cryptoservices/certificateandkeymgmt/inc/x509keys.h
author asimpson@symbian.org
Thu, 15 Oct 2009 17:48:29 +0100
branchRCL_1
changeset 13 e60b2dbc57a0
parent 0 2c201484c85f
child 8 35751d3474b7
permissions -rw-r--r--
Added tag PDK_2.0.0 for changeset 1d329321bec7

/*
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
* X.509 key classes and utility classes for key encoding/decoding.
*
*/




/**
 @file
 @internalTechnology 
*/

#if !defined (__X509KEYS_H__)
#define __X509KEYS_H__

#include <e32base.h>
#include <e32std.h>
#include <asymmetrickeys.h>
#include <asymmetric.h>
#include <hash.h>
#include <bigint.h>
#include <signed.h>

// Forward declarations
class CASN1EncBase;
class CASN1EncContainer;
class CASN1EncSequence;
class CASN1EncBitString;

class CX509RSAPublicKey : public CRSAPublicKey
/** Adds the capability to decode DER-encoded RSA public keys.
*
* Adds a commitment to a specific encoding scheme allowing X.509 RSA public key 
* superclasses to remain encoding-independent.
*
* @publishedAll
* @released
*
* @since v6.0 
*/
	{
public:
	/** Creates a new RSA Public key object from the specified buffer containing the 
	* encoded binary representation.
	* 
	* Initialises the object from its encoded binary form into an internal representation.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509RSAPublicKey object. */
	IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData);
	
	/** Creates a new RSA Public Key object from the specified buffer containing the
	* encoded binary representation, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509RSAPublicKey object. */
	IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData);
	
	/** Creates a new RSA Public key object from the specified buffer containing the 
	* encoded binary representation, starting at the specified offset.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509RSAPublicKey object. */
	IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new RSA Public key object from the specified buffer containing the 
	* encoded binary representation, starting at the specified offset, and puts 
	* a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509RSAPublicKey object. */
	IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData, TInt& aPos);
private:
	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
	CX509RSAPublicKey();
	};

class TASN1EncRSAPublicKey
/**
 * Class for encoding RSA public keys to ASN.1 encoding.
 * 
 * @publishedAll
 * @released
 * @since v8.0 
 */
	{
public:
	/** 
	 * Encodes the supplied public key into buffer in DER format ASN.1:
	 * @code
	 * 		SEQUENCE-OF
	 * 			INTEGER modulus
	 * 			INTEGER exponent
	 * @endcode
	 * 
	 * @param aKey	Key to encode.
	 * @return		Allocated buffer containing DER encoding of
	 *     			the supplied key aKey.
	 */
	IMPORT_C HBufC8* EncodeDERL(const CRSAPublicKey& aKey) const;
	};

class TASN1DecRSAPublicKey
/** 
 * Class for decoding RSA public keys from ASN.1 DER encoding.
 * 
 * @publishedAll
 * @released
 * @since v8.0
 */
	{
public:
	/** 
	 * Decodes an RSA key from the supplied buffer starting at the 
	 * specified position.
	 * 
	 * @param aDER	Buffer containing DER ASN.1 encoding of the key.
	 * @param aPos	Starting position in the buffer (updated on exit).
	 * @return		A pointer to the new CRSAPublicKey object.
	 */
	IMPORT_C CRSAPublicKey* DecodeDERL(const TDesC8& aDER, TInt& aPos) const;
	};

class TASN1DecRSAKeyPair
/** 
 * Class for decoding RSA key pairs from ASN.1 DER encoding.
 * 
 * @publishedAll
 * @released
 * @since v8.0
 */
	{
public:
	/**
	 * Decodes an RSA key pair from buffer containing ASN.1 
	 * DER-encoded private key. The encoding of a private key 
	 * contains public key components as well.
	 * 
	 * @param aDER			DER-encoded private key.
	 * @param aPos			Position in the buffer to start decoding 
	 *     					(updated on exit).
	 * @param aPublicKey	On return, the RSA public key object
	 * @param aPrivateKey	On return, the RSA private key object
	 * @param aKeyType		Key type, default is @c EStandardCRT
	 */
	IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, 
								CRSAPublicKey*& aPublicKey,
								CRSAPrivateKey*& aPrivateKey, 
								TRSAPrivateKeyType aKeyType = EStandardCRT);
	};

class CX509DSAPublicKey : public CDSAPublicKey
/** Encapsulates the X.509 DSA public key.
* 
* Adds a commitment to a specific encoding scheme allowing superclasses to remain 
* encoding-independent. 
* 
* @publishedAll
* @released
* @since v6.0 
*/
// DSA public key, params, signature.
	{
public:
	/** Creates a new X.509 DSA public key object.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData);

