--- a/vpnengine/pkiservice/src/pkimapper.cpp Thu Dec 17 09:14:51 2009 +0200
+++ b/vpnengine/pkiservice/src/pkimapper.cpp Thu Jan 07 13:26:15 2010 +0200
@@ -17,347 +17,14 @@
*
*/
-
-#include <x500dn.h>
#include <x509cert.h>
#include "PKIMapper.h"
-#include "pkcs10.h"
+#include "mapdescriptor.h"
#include "log_r6.h"
#include "pkiserviceassert.h"
-CMapDescriptor::CMapDescriptor(TSecurityObjectDescriptor &aDesc)
- {
- this->iSubjectKeyId = aDesc.iSubjectKeyId;
- this->iOwnerType = aDesc.iOwnerType;
- this->iKeySize = aDesc.iKeySize;
- this->iKeyAlgorithm = aDesc.iKeyAlgorithm;
- this->iIsDeletable = aDesc.iIsDeletable;
- }
-
-CMapDescriptor& CMapDescriptor::operator=(CMapDescriptor& aMapDesc)
-{
- delete this->iTrustedAuthority;
- this->iTrustedAuthority = NULL;
- if(aMapDesc.iTrustedAuthority != NULL)
- {
- this->iTrustedAuthority = aMapDesc.iTrustedAuthority->Des().AllocL(); // Cert TrustedAuthority
- }
- delete this->iIdentitySubjectName;
- this->iIdentitySubjectName = NULL;
- if(aMapDesc.iIdentitySubjectName != NULL)
- {
- this->iIdentitySubjectName = aMapDesc.iIdentitySubjectName->Des().AllocL(); // Identity subject name
- }
- delete this->iIdentityRfc822Name;
- this->iIdentityRfc822Name = NULL;
- if(aMapDesc.iIdentityRfc822Name != NULL)
- {
- this->iIdentityRfc822Name = aMapDesc.iIdentityRfc822Name->Des().AllocL(); // Identity subjectAltName rfc822 name
- }
- delete this->iSerialNumber;
- this->iSerialNumber = NULL;
- if(aMapDesc.iSerialNumber != NULL)
- {
- this->iSerialNumber = aMapDesc.iSerialNumber->Des().AllocL(); // Serialnumber
- }
-
- this->iSubjectKeyId = aMapDesc.iSubjectKeyId; // SHA1 hash of the corresponding private key
- this->iOwnerType = aMapDesc.iOwnerType; // User, CA or peer. If user certificate, at least key usage must be set
- this->iKeyUsageDer = aMapDesc.iKeyUsageDer; // Der format flags
- this->iObjectName = aMapDesc.iObjectName;
- this->iKeySize = aMapDesc.iKeySize; // Key size
- this->iKeyAlgorithm = aMapDesc.iKeyAlgorithm; // RSA, DSA
- this->iStartTime = aMapDesc.iStartTime;
- this->iEndTime = aMapDesc.iEndTime;
- this->iIsDeletable = aMapDesc.iIsDeletable;
- TInt i;
- for(i=0;i<aMapDesc.iApplUids.Count();i++)
- {
- this->iApplUids.Append(aMapDesc.iApplUids[i]);
- }
-
- this->iCertStoreType = aMapDesc.iCertStoreType;
- return *this;
-}
-
-
-TBool CMapDescriptor::IsMatchingL(TSecurityObjectDescriptor &aDesc,
- const TBool aInfoOnly,
- TPkiServiceStoreType aCertStoreType) const
- {
- TBool match(EFalse);
-
- LOG(Log::Printf(_L("Matching")));
- LOG_1(" Pure informational: %d", aInfoOnly);
-
- LOG(Log::Printf(_L("Matching: certificate %S"), &iObjectName));
- for(;;)
- {
- if (aDesc.iOwnerType != EPKICACertificate &&
- aCertStoreType != EPkiStoreTypeAny)
- {
- if (iCertStoreType != aCertStoreType)
- {
- LOG(Log::Printf(_L(" Store doesn't match, aborting")));
- match = EFalse;
- break;
- }
- }
- else
- {
- LOG(Log::Printf(_L("Skipping store check, not relevant")));
- }
-
-
- if (aDesc.iSubjectKeyIdUsed)
- {
- if(iSubjectKeyId == aDesc.iSubjectKeyId)
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
- }
-
