Mercurial Mercurial > oss > FCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h
changeset 0 2c201484c85f
child 8 35751d3474b7 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h	Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,220 @@
+/*
+* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+
+
+/**
+ @file 
+ @internalTechnology
+*/
+ 
+#ifndef __PKIXCERTS_H__
+#define __PKIXCERTS_H__
+
+//pkixroots.h
+#include <e32std.h>
+#include <x509cert.h>
+#include <x509certext.h>
+#include <mcertstore.h>
+
+/**
+ * Base class for classes that help retrieving certificates from stores
+ */
+class MPKIXCertSource
+	{
+public:
+	//copies cert into aCandidates, passes ownership of cert to calling code...
+	virtual void CandidatesL(const CX509Certificate& aSubject, 
+		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
+	virtual void CancelCandidates() = 0;
+	virtual void Release() = 0;
+
+protected:
+	virtual ~MPKIXCertSource();
+	
+protected:
+	/**
+	 * This function compares the issuer altname in aSubjectCert with the 
+	 * subject altname in aIssuerCert
+	 * @param aSubjectCert We will compare the issuer altname of this certificate.
+	 * @param aIssuerCert We will compare the subject altname of this certificate.
+	 * @return 
+	 * <UL>
+	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
+	 * aIssuerCert</LI>
+	 * <LI>EFalse otherwise</LI>
+	 * </UL>
+	 */
+	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
+	};
+
+/**
+ * This class is used to retrieve the certificates from a store
+ * It doesn't work with client base trust.
+ */
+class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
+	{
+public:
+	/**
+	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
+	 * Initialize must be called after this function
+	 * @param aStore Reference to the cert store. The store is created with the default 
+	 * filter intialized to retrieve certificate of CA type and of X509 format.
+	 * @return Initialized instance of this class.
+	 */
+	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
+	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
+	
+	/**
+	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
+	 * Initialize must be called after this function
+	 * @param aStore Reference to the cert store. The store is created with the default 
+	 * filter intialized to retrieve certificate of CA type and of X509 format.
+	 * @param aClient The UID for which the certificates are to be retrieved from the
+	 * cert store, This UID is also passed to the filter for retrieving the certificates 
+	 * specific to this client UID.
+	 * @return Initialized instance of this class.
+	 */
+	
+	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
+	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
+	/**
+	 * This function does the actual listing of certificates based on the filter created.
+	 * It must be called after construction.
+	 * @param aStatus Standard parameter for asynchronous calling convention. 
+	 */
+	void Initialize(TRequestStatus& aStatus);
+	/**
+	 * This function returns a list of CA certificates that authenticate the
+	 * aSubject certificate.
+	 * @param aCandidates On return, this array contains the list of CA certificates
+	 * that can possibly be used to authenticate aSubject. The array owns the elements
+	 * and must take care of deleting them.
+	 */
+	virtual void CandidatesL(const CX509Certificate& aSubject, 
+		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
+	virtual void CancelCandidates();
+	virtual void Release();
+	virtual ~CPKIXCertsFromStore();
+
+private:
+	CPKIXCertsFromStore(MCertStore& aCertStore);
+	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
+	void ConstructL();
+	void ConstructL(TUid aClient);
+
+public:
+	void RunL();
+	TInt RunError(TInt aError);
+	void DoCancel();
+
+private:
+	void HandleEGetCertificateL();
+	void HandleEAddCandidateL();
+	void HandleECheckTrusted();
+	
+	TBool IsDuplicateL(const CX509Certificate& aCertificate);
+
+private:
+	enum TState
+	{
+		EIdle = 0,
+		EInitialize,
+		ECheckTrusted,
+		EGetCertificate,
+		EAddCandidate,
+		EEnd
+	};
+
+private:
+	/**
+	 * The state used to know what must be done when executing
+	 * RunL().
+	 */
+	TState iState;
+
+	/**
+	 * The TRequestStatus that must be updated when the operation
+	 * requested by a user of this class has been 
+	 * completed
+	 */
+	TRequestStatus *iOriginalRequestStatus;
+
+	TUid iClient;
+
+	CCertAttributeFilter *iFilter;
+
+	/**
+	 * iRootName is used for CandidateL
+	 */
+	const CX500DistinguishedName* iRootName;
+
+	/**
+	 * We don't own this
+	 */
+	const CX509Certificate* iSubject;
+
+	/**
+	 * We don't own this
+	 */
+	RPointerArray<CX509Certificate>* iCandidates;
+
+	/**
+	 * iCertData is used for CandidateL
+	 */
+	HBufC8* iCertData;
+
+	TPtr8* iCertPtr;
+
+	/**
+	 * iEntriesIndex is used for CandidateL
+	 */
+	TInt iEntriesIndex;
+	
+	/**
+	 * Applies to certificate at iEntriesIndex - reflects trust setting
+	 */
+	TBool iIsTrusted;
+
+	/**
+	 * Used when listing certificates (filtered but not on trust).
+	 */
+	RMPointerArray<CCTCertInfo> iCertInfos;
+
+	MCertStore& iCertStore;
+	};
+
+class CPKIXCertsFromClient : public MPKIXCertSource
+	{
+public:
+	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
+	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
+	virtual void CandidatesL(const CX509Certificate& aSubject,
+		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
+	virtual void CancelCandidates();
+	virtual void Release();
+	virtual ~CPKIXCertsFromClient();
+
+private:
+	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);
+
+private:
+	const RPointerArray<CX509Certificate>& iCerts;
+	};
+
+#endif
FCL/sf/os/security