl@0	34	class CX500DistinguishedName;
sl@0	35	class CASN1EncBase;
sl@0	36	class CPKCS10Attributes;
sl@0	37	class CPKCS10KeyHelper;
sl@0	38	class CMessageDigest;
sl@0	39	class TX509KeyEncoder;
sl@0	40
sl@0	41	/**
sl@0	42	* Class for making PKCS#10 Certificate Request objects.
sl@0	43	*
sl@0	44	* Keys are specified by a cryptotokens key info object - this means that this
sl@0	45	* API can only be used to generate cert requests for keys that are held in a
sl@0	46	* keystore on the device.
sl@0	47	*
sl@0	48	*/
sl@0	49	class CPKCS10Request : public CActive
sl@0	50	{
sl@0	51	public:
sl@0	52	/**
sl@0	53	* Creates a new PKCS#10 request object.
sl@0	54	*
sl@0	55	* @param aDN X500 distinguished name of the entity provided by caller.
sl@0	56	* Stored in iDN member variable. Ownership is not transferred.
sl@0	57	* @param aKeyInfo The key info object of the key to sign the request with.
sl@0	58	* Does not take ownership.
sl@0	59	* @param aAttr (Optional) The PKCS10 attributes to include in the request.
sl@0	60	* Takes ownership.
sl@0	61	* @return A pointer to the newly allocated object.
sl@0	62	*/
sl@0	63	IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN,
sl@0	64	const CCTKeyInfo& aKeyInfo,
sl@0	65	CPKCS10Attributes* aAttr = NULL);
sl@0	66
sl@0	67	/**
sl@0	68	* Creates a new PKCS#10 request object.
sl@0	69	*
sl@0	70	* @param aDN X500 distinguished name of the entity provided by caller.
sl@0	71	* Stored in iDN member variable. Ownership is not transferred.
sl@0	72	* @param aKeyInfo The key info object of the key to sign the request with.
sl@0	73	* Does not take ownership.
sl@0	74	* @param aAttr (Optional) The PKCS10 attributes to include in the request.
sl@0	75	* Takes ownership.
sl@0	76	* @return A pointer to the newly allocated object that is left on the
sl@0	77	* cleanup stack.
sl@0	78	*/
sl@0	79	IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN,
sl@0	80	const CCTKeyInfo& aKeyInfo,
sl@0	81	CPKCS10Attributes* aAttr = NULL);
sl@0	82
sl@0	83	/**
sl@0	84	* Destructs PKCS#10 object, deletes encoding buffer and attributes.
sl@0	85	*/
sl@0	86	IMPORT_C virtual ~CPKCS10Request();
sl@0	87
sl@0	88	public:
sl@0	89
sl@0	90	/**
sl@0	91	* Set the attributes to be encoded in the request. It replaces existing
sl@0	92	* attributes, if any.
sl@0	93	* @param aAttr The attributes - this object takes ownership.
sl@0	94	*/
sl@0	95	IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr);
sl@0	96
sl@0	97	/**
sl@0	98	* Set the digest algorithm to use when signing the request. If this method
sl@0	99	* is not called, the default SHA-1 is used.
sl@0	100	*
sl@0	101	* @param aDigest For RSA keys, one of EMD2, EMD5 or ESHA1.
sl@0	102	* For DSA keys, ESHA1 is the only permitted value.
sl@0	103	* @leave KErrArgument if the specified algorithm is not supported.
sl@0	104	*/
sl@0	105	IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest);
sl@0	106
sl@0	107	/**
sl@0	108	* Set the distinguished name of the entity. It replaces existing
sl@0	109	* name, if any.
sl@0	110	* @param aDN X500 distinguished name of the entity provided by caller.
sl@0	111	* Stored in iDN member variable. Ownership is not transferred.
sl@0	112	*/
sl@0	113	IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN);
sl@0	114
sl@0	115	/**
sl@0	116	* Set the information of the key to sign with. It replaces existing
sl@0	117	* key info, if any.
sl@0	118	* @param aKeyInfo The key info object of the key to sign the request with.
sl@0	119	* Does not take ownership.
