1 /*

     2 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 * Declares classes for producing PKCS#10 certificate requests.

    16 *

    17 */

    18 

    19 

    20 

    21 

    22 /**

    23  @file

    24  @publishedPartner

    25  @released 

    26 */

    27 

    28 #ifndef __PKCS10_H__

    29 #define __PKCS10_H__

    30 

    31 #include <e32base.h>

    32 #include <asn1enc.h>

    33 #include <mctkeystore.h>

    34 #include <signed.h>

    35 

    36 class CX500DistinguishedName;

    37 class CASN1EncBase;

    38 class CPKCS10Attributes;

    39 class CPKCS10KeyHelper;

    40 class CMessageDigest;

    41 class TX509KeyEncoder;

    42 

    43 /** 

    44  * Class for making PKCS#10 Certificate Request objects.

    45  *

    46  * Keys are specified by a cryptotokens key info object - this means that this

    47  * API can only be used to generate cert requests for keys that are held in a

    48  * keystore on the device.

    49  * 

    50  */

    51 class CPKCS10Request : public CActive

    52 	{

    53 public:

    54 	/**

    55 	 * Creates a new PKCS#10 request object.

    56 	 * 

    57 	 * @param aDN X500 distinguished name of the entity provided by caller.

    58 	 *     Stored in iDN member variable. Ownership is not transferred.

    59 	 * @param aKeyInfo The key info object of the key to sign the request with.

    60 	 * 	   Does not take ownership.

    61 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.

    62 	 * 	   Takes ownership.

    63 	 * @return A pointer to the newly allocated object.

    64 	 */

    65 	IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN,

    66 										 const CCTKeyInfo& aKeyInfo,

    67 										 CPKCS10Attributes* aAttr = NULL);

    68 	

    69 	/**

    70 	 * Creates a new PKCS#10 request object.

    71 	 * 

    72 	 * @param aDN X500 distinguished name of the entity provided by caller.

    73 	 *     Stored in iDN member variable. Ownership is not transferred.

    74 	 * @param aKeyInfo The key info object of the key to sign the request with.

    75 	 * 	   Does not take ownership.

    76 	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.

    77 	 * 	   Takes ownership.

    78 	 * @return A pointer to the newly allocated object that is left on the

    79 	 * 	   cleanup stack.

    80 	 */

    81 	IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN,

    82 										 const CCTKeyInfo& aKeyInfo,

    83 										 CPKCS10Attributes* aAttr = NULL);

    84 

    85 	/**

    86 	 * Destructs PKCS#10 object, deletes encoding buffer and attributes.

    87 	 */

    88 	IMPORT_C virtual ~CPKCS10Request();

    89 

    90 public:

    91 

    92 	/**

    93 	 * Set the attributes to be encoded in the request. It replaces existing

    94 	 * attributes, if any.

    95 	 * @param aAttr The attributes - this object takes ownership.

    96 	 */

    97 	IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr);

    98 

    99 	/**

   100 	 * Set the digest algorithm to use when signing the request.  If this method

   101 	 * is not called, the default SHA-1 is used. 

   102 	 *

   103 	 * @param aDigest	For RSA keys, one of EMD2, EMD5 or ESHA1.  

   104 	 * 					For DSA keys, ESHA1 is the only permitted value.

   105 	 * @leave KErrArgument if the specified algorithm is not supported.

   106 	 */

   107 	IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest);

   108 

   109 	/**

   110 	 * Set the distinguished name of the entity. It replaces existing

   111 	 * name, if any.

   112 	 * @param aDN X500 distinguished name of the entity provided by caller.

   113 	 *     Stored in iDN member variable. Ownership is not transferred.

   114 	 */

   115 	IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN);

   116 

   117 	/**

   118 	 * Set the information of the key to sign with. It replaces existing

   119 	 * key info, if any.

   120 	 * @param aKeyInfo The key info object of the key to sign the request with.

   121 	 * 	   Does not take ownership.

   122 	 */

   123 	IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo);

   124 

   125 	/**

   126 	 * Create the ASN.1 DER encoding of the certificate request.  This is an

   127 	 * asynchronous method. The Cancel() method can be called to cancel an

   128 	 * outstanding request. This method can be called repeatedly to create 

   129 	 * certificate requests after setting the various parameters. However an

   130 	 * outstanding request must complete or be cancelled before calling this 

   131 	 * method again.

   132 	 * 

   133 	 * 

   134 	 * @param aResult	On successful completion, this points to a newly

   135 	 * 					allocated buffer containing the encoded certificate request.

   136 	 * @param aStatus	Asynchronous status notification 

   137 	 */	

   138 	IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);

   139 	

   140 private:

   141 

   142 	virtual void RunL();

   143 	virtual TInt RunError(TInt aErr);

   144 	virtual void DoCancel();

   145 

   146 	enum TState

   147 		{

   148 		EIdle,

   149 		EInitialize,

   150 		EGetKeyStore,

   151 		EGetPublicKey,

   152 		EOpenSigner,

   153 		ESign

   154 		};

   155 

   156 private:

   157 	/** Private constructor that initializes essential member variables. */

   158 	CPKCS10Request(const CX500DistinguishedName* aDN,

   159 				   const CCTKeyInfo* aKeyInfo,

   160 				   CPKCS10Attributes* aAttr);

   161 

   162 	// Methods making ASN.1 encoding objects

   163 

   164 	/**	

   165 	 * Performs the actual ASN.1 encoding of the request without signing it.

   166 	 * certRequestInfo is what gets signed with private key.

   167 	 * @return Pointer to a newly allocated CASN1EncSequence object.

   168 	 */

   169 	CASN1EncSequence* MakeCertRequestInfoEncLC();

   170 

   171 	/**

   172 	 * Encodes desired certificate attributes into ASN1. Takes whatever 

   173 	 * attributes are in the iAttributes and adds them below a 

   174 	 * sequence. If there are no attributes stored, leaves the set empty.

   175 	 * 

   176 	 * The structure of the attribute node is as follows:

   177 	 * @code

   178      * Context-specific[0]

   179      *    SEQUENCE-OF

   180      *      OID of the organization

   181      *      SET-OF

   182      *        SEQUENCE-OF (stored in iAttributes)

   183      *          SEQUENCE-OF

   184      *            OID of attribute

   185      *            OCTET STRING value

   186      *          SEQUENCE-OF

   187      *            OID of attribute

   188      *            OCTET STRING value

   189      *          ...

   190 	 * @endcode

   191 	 * @return Pointer to a newly allocated encoding object containing 

   192 	 *     desired certificate attributes.

   193 	 */

   194 	CASN1EncBase* MakeAttrEncLC();

   195 

   196 	/**

   197 	 * Generates data to be signed.

   198 	 */

   199 	void EncodeTBSDataL();

   200 

   201 	void CreateFinalEncodingL();

   202 

   203 	void Reset();

   204 

   205 private:

   206 	const CX500DistinguishedName*	iDN;

   207 	const CCTKeyInfo* 				iKeyInfo;

   208 	CPKCS10Attributes*				iAttributes;

   209 	TAlgorithmId					iDigestId;

   210 	TRequestStatus*					iClientStatus;

   211 	TState 							iState;

   212 	HBufC8**						iResult;

   213 	MCTKeyStore*					iKeyStore;

   214 	CPKCS10KeyHelper*				iKeyHelper;

   215 	HBufC8*							iExportedKey;

   216 	HBufC8*							iTBSData;

   217 	};

   218 

   219 #endif