--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikecert/inc/ikev1pkiservice.h	Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,165 @@
+/*
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:   PKI store and Certificate verification interface for IKEv1 
+*                plug-in
+*
+*/
+
+#ifndef C_IKEV1PKISERVICE_H
+#define C_IKEV1PKISERVICE_H
+
+#include <e32base.h>
+#include <asn1dec.h>
+
+#include "pkiserviceapi.h"
+#include "ikepolparser.h"
+
+class CX509Certificate;
+class TASN1DecGeneric;
+
+class CIkeData;
+class CIkeCaList;
+class TCertPayloadIkev2;
+class TCReqPayloadIkev2;
+class TCertificateISAKMP;
+class MIkePlugInServices;
+class MIkeDebug;
+class CIkeCaElem;
+//
+// CIkeV1PkiService Class
+//
+class CIkeV1PkiService : public CBase
+{
+    public:
+        IMPORT_C static CIkeV1PkiService* NewL( CIkeData* aIkeData,
+                                                MIkeDebug& aDebug );        
+        IMPORT_C ~CIkeV1PkiService();
+		
+        
+		IMPORT_C TBool ImportCACertsL(CArrayFixFlat<TCertInfo*> *aCAList);
+		IMPORT_C TInt ReadUserCertWithNameL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, TBool aDnType);
+		IMPORT_C TInt Ikev1SignatureL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, const TDesC8& aHashIn, TDes8& aSignature);
+		IMPORT_C CIkeCaList* CaList();
+		IMPORT_C HBufC8* GetCertificate();
+		IMPORT_C HBufC8* GetTrustedCA();		
+		IMPORT_C HBufC8* GetTrustedICA1();
+		IMPORT_C HBufC8* GetTrustedICA2();
+		IMPORT_C TInt ReadChainL(CIkeData* aIkeData, const HBufC8* aCAName);
+	    
+	private:
+	    CIkeV1PkiService( CIkeData* aIkeData,
+	                      MIkeDebug& aDebug );
+	    void ConstructL();
+	
+		TInt ComputeSignatureL(const TDesC8& aTrustedAuthority, const TDesC8& aHashIn, TDes8& aSignature, TBool aRsaSignature);
+		TInt ReadCertificateL(const TDesC8& aTrustedAuthority, TBool aGetCACert);
+		
+		/**
+		 * Initialized user certificate identification member variables.
+		 * The information is taken from the policy file. 
+		 * Only the ID data, which is available is set, other
+		 * data is zeroed.
+		 *
+		 * @result the size of the key, if available in the policy, zero otherwise.
+		 */
+		TUint InitUserCertIdentDataL();		
+		TBool GetNextCaElemL();
+		TBool AddNextCaElemL(TInt& aStatus);
+		TInt GetNextCertificateL();		
+		TBool CertificateReadL(TInt& aStatus);				
+
+		TInt ReadCertificateL(const TPKIKeyIdentifier& aKeyIdentifier);
+		TInt ReadCertificateListL();		
+		TInt GetCertificateWithKeyIdL(const TDesC16& aKeyIdString);
+		TBool GetApplUidListL(const TDesC16& aApplUidString);
+		TBool ApplUidCertListCompletedL(TInt aStatus);
+		TBool ReadNextInListL();
+
+		
+#ifdef _DEBUG		
+		void CertReadCompleted(TBool aCaCert, TInt aStatus, TInt aLine );
+		void HexToString(const TDesC8& aKeyId, TDes16& aKeyIdString);				
+#endif
+
+				
+    private:
+		TInt                 iOperation;     // Current operation ongoing
+		RPKIServiceAPI       iPkiService;    // PKI Service handle 		
+		CIkeCaList*          iTrustedCAList; // Trusted CA certificate list
+		
+		TInt                 iCurrIndex;     // Current index in name list 
+		CArrayFixFlat<TCertInfo*>* iCaNameList; // CA name list delivered
+		HBufC8*              iCaName;		 // Ca name work buffer
+		HBufC8*              iCa2Name;       // Level 1 Intermediate Certificate
+		HBufC8*              iCa1Name;       // Level 2 Intermediate Certificate
+				
+		CIkeData*            iIkeData;       // Current policy data object  		
+		
+		RPointerArray<CIkeCaElem> iCasTrustedByPeer;     // CA name list delivered		
+		
+		HBufC8*              iReadCertificate; // Certificate stream
+		HBufC8*              iReadCertificateOrig; // Certificate stream of original own certificate
+		HBufC8*              iSubjName;      // Subject alt name buffer
+		HBufC8*              iRfc822Name;    // RFC822 name buffer
+
+		TPtr8                iCertPtr;       // For Pkiserviceapi calls
+		TAny*                iResArray;      // For Pkiserviceapi calls
+		TBool                iReallocated;   // Certificate buffer enlarged		
+		TInt                 iCertBfrSize;   // Certificate buffer size
+
+		TPKIKeyIdentifier    iCertKeyId;     // Certficate keyid
+		RArray<TUid>*        iApplUidList;   // Application UID list
+		CArrayFix<TCertificateListEntry>*  iCaCertList;   // Applicable CA cert list
+		TInt                 iListIndex;     // Current index in CA cert list 		
+		TBool                iUserCertDerType; //0=ASCII, 1=DER
+		MIkeDebug&           iDebug;
+		
+};
+
+
+//
+//  CIkePkiService operation codes (iOperation)
+//
+const TInt KNoOperation              = 0;
+const TInt KBuildingCaList           = 1;
+const TInt KReadingCertificate       = 2;
+const TInt KProcessingApplUidList    = 3;
+const TInt KBuildingApplUidList      = 4;
+const TInt KSigning                  = 5;
+const TInt KDecrypting               = 6;
+
+
+//
+//  Certificate field indicators for GetCertificateFieldDERL()
+//
+
+#define IKEV2_CERT_KEYID_SIZE  20
+//
+//Extra Errors for IkeCert::VerifyCertificateL()
+//
+const TInt KCertVerifyErrBadType = 1;
+const TInt KCertVerifyErrNotValidYet = 2;
+const TInt KCertVerifyErrExpired = 3;
+const TInt KCertVerifyWithinMargin = 4;
+const TInt KCertVerifyCriticalExt   = 5;
+const TInt KCertVerifyKeyUsageErr   = 6;
+const TInt KCertVerifyCACertificate = 7;
+
+const TInt KDefaultErrorMargin = 3600;  // Default error marginal in Validity
+
+const TInt KSha1hashLth  = 20;          
+const TInt KCertKeyIdLth = 20;          // Certificate Key Identifier length = Length of SHA1 hash
+
+
+#endif // C_IKEV1PKISERVICE_H