First public contribution.
2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
24 #ifndef __PKIXCERTS_H__
25 #define __PKIXCERTS_H__
30 #include <x509certext.h>
31 #include <mcertstore.h>
34 * Base class for classes that help retrieving certificates from stores
39 //copies cert into aCandidates, passes ownership of cert to calling code...
40 virtual void CandidatesL(const CX509Certificate& aSubject,
41 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
42 virtual void CancelCandidates() = 0;
43 virtual void Release() = 0;
46 virtual ~MPKIXCertSource();
50 * This function compares the issuer altname in aSubjectCert with the
51 * subject altname in aIssuerCert
52 * @param aSubjectCert We will compare the issuer altname of this certificate.
53 * @param aIssuerCert We will compare the subject altname of this certificate.
56 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
58 * <LI>EFalse otherwise</LI>
61 TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
65 * This class is used to retrieve the certificates from a store
66 * It doesn't work with client base trust.
68 class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
72 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
73 * Initialize must be called after this function
74 * @param aStore Reference to the cert store. The store is created with the default
75 * filter intialized to retrieve certificate of CA type and of X509 format.
76 * @return Initialized instance of this class.
78 static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
79 static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
82 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
83 * Initialize must be called after this function
84 * @param aStore Reference to the cert store. The store is created with the default
85 * filter intialized to retrieve certificate of CA type and of X509 format.
86 * @param aClient The UID for which the certificates are to be retrieved from the
87 * cert store, This UID is also passed to the filter for retrieving the certificates
88 * specific to this client UID.
89 * @return Initialized instance of this class.
92 static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
93 static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
95 * This function does the actual listing of certificates based on the filter created.
96 * It must be called after construction.
97 * @param aStatus Standard parameter for asynchronous calling convention.
99 void Initialize(TRequestStatus& aStatus);
101 * This function returns a list of CA certificates that authenticate the
102 * aSubject certificate.
103 * @param aCandidates On return, this array contains the list of CA certificates
104 * that can possibly be used to authenticate aSubject. The array owns the elements
105 * and must take care of deleting them.
107 virtual void CandidatesL(const CX509Certificate& aSubject,
108 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
109 virtual void CancelCandidates();
110 virtual void Release();
111 virtual ~CPKIXCertsFromStore();
114 CPKIXCertsFromStore(MCertStore& aCertStore);
115 CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
117 void ConstructL(TUid aClient);
121 TInt RunError(TInt aError);
125 void HandleEGetCertificateL();
126 void HandleEAddCandidateL();
127 void HandleECheckTrusted();
129 TBool IsDuplicateL(const CX509Certificate& aCertificate);
144 * The state used to know what must be done when executing
150 * The TRequestStatus that must be updated when the operation
151 * requested by a user of this class has been
154 TRequestStatus *iOriginalRequestStatus;
158 CCertAttributeFilter *iFilter;
161 * iRootName is used for CandidateL
163 const CX500DistinguishedName* iRootName;
168 const CX509Certificate* iSubject;
173 RPointerArray<CX509Certificate>* iCandidates;
176 * iCertData is used for CandidateL
183 * iEntriesIndex is used for CandidateL
188 * Applies to certificate at iEntriesIndex - reflects trust setting
193 * Used when listing certificates (filtered but not on trust).
195 RMPointerArray<CCTCertInfo> iCertInfos;
197 MCertStore& iCertStore;
200 class CPKIXCertsFromClient : public MPKIXCertSource
203 static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
204 static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
205 virtual void CandidatesL(const CX509Certificate& aSubject,
206 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
207 virtual void CancelCandidates();
208 virtual void Release();
209 virtual ~CPKIXCertsFromClient();
212 CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
215 const RPointerArray<CX509Certificate>& iCerts;