/*

 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 * X509CERTEXT.H

 * X509 extensions v2

 * Common specific extensions:

 * 1)	basic constraints

 * 2)	alt name

 * 3)	key usage

 * 4)	name constraints

 * 5)	policy constraints

 * 6)	policies

 * 7)	policy mapping

 * 8)	authority key ID

 * 9)	subject key ID

 * 10)	extended key usage

 * 11)	authority information access

 * critical extension

 * 12)   inhibit-any policy 

 *

 */

 /**

  @file 

  @internalAll

  @released

 */

 #if !defined (__X509CERTEXT_H__)

 #define __X509CERTEXT_H__

 #include <e32base.h>

 #include <e32std.h>

 #include <x509gn.h>

 class RReadStream;

 class RWriteStream;

 /** X509 Extension OIDs

 * 

 * @publishedAll

 * @released

 * @since v9.5 */

 //OIDS for the extensions we define here...

 _LIT(KBasicConstraints,"2.5.29.19");

 _LIT(KSubjectAltName,"2.5.29.17");

 _LIT(KIssuerAltName,"2.5.29.18");

 _LIT(KKeyUsage,"2.5.29.15");

 _LIT(KNameConstraints,"2.5.29.30");

 _LIT(KPolicyConstraints,"2.5.29.36");

 _LIT(KCertPolicies,"2.5.29.32");

 _LIT(KPolicyMapping,"2.5.29.33");

 _LIT(KAuthorityKeyId,"2.5.29.35");

 _LIT(KSubjectKeyId,"2.5.29.14");

 _LIT(KExtendedKeyUsage,"2.5.29.37");

 _LIT(KAuthorityInfoAccess, "1.3.6.1.5.5.7.1.1");

 _LIT(KInhibitAnyPolicy, "2.5.29.54");

 // OIDs for access methods

 _LIT(KAccessMethodOCSP, "1.3.6.1.5.5.7.48.1");

 //deprecated OIDs we might still encounter

 _LIT(KOldBasicConstraints,"2.5.29.10");

 _LIT(KOldBasicConstraints2,"2.5.29.13");

 _LIT(KOldSubjectAltName,"2.5.29.7");

 _LIT(KOldIssuerAltName,"2.5.29.8");

 _LIT(KOldNameConstraints,"2.5.29.11");

 _LIT(KOldPolicyConstraints,"2.5.29.2");

 _LIT(KOldPolicyConstraints2,"2.5.29.34");

 _LIT(KOldCertPolicies,"2.5.29.3");

 _LIT(KOldPolicyMapping,"2.5.29.5");

 _LIT(KOldAuthorityKeyId,"2.5.29.1");

 // Define OIDs for Symbian certificate constraints.

 _LIT(KDeviceIdListConstraint,"1.2.826.0.1.1796587.1.1.1.1");

 _LIT(KSidListConstraint,"1.2.826.0.1.1796587.1.1.1.4");

 _LIT(KVidListConstraint,"1.2.826.0.1.1796587.1.1.1.5");

 _LIT(KCapabilitiesConstraint,"1.2.826.0.1.1796587.1.1.1.6");

 //1) basic constraints...

 class CX509ExtensionBase : public CBase

 /** A certificate extension base class. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 protected:

 	/** Second-phase constructor.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The position from which to start decoding. */

 	virtual void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Implementation for second-phase construction.

 	* 

 	* This is called by ConstructL().

 	* 

 	* @param aBinaryData	The encoded binary representation. This is the same as

 	* 						passed to ConstructL().

 	* @param aPos			The position from which to start decoding. Note that the value

 	* 						passed points, in effect, to the content, by passing the header data. */

 	virtual void DoConstructL(const TDesC8& aBinaryData, TInt& aPos) = 0;

 	};

 class CX509BasicConstraintsExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines basic constraints.

 * 

 * It indicates whether the certificate belongs to a Certificate Authority or 

 * an end Entity. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509BasicConstraintsExt object from the specified 

 	* buffer containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509BasicConstraintsExt object. */

 	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509BasicConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, and puts a pointer to it 

 	* onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509BasicConstraintsExt object. */

 	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509BasicConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509BasicConstraintsExt object. */

 	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509BasicConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset, and puts a pointer to it onto the cleanup stack.

 	*

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509BasicConstraintsExt object. */

 	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	virtual ~CX509BasicConstraintsExt();

 	/** Tests whether the certificate belongs to a Certificate Authority.

 	* 

 	* @return	ETrue, if the certificate belongs to a Certificate Authority; 

 	* 			EFalse, otherwise. */

 	IMPORT_C TBool IsCA() const;

 	/** Gets the maximum number of certificates that can follow this one in the chain.

