1.1 --- a/epoc32/include/x509certchain.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/x509certchain.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,191 @@
1.4 -x509certchain.h
1.5 +/*
1.6 +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
1.7 +* All rights reserved.
1.8 +* This component and the accompanying materials are made available
1.9 +* under the terms of the License "Eclipse Public License v1.0"
1.10 +* which accompanies this distribution, and is available
1.11 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.12 +*
1.13 +* Initial Contributors:
1.14 +* Nokia Corporation - initial contribution.
1.15 +*
1.16 +* Contributors:
1.17 +*
1.18 +* Description:
1.19 +* X509 certificate chain and the validation status implementations
1.20 +*
1.21 +*/
1.22 +
1.23 +
1.24 +
1.25 +
1.26 +/**
1.27 + @file
1.28 + @publishedAll
1.29 + @released
1.30 +*/
1.31 +
1.32 +#ifndef __X509CERTCHAIN_H__
1.33 +#define __X509CERTCHAIN_H__
1.34 +
1.35 +#include <e32std.h>
1.36 +#include <x509cert.h>
1.37 +#include <ct.h>
1.38 +
1.39 +class TValidationStatus
1.40 +/** The validation status.
1.41 +*
1.42 +* Some errors cannot be blamed on any single certificate, in which case the
1.43 +* iCert value is meaningless. The same structure is used for errors and for
1.44 +* warnings.
1.45 +*
1.46 +* @publishedAll
1.47 +* @released
1.48 +* @since v6.0 */
1.49 + {
1.50 +public:
1.51 + /** Creates a validation status object.
1.52 + *
1.53 + * @param aError The error type that occurred when validating the certificate chain.
1.54 + * @param aCert The index number identifying the certificate that gave rise to
1.55 + * the error. */
1.56 + IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert);
1.57 +
1.58 + /** The reason for the error. */
1.59 + TValidationError iReason;
1.60 +
1.61 + /** The index number identifying the certificate that gave rise to the error. */
1.62 + TInt iCert;
1.63 + };
1.64 +
1.65 +class CX509CertChain : public CBase
1.66 +/** Abstract base class for X.509 certificate chain validation;
1.67 +* derive from this to suit your profile.
1.68 +*
1.69 +* @publishedAll
1.70 +* @released
1.71 +* @since v6.0 */
1.72 + {
1.73 +public:
1.74 + /** Gets the number of certificates in the chain.
1.75 + *
1.76 + * @return The number of certificates in the chain. */
1.77 + IMPORT_C TInt Count() const;
1.78 +
1.79 + /** Gets the certificate identified by the specified index.
1.80 + * Note that Cert(Count()) corresponds to the root (if any)
1.81 + * whilst Cert(0) corresponds to the outmost certificate in the chain.
1.82 + *
1.83 + * @param aIndex The ordinal number representing the position of the certificate
1.84 + * within the chain.
1.85 + * @return The X.509 certificate at the specified index. */
1.86 + IMPORT_C const CX509Certificate& Cert(TInt aIndex) const;
1.87 +
1.88 + /** Decodes the individual elements of the signed data to construct the certificates.
1.89 + *
1.90 + * @param aBinaryData The encoded binary representation.
1.91 + * @return The certificate objects. */
1.92 + IMPORT_C CArrayPtrFlat<CX509Certificate>* CX509CertChain::DecodeCertsL(const TDesC8& aBinaryData);
1.93 +
1.94 + /** Destructor.
1.95 + *
1.96 + * Frees all resources owned by the object, prior to its destruction. */
1.97 + IMPORT_C ~CX509CertChain();
1.98 +
1.99 + /** Tests whether the specified X.509 certificate chain is equal to this X.509
1.100 + * certificate chain.
1.101 + *
1.102 + * @param aOther The X.509 certificate chain to be compared.
1.103 + * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */
1.104 + IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const;
1.105 +protected:
1.106 + //certificate chain
1.107 + CArrayPtrFlat<CX509Certificate>* iChain;
1.108 +private:
1.109 + static void CleanupCertArray(TAny* aArray);
1.110 + };
1.111 +
1.112 +class CCertificateValidationWarnings : public CBase
1.113 + /** Encapsulates the critical extensions encountered and any warnings found
1.114 + * for a particular certificate in the chain during the process of validation.
1.115 + *
1.116 + * @publishedAll
1.117 + * @released
1.118 + * @since v9.5 */
1.119 + {
1.120 + public:
1.121 + /** Creates an instance of CCertificateValidationWarnings.
1.122 + *
1.123 + * @param aIndex The index of aCert in the certificate chain.
1.124 + * @return A pointer to the new CCertificateWarning object. */
1.125 + IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex);
1.126 +
1.127 + /** Creates an instance of CCertificateValidationWarnings.
1.128 + *
1.129 + * @param aIndex The index of aCert in the certificate chain.
1.130 + * @return A pointer to the new CCertificateWarning object. */
1.131 + IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex);
1.132 +
1.133 + /** Gets a list of critical extension OIDs found in the certificate.
1.134 + *
1.135 + * @return An array of critical extensions found. */
1.136 + IMPORT_C const RPointerArray<TDesC>& CriticalExtensionsFound() const;
1.137 +
1.138 + /** Gets a list of warnings generated by the certificate.
1.139 + *
1.140 + * @return An array of warnings generated. */
1.141 + IMPORT_C const RArray<TValidationStatus>& Warnings() const;
1.142 +
1.143 + /** Gets the index of the certificate in the chain.
1.144 + *
1.145 + * @return The certificate index number. */
1.146 + IMPORT_C TInt CertIndex() const;
1.147 +
1.148 + /** Externalises an object of this class to a write stream.
1.149 + *
1.150 + * The presence of this function means that the standard templated operator<<()
1.151 + * can be used to externalise objects of this class.
1.152 + *
1.153 + * @param aStream Stream to which the object should be externalised. */
1.154 + IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
1.155 +
1.156 + /** Internalises an object of this class from a read stream.
1.157 + *
1.158 + * The presence of this function means that the standard templated operator>>()
1.159 + * can be used to internalise objects of this class.
1.160 + *
1.161 + * Note that this function has assignment semantics: it replaces the old value
1.162 + * of the object with a new value read from the read stream.
1.163 + *
1.164 + * @param aStream Stream from which the object should be internalised.
1.165 + * @return A pointer to the new CCertificateWarning object. */
1.166 + IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream);
1.167 +
1.168 + /** The destructor.
1.169 + *
1.170 + * Frees all resources owned by the object. */
1.171 + IMPORT_C ~CCertificateValidationWarnings();
1.172 +
1.173 + public:
1.174 + /** Adds a warning.
1.175 + *
1.176 + * @internalComponent
1.177 + * @released */
1.178 + IMPORT_C void AppendWarningL(TValidationStatus aWarning);
1.179 +
1.180 + /** Adds a critical extension OID warning.
1.181 + *
1.182 + * @internalComponent
1.183 + * @released */
1.184 + IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt);
1.185 +
1.186 + private:
1.187 + CCertificateValidationWarnings(TInt aIndex);
1.188 +
1.189 + private:
1.190 + TInt iCertIndex;
1.191 + RPointerArray<TDesC> iCriticalExtsFound;
1.192 + RArray<TValidationStatus> iWarnings;
1.193 + };
1.194 +
1.195 +#endif