1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/inc/pkcs12bags.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,454 @@
1.4 +/*
1.5 +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +/**
1.23 + @file
1.24 + @publishedPartner
1.25 + @released
1.26 +*/
1.27 +
1.28 +#ifndef __PKCS12_BAGS_H__
1.29 +#define __PKCS12_BAGS_H__
1.30 +
1.31 +#include <asn1dec.h>
1.32 +#include <signed.h>
1.33 +#include <asnpkcs.h>
1.34 +#include <pkcs12kdf.h>
1.35 +#include <pkcs12safebag.h>
1.36 +#include <pkcs12attribute.h>
1.37 +#include <pkcs7contentinfo_v2.h>
1.38 +#include <pkcs7encrypteddataobject.h>
1.39 +
1.40 +namespace PKCS12
1.41 +{
1.42 +/** Object identifier for KeyBag */
1.43 +_LIT(KPkcs12KeyBagOID, "1.2.840.113549.1.12.10.1.1");
1.44 +
1.45 +/** Object identifier for ShroudedKeyBag */
1.46 +_LIT(KPkcs12ShroudedKeyBagOID, "1.2.840.113549.1.12.10.1.2");
1.47 +
1.48 +/** Object identifier for CertBag */
1.49 +_LIT(KPkcs12CertBagOID, "1.2.840.113549.1.12.10.1.3");
1.50 +
1.51 +/** Object identifier for CrlBag */
1.52 +_LIT(KPkcs12CrlBagOID, "1.2.840.113549.1.12.10.1.4");
1.53 +
1.54 +/** Object identifier for SecretBag */
1.55 +_LIT(KPkcs12SecretBagOID, "1.2.840.113549.1.12.10.1.5");
1.56 +
1.57 +/** Object identifier for SafeContentsBag */
1.58 +_LIT(KPkcs12SafeContentsBagOID, "1.2.840.113549.1.12.10.1.6");
1.59 +
1.60 +/** Object identifier for x509 certificate */
1.61 +_LIT(KX509CertificateOID,"1.2.840.113549.1.9.22.1");
1.62 +
1.63 +/**
1.64 + This class decodes the KeyBag present in the SafeBag.
1.65 + It has a method to get the PrivatKeyInfo
1.66 + */
1.67 +class CDecPkcs12KeyBag : public CDecPkcs12SafeBag
1.68 + {
1.69 +public:
1.70 + /**
1.71 + Creates a new PKCS#12KeyBag object.
1.72 +
1.73 + @param aSafeBagData Contains a PKCS#12 SafeBag Structure.
1.74 + @return A pointer to the newly allocated object.
1.75 + @leave KErrAgrument if the data is not a sequence or class tag name
1.76 + is not Universal and if iPrivateKeyInfo is NULL.
1.77 + */
1.78 + IMPORT_C static CDecPkcs12KeyBag* NewL(const TDesC8& aSafeBagData);
1.79 +
1.80 + /**
1.81 + The PrivateKey information present in the KeyBag.
1.82 + The returned ASN1 sequence respects the following grammar:
1.83 +
1.84 + PrivateKeyInfo ::= SEQUENCE {
1.85 + version Version,
1.86 + privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
1.87 + privateKey PrivateKey,
1.88 + attributes [0] IMPLICIT Attributes OPTIONAL }
1.89 +
1.90 + Version ::= INTEGER
1.91 + PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
1.92 + PrivateKey ::= OCTET STRING
1.93 + Attributes ::= SET OF Attribute
1.94 +
1.95 + @return A pointer to a CDecPKCS8Data object. Ownership of memory is transferred
1.96 + to the caller.
1.97 + @see CDecPKCS8Data
1.98 + */
1.99 + IMPORT_C CDecPKCS8Data* PrivateKeyInfoL() const;
1.100 +
1.101 + /**
1.102 + Destructor.
1.103 + */
1.104 + virtual ~CDecPkcs12KeyBag();
1.105 +
1.106 +private:
1.107 + /**
1.108 + Decodes the entire KeyBag structure.
1.109 + @param aSafeBagData Contains a PKCS#12 SafeBag Structure.
