/** Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).* All rights reserved.* This component and the accompanying materials are made available* under the terms of the License "Eclipse Public License v1.0"* which accompanies this distribution, and is available* at the URL "http://www.eclipse.org/legal/epl-v10.html".** Initial Contributors:* Nokia Corporation - initial contribution.** Contributors:** Description: * Declares classes for producing PKCS#10 certificate requests.**//** @file @publishedPartner @released */#ifndef __PKCS10_H__#define __PKCS10_H__#include <e32base.h>#include <asn1enc.h>#include <mctkeystore.h>#include <signed.h>class CX500DistinguishedName;class CASN1EncBase;class CPKCS10Attributes;class CPKCS10KeyHelper;class CMessageDigest;class TX509KeyEncoder;/** * Class for making PKCS#10 Certificate Request objects. * * Keys are specified by a cryptotokens key info object - this means that this * API can only be used to generate cert requests for keys that are held in a * keystore on the device. * */class CPKCS10Request : public CActive {public: /** * Creates a new PKCS#10 request object. * * @param aDN X500 distinguished name of the entity provided by caller. * Stored in iDN member variable. Ownership is not transferred. * @param aKeyInfo The key info object of the key to sign the request with. * Does not take ownership. * @param aAttr (Optional) The PKCS10 attributes to include in the request. * Takes ownership. * @return A pointer to the newly allocated object. */ IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN, const CCTKeyInfo& aKeyInfo, CPKCS10Attributes* aAttr = NULL); /** * Creates a new PKCS#10 request object. * * @param aDN X500 distinguished name of the entity provided by caller. * Stored in iDN member variable. Ownership is not transferred. * @param aKeyInfo The key info object of the key to sign the request with. * Does not take ownership. * @param aAttr (Optional) The PKCS10 attributes to include in the request. * Takes ownership. * @return A pointer to the newly allocated object that is left on the * cleanup stack. */ IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN, const CCTKeyInfo& aKeyInfo, CPKCS10Attributes* aAttr = NULL); /** * Destructs PKCS#10 object, deletes encoding buffer and attributes. */ IMPORT_C virtual ~CPKCS10Request();public: /** * Set the attributes to be encoded in the request. It replaces existing * attributes, if any. * @param aAttr The attributes - this object takes ownership. */ IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr); /** * Set the digest algorithm to use when signing the request. If this method * is not called, the default SHA-1 is used. * * @param aDigest For RSA keys, one of EMD2, EMD5 or ESHA1. * For DSA keys, ESHA1 is the only permitted value. * @leave KErrArgument if the specified algorithm is not supported. */ IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest); /** * Set the distinguished name of the entity. It replaces existing * name, if any. * @param aDN X500 distinguished name of the entity provided by caller. * Stored in iDN member variable. Ownership is not transferred. */ IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN); /** * Set the information of the key to sign with. It replaces existing * key info, if any. * @param aKeyInfo The key info object of the key to sign the request with. * Does not take ownership. */ IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo); /** * Create the ASN.1 DER encoding of the certificate request. This is an * asynchronous method. The Cancel() method can be called to cancel an * outstanding request. This method can be called repeatedly to create * certificate requests after setting the various parameters. However an * outstanding request must complete or be cancelled before calling this * method again. * * * @param aResult On successful completion, this points to a newly * allocated buffer containing the encoded certificate request. * @param aStatus Asynchronous status notification */ IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);private: virtual void RunL(); virtual TInt RunError(TInt aErr); virtual void DoCancel(); enum TState { EIdle, EInitialize, EGetKeyStore, EGetPublicKey, EOpenSigner, ESign };private: /** Private constructor that initializes essential member variables. */ CPKCS10Request(const CX500DistinguishedName* aDN, const CCTKeyInfo* aKeyInfo, CPKCS10Attributes* aAttr); // Methods making ASN.1 encoding objects /** * Performs the actual ASN.1 encoding of the request without signing it. * certRequestInfo is what gets signed with private key. * @return Pointer to a newly allocated CASN1EncSequence object. */ CASN1EncSequence* MakeCertRequestInfoEncLC(); /** * Encodes desired certificate attributes into ASN1. Takes whatever * attributes are in the iAttributes and adds them below a * sequence. If there are no attributes stored, leaves the set empty. * * The structure of the attribute node is as follows: * @code * Context-specific[0] * SEQUENCE-OF * OID of the organization * SET-OF * SEQUENCE-OF (stored in iAttributes) * SEQUENCE-OF * OID of attribute * OCTET STRING value * SEQUENCE-OF * OID of attribute * OCTET STRING value * ... * @endcode * @return Pointer to a newly allocated encoding object containing * desired certificate attributes. */ CASN1EncBase* MakeAttrEncLC(); /** * Generates data to be signed. */ void EncodeTBSDataL(); void CreateFinalEncodingL(); void Reset();private: const CX500DistinguishedName* iDN; const CCTKeyInfo* iKeyInfo; CPKCS10Attributes* iAttributes; TAlgorithmId iDigestId; TRequestStatus* iClientStatus; TState iState; HBufC8** iResult; MCTKeyStore* iKeyStore; CPKCS10KeyHelper* iKeyHelper; HBufC8* iExportedKey; HBufC8* iTBSData; };#endif