sl@0: /*
sl@0: * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0: * All rights reserved.
sl@0: * This component and the accompanying materials are made available
sl@0: * under the terms of the License "Eclipse Public License v1.0"
sl@0: * which accompanies this distribution, and is available
sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0: *
sl@0: * Initial Contributors:
sl@0: * Nokia Corporation - initial contribution.
sl@0: *
sl@0: * Contributors:
sl@0: *
sl@0: * Description: 
sl@0: *
sl@0: */
sl@0: 
sl@0: 
sl@0: /**
sl@0:  @file 
sl@0:  @internalTechnology
sl@0: */
sl@0:  
sl@0: #ifndef __PKIXCERTS_H__
sl@0: #define __PKIXCERTS_H__
sl@0: 
sl@0: //pkixroots.h
sl@0: #include <e32std.h>
sl@0: #include <x509cert.h>
sl@0: #include <x509certext.h>
sl@0: #include <mcertstore.h>
sl@0: 
sl@0: /**
sl@0:  * Base class for classes that help retrieving certificates from stores
sl@0:  */
sl@0: class MPKIXCertSource
sl@0: 	{
sl@0: public:
sl@0: 	//copies cert into aCandidates, passes ownership of cert to calling code...
sl@0: 	virtual void CandidatesL(const CX509Certificate& aSubject, 
sl@0: 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
sl@0: 	virtual void CancelCandidates() = 0;
sl@0: 	virtual void Release() = 0;
sl@0: 
sl@0: protected:
sl@0: 	virtual ~MPKIXCertSource();
sl@0: 	
sl@0: protected:
sl@0: 	/**
sl@0: 	 * This function compares the issuer altname in aSubjectCert with the 
sl@0: 	 * subject altname in aIssuerCert
sl@0: 	 * @param aSubjectCert We will compare the issuer altname of this certificate.
sl@0: 	 * @param aIssuerCert We will compare the subject altname of this certificate.
sl@0: 	 * @return 
sl@0: 	 * <UL>
sl@0: 	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
sl@0: 	 * aIssuerCert</LI>
sl@0: 	 * <LI>EFalse otherwise</LI>
sl@0: 	 * </UL>
sl@0: 	 */
sl@0: 	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
sl@0: 	};
sl@0: 
sl@0: /**
sl@0:  * This class is used to retrieve the certificates from a store
sl@0:  * It doesn't work with client base trust.
sl@0:  */
sl@0: class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
sl@0: 	{
sl@0: public:
sl@0: 	/**
sl@0: 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
sl@0: 	 * Initialize must be called after this function
sl@0: 	 * @param aStore Reference to the cert store. The store is created with the default 
sl@0: 	 * filter intialized to retrieve certificate of CA type and of X509 format.
sl@0: 	 * @return Initialized instance of this class.
sl@0: 	 */
sl@0: 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
sl@0: 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
sl@0: 	
sl@0: 	/**
sl@0: 	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
sl@0: 	 * Initialize must be called after this function
sl@0: 	 * @param aStore Reference to the cert store. The store is created with the default 
sl@0: 	 * filter intialized to retrieve certificate of CA type and of X509 format.
sl@0: 	 * @param aClient The UID for which the certificates are to be retrieved from the
sl@0: 	 * cert store, This UID is also passed to the filter for retrieving the certificates 
sl@0: 	 * specific to this client UID.
sl@0: 	 * @return Initialized instance of this class.
sl@0: 	 */
sl@0: 	
sl@0: 	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
sl@0: 	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
sl@0: 	/**
sl@0: 	 * This function does the actual listing of certificates based on the filter created.
sl@0: 	 * It must be called after construction.
sl@0: 	 * @param aStatus Standard parameter for asynchronous calling convention. 
sl@0: 	 */
sl@0: 	void Initialize(TRequestStatus& aStatus);
sl@0: 	/**
sl@0: 	 * This function returns a list of CA certificates that authenticate the
sl@0: 	 * aSubject certificate.
sl@0: 	 * @param aCandidates On return, this array contains the list of CA certificates
sl@0: 	 * that can possibly be used to authenticate aSubject. The array owns the elements
sl@0: 	 * and must take care of deleting them.
sl@0: 	 */
sl@0: 	virtual void CandidatesL(const CX509Certificate& aSubject, 
sl@0: 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
sl@0: 	virtual void CancelCandidates();
sl@0: 	virtual void Release();
sl@0: 	virtual ~CPKIXCertsFromStore();
sl@0: 
sl@0: private:
sl@0: 	CPKIXCertsFromStore(MCertStore& aCertStore);
sl@0: 	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
sl@0: 	void ConstructL();
sl@0: 	void ConstructL(TUid aClient);
sl@0: 
sl@0: public:
sl@0: 	void RunL();
sl@0: 	TInt RunError(TInt aError);
sl@0: 	void DoCancel();
sl@0: 
sl@0: private:
sl@0: 	void HandleEGetCertificateL();
sl@0: 	void HandleEAddCandidateL();
sl@0: 	void HandleECheckTrusted();
sl@0: 	
sl@0: 	TBool IsDuplicateL(const CX509Certificate& aCertificate);
sl@0: 
sl@0: private:
sl@0: 	enum TState
sl@0: 	{
sl@0: 		EIdle = 0,
sl@0: 		EInitialize,
sl@0: 		ECheckTrusted,
sl@0: 		EGetCertificate,
sl@0: 		EAddCandidate,
sl@0: 		EEnd
sl@0: 	};
sl@0: 
sl@0: private:
sl@0: 	/**
sl@0: 	 * The state used to know what must be done when executing
sl@0: 	 * RunL().
sl@0: 	 */
sl@0: 	TState iState;
sl@0: 
sl@0: 	/**
sl@0: 	 * The TRequestStatus that must be updated when the operation
sl@0: 	 * requested by a user of this class has been 
sl@0: 	 * completed
sl@0: 	 */
sl@0: 	TRequestStatus *iOriginalRequestStatus;
sl@0: 
sl@0: 	TUid iClient;
sl@0: 
sl@0: 	CCertAttributeFilter *iFilter;
sl@0: 
sl@0: 	/**
sl@0: 	 * iRootName is used for CandidateL
sl@0: 	 */
sl@0: 	const CX500DistinguishedName* iRootName;
sl@0: 
sl@0: 	/**
sl@0: 	 * We don't own this
sl@0: 	 */
sl@0: 	const CX509Certificate* iSubject;
sl@0: 
sl@0: 	/**
sl@0: 	 * We don't own this
sl@0: 	 */
sl@0: 	RPointerArray<CX509Certificate>* iCandidates;
sl@0: 
sl@0: 	/**
sl@0: 	 * iCertData is used for CandidateL
sl@0: 	 */
sl@0: 	HBufC8* iCertData;
sl@0: 
sl@0: 	TPtr8* iCertPtr;
sl@0: 
sl@0: 	/**
sl@0: 	 * iEntriesIndex is used for CandidateL
sl@0: 	 */
sl@0: 	TInt iEntriesIndex;
sl@0: 	
sl@0: 	/**
sl@0: 	 * Applies to certificate at iEntriesIndex - reflects trust setting
sl@0: 	 */
sl@0: 	TBool iIsTrusted;
sl@0: 
sl@0: 	/**
sl@0: 	 * Used when listing certificates (filtered but not on trust).
sl@0: 	 */
sl@0: 	RMPointerArray<CCTCertInfo> iCertInfos;
sl@0: 
sl@0: 	MCertStore& iCertStore;
sl@0: 	};
sl@0: 
sl@0: class CPKIXCertsFromClient : public MPKIXCertSource
sl@0: 	{
sl@0: public:
sl@0: 	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
sl@0: 	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
sl@0: 	virtual void CandidatesL(const CX509Certificate& aSubject,
sl@0: 		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
sl@0: 	virtual void CancelCandidates();
sl@0: 	virtual void Release();
sl@0: 	virtual ~CPKIXCertsFromClient();
sl@0: 
sl@0: private:
sl@0: 	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
sl@0: 
sl@0: private:
sl@0: 	const RPointerArray<CX509Certificate>& iCerts;
sl@0: 	};
sl@0: 
sl@0: #endif