diff -r 666f914201fb -r 2fe1408b6811 epoc32/include/x509certchain.h --- a/epoc32/include/x509certchain.h Tue Nov 24 13:55:44 2009 +0000 +++ b/epoc32/include/x509certchain.h Tue Mar 16 16:12:26 2010 +0000 @@ -1,1 +1,191 @@ -x509certchain.h +/* +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* X509 certificate chain and the validation status implementations +* +*/ + + + + +/** + @file + @publishedAll + @released +*/ + +#ifndef __X509CERTCHAIN_H__ +#define __X509CERTCHAIN_H__ + +#include +#include +#include + +class TValidationStatus +/** The validation status. +* +* Some errors cannot be blamed on any single certificate, in which case the +* iCert value is meaningless. The same structure is used for errors and for +* warnings. +* +* @publishedAll +* @released +* @since v6.0 */ + { +public: + /** Creates a validation status object. + * + * @param aError The error type that occurred when validating the certificate chain. + * @param aCert The index number identifying the certificate that gave rise to + * the error. */ + IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert); + + /** The reason for the error. */ + TValidationError iReason; + + /** The index number identifying the certificate that gave rise to the error. */ + TInt iCert; + }; + +class CX509CertChain : public CBase +/** Abstract base class for X.509 certificate chain validation; +* derive from this to suit your profile. +* +* @publishedAll +* @released +* @since v6.0 */ + { +public: + /** Gets the number of certificates in the chain. + * + * @return The number of certificates in the chain. */ + IMPORT_C TInt Count() const; + + /** Gets the certificate identified by the specified index. + * Note that Cert(Count()) corresponds to the root (if any) + * whilst Cert(0) corresponds to the outmost certificate in the chain. + * + * @param aIndex The ordinal number representing the position of the certificate + * within the chain. + * @return The X.509 certificate at the specified index. */ + IMPORT_C const CX509Certificate& Cert(TInt aIndex) const; + + /** Decodes the individual elements of the signed data to construct the certificates. + * + * @param aBinaryData The encoded binary representation. + * @return The certificate objects. */ + IMPORT_C CArrayPtrFlat* CX509CertChain::DecodeCertsL(const TDesC8& aBinaryData); + + /** Destructor. + * + * Frees all resources owned by the object, prior to its destruction. */ + IMPORT_C ~CX509CertChain(); + + /** Tests whether the specified X.509 certificate chain is equal to this X.509 + * certificate chain. + * + * @param aOther The X.509 certificate chain to be compared. + * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */ + IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const; +protected: + //certificate chain + CArrayPtrFlat* iChain; +private: + static void CleanupCertArray(TAny* aArray); + }; + +class CCertificateValidationWarnings : public CBase + /** Encapsulates the critical extensions encountered and any warnings found + * for a particular certificate in the chain during the process of validation. + * + * @publishedAll + * @released + * @since v9.5 */ + { + public: + /** Creates an instance of CCertificateValidationWarnings. + * + * @param aIndex The index of aCert in the certificate chain. + * @return A pointer to the new CCertificateWarning object. */ + IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex); + + /** Creates an instance of CCertificateValidationWarnings. + * + * @param aIndex The index of aCert in the certificate chain. + * @return A pointer to the new CCertificateWarning object. */ + IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex); + + /** Gets a list of critical extension OIDs found in the certificate. + * + * @return An array of critical extensions found. */ + IMPORT_C const RPointerArray& CriticalExtensionsFound() const; + + /** Gets a list of warnings generated by the certificate. + * + * @return An array of warnings generated. */ + IMPORT_C const RArray& Warnings() const; + + /** Gets the index of the certificate in the chain. + * + * @return The certificate index number. */ + IMPORT_C TInt CertIndex() const; + + /** Externalises an object of this class to a write stream. + * + * The presence of this function means that the standard templated operator<<() + * can be used to externalise objects of this class. + * + * @param aStream Stream to which the object should be externalised. */ + IMPORT_C void ExternalizeL(RWriteStream& aStream) const; + + /** Internalises an object of this class from a read stream. + * + * The presence of this function means that the standard templated operator>>() + * can be used to internalise objects of this class. + * + * Note that this function has assignment semantics: it replaces the old value + * of the object with a new value read from the read stream. + * + * @param aStream Stream from which the object should be internalised. + * @return A pointer to the new CCertificateWarning object. */ + IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream); + + /** The destructor. + * + * Frees all resources owned by the object. */ + IMPORT_C ~CCertificateValidationWarnings(); + + public: + /** Adds a warning. + * + * @internalComponent + * @released */ + IMPORT_C void AppendWarningL(TValidationStatus aWarning); + + /** Adds a critical extension OID warning. + * + * @internalComponent + * @released */ + IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt); + + private: + CCertificateValidationWarnings(TInt aIndex); + + private: + TInt iCertIndex; + RPointerArray iCriticalExtsFound; + RArray iWarnings; + }; + +#endif