sl@0
|
1 |
/*
|
sl@0
|
2 |
* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
3 |
* All rights reserved.
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
8 |
*
|
sl@0
|
9 |
* Initial Contributors:
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
sl@0
|
11 |
*
|
sl@0
|
12 |
* Contributors:
|
sl@0
|
13 |
*
|
sl@0
|
14 |
* Description:
|
sl@0
|
15 |
*
|
sl@0
|
16 |
*/
|
sl@0
|
17 |
|
sl@0
|
18 |
|
sl@0
|
19 |
/**
|
sl@0
|
20 |
@file
|
sl@0
|
21 |
@internalTechnology
|
sl@0
|
22 |
*/
|
sl@0
|
23 |
|
sl@0
|
24 |
#ifndef __PKIXCERTS_H__
|
sl@0
|
25 |
#define __PKIXCERTS_H__
|
sl@0
|
26 |
|
sl@0
|
27 |
//pkixroots.h
|
sl@0
|
28 |
#include <e32std.h>
|
sl@0
|
29 |
#include <x509cert.h>
|
sl@0
|
30 |
#include <x509certext.h>
|
sl@0
|
31 |
#include <mcertstore.h>
|
sl@0
|
32 |
|
sl@0
|
33 |
/**
|
sl@0
|
34 |
* Base class for classes that help retrieving certificates from stores
|
sl@0
|
35 |
*/
|
sl@0
|
36 |
class MPKIXCertSource
|
sl@0
|
37 |
{
|
sl@0
|
38 |
public:
|
sl@0
|
39 |
//copies cert into aCandidates, passes ownership of cert to calling code...
|
sl@0
|
40 |
virtual void CandidatesL(const CX509Certificate& aSubject,
|
sl@0
|
41 |
RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
|
sl@0
|
42 |
virtual void CancelCandidates() = 0;
|
sl@0
|
43 |
virtual void Release() = 0;
|
sl@0
|
44 |
|
sl@0
|
45 |
protected:
|
sl@0
|
46 |
virtual ~MPKIXCertSource();
|
sl@0
|
47 |
|
sl@0
|
48 |
protected:
|
sl@0
|
49 |
/**
|
sl@0
|
50 |
* This function compares the issuer altname in aSubjectCert with the
|
sl@0
|
51 |
* subject altname in aIssuerCert
|
sl@0
|
52 |
* @param aSubjectCert We will compare the issuer altname of this certificate.
|
sl@0
|
53 |
* @param aIssuerCert We will compare the subject altname of this certificate.
|
sl@0
|
54 |
* @return
|
sl@0
|
55 |
* <UL>
|
sl@0
|
56 |
* <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
|
sl@0
|
57 |
* aIssuerCert</LI>
|
sl@0
|
58 |
* <LI>EFalse otherwise</LI>
|
sl@0
|
59 |
* </UL>
|
sl@0
|
60 |
*/
|
sl@0
|
61 |
TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
|
sl@0
|
62 |
};
|
sl@0
|
63 |
|
sl@0
|
64 |
/**
|
sl@0
|
65 |
* This class is used to retrieve the certificates from a store
|
sl@0
|
66 |
* It doesn't work with client base trust.
|
sl@0
|
67 |
*/
|
sl@0
|
68 |
class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
|
sl@0
|
69 |
{
|
sl@0
|
70 |
public:
|
sl@0
|
71 |
/**
|
sl@0
|
72 |
* Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
|
sl@0
|
73 |
* Initialize must be called after this function
|
sl@0
|
74 |
* @param aStore Reference to the cert store. The store is created with the default
|
sl@0
|
75 |
* filter intialized to retrieve certificate of CA type and of X509 format.
|
sl@0
|
76 |
* @return Initialized instance of this class.
|
sl@0
|
77 |
*/
|
sl@0
|
78 |
static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
|
sl@0
|
79 |
static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
|
sl@0
|
80 |
|
sl@0
|
81 |
/**
|
sl@0
|
82 |
* Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
|
sl@0
|
83 |
* Initialize must be called after this function
|
sl@0
|
84 |
* @param aStore Reference to the cert store. The store is created with the default
|
sl@0
|
85 |
* filter intialized to retrieve certificate of CA type and of X509 format.
|
sl@0
|
86 |
* @param aClient The UID for which the certificates are to be retrieved from the
|
sl@0
|
87 |
* cert store, This UID is also passed to the filter for retrieving the certificates
|
sl@0
|
88 |
* specific to this client UID.
|
sl@0
|
89 |
* @return Initialized instance of this class.
|
sl@0
|
90 |
*/
|
sl@0
|
91 |
|
sl@0
|
92 |
static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
|
sl@0
|
93 |
static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
|
sl@0
|
94 |
/**
|
sl@0
|
95 |
* This function does the actual listing of certificates based on the filter created.
|
sl@0
|
96 |
* It must be called after construction.
|
sl@0
|
97 |
* @param aStatus Standard parameter for asynchronous calling convention.
|
sl@0
|
98 |
*/
|
sl@0
|
99 |
void Initialize(TRequestStatus& aStatus);
|
sl@0
|
100 |
/**
|
sl@0
|
101 |
* This function returns a list of CA certificates that authenticate the
|
sl@0
|
102 |
* aSubject certificate.
|
sl@0
|
103 |
* @param aCandidates On return, this array contains the list of CA certificates
|
sl@0
|
104 |
* that can possibly be used to authenticate aSubject. The array owns the elements
|
sl@0
|
105 |
* and must take care of deleting them.
