sl@0: /*
sl@0: * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0: * All rights reserved.
sl@0: * This component and the accompanying materials are made available
sl@0: * under the terms of the License "Eclipse Public License v1.0"
sl@0: * which accompanies this distribution, and is available
sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0: *
sl@0: * Initial Contributors:
sl@0: * Nokia Corporation - initial contribution.
sl@0: *
sl@0: * Contributors:
sl@0: *
sl@0: * Description: 
sl@0: * CPKIXValidationState class implementation
sl@0: *
sl@0: */
sl@0: 
sl@0: 
sl@0: /**
sl@0:  @file 
sl@0:  @internalTechnology
sl@0: */
sl@0:  
sl@0: #if !defined (__PKIXCERTSTATE_H__)
sl@0: #define __PKIXCERTSTATE_H__
sl@0: 
sl@0: #include <e32std.h>
sl@0: #include <x509cert.h>
sl@0: #include <x509certchain.h>
sl@0: #include <x509certext.h>
sl@0: #include <x509gn.h>
sl@0: 
sl@0: /*this class has no brains at all. all it does it act as a container for
sl@0: state information needed when processing a certificate chain according to 
sl@0: the PKIX algorithm. it gets passed around among the classes which use it. 
sl@0: the classes which use it are all friends 'cos that seems neater than making 
sl@0: all its data public or including 500 accessors*/
sl@0: 
sl@0: class CPKIXCertChainAO;
sl@0: 
sl@0: class CPKIXValidationState : public CBase
sl@0: 	{
sl@0: 	friend class CPKIXCertChainAO;
sl@0: 	friend class TPKIXPolicyConstraint;
sl@0: 	friend class TPKIXNameConstraint;
sl@0: 	friend class TPKIXBasicConstraint;
sl@0: 	friend class TPKIXKeyUsageConstraint;
sl@0: public:
sl@0: 	static CPKIXValidationState* NewL(	const TTime aValidationTime, TInt aChainLength,
sl@0: 										const CArrayPtr<HBufC>* aInitialPolicies);
sl@0: 	static CPKIXValidationState* NewLC(	const TTime aValidationTime, TInt aChainLength,
sl@0: 										const CArrayPtr<HBufC>* aInitialPolicies);
sl@0: 	~CPKIXValidationState();
sl@0: private:
sl@0: 	CPKIXValidationState(	const TTime aValidationTime, TInt aChainLength,
sl@0: 							const CArrayPtr<HBufC>* aInitialPolicies);
sl@0: 	void ConstructL();
sl@0: private:
sl@0: 	const TTime iValidationTime;
sl@0: 	TInt iPolicyMapping;
sl@0: 	TInt iPolicyRequired;
sl@0: 	TInt iMaxPathLength;
sl@0: 	TInt iPos;
sl@0: 
sl@0: //	TBool iAnyUserPolicy;
sl@0: 	TBool iAnyAuthorityPolicy;
sl@0: 	
sl@0: 	const CArrayPtr<HBufC>* iUserConstrainedPolicies;
sl@0: 	CArrayPtrFlat<CX509CertPolicyInfo>* iAuthorityConstrainedPolicies;
sl@0: 	
sl@0: 	CArrayPtrFlat<HBufC>* iUserPolicies;	
sl@0: 	CArrayPtrFlat<CX509PolicyMapping>* iMappedPolicies;
sl@0: 	CArrayPtrFlat<CX500DistinguishedName>* iExcludedDNSubtrees;
sl@0: 	CArrayPtrFlat<CX500DistinguishedName>* iPermittedDNSubtrees;
sl@0: 	//these are all just to deal with name constraints on alt names
sl@0: 	//can you believe it?
sl@0: 	CArrayPtrFlat<CX509DomainName>* iExcludedRFC822Subtrees;
sl@0: 	CArrayPtrFlat<CX509DomainName>* iPermittedRFC822Subtrees;
sl@0: 	CArrayPtrFlat<CX509DomainName>* iExcludedDNSNameSubtrees;
sl@0: 	CArrayPtrFlat<CX509DomainName>* iPermittedDNSNameSubtrees;
sl@0: 	CArrayPtrFlat<CX509IPSubnetMask>* iExcludedIPAddressSubtrees;
sl@0: 	CArrayPtrFlat<CX509IPSubnetMask>* iPermittedIPAddressSubtrees;
sl@0: 	CArrayPtrFlat<CX509CertExtension>* iCriticalExts;
sl@0: 	};
sl@0: 
sl@0: #endif