/*

 * Copyright (c) 1998-2010 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 * X509 certificate implementation

 *

 */

 /**

  @file 

  @publishedAll

  @released

 */

 #ifndef __X509CERT_H__

 #define __X509CERT_H__

 #include <e32base.h>

 #include <e32std.h>

 #include <s32std.h>

 #include <signed.h>

 #include <x500dn.h>

 #include <asn1enc.h>

 /* These OIDs have been defined for PKCS#1 with the 

  * superior reference to OID 1.2.840.113549.1.1

  * {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)}

  */ 

 // RSA (PKCS #1 v1.5) key transport algorithm

 _LIT(KRSA,"1.2.840.113549.1.1.1");

 // MD2 with RSA Encryption

 _LIT(KMD2WithRSA,"1.2.840.113549.1.1.2");

 // RSA (PKCS #1 v1.5) with MD5 signature

 _LIT(KMD5WithRSA,"1.2.840.113549.1.1.4");

 // RSA (PKCS #1 v1.5) with SHA-1 signature 

 _LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5");

 // SHA256 with RSA Encryption

 _LIT(KSHA256WithRSA,"1.2.840.113549.1.1.11");

 // SHA384 with RSA Encryption 

 _LIT(KSHA384WithRSA,"1.2.840.113549.1.1.12");

 // SHA512 with RSA Encryption 

 _LIT(KSHA512WithRSA,"1.2.840.113549.1.1.13");

 // SHA224 with RSA Encryption 

 _LIT(KSHA224WithRSA,"1.2.840.113549.1.1.14");

 /* 

  * These OIDs have been defined for PKIX with the 

  * superior reference to OID 1.2.840.10040.

  */

 // Digital Signature Algorithm (DSA), also known as the Digital Signature Standard (DSS) 

 _LIT(KDSA,"1.2.840.10040.4.1");

 // ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30) 

 _LIT(KDSAWithSHA1,	"1.2.840.10040.4.3");

 /*

  * These OIDs have been defined for ANSI X9 standard with 

  * superior reference to oid 1.2.840.10046.

  * {iso(1) member-body(2) us(840) ansi-x942(10046) number-types(2)}

  */

 // ANSI X9.42 Ephemeral-Static Diffie-Hellman key agreement algorithm 

 _LIT(KDH,"1.2.840.10046.2.1");

 /*

  * These OIDs have been defined for digest algorithms with 

  * superior reference to oid 1.2.840.113549.2

  * {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)}

  */

 _LIT(KMD5,"1.2.840.113549.2.5");

 _LIT(KMD2,"1.2.840.113549.2.2");

 /*

  * These OIDs have been defined for hash algorithms conforming NIST algorithms 

  * with superior reference to oid 2.16.840.1.101.3.4.2

  * {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)}

  */

 _LIT(KSHA256,"2.16.840.1.101.3.4.2.1");

 _LIT(KSHA384,"2.16.840.1.101.3.4.2.2");

 _LIT(KSHA512,"2.16.840.1.101.3.4.2.3");

 _LIT(KSHA224,"2.16.840.1.101.3.4.2.4");

 /*

  * These OIDs are for OIW Security Special Interest Group defined algorithms  

  * with superior reference to oid 1.3.14.3.2

  * {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)}

  */

 // SHA1 with RSA signature (obsolete)

 _LIT(KSHA1WithRSASignature,"1.3.14.3.2.29");

 // Hash algorithm identifier SHA-1 (Secure Hash Algorithm, Revision 1) 

 _LIT(KSHA1,"1.3.14.3.2.26");

 /** The maximum number of allowed data elements.

 * 

 * @since v7.0 */

 const TInt KX509MaxDataElements = 10;

 class CRSAPublicKey;

 class CDSAPublicKey;

 class CDSASignature;

 class CDSAParameters;

 class CPKCS1SignatureResult : public CRSASignatureResult

 /** The signature result in PKCS#1 format.

 * 

 * @since v6.0 */

 	{

 public:

 	/** Creates a new algorithm ID object copied from an existing object.

 	* 

 	* @param aDigestAlgorithm	The algorithm ID object to be copied.

