1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,610 @@
1.4 +/*
1.5 +* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +/**
1.23 + @file
1.24 + @publishedPartner
1.25 + @released
1.26 +*/
1.27 +
1.28 +#ifndef CMSSIGNEDOBJECT_H
1.29 +#define CMSSIGNEDOBJECT_H
1.30 +
1.31 +#include <cmsdefs.h>
1.32 +#include <signed.h>
1.33 +#include <cmscertchoice.h>
1.34 +
1.35 +class CCmsSignerInfo;
1.36 +class CDSAPrivateKey;
1.37 +class CRSAPrivateKey;
1.38 +class CCmsSignerIdentifier;
1.39 +class CCmsContentInfo;
1.40 +class CEncapsulatedContentInfo;
1.41 +class CX509Certificate;
1.42 +class CX509AlgorithmIdentifier;
1.43 +class CCmsCertificateChoice;
1.44 +class CASN1EncSequence;
1.45 +class CASN1EncBase;
1.46 +
1.47 +const TInt KCmsMaxSignedDataElements = 6;
1.48 +/**
1.49 + A representation of a RFC2630 (signed data) entity.
1.50 + */
1.51 +class CCmsSignedObject : public CSignedObject
1.52 + {
1.53 +public:
1.54 +
1.55 + /**
1.56 + Index of CMS object fields.
1.57 + */
1.58 + enum
1.59 + {
1.60 + /**
1.61 + Index of version field
1.62 + */
1.63 + EVersionNumber = 0,
1.64 +
1.65 + /**
1.66 + Index of digest algorithm set field
1.67 + */
1.68 + EDigestAlgorithms = 1,
1.69 +
1.70 + /**
1.71 + Index of encapsulated content info field
1.72 + */
1.73 + EEncapsulatedContentInfo = 2,
1.74 +
1.75 + /**
1.76 + Index of certificate set field
1.77 + */
1.78 + ECertificates = 3,
1.79 +
1.80 + /**
1.81 + Index of revocation list field
1.82 + */
1.83 + ERevocationLists = 4,
1.84 +
1.85 + /**
1.86 + Index of signer info set field
1.87 + */
1.88 + ESignedInfo = 5
1.89 + };
1.90 +
1.91 + /**
1.92 + Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by
1.93 + this API contains no signer info. SignL() method can be called to add more signer info.
1.94 + @param aType The type of the encapsulated content.
1.95 + @param aIsDetached A boolean indicating whether the encapsulated data is detached.
1.96 + @param aContentData The encapsulated data.
1.97 + If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave
1.98 + with KErrArgument.
1.99 + If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash
1.100 + value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.
1.101 + @return The fully constructed object.
1.102 + */
1.103 + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
1.104 + TBool aIsDetached,
1.105 + const TDesC8& aContentData);
1.106 +
1.107 + /**
1.108 + Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack.
1.109 + this API contains no signer info. SignL() method can be called to add more signer info.
1.110 + @param aType The type of the encapsulated content.
1.111 + @param aIsDetached A boolean indicating whether the encapsulated data is detached.
1.112 + @param aContentData The encapsulated data.
1.113 + If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave
1.114 + with KErrArgument.
1.115 + If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash
1.116 + value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.
1.117 + @return The fully constructed object.
1.118 + */
1.119 + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
1.120 + TBool aIsDetached,
1.121 + const TDesC8& aContentData);
1.122 +
1.123 + /**
1.124 + Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data
1.125 + as no data content is provided. The CMS signed data created by this API contains one signer info.
1.126 + SignL() method can be called to add more signer info.
1.127 + @param aType Encapsulated Content data type.
1.128 + @param aHashValue The hash value of the data content to be signed.
1.129 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.130 + @param aKey The DSA private key used to sign.
1.131 + @param aCert The signer's certificate.
1.132 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.133 + @return The fully constructed object.
1.134 + */
1.135 + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
1.136 + const TDesC8& aHashValue,
1.137 + TAlgorithmId aDigestAlgorithm,
1.138 + const CDSAPrivateKey& aKey,
1.139 + const CX509Certificate& aCert,
1.140 + TBool aAddCertificate);
1.141 +
1.142 + /**
1.143 + Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
1.144 + This API only creates detached signed data as no data content is provided. The CMS signed data
1.145 + created by this API contains one signer info. SignL() method can be called to add more signer info.
1.146 + @param aType Encapsulated Content data type.
1.147 + @param aHashValue The hash value of the data content to be signed.
1.148 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.149 + @param aKey The DSA private key used to sign.