- if(aDesc.iTrustedAuthorityUsed)
- {
- if(iTrustedAuthority == NULL)
- {
- match = EFalse;
- break;
- }
- else
- {
- CX500DistinguishedName* dnSuffix1 = CX500DistinguishedName::NewLC(*iTrustedAuthority);
- CX500DistinguishedName* dnSuffix2;
- TInt popCount = 3;
-
- // ASN1 or plain text
- if((aDesc.iTrustedAuthority[0] != 0x30)
- || ((aDesc.iTrustedAuthority[1] != 0x81)
- && (aDesc.iTrustedAuthority[1] != 0x82)
- && ((aDesc.iTrustedAuthority[1] + 2) != aDesc.iTrustedAuthority.Length())))
- {
- HBufC8* name2Der;
- CPkcs10Req::BuildDistinguishedNameDerFromTextL(name2Der,
- aDesc.iTrustedAuthority,
- EFalse, KNullDesC8);
- CleanupStack::PushL(name2Der);
-
- dnSuffix2 = CX500DistinguishedName::NewLC(*name2Der);
- }
- else
- {
- dnSuffix2 = CX500DistinguishedName::NewLC(aDesc.iTrustedAuthority);
- popCount = 2;
- }
-
-
- if(PkiUtil::MatchL(*dnSuffix1, *dnSuffix2))
- {
- match = ETrue;
- CleanupStack::PopAndDestroy(popCount);
- }
- else
- {
- match = EFalse;
- CleanupStack::PopAndDestroy(popCount);
- break;
- }
- }
- }
- if(aDesc.iOwnerTypeUsed)
- {
- if(iOwnerType == aDesc.iOwnerType)
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
- }
- if(aDesc.iSerialNumberUsed)
- {
- if ((iSerialNumber != NULL) && ((*iSerialNumber).Compare(aDesc.iSerialNumber) == 0))
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
- }
-
- if(aDesc.iIdentitySubjectNameUsed)
- {
- if(iIdentitySubjectName == NULL)
- {
- match = EFalse;
- break;
- }
- else
- {
- CX500DistinguishedName* dnSuffix1 = CX500DistinguishedName::NewLC(*iIdentitySubjectName);
- CX500DistinguishedName* dnSuffix2;
- TInt popCount = 3;
- // ASN1 or plain text
- if((aDesc.iIdentitySubjectName[0] != 0x30)
- || ((aDesc.iIdentitySubjectName[1] != 0x81)
- && (aDesc.iIdentitySubjectName[1] != 0x82)
- && ((aDesc.iIdentitySubjectName[1] + 2) != aDesc.iIdentitySubjectName.Length())))
- {
- HBufC8* name2Der;
- CPkcs10Req::BuildDistinguishedNameDerFromTextL(name2Der,
- aDesc.iIdentitySubjectName,
- EFalse, KNullDesC8);
- CleanupStack::PushL(name2Der);
-
- dnSuffix2 = CX500DistinguishedName::NewLC(*name2Der);
- }
- else
- {
- dnSuffix2 = CX500DistinguishedName::NewLC(aDesc.iIdentitySubjectName);
- popCount = 2;
- }
-
- if(PkiUtil::MatchL(*dnSuffix1, *dnSuffix2))
- {
- CleanupStack::PopAndDestroy(popCount);
- match = ETrue;
- }
- else
- {
- CleanupStack::PopAndDestroy(popCount);
- match = EFalse;
- break;
- }
- }
- }
-
- if(aDesc.iIdentityRfc822NameUsed)
- {
- if(iIdentityRfc822Name == NULL)
- {
- match = EFalse;
- break;
- }
- else
- {
- TInt bytes = aDesc.iIdentityRfc822Name.Length();
- TPtrC8 tail = (*iIdentityRfc822Name).Right(bytes);
- if (tail.CompareF(aDesc.iIdentityRfc822Name) == 0)
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
- }
- }
-
- if(aDesc.iKeyUsageUsed)
- {
- CX509KeyUsageExt* tempUsage = NULL;
- if(iKeyUsageDer.Length() != 0)
- {
- tempUsage = CX509KeyUsageExt::NewL(iKeyUsageDer);
- }
- if((tempUsage == NULL) || tempUsage->IsSet(aDesc.iKeyUsage))
- {
- delete tempUsage;
- match = ETrue;
- }
- else
- {
- delete tempUsage;
- match = EFalse;
- break;
- }
- }
-
- if(aDesc.iKeySizeUsed)