|
sl@0
|
106 |
*/
|
sl@0
|
107 |
virtual void CandidatesL(const CX509Certificate& aSubject,
|
sl@0
|
108 |
RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
|
sl@0
|
109 |
virtual void CancelCandidates();
|
sl@0
|
110 |
virtual void Release();
|
sl@0
|
111 |
virtual ~CPKIXCertsFromStore();
|
sl@0
|
112 |
|
sl@0
|
113 |
private:
|
sl@0
|
114 |
CPKIXCertsFromStore(MCertStore& aCertStore);
|
sl@0
|
115 |
CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
|
sl@0
|
116 |
void ConstructL();
|
sl@0
|
117 |
void ConstructL(TUid aClient);
|
sl@0
|
118 |
|
sl@0
|
119 |
public:
|
sl@0
|
120 |
void RunL();
|
sl@0
|
121 |
TInt RunError(TInt aError);
|
sl@0
|
122 |
void DoCancel();
|
sl@0
|
123 |
|
sl@0
|
124 |
private:
|
sl@0
|
125 |
void HandleEGetCertificateL();
|
sl@0
|
126 |
void HandleEAddCandidateL();
|
sl@0
|
127 |
void HandleECheckTrusted();
|
sl@0
|
128 |
|
sl@0
|
129 |
TBool IsDuplicateL(const CX509Certificate& aCertificate);
|
sl@0
|
130 |
|
sl@0
|
131 |
private:
|
sl@0
|
132 |
enum TState
|
sl@0
|
133 |
{
|
sl@0
|
134 |
EIdle = 0,
|
sl@0
|
135 |
EInitialize,
|
sl@0
|
136 |
ECheckTrusted,
|
sl@0
|
137 |
EGetCertificate,
|
sl@0
|
138 |
EAddCandidate,
|
sl@0
|
139 |
EEnd
|
sl@0
|
140 |
};
|
sl@0
|
141 |
|
sl@0
|
142 |
private:
|
sl@0
|
143 |
/**
|
sl@0
|
144 |
* The state used to know what must be done when executing
|
sl@0
|
145 |
* RunL().
|
sl@0
|
146 |
*/
|
sl@0
|
147 |
TState iState;
|
sl@0
|
148 |
|
sl@0
|
149 |
/**
|
sl@0
|
150 |
* The TRequestStatus that must be updated when the operation
|
sl@0
|
151 |
* requested by a user of this class has been
|
sl@0
|
152 |
* completed
|
sl@0
|
153 |
*/
|
sl@0
|
154 |
TRequestStatus *iOriginalRequestStatus;
|
sl@0
|
155 |
|
sl@0
|
156 |
TUid iClient;
|
sl@0
|
157 |
|
sl@0
|
158 |
CCertAttributeFilter *iFilter;
|
sl@0
|
159 |
|
sl@0
|
160 |
/**
|
sl@0
|
161 |
* iRootName is used for CandidateL
|
sl@0
|
162 |
*/
|
sl@0
|
163 |
const CX500DistinguishedName* iRootName;
|
sl@0
|
164 |
|
sl@0
|
165 |
/**
|
sl@0
|
166 |
* We don't own this
|
sl@0
|
167 |
*/
|
sl@0
|
168 |
const CX509Certificate* iSubject;
|
sl@0
|
169 |
|
sl@0
|
170 |
/**
|
sl@0
|
171 |
* We don't own this
|
sl@0
|
172 |
*/
|
sl@0
|
173 |
RPointerArray<CX509Certificate>* iCandidates;
|
sl@0
|
174 |
|
sl@0
|
175 |
/**
|
sl@0
|
176 |
* iCertData is used for CandidateL
|
sl@0
|
177 |
*/
|
sl@0
|
178 |
HBufC8* iCertData;
|
sl@0
|
179 |
|
sl@0
|
180 |
TPtr8* iCertPtr;
|
sl@0
|
181 |
|
sl@0
|
182 |
/**
|
sl@0
|
183 |
* iEntriesIndex is used for CandidateL
|
sl@0
|
184 |
*/
|
sl@0
|
185 |
TInt iEntriesIndex;
|
sl@0
|
186 |
|
sl@0
|
187 |
/**
|
sl@0
|
188 |
* Applies to certificate at iEntriesIndex - reflects trust setting
|
sl@0
|
189 |
*/
|
sl@0
|
190 |
TBool iIsTrusted;
|
sl@0
|
191 |
|
sl@0
|
192 |
/**
|
sl@0
|
193 |
* Used when listing certificates (filtered but not on trust).
|
sl@0
|
194 |
*/
|
sl@0
|
195 |
RMPointerArray<CCTCertInfo> iCertInfos;
|
sl@0
|
196 |
|
sl@0
|
197 |
MCertStore& iCertStore;
|
sl@0
|
198 |
};
|
sl@0
|
199 |
|
sl@0
|
200 |
class CPKIXCertsFromClient : public MPKIXCertSource
|
sl@0
|
201 |
{
|
sl@0
|
202 |
public:
|
sl@0
|
203 |
static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
|
sl@0
|
204 |
static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
|
sl@0
|
205 |
virtual void CandidatesL(const CX509Certificate& aSubject,
|
sl@0
|
206 |
RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
|
sl@0
|
207 |
virtual void CancelCandidates();
|
sl@0
|
208 |
virtual void Release();
|
sl@0
|
209 |
virtual ~CPKIXCertsFromClient();
|
sl@0
|
210 |
|
sl@0
|
211 |
private:
|
sl@0
|
212 |
CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
|
sl@0
|
213 |
|
sl@0
|
214 |
private:
|
sl@0
|
215 |
const RPointerArray<CX509Certificate>& iCerts;
|
sl@0
|
216 |
};
|
sl@0
|
217 |
|
sl@0
|
218 |
#endif
|