--- a/cryptoservices/certificateandkeymgmt/inc/x509cert.h Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptoservices/certificateandkeymgmt/inc/x509cert.h Thu Sep 10 14:01:51 2009 +0300
@@ -1,704 +1,687 @@
-/*
-* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
-* All rights reserved.
-* This component and the accompanying materials are made available
-* under the terms of the License "Eclipse Public License v1.0"
-* which accompanies this distribution, and is available
-* at the URL "http://www.eclipse.org/legal/epl-v10.html".
-*
-* Initial Contributors:
-* Nokia Corporation - initial contribution.
-*
-* Contributors:
-*
-* Description:
-* X509 certificate implementation
-*
-*/
-
-
-
-
-/**
- @file
- @internalAll
-*/
-
-#ifndef __X509CERT_H__
-#define __X509CERT_H__
-
-#include <e32base.h>
-#include <e32std.h>
-#include <s32std.h>
-#include <signed.h>
-#include <x500dn.h>
-#include <asn1enc.h>
-
-_LIT(KMD2WithRSA,"1.2.840.113549.1.1.2");
-_LIT(KMD5WithRSA,"1.2.840.113549.1.1.4");
-_LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5");
-_LIT(KDSAWithSHA1,"1.2.840.10040.4.3");
-
-_LIT(KRSA,"1.2.840.113549.1.1.1");
-_LIT(KDH,"1.2.840.10046.2.1");
-_LIT(KDSA,"1.2.840.10040.4.1");
-_LIT(KMD5,"1.2.840.113549.2.5");
-_LIT(KMD2,"1.2.840.113549.2.2");
-_LIT(KSHA1,"1.3.14.3.2.26");
-
-/** The maximum number of allowed data elements.
-*
-* @since v7.0 */
-const TInt KX509MaxDataElements = 10;
-
-class CRSAPublicKey;
-class CDSAPublicKey;
-class CDSASignature;
-class CDSAParameters;
-
-class CPKCS1SignatureResult : public CRSASignatureResult
-/** The signature result in PKCS#1 format.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new algorithm ID object copied from an existing object.
- *
- * @param aDigestAlgorithm The algorithm ID object to be copied.
- * @param aDigest A non-modifiable descriptor representing the digest algorithm.
- * @return A pointer to the new algorithm ID object. */
- IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
-
- /** Creates a new algorithm ID object copied from an existing
- * object, and puts a pointer to the new object onto the cleanup stack.
- *
- * @param aDigestAlgorithm The algorithm ID object to be copied.
- * @param aDigest A non-modifiable descriptor representing the digest algorithm.
- * @return A pointer to the new algorithm ID object. */
- IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
-
- /** Tests whether the signature result is valid.
- *
- * @param aResult The signature result to be verified.
- * @return ETrue, if the signature result is verified; EFalse, otherwise. */
- IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);
-private:
- void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
- TBool DoVerifyL(const TDesC8& aResult);
- };
-
-class TX509KeyFactory : public TKeyFactory
-/** Constructs the public key objects used for signature verification, from their
-* encoded binary form, for X.509 certificates.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Gets the RSA public key from the encoding key.
- *
- * @param aEncoding A non-modifiable descriptor representing the entire encoding.
- * @return The RSA Public key. */
- IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const;
-
- /** Gets the RSA signature result.
- *
- * @param aDigestAlgorithm The digest algorithm ID.
- * @param aDigest A non-modifiable descriptor representing the digest algorithm.
- * @return The RSA signature result. */
- IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const;
-
- /** Gets the DSA public key from the encoding key.
- *
- * @param aParamsEncoding A non-modifiable descriptor representing
- * the encoded binary representation of the DSA parameters
- * @param aEncoding A non-modifiable descriptor representing the entire encoding.
- * @return The DSA public key.
- * @since v8.0 */
- IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const;
-
- /** Gets the digital DSA signature from the encoding key.
- *
- * @param aEncoding A non-modifiable descriptor representing the entire encoding.
- * @return The DSA signature. */
- IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const;
-
- /** Gets the DSA parameters from the encoding key.
- *
- * @param aEncoding A non-modifiable descriptor representing the entire encoding.
- * @return The DSA parameters. */
- IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const;
-
- /** Gets the DSA public key from the encoding key.
- *
- * @param aParams The DSA parameters
- * @param aEncoding A non-modifiable descriptor representing the entire encoding.
- * @return The DSA public key. */
- IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const;
- };
-
-class CX509ValidityPeriod : public CValidityPeriod
-/** The period for which an X.509 certificate is valid.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new X.509 validity period object from the specified buffer containing
- * the binary coded representation.
