os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
sl@0
     1
/*
sl@0
     2
* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0
     3
* All rights reserved.
sl@0
     4
* This component and the accompanying materials are made available
sl@0
     5
* under the terms of the License "Eclipse Public License v1.0"
sl@0
     6
* which accompanies this distribution, and is available
sl@0
     7
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0
     8
*
sl@0
     9
* Initial Contributors:
sl@0
    10
* Nokia Corporation - initial contribution.
sl@0
    11
*
sl@0
    12
* Contributors:
sl@0
    13
*
sl@0
    14
* Description: 
sl@0
    15
*
sl@0
    16
*/
sl@0
    17
sl@0
    18
sl@0
    19
/**
sl@0
    20
 @file 
sl@0
    21
 @internalTechnology
sl@0
    22
*/
sl@0
    23
 
sl@0
    24
#ifndef __PKIXCERTS_H__
sl@0
    25
#define __PKIXCERTS_H__
sl@0
    26
sl@0
    27
//pkixroots.h
sl@0
    28
#include <e32std.h>
sl@0
    29
#include <x509cert.h>
sl@0
    30
#include <x509certext.h>
sl@0
    31
#include <mcertstore.h>
sl@0
    32
sl@0
    33
/**
sl@0
    34
 * Base class for classes that help retrieving certificates from stores
sl@0
    35
 */
sl@0
    36
class MPKIXCertSource
sl@0
    37
	{
sl@0
    38
public:
sl@0
    39
	//copies cert into aCandidates, passes ownership of cert to calling code...
sl@0
    40
	virtual void CandidatesL(const CX509Certificate& aSubject, 
sl@0
    41
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
sl@0
    42
	virtual void CancelCandidates() = 0;
sl@0
    43
	virtual void Release() = 0;
sl@0
    44
sl@0
    45
protected:
sl@0
    46
	virtual ~MPKIXCertSource();
sl@0
    47
	
sl@0
    48
protected:
sl@0
    49
	/**
sl@0
    50
	 * This function compares the issuer altname in aSubjectCert with the 
sl@0
    51
	 * subject altname in aIssuerCert
sl@0
    52
	 * @param aSubjectCert We will compare the issuer altname of this certificate.
sl@0
    53
	 * @param aIssuerCert We will compare the subject altname of this certificate.
sl@0
    54
	 * @return 
sl@0
    55
	 * <UL>
sl@0
    56
	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
sl@0
    57
	 * aIssuerCert</LI>
sl@0
    58
	 * <LI>EFalse otherwise</LI>
sl@0
    59
	 * </UL>
sl@0
    60
	 */
sl@0
    61
	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
sl@0
    62
	};
sl@0
    63
sl@0
    64
/**
sl@0
    65
 * This class is used to retrieve the certificates from a store
sl@0
    66
 * It doesn't work with client base trust.
sl@0
    67
 */
sl@0
    68
class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
sl@0
    69
	{
sl@0
    70
public:
sl@0
    71
	/**
sl@0
    72
	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
sl@0
    73
	 * Initialize must be called after this function
sl@0
    74
	 * @param aStore Reference to the cert store. The store is created with the default 
sl@0
    75
	 * filter intialized to retrieve certificate of CA type and of X509 format.
sl@0
    76
	 * @return Initialized instance of this class.
sl@0
    77
	 */
sl@0
    78
	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
sl@0
    79
	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
sl@0
    80
	
sl@0
    81
	/**
sl@0
    82
	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
sl@0
    83
	 * Initialize must be called after this function
sl@0
    84
	 * @param aStore Reference to the cert store. The store is created with the default 
sl@0
    85
	 * filter intialized to retrieve certificate of CA type and of X509 format.
sl@0
    86
	 * @param aClient The UID for which the certificates are to be retrieved from the
sl@0
    87
	 * cert store, This UID is also passed to the filter for retrieving the certificates 
sl@0
    88
	 * specific to this client UID.
sl@0
    89
	 * @return Initialized instance of this class.
sl@0
    90
	 */
sl@0
    91
	