	/** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData);
	
	/** Creates a new X.509 DSA public key object.
	* 
	* @param aParams		The DSA parameters.
	* @param aBinaryData	The encoded binary representation. 
	* @return 				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData);
	
	/** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aParams		The DSA parameters.
	* @param aBinaryData	The encoded binary representation. 
	* @return 				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData);
	
	/** Creates a new X.509 DSA public key object.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The position from which to start decoding.
	* @return 				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData,TInt& aPos);
	
	/** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.	
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The position from which to start decoding.
	* @return 				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new X.509 DSA public key object.
	* 
	* @param aParams		The DSA parameters.
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The position from which to start decoding. 
	* @return 				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aParams 		The DSA parameters.
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The position from which to start decoding. 
	* @return				A pointer to the new CX509DSAPublicKey object. */
	IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos);
public:
	/** Gets the DSA parameters from the encoding key.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @return 				The DSA parameters. */
	IMPORT_C static CDSAParameters* DSAParametersL(const TDesC8& aParamsData);
protected:
	/** @internalComponent */
	void ConstructL(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos);
	/** @internalComponent */
	void ConstructL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos);
	/** @internalComponent */
	CX509DSAPublicKey();
	};
 
class TASN1DecDSAKeyPair
/** 
 * Class for decoding DSA key pairs from ASN.1 DER encoding.
 * 
 * @publishedAll
 * @released
 * @since v8.0
 */
	{
public:
	/**
	 * Decodes a DSA key pair from a buffer containing an ASN.1 
	 * DER-encoded private key. 
	 * 
	 * The encoding of the private key contains public key components as well. 
	 * 
	 * The DER encoding has the following format:
	 * @verbatim
	 *     SEQUENCE-OF
     *         INTEGER version (==0, ignored)
	 *         INTEGER p (public prime)
	 *         INTEGER q (160-bit public subprime, q | p-1)
	 *         INTEGER g (public generator of subgroup)
	 *         INTEGER x (private key)
	 *         INTEGER y (public key y=g^x)
	 * @endverbatim
	 * 
	 * @param aDER			DER-encoded private key.
	 * @param aPos			Position in the buffer to start decoding 
	 *		     			(updated on exit).
	 * @param aPublicKey	On return, the DSA public key object
	 * @param aPrivateKey	On return, the DSA private key object
	 */
	IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, 
								CDSAPublicKey*& aPublicKey, CDSAPrivateKey*& aPrivateKey);
	};

/**
 * Class for encoding DSA public keys to ASN.1 encoding.
 * 
 * @publishedAll
 * @released
 * @since v8.0
 */
class TASN1EncDSAPublicKey
	{
public:
	/** 
	 * Encodes the supplied public key into a buffer in DER format.
	 * 
	 * Note that the encoding has the following format:
	 * @code
	 *     SEQUENCE-OF
	 *         SEQUENCE-OF
	 *             INTEGER p
	 *             INTEGER q
	 *             INTEGER g
	 *         BIT STRING (encoded INTEGER public value)
	 * @endcode
	 * 
	 * @param aKey	Key to encode.
	 * @return		Sequence containing public key information.
	 */
	IMPORT_C CASN1EncSequence* EncodeDERL(const CDSAPublicKey& aKey) const;

	/**
	 * Encodes DSA parameters into an ASN.1 encoding structure suitable for 
	 * inclusion into other objects, like a PKCS#10 certificate request.
	 *
	 * Note that the encoding has the following form:
	 * @code
	 *     SEQUENCE-OF
	 *         INTEGER p
	 *         INTEGER q
	 *         INTEGER g
	 * @endcode
	 *
	 * @param aKey	DSA public key.
	 * @return		ASN.1 encoding structure on the cleanup stack.
	 */
	IMPORT_C CASN1EncSequence* EncodeParamsLC(const CDSAPublicKey& aKey) const;

	/** 
	 * Encodes a public key as a bit string.
	 *
	 * @param aKey 	DSA public key.
	 * @return	ASN.1 bit string (public key). This is left on the cleanup stack.
	 */

	IMPORT_C CASN1EncBitString* EncodePublicValueLC(const CDSAPublicKey& aKey) const;
	};

class CX509DSASignature : public CDSASignature
/** Encapsulates the X.509 DSA signature.
* 
* Adds a commitment to a specific encoding scheme allowing superclasses to remain 
* encoding-independent. 
* 
* @publishedAll
* @released
* @since v6.0 */
	{
public:
	/** Creates a new DSA Signature object from the specified buffer containing the 
	* encoded binary representation.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DSASignature object. */
	IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData);
	
	/** Creates a new DSA Signature object from the specified buffer containing the 
	* encoded binary representation, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DSASignature object. */
	IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData);
	
	/** Creates a new DSA Signature object from the specified buffer containing the 
	* encoded binary representation, starting at the specified offset.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DSASignature object. */
	IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new DSA Signature object from the specified buffer containing the 
	* encoded binary representation, starting at the specified offset, and puts 
	* a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DSASignature object. */
	IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData, TInt& aPos);
private:
	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
	CX509DSASignature();
	};

class CX509DHPublicKey : public CDHPublicKey
/** Provides clients with the information they need for Diffie-Hellman key exchange 
* within a protocol. 
* 
* @publishedAll
* @released
* @since v6.0 */
	{
public:
	/** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded 
	* binary representation.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @param aKeyData 		
	* @return 				A pointer to the new CX509DHPublicKey object.*/
	IMPORT_C static CX509DHPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aKeyData);

	/** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded 
	* binary representation, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @param aKeyData 		
	* @return 				A pointer to the new CX509DHPublicKey object.*/
	IMPORT_C static CX509DHPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aKeyData);
public:
	/** Destructor.
	* 
	* Frees all resources owned by the object, prior to its destruction. */
	IMPORT_C virtual ~CX509DHPublicKey();
protected:
	/** @internalComponent */
	CX509DHPublicKey();
	/** @internalComponent */
	void ConstructL(const TDesC8& aParamsData, const TDesC8& aKeyData);
	};

class CX509DHKeyPair : public CDHKeyPair
/** This class represents the Diffie-Hellman Key Pair.
*
* @publishedAll
* @released
* @since v8.0 */
{
public:
	/** Creates a new DH key pair object from the specified buffer containing 
	* the encoded binary representation .
	*  
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @return				A pointer to the new CX509DHKeyPair object.
	*/
	IMPORT_C static CX509DHKeyPair* NewL(const TDesC8& aParamsData);

	/** Creates a new DH Key Pair object from the specified buffer containing the encoded binary  
	* representation, and puts a pointer to it onto the cleanup stack.
	*
	* @param aParamsData	A non-modifiable descriptor representing the entire encoding.
	* @return				A pointer to the new CX509DHKeyPair object.
	*/
	IMPORT_C static CX509DHKeyPair* NewLC(const TDesC8& aParamsData);
public:

	/** Virtual Destructor.
	* Frees all resources owned by the object, prior to its destruction. 
	*
	*/
	IMPORT_C virtual ~CX509DHKeyPair();
protected:
	/** @internalComponent */
	CX509DHKeyPair();
	/** @internalComponent */
	void ConstructL(const TDesC8& aParamsData);
};

class CX509DHValidationParams : public CBase
/** Validates Diffie-Hellman (DH) Domain parameters.
* 
* Provides access to the DH Validation Parameters, which are used to determine 
* if the DH Public Key has been generated in conformance with the algorithm 
* specified in ESDH (see RFC 2631). 
* 
* @publishedAll
* @released
* @since v6.0 */
	{
public:
	/** Creates a new DH Validation parameters object from the specified buffer containing 
	* the encoded binary representation.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DHValidationParams object. */
	IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData);
	
	/** Creates a new DH Validation parameters object from the specified buffer containing 
	* the encoded binary representation, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DHValidationParams object. */
	IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData);
	
	/** Creates a new DH Validation parameters object from the specified buffer containing 
	* the encoded binary representation, starting at the specified offset.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DHValidationParams object. */
	IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new DH Validation parameters object from the specified buffer containing 
	* the encoded binary representation, starting at the specified offset, and puts 
	* a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DHValidationParams object. */
	IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Gets a DSA prime generation seed.
	* 
	* @return	The bit string parameter used as the seed. */
	IMPORT_C const TPtrC8 Seed() const;
	
	/** Gets the output from a DSA prime generation counter.
	* 
	* @return	The integer value output. */
	IMPORT_C const TInteger& PGenCounter() const;
	
