/*

 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 * Declares classes for producing PKCS#10 certificate requests.

 *

 */

 /**

  @file

  @publishedPartner

  @released 

 */

 #ifndef __PKCS10_H__

 #define __PKCS10_H__

 #include <e32base.h>

 #include <asn1enc.h>

 #include <mctkeystore.h>

 #include <signed.h>

 class CX500DistinguishedName;

 class CASN1EncBase;

 class CPKCS10Attributes;

 class CPKCS10KeyHelper;

 class CMessageDigest;

 class TX509KeyEncoder;

 /** 

  * Class for making PKCS#10 Certificate Request objects.

  *

  * Keys are specified by a cryptotokens key info object - this means that this

  * API can only be used to generate cert requests for keys that are held in a

  * keystore on the device.

  * 

  */

 class CPKCS10Request : public CActive

 	{

 public:

 	/**

 	 * Creates a new PKCS#10 request object.

 	 * 

 	 * @param aDN X500 distinguished name of the entity provided by caller.

 	 *     Stored in iDN member variable. Ownership is not transferred.

 	 * @param aKeyInfo The key info object of the key to sign the request with.

 	 * 	   Does not take ownership.

 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.

 	 * 	   Takes ownership.

 	 * @return A pointer to the newly allocated object.

 	 */

 	IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN,

 										 const CCTKeyInfo& aKeyInfo,

 										 CPKCS10Attributes* aAttr = NULL);

 	/**

 	 * Creates a new PKCS#10 request object.

 	 * 

 	 * @param aDN X500 distinguished name of the entity provided by caller.

 	 *     Stored in iDN member variable. Ownership is not transferred.

 	 * @param aKeyInfo The key info object of the key to sign the request with.

 	 * 	   Does not take ownership.

 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.

 	 * 	   Takes ownership.

 	 * @return A pointer to the newly allocated object that is left on the

 	 * 	   cleanup stack.

 	 */

 	IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN,

 										 const CCTKeyInfo& aKeyInfo,

 										 CPKCS10Attributes* aAttr = NULL);

 	/**

 	 * Destructs PKCS#10 object, deletes encoding buffer and attributes.

 	 */

 	IMPORT_C virtual ~CPKCS10Request();

 public:

 	/**

 	 * Set the attributes to be encoded in the request. It replaces existing

 	 * attributes, if any.

 	 * @param aAttr The attributes - this object takes ownership.

 	 */

 	IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr);

 	/**

 	 * Set the digest algorithm to use when signing the request.  If this method

 	 * is not called, the default SHA-1 is used. 

 	 *

 	 * @param aDigest	For RSA keys, one of EMD2, EMD5 or ESHA1.  

 	 * 					For DSA keys, ESHA1 is the only permitted value.

 	 * @leave KErrArgument if the specified algorithm is not supported.

 	 */

 	IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest);

 	/**

 	 * Set the distinguished name of the entity. It replaces existing

 	 * name, if any.

 	 * @param aDN X500 distinguished name of the entity provided by caller.

 	 *     Stored in iDN member variable. Ownership is not transferred.

 	 */

 	IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN);

 	/**

 	 * Set the information of the key to sign with. It replaces existing

 	 * key info, if any.

 	 * @param aKeyInfo The key info object of the key to sign the request with.

 	 * 	   Does not take ownership.

 	 */

 	IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo);

 	/**

 	 * Create the ASN.1 DER encoding of the certificate request.  This is an

 	 * asynchronous method. The Cancel() method can be called to cancel an

 	 * outstanding request. This method can be called repeatedly to create 

 	 * certificate requests after setting the various parameters. However an

 	 * outstanding request must complete or be cancelled before calling this 

 	 * method again.

 	 * 

 	 * 

 	 * @param aResult	On successful completion, this points to a newly

 	 * 					allocated buffer containing the encoded certificate request.

 	 * @param aStatus	Asynchronous status notification 

 	 */	

 	IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);

 private:

 	virtual void RunL();

 	virtual TInt RunError(TInt aErr);

 	virtual void DoCancel();

 	enum TState

 		{

 		EIdle,

 		EInitialize,

 		EGetKeyStore,

 		EGetPublicKey,

 		EOpenSigner,

 		ESign

 		};

 private:

 	/** Private constructor that initializes essential member variables. */

 	CPKCS10Request(const CX500DistinguishedName* aDN,

 				   const CCTKeyInfo* aKeyInfo,

 				   CPKCS10Attributes* aAttr);

 	// Methods making ASN.1 encoding objects

 	/**	

 	 * Performs the actual ASN.1 encoding of the request without signing it.

 	 * certRequestInfo is what gets signed with private key.

 	 * @return Pointer to a newly allocated CASN1EncSequence object.

 	 */

 	CASN1EncSequence* MakeCertRequestInfoEncLC();

 	/**

 	 * Encodes desired certificate attributes into ASN1. Takes whatever 

 	 * attributes are in the iAttributes and adds them below a 

 	 * sequence. If there are no attributes stored, leaves the set empty.

 	 * 

 	 * The structure of the attribute node is as follows:

 	 * @code

      * Context-specific[0]

      *    SEQUENCE-OF

      *      OID of the organization

      *      SET-OF

      *        SEQUENCE-OF (stored in iAttributes)

      *          SEQUENCE-OF

      *            OID of attribute

      *            OCTET STRING value

      *          SEQUENCE-OF

      *            OID of attribute

      *            OCTET STRING value

      *          ...

 	 * @endcode

 	 * @return Pointer to a newly allocated encoding object containing 

 	 *     desired certificate attributes.

 	 */

 	CASN1EncBase* MakeAttrEncLC();

 	/**

 	 * Generates data to be signed.

 	 */

 	void EncodeTBSDataL();

 	void CreateFinalEncodingL();

 	void Reset();

 private:

 	const CX500DistinguishedName*	iDN;

 	const CCTKeyInfo* 				iKeyInfo;

 	CPKCS10Attributes*				iAttributes;

 	TAlgorithmId					iDigestId;

 	TRequestStatus*					iClientStatus;

 	TState 							iState;

 	HBufC8**						iResult;

 	MCTKeyStore*					iKeyStore;

 	CPKCS10KeyHelper*				iKeyHelper;

 	HBufC8*							iExportedKey;

 	HBufC8*							iTBSData;

 	};

 #endif