|
1 /* |
|
2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 /** |
|
22 @file |
|
23 @publishedPartner |
|
24 @released |
|
25 */ |
|
26 |
|
27 #ifndef CMSSIGNEDOBJECT_H |
|
28 #define CMSSIGNEDOBJECT_H |
|
29 |
|
30 #include <cmsdefs.h> |
|
31 #include <signed.h> |
|
32 #include <cmscertchoice.h> |
|
33 |
|
34 class CCmsSignerInfo; |
|
35 class CDSAPrivateKey; |
|
36 class CRSAPrivateKey; |
|
37 class CCmsSignerIdentifier; |
|
38 class CCmsContentInfo; |
|
39 class CEncapsulatedContentInfo; |
|
40 class CX509Certificate; |
|
41 class CX509AlgorithmIdentifier; |
|
42 class CCmsCertificateChoice; |
|
43 class CASN1EncSequence; |
|
44 class CASN1EncBase; |
|
45 |
|
46 const TInt KCmsMaxSignedDataElements = 6; |
|
47 /** |
|
48 A representation of a RFC2630 (signed data) entity. |
|
49 */ |
|
50 class CCmsSignedObject : public CSignedObject |
|
51 { |
|
52 public: |
|
53 |
|
54 /** |
|
55 Index of CMS object fields. |
|
56 */ |
|
57 enum |
|
58 { |
|
59 /** |
|
60 Index of version field |
|
61 */ |
|
62 EVersionNumber = 0, |
|
63 |
|
64 /** |
|
65 Index of digest algorithm set field |
|
66 */ |
|
67 EDigestAlgorithms = 1, |
|
68 |
|
69 /** |
|
70 Index of encapsulated content info field |
|
71 */ |
|
72 EEncapsulatedContentInfo = 2, |
|
73 |
|
74 /** |
|
75 Index of certificate set field |
|
76 */ |
|
77 ECertificates = 3, |
|
78 |
|
79 /** |
|
80 Index of revocation list field |
|
81 */ |
|
82 ERevocationLists = 4, |
|
83 |
|
84 /** |
|
85 Index of signer info set field |
|
86 */ |
|
87 ESignedInfo = 5 |
|
88 }; |
|
89 |
|
90 /** |
|
91 Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by |
|
92 this API contains no signer info. SignL() method can be called to add more signer info. |
|
93 @param aType The type of the encapsulated content. |
|
94 @param aIsDetached A boolean indicating whether the encapsulated data is detached. |
|
95 @param aContentData The encapsulated data. |
|
96 If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave |
|
97 with KErrArgument. |
|
98 If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash |
|
99 value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. |
|
100 @return The fully constructed object. |
|
101 */ |
|
102 IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, |
|
103 TBool aIsDetached, |
|
104 const TDesC8& aContentData); |
|
105 |
|
106 /** |
|
107 Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack. |
|
108 this API contains no signer info. SignL() method can be called to add more signer info. |
|
109 @param aType The type of the encapsulated content. |
|
110 @param aIsDetached A boolean indicating whether the encapsulated data is detached. |
|
111 @param aContentData The encapsulated data. |
|
112 If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave |
|
113 with KErrArgument. |
|
114 If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash |
|
115 value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. |
|
116 @return The fully constructed object. |
|
117 */ |
|
118 IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, |
|
119 TBool aIsDetached, |
|
120 const TDesC8& aContentData); |
|
121 |
|
122 /** |
|
123 Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data |
|
124 as no data content is provided. The CMS signed data created by this API contains one signer info. |
|
125 SignL() method can be called to add more signer info. |
|
126 @param aType Encapsulated Content data type. |
|
127 @param aHashValue The hash value of the data content to be signed. |
|
128 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
129 @param aKey The DSA private key used to sign. |
|
130 @param aCert The signer's certificate. |
|
131 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
132 @return The fully constructed object. |
|
133 */ |
|
134 IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, |
|
135 const TDesC8& aHashValue, |
|
136 TAlgorithmId aDigestAlgorithm, |
|
137 const CDSAPrivateKey& aKey, |
|
138 const CX509Certificate& aCert, |
|
139 TBool aAddCertificate); |
|
140 |
|
141 /** |
|
142 Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. |
|
143 This API only creates detached signed data as no data content is provided. The CMS signed data |
|
144 created by this API contains one signer info. SignL() method can be called to add more signer info. |
|
145 @param aType Encapsulated Content data type. |
|
146 @param aHashValue The hash value of the data content to be signed. |
|
147 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
148 @param aKey The DSA private key used to sign. |
|
149 @param aCert The signer's certificate. |
