1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,218 @@
1.4 +/*
1.5 +* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +/**
1.23 + @file
1.24 + @internalTechnology
1.25 +*/
1.26 +
1.27 +#ifndef __PKIXCERTS_H__
1.28 +#define __PKIXCERTS_H__
1.29 +
1.30 +//pkixroots.h
1.31 +#include <e32std.h>
1.32 +#include <x509cert.h>
1.33 +#include <x509certext.h>
1.34 +#include <mcertstore.h>
1.35 +
1.36 +/**
1.37 + * Base class for classes that help retrieving certificates from stores
1.38 + */
1.39 +class MPKIXCertSource
1.40 + {
1.41 +public:
1.42 + //copies cert into aCandidates, passes ownership of cert to calling code...
1.43 + virtual void CandidatesL(const CX509Certificate& aSubject,
1.44 + RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
1.45 + virtual void CancelCandidates() = 0;
1.46 + virtual void Release() = 0;
1.47 +
1.48 +protected:
1.49 + virtual ~MPKIXCertSource();
1.50 +
1.51 +protected:
1.52 + /**
1.53 + * This function compares the issuer altname in aSubjectCert with the
1.54 + * subject altname in aIssuerCert
1.55 + * @param aSubjectCert We will compare the issuer altname of this certificate.
1.56 + * @param aIssuerCert We will compare the subject altname of this certificate.
1.57 + * @return
1.58 + * <UL>
1.59 + * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
1.60 + * aIssuerCert</LI>
1.61 + * <LI>EFalse otherwise</LI>
1.62 + * </UL>
1.63 + */
1.64 + TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
1.65 + };
1.66 +
1.67 +/**
1.68 + * This class is used to retrieve the certificates from a store
1.69 + * It doesn't work with client base trust.
1.70 + */
1.71 +class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
1.72 + {
1.73 +public:
1.74 + /**
1.75 + * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
1.76 + * Initialize must be called after this function
1.77 + * @param aStore Reference to the cert store. The store is created with the default
1.78 + * filter intialized to retrieve certificate of CA type and of X509 format.
1.79 + * @return Initialized instance of this class.
1.80 + */
1.81 + static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
1.82 + static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
1.83 +
1.84 + /**
1.85 + * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
1.86 + * Initialize must be called after this function
1.87 + * @param aStore Reference to the cert store. The store is created with the default
1.88 + * filter intialized to retrieve certificate of CA type and of X509 format.
1.89 + * @param aClient The UID for which the certificates are to be retrieved from the
1.90 + * cert store, This UID is also passed to the filter for retrieving the certificates
1.91 + * specific to this client UID.
1.92 + * @return Initialized instance of this class.
1.93 + */
1.94 +
1.95 + static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
1.96 + static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
1.97 + /**
1.98 + * This function does the actual listing of certificates based on the filter created.
1.99 + * It must be called after construction.
1.100 + * @param aStatus Standard parameter for asynchronous calling convention.
1.101 + */
1.102 + void Initialize(TRequestStatus& aStatus);
1.103 + /**
1.104 + * This function returns a list of CA certificates that authenticate the
1.105 + * aSubject certificate.
1.106 + * @param aCandidates On return, this array contains the list of CA certificates
1.107 + * that can possibly be used to authenticate aSubject. The array owns the elements
1.108 + * and must take care of deleting them.
1.109 + */
1.110 + virtual void CandidatesL(const CX509Certificate& aSubject,
1.111 + RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
1.112 + virtual void CancelCandidates();
1.113 + virtual void Release();
1.114 + virtual ~CPKIXCertsFromStore();
1.115 +
1.116 +private:
1.117 + CPKIXCertsFromStore(MCertStore& aCertStore);
1.118 + CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
1.119 + void ConstructL();
1.120 + void ConstructL(TUid aClient);
1.121 +
1.122 +public:
1.123 + void RunL();
1.124 + TInt RunError(TInt aError);
1.125 + void DoCancel();
1.126 +
1.127 +private:
1.128 + void HandleEGetCertificateL();
1.129 + void HandleEAddCandidateL();
1.130 + void HandleECheckTrusted();
1.131 +
1.132 + TBool IsDuplicateL(const CX509Certificate& aCertificate);
1.133 +
1.134 +private:
1.135 + enum TState
1.136 + {
1.137 + EIdle = 0,
1.138 + EInitialize,
1.139 + ECheckTrusted,
1.140 + EGetCertificate,
1.141 + EAddCandidate,
1.142 + EEnd
1.143 + };
1.144 +
1.145 +private:
1.146 + /**
1.147 + * The state used to know what must be done when executing
1.148 + * RunL().
1.149 + */
1.150 + TState iState;
1.151 +
1.152 + /**
1.153 + * The TRequestStatus that must be updated when the operation
1.154 + * requested by a user of this class has been
1.155 + * completed
1.156 + */
1.157 + TRequestStatus *iOriginalRequestStatus;
1.158 +
1.159 + TUid iClient;
1.160 +
1.161 + CCertAttributeFilter *iFilter;
1.162 +
1.163 + /**
1.164 + * iRootName is used for CandidateL
1.165 + */
1.166 + const CX500DistinguishedName* iRootName;
1.167 +
1.168 + /**
1.169 + * We don't own this
1.170 + */
1.171 + const CX509Certificate* iSubject;
1.172 +
1.173 + /**
1.174 + * We don't own this
1.175 + */
1.176 + RPointerArray<CX509Certificate>* iCandidates;
1.177 +
1.178 + /**
1.179 + * iCertData is used for CandidateL
1.180 + */
1.181 + HBufC8* iCertData;
1.182 +
1.183 + TPtr8* iCertPtr;
1.184 +
1.185 + /**
1.186 + * iEntriesIndex is used for CandidateL
1.187 + */
1.188 + TInt iEntriesIndex;
1.189 +
1.190 + /**
1.191 + * Applies to certificate at iEntriesIndex - reflects trust setting
1.192 + */
1.193 + TBool iIsTrusted;
1.194 +
1.195 + /**
1.196 + * Used when listing certificates (filtered but not on trust).
1.197 + */
1.198 + RMPointerArray<CCTCertInfo> iCertInfos;
1.199 +
1.200 + MCertStore& iCertStore;
1.201 + };
1.202 +
1.203 +class CPKIXCertsFromClient : public MPKIXCertSource
1.204 + {
1.205 +public:
1.206 + static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
1.207 + static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
1.208 + virtual void CandidatesL(const CX509Certificate& aSubject,
1.209 + RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
1.210 + virtual void CancelCandidates();
1.211 + virtual void Release();
1.212 + virtual ~CPKIXCertsFromClient();
1.213 +
1.214 +private:
1.215 + CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
1.216 +
1.217 +private:
1.218 + const RPointerArray<CX509Certificate>& iCerts;
1.219 + };
1.220 +
1.221 +#endif