 	* 

 	* @return	The number of certificates. */

 	IMPORT_C TInt MaxChainLength() const;//0 if not set

 private:

 	CX509BasicConstraintsExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	TBool iIsCA;

 	TInt iMaxChainLen;

 	};

 //2) alt name

 class CX509AltNameExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines an alternate name.

 * 

 * It appears as an Issuer Alt Name extension or a Subject Alt Name extension 

 * and is used to contain extra identifying information that will not fit into 

 * a Distinguished Name.

 * 

 * It consists of an array of X.509 General Names.

 *

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509AltNameExt object from the specified 

 	* buffer containing the binary coded representation.

 	*

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509AltNameExt object. */

 	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509AltNameExt object from the specified 

 	* buffer containing the binary coded representation, and puts a pointer to it 

 	* onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509AltNameExt object. */

 	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509AltNameExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AltNameExt object. */

 	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509AltNameExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AltNameExt object. */

 	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	 virtual ~CX509AltNameExt();

 	/** Gets a reference to the array of general names that forms the alternate name 

 	* extension.

 	* 

 	* @return	The array of general names. */

 	IMPORT_C const CArrayPtrFlat<CX509GeneralName>& AltName() const;

 	/** Checks whether the corressponding elements of two equally sized arrays of X.509 general names

 	* match.

 	*

 	* @param aExt	An X.509 certificate extension object that defines an alternate name.

 	* @return		TRUE if all the elements in the arrays match.

 	*/

 	IMPORT_C TBool Match(const CX509AltNameExt& aExt) const;

 private:

 	CX509AltNameExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CArrayPtrFlat<CX509GeneralName>* iAuthorityName;

 	};

 //3) key usage

 class CX509BitString : public CBase

 /** An X.509 bit string. 

 *

 * @internalTechnology

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	~CX509BitString();

 	/** Tests whether the specified bit is set.

 	* 

 	* @param aBit	The offset of the bit to be tested. This is a value relative to 

 	* 				zero. Any value greater than or equal to the length of the bit 

 	*				string will always cause EFalse to be returned.

 	* @return		ETrue, if the bit is set; EFalse, otherwise. */

 	TBool IsSet(TInt aBit) const;

 	/** Creates the X.509 bit string.

 	* 

 	* @param aData				A heap descriptor representing the bit string data.

 	* @param aEffectiveLength	The number of bits in the string. */

 	CX509BitString(HBufC8* aData, TInt aEffectiveLength);

 private:

 	HBufC8* iData;

 	TInt iLength;

 	};

 /** A list of values that defines what an X.509 key can be used for.

 * These values can be ANDed together if a key has several usages. 

 * 

 * @internalTechnology

 * @since v7.0 */

 enum TX509KeyUsage

 	{

 	/** A digital signature. */

 	EX509DigitalSignature,

 	/** Non repudiation. */

 	EX509NonRepudiation,

 	/** Key encipherment. */

 	EX509KeyEncipherment,

 	/** Data encipherment. */

 	EX509DataEncipherment,

 	/** Key agreement. */

 	EX509KeyAgreement,

 	/** Key certificate sign. */

 	EX509KeyCertSign,

 	/** CRL sign. */

 	EX509CRLSign,

 	/** Encipher only. */

 	EX509EncipherOnly,

 	/** Decipher only. */

 	EX509DecipherOnly

 	};

 class CX509KeyUsageExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines the uses to which a key may be put.

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509KeyUsageExt object from the specified buffer 

 	* containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509KeyUsageExt object. */

 	IMPORT_C static CX509KeyUsageExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509KeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509KeyUsageExt object. */

 	IMPORT_C static CX509KeyUsageExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509KeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509KeyUsageExt object. */

 	IMPORT_C static CX509KeyUsageExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509KeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset, 

 	* and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509KeyUsageExt object. */

 	IMPORT_C static CX509KeyUsageExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	virtual ~CX509KeyUsageExt();

 	/** Tests whether a particular usage is set in the extension.

 	* 

 	* @internalTechnology

 	* @param aUsage	The usage.

 	* @return		ETrue, if the specific usage is set in the extension; EFalse, otherwise. */

 	IMPORT_C TBool IsSet(TX509KeyUsage aUsage) const;

 private:

 	CX509KeyUsageExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CX509BitString* iData;

 	};

 //4) name constraints

 class CX509GeneralSubtree : public CBase

 /** Provides access to the general name and the min/max lengths of the subtree. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/**

 	 * @internalComponent

 	 *  

 	 * Creates a new CX509GeneralSubtree object from the specified buffer containing 

 	 * the encoded binary representation.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 * @return 		The new CX509GeneralSubtree object. 

