/*

 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 *

 */

 /**

  @file 

  @internalAll

 */

 #ifndef __SIGNED_H__

 #define __SIGNED_H__

 #include <e32base.h>

 #include <e32std.h>

 #include <s32std.h>

 #include <securitydefs.h>

 class CRSAPublicKey;

 class CDSAPublicKey;

 class CDSASignature;

 class CDSAParameters;

 /**  Enumerates the identity of the algorithm.

  *

  * @publishedAll

  * @released

  */

 enum TAlgorithmId

 	{

 	/** An RSA algorithm. */

 	ERSA,

 	/** A DSA algorithm. */

 	EDSA,

 	/** A DH algorithm. */

 	EDH,

 	/** A MD2 algorithm. */

 	EMD2,

 	/** A MD5 algorithm. */

 	EMD5,

 	/** A SHA-1 algorithm. */

 	ESHA1

 	};

 class CValidityPeriod : public CBase

 /** The period for which the certificate is valid. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Tests whether the specified date and time is within the validity period.

 	* 

 	* @param aTime	The date and time to be tested.

 	* @return 		ETrue, if the date and time is within the validity period;

 	* 				EFalse, otherwise. */

 	IMPORT_C TBool Valid(const TTime& aTime) const;

 	/** Gets the start of the validity period.

 	* 

 	* @return	The start date and time. */

 	IMPORT_C const TTime& Start() const;

 	/** Gets the end of the validity period.

 	* 

 	* @return	The end date and time. */

 	IMPORT_C const TTime& Finish() const;

 	/** Copy constructor.

 	* 

 	* @param aValidityPeriod	The validity period object to be copied. */

 	IMPORT_C CValidityPeriod(const CValidityPeriod& aValidityPeriod);

 protected:

 	/** Default constructor. */

 	IMPORT_C CValidityPeriod();

 	/** The start time of the validity period. */

 	TTime iStart;

 	/** The end time of the validity period. */

 	TTime iFinish;

 	};

 class CAlgorithmIdentifier : public CBase

 /** Contains an algorithm ID and any encoded parameters required by that algorithm.

 * 

 * An object of this type creates and owns a heap descriptor to contain the encoded 

 * parameters. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new algorithm ID object copied from an existing object.	

 	* 

 	* @param aAlgorithmIdentifier	The algorithm ID object to be copied. 

 	* @return 						A pointer to the new algorithm ID object. */

 	IMPORT_C static CAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAlgorithmIdentifier);

 	/** Creates a new algorithm ID object copied from an existing object, and puts 

 	* a pointer to the new object onto the cleanup stack.

 	* 

 	* @param aAlgorithmIdentifier	The algorithm ID object to be copied. 

 	* @return 						A pointer to the new algorithm ID object. */

 	IMPORT_C static CAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAlgorithmIdentifier);

 	/** Creates a new algorithm ID object.

 	* 

 	* @param aAlgorithmId	The algorithm ID.

 	* @param aEncodedParams	The encoded parameters.

 	* @return 				A pointer to the new algorithm ID object. */

 	IMPORT_C static CAlgorithmIdentifier* NewL(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams);

 	/** Creates a new algorithm ID object, and puts a pointer to the new object onto 

 	* the cleanup stack.

 	* 

 	* @param aAlgorithmId	The algorithm ID.

 	* @param aEncodedParams	The encoded parameters.

 	* @return 				A pointer to the new algorithm ID object. */

 	IMPORT_C static CAlgorithmIdentifier* NewLC(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams);

 	/** Tests whether this algorithm identifier object is equal to the specified algorithm 

 	* identifier object. 

 	* 

 	* @param aAlgorithmIdentifier	The algorithm identifier object to be compared.

 	* @return 						ETrue, if this algorithm identifier object is equal to the specified 

 	* 								algorithm identifier object; EFalse otherwise. */

 	IMPORT_C TBool operator == (const CAlgorithmIdentifier& aAlgorithmIdentifier) const;

 	/** Gets the algorithm identifier.