	/** Destructor.
	* 
	* Frees all resources owned by the object, prior to its destruction. */
	virtual ~CX509DHValidationParams();
protected:
	/** @internalComponent */
	CX509DHValidationParams();
	/** @internalComponent */
	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
	HBufC8* iSeed;
	RInteger iPGenCounter;
	};

class CX509DHDomainParams : public CBase
/** Encapsulates the compulsory Diffie-Hellman domain parameter values P and G 
* (See RFC 2459). 
* 
* @publishedAll
* @released
* @since v6.0 */
	{
public:
	/** Creates a new DH Domain parameters object from the specified buffer containing 
	* the encoded binary representation.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DHDomainParams object. */
	IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData);
	
	/** Creates a new DH Domain parameters object from the specified buffer containing 
	* the encoded binary representation, and puts a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @return				A pointer to the new CX509DHDomainParams object. */
	IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData);
	
	/** Creates a new DH Domain parameters object from the specified buffer containing 
	* the encoded binary representation, starting at the specified offset.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DHDomainParams object. */
	IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Creates a new DH Domain parameters object from the specified buffer containing 
	* the encoded binary representation, starting at the specified offset, and puts 
	* a pointer to it onto the cleanup stack.
	* 
	* @param aBinaryData	The encoded binary representation.
	* @param aPos			The offset position from which to start decoding.
	* @return				A pointer to the new CX509DHDomainParams object. */
	IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData, TInt& aPos);
	
	/** Gets the compulsory parameter value P.
	* 
	* @return	The compulsory parameter value P. */
	IMPORT_C const TInteger& P() const;	
	
	/** Gets the compulsory parameter value G.
	* 
	* @return	The compulsory parameter value G. */
	IMPORT_C const TInteger& G() const;	

//the next 3 members are optional, in which case NULL is returned
//the returned objects remain the property of this object

//N.B. according to RFC 2459 the Q member is *not* optional, 
//however it is not essential for doing DH, and empirical studies
//suggest it doesn't get included much, so I'm relaxing the spec here
//to permit DomainParams objects which contain no Q.

	/** Gets the optional value Q.
	* 
	* @return	The optional value Q. */
	IMPORT_C const TInteger& Q() const;	
	
	/** Gets the optional value J.
	* 
	* @return	The optional value J. */
	IMPORT_C const TInteger& J() const;									
	
	/** Gets the optional validation parameters.
	* 
	* @return	The optional validation parameters. */
	IMPORT_C const CX509DHValidationParams* ValidationParams() const;
	
	/** Destructor.
	* 
	* Frees all resources owned by the object, prior to its destruction. */
	virtual ~CX509DHDomainParams();
protected:
	/** @internalComponent */
	CX509DHDomainParams();
	/** @internalComponent */
	void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
	RInteger iP;
	RInteger iG;
	RInteger iQ;
	RInteger iJ;
	CX509DHValidationParams* iValidationParams;
	};

class TX509KeyEncoder
/**
 * Abstract class that is the base class for RSA and DSA key encoder classes.
 * These classes are used to encode the X509 ASN.1 types AlgorithmIdentifier and
 * SubjectPublicKeyInfo.
 *
 * This class is part of the pkcs10 API, and will be changed or removed in a
 * future release.  You should not use it.
 * 
 * @internalTechnology 
 */
	{
public:
	/**
	 * Constructor that takes an algorithm identifier and saves it into the 
	 * corresponding member variable. It is then used in the
	 * EncodeSignatureAlgorithm() function.
	 * 
	 * @param aDigestAlg	Digest algorithm to use. Currently the following 
	 * 						algorithms are supported: MD2, MD5, and SHA-1.
	 */
	IMPORT_C TX509KeyEncoder(TAlgorithmId aDigestAlg);

	/**
	 * Produces the SubjectPublicKeyInfo encoding. 
	 * 
	 * The encoding has the following ASN.1 format:
	 * @code
	 * SubjectPublicKeyInfo {ALGORITHM : IOSet} ::= SEQUENCE {
	 *     algorithm        AlgorithmIdentifier {{IOSet}},
	 *     subjectPublicKey BIT STRING
	 *     }
	 * @endcode
	 */
	IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const = 0;

	/**
	 * Produces the AlgorithmIdentifier encoding.
	 * 
	 * @return	ASN.1 sequence containing signature algorithm
	 */
	IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const = 0;

