sl@0: /*
sl@0: * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0: * All rights reserved.
sl@0: * This component and the accompanying materials are made available
sl@0: * under the terms of the License "Eclipse Public License v1.0"
sl@0: * which accompanies this distribution, and is available
sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0: *
sl@0: * Initial Contributors:
sl@0: * Nokia Corporation - initial contribution.
sl@0: *
sl@0: * Contributors:
sl@0: *
sl@0: * Description: 
sl@0: * Declares classes for producing PKCS#10 certificate requests.
sl@0: *
sl@0: */
sl@0: 
sl@0: 
sl@0: /**
sl@0:  @file
sl@0:  @publishedPartner
sl@0:  @released 
sl@0: */
sl@0: 
sl@0: #ifndef __PKCS10_H__
sl@0: #define __PKCS10_H__
sl@0: 
sl@0: #include <e32base.h>
sl@0: #include <asn1enc.h>
sl@0: #include <mctkeystore.h>
sl@0: #include <signed.h>
sl@0: 
sl@0: class CX500DistinguishedName;
sl@0: class CASN1EncBase;
sl@0: class CPKCS10Attributes;
sl@0: class CPKCS10KeyHelper;
sl@0: class CMessageDigest;
sl@0: class TX509KeyEncoder;
sl@0: 
sl@0: /** 
sl@0:  * Class for making PKCS#10 Certificate Request objects.
sl@0:  *
sl@0:  * Keys are specified by a cryptotokens key info object - this means that this
sl@0:  * API can only be used to generate cert requests for keys that are held in a
sl@0:  * keystore on the device.
sl@0:  * 
sl@0:  */
sl@0: class CPKCS10Request : public CActive
sl@0: 	{
sl@0: public:
sl@0: 	/**
sl@0: 	 * Creates a new PKCS#10 request object.
sl@0: 	 * 
sl@0: 	 * @param aDN X500 distinguished name of the entity provided by caller.
sl@0: 	 *     Stored in iDN member variable. Ownership is not transferred.
sl@0: 	 * @param aKeyInfo The key info object of the key to sign the request with.
sl@0: 	 * 	   Does not take ownership.
sl@0: 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.
sl@0: 	 * 	   Takes ownership.
sl@0: 	 * @return A pointer to the newly allocated object.
sl@0: 	 */
sl@0: 	IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN,
sl@0: 										 const CCTKeyInfo& aKeyInfo,
sl@0: 										 CPKCS10Attributes* aAttr = NULL);
sl@0: 	
sl@0: 	/**
sl@0: 	 * Creates a new PKCS#10 request object.
sl@0: 	 * 
sl@0: 	 * @param aDN X500 distinguished name of the entity provided by caller.
sl@0: 	 *     Stored in iDN member variable. Ownership is not transferred.
sl@0: 	 * @param aKeyInfo The key info object of the key to sign the request with.
sl@0: 	 * 	   Does not take ownership.
sl@0: 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.
sl@0: 	 * 	   Takes ownership.
sl@0: 	 * @return A pointer to the newly allocated object that is left on the
sl@0: 	 * 	   cleanup stack.
sl@0: 	 */
sl@0: 	IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN,
sl@0: 										 const CCTKeyInfo& aKeyInfo,
sl@0: 										 CPKCS10Attributes* aAttr = NULL);
sl@0: 
sl@0: 	/**
sl@0: 	 * Destructs PKCS#10 object, deletes encoding buffer and attributes.
sl@0: 	 */
sl@0: 	IMPORT_C virtual ~CPKCS10Request();
sl@0: 
sl@0: public:
sl@0: 
sl@0: 	/**
sl@0: 	 * Set the attributes to be encoded in the request. It replaces existing
sl@0: 	 * attributes, if any.
sl@0: 	 * @param aAttr The attributes - this object takes ownership.
sl@0: 	 */
sl@0: 	IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr);
sl@0: 
sl@0: 	/**
sl@0: 	 * Set the digest algorithm to use when signing the request.  If this method
sl@0: 	 * is not called, the default SHA-1 is used. 
sl@0: 	 *
sl@0: 	 * @param aDigest	For RSA keys, one of EMD2, EMD5 or ESHA1.  
sl@0: 	 * 					For DSA keys, ESHA1 is the only permitted value.
sl@0: 	 * @leave KErrArgument if the specified algorithm is not supported.
sl@0: 	 */
sl@0: 	IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest);
sl@0: 
sl@0: 	/**
sl@0: 	 * Set the distinguished name of the entity. It replaces existing
sl@0: 	 * name, if any.
sl@0: 	 * @param aDN X500 distinguished name of the entity provided by caller.
sl@0: 	 *     Stored in iDN member variable. Ownership is not transferred.
