1 /*

     2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 * The file constains the declaration of the certchainconstraints class.

    16 *

    17 */

    18 

    19 

    20 /**

    21  @file 

    22  @released

    23  @internalTechnology 

    24 */

    25 

    26 #ifndef __CERTCHAINCONSTRAINTS_H__

    27 #define __CERTCHAINCONSTRAINTS_H__

    28 

    29 #include <e32base.h>

    30 #include <pkixcertchain.h>

    31 

    32 namespace Swi 

    33 {

    34 

    35 /**

    36 The CCertChainConstraints class is to aggregate the constraints  

    37 specified in certficate extensions across all valid certificate chains 

    38 and then check them against information from the device and/or information

    39 contained in the SIS file.

    40 @released

    41 @internalTechnology 

    42 */

    43 class CCertChainConstraints : public CBase

    44 	{

    45 public:

    46 		

    47 	/**

    48 	Constructs a new CCertChainConstraints object

    49 	

    50 	@param aValidCerts a valid PKIX certificate chain

    51 	@return A Certificate Chain Constraint

    52 	*/

    53 	IMPORT_C static CCertChainConstraints* NewL(RPointerArray<CPKIXCertChainBase>& aValidCerts);

    54 	

    55 	/**

    56 	Constructs a new CCertChainConstraints object and leaves it on the cleanup stack

    57 	

    58 	@param aValidCerts a valid PKIX certificate chain

    59 	@return A Certificate Chain Constraint

    60 	*/

    61 	IMPORT_C static CCertChainConstraints* NewLC(RPointerArray<CPKIXCertChainBase>& aValidCerts);

    62 

    63 	/**

    64 	Constructs a new CCertChainConstraints object with no constraints

    65 

    66 	@return A Certificate Chain Constraint

    67 	*/

    68 	IMPORT_C static CCertChainConstraints* NewL();

    69 	

    70 	~CCertChainConstraints();

    71 	

    72 	/**

    73 	Determine if the request SID is valid.

    74 	

    75 	@param aRequestSID a request SID

    76 	@return ETrue if the request SID is valid, EFalse if not

    77 	*/	

    78 	IMPORT_C TBool SIDIsValid(TSecureId aRequestSID) const;

    79 	

    80 	/**

    81 	Determine if the request VID is valid.

    82 	

    83 	@param aRequestSID a request VID

    84 	@return ETrue if the request VID is valid, EFalse if not

    85 	*/		

    86 	IMPORT_C TBool VIDIsValid(TVendorId aRequestVID) const;

    87 	

    88 	/**

    89 	Determine if the request Capability set is valid.

    90 	

    91 	@param aRequestSID a request capability set

    92 	@return ETrue if the request Capability Set is valid, EFalse if not

    93 	*/		

    94 	IMPORT_C TBool CapabilitiesAreValid(TCapabilitySet& aRequestCapabilities) const;

    95 	

    96 	/**

    97 	Determine if the request Device ID is valid.

    98 	

    99 	@param aRequestSID a request device ID

   100 	@return ETrue if the request Device ID is valid, EFalse if not.

