Mercurial Mercurial > oss > FCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcertstate.h
author Pat Downey <patd@symbian.org>
Wed, 01 Sep 2010 12:40:57 +0100
branchRCL_3
changeset 96 a71299154b21
parent 8 35751d3474b7
permissions -rw-r--r--
Revert incorrect RCL_3 drop: Revision: 201035 Kit: 201035

/*
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
* CPKIXValidationState class implementation
*
*/


/**
 @file 
 @internalTechnology
*/
 
#if !defined (__PKIXCERTSTATE_H__)
#define __PKIXCERTSTATE_H__

#include <e32std.h>
#include <x509cert.h>
#include <x509certchain.h>
#include <x509certext.h>
#include <x509gn.h>

/*this class has no brains at all. all it does it act as a container for
state information needed when processing a certificate chain according to 
the PKIX algorithm. it gets passed around among the classes which use it. 
the classes which use it are all friends 'cos that seems neater than making 
all its data public or including 500 accessors*/

class CPKIXCertChainAO;

class CPKIXValidationState : public CBase
	{
	friend class CPKIXCertChainAO;
	friend class TPKIXPolicyConstraint;
	friend class TPKIXNameConstraint;
	friend class TPKIXBasicConstraint;
	friend class TPKIXKeyUsageConstraint;
public:
	static CPKIXValidationState* NewL(	const TTime aValidationTime, TInt aChainLength,
										const CArrayPtr<HBufC>* aInitialPolicies);
	static CPKIXValidationState* NewLC(	const TTime aValidationTime, TInt aChainLength,
										const CArrayPtr<HBufC>* aInitialPolicies);
	~CPKIXValidationState();
private:
	CPKIXValidationState(	const TTime aValidationTime, TInt aChainLength,
							const CArrayPtr<HBufC>* aInitialPolicies);
	void ConstructL();
private:
	const TTime iValidationTime;
	TInt iPolicyMapping;
	TInt iPolicyRequired;
	TInt iMaxPathLength;
	TInt iPos;

//	TBool iAnyUserPolicy;
	TBool iAnyAuthorityPolicy;
	
	const CArrayPtr<HBufC>* iUserConstrainedPolicies;
	CArrayPtrFlat<CX509CertPolicyInfo>* iAuthorityConstrainedPolicies;
	
	CArrayPtrFlat<HBufC>* iUserPolicies;	
	CArrayPtrFlat<CX509PolicyMapping>* iMappedPolicies;
	CArrayPtrFlat<CX500DistinguishedName>* iExcludedDNSubtrees;
	CArrayPtrFlat<CX500DistinguishedName>* iPermittedDNSubtrees;
	//these are all just to deal with name constraints on alt names
	//can you believe it?
	CArrayPtrFlat<CX509DomainName>* iExcludedRFC822Subtrees;
	CArrayPtrFlat<CX509DomainName>* iPermittedRFC822Subtrees;
	CArrayPtrFlat<CX509DomainName>* iExcludedDNSNameSubtrees;
	CArrayPtrFlat<CX509DomainName>* iPermittedDNSNameSubtrees;
	CArrayPtrFlat<CX509IPSubnetMask>* iExcludedIPAddressSubtrees;
	CArrayPtrFlat<CX509IPSubnetMask>* iPermittedIPAddressSubtrees;
	CArrayPtrFlat<CX509CertExtension>* iCriticalExts;
	};

#endif
FCL/sf/os/security