 	* 

 	* @return	The algorithm identifier. */

 	IMPORT_C TAlgorithmId Algorithm() const;	//ID for the algorithm

 	/** Gets the encoded parameters for the algorithm identifier.

 	* 

 	* Note that this object owns the heap descriptor that owns the encoded parameters.

 	* 

 	* @return 	The encoded parameters. */

 	IMPORT_C TPtrC8 EncodedParams() const;				//the encoded parameters

 	/** Destructor.

 	*

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CAlgorithmIdentifier();

 protected:

 	/** Default constructor. */

 	IMPORT_C CAlgorithmIdentifier();

 	/** Constructor taking the specified parameters.

 	* 

 	* @param aAlgorithmId	The algorithm ID. */

 	IMPORT_C CAlgorithmIdentifier(TAlgorithmId& aAlgorithmId);

 	/** Second-phase constructor taking an existing algorithm identifier object.

 	* 

 	* @param aAlgorithmIdentifier	The algorithm identifier object. */

 	IMPORT_C virtual void ConstructL(const CAlgorithmIdentifier& aAlgorithmIdentifier);

 	/** Second-phase constructor taking encoded parameters.

 	* 

 	* @param aEncodedParams	The encoded parameters. */

 	IMPORT_C virtual void ConstructL(const TDesC8& aEncodedParams);

 	/** The algorithm ID. */

 	TAlgorithmId iAlgorithmId;

 	/** The encoded parameters for the algorithm ID. */

 	HBufC8* iEncodedParams;

 	};

 class CSigningAlgorithmIdentifier : public CBase

 /** Contains two CAlgorithmIdentifier objects for comparison purposes.

 * 

 * Implements an equality operator. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Constructs a new Signing Algorithm Identifier object, copying an existing Signing 

 	* Algorithm Identifier object.

 	* 

 	* @param aSigningAlgorithmIdentifier	The Signing Algorithm Identifier object.

 	* @return								The new Signing Algorithm Identifier object. */

 	IMPORT_C static CSigningAlgorithmIdentifier* NewL(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

 	/** Constructs a new Signing Algorithm Identifier object, copying an existing Signing 

 	* Algorithm Identifier object, and puts a pointer to it onto the cleanup stack.

 	* 

 	* @param aSigningAlgorithmIdentifier	The Signing Algorithm Identifier object.

 	* @return 								The new Signing Algorithm Identifier object. */

 	IMPORT_C static CSigningAlgorithmIdentifier* NewLC(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

 	/** Tests whether the Signing Algorithm Identifier object is equal to the specified 

 	* Signing Algorithm Identifier object.

 	* 

 	* @param aSigningAlgorithmIdentifier  The Signing Algorithm Identifier object to be compared.

 	* @return 							  ETrue, if this object's Signing Algorithm Identifier value 

 	* 									  is equal to the specified Signing Algorithm Identifier 

 	*									  object's value; EFalse, otherwise. */

 	IMPORT_C TBool operator == (const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier) const;

 	/** Gets the signature ID of the asymmetric algorithm.

 	* 

 	* @return	The signature ID of the asymmetric algorithm. */

 	IMPORT_C const CAlgorithmIdentifier& AsymmetricAlgorithm() const;

 	/** Gets the signature ID of the digest algorithm.

 	* 

 	* @return	The signature ID of the digest algorithm. */

 	IMPORT_C const CAlgorithmIdentifier& DigestAlgorithm() const;

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object, prior to its destruction. */

 	IMPORT_C ~CSigningAlgorithmIdentifier();

 protected:

 	/** Second-phase constructor.

 	 * @internalAll

 	 */

 	void ConstructL(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier);

 	/** The signature ID of the asymmetric algorithm. */

 	CAlgorithmIdentifier* iAsymmetricAlgorithm;

 	/** The signature ID of the digest algorithm. */

 	CAlgorithmIdentifier* iDigestAlgorithm;

 	};

 class CSubjectPublicKeyInfo : public CBase

 /** A base class for a container that holds information about a subject public key.

 * 

 * It contains the algorithm ID, the encoded public key and the encoded parameters. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 

 */

 //algorithm ID + encoded public key + encoded parameters

 	{

 public:

 	/** Creates a new subject public key object copied from an existing object.	

 	* 

 	* @param aSubjectPublicKeyInfo 	The subject public key object to be copied.

 	* @return 						A pointer to the new public key object. */

 	IMPORT_C static CSubjectPublicKeyInfo* NewL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

 	/** Creates a new subject public key object copied from an existing object and 

 	* puts a pointer to the new object onto the cleanup stack.	

 	* 

 	* @param aSubjectPublicKeyInfo 	The subject public key object to be copied.

 	* @return 						A pointer to the new public key object. */

 	IMPORT_C static CSubjectPublicKeyInfo* NewLC(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

 	/** Gets the algorithm ID.

 	* 

 	* @return	The algorithm ID. */

 	IMPORT_C TAlgorithmId AlgorithmId() const;

 	/** Gets the encoded parameters required by the algorithm.	

 	* 

 	* @return	A non-modifiable pointer descriptor representing the encoded parameters. */

 	IMPORT_C const TPtrC8 EncodedParams() const;

 	/** Gets the encoded public key data.

 	* 

 	* @return 	A non-modifiable pointer descriptor representing the encoded public 

 	* 			key data. */

 	IMPORT_C const TPtrC8 KeyData() const;

 	/** Destructor.

 	*

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CSubjectPublicKeyInfo();

 protected:

 	/** Second-phase constructor.

 	* 

 	* @param aSubjectPublicKeyInfo	The subject public key object to be copied. */

 	IMPORT_C virtual void ConstructL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo);

 	/** The algorithm ID. */

 	CAlgorithmIdentifier* iAlgId;

 	/** A heap descriptor representing the encoded key data. */

 	HBufC8* iEncodedKeyData;

 	};

 class CRSASignatureResult : public CBase

 /** The RSA public key algorithm signature result.

 * 

 * Derived classes:

 * @li CWTLSRSASignatureResult

 * @li CPKCS1SignatureResult.

 *

 * @see TKeyFactory::RSASignatureResultL()

 *

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Tests whether the signature result is valid.

 	* 

 	* @param aResult	The signature result.

 	* @return			ETrue if the signature result is valid, otherwise EFalse. */

 	IMPORT_C virtual TBool VerifyL(const TDesC8& aResult) = 0;

 	/** Destructor.

 	*

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CRSASignatureResult();

 protected:

 	/** Compares this RSA Signature Result object with the specified RSA Signature 

 	* Result object for equality.

 	*

 	* @param aResult 	The RSA Signature Result object to be compared.

 	* @return 			ETrue, if they are the same; EFalse, otherwise. */

 	IMPORT_C TBool operator == (const CRSASignatureResult& aResult) const;

 	/** The digest algorithm ID. */

 	CAlgorithmIdentifier* iDigestAlgorithm;

 	/** A heap descriptor representing the digest algorithm. */

 	HBufC8* iDigest;

 	};

 //signed object

 class TKeyFactory

 /** Constructs the public key objects used for signature verification from their 

 * encoded binary form. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Gets the RSA public key.

 	* 

 	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

 	* @return 			The RSA Public key. */

 	virtual CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const = 0;

 	/** Gets the RSA signature result.

 	* 

 	* @param aDigestAlgorithm 	The algorithm ID.

 	* @param aDigest 			A non-modifiable descriptor representing the digest algorithm.

 	* @return 					The RSA signature result. */

 	virtual CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const = 0;

 	/** Gets the DSA public key.

 	* 

 	* @param aParams 	The DSA parameters

 	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

 	* @return 			The DSA public key. */

 	virtual CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const = 0;

 	/** Gets the digital DSA signature given an encoding key.

 	* 

 	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

 	* @return 			The DSA signature. */

 	virtual CDSASignature* DSASignatureL(const TDesC8& aEncoding) const = 0;

 	/** Gets the DSA parameters.

 	* 

 	* @param aEncoding 	A non-modifiable descriptor representing the entire encoding.

 	* @return 			The DSA parameters. */

 	virtual CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const = 0;

 	//	New function for TKeyFactory API

 	virtual CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const = 0;

 	};

 class CSigningKeyParameters : public CBase

 /** Contains the parameter information required by some signing algorithms.

 * 

 * The DSA signing algorithm needs parameters as well as a key. Currently, this 

 * class only contains DSA parameters. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Creates a new signing key parameters object.

 	* 

 	* @return	A pointer to the new signing key parameters object. */

 	IMPORT_C static CSigningKeyParameters* NewL();

 	/** Creates a new signing key parameters object and puts a pointer to the new object 

 	* onto the cleanup stack.

 	* 

 	* @return	A pointer to the new signing key parameters object. */

 	IMPORT_C static CSigningKeyParameters* NewLC();

 	/** Creates a new signing key parameters object copied from an existing object.

 	* 

 	* @param aParameters 	The signing key parameters object to be copied.

 	* @return 				A pointer to the new parameters object. */

 	IMPORT_C static CSigningKeyParameters* NewL(const CSigningKeyParameters& aParameters);

 	/** Creates a new signing key parameters object copied from an existing object 

 	* and puts a pointer to the new object onto the cleanup stack.

 	* 

 	* @param aParameters  The signing key parameters object to be copied.

 	* @return 			  A pointer to the new signing key parameters object. */

 	IMPORT_C static CSigningKeyParameters* NewLC(const CSigningKeyParameters& aParameters);

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CSigningKeyParameters();

 	/** Sets the DSA parameters.

 	* 

 	* @param aParams	The DSA parameters. */

 	IMPORT_C void SetDSAParamsL(const CDSAParameters& aParams);

 	/** Gets the DSA parameters.

 	* 

 	* @return	The DSA parameters. 

 	* @internalAll

 	*/

 	const CDSAParameters* DSAParams() const;

 private:

 	CSigningKeyParameters();

 	void ConstructL(const CSigningKeyParameters& aParameters);

 	CDSAParameters* iDSAParams;

 	};

 class CSignedObject : public CBase

 /** Base class for certificates. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:	

 	/** Verifies a signature using the specified encoded key.

 	* 

 	* @param aEncodedKey 	The encoded key. 

 	* @return 				ETrue if the signature is valid, otherwise EFalse. */

 	IMPORT_C TBool VerifySignatureL(const TDesC8& aEncodedKey) const;

 	/** Verifies a signature using the specified encoded key and hash.

 	* 

 	* @param aEncodedKey 	The encoded key. 

 	* @param aHash			The hash of the data to be validated.

 	* @return 				ETrue if the signature is valid, otherwise EFalse. */

 	IMPORT_C TBool VerifySignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const;	

 	/** Gets the digital signature.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the digital signature. */

 	IMPORT_C const TPtrC8 Signature() const;

 	/** Gets the signed data.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the signed data. */

 	IMPORT_C virtual const TPtrC8 SignedDataL() const = 0;

 	/** Gets the fingerprint.

 	* 

 	* The fingerprint returned is the SHA1 hash of the encoding of the entire object.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the finger print. */

 	IMPORT_C const TPtrC8 Fingerprint() const;

 	/** Gets the entire encoding.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the entire encoding. */

 	IMPORT_C const TPtrC8 Encoding() const;

 	/** Gets the signing algorithm ID used.

 	* 

 	* @return	The signing algorithm ID. */

 	IMPORT_C const CSigningAlgorithmIdentifier& SigningAlgorithm() const;

 	/** Externalises the encoding of the entire object to a write stream.

 	* 

 	* The fingerprint and the signed data can be regenerated after restoration.

 	* 

 	* The presence of this function means that the standard templated operator<<() 

 	* can be used to externalise objects of this class.

 	* 

 	* @param aStream	Stream to which the object should be externalised. */

 	IMPORT_C virtual void ExternalizeL(RWriteStream& aStream) const;

 	/** Internalises the encoded object from a read stream.