- *
- * Initialises the object from its encoded binary form into an internal representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new validity period object. */
- IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 validity period object from the specified buffer containing
- * the binary coded representation, and puts a pointer to it onto the cleanup stack.
- *
- * Initialises the object from its encoded binary form into an internal representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new validity period object. */
- IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 validity period object from the specified buffer containing
- * the binary coded representation, starting at the specified offset.
- *
- * Initialises the object from its encoded binary form into an internal representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new validity period object. */
- IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 validity period object from the specified buffer containing
- * the binary coded representation, starting at the specified offset, and puts
- * a pointer to it onto the cleanup stack.
- *
- * Initialises the object from its encoded binary form into an internal representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new validity period object. */
- IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-private:
- CX509ValidityPeriod();
- void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
- };
-
-class CX509AlgorithmIdentifier : public CAlgorithmIdentifier
-/** Algorithm identifier for an X.509 certificate.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new X.509 algorithm identifier object from the specified buffer containing
- * the binary coded representation.
- *
- * The function initialises the object from its encoded binary form into an internal
- * representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new algorithm identifier object. */
- IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 algorithm identifier object from the specified buffer containing
- * the binary coded representation, and puts a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new algorithm identifier object. */
- IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 algorithm identifier object from the specified buffer containing
- * the binary coded representation, starting at the specified offset.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new algorithm identifier object. */
- IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 algorithm identifier object from the specified buffer containing
- * the binary coded representation, starting at the specified offset, and puts
- * a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new algorithm identifier object. */
- IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-
- /**
- Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter.
- @param aAlgorithmId The algorithm Id used to build the object.
- @param aEncodedParams The encoded parameter for the algorithm ID.
- @return The fully constructed object.
- */
- IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
-
- /**
- Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter
- and leaves the object on the cleanup stack.
- @param aAlgorithmId The algorithm Id used to build the object.
- @param aEncodedParams The encoded parameter for the algorithm ID.
- @return The fully constructed object.
- */
- IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
-
- /**
- Creates the ASN1 DER sequence of the X509 algorithm identifier object
- and leaves it on the cleanup stack.
- @return ASN1 DER sequence of this object.
- */
- IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
-
-private:
- CX509AlgorithmIdentifier();
- CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId);
- void InitializeL(const TDesC8& aBinaryData, TInt& aPos);
- };
-
-class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier
-/** Encapsulates the IDs of the algorithms used for signing an X.509 certificate.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
- * the binary coded representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
- * the binary coded representation, and puts a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
- * the binary coded representation, starting at the specified offset.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
- * the binary coded representation,starting at the specified offset, and puts
- * a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
- /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
- *
- * @param aAsymmetricAlgorithm The asymmetric algorithm
- * @param aDigestAlgorithm The digest algorithm
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
- /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
- *
- * @param aAsymmetricAlgorithm The asymmetric algorithm
- * @param aDigestAlgorithm The digest algorithm
- * @return The new signing algorithm Id object. */
- IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
-private:
- CX509SigningAlgorithmIdentifier();
- void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
- void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
- };
-
-class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo
-/** X.509 subject public key information.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new X.509 subject public key object from the specified buffer containing
- * the binary coded representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new subject public key object. */
- IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 subject public key object from the specified buffer containing
- * the binary coded representation, and puts a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new subject public key object. */
- IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 subject public key object from the specified buffer containing
- * the binary coded representation, starting at the specified offset.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The subject public key object. */
- IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 subject public key object from the specified buffer containing
- * the binary coded representation, starting at the specified offset, and puts
- * a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new subject public key object. */
- IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-private:
- CX509SubjectPublicKeyInfo();
- void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
- };
-
-class CX509CertExtension : public CBase
-/** A generic X.509 certificate extension.
-*
-* The creation of a generic extension is the first step in the creation of a
-* specific extension. Client code gets the decoded Object Identifier (OID) encapsulated
-* by an instance of this class and uses it to create the specific extension.
-*
-* Consists of an any-defined-by structure along with a boolean flag saying whether
-* the extension is critical or not.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
- /** Creates a new generic X.509 certificate extension object from an existing object.
- *
- * This is equivalent to a copy constructor.
- *
- * @param aExtension The generic certificate extension to be copied.
- * @return The new generic certificate extension object. */
- IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension);
-
- /** Creates a new generic X.509 certificate extension object from an existing object,
- * and puts a pointer to it onto the cleanup stack.
