os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcertchainao.h
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 * CPKIXCertChainAO class implementation
    16 *
    17 */
    18 
    19 
    20 /**
    21  @file 
    22  @internalTechnology
    23 */
    24  
    25 #ifndef __PKIXCERTCHAINAO_H__
    26 #define __PKIXCERTCHAINAO_H__
    27 
    28 #include <e32base.h>
    29 #include "pkixcerts.h"
    30 #include "pkixchainbuilder.h"
    31 #include "pkixcertstate.h"
    32 #include <x509cert.h>
    33 #include <x509certext.h>
    34 #include <x509gn.h>
    35 #include <pkixcertchain.h>
    36 
    37 class CPKIXCertChainBase;
    38 
    39 /**
    40  * This class handles the asynchronous part of the pkix chain validation. It
    41  * is an active object which handles the asynchronous certificate store operations.
    42  */
    43 class CPKIXCertChainAO : public CActive
    44 {
    45 public:
    46 	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
    47 		const RPointerArray<CX509Certificate>& aRootCerts);
    48 	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, 
    49 		const TUid aClient);
    50 	virtual ~CPKIXCertChainAO();
    51 
    52 private:
    53 	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);
    54 	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);
    55 	void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);
    56 
    57 public:
    58 	void RunL();
    59 	TInt RunError(TInt aError);
    60 	void DoCancel();
    61 
    62 private:
    63 	void HandleEStoreManagerInitializationL();
    64 	void HandleEStoreManagerInitializedL();
    65 	void HandleEAddRootsL();
    66 	void HandleERootsInitializedL();
    67 	void HandleEBuildChainStartL();
    68 	void HandleEBuildChainAddCandidateEndL();
    69 	void HandleEBuildChainCertsFromStoreBeginL();
    70 	void HandleEBuildChainCertsFromStoreEndL();
    71 	void HandleEAddCandidateIntermediateCertsEndL();
    72 	void HandleEValidateEndL();
    73 
    74 	// Request functions
    75 public:
    76 	void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,							
    77 		const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);
    78 	void CancelValidate();
    79 
    80 private:
    81 	void InitParamsL();
    82 	void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);
    83 	void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
    84 		const CArrayPtr<HBufC>* aInitialPolicies);
    85 	void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;
    86 	void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;
    87 	void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState, 
    88 								CPKIXValidationResultBase& aResult) const;
    89 	void CheckCriticalExtsL(CPKIXValidationState& aState, 
    90 		CPKIXValidationResultBase& aResult) const;
    91 
    92 	/**
    93 	 * The states used to know what to do in the RunL function.
    94 	 */
    95 	enum TState
    96 	{
    97 		EAddRoots,
    98 		ERootsInitialized,
    99 		EBuildChainStart,
   100 		EBuildChainAddCandidateEnd,
   101 		EBuildChainCertsFromStoreBegin,
   102 		EBuildChainCertsFromStoreEnd,
   103 		EAddCandidateIntermediateCertsEnd,
   104 		EValidateEnd
   105 	};
   106 
   107 private:
   108 	MCertStore* iCertStore;
   109 	// a reference to the object which owns this instance
   110 	CPKIXCertChainBase &iPKIXCertChain;
   111 	TUid iClient;
   112 	TState iState;
   113 
   114 	/**
   115 	 * <P>Ownership of this object is peculiar.</P>
   116 	 * <P>We need this to be a member because it is created and initialized in
   117 	 * the EAddRoots handler but is only added to iRoots in the ERootsInitialized
   118 	 * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>
   119 	 * <P>The only case where the destructor will have to delete it, is when a leave
   120 	 * occurs between the EAddRoots and ERootsInitialized states.</P>
   121 	 */
   122 	CPKIXCertsFromStore* iCertsFromStoreRoots;
   123 
   124 	TRequestStatus* iOriginalRequestStatus;
   125 
   126 	/**
   127 	 * The roots that we trust.
   128 	 * This can be given 
   129 	 * <UL>
   130 	 * <LI>explicitly : the user gives a set of root certificates at construction time.</LI>
   131 	 * <LI>implicitly : the user gives the uid of the application and the validation code
   132 	 * retrieves the root certificates trusted for this application from the certificate
   133 	 * store.</LI>
   134 	 * </UL>
   135 	 */
   136 	CPKIXChainBuilder* iRoots;
   137 
   138 	CPKIXChainBuilder* iBuilder;
   139 
   140 	/**
   141 	 * To store the parameters passed to CPKIXCertChainBase::Validate
   142 	 */ 
   143 	CPKIXValidationResultBase* iValidationResult;
   144 	/**
   145 	 * To store the parameters passed to CPKIXCertChainBase::Validate
   146 	 */ 
   147 	TTime iValidationTime;					 
   148 	/**
   149 	 * To store the parameters passed to CPKIXCertChainBase::Validate
   150 	 */ 
   151 	const CArrayPtr<HBufC>* iInitialPolicies;
   152 
   153 	TBool iAddIssuerResult;
   154 
   155 	TInt iNumberOfAddedCertificates;
   156 };
   157 
   158 #endif