|
1 /* |
|
2 * Copyright (c) 2003-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * Provides static PKI-related helper functions |
|
16 * (such as building Distinguished Names) |
|
17 * |
|
18 */ |
|
19 |
|
20 |
|
21 |
|
22 #ifndef __PKIUTIL_H__ |
|
23 #define __PKIUTIL_H__ |
|
24 |
|
25 #include <e32std.h> |
|
26 #include "pkidefs.h" |
|
27 #include "ikepolparser.h" |
|
28 #include "fileutil.h" |
|
29 |
|
30 const TInt KCertDnSizeIncrement = 64; |
|
31 |
|
32 _LIT(KComma, ","); |
|
33 _LIT(KEquals, "="); |
|
34 |
|
35 _LIT(KC, "C"); |
|
36 _LIT(KO, "O"); |
|
37 _LIT(KOU, "OU"); |
|
38 _LIT(KL, "L"); |
|
39 _LIT(KST, "ST"); |
|
40 _LIT(KCN, "CN"); |
|
41 |
|
42 _LIT8(KCN8, "CN"); |
|
43 |
|
44 const TInt KExpectedMaxCertSize = 4092; |
|
45 |
|
46 class CX500DistinguishedName; |
|
47 class CX520AttributeTypeAndValue; |
|
48 class CX509Certificate; |
|
49 class RPKIServiceAPI; |
|
50 class CDesC16ArrayFlat; |
|
51 class TCertInfo; |
|
52 |
|
53 |
|
54 enum TCertStatus |
|
55 { |
|
56 ECertValid = 1, |
|
57 ECertNotValidYet, |
|
58 ECertExpired, |
|
59 ECertNotFound, |
|
60 ECertNotNeeded, |
|
61 ECertStatusUnknown |
|
62 }; |
|
63 |
|
64 /** |
|
65 * PKI-related static utility methods |
|
66 */ |
|
67 class PkiUtil |
|
68 { |
|
69 public: |
|
70 static HBufC* CertSubjectNameL(const TDesC8& aCertData); |
|
71 static HBufC* CertIssuerNameL(const TDesC8& aCertData); |
|
72 static TCertStatus CertStatusL(RPKIServiceAPI& aPkiService, const TDesC8& aTrustedCaDn, |
|
73 const TDesC8& aSubjectDnSuffix, const TDesC8& aRfc822Name, |
|
74 TUint aPrivKeyLength, TInt aCertRenewalThreshold = -1); |
|
75 |
|
76 static TCertStatus GetValidCaCertSubjectNameListL(RPKIServiceAPI& aPkiService, |
|
77 const CArrayFixFlat<TCertInfo*>& aIkeCAList, |
|
78 CDesC8ArrayFlat& aCaCertNameList); |
|
79 |
|
80 static TCertStatus CheckUserCertValidityL(RPKIServiceAPI& aPkiService, |
|
81 CDesC8ArrayFlat& aValidCaCertNameList, |
|
82 TOwnCertInfo& aOwnCert); |
|
83 |
|
84 |
|
85 static CX500DistinguishedName* DnFromStringL(const TDesC8& aString); |
|
86 static CX500DistinguishedName* DnWithoutCnFromStringL(const TDesC8& aString); |
|
87 static TBool DnMatchL(const TDesC8& aDnString1, const TDesC8& aDnString2); |
|
88 |
|
89 static TBool MatchL(const CX500DistinguishedName& aDn1, |
|
90 const CX500DistinguishedName& aDn2); |
|
91 static HBufC* CertDnL(const CX500DistinguishedName& aName); |
|
92 |
|
93 static TInt CertKeySizeL(const TDesC8& aCertData); |
|
94 |
|
95 private: |
|
96 |
|
97 static TCertStatus CertStatusL(const TDesC8& aCertData, TInt aCertRenewalThreshold = -1); |
|
98 static TCertStatus CertStatusL(const CX509Certificate& aCert, TInt aCertRenewalThreshold = -1); |
|
99 |
|
100 |
|
101 static void AppendAttributeL(HBufC*& aBuf, const CX520AttributeTypeAndValue& aAttribute); |
|
102 static HBufC* AttributeTypeToNameL(const TDesC &aType); |
|
103 static void SmartAppendL(HBufC*& aBuf, const TDesC& aText); |
|
104 static TBool HasElementL(const CX500DistinguishedName& aDn, |
|
105 const CX520AttributeTypeAndValue& aElement); |
|
106 |
|
107 /** |
|
108 * Returns the list of validated CA certificate Subject names. |
|
109 * If some of the certificates in aIkeCAList doesn't match to any CA certificates |
|
110 * stored in the phone LEAVES with KErrNotFound. If some of the elements in the aIkeCAList |
|
111 * has iFormat value PEM_CERT or BIN_CERT this function panics. If aIkeCAList->Count < 1 this |
|
112 * method panics. |
|
113 */ |
|
114 static RPointerArray<CX509Certificate> GetCaCertListL(RPKIServiceAPI& aPkiService, |
|
115 const CArrayFixFlat<TCertInfo*>& aIkeCAList); |
|
116 |
|
117 |
|
118 static CX509Certificate* ReadCertificateLC(RPKIServiceAPI& aPkiService, |
|
119 const TDesC8& aTrustedAuthority, |
|
120 const TDesC8& aIdentitySubjectName, |
|
121 const TDesC8& aIdentityRfc822Name, |
|
122 const TPKICertificateOwnerType aOwnerType); |
|
123 |
|
124 static CX509Certificate* ReadCertificateLC(RPKIServiceAPI& aPkiService, |
|
125 const TPKIKeyIdentifier& aKeyId); |
|
126 static HBufC8* PkiUtil::To8BitL(const TDesC16& aDes); |
|
127 |
|
128 }; |
|
129 |
|
130 #endif // __PKIUTIL_H__ |