- {
- if(iKeySize == aDesc.iKeySize)
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
- }
-
- if (match && !aInfoOnly)
- {
- TValidity val = CPKIMapper::CertValidity(iStartTime, iEndTime);
- // Treat future certificates as valid
- if((val == EValid) || (val == ENotValidYet))
- {
- match = ETrue;
- }
- else
- {
- LOG_("Matching: Expired, and not an informational request");
- match = EFalse;
- break;
- }
- }
-
- break;
- }
-
- return match;
- }
-
-TBool CMapDescriptor::IsEqual(CMapDescriptor &aDesc)
- {
- TBool match = EFalse;
-
- for(;;)
- {
- if((iTrustedAuthority != NULL) && (aDesc.iTrustedAuthority != NULL) && (iTrustedAuthority->Des().Compare(*aDesc.iTrustedAuthority) == 0))
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
-
- if((iSerialNumber != NULL) && (aDesc.iSerialNumber != NULL) && (iSerialNumber->Des().Compare(*aDesc.iSerialNumber) == 0))
- {
- match = ETrue;
- }
- else
- {
- match = EFalse;
- break;
- }
-
- break;
- }
-
- return match;
- }
-
-
-void CMapDescriptor::SetCertStoreType(TPkiServiceStoreType aCertStoreType)
- {
- iCertStoreType = aCertStoreType;
- }
-
CPKIMapper* CPKIMapper::NewL()
{
CPKIMapper* self = new (ELeave) CPKIMapper();
@@ -397,19 +64,26 @@
return iCacheCreated;
}
-TInt CPKIMapper::AddMapping(CMapDescriptor& aMap)
+TInt CPKIMapper::AddMapping(CMapDescriptor* aMap)
{
// Insert as first element, so that newest object will be found first
- return iMapping->Insert(&aMap, 0);
+ TInt err = iMapping->Insert(aMap, 0);
+ if (err != KErrNone)
+ {
+ delete aMap;
+ }
+ return err;
}
void CPKIMapper::LogMap(CMapDescriptor &aDescriptor) const
{
- TInt len = aDescriptor.iSubjectKeyId.Length();
+ TPtrC objectName = aDescriptor.Label();
+ const TPKIKeyIdentifier& subjectKeyId = aDescriptor.CertificateKeyId();
+
LOG(Log::Printf(_L("====CertificateObject====\n")));
- LOG(Log::Printf(_L("ObjectName: %S\n"), &(aDescriptor.iObjectName)));
+ LOG(Log::Printf(_L("ObjectName: %S\n"), &objectName));
LOG(Log::Printf(_L("KeyId:")));
- LOG(Log::HexDump(NULL, NULL, aDescriptor.iSubjectKeyId.Ptr(), len));
+ LOG(Log::HexDump(NULL, NULL, subjectKeyId.Ptr(), subjectKeyId.Length()));
}
@@ -423,23 +97,7 @@
iMapping->Compress();
}
-TInt CPKIMapper::DeleteMapping(CMapDescriptor &aDesc)
- {
- TInt status(KErrNotFound);
-
- for(TInt i(0); i < iMapping->Count(); i++)
- {
- if((*iMapping)[i]->IsEqual(aDesc))
- {
- DeleteMapping(i);
- status = KErrNone;
- break;
- }
- }
- return status;
- }
-
-TInt CPKIMapper::CertCount()
+TInt CPKIMapper::CertCount(TBool aInfoOnly)
{
TInt count(0);
@@ -447,7 +105,7 @@
{
CMapDescriptor* mapping = (*iMapping)[i];
count++;
- if (CertValidity(mapping->iStartTime, mapping->iEndTime) == EExpired)
+ if (!aInfoOnly && mapping->CertValidity() == CMapDescriptor::EExpired)
{
// do not count expider certificates
count--;
@@ -459,65 +117,70 @@
TInt CPKIMapper::ApplicableCertCount(const RArray<TUid>& aUidArray)
{
- TInt count(0);
- TBool uidMatch(EFalse);
+ iCount = 0;
- for(TInt i(0); i < iMapping->Count(); i++)
+ for(TInt i = 0; i < iMapping->Count(); i++)
{
- CMapDescriptor* mapping = (*iMapping)[i];
