1.1 --- a/epoc32/include/x509cert.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/x509cert.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,704 @@
1.4 -x509cert.h
1.5 +/*
1.6 +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
1.7 +* All rights reserved.
1.8 +* This component and the accompanying materials are made available
1.9 +* under the terms of the License "Eclipse Public License v1.0"
1.10 +* which accompanies this distribution, and is available
1.11 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.12 +*
1.13 +* Initial Contributors:
1.14 +* Nokia Corporation - initial contribution.
1.15 +*
1.16 +* Contributors:
1.17 +*
1.18 +* Description:
1.19 +* X509 certificate implementation
1.20 +*
1.21 +*/
1.22 +
1.23 +
1.24 +
1.25 +
1.26 +/**
1.27 + @file
1.28 + @internalAll
1.29 +*/
1.30 +
1.31 +#ifndef __X509CERT_H__
1.32 +#define __X509CERT_H__
1.33 +
1.34 +#include <e32base.h>
1.35 +#include <e32std.h>
1.36 +#include <s32std.h>
1.37 +#include <signed.h>
1.38 +#include <x500dn.h>
1.39 +#include <asn1enc.h>
1.40 +
1.41 +_LIT(KMD2WithRSA,"1.2.840.113549.1.1.2");
1.42 +_LIT(KMD5WithRSA,"1.2.840.113549.1.1.4");
1.43 +_LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5");
1.44 +_LIT(KDSAWithSHA1,"1.2.840.10040.4.3");
1.45 +
1.46 +_LIT(KRSA,"1.2.840.113549.1.1.1");
1.47 +_LIT(KDH,"1.2.840.10046.2.1");
1.48 +_LIT(KDSA,"1.2.840.10040.4.1");
1.49 +_LIT(KMD5,"1.2.840.113549.2.5");
1.50 +_LIT(KMD2,"1.2.840.113549.2.2");
1.51 +_LIT(KSHA1,"1.3.14.3.2.26");
1.52 +
1.53 +/** The maximum number of allowed data elements.
1.54 +*
1.55 +* @since v7.0 */
1.56 +const TInt KX509MaxDataElements = 10;
1.57 +
1.58 +class CRSAPublicKey;
1.59 +class CDSAPublicKey;
1.60 +class CDSASignature;
1.61 +class CDSAParameters;
1.62 +
1.63 +class CPKCS1SignatureResult : public CRSASignatureResult
1.64 +/** The signature result in PKCS#1 format.
1.65 +*
1.66 +* @publishedAll
1.67 +* @released
1.68 +* @since v6.0 */
1.69 + {
1.70 +public:
1.71 + /** Creates a new algorithm ID object copied from an existing object.
1.72 + *
1.73 + * @param aDigestAlgorithm The algorithm ID object to be copied.
1.74 + * @param aDigest A non-modifiable descriptor representing the digest algorithm.
1.75 + * @return A pointer to the new algorithm ID object. */
1.76 + IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.77 +
1.78 + /** Creates a new algorithm ID object copied from an existing
1.79 + * object, and puts a pointer to the new object onto the cleanup stack.
1.80 + *
1.81 + * @param aDigestAlgorithm The algorithm ID object to be copied.
1.82 + * @param aDigest A non-modifiable descriptor representing the digest algorithm.
1.83 + * @return A pointer to the new algorithm ID object. */
1.84 + IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.85 +
1.86 + /** Tests whether the signature result is valid.
1.87 + *
1.88 + * @param aResult The signature result to be verified.
1.89 + * @return ETrue, if the signature result is verified; EFalse, otherwise. */
1.90 + IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);
1.91 +private:
1.92 + void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
1.93 + TBool DoVerifyL(const TDesC8& aResult);
1.94 + };
1.95 +
1.96 +class TX509KeyFactory : public TKeyFactory
1.97 +/** Constructs the public key objects used for signature verification, from their
1.98 +* encoded binary form, for X.509 certificates.
1.99 +*
1.100 +* @publishedAll
1.101 +* @released
1.102 +* @since v6.0 */
1.103 + {
1.104 +public:
1.105 + /** Gets the RSA public key from the encoding key.
1.106 + *
1.107 + * @param aEncoding A non-modifiable descriptor representing the entire encoding.