 	* The class makes use of a specification-specific parser class for extracting 

 	* the various elements, that is provided by a subclass of CSignedObject. For 

 	* this reason this function is pure virtual.

 	* 

 	* The presence of this function means that the standard templated operator>>() 

 	* can be used to internalise objects of this class.

 	* 

 	* @param aStream	Stream from which the contents of the field should be internalised. */

 	IMPORT_C virtual void InternalizeL(RReadStream& aStream) = 0;

 	/** Sets the signing key parameters.

 	* 

 	* @param aParameters	The signing key parameters. */

 	IMPORT_C void SetParametersL(const CSigningKeyParameters& aParameters);

 	/** Gets the encoded data for the specified encoded data element, in the (to be 

 	* signed) tbsCertificate data structure, of the signed object.

 	* 

 	* @param aIndex	The encoded data element position in the tbsCertificate data 

 	* 				structure. See the enumeration: CX509Certificate::Anonymous.

 	* @return 		The encoded data for the specified data element of the signed object. */

 	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const = 0;

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CSignedObject();

 protected:

 	/** Verifies a RSA signature using the specified encoded key.

 	* 

 	* @param aEncodedKey 	The encoded key. 

 	* @return 				ETrue if the signature is valid, otherwise EFalse. 

 	* @internalAll

 	*/

 	TBool VerifyRSASignatureL(const TDesC8& aEncodedKey) const;

 	/** @internalAll */	

 	TBool VerifyRSASignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const;

 	/** A pointer to a key factory object. */

 	TKeyFactory* iKeyFactory;

 	/** A heap descriptor representing the entire encoding. */

 	HBufC8* iEncoding;

 	/** The digital signature. */

 	HBufC8* iSignature;

 	/** The fingerprint.

 	* 

 	* The SHA1 hash of the encoding of the entire object. */

 	HBufC8* iFingerprint;

 	/** The signing key parameters */

 	CSigningKeyParameters* iParameters;

 	/** The signing algorithm ID. */

 	CSigningAlgorithmIdentifier* iSigningAlgorithm;

 	};

 class CCertificate : public CSignedObject

 /** A data structure that binds a public key to a given individual.

 * 

 * A certificate is a signed object, and adds a serial number, a validity period 

 * and a subject public key.

 * 

 * This is a base class for classes that implement certificates of particular types. 

 * 

 * @publishedAll

 * @released

 * @since v6.0 */

 	{

 public:

 	/** Destructor.

 	* 

 	* Frees all resources owned by the object. */

 	IMPORT_C ~CCertificate();

 	/** Gets the subject public key information.

 	* 

 	* @return	The subject public key information. */

 	IMPORT_C const CSubjectPublicKeyInfo& PublicKey() const;

 	/** Gets the serial number.

 	* 

 	* @return	A non-modifiable pointer descriptor representing the serial number. */

 	IMPORT_C const TPtrC8 SerialNumber() const;

 	/** Gets the validity period.

 	* 

 	* @return	The validity period. */

 	IMPORT_C const CValidityPeriod& ValidityPeriod() const;

 	/** Tests whether a certificate is self-signed.

 	* 

 	* @return	ETrue, if it is self-signed; EFalse, otherwise. */

 	IMPORT_C virtual TBool IsSelfSignedL() const = 0;

 	/** Gets the subject.

 	* 

 	* @return	A heap descriptor representing the subject. */

 	IMPORT_C virtual HBufC* SubjectL() const = 0;

 	/** Gets the issuer.

 	* 

 	* @return	A heap descriptor representing the issuer. */

 	IMPORT_C virtual HBufC* IssuerL() const = 0;

 	/** Gets the key identifier.

 	* 

 	* @return	The key identifier. */

 	IMPORT_C virtual TKeyIdentifier KeyIdentifierL() const;

 protected:

 	/** The serial number. */

 	HBufC8* iSerialNumber;

 	/** The validity period. */

 	CValidityPeriod* iValidityPeriod;

 	/** The subject public key information. */

 	CSubjectPublicKeyInfo* iSubjectPublicKeyInfo;

 	};

 #endif