1.110 + @leave KErrAgrument if the data is not a sequence or class tag name
1.111 + is not Universal and if iPrivateKeyInfo is NULL.
1.112 + @see TASN1DecPKCS8
1.113 + */
1.114 + void ConstructL(const TDesC8& aSafeBagData);
1.115 +
1.116 + /**
1.117 + Constructor.
1.118 + */
1.119 + CDecPkcs12KeyBag();
1.120 +
1.121 + /**
1.122 + Copy Constructor.
1.123 + @param aDecPkcs12keyBag A CDecPkcs12KeyBag object.
1.124 + */
1.125 + CDecPkcs12KeyBag(const CDecPkcs12KeyBag& aDecPkcs12keyBag);
1.126 +
1.127 + /**
1.128 + Assignment operator.
1.129 + @param aDecPkcs12keyBag A CDecPkcs12KeyBag object.
1.130 + @return A CDecPkcs12KeyBag class.
1.131 + */
1.132 + CDecPkcs12KeyBag& operator=(const CDecPkcs12KeyBag& aDecPkcs12keyBag);
1.133 +};
1.134 +
1.135 +
1.136 +/**
1.137 + This class decodes the ShroudedKeyBag present in the SafeBag.
1.138 + It has a method to get the PrivatKeyInfo
1.139 + */
1.140 +class CDecPkcs12ShroudedKeyBag : public CDecPkcs12SafeBag
1.141 + {
1.142 +public:
1.143 + /**
1.144 + Creates a new PKCS#12KeyBag object.
1.145 +
1.146 + @param aSafeBagData Contains a PKCS#12 shroudedKeyBag structure.
1.147 + @return A pointer to the newly allocated object.
1.148 + @leave KErrAgrument if the data is not safeBag structure.
1.149 + */
1.150 + IMPORT_C static CDecPkcs12ShroudedKeyBag* NewL(const TDesC8& aSafeBagData);
1.151 +
1.152 + /**
1.153 + The PrivateKey Information present in the ShroudKeyBag.
1.154 + Below is the ASN.1 sequence.
1.155 +
1.156 + ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
1.157 +
1.158 + AlgorithmIdentifier: A type that identifies an algorithm (by object identifier) and associated parameters
1.159 + AlgorithmIdentifier ::= SEQUENCE
1.160 + {
1.161 + algorithm ALGORITHM.&id({SupportedAlgorithms}),
1.162 + parameters ALGORITHM.&Type({SupportedAlgorithms}{@ algorithm}) OPTIONAL
1.163 + }
1.164 +
1.165 + @return A pointer to a CDecPKCS8Data object. Ownership is transferred to the caller.
1.166 + @leave KErrAgrument if the data is not a sequence or class tag name
1.167 + is not Universal.
1.168 + @leave KErrNotSupported if otherthan PKCS12 pbeIds.
1.169 + @leave KErrGeneral if the decryption of the final part length is less than 0.
1.170 + @see TASN1DecPKCS5, CPBEncryptElement, PKCS12KDF, CPBDecryptor, CDecPKCS8Data.
1.171 + */
1.172 + IMPORT_C CDecPKCS8Data* PrivateKeyInfoL(TDesC& aPassword) const;
1.173 +
1.174 + /**
1.175 + Destructor.
1.176 + */
1.177 + virtual ~CDecPkcs12ShroudedKeyBag();
1.178 +
1.179 +private:
1.180 + /**
1.181 + This decodes the entire KeyBag structure.
1.182 + @param aSafeBagData Contains a PKCS#12 shroudedKeyBag Structure.
1.183 + @leave KErrAgrument if the data is not a sequence or class tag name
1.184 + is not Universal.
1.185 + @see TASN1DecPKCS8
1.186 + */
1.187 + void ConstructL(const TDesC8& aSafeBagData);
1.188 +
1.189 + /**
1.190 + Constructor.
1.191 + */
1.192 + CDecPkcs12ShroudedKeyBag();
1.193 +
1.194 + /**
1.195 + Copy Constructor.
1.196 + @param aDecPkcs12ShroudedKeyBag A CDecPkcs12ShroudedKeyBag object.