- *
- * This is equivalent to a copy constructor.
- *
- * @param aExtension The generic certificate extension to be copied.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * buffer containing the binary coded representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * buffer containing the binary coded representation, and puts a pointer to it
- * onto the cleanup stack .
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * buffer containing the binary coded representation, starting at the specified offset.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * buffer containing the binary coded representation, starting at the specified
- * offset, and puts a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * extension object id, the critcal flag and the extension data.
- *
- * @param aCertExtOID The OID of the certficate extension.
- * @param aCritical Flag to convey criticality of the extension.
- * @param aCertExtValue The data of the specific extension.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID,
- const TBool aCritical,
- const TDesC8& aCertExtValue);
-
- /** Creates a new generic X.509 certificate extension object from the specified
- * extension object id, the critcal flag and the extension data, and puts a
- * pointer to it onto the cleanup stack.
- *
- * @param aCertExtOID The OID of the certficate extension.
- * @param aCritical Flag to convey criticality of the extension.
- * @param aCertExtValue The data of the specific extension.
- * @return The new generic X.509 certificate extension object. */
- IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID,
- const TBool aCritical,
- const TDesC8& aCertExtValue);
-
- /** Destructor.
- *
- * Frees all resources owned by the object, prior to its destruction. */
- IMPORT_C ~CX509CertExtension();
-
- /** Tests whether certificate processing code must process this extension for certificate
- * validation to succeed.
- *
- * @return ETrue, if this extension must be processed for validation to succeed;
- * EFalse, otherwise. */
- IMPORT_C TBool Critical() const;
-
- /** Gets the Object Identifier (OID) of the certficate extension.
- *
- * @return The OID of the certficate extension. */
- IMPORT_C TPtrC Id() const; //OID for the extension
-
- /** Gets the encoded binary representation of the specific extension.
- *
- * @return A pointer descriptor representing the specific extension. */
- IMPORT_C TPtrC8 Data() const; //the extension itself
-
- /** Creates and returns a DER encoded X.509 certificate extension object in the form
- * of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called
- * repeatedly to get copies of the sequence.
- *
- * @return A pointer to a DER encoded ASN.1 sequence */
- IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const;
-
-private:
- CX509CertExtension();
- void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
- void ConstructL(const CX509CertExtension& aExtension);
- void ConstructL(const TDesC& aCertExtOID,
- const TBool aCritical,
- const TDesC8& aCertExtValue);
- HBufC* iId;
- TBool iCritical;
- HBufC8* iData;
- };
-
-class CX509Certificate : public CCertificate
-/** An X.509 certificate.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
- {
-public:
-/** Enumerates values for encoded data element positions in the TBSCertificate data structure.
-*
-* These values are to be used as parameters to the DataElementEncoding() function. */
- enum
- {
- EVersionNumber = 0, //optional - may be NULL
- ESerialNumber = 1,
- EAlgorithmId = 2,
- EIssuerName = 3,
- EValidityPeriod = 4,
- ESubjectName = 5,
- ESubjectPublicKeyInfo = 6,
- EIssuerUID = 7, //optional - may be NULL
- ESubjectUID = 8, //optional - may be NULL
- EExtensionList = 9 //optional - may be NULL
- };
-
- /** Creates a new X.509 certificate object from the specified buffer containing
- * the binary coded representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 certificate object from the specified buffer containing
- * the binary coded representation, and puts a pointer to it onto the cleanup stack.
- *
- * Initialises the object from its encoded binary form into an internal representation.
- *
- * @param aBinaryData The encoded binary representation.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData);
-
- /** Creates a new X.509 certificate object from the specified buffer containing
- * the binary coded representation, starting at the specified offset.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 certificate object from the specified buffer containing
- * the binary coded representation, starting at the specified offset, and puts
- * a pointer to it onto the cleanup stack.
- *
- * @param aBinaryData The encoded binary representation.
- * @param aPos The offset position from which to start decoding.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-
- /** Creates a new X.509 certificate object from the specified read stream.
- *
- * @param aStream Stream from which the contents should be internalised.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewL(RReadStream& aStream);
-
- /** Creates a new X.509 certificate object from the specified read stream, and
- * puts a pointer to it onto the cleanup stack.
- *
- * Construction is from the stream.
- *
- * @param aStream Stream from which the contents should be internalised.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream);
-
- /** Creates a new X.509 certificate object from an existing object.
- *
- * This is equivalent to a copy constructor.
- *
- * @param aCert The X.509 certificate to be copied.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert);
-
- /** Creates a new X.509 certificate object from an existing object.
