MercurialSymaptic / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw
| help
os/security/cryptoservices/certificateandkeymgmt/inc/x509certchain.h
changeset 0 bde4ae8d615e
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/inc/x509certchain.h	Fri Jun 15 03:10:57 2012 +0200
     1.3 @@ -0,0 +1,183 @@
     1.4 +/*
     1.5 +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
     1.6 +* All rights reserved.
     1.7 +* This component and the accompanying materials are made available
     1.8 +* under the terms of the License "Eclipse Public License v1.0"
     1.9 +* which accompanies this distribution, and is available
    1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
    1.11 +*
    1.12 +* Initial Contributors:
    1.13 +* Nokia Corporation - initial contribution.
    1.14 +*
    1.15 +* Contributors:
    1.16 +*
    1.17 +* Description: 
    1.18 +* X509 certificate chain and the validation status implementations
    1.19 +*
    1.20 +*/
    1.21 +
    1.22 +
    1.23 +/**
    1.24 + @file 
    1.25 + @publishedAll
    1.26 + @released
    1.27 +*/
    1.28 + 
    1.29 +#ifndef __X509CERTCHAIN_H__
    1.30 +#define __X509CERTCHAIN_H__
    1.31 +
    1.32 +#include <e32std.h>
    1.33 +#include <x509cert.h>
    1.34 +#include <ct.h>
    1.35 +
    1.36 +class TValidationStatus
    1.37 +/** The validation status.
    1.38 +* 
    1.39 +* Some errors cannot be blamed on any single certificate, in which case the 
    1.40 +* iCert value is meaningless. The same structure is used for errors and for 
    1.41 +* warnings. 
    1.42 +* 
    1.43 +* @since v6.0 */
    1.44 +	{
    1.45 +public:
    1.46 +	/** Creates a validation status object.	
    1.47 +	* 
    1.48 +	* @param aError	The error type that occurred when validating the certificate chain.
    1.49 +	* @param aCert	The index number identifying the certificate that gave rise to 
    1.50 +	* 				the error. */
    1.51 +	IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert);
    1.52 +	
    1.53 +	/** The reason for the error. */
    1.54 +	TValidationError iReason;
    1.55 +	
    1.56 +	/** The index number identifying the certificate that gave rise to the error. */
    1.57 +	TInt iCert;
    1.58 +	};
    1.59 +
    1.60 +class CX509CertChain : public CBase
    1.61 +/** Abstract base class for X.509 certificate chain validation; 
    1.62 +* derive from this to suit your profile.
    1.63 +* 
    1.64 +* @since v6.0 */
    1.65 +	{
    1.66 +public:
    1.67 +	/** Gets the number of certificates in the chain.	
    1.68 +	* 
    1.69 +	* @return	The number of certificates in the chain. */
    1.70 +	IMPORT_C TInt Count() const;
    1.71 +	
    1.72 +	/** Gets the certificate identified by the specified index.
    1.73 +	* Note that Cert(Count()) corresponds to the root (if any)
    1.74 +	* whilst Cert(0) corresponds to the outmost certificate in the chain.
    1.75 +	*
    1.76 +	* @param aIndex	The ordinal number representing the position of the certificate 
    1.77 +	* 				within the chain.
    1.78 +	* @return		The X.509 certificate at the specified index. */
    1.79 +	IMPORT_C const CX509Certificate& Cert(TInt aIndex) const;
    1.80 +	
    1.81 +	/** Decodes the individual elements of the signed data to construct the certificates.
    1.82 +	* 
    1.83 +	* @param aBinaryData	The encoded binary representation.
    1.84 +	* @return				The certificate objects. */
    1.85 +	IMPORT_C CArrayPtrFlat<CX509Certificate>* DecodeCertsL(const TDesC8& aBinaryData);
    1.86 +	
    1.87 +	/** Destructor.
    1.88 +	* 
    1.89 +	* Frees all resources owned by the object, prior to its destruction. */
    1.90 +	IMPORT_C ~CX509CertChain();
    1.91 +
    1.92 +	/** Tests whether the specified X.509 certificate chain is equal to this X.509 
    1.93 +	* certificate chain.
