CPKIXCertChainBase Class Reference
|
class CPKIXCertChainBase : public CX509CertChain
|
|
Public Member Functions
|
|
|
~CPKIXCertChainBase
()
|
|
IMPORT_C void
|
AddCertL
(const
TPtrC8
&)
|
|
IMPORT_C void
|
AddSupportedCriticalExtensionsL
(const
RPointerArray
<
TDesC
> &)
|
|
IMPORT_C void
|
CancelValidate
()
|
|
CArrayPtrFlat
<
CX509Certificate
> &
|
Chain
()
|
|
IMPORT_C
TBool
|
ChainHasRoot
()
|
|
TBool
|
ChainHasRoot
()
|
|
const
RPointerArray
<
CX509Certificate
> &
|
IntermediateCerts
()
|
|
IMPORT_C
CPKIXCertChainBase
*
|
NewL
(
MCertStore
&, const
TPtrC8
&, const
TUid
)
|
|
IMPORT_C
CPKIXCertChainBase
*
|
NewL
(
MCertStore
&, const
TPtrC8
&, const
RPointerArray
<
CX509Certificate
> &)
|
|
IMPORT_C
CPKIXCertChainBase
*
|
NewLC
(
MCertStore
&, const
TPtrC8
&, const
TUid
)
|
|
IMPORT_C
CPKIXCertChainBase
*
|
NewLC
(
MCertStore
&, const
TPtrC8
&, const
RPointerArray
<
CX509Certificate
> &)
|
|
void
|
RemoveLastCerts
(
TInt
)
|
|
IMPORT_C void
|
RemoveSupportedCriticalExtensions
(const
RPointerArray
<
TDesC
> &)
|
|
IMPORT_C void
|
ResetSupportedCriticalExtsToDefaultL
()
|
|
void
|
SetChainHasRoot
(
TBool
)
|
|
IMPORT_C void
|
SetSupportedCriticalExtensionsL
(const
RPointerArray
<
TDesC
> &)
|
|
IMPORT_C void
|
SetValidityPeriodCheckFatal
(
TBool
)
|
|
IMPORT_C const
RPointerArray
<
TDesC
> &
|
SupportedCriticalExtensions
()
|
|
IMPORT_C void
|
ValidateL
(
CPKIXValidationResultBase
&, const
TTime
&,
TRequestStatus
&)
|
|
IMPORT_C void
|
ValidateL
(
CPKIXValidationResultBase
&, const
TTime
&, const
CArrayPtr
<
HBufC
> &,
TRequestStatus
&)
|
|
IMPORT_C
TBool
|
ValidityPeriodCheckFatal
()
|
Constructor & Destructor Documentation
CPKIXCertChainBase()
|
IMPORT_C
|
CPKIXCertChainBase
|
(
|
)
|
[protected]
|
~CPKIXCertChainBase()
|
IMPORT_C
|
~CPKIXCertChainBase
|
(
|
)
|
|
Destructor.
Frees all resources owned by the object.
Member Functions Documentation
AddCertL(const TPtrC8 &)
|
IMPORT_C void
|
AddCertL
|
(
|
const
TPtrC8
&
|
aEncodedCerts
|
)
|
|
Adds one or more intermediate certificates to use when building the chain .
Any self signed certs are ignored.
Parameters
|
const
TPtrC8
& aEncodedCerts
|
The concatenation of one or more DER encoded X.509 certificates.
|
AddIntermediateCertsL(const TPtrC8 &)
|
void
|
AddIntermediateCertsL
|
(
|
const
TPtrC8
&
|
aEncodedCerts
|
)
|
[private]
|
This function adds certificates to the chain but only the ones that are not self-signed.
Parameters
|
const
TPtrC8
& aEncodedCerts
|
The encoded certificates.
|
AddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)
|
IMPORT_C void
|
AddSupportedCriticalExtensionsL
|
(
|
const
RPointerArray
<
TDesC
> &
|
aCriticalExtOids
|
)
|
|
Adds one or more critical extension OIDs to the list of supported critical extensions. Duplicate OID values are not added.
Parameters
|
const
RPointerArray
<
TDesC
> & aCriticalExtOids
|
A list of the critical extensions OIDs to append to the supported list. Ownership is not transferred from the caller.
|
CancelValidate()
|
IMPORT_C void
|
CancelValidate
|
(
|
)
|
|
ChainHasRoot()
|
IMPORT_C
TBool
|
ChainHasRoot
|
(
|
)
|
const
|
Tests whether the root certificate of the chain is locatable.
Note that the value is only significant after a successful call to
ValidateL()
.
ConstructL(MCertStore &, const TPtrC8 &, TUid)
|
IMPORT_C void
|
ConstructL
|
(
|
MCertStore
&
|
aCertStore,
|
|
|
const
TPtrC8
&
|
aEncodedCerts,
|
|
|
TUid
|
aClient
|
|
|
)
|
[protected]
|
ConstructL(MCertStore &, const TPtrC8 &, const RPointerArray< CX509Certificate > &)
Second-phase constructor This constructor takes a set of root certificates we trust. We don't take into account the certificates in the certificate store because we are not interested in the trust model of that store (where each certificates comes with a set of uid of the applications that trust this certificate) this is consistent with the fact that in FindIssuer, we only look for non-root certs in the store
DoConstructL(const TPtrC8 &)
|
void
|
DoConstructL
|
(
|
const
TPtrC8
&
|
aEncodedCerts
|
)
|
[private]
|
NewL(MCertStore &, const TPtrC8 &, const TUid)
Creates a certificate chain using the binary data in aEncodedCerts.
Parameters
|
MCertStore
& aCertStore
|
The certificate store to use when looking for root certificates.
|
|
const
TPtrC8
& aEncodedCerts
|
One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.
|
|
const
TUid
aClient
|
The Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.
|
NewL(MCertStore &, const TPtrC8 &, const RPointerArray< CX509Certificate > &)
Creates a certificate chain using the binary data in aEncodedCerts.
Parameters
|
MCertStore
& aCertStore
|
The certificate store to use when looking for root certificates.
|
|
const
TPtrC8
& aEncodedCerts
|
One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded, as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.
|
|
const
RPointerArray
<
CX509Certificate
> & aRootCerts
|
An array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.
|
NewLC(MCertStore &, const TPtrC8 &, const TUid)
Creates a certificate chain using the binary data in aEncodedCerts, and puts a pointer to the new object onto the cleanup stack.
Parameters
|
MCertStore
& aCertStore
|
The certificate store to use when looking for root certificates.
|
|
const
TPtrC8
& aEncodedCerts
|
One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.
|
|
const
TUid
aClient
|
The Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.
|
NewLC(MCertStore &, const TPtrC8 &, const RPointerArray< CX509Certificate > &)
Creates a certificate chain using the binary data in aEncodedCerts and puts a pointer to the new object onto the cleanup stack.
Parameters
|
MCertStore
& aCertStore
|
The certificate store to use when looking for root certificates.
|
|
const
TPtrC8
& aEncodedCerts
|
One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.
|
|
const
RPointerArray
<
CX509Certificate
> & aRootCerts
|
An array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.
|
RemoveLastCerts(TInt)
|
void
|
RemoveLastCerts
|
(
|
TInt
|
aNumberOfCertsToRemove
|
)
|
|
Parameters
|
TInt
aNumberOfCertsToRemove
|
|
RemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &)
|
IMPORT_C void
|
RemoveSupportedCriticalExtensions
|
(
|
const
RPointerArray
<
TDesC
> &
|
aCriticalExtOids
|
)
|
|
Removes one or more critical extension OIDs from the list of supported critical extensions.
ResetSupportedCriticalExtsToDefaultL()
|
IMPORT_C void
|
ResetSupportedCriticalExtsToDefaultL
|
(
|
)
|
|
Resets the current list of supported critical extensions and re-populates it with the default set which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.
SetChainHasRoot(TBool)
|
void
|
SetChainHasRoot
|
(
|
TBool
|
aHasRoot
|
)
|
|
SetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)
|
IMPORT_C void
|
SetSupportedCriticalExtensionsL
|
(
|
const
RPointerArray
<
TDesC
> &
|
aCriticalExtOids
|
)
|
|
Completely replaces the set of supported critical extensions for certificate validation. If a critical extension is encountered matching one of these OIDs then its occurrence is treated as a warning rather than an error. The results of which can be queried through a call to
CPKIXValidationResult::ValidationWarnings()
.
Parameters
|
const
RPointerArray
<
TDesC
> & aCriticalExtOids
|
A list of the critical extensions OIDs for the class to support. Ownership is not transferred from the caller.
|
SetValidityPeriodCheckFatal(TBool)
|
IMPORT_C void
|
SetValidityPeriodCheckFatal
|
(
|
TBool
|
aIsFatal
|
)
|
|
Specify if a failed check on the certificate validity date is treated as an error or a warning.
Parameters
|
TBool
aIsFatal
|
ETrue for reporting as an error; EFalse for a warning.
|
SupportedCriticalExtensions()
Returns a list of the critical extension OIDs that are supported by the chain validator. If a critical extension is encountered in a certificate chain whose OID matches an element in this set then the chain validator shall treat this as a warning instead of an error.
If
CPKIXCertChain::SetSupportedCriticalExtensionsL()
has not been called, this list will return the default set of supported critical extensions which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.
ValidateL(CPKIXValidationResultBase &, const TTime &, TRequestStatus &)
Parameters
|
CPKIXValidationResultBase
& aValidationResult
|
On completion, this contains the result of the validation.
|
|
const
TTime
& aValidationTime
|
The time that should be presumed to be the current time when checking timestamps.
|
|
TRequestStatus
& aStatus
|
An asynchronous request status object.
|
ValidateL(CPKIXValidationResultBase &, const TTime &, const CArrayPtr< HBufC > &, TRequestStatus &)
Parameters
|
CPKIXValidationResultBase
& aValidationResult
|
On completion, this contains the result of the validation.
|
|
const
TTime
& aValidationTime
|
The time that should be presumed to be the current time when checking timestamps.
|
|
const
CArrayPtr
<
HBufC
> & aInitialPolicies
|
The policies we want to be present in the certificate chain.
|
|
TRequestStatus
& aStatus
|
An asynchronous request status object.
|
ValidityPeriodCheckFatal()
|
IMPORT_C
TBool
|
ValidityPeriodCheckFatal
|
(
|
)
|
const
|
Returns whether or not validity period check failures will be reported as an error or a warning.
Member Data Documentation
CPKIXCertChainAO * iActiveObject
Most of the fucntionality of the class is asynchronous and is in fact delegated to iActiveObject which will deal with all the asynchronous functions.
TBool
iChainHasRoot
|
TBool
|
iChainHasRoot
|
[private]
|
This is ETrue if the chain has a root and EFalse if it hasn't. The value is only significant after a successfull call to
ValidateL()
.
TBool
iDateTimeCheckFatal
|
TBool
|
iDateTimeCheckFatal
|
[private]
|
When true (the defaut) indicates that a failed check on the validity period of a certificate will result in a fatal error. When false this instead results in a warning.
RPointerArray< CX509Certificate > iIntermediateCerts
Holds a list of candiate intermediate certs - these come from the encoded certs passed at construction time, and also any added with
AddCertL()
.
RPointerArray< TDesC > iSupportedCriticalExts
Holds a list of supported critical extensions set by the client.
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.