- *
- * This is equivalent to a copy constructor.
- *
- * @param aCert The X.509 certificate to be copied.
- * @return The new X.509 certificate object. */
- IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert);
-
- /** Destructor.
- *
- * Frees all resources owned by the object, prior to its destruction. */
- IMPORT_C ~CX509Certificate();
-
- /** Tests whether the specified X.509 certificate is equal to this X.509 certificate.
- *
- * X.509 certificates are equal if both the serial number and the issuer name
- * are the same.
- *
- * @param aCert The X.509 certificate to be compared.
- * @return ETrue, if the certificates are equal;EFalse, otherwise. */
- IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const;
-
- //extra accessors
- /** Gets the certificate's signed data.
- *
- * @return A non-modifiable pointer descriptor representing the certificate's
- * signed data. */
- IMPORT_C const TPtrC8 SignedDataL() const;
-
- /** Gets the version number of the certificate.
- *
- * @return The version number of the certificate. */
- IMPORT_C TInt Version() const;
-
- /** Gets the X.500 Distinguished Name that identifies the issuer.
- *
- * @return The X.500 Distinguished Name that identifies the issuer. */
- IMPORT_C const CX500DistinguishedName& IssuerName() const;
-
- /** Gets the X.500 Distinguished Name that identifies the subject.
- *
- * @return The X.500 Distinguished Name that identifies the subject. */
- IMPORT_C const CX500DistinguishedName& SubjectName() const;
-
- //return all your generic extensions
- /** Gets all generic certificate extensions.
- *
- * @return The certificate extensions. */
- IMPORT_C const CArrayPtrFlat<CX509CertExtension>& Extensions() const;
-
- //return a particular extension: this is NOT OWNED by the client
- //returns NULL if the ext is not found
- /** Gets the certificate extension identified by the specified object identifier (OID).
- *
- * @param aExtensionName The OID identifying the extension.
- * @return The certificate extension: Note that ownership is not transferred to
- * the caller. */
- IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const;
-
- /** Internalises an object of this class from a read stream.
- *
- * The presence of this function means that the standard templated operator>>()
- * can be used to internalise objects of this class.
- *
- * Note that the function has assignment semantics. It replaces the old value
- * of the object with a new value read from the read stream.
- *
- * @param aStream Stream from which the object is to be internalised. */
- IMPORT_C void InternalizeL(RReadStream& aStream);
-
- //return the encoding for a data element at the index specified
- /** Gets the encoded data for the specified encoded data element (in the To Be
- * Signed (TBS) certificate data structure) of the signed object.
- *
- * @param aIndex The encoded data element position in the TBSCertificate data
- * structure. (See the CX509Certificate enumeration.)
- * @return The encoded data for the specified data element of the signed object.
- * @since v7.0 */
- IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
-
-public: // from CCertificate
- /** Gets the issuer of the certificate.
- *
- * @return A heap descriptor representing the issuer of the certificate. */
- IMPORT_C HBufC* IssuerL() const;
-
- /** Gets the subject of the certificate.
- *
- * @return A heap descriptor representing the issuer of the certificate. */
- IMPORT_C HBufC* SubjectL() const;
-
- /** Tests whether the certificate is self-signed.
- *
- * @return ETrue, if it is self-signed; EFalse, otherwise. */
- IMPORT_C TBool IsSelfSignedL() const;
-
- /** Gets a key identifier for the certificate. This is a unique identifier, calculated according
- * to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this
- * method does NOT return the value of the Subject Key Id extension, if it is present.
- *
- * @return A unique key identifier for the certificate. */
- IMPORT_C TKeyIdentifier KeyIdentifierL() const;
-
- /** Gets the subject key identifier for the certificate. This identifier is extracted from the
- * certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from
- * section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids
- * extracted from the certificate there is a length limit - if the extension is longer than 160 bits,
- * it is ignored and the value is calculated instead.
