os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcertchainao.h
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
sl@0
     1
/*
sl@0
     2
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0
     3
* All rights reserved.
sl@0
     4
* This component and the accompanying materials are made available
sl@0
     5
* under the terms of the License "Eclipse Public License v1.0"
sl@0
     6
* which accompanies this distribution, and is available
sl@0
     7
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0
     8
*
sl@0
     9
* Initial Contributors:
sl@0
    10
* Nokia Corporation - initial contribution.
sl@0
    11
*
sl@0
    12
* Contributors:
sl@0
    13
*
sl@0
    14
* Description: 
sl@0
    15
* CPKIXCertChainAO class implementation
sl@0
    16
*
sl@0
    17
*/
sl@0
    18
sl@0
    19
sl@0
    20
/**
sl@0
    21
 @file 
sl@0
    22
 @internalTechnology
sl@0
    23
*/
sl@0
    24
 
sl@0
    25
#ifndef __PKIXCERTCHAINAO_H__
sl@0
    26
#define __PKIXCERTCHAINAO_H__
sl@0
    27
sl@0
    28
#include <e32base.h>
sl@0
    29
#include "pkixcerts.h"
sl@0
    30
#include "pkixchainbuilder.h"
sl@0
    31
#include "pkixcertstate.h"
sl@0
    32
#include <x509cert.h>
sl@0
    33
#include <x509certext.h>
sl@0
    34
#include <x509gn.h>
sl@0
    35
#include <pkixcertchain.h>
sl@0
    36
sl@0
    37
class CPKIXCertChainBase;
sl@0
    38
sl@0
    39
/**
sl@0
    40
 * This class handles the asynchronous part of the pkix chain validation. It
sl@0
    41
 * is an active object which handles the asynchronous certificate store operations.
sl@0
    42
 */
sl@0
    43
class CPKIXCertChainAO : public CActive
sl@0
    44
{
sl@0
    45
public:
sl@0
    46
	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
sl@0
    47
		const RPointerArray<CX509Certificate>& aRootCerts);
sl@0
    48
	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, 
sl@0
    49
		const TUid aClient);
sl@0
    50
	virtual ~CPKIXCertChainAO();
sl@0
    51
sl@0
    52
private:
sl@0
    53
	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);
sl@0
    54
	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);
sl@0
    55
	void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);
sl@0
    56
sl@0
    57
public:
sl@0
    58
	void RunL();
sl@0
    59
	TInt RunError(TInt aError);
sl@0
    60
	void DoCancel();
sl@0
    61
sl@0
    62
private:
sl@0
    63
	void HandleEStoreManagerInitializationL();
sl@0
    64
	void HandleEStoreManagerInitializedL();
sl@0
    65
	void HandleEAddRootsL();
sl@0
    66
	void HandleERootsInitializedL();
sl@0
    67
	void HandleEBuildChainStartL();
sl@0
    68
	void HandleEBuildChainAddCandidateEndL();
sl@0
    69
	void HandleEBuildChainCertsFromStoreBeginL();
sl@0
    70
	void HandleEBuildChainCertsFromStoreEndL();
sl@0
    71
	void HandleEAddCandidateIntermediateCertsEndL();
sl@0
    72
	void HandleEValidateEndL();
sl@0
    73
sl@0
    74
	// Request functions
sl@0
    75
public:
sl@0
    76
	void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,							
sl@0
    77
		const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);
sl@0
    78
	void CancelValidate();
sl@0
    79
sl@0
    80
private:
sl@0
    81
	void InitParamsL();
sl@0
    82
	void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);
sl@0
    83
	void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
sl@0
    84
		const CArrayPtr<HBufC>* aInitialPolicies);
sl@0
    85
	void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;
sl@0
    86
	void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;
sl@0
    87
	void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState, 
sl@0
    88
								CPKIXValidationResultBase& aResult) const;
sl@0
    89
	void CheckCriticalExtsL(CPKIXValidationState& aState, 
sl@0
    90
		CPKIXValidationResultBase& aResult) const;
sl@0
    91
sl@0
    92
	/**
sl@0
    93
	 * The states used to know what to do in the RunL function.
sl@0
    94
	 */
sl@0
    95
	enum TState
sl@0
    96
	{
sl@0
    97
		EAddRoots,
sl@0
    98
		ERootsInitialized,
sl@0
    99
		EBuildChainStart,
sl@0
   100
		EBuildChainAddCandidateEnd,
sl@0
   101
		EBuildChainCertsFromStoreBegin,
sl@0
   102
		EBuildChainCertsFromStoreEnd,
sl@0
   103
		EAddCandidateIntermediateCertsEnd,
sl@0
   104
		EValidateEnd
sl@0
   105
	};
sl@0
   106
sl@0
   107
private:
sl@0
   108
	MCertStore* iCertStore;
sl@0
   109
	// a reference to the object which owns this instance
sl@0
   110
	CPKIXCertChainBase &iPKIXCertChain;
sl@0
   111
	TUid iClient;
sl@0
   112
	TState iState;
sl@0
   113
sl@0
   114
	/**
sl@0
   115
	 * <P>Ownership of this object is peculiar.</P>
sl@0
   116
	 * <P>We need this to be a member because it is created and initialized in
sl@0
   117
	 * the EAddRoots handler but is only added to iRoots in the ERootsInitialized
sl@0
   118
	 * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>
sl@0
   119
	 * <P>The only case where the destructor will have to delete it, is when a leave
sl@0
   120
	 * occurs between the EAddRoots and ERootsInitialized states.</P>
sl@0
   121
	 */
sl@0
   122
	CPKIXCertsFromStore* iCertsFromStoreRoots;
sl@0
   123
sl@0
   124
	TRequestStatus* iOriginalRequestStatus;
sl@0
   125
sl@0
   126
	/**
sl@0
   127
	 * The roots that we trust.
sl@0
   128
	 * This can be given 
sl@0
   129
	 * <UL>
sl@0
   130
	 * <LI>explicitly : the user gives a set of root certificates at construction time.</LI>
sl@0
   131
	 * <LI>implicitly : the user gives the uid of the application and the validation code
sl@0
   132
	 * retrieves the root certificates trusted for this application from the certificate
sl@0
   133
	 * store.</LI>
sl@0
   134
	 * </UL>
sl@0
   135
	 */
sl@0
   136
	CPKIXChainBuilder* iRoots;
sl@0
   137
sl@0
   138
	CPKIXChainBuilder* iBuilder;
sl@0
   139
sl@0
   140
	/**
sl@0
   141
	 * To store the parameters passed to CPKIXCertChainBase::Validate
sl@0
   142
	 */ 
sl@0
   143
	CPKIXValidationResultBase* iValidationResult;
sl@0
   144
	/**
sl@0
   145
	 * To store the parameters passed to CPKIXCertChainBase::Validate
sl@0
   146
	 */ 
sl@0
   147
	TTime iValidationTime;					 
sl@0
   148
	/**
sl@0
   149
	 * To store the parameters passed to CPKIXCertChainBase::Validate
sl@0
   150
	 */ 
sl@0
   151
	const CArrayPtr<HBufC>* iInitialPolicies;
sl@0
   152
sl@0
   153
	TBool iAddIssuerResult;
sl@0
   154
sl@0
   155
	TInt iNumberOfAddedCertificates;
sl@0
   156
};
sl@0
   157
sl@0
   158
#endif