1.150 + @param aCert The signer's certificate.
1.151 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.152 + @return The fully constructed object.
1.153 + */
1.154 + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
1.155 + const TDesC8& aHashValue,
1.156 + TAlgorithmId aDigestAlgorithm,
1.157 + const CDSAPrivateKey& aKey,
1.158 + const CX509Certificate& aCert,
1.159 + TBool aAddCertificate);
1.160 +
1.161 + /**
1.162 + Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data
1.163 + as no data content is provided. The CMS signed data created by this API contains one signer info.
1.164 + SignL() method can be called to add more signer info.
1.165 + @param aType Encapsulated Content data type.
1.166 + @param aHashValue The hash value of the data content to be signed.
1.167 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.168 + @param aKey The RSA private key used to sign.
1.169 + @param aCert aCert The signer's certificate.
1.170 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.171 + @return The fully constructed object.
1.172 + */
1.173 + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
1.174 + const TDesC8& aHashValue,
1.175 + TAlgorithmId aDigestAlgorithm,
1.176 + const CRSAPrivateKey& aKey,
1.177 + const CX509Certificate& aCert,
1.178 + TBool aAddCertificate);
1.179 +
1.180 + /**
1.181 + Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
1.182 + This API only creates detached signed data as no data content is provided. The CMS signed data
1.183 + created by this API contains one signer info. SignL() method can be called to add more signer info.
1.184 + @param aType Encapsulated Content data type.
1.185 + @param aHashValue The hash value of the data content to be signed.
1.186 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.187 + @param aKey The RSA private key used to sign.
1.188 + @param aCert The signer's certificate.
1.189 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.190 + @return The fully constructed object.
1.191 + */
1.192 + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
1.193 + const TDesC8& aHashValue,
1.194 + TAlgorithmId aDigestAlgorithm,
1.195 + const CRSAPrivateKey& aKey,
1.196 + const CX509Certificate& aCert,
1.197 + TBool aAddCertificate);
1.198 +
1.199 + /**
1.200 + Creates a CMS signed data object as defined in RFC2630.
1.201 + @param aContentInfo The CMS content info that contains the encoded signed object.
1.202 + @return The fully constructed object.
1.203 + */
1.204 + IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo);
1.205 +
1.206 + /**
1.207 + Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack.
1.208 + @param aContentInfo The CMS content info that contains the encoded signed object.
1.209 + @return The fully constructed object.
1.210 + */
1.211 + IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo);
1.212 +
1.213 +
1.214 + /**
1.215 + Creates one signature and adds it to the Signer info list. The signing certificate
1.216 + is added to the certificate list if the last boolean parameter aAddCertificate is true and
1.217 + it does not exist in the list. The digest algorithm is added to the digest algorithm list if it
1.218 + does not exist in the list. Calling this API multiple times will create multiple signatures.
1.219 + @param aHashValue The hash value to be signed. If this is an empty string,
1.220 + the content data to be signed must have been passed in via
1.221 + NewL method and hash value will be calculated by the implementation
1.222 + of this method.
1.223 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.224 + @param aKey the DSA private key used to sign.
1.225 + @param aCert the signer's certificate.
1.226 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.227 + @leave KErrArgument if no hash nor data content is provided.
1.228 + */
1.229 + IMPORT_C void SignL(const TDesC8& aHashValue,
1.230 + TAlgorithmId aDigestAlgorithm,
1.231 + const CDSAPrivateKey& aKey,
1.232 + const CX509Certificate& aCert,
1.233 + TBool aAddCertificate);
1.234 +
1.235 +
1.236 + /**
1.237 + Creates one signature and adds it to the Signer info list. The signing certificate
1.238 + is added to the certificate list if the last boolean parameter aAddCertificate is true and
1.239 + it does not exist in the list. The digest algorithm is added to the digest algorithm list if it
1.240 + does not exist in the list. Calling this API multiple times will create multiple signatures.
1.241 + @param aHashValue The hash value to be signed. If this is an empty string,
1.242 + the content data to be signed must have been passed in via
1.243 + NewL method and hash value will be calculated by the implementation
1.244 + of this method.
1.245 + @param aDigestAlgorithm The digest algorithm used to create the hash.
1.246 + @param aKey the RSA private key used to sign.
1.247 + @param aCert the signer's certificate.
1.248 + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
1.249 + @leave KErrArgument if no hash nor data content is provided.