- *
- * @return The subject key identifier for the certificate. */
- IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const;
-
-private:
- CX509Certificate();
- void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
- void ConstructL(const CX509Certificate& aCertificate);
- void ConstructCertL();
- void InitDataElementsL(const CX509Certificate& aCertificate);
- HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
- void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
- //private data
- TInt iVersion;
- CX500DistinguishedName* iIssuerName;
- CX500DistinguishedName* iSubjectName;
- HBufC8* iIssuerUid;
- HBufC8* iSubjectUid;
- CArrayPtrFlat<CX509CertExtension>* iExtensions;
- TFixedArray<TPtrC8*, KX509MaxDataElements>* iDataElements;
- };
-
-#endif
+/*
+* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* X509 certificate implementation
+*
+*/
+
+
+/**
+ @file
+ @publishedAll
+ @released
+*/
+
+#ifndef __X509CERT_H__
+#define __X509CERT_H__
+
+#include <e32base.h>
+#include <e32std.h>
+#include <s32std.h>
+#include <signed.h>
+#include <x500dn.h>
+#include <asn1enc.h>
+
+_LIT(KMD2WithRSA,"1.2.840.113549.1.1.2");
+_LIT(KMD5WithRSA,"1.2.840.113549.1.1.4");
+_LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5");
+_LIT(KDSAWithSHA1,"1.2.840.10040.4.3");
+
+_LIT(KRSA,"1.2.840.113549.1.1.1");
+_LIT(KDH,"1.2.840.10046.2.1");
+_LIT(KDSA,"1.2.840.10040.4.1");
+_LIT(KMD5,"1.2.840.113549.2.5");
+_LIT(KMD2,"1.2.840.113549.2.2");
+_LIT(KSHA1,"1.3.14.3.2.26");
+
+/** The maximum number of allowed data elements.
+*
+* @since v7.0 */
+const TInt KX509MaxDataElements = 10;
+
+class CRSAPublicKey;
+class CDSAPublicKey;
+class CDSASignature;
+class CDSAParameters;
+
+class CPKCS1SignatureResult : public CRSASignatureResult
+/** The signature result in PKCS#1 format.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new algorithm ID object copied from an existing object.
+ *
+ * @param aDigestAlgorithm The algorithm ID object to be copied.
+ * @param aDigest A non-modifiable descriptor representing the digest algorithm.
+ * @return A pointer to the new algorithm ID object. */
+ IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
+
+ /** Creates a new algorithm ID object copied from an existing
+ * object, and puts a pointer to the new object onto the cleanup stack.
+ *
+ * @param aDigestAlgorithm The algorithm ID object to be copied.
+ * @param aDigest A non-modifiable descriptor representing the digest algorithm.
+ * @return A pointer to the new algorithm ID object. */
+ IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
+
+ /** Tests whether the signature result is valid.
+ *
+ * @param aResult The signature result to be verified.
+ * @return ETrue, if the signature result is verified; EFalse, otherwise. */
+ IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);
+private:
+ void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest);
+ TBool DoVerifyL(const TDesC8& aResult);
+ };
+
+class TX509KeyFactory : public TKeyFactory
+/** Constructs the public key objects used for signature verification, from their
+* encoded binary form, for X.509 certificates.
+*
+* @since v6.0 */
+ {
+public:
+ /** Gets the RSA public key from the encoding key.
+ *
+ * @param aEncoding A non-modifiable descriptor representing the entire encoding.
+ * @return The RSA Public key. */
+ IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const;
+
+ /** Gets the RSA signature result.
+ *
+ * @param aDigestAlgorithm The digest algorithm ID.
+ * @param aDigest A non-modifiable descriptor representing the digest algorithm.
+ * @return The RSA signature result. */
+ IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const;
+
+ /** Gets the DSA public key from the encoding key.
+ *
+ * @param aParamsEncoding A non-modifiable descriptor representing
+ * the encoded binary representation of the DSA parameters
+ * @param aEncoding A non-modifiable descriptor representing the entire encoding.
+ * @return The DSA public key.
+ * @since v8.0 */
+ IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const;
+
+ /** Gets the digital DSA signature from the encoding key.
+ *
+ * @param aEncoding A non-modifiable descriptor representing the entire encoding.
+ * @return The DSA signature. */
+ IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const;
+
+ /** Gets the DSA parameters from the encoding key.
+ *
+ * @param aEncoding A non-modifiable descriptor representing the entire encoding.
+ * @return The DSA parameters. */
+ IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const;
+
+ /** Gets the DSA public key from the encoding key.
+ *
+ * @param aParams The DSA parameters
+ * @param aEncoding A non-modifiable descriptor representing the entire encoding.
+ * @return The DSA public key. */
+ IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const;
+ };
+
+class CX509ValidityPeriod : public CValidityPeriod
+/** The period for which an X.509 certificate is valid.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new X.509 validity period object from the specified buffer containing
+ * the binary coded representation.
+ *
+ * Initialises the object from its encoded binary form into an internal representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new validity period object. */
+ IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 validity period object from the specified buffer containing
+ * the binary coded representation, and puts a pointer to it onto the cleanup stack.