1.197 + @return A CDecPkcs12ShroudedKeyBag class.
1.198 + */
1.199 + CDecPkcs12ShroudedKeyBag(const CDecPkcs12ShroudedKeyBag& aDecPkcs12ShroudedKeyBag);
1.200 +
1.201 + /**
1.202 + Assignment operator.
1.203 + @param aDecPkcs12ShroudedKeyBag A CDecPkcs12ShroudedKeyBag object.
1.204 + */
1.205 + CDecPkcs12ShroudedKeyBag& operator=(const CDecPkcs12ShroudedKeyBag& aDecPkcs12ShroudedKeyBag);
1.206 + };
1.207 +
1.208 +
1.209 +/**
1.210 + This class decodes the CertBag
1.211 + It has methods to get the CertId and the CertValue present in the CertBag
1.212 + The X509Certificate() method returns the x509 certificate
1.213 + in case the CertId is x509
1.214 + */
1.215 +class CDecPkcs12CertBag : public CDecPkcs12SafeBag
1.216 + {
1.217 +public:
1.218 + /**
1.219 + Creates a new PKCS#12CertBag object.
1.220 +
1.221 + @param aCertBagData contains a PKCS#12 CertBag Structure.
1.222 + @leave KErrArgument if the data is not a sequence or class tag name
1.223 + is not Universal.
1.224 + @leave KErrNotSupported if otherthan X509 certificate is present.
1.225 + @return A pointer to the newly allocated object.
1.226 + */
1.227 + IMPORT_C static CDecPkcs12CertBag* NewL(const TDesC8& aCertBagData);
1.228 +
1.229 + /**
1.230 + This method returns the OID present in the certId field of CertBag sequence.
1.231 + @return Returns OID present in the certId feild of CertBag sequence
1.232 + */
1.233 + IMPORT_C const TDesC& CertId() const;
1.234 +
1.235 + /**
1.236 + This method returns the DER encoded certValue present in the CertBag sequence.
1.237 + @return The DER encoded certValue present in the CertBag sequence.
1.238 + @see X509Certificate
1.239 + */
1.240 + IMPORT_C const TDesC8& CertValue() const;
1.241 +
1.242 + /**
1.243 + This method returns the decoded x509 certificate.
1.244 + @return Returns a pointer to a CX509Certificate object if the certificate of type
1.245 + X509; otherwise, null is returned. Ownership of memory is transferred to the caller.
1.246 + @see CertValue
1.247 + */
1.248 + IMPORT_C CX509Certificate* X509CertificateL() const;
1.249 +
1.250 + /**
1.251 + Destructor.
1.252 + */
1.253 + virtual ~CDecPkcs12CertBag();
1.254 +private:
1.255 + /**
1.256 + This decodes the entire CertBag structure.
1.257 + @param aCertBagData contains a PKCS#12 CertBag Structure.
1.258 + @leave KErrArgument if the data is not a sequence or class tag name
1.259 + is not Universal.
1.260 + @see CDecPkcs12SafeBag, CX509Certificate.
1.261 + */
1.262 + void ConstructL(const TDesC8& aCertBagData);
1.263 +
1.264 + /**
1.265 + Constructor.
1.266 + */
1.267 + CDecPkcs12CertBag();
1.268 +
1.269 + /**
1.270 + Copy Constructor.
1.271 + @param aDecPkcs12CertBag A CDecPkcs12CertBag object.
1.272 + */
1.273 + CDecPkcs12CertBag(const CDecPkcs12CertBag& aDecPkcs12CertBag);
1.274 +
1.275 + /**
1.276 + Assignment operator.
1.277 + @param aDecPkcs12CertBag A CDecPkcs12CertBag object.
1.278 + @return A CDecPkcs12CertBag class.
1.279 + */
1.280 + CDecPkcs12CertBag& operator=(const CDecPkcs12CertBag& aDecPkcs12CertBag);
1.281 +
1.282 +private:
1.283 + /** Contains Object identifier indicating the certificate type*/
1.284 + HBufC* iCertId;
1.285 +
1.286 + /** Contains the certificate which is encoded and is an OCTET String */
1.287 + TPtrC8 iCertValue;
1.288 + };
1.289 +
1.290 +/**
1.291 + Decodes the SafeContents bag present within a SafeBag and
1.292 + returns an array of Safebags present within this SafeContents bag.