- if(mapping->iOwnerType == EPKICACertificate)
+ const CMapDescriptor* mapping = (*iMapping)[i];
+ if(mapping->OwnerType() == EPKICACertificate)
{
- if(CertValidity(mapping->iStartTime, mapping->iEndTime) != EExpired)
+ if(mapping->CertValidity() != CMapDescriptor::EExpired)
{
- uidMatch = EFalse;
- for(TInt j = 0; j < mapping->iApplUids.Count(); j++)
+ for (TInt j = 0; j < aUidArray.Count(); ++j)
{
- for(TInt k = 0; k < aUidArray.Count(); k++)
+ if (mapping->IsApplicable(aUidArray[j]))
{
- if(mapping->iApplUids[j].iUid == aUidArray[k].iUid)
- {
- uidMatch = ETrue;
- break;
- }
- }
- if(uidMatch)
- {
- count++;
+ iCount++;
break;
}
}
}
}
}
- iCount = count;
- return count;
+
+ return iCount;
}
+TInt CPKIMapper::GetCertDetailsL(TSecurityObjectDescriptor& aSecDesc,
+ TPkiServiceStoreType aStoreType,
+ TBool aInfoOnly,
+ TCertificateListEntry& aResultCertInfo)
+ {
+ TInt index;
+ TInt err;
+
+ TRAPD(leave, err = ResolveCertMappingL(aSecDesc, iObjectName,
+ index, aInfoOnly,
+ aStoreType));
+ if (leave != KErrNone)
+ {
+ return leave;
+ }
+
+ if (err == KErrNone)
+ {
+ const CMapDescriptor* mapping = (*iMapping)[index];
+ aResultCertInfo.iObjectName = mapping->Label();
+ aResultCertInfo.iOwnerType = mapping->OwnerType();
+ aResultCertInfo.iTrustedAuthority = mapping->TrustedAuthority();
+ aResultCertInfo.iIdentitySubjectName = mapping->IdentitySubjectName();
+ aResultCertInfo.iSerialNumber = mapping->SerialNumber();
+ aResultCertInfo.iSubjectKeyId = mapping->CertificateKeyId();
+ aResultCertInfo.iKeySize = mapping->KeySize();
+ aResultCertInfo.iKeyAlgorithm = mapping->KeyAlgorithm();
+ aResultCertInfo.iIsDeletable = mapping->Deletable();
+ }
+ return err;
+ }
-TInt CPKIMapper::GetCertListL(const RMessage2 &aMessage, TPkiServiceStoreType aStoreType,
- TBool aDescUsed)
+
+TInt CPKIMapper::GetCertListL(const RMessage2 &aMessage, TBool aInfoOnly)
{
TInt pos = 0;
TInt iLast = 0;
TInt iFirst = 0;
-
- if(aDescUsed)
- {
- aMessage.ReadL(1, iCurrentDescriptor);
- TSecurityObjectDescriptor& secDesc = iCurrentDescriptor();
- TInt status = ResolveCertMappingL(
- iCurrentDescriptor(), iObjectName, iFirst, EFalse, aStoreType);
- if(status == KErrNone)
- {
- iCount = 1;
- iLast = iFirst + 1;
- }
- }
- else
- {
- iLast = iMapping->Count();
- }
+ iLast = iMapping->Count();
CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry));
CleanupStack::PushL(list);
list->ResizeL(iCount * sizeof(TCertificateListEntry));
@@ -526,26 +189,17 @@
for(TInt i = iFirst; i < iLast; i++)
{
CMapDescriptor* mapping = (*iMapping)[i];
- if(CertValidity(mapping->iStartTime, mapping->iEndTime) != EExpired)
+ if(aInfoOnly || mapping->CertValidity() != CMapDescriptor::EExpired)
{
- certInfo.iObjectName = mapping->iObjectName;
- certInfo.iOwnerType = mapping->iOwnerType;
- if(mapping->iTrustedAuthority != NULL)
- {
- certInfo.iTrustedAuthority = *(mapping->iTrustedAuthority);
- }
- if(mapping->iIdentitySubjectName != NULL)
- {
- certInfo.iIdentitySubjectName = *(mapping->iIdentitySubjectName);
- }
- if(mapping->iSerialNumber != NULL)
- {
- certInfo.iSerialNumber = *(mapping->iSerialNumber);
- }