+ *
+ * Initialises the object from its encoded binary form into an internal representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new validity period object. */
+ IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 validity period object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset.
+ *
+ * Initialises the object from its encoded binary form into an internal representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new validity period object. */
+ IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 validity period object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset, and puts
+ * a pointer to it onto the cleanup stack.
+ *
+ * Initialises the object from its encoded binary form into an internal representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new validity period object. */
+ IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+private:
+ CX509ValidityPeriod();
+ void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+ };
+
+class CX509AlgorithmIdentifier : public CAlgorithmIdentifier
+/** Algorithm identifier for an X.509 certificate.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new X.509 algorithm identifier object from the specified buffer containing
+ * the binary coded representation.
+ *
+ * The function initialises the object from its encoded binary form into an internal
+ * representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new algorithm identifier object. */
+ IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 algorithm identifier object from the specified buffer containing
+ * the binary coded representation, and puts a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new algorithm identifier object. */
+ IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 algorithm identifier object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new algorithm identifier object. */
+ IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 algorithm identifier object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset, and puts
+ * a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new algorithm identifier object. */
+ IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+
+ /**
+ Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter.
+ @param aAlgorithmId The algorithm Id used to build the object.
+ @param aEncodedParams The encoded parameter for the algorithm ID.
+ @return The fully constructed object.
+ */
+ IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
+
+ /**
+ Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter
+ and leaves the object on the cleanup stack.
+ @param aAlgorithmId The algorithm Id used to build the object.
+ @param aEncodedParams The encoded parameter for the algorithm ID.
+ @return The fully constructed object.
+ */
+ IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams);
+
+ /**
+ Creates the ASN1 DER sequence of the X509 algorithm identifier object
+ and leaves it on the cleanup stack.
+ @return ASN1 DER sequence of this object.
+ */
+ IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
+
+private:
+ CX509AlgorithmIdentifier();
+ CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId);
+ void InitializeL(const TDesC8& aBinaryData, TInt& aPos);
+ };
+
+class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier
+/** Encapsulates the IDs of the algorithms used for signing an X.509 certificate.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
+ * the binary coded representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
+ * the binary coded representation, and puts a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 signing algorithm Id object from the specified buffer containing
+ * the binary coded representation,starting at the specified offset, and puts
+ * a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+ /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
+ *
+ * @param aAsymmetricAlgorithm The asymmetric algorithm
+ * @param aDigestAlgorithm The digest algorithm
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
+ /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair
+ *
+ * @param aAsymmetricAlgorithm The asymmetric algorithm
+ * @param aDigestAlgorithm The digest algorithm
+ * @return The new signing algorithm Id object. */
+ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
+private:
+ CX509SigningAlgorithmIdentifier();
+ void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+ void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);
+ };
+
+class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo
+/** X.509 subject public key information.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new X.509 subject public key object from the specified buffer containing
+ * the binary coded representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new subject public key object. */
+ IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 subject public key object from the specified buffer containing
+ * the binary coded representation, and puts a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new subject public key object. */
+ IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 subject public key object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The subject public key object. */
+ IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 subject public key object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset, and puts
+ * a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new subject public key object. */
+ IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+private:
+ CX509SubjectPublicKeyInfo();
+ void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+ };
+
+class CX509CertExtension : public CBase
+/** A generic X.509 certificate extension.
+*
+* The creation of a generic extension is the first step in the creation of a
+* specific extension. Client code gets the decoded Object Identifier (OID) encapsulated
+* by an instance of this class and uses it to create the specific extension.
+*
+* Consists of an any-defined-by structure along with a boolean flag saying whether
+* the extension is critical or not.
+*
+* @since v6.0 */
+ {
+public:
+ /** Creates a new generic X.509 certificate extension object from an existing object.
+ *
+ * This is equivalent to a copy constructor.
+ *
+ * @param aExtension The generic certificate extension to be copied.
+ * @return The new generic certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension);
+
+ /** Creates a new generic X.509 certificate extension object from an existing object,
+ * and puts a pointer to it onto the cleanup stack.
+ *
+ * This is equivalent to a copy constructor.
+ *
+ * @param aExtension The generic certificate extension to be copied.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * buffer containing the binary coded representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * buffer containing the binary coded representation, and puts a pointer to it
+ * onto the cleanup stack .
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * buffer containing the binary coded representation, starting at the specified offset.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * buffer containing the binary coded representation, starting at the specified
+ * offset, and puts a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * extension object id, the critcal flag and the extension data.
