sl@0: /* sl@0: * Copyright (c) 1998-2010 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * X509 certificate implementation sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @publishedAll sl@0: @released sl@0: */ sl@0: sl@0: #ifndef __X509CERT_H__ sl@0: #define __X509CERT_H__ sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: /* These OIDs have been defined for PKCS#1 with the sl@0: * superior reference to OID 1.2.840.113549.1.1 sl@0: * {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} sl@0: */ sl@0: // RSA (PKCS #1 v1.5) key transport algorithm sl@0: _LIT(KRSA,"1.2.840.113549.1.1.1"); sl@0: // MD2 with RSA Encryption sl@0: _LIT(KMD2WithRSA,"1.2.840.113549.1.1.2"); sl@0: // RSA (PKCS #1 v1.5) with MD5 signature sl@0: _LIT(KMD5WithRSA,"1.2.840.113549.1.1.4"); sl@0: // RSA (PKCS #1 v1.5) with SHA-1 signature sl@0: _LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5"); sl@0: // SHA256 with RSA Encryption sl@0: _LIT(KSHA256WithRSA,"1.2.840.113549.1.1.11"); sl@0: // SHA384 with RSA Encryption sl@0: _LIT(KSHA384WithRSA,"1.2.840.113549.1.1.12"); sl@0: // SHA512 with RSA Encryption sl@0: _LIT(KSHA512WithRSA,"1.2.840.113549.1.1.13"); sl@0: // SHA224 with RSA Encryption sl@0: _LIT(KSHA224WithRSA,"1.2.840.113549.1.1.14"); sl@0: sl@0: /* sl@0: * These OIDs have been defined for PKIX with the sl@0: * superior reference to OID 1.2.840.10040. sl@0: */ sl@0: // Digital Signature Algorithm (DSA), also known as the Digital Signature Standard (DSS) sl@0: _LIT(KDSA,"1.2.840.10040.4.1"); sl@0: // ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30) sl@0: _LIT(KDSAWithSHA1, "1.2.840.10040.4.3"); sl@0: sl@0: /* sl@0: * These OIDs have been defined for ANSI X9 standard with sl@0: * superior reference to oid 1.2.840.10046. sl@0: * {iso(1) member-body(2) us(840) ansi-x942(10046) number-types(2)} sl@0: */ sl@0: // ANSI X9.42 Ephemeral-Static Diffie-Hellman key agreement algorithm sl@0: _LIT(KDH,"1.2.840.10046.2.1"); sl@0: sl@0: /* sl@0: * These OIDs have been defined for digest algorithms with sl@0: * superior reference to oid 1.2.840.113549.2 sl@0: * {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} sl@0: */ sl@0: _LIT(KMD5,"1.2.840.113549.2.5"); sl@0: _LIT(KMD2,"1.2.840.113549.2.2"); sl@0: sl@0: /* sl@0: * These OIDs have been defined for hash algorithms conforming NIST algorithms sl@0: * with superior reference to oid 2.16.840.1.101.3.4.2 sl@0: * {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)} sl@0: */ sl@0: _LIT(KSHA256,"2.16.840.1.101.3.4.2.1"); sl@0: _LIT(KSHA384,"2.16.840.1.101.3.4.2.2"); sl@0: _LIT(KSHA512,"2.16.840.1.101.3.4.2.3"); sl@0: _LIT(KSHA224,"2.16.840.1.101.3.4.2.4"); sl@0: sl@0: /* sl@0: * These OIDs are for OIW Security Special Interest Group defined algorithms sl@0: * with superior reference to oid 1.3.14.3.2 sl@0: * {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)} sl@0: */ sl@0: // SHA1 with RSA signature (obsolete) sl@0: _LIT(KSHA1WithRSASignature,"1.3.14.3.2.29"); sl@0: // Hash algorithm identifier SHA-1 (Secure Hash Algorithm, Revision 1) sl@0: _LIT(KSHA1,"1.3.14.3.2.26"); sl@0: sl@0: /** The maximum number of allowed data elements. sl@0: * sl@0: * @since v7.0 */ sl@0: const TInt KX509MaxDataElements = 10; sl@0: sl@0: class CRSAPublicKey; sl@0: class CDSAPublicKey; sl@0: class CDSASignature; sl@0: class CDSAParameters; sl@0: sl@0: class CPKCS1SignatureResult : public CRSASignatureResult sl@0: /** The signature result in PKCS#1 format. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new algorithm ID object copied from an existing object. sl@0: * sl@0: * @param aDigestAlgorithm The algorithm ID object to be copied. sl@0: * @param aDigest A non-modifiable descriptor representing the digest algorithm. sl@0: * @return A pointer to the new algorithm ID object. */ sl@0: IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); sl@0: sl@0: /** Creates a new algorithm ID object copied from an existing sl@0: * object, and puts a pointer to the new object onto the cleanup stack. sl@0: * sl@0: * @param aDigestAlgorithm The algorithm ID object to be copied. sl@0: * @param aDigest A non-modifiable descriptor representing the digest algorithm. sl@0: * @return A pointer to the new algorithm ID object. */ sl@0: IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); sl@0: sl@0: /** Tests whether the signature result is valid. sl@0: * sl@0: * @param aResult The signature result to be verified. sl@0: * @return ETrue, if the signature result is verified; EFalse, otherwise. */ sl@0: IMPORT_C virtual TBool VerifyL(const TDesC8& aResult); sl@0: private: sl@0: void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); sl@0: TBool DoVerifyL(const TDesC8& aResult); sl@0: }; sl@0: sl@0: class TX509KeyFactory : public TKeyFactory sl@0: /** Constructs the public key objects used for signature verification, from their sl@0: * encoded binary form, for X.509 certificates. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Gets the RSA public key from the encoding key. sl@0: * sl@0: * @param aEncoding A non-modifiable descriptor representing the entire encoding. sl@0: * @return The RSA Public key. */ sl@0: IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const; sl@0: sl@0: /** Gets the RSA signature result. sl@0: * sl@0: * @param aDigestAlgorithm The digest algorithm ID. sl@0: * @param aDigest A non-modifiable descriptor representing the digest algorithm. sl@0: * @return The RSA signature result. */ sl@0: IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const; sl@0: sl@0: /** Gets the DSA public key from the encoding key. sl@0: * sl@0: * @param aParamsEncoding A non-modifiable descriptor representing sl@0: * the encoded binary representation of the DSA parameters sl@0: * @param aEncoding A non-modifiable descriptor representing the entire encoding. sl@0: * @return The DSA public key. sl@0: * @since v8.0 */ sl@0: IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const; sl@0: sl@0: /** Gets the digital DSA signature from the encoding key. sl@0: * sl@0: * @param aEncoding A non-modifiable descriptor representing the entire encoding. sl@0: * @return The DSA signature. */ sl@0: IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const; sl@0: sl@0: /** Gets the DSA parameters from the encoding key. sl@0: * sl@0: * @param aEncoding A non-modifiable descriptor representing the entire encoding. sl@0: * @return The DSA parameters. */ sl@0: IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const; sl@0: sl@0: /** Gets the DSA public key from the encoding key. sl@0: * sl@0: * @param aParams The DSA parameters sl@0: * @param aEncoding A non-modifiable descriptor representing the entire encoding. sl@0: * @return The DSA public key. */ sl@0: IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const; sl@0: }; sl@0: sl@0: class CX509ValidityPeriod : public CValidityPeriod sl@0: /** The period for which an X.509 certificate is valid. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new X.509 validity period object from the specified buffer containing sl@0: * the binary coded representation. sl@0: * sl@0: * Initialises the object from its encoded binary form into an internal representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new validity period object. */ sl@0: IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 validity period object from the specified buffer containing sl@0: * the binary coded representation, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * Initialises the object from its encoded binary form into an internal representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new validity period object. */ sl@0: IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 validity period object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset. sl@0: * sl@0: * Initialises the object from its encoded binary form into an internal representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new validity period object. */ sl@0: IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 validity period object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset, and puts sl@0: * a pointer to it onto the cleanup stack. sl@0: * sl@0: * Initialises the object from its encoded binary form into an internal representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new validity period object. */ sl@0: IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: private: sl@0: CX509ValidityPeriod(); sl@0: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); sl@0: }; sl@0: sl@0: class CX509AlgorithmIdentifier : public CAlgorithmIdentifier sl@0: /** Algorithm identifier for an X.509 certificate. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new X.509 algorithm identifier object from the specified buffer containing sl@0: * the binary coded representation. sl@0: * sl@0: * The function initialises the object from its encoded binary form into an internal sl@0: * representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new algorithm identifier object. */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 algorithm identifier object from the specified buffer containing sl@0: * the binary coded representation, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new algorithm identifier object. */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 algorithm identifier object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new algorithm identifier object. */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 algorithm identifier object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset, and puts sl@0: * a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new algorithm identifier object. */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** sl@0: Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter. sl@0: @param aAlgorithmId The algorithm Id used to build the object. sl@0: @param aEncodedParams The encoded parameter for the algorithm ID. sl@0: @return The fully constructed object. sl@0: */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams); sl@0: sl@0: /** sl@0: Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter sl@0: and leaves the object on the cleanup stack. sl@0: @param aAlgorithmId The algorithm Id used to build the object. sl@0: @param aEncodedParams The encoded parameter for the algorithm ID. sl@0: @return The fully constructed object. sl@0: */ sl@0: IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams); sl@0: sl@0: /** sl@0: Creates the ASN1 DER sequence of the X509 algorithm identifier object sl@0: and leaves it on the cleanup stack. sl@0: @return ASN1 DER sequence of this object. sl@0: */ sl@0: IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const; sl@0: sl@0: private: sl@0: CX509AlgorithmIdentifier(); sl@0: CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId); sl@0: void InitializeL(const TDesC8& aBinaryData, TInt& aPos); sl@0: }; sl@0: sl@0: class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier sl@0: /** Encapsulates the IDs of the algorithms used for signing an X.509 certificate. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new X.509 signing algorithm Id object from the specified buffer containing sl@0: * the binary coded representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 signing algorithm Id object from the specified buffer containing sl@0: * the binary coded representation, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 signing algorithm Id object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 signing algorithm Id object from the specified buffer containing sl@0: * the binary coded representation,starting at the specified offset, and puts sl@0: * a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair sl@0: * sl@0: * @param aAsymmetricAlgorithm The asymmetric algorithm sl@0: * @param aDigestAlgorithm The digest algorithm sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm); sl@0: /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair sl@0: * sl@0: * @param aAsymmetricAlgorithm The asymmetric algorithm sl@0: * @param aDigestAlgorithm The digest algorithm sl@0: * @return The new signing algorithm Id object. */ sl@0: IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm); sl@0: private: sl@0: CX509SigningAlgorithmIdentifier(); sl@0: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); sl@0: void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm); sl@0: }; sl@0: sl@0: class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo sl@0: /** X.509 subject public key information. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new X.509 subject public key object from the specified buffer containing sl@0: * the binary coded representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new subject public key object. */ sl@0: IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 subject public key object from the specified buffer containing sl@0: * the binary coded representation, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new subject public key object. */ sl@0: IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 subject public key object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The subject public key object. */ sl@0: IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 subject public key object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset, and puts sl@0: * a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new subject public key object. */ sl@0: IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: private: sl@0: CX509SubjectPublicKeyInfo(); sl@0: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); sl@0: }; sl@0: sl@0: class CX509CertExtension : public CBase sl@0: /** A generic X.509 certificate extension. sl@0: * sl@0: * The creation of a generic extension is the first step in the creation of a sl@0: * specific extension. Client code gets the decoded Object Identifier (OID) encapsulated sl@0: * by an instance of this class and uses it to create the specific extension. sl@0: * sl@0: * Consists of an any-defined-by structure along with a boolean flag saying whether sl@0: * the extension is critical or not. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a new generic X.509 certificate extension object from an existing object. sl@0: * sl@0: * This is equivalent to a copy constructor. sl@0: * sl@0: * @param aExtension The generic certificate extension to be copied. sl@0: * @return The new generic certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from an existing object, sl@0: * and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * This is equivalent to a copy constructor. sl@0: * sl@0: * @param aExtension The generic certificate extension to be copied. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * buffer containing the binary coded representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * buffer containing the binary coded representation, and puts a pointer to it sl@0: * onto the cleanup stack . sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * buffer containing the binary coded representation, starting at the specified offset. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * buffer containing the binary coded representation, starting at the specified sl@0: * offset, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * extension object id, the critcal flag and the extension data. sl@0: * sl@0: * @param aCertExtOID The OID of the certficate extension. sl@0: * @param aCritical Flag to convey criticality of the extension. sl@0: * @param aCertExtValue The data of the specific extension. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID, sl@0: const TBool aCritical, sl@0: const TDesC8& aCertExtValue); sl@0: sl@0: /** Creates a new generic X.509 certificate extension object from the specified sl@0: * extension object id, the critcal flag and the extension data, and puts a sl@0: * pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aCertExtOID The OID of the certficate extension. sl@0: * @param aCritical Flag to convey criticality of the extension. sl@0: * @param aCertExtValue The data of the specific extension. sl@0: * @return The new generic X.509 certificate extension object. */ sl@0: IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID, sl@0: const TBool aCritical, sl@0: const TDesC8& aCertExtValue); sl@0: sl@0: /** Destructor. sl@0: * sl@0: * Frees all resources owned by the object, prior to its destruction. */ sl@0: IMPORT_C ~CX509CertExtension(); sl@0: sl@0: /** Tests whether certificate processing code must process this extension for certificate sl@0: * validation to succeed. sl@0: * sl@0: * @return ETrue, if this extension must be processed for validation to succeed; sl@0: * EFalse, otherwise. */ sl@0: IMPORT_C TBool Critical() const; sl@0: sl@0: /** Gets the Object Identifier (OID) of the certficate extension. sl@0: * sl@0: * @return The OID of the certficate extension. */ sl@0: IMPORT_C TPtrC Id() const; //OID for the extension sl@0: sl@0: /** Gets the encoded binary representation of the specific extension. sl@0: * sl@0: * @return A pointer descriptor representing the specific extension. */ sl@0: IMPORT_C TPtrC8 Data() const; //the extension itself sl@0: sl@0: /** Creates and returns a DER encoded X.509 certificate extension object in the form sl@0: * of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called sl@0: * repeatedly to get copies of the sequence. sl@0: * sl@0: * @return A pointer to a DER encoded ASN.1 sequence */ sl@0: IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const; sl@0: sl@0: private: sl@0: CX509CertExtension(); sl@0: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); sl@0: void ConstructL(const CX509CertExtension& aExtension); sl@0: void ConstructL(const TDesC& aCertExtOID, sl@0: const TBool aCritical, sl@0: const TDesC8& aCertExtValue); sl@0: HBufC* iId; sl@0: TBool iCritical; sl@0: HBufC8* iData; sl@0: }; sl@0: sl@0: class CX509Certificate : public CCertificate sl@0: /** An X.509 certificate. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Enumerates values for encoded data element positions in the TBSCertificate data structure. sl@0: * sl@0: * These values are to be used as parameters to the DataElementEncoding() function. */ sl@0: enum sl@0: { sl@0: EVersionNumber = 0, //optional - may be NULL sl@0: ESerialNumber = 1, sl@0: EAlgorithmId = 2, sl@0: EIssuerName = 3, sl@0: EValidityPeriod = 4, sl@0: ESubjectName = 5, sl@0: ESubjectPublicKeyInfo = 6, sl@0: EIssuerUID = 7, //optional - may be NULL sl@0: ESubjectUID = 8, //optional - may be NULL sl@0: EExtensionList = 9 //optional - may be NULL sl@0: }; sl@0: sl@0: /** Creates a new X.509 certificate object from the specified buffer containing sl@0: * the binary coded representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 certificate object from the specified buffer containing sl@0: * the binary coded representation, and puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * Initialises the object from its encoded binary form into an internal representation. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData); sl@0: sl@0: /** Creates a new X.509 certificate object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 certificate object from the specified buffer containing sl@0: * the binary coded representation, starting at the specified offset, and puts sl@0: * a pointer to it onto the cleanup stack. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @param aPos The offset position from which to start decoding. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos); sl@0: sl@0: /** Creates a new X.509 certificate object from the specified read stream. sl@0: * sl@0: * @param aStream Stream from which the contents should be internalised. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewL(RReadStream& aStream); sl@0: sl@0: /** Creates a new X.509 certificate object from the specified read stream, and sl@0: * puts a pointer to it onto the cleanup stack. sl@0: * sl@0: * Construction is from the stream. sl@0: * sl@0: * @param aStream Stream from which the contents should be internalised. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream); sl@0: sl@0: /** Creates a new X.509 certificate object from an existing object. sl@0: * sl@0: * This is equivalent to a copy constructor. sl@0: * sl@0: * @param aCert The X.509 certificate to be copied. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert); sl@0: sl@0: /** Creates a new X.509 certificate object from an existing object. sl@0: * sl@0: * This is equivalent to a copy constructor. sl@0: * sl@0: * @param aCert The X.509 certificate to be copied. sl@0: * @return The new X.509 certificate object. */ sl@0: IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert); sl@0: sl@0: /** Retrieves the subject key identifier of a certificate based on the decision whether sl@0: * it is a CA certificate or not. If it is a CA certificate then returns the stored subject key id sl@0: * as an extension in the certificate, any other certificate it returns the keyidentifier as sl@0: * calculated by Symbian's proprietary logic. sl@0: * @return The subject key identifier for the certificate. */ sl@0: IMPORT_C TKeyIdentifier SubjectKeyIdL() const; sl@0: sl@0: sl@0: /** Destructor. sl@0: * sl@0: * Frees all resources owned by the object, prior to its destruction. */ sl@0: IMPORT_C ~CX509Certificate(); sl@0: sl@0: /** Tests whether the specified X.509 certificate is equal to this X.509 certificate. sl@0: * sl@0: * X.509 certificates are equal if both the serial number and the issuer name sl@0: * are the same. sl@0: * sl@0: * @param aCert The X.509 certificate to be compared. sl@0: * @return ETrue, if the certificates are equal;EFalse, otherwise. */ sl@0: IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const; sl@0: sl@0: //extra accessors sl@0: /** Gets the certificate's signed data. sl@0: * sl@0: * @return A non-modifiable pointer descriptor representing the certificate's sl@0: * signed data. */ sl@0: IMPORT_C const TPtrC8 SignedDataL() const; sl@0: sl@0: /** Gets the version number of the certificate. sl@0: * sl@0: * @return The version number of the certificate. */ sl@0: IMPORT_C TInt Version() const; sl@0: sl@0: /** Gets the X.500 Distinguished Name that identifies the issuer. sl@0: * sl@0: * @return The X.500 Distinguished Name that identifies the issuer. */ sl@0: IMPORT_C const CX500DistinguishedName& IssuerName() const; sl@0: sl@0: /** Gets the X.500 Distinguished Name that identifies the subject. sl@0: * sl@0: * @return The X.500 Distinguished Name that identifies the subject. */ sl@0: IMPORT_C const CX500DistinguishedName& SubjectName() const; sl@0: sl@0: //return all your generic extensions sl@0: /** Gets all generic certificate extensions. sl@0: * sl@0: * @return The certificate extensions. */ sl@0: IMPORT_C const CArrayPtrFlat& Extensions() const; sl@0: sl@0: //return a particular extension: this is NOT OWNED by the client sl@0: //returns NULL if the ext is not found sl@0: /** Gets the certificate extension identified by the specified object identifier (OID). sl@0: * sl@0: * @param aExtensionName The OID identifying the extension. sl@0: * @return The certificate extension: Note that ownership is not transferred to sl@0: * the caller. */ sl@0: IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const; sl@0: sl@0: /** Internalises an object of this class from a read stream. sl@0: * sl@0: * The presence of this function means that the standard templated operator>>() sl@0: * can be used to internalise objects of this class. sl@0: * sl@0: * Note that the function has assignment semantics. It replaces the old value sl@0: * of the object with a new value read from the read stream. sl@0: * sl@0: * @param aStream Stream from which the object is to be internalised. */ sl@0: IMPORT_C void InternalizeL(RReadStream& aStream); sl@0: sl@0: //return the encoding for a data element at the index specified sl@0: /** Gets the encoded data for the specified encoded data element (in the To Be sl@0: * Signed (TBS) certificate data structure) of the signed object. sl@0: * sl@0: * @param aIndex The encoded data element position in the TBSCertificate data sl@0: * structure. (See the CX509Certificate enumeration.) sl@0: * @return The encoded data for the specified data element of the signed object. sl@0: * @since v7.0 */ sl@0: IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const; sl@0: sl@0: public: // from CCertificate sl@0: /** Gets the issuer of the certificate. sl@0: * sl@0: * @return A heap descriptor representing the issuer of the certificate. */ sl@0: IMPORT_C HBufC* IssuerL() const; sl@0: sl@0: /** Gets the subject of the certificate. sl@0: * sl@0: * @return A heap descriptor representing the issuer of the certificate. */ sl@0: IMPORT_C HBufC* SubjectL() const; sl@0: sl@0: /** Tests whether the certificate is self-signed. sl@0: * sl@0: * @return ETrue, if it is self-signed; EFalse, otherwise. */ sl@0: IMPORT_C TBool IsSelfSignedL() const; sl@0: sl@0: /** Gets a key identifier for the certificate. This is a unique identifier, calculated according sl@0: * to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this sl@0: * method does NOT return the value of the Subject Key Id extension, if it is present. sl@0: * sl@0: * @return A unique key identifier for the certificate. */ sl@0: IMPORT_C TKeyIdentifier KeyIdentifierL() const; sl@0: sl@0: /** Gets the subject key identifier for the certificate. This identifier is extracted from the sl@0: * certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from sl@0: * section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids sl@0: * extracted from the certificate there is a length limit - if the extension is longer than 160 bits, sl@0: * it is ignored and the value is calculated instead. sl@0: * sl@0: * @return The subject key identifier for the certificate. */ sl@0: IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const; sl@0: sl@0: private: sl@0: CX509Certificate(); sl@0: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); sl@0: void ConstructL(const CX509Certificate& aCertificate); sl@0: void ConstructCertL(); sl@0: void InitDataElementsL(const CX509Certificate& aCertificate); sl@0: HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready); sl@0: void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready); sl@0: //private data sl@0: TInt iVersion; sl@0: CX500DistinguishedName* iIssuerName; sl@0: CX500DistinguishedName* iSubjectName; sl@0: HBufC8* iIssuerUid; sl@0: HBufC8* iSubjectUid; sl@0: CArrayPtrFlat* iExtensions; sl@0: TFixedArray* iDataElements; sl@0: }; sl@0: sl@0: #endif