/*

* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

*

*/

/**

 @file 

 @internalAll

*/

#ifndef __SIGNED_H__

#define __SIGNED_H__

#include <e32base.h>

#include <e32std.h>

#include <s32std.h>

#include <securitydefs.h>

class CRSAPublicKey;

class CDSAPublicKey;

class CDSASignature;

class CDSAParameters;

/**  Enumerates the identity of the algorithm.

 *

 * @publishedAll

 * @released

 */

enum TAlgorithmId

	{

	/** An RSA algorithm. */

	ERSA,

	/** A DSA algorithm. */

	EDSA,

	/** A DH algorithm. */

	EDH,

	/** A MD2 algorithm. */

	EMD2,

	/** A MD5 algorithm. */

	EMD5,

	/** A SHA-1 algorithm. */

	ESHA1

	};

class CValidityPeriod : public CBase

/** The period for which the certificate is valid. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Tests whether the specified date and time is within the validity period.

	* 

	* @param aTime	The date and time to be tested.

	* @return 		ETrue, if the date and time is within the validity period;

	* 				EFalse, otherwise. */

	IMPORT_C TBool Valid(const TTime& aTime) const;

	/** Gets the start of the validity period.

	* 

	* @return	The start date and time. */

	IMPORT_C const TTime& Start() const;

	/** Gets the end of the validity period.

	* 

	* @return	The end date and time. */

	IMPORT_C const TTime& Finish() const;

	/** Copy constructor.

	* 

	* @param aValidityPeriod	The validity period object to be copied. */

	IMPORT_C CValidityPeriod(const CValidityPeriod& aValidityPeriod);

protected:

	/** Default constructor. */

	IMPORT_C CValidityPeriod();

	/** The start time of the validity period. */

	TTime iStart;

	/** The end time of the validity period. */

	TTime iFinish;

	};

class CAlgorithmIdentifier : public CBase

/** Contains an algorithm ID and any encoded parameters required by that algorithm.

* 

* An object of this type creates and owns a heap descriptor to contain the encoded 

* parameters. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Creates a new algorithm ID object copied from an existing object.	

	* 

	* @param aAlgorithmIdentifier	The algorithm ID object to be copied. 

	* @return 						A pointer to the new algorithm ID object. */

	IMPORT_C static CAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAlgorithmIdentifier);

	/** Creates a new algorithm ID object copied from an existing object, and puts 

	* a pointer to the new object onto the cleanup stack.

	* 

	* @param aAlgorithmIdentifier	The algorithm ID object to be copied. 

	* @return 						A pointer to the new algorithm ID object. */

	IMPORT_C static CAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAlgorithmIdentifier);

	/** Creates a new algorithm ID object.

	* 

	* @param aAlgorithmId	The algorithm ID.

	* @param aEncodedParams	The encoded parameters.

	* @return 				A pointer to the new algorithm ID object. */

	IMPORT_C static CAlgorithmIdentifier* NewL(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams);

	/** Creates a new algorithm ID object, and puts a pointer to the new object onto 

	* the cleanup stack.

	* 

	* @param aAlgorithmId	The algorithm ID.

	* @param aEncodedParams	The encoded parameters.

	* @return 				A pointer to the new algorithm ID object. */

	IMPORT_C static CAlgorithmIdentifier* NewLC(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams);

	/** Tests whether this algorithm identifier object is equal to the specified algorithm 

	* identifier object. 

	* 

	* @param aAlgorithmIdentifier	The algorithm identifier object to be compared.

	* @return 						ETrue, if this algorithm identifier object is equal to the specified 

	* 								algorithm identifier object; EFalse otherwise. */

	IMPORT_C TBool operator == (const CAlgorithmIdentifier& aAlgorithmIdentifier) const;

	/** Gets the algorithm identifier.

	* 

	* @return	The algorithm identifier. */

	IMPORT_C TAlgorithmId Algorithm() const;	//ID for the algorithm

	/** Gets the encoded parameters for the algorithm identifier.

	* 

	* Note that this object owns the heap descriptor that owns the encoded parameters.

	* 

	* @return 	The encoded parameters. */

	IMPORT_C TPtrC8 EncodedParams() const;				//the encoded parameters

	/** Destructor.

	*

	* Frees all resources owned by the object. */

	IMPORT_C ~CAlgorithmIdentifier();

protected:

	/** Default constructor. */

	IMPORT_C CAlgorithmIdentifier();

	/** Constructor taking the specified parameters.

	* 

	* @param aAlgorithmId	The algorithm ID. */

	IMPORT_C CAlgorithmIdentifier(TAlgorithmId& aAlgorithmId);

	/** Second-phase constructor taking an existing algorithm identifier object.

	* 

	* @param aAlgorithmIdentifier	The algorithm identifier object. */

	IMPORT_C virtual void ConstructL(const CAlgorithmIdentifier& aAlgorithmIdentifier);

	/** Second-phase constructor taking encoded parameters.

	* 

	* @param aEncodedParams	The encoded parameters. */

	IMPORT_C virtual void ConstructL(const TDesC8& aEncodedParams);

	/** The algorithm ID. */

	TAlgorithmId iAlgorithmId;

	/** The encoded parameters for the algorithm ID. */

	HBufC8* iEncodedParams;

	};

class CSigningAlgorithmIdentifier : public CBase

/** Contains two CAlgorithmIdentifier objects for comparison purposes.

* 

* Implements an equality operator. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Constructs a new Signing Algorithm Identifier object, copying an existing Signing 

	* Algorithm Identifier object.

	* 

	* @param aSigningAlgorithmIdentifier	The Signing Algorithm Identifier object.

	* @return								The new Signing Algorithm Identifier object. */

	IMPORT_C static CSigningAlgorithmIdentifier* NewL(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

	/** Constructs a new Signing Algorithm Identifier object, copying an existing Signing 

	* Algorithm Identifier object, and puts a pointer to it onto the cleanup stack.

	* 

	* @param aSigningAlgorithmIdentifier	The Signing Algorithm Identifier object.

	* @return 								The new Signing Algorithm Identifier object. */

	IMPORT_C static CSigningAlgorithmIdentifier* NewLC(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

	/** Tests whether the Signing Algorithm Identifier object is equal to the specified 

	* Signing Algorithm Identifier object.

	* 

	* @param aSigningAlgorithmIdentifier  The Signing Algorithm Identifier object to be compared.

	* @return 							  ETrue, if this object's Signing Algorithm Identifier value 

	* 									  is equal to the specified Signing Algorithm Identifier 

	*									  object's value; EFalse, otherwise. */

	IMPORT_C TBool operator == (const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier) const;

	/** Gets the signature ID of the asymmetric algorithm.

	* 

	* @return	The signature ID of the asymmetric algorithm. */

	IMPORT_C const CAlgorithmIdentifier& AsymmetricAlgorithm() const;

	/** Gets the signature ID of the digest algorithm.

	* 

	* @return	The signature ID of the digest algorithm. */

	IMPORT_C const CAlgorithmIdentifier& DigestAlgorithm() const;

	/** Destructor.

	* 

	* Frees all resources owned by the object, prior to its destruction. */

	IMPORT_C ~CSigningAlgorithmIdentifier();

protected:

	/** Second-phase constructor.

	 * @internalAll

	 */

	void ConstructL(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

	/** The signature ID of the asymmetric algorithm. */

	CAlgorithmIdentifier* iAsymmetricAlgorithm;

	/** The signature ID of the digest algorithm. */

	CAlgorithmIdentifier* iDigestAlgorithm;

	};

class CSubjectPublicKeyInfo : public CBase

/** A base class for a container that holds information about a subject public key.

* 

* It contains the algorithm ID, the encoded public key and the encoded parameters. 

* 

* @publishedAll

* @released

* @since v6.0 

*/

//algorithm ID + encoded public key + encoded parameters

	{

public:

	/** Creates a new subject public key object copied from an existing object.	

	* 

	* @param aSubjectPublicKeyInfo 	The subject public key object to be copied.

	* @return 						A pointer to the new public key object. */

	IMPORT_C static CSubjectPublicKeyInfo* NewL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

	/** Creates a new subject public key object copied from an existing object and 

	* puts a pointer to the new object onto the cleanup stack.	

	* 

	* @param aSubjectPublicKeyInfo 	The subject public key object to be copied.

	* @return 						A pointer to the new public key object. */

	IMPORT_C static CSubjectPublicKeyInfo* NewLC(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

	/** Gets the algorithm ID.

	* 

	* @return	The algorithm ID. */

	IMPORT_C TAlgorithmId AlgorithmId() const;

	/** Gets the encoded parameters required by the algorithm.	

	* 

	* @return	A non-modifiable pointer descriptor representing the encoded parameters. */

	IMPORT_C const TPtrC8 EncodedParams() const;

	/** Gets the encoded public key data.

	* 

	* @return 	A non-modifiable pointer descriptor representing the encoded public 

	* 			key data. */

	IMPORT_C const TPtrC8 KeyData() const;

	/** Destructor.

	*

	* Frees all resources owned by the object. */

	IMPORT_C ~CSubjectPublicKeyInfo();

protected:

	/** Second-phase constructor.

	* 

	* @param aSubjectPublicKeyInfo	The subject public key object to be copied. */

	IMPORT_C virtual void ConstructL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

	/** The algorithm ID. */

	CAlgorithmIdentifier* iAlgId;

	/** A heap descriptor representing the encoded key data. */

	HBufC8* iEncodedKeyData;

	};

class CRSASignatureResult : public CBase

/** The RSA public key algorithm signature result.

* 

* Derived classes:

* @li CWTLSRSASignatureResult

* @li CPKCS1SignatureResult.

*

* @see TKeyFactory::RSASignatureResultL()

*

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Tests whether the signature result is valid.

	* 

	* @param aResult	The signature result.

	* @return			ETrue if the signature result is valid, otherwise EFalse. */

	IMPORT_C virtual TBool VerifyL(const TDesC8& aResult) = 0;

	/** Destructor.

	*

	* Frees all resources owned by the object. */

	IMPORT_C ~CRSASignatureResult();

protected:

	/** Compares this RSA Signature Result object with the specified RSA Signature 

	* Result object for equality.

	*

	* @param aResult 	The RSA Signature Result object to be compared.

	* @return 			ETrue, if they are the same; EFalse, otherwise. */

	IMPORT_C TBool operator == (const CRSASignatureResult& aResult) const;

	/** The digest algorithm ID. */

	CAlgorithmIdentifier* iDigestAlgorithm;

	/** A heap descriptor representing the digest algorithm. */

	HBufC8* iDigest;

	};

//signed object

class TKeyFactory

/** Constructs the public key objects used for signature verification from their 

* encoded binary form. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Gets the RSA public key.

	* 

	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

	* @return 			The RSA Public key. */

	virtual CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const = 0;

	/** Gets the RSA signature result.

	* 

	* @param aDigestAlgorithm 	The algorithm ID.

	* @param aDigest 			A non-modifiable descriptor representing the digest algorithm.

	* @return 					The RSA signature result. */

	virtual CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const = 0;

	/** Gets the DSA public key.

	* 

	* @param aParams 	The DSA parameters

	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

	* @return 			The DSA public key. */

	virtual CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const = 0;

	/** Gets the digital DSA signature given an encoding key.

	* 

	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

	* @return 			The DSA signature. */

	virtual CDSASignature* DSASignatureL(const TDesC8& aEncoding) const = 0;

	/** Gets the DSA parameters.

	* 

	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

	* @return 			The DSA parameters. */

	virtual CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const = 0;

	//	New function for TKeyFactory API

	virtual CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const = 0;

	};

class CSigningKeyParameters : public CBase

/** Contains the parameter information required by some signing algorithms.

