|
1 /* |
|
2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * The file constains the declaration of the certchainconstraints class. |
|
16 * |
|
17 */ |
|
18 |
|
19 |
|
20 /** |
|
21 @file |
|
22 @released |
|
23 @internalTechnology |
|
24 */ |
|
25 |
|
26 #ifndef __CERTCHAINCONSTRAINTS_H__ |
|
27 #define __CERTCHAINCONSTRAINTS_H__ |
|
28 |
|
29 #include <e32base.h> |
|
30 #include <pkixcertchain.h> |
|
31 |
|
32 namespace Swi |
|
33 { |
|
34 |
|
35 /** |
|
36 The CCertChainConstraints class is to aggregate the constraints |
|
37 specified in certficate extensions across all valid certificate chains |
|
38 and then check them against information from the device and/or information |
|
39 contained in the SIS file. |
|
40 @released |
|
41 @internalTechnology |
|
42 */ |
|
43 class CCertChainConstraints : public CBase |
|
44 { |
|
45 public: |
|
46 |
|
47 /** |
|
48 Constructs a new CCertChainConstraints object |
|
49 |
|
50 @param aValidCerts a valid PKIX certificate chain |
|
51 @return A Certificate Chain Constraint |
|
52 */ |
|
53 IMPORT_C static CCertChainConstraints* NewL(RPointerArray<CPKIXCertChainBase>& aValidCerts); |
|
54 |
|
55 /** |
|
56 Constructs a new CCertChainConstraints object and leaves it on the cleanup stack |
|
57 |
|
58 @param aValidCerts a valid PKIX certificate chain |
|
59 @return A Certificate Chain Constraint |
|
60 */ |
|
61 IMPORT_C static CCertChainConstraints* NewLC(RPointerArray<CPKIXCertChainBase>& aValidCerts); |
|
62 |
|
63 /** |
|
64 Constructs a new CCertChainConstraints object with no constraints |
|
65 |
|
66 @return A Certificate Chain Constraint |
|
67 */ |
|
68 IMPORT_C static CCertChainConstraints* NewL(); |
|
69 |
|
70 ~CCertChainConstraints(); |
|
71 |
|
72 /** |
|
73 Determine if the request SID is valid. |
|
74 |
|
75 @param aRequestSID a request SID |
|
76 @return ETrue if the request SID is valid, EFalse if not |
|
77 */ |
|
78 IMPORT_C TBool SIDIsValid(TSecureId aRequestSID) const; |
|
79 |
|
80 /** |
|
81 Determine if the request VID is valid. |
|
82 |
|
83 @param aRequestSID a request VID |
|
84 @return ETrue if the request VID is valid, EFalse if not |
|
85 */ |
|
86 IMPORT_C TBool VIDIsValid(TVendorId aRequestVID) const; |
|
87 |
|
88 /** |
|
89 Determine if the request Capability set is valid. |
|
90 |
|
91 @param aRequestSID a request capability set |
|
92 @return ETrue if the request Capability Set is valid, EFalse if not |
|
93 */ |
|
94 IMPORT_C TBool CapabilitiesAreValid(TCapabilitySet& aRequestCapabilities) const; |
|
95 |
|
96 /** |
|
97 Determine if the request Device ID is valid. |
|
98 |
|
99 @param aRequestSID a request device ID |
|
100 @return ETrue if the request Device ID is valid, EFalse if not. |
|
101 */ |
|
102 IMPORT_C TBool DeviceIDIsValid(const HBufC* aRequestDeviceID) const; |
|
103 |
|
104 /** |
|
105 The method is tell if the SIDs are constrained or not |
|
106 |
|
107 @return ETrue if the SID is constrained, EFalse if not |
|
108 */ |
|
109 IMPORT_C TBool SIDsAreConstrained() const; |
|
110 |
|
111 /** |
|
112 The method is tell if the VIDs are constrained or not |
|
113 |
|
114 @return ETrue the VID is constrained, EFalse if not |
|
115 */ |
|
116 IMPORT_C TBool VIDsAreConstrained() const; |
|
117 |
|
118 /** |
|
119 The method is tell if the Device IDs are constrained or not |
|
120 |
|
121 @return ETrue if the Device ID is constrained, EFalse if not |
|
122 */ |
|
123 IMPORT_C TBool DeviceIDsAreConstrained() const; |
|
124 |
|
125 /** |
|
