author | William Roberts <williamr@symbian.org> |
Wed, 31 Mar 2010 12:33:34 +0100 | |
branch | Symbian3 |
changeset 4 | 837f303aceeb |
parent 2 | 2fe1408b6811 |
permissions | -rw-r--r-- |
williamr@2 | 1 |
/* |
williamr@2 | 2 |
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). |
williamr@2 | 3 |
* All rights reserved. |
williamr@2 | 4 |
* This component and the accompanying materials are made available |
williamr@2 | 5 |
* under the terms of the License "Eclipse Public License v1.0" |
williamr@2 | 6 |
* which accompanies this distribution, and is available |
williamr@2 | 7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html". |
williamr@2 | 8 |
* |
williamr@2 | 9 |
* Initial Contributors: |
williamr@2 | 10 |
* Nokia Corporation - initial contribution. |
williamr@2 | 11 |
* |
williamr@2 | 12 |
* Contributors: |
williamr@2 | 13 |
* |
williamr@2 | 14 |
* Description: |
williamr@2 | 15 |
* X509 certificate chain and the validation status implementations |
williamr@2 | 16 |
* |
williamr@2 | 17 |
*/ |
williamr@2 | 18 |
|
williamr@2 | 19 |
|
williamr@2 | 20 |
/** |
williamr@2 | 21 |
@file |
williamr@2 | 22 |
@publishedAll |
williamr@2 | 23 |
@released |
williamr@2 | 24 |
*/ |
williamr@2 | 25 |
|
williamr@2 | 26 |
#ifndef __X509CERTCHAIN_H__ |
williamr@2 | 27 |
#define __X509CERTCHAIN_H__ |
williamr@2 | 28 |
|
williamr@2 | 29 |
#include <e32std.h> |
williamr@2 | 30 |
#include <x509cert.h> |
williamr@2 | 31 |
#include <ct.h> |
williamr@2 | 32 |
|
williamr@2 | 33 |
class TValidationStatus |
williamr@2 | 34 |
/** The validation status. |
williamr@2 | 35 |
* |
williamr@2 | 36 |
* Some errors cannot be blamed on any single certificate, in which case the |
williamr@2 | 37 |
* iCert value is meaningless. The same structure is used for errors and for |
williamr@2 | 38 |
* warnings. |
williamr@2 | 39 |
* |
williamr@2 | 40 |
* @since v6.0 */ |
williamr@2 | 41 |
{ |
williamr@2 | 42 |
public: |
williamr@2 | 43 |
/** Creates a validation status object. |
williamr@2 | 44 |
* |
williamr@2 | 45 |
* @param aError The error type that occurred when validating the certificate chain. |
williamr@2 | 46 |
* @param aCert The index number identifying the certificate that gave rise to |
williamr@2 | 47 |
* the error. */ |
williamr@2 | 48 |
IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert); |
williamr@2 | 49 |
|
williamr@2 | 50 |
/** The reason for the error. */ |
williamr@2 | 51 |
TValidationError iReason; |
williamr@2 | 52 |
|
williamr@2 | 53 |
/** The index number identifying the certificate that gave rise to the error. */ |
williamr@2 | 54 |
TInt iCert; |
williamr@2 | 55 |
}; |
williamr@2 | 56 |
|
williamr@2 | 57 |
class CX509CertChain : public CBase |
williamr@2 | 58 |
/** Abstract base class for X.509 certificate chain validation; |
williamr@2 | 59 |
* derive from this to suit your profile. |
williamr@2 | 60 |
* |
williamr@2 | 61 |
* @since v6.0 */ |
williamr@2 | 62 |
{ |
williamr@2 | 63 |
public: |
williamr@2 | 64 |
/** Gets the number of certificates in the chain. |
williamr@2 | 65 |
* |
williamr@2 | 66 |
* @return The number of certificates in the chain. */ |
williamr@2 | 67 |
IMPORT_C TInt Count() const; |
williamr@2 | 68 |
|
williamr@2 | 69 |
/** Gets the certificate identified by the specified index. |
williamr@2 | 70 |
* Note that Cert(Count()) corresponds to the root (if any) |
williamr@2 | 71 |
* whilst Cert(0) corresponds to the outmost certificate in the chain. |
williamr@2 | 72 |
* |
williamr@2 | 73 |
* @param aIndex The ordinal number representing the position of the certificate |
williamr@2 | 74 |
* within the chain. |
williamr@2 | 75 |
* @return The X.509 certificate at the specified index. */ |
williamr@2 | 76 |
IMPORT_C const CX509Certificate& Cert(TInt aIndex) const; |
williamr@2 | 77 |
|
williamr@2 | 78 |
/** Decodes the individual elements of the signed data to construct the certificates. |
williamr@2 | 79 |
* |
williamr@2 | 80 |
* @param aBinaryData The encoded binary representation. |
williamr@2 | 81 |
* @return The certificate objects. */ |
williamr@4 | 82 |
IMPORT_C CArrayPtrFlat<CX509Certificate>* DecodeCertsL(const TDesC8& aBinaryData); |
williamr@2 | 83 |
|
williamr@2 | 84 |
/** Destructor. |
williamr@2 | 85 |
* |
williamr@2 | 86 |
* Frees all resources owned by the object, prior to its destruction. */ |
williamr@2 | 87 |
IMPORT_C ~CX509CertChain(); |
williamr@2 | 88 |
|
williamr@2 | 89 |
/** Tests whether the specified X.509 certificate chain is equal to this X.509 |
williamr@2 | 90 |
* certificate chain. |
williamr@2 | 91 |
* |
williamr@2 | 92 |
* @param aOther The X.509 certificate chain to be compared. |
williamr@2 | 93 |
