williamr@2: /* williamr@2: * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: * All rights reserved. williamr@2: * This component and the accompanying materials are made available williamr@2: * under the terms of the License "Eclipse Public License v1.0" williamr@2: * which accompanies this distribution, and is available williamr@2: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: * williamr@2: * Initial Contributors: williamr@2: * Nokia Corporation - initial contribution. williamr@2: * williamr@2: * Contributors: williamr@2: * williamr@2: * Description: williamr@2: * X509 certificate chain and the validation status implementations williamr@2: * williamr@2: */ williamr@2: williamr@2: williamr@2: /** williamr@2: @file williamr@2: @publishedAll williamr@2: @released williamr@2: */ williamr@2: williamr@2: #ifndef __X509CERTCHAIN_H__ williamr@2: #define __X509CERTCHAIN_H__ williamr@2: williamr@2: #include williamr@2: #include williamr@2: #include williamr@2: williamr@2: class TValidationStatus williamr@2: /** The validation status. williamr@2: * williamr@2: * Some errors cannot be blamed on any single certificate, in which case the williamr@2: * iCert value is meaningless. The same structure is used for errors and for williamr@2: * warnings. williamr@2: * williamr@2: * @since v6.0 */ williamr@2: { williamr@2: public: williamr@2: /** Creates a validation status object. williamr@2: * williamr@2: * @param aError The error type that occurred when validating the certificate chain. williamr@2: * @param aCert The index number identifying the certificate that gave rise to williamr@2: * the error. */ williamr@2: IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert); williamr@2: williamr@2: /** The reason for the error. */ williamr@2: TValidationError iReason; williamr@2: williamr@2: /** The index number identifying the certificate that gave rise to the error. */ williamr@2: TInt iCert; williamr@2: }; williamr@2: williamr@2: class CX509CertChain : public CBase williamr@2: /** Abstract base class for X.509 certificate chain validation; williamr@2: * derive from this to suit your profile. williamr@2: * williamr@2: * @since v6.0 */ williamr@2: { williamr@2: public: williamr@2: /** Gets the number of certificates in the chain. williamr@2: * williamr@2: * @return The number of certificates in the chain. */ williamr@2: IMPORT_C TInt Count() const; williamr@2: williamr@2: /** Gets the certificate identified by the specified index. williamr@2: * Note that Cert(Count()) corresponds to the root (if any) williamr@2: * whilst Cert(0) corresponds to the outmost certificate in the chain. williamr@2: * williamr@2: * @param aIndex The ordinal number representing the position of the certificate williamr@2: * within the chain. williamr@2: * @return The X.509 certificate at the specified index. */ williamr@2: IMPORT_C const CX509Certificate& Cert(TInt aIndex) const; williamr@2: williamr@2: /** Decodes the individual elements of the signed data to construct the certificates. williamr@2: * williamr@2: * @param aBinaryData The encoded binary representation. williamr@2: * @return The certificate objects. */ williamr@4: IMPORT_C CArrayPtrFlat* DecodeCertsL(const TDesC8& aBinaryData); williamr@2: williamr@2: /** Destructor. williamr@2: * williamr@2: * Frees all resources owned by the object, prior to its destruction. */ williamr@2: IMPORT_C ~CX509CertChain(); williamr@2: williamr@2: /** Tests whether the specified X.509 certificate chain is equal to this X.509 williamr@2: * certificate chain. williamr@2: * williamr@2: * @param aOther The X.509 certificate chain to be compared. williamr@2: * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */ williamr@2: IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const; williamr@2: protected: williamr@2: //certificate chain williamr@2: CArrayPtrFlat* iChain; williamr@2: private: williamr@2: static void CleanupCertArray(TAny* aArray); williamr@2: }; williamr@2: williamr@2: class CCertificateValidationWarnings : public CBase williamr@2: /** Encapsulates the critical extensions encountered and any warnings found williamr@2: * for a particular certificate in the chain during the process of validation. williamr@2: * williamr@2: * @since v9.5 */ williamr@2: { williamr@2: public: williamr@2: /** Creates an instance of CCertificateValidationWarnings. williamr@2: * williamr@2: * @param aIndex The index of aCert in the certificate chain. williamr@2: * @return A pointer to the new CCertificateWarning object. */ williamr@2: IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex); williamr@2: williamr@2: /** Creates an instance of CCertificateValidationWarnings. williamr@2: * williamr@2: * @param aIndex The index of aCert in the certificate chain. williamr@2: * @return A pointer to the new CCertificateWarning object. */ williamr@2: IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex); williamr@2: williamr@2: /** Gets a list of critical extension OIDs found in the certificate. williamr@2: * williamr@2: * @return An array of critical extensions found. */ williamr@2: IMPORT_C const RPointerArray& CriticalExtensionsFound() const; williamr@2: williamr@2: /** Gets a list of warnings generated by the certificate. williamr@2: * williamr@2: * @return An array of warnings generated. */ williamr@2: IMPORT_C const RArray& Warnings() const; williamr@2: williamr@2: /** Gets the index of the certificate in the chain. williamr@2: * williamr@2: * @return The certificate index number. */ williamr@2: IMPORT_C TInt CertIndex() const; williamr@2: williamr@2: /** Externalises an object of this class to a write stream. williamr@2: * williamr@2: * The presence of this function means that the standard templated operator<<() williamr@2: * can be used to externalise objects of this class. williamr@2: * williamr@2: * @param aStream Stream to which the object should be externalised. */ williamr@2: IMPORT_C void ExternalizeL(RWriteStream& aStream) const; williamr@2: williamr@2: /** Internalises an object of this class from a read stream. williamr@2: * williamr@2: * The presence of this function means that the standard templated operator>>() williamr@2: * can be used to internalise objects of this class. williamr@2: * williamr@2: * Note that this function has assignment semantics: it replaces the old value williamr@2: * of the object with a new value read from the read stream. williamr@2: * williamr@2: * @param aStream Stream from which the object should be internalised. williamr@2: * @return A pointer to the new CCertificateWarning object. */ williamr@2: IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream); williamr@2: williamr@2: /** The destructor. williamr@2: * williamr@2: * Frees all resources owned by the object. */ williamr@2: IMPORT_C ~CCertificateValidationWarnings(); williamr@2: williamr@2: public: williamr@2: /** Adds a warning. williamr@2: * williamr@4: */ williamr@2: IMPORT_C void AppendWarningL(TValidationStatus aWarning); williamr@2: williamr@2: /** Adds a critical extension OID warning. williamr@2: * williamr@4: */ williamr@2: IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt); williamr@2: williamr@2: private: williamr@2: CCertificateValidationWarnings(TInt aIndex); williamr@2: williamr@2: private: williamr@2: TInt iCertIndex; williamr@2: RPointerArray iCriticalExtsFound; williamr@2: RArray iWarnings; williamr@2: }; williamr@2: williamr@2: #endif williamr@4: williamr@4: