1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcertchainao.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,158 @@
1.4 +/*
1.5 +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* CPKIXCertChainAO class implementation
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 + @internalTechnology
1.26 +*/
1.27 +
1.28 +#ifndef __PKIXCERTCHAINAO_H__
1.29 +#define __PKIXCERTCHAINAO_H__
1.30 +
1.31 +#include <e32base.h>
1.32 +#include "pkixcerts.h"
1.33 +#include "pkixchainbuilder.h"
1.34 +#include "pkixcertstate.h"
1.35 +#include <x509cert.h>
1.36 +#include <x509certext.h>
1.37 +#include <x509gn.h>
1.38 +#include <pkixcertchain.h>
1.39 +
1.40 +class CPKIXCertChainBase;
1.41 +
1.42 +/**
1.43 + * This class handles the asynchronous part of the pkix chain validation. It
1.44 + * is an active object which handles the asynchronous certificate store operations.
1.45 + */
1.46 +class CPKIXCertChainAO : public CActive
1.47 +{
1.48 +public:
1.49 + static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
1.50 + const RPointerArray<CX509Certificate>& aRootCerts);
1.51 + static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
1.52 + const TUid aClient);
1.53 + virtual ~CPKIXCertChainAO();
1.54 +
1.55 +private:
1.56 + CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);
1.57 + CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);
1.58 + void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);
1.59 +
1.60 +public:
1.61 + void RunL();
1.62 + TInt RunError(TInt aError);
1.63 + void DoCancel();
1.64 +
1.65 +private:
1.66 + void HandleEStoreManagerInitializationL();
1.67 + void HandleEStoreManagerInitializedL();
1.68 + void HandleEAddRootsL();
1.69 + void HandleERootsInitializedL();
1.70 + void HandleEBuildChainStartL();
1.71 + void HandleEBuildChainAddCandidateEndL();
1.72 + void HandleEBuildChainCertsFromStoreBeginL();
1.73 + void HandleEBuildChainCertsFromStoreEndL();
1.74 + void HandleEAddCandidateIntermediateCertsEndL();
1.75 + void HandleEValidateEndL();
1.76 +
1.77 + // Request functions
1.78 +public:
1.79 + void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
1.80 + const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);
1.81 + void CancelValidate();
1.82 +
1.83 +private:
1.84 + void InitParamsL();
1.85 + void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);
1.86 + void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
1.87 + const CArrayPtr<HBufC>* aInitialPolicies);
1.88 + void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;
1.89 + void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;
1.90 + void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState,
1.91 + CPKIXValidationResultBase& aResult) const;
1.92 + void CheckCriticalExtsL(CPKIXValidationState& aState,
1.93 + CPKIXValidationResultBase& aResult) const;
1.94 +
1.95 + /**
1.96 + * The states used to know what to do in the RunL function.
1.97 + */
1.98 + enum TState
1.99 + {
1.100 + EAddRoots,
1.101 + ERootsInitialized,
1.102 + EBuildChainStart,
1.103 + EBuildChainAddCandidateEnd,
1.104 + EBuildChainCertsFromStoreBegin,
1.105 + EBuildChainCertsFromStoreEnd,
1.106 + EAddCandidateIntermediateCertsEnd,
1.107 + EValidateEnd
1.108 + };
1.109 +
1.110 +private:
1.111 + MCertStore* iCertStore;
1.112 + // a reference to the object which owns this instance
1.113 + CPKIXCertChainBase &iPKIXCertChain;
1.114 + TUid iClient;
1.115 + TState iState;
1.116 +
1.117 + /**
1.118 + * <P>Ownership of this object is peculiar.</P>
1.119 + * <P>We need this to be a member because it is created and initialized in
1.120 + * the EAddRoots handler but is only added to iRoots in the ERootsInitialized
1.121 + * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>
1.122 + * <P>The only case where the destructor will have to delete it, is when a leave
1.123 + * occurs between the EAddRoots and ERootsInitialized states.</P>
1.124 + */
1.125 + CPKIXCertsFromStore* iCertsFromStoreRoots;
1.126 +
1.127 + TRequestStatus* iOriginalRequestStatus;
1.128 +
1.129 + /**
1.130 + * The roots that we trust.
1.131 + * This can be given
1.132 + * <UL>
1.133 + * <LI>explicitly : the user gives a set of root certificates at construction time.</LI>
1.134 + * <LI>implicitly : the user gives the uid of the application and the validation code
1.135 + * retrieves the root certificates trusted for this application from the certificate
1.136 + * store.</LI>
1.137 + * </UL>
1.138 + */
1.139 + CPKIXChainBuilder* iRoots;
1.140 +
1.141 + CPKIXChainBuilder* iBuilder;
1.142 +
1.143 + /**
1.144 + * To store the parameters passed to CPKIXCertChainBase::Validate
1.145 + */
1.146 + CPKIXValidationResultBase* iValidationResult;
1.147 + /**
1.148 + * To store the parameters passed to CPKIXCertChainBase::Validate
1.149 + */
1.150 + TTime iValidationTime;
1.151 + /**
1.152 + * To store the parameters passed to CPKIXCertChainBase::Validate
1.153 + */
1.154 + const CArrayPtr<HBufC>* iInitialPolicies;
1.155 +
1.156 + TBool iAddIssuerResult;
1.157 +
1.158 + TInt iNumberOfAddedCertificates;
1.159 +};
1.160 +
1.161 +#endif