diff -r 000000000000 -r 2c201484c85f cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.h Wed Jul 08 11:25:26 2009 +0100 @@ -0,0 +1,220 @@ +/* +* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + + + +/** + @file + @internalTechnology +*/ + +#ifndef __PKIXCERTS_H__ +#define __PKIXCERTS_H__ + +//pkixroots.h +#include +#include +#include +#include + +/** + * Base class for classes that help retrieving certificates from stores + */ +class MPKIXCertSource + { +public: + //copies cert into aCandidates, passes ownership of cert to calling code... + virtual void CandidatesL(const CX509Certificate& aSubject, + RPointerArray& aCandidates, TRequestStatus& aStatus) = 0; + virtual void CancelCandidates() = 0; + virtual void Release() = 0; + +protected: + virtual ~MPKIXCertSource(); + +protected: + /** + * This function compares the issuer altname in aSubjectCert with the + * subject altname in aIssuerCert + * @param aSubjectCert We will compare the issuer altname of this certificate. + * @param aIssuerCert We will compare the subject altname of this certificate. + * @return + *
    + *
  • ETrue if the issuer altname in aSubjectCert matches the subject altname in + * aIssuerCert
    • + *
  • EFalse otherwise
    • + *
+ */ + TBool AltNameMatchL(const CX509Certificate& aSubjectCert, const CX509Certificate& aIssuerCert) const; + }; + +/** + * This class is used to retrieve the certificates from a store + * It doesn't work with client base trust. + */ +class CPKIXCertsFromStore : public CActive, public MPKIXCertSource + { +public: + /** + * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler + * Initialize must be called after this function + * @param aStore Reference to the cert store. The store is created with the default + * filter intialized to retrieve certificate of CA type and of X509 format. + * @return Initialized instance of this class. + */ + static CPKIXCertsFromStore* NewL(MCertStore& aCertStore); + static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore); + + /** + * Constructs a new CPKIXCertsFromStore instance and adds it to the active scheduler + * Initialize must be called after this function + * @param aStore Reference to the cert store. The store is created with the default + * filter intialized to retrieve certificate of CA type and of X509 format. + * @param aClient The UID for which the certificates are to be retrieved from the + * cert store, This UID is also passed to the filter for retrieving the certificates + * specific to this client UID. + * @return Initialized instance of this class. + */ + + static CPKIXCertsFromStore* NewL(MCertStore& aCertStore, TUid aClient); + static CPKIXCertsFromStore* NewLC(MCertStore& aCertStore, TUid aClient); + /** + * This function does the actual listing of certificates based on the filter created. + * It must be called after construction. + * @param aStatus Standard parameter for asynchronous calling convention. + */ + void Initialize(TRequestStatus& aStatus); + /** + * This function returns a list of CA certificates that authenticate the + * aSubject certificate. + * @param aCandidates On return, this array contains the list of CA certificates + * that can possibly be used to authenticate aSubject. The array owns the elements + * and must take care of deleting them. + */ + virtual void CandidatesL(const CX509Certificate& aSubject, + RPointerArray& aCandidates, TRequestStatus& aStatus); + virtual void CancelCandidates(); + virtual void Release(); + virtual ~CPKIXCertsFromStore(); + +private: + CPKIXCertsFromStore(MCertStore& aCertStore); + CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient); + void ConstructL(); + void ConstructL(TUid aClient); + +public: + void RunL(); + TInt RunError(TInt aError); + void DoCancel(); + +private: + void HandleEGetCertificateL(); + void HandleEAddCandidateL(); + void HandleECheckTrusted(); + + TBool IsDuplicateL(const CX509Certificate& aCertificate); + +private: + enum TState + { + EIdle = 0, + EInitialize, + ECheckTrusted, + EGetCertificate, + EAddCandidate, + EEnd + }; + +private: + /** + * The state used to know what must be done when executing + * RunL(). + */ + TState iState; + + /** + * The TRequestStatus that must be updated when the operation + * requested by a user of this class has been + * completed + */ + TRequestStatus *iOriginalRequestStatus; + + TUid iClient; + + CCertAttributeFilter *iFilter; + + /** + * iRootName is used for CandidateL + */ + const CX500DistinguishedName* iRootName; + + /** + * We don't own this + */ + const CX509Certificate* iSubject; + + /** + * We don't own this + */ + RPointerArray* iCandidates; + + /** + * iCertData is used for CandidateL + */ + HBufC8* iCertData; + + TPtr8* iCertPtr; + + /** + * iEntriesIndex is used for CandidateL + */ + TInt iEntriesIndex; + + /** + * Applies to certificate at iEntriesIndex - reflects trust setting + */ + TBool iIsTrusted; + + /** + * Used when listing certificates (filtered but not on trust). + */ + RMPointerArray iCertInfos; + + MCertStore& iCertStore; + }; + +class CPKIXCertsFromClient : public MPKIXCertSource + { +public: + static CPKIXCertsFromClient* NewL(const RPointerArray& aCerts); + static CPKIXCertsFromClient* NewLC(const RPointerArray& aCerts); + virtual void CandidatesL(const CX509Certificate& aSubject, + RPointerArray& aCandidates, TRequestStatus& aStatus); + virtual void CancelCandidates(); + virtual void Release(); + virtual ~CPKIXCertsFromClient(); + +private: + CPKIXCertsFromClient(const RPointerArray& aCerts); + +private: + const RPointerArray& iCerts; + }; + +#endif