First public contribution.
2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
15 * CPKIXCertChainAO class implementation
25 #ifndef __PKIXCERTCHAINAO_H__
26 #define __PKIXCERTCHAINAO_H__
29 #include "pkixcerts.h"
30 #include "pkixchainbuilder.h"
31 #include "pkixcertstate.h"
33 #include <x509certext.h>
35 #include <pkixcertchain.h>
37 class CPKIXCertChainBase;
40 * This class handles the asynchronous part of the pkix chain validation. It
41 * is an active object which handles the asynchronous certificate store operations.
43 class CPKIXCertChainAO : public CActive
46 static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
47 const RPointerArray<CX509Certificate>& aRootCerts);
48 static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,
50 virtual ~CPKIXCertChainAO();
53 CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);
54 CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);
55 void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);
59 TInt RunError(TInt aError);
63 void HandleEStoreManagerInitializationL();
64 void HandleEStoreManagerInitializedL();
65 void HandleEAddRootsL();
66 void HandleERootsInitializedL();
67 void HandleEBuildChainStartL();
68 void HandleEBuildChainAddCandidateEndL();
69 void HandleEBuildChainCertsFromStoreBeginL();
70 void HandleEBuildChainCertsFromStoreEndL();
71 void HandleEAddCandidateIntermediateCertsEndL();
72 void HandleEValidateEndL();
76 void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
77 const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);
78 void CancelValidate();
82 void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);
83 void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,
84 const CArrayPtr<HBufC>* aInitialPolicies);
85 void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;
86 void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;
87 void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState,
88 CPKIXValidationResultBase& aResult) const;
89 void CheckCriticalExtsL(CPKIXValidationState& aState,
90 CPKIXValidationResultBase& aResult) const;
93 * The states used to know what to do in the RunL function.
100 EBuildChainAddCandidateEnd,
101 EBuildChainCertsFromStoreBegin,
102 EBuildChainCertsFromStoreEnd,
103 EAddCandidateIntermediateCertsEnd,
108 MCertStore* iCertStore;
109 // a reference to the object which owns this instance
110 CPKIXCertChainBase &iPKIXCertChain;
115 * <P>Ownership of this object is peculiar.</P>
116 * <P>We need this to be a member because it is created and initialized in
117 * the EAddRoots handler but is only added to iRoots in the ERootsInitialized
118 * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>
119 * <P>The only case where the destructor will have to delete it, is when a leave
120 * occurs between the EAddRoots and ERootsInitialized states.</P>
122 CPKIXCertsFromStore* iCertsFromStoreRoots;
124 TRequestStatus* iOriginalRequestStatus;
127 * The roots that we trust.
130 * <LI>explicitly : the user gives a set of root certificates at construction time.</LI>
131 * <LI>implicitly : the user gives the uid of the application and the validation code
132 * retrieves the root certificates trusted for this application from the certificate
136 CPKIXChainBuilder* iRoots;
138 CPKIXChainBuilder* iBuilder;
141 * To store the parameters passed to CPKIXCertChainBase::Validate
143 CPKIXValidationResultBase* iValidationResult;
145 * To store the parameters passed to CPKIXCertChainBase::Validate
147 TTime iValidationTime;
149 * To store the parameters passed to CPKIXCertChainBase::Validate
151 const CArrayPtr<HBufC>* iInitialPolicies;
153 TBool iAddIssuerResult;
155 TInt iNumberOfAddedCertificates;