|
150 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
151 @return The fully constructed object. |
|
152 */ |
|
153 IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, |
|
154 const TDesC8& aHashValue, |
|
155 TAlgorithmId aDigestAlgorithm, |
|
156 const CDSAPrivateKey& aKey, |
|
157 const CX509Certificate& aCert, |
|
158 TBool aAddCertificate); |
|
159 |
|
160 /** |
|
161 Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data |
|
162 as no data content is provided. The CMS signed data created by this API contains one signer info. |
|
163 SignL() method can be called to add more signer info. |
|
164 @param aType Encapsulated Content data type. |
|
165 @param aHashValue The hash value of the data content to be signed. |
|
166 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
167 @param aKey The RSA private key used to sign. |
|
168 @param aCert aCert The signer's certificate. |
|
169 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
170 @return The fully constructed object. |
|
171 */ |
|
172 IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, |
|
173 const TDesC8& aHashValue, |
|
174 TAlgorithmId aDigestAlgorithm, |
|
175 const CRSAPrivateKey& aKey, |
|
176 const CX509Certificate& aCert, |
|
177 TBool aAddCertificate); |
|
178 |
|
179 /** |
|
180 Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. |
|
181 This API only creates detached signed data as no data content is provided. The CMS signed data |
|
182 created by this API contains one signer info. SignL() method can be called to add more signer info. |
|
183 @param aType Encapsulated Content data type. |
|
184 @param aHashValue The hash value of the data content to be signed. |
|
185 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
186 @param aKey The RSA private key used to sign. |
|
187 @param aCert The signer's certificate. |
|
188 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
189 @return The fully constructed object. |
|
190 */ |
|
191 IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, |
|
192 const TDesC8& aHashValue, |
|
193 TAlgorithmId aDigestAlgorithm, |
|
194 const CRSAPrivateKey& aKey, |
|
195 const CX509Certificate& aCert, |
|
196 TBool aAddCertificate); |
|
197 |
|
198 /** |
|
199 Creates a CMS signed data object as defined in RFC2630. |
|
200 @param aContentInfo The CMS content info that contains the encoded signed object. |
|
201 @return The fully constructed object. |
|
202 */ |
|
203 IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo); |
|
204 |
|
205 /** |
|
206 Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack. |
|
207 @param aContentInfo The CMS content info that contains the encoded signed object. |
|
208 @return The fully constructed object. |
|
209 */ |
|
210 IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo); |
|
211 |
|
212 |
|
213 /** |
|
214 Creates one signature and adds it to the Signer info list. The signing certificate |
|
215 is added to the certificate list if the last boolean parameter aAddCertificate is true and |
|
216 it does not exist in the list. The digest algorithm is added to the digest algorithm list if it |
|
217 does not exist in the list. Calling this API multiple times will create multiple signatures. |
|
218 @param aHashValue The hash value to be signed. If this is an empty string, |
|
219 the content data to be signed must have been passed in via |
|
220 NewL method and hash value will be calculated by the implementation |
|
221 of this method. |
|
222 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
223 @param aKey the DSA private key used to sign. |
|
224 @param aCert the signer's certificate. |
|
225 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
226 @leave KErrArgument if no hash nor data content is provided. |
|
227 */ |
|
228 IMPORT_C void SignL(const TDesC8& aHashValue, |
|
229 TAlgorithmId aDigestAlgorithm, |
|
230 const CDSAPrivateKey& aKey, |
|
231 const CX509Certificate& aCert, |
|
232 TBool aAddCertificate); |
|
233 |
|
234 |
|
235 /** |
|
236 Creates one signature and adds it to the Signer info list. The signing certificate |
|
237 is added to the certificate list if the last boolean parameter aAddCertificate is true and |
|
238 it does not exist in the list. The digest algorithm is added to the digest algorithm list if it |
|
239 does not exist in the list. Calling this API multiple times will create multiple signatures. |
|
240 @param aHashValue The hash value to be signed. If this is an empty string, |
|
241 the content data to be signed must have been passed in via |
|
242 NewL method and hash value will be calculated by the implementation |