+ *
+ * @param aCertExtOID The OID of the certficate extension.
+ * @param aCritical Flag to convey criticality of the extension.
+ * @param aCertExtValue The data of the specific extension.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID,
+ const TBool aCritical,
+ const TDesC8& aCertExtValue);
+
+ /** Creates a new generic X.509 certificate extension object from the specified
+ * extension object id, the critcal flag and the extension data, and puts a
+ * pointer to it onto the cleanup stack.
+ *
+ * @param aCertExtOID The OID of the certficate extension.
+ * @param aCritical Flag to convey criticality of the extension.
+ * @param aCertExtValue The data of the specific extension.
+ * @return The new generic X.509 certificate extension object. */
+ IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID,
+ const TBool aCritical,
+ const TDesC8& aCertExtValue);
+
+ /** Destructor.
+ *
+ * Frees all resources owned by the object, prior to its destruction. */
+ IMPORT_C ~CX509CertExtension();
+
+ /** Tests whether certificate processing code must process this extension for certificate
+ * validation to succeed.
+ *
+ * @return ETrue, if this extension must be processed for validation to succeed;
+ * EFalse, otherwise. */
+ IMPORT_C TBool Critical() const;
+
+ /** Gets the Object Identifier (OID) of the certficate extension.
+ *
+ * @return The OID of the certficate extension. */
+ IMPORT_C TPtrC Id() const; //OID for the extension
+
+ /** Gets the encoded binary representation of the specific extension.
+ *
+ * @return A pointer descriptor representing the specific extension. */
+ IMPORT_C TPtrC8 Data() const; //the extension itself
+
+ /** Creates and returns a DER encoded X.509 certificate extension object in the form
+ * of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called
+ * repeatedly to get copies of the sequence.
+ *
+ * @return A pointer to a DER encoded ASN.1 sequence */
+ IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const;
+
+private:
+ CX509CertExtension();
+ void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+ void ConstructL(const CX509CertExtension& aExtension);
+ void ConstructL(const TDesC& aCertExtOID,
+ const TBool aCritical,
+ const TDesC8& aCertExtValue);
+ HBufC* iId;
+ TBool iCritical;
+ HBufC8* iData;
+ };
+
+class CX509Certificate : public CCertificate
+/** An X.509 certificate.
+*
+* @since v6.0 */
+ {
+public:
+/** Enumerates values for encoded data element positions in the TBSCertificate data structure.
+*
+* These values are to be used as parameters to the DataElementEncoding() function. */
+ enum
+ {
+ EVersionNumber = 0, //optional - may be NULL
+ ESerialNumber = 1,
+ EAlgorithmId = 2,
+ EIssuerName = 3,
+ EValidityPeriod = 4,
+ ESubjectName = 5,
+ ESubjectPublicKeyInfo = 6,
+ EIssuerUID = 7, //optional - may be NULL
+ ESubjectUID = 8, //optional - may be NULL
+ EExtensionList = 9 //optional - may be NULL
+ };
+
+ /** Creates a new X.509 certificate object from the specified buffer containing
+ * the binary coded representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 certificate object from the specified buffer containing
+ * the binary coded representation, and puts a pointer to it onto the cleanup stack.
+ *
+ * Initialises the object from its encoded binary form into an internal representation.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData);
+
+ /** Creates a new X.509 certificate object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 certificate object from the specified buffer containing
+ * the binary coded representation, starting at the specified offset, and puts
+ * a pointer to it onto the cleanup stack.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @param aPos The offset position from which to start decoding.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+
+ /** Creates a new X.509 certificate object from the specified read stream.
+ *
+ * @param aStream Stream from which the contents should be internalised.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewL(RReadStream& aStream);
+
+ /** Creates a new X.509 certificate object from the specified read stream, and
+ * puts a pointer to it onto the cleanup stack.
+ *
+ * Construction is from the stream.
+ *
+ * @param aStream Stream from which the contents should be internalised.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream);
+
+ /** Creates a new X.509 certificate object from an existing object.
+ *
+ * This is equivalent to a copy constructor.
+ *
+ * @param aCert The X.509 certificate to be copied.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert);
+
+ /** Creates a new X.509 certificate object from an existing object.
+ *
+ * This is equivalent to a copy constructor.
+ *
+ * @param aCert The X.509 certificate to be copied.
+ * @return The new X.509 certificate object. */
+ IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert);
+
+ /** Destructor.
+ *
+ * Frees all resources owned by the object, prior to its destruction. */
+ IMPORT_C ~CX509Certificate();
+
+ /** Tests whether the specified X.509 certificate is equal to this X.509 certificate.
