os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 *
    16 */
    17 
    18 
    19 /**
    20  @file 
    21  @internalTechnology
    22 */
    23  
    24 #ifndef __PKIXCERTS_H__
    25 #define __PKIXCERTS_H__
    26 
    27 //pkixroots.h
    28 #include <e32std.h>
    29 #include <x509cert.h>
    30 #include <x509certext.h>
    31 #include <mcertstore.h>
    32 
    33 /**
    34  * Base class for classes that help retrieving certificates from stores
    35  */
    36 class MPKIXCertSource
    37 	{
    38 public:
    39 	//copies cert into aCandidates, passes ownership of cert to calling code...
    40 	virtual void CandidatesL(const CX509Certificate& aSubject, 
    41 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
    42 	virtual void CancelCandidates() = 0;
    43 	virtual void Release() = 0;
    44 
    45 protected:
    46 	virtual ~MPKIXCertSource();
    47 	
    48 protected:
    49 	/**
    50 	 * This function compares the issuer altname in aSubjectCert with the 
    51 	 * subject altname in aIssuerCert
    52 	 * @param aSubjectCert We will compare the issuer altname of this certificate.
    53 	 * @param aIssuerCert We will compare the subject altname of this certificate.
    54 	 * @return 
    55 	 * <UL>
    56 	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
    57 	 * aIssuerCert</LI>
    58 	 * <LI>EFalse otherwise</LI>
    59 	 * </UL>
    60 	 */
    61 	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
    62 	};
    63 
    64 /**
    65  * This class is used to retrieve the certificates from a store
    66  * It doesn't work with client base trust.
    67  */
    68 class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
    69 	{
    70 public:
    71 	/**
    72 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
    73 	 * Initialize must be called after this function
    74 	 * @param aStore Reference to the cert store. The store is created with the default 
    75 	 * filter intialized to retrieve certificate of CA type and of X509 format.
    76 	 * @return Initialized instance of this class.
    77 	 */
    78 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
    79 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
    80 	
    81 	/**
    82 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
    83 	 * Initialize must be called after this function
    84 	 * @param aStore Reference to the cert store. The store is created with the default 
    85 	 * filter intialized to retrieve certificate of CA type and of X509 format.
    86 	 * @param aClient The UID for which the certificates are to be retrieved from the
    87 	 * cert store, This UID is also passed to the filter for retrieving the certificates 
    88 	 * specific to this client UID.
    89 	 * @return Initialized instance of this class.
    90 	 */
    91 	
    92 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
    93 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
    94 	/**
    95 	 * This function does the actual listing of certificates based on the filter created.
    96 	 * It must be called after construction.
    97 	 * @param aStatus Standard parameter for asynchronous calling convention. 
    98 	 */
    99 	void Initialize(TRequestStatus& aStatus);
   100 	/**
   101 	 * This function returns a list of CA certificates that authenticate the
   102 	 * aSubject certificate.
   103 	 * @param aCandidates On return, this array contains the list of CA certificates
   104 	 * that can possibly be used to authenticate aSubject. The array owns the elements
   105 	 * and must take care of deleting them.
   106 	 */
   107 	virtual void CandidatesL(const CX509Certificate& aSubject, 
   108 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
   109 	virtual void CancelCandidates();
   110 	virtual void Release();
   111 	virtual ~CPKIXCertsFromStore();
   112 
   113 private:
   114 	CPKIXCertsFromStore(MCertStore& aCertStore);
   115 	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
   116 	void ConstructL();
   117 	void ConstructL(TUid aClient);
   118 
   119 public:
   120 	void RunL();
   121 	TInt RunError(TInt aError);
   122 	void DoCancel();
   123 
   124 private:
   125 	void HandleEGetCertificateL();
   126 	void HandleEAddCandidateL();
   127 	void HandleECheckTrusted();
   128 	
   129 	TBool IsDuplicateL(const CX509Certificate& aCertificate);
   130 
   131 private:
   132 	enum TState
   133 	{
   134 		EIdle = 0,
   135 		EInitialize,
   136 		ECheckTrusted,
   137 		EGetCertificate,
   138 		EAddCandidate,
   139 		EEnd
   140 	};
   141 
   142 private:
   143 	/**
   144 	 * The state used to know what must be done when executing
   145 	 * RunL().
   146 	 */
   147 	TState iState;
   148 
   149 	/**
   150 	 * The TRequestStatus that must be updated when the operation
   151 	 * requested by a user of this class has been 
   152 	 * completed
   153 	 */
   154 	TRequestStatus *iOriginalRequestStatus;
   155 
   156 	TUid iClient;
   157 
   158 	CCertAttributeFilter *iFilter;
   159 
   160 	/**
   161 	 * iRootName is used for CandidateL
   162 	 */
   163 	const CX500DistinguishedName* iRootName;
   164 
   165 	/**
   166 	 * We don't own this
   167 	 */
   168 	const CX509Certificate* iSubject;
   169 
   170 	/**
   171 	 * We don't own this
   172 	 */
   173 	RPointerArray<CX509Certificate>* iCandidates;
   174 
   175 	/**
   176 	 * iCertData is used for CandidateL
   177 	 */
   178 	HBufC8* iCertData;
   179 
   180 	TPtr8* iCertPtr;
   181 
   182 	/**
   183 	 * iEntriesIndex is used for CandidateL
   184 	 */
   185 	TInt iEntriesIndex;
   186 	
   187 	/**
   188 	 * Applies to certificate at iEntriesIndex - reflects trust setting
   189 	 */
   190 	TBool iIsTrusted;
   191 
   192 	/**
   193 	 * Used when listing certificates (filtered but not on trust).
   194 	 */
   195 	RMPointerArray<CCTCertInfo> iCertInfos;
   196 
   197 	MCertStore& iCertStore;
   198 	};
   199 
   200 class CPKIXCertsFromClient : public MPKIXCertSource
   201 	{
   202 public:
   203 	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
   204 	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
   205 	virtual void CandidatesL(const CX509Certificate& aSubject,
   206 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
   207 	virtual void CancelCandidates();
   208 	virtual void Release();
   209 	virtual ~CPKIXCertsFromClient();
   210 
   211 private:
   212 	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
   213 
   214 private:
   215 	const RPointerArray<CX509Certificate>& iCerts;
   216 	};
   217 
   218 #endif