|
243 of this method. |
|
244 @param aDigestAlgorithm The digest algorithm used to create the hash. |
|
245 @param aKey the RSA private key used to sign. |
|
246 @param aCert the signer's certificate. |
|
247 @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. |
|
248 @leave KErrArgument if no hash nor data content is provided. |
|
249 */ |
|
250 IMPORT_C void SignL(const TDesC8& aHashValue, |
|
251 TAlgorithmId aDigestAlgorithm, |
|
252 const CRSAPrivateKey& aKey, |
|
253 const CX509Certificate& aCert, |
|
254 TBool aAddCertificate); |
|
255 |
|
256 /** |
|
257 Destructor |
|
258 */ |
|
259 IMPORT_C ~CCmsSignedObject(); |
|
260 |
|
261 /* |
|
262 virtual from signedobject class |
|
263 */ |
|
264 IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const; |
|
265 IMPORT_C virtual void InternalizeL(RReadStream& aStream) ; |
|
266 IMPORT_C virtual const TPtrC8 SignedDataL() const; |
|
267 |
|
268 /** |
|
269 Returns whether the certificate list exists. |
|
270 @return Boolean indicating whether the certificate list exists. |
|
271 */ |
|
272 IMPORT_C TBool IsCertificateSetPresent() const; |
|
273 |
|
274 /** |
|
275 Returns whether the certificate revocation list exists. |
|
276 @return Boolean indicating whether the certificate Revocation list exists. |
|
277 */ |
|
278 IMPORT_C TBool IsCertificateRevocationListsPresent() const; |
|
279 |
|
280 /** |
|
281 Returns the version of this CMS signed object. |
|
282 @return The version of this CMS signed object. |
|
283 */ |
|
284 IMPORT_C TInt Version() const; |
|
285 |
|
286 /** |
|
287 Returns the employed algorithm list. |
|
288 @return The employed algorithm list reference. |
|
289 */ |
|
290 IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const; |
|
291 |
|
292 /** |
|
293 Returns the certificates list. |
|
294 @return The certificates list reference. |
|
295 */ |
|
296 IMPORT_C const RPointerArray<CCmsCertificateChoice>& Certificates() const; |
|
297 |
|
298 /** |
|
299 Returns the encapsulated content info of this signed object. |
|
300 @return The encapsulated content info reference. |
|
301 */ |
|
302 IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const; |
|
303 |
|
304 |
|
305 /** |
|
306 Retrieves the list of SignerInfo objects. |
|
307 @return The signer info list reference. |
|
308 */ |
|
309 IMPORT_C const RPointerArray<CCmsSignerInfo>& SignerInfo() const; |
|
310 |
|
311 |
|
312 /** |
|
313 Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack. |
|
314 @return ASN1 sequence of this object. |
|
315 */ |
|
316 IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const; |
|
317 |
|
318 /** |
|
319 Appends the X509 certificate to the certificate list. |
|
320 @param aCert The X509 certificate to be appended. |
|
321 */ |
|
322 IMPORT_C void AddCertificateL(const CX509Certificate& aCert); |
|
323 |
|
324 |
|
325 /** |
|
326 Appends an encoded attribute certificate to the certificate list. |
|
327 @param aCert The encoded certificate to be appended. |
|
328 @param aType The type of the encoded certificate.. |
|
329 */ |
|
330 IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType); |
|
331 |
|
332 /** |
|
333 Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. |
|
334 @param aSignerInfo The signer to be validated. |
|
335 @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. |
|
336 @leave KErrNotFound There is no matching certificate. |
|
337 @return Boolean that identifies whether the signer can be validated. |
|
338 */ |
|
339 IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding); |
|
340 |
|
341 /** |
|
342 Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. |
|
343 @param aSignerInfo The signer to be validated. |
|
344 @param aCertificates The certificate list provided by the user to validate the signature. |
|
345 @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. |
|
346 @return Boolean that identifies whether the signer can be validated. |
|
347 @leave KErrNotFound There is no matching certificate. |
|
348 */ |
|
349 IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding); |
|
350 |
|
351 |
|
352 |
|
353 /** |
|
354 Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. |
|
355 @param aSignerInfo The signer to be validated. |
|
356 @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. |
|
357 @param aIsHash The flag represent if the next parameter is the hash of the data content. |
|
358 @param aContentDataOrHash the descriptor that contains the data content or its hash |
|
359 @leave KErrNotFound There is no matching certificate. |
|
360 @return Boolean that identifies whether the signer can be validated. |