1.108 + * @return The RSA Public key. */
1.109 + IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const;
1.110 +
1.111 + /** Gets the RSA signature result.
1.112 + *
1.113 + * @param aDigestAlgorithm The digest algorithm ID.
1.114 + * @param aDigest A non-modifiable descriptor representing the digest algorithm.
1.115 + * @return The RSA signature result. */
1.116 + IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const;
1.117 +
1.118 + /** Gets the DSA public key from the encoding key.
1.119 + *
1.120 + * @param aParamsEncoding A non-modifiable descriptor representing
1.121 + * the encoded binary representation of the DSA parameters
1.122 + * @param aEncoding A non-modifiable descriptor representing the entire encoding.
1.123 + * @return The DSA public key.
1.124 + * @since v8.0 */
1.125 + IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const;
1.126 +
1.127 + /** Gets the digital DSA signature from the encoding key.
1.128 + *
1.129 + * @param aEncoding A non-modifiable descriptor representing the entire encoding.
1.130 + * @return The DSA signature. */
1.131 + IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const;
1.132 +
1.133 + /** Gets the DSA parameters from the encoding key.
1.134 + *
1.135 + * @param aEncoding A non-modifiable descriptor representing the entire encoding.
1.136 + * @return The DSA parameters. */
1.137 + IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const;
1.138 +
1.139 + /** Gets the DSA public key from the encoding key.
1.140 + *
1.141 + * @param aParams The DSA parameters
1.142 + * @param aEncoding A non-modifiable descriptor representing the entire encoding.
1.143 + * @return The DSA public key. */
1.144 + IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const;
1.145 + };
1.146 +
1.147 +class CX509ValidityPeriod : public CValidityPeriod
1.148 +/** The period for which an X.509 certificate is valid.
1.149 +*
1.150 +* @publishedAll
1.151 +* @released
1.152 +* @since v6.0 */
1.153 + {
1.154 +public:
1.155 + /** Creates a new X.509 validity period object from the specified buffer containing
1.156 + * the binary coded representation.
1.157 + *
1.158 + * Initialises the object from its encoded binary form into an internal representation.
1.159 + *
1.160 + * @param aBinaryData The encoded binary representation.
1.161 + * @return The new validity period object. */
1.162 + IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData);
1.163 +
1.164 + /** Creates a new X.509 validity period object from the specified buffer containing
1.165 + * the binary coded representation, and puts a pointer to it onto the cleanup stack.
1.166 + *
1.167 + * Initialises the object from its encoded binary form into an internal representation.
1.168 + *
1.169 + * @param aBinaryData The encoded binary representation.
1.170 + * @return The new validity period object. */
1.171 + IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData);
1.172 +
1.173 + /** Creates a new X.509 validity period object from the specified buffer containing
1.174 + * the binary coded representation, starting at the specified offset.
1.175 + *
1.176 + * Initialises the object from its encoded binary form into an internal representation.
1.177 + *
1.178 + * @param aBinaryData The encoded binary representation.
1.179 + * @param aPos The offset position from which to start decoding.
1.180 + * @return The new validity period object. */
1.181 + IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.182 +
1.183 + /** Creates a new X.509 validity period object from the specified buffer containing
1.184 + * the binary coded representation, starting at the specified offset, and puts
1.185 + * a pointer to it onto the cleanup stack.
1.186 + *
1.187 + * Initialises the object from its encoded binary form into an internal representation.
1.188 + *
1.189 + * @param aBinaryData The encoded binary representation.
1.190 + * @param aPos The offset position from which to start decoding.
1.191 + * @return The new validity period object. */
1.192 + IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.193 +private:
1.194 + CX509ValidityPeriod();
1.195 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.196 + };
1.197 +
1.198 +class CX509AlgorithmIdentifier : public CAlgorithmIdentifier
1.199 +/** Algorithm identifier for an X.509 certificate.
1.200 +*
1.201 +* @publishedAll
1.202 +* @released
1.203 +* @since v6.0 */
1.204 + {
1.205 +public:
1.206 + /** Creates a new X.509 algorithm identifier object from the specified buffer containing
1.207 + * the binary coded representation.
1.208 + *
1.209 + * The function initialises the object from its encoded binary form into an internal
1.210 + * representation.
1.211 + *
1.212 + * @param aBinaryData The encoded binary representation.