    1.94 +	* 
    1.95 +	* @param aOther	The X.509 certificate chain to be compared.
    1.96 +	* @return		ETrue, if the certificate chains are equal;EFalse, otherwise. */
    1.97 +	IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const;
    1.98 +protected:
    1.99 +	//certificate chain
   1.100 +	CArrayPtrFlat<CX509Certificate>* iChain;
   1.101 +private:
   1.102 +	static void CleanupCertArray(TAny* aArray);
   1.103 +	};
   1.104 +	
   1.105 +class CCertificateValidationWarnings : public CBase
   1.106 +	/** Encapsulates the critical extensions encountered and any warnings found
   1.107 +	* for a particular certificate in the chain during the process of validation.
   1.108 +	* 
   1.109 +	* @since v9.5 */
   1.110 +		{
   1.111 +	public:
   1.112 +		/** Creates an instance of CCertificateValidationWarnings.
   1.113 +		* 
   1.114 +		* @param aIndex	The index of aCert in the certificate chain.
   1.115 +		* @return	A pointer to the new CCertificateWarning object. */	
   1.116 +		IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex);
   1.117 +
   1.118 +		/** Creates an instance of CCertificateValidationWarnings.
   1.119 +		* 
   1.120 +		* @param aIndex	The index of aCert in the certificate chain.
   1.121 +		* @return	A pointer to the new CCertificateWarning object. */	
   1.122 +		IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex);		
   1.123 +		
   1.124 +		/** Gets a list of critical extension OIDs found in the certificate.
   1.125 +		* 
   1.126 +		* @return	An array of critical extensions found. */		
   1.127 +		IMPORT_C const RPointerArray<TDesC>& CriticalExtensionsFound() const;
   1.128 +		
   1.129 +		/** Gets a list of warnings generated by the certificate.
   1.130 +		* 
   1.131 +		* @return	An array of warnings generated. */	
   1.132 +		IMPORT_C const RArray<TValidationStatus>& Warnings() const;
   1.133 +		
   1.134 +		/** Gets the index of the certificate in the chain.
   1.135 +		* 
   1.136 +		* @return	The certificate index number. */		
   1.137 +		IMPORT_C TInt CertIndex() const;
   1.138 +		
   1.139 +		/** Externalises an object of this class to a write stream.
   1.140 +		* 
   1.141 +		* The presence of this function means that the standard templated operator<<() 
   1.142 +		* can be used to externalise objects of this class.
   1.143 +		* 
   1.144 +		* @param aStream    Stream to which the object should be externalised. */
   1.145 +		IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
   1.146 +		
   1.147 +		/** Internalises an object of this class from a read stream.
   1.148 +		* 
   1.149 +		* The presence of this function means that the standard templated operator>>() 
   1.150 +		* can be used to internalise objects of this class.
   1.151 +		* 
   1.152 +		* Note that this function has assignment semantics: it replaces the old value 
   1.153 +		* of the object with a new value read from the read stream. 
   1.154 +		* 
   1.155 +		* @param aStream    Stream from which the object should be internalised. 
   1.156 +		* @return A pointer to the new CCertificateWarning object. */
   1.157 +		IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream);
   1.158 +		
   1.159 +		/** The destructor.
   1.160 +		* 
   1.161 +		* Frees all resources owned by the object. */
   1.162 +		IMPORT_C ~CCertificateValidationWarnings();
   1.163 +		
   1.164 +	public:
   1.165 +		/** Adds a warning.
   1.166 +		* 
   1.167 +	    */
   1.168 +		IMPORT_C void AppendWarningL(TValidationStatus aWarning);
   1.169 +		
   1.170 +		/** Adds a critical extension OID warning.
   1.171 +		* 
   1.172 +		*/
   1.173 +		IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt);
   1.174 +		
   1.175 +	private:
   1.176 +		CCertificateValidationWarnings(TInt aIndex);
   1.177 +	
   1.178 +	private:
   1.179 +		TInt iCertIndex;
   1.180 +		RPointerArray<TDesC> iCriticalExtsFound;
   1.181 +		RArray<TValidationStatus> iWarnings;
   1.182 +		};
   1.183 +
   1.184 +#endif
   1.185 +
   1.186 +
Symaptic