|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: static method for certficate handling |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 #ifndef IKEPKIUTILS_H |
|
22 #define IKEPKIUTILS_H |
|
23 |
|
24 #include <e32base.h> |
|
25 |
|
26 class CX509Certificate; |
|
27 class TCertPayloadIkev2; |
|
28 class CIkeCaList; |
|
29 class TCertificateISAKMP; |
|
30 class TASN1DecGeneric; |
|
31 |
|
32 class IkePkiUtils |
|
33 { |
|
34 public: |
|
35 |
|
36 /* |
|
37 * Verifies an IKEv2 signature with a public of |
|
38 * specified certificate |
|
39 * |
|
40 * @param aSignature Signature data verified. |
|
41 * @param aAuthData Data signed. |
|
42 * @param aCert Certificate which contains the public key used for verification |
|
43 * @result ETrue if signature is vefified OK, otherwise EFalse |
|
44 */ |
|
45 IMPORT_C static TBool VerifyIkev2SignatureL(const TDesC8& aSignature, |
|
46 const TDesC8& aRefHash, |
|
47 const CX509Certificate& aCerts); |
|
48 |
|
49 |
|
50 /* |
|
51 * Verifies an IKEv1 signature with a public of |
|
52 * specified certificate |
|
53 * |
|
54 * @param aSignature Signature data verified. |
|
55 * @param aRefHash Hash data which has been signed (= Encrypted with private key) |
|
56 * @param aCert Certificate which contains the public key used for verification |
|
57 * @result ETrue if signature is vefified OK, otherwise EFalse |
|
58 */ |
|
59 IMPORT_C static TBool VerifyIkev1SignatureL(const TDesC8& aSignature, |
|
60 const TDesC8& aRefHash, |
|
61 const CX509Certificate& aCerts); |
|
62 |
|
63 /* |
|
64 * Gets IKE DER encoded Subject Name from the certificate and |
|
65 * copy it into specified buffer |
|
66 * |
|
67 * @param aCert Certificate object pointer |
|
68 * @param aSubjectName Reference to the subject name (returned) |
|
69 * @result ETrue if operation succeeded, otherwise EFalse |
|
70 */ |
|
71 IMPORT_C static TBool GetCertSubjectNameDERL(const CX509Certificate* aCert, |
|
72 TDes8& aSubjectName); |
|
73 |
|
74 /* |
|
75 * Gets IKE identity data from specified certificate |
|
76 * |
|
77 * @param aIdType Specified IKE Identity type wanted. |
|
78 * @param aCertData Certificate data from where the specified Identity data is taken |
|
79 * @result The identity data buffer of NULL |
|
80 */ |
|
81 IMPORT_C static HBufC8* GetIdentityFromCertL(TUint8 aIdType, const TDesC8& aCertData); |
|
82 |
|
83 |
|
84 /* |
|
85 * Ccertifies a specified IKE identity with |
|
86 * Certificate Identities |
|
87 * |
|
88 * @param aCert Verified user certificate |
|
89 * @param aId IKE identity data used by peer |
|
90 * @param aIdType IKE identity type |
|
91 * @result ETrue if Identity is certified otherwise EFalse |
|
92 */ |
|
93 IMPORT_C static TBool CertifyIdentityL(const CX509Certificate* aCert, |
|
94 TDesC8& aId, TInt aIdType); |
|
95 |
|
96 |
|
97 /* |
|
98 * Verifies the user Certificate used by the IKE peer. |
|
99 * |
|
100 * @param aCerts The array of IKE certificate payload(s) from where verified |
|
101 * Certificate is found |
|
102 * @result A pointer to a verified X509 certificate or NULL |
|
103 */ |
|
104 IMPORT_C static CX509Certificate* VerifyCertificateL(const CArrayFixFlat<TCertPayloadIkev2*>& aCerts, |
|
105 const CIkeCaList& aTrustedCAList); |
|
106 |
|
107 |
|
108 /* |
|
109 * Verifies the user Certificate used by the IKE peer. |
|
110 * |
|
111 * @param aCerts The array of IKE certificate payload(s) from where verified |
|
112 * Certificate is found |
|
113 * @result A pointer to a verified X509 certificate or NULL |
|
114 */ |
|
115 IMPORT_C static CX509Certificate* VerifyCertificateL(const CArrayFixFlat<const TCertificateISAKMP*>& aCerts, |
|
116 const CIkeCaList& aTrustedCAList); |
|
117 |
|
118 IMPORT_C static CX509Certificate* VerifyCertChainL(const CArrayFixFlat<CX509Certificate*>& aCerts, CX509Certificate*& realUserCert,const CIkeCaList& aTrustedCAList); |
|
119 |
|
120 private: |
|
121 static TBool VerifySignatureL(const TInt aIkeVersion, |
|
122 const TDesC8& aSignature, |
|
123 const TDesC8& aRefHash, |
|
124 const CX509Certificate& aCert); |
|
125 |
|
126 static CArrayPtrFlat<TASN1DecGeneric>* DecodeDERL(const TDesC8& aPtr, TInt& aPosition); |
|
127 |
|
128 /* |
|
129 * Verifies user certificate by taking the following actions: |
|
130 * -- Verify the signature of the user certificate with the public |
|
131 * key of the CA certificate. |
|
132 * -- Check the validity of the user certificate |
|
133 * -- Check that extension field of the user certificate are correct |
|
134 */ |
|
135 static CX509Certificate* VerifyX509CertificateL(const CX509Certificate& aCaCert, |
|
136 CX509Certificate& aCert); |
|
137 |
|
138 |
|
139 static CX509Certificate* FindCaCertificateL(const CX509Certificate& aUserCert, |
|
140 const CIkeCaList& aTrustedCAList); |
|
141 |
|
142 static const CArrayFixFlat<TCertPayloadIkev2*>* CastCertArray(const CArrayFixFlat<const TCertificateISAKMP*>* aCerts); |
|
143 |
|
144 |
|
145 |
|
146 |
|
147 }; |
|
148 |
|
149 #endif //IKEPKIUTILS_H |