2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
15 * X509 certificate chain and the validation status implementations
28 #ifndef __X509CERTCHAIN_H__
29 #define __X509CERTCHAIN_H__
35 class TValidationStatus
36 /** The validation status.
38 * Some errors cannot be blamed on any single certificate, in which case the
39 * iCert value is meaningless. The same structure is used for errors and for
47 /** Creates a validation status object.
49 * @param aError The error type that occurred when validating the certificate chain.
50 * @param aCert The index number identifying the certificate that gave rise to
52 IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert);
54 /** The reason for the error. */
55 TValidationError iReason;
57 /** The index number identifying the certificate that gave rise to the error. */
61 class CX509CertChain : public CBase
62 /** Abstract base class for X.509 certificate chain validation;
63 * derive from this to suit your profile.
70 /** Gets the number of certificates in the chain.
72 * @return The number of certificates in the chain. */
73 IMPORT_C TInt Count() const;
75 /** Gets the certificate identified by the specified index.
76 * Note that Cert(Count()) corresponds to the root (if any)
77 * whilst Cert(0) corresponds to the outmost certificate in the chain.
79 * @param aIndex The ordinal number representing the position of the certificate
81 * @return The X.509 certificate at the specified index. */
82 IMPORT_C const CX509Certificate& Cert(TInt aIndex) const;
84 /** Decodes the individual elements of the signed data to construct the certificates.
86 * @param aBinaryData The encoded binary representation.
87 * @return The certificate objects. */
88 IMPORT_C CArrayPtrFlat<CX509Certificate>* CX509CertChain::DecodeCertsL(const TDesC8& aBinaryData);
92 * Frees all resources owned by the object, prior to its destruction. */
93 IMPORT_C ~CX509CertChain();
95 /** Tests whether the specified X.509 certificate chain is equal to this X.509
98 * @param aOther The X.509 certificate chain to be compared.
99 * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */
100 IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const;
103 CArrayPtrFlat<CX509Certificate>* iChain;
105 static void CleanupCertArray(TAny* aArray);
108 class CCertificateValidationWarnings : public CBase
109 /** Encapsulates the critical extensions encountered and any warnings found
110 * for a particular certificate in the chain during the process of validation.
117 /** Creates an instance of CCertificateValidationWarnings.
119 * @param aIndex The index of aCert in the certificate chain.
120 * @return A pointer to the new CCertificateWarning object. */
121 IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex);
123 /** Creates an instance of CCertificateValidationWarnings.
125 * @param aIndex The index of aCert in the certificate chain.
126 * @return A pointer to the new CCertificateWarning object. */
127 IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex);
129 /** Gets a list of critical extension OIDs found in the certificate.
131 * @return An array of critical extensions found. */
132 IMPORT_C const RPointerArray<TDesC>& CriticalExtensionsFound() const;
134 /** Gets a list of warnings generated by the certificate.
136 * @return An array of warnings generated. */
137 IMPORT_C const RArray<TValidationStatus>& Warnings() const;
139 /** Gets the index of the certificate in the chain.
141 * @return The certificate index number. */
142 IMPORT_C TInt CertIndex() const;
144 /** Externalises an object of this class to a write stream.
146 * The presence of this function means that the standard templated operator<<()
147 * can be used to externalise objects of this class.
149 * @param aStream Stream to which the object should be externalised. */
150 IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
152 /** Internalises an object of this class from a read stream.
154 * The presence of this function means that the standard templated operator>>()
155 * can be used to internalise objects of this class.
157 * Note that this function has assignment semantics: it replaces the old value
158 * of the object with a new value read from the read stream.
160 * @param aStream Stream from which the object should be internalised.
161 * @return A pointer to the new CCertificateWarning object. */
162 IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream);
166 * Frees all resources owned by the object. */
167 IMPORT_C ~CCertificateValidationWarnings();
174 IMPORT_C void AppendWarningL(TValidationStatus aWarning);
176 /** Adds a critical extension OID warning.
180 IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt);
183 CCertificateValidationWarnings(TInt aIndex);
187 RPointerArray<TDesC> iCriticalExtsFound;
188 RArray<TValidationStatus> iWarnings;