 	* @param aDigest			A non-modifiable descriptor representing the digest algorithm.

 	* @return					A pointer to the new algorithm ID object. */

 	IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);

 	/** Creates a new algorithm ID object copied from an existing

 	* object, and puts a pointer to the new object onto the cleanup stack.

 	* 

 	* @param aDigestAlgorithm	The algorithm ID object to be copied.

 	* @param aDigest			A non-modifiable descriptor representing the digest algorithm.

 	* @return					A pointer to the new algorithm ID object. */

 	IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);

 	/** Tests whether the signature result is valid.

 	* 

 	* @param aResult	The signature result to be verified.

 	* @return			ETrue, if the signature result is verified; EFalse, otherwise. */

 	IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);

 private:

 	void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);

 	TBool DoVerifyL(const TDesC8& aResult);

 	};

 class TX509KeyFactory : public TKeyFactory

 /** Constructs the public key objects used for signature verification, from their 

 * encoded binary form, for X.509 certificates.

 * 

 * @since v6.0 */

 	{

 public:

 	/** Gets the RSA public key from the encoding key.

 	* 

 	* @param aEncoding	A non-modifiable descriptor representing the entire encoding.

 	* @return			The RSA Public key. */

 	IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const;

 	/** Gets the RSA signature result.

 	* 

 	* @param aDigestAlgorithm	The digest algorithm ID.

 	* @param aDigest			A non-modifiable descriptor representing the digest algorithm.

 	* @return					The RSA signature result. */

 	IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const;

 	/** Gets the DSA public key from the encoding key.

 	* 

 	* @param aParamsEncoding	A non-modifiable descriptor representing 

 	*							the encoded binary representation of the DSA parameters

 	* @param aEncoding			A non-modifiable descriptor representing the entire encoding.

 	* @return					The DSA public key. 

 	* @since 					v8.0 */

 	IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const;

 	/** Gets the digital DSA signature from the encoding key.

 	* 

 	* @param aEncoding	A non-modifiable descriptor representing the entire encoding.

 	* @return			The DSA signature. */

 	IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const;

 	/** Gets the DSA parameters from the encoding key.

 	* 

 	* @param aEncoding	A non-modifiable descriptor representing the entire encoding.

 	* @return			The DSA parameters. */

 	IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const;

 	/** Gets the DSA public key from the encoding key.

 	* 

 	* @param aParams	The DSA parameters

 	* @param aEncoding	A non-modifiable descriptor representing the entire encoding.

 	* @return			The DSA public key. */

 	IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const;

 	};

 class CX509ValidityPeriod : public CValidityPeriod

 /** The period for which an X.509 certificate is valid.

 * 

 * @since v6.0 */

 	{

 public:

 	/** Creates a new X.509 validity period object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* Initialises the object from its encoded binary form into an internal representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new validity period object. */

 	IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData);

 	/** Creates a new X.509 validity period object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* Initialises the object from its encoded binary form into an internal representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new validity period object. */

 	IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new X.509 validity period object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* Initialises the object from its encoded binary form into an internal representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new validity period object. */

 	IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 validity period object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* Initialises the object from its encoded binary form into an internal representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new validity period object. */

 	IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 private:

 	CX509ValidityPeriod();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	};

 class CX509AlgorithmIdentifier : public CAlgorithmIdentifier

 /** Algorithm identifier for an X.509 certificate.

 *

 * @since v6.0 */

 	{

 public:

 	/** Creates a new X.509 algorithm identifier object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* The function initialises the object from its encoded binary form into an internal 

 	* representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new algorithm identifier object. */

 	IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData);

 	/** Creates a new X.509 algorithm identifier object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new algorithm identifier object. */

 	IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new X.509 algorithm identifier object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new algorithm identifier object. */

 	IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 algorithm identifier object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new algorithm identifier object. */

 	IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/**

 	Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter.

 	@param aAlgorithmId The algorithm Id used to build the object.

 	@param aEncodedParams The encoded parameter for the algorithm ID.	

 	@return The fully constructed object.

 	*/

 	IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);

 	/**

 	Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter

 	and leaves the object on the cleanup stack.

