sl@0: /* sl@0: * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * X509 certificate chain and the validation status implementations sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @publishedAll sl@0: @released sl@0: */ sl@0: sl@0: #ifndef __X509CERTCHAIN_H__ sl@0: #define __X509CERTCHAIN_H__ sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: class TValidationStatus sl@0: /** The validation status. sl@0: * sl@0: * Some errors cannot be blamed on any single certificate, in which case the sl@0: * iCert value is meaningless. The same structure is used for errors and for sl@0: * warnings. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Creates a validation status object. sl@0: * sl@0: * @param aError The error type that occurred when validating the certificate chain. sl@0: * @param aCert The index number identifying the certificate that gave rise to sl@0: * the error. */ sl@0: IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert); sl@0: sl@0: /** The reason for the error. */ sl@0: TValidationError iReason; sl@0: sl@0: /** The index number identifying the certificate that gave rise to the error. */ sl@0: TInt iCert; sl@0: }; sl@0: sl@0: class CX509CertChain : public CBase sl@0: /** Abstract base class for X.509 certificate chain validation; sl@0: * derive from this to suit your profile. sl@0: * sl@0: * @since v6.0 */ sl@0: { sl@0: public: sl@0: /** Gets the number of certificates in the chain. sl@0: * sl@0: * @return The number of certificates in the chain. */ sl@0: IMPORT_C TInt Count() const; sl@0: sl@0: /** Gets the certificate identified by the specified index. sl@0: * Note that Cert(Count()) corresponds to the root (if any) sl@0: * whilst Cert(0) corresponds to the outmost certificate in the chain. sl@0: * sl@0: * @param aIndex The ordinal number representing the position of the certificate sl@0: * within the chain. sl@0: * @return The X.509 certificate at the specified index. */ sl@0: IMPORT_C const CX509Certificate& Cert(TInt aIndex) const; sl@0: sl@0: /** Decodes the individual elements of the signed data to construct the certificates. sl@0: * sl@0: * @param aBinaryData The encoded binary representation. sl@0: * @return The certificate objects. */ sl@0: IMPORT_C CArrayPtrFlat* DecodeCertsL(const TDesC8& aBinaryData); sl@0: sl@0: /** Destructor. sl@0: * sl@0: * Frees all resources owned by the object, prior to its destruction. */ sl@0: IMPORT_C ~CX509CertChain(); sl@0: sl@0: /** Tests whether the specified X.509 certificate chain is equal to this X.509 sl@0: * certificate chain. sl@0: * sl@0: * @param aOther The X.509 certificate chain to be compared. sl@0: * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */ sl@0: IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const; sl@0: protected: sl@0: //certificate chain sl@0: CArrayPtrFlat* iChain; sl@0: private: sl@0: static void CleanupCertArray(TAny* aArray); sl@0: }; sl@0: sl@0: class CCertificateValidationWarnings : public CBase sl@0: /** Encapsulates the critical extensions encountered and any warnings found sl@0: * for a particular certificate in the chain during the process of validation. sl@0: * sl@0: * @since v9.5 */ sl@0: { sl@0: public: sl@0: /** Creates an instance of CCertificateValidationWarnings. sl@0: * sl@0: * @param aIndex The index of aCert in the certificate chain. sl@0: * @return A pointer to the new CCertificateWarning object. */ sl@0: IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex); sl@0: sl@0: /** Creates an instance of CCertificateValidationWarnings. sl@0: * sl@0: * @param aIndex The index of aCert in the certificate chain. sl@0: * @return A pointer to the new CCertificateWarning object. */ sl@0: IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex); sl@0: sl@0: /** Gets a list of critical extension OIDs found in the certificate. sl@0: * sl@0: * @return An array of critical extensions found. */ sl@0: IMPORT_C const RPointerArray& CriticalExtensionsFound() const; sl@0: sl@0: /** Gets a list of warnings generated by the certificate. sl@0: * sl@0: * @return An array of warnings generated. */ sl@0: IMPORT_C const RArray& Warnings() const; sl@0: sl@0: /** Gets the index of the certificate in the chain. sl@0: * sl@0: * @return The certificate index number. */ sl@0: IMPORT_C TInt CertIndex() const; sl@0: sl@0: /** Externalises an object of this class to a write stream. sl@0: * sl@0: * The presence of this function means that the standard templated operator<<() sl@0: * can be used to externalise objects of this class. sl@0: * sl@0: * @param aStream Stream to which the object should be externalised. */ sl@0: IMPORT_C void ExternalizeL(RWriteStream& aStream) const; sl@0: sl@0: /** Internalises an object of this class from a read stream. sl@0: * sl@0: * The presence of this function means that the standard templated operator>>() sl@0: * can be used to internalise objects of this class. sl@0: * sl@0: * Note that this function has assignment semantics: it replaces the old value sl@0: * of the object with a new value read from the read stream. sl@0: * sl@0: * @param aStream Stream from which the object should be internalised. sl@0: * @return A pointer to the new CCertificateWarning object. */ sl@0: IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream); sl@0: sl@0: /** The destructor. sl@0: * sl@0: * Frees all resources owned by the object. */ sl@0: IMPORT_C ~CCertificateValidationWarnings(); sl@0: sl@0: public: sl@0: /** Adds a warning. sl@0: * sl@0: */ sl@0: IMPORT_C void AppendWarningL(TValidationStatus aWarning); sl@0: sl@0: /** Adds a critical extension OID warning. sl@0: * sl@0: */ sl@0: IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt); sl@0: sl@0: private: sl@0: CCertificateValidationWarnings(TInt aIndex); sl@0: sl@0: private: sl@0: TInt iCertIndex; sl@0: RPointerArray iCriticalExtsFound; sl@0: RArray iWarnings; sl@0: }; sl@0: sl@0: #endif sl@0: sl@0: