1.1 --- a/epoc32/include/wtlscert.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/wtlscert.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,333 @@
1.4 -wtlscert.h
1.5 +/*
1.6 +* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
1.7 +* All rights reserved.
1.8 +* This component and the accompanying materials are made available
1.9 +* under the terms of the License "Eclipse Public License v1.0"
1.10 +* which accompanies this distribution, and is available
1.11 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.12 +*
1.13 +* Initial Contributors:
1.14 +* Nokia Corporation - initial contribution.
1.15 +*
1.16 +* Contributors:
1.17 +*
1.18 +* Description:
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +
1.24 +
1.25 +/**
1.26 + @file
1.27 + @internalAll
1.28 +*/
1.29 +
1.30 +#ifndef __WTLSCERT_H__
1.31 +#define __WTLSCERT_H__
1.32 +
1.33 +#include <e32base.h>
1.34 +#include <e32std.h>
1.35 +#include <s32std.h>
1.36 +#include <signed.h>
1.37 +#include <unifiedcertstore.h>
1.38 +#include <wtlsnames.h>
1.39 +
1.40 +
1.41 +class CRSAPublicKey;
1.42 +class CDSAPublicKey;
1.43 +class CDSASignature;
1.44 +class CDSAParameters;
1.45 +
1.46 +const TInt KWTLSCertMaxDataElements = 6;
1.47 +
1.48 +/**
1.49 + * @publishedAll
1.50 + * @released
1.51 + */
1.52 +class CWTLSRSASignatureResult : public CRSASignatureResult
1.53 + {
1.54 +public:
1.55 + IMPORT_C static CWTLSRSASignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.56 + IMPORT_C static CWTLSRSASignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.57 + IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);
1.58 +private:
1.59 + void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.60 + };
1.61 +
1.62 +/**
1.63 + * @publishedAll
1.64 + * @released
1.65 + */
1.66 +class TWTLSKeyFactory : public TKeyFactory
1.67 + {
1.68 +public:
1.69 + virtual CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const;
1.70 + virtual CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const;
1.71 + virtual CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const;
1.72 + virtual CDSASignature* DSASignatureL(const TDesC8& aEncoding) const;
1.73 + virtual CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const;
1.74 + virtual CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const;
1.75 + };
1.76 +
1.77 +/**
1.78 + * @publishedAll
1.79 + * @released
1.80 + */
1.81 +class CWTLSValidityPeriod : public CValidityPeriod
1.82 + {
1.83 +public:
1.84 + IMPORT_C static CWTLSValidityPeriod* NewL(const TDesC8& aBinaryData);
1.85 + IMPORT_C static CWTLSValidityPeriod* NewLC(const TDesC8& aBinaryData);
1.86 + IMPORT_C static CWTLSValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.87 + IMPORT_C static CWTLSValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.88 +private:
1.89 + CWTLSValidityPeriod();
1.90 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.91 + };
1.92 +
1.93 +/**
1.94 + * @publishedAll
1.95 + * @released
1.96 + */
1.97 +class CWTLSAlgorithmIdentifier : public CAlgorithmIdentifier
1.98 + {
1.99 +public:
1.100 + IMPORT_C static CWTLSAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
1.101 + IMPORT_C static CWTLSAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
1.102 + IMPORT_C static CWTLSAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.103 + IMPORT_C static CWTLSAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.104 +private:
1.105 + CWTLSAlgorithmIdentifier();
1.106 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.107 + };
1.108 +
1.109 +/**
1.110 + * @publishedAll
1.111 + * @released
1.112 + */
1.113 +class CWTLSSigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier
1.114 + {
1.115 +public:
1.116 + IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
1.117 + IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
1.118 + IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.119 + IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.120 +private:
1.121 + CWTLSSigningAlgorithmIdentifier();
1.122 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.123 + };
1.124 +
1.125 +/**
1.126 + * @publishedAll
1.127 + * @released
1.128 + */
1.129 +class CWTLSSubjectPublicKeyInfo : public CSubjectPublicKeyInfo
1.130 + {
1.131 +public:
1.132 + IMPORT_C static CWTLSSubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData);
1.133 + IMPORT_C static CWTLSSubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData);
1.134 + IMPORT_C static CWTLSSubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.135 + IMPORT_C static CWTLSSubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.136 +private:
1.137 + CWTLSSubjectPublicKeyInfo();
1.138 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.139 + };
1.140 +
1.141 +_LIT(KWTLSTCAType, " T");
1.142 +_LIT(KWTLSTCAValue, "ca");
1.143 +
1.144 +/**
1.145 + * @publishedAll
1.146 + * @released
1.147 + */
1.148 +class CWTLSCertificate : public CCertificate
1.149 + {
1.150 +public:
1.151 + enum //enum values for encoded data element positions in tbsCert data structure
1.152 + { //these values are to be used as params to DataElementEncoding() function
1.153 + EVersionNumber = 0,
1.154 + EAlgorithmId = 1,
1.155 + EIssuerName = 2,
1.156 + EValidityPeriod = 3,
1.157 + ESubjectName = 4,
1.158 + ESubjectPublicKeyInfo = 5,
1.159 + };
1.160 +
1.161 + /**
1.162 + * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation.
