sl@0
|
1 |
/*
|
sl@0
|
2 |
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
3 |
* All rights reserved.
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
8 |
*
|
sl@0
|
9 |
* Initial Contributors:
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
sl@0
|
11 |
*
|
sl@0
|
12 |
* Contributors:
|
sl@0
|
13 |
*
|
sl@0
|
14 |
* Description:
|
sl@0
|
15 |
* CPKIXCertChainAO class implementation
|
sl@0
|
16 |
*
|
sl@0
|
17 |
*/
|
sl@0
|
18 |
|
sl@0
|
19 |
|
sl@0
|
20 |
/**
|
sl@0
|
21 |
@file
|
sl@0
|
22 |
@internalTechnology
|
sl@0
|
23 |
*/
|
sl@0
|
24 |
|
sl@0
|
25 |
#ifndef __PKIXCERTCHAINAO_H__
|
sl@0
|
26 |
#define __PKIXCERTCHAINAO_H__
|
sl@0
|
27 |
|
sl@0
|
28 |
#include <e32base.h>
|
sl@0
|
29 |
#include "pkixcerts.h"
|
sl@0
|
30 |
#include "pkixchainbuilder.h"
|
sl@0
|
31 |
#include "pkixcertstate.h"
|
sl@0
|
32 |
#include <x509cert.h>
|
sl@0
|
33 |
#include <x509certext.h>
|
sl@0
|
34 |
#include <x509gn.h>
|
sl@0
|
35 |
#include <pkixcertchain.h>
|
sl@0
|
36 |
|
sl@0
|
37 |
class CPKIXCertChainBase;
|
sl@0
|
38 |
|
sl@0
|
39 |
/**
|
sl@0
|
40 |
* This class handles the asynchronous part of the pkix chain validation. It
|
sl@0
|
41 |
* is an active object which handles the asynchronous certificate store operations.
|
sl@0
|
42 |
*/
|
sl@0
|
43 |
class CPKIXCertChainAO : public CActive
|
sl@0
|
44 |
{
|
sl@0
|
45 |
public:
|
sl@0
|
46 |
static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
|
sl@0
|
47 |
const RPointerArray<CX509Certificate>& aRootCerts);
|
sl@0
|
48 |
static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
|
sl@0
|
49 |
const TUid aClient);
|
sl@0
|
50 |
virtual ~CPKIXCertChainAO();
|
sl@0
|
51 |
|
sl@0
|
52 |
private:
|
sl@0
|
53 |
CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);
|
sl@0
|
54 |
CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);
|
sl@0
|
55 |
void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);
|
sl@0
|
56 |
|
sl@0
|
57 |
public:
|
sl@0
|
58 |
void RunL();
|
sl@0
|
59 |
TInt RunError(TInt aError);
|
sl@0
|
60 |
void DoCancel();
|
sl@0
|
61 |
|
sl@0
|
62 |
private:
|
sl@0
|
63 |
void HandleEStoreManagerInitializationL();
|
sl@0
|
64 |
void HandleEStoreManagerInitializedL();
|
sl@0
|
65 |
void HandleEAddRootsL();
|
sl@0
|
66 |
void HandleERootsInitializedL();
|
sl@0
|
67 |
void HandleEBuildChainStartL();
|
sl@0
|
68 |
void HandleEBuildChainAddCandidateEndL();
|
sl@0
|
69 |
void HandleEBuildChainCertsFromStoreBeginL();
|
sl@0
|
70 |
void HandleEBuildChainCertsFromStoreEndL();
|
sl@0
|
71 |
void HandleEAddCandidateIntermediateCertsEndL();
|
sl@0
|
72 |
void HandleEValidateEndL();
|
sl@0
|
73 |
|
sl@0
|
74 |
// Request functions
|
sl@0
|
75 |
public:
|
sl@0
|
76 |
void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
|
sl@0
|
77 |
const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);
|
sl@0
|
78 |
void CancelValidate();
|
sl@0
|
79 |
|
sl@0
|
80 |
private:
|
sl@0
|
81 |
void InitParamsL();
|
sl@0
|
82 |
void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);
|
sl@0
|
83 |
void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
|
sl@0
|
84 |
const CArrayPtr<HBufC>* aInitialPolicies);
|
sl@0
|
85 |
void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;
|
sl@0
|
86 |
void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;
|
sl@0
|
87 |
void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState,
|
sl@0
|
88 |
CPKIXValidationResultBase& aResult) const;
|
sl@0
|
89 |
void CheckCriticalExtsL(CPKIXValidationState& aState,
|
sl@0
|
90 |
CPKIXValidationResultBase& aResult) const;
|
sl@0
|
91 |
|
sl@0
|
92 |
/**
|
sl@0
|
93 |
* The states used to know what to do in the RunL function.