 	@param aAlgorithmId The algorithm Id used to build the object.

 	@param aEncodedParams The encoded parameter for the algorithm ID.	

 	@return The fully constructed object.

 	*/

 	IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);

 	/**

 	Creates the ASN1 DER sequence of the X509 algorithm identifier object

 	and leaves it on the cleanup stack.

 	@return  ASN1 DER sequence of this object.

 	*/

 	IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;

 private:

 	CX509AlgorithmIdentifier();

 	CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId);

 	void InitializeL(const TDesC8& aBinaryData, TInt& aPos);

 	};

 class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier

 /** Encapsulates the IDs of the algorithms used for signing an X.509 certificate.

 *

 * @since v6.0 */

 	{

 public:

 	/** Creates a new X.509 signing algorithm Id object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new signing algorithm Id object. */

 	IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);

 	/** Creates a new X.509 signing algorithm Id object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new signing algorithm Id object. */

 	IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new X.509 signing algorithm Id object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new signing algorithm Id object. */

 	IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 signing algorithm Id object from the specified buffer containing 

 	* the binary coded representation,starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new signing algorithm Id object. */

 	IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 signing algorithm Id object from the specified algorithm pair

 	* 

 	* @param aAsymmetricAlgorithm	The asymmetric algorithm

 	* @param aDigestAlgorithm		The digest algorithm

 	* @return						The new signing algorithm Id object. */

  	IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);

 	/** Creates a new X.509 signing algorithm Id object from the specified algorithm pair

 	* 

 	* @param aAsymmetricAlgorithm	The asymmetric algorithm

 	* @param aDigestAlgorithm		The digest algorithm

 	* @return						The new signing algorithm Id object. */

  	IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);

 private:

 	CX509SigningAlgorithmIdentifier();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);

 	};

 class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo

 /** X.509 subject public key information.

 * 

 * @since v6.0 */

 	{

 public:

 	/** Creates a new X.509 subject public key object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new subject public key object. */

 	IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData);

 	/** Creates a new X.509 subject public key object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new subject public key object. */

 	IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new X.509 subject public key object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The subject public key object. */

 	IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 subject public key object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new subject public key object. */

 	IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 private:

 	CX509SubjectPublicKeyInfo();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	};

 class CX509CertExtension : public CBase

 /** A generic X.509 certificate extension.

 * 

 * The creation of a generic extension is the first step in the creation of a 

 * specific extension. Client code gets the decoded Object Identifier (OID) encapsulated 

 * by an instance of this class and uses it to create the specific extension.

 * 

 * Consists of an any-defined-by structure along with a boolean flag saying whether 

 * the extension is critical or not.

 * 

 * @since v6.0 */

 	{

 public:

 	/** Creates a new generic X.509 certificate extension object from an existing object.

 	* 

 	* This is equivalent to a copy constructor.

 	* 

 	* @param aExtension	The generic certificate extension to be copied.

 	* @return			The new generic certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension);

 	/** Creates a new generic X.509 certificate extension object from an existing object, 

 	* and puts a pointer to it onto the cleanup stack.

 	* 

 	* This is equivalent to a copy constructor.

 	* 

 	* @param aExtension	The generic certificate extension to be copied.

 	* @return			The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* buffer containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* buffer containing the binary coded representation, and puts a pointer to it 

 	* onto the cleanup stack .

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* buffer containing the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* extension object id, the critcal flag and the extension data.

 	* 

 	* @param aCertExtOID	The OID of the certficate extension.

 	* @param aCritical		Flag to convey criticality of the extension.

 	* @param aCertExtValue	The data of the specific extension.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID, 

 							const TBool aCritical,

 							const TDesC8& aCertExtValue);

 	/** Creates a new generic X.509 certificate extension object from the specified 

 	* extension object id, the critcal flag and the extension data, and puts a 

 	* pointer to it onto the cleanup stack.

 	* 

 	* @param aCertExtOID	The OID of the certficate extension.

 	* @param aCritical		Flag to convey criticality of the extension.

 	* @param aCertExtValue	The data of the specific extension.

 	* @return				The new generic X.509 certificate extension object. */

 	IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID, 

 							const TBool aCritical,

 							const TDesC8& aCertExtValue);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509CertExtension();

 	/** Tests whether certificate processing code must process this extension for certificate 

 	* validation to succeed.

 	* 

 	* @return	ETrue, if this extension must be processed for validation to succeed; 

 	* 			EFalse, otherwise. */

 	IMPORT_C TBool Critical() const;

 	/** Gets the Object Identifier (OID) of the certficate extension.

 	* 

 	* @return	The OID of the certficate extension. */

 	IMPORT_C TPtrC Id() const;	//OID for the extension

 	/** Gets the encoded binary representation of the specific extension.

 	* 

 	* @return	A pointer descriptor representing the specific extension. */

 	IMPORT_C TPtrC8 Data() const;	//the extension itself 

 	/** Creates and returns a DER encoded X.509 certificate extension object in the form 

 	* of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called

 	* repeatedly to get copies of the sequence.

 	* 

 	* @return	A pointer to a DER encoded ASN.1 sequence */

 	IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const;

 private:

 	CX509CertExtension();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CX509CertExtension& aExtension);

 	void ConstructL(const TDesC& aCertExtOID, 

 					const TBool aCritical,

 					const TDesC8& aCertExtValue);

 	HBufC* iId;

 	TBool iCritical;

 	HBufC8* iData;

 	};

 class CX509Certificate : public CCertificate

 /** An X.509 certificate.

 * 

 * @since v6.0 */

 	{

 public:

 /** Enumerates values for encoded data element positions in the TBSCertificate data structure.

 * 

 * These values are to be used as parameters to the DataElementEncoding() function. */

 	enum

 		{

 		EVersionNumber = 0,	//optional - may be NULL

 		ESerialNumber = 1,

 		EAlgorithmId = 2,

 		EIssuerName = 3,

 		EValidityPeriod = 4,

 		ESubjectName = 5,

 		ESubjectPublicKeyInfo = 6,

 		EIssuerUID = 7,		//optional - may be NULL

 		ESubjectUID = 8,	//optional - may be NULL

 		EExtensionList = 9	//optional - may be NULL

 		};

 	/** Creates a new X.509 certificate object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData);

 	/** Creates a new X.509 certificate object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* Initialises the object from its encoded binary form into an internal representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new X.509 certificate object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 certificate object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new X.509 certificate object from the specified read stream.

 	* 

 	* @param aStream	Stream from which the contents should be internalised. 

 	* @return			The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewL(RReadStream& aStream);

 	/** Creates a new X.509 certificate object from the specified read stream, and 

 	* puts a pointer to it onto the cleanup stack.

 	* 

 	* Construction is from the stream.

 	* 

 	* @param aStream	Stream from which the contents should be internalised. 

 	* @return			The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream);

 	/** Creates a new X.509 certificate object from an existing object.

 	* 

 	* This is equivalent to a copy constructor.

 	* 

 	* @param aCert	The X.509 certificate to be copied.

 	* @return		The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert);

 	/** Creates a new X.509 certificate object from an existing object.

 	* 

 	* This is equivalent to a copy constructor.

 	* 

 	* @param aCert	The X.509 certificate to be copied.

 	* @return		The new X.509 certificate object. */

 	IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert);

    /** Retrieves the subject key identifier of a certificate based on the decision whether

 	* it is a CA certificate or not. If it is a CA certificate then returns the stored subject key id 

 	* as an extension in the certificate, any other certificate it returns the keyidentifier as 

 	* calculated by Symbian's proprietary logic.

 	* @return	The subject key identifier for the certificate. */

 	IMPORT_C TKeyIdentifier SubjectKeyIdL() const;

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509Certificate();

 	/** Tests whether the specified X.509 certificate is equal to this X.509 certificate.

 	* 

 	* X.509 certificates are equal if both the serial number and the issuer name 

 	* are the same.

 	* 

 	* @param aCert	The X.509 certificate to be compared.