1.213 + * @return The new algorithm identifier object. */
1.214 + IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
1.215 +
1.216 + /** Creates a new X.509 algorithm identifier object from the specified buffer containing
1.217 + * the binary coded representation, and puts a pointer to it onto the cleanup stack.
1.218 + *
1.219 + * @param aBinaryData The encoded binary representation.
1.220 + * @return The new algorithm identifier object. */
1.221 + IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
1.222 +
1.223 + /** Creates a new X.509 algorithm identifier object from the specified buffer containing
1.224 + * the binary coded representation, starting at the specified offset.
1.225 + *
1.226 + * @param aBinaryData The encoded binary representation.
1.227 + * @param aPos The offset position from which to start decoding.
1.228 + * @return The new algorithm identifier object. */
1.229 + IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.230 +
1.231 + /** Creates a new X.509 algorithm identifier object from the specified buffer containing
1.232 + * the binary coded representation, starting at the specified offset, and puts
1.233 + * a pointer to it onto the cleanup stack.
1.234 + *
1.235 + * @param aBinaryData The encoded binary representation.
1.236 + * @param aPos The offset position from which to start decoding.
1.237 + * @return The new algorithm identifier object. */
1.238 + IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.239 +
1.240 + /**
1.241 + Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter.
1.242 + @param aAlgorithmId The algorithm Id used to build the object.
1.243 + @param aEncodedParams The encoded parameter for the algorithm ID.
1.244 + @return The fully constructed object.
1.245 + */
1.246 + IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
1.247 +
1.248 + /**
1.249 + Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter
1.250 + and leaves the object on the cleanup stack.
1.251 + @param aAlgorithmId The algorithm Id used to build the object.
1.252 + @param aEncodedParams The encoded parameter for the algorithm ID.
1.253 + @return The fully constructed object.
1.254 + */
1.255 + IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
1.256 +
1.257 + /**
1.258 + Creates the ASN1 DER sequence of the X509 algorithm identifier object
1.259 + and leaves it on the cleanup stack.
1.260 + @return ASN1 DER sequence of this object.
1.261 + */
1.262 + IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
1.263 +
1.264 +private:
1.265 + CX509AlgorithmIdentifier();
1.266 + CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId);
1.267 + void InitializeL(const TDesC8& aBinaryData, TInt& aPos);
1.268 + };
1.269 +
1.270 +class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier
1.271 +/** Encapsulates the IDs of the algorithms used for signing an X.509 certificate.
1.272 +*
1.273 +* @publishedAll
1.274 +* @released
1.275 +* @since v6.0 */
1.276 + {
1.277 +public:
1.278 + /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
1.279 + * the binary coded representation.
1.280 + *
1.281 + * @param aBinaryData The encoded binary representation.
1.282 + * @return The new signing algorithm Id object. */
1.283 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
1.284 +
1.285 + /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
1.286 + * the binary coded representation, and puts a pointer to it onto the cleanup stack.
1.287 + *
1.288 + * @param aBinaryData The encoded binary representation.
1.289 + * @return The new signing algorithm Id object. */
1.290 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
1.291 +
1.292 + /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
1.293 + * the binary coded representation, starting at the specified offset.
1.294 + *
1.295 + * @param aBinaryData The encoded binary representation.
1.296 + * @param aPos The offset position from which to start decoding.
1.297 + * @return The new signing algorithm Id object. */
1.298 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.299 +
1.300 + /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
1.301 + * the binary coded representation,starting at the specified offset, and puts
1.302 + * a pointer to it onto the cleanup stack.
1.303 + *
1.304 + * @param aBinaryData The encoded binary representation.
1.305 + * @param aPos The offset position from which to start decoding.
1.306 + * @return The new signing algorithm Id object. */
1.307 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.308 + /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
1.309 + *
1.310 + * @param aAsymmetricAlgorithm The asymmetric algorithm
1.311 + * @param aDigestAlgorithm The digest algorithm
1.312 + * @return The new signing algorithm Id object. */
1.313 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
1.314 + /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
1.315 + *
1.316 + * @param aAsymmetricAlgorithm The asymmetric algorithm
1.317 + * @param aDigestAlgorithm The digest algorithm
1.318 + * @return The new signing algorithm Id object. */
1.319 + IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
1.320 +private:
1.321 + CX509SigningAlgorithmIdentifier();
1.322 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.323 + void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
1.324 + };
1.325 +
1.326 +class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo
1.327 +/** X.509 subject public key information.