sl@0	120	*/
sl@0	121	IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo);
sl@0	122
sl@0	123	/**
sl@0	124	* Create the ASN.1 DER encoding of the certificate request. This is an
sl@0	125	* asynchronous method. The Cancel() method can be called to cancel an
sl@0	126	* outstanding request. This method can be called repeatedly to create
sl@0	127	* certificate requests after setting the various parameters. However an
sl@0	128	* outstanding request must complete or be cancelled before calling this
sl@0	129	* method again.
sl@0	130	*
sl@0	131	*
sl@0	132	* @param aResult On successful completion, this points to a newly
sl@0	133	* allocated buffer containing the encoded certificate request.
sl@0	134	* @param aStatus Asynchronous status notification
sl@0	135	*/
sl@0	136	IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);
sl@0	137
sl@0	138	private:
sl@0	139
sl@0	140	virtual void RunL();
sl@0	141	virtual TInt RunError(TInt aErr);
sl@0	142	virtual void DoCancel();
sl@0	143
sl@0	144	enum TState
sl@0	145	{
sl@0	146	EIdle,
sl@0	147	EInitialize,
sl@0	148	EGetKeyStore,
sl@0	149	EGetPublicKey,
sl@0	150	EOpenSigner,
sl@0	151	ESign
sl@0	152	};
sl@0	153
sl@0	154	private:
sl@0	155	/** Private constructor that initializes essential member variables. */
sl@0	156	CPKCS10Request(const CX500DistinguishedName* aDN,
sl@0	157	const CCTKeyInfo* aKeyInfo,
sl@0	158	CPKCS10Attributes* aAttr);
sl@0	159
sl@0	160	// Methods making ASN.1 encoding objects
sl@0	161
sl@0	162	/**
sl@0	163	* Performs the actual ASN.1 encoding of the request without signing it.
sl@0	164	* certRequestInfo is what gets signed with private key.
sl@0	165	* @return Pointer to a newly allocated CASN1EncSequence object.
sl@0	166	*/
sl@0	167	CASN1EncSequence* MakeCertRequestInfoEncLC();
sl@0	168
sl@0	169	/**
sl@0	170	* Encodes desired certificate attributes into ASN1. Takes whatever
sl@0	171	* attributes are in the iAttributes and adds them below a
sl@0	172	* sequence. If there are no attributes stored, leaves the set empty.
sl@0	173	*
sl@0	174	* The structure of the attribute node is as follows:
sl@0	175	* @code
sl@0	176	* Context-specific[0]
sl@0	177	* SEQUENCE-OF
sl@0	178	* OID of the organization
sl@0	179	* SET-OF
sl@0	180	* SEQUENCE-OF (stored in iAttributes)
sl@0	181	* SEQUENCE-OF
sl@0	182	* OID of attribute
sl@0	183	* OCTET STRING value
sl@0	184	* SEQUENCE-OF
sl@0	185	* OID of attribute
sl@0	186	* OCTET STRING value
sl@0	187	* ...
sl@0	188	* @endcode
sl@0	189	* @return Pointer to a newly allocated encoding object containing
sl@0	190	* desired certificate attributes.
sl@0	191	*/
sl@0	192	CASN1EncBase* MakeAttrEncLC();
sl@0	193
sl@0	194	/**
sl@0	195	* Generates data to be signed.
sl@0	196	*/
sl@0	197	void EncodeTBSDataL();
sl@0	198
sl@0	199	void CreateFinalEncodingL();
sl@0	200
sl@0	201	void Reset();
sl@0	202
sl@0	203	private:
sl@0	204	const CX500DistinguishedName* iDN;
sl@0	205	const CCTKeyInfo* iKeyInfo;
sl@0	206	CPKCS10Attributes* iAttributes;
sl@0	207	TAlgorithmId iDigestId;
sl@0	208	TRequestStatus* iClientStatus;
sl@0	209	TState iState;
sl@0	210	HBufC8** iResult;
sl@0	211	MCTKeyStore* iKeyStore;
sl@0	212	CPKCS10KeyHelper* iKeyHelper;
sl@0	213	HBufC8* iExportedKey;
sl@0	214	HBufC8* iTBSData;
sl@0	215	};
sl@0	216
sl@0	217	#endif

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--