sl@0: 	 */
sl@0: 	IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN);
sl@0: 
sl@0: 	/**
sl@0: 	 * Set the information of the key to sign with. It replaces existing
sl@0: 	 * key info, if any.
sl@0: 	 * @param aKeyInfo The key info object of the key to sign the request with.
sl@0: 	 * 	   Does not take ownership.
sl@0: 	 */
sl@0: 	IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo);
sl@0: 
sl@0: 	/**
sl@0: 	 * Create the ASN.1 DER encoding of the certificate request.  This is an
sl@0: 	 * asynchronous method. The Cancel() method can be called to cancel an
sl@0: 	 * outstanding request. This method can be called repeatedly to create 
sl@0: 	 * certificate requests after setting the various parameters. However an
sl@0: 	 * outstanding request must complete or be cancelled before calling this 
sl@0: 	 * method again.
sl@0: 	 * 
sl@0: 	 * 
sl@0: 	 * @param aResult	On successful completion, this points to a newly
sl@0: 	 * 					allocated buffer containing the encoded certificate request.
sl@0: 	 * @param aStatus	Asynchronous status notification 
sl@0: 	 */	
sl@0: 	IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);
sl@0: 	
sl@0: private:
sl@0: 
sl@0: 	virtual void RunL();
sl@0: 	virtual TInt RunError(TInt aErr);
sl@0: 	virtual void DoCancel();
sl@0: 
sl@0: 	enum TState
sl@0: 		{
sl@0: 		EIdle,
sl@0: 		EInitialize,
sl@0: 		EGetKeyStore,
sl@0: 		EGetPublicKey,
sl@0: 		EOpenSigner,
sl@0: 		ESign
sl@0: 		};
sl@0: 
sl@0: private:
sl@0: 	/** Private constructor that initializes essential member variables. */
sl@0: 	CPKCS10Request(const CX500DistinguishedName* aDN,
sl@0: 				   const CCTKeyInfo* aKeyInfo,
sl@0: 				   CPKCS10Attributes* aAttr);
sl@0: 
sl@0: 	// Methods making ASN.1 encoding objects
sl@0: 
sl@0: 	/**	
sl@0: 	 * Performs the actual ASN.1 encoding of the request without signing it.
sl@0: 	 * certRequestInfo is what gets signed with private key.
sl@0: 	 * @return Pointer to a newly allocated CASN1EncSequence object.
sl@0: 	 */
sl@0: 	CASN1EncSequence* MakeCertRequestInfoEncLC();
sl@0: 
sl@0: 	/**
sl@0: 	 * Encodes desired certificate attributes into ASN1. Takes whatever 
sl@0: 	 * attributes are in the iAttributes and adds them below a 
sl@0: 	 * sequence. If there are no attributes stored, leaves the set empty.
sl@0: 	 * 
sl@0: 	 * The structure of the attribute node is as follows:
sl@0: 	 * @code
sl@0:      * Context-specific[0]
sl@0:      *    SEQUENCE-OF
sl@0:      *      OID of the organization
sl@0:      *      SET-OF
sl@0:      *        SEQUENCE-OF (stored in iAttributes)
sl@0:      *          SEQUENCE-OF
sl@0:      *            OID of attribute
sl@0:      *            OCTET STRING value
sl@0:      *          SEQUENCE-OF
sl@0:      *            OID of attribute
sl@0:      *            OCTET STRING value
sl@0:      *          ...
sl@0: 	 * @endcode
sl@0: 	 * @return Pointer to a newly allocated encoding object containing 
sl@0: 	 *     desired certificate attributes.
sl@0: 	 */
sl@0: 	CASN1EncBase* MakeAttrEncLC();
sl@0: 
sl@0: 	/**
sl@0: 	 * Generates data to be signed.
sl@0: 	 */
sl@0: 	void EncodeTBSDataL();
sl@0: 
sl@0: 	void CreateFinalEncodingL();
sl@0: 
sl@0: 	void Reset();
sl@0: 
sl@0: private:
sl@0: 	const CX500DistinguishedName*	iDN;
sl@0: 	const CCTKeyInfo* 				iKeyInfo;
sl@0: 	CPKCS10Attributes*				iAttributes;
sl@0: 	TAlgorithmId					iDigestId;
sl@0: 	TRequestStatus*					iClientStatus;
sl@0: 	TState 							iState;
sl@0: 	HBufC8**						iResult;
sl@0: 	MCTKeyStore*					iKeyStore;
sl@0: 	CPKCS10KeyHelper*				iKeyHelper;
sl@0: 	HBufC8*							iExportedKey;
sl@0: 	HBufC8*							iTBSData;
sl@0: 	};
sl@0: 
sl@0: #endif