1.328 +*
1.329 +* @publishedAll
1.330 +* @released
1.331 +* @since v6.0 */
1.332 + {
1.333 +public:
1.334 + /** Creates a new X.509 subject public key object from the specified buffer containing
1.335 + * the binary coded representation.
1.336 + *
1.337 + * @param aBinaryData The encoded binary representation.
1.338 + * @return The new subject public key object. */
1.339 + IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData);
1.340 +
1.341 + /** Creates a new X.509 subject public key object from the specified buffer containing
1.342 + * the binary coded representation, and puts a pointer to it onto the cleanup stack.
1.343 + *
1.344 + * @param aBinaryData The encoded binary representation.
1.345 + * @return The new subject public key object. */
1.346 + IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData);
1.347 +
1.348 + /** Creates a new X.509 subject public key object from the specified buffer containing
1.349 + * the binary coded representation, starting at the specified offset.
1.350 + *
1.351 + * @param aBinaryData The encoded binary representation.
1.352 + * @param aPos The offset position from which to start decoding.
1.353 + * @return The subject public key object. */
1.354 + IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.355 +
1.356 + /** Creates a new X.509 subject public key object from the specified buffer containing
1.357 + * the binary coded representation, starting at the specified offset, and puts
1.358 + * a pointer to it onto the cleanup stack.
1.359 + *
1.360 + * @param aBinaryData The encoded binary representation.
1.361 + * @param aPos The offset position from which to start decoding.
1.362 + * @return The new subject public key object. */
1.363 + IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.364 +private:
1.365 + CX509SubjectPublicKeyInfo();
1.366 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.367 + };
1.368 +
1.369 +class CX509CertExtension : public CBase
1.370 +/** A generic X.509 certificate extension.
1.371 +*
1.372 +* The creation of a generic extension is the first step in the creation of a
1.373 +* specific extension. Client code gets the decoded Object Identifier (OID) encapsulated
1.374 +* by an instance of this class and uses it to create the specific extension.
1.375 +*
1.376 +* Consists of an any-defined-by structure along with a boolean flag saying whether
1.377 +* the extension is critical or not.
1.378 +*
1.379 +* @publishedAll
1.380 +* @released
1.381 +* @since v6.0 */
1.382 + {
1.383 +public:
1.384 + /** Creates a new generic X.509 certificate extension object from an existing object.
1.385 + *
1.386 + * This is equivalent to a copy constructor.
1.387 + *
1.388 + * @param aExtension The generic certificate extension to be copied.
1.389 + * @return The new generic certificate extension object. */
1.390 + IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension);
1.391 +
1.392 + /** Creates a new generic X.509 certificate extension object from an existing object,
1.393 + * and puts a pointer to it onto the cleanup stack.
1.394 + *
1.395 + * This is equivalent to a copy constructor.
1.396 + *
1.397 + * @param aExtension The generic certificate extension to be copied.
1.398 + * @return The new generic X.509 certificate extension object. */
1.399 + IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension);
1.400 +
1.401 + /** Creates a new generic X.509 certificate extension object from the specified
1.402 + * buffer containing the binary coded representation.
1.403 + *
1.404 + * @param aBinaryData The encoded binary representation.
1.405 + * @return The new generic X.509 certificate extension object. */
1.406 + IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData);
1.407 +
1.408 + /** Creates a new generic X.509 certificate extension object from the specified
1.409 + * buffer containing the binary coded representation, and puts a pointer to it
1.410 + * onto the cleanup stack .
1.411 + *
1.412 + * @param aBinaryData The encoded binary representation.
1.413 + * @return The new generic X.509 certificate extension object. */
1.414 + IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData);
1.415 +
1.416 + /** Creates a new generic X.509 certificate extension object from the specified
1.417 + * buffer containing the binary coded representation, starting at the specified offset.
1.418 + *
1.419 + * @param aBinaryData The encoded binary representation.
1.420 + * @param aPos The offset position from which to start decoding.
