/** Copyright (c) 1998-2010 Nokia Corporation and/or its subsidiary(-ies).* All rights reserved.* This component and the accompanying materials are made available* under the terms of the License "Eclipse Public License v1.0"* which accompanies this distribution, and is available* at the URL "http://www.eclipse.org/legal/epl-v10.html".** Initial Contributors:* Nokia Corporation - initial contribution.** Contributors:** Description: * X509 certificate implementation**//** @file @publishedAll @released*/#ifndef __X509CERT_H__#define __X509CERT_H__#include <e32base.h>#include <e32std.h>#include <s32std.h>#include <signed.h>#include <x500dn.h>#include <asn1enc.h>/* These OIDs have been defined for PKCS#1 with the * superior reference to OID 1.2.840.113549.1.1 * {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ // RSA (PKCS #1 v1.5) key transport algorithm_LIT(KRSA,"1.2.840.113549.1.1.1");// MD2 with RSA Encryption_LIT(KMD2WithRSA,"1.2.840.113549.1.1.2");// RSA (PKCS #1 v1.5) with MD5 signature_LIT(KMD5WithRSA,"1.2.840.113549.1.1.4");// RSA (PKCS #1 v1.5) with SHA-1 signature _LIT(KSHA1WithRSA,"1.2.840.113549.1.1.5");// SHA256 with RSA Encryption_LIT(KSHA256WithRSA,"1.2.840.113549.1.1.11");// SHA384 with RSA Encryption _LIT(KSHA384WithRSA,"1.2.840.113549.1.1.12");// SHA512 with RSA Encryption _LIT(KSHA512WithRSA,"1.2.840.113549.1.1.13");// SHA224 with RSA Encryption _LIT(KSHA224WithRSA,"1.2.840.113549.1.1.14");/* * These OIDs have been defined for PKIX with the * superior reference to OID 1.2.840.10040. */// Digital Signature Algorithm (DSA), also known as the Digital Signature Standard (DSS) _LIT(KDSA,"1.2.840.10040.4.1");// ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30) _LIT(KDSAWithSHA1, "1.2.840.10040.4.3");/* * These OIDs have been defined for ANSI X9 standard with * superior reference to oid 1.2.840.10046. * {iso(1) member-body(2) us(840) ansi-x942(10046) number-types(2)} */// ANSI X9.42 Ephemeral-Static Diffie-Hellman key agreement algorithm _LIT(KDH,"1.2.840.10046.2.1");/* * These OIDs have been defined for digest algorithms with * superior reference to oid 1.2.840.113549.2 * {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */_LIT(KMD5,"1.2.840.113549.2.5");_LIT(KMD2,"1.2.840.113549.2.2");/* * These OIDs have been defined for hash algorithms conforming NIST algorithms * with superior reference to oid 2.16.840.1.101.3.4.2 * {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)} */_LIT(KSHA256,"2.16.840.1.101.3.4.2.1");_LIT(KSHA384,"2.16.840.1.101.3.4.2.2");_LIT(KSHA512,"2.16.840.1.101.3.4.2.3");_LIT(KSHA224,"2.16.840.1.101.3.4.2.4");/* * These OIDs are for OIW Security Special Interest Group defined algorithms * with superior reference to oid 1.3.14.3.2 * {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)} */// SHA1 with RSA signature (obsolete)_LIT(KSHA1WithRSASignature,"1.3.14.3.2.29");// Hash algorithm identifier SHA-1 (Secure Hash Algorithm, Revision 1) _LIT(KSHA1,"1.3.14.3.2.26");/** The maximum number of allowed data elements.* * @since v7.0 */const TInt KX509MaxDataElements = 10;class CRSAPublicKey;class CDSAPublicKey;class CDSASignature;class CDSAParameters;class CPKCS1SignatureResult : public CRSASignatureResult/** The signature result in PKCS#1 format.* * @since v6.0 */ {public: /** Creates a new algorithm ID object copied from an existing object. * * @param aDigestAlgorithm The algorithm ID object to be copied. * @param aDigest A non-modifiable descriptor representing the digest algorithm. * @return A pointer to the new algorithm ID object. */ IMPORT_C static CPKCS1SignatureResult* NewL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); /** Creates a new algorithm ID object copied from an existing * object, and puts a pointer to the new object onto the cleanup stack. * * @param aDigestAlgorithm The algorithm ID object to be copied. * @param aDigest A non-modifiable descriptor representing the digest algorithm. * @return A pointer to the new algorithm ID object. */ IMPORT_C static CPKCS1SignatureResult* NewLC(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); /** Tests whether the signature result is valid. * * @param aResult The signature result to be verified. * @return ETrue, if the signature result is verified; EFalse, otherwise. */ IMPORT_C virtual TBool VerifyL(const TDesC8& aResult);private: void ConstructL(const CAlgorithmIdentifier& aDigestAlgorithm, const TDesC8& aDigest); TBool DoVerifyL(const TDesC8& aResult); };class TX509KeyFactory : public TKeyFactory/** Constructs the public key objects used for signature verification, from their * encoded binary form, for X.509 certificates.