sl@0: /* sl@0: * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * CPKIXCertChainAO class implementation sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @internalTechnology sl@0: */ sl@0: sl@0: #ifndef __PKIXCERTCHAINAO_H__ sl@0: #define __PKIXCERTCHAINAO_H__ sl@0: sl@0: #include sl@0: #include "pkixcerts.h" sl@0: #include "pkixchainbuilder.h" sl@0: #include "pkixcertstate.h" sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: class CPKIXCertChainBase; sl@0: sl@0: /** sl@0: * This class handles the asynchronous part of the pkix chain validation. It sl@0: * is an active object which handles the asynchronous certificate store operations. sl@0: */ sl@0: class CPKIXCertChainAO : public CActive sl@0: { sl@0: public: sl@0: static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, sl@0: const RPointerArray& aRootCerts); sl@0: static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, sl@0: const TUid aClient); sl@0: virtual ~CPKIXCertChainAO(); sl@0: sl@0: private: sl@0: CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain); sl@0: CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient); sl@0: void ConstructL(const RPointerArray& aRootCerts); sl@0: sl@0: public: sl@0: void RunL(); sl@0: TInt RunError(TInt aError); sl@0: void DoCancel(); sl@0: sl@0: private: sl@0: void HandleEStoreManagerInitializationL(); sl@0: void HandleEStoreManagerInitializedL(); sl@0: void HandleEAddRootsL(); sl@0: void HandleERootsInitializedL(); sl@0: void HandleEBuildChainStartL(); sl@0: void HandleEBuildChainAddCandidateEndL(); sl@0: void HandleEBuildChainCertsFromStoreBeginL(); sl@0: void HandleEBuildChainCertsFromStoreEndL(); sl@0: void HandleEAddCandidateIntermediateCertsEndL(); sl@0: void HandleEValidateEndL(); sl@0: sl@0: // Request functions sl@0: public: sl@0: void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime, sl@0: const CArrayPtr* aInitialPolicies, TRequestStatus& aStatus); sl@0: void CancelValidate(); sl@0: sl@0: private: sl@0: void InitParamsL(); sl@0: void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams); sl@0: void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime, sl@0: const CArrayPtr* aInitialPolicies); sl@0: void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const; sl@0: void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const; sl@0: void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState, sl@0: CPKIXValidationResultBase& aResult) const; sl@0: void CheckCriticalExtsL(CPKIXValidationState& aState, sl@0: CPKIXValidationResultBase& aResult) const; sl@0: sl@0: /** sl@0: * The states used to know what to do in the RunL function. sl@0: */ sl@0: enum TState sl@0: { sl@0: EAddRoots, sl@0: ERootsInitialized, sl@0: EBuildChainStart, sl@0: EBuildChainAddCandidateEnd, sl@0: EBuildChainCertsFromStoreBegin, sl@0: EBuildChainCertsFromStoreEnd, sl@0: EAddCandidateIntermediateCertsEnd, sl@0: EValidateEnd sl@0: }; sl@0: sl@0: private: sl@0: MCertStore* iCertStore; sl@0: // a reference to the object which owns this instance sl@0: CPKIXCertChainBase &iPKIXCertChain; sl@0: TUid iClient; sl@0: TState iState; sl@0: sl@0: /** sl@0: *

Ownership of this object is peculiar.

sl@0: *

We need this to be a member because it is created and initialized in sl@0: * the EAddRoots handler but is only added to iRoots in the ERootsInitialized sl@0: * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.

sl@0: *

The only case where the destructor will have to delete it, is when a leave sl@0: * occurs between the EAddRoots and ERootsInitialized states.

sl@0: */ sl@0: CPKIXCertsFromStore* iCertsFromStoreRoots; sl@0: sl@0: TRequestStatus* iOriginalRequestStatus; sl@0: sl@0: /** sl@0: * The roots that we trust. sl@0: * This can be given sl@0: *
    sl@0: *
  • explicitly : the user gives a set of root certificates at construction time.
    • sl@0: *
  • implicitly : the user gives the uid of the application and the validation code sl@0: * retrieves the root certificates trusted for this application from the certificate sl@0: * store.
    • sl@0: *
sl@0: */ sl@0: CPKIXChainBuilder* iRoots; sl@0: sl@0: CPKIXChainBuilder* iBuilder; sl@0: sl@0: /** sl@0: * To store the parameters passed to CPKIXCertChainBase::Validate sl@0: */ sl@0: CPKIXValidationResultBase* iValidationResult; sl@0: /** sl@0: * To store the parameters passed to CPKIXCertChainBase::Validate sl@0: */ sl@0: TTime iValidationTime; sl@0: /** sl@0: * To store the parameters passed to CPKIXCertChainBase::Validate sl@0: */ sl@0: const CArrayPtr* iInitialPolicies; sl@0: sl@0: TBool iAddIssuerResult; sl@0: sl@0: TInt iNumberOfAddedCertificates; sl@0: }; sl@0: sl@0: #endif