126 The method is tell if the Capabilities are constrained or not |
|
127 |
|
128 @return ETrue if the Capabilities is constrained, EFalse if not |
|
129 */ |
|
130 IMPORT_C TBool CapabilitiesAreConstrained() const; |
|
131 |
|
132 /** |
|
133 The method retrieves the valid Capability Set |
|
134 |
|
135 @return valid capability set |
|
136 */ |
|
137 IMPORT_C const TCapabilitySet& ValidCapabilities() const; |
|
138 |
|
139 /** |
|
140 Set the valid Capability set |
|
141 |
|
142 @param aValidCapabilities a capability set to be set in the constaints. |
|
143 @return none |
|
144 */ |
|
145 IMPORT_C void SetValidCapabilities(const TCapabilitySet& aValidCapabilities); |
|
146 |
|
147 private: |
|
148 |
|
149 CCertChainConstraints(); |
|
150 //Second-phase construntor. |
|
151 void ConstructL(RPointerArray<CPKIXCertChainBase>& aValidCerts); |
|
152 /** |
|
153 Retrieve the constrained capability set from the certificate extension, and take |
|
154 the intersection of the retrieved capabilities and the existing capability |
|
155 constraints as the new capability constraints |
|
156 |
|
157 @param aValidCerts a CX509Certificate reference |
|
158 @return none |
|
159 */ |
|
160 void RetrieveExtensionCapabilitySetL(const CX509Certificate& aCert); |
|
161 |
|
162 /** |
|
163 Retrieve the device IDs constraints from the certificate extension |
|
164 and take the intersection of the retrieved device ID constraints and |
|
165 the existing device ID constraints as the new device ID constraints |
|
166 |
|
167 @param aValidCerts a CX509Certificate reference |
|
168 @return none |
|
169 */ |
|
170 void RetrieveExtensionDeviceIDListL(const CX509Certificate& aCert); |
|
171 |
|
172 /** |
|
173 Retrieve the SID constraints from the certificate extension |
|
174 and take the intersection of the retrieved SID constraints and |
|
175 the existing SID constraints as the new VID constraints |
|
176 |
|
177 @param aValidCerts a CX509Certificate reference |
|
178 @return none |
|
179 */ |
|
180 void RetrieveExtensionSIDListL(const CX509Certificate& aCert); |
|
181 |
|
182 /** |
|
183 Retrieve the VID constraints from the certificate extension |
|
184 and take the intersection of the retrieved VID constraints and |
|
185 the existing VID constraints as the new VID constraints |
|
186 |
|
187 @param aValidCerts a CX509Certificate reference |
|
188 @return none |
|
189 */ |
|
190 void RetrieveExtensionVIDListL(const CX509Certificate& aCert); |
|
191 |
|
192 /** |
|
193 The list of valid secured IDs |
|
194 */ |
|
195 RArray<TSecureId> iValidSIDs; |
|
196 /** |
|
197 The list of valid vendor IDs |
|
198 */ |
|
199 RArray<TVendorId> iValidVIDs; |
|
200 /** |
|
201 The list of valid device IDs |
|
202 */ |
|
203 RPointerArray<HBufC> iValidDeviceIDs; |
|
204 /** |
|
205 The list of valid capability set |
|
206 */ |
|
207 TCapabilitySet iValidCapabilities; |
|
208 /** |
|
209 The flag that represents if the SIDs are constrained. |
|
210 */ |
|
211 TBool iSIDsAreConstrained; |
|
212 /** |
|
213 The flag that represents if the VIDs are constrained. |
|
214 */ |
|
215 TBool iVIDsAreConstrained; |
|
216 /** |
|
217 The flag that represents if the Device IDs are constrained. |
|
218 */ |
|
219 TBool iDeviceIDsAreConstrained; |
|
220 /** |
|
221 The flag that represents if the Device IDs are constrained. |
|
222 */ |
|
223 TBool iCapabilitiesAreConstrained; |
|
224 }; |
|
225 |
|
226 } //namespace Swi |
|
227 |
|
228 #endif // #ifndef __CERTCHAINCONSTRAINTS_H__ |