williamr@2: /* williamr@2: * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: * All rights reserved. williamr@2: * This component and the accompanying materials are made available williamr@2: * under the terms of the License "Eclipse Public License v1.0" williamr@2: * which accompanies this distribution, and is available williamr@2: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: * williamr@2: * Initial Contributors: williamr@2: * Nokia Corporation - initial contribution. williamr@2: * williamr@2: * Contributors: williamr@2: * williamr@2: * Description: williamr@2: * williamr@2: */ williamr@2: williamr@2: williamr@2: /** williamr@2: @file williamr@4: @publishedAll williamr@4: @released williamr@2: */ williamr@2: williamr@2: #ifndef __WTLSCERTCHAIN_H__ williamr@2: #define __WTLSCERTCHAIN_H__ williamr@2: williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: williamr@2: class TWTLSValidationStatus williamr@2: /** The validation status. williamr@2: * williamr@2: * Some errors cannot be blamed on any single certificate, in which case the williamr@2: * iCert value is meaningless. The same structure is used for errors and for warnings. williamr@2: * williamr@4: */ williamr@2: { williamr@2: public: williamr@2: /** Creates a validation status object. williamr@2: * williamr@2: * @param aError The error type that occurred when validating the certificate chain. williamr@2: * @param aCert The index number for the certificate that gave rise to the error. */ williamr@2: IMPORT_C TWTLSValidationStatus(const TValidationError aError, const TInt aCert); williamr@2: williamr@2: /** The reason for the error. */ williamr@2: TValidationError iReason; williamr@2: williamr@2: /** The index number for the certificate that gave rise to the error. */ williamr@2: TInt iCert; williamr@2: }; williamr@2: williamr@2: class CWTLSValidationResult : public CBase williamr@2: /** Encapsulates the results of the validation process. williamr@2: * williamr@2: * It is returned to client code, which can examine it. Client code takes ownership of it. williamr@2: * williamr@4: */ williamr@2: { williamr@2: public: williamr@2: /** Creates a new CWTLSValidationResult object and puts a pointer to it on the williamr@2: * cleanup stack. williamr@2: * williamr@2: * @return The new WTLS Validation Result object. */ williamr@2: IMPORT_C static CWTLSValidationResult* NewLC(); williamr@2: williamr@2: /** Creates a new CWTLSValidationResult object. williamr@2: * williamr@2: * @return The new WTLS Validation Result object. */ williamr@2: IMPORT_C static CWTLSValidationResult* NewL(); williamr@2: williamr@2: /** Destructor. williamr@2: * williamr@2: * Frees all resources owned by the object, prior to its destruction. */ williamr@2: IMPORT_C ~CWTLSValidationResult(); williamr@2: williamr@2: /** Gets the error status of the operation. williamr@2: * williamr@2: * Any errors here are considered fatal: validation has failed. williamr@2: * williamr@2: * @return The error status of the operation. */ williamr@2: IMPORT_C const TWTLSValidationStatus Error() const; williamr@2: williamr@2: /** Gets an array of any warnings generated. williamr@2: * williamr@2: * The warnings may or may not be fatal, depending on the context, which the williamr@2: * client is expected to provide. williamr@2: * williamr@2: * @return An array of any warnings generated. */ williamr@2: IMPORT_C const CArrayFixFlat& Warnings() const; williamr@2: williamr@2: /** Resets the validation result object to its default values. williamr@2: * @internalAll williamr@2: */ williamr@2: void Reset(); williamr@2: williamr@2: /** Sets the error. williamr@2: * williamr@2: * @param aError The error type that occurred when validating the certificate chain. williamr@2: * @param aCert The index number for the certificate that gave rise to the error. williamr@2: * @internalAll williamr@2: */ williamr@2: void SetError(const TValidationError aError, const TInt aCert); williamr@2: williamr@2: /** Adds a warning to the validation. williamr@2: * williamr@2: * @param aWarning The validation status object to be added. williamr@2: * @internalAll williamr@2: */ williamr@2: void AppendWarningL(TWTLSValidationStatus aWarning); williamr@2: williamr@2: private: williamr@2: CWTLSValidationResult(); williamr@2: void ConstructL(); williamr@2: TWTLSValidationStatus iError; williamr@2: CArrayFixFlat* iWarnings; williamr@2: }; williamr@2: williamr@2: class CWTLSRootCerts; williamr@2: class CWTLSCertChainAO; williamr@2: williamr@2: class CWTLSCertChain : public CBase williamr@2: /** Implements a WTLS certificate chain. williamr@2: * williamr@4: */ williamr@2: { williamr@2: friend class CWTLSCertChainAO; williamr@2: williamr@2: public: williamr@2: /** Creates a certificate chain using the binary data in aEncodedCerts. williamr@2: * williamr@2: * @param aFs An open file server session. williamr@2: * @param aEncodedCerts One or more concatenated DER encoded WTLS certificates. williamr@2: * The first certificate will be interpreted as the end entity williamr@2: * certificate to be validated; subsequent certificates may be williamr@2: * in any order and may be used by the chain as intermediate williamr@2: * certificates, but not root certificates. williamr@2: * @param aClient The uid of the client. It is a value identifying the application williamr@2: * to the chain; this will be used to select a subset of stored williamr@2: * certificates to use as candidate root certificates. */ williamr@2: IMPORT_C static CWTLSCertChain* NewL(RFs& aFs, const TPtrC8& aEncodedCerts, williamr@2: const TUid aClient); williamr@2: williamr@2: /** Creates a certificate chain using the binary data in aEncodedCerts and puts williamr@2: * a pointer to the new object onto the cleanup stack. williamr@2: * williamr@2: * @param aFs An open file server session williamr@2: * @param aEncodedCerts One or more concatenated DER encoded WTLS certificates. williamr@2: * The first certificate will be interpreted as the end entity williamr@2: * certificate to be validated; subsequent certificates may be williamr@2: * in any order and may be used by the chain as intermediate williamr@2: * certificates, but not root certificates. williamr@2: * @param aClient The uid of the client. It is a value identifying the application williamr@2: * to the chain; this will be used to select a subset of stored williamr@2: * certificates to use as candidate root certificates. */ williamr@2: IMPORT_C static CWTLSCertChain* NewLC(RFs& aFs, const TPtrC8& aEncodedCerts, williamr@2: const TUid aClient); williamr@2: williamr@2: /** Creates a certificate chain using the binary data in aEncodedCerts. williamr@2: * williamr@2: * @param aFs An open file server session. williamr@2: * @param aEncodedCerts One or more concatenated DER encoded WTLS certificates. williamr@2: * The first certificate will be interpreted as the end entity williamr@2: * certificate to be validated; subsequent certificates may be williamr@2: * in any order and may be used by the chain as intermediate williamr@2: * certificates, but not root certificates. Any self signed williamr@2: * certificates supplied here after the first one will be williamr@2: * discarded, as self signed certificates cannot by definition williamr@2: * be intermediate certificates. williamr@2: * @param aRootCerts An array of certificates which the chain will treat as williamr@2: * candidate root certificates. If one of these overloads is williamr@2: * used, the chain will not look in stores for root certificates, williamr@2: * but will only use the certificates supplied here. */ williamr@2: IMPORT_C static CWTLSCertChain* NewL(RFs& aFs, const TPtrC8& aEncodedCerts, williamr@2: const CArrayPtr& aRootCerts); williamr@2: williamr@2: /** Creates a certificate chain using the binary data in aEncodedCerts and puts williamr@2: * a pointer to the new object onto the cleanup stack. williamr@2: * williamr@2: * @param aFs An open file server session. williamr@2: * @param aEncodedCerts One or more concatenated DER encoded WTLS certificates. williamr@2: * The first certificate will be interpreted as the end entity williamr@2: * certificate to be validated; subsequent certificates may be williamr@2: * in any order and may be used by the chain as intermediate williamr@2: * certificates, but not root certificates. Any self signed williamr@2: * certificates supplied here after the first one will be williamr@2: * discarded as self signed certificates cannot by definition williamr@2: * be intermediate certificates. williamr@2: * @param aRootCerts An array of certificates which the chain will treat as williamr@2: * candidate root certificates. If one of these overloads is williamr@2: * used, the chain will not look in stores for root certificates, williamr@2: * but will only use the certificates supplied here. */ williamr@2: IMPORT_C static CWTLSCertChain* NewLC(RFs& aFs, const TPtrC8& aEncodedCerts, williamr@2: const CArrayPtr& aRootCerts); williamr@2: williamr@2: /** Destructor. williamr@2: * williamr@2: * Frees all resources owned by the object. */ williamr@2: IMPORT_C ~CWTLSCertChain(); williamr@2: williamr@2: /** Validates the chain. williamr@2: * williamr@2: * @param aValidationResult On completion, this contains the result of the validation. williamr@2: * @param aValidationTime The time for which validation should be performed, usually williamr@2: * the current time. williamr@2: * @param aStatus An asynchronous request status object. */ williamr@2: IMPORT_C void ValidateL(CWTLSValidationResult& aValidationResult, williamr@2: const TTime& aValidationTime, TRequestStatus& aStatus); williamr@2: williamr@2: /** Gets the number of WTLS certificates in the chain. williamr@2: * williamr@2: * @return The number of WTLS certificates in the chain. */ williamr@2: IMPORT_C TInt Count() const; williamr@2: williamr@2: /** Gets the certificate at the specified index. williamr@2: * williamr@2: * @param aIndex The ordinal number representing the position of the certificate williamr@2: * within the chain. williamr@2: * @return The WTLS certificate at the specified index. */ williamr@2: IMPORT_C const CWTLSCertificate& Cert(TInt aIndex) const; williamr@2: williamr@2: /** Tests whether the root certificate of the chain is locatable. williamr@2: * williamr@2: * Note that the value is only significant after a successfull call to ValidateL(). williamr@2: * williamr@2: * @return ETrue if the chain has a root; EFalse, otherwise. */ williamr@2: IMPORT_C TBool ChainHasRoot() const; williamr@2: williamr@2: /** Appends the specified encoded certificate to the chain. williamr@2: * williamr@2: * @param aEncodedCerts One or more concatenated DER encoded WTLS certificates. williamr@2: * These certificates will be used as candidates. The first williamr@2: * certificate will be interpreted as the end entity certificate williamr@2: * to be validated; subsequent certificates may be in any order williamr@2: * and may be used by the chain as intermediate certificates, williamr@2: * but not root certificates. */ williamr@2: IMPORT_C void AppendCertsL(const TPtrC8& aEncodedCerts); williamr@2: williamr@2: private: williamr@2: CWTLSCertChain(RFs& aFs); williamr@2: void ConstructL(const TPtrC8& aEncodedCerts, const TUid aClient); williamr@2: void ConstructL(const TPtrC8& aEncodedCerts, const CArrayPtr& aRootCerts); williamr@2: void DoConstructL(const TPtrC8& aEncodedCerts); williamr@2: williamr@2: private: williamr@2: RFs& iFs; williamr@2: CWTLSCertChainAO* iActiveObject; williamr@2: CArrayPtrFlat* iChain; williamr@2: TBool iChainHasRoot; williamr@2: }; williamr@2: williamr@2: #endif williamr@4: