1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/wtlscert/wtlscertchainao.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,176 @@
1.4 +/*
1.5 +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* CWTLSCertChainAO class implementation
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 + @internalTechnology
1.26 +*/
1.27 +
1.28 +#ifndef __WTLSCERTCHAINAO_H__
1.29 +#define __WTLSCERTCHAINAO_H__
1.30 +
1.31 +#include <e32base.h>
1.32 +#include <f32file.h>
1.33 +#include <unifiedcertstore.h>
1.34 +#include <hash.h>
1.35 +
1.36 +
1.37 +class CWTLSCertChain;
1.38 +class CWTLSValidationResult;
1.39 +class CWTLSCertificate;
1.40 +
1.41 +/**
1.42 + * This class handles the asynchronous part of the wtls chain validation. It
1.43 + * is an active object which handles the asynchronous certificate store operations.
1.44 + */
1.45 +class CWTLSCertChainAO : public CActive
1.46 +{
1.47 +public:
1.48 + static CWTLSCertChainAO* NewL(RFs& aFs, CWTLSCertChain &aWTLSCertChain,
1.49 + const CArrayPtr<CWTLSCertificate>& aRootCerts);
1.50 + static CWTLSCertChainAO* NewL(RFs& aFs, CWTLSCertChain &aWTLSCertChain,
1.51 + const TUid aClient);
1.52 + virtual ~CWTLSCertChainAO();
1.53 + virtual TInt RunError(TInt aError);
1.54 +
1.55 +private:
1.56 + CWTLSCertChainAO(RFs& aFs, CWTLSCertChain &aWTLSCertChain);
1.57 + CWTLSCertChainAO(RFs& aFs, CWTLSCertChain &aWTLSCertChain, const TUid aClient);
1.58 + void ConstructL(const CArrayPtr<CWTLSCertificate>& aRootCerts);
1.59 +
1.60 +public:
1.61 + void RunL();
1.62 + void DoCancel();
1.63 +
1.64 +private:
1.65 + /**
1.66 + * This function creates a CCertStoreManager,
1.67 + * calls CCertStoreManager initialise and sets the state
1.68 + * to EStoreManagerInitialized
1.69 + */
1.70 + void HandleEStoreManagerInitializationL();
1.71 + void HandleEStoreManagerInitializedL();
1.72 + void HandleEGetCertHashesL();
1.73 + void HandleEPruneListL();
1.74 + void HandleEPruneListDoneL();
1.75 + void HandleECheckTCAL();
1.76 + void HandleEIsChainSelfSignedL();
1.77 + void HandleERetrieveRootsL();
1.78 + void HandleEAddRootToListL();
1.79 + void HandleEFindRootL();
1.80 + void HandleEValidateEndL();
1.81 +
1.82 + // Request functions
1.83 +public:
1.84 + void Validate(CWTLSValidationResult& aValidationResult, const TTime& aValidationTime,
1.85 + TRequestStatus& aStatus);
1.86 +
1.87 +private:
1.88 + TBool CheckSignatureAndNameL(const CWTLSCertificate& aCert,
1.89 + CWTLSValidationResult& aResult, TInt aPos) const;
1.90 + TBool CheckValidityPeriod(const CWTLSCertificate& aCert,
1.91 + CWTLSValidationResult& aResult, const TTime aTime, TInt aPos) const;
1.92 + HBufC8& GeneratePublicKeyHashL(const CWTLSCertificate& aCert) const;
1.93 +
1.94 + enum TState
1.95 + {
1.96 + EStoreManagerInitialization = 0,
1.97 + EStoreManagerInitialized,
1.98 + EGetCertHashes,
1.99 + EPruneList,
1.100 + EPruneListDone,
1.101 + ECheckTCA,
1.102 + EIsChainSelfSigned,
1.103 + ERetrieveRoots,
1.104 + EAddRootToList,
1.105 + EFindRoot,
1.106 + EValidateEnd
1.107 + };
1.108 +
1.109 +private:
1.110 + RFs& iFs;
1.111 + CUnifiedCertStore* iCertStoreManager;
1.112 + /**
1.113 + * List of the subject hashes from the cert store
1.114 + * The elements remained owned by the CCTCertInfo
1.115 + */
1.116 + RPointerArray< TBuf8<20> > iRootSubjectStoreHashList;
1.117 + /**
1.118 + * List of the subject hashes from the passed in certs
1.119 + * We own this object and all its elements
1.120 + */
1.121 + RPointerArray< HBufC8 > iRootSubjectClientHashList;
1.122 + CCertAttributeFilter* iFilter;
1.123 + /**
1.124 + * Stores info on the certs in the cert store
1.125 + * We own this object and all its elements
1.126 + */
1.127 + RMPointerArray<CCTCertInfo> iCertInfos;
1.128 + /**
1.129 + * Indicates whether iWTLSCertChain.iChain was pruned or not
1.130 + */
1.131 + TBool iPruned;
1.132 + /**
1.133 + * The index within iChain that the chain was pruned
1.134 + */
1.135 + TInt iPrunedChainLength;
1.136 +
1.137 + CWTLSCertChain& iWTLSCertChain;
1.138 + TUid iClient;
1.139 + TPtr8 iEncodedCert;
1.140 + HBufC8* iEncodedCertTemp;
1.141 +
1.142 + TState iState;
1.143 +
1.144 + TRequestStatus* iOriginalRequestStatus;
1.145 +
1.146 + /**
1.147 + * Roots passed in from the client that we trust
1.148 + * We own this object and all its elements
1.149 + */
1.150 + RPointerArray<CWTLSCertificate> iRootsFromClient;
1.151 + /**
1.152 + * Roots from the specified cert store that we trust.
1.153 + * We own this object and all its elements
1.154 + */
1.155 + RPointerArray<CWTLSCertificate> iRootsFromStore;
1.156 +
1.157 + /**
1.158 + * A counter used to carry counter information between AO states
1.159 + */
1.160 + TInt iIndex;
1.161 +
1.162 + /**
1.163 + * Indicates if a root cert has been found for this particular chain
1.164 + */
1.165 + TBool iFoundRoot;
1.166 +
1.167 + /**
1.168 + * To store the parameters passed to CWTLSCertChain::Validate
1.169 + */
1.170 + CWTLSValidationResult* iValidationResult;
1.171 + /**
1.172 + * To store the parameters passed to CWTLSCertChain::Validate
1.173 + */
1.174 + const TTime* iValidationTime;
1.175 +};
1.176 +
1.177 +#include <wtlscertchain.h>
1.178 +
1.179 +#endif