 	 **/

 	static CX509GeneralSubtree* NewL(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 * 

 	 * Creates a new CX509GeneralSubtree object from the specified buffer containing 

 	 * the encoded binary representation, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 * @return 				The new CX509GeneralSubtree object. 

 	 **/

 	static CX509GeneralSubtree* NewLC(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509GeneralSubtree object from the specified buffer containing 

 	 * the encoded binary representation.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding. 

 	 * @return 				The new CX509GeneralSubtree object. 

 	 **/

 	static CX509GeneralSubtree* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509GeneralSubtree object from the specified buffer containing 

 	 * the encoded binary representation, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding.

 	 * @return 				The new CX509GeneralSubtree object. 

 	 **/

 	static CX509GeneralSubtree* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	virtual ~CX509GeneralSubtree();

 	/** Gets the general name.

 	* 

 	* @return	The general name. */

 	IMPORT_C const CX509GeneralName& Name() const;

 	/** Gets the minimum distance of the CX509GeneralSubtree object.

 	* 

 	* @return	The minimum distance of the CX509GeneralSubtree object. */

 	IMPORT_C TInt MinDistance() const;

 	/** Gets the maximum distance of the CX509GeneralSubtree object.

 	* 

 	* @return	The maximum distance of the CX509GeneralSubtree object. */

 	IMPORT_C TInt MaxDistance() const;

 private:

 	CX509GeneralSubtree();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CX509GeneralName* iName;

 	TInt iMaxDist;

 	TInt iMinDist;

 	};

 class CX509NameConstraintsExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines constraints on an entity's name.

 * 

 * This extension allows Certification Authorities to restrict or prevent the issuing 

 * of certificates to entities whose names lie within a defined name space. 

 *

 * @publishedAll

 * @released */

 	{

 public:

 	/** Creates a new CX509NameConstraintsExt object from the specified 

 	* buffer containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509NameConstraintsExt object. */

 	IMPORT_C static CX509NameConstraintsExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509NameConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, and puts a pointer to it 

 	* onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509NameConstraintsExt object. */

 	IMPORT_C static CX509NameConstraintsExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509NameConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509NameConstraintsExt object. */

 	IMPORT_C static CX509NameConstraintsExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509NameConstraintsExt object from the specified 

 	* buffer containing the binary coded representation, starting at the specified 

 	* offset, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509NameConstraintsExt object. */

 	IMPORT_C static CX509NameConstraintsExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509NameConstraintsExt();

 	/** Gets a reference to the array of exclusion subtree names.

 	* 

 	* No certificates after this one may contain names within the subtrees specified.

 	* 

 	* @return	The excluded subtrees. */

 	IMPORT_C const CArrayPtrFlat<CX509GeneralSubtree>& ExcludedSubtrees() const;

 	/** Gets a reference to the array of permitted subtree names.

 	* 

 	* All certificates after this one must contain names within the subtrees specified.

 	* 

 	* @return	The permitted subtrees. */

 	IMPORT_C const CArrayPtrFlat<CX509GeneralSubtree>& PermittedSubtrees() const;

 private:

 	CX509NameConstraintsExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void AddSubtreesL(CArrayPtrFlat<CX509GeneralSubtree>& aSubtrees, const TDesC8& aBinaryData);

 	CArrayPtrFlat<CX509GeneralSubtree>* iExcludedSubtrees;

 	CArrayPtrFlat<CX509GeneralSubtree>* iPermittedSubtrees;

 	};

 //5) policy constraints

 class TX509PolicyConstraint

 /** Defines whether a policy constraint applies.

 * 

 * Objects of this type are used by the X.509 certificate extension that constrains 

 * the use of policies.

 * 

 * An object of this type encapsulates two pieces of information:

 * @li	whether a specific policy applies to subsequent certificates

 * @li	if a specific policy applies, the number of certificates that can follow the 

 * 		current one before the policy constraint applies.

 * 

 * Enables a CA to constrain the use of policies in two ways: they can enforce 

 * the appearance of explicit certificate policies in subsequent certificates, 

 * and prevent policy mapping from being performed. 

 *

 * @publishedAll

 * @released

 */

 	{

 public:

 	/** 

 	 * @internalComponent

 	 *

 	 * Constructs a TX509PolicyConstraint definition object with the specified requirement 

  	 * and countdown values.

 	 * 

 	 * @param aRequired	The policy requirement. Set to ETrue, if the policy constraint 

 	 * 					applies; set to EFalse, otherwise.

 	 * @param aCountdown	The countdown value. This is the number of certificates that 

 	 * 					can follow the current one before the constraint applies. 

 	 *					This only has meaning if the policy constraint applies. 

