Symaptic: os/security/cryptoservices/certificateandkeymgmt/inc/pkcs7signedobject.h@bde4ae8d615e

     1 /*

     2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:

    15 *

    16 */

    19 /**

    20  @file

    21  @internalTechnology

    22  @released

    23 */

    25 #ifndef __PKCS7_SIGNED_OBJECT_H__

    26 #define __PKCS7_SIGNED_OBJECT_H__

    28 #include <signed.h>

    29 #include <e32base.h>

    31 const TInt KPKCS7MaxDataElements = 6;

    33 class CPKCS7ContentInfo;

    34 class CPKCS7ExtendedCertificateOrCertificate;

    35 class CPKCS7SignerInfo;

    36 class TASN1DecGeneric;

    37 class CX509AlgorithmIdentifier;

    38 class CX509Certificate;

    40 /**

    41  A representation of a PKCS7 (signed data) entity

    42  This class is only used for update notifications and so does not provide

    43  full functionality. In particular, there is no means for creating a new

    44  PKCS7 object (other than from binary data),there is no means to modify it

    45  and revokation lists are not supported.  The optional fields in signerinfo

    46  are not supported and are ignored.

    47  @internalTechnology

    48  */

    49 class CPKCS7SignedObject : public CSignedObject

    50 	{

    51 public:

    52 	/**

    53 	Values for encoded data element positions in tbsCert data structure.

    54 	These values are passed as the index to the DataElementEncoding() function

    55 	Objects containing revokation lists are not supported

    56 	*/

    57 	enum

    58 		{

    59 		EVersionNumber = 0,

    60 		EDigestAlgorithms = 1,

    61 		EContentInfo = 2,

    62 		ECertificates = 3,

    63 		ERevocationLists = 4,

    64 		ESignedInfo = 5

    65 		};

    66 	/**

    67 	Creates a PKCS7 object from the RFC2315 representation

    68 	@param aRawData	The binary ASN1 encoded entity

    69 	@return			The fully constructed object

    70 	*/

    71 	IMPORT_C static CPKCS7SignedObject* NewL(const CPKCS7ContentInfo& aContentInfo);

    73 	/**

    74 	Creates a PKCS7-2 object from the RFC2315 representation

    75 	@param aRawData	The binary ASN1 encoded entity

    76 	@return			The fully constructed object

    77 	*/

    78 	IMPORT_C static CPKCS7SignedObject* NewLC(const CPKCS7ContentInfo& aContentInfo);

    80 	/** (From CSignedObject)

    81 	Accesses one of the encoded fields

    82 	@param aIndex	One of the data element positions listed in the preceding enum

    83 	@return			The encoded field

    84 	*/

    85 	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;

    86 	/** (From CSignedObject)

    87 	Not supported

    88 	*/

    89 	IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;

    90 	/** (From CSignedObject)

    91 	Provides access to the signed data (PKCS7-2) part of the PKCS7 object

    92 	@return			The signed data

    93 	*/

    94 	IMPORT_C virtual const TPtrC8 SignedDataL() const;

    95 	/**

    96 	Provides access to the digest algorithms

    97 	@return			The digest algorithms

    98 	*/

    99 	IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;

   100 	/**

   101 	Provides access to the PKCS7 version number

   102 	@return			The version number

   103 	*/

   104 	IMPORT_C TInt Version() const;

   105 	/**

   106 	Provides access to the PKCS7 version number

   107 	@return			The version number

   108 	*/

   109 	IMPORT_C const CPKCS7ContentInfo& ContentInfo() const;

   110 	/**

   111 	Provides access to the certificates

   112 	@return			The certificates

   113 	*/

   114 	IMPORT_C const RPointerArray<CPKCS7ExtendedCertificateOrCertificate>& Certificates() const;

   115 	/**

   116 	Provides access to the signer information

   117 	@return			The signer information

   118 	*/

   119 	IMPORT_C const RPointerArray<CPKCS7SignerInfo>& SignerInfo() const;

   120 	/**

   121 	Validates the signer and creates the certificate chain for that signer

   122 	@param aSignerInfo			The signer to be validated

   123 	@param aCertChainEncoding	The certificate chain.  This is created and pushed onto the

   124 								cleanup stack by the function.

   125 	*/

   126 	IMPORT_C TBool ValidateSignerL(const CPKCS7SignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);

   127 	/** The destructor */

   128 	IMPORT_C ~CPKCS7SignedObject();

   129 protected:

   130 	IMPORT_C CPKCS7SignedObject(void);

   131 	IMPORT_C void ConstructL(const CPKCS7ContentInfo& aContentInfo);

   134 private:

   135 	CPKCS7SignedObject(const CPKCS7SignedObject&);

   136 	void InitSignedObjectL(const TDesC8& aRawData);

   137 	void DecodeSignedDataL(const TDesC8& aRawData);

   138 	void DecodeDigestAlgorithmsL(const TDesC8& aRawData);

   139 	void DecodeCertificatesL(const TDesC8& aRawData);

   140 	void DecodeRevocationListsL(const TDesC8& aRawData);

   141 	void DecodeSignerInfoL(const TDesC8& aRawData);

   143 	TBool ValidateSignatureL(const CPKCS7SignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);

   144 protected:

   145 	RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;

   146 	TInt iVersion;

   147 	CPKCS7ContentInfo* iContentInfo;

   148 	RPointerArray<CPKCS7ExtendedCertificateOrCertificate> iCertificates;

   149 	RPointerArray<CPKCS7SignerInfo> iSignerInfo;

   150 	TFixedArray<TPtrC8*, KPKCS7MaxDataElements> iDataElements;

   151 	};

   153 #endif //__PKCS7_SIGNED_OBJECT_H__

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--