1.293 + */
1.294 +class CDecPkcs12SafeContentsBag : public CDecPkcs12SafeBag
1.295 + {
1.296 +public:
1.297 + /**
1.298 + Creates a new PKCS#12SafeContentsBag object.
1.299 +
1.300 + @param aSafeContentsBagData Contains a PKCS#12 SafeBag structure.
1.301 + @return A pointer to the newly allocated object.
1.302 + @leave KErrArgument if the data is not a sequence or class tag name
1.303 + is not Universal.
1.304 + */
1.305 + IMPORT_C static CDecPkcs12SafeContentsBag* NewL(const TDesC8& aSafeContentsBagData);
1.306 + /**
1.307 + The SafeContents Bag contains one or more Safe Bags in it.This
1.308 + method returns the reference to all these SafeBags.
1.309 +
1.310 + @return An array of SafeBags present within the SafeContentsBag
1.311 + */
1.312 + IMPORT_C const RPointerArray<CDecPkcs12SafeBag>& SafeBags() const;
1.313 +
1.314 + /**
1.315 + Destructor.
1.316 + */
1.317 + virtual ~CDecPkcs12SafeContentsBag();
1.318 +
1.319 +private:
1.320 + /**
1.321 + This decodes the entire SafeContentsBag structure.
1.322 + @param aSafeContentsBagData Contains a PKCS#12 SafeBag structure.
1.323 + @leave KErrArgument if the data is not a sequence or class tag name
1.324 + is not Universal.
1.325 + @see CDecPkcs12SafeBag
1.326 + */
1.327 + void ConstructL(const TDesC8& aSafeContentsBagData);
1.328 +
1.329 + /**
1.330 + Constructor.
1.331 + */
1.332 + CDecPkcs12SafeContentsBag();
1.333 +
1.334 + /**
1.335 + Copy Constructor.
1.336 + @param aDecPkcs12SafeContentsBag A CDecPkcs12SafeContentsBag object.
1.337 + */
1.338 + CDecPkcs12SafeContentsBag(const CDecPkcs12SafeContentsBag& aDecPkcs12SafeContentsBag);
1.339 +
1.340 + /**
1.341 + Assignment operator.
1.342 + @param aDecPkcs12SafeContentsBag A CDecPkcs12SafeContentsBag object.
1.343 + @return A reference to CDecPkcs12SafeContentsBag class.
1.344 + */
1.345 + CDecPkcs12SafeContentsBag& operator=(const CDecPkcs12SafeContentsBag& aDecPkcs12SafeContentsBag);
1.346 +
1.347 +private:
1.348 + /** Contains an array of SafeBags present within the SafeContents Bag */
1.349 + RPointerArray<CDecPkcs12SafeBag> iSafeBags;
1.350 + };
1.351 +
1.352 +class CDecPkcs12SafeContents : public CBase
1.353 + {
1.354 +public:
1.355 + /**
1.356 + Creates a new CDecPkcs12SafeContents object for plain Data.
1.357 +
1.358 + @param aSafeContentsBagData Contains a PKCS#7 ContentInfo Structure.
1.359 + @return A pointer to the newly allocated object.
1.360 + @leave KErrArgument if the data is not a sequence or class tag name
1.361 + is not Universal.
1.362 + */
1.363 + IMPORT_C static CDecPkcs12SafeContents* NewL(const CPKCS7ContentInfo& aSafeContentsBagData);
1.364 +
1.365 + /**
1.366 + Creates a new CDecPkcs12SafeContents object for Encrypted Data.
1.367 +
1.368 + @param aSafeContentsBagData Contains a PKCS#7 ContentInfo Structure.
1.369 + @param aPassword aPassword is the password used for decryption.
1.370 + @return A pointer to the newly allocated object.
1.371 + @leave KErrArgument if the data is not a sequence or class tag name
1.372 + is not Universal.
