/*

* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

*

*/

/**

 @file 

 @internalTechnology

*/

#ifndef __PKIXCERTS_H__

#define __PKIXCERTS_H__

//pkixroots.h

#include <e32std.h>

#include <x509cert.h>

#include <x509certext.h>

#include <mcertstore.h>

/**

 * Base class for classes that help retrieving certificates from stores

 */

class MPKIXCertSource

	{

public:

	//copies cert into aCandidates, passes ownership of cert to calling code...

	virtual void CandidatesL(const CX509Certificate& aSubject, 

		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;

	virtual void CancelCandidates() = 0;

	virtual void Release() = 0;

protected:

	virtual ~MPKIXCertSource();

protected:

	/**

	 * This function compares the issuer altname in aSubjectCert with the 

	 * subject altname in aIssuerCert

	 * @param aSubjectCert We will compare the issuer altname of this certificate.

	 * @param aIssuerCert We will compare the subject altname of this certificate.

	 * @return 

	 * <UL>

	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in

	 * aIssuerCert</LI>

	 * <LI>EFalse otherwise</LI>

	 * </UL>

	 */

	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;

	};

/**

 * This class is used to retrieve the certificates from a store

 * It doesn't work with client base trust.

 */

class CPKIXCertsFromStore : public CActive, public MPKIXCertSource

	{

public:

	/**

	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler

	 * Initialize must be called after this function

	 * @param aStore Reference to the cert store. The store is created with the default 

	 * filter intialized to retrieve certificate of CA type and of X509 format.

	 * @return Initialized instance of this class.

	 */

	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);

	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);

	/**

	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler

	 * Initialize must be called after this function

	 * @param aStore Reference to the cert store. The store is created with the default 

	 * filter intialized to retrieve certificate of CA type and of X509 format.

	 * @param aClient The UID for which the certificates are to be retrieved from the

	 * cert store, This UID is also passed to the filter for retrieving the certificates 

	 * specific to this client UID.

	 * @return Initialized instance of this class.

	 */

	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);

	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);

	/**

	 * This function does the actual listing of certificates based on the filter created.

	 * It must be called after construction.

	 * @param aStatus Standard parameter for asynchronous calling convention. 

	 */

	void Initialize(TRequestStatus& aStatus);

	/**

	 * This function returns a list of CA certificates that authenticate the

	 * aSubject certificate.

	 * @param aCandidates On return, this array contains the list of CA certificates

	 * that can possibly be used to authenticate aSubject. The array owns the elements

	 * and must take care of deleting them.

	 */

	virtual void CandidatesL(const CX509Certificate& aSubject, 

		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);

	virtual void CancelCandidates();

	virtual void Release();

	virtual ~CPKIXCertsFromStore();

private:

	CPKIXCertsFromStore(MCertStore& aCertStore);

	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);

	void ConstructL();

	void ConstructL(TUid aClient);

public:

	void RunL();

	TInt RunError(TInt aError);

	void DoCancel();

private:

	void HandleEGetCertificateL();

	void HandleEAddCandidateL();

	void HandleECheckTrusted();

	TBool IsDuplicateL(const CX509Certificate& aCertificate);

private:

	enum TState

	{

		EIdle = 0,

		EInitialize,

		ECheckTrusted,

		EGetCertificate,

		EAddCandidate,

		EEnd

	};

private:

	/**

	 * The state used to know what must be done when executing

	 * RunL().

	 */

	TState iState;

	/**

	 * The TRequestStatus that must be updated when the operation

	 * requested by a user of this class has been 

	 * completed

	 */

	TRequestStatus *iOriginalRequestStatus;

	TUid iClient;

	CCertAttributeFilter *iFilter;

	/**

	 * iRootName is used for CandidateL

	 */

	const CX500DistinguishedName* iRootName;

	/**

	 * We don't own this

	 */

	const CX509Certificate* iSubject;

	/**

	 * We don't own this

	 */

	RPointerArray<CX509Certificate>* iCandidates;

	/**

	 * iCertData is used for CandidateL

	 */

	HBufC8* iCertData;

	TPtr8* iCertPtr;

	/**

	 * iEntriesIndex is used for CandidateL

	 */

	TInt iEntriesIndex;

	/**

	 * Applies to certificate at iEntriesIndex - reflects trust setting

	 */

	TBool iIsTrusted;

	/**

	 * Used when listing certificates (filtered but not on trust).

	 */

	RMPointerArray<CCTCertInfo> iCertInfos;

	MCertStore& iCertStore;

	};

class CPKIXCertsFromClient : public MPKIXCertSource

	{

public:

	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);

	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);

	virtual void CandidatesL(const CX509Certificate& aSubject,

		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);

	virtual void CancelCandidates();

	virtual void Release();

	virtual ~CPKIXCertsFromClient();

private:

	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);

private:

	const RPointerArray<CX509Certificate>& iCerts;

	};

#endif