1.250 + */
1.251 + IMPORT_C void SignL(const TDesC8& aHashValue,
1.252 + TAlgorithmId aDigestAlgorithm,
1.253 + const CRSAPrivateKey& aKey,
1.254 + const CX509Certificate& aCert,
1.255 + TBool aAddCertificate);
1.256 +
1.257 + /**
1.258 + Destructor
1.259 + */
1.260 + IMPORT_C ~CCmsSignedObject();
1.261 +
1.262 + /*
1.263 + virtual from signedobject class
1.264 + */
1.265 + IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
1.266 + IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;
1.267 + IMPORT_C virtual const TPtrC8 SignedDataL() const;
1.268 +
1.269 + /**
1.270 + Returns whether the certificate list exists.
1.271 + @return Boolean indicating whether the certificate list exists.
1.272 + */
1.273 + IMPORT_C TBool IsCertificateSetPresent() const;
1.274 +
1.275 + /**
1.276 + Returns whether the certificate revocation list exists.
1.277 + @return Boolean indicating whether the certificate Revocation list exists.
1.278 + */
1.279 + IMPORT_C TBool IsCertificateRevocationListsPresent() const;
1.280 +
1.281 + /**
1.282 + Returns the version of this CMS signed object.
1.283 + @return The version of this CMS signed object.
1.284 + */
1.285 + IMPORT_C TInt Version() const;
1.286 +
1.287 + /**
1.288 + Returns the employed algorithm list.
1.289 + @return The employed algorithm list reference.
1.290 + */
1.291 + IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;
1.292 +
1.293 + /**
1.294 + Returns the certificates list.
1.295 + @return The certificates list reference.
1.296 + */
1.297 + IMPORT_C const RPointerArray<CCmsCertificateChoice>& Certificates() const;
1.298 +
1.299 + /**
1.300 + Returns the encapsulated content info of this signed object.
1.301 + @return The encapsulated content info reference.
1.302 + */
1.303 + IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const;
1.304 +
1.305 +
1.306 + /**
1.307 + Retrieves the list of SignerInfo objects.
1.308 + @return The signer info list reference.
1.309 + */
1.310 + IMPORT_C const RPointerArray<CCmsSignerInfo>& SignerInfo() const;
1.311 +
1.312 +
1.313 + /**
1.314 + Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack.
1.315 + @return ASN1 sequence of this object.
1.316 + */
1.317 + IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
1.318 +
1.319 + /**
1.320 + Appends the X509 certificate to the certificate list.
1.321 + @param aCert The X509 certificate to be appended.
1.322 + */
1.323 + IMPORT_C void AddCertificateL(const CX509Certificate& aCert);
1.324 +
1.325 +
1.326 + /**
1.327 + Appends an encoded attribute certificate to the certificate list.
1.328 + @param aCert The encoded certificate to be appended.
1.329 + @param aType The type of the encoded certificate..
1.330 + */
1.331 + IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType);
1.332 +
1.333 + /**
1.334 + Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
1.335 + @param aSignerInfo The signer to be validated.
1.336 + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
1.337 + @leave KErrNotFound There is no matching certificate.
1.338 + @return Boolean that identifies whether the signer can be validated.
1.339 + */
1.340 + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);
1.341 +
1.342 + /**
1.343 + Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
1.344 + @param aSignerInfo The signer to be validated.
1.345 + @param aCertificates The certificate list provided by the user to validate the signature.
1.346 + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
1.347 + @return Boolean that identifies whether the signer can be validated.
1.348 + @leave KErrNotFound There is no matching certificate.
1.349 + */
1.350 + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding);
1.351 +
1.352 +
1.353 +
1.354 + /**
1.355 + Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
1.356 + @param aSignerInfo The signer to be validated.
1.357 + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
1.358 + @param aIsHash The flag represent if the next parameter is the hash of the data content.
1.359 + @param aContentDataOrHash the descriptor that contains the data content or its hash
1.360 + @leave KErrNotFound There is no matching certificate.
1.361 + @return Boolean that identifies whether the signer can be validated.
1.362 + */
1.363 + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
1.364 +
1.365 + /**
1.366 + Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
1.367 + @param aSignerInfo The signer to be validated.
1.368 + @param aCertificates The certificate list provided by the user to validate the signature.
1.369 + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
1.370 + @param aIsHash The flag represent if the next parameter is the hash of the data content.
1.371 + @param aContentDataOrHash the descriptor that contains the data content or its hash
1.372 + @return Boolean that identifies whether the signer can be validated.
1.373 + @leave KErrNotFound There is no matching certificate.