* * @since v6.0 */ {public: /** Gets the RSA public key from the encoding key. * * @param aEncoding A non-modifiable descriptor representing the entire encoding. * @return The RSA Public key. */ IMPORT_C CRSAPublicKey* RSAPublicKeyL(const TDesC8& aEncoding) const; /** Gets the RSA signature result. * * @param aDigestAlgorithm The digest algorithm ID. * @param aDigest A non-modifiable descriptor representing the digest algorithm. * @return The RSA signature result. */ IMPORT_C CRSASignatureResult* RSASignatureResultL(const CAlgorithmIdentifier& aDigestAlgorithm, TDesC8& aDigest) const; /** Gets the DSA public key from the encoding key. * * @param aParamsEncoding A non-modifiable descriptor representing * the encoded binary representation of the DSA parameters * @param aEncoding A non-modifiable descriptor representing the entire encoding. * @return The DSA public key. * @since v8.0 */ IMPORT_C CDSAPublicKey* DSAPublicKeyL(const TDesC8& aParamsEncoding, const TDesC8& aEncoding) const; /** Gets the digital DSA signature from the encoding key. * * @param aEncoding A non-modifiable descriptor representing the entire encoding. * @return The DSA signature. */ IMPORT_C CDSASignature* DSASignatureL(const TDesC8& aEncoding) const; /** Gets the DSA parameters from the encoding key. * * @param aEncoding A non-modifiable descriptor representing the entire encoding. * @return The DSA parameters. */ IMPORT_C CDSAParameters* DSAParametersL(const TDesC8& aEncoding) const; /** Gets the DSA public key from the encoding key. * * @param aParams The DSA parameters * @param aEncoding A non-modifiable descriptor representing the entire encoding. * @return The DSA public key. */ IMPORT_C CDSAPublicKey* DSAPublicKeyL(const CDSAParameters& aParams, const TDesC8& aEncoding) const; };class CX509ValidityPeriod : public CValidityPeriod/** The period for which an X.509 certificate is valid.* * @since v6.0 */ {public: /** Creates a new X.509 validity period object from the specified buffer containing * the binary coded representation. * * Initialises the object from its encoded binary form into an internal representation. * * @param aBinaryData The encoded binary representation. * @return The new validity period object. */ IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData); /** Creates a new X.509 validity period object from the specified buffer containing * the binary coded representation, and puts a pointer to it onto the cleanup stack. * * Initialises the object from its encoded binary form into an internal representation. * * @param aBinaryData The encoded binary representation. * @return The new validity period object. */ IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData); /** Creates a new X.509 validity period object from the specified buffer containing * the binary coded representation, starting at the specified offset. * * Initialises the object from its encoded binary form into an internal representation. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new validity period object. */ IMPORT_C static CX509ValidityPeriod* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 validity period object from the specified buffer containing * the binary coded representation, starting at the specified offset, and puts * a pointer to it onto the cleanup stack. * * Initialises the object from its encoded binary form into an internal representation. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new validity period object. */ IMPORT_C static CX509ValidityPeriod* NewLC(const TDesC8& aBinaryData, TInt& aPos);private: CX509ValidityPeriod(); void ConstructL(const TDesC8& aBinaryData, TInt& aPos); };class CX509AlgorithmIdentifier : public CAlgorithmIdentifier/** Algorithm identifier for an X.509 certificate.** @since v6.0 */ {public: /** Creates a new X.509 algorithm identifier object from the specified buffer containing * the binary coded representation. * * The function initialises the object from its encoded binary form into an internal * representation. * * @param aBinaryData The encoded binary representation. * @return The new algorithm identifier object. */ IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData); /** Creates a new X.509 algorithm identifier object from the specified buffer containing * the binary coded representation, and puts a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @return The new algorithm identifier object. */ IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); /** Creates a new X.509 algorithm identifier object from the specified buffer containing * the binary coded representation, starting at the specified offset. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new algorithm identifier object. */ IMPORT_C static CX509AlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 algorithm identifier object from the specified buffer containing * the binary coded representation, starting at the specified offset, and puts * a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new algorithm identifier object. */ IMPORT_C static CX509AlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); /** Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter. @param aAlgorithmId The algorithm Id used to build the object. @param aEncodedParams The encoded parameter for the algorithm ID. @return The fully constructed object. */ IMPORT_C static CX509AlgorithmIdentifier* NewL(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams); /** Creates a X509 Algorithm Identifier object from the given algorithm ID and the encoded parameter and leaves the object on the cleanup stack. @param aAlgorithmId The algorithm Id used to build the object. @param aEncodedParams The encoded parameter for the algorithm ID. @return The fully constructed object. */ IMPORT_C static CX509AlgorithmIdentifier* NewLC(TAlgorithmId aAlgorithmId, const TDesC8& aEncodedParams); /** Creates the ASN1 DER sequence of the X509 algorithm identifier object and leaves it on the cleanup stack. @return ASN1 DER sequence of this object. */ IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;private: CX509AlgorithmIdentifier(); CX509AlgorithmIdentifier(TAlgorithmId& aAlgorithmId); void InitializeL(const TDesC8& aBinaryData, TInt& aPos); };class CX509SigningAlgorithmIdentifier : public CSigningAlgorithmIdentifier/** Encapsulates the IDs of the algorithms used for signing an X.509 certificate.** @since v6.0 */ {public: /** Creates a new X.509 signing algorithm Id object from the specified buffer containing * the binary coded representation. * * @param aBinaryData The encoded binary representation. * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData); /** Creates a new X.509 signing algorithm Id object from the specified buffer containing * the binary coded representation, and puts a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData); /** Creates a new X.509 signing algorithm Id object from the specified buffer containing * the binary coded representation, starting at the specified offset. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 signing algorithm Id object from the specified buffer containing * the binary coded representation,starting at the specified offset, and puts * a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair * * @param aAsymmetricAlgorithm The asymmetric algorithm * @param aDigestAlgorithm The digest algorithm * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm); /** Creates a new X.509 signing algorithm Id object from the specified algorithm pair * * @param aAsymmetricAlgorithm The asymmetric algorithm * @param aDigestAlgorithm The digest algorithm * @return The new signing algorithm Id object. */ IMPORT_C static CX509SigningAlgorithmIdentifier* NewLC(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm);private: CX509SigningAlgorithmIdentifier(); void ConstructL(const TDesC8& aBinaryData, TInt& aPos); void ConstructL(const CAlgorithmIdentifier& aAsymmetricAlgorithm, const CAlgorithmIdentifier& aDigestAlgorithm); };class CX509SubjectPublicKeyInfo : public CSubjectPublicKeyInfo/** X.509 subject public key information.* * @since v6.0 */ {public: /** Creates a new X.509 subject public key object from the specified buffer containing * the binary coded representation. * * @param aBinaryData The encoded binary representation. * @return The new subject public key object. */ IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData); /** Creates a new X.509 subject public key object from the specified buffer containing * the binary coded representation, and puts a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @return The new subject public key object. */ IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData); /** Creates a new X.509 subject public key object from the specified buffer containing * the binary coded representation, starting at the specified offset. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The subject public key object. */ IMPORT_C static CX509SubjectPublicKeyInfo* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 subject public key object from the specified buffer containing * the binary coded representation, starting at the specified offset, and puts * a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new subject public key object. */ IMPORT_C static CX509SubjectPublicKeyInfo* NewLC(const TDesC8& aBinaryData, TInt& aPos);private: CX509SubjectPublicKeyInfo(); void ConstructL(const TDesC8& aBinaryData, TInt& aPos); };class CX509CertExtension : public CBase/** A generic X.509 certificate extension.* * The creation of a generic extension is the first step in the creation of a * specific extension. Client code gets the decoded Object Identifier (OID) encapsulated * by an instance of this class and uses it to create the specific extension.* * Consists of an any-defined-by structure along with a boolean flag saying whether * the extension is critical or not.* * @since v6.0 */ {public: /** Creates a new generic X.509 certificate extension object from an existing object. * * This is equivalent to a copy constructor. * * @param aExtension The generic certificate extension to be copied. * @return The new generic certificate extension object. */ IMPORT_C static CX509CertExtension* NewL(const CX509CertExtension& aExtension); /** Creates a new generic X.509 certificate extension object from an existing object, * and puts a pointer to it onto the cleanup stack. * * This is equivalent to a copy constructor. * * @param aExtension The generic certificate extension to be copied. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewLC(const CX509CertExtension& aExtension); /** Creates a new generic X.509 certificate extension object from the specified * buffer containing the binary coded representation. * * @param aBinaryData The encoded binary representation. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData); /** Creates a new generic X.509 certificate extension object from the specified * buffer containing the binary coded representation, and puts a pointer to it * onto the cleanup stack . * * @param aBinaryData The encoded binary representation. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData); /** Creates a new generic X.509 certificate extension object from the specified * buffer containing the binary coded representation, starting at the specified offset. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new generic X.509 certificate extension object from the specified * buffer containing the binary coded representation, starting at the specified * offset, and puts a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewLC(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new generic X.509 certificate extension object from the specified * extension object id, the critcal flag and the extension data. * * @param aCertExtOID The OID of the certficate extension. * @param aCritical Flag to convey criticality of the extension. * @param aCertExtValue The data of the specific extension. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewL(const TDesC& aCertExtOID, const TBool aCritical, const TDesC8& aCertExtValue); /** Creates a new generic X.509 certificate extension object from the specified * extension object id, the critcal flag and the extension data, and puts a * pointer to it onto the cleanup stack. * * @param aCertExtOID The OID of the certficate extension. * @param aCritical Flag to convey criticality of the extension. * @param aCertExtValue The data of the specific extension. * @return The new generic X.509 certificate extension object. */ IMPORT_C static CX509CertExtension* NewLC(const TDesC& aCertExtOID, const TBool aCritical, const TDesC8& aCertExtValue); /** Destructor. * * Frees all resources owned by the object, prior to its destruction. */ IMPORT_C ~CX509CertExtension(); /** Tests whether certificate processing code must process this extension for certificate * validation to succeed. * * @return ETrue, if this extension must be processed for validation to succeed; * EFalse, otherwise. */ IMPORT_C TBool Critical() const; /** Gets the Object Identifier (OID) of the certficate extension. * * @return The OID of the certficate extension. */ IMPORT_C TPtrC Id() const; //OID for the extension /** Gets the encoded binary representation of the specific extension. * * @return A