MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution. 
     1 /*

     2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 *

    16 */

    17 

    18 

    19 /**

    20  @file 

    21  @internalTechnology

    22 */

    23  

    24 #ifndef __PKIXCERTS_H__

    25 #define __PKIXCERTS_H__

    26 

    27 //pkixroots.h

    28 #include <e32std.h>

    29 #include <x509cert.h>

    30 #include <x509certext.h>

    31 #include <mcertstore.h>

    32 

    33 /**

    34  * Base class for classes that help retrieving certificates from stores

    35  */

    36 class MPKIXCertSource

    37 	{

    38 public:

    39 	//copies cert into aCandidates, passes ownership of cert to calling code...

    40 	virtual void CandidatesL(const CX509Certificate& aSubject, 

    41 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;

    42 	virtual void CancelCandidates() = 0;

    43 	virtual void Release() = 0;

    44 

    45 protected:

    46 	virtual ~MPKIXCertSource();

    47 	

    48 protected:

    49 	/**

    50 	 * This function compares the issuer altname in aSubjectCert with the 

    51 	 * subject altname in aIssuerCert

    52 	 * @param aSubjectCert We will compare the issuer altname of this certificate.

    53 	 * @param aIssuerCert We will compare the subject altname of this certificate.

    54 	 * @return 

    55 	 * <UL>

    56 	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in

    57 	 * aIssuerCert</LI>

    58 	 * <LI>EFalse otherwise</LI>

    59 	 * </UL>

    60 	 */

    61 	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;

    62 	};

    63 

    64 /**

    65  * This class is used to retrieve the certificates from a store

    66  * It doesn't work with client base trust.

    67  */

    68 class CPKIXCertsFromStore : public CActive, public MPKIXCertSource

    69 	{

    70 public:

    71 	/**

    72 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler

    73 	 * Initialize must be called after this function

    74 	 * @param aStore Reference to the cert store. The store is created with the default 

    75 	 * filter intialized to retrieve certificate of CA type and of X509 format.

    76 	 * @return Initialized instance of this class.

    77 	 */

    78 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);

    79 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);

    80 	

    81 	/**

    82 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler

    83 	 * Initialize must be called after this function

    84 	 * @param aStore Reference to the cert store. The store is created with the default 

    85 	 * filter intialized to retrieve certificate of CA type and of X509 format.

    86 	 * @param aClient The UID for which the certificates are to be retrieved from the

    87 	 * cert store, This UID is also passed to the filter for retrieving the certificates 

    88 	 * specific to this client UID.

    89 	 * @return Initialized instance of this class.

    90 	 */

    91 	

    92 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);

    93 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);

    94 	/**

    95 	 * This function does the actual listing of certificates based on the filter created.

    96 	 * It must be called after construction.

    97 	 * @param aStatus Standard parameter for asynchronous calling convention. 

    98 	 */

    99 	void Initialize(TRequestStatus& aStatus);

   100 	/**

   101 	 * This function returns a list of CA certificates that authenticate the

   102 	 * aSubject certificate.

   103 	 * @param aCandidates On return, this array contains the list of CA certificates

   104 	 * that can possibly be used to authenticate aSubject. The array owns the elements

   105 	 * and must take care of deleting them.

   106 	 */

   107 	virtual void CandidatesL(const CX509Certificate& aSubject, 

   108 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);

   109 	virtual void CancelCandidates();

   110 	virtual void Release();

   111 	virtual ~CPKIXCertsFromStore();

   112 

   113 private:

   114 	CPKIXCertsFromStore(MCertStore& aCertStore);

   115 	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);

   116 	void ConstructL();

   117 	void ConstructL(TUid aClient);

   118 

   119 public:

   120 	void RunL();

   121 	TInt RunError(TInt aError);

   122 	void DoCancel();

   123 

   124 private:

   125 	void HandleEGetCertificateL();

   126 	void HandleEAddCandidateL();

   127 	void HandleECheckTrusted();

   128 	

   129 	TBool IsDuplicateL(const CX509Certificate& aCertificate);

   130 

   131 private:

   132 	enum TState

   133 	{

   134 		EIdle = 0,

   135 		EInitialize,

   136 		ECheckTrusted,

   137 		EGetCertificate,

   138 		EAddCandidate,

   139 		EEnd

   140 	};

   141 

   142 private:

   143 	/**

   144 	 * The state used to know what must be done when executing

   145 	 * RunL().

   146 	 */

   147 	TState iState;

   148 

   149 	/**

   150 	 * The TRequestStatus that must be updated when the operation

   151 	 * requested by a user of this class has been 

   152 	 * completed

   153 	 */

   154 	TRequestStatus *iOriginalRequestStatus;

   155 

   156 	TUid iClient;

   157 

   158 	CCertAttributeFilter *iFilter;

   159 

   160 	/**

   161 	 * iRootName is used for CandidateL

   162 	 */

   163 	const CX500DistinguishedName* iRootName;

   164 

   165 	/**

   166 	 * We don't own this

   167 	 */

   168 	const CX509Certificate* iSubject;

   169 

   170 	/**

   171 	 * We don't own this

   172 	 */

   173 	RPointerArray<CX509Certificate>* iCandidates;

   174 

   175 	/**

   176 	 * iCertData is used for CandidateL

   177 	 */

   178 	HBufC8* iCertData;

   179 

   180 	TPtr8* iCertPtr;

   181 

   182 	/**

   183 	 * iEntriesIndex is used for CandidateL

   184 	 */

   185 	TInt iEntriesIndex;

   186 	

   187 	/**

   188 	 * Applies to certificate at iEntriesIndex - reflects trust setting

   189 	 */

   190 	TBool iIsTrusted;

   191 

   192 	/**

   193 	 * Used when listing certificates (filtered but not on trust).

   194 	 */

   195 	RMPointerArray<CCTCertInfo> iCertInfos;

   196 

   197 	MCertStore& iCertStore;

   198 	};

   199 

   200 class CPKIXCertsFromClient : public MPKIXCertSource

   201 	{

   202 public:

   203 	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);

   204 	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);

   205 	virtual void CandidatesL(const CX509Certificate& aSubject,

   206 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);

   207 	virtual void CancelCandidates();

   208 	virtual void Release();

   209 	virtual ~CPKIXCertsFromClient();

   210 

   211 private:

   212 	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);

   213 

   214 private:

   215 	const RPointerArray<CX509Certificate>& iCerts;

   216 	};

   217 

   218 #endif
Symaptic