|
1 /* |
|
2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 /** |
|
22 @file |
|
23 @internalTechnology |
|
24 */ |
|
25 |
|
26 #ifndef __PKIXCERTS_H__ |
|
27 #define __PKIXCERTS_H__ |
|
28 |
|
29 //pkixroots.h |
|
30 #include <e32std.h> |
|
31 #include <x509cert.h> |
|
32 #include <x509certext.h> |
|
33 #include <mcertstore.h> |
|
34 |
|
35 /** |
|
36 * Base class for classes that help retrieving certificates from stores |
|
37 */ |
|
38 class MPKIXCertSource |
|
39 { |
|
40 public: |
|
41 //copies cert into aCandidates, passes ownership of cert to calling code... |
|
42 virtual void CandidatesL(const CX509Certificate& aSubject, |
|
43 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0; |
|
44 virtual void CancelCandidates() = 0; |
|
45 virtual void Release() = 0; |
|
46 |
|
47 protected: |
|
48 virtual ~MPKIXCertSource(); |
|
49 |
|
50 protected: |
|
51 /** |
|
52 * This function compares the issuer altname in aSubjectCert with the |
|
53 * subject altname in aIssuerCert |
|
54 * @param aSubjectCert We will compare the issuer altname of this certificate. |
|
55 * @param aIssuerCert We will compare the subject altname of this certificate. |
|
56 * @return |
|
57 * <UL> |
|
58 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in |
|
59 * aIssuerCert</LI> |
|
60 * <LI>EFalse otherwise</LI> |
|
61 * </UL> |
|
62 */ |
|
63 TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const; |
|
64 }; |
|
65 |
|
66 /** |
|
67 * This class is used to retrieve the certificates from a store |
|
68 * It doesn't work with client base trust. |
|
69 */ |
|
70 class CPKIXCertsFromStore : public CActive, public MPKIXCertSource |
|
71 { |
|
72 public: |
|
73 /** |
|
74 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler |
|
75 * Initialize must be called after this function |
|
76 * @param aStore Reference to the cert store. The store is created with the default |
|
77 * filter intialized to retrieve certificate of CA type and of X509 format. |
|
78 * @return Initialized instance of this class. |
|
79 */ |
|
80 static CPKIXCertsFromStore* NewL(MCertStore& aCertStore); |
|
81 static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore); |
|
82 |
|
83 /** |
|
84 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler |
|
85 * Initialize must be called after this function |
|
86 * @param aStore Reference to the cert store. The store is created with the default |
|
87 * filter intialized to retrieve certificate of CA type and of X509 format. |
|
88 * @param aClient The UID for which the certificates are to be retrieved from the |
|
89 * cert store, This UID is also passed to the filter for retrieving the certificates |
|
90 * specific to this client UID. |
|
91 * @return Initialized instance of this class. |
|
92 */ |
|
93 |
|
94 static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient); |
|
95 static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient); |
|
96 /** |
|
97 * This function does the actual listing of certificates based on the filter created. |
|
98 * It must be called after construction. |
|
99 * @param aStatus Standard parameter for asynchronous calling convention. |
|
100 */ |
|
101 void Initialize(TRequestStatus& aStatus); |
|
102 /** |
|
103 * This function returns a list of CA certificates that authenticate the |
|
104 * aSubject certificate. |
|
105 * @param aCandidates On return, this array contains the list of CA certificates |
|
106 * that can possibly be used to authenticate aSubject. The array owns the elements |
|
107 * and must take care of deleting them. |
|
108 */ |
|
109 virtual void CandidatesL(const CX509Certificate& aSubject, |
|
110 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus); |
|
111 virtual void CancelCandidates(); |
|
112 virtual void Release(); |
|
113 virtual ~CPKIXCertsFromStore(); |
|
114 |
|
115 private: |
|
116 CPKIXCertsFromStore(MCertStore& aCertStore); |
|
117 CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient); |
|
118 void ConstructL(); |
|
119 void ConstructL(TUid aClient); |
|
120 |
|
121 public: |
|
122 void RunL(); |
|
123 TInt RunError(TInt aError); |
|
124 void DoCancel(); |
|
125 |
|
126 private: |
|
127 void HandleEGetCertificateL(); |
|
128 void HandleEAddCandidateL(); |
|
129 void HandleECheckTrusted(); |
|
130 |
|
131 TBool IsDuplicateL(const CX509Certificate& aCertificate); |
|
132 |
|
133 private: |
|
134 enum TState |
|
135 { |
|
136 EIdle = 0, |
|
137 EInitialize, |
|
138 ECheckTrusted, |
|
139 EGetCertificate, |
|
140 EAddCandidate, |
|
141 EEnd |
|
142 }; |
|
143 |
|
144 private: |
|
145 /** |
|
146 * The state used to know what must be done when executing |
|
147 * RunL(). |
|
148 */ |
|
149 TState iState; |
|
150 |
|
151 /** |
|
152 * The TRequestStatus that must be updated when the operation |
|
153 * requested by a user of this class has been |
|
154 * completed |
|
155 */ |
|
156 TRequestStatus *iOriginalRequestStatus; |
|
157 |
|
158 TUid iClient; |
|
159 |
|
160 CCertAttributeFilter *iFilter; |
|
161 |
|
162 /** |
|
163 * iRootName is used for CandidateL |
|
164 */ |
|
165 const CX500DistinguishedName* iRootName; |
|
166 |
|
167 /** |
|
168 * We don't own this |
|
169 */ |
|
170 const CX509Certificate* iSubject; |
|
171 |
|
172 /** |
|
173 * We don't own this |
|
174 */ |
|
175 RPointerArray<CX509Certificate>* iCandidates; |
|
176 |
|
177 /** |
|
178 * iCertData is used for CandidateL |
|
179 */ |
|
180 HBufC8* iCertData; |
|
181 |
|
182 TPtr8* iCertPtr; |
|
183 |
|
184 /** |
|
185 * iEntriesIndex is used for CandidateL |
|
186 */ |
|
187 TInt iEntriesIndex; |
|
188 |
|
189 /** |
|
190 * Applies to certificate at iEntriesIndex - reflects trust setting |
|
191 */ |
|
192 TBool iIsTrusted; |
|
193 |
|
194 /** |
|
195 * Used when listing certificates (filtered but not on trust). |
|
196 */ |
|
197 RMPointerArray<CCTCertInfo> iCertInfos; |
|
198 |
|
199 MCertStore& iCertStore; |
|
200 }; |
|
201 |
|
202 class CPKIXCertsFromClient : public MPKIXCertSource |
|
203 { |
|
204 public: |
|
205 static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts); |
|
206 static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts); |
|
207 virtual void CandidatesL(const CX509Certificate& aSubject, |
|
208 RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus); |
|
209 virtual void CancelCandidates(); |
|
210 virtual void Release(); |
|
211 virtual ~CPKIXCertsFromClient(); |
|
212 |
|
213 private: |
|
214 CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts); |
|
215 |
|
216 private: |
|
217 const RPointerArray<CX509Certificate>& iCerts; |
|
218 }; |
|
219 |
|
220 #endif |