sl@0
    92
	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
sl@0
    93
	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
sl@0
    94
	/**
sl@0
    95
	 * This function does the actual listing of certificates based on the filter created.
sl@0
    96
	 * It must be called after construction.
sl@0
    97
	 * @param aStatus Standard parameter for asynchronous calling convention. 
sl@0
    98
	 */
sl@0
    99
	void Initialize(TRequestStatus& aStatus);
sl@0
   100
	/**
sl@0
   101
	 * This function returns a list of CA certificates that authenticate the
sl@0
   102
	 * aSubject certificate.
sl@0
   103
	 * @param aCandidates On return, this array contains the list of CA certificates
sl@0
   104
	 * that can possibly be used to authenticate aSubject. The array owns the elements
sl@0
   105
	 * and must take care of deleting them.
sl@0
   106
	 */
sl@0
   107
	virtual void CandidatesL(const CX509Certificate& aSubject, 
sl@0
   108
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
sl@0
   109
	virtual void CancelCandidates();
sl@0
   110
	virtual void Release();
sl@0
   111
	virtual ~CPKIXCertsFromStore();
sl@0
   112
sl@0
   113
private:
sl@0
   114
	CPKIXCertsFromStore(MCertStore& aCertStore);
sl@0
   115
	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
sl@0
   116
	void ConstructL();
sl@0
   117
	void ConstructL(TUid aClient);
sl@0
   118
sl@0
   119
public:
sl@0
   120
	void RunL();
sl@0
   121
	TInt RunError(TInt aError);
sl@0
   122
	void DoCancel();
sl@0
   123
sl@0
   124
private:
sl@0
   125
	void HandleEGetCertificateL();
sl@0
   126
	void HandleEAddCandidateL();
sl@0
   127
	void HandleECheckTrusted();
sl@0
   128
	
sl@0
   129
	TBool IsDuplicateL(const CX509Certificate& aCertificate);
sl@0
   130
sl@0
   131
private:
sl@0
   132
	enum TState
sl@0
   133
	{
sl@0
   134
		EIdle = 0,
sl@0
   135
		EInitialize,
sl@0
   136
		ECheckTrusted,
sl@0
   137
		EGetCertificate,
sl@0
   138
		EAddCandidate,
sl@0
   139
		EEnd
sl@0
   140
	};
sl@0
   141
sl@0
   142
private:
sl@0
   143
	/**
sl@0
   144
	 * The state used to know what must be done when executing
sl@0
   145
	 * RunL().
sl@0
   146
	 */
sl@0
   147
	TState iState;
sl@0
   148
sl@0
   149
	/**
sl@0
   150
	 * The TRequestStatus that must be updated when the operation
sl@0
   151
	 * requested by a user of this class has been 
sl@0
   152
	 * completed
sl@0
   153
	 */
sl@0
   154
	TRequestStatus *iOriginalRequestStatus;
sl@0
   155
sl@0
   156
	TUid iClient;
sl@0
   157
sl@0
   158
	CCertAttributeFilter *iFilter;
sl@0
   159
sl@0
   160
	/**
sl@0
   161
	 * iRootName is used for CandidateL
sl@0
   162
	 */
sl@0
   163
	const CX500DistinguishedName* iRootName;
sl@0
   164
sl@0
   165
	/**
sl@0
   166
	 * We don't own this
sl@0
   167
	 */
sl@0
   168
	const CX509Certificate* iSubject;
sl@0
   169
sl@0
   170
	/**
sl@0
   171
	 * We don't own this
sl@0
   172
	 */
sl@0
   173
	RPointerArray<CX509Certificate>* iCandidates;
sl@0
   174
sl@0
   175
	/**
sl@0
   176
	 * iCertData is used for CandidateL
sl@0
   177
	 */
sl@0
   178
	HBufC8* iCertData;
sl@0
   179
sl@0
   180
	TPtr8* iCertPtr;
sl@0
   181
sl@0
   182
	/**
sl@0
   183
	 * iEntriesIndex is used for CandidateL
sl@0
   184
	 */
sl@0
   185
	TInt iEntriesIndex;
sl@0
   186
	
sl@0
   187
	/**
sl@0
   188
	 * Applies to certificate at iEntriesIndex - reflects trust setting
sl@0
   189
	 */
sl@0
   190
	TBool iIsTrusted;
sl@0
   191
sl@0
   192
	/**
sl@0
   193
	 * Used when listing certificates (filtered but not on trust).
sl@0
   194
	 */
sl@0
   195
	RMPointerArray<CCTCertInfo> iCertInfos;
sl@0
   196
sl@0
   197
	MCertStore& iCertStore;
sl@0
   198
	};
sl@0
   199
sl@0
   200
class CPKIXCertsFromClient : public MPKIXCertSource
sl@0
   201
	{
sl@0
   202
public:
sl@0
   203
	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
sl@0
   204
	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
sl@0
   205
	virtual void CandidatesL(const CX509Certificate& aSubject,
sl@0
   206
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
sl@0
   207
	virtual void CancelCandidates();
sl@0
   208
	virtual void Release();
sl@0
   209
	virtual ~CPKIXCertsFromClient();
sl@0
   210
sl@0
   211
private:
sl@0
   212
	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
sl@0
   213
sl@0
   214
private:
sl@0
   215
	const RPointerArray<CX509Certificate>& iCerts;
sl@0
   216
	};
sl@0
   217
sl@0
   218
#endif