1.374 + */
1.375 + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
1.376 +
1.377 +
1.378 +private:
1.379 + /**
1.380 + Constructor
1.381 + */
1.382 + CCmsSignedObject();
1.383 +
1.384 +
1.385 +private:
1.386 + /**
1.387 + Second phase constructor for decoding a CMS signed data object
1.388 + @param aContentInfo the content info which contains the CMS signed data.
1.389 + */
1.390 + void ConstructL(const CCmsContentInfo& aContentInfo);
1.391 +
1.392 + /**
1.393 + Second phase constructor for constructing a CMS signed data object from data content.
1.394 + @param aType the encapsulated content info type.
1.395 + @param aIsDetached if the CMS signed data does not contains the data content being signed.
1.396 + @param aContentData the content data descriptor.
1.397 + */
1.398 + void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData);
1.399 +
1.400 + /**
1.401 + Second phase constructor for constructing a CMS signed data object from data content hash
1.402 + @param aType the encapsulated content info type.
1.403 + @param aHashValue the hash of the data content to create the signature.
1.404 + @param aDigestAlgorithm the digest algorithm.
1.405 + @param aKey the DSA private to create signature.
1.406 + @param aCert the signer's certficate
1.407 + @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
1.408 + */
1.409 + void ConstructL(TCmsContentInfoType aType,
1.410 + const TDesC8& aHashValue,
1.411 + TAlgorithmId aDigestAlgorithm,
1.412 + const CDSAPrivateKey& aKey,
1.413 + const CX509Certificate& aCert,
1.414 + TBool aAddCertificate);
1.415 + /**
1.416 + Second phase constructor for constructing a CMS signed data object from data content hash
1.417 + @param aType the encapsulated content info type.
1.418 + @param aHashValue the hash of the data content to create the signature.
1.419 + @param aDigestAlgorithm the digest algorithm.
1.420 + @param aKey the RSA private to create signature.
1.421 + @param aCert the signer's certficate
1.422 + @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
1.423 + */
1.424 + void ConstructL(TCmsContentInfoType aType,
1.425 + const TDesC8& aHashValue,
1.426 + TAlgorithmId aDigestAlgorithm,
1.427 + const CRSAPrivateKey& aKey,
1.428 + const CX509Certificate& aCert,
1.429 + TBool aAddCertificate);
1.430 + /**
1.431 + Append the algorithm to the algoritm list
1.432 + @param aDigestAlgorithm the algorithm ID.
1.433 + */
1.434 + void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm);
1.435 +
1.436 + /**
1.437 + Build the signer's identifier from the signer's certificate. If the signer's certificate
1.438 + contains the subject identifier extension, the signer identifier is subject id extension.
1.439 + otherwise, the signer identifier is isuuer name and serial number.
1.440 + @param aCert the signer's certificate.
1.441 + @return a CMS signer identifier instance pointer
1.442 + */
1.443 + CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert);
1.444 +
1.445 + /**
1.446 + Build the signer list, algorithm list and certificate list in the CMS signer data.
1.447 + @param aDigestAlgorithm the digest algorithm identifier.
1.448 + @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
1.449 + @param aValue the data content or its hash.
1.450 + @param aKey the DSA private used to sign.
1.451 + @param aCert the signer's certificate
1.452 + @param aAddCertificate the flag to represent if the certificate is added to the certificate set
1.453 + */
1.454 + void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
1.455 + TBool aIsHash,
1.456 + const TDesC8& aValue,
1.457 + const CDSAPrivateKey& aKey,
1.458 + const CX509Certificate& aCert,
1.459 + TBool aAddCertificate);
1.460 +
1.461 + /**
1.462 + Build the signer list, algorithm list and certificate list in the CMS signer data.
1.463 + @param aDigestAlgorithm the digest algorithm identifier.
1.464 + @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
1.465 + @param aValue the data content or its hash.
1.466 + @param aKey the RSA private used to sign.
1.467 + @param aCert the signer's certificate
1.468 + @param aAddCertificate the flag to represent if the certificate is added to the certificate set
1.469 + */
1.470 + void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
1.471 + TBool aIsHash,
1.472 + const TDesC8& aValue,
1.473 + const CRSAPrivateKey& aKey,
1.474 + const CX509Certificate& aCert,
1.475 + TBool aAddCertificate);
1.476 + /**
1.477 + Initialise the signed data base class members for the validation process.
1.478 + @param aRawData the raw data of the CMS signed data.