1.421 + * @return The new generic X.509 certificate extension object. */
1.422 + IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.423 +
1.424 + /** Creates a new generic X.509 certificate extension object from the specified
1.425 + * buffer containing the binary coded representation, starting at the specified
1.426 + * offset, and puts a pointer to it onto the cleanup stack.
1.427 + *
1.428 + * @param aBinaryData The encoded binary representation.
1.429 + * @param aPos The offset position from which to start decoding.
1.430 + * @return The new generic X.509 certificate extension object. */
1.431 + IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.432 +
1.433 + /** Creates a new generic X.509 certificate extension object from the specified
1.434 + * extension object id, the critcal flag and the extension data.
1.435 + *
1.436 + * @param aCertExtOID The OID of the certficate extension.
1.437 + * @param aCritical Flag to convey criticality of the extension.
1.438 + * @param aCertExtValue The data of the specific extension.
1.439 + * @return The new generic X.509 certificate extension object. */
1.440 + IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID,
1.441 + const TBool aCritical,
1.442 + const TDesC8& aCertExtValue);
1.443 +
1.444 + /** Creates a new generic X.509 certificate extension object from the specified
1.445 + * extension object id, the critcal flag and the extension data, and puts a
1.446 + * pointer to it onto the cleanup stack.
1.447 + *
1.448 + * @param aCertExtOID The OID of the certficate extension.
1.449 + * @param aCritical Flag to convey criticality of the extension.
1.450 + * @param aCertExtValue The data of the specific extension.
1.451 + * @return The new generic X.509 certificate extension object. */
1.452 + IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID,
1.453 + const TBool aCritical,
1.454 + const TDesC8& aCertExtValue);
1.455 +
1.456 + /** Destructor.
1.457 + *
1.458 + * Frees all resources owned by the object, prior to its destruction. */
1.459 + IMPORT_C ~CX509CertExtension();
1.460 +
1.461 + /** Tests whether certificate processing code must process this extension for certificate
1.462 + * validation to succeed.
1.463 + *
1.464 + * @return ETrue, if this extension must be processed for validation to succeed;
1.465 + * EFalse, otherwise. */
1.466 + IMPORT_C TBool Critical() const;
1.467 +
1.468 + /** Gets the Object Identifier (OID) of the certficate extension.
1.469 + *
1.470 + * @return The OID of the certficate extension. */
1.471 + IMPORT_C TPtrC Id() const; //OID for the extension
1.472 +
1.473 + /** Gets the encoded binary representation of the specific extension.
1.474 + *
1.475 + * @return A pointer descriptor representing the specific extension. */
1.476 + IMPORT_C TPtrC8 Data() const; //the extension itself
1.477 +
1.478 + /** Creates and returns a DER encoded X.509 certificate extension object in the form
1.479 + * of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called
1.480 + * repeatedly to get copies of the sequence.
1.481 + *
1.482 + * @return A pointer to a DER encoded ASN.1 sequence */
1.483 + IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const;
1.484 +
1.485 +private:
1.486 + CX509CertExtension();
1.487 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.488 + void ConstructL(const CX509CertExtension& aExtension);
1.489 + void ConstructL(const TDesC& aCertExtOID,
1.490 + const TBool aCritical,
1.491 + const TDesC8& aCertExtValue);
1.492 + HBufC* iId;
1.493 + TBool iCritical;
1.494 + HBufC8* iData;
1.495 + };
1.496 +
1.497 +class CX509Certificate : public CCertificate
1.498 +/** An X.509 certificate.
1.499 +*
1.500 +* @publishedAll
1.501 +* @released
1.502 +* @since v6.0 */
1.503 + {
1.504 +public:
1.505 +/** Enumerates values for encoded data element positions in the TBSCertificate data structure.
1.506 +*
1.507 +* These values are to be used as parameters to the DataElementEncoding() function. */
1.508 + enum
1.509 + {
1.510 + EVersionNumber = 0, //optional - may be NULL
1.511 + ESerialNumber = 1,
1.512 + EAlgorithmId = 2,
1.513 + EIssuerName = 3,
1.514 + EValidityPeriod = 4,
1.515 + ESubjectName = 5,
1.516 + ESubjectPublicKeyInfo = 6,
1.517 + EIssuerUID = 7, //optional - may be NULL
1.518 + ESubjectUID = 8, //optional - may be NULL
1.519 + EExtensionList = 9 //optional - may be NULL
1.520 + };
1.521 +
1.522 + /** Creates a new X.509 certificate object from the specified buffer containing
1.523 + * the binary coded representation.
1.524 + *
1.525 + * @param aBinaryData The encoded binary representation.
1.526 + * @return The new X.509 certificate object. */
1.527 + IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData);
1.528 +
1.529 + /** Creates a new X.509 certificate object from the specified buffer containing
1.530 + * the binary coded representation, and puts a pointer to it onto the cleanup stack.
1.531 + *
1.532 + * Initialises the object from its encoded binary form into an internal representation.
1.533 + *
1.534 + * @param aBinaryData The encoded binary representation.
1.535 + * @return The new X.509 certificate object. */
1.536 + IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData);
1.537 +
1.538 + /** Creates a new X.509 certificate object from the specified buffer containing
1.539 + * the binary coded representation, starting at the specified offset.
1.540 + *
1.541 + * @param aBinaryData The encoded binary representation.
1.542 + * @param aPos The offset position from which to start decoding.
1.543 + * @return The new X.509 certificate object. */
1.544 + IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos);
1.545 +
1.546 + /** Creates a new X.509 certificate object from the specified buffer containing
1.547 + * the binary coded representation, starting at the specified offset, and puts
1.548 + * a pointer to it onto the cleanup stack.
1.549 + *
1.550 + * @param aBinaryData The encoded binary representation.
1.551 + * @param aPos The offset position from which to start decoding.
1.552 + * @return The new X.509 certificate object. */
1.553 + IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos);
1.554 +
1.555 + /** Creates a new X.509 certificate object from the specified read stream.
1.556 + *
1.557 + * @param aStream Stream from which the contents should be internalised.
1.558 + * @return The new X.509 certificate object. */
1.559 + IMPORT_C static CX509Certificate* NewL(RReadStream& aStream);
1.560 +
1.561 + /** Creates a new X.509 certificate object from the specified read stream, and
1.562 + * puts a pointer to it onto the cleanup stack.
1.563 + *
1.564 + * Construction is from the stream.
1.565 + *
1.566 + * @param aStream Stream from which the contents should be internalised.
1.567 + * @return The new X.509 certificate object. */
1.568 + IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream);
1.569 +
1.570 + /** Creates a new X.509 certificate object from an existing object.
1.571 + *
1.572 + * This is equivalent to a copy constructor.
1.573 + *
1.574 + * @param aCert The X.509 certificate to be copied.
1.575 + * @return The new X.509 certificate object. */
1.576 + IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert);
1.577 +
1.578 + /** Creates a new X.509 certificate object from an existing object.
1.579 + *
1.580 + * This is equivalent to a copy constructor.
1.581 + *
1.582 + * @param aCert The X.509 certificate to be copied.
1.583 + * @return The new X.509 certificate object. */
1.584 + IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert);
1.585 +
1.586 + /** Destructor.
1.587 + *
1.588 + * Frees all resources owned by the object, prior to its destruction. */
1.589 + IMPORT_C ~CX509Certificate();
1.590 +
1.591 + /** Tests whether the specified X.509 certificate is equal to this X.509 certificate.
1.592 + *
1.593 + * X.509 certificates are equal if both the serial number and the issuer name
1.594 + * are the same.
1.595 + *
1.596 + * @param aCert The X.509 certificate to be compared.
1.597 + * @return ETrue, if the certificates are equal;EFalse, otherwise. */
1.598 + IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const;
1.599 +
1.600 + //extra accessors
1.601 + /** Gets the certificate's signed data.
1.602 + *
1.603 + * @return A non-modifiable pointer descriptor representing the certificate's
1.604 + * signed data. */
1.605 + IMPORT_C const TPtrC8 SignedDataL() const;
1.606 +
1.607 + /** Gets the version number of the certificate.
1.608 + *
1.609 + * @return The version number of the certificate. */
1.610 + IMPORT_C TInt Version() const;
1.611 +
1.612 + /** Gets the X.500 Distinguished Name that identifies the issuer.
1.613 + *
1.614 + * @return The X.500 Distinguished Name that identifies the issuer. */
1.615 + IMPORT_C const CX500DistinguishedName& IssuerName() const;
1.616 +
1.617 + /** Gets the X.500 Distinguished Name that identifies the subject.
