1 /*

     2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 * CPKIXCertChainAO class implementation

    16 *

    17 */

    18 

    19 

    20 

    21 

    22 /**

    23  @file 

    24  @internalTechnology

    25 */

    26  

    27 #ifndef __PKIXCERTCHAINAO_H__

    28 #define __PKIXCERTCHAINAO_H__

    29 

    30 #include <e32base.h>

    31 #include "pkixcerts.h"

    32 #include "pkixchainbuilder.h"

    33 #include "pkixcertstate.h"

    34 #include <x509cert.h>

    35 #include <x509certext.h>

    36 #include <x509gn.h>

    37 #include <pkixcertchain.h>

    38 

    39 class CPKIXCertChainBase;

    40 

    41 /**

    42  * This class handles the asynchronous part of the pkix chain validation. It

    43  * is an active object which handles the asynchronous certificate store operations.

    44  */

    45 class CPKIXCertChainAO : public CActive

    46 {

    47 public:

    48 	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain,

    49 		const RPointerArray<CX509Certificate>& aRootCerts);

    50 	static CPKIXCertChainAO* NewL(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, 

    51 		const TUid aClient);

    52 	virtual ~CPKIXCertChainAO();

    53 

    54 private:

    55 	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain);

    56 	CPKIXCertChainAO(MCertStore& aCertStore, CPKIXCertChainBase &aPKIXCertChain, const TUid aClient);

    57 	void ConstructL(const RPointerArray<CX509Certificate>& aRootCerts);

    58 

    59 public:

    60 	void RunL();

    61 	TInt RunError(TInt aError);

    62 	void DoCancel();

    63 

    64 private:

    65 	void HandleEStoreManagerInitializationL();

    66 	void HandleEStoreManagerInitializedL();

    67 	void HandleEAddRootsL();

    68 	void HandleERootsInitializedL();

    69 	void HandleEBuildChainStartL();

    70 	void HandleEBuildChainAddCandidateEndL();

    71 	void HandleEBuildChainCertsFromStoreBeginL();

    72 	void HandleEBuildChainCertsFromStoreEndL();

    73 	void HandleEAddCandidateIntermediateCertsEndL();

    74 	void HandleEValidateEndL();

    75 

    76 	// Request functions

    77 public:

    78 	void ValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,							

    79 		const CArrayPtr<HBufC>* aInitialPolicies, TRequestStatus& aStatus);

    80 	void CancelValidate();

    81 

    82 private:

    83 	void InitParamsL();

    84 	void SetParamsL(CX509Certificate& aCert, const TPtrC8& aEncodedParams);

    85 	void DoValidateL(CPKIXValidationResultBase& aValidationResult, const TTime& aValidationTime,

    86 		const CArrayPtr<HBufC>* aInitialPolicies);

    87 	void ProcessCertsL(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult) const;

    88 	void CriticalExtsL(CPKIXValidationState& aState, const CX509Certificate& aCert) const;

    89 	void CheckSignatureAndNameL(const CX509Certificate& aCert, CPKIXValidationState& aState, 

    90 								CPKIXValidationResultBase& aResult) const;

    91 	void CheckCriticalExtsL(CPKIXValidationState& aState, 

    92 		CPKIXValidationResultBase& aResult) const;

    93 

    94 	/**

    95 	 * The states used to know what to do in the RunL function.

    96 	 */

    97 	enum TState

    98 	{

    99 		EAddRoots,

   100 		ERootsInitialized,

   101 		EBuildChainStart,

   102 		EBuildChainAddCandidateEnd,

   103 		EBuildChainCertsFromStoreBegin,

   104 		EBuildChainCertsFromStoreEnd,

   105 		EAddCandidateIntermediateCertsEnd,

   106 		EValidateEnd

   107 	};

   108 

   109 private:

   110 	MCertStore* iCertStore;

   111 	// a reference to the object which owns this instance

   112 	CPKIXCertChainBase &iPKIXCertChain;

   113 	TUid iClient;

   114 	TState iState;

   115 

   116 	/**

   117 	 * <P>Ownership of this object is peculiar.</P>

   118 	 * <P>We need this to be a member because it is created and initialized in

   119 	 * the EAddRoots handler but is only added to iRoots in the ERootsInitialized

   120 	 * handler. iRoots takes ownesrhip of it, so it is set to 0 afterwards.</P>

   121 	 * <P>The only case where the destructor will have to delete it, is when a leave

   122 	 * occurs between the EAddRoots and ERootsInitialized states.</P>

   123 	 */

   124 	CPKIXCertsFromStore* iCertsFromStoreRoots;

   125 

   126 	TRequestStatus* iOriginalRequestStatus;

   127 

   128 	/**

   129 	 * The roots that we trust.

   130 	 * This can be given 

   131 	 * <UL>

   132 	 * <LI>explicitly : the user gives a set of root certificates at construction time.</LI>

   133 	 * <LI>implicitly : the user gives the uid of the application and the validation code

   134 	 * retrieves the root certificates trusted for this application from the certificate

   135 	 * store.</LI>

   136 	 * </UL>

   137 	 */

   138 	CPKIXChainBuilder* iRoots;

   139 

   140 	CPKIXChainBuilder* iBuilder;

   141 

   142 	/**

   143 	 * To store the parameters passed to CPKIXCertChainBase::Validate

   144 	 */ 

   145 	CPKIXValidationResultBase* iValidationResult;

   146 	/**

   147 	 * To store the parameters passed to CPKIXCertChainBase::Validate

   148 	 */ 

   149 	TTime iValidationTime;					 

   150 	/**

   151 	 * To store the parameters passed to CPKIXCertChainBase::Validate

   152 	 */ 

   153 	const CArrayPtr<HBufC>* iInitialPolicies;

   154 

   155 	TBool iAddIssuerResult;

   156 

   157 	TInt iNumberOfAddedCertificates;

   158 };

   159 

   160 #endif