   101 	*/			

   102 	IMPORT_C TBool DeviceIDIsValid(const HBufC* aRequestDeviceID) const;

   103 	

   104 	/**

   105 	The method is tell if the SIDs are constrained or not 

   106 	

   107 	@return ETrue if the SID is constrained, EFalse if not

   108 	*/				

   109 	IMPORT_C TBool SIDsAreConstrained() const;

   110 	

   111 	/**

   112 	The method is tell if the VIDs are constrained or not 

   113 	

   114 	@return ETrue the VID is constrained, EFalse if not

   115 	*/					

   116 	IMPORT_C TBool VIDsAreConstrained() const;

   117 	

   118 	/**

   119 	The method is tell if the Device IDs are constrained or not 

   120 	

   121 	@return ETrue if the Device ID is constrained, EFalse if not

   122 	*/						

   123 	IMPORT_C TBool DeviceIDsAreConstrained() const;

   124 

   125 	/**

   126 	The method is tell if the Capabilities are constrained or not 

   127 	

   128 	@return ETrue if the Capabilities is constrained, EFalse if not

   129 	*/						

   130 	IMPORT_C TBool CapabilitiesAreConstrained() const;

   131 	

   132 	/**

   133 	The method retrieves the valid Capability Set 

   134 	

   135 	@return valid capability set

   136 	*/							

   137 	IMPORT_C const TCapabilitySet& ValidCapabilities() const;

   138 	

   139 	/**

   140 	Set the valid Capability set

   141 	

   142 	@param aValidCapabilities a capability set to be set in the constaints.

   143 	@return none

   144 	*/								

   145 	IMPORT_C void SetValidCapabilities(const TCapabilitySet& aValidCapabilities);

   146 	

   147 private:

   148 

   149 	CCertChainConstraints();

   150 	//Second-phase construntor.

   151 	void ConstructL(RPointerArray<CPKIXCertChainBase>& aValidCerts);

   152 	/**

   153 	Retrieve the constrained capability set from the certificate extension, and take

   154 	the intersection of the retrieved capabilities and the existing capability

   155 	constraints as the new capability constraints

   156 	

   157 	@param aValidCerts a CX509Certificate reference

   158 	@return none

   159 	*/							

   160 	void RetrieveExtensionCapabilitySetL(const CX509Certificate& aCert);

   161 

   162 	/**

   163 	Retrieve the device IDs constraints from the certificate extension

   164 	and take the intersection of the retrieved device ID constraints and 

   165 	the existing device ID constraints as the new device ID constraints

   166 	 

   167 	@param aValidCerts a CX509Certificate reference

   168 	@return none

   169 	*/								

   170 	void RetrieveExtensionDeviceIDListL(const CX509Certificate& aCert);

   171 	

   172 	/**

   173 	Retrieve the SID constraints from the certificate extension

   174 	and take the intersection of the retrieved SID constraints and 

   175 	the existing SID constraints as the new VID constraints

   176 	

   177 	@param aValidCerts a CX509Certificate reference

   178 	@return none

   179 	*/									

   180 	void RetrieveExtensionSIDListL(const CX509Certificate& aCert);

   181 

   182 	/**

   183 	Retrieve the VID constraints from the certificate extension

   184 	and take the intersection of the retrieved VID constraints and 

   185 	the existing VID constraints as the new VID constraints

   186 	

   187 	@param aValidCerts a CX509Certificate reference

   188 	@return none

   189 	*/										

   190 	void RetrieveExtensionVIDListL(const CX509Certificate& aCert);	

   191 	

   192 	/**

   193 	The list of valid secured IDs

   194 	*/

   195 	RArray<TSecureId> iValidSIDs;

   196 	/**

   197 	The list of valid vendor IDs

   198 	*/	

   199 	RArray<TVendorId> iValidVIDs;

   200 	/**

   201 	The list of valid device IDs

   202 	*/	

   203 	RPointerArray<HBufC> iValidDeviceIDs;

   204 	/**

   205 	The list of valid capability set

   206 	*/	

   207 	TCapabilitySet iValidCapabilities;

   208 	/**

   209 	The flag that represents if the SIDs are constrained.

   210 	*/		

   211 	TBool iSIDsAreConstrained;

   212 	/**

   213 	The flag that represents if the VIDs are constrained.

   214 	*/			

   215 	TBool iVIDsAreConstrained;

   216 	/**

   217 	The flag that represents if the Device IDs are constrained.

   218 	*/			

   219 	TBool iDeviceIDsAreConstrained;	

   220 	/**

   221 	The flag that represents if the Device IDs are constrained.

   222 	*/			

   223 	TBool iCapabilitiesAreConstrained;		

   224 	};

   225 

   226 } //namespace Swi

   227 

   228 #endif // #ifndef __CERTCHAINCONSTRAINTS_H__