1.618 + *
1.619 + * @return The X.500 Distinguished Name that identifies the subject. */
1.620 + IMPORT_C const CX500DistinguishedName& SubjectName() const;
1.621 +
1.622 + //return all your generic extensions
1.623 + /** Gets all generic certificate extensions.
1.624 + *
1.625 + * @return The certificate extensions. */
1.626 + IMPORT_C const CArrayPtrFlat<CX509CertExtension>& Extensions() const;
1.627 +
1.628 + //return a particular extension: this is NOT OWNED by the client
1.629 + //returns NULL if the ext is not found
1.630 + /** Gets the certificate extension identified by the specified object identifier (OID).
1.631 + *
1.632 + * @param aExtensionName The OID identifying the extension.
1.633 + * @return The certificate extension: Note that ownership is not transferred to
1.634 + * the caller. */
1.635 + IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const;
1.636 +
1.637 + /** Internalises an object of this class from a read stream.
1.638 + *
1.639 + * The presence of this function means that the standard templated operator>>()
1.640 + * can be used to internalise objects of this class.
1.641 + *
1.642 + * Note that the function has assignment semantics. It replaces the old value
1.643 + * of the object with a new value read from the read stream.
1.644 + *
1.645 + * @param aStream Stream from which the object is to be internalised. */
1.646 + IMPORT_C void InternalizeL(RReadStream& aStream);
1.647 +
1.648 + //return the encoding for a data element at the index specified
1.649 + /** Gets the encoded data for the specified encoded data element (in the To Be
1.650 + * Signed (TBS) certificate data structure) of the signed object.
1.651 + *
1.652 + * @param aIndex The encoded data element position in the TBSCertificate data
1.653 + * structure. (See the CX509Certificate enumeration.)
1.654 + * @return The encoded data for the specified data element of the signed object.
1.655 + * @since v7.0 */
1.656 + IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
1.657 +
1.658 +public: // from CCertificate
1.659 + /** Gets the issuer of the certificate.
1.660 + *
1.661 + * @return A heap descriptor representing the issuer of the certificate. */
1.662 + IMPORT_C HBufC* IssuerL() const;
1.663 +
1.664 + /** Gets the subject of the certificate.
1.665 + *
1.666 + * @return A heap descriptor representing the issuer of the certificate. */
1.667 + IMPORT_C HBufC* SubjectL() const;
1.668 +
1.669 + /** Tests whether the certificate is self-signed.
1.670 + *
1.671 + * @return ETrue, if it is self-signed; EFalse, otherwise. */
1.672 + IMPORT_C TBool IsSelfSignedL() const;
1.673 +
1.674 + /** Gets a key identifier for the certificate. This is a unique identifier, calculated according
1.675 + * to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this
1.676 + * method does NOT return the value of the Subject Key Id extension, if it is present.
1.677 + *
1.678 + * @return A unique key identifier for the certificate. */
1.679 + IMPORT_C TKeyIdentifier KeyIdentifierL() const;
1.680 +
1.681 + /** Gets the subject key identifier for the certificate. This identifier is extracted from the
1.682 + * certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from
1.683 + * section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids
1.684 + * extracted from the certificate there is a length limit - if the extension is longer than 160 bits,
1.685 + * it is ignored and the value is calculated instead.
1.686 + *
1.687 + * @return The subject key identifier for the certificate. */
1.688 + IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const;
1.689 +
1.690 +private:
1.691 + CX509Certificate();
1.692 + void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
1.693 + void ConstructL(const CX509Certificate& aCertificate);
1.694 + void ConstructCertL();
1.695 + void InitDataElementsL(const CX509Certificate& aCertificate);
1.696 + HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
1.697 + void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
1.698 + //private data
1.699 + TInt iVersion;
1.700 + CX500DistinguishedName* iIssuerName;
1.701 + CX500DistinguishedName* iSubjectName;
1.702 + HBufC8* iIssuerUid;
1.703 + HBufC8* iSubjectUid;
1.704 + CArrayPtrFlat<CX509CertExtension>* iExtensions;
1.705 + TFixedArray<TPtrC8*, KX509MaxDataElements>* iDataElements;
1.706 + };
1.707 +
1.708 +#endif