 	* @return		ETrue, if the certificates are equal;EFalse, otherwise. */

 	IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const;

 	//extra accessors

 	/** Gets the certificate's signed data.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the certificate's 

 	* 			signed data. */

 	IMPORT_C const TPtrC8 SignedDataL() const;

 	/** Gets the version number of the certificate.

 	* 

 	* @return	The version number of the certificate. */

 	IMPORT_C TInt Version() const;

 	/** Gets the X.500 Distinguished Name that identifies the issuer.

 	* 

 	* @return	The X.500 Distinguished Name that identifies the issuer. */

 	IMPORT_C const CX500DistinguishedName& IssuerName() const;

 	/** Gets the X.500 Distinguished Name that identifies the subject.

 	* 

 	* @return	The X.500 Distinguished Name that identifies the subject. */

 	IMPORT_C const CX500DistinguishedName& SubjectName() const;

 			//return all your generic extensions

 	/** Gets all generic certificate extensions.

 	* 

 	* @return	The certificate extensions. */

 	IMPORT_C const CArrayPtrFlat<CX509CertExtension>& Extensions() const;

 		//return a particular extension: this is NOT OWNED by the client

 		//returns NULL if the ext is not found

 	/** Gets the certificate extension identified by the specified object identifier (OID).

 	* 

 	* @param aExtensionName	The OID identifying the extension.

 	* @return				The certificate extension: Note that ownership is not transferred to 

 	* 						the caller. */

 	IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const;

 	/** Internalises an object of this class from a read stream.

 	* 

 	* The presence of this function means that the standard templated operator>>() 

 	* can be used to internalise objects of this class.

 	* 

 	* Note that the function has assignment semantics. It replaces the old value 

 	* of the object with a new value read from the read stream.

 	* 

 	* @param aStream	Stream from which the object is to be internalised. */

 	IMPORT_C void InternalizeL(RReadStream& aStream);

 		//return the encoding for a data element at the index specified

 	/** Gets the encoded data for the specified encoded data element (in the To Be 

 	* Signed (TBS) certificate data structure) of the signed object.

 	* 

 	* @param aIndex	The encoded data element position in the TBSCertificate data 

 	* 				structure. (See the CX509Certificate enumeration.)

 	* @return 		The encoded data for the specified data element of the signed object. 

 	* @since 		v7.0 */

 	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;

 public:	// from CCertificate

 	/** Gets the issuer of the certificate.

 	* 

 	* @return 	A heap descriptor representing the issuer of the certificate. */

 	IMPORT_C HBufC* IssuerL() const;

 	/** Gets the subject of the certificate.

 	* 

 	* @return	A heap descriptor representing the issuer of the certificate. */

 	IMPORT_C HBufC* SubjectL() const;

 	/** Tests whether the certificate is self-signed.

 	* 

 	* @return	ETrue, if it is self-signed; EFalse, otherwise. */

 	IMPORT_C TBool IsSelfSignedL() const;

 	/** Gets a key identifier for the certificate. This is a unique identifier, calculated according 

 	* to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this

 	* method does NOT return the value of the Subject Key Id extension, if it is present.

 	* 

 	* @return	A unique key identifier for the certificate. */

 	IMPORT_C TKeyIdentifier KeyIdentifierL() const;

 	/** Gets the subject key identifier for the certificate. This identifier is extracted from the

 	* certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from

 	* section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids

 	* extracted from the certificate there is a length limit - if the extension is longer than 160 bits,

 	* it is ignored and the value is calculated instead.

 	* 

 	* @return	The subject key identifier for the certificate. */

 	IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const;

 private:

 	CX509Certificate();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CX509Certificate& aCertificate);

 	void ConstructCertL();

 	void InitDataElementsL(const CX509Certificate& aCertificate);

 	HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready);

 	void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready);

 	//private data

 	TInt iVersion;

 	CX500DistinguishedName* iIssuerName;

 	CX500DistinguishedName* iSubjectName;

 	HBufC8* iIssuerUid;

 	HBufC8* iSubjectUid;

 	CArrayPtrFlat<CX509CertExtension>* iExtensions;

 	TFixedArray<TPtrC8*, KX509MaxDataElements>* iDataElements;

 	};

 #endif