williamr@2: /* williamr@2: * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: * All rights reserved. williamr@2: * This component and the accompanying materials are made available williamr@2: * under the terms of the License "Eclipse Public License v1.0" williamr@2: * which accompanies this distribution, and is available williamr@2: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: * williamr@2: * Initial Contributors: williamr@2: * Nokia Corporation - initial contribution. williamr@2: * williamr@2: * Contributors: williamr@2: * williamr@2: * Description: williamr@2: * williamr@2: */ williamr@2: williamr@2: williamr@2: /** williamr@2: @file williamr@4: @publishedAll williamr@4: @released williamr@2: */ williamr@2: williamr@2: #ifndef __WTLSCERT_H__ williamr@2: #define __WTLSCERT_H__ williamr@2: williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: williamr@2: williamr@2: class CRSAPublicKey; williamr@2: class CDSAPublicKey; williamr@2: class CDSASignature; williamr@2: class CDSAParameters; williamr@2: williamr@2: const TInt KWTLSCertMaxDataElements = 6; williamr@2: williamr@2: class CWTLSRSASignatureResult : public CRSASignatureResult williamr@2: { williamr@2: public: williamr@2: IMPORT_C static CWTLSRSASignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); williamr@2: IMPORT_C static CWTLSRSASignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); williamr@2: IMPORT_C virtual TBool VerifyL(const TDesC8& aResult); williamr@2: private: williamr@2: void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); williamr@2: }; williamr@2: williamr@2: class TWTLSKeyFactory : public TKeyFactory williamr@2: { williamr@2: public: williamr@2: virtual CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const; williamr@2: virtual CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const; williamr@2: virtual CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const; williamr@2: virtual CDSASignature* DSASignatureL(const TDesC8& aEncoding) const; williamr@2: virtual CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const; williamr@2: virtual CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const; williamr@2: }; williamr@2: williamr@2: class CWTLSValidityPeriod : public CValidityPeriod williamr@2: { williamr@2: public: williamr@2: IMPORT_C static CWTLSValidityPeriod* NewL(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSValidityPeriod* NewLC(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: IMPORT_C static CWTLSValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos); williamr@2: private: williamr@2: CWTLSValidityPeriod(); williamr@2: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: }; williamr@2: williamr@2: class CWTLSAlgorithmIdentifier : public CAlgorithmIdentifier williamr@2: { williamr@2: public: williamr@2: IMPORT_C static CWTLSAlgorithmIdentifier* NewL(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: IMPORT_C static CWTLSAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); williamr@2: private: williamr@2: CWTLSAlgorithmIdentifier(); williamr@2: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: }; williamr@2: williamr@2: class CWTLSSigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier williamr@2: { williamr@2: public: williamr@2: IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: IMPORT_C static CWTLSSigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); williamr@2: private: williamr@2: CWTLSSigningAlgorithmIdentifier(); williamr@2: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: }; williamr@2: williamr@2: class CWTLSSubjectPublicKeyInfo : public CSubjectPublicKeyInfo williamr@2: { williamr@2: public: williamr@2: IMPORT_C static CWTLSSubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSSubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData); williamr@2: IMPORT_C static CWTLSSubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: IMPORT_C static CWTLSSubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos); williamr@2: private: williamr@2: CWTLSSubjectPublicKeyInfo(); williamr@2: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: }; williamr@2: williamr@2: _LIT(KWTLSTCAType, " T"); williamr@2: _LIT(KWTLSTCAValue, "ca"); williamr@2: williamr@2: class CWTLSCertificate : public CCertificate williamr@2: { williamr@2: public: williamr@2: enum //enum values for encoded data element positions in tbsCert data structure williamr@2: { //these values are to be used as params to DataElementEncoding() function williamr@2: EVersionNumber = 0, williamr@2: EAlgorithmId = 1, williamr@2: EIssuerName = 2, williamr@2: EValidityPeriod = 3, williamr@2: ESubjectName = 4, williamr@2: ESubjectPublicKeyInfo = 5, williamr@2: }; williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation. williamr@2: * williamr@2: * @param aBinaryData The encoded binary representation. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewL(const TDesC8& aBinaryData); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation, williamr@2: * and puts a pointer to it onto the cleanup stack. williamr@2: * williamr@2: * @param aBinaryData The encoded binary representation. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewLC(const TDesC8& aBinaryData); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation. williamr@2: * williamr@2: * @param aBinaryData The encoded binary representation. williamr@2: * @param aPos An offset into the descriptor, and is updated to the position at the end of the object. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from the specified buffer containing the binary coded representation, williamr@2: * and puts a pointer to it onto the cleanup stack. williamr@2: * williamr@2: * @param aBinaryData The encoded binary representation. williamr@2: * @param aPos An offset into the descriptor, and is updated to the position at the end of the object. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewLC(const TDesC8& aBinaryData, TInt& aPos); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from a stream. williamr@2: * williamr@2: * The stream must have been written using the corresponding ExternalizeL() function. williamr@2: * williamr@2: * @param aStream The stream to be used as input. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewL(RReadStream& aStream); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from a stream, williamr@2: * and puts a pointer to it onto the cleanup stack. williamr@2: * williamr@2: * The stream must have been written using the corresponding ExternalizeL() function. williamr@2: * williamr@2: * @param aStream The stream to be used as input. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewLC(RReadStream& aStream); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from an existing one in the certificate store. williamr@2: * williamr@2: * @param aCert The certificate to be copied. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewL(const CWTLSCertificate& aCert); williamr@2: williamr@2: /** williamr@2: * Creates a new CWTLSCertificate object from an existing one in the certificate store, williamr@2: * and puts a pointer to it onto the cleanup stack. williamr@2: * williamr@2: * @param aCert The certificate to be copied. williamr@2: * @return The new CWTLSCertificate object. williamr@2: */ williamr@2: IMPORT_C static CWTLSCertificate* NewLC(const CWTLSCertificate& aCert); williamr@2: williamr@2: /** williamr@2: * Destructor. williamr@2: * williamr@2: * Frees all resources owned by the object, prior to its destruction. williamr@2: */ williamr@2: IMPORT_C ~CWTLSCertificate(); williamr@2: williamr@2: /** williamr@2: * Tests whether this WTLS certificate is the same as the specified WTLS certificate. williamr@2: * williamr@2: * This is not a simple as it sounds. For X.509 certificates equality means that the issuer name williamr@2: * and serial number fields are the same. This guarantees equality since a CA must ensure that every williamr@2: * certificate it issues has a unique serial number. But WTLS certificates do not include serial numbers, williamr@2: * so there seems to be no definition of equality. This function uses a byte-for-byte comparison of the williamr@2: * signatures on the certificates: this should not result in any false positives, but may give false williamr@2: * negatives if CAs do naughty things like recertifying the same key (which they have been known to do). williamr@2: * williamr@2: * @param aCert A WTLS certificate williamr@2: * @return ETrue, if the parameter is the same certificate; EFalse, otherwise. williamr@2: */ williamr@2: IMPORT_C TBool IsEqualL(const CWTLSCertificate& aCert) const; williamr@2: williamr@2: //extra accessors williamr@2: williamr@2: /** williamr@2: * Gets the version number of the WTLS certificate. williamr@2: * williamr@2: * @return The version number of the certificate. Always returns 1. williamr@2: */ williamr@2: IMPORT_C TInt Version() const; williamr@2: williamr@2: /** williamr@2: * Gets the name of the WTLS certificate's issuing authority. williamr@2: * williamr@2: * @return A WTLS name: williamr@2: * @li If the name is an X.500 DN, then if the name contains a Common name, that will be returned. williamr@2: * Otherwise, if the name contains an Organization name, that will be returned. Otherwise an empty williamr@2: * string will be returned. williamr@2: * @li If the name is of type text, then if the name is not a 'structured' name the entire string will williamr@2: * be returned, otherwise the same procedure will be followed as for X.509 certificates. williamr@2: * @li If the name is null an empty string will be returned. williamr@2: */ williamr@2: // Unsupported -- If the name is a key hash or binary value the entire contents will be returned. williamr@2: IMPORT_C const CWTLSName& IssuerName() const; williamr@2: williamr@2: /** williamr@2: * Gets the name of the owner of the public key the WTLS certificate contains. williamr@2: * williamr@2: * @return A WTLS name. williamr@2: */ williamr@2: IMPORT_C const CWTLSName& SubjectName() const; williamr@2: IMPORT_C virtual TBool IsSelfSignedL() const; williamr@2: IMPORT_C virtual HBufC* SubjectL() const; williamr@2: IMPORT_C virtual HBufC* IssuerL() const; williamr@2: williamr@2: /** williamr@2: * Initialises the certificate from a stream. williamr@2: * williamr@2: * This should not be called by client code; instead the static factory function above should be used. williamr@2: * If a client is using the certstore component for storage then it should use CCertStore::AddL() for williamr@2: * externalizing and CWTLSCert::NewL(CCertStore& aStore, const CCertStoreEntry& aEntry); for restoring. williamr@2: * williamr@2: * @param aStream williamr@2: */ williamr@2: IMPORT_C void InternalizeL(RReadStream& aStream); williamr@2: williamr@2: /** williamr@2: * Gets the certificate's signed data. williamr@2: * williamr@2: * @return A non-modifiable pointer descriptor representing the certificate's signed data. williamr@2: */ williamr@2: IMPORT_C const TPtrC8 SignedDataL() const; williamr@2: williamr@2: /** williamr@2: * Gets the encoding for a data element at the specified index. williamr@2: * williamr@2: * @param aIndex The position of the encoded data element. williamr@2: */ williamr@2: IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const; williamr@2: williamr@2: /** williamr@2: * Tests whether a non-selfsigned certificate can be used to sign others. williamr@2: * williamr@2: * Currently this only supports structured text variety of WTLS certificates. williamr@2: * Other certificate types will return EFalse. williamr@2: * williamr@2: * @return ETrue, if the certificate is capable of signing other certificates; otherwise, EFalse. williamr@2: */ williamr@2: IMPORT_C TBool IsTCAL() const; williamr@2: private: williamr@2: CWTLSCertificate(); williamr@2: void ConstructL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: void ConstructL(const CWTLSCertificate& aCertificate); williamr@2: void ConstructCertL(const TDesC8& aBinaryData, TInt& aPos); williamr@2: void InitEncodedDataElementsL(); williamr@2: //private data williamr@2: TInt iVersion; williamr@2: CWTLSName* iIssuerName; williamr@2: CWTLSName* iSubjectName; williamr@2: TFixedArray* iDataElements; williamr@2: }; williamr@2: williamr@2: #endif