|
sl@0
|
94 |
*/
|
sl@0
|
95 |
enum TState
|
sl@0
|
96 |
{
|
sl@0
|
97 |
EAddRoots,
|
sl@0
|
98 |
ERootsInitialized,
|
sl@0
|
99 |
EBuildChainStart,
|
sl@0
|
100 |
EBuildChainAddCandidateEnd,
|
sl@0
|
101 |
EBuildChainCertsFromStoreBegin,
|
sl@0
|
102 |
EBuildChainCertsFromStoreEnd,
|
sl@0
|
103 |
EAddCandidateIntermediateCertsEnd,
|
sl@0
|
104 |
EValidateEnd
|
sl@0
|
105 |
};
|
sl@0
|
106 |
|
sl@0
|
107 |
private:
|
sl@0
|
108 |
MCertStore* iCertStore;
|
sl@0
|
109 |
// a reference to the object which owns this instance
|
sl@0
|
110 |
CPKIXCertChainBase &iPKIXCertChain;
|
sl@0
|
111 |
TUid iClient;
|
sl@0
|
112 |
TState iState;
|
sl@0
|
113 |
|
sl@0
|
114 |
/**
|
sl@0
|
115 |
* <P>Ownership of this object is peculiar.</P>
|
sl@0
|
116 |
* <P>We need this to be a member because it is created and initialized in
|
sl@0
|
117 |
* the EAddRoots handler but is only added to iRoots in the ERootsInitialized
|
sl@0
|
118 |
* handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>
|
sl@0
|
119 |
* <P>The only case where the destructor will have to delete it, is when a leave
|
sl@0
|
120 |
* occurs between the EAddRoots and ERootsInitialized states.</P>
|
sl@0
|
121 |
*/
|
sl@0
|
122 |
CPKIXCertsFromStore* iCertsFromStoreRoots;
|
sl@0
|
123 |
|
sl@0
|
124 |
TRequestStatus* iOriginalRequestStatus;
|
sl@0
|
125 |
|
sl@0
|
126 |
/**
|
sl@0
|
127 |
* The roots that we trust.
|
sl@0
|
128 |
* This can be given
|
sl@0
|
129 |
* <UL>
|
sl@0
|
130 |
* <LI>explicitly : the user gives a set of root certificates at construction time.</LI>
|
sl@0
|
131 |
* <LI>implicitly : the user gives the uid of the application and the validation code
|
sl@0
|
132 |
* retrieves the root certificates trusted for this application from the certificate
|
sl@0
|
133 |
* store.</LI>
|
sl@0
|
134 |
* </UL>
|
sl@0
|
135 |
*/
|
sl@0
|
136 |
CPKIXChainBuilder* iRoots;
|
sl@0
|
137 |
|
sl@0
|
138 |
CPKIXChainBuilder* iBuilder;
|
sl@0
|
139 |
|
sl@0
|
140 |
/**
|
sl@0
|
141 |
* To store the parameters passed to CPKIXCertChainBase::Validate
|
sl@0
|
142 |
*/
|
sl@0
|
143 |
CPKIXValidationResultBase* iValidationResult;
|
sl@0
|
144 |
/**
|
sl@0
|
145 |
* To store the parameters passed to CPKIXCertChainBase::Validate
|
sl@0
|
146 |
*/
|
sl@0
|
147 |
TTime iValidationTime;
|
sl@0
|
148 |
/**
|
sl@0
|
149 |
* To store the parameters passed to CPKIXCertChainBase::Validate
|
sl@0
|
150 |
*/
|
sl@0
|
151 |
const CArrayPtr<HBufC>* iInitialPolicies;
|
sl@0
|
152 |
|
sl@0
|
153 |
TBool iAddIssuerResult;
|
sl@0
|
154 |
|
sl@0
|
155 |
TInt iNumberOfAddedCertificates;
|
sl@0
|
156 |
};
|
sl@0
|
157 |
|
sl@0
|
158 |
#endif
|