1 /*

     2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 *

    16 */

    17 

    18 

    19 

    20 

    21 /**

    22  @file

    23  @publishedPartner

    24  @released

    25 */

    26 

    27 #ifndef __PKCS7_SIGNED_OBJECT_H__

    28 #define __PKCS7_SIGNED_OBJECT_H__

    29 

    30 #include <signed.h>

    31 #include <e32base.h>

    32 

    33 class CPKCS7ContentInfo;

    34 class CPKCS7ExtendedCertificateOrCertificate;

    35 class CPKCS7SignerInfo;

    36 class TASN1DecGeneric;

    37 class CX509AlgorithmIdentifier;

    38 class CX509Certificate;

    39 

    40 const TInt KPKCS7MaxDataElements = 6;

    41 

    42 /**

    43  A representation of a PKCS7 (signed data) entity

    44  This class is only used for update notifications and so does not provide

    45  full functionality. In particular, there is no means for creating a new 

    46  PKCS7 object (other than from binary data),there is no means to modify it 

    47  and revokation lists are not supported.  The optional fields in signerinfo

    48  are not supported and are ignored.

    49  @internalTechnology

    50  */

    51 class CPKCS7SignedObject : public CSignedObject

    52 	{

    53 public:

    54 	/**

    55 	Values for encoded data element positions in tbsCert data structure.

    56 	These values are passed as the index to the DataElementEncoding() function

    57 	Objects containing revokation lists are not supported

    58 	*/

    59 	enum

    60 		{

    61 		EVersionNumber = 0,	

    62 		EDigestAlgorithms = 1,

    63 		EContentInfo = 2,

    64 		ECertificates = 3,

    65 		ERevocationLists = 4,

    66 		ESignedInfo = 5

    67 		};

    68 	/**

    69 	Creates a PKCS7 object from the RFC2315 representation

    70 	@param aRawData	The binary ASN1 encoded entity

    71 	@return			The fully constructed object

    72 	*/

    73 	IMPORT_C static CPKCS7SignedObject* NewL(const CPKCS7ContentInfo& aContentInfo);

    74 

    75 	/**

    76 	Creates a PKCS7-2 object from the RFC2315 representation

    77 	@param aRawData	The binary ASN1 encoded entity

    78 	@return			The fully constructed object

    79 	*/

    80 	IMPORT_C static CPKCS7SignedObject* NewLC(const CPKCS7ContentInfo& aContentInfo);

    81 

    82 	/** (From CSignedObject) 

    83 	Accesses one of the encoded fields

    84 	@param aIndex	One of the data element positions listed in the preceding enum

    85 	@return			The encoded field

    86 	*/

    87 	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;

    88 	/** (From CSignedObject) 

    89 	Not supported

    90 	*/

    91 	IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;

    92 	/** (From CSignedObject) 

    93 	Provides access to the signed data (PKCS7-2) part of the PKCS7 object

    94 	@return			The signed data

    95 	*/

    96 	IMPORT_C virtual const TPtrC8 SignedDataL() const;

    97 	/**

    98 	Provides access to the digest algorithms

    99 	@return			The digest algorithms

   100 	*/

   101 	IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;

   102 	/**

   103 	Provides access to the PKCS7 version number

   104 	@return			The version number

   105 	*/

   106 	IMPORT_C TInt Version() const;

   107 	/**

   108 	Provides access to the PKCS7 version number

   109 	@return			The version number

   110 	*/

   111 	IMPORT_C const CPKCS7ContentInfo& ContentInfo() const;

   112 	/**

   113 	Provides access to the certificates

   114 	@return			The certificates

   115 	*/

   116 	IMPORT_C const RPointerArray<CPKCS7ExtendedCertificateOrCertificate>& Certificates() const;

   117 	/**

   118 	Provides access to the signer information

   119 	@return			The signer information

   120 	*/

   121 	IMPORT_C const RPointerArray<CPKCS7SignerInfo>& SignerInfo() const;

   122 	/**

   123 	Validates the signer and creates the certificate chain for that signer

   124 	@param aSignerInfo			The signer to be validated

   125 	@param aCertChainEncoding	The certificate chain.  This is created and pushed onto the

   126 								cleanup stack by the function.

   127 	*/

   128 	IMPORT_C TBool ValidateSignerL(const CPKCS7SignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);

   129 	/** The destructor */

   130 	IMPORT_C ~CPKCS7SignedObject();

   131 protected:

   132 	IMPORT_C CPKCS7SignedObject(void);

   133 	IMPORT_C void ConstructL(const CPKCS7ContentInfo& aContentInfo);

   134 

   135 

   136 private:

   137 	CPKCS7SignedObject(const CPKCS7SignedObject&);

   138 	void InitSignedObjectL(const TDesC8& aRawData);

   139 	void DecodeSignedDataL(const TDesC8& aRawData);

   140 	void DecodeDigestAlgorithmsL(const TDesC8& aRawData);

   141 	void DecodeCertificatesL(const TDesC8& aRawData);

   142 	void DecodeRevocationListsL(const TDesC8& aRawData);

   143 	void DecodeSignerInfoL(const TDesC8& aRawData);

   144 

   145 	TBool ValidateSignatureL(const CPKCS7SignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);

   146 protected:

   147 	RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;

   148 	TInt iVersion;

   149 	CPKCS7ContentInfo* iContentInfo;

   150 	RPointerArray<CPKCS7ExtendedCertificateOrCertificate> iCertificates;

   151 	RPointerArray<CPKCS7SignerInfo> iSignerInfo;

   152 	TFixedArray<TPtrC8*, KPKCS7MaxDataElements> iDataElements;

   153 	};

   154 

   155 #endif //__PKCS7_SIGNED_OBJECT_H__