2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
19 #include <pkixcertchain.h>
20 #include "pkixcertchainao.h"
22 #include "pkixcertstate.h"
23 #include "pkixcerts.h"
25 //**********************************************************************************//
26 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewL(MCertStore& aCertStore,
27 const TPtrC8& aEncodedCerts,
30 CPKIXCertChainBase* self = CPKIXCertChainBase::NewLC(aCertStore, aEncodedCerts, aClient);
31 CleanupStack::Pop(self);
35 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewLC(MCertStore& aCertStore,
36 const TPtrC8& aEncodedCerts,
39 CPKIXCertChainBase* self = new(ELeave) CPKIXCertChainBase();
40 CleanupStack::PushL(self);
41 self->ConstructL(aCertStore, aEncodedCerts, aClient);
45 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewL(MCertStore& aCertStore,
46 const TPtrC8& aEncodedCerts,
47 const RPointerArray<CX509Certificate>& aRootCerts)
49 CPKIXCertChainBase* self = CPKIXCertChainBase::NewLC(aCertStore, aEncodedCerts, aRootCerts);
50 CleanupStack::Pop(self);
54 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewLC(MCertStore& aCertStore,
55 const TPtrC8& aEncodedCerts,
56 const RPointerArray<CX509Certificate>& aRootCerts)
58 CPKIXCertChainBase* self = new(ELeave) CPKIXCertChainBase();
59 CleanupStack::PushL(self);
60 self->ConstructL(aCertStore, aEncodedCerts, aRootCerts);
64 EXPORT_C CPKIXCertChainBase::~CPKIXCertChainBase()
66 iIntermediateCerts.ResetAndDestroy();
67 iIntermediateCerts.Close();
68 iSupportedCriticalExts.Close();
75 EXPORT_C void CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase& aValidationResult,
76 const TTime& aValidationTime,
77 TRequestStatus& aStatus)
79 iActiveObject->ValidateL(aValidationResult, aValidationTime, NULL, aStatus);
82 EXPORT_C void CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase& aValidationResult,
83 const TTime& aValidationTime,
84 const CArrayPtr<HBufC>& aInitialPolicies,
85 TRequestStatus& aStatus)
87 iActiveObject->ValidateL(aValidationResult, aValidationTime, &aInitialPolicies, aStatus);
90 EXPORT_C void CPKIXCertChainBase::CancelValidate()
92 iActiveObject->CancelValidate();
95 EXPORT_C TBool CPKIXCertChainBase::ChainHasRoot() const
100 EXPORT_C void CPKIXCertChainBase::AddCertL(const TPtrC8& aEncodedCerts)
102 AddIntermediateCertsL(aEncodedCerts);
105 EXPORT_C const RPointerArray<TDesC>& CPKIXCertChainBase::SupportedCriticalExtensions() const
107 return iSupportedCriticalExts;
110 EXPORT_C void CPKIXCertChainBase::AddSupportedCriticalExtensionsL(const RPointerArray<TDesC>& aCriticalExtOids)
113 TInt count = aCriticalExtOids.Count();
114 for (TInt x=0; x < count; ++x)
117 for (TInt y=0; y < iSupportedCriticalExts.Count(); ++y)
119 if (*aCriticalExtOids[x] == *iSupportedCriticalExts[y])
127 iSupportedCriticalExts.AppendL(aCriticalExtOids[x]);
132 EXPORT_C void CPKIXCertChainBase::RemoveSupportedCriticalExtensions(const RPointerArray<TDesC>& aCriticalExtOids)
134 TInt count = iSupportedCriticalExts.Count();
135 TInt newCount = aCriticalExtOids.Count();
138 for (TInt x=count - 1; x >= 0; --x)
140 for (TInt y=0; y < newCount; ++y)
142 if (*aCriticalExtOids[y] == *iSupportedCriticalExts[x])
144 iSupportedCriticalExts.Remove(x);
152 EXPORT_C void CPKIXCertChainBase::SetSupportedCriticalExtensionsL(const RPointerArray<TDesC>& aCriticalExtOids)
154 iSupportedCriticalExts.Reset();
155 AddSupportedCriticalExtensionsL(aCriticalExtOids);
158 EXPORT_C void CPKIXCertChainBase::ResetSupportedCriticalExtsToDefaultL()
160 iSupportedCriticalExts.Reset();
161 // standard X.509 extensions
162 iSupportedCriticalExts.AppendL(&KExtendedKeyUsage);
