sl@0
|
1 |
/*
|
sl@0
|
2 |
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
3 |
* All rights reserved.
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
8 |
*
|
sl@0
|
9 |
* Initial Contributors:
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
sl@0
|
11 |
*
|
sl@0
|
12 |
* Contributors:
|
sl@0
|
13 |
*
|
sl@0
|
14 |
* Description:
|
sl@0
|
15 |
* CPKIXValidationState class implementation
|
sl@0
|
16 |
*
|
sl@0
|
17 |
*/
|
sl@0
|
18 |
|
sl@0
|
19 |
|
sl@0
|
20 |
/**
|
sl@0
|
21 |
@file
|
sl@0
|
22 |
@internalTechnology
|
sl@0
|
23 |
*/
|
sl@0
|
24 |
|
sl@0
|
25 |
#if !defined (__PKIXCERTSTATE_H__)
|
sl@0
|
26 |
#define __PKIXCERTSTATE_H__
|
sl@0
|
27 |
|
sl@0
|
28 |
#include <e32std.h>
|
sl@0
|
29 |
#include <x509cert.h>
|
sl@0
|
30 |
#include <x509certchain.h>
|
sl@0
|
31 |
#include <x509certext.h>
|
sl@0
|
32 |
#include <x509gn.h>
|
sl@0
|
33 |
|
sl@0
|
34 |
/*this class has no brains at all. all it does it act as a container for
|
sl@0
|
35 |
state information needed when processing a certificate chain according to
|
sl@0
|
36 |
the PKIX algorithm. it gets passed around among the classes which use it.
|
sl@0
|
37 |
the classes which use it are all friends 'cos that seems neater than making
|
sl@0
|
38 |
all its data public or including 500 accessors*/
|
sl@0
|
39 |
|
sl@0
|
40 |
class CPKIXCertChainAO;
|
sl@0
|
41 |
|
sl@0
|
42 |
class CPKIXValidationState : public CBase
|
sl@0
|
43 |
{
|
sl@0
|
44 |
friend class CPKIXCertChainAO;
|
sl@0
|
45 |
friend class TPKIXPolicyConstraint;
|
sl@0
|
46 |
friend class TPKIXNameConstraint;
|
sl@0
|
47 |
friend class TPKIXBasicConstraint;
|
sl@0
|
48 |
friend class TPKIXKeyUsageConstraint;
|
sl@0
|
49 |
public:
|
sl@0
|
50 |
static CPKIXValidationState* NewL( const TTime aValidationTime, TInt aChainLength,
|
sl@0
|
51 |
const CArrayPtr<HBufC>* aInitialPolicies);
|
sl@0
|
52 |
static CPKIXValidationState* NewLC( const TTime aValidationTime, TInt aChainLength,
|
sl@0
|
53 |
const CArrayPtr<HBufC>* aInitialPolicies);
|
sl@0
|
54 |
~CPKIXValidationState();
|
sl@0
|
55 |
private:
|
sl@0
|
56 |
CPKIXValidationState( const TTime aValidationTime, TInt aChainLength,
|
sl@0
|
57 |
const CArrayPtr<HBufC>* aInitialPolicies);
|
sl@0
|
58 |
void ConstructL();
|
sl@0
|
59 |
private:
|
sl@0
|
60 |
const TTime iValidationTime;
|
sl@0
|
61 |
TInt iPolicyMapping;
|
sl@0
|
62 |
TInt iPolicyRequired;
|
sl@0
|
63 |
TInt iMaxPathLength;
|
sl@0
|
64 |
TInt iPos;
|
sl@0
|
65 |
|
sl@0
|
66 |
// TBool iAnyUserPolicy;
|
sl@0
|
67 |
TBool iAnyAuthorityPolicy;
|
sl@0
|
68 |
|
sl@0
|
69 |
const CArrayPtr<HBufC>* iUserConstrainedPolicies;
|
sl@0
|
70 |
CArrayPtrFlat<CX509CertPolicyInfo>* iAuthorityConstrainedPolicies;
|
sl@0
|
71 |
|
sl@0
|
72 |
CArrayPtrFlat<HBufC>* iUserPolicies;
|
sl@0
|
73 |
CArrayPtrFlat<CX509PolicyMapping>* iMappedPolicies;
|
sl@0
|
74 |
CArrayPtrFlat<CX500DistinguishedName>* iExcludedDNSubtrees;
|
sl@0
|
75 |
CArrayPtrFlat<CX500DistinguishedName>* iPermittedDNSubtrees;
|
sl@0
|
76 |
//these are all just to deal with name constraints on alt names
|
sl@0
|
77 |
//can you believe it?
|
sl@0
|
78 |
CArrayPtrFlat<CX509DomainName>* iExcludedRFC822Subtrees;
|
sl@0
|
79 |
CArrayPtrFlat<CX509DomainName>* iPermittedRFC822Subtrees;
|
sl@0
|
80 |
CArrayPtrFlat<CX509DomainName>* iExcludedDNSNameSubtrees;
|
sl@0
|
81 |
CArrayPtrFlat<CX509DomainName>* iPermittedDNSNameSubtrees;
|
sl@0
|
82 |
CArrayPtrFlat<CX509IPSubnetMask>* iExcludedIPAddressSubtrees;
|
sl@0
|
83 |
CArrayPtrFlat<CX509IPSubnetMask>* iPermittedIPAddressSubtrees;
|
sl@0
|
84 |
CArrayPtrFlat<CX509CertExtension>* iCriticalExts;
|
sl@0
|
85 |
};
|
sl@0
|
86 |
|
sl@0
|
87 |
#endif
|