- certInfo.iSubjectKeyId = mapping->iSubjectKeyId;
- certInfo.iKeySize = mapping->iKeySize; // Key size
- certInfo.iKeyAlgorithm = mapping->iKeyAlgorithm; // RSA, DSA
- certInfo.iIsDeletable = mapping->iIsDeletable; // IsDeletable
+ certInfo.iObjectName = mapping->Label();
+ certInfo.iOwnerType = mapping->OwnerType();
+ certInfo.iTrustedAuthority = mapping->TrustedAuthority();
+ certInfo.iIdentitySubjectName = mapping->IdentitySubjectName();
+ certInfo.iSerialNumber = mapping->SerialNumber();
+ certInfo.iSubjectKeyId = mapping->CertificateKeyId();
+ certInfo.iKeySize = mapping->KeySize(); // Key size
+ certInfo.iKeyAlgorithm = mapping->KeyAlgorithm(); // RSA, DSA
+ certInfo.iIsDeletable = mapping->Deletable(); // IsDeletable
list->Write(pos * sizeof(TCertificateListEntry),
(TAny*)&certInfo,
@@ -567,8 +221,7 @@
void CPKIMapper::GetApplicableCertListL(const RMessage2& aMessage, const RArray<TUid>& aUidArray)
{
- TBool uidMatch = EFalse;
- TInt pos(0);
+ TInt pos = 0;
CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry));
CleanupStack::PushL(list);
@@ -578,41 +231,23 @@
for(TInt i = 0; (i < iMapping->Count()) && (pos < iCount); i++)
{
CMapDescriptor* mapping = (*iMapping)[i];
- if(mapping->iOwnerType == EPKICACertificate)
+ if(mapping->OwnerType() == EPKICACertificate)
{
- if(CertValidity(mapping->iStartTime, mapping->iEndTime) != EExpired)
+ if(mapping->CertValidity() != CMapDescriptor::EExpired)
{
- uidMatch = EFalse;
- for(TInt j = 0; j < mapping->iApplUids.Count(); j++)
+ for(TInt j = 0; j < aUidArray.Count(); j++)
{
- for(TInt k = 0; k < aUidArray.Count(); k++)
- {
- if(mapping->iApplUids[j].iUid == aUidArray[k].iUid)
- {
- uidMatch = ETrue;
- break;
- }
- }
- if(uidMatch)
+ if(mapping->IsApplicable(aUidArray[j]))
{
- certInfo.iObjectName = mapping->iObjectName;
- certInfo.iOwnerType = mapping->iOwnerType;
- if(mapping->iTrustedAuthority != NULL)
- {
- certInfo.iTrustedAuthority = *(mapping->iTrustedAuthority);
- }
- if(mapping->iIdentitySubjectName != NULL)
- {
- certInfo.iIdentitySubjectName = *(mapping->iIdentitySubjectName);
- }
- if(mapping->iSerialNumber != NULL)
- {
- certInfo.iSerialNumber = *(mapping->iSerialNumber);
- }
- certInfo.iSubjectKeyId = mapping->iSubjectKeyId;
- certInfo.iKeySize = mapping->iKeySize; // Key size
- certInfo.iKeyAlgorithm = mapping->iKeyAlgorithm; // RSA, DSA
- certInfo.iIsDeletable = mapping->iIsDeletable; // IsDeletable
+ certInfo.iObjectName = mapping->Label();
+ certInfo.iOwnerType = mapping->OwnerType();
+ certInfo.iTrustedAuthority = mapping->TrustedAuthority();
+ certInfo.iIdentitySubjectName = mapping->IdentitySubjectName();
+ certInfo.iSerialNumber = mapping->SerialNumber();
+ certInfo.iSubjectKeyId = mapping->CertificateKeyId();
+ certInfo.iKeySize = mapping->KeySize(); // Key size
+ certInfo.iKeyAlgorithm = mapping->KeyAlgorithm(); // RSA, DSA
+ certInfo.iIsDeletable = mapping->Deletable(); // IsDeletable
list->Write(pos * sizeof(TCertificateListEntry),
(TAny*)&certInfo,
@@ -658,7 +293,7 @@
if(status == KErrNone)
{
- aKeyId.Copy((*iMapping)[index]->iSubjectKeyId);