 	 **/

 	TX509PolicyConstraint(TBool aRequired, TInt aCountdown);

 	/** 

 	 * @internalComponent

 	 *

 	 * Default constructor.

 	 * 

 	 * Sets policy requirement to EFalse and iRequired to EFalse and the iCountdown 

 	 * to zero. 

 	 **/

 	TX509PolicyConstraint();

 	/** The policy requirement.

 	* 

 	* This has the value ETrue, if the policy constraint applies; EFalse otherwise. */

 	TBool iRequired;

 	/** The count down value.

 	* 

 	* Defines the number of certificates that can follow the current one before 

 	* the policy constraint applies. This has no meaning if the policy constraint 

 	* does not apply. */

 	TInt iCountdown;

 	};

 class CX509PolicyConstraintsExt : public CX509ExtensionBase

 /** Enables a Certification Authority to constrain the use of policies in two ways:

 * @li to enforce the appearance of explicit certificate policies in subsequent certificates

 * @li to prevent policy mapping from being performed.

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509PolicyConstraintsExt object from the specified buffer 

 	* containing the encoded binary representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509PolicyConstraintsExt object. */

 	IMPORT_C static CX509PolicyConstraintsExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new Policy constraints extension object from the specified buffer 

 	* containing the encoded binary representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509PolicyConstraintsExt object. */

 	IMPORT_C static CX509PolicyConstraintsExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509PolicyConstraintsExt object from the specified buffer 

 	* containing the encoded binary representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509PolicyConstraintsExt object. */

 	IMPORT_C static CX509PolicyConstraintsExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509PolicyConstraintsExt object from the specified buffer 

 	* containing the encoded binary representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509PolicyConstraintsExt object. */

 	IMPORT_C static CX509PolicyConstraintsExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509PolicyConstraintsExt();

 	/** Gets the explicit policy constraint.

 	* 

 	* @return	The explicit policy constraint. */

 	IMPORT_C TX509PolicyConstraint ExplicitPolicyRequired() const;

 	/** Gets the inhibiting policy mapping.

 	* 

 	* @return	The inhibiting policy mapping. */

 	IMPORT_C TX509PolicyConstraint InhibitPolicyMapping() const;

 private:

 	CX509PolicyConstraintsExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	TX509PolicyConstraint iRequirePolicy;

 	TX509PolicyConstraint iInhibitPolicyMapping;

 	};

 //6) policies

 class CX509PolicyQualifierInfo : public CBase

 /** Gets X.509 policy qualifier information. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from the specified 

 	 * buffer containing the encoded binary representation.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewL(const TDesC8& aBinaryData);

 	/**

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from the specified 

 	 * buffer containing the encoded binary representation, and puts a pointer to 

 	 * it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewLC(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from the specified 

 	 * buffer containing the encoded binary representation.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from the specified 

 	 * buffer containing the encoded binary representation, and puts a pointer to 

 	 * it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from an existing X.509 

 	 * Policy Qualifier Information object.

 	 * 

 	 * @param aQualifierInfo	The CX509PolicyQualifierInfo object to be copied. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewL(const CX509PolicyQualifierInfo& aQualifierInfo);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from an existing X.509 

 	 * Policy Qualifier Information object, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aQualifierInfo	The CX509PolicyQualifierInfo object to be copied. 

 	 * @return				The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewLC(const CX509PolicyQualifierInfo& aQualifierInfo);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from a stream.

 	 * 

 	 * @return	The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewL(RReadStream& aStream);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyQualifierInfo object from a stream, and puts a pointer to it onto 

 	 * the cleanup stack.

 	 * 

 	 * @return	The new CX509PolicyQualifierInfo object. 

 	 **/

 	static CX509PolicyQualifierInfo* NewLC(RReadStream& aStream);

 	/** The destructor.

 	* 

 	* Frees all resources owned by the object. */

 	virtual ~CX509PolicyQualifierInfo();

 	/** Gets the policy qualifier Id.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the policy qualifier Id. */

 	IMPORT_C TPtrC Id() const;

 	/** Gets the policy qualifier data.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the policy qualifier data. */

 	IMPORT_C TPtrC8 Data() const;

 	// Internalization/Externalization

   // Externalize. Writes the data out to a stream

 	/** 

 	 * @internalComponent

 	 * 

 	 * Externalises an object of this class to a write stream.

 	 *  

 	 * The presence of this function means that the standard templated operator<<() 

 	 * can be used to externalise objects of this class.

 	 * 

 	 * @param aStream	Stream to which the object should be externalised. 

 	 **/

 	void ExternalizeL(RWriteStream& aStream) const;

 	// Internalize. Reads the data from a stream 

 	/** 

 	 * @internalComponent

 	 *

 	 * Internalises an object of this class from a read stream.

 	 * 

 	 * The presence of this function means that the standard templated operator>>() 

 	 * can be used to internalise objects of this class.

 	 * 

 	 * Note that this function has assignment semantics: it replaces the old value 

 	 * of the object with a new value read from the read stream.	

 	 * 

 	 * @param aStream	Stream from which the object should be internalised. 

 	 **/

 	void InternalizeL(RReadStream& aStream);

 private:

 	CX509PolicyQualifierInfo();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CX509PolicyQualifierInfo& aQualifier);

 	void ConstructL(RReadStream& aStream);

 	HBufC* iPolicyQualifierId;

 	HBufC8* iData; //opaque (this is another any-defined-by, so could be anything)

 	};

 class CX509CertPolicyInfo : public CBase

 /** Defines a specific policy followed by a Certification Authority.

 * 

 * The policy under which a certificate has been issued may contain a number 

 * of these specific policies.

 * 

 * @see CX509CertPoliciesExt 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509CertPolicyInfo object from the specified buffer containing the 

 	 * binary coded representation.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @return				The new CX509CertPolicyInfo object. 

 	 **/

 	static CX509CertPolicyInfo* NewL(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509CertPolicyInfo object from the specified buffer containing the 

 	 * binary coded representation, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @return				The new CX509CertPolicyInfo object. 

 	 **/

 	static CX509CertPolicyInfo* NewLC(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 * Creates a new CX509CertPolicyInfo object from the specified buffer containing the 

 	 * binary coded representation, starting at the specified offset.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The offset position from which to start decoding.

 	 * @return				The new CX509CertPolicyInfo object. 

 	 **/

 	static CX509CertPolicyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** 

 	 * @internalComponent

 	 * 

 	 * Creates a new CX509CertPolicyInfo object from the specified buffer containing the 

 	 * binary coded representation, starting at the specified offset, and puts a 

 	 * pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The offset position from which to start decoding.

 	 * @return				The new CX509CertPolicyInfo object. 

 	 **/

 	static CX509CertPolicyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509CertPolicyInfo object from an existing object.

 	* 

 	* This is equivalent to a copy constructor.	

 	* 

 	* @param aPolicy		The CX509CertPolicyInfo object to be copied.

 	* @return				The new CX509CertPolicyInfo object. */

 	IMPORT_C static CX509CertPolicyInfo* NewL(const CX509CertPolicyInfo& aPolicy);

 	/** Creates a new CX509CertPolicyInfo object from an existing object, and puts a pointer 

 	* to it onto the cleanup stack.	

 	* 

 	* This is equivalent to a copy constructor.

 	* 

 	* @param aPolicy	The CX509CertPolicyInfo object to be copied.

 	* @return			The new CX509CertPolicyInfo object. */

 	IMPORT_C static CX509CertPolicyInfo* NewLC(const CX509CertPolicyInfo& aPolicy);

 	/** Creates a new CX509CertPolicyInfo object from a stream. 

 	* 

 	* @return	The new CX509CertPolicyInfo object. */

 	IMPORT_C static CX509CertPolicyInfo* NewL(RReadStream& aStream);

 	/** Creates a new CX509CertPolicyInfo object from a stream, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @return	The new CX509CertPolicyInfo object. */

 	IMPORT_C static CX509CertPolicyInfo* NewLC(RReadStream& aStream);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	virtual ~CX509CertPolicyInfo();

 	/** Gets a reference to the array of policy qualifers.

 	* 

 	* @return	The array of policy qualifiers. */

 	IMPORT_C const CArrayPtrFlat<CX509PolicyQualifierInfo>& Qualifiers() const;

 	/** Gets the specific policy's Object Identifier (OID).

 	* 

 	* @return	A pointer descriptor representing the specific policy's OID. */

 	IMPORT_C TPtrC Id() const;

 	// Internalization/Externalization

 	// Externalize. Writes the data out to a stream

 	/** Externalises an object of this class to a write stream.

 	* 

 	* The presence of this function means that the standard templated operator<<() 

 	* can be used to externalise objects of this class.

 	* 

 	* @param aStream	Stream to which the object should be externalised. */

 	IMPORT_C void ExternalizeL(RWriteStream& aStream) const;

 	// Internalize. Reads the data from a stream 

 	/** Internalises an object of this class from a read stream.

 	* 

 	* The presence of this function means that the standard templated operator>>() 

 	* can be used to internalise objects of this class.

 	* 

 	* Note that this function has assignment semantics: it replaces the old value 

 	* of the object with a new value read from the read stream.	

 	* 

 	* @param aStream	Stream from which the object should be internalised. */

 	IMPORT_C void InternalizeL(RReadStream& aStream);

 private:

 	CX509CertPolicyInfo();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CX509CertPolicyInfo& aInfo);

 	void ConstructL(RReadStream& aStream);

 	HBufC* iCertPolicyId;//OID for this policy

 	CArrayPtrFlat<CX509PolicyQualifierInfo>* iQualifiers;

 	};

 class CX509CertPoliciesExt : public CX509ExtensionBase

 /**  The policy under which this certificate has been issued.

 *

 * Contains further information on a client's signature.

 *

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509CertPoliciesExt object from the specified buffer 

 	* containing the encoded binary representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The CX509CertPoliciesExt object. */

 	IMPORT_C static CX509CertPoliciesExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509CertPoliciesExt object from the specified buffer 

 	* containing the encoded binary representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The CX509CertPoliciesExt object. */

 	IMPORT_C static CX509CertPoliciesExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509CertPoliciesExt object from the specified buffer 

 	* containing the encoded binary representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The CX509CertPoliciesExt object. */

 	IMPORT_C static CX509CertPoliciesExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509CertPoliciesExt object from the specified buffer 

 	* containing the encoded binary representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The CX509CertPoliciesExt object. */

 	IMPORT_C static CX509CertPoliciesExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	virtual ~CX509CertPoliciesExt();

 	/** Gets the certificate policy extension information.

 	* 

 	* @return	The certificate policy extension information. */

 	IMPORT_C const CArrayPtrFlat<CX509CertPolicyInfo>& Policies() const;

 private:

 	CX509CertPoliciesExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CArrayPtrFlat<CX509CertPolicyInfo>* iPolicies;

 	};

 //7) policy mapping

 class CX509PolicyMapping : public CBase

 /** A set of policy mappings. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyMapping object from the specified buffer containing 

 	 * the encoded binary representation, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 **/

 	static CX509PolicyMapping* NewL(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyMapping object from the specified buffer containing 

 	 * the encoded binary representation, and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation. 

 	 **/

 	static CX509PolicyMapping* NewLC(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509PolicyMapping object from the specified buffer containing 

 	 * the encoded binary representation, starting at the specified offset, and puts 

 	 * a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding. 

 	 **/

 	static CX509PolicyMapping* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** 

 	 * @internalComponent

 	 * 

 	 * Creates a new CX509PolicyMapping object from the specified buffer containing 

 	 * the encoded binary representation, starting at the specified offset, and puts 

 	 * a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The position from which to start decoding. 

 	 **/

 	static CX509PolicyMapping* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509PolicyMapping object copied from an existing one.

 	* 

 	* @param aMapping	The CX509PolicyMapping object to be copied. */

 	IMPORT_C static CX509PolicyMapping* NewL(const CX509PolicyMapping& aMapping);

 	/** Creates a new CX509PolicyMapping object copied from an existing one, and 

 	* puts a pointer to the object onto the cleanup stack.

 	* 

 	* @param aMapping	The CX509PolicyMapping object to be copied. */

 	IMPORT_C static CX509PolicyMapping* NewLC(const CX509PolicyMapping& aMapping);

 	/** The destructor.

 	* 

 	* Frees all resources owned by the object. */

 	virtual ~CX509PolicyMapping();

 	/** Gets the issuer policy.

 	* 

 	* @return	The issuer policy. */

 	IMPORT_C TPtrC IssuerPolicy() const;

 	/** Gets the subject policy.

 	* 

 	* @return	The subject policy. */

 	IMPORT_C TPtrC SubjectPolicy() const;

 private:

 	CX509PolicyMapping();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void ConstructL(const CX509PolicyMapping& aMapping);

 	HBufC* iIssuerPolicy;

 	HBufC* iSubjectPolicy;

 	};

 class CX509PolicyMappingExt : public CX509ExtensionBase

 /** An X.509 certificate extension that contains a set of policy mappings.

 *

 * A policy mapping allows a Certification Authority to declare that two certificate 

 * policies are equivalent.

 *

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509PolicyMappingExt object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509PolicyMappingExt object. */

 	IMPORT_C static CX509PolicyMappingExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509PolicyMappingExt object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509PolicyMappingExt object. */

 	IMPORT_C static CX509PolicyMappingExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509PolicyMappingExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509PolicyMappingExt object. */

 	IMPORT_C static CX509PolicyMappingExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509PolicyMappingExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509PolicyMappingExt object. */

 	IMPORT_C static CX509PolicyMappingExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	virtual ~CX509PolicyMappingExt();

 	/** Gets a reference to the array of policy mappings.