1.163 + *
1.164 + * @param aBinaryData The encoded binary representation.
1.165 + * @return The new CWTLSCertificate object.
1.166 + */
1.167 + IMPORT_C static CWTLSCertificate* NewL(const TDesC8& aBinaryData);
1.168 +
1.169 + /**
1.170 + * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation,
1.171 + * and puts a pointer to it onto the cleanup stack.
1.172 + *
1.173 + * @param aBinaryData The encoded binary representation.
1.174 + * @return The new CWTLSCertificate object.
1.175 + */
1.176 + IMPORT_C static CWTLSCertificate* NewLC(const TDesC8& aBinaryData);
1.177 +
1.178 + /**
1.179 + * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation.
1.180 + *
1.181 + * @param aBinaryData The encoded binary representation.
1.182 + * @param aPos An offset into the descriptor, and is updated to the position at the end of the object.
1.183 + * @return The new CWTLSCertificate object.
1.184 + */
1.185 + IMPORT_C static CWTLSCertificate* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.186 +
1.187 + /**
1.188 + * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation,
1.189 + * and puts a pointer to it onto the cleanup stack.
1.190 + *
1.191 + * @param aBinaryData The encoded binary representation.
1.192 + * @param aPos An offset into the descriptor, and is updated to the position at the end of the object.
1.193 + * @return The new CWTLSCertificate object.
1.194 + */
1.195 + IMPORT_C static CWTLSCertificate* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.196 +
1.197 + /**
1.198 + * Creates a new CWTLSCertificate object from a stream.
1.199 + *
1.200 + * The stream must have been written using the corresponding ExternalizeL() function.
1.201 + *
1.202 + * @param aStream The stream to be used as input.
1.203 + * @return The new CWTLSCertificate object.
1.204 + */
1.205 + IMPORT_C static CWTLSCertificate* NewL(RReadStream& aStream);
1.206 +
1.207 + /**
1.208 + * Creates a new CWTLSCertificate object from a stream,
1.209 + * and puts a pointer to it onto the cleanup stack.
1.210 + *
1.211 + * The stream must have been written using the corresponding ExternalizeL() function.
1.212 + *
1.213 + * @param aStream The stream to be used as input.
1.214 + * @return The new CWTLSCertificate object.
1.215 + */
1.216 + IMPORT_C static CWTLSCertificate* NewLC(RReadStream& aStream);
1.217 +
1.218 + /**
1.219 + * Creates a new CWTLSCertificate object from an existing one in the certificate store.
1.220 + *
1.221 + * @param aCert The certificate to be copied.
1.222 + * @return The new CWTLSCertificate object.
1.223 + */
1.224 + IMPORT_C static CWTLSCertificate* NewL(const CWTLSCertificate& aCert);
1.225 +
1.226 + /**
1.227 + * Creates a new CWTLSCertificate object from an existing one in the certificate store,
1.228 + * and puts a pointer to it onto the cleanup stack.
1.229 + *
1.230 + * @param aCert The certificate to be copied.
1.231 + * @return The new CWTLSCertificate object.
1.232 + */
1.233 + IMPORT_C static CWTLSCertificate* NewLC(const CWTLSCertificate& aCert);
1.234 +
1.235 + /**
1.236 + * Destructor.
1.237 + *
1.238 + * Frees all resources owned by the object, prior to its destruction.
1.239 + */
1.240 + IMPORT_C ~CWTLSCertificate();
1.241 +
1.242 + /**
1.243 + * Tests whether this WTLS certificate is the same as the specified WTLS certificate.
1.244 + *
1.245 + * This is not a simple as it sounds. For X.509 certificates equality means that the issuer name
1.246 + * and serial number fields are the same. This guarantees equality since a CA must ensure that every
1.247 + * certificate it issues has a unique serial number. But WTLS certificates do not include serial numbers,
1.248 + * so there seems to be no definition of equality. This function uses a byte-for-byte comparison of the
1.249 + * signatures on the certificates: this should not result in any false positives, but may give false
1.250 + * negatives if CAs do naughty things like recertifying the same key (which they have been known to do).
1.251 + *
1.252 + * @param aCert A WTLS certificate
1.253 + * @return ETrue, if the parameter is the same certificate; EFalse, otherwise.
1.254 + */
1.255 + IMPORT_C TBool IsEqualL(const CWTLSCertificate& aCert) const;
1.256 +
1.257 + //extra accessors
1.258 +
1.259 + /**
1.260 + * Gets the version number of the WTLS certificate.
1.261 + *
1.262 + * @return The version number of the certificate. Always returns 1.
1.263 + */
1.264 + IMPORT_C TInt Version() const;
1.265 +
1.266 + /**
1.267 + * Gets the name of the WTLS certificate's issuing authority.
1.268 + *
1.269 + * @return A WTLS name:
1.270 + * @li If the name is an X.500 DN, then if the name contains a Common name, that will be returned.
1.271 + * Otherwise, if the name contains an Organization name, that will be returned. Otherwise an empty
1.272 + * string will be returned.
1.273 + * @li If the name is of type text, then if the name is not a 'structured' name the entire string will
1.274 + * be returned, otherwise the same procedure will be followed as for X.509 certificates.
1.275 + * @li If the name is null an empty string will be returned.
1.276 + */
1.277 + // Unsupported -- If the name is a key hash or binary value the entire contents will be returned.
1.278 + IMPORT_C const CWTLSName& IssuerName() const;
1.279 +
1.280 + /**
1.281 + * Gets the name of the owner of the public key the WTLS certificate contains.
1.282 + *
1.283 + * @return A WTLS name.
1.284 + */
1.285 + IMPORT_C const CWTLSName& SubjectName() const;
1.286 + IMPORT_C virtual TBool IsSelfSignedL() const;
1.287 + IMPORT_C virtual HBufC* SubjectL() const;
1.288 + IMPORT_C virtual HBufC* IssuerL() const;
1.289 +
1.290 + /**
1.291 + * Initialises the certificate from a stream.
1.292 + *
1.293 + * This should not be called by client code; instead the static factory function above should be used.
1.294 + * If a client is using the certstore component for storage then it should use CCertStore::AddL() for
1.295 + * externalizing and CWTLSCert::NewL(CCertStore& aStore, const CCertStoreEntry& aEntry); for restoring.
1.296 + *
1.297 + * @param aStream
1.298 + */
1.299 + IMPORT_C void InternalizeL(RReadStream& aStream);
1.300 +
1.301 + /**
1.302 + * Gets the certificate's signed data.
1.303 + *
1.304 + * @return A non-modifiable pointer descriptor representing the certificate's signed data.
1.305 + */
1.306 + IMPORT_C const TPtrC8 SignedDataL() const;
1.307 +
1.308 + /**
1.309 + * Gets the encoding for a data element at the specified index.
1.310 + *
1.311 + * @param aIndex The position of the encoded data element.
1.312 + */
1.313 + IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
1.314 +
1.315 + /**
1.316 + * Tests whether a non-selfsigned certificate can be used to sign others.
1.317 + *
1.318 + * Currently this only supports structured text variety of WTLS certificates.
1.319 + * Other certificate types will return EFalse.
1.320 + *
1.321 + * @return ETrue, if the certificate is capable of signing other certificates; otherwise, EFalse.
1.322 + */
1.323 + IMPORT_C TBool IsTCAL() const;
1.324 +private:
1.325 + CWTLSCertificate();
1.326 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.327 + void ConstructL(const CWTLSCertificate& aCertificate);
1.328 + void ConstructCertL(const TDesC8& aBinaryData, TInt& aPos);
1.329 + void InitEncodedDataElementsL();
1.330 + //private data
1.331 + TInt iVersion;
1.332 + CWTLSName* iIssuerName;
1.333 + CWTLSName* iSubjectName;
1.334 + TFixedArray<TPtrC8*, KWTLSCertMaxDataElements>* iDataElements;
1.335 + };
1.336 +
1.337 +#endif