	/**
	 * Produces the DigestAlgorithmIdentifier encoder.
	 *
	 * The encoding has the following ASN.1 format
	 * @code
     *   DigestAlgorithmIdentifier ::= SEQUENCE {
     *     algorithm AlgorithmIdentifier,
     *     parameters ANY DEFINED BY algorithm OPTIONAL }
     *
     *   AlgorithmIdentifier ::= OBJECT IDENTIFIER
	 * @endcode
 	 *
	 * @return Appropriate ASN.1 sequence of type <code>DigestAlgorithmIdentifier</code>
	 */
	IMPORT_C virtual CASN1EncSequence* EncodeDigestAlgorithmLC() const;

protected:
	/** Digest algorithm to use. */
	TAlgorithmId iDigestAlg;
	};

class TX509RSAKeyEncoder : public TX509KeyEncoder
/**
 * Subclasses TC509KeyEncoder to provides key encoding capability for RSA public keys.
 * 
 * This class is part of the pkcs10 API, and will be changed or removed in a
 * future release.  You should not use it.
 * 
 * @internalTechnology 
 */
	{
public:
	/**
	 * Constructs a RSA key pair encoder, saving reference to the passed 
	 * key pair in the member variable.
	 * 
	 * @param aPublicKey	RSA public key to use for encoding.
	 * @param aDigestAlg	Digest algorithm to use.
	 */
	IMPORT_C TX509RSAKeyEncoder(const CRSAPublicKey& aPublicKey, TAlgorithmId aDigestAlg);

	/**
	 * Produces the SubjectPublicKeyInfo encoding. 
	 * 
	 * The resulting encoding has the following form:
	 * @code
	 *     SEQUENCE-OF
	 *         SEQUENCE-OF
	 *             OID of the encryption algorithm (KRSA)
	 *             NULL
	 *         BIT STRING encoded public key.
	 * @endcode
	 * 
	 * @return	DER-encoded public key information, placed on the cleanup stack.
	 */
	IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const;

	/**
	 * Produces the AlgorithmIdentifier encoding.
  	 * 
	 * This has the following form:
	 * @code
	 *     SEQUENCE-OF
	 *         OID signature-algorithm
	 *         NULL
	 * @endcode
	 * 
	 * @return	ASN.1 sequence containing signature algorithm encoding, 
	 * 			placed on the cleanup stack.
	 */
	IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const;

private:
	/**
	 * Saved reference to the RSA public key to be used for encoding.
	 */
	const CRSAPublicKey& iPublicKey;
	};

class TX509DSAKeyEncoder : public TX509KeyEncoder
/**
 * Provides key encoding and signing capability using a DSA public key.
 * 
 * This class is part of the pkcs10 API, and will be changed or removed in a
 * future release.  You should not use it.
 * 
 * @internalTechnology 
 */
	{
public:
	/**
	 * Constructs a DSA key pair encoder, saving reference to the passed 
	 * public key in the member variable.
	 * 
	 * @param aKeyPublic	DSA public key to use for encoding.
	 * @param aDigestAlg	Digest algorithm to use.
	 */
	IMPORT_C TX509DSAKeyEncoder(const CDSAPublicKey& aKeyPublic, 
								TAlgorithmId aDigestAlg);

	/**
	 * Produces the SubjectPublicKeyInfo encoding. 
  	 * 
	 * The ASN.1 encoding of a DSA key has the following form:
	 * @code
	 * SEQUENCE-OF
	 *     SEQUENCE-OF
	 *         OID dsa (1.2.840.10040.4.1)
	 *         SEQUENCE-OF
	 *             INTEGER p
	 *             INTEGER q
	 *             INTEGER g
	 *     BIT STRING
	 *         INTEGER public value (y)
	 * @endcode
	 * 
	 * @return DER-encoded public key information, placed on the cleanup stack.
	 */
	IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const;

	/**
	 * Produces the AlgorithmIdentifier encoding.
   	 * 
	 * This has the following form:
	 * @code
	 * SEQUENCE-OF
	 *     OID dsa-signature-oid
	 *     SEQUENCE-OF dsa-params
	 *         INTEGER p
	 *         INTEGER q
	 *         INTEGER g
	 * @endcode
	 * 
	 * @return	ASN.1 sequence containing signature algorithm encoding, 
	 *     		placed on the cleanup stack.
	 */
	IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const;

private:
	/**
	 * Saved reference to the DSA public key to be used for encoding.
	 */
	const CDSAPublicKey& iPublicKey;
	};

#endif