+ *
+ * X.509 certificates are equal if both the serial number and the issuer name
+ * are the same.
+ *
+ * @param aCert The X.509 certificate to be compared.
+ * @return ETrue, if the certificates are equal;EFalse, otherwise. */
+ IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const;
+
+ //extra accessors
+ /** Gets the certificate's signed data.
+ *
+ * @return A non-modifiable pointer descriptor representing the certificate's
+ * signed data. */
+ IMPORT_C const TPtrC8 SignedDataL() const;
+
+ /** Gets the version number of the certificate.
+ *
+ * @return The version number of the certificate. */
+ IMPORT_C TInt Version() const;
+
+ /** Gets the X.500 Distinguished Name that identifies the issuer.
+ *
+ * @return The X.500 Distinguished Name that identifies the issuer. */
+ IMPORT_C const CX500DistinguishedName& IssuerName() const;
+
+ /** Gets the X.500 Distinguished Name that identifies the subject.
+ *
+ * @return The X.500 Distinguished Name that identifies the subject. */
+ IMPORT_C const CX500DistinguishedName& SubjectName() const;
+
+ //return all your generic extensions
+ /** Gets all generic certificate extensions.
+ *
+ * @return The certificate extensions. */
+ IMPORT_C const CArrayPtrFlat<CX509CertExtension>& Extensions() const;
+
+ //return a particular extension: this is NOT OWNED by the client
+ //returns NULL if the ext is not found
+ /** Gets the certificate extension identified by the specified object identifier (OID).
+ *
+ * @param aExtensionName The OID identifying the extension.
+ * @return The certificate extension: Note that ownership is not transferred to
+ * the caller. */
+ IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const;
+
+ /** Internalises an object of this class from a read stream.
+ *
+ * The presence of this function means that the standard templated operator>>()
+ * can be used to internalise objects of this class.
+ *
+ * Note that the function has assignment semantics. It replaces the old value
+ * of the object with a new value read from the read stream.
+ *
+ * @param aStream Stream from which the object is to be internalised. */
+ IMPORT_C void InternalizeL(RReadStream& aStream);
+
+ //return the encoding for a data element at the index specified
+ /** Gets the encoded data for the specified encoded data element (in the To Be
+ * Signed (TBS) certificate data structure) of the signed object.
+ *
+ * @param aIndex The encoded data element position in the TBSCertificate data
+ * structure. (See the CX509Certificate enumeration.)
+ * @return The encoded data for the specified data element of the signed object.
+ * @since v7.0 */
+ IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
+
+public: // from CCertificate
+ /** Gets the issuer of the certificate.
+ *
+ * @return A heap descriptor representing the issuer of the certificate. */
+ IMPORT_C HBufC* IssuerL() const;
+
+ /** Gets the subject of the certificate.
+ *
+ * @return A heap descriptor representing the issuer of the certificate. */
+ IMPORT_C HBufC* SubjectL() const;
+
+ /** Tests whether the certificate is self-signed.
+ *
+ * @return ETrue, if it is self-signed; EFalse, otherwise. */
+ IMPORT_C TBool IsSelfSignedL() const;
+
+ /** Gets a key identifier for the certificate. This is a unique identifier, calculated according
+ * to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this
+ * method does NOT return the value of the Subject Key Id extension, if it is present.
+ *
+ * @return A unique key identifier for the certificate. */
+ IMPORT_C TKeyIdentifier KeyIdentifierL() const;
+
+ /** Gets the subject key identifier for the certificate. This identifier is extracted from the
+ * certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from
+ * section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids
+ * extracted from the certificate there is a length limit - if the extension is longer than 160 bits,
+ * it is ignored and the value is calculated instead.
+ *
+ * @return The subject key identifier for the certificate. */
+ IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const;
+
+private:
+ CX509Certificate();
+ void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+ void ConstructL(const CX509Certificate& aCertificate);
+ void ConstructCertL();
+ void InitDataElementsL(const CX509Certificate& aCertificate);
+ HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
+ void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready);
+ //private data
+ TInt iVersion;
+ CX500DistinguishedName* iIssuerName;
+ CX500DistinguishedName* iSubjectName;
+ HBufC8* iIssuerUid;
+ HBufC8* iSubjectUid;
+ CArrayPtrFlat<CX509CertExtension>* iExtensions;
+ TFixedArray<TPtrC8*, KX509MaxDataElements>* iDataElements;
+ };
+
+#endif