* @return ETrue, if the certificate chains are equal;EFalse, otherwise. */ |
williamr@2 | 94 |
IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const; |
williamr@2 | 95 |
protected: |
williamr@2 | 96 |
//certificate chain |
williamr@2 | 97 |
CArrayPtrFlat<CX509Certificate>* iChain; |
williamr@2 | 98 |
private: |
williamr@2 | 99 |
static void CleanupCertArray(TAny* aArray); |
williamr@2 | 100 |
}; |
williamr@2 | 101 |
|
williamr@2 | 102 |
class CCertificateValidationWarnings : public CBase |
williamr@2 | 103 |
/** Encapsulates the critical extensions encountered and any warnings found |
williamr@2 | 104 |
* for a particular certificate in the chain during the process of validation. |
williamr@2 | 105 |
* |
williamr@2 | 106 |
* @since v9.5 */ |
williamr@2 | 107 |
{ |
williamr@2 | 108 |
public: |
williamr@2 | 109 |
/** Creates an instance of CCertificateValidationWarnings. |
williamr@2 | 110 |
* |
williamr@2 | 111 |
* @param aIndex The index of aCert in the certificate chain. |
williamr@2 | 112 |
* @return A pointer to the new CCertificateWarning object. */ |
williamr@2 | 113 |
IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex); |
williamr@2 | 114 |
|
williamr@2 | 115 |
/** Creates an instance of CCertificateValidationWarnings. |
williamr@2 | 116 |
* |
williamr@2 | 117 |
* @param aIndex The index of aCert in the certificate chain. |
williamr@2 | 118 |
* @return A pointer to the new CCertificateWarning object. */ |
williamr@2 | 119 |
IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex); |
williamr@2 | 120 |
|
williamr@2 | 121 |
/** Gets a list of critical extension OIDs found in the certificate. |
williamr@2 | 122 |
* |
williamr@2 | 123 |
* @return An array of critical extensions found. */ |
williamr@2 | 124 |
IMPORT_C const RPointerArray<TDesC>& CriticalExtensionsFound() const; |
williamr@2 | 125 |
|
williamr@2 | 126 |
/** Gets a list of warnings generated by the certificate. |
williamr@2 | 127 |
* |
williamr@2 | 128 |
* @return An array of warnings generated. */ |
williamr@2 | 129 |
IMPORT_C const RArray<TValidationStatus>& Warnings() const; |
williamr@2 | 130 |
|
williamr@2 | 131 |
/** Gets the index of the certificate in the chain. |
williamr@2 | 132 |
* |
williamr@2 | 133 |
* @return The certificate index number. */ |
williamr@2 | 134 |
IMPORT_C TInt CertIndex() const; |
williamr@2 | 135 |
|
williamr@2 | 136 |
/** Externalises an object of this class to a write stream. |
williamr@2 | 137 |
* |
williamr@2 | 138 |
* The presence of this function means that the standard templated operator<<() |
williamr@2 | 139 |
* can be used to externalise objects of this class. |
williamr@2 | 140 |
* |
williamr@2 | 141 |
* @param aStream Stream to which the object should be externalised. */ |
williamr@2 | 142 |
IMPORT_C void ExternalizeL(RWriteStream& aStream) const; |
williamr@2 | 143 |
|
williamr@2 | 144 |
/** Internalises an object of this class from a read stream. |
williamr@2 | 145 |
* |
williamr@2 | 146 |
* The presence of this function means that the standard templated operator>>() |
williamr@2 | 147 |
* can be used to internalise objects of this class. |
williamr@2 | 148 |
* |
williamr@2 | 149 |
* Note that this function has assignment semantics: it replaces the old value |
williamr@2 | 150 |
* of the object with a new value read from the read stream. |
williamr@2 | 151 |
* |
williamr@2 | 152 |
* @param aStream Stream from which the object should be internalised. |
williamr@2 | 153 |
* @return A pointer to the new CCertificateWarning object. */ |
williamr@2 | 154 |
IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream); |
williamr@2 | 155 |
|
williamr@2 | 156 |
/** The destructor. |
williamr@2 | 157 |
* |
williamr@2 | 158 |
* Frees all resources owned by the object. */ |
williamr@2 | 159 |
IMPORT_C ~CCertificateValidationWarnings(); |
williamr@2 | 160 |
|
williamr@2 | 161 |
public: |
williamr@2 | 162 |
/** Adds a warning. |
williamr@2 | 163 |
* |
williamr@4 | 164 |
*/ |
williamr@2 | 165 |
IMPORT_C void AppendWarningL(TValidationStatus aWarning); |
williamr@2 | 166 |
|
williamr@2 | 167 |
/** Adds a critical extension OID warning. |
williamr@2 | 168 |
* |
williamr@4 | 169 |
*/ |
williamr@2 | 170 |
IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt); |
williamr@2 | 171 |
|
williamr@2 | 172 |
private: |
williamr@2 | 173 |
CCertificateValidationWarnings(TInt aIndex); |
williamr@2 | 174 |
|
williamr@2 | 175 |
private: |
williamr@2 | 176 |
TInt iCertIndex; |
williamr@2 | 177 |
RPointerArray<TDesC> iCriticalExtsFound; |
williamr@2 | 178 |
RArray<TValidationStatus> iWarnings; |
williamr@2 | 179 |
}; |
williamr@2 | 180 |
|
williamr@2 | 181 |
#endif |
williamr@4 | 182 |
|
williamr@4 | 183 |