1.373 + */
1.374 + IMPORT_C static CDecPkcs12SafeContents* NewL(const CPKCS7ContentInfo& aSafeContentsBagData, const TDesC& aPassword);
1.375 +
1.376 + /**
1.377 + Creates a new CDecPkcs12SafeContents object for Enveloped Data.
1.378 + The class doesn't support the public key privacy mode if the
1.379 + ContentInfo contains an EnvelopedData object.Client should decrypt
1.380 + the Envelope Data. A recipient opens the envelope by decrypting the
1.381 + one of the encrypted content-encryption keys with the recipient's
1.382 + private key and decrypts the encrypted content with the recovered
1.383 + content-encryption key and pass the plain data.
1.384 + @param aSafeContentsBagData Contains a PKCS#7 ContentInfo Structure ContentData.
1.385 + @return A pointer to the newly allocated object.
1.386 + @leave KErrArgument if the data is not a sequence or class tag name
1.387 + is not Universal.
1.388 + */
1.389 + IMPORT_C static CDecPkcs12SafeContents* NewL(const TDesC8& aSafeContentsBagData);
1.390 +
1.391 + /**
1.392 + The method returns the plain data.
1.393 + @return A pointer to descriptor containing decrypted data.
1.394 + Returns NULL pointer if the decrypted data is not present.
1.395 + */
1.396 + IMPORT_C const TDesC8* DecryptedData() const;
1.397 +
1.398 + /**
1.399 + The method returns array of safebags objects.
1.400 + @return A pointer to array of safeBag objects.
1.401 + */
1.402 + IMPORT_C const RPointerArray<CDecPkcs12SafeBag>& SafeContentsBags() const;
1.403 +
1.404 + /**
1.405 + Destructor.
1.406 + */
1.407 + virtual ~CDecPkcs12SafeContents();
1.408 +
1.409 +private:
1.410 + /**
1.411 + These objects represents the SafeBag Sequences present in the
1.412 + SafeContents Bag Sequence.
1.413 +
1.414 + @param aSafeContent Contains data to decode the bags.
1.415 + @leave KErrArgument if the aSafeContent is not a Sequence and class tag is not Universal.
1.416 + @leave KErrNotSupported if any bag otherthan keyBag, shroudedKeyBag,CertBag,CRLBag,SecretBag
1.417 + and SafeContentBag.
1.418 + @see CDecPkcs12SafeBag
1.419 + */
1.420 + void ConstructL(const TDesC8& aSafeContent);
1.421 +
1.422 + /**
1.423 + This method decrypts the encrypted information.
1.424 + @param aContentInfo Contains a PKCS#7 ContentInfo Structure.
1.425 + @param aPassword is the password used for decryption.
1.426 + */
1.427 + void DecodeEncryptedDataL(const CPKCS7ContentInfo& aContentInfo, const TDesC& aPassword);
1.428 +
1.429 + /**
1.430 + Constructor.
1.431 + */
1.432 + CDecPkcs12SafeContents();
1.433 +
1.434 + /**
1.435 + Copy Constructor.
1.436 + @param aDecPkcs12SafeContents A CDecPkcs12SafeContents object.
1.437 + */
1.438 + CDecPkcs12SafeContents(const CDecPkcs12SafeContents& aDecPkcs12SafeContents);
1.439 +
1.440 + /**
1.441 + Assignment operator.
1.442 + @param aDecPkcs12SafeContents A CDecPkcs12SafeContents object.
1.443 + @return A reference to CDecPkcs12SafeContents class.
1.444 + */
1.445 + CDecPkcs12SafeContents& operator=(const CDecPkcs12SafeContents& aDecPkcs12SafeContents);
1.446 +
1.447 +
1.448 +private:
1.449 + /** Contains an array of SafeBags objects */
1.450 + RPointerArray<CDecPkcs12SafeBag> iSafeBags;
1.451 +
1.452 + /** Contains plain data */
1.453 + HBufC8* iDecryptedData;
1.454 +
1.455 + };
1.456 +} // namespace PKCS12
1.457 +#endif // __PKCS12BAGS_H__