+ aKeyId.Copy((*iMapping)[index]->CertificateKeyId());
}
else
{
@@ -676,7 +311,7 @@
{
for (TInt i(0); i < iMapping->Count(); i++)
{
- if ((*iMapping)[i]->iObjectName.Compare(aLabel) == 0)
+ if ((*iMapping)[i]->Label().Compare(aLabel) == 0)
{
return EFalse;
}
@@ -710,21 +345,21 @@
CMapDescriptor* mapitem = (*iMapping)[i];
// Use subject name for uniqueness criterion
- if (mapitem->iIdentitySubjectName)
+ if (mapitem->IdentitySubjectName().Length() > 0)
{
- if (subjectname->Compare(*(mapitem->iIdentitySubjectName)) == 0)
+ if (subjectname->Compare(mapitem->IdentitySubjectName()) == 0)
{
LOG(Log::Printf(_L("Found an existing cert that matches subject")));
- if (issuername->Compare(*(mapitem->iTrustedAuthority)) == 0)
+ if (issuername->Compare(mapitem->TrustedAuthority()) == 0)
{
ret = EFalse;
break;
}
}
}
- else if (mapitem->iTrustedAuthority && (subjectname->Compare(*issuername) == 0))
+ else if (subjectname->Compare(*issuername) == 0)
{
- if (subjectname->Compare(*(mapitem->iTrustedAuthority)) == 0)
+ if (subjectname->Compare(mapitem->TrustedAuthority()) == 0)
{
LOG(Log::Printf(_L("Found an existing cert that matches subject (CA)")));
ret = EFalse;
@@ -814,11 +449,11 @@
TBuf<12> buf;
buf.Append(KMidp2Label);
// Discard all MIDP2 certificates to avoid label-mapping problem
- if (buf.Compare(mapping->iObjectName) != 0)
+ if (buf.Compare(mapping->Label()) != 0)
{
- if(mapping->iEndTime > furthestEndTime)
+ if(mapping->EndTime() > furthestEndTime)
{
- furthestEndTime = mapping->iEndTime;
+ furthestEndTime = mapping->EndTime();
foundIndex = i;
LOG(Log::Printf(_L("Resolve cert mapping: Tentatively found a suitable one")));
// Continue to search the longest lasting certificate
@@ -842,7 +477,7 @@
status = KErrNone;
if(status == KErrNone)
{
- aFilename.Append((*iMapping)[foundIndex]->iObjectName);
+ aFilename.Append((*iMapping)[foundIndex]->Label());
status = KErrNone;
aIndex = foundIndex;
}
@@ -855,25 +490,6 @@
}
-TValidity CPKIMapper::CertValidity(const TTime &aStartTime, const TTime &aEndTime)
- {
- TTimeIntervalSeconds tolerance(120);
- TTime currentTime;
- currentTime.UniversalTime();
-
- if (aEndTime <= currentTime)
- {
- return EExpired;
- }
-
- if (aStartTime >= currentTime + tolerance)
- {
- return ENotValidYet;
- }
-
- return EValid;
- }
-
void CPKIMapper::LogSearchArguments(TSecurityObjectDescriptor &aDescriptor) const
{
TBuf<256> temp;
@@ -944,41 +560,3 @@
}
}
-TBool PkiUtil::MatchL(const CX500DistinguishedName& aDn1, const CX500DistinguishedName& aDn2)
-{
- if((aDn1.Count() == 0) || (aDn2.Count() == 0))
- {
- return EFalse;
- }
-
- if (aDn1.Count() < aDn2.Count())
- {
- return EFalse;
- }
- else
- {
- // For each field in aDn2, aDn1 must contain a field with the same value
- for (TInt i = 0; i < aDn2.Count(); i++)
- {
- if (!HasElementL(aDn1, aDn2.Element(i)))
- {
- return EFalse;
- }
- }
- }
-
- return ETrue;
-}
-
-TBool PkiUtil::HasElementL(const CX500DistinguishedName& aDn, const CX520AttributeTypeAndValue& aElement)
-{
- for (TInt i = 0; i < aDn.Count(); i++)
- {
- if (aElement.ExactMatchL(aDn.Element(i)))
- {
- return ETrue;
- }
- }
- return EFalse;
-}
-