|
361 */ |
|
362 IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); |
|
363 |
|
364 /** |
|
365 Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. |
|
366 @param aSignerInfo The signer to be validated. |
|
367 @param aCertificates The certificate list provided by the user to validate the signature. |
|
368 @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. |
|
369 @param aIsHash The flag represent if the next parameter is the hash of the data content. |
|
370 @param aContentDataOrHash the descriptor that contains the data content or its hash |
|
371 @return Boolean that identifies whether the signer can be validated. |
|
372 @leave KErrNotFound There is no matching certificate. |
|
373 */ |
|
374 IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); |
|
375 |
|
376 |
|
377 private: |
|
378 /** |
|
379 Constructor |
|
380 */ |
|
381 CCmsSignedObject(); |
|
382 |
|
383 |
|
384 private: |
|
385 /** |
|
386 Second phase constructor for decoding a CMS signed data object |
|
387 @param aContentInfo the content info which contains the CMS signed data. |
|
388 */ |
|
389 void ConstructL(const CCmsContentInfo& aContentInfo); |
|
390 |
|
391 /** |
|
392 Second phase constructor for constructing a CMS signed data object from data content. |
|
393 @param aType the encapsulated content info type. |
|
394 @param aIsDetached if the CMS signed data does not contains the data content being signed. |
|
395 @param aContentData the content data descriptor. |
|
396 */ |
|
397 void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData); |
|
398 |
|
399 /** |
|
400 Second phase constructor for constructing a CMS signed data object from data content hash |
|
401 @param aType the encapsulated content info type. |
|
402 @param aHashValue the hash of the data content to create the signature. |
|
403 @param aDigestAlgorithm the digest algorithm. |
|
404 @param aKey the DSA private to create signature. |
|
405 @param aCert the signer's certficate |
|
406 @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. |
|
407 */ |
|
408 void ConstructL(TCmsContentInfoType aType, |
|
409 const TDesC8& aHashValue, |
|
410 TAlgorithmId aDigestAlgorithm, |
|
411 const CDSAPrivateKey& aKey, |
|
412 const CX509Certificate& aCert, |
|
413 TBool aAddCertificate); |
|
414 /** |
|
415 Second phase constructor for constructing a CMS signed data object from data content hash |
|
416 @param aType the encapsulated content info type. |
|
417 @param aHashValue the hash of the data content to create the signature. |
|
418 @param aDigestAlgorithm the digest algorithm. |
|
419 @param aKey the RSA private to create signature. |
|
420 @param aCert the signer's certficate |
|
421 @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. |
|
422 */ |
|
423 void ConstructL(TCmsContentInfoType aType, |
|
424 const TDesC8& aHashValue, |
|
425 TAlgorithmId aDigestAlgorithm, |
|
426 const CRSAPrivateKey& aKey, |
|
427 const CX509Certificate& aCert, |
|
428 TBool aAddCertificate); |
|
429 /** |
|
430 Append the algorithm to the algoritm list |
|
431 @param aDigestAlgorithm the algorithm ID. |
|
432 */ |
|
433 void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm); |
|
434 |
|
435 /** |
|
436 Build the signer's identifier from the signer's certificate. If the signer's certificate |
|
437 contains the subject identifier extension, the signer identifier is subject id extension. |
|
438 otherwise, the signer identifier is isuuer name and serial number. |
|
439 @param aCert the signer's certificate. |
|
440 @return a CMS signer identifier instance pointer |
|
441 */ |
|
442 CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert); |
|
443 |
|
444 /** |
|
445 Build the signer list, algorithm list and certificate list in the CMS signer data. |
|
446 @param aDigestAlgorithm the digest algorithm identifier. |
|
447 @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data |
|
448 @param aValue the data content or its hash. |
|
449 @param aKey the DSA private used to sign. |
|
450 @param aCert the signer's certificate |
|
451 @param aAddCertificate the flag to represent if the certificate is added to the certificate set |
|
452 */ |
|
453 void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, |
|
454 TBool aIsHash, |
|
455 const TDesC8& aValue, |
|
456 const CDSAPrivateKey& aKey, |
|
457 const CX509Certificate& aCert, |
|
458 TBool aAddCertificate); |
|
459 |
|
460 /** |
|
461 Build the signer list, algorithm list and certificate list in the CMS signer data. |
|
462 @param aDigestAlgorithm the digest algorithm identifier. |
|
