/*
* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


/**
 @file 
 @internalTechnology
*/
 
#ifndef __PKIXCERTS_H__
#define __PKIXCERTS_H__

//pkixroots.h
#include <e32std.h>
#include <x509cert.h>
#include <x509certext.h>
#include <mcertstore.h>

/**
 * Base class for classes that help retrieving certificates from stores
 */
class MPKIXCertSource
	{
public:
	//copies cert into aCandidates, passes ownership of cert to calling code...
	virtual void CandidatesL(const CX509Certificate& aSubject, 
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus) = 0;
	virtual void CancelCandidates() = 0;
	virtual void Release() = 0;

protected:
	virtual ~MPKIXCertSource();
	
protected:
	/**
	 * This function compares the issuer altname in aSubjectCert with the 
	 * subject altname in aIssuerCert
	 * @param aSubjectCert We will compare the issuer altname of this certificate.
	 * @param aIssuerCert We will compare the subject altname of this certificate.
	 * @return 
	 * <UL>
	 * <LI>ETrue if the issuer altname in aSubjectCert matches the subject altname in
	 * aIssuerCert</LI>
	 * <LI>EFalse otherwise</LI>
	 * </UL>
	 */
	TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const;
	};

/**
 * This class is used to retrieve the certificates from a store
 * It doesn't work with client base trust.
 */
class CPKIXCertsFromStore : public CActive, public MPKIXCertSource
	{
public:
	/**
	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
	 * Initialize must be called after this function
	 * @param aStore Reference to the cert store. The store is created with the default 
	 * filter intialized to retrieve certificate of CA type and of X509 format.
	 * @return Initialized instance of this class.
	 */
	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore);
	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore);
	
	/**
	 * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler
	 * Initialize must be called after this function
	 * @param aStore Reference to the cert store. The store is created with the default 
	 * filter intialized to retrieve certificate of CA type and of X509 format.
	 * @param aClient The UID for which the certificates are to be retrieved from the
	 * cert store, This UID is also passed to the filter for retrieving the certificates 
	 * specific to this client UID.
	 * @return Initialized instance of this class.
	 */
	
	static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient);
	static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient);
	/**
	 * This function does the actual listing of certificates based on the filter created.
	 * It must be called after construction.
	 * @param aStatus Standard parameter for asynchronous calling convention. 
	 */
	void Initialize(TRequestStatus& aStatus);
	/**
	 * This function returns a list of CA certificates that authenticate the
	 * aSubject certificate.
	 * @param aCandidates On return, this array contains the list of CA certificates
	 * that can possibly be used to authenticate aSubject. The array owns the elements
	 * and must take care of deleting them.
	 */
	virtual void CandidatesL(const CX509Certificate& aSubject, 
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
	virtual void CancelCandidates();
	virtual void Release();
	virtual ~CPKIXCertsFromStore();

private:
	CPKIXCertsFromStore(MCertStore& aCertStore);
	CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient);
	void ConstructL();
	void ConstructL(TUid aClient);

public:
	void RunL();
	TInt RunError(TInt aError);
	void DoCancel();

private:
	void HandleEGetCertificateL();
	void HandleEAddCandidateL();
	void HandleECheckTrusted();
	
	TBool IsDuplicateL(const CX509Certificate& aCertificate);

private:
	enum TState
	{
		EIdle = 0,
		EInitialize,
		ECheckTrusted,
		EGetCertificate,
		EAddCandidate,
		EEnd
	};

private:
	/**
	 * The state used to know what must be done when executing
	 * RunL().
	 */
	TState iState;

	/**
	 * The TRequestStatus that must be updated when the operation
	 * requested by a user of this class has been 
	 * completed
	 */
	TRequestStatus *iOriginalRequestStatus;

	TUid iClient;

	CCertAttributeFilter *iFilter;

	/**
	 * iRootName is used for CandidateL
	 */
	const CX500DistinguishedName* iRootName;

	/**
	 * We don't own this
	 */
	const CX509Certificate* iSubject;

	/**
	 * We don't own this
	 */
	RPointerArray<CX509Certificate>* iCandidates;

	/**
	 * iCertData is used for CandidateL
	 */
	HBufC8* iCertData;

	TPtr8* iCertPtr;

	/**
	 * iEntriesIndex is used for CandidateL
	 */
	TInt iEntriesIndex;
	
	/**
	 * Applies to certificate at iEntriesIndex - reflects trust setting
	 */
	TBool iIsTrusted;

	/**
	 * Used when listing certificates (filtered but not on trust).
	 */
	RMPointerArray<CCTCertInfo> iCertInfos;

	MCertStore& iCertStore;
	};

class CPKIXCertsFromClient : public MPKIXCertSource
	{
public:
	static CPKIXCertsFromClient* NewL(const RPointerArray<CX509Certificate>& aCerts);
	static CPKIXCertsFromClient* NewLC(const RPointerArray<CX509Certificate>& aCerts);
	virtual void CandidatesL(const CX509Certificate& aSubject,
		RPointerArray<CX509Certificate>& aCandidates, TRequestStatus& aStatus);
	virtual void CancelCandidates();
	virtual void Release();
	virtual ~CPKIXCertsFromClient();

private:
	CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts);

private:
	const RPointerArray<CX509Certificate>& iCerts;
	};

#endif