pointer descriptor representing the specific extension. */ IMPORT_C TPtrC8 Data() const; //the extension itself /** Creates and returns a DER encoded X.509 certificate extension object in the form * of a ASN.1 Sequence and puts it onto the cleanup stack. This method can be called * repeatedly to get copies of the sequence. * * @return A pointer to a DER encoded ASN.1 sequence */ IMPORT_C CASN1EncSequence * EncodeASN1DERLC() const;private: CX509CertExtension(); void ConstructL(const TDesC8& aBinaryData, TInt& aPos); void ConstructL(const CX509CertExtension& aExtension); void ConstructL(const TDesC& aCertExtOID, const TBool aCritical, const TDesC8& aCertExtValue); HBufC* iId; TBool iCritical; HBufC8* iData; };class CX509Certificate : public CCertificate/** An X.509 certificate.* * @since v6.0 */ {public:/** Enumerates values for encoded data element positions in the TBSCertificate data structure.* * These values are to be used as parameters to the DataElementEncoding() function. */ enum { EVersionNumber = 0, //optional - may be NULL ESerialNumber = 1, EAlgorithmId = 2, EIssuerName = 3, EValidityPeriod = 4, ESubjectName = 5, ESubjectPublicKeyInfo = 6, EIssuerUID = 7, //optional - may be NULL ESubjectUID = 8, //optional - may be NULL EExtensionList = 9 //optional - may be NULL }; /** Creates a new X.509 certificate object from the specified buffer containing * the binary coded representation. * * @param aBinaryData The encoded binary representation. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData); /** Creates a new X.509 certificate object from the specified buffer containing * the binary coded representation, and puts a pointer to it onto the cleanup stack. * * Initialises the object from its encoded binary form into an internal representation. * * @param aBinaryData The encoded binary representation. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData); /** Creates a new X.509 certificate object from the specified buffer containing * the binary coded representation, starting at the specified offset. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewL(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 certificate object from the specified buffer containing * the binary coded representation, starting at the specified offset, and puts * a pointer to it onto the cleanup stack. * * @param aBinaryData The encoded binary representation. * @param aPos The offset position from which to start decoding. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewLC(const TDesC8& aBinaryData, TInt& aPos); /** Creates a new X.509 certificate object from the specified read stream. * * @param aStream Stream from which the contents should be internalised. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewL(RReadStream& aStream); /** Creates a new X.509 certificate object from the specified read stream, and * puts a pointer to it onto the cleanup stack. * * Construction is from the stream. * * @param aStream Stream from which the contents should be internalised. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewLC(RReadStream& aStream); /** Creates a new X.509 certificate object from an existing object. * * This is equivalent to a copy constructor. * * @param aCert The X.509 certificate to be copied. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewL(const CX509Certificate& aCert); /** Creates a new X.509 certificate object from an existing object. * * This is equivalent to a copy constructor. * * @param aCert The X.509 certificate to be copied. * @return The new X.509 certificate object. */ IMPORT_C static CX509Certificate* NewLC(const CX509Certificate& aCert); /** Retrieves the subject key identifier of a certificate based on the decision whether * it is a CA certificate or not. If it is a CA certificate then returns the stored subject key id * as an extension in the certificate, any other certificate it returns the keyidentifier as * calculated by Symbian's proprietary logic. * @return The subject key identifier for the certificate. */ IMPORT_C TKeyIdentifier SubjectKeyIdL() const; /** Destructor. * * Frees all resources owned by the object, prior to its destruction. */ IMPORT_C ~CX509Certificate(); /** Tests whether the specified X.509 certificate is equal to this X.509 certificate. * * X.509 certificates are equal if both the serial number and the issuer name * are the same. * * @param aCert The X.509 certificate to be compared. * @return ETrue, if the certificates are equal;EFalse, otherwise. */ IMPORT_C TBool IsEqualL(const CX509Certificate& aCert) const; //extra accessors /** Gets the certificate's signed data. * * @return A non-modifiable pointer descriptor representing the certificate's * signed data. */ IMPORT_C const TPtrC8 SignedDataL() const; /** Gets the version number of the certificate. * * @return The version number of the certificate. */ IMPORT_C TInt Version() const; /** Gets the X.500 Distinguished Name that identifies the issuer. * * @return The X.500 Distinguished Name that identifies the issuer. */ IMPORT_C const CX500DistinguishedName& IssuerName() const; /** Gets the X.500 Distinguished Name that identifies the subject. * * @return The X.500 Distinguished Name that identifies the subject. */ IMPORT_C const CX500DistinguishedName& SubjectName() const; //return all your generic extensions /** Gets all generic certificate extensions. * * @return The certificate extensions. */ IMPORT_C const CArrayPtrFlat<CX509CertExtension>& Extensions() const; //return a particular extension: this is NOT OWNED by the client //returns NULL if the ext is not found /** Gets the certificate extension identified by the specified object identifier (OID). * * @param aExtensionName The OID identifying the extension. * @return The certificate extension: Note that ownership is not transferred to * the caller. */ IMPORT_C const CX509CertExtension* Extension(const TDesC& aExtensionName) const; /** Internalises an object of this class from a read stream. * * The presence of this function means that the standard templated operator>>() * can be used to internalise objects of this class. * * Note that the function has assignment semantics. It replaces the old value * of the object with a new value read from the read stream. * * @param aStream Stream from which the object is to be internalised. */ IMPORT_C void InternalizeL(RReadStream& aStream); //return the encoding for a data element at the index specified /** Gets the encoded data for the specified encoded data element (in the To Be * Signed (TBS) certificate data structure) of the signed object. * * @param aIndex The encoded data element position in the TBSCertificate data * structure. (See the CX509Certificate enumeration.) * @return The encoded data for the specified data element of the signed object. * @since v7.0 */ IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;public: // from CCertificate /** Gets the issuer of the certificate. * * @return A heap descriptor representing the issuer of the certificate. */ IMPORT_C HBufC* IssuerL() const; /** Gets the subject of the certificate. * * @return A heap descriptor representing the issuer of the certificate. */ IMPORT_C HBufC* SubjectL() const; /** Tests whether the certificate is self-signed. * * @return ETrue, if it is self-signed; EFalse, otherwise. */ IMPORT_C TBool IsSelfSignedL() const; /** Gets a key identifier for the certificate. This is a unique identifier, calculated according * to the recommended method of computing it from RFC3280, section 4.2.1.2. Please note that this * method does NOT return the value of the Subject Key Id extension, if it is present. * * @return A unique key identifier for the certificate. */ IMPORT_C TKeyIdentifier KeyIdentifierL() const; /** Gets the subject key identifier for the certificate. This identifier is extracted from the * certificate (if the corresponding extension exists), or calculated (if the extension doesn't exist). If calculated, the recommendation from * section 4.2.1.2, RFC3280 is used (hash of the public key). Please note, that for subject key ids * extracted from the certificate there is a length limit - if the extension is longer than 160 bits, * it is ignored and the value is calculated instead. * * @return The subject key identifier for the certificate. */ IMPORT_C TKeyIdentifier SubjectKeyIdentifierL() const;private: CX509Certificate(); void ConstructL(const TDesC8& aBinaryData, TInt& aPos); void ConstructL(const CX509Certificate& aCertificate); void ConstructCertL(); void InitDataElementsL(const CX509Certificate& aCertificate); HBufC8* DecodeUidL(const TDesC8& aBinaryData, TBool& aHasElementAlready); void DecodeExtsL(const TDesC8& aBinaryData, TBool& aHasElementAlready); //private data TInt iVersion; CX500DistinguishedName* iIssuerName; CX500DistinguishedName* iSubjectName; HBufC8* iIssuerUid; HBufC8* iSubjectUid; CArrayPtrFlat<CX509CertExtension>* iExtensions; TFixedArray<TPtrC8*, KX509MaxDataElements>* iDataElements; };#endif