 	* 

 	* @return	The array of policy mappings. */

 	IMPORT_C const CArrayPtrFlat<CX509PolicyMapping>& Mappings() const;

 private:

 	CX509PolicyMappingExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CArrayPtrFlat<CX509PolicyMapping>* iPolicies;

 	};

 //8) authority key ID

 class CX509AuthorityKeyIdExt : public CX509ExtensionBase

 /** An X.509 certificate extension that provides a way to find the public key corresponding 

 * to the private key used to sign the certificate.

 * 

 * This is referred to as the authority key ID extension.

 * 

 * The key may be identified by the issuer's name and the issuing certificate's 

 * serial number, or by a key identifier value either derived from the public 

 * key or by some method of generating unique IDs. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509AuthorityKeyIdExt object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509AuthorityKeyIdExt object. */

 	IMPORT_C static CX509AuthorityKeyIdExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509AuthorityKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509AuthorityKeyIdExt object. */

 	IMPORT_C static CX509AuthorityKeyIdExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509AuthorityKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AuthorityKeyIdExt object. */

 	IMPORT_C static CX509AuthorityKeyIdExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509AuthorityKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AuthorityKeyIdExt object. */

 	IMPORT_C static CX509AuthorityKeyIdExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	virtual ~CX509AuthorityKeyIdExt();

 	/** Gets the authority name.

 	* 

 	* @return	The authority name. */

 	IMPORT_C const CArrayPtrFlat<CX509GeneralName>& AuthorityName() const;

 	/** Gets the authority certificate serial number.

 	* 

 	* @return	A pointer descriptor representing the authority certificate serial number. */

 	IMPORT_C TPtrC8 AuthorityCertSerialNumber() const;

 	/** Gets the key identifier value.

 	* 

 	* @return	A pointer descriptor representing the key identifier value. */

 	IMPORT_C TPtrC8 KeyId() const;

 private:

 	CX509AuthorityKeyIdExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	void DecodeNameL(const TDesC8& aBinaryData);

 	void DecodeSerialNoL(const TDesC8& aBinaryData);

 	void DecodeKeyIdL(const TDesC8& aBinaryData);

 	CArrayPtrFlat<CX509GeneralName>* iAuthorityName;

 	HBufC8* iAuthorityCertSerialNumber;

 	HBufC8* iKeyIdentifier;

 	};

 //9) subject key ID

 class CX509SubjectKeyIdExt : public CX509ExtensionBase

 /** An X.509 certificate extension that provides a way of identifying certificates

 * that contain a specific public key.

 * 

 * This is referred to as the subject key ID extension.

 * 

 * It consists of a key identifier value either derived from the public key or

 * by some method of generating unique IDs.

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509SubjectKeyIdExt object from the specified buffer containing 

 	* the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509SubjectKeyIdExt object. */

 	IMPORT_C static CX509SubjectKeyIdExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509SubjectKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509SubjectKeyIdExt object. */

 	IMPORT_C static CX509SubjectKeyIdExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509SubjectKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509SubjectKeyIdExt object. */

 	IMPORT_C static CX509SubjectKeyIdExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509SubjectKeyIdExt object from the specified buffer containing 

 	* the binary coded representation, starting at the specified offset, and puts 

 	* a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509SubjectKeyIdExt object. */

 	IMPORT_C static CX509SubjectKeyIdExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509SubjectKeyIdExt();

 	/** Gets the key ID.

 	* 

 	* @return	A pointer descriptor representing the key ID. */

 	IMPORT_C TPtrC8 KeyId() const;

 private:

 	CX509SubjectKeyIdExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	HBufC8* iKeyIdentifier;

 	};

 //10) extended key usage

 class CX509ExtendedKeyUsageExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines the extra uses to which a key may be put.

 * 

 * This is referred to as the extended key usage extension. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new CX509ExtendedKeyUsageExt object from the specified buffer 

 	* containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary data.

 	* @return				The new CX509ExtendedKeyUsageExt object. */

 	IMPORT_C static CX509ExtendedKeyUsageExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509ExtendedKeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509ExtendedKeyUsageExt object. */

 	IMPORT_C static CX509ExtendedKeyUsageExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509ExtendedKeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509ExtendedKeyUsageExt object. */

 	IMPORT_C static CX509ExtendedKeyUsageExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509ExtendedKeyUsageExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset, 

 	* and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509ExtendedKeyUsageExt object. */

 	IMPORT_C static CX509ExtendedKeyUsageExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CX509ExtendedKeyUsageExt();

 	/** Gets the sequence of Object Ids (OID) that identify the key usages.

 	* 

 	* The sequence is held in a set of heap descriptors.