1.479 + */
1.480 + void InitSignedObjectL(const TDesC8& aRawData);
1.481 +
1.482 +
1.483 + /**
1.484 + Decode the CMS Signer data.
1.485 + @param aRawData the raw data of the CMS signed data.
1.486 + */
1.487 + void DecodeSignedDataL(const TDesC8& aRawData);
1.488 +
1.489 + /**
1.490 + Decode the digest algorithm set.
1.491 + @param the raw data of the algorithm list.
1.492 + */
1.493 + void DecodeDigestAlgorithmsL(const TDesC8& aRawData);
1.494 +
1.495 + /**
1.496 + Decode the encapsulated content info
1.497 + @param the raw data of the encapsulated content info.
1.498 + */
1.499 + void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData);
1.500 +
1.501 + /**
1.502 + Decode the certificate set.
1.503 + @param the raw data of the certificate list
1.504 + */
1.505 + void DecodeCertificatesL(const TDesC8& aRawData);
1.506 +
1.507 + /**
1.508 + Decode the certificate revocation set. Not implemented now!
1.509 + @param the raw data of the certificate revocation list.
1.510 + */
1.511 + void DecodeRevocationListsL(const TDesC8& aRawData);
1.512 +
1.513 + /**
1.514 + Decode the signer info set.
1.515 + @param the raw data of the certificate revocation list.
1.516 + */
1.517 + void DecodeSignerInfoL(const TDesC8& aRawData);
1.518 +
1.519 + /**
1.520 + Encode the certificate set
1.521 + @return the encoding of the certificate set
1.522 + */
1.523 + CASN1EncBase* EncodeCertificatesLC() const;
1.524 +
1.525 + /**
1.526 + Encode the algorithm set
1.527 + @return the encoding of the digest algorithm set
1.528 + */
1.529 + CASN1EncBase* EncodeAlgorithmsLC() const;
1.530 +
1.531 + /**
1.532 + Encode the signer info set
1.533 + @return the encoding of the certificate set
1.534 + */
1.535 + CASN1EncBase* EncodeSignerInfoLC() const;
1.536 +
1.537 + /**
1.538 + Validate the signature by the given certificate.
1.539 + @param aSignerInfo the signer info reference contains the signature
1.540 + @param aEndEntityCert the certificate used to create the signature.
1.541 + @return if the signature can be validated
1.542 + */
1.543 + TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);
1.544 +
1.545 + /**
1.546 + This function is called when validating a detached CMS signed object.
1.547 + It sets the data content being signed so that the signed data can be validated.
1.548 + @param aContentData The data content being signed.
1.549 + */
1.550 + void SetContentData(const TDesC8& aContentData);
1.551 +
1.552 + /**
1.553 + This function is called when validating a detached CMS signed object.
1.554 + It sets the hash being signed so that the signed data can be validated.
1.555 + @param aHash The hash being signed.
1.556 + */
1.557 + void SetHash(const TDesC8& aHash);
1.558 +
1.559 +
1.560 +private:
1.561 + /**
1.562 + Reprents if the certificate set is present
1.563 + */
1.564 + TBool iIsCertificateSetPresent;
1.565 +
1.566 + /**
1.567 + Reprents if the certificate revocationlisy is present
1.568 + */
1.569 + TBool iIsCertificateRevocationListsPresent;
1.570 +
1.571 + /**
1.572 + Version of the Signed object
1.573 + */
1.574 + TInt iVersion;
1.575 +
1.576 + /**
1.577 + Algorithm Set
1.578 + */
1.579 + RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;
1.580 +
1.581 + /**
1.582 + Encapsulated Content List
1.583 + */
1.584 + CEncapsulatedContentInfo* iContentInfo;
1.585 +
1.586 + /**
1.587 + Certificate Set
1.588 + */
1.589 + RPointerArray<CCmsCertificateChoice> iCertificates;
1.590 +
1.591 + /**
1.592 + Signer Info Set
1.593 + */
1.594 + RPointerArray<CCmsSignerInfo> iSignerInfo;
1.595 +
1.596 + /**
1.597 + Array of Encoded fields
1.598 + */
1.599 + TFixedArray<TPtrC8*, KCmsMaxSignedDataElements> iDataElements;
1.600 +
1.601 + /**
1.602 + The data content being signed
1.603 + */
1.604 + TPtrC8 iContentData;
1.605 +
1.606 + /**
1.607 + The Hash being signed
1.608 + */
1.609 + TPtrC8 iHash;
1.610 + };
1.611 +
1.612 +
1.613 +#endif //CMSSIGNEDOBJECT_H