163 iSupportedCriticalExts.AppendL(&KPolicyMapping); // RFC - MUST be non-critical
164 iSupportedCriticalExts.AppendL(&KSubjectAltName);
165 iSupportedCriticalExts.AppendL(&KKeyUsage);
166 iSupportedCriticalExts.AppendL(&KBasicConstraints);
167 iSupportedCriticalExts.AppendL(&KNameConstraints);
168 iSupportedCriticalExts.AppendL(&KPolicyConstraints);
169 iSupportedCriticalExts.AppendL(&KCertPolicies);
170 iSupportedCriticalExts.AppendL(&KInhibitAnyPolicy);
171 // Symbian critical extensions
172 iSupportedCriticalExts.AppendL(&KDeviceIdListConstraint);
173 iSupportedCriticalExts.AppendL(&KSidListConstraint);
174 iSupportedCriticalExts.AppendL(&KVidListConstraint);
175 iSupportedCriticalExts.AppendL(&KCapabilitiesConstraint);
179 EXPORT_C void CPKIXCertChainBase::SetValidityPeriodCheckFatal(TBool aIsFatal)
181 iDateTimeCheckFatal = aIsFatal;
185 EXPORT_C TBool CPKIXCertChainBase::ValidityPeriodCheckFatal() const
187 return iDateTimeCheckFatal;
191 //************************************************************************//
193 EXPORT_C CPKIXCertChainBase::CPKIXCertChainBase()
194 : iChainHasRoot(EFalse), iDateTimeCheckFatal(ETrue)
198 EXPORT_C void CPKIXCertChainBase::ConstructL(MCertStore& aCertStore, const TPtrC8& aEncodedCerts,
201 iActiveObject = CPKIXCertChainAO::NewL(aCertStore, *this, aClient);
202 DoConstructL(aEncodedCerts);
206 * Second-phase constructor
207 * This constructor takes a set of root certificates we trust. We don't take into account
208 * the certificates in the certificate store because we are not interested in the
209 * trust model of that store (where each certificates comes with a set of uid of the
210 * applications that trust this certificate)
211 * this is consistent with the fact that in FindIssuer, we only look for non-root
214 EXPORT_C void CPKIXCertChainBase::ConstructL(MCertStore& aCertStore, const TPtrC8& aEncodedCerts,
215 const RPointerArray<CX509Certificate>& aRootCerts)
217 iActiveObject = CPKIXCertChainAO::NewL(aCertStore, *this, aRootCerts);
218 DoConstructL(aEncodedCerts);
221 void CPKIXCertChainBase::DoConstructL(const TPtrC8& aEncodedCerts)
223 iChain = new(ELeave) CArrayPtrFlat<CX509Certificate> (1);
226 CX509Certificate* eeCert = CX509Certificate::NewLC(aEncodedCerts, pos);
227 iChain->AppendL(eeCert);
228 CleanupStack::Pop(eeCert);
229 AddIntermediateCertsL(aEncodedCerts);
230 ResetSupportedCriticalExtsToDefaultL();
233 void CPKIXCertChainBase::AddIntermediateCertsL(const TPtrC8& aEncodedCerts)
235 //decode aEncodedCerts, and add any that aren't self-signed
237 TInt end = aEncodedCerts.Length();
240 CX509Certificate* decoded = CX509Certificate::NewLC(aEncodedCerts, pos);
241 if (decoded->IsSelfSignedL())
243 // Then it's no use to us because it cannot be part of a chain with a
244 // root certificate we trust.
245 CleanupStack::PopAndDestroy(decoded);
249 User::LeaveIfError(iIntermediateCerts.Append(decoded));
250 CleanupStack::Pop(decoded);
255 void CPKIXCertChainBase::RemoveLastCerts(TInt aNumberOfCertsToRemove)
257 __ASSERT_DEBUG(iChain->Count() >= aNumberOfCertsToRemove,
258 User::Panic(_L("CPKIXCertChain"), 1));
260 // We don't have to change i because it is the count of the array that decreases
261 for (TInt i = iChain->Count() - aNumberOfCertsToRemove; i < iChain->Count(); )
268 CArrayPtrFlat<CX509Certificate>& CPKIXCertChainBase::Chain()
270 __ASSERT_ALWAYS(iChain, User::Panic(_L("CPKICCertChainBase"), 1));
274 const RPointerArray<CX509Certificate>& CPKIXCertChainBase::IntermediateCerts()
276 return iIntermediateCerts;
279 TBool CPKIXCertChainBase::ChainHasRoot()
281 return iChainHasRoot;
284 void CPKIXCertChainBase::SetChainHasRoot(TBool aHasRoot)
286 iChainHasRoot = aHasRoot;