463 @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data |
|
464 @param aValue the data content or its hash. |
|
465 @param aKey the RSA private used to sign. |
|
466 @param aCert the signer's certificate |
|
467 @param aAddCertificate the flag to represent if the certificate is added to the certificate set |
|
468 */ |
|
469 void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, |
|
470 TBool aIsHash, |
|
471 const TDesC8& aValue, |
|
472 const CRSAPrivateKey& aKey, |
|
473 const CX509Certificate& aCert, |
|
474 TBool aAddCertificate); |
|
475 /** |
|
476 Initialise the signed data base class members for the validation process. |
|
477 @param aRawData the raw data of the CMS signed data. |
|
478 */ |
|
479 void InitSignedObjectL(const TDesC8& aRawData); |
|
480 |
|
481 |
|
482 /** |
|
483 Decode the CMS Signer data. |
|
484 @param aRawData the raw data of the CMS signed data. |
|
485 */ |
|
486 void DecodeSignedDataL(const TDesC8& aRawData); |
|
487 |
|
488 /** |
|
489 Decode the digest algorithm set. |
|
490 @param the raw data of the algorithm list. |
|
491 */ |
|
492 void DecodeDigestAlgorithmsL(const TDesC8& aRawData); |
|
493 |
|
494 /** |
|
495 Decode the encapsulated content info |
|
496 @param the raw data of the encapsulated content info. |
|
497 */ |
|
498 void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData); |
|
499 |
|
500 /** |
|
501 Decode the certificate set. |
|
502 @param the raw data of the certificate list |
|
503 */ |
|
504 void DecodeCertificatesL(const TDesC8& aRawData); |
|
505 |
|
506 /** |
|
507 Decode the certificate revocation set. Not implemented now! |
|
508 @param the raw data of the certificate revocation list. |
|
509 */ |
|
510 void DecodeRevocationListsL(const TDesC8& aRawData); |
|
511 |
|
512 /** |
|
513 Decode the signer info set. |
|
514 @param the raw data of the certificate revocation list. |
|
515 */ |
|
516 void DecodeSignerInfoL(const TDesC8& aRawData); |
|
517 |
|
518 /** |
|
519 Encode the certificate set |
|
520 @return the encoding of the certificate set |
|
521 */ |
|
522 CASN1EncBase* EncodeCertificatesLC() const; |
|
523 |
|
524 /** |
|
525 Encode the algorithm set |
|
526 @return the encoding of the digest algorithm set |
|
527 */ |
|
528 CASN1EncBase* EncodeAlgorithmsLC() const; |
|
529 |
|
530 /** |
|
531 Encode the signer info set |
|
532 @return the encoding of the certificate set |
|
533 */ |
|
534 CASN1EncBase* EncodeSignerInfoLC() const; |
|
535 |
|
536 /** |
|
537 Validate the signature by the given certificate. |
|
538 @param aSignerInfo the signer info reference contains the signature |
|
539 @param aEndEntityCert the certificate used to create the signature. |
|
540 @return if the signature can be validated |
|
541 */ |
|
542 TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert); |
|
543 |
|
544 /** |
|
545 This function is called when validating a detached CMS signed object. |
|
546 It sets the data content being signed so that the signed data can be validated. |
|
547 @param aContentData The data content being signed. |
|
548 */ |
|
549 void SetContentData(const TDesC8& aContentData); |
|
550 |
|
551 /** |
|
552 This function is called when validating a detached CMS signed object. |
|
553 It sets the hash being signed so that the signed data can be validated. |
|
554 @param aHash The hash being signed. |
|
555 */ |
|
556 void SetHash(const TDesC8& aHash); |
|
557 |
|
558 |
|
559 private: |
|
560 /** |
|
561 Reprents if the certificate set is present |
|
562 */ |
|
563 TBool iIsCertificateSetPresent; |
|
564 |
|
565 /** |
|
566 Reprents if the certificate revocationlisy is present |
|
567 */ |
|
568 TBool iIsCertificateRevocationListsPresent; |
|
569 |
|
570 /** |
|
571 Version of the Signed object |
|
572 */ |
|
573 TInt iVersion; |
|
574 |
|
575 /** |
|
576 Algorithm Set |
|
577 */ |
|
578 RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms; |
|
579 |
|
580 /** |
|
581 Encapsulated Content List |
|
582 */ |
|
583 CEncapsulatedContentInfo* iContentInfo; |
|
584 |
|
585 /** |
|
586 Certificate Set |
|
587 */ |
|
588 RPointerArray<CCmsCertificateChoice> iCertificates; |
|
589 |
|
590 /** |
|
591 Signer Info Set |
|
592 */ |
|
593 RPointerArray<CCmsSignerInfo> iSignerInfo; |
|
594 |
|
595 /** |
|
596 Array of Encoded fields |
|
597 */ |
|
598 TFixedArray<TPtrC8*, KCmsMaxSignedDataElements> iDataElements; |
|
599 |
|
600 /** |
|
601 The data content being signed |
|
602 */ |
|
603 TPtrC8 iContentData; |
|
604 |
|
605 /** |
|
606 The Hash being signed |
|
607 */ |
|
608 TPtrC8 iHash; |
|
609 }; |
|
610 |
|
611 |
|
612 #endif //CMSSIGNEDOBJECT_H |