* 

* The DSA signing algorithm needs parameters as well as a key. Currently, this 

* class only contains DSA parameters. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Creates a new signing key parameters object.

	* 

	* @return	A pointer to the new signing key parameters object. */

	IMPORT_C static CSigningKeyParameters* NewL();

	/** Creates a new signing key parameters object and puts a pointer to the new object 

	* onto the cleanup stack.

	* 

	* @return	A pointer to the new signing key parameters object. */

	IMPORT_C static CSigningKeyParameters* NewLC();

	/** Creates a new signing key parameters object copied from an existing object.

	* 

	* @param aParameters 	The signing key parameters object to be copied.

	* @return 				A pointer to the new parameters object. */

	IMPORT_C static CSigningKeyParameters* NewL(const CSigningKeyParameters& aParameters);

	/** Creates a new signing key parameters object copied from an existing object 

	* and puts a pointer to the new object onto the cleanup stack.

	* 

	* @param aParameters  The signing key parameters object to be copied.

	* @return 			  A pointer to the new signing key parameters object. */

	IMPORT_C static CSigningKeyParameters* NewLC(const CSigningKeyParameters& aParameters);

	/** Destructor.

	* 

	* Frees all resources owned by the object. */

	IMPORT_C ~CSigningKeyParameters();

	/** Sets the DSA parameters.

	* 

	* @param aParams	The DSA parameters. */

	IMPORT_C void SetDSAParamsL(const CDSAParameters& aParams);

	/** Gets the DSA parameters.

	* 

	* @return	The DSA parameters. 

	* @internalAll

	*/

	const CDSAParameters* DSAParams() const;

private:

	CSigningKeyParameters();

	void ConstructL(const CSigningKeyParameters& aParameters);

	CDSAParameters* iDSAParams;

	};

class CSignedObject : public CBase

/** Base class for certificates. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:	

	/** Verifies a signature using the specified encoded key.

	* 

	* @param aEncodedKey 	The encoded key. 

	* @return 				ETrue if the signature is valid, otherwise EFalse. */

	IMPORT_C TBool VerifySignatureL(const TDesC8& aEncodedKey) const;

	/** Verifies a signature using the specified encoded key and hash.

	* 

	* @param aEncodedKey 	The encoded key. 

	* @param aHash			The hash of the data to be validated.

	* @return 				ETrue if the signature is valid, otherwise EFalse. */

	IMPORT_C TBool VerifySignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const;	

	/** Gets the digital signature.

	* 

	* @return	A non-modifiable pointer descriptor representing the digital signature. */

	IMPORT_C const TPtrC8 Signature() const;

	/** Gets the signed data.

	* 

	* @return	A non-modifiable pointer descriptor representing the signed data. */

	IMPORT_C virtual const TPtrC8 SignedDataL() const = 0;

	/** Gets the fingerprint.

	* 

	* The fingerprint returned is the SHA1 hash of the encoding of the entire object.

	* 

	* @return	A non-modifiable pointer descriptor representing the finger print. */

	IMPORT_C const TPtrC8 Fingerprint() const;

	/** Gets the entire encoding.

	* 

	* @return	A non-modifiable pointer descriptor representing the entire encoding. */

	IMPORT_C const TPtrC8 Encoding() const;

	/** Gets the signing algorithm ID used.

	* 

	* @return	The signing algorithm ID. */

	IMPORT_C const CSigningAlgorithmIdentifier& SigningAlgorithm() const;

	/** Externalises the encoding of the entire object to a write stream.

	* 

	* The fingerprint and the signed data can be regenerated after restoration.

	* 

	* The presence of this function means that the standard templated operator<<() 

	* can be used to externalise objects of this class.

	* 

	* @param aStream	Stream to which the object should be externalised. */

	IMPORT_C virtual void ExternalizeL(RWriteStream& aStream) const;

	/** Internalises the encoded object from a read stream.