 	* 

 	* @return	A reference to the array of pointers to the heap descriptors that 

 	* 	contain the OIDs. */

 	IMPORT_C const CArrayPtrFlat<HBufC>& KeyUsages() const;

 private:

 	CX509ExtendedKeyUsageExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CArrayPtrFlat<HBufC>* iKeyUsages;

 	};

 //11) authority information access

 class CX509AccessDescription : public CBase

 /** This class provides the access method OID and access location as used by X.509 private internet extensions

  * (authority information access).

  *

  * @publishedAll

  * @released 

  */

 	{

 public:

 	/** 

 	 * @internalComponent

 	 * 

 	 * Creates a new CX509AccessDescription object from the specified buffer 

 	 * containing the binary coded representation.

 	 * 

 	 * @param aBinaryData	The encoded binary data.

 	 * @return				The new CX509AccessDescription object. 

 	 **/

 	static CX509AccessDescription* NewL(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509AccessDescription object from the specified buffer 

 	 * containing the binary coded representation, and puts a pointer to it onto 

 	 * the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @return				The new CX509AccessDescription object. 

 	 **/

 	static CX509AccessDescription* NewLC(const TDesC8& aBinaryData);

 	/** 

 	 * @internalComponent

 	 *

 	 * Creates a new CX509AuthInfoAccessExt object from the specified buffer 

 	 * containing the binary coded representation, starting at the specified offset.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The offset position from which to start decoding.

 	 * @return				The new CX509AuthInfoAccessExt object. 

 	 **/

 	static CX509AccessDescription* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/**

 	 * @internalComponent

 	 *

 	 *  Creates a new CX509AccessDescription object from the specified buffer 

 	 * containing the binary coded representation, starting at the specified offset, 

 	 * and puts a pointer to it onto the cleanup stack.

 	 * 

 	 * @param aBinaryData	The encoded binary representation.

 	 * @param aPos			The offset position from which to start decoding.

 	 * @return				The new CX509AccessDescription object. 

 	 **/

 	static CX509AccessDescription* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor. Frees all resources owned by the object, prior to its destruction. 

 	*/

 	virtual ~CX509AccessDescription();

 	/** Gets the Access Method OID.

 	*

 	* @return	A non modifiable pointer descriptor to point to the access method OID.

 	*/

 	IMPORT_C TPtrC Method() const; 

 	/** Gets the Access Location field which specifies the location where the additional 

 	* information of the CA can be obtained.

 	*

 	* @return	A reference to access location .

 	*/

 	IMPORT_C const CX509GeneralName& Location() const;

 private:

 	CX509AccessDescription();

 	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	HBufC* iMethodId;

 	CX509GeneralName* iLocation;

 	};

 class CX509AuthInfoAccessExt : public CX509ExtensionBase

 /** An X.509 certificate extension that defines the authority information access.

  * 

  * 

  * @publishedAll

  * @released

  */

 	{

 public:

 	/** Creates a new CX509AuthInfoAccessExt object from the specified buffer 

 	* containing the binary coded representation.

 	* 

 	* @param aBinaryData	The encoded binary data.

 	* @return				The new CX509AuthInfoAccessExt object. 

 	*/

 	IMPORT_C static CX509AuthInfoAccessExt* NewL(const TDesC8& aBinaryData);

 	/** Creates a new CX509AuthInfoAccessExt object from the specified buffer 

 	* containing the binary coded representation, and puts a pointer to it onto 

 	* the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @return				The new CX509AuthInfoAccessExt object. 

 	*/

 	IMPORT_C static CX509AuthInfoAccessExt* NewLC(const TDesC8& aBinaryData);

 	/** Creates a new CX509AuthInfoAccessExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AuthInfoAccessExt object. 

 	*/

 	IMPORT_C static CX509AuthInfoAccessExt* NewL(const TDesC8& aBinaryData, TInt& aPos);

 	/** Creates a new CX509AuthInfoAccessExt object from the specified buffer 

 	* containing the binary coded representation, starting at the specified offset, 

 	* and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aBinaryData	The encoded binary representation.

 	* @param aPos			The offset position from which to start decoding.

 	* @return				The new CX509AuthInfoAccessExt object. 

 	*/

 	IMPORT_C static CX509AuthInfoAccessExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);

 	/** Destructor. Frees all resources owned by the object, prior to its destruction. 

 	*/

 	IMPORT_C ~CX509AuthInfoAccessExt();

 	/** Gets the authority access description containing the method and location of additional information of CA ,

 	* who issued the certificate in which this extension appears.

 	*

 	* @return	A reference to the array of pointers to the authority access descriptions.

 	*/

 	IMPORT_C const CArrayPtrFlat<CX509AccessDescription>& AccessDescriptions() const;

 private:

 	CX509AuthInfoAccessExt();

 	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);

 	CArrayPtrFlat<CX509AccessDescription>* iAccessDescs;

 	};

 #endif