	* The class makes use of a specification-specific parser class for extracting 

	* the various elements, that is provided by a subclass of CSignedObject. For 

	* this reason this function is pure virtual.

	* 

	* The presence of this function means that the standard templated operator>>() 

	* can be used to internalise objects of this class.

	* 

	* @param aStream	Stream from which the contents of the field should be internalised. */

	IMPORT_C virtual void InternalizeL(RReadStream& aStream) = 0;

	/** Sets the signing key parameters.

	* 

	* @param aParameters	The signing key parameters. */

	IMPORT_C void SetParametersL(const CSigningKeyParameters& aParameters);

	/** Gets the encoded data for the specified encoded data element, in the (to be 

	* signed) tbsCertificate data structure, of the signed object.

	* 

	* @param aIndex	The encoded data element position in the tbsCertificate data 

	* 				structure. See the enumeration: CX509Certificate::Anonymous.

	* @return 		The encoded data for the specified data element of the signed object. */

	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const = 0;

	/** Destructor.

	* 

	* Frees all resources owned by the object. */

	IMPORT_C ~CSignedObject();

protected:

	/** Verifies a RSA signature using the specified encoded key.

	* 

	* @param aEncodedKey 	The encoded key. 

	* @return 				ETrue if the signature is valid, otherwise EFalse. 

	* @internalAll

	*/

	TBool VerifyRSASignatureL(const TDesC8& aEncodedKey) const;

	/** @internalAll */	

	TBool VerifyRSASignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const;

	/** A pointer to a key factory object. */

	TKeyFactory* iKeyFactory;

	/** A heap descriptor representing the entire encoding. */

	HBufC8* iEncoding;

	/** The digital signature. */

	HBufC8* iSignature;

	/** The fingerprint.

	* 

	* The SHA1 hash of the encoding of the entire object. */

	HBufC8* iFingerprint;

	/** The signing key parameters */

	CSigningKeyParameters* iParameters;

	/** The signing algorithm ID. */

	CSigningAlgorithmIdentifier* iSigningAlgorithm;

	};

class CCertificate : public CSignedObject

/** A data structure that binds a public key to a given individual.

* 

* A certificate is a signed object, and adds a serial number, a validity period 

* and a subject public key.

* 

* This is a base class for classes that implement certificates of particular types. 

* 

* @publishedAll

* @released

* @since v6.0 */

	{

public:

	/** Destructor.

	* 

	* Frees all resources owned by the object. */

	IMPORT_C ~CCertificate();

	/** Gets the subject public key information.

	* 

	* @return	The subject public key information. */

	IMPORT_C const CSubjectPublicKeyInfo& PublicKey() const;

	/** Gets the serial number.

	* 

	* @return	A non-modifiable pointer descriptor representing the serial number. */

	IMPORT_C const TPtrC8 SerialNumber() const;

	/** Gets the validity period.

	* 

	* @return	The validity period. */

	IMPORT_C const CValidityPeriod& ValidityPeriod() const;

	/** Tests whether a certificate is self-signed.

	* 

	* @return	ETrue, if it is self-signed; EFalse, otherwise. */

	IMPORT_C virtual TBool IsSelfSignedL() const = 0;

	/** Gets the subject.

	* 

	* @return	A heap descriptor representing the subject. */

	IMPORT_C virtual HBufC* SubjectL() const = 0;

	/** Gets the issuer.

	* 

	* @return	A heap descriptor representing the issuer. */

	IMPORT_C virtual HBufC* IssuerL() const = 0;

	/** Gets the key identifier.

	* 

	* @return	The key identifier. */

	IMPORT_C virtual TKeyIdentifier KeyIdentifierL() const;

protected:

	/** The serial number. */

	HBufC8* iSerialNumber;

	/** The validity period. */

	CValidityPeriod* iValidityPeriod;

	/** The subject public key information. */

	CSubjectPublicKeyInfo* iSubjectPublicKeyInfo;

	};

#endif