15 * General Security Definitions |
15 * General Security Definitions |
16 * |
16 * |
17 */ |
17 */ |
18 |
18 |
19 |
19 |
20 |
|
21 |
|
22 /** |
20 /** |
23 @file |
21 @file |
24 @internalAll |
22 @publishedAll |
|
23 @released |
25 */ |
24 */ |
26 |
25 |
27 #ifndef __SECURITYDEFS_H__ |
26 #ifndef __SECURITYDEFS_H__ |
28 #define __SECURITYDEFS_H__ |
27 #define __SECURITYDEFS_H__ |
29 |
28 |
30 #include <e32std.h> |
29 #include <e32std.h> |
31 #include <e32base.h> |
30 #include <e32base.h> |
32 |
31 |
|
32 #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS |
|
33 #include <securitydefsconst.h> |
|
34 #endif |
|
35 |
33 /** General Security Definitions */ |
36 /** General Security Definitions */ |
34 |
37 |
35 // Old keystore interface, deprecated ////////////////////////////////////////// |
38 // Old keystore interface, deprecated ////////////////////////////////////////// |
36 |
39 |
37 /** |
40 /** |
38 * What a key can be used for. |
41 * What a key can be used for. |
39 * The values this can take are defined in TKeyUsageVals. |
42 * The values this can take are defined in TKeyUsageVals. |
40 * |
43 * |
41 * @publishedAll |
|
42 * @deprecated |
44 * @deprecated |
43 */ |
45 */ |
44 typedef TInt TKeyUsage; |
46 typedef TInt TKeyUsage; |
45 |
47 |
46 /** |
48 /** |
48 * |
50 * |
49 * These values can be ORed together if a key has several usages. EAllKeyUsages |
51 * These values can be ORed together if a key has several usages. EAllKeyUsages |
50 * is used when searching for all keys, rather than ones with a particular |
52 * is used when searching for all keys, rather than ones with a particular |
51 * usage. As these can be combined, TKeyUsage is used to store them. |
53 * usage. As these can be combined, TKeyUsage is used to store them. |
52 * |
54 * |
53 * @publishedAll |
|
54 * @deprecated |
55 * @deprecated |
55 */ |
56 */ |
56 enum TKeyUsageVals |
57 enum TKeyUsageVals |
57 { |
58 { |
58 EDigitalSignature = 0x80000000, |
59 EDigitalSignature = 0x80000000, |
161 |
158 |
162 /** |
159 /** |
163 * Supported types of certificate format. Note these must be only 1 byte long as |
160 * Supported types of certificate format. Note these must be only 1 byte long as |
164 * the file cert store only seralises them as 1 byte. |
161 * the file cert store only seralises them as 1 byte. |
165 * |
162 * |
166 * @publishedAll |
|
167 * @released |
|
168 */ |
163 */ |
169 enum TCertificateFormat |
164 enum TCertificateFormat |
170 { |
165 { |
171 EX509Certificate = 0x00, |
166 EX509Certificate = 0x00, |
172 EWTLSCertificate = 0x01, |
167 EWTLSCertificate = 0x01, |
178 }; |
173 }; |
179 |
174 |
180 /** |
175 /** |
181 * The owner of a certificate. |
176 * The owner of a certificate. |
182 * |
177 * |
183 * @publishedAll |
|
184 * @released |
|
185 */ |
178 */ |
186 enum TCertificateOwnerType |
179 enum TCertificateOwnerType |
187 { |
180 { |
188 ECACertificate, |
181 ECACertificate, |
189 EUserCertificate, |
182 EUserCertificate, |
190 EPeerCertificate |
183 EPeerCertificate |
191 }; |
184 }; |
192 |
185 |
193 /** The length of a SHA-1 hash |
186 /** The length of a SHA-1 hash |
194 * |
187 * |
195 * @publishedAll |
|
196 * @released |
|
197 */ |
188 */ |
198 const TInt KSHA1HashLengthBytes = 20; |
189 const TInt KSHA1HashLengthBytes = 20; |
199 |
190 |
200 /** |
191 /** |
201 * A SHA-1 hash. |
192 * A SHA-1 hash. |
202 * |
193 * |
203 * @publishedAll |
|
204 * @released |
|
205 */ |
194 */ |
206 typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash; |
195 typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash; |
207 |
196 |
208 //const TInt KMD5HashLengthBytes = 16; |
197 //const TInt KMD5HashLengthBytes = 16; |
209 //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>; |
198 //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>; |
210 |
199 |
211 /** |
200 /** |
212 * A SHA-1 hash is also used as a key identifier. |
201 * A SHA-1 hash is also used as a key identifier. |
213 * |
202 * |
214 * @publishedAll |
|
215 * @released |
|
216 */ |
203 */ |
217 typedef TSHA1Hash TKeyIdentifier; |
204 typedef TSHA1Hash TKeyIdentifier; |
218 |
205 |
219 /** |
206 /** |
220 * Errors that can occur when validating a certificate chain. |
207 * Errors that can occur when validating a certificate chain. |
221 * |
208 * |
222 * Except EValidatedOK, all these are fatal errors unless specified. |
209 * Except EValidatedOK, all these are fatal errors unless specified. |
223 * |
210 * |
224 * @publishedAll |
|
225 * @released |
|
226 */ |
211 */ |
227 enum TValidationError |
212 enum TValidationError |
228 { |
213 { |
229 /** Validation OK */ |
214 /** Validation OK */ |
230 EValidatedOK, |
215 EValidatedOK, |
306 * We cannot tell if this is fatal or not, as we lack the context. |
291 * We cannot tell if this is fatal or not, as we lack the context. |
307 */ |
292 */ |
308 ECriticalCapabilities |
293 ECriticalCapabilities |
309 }; |
294 }; |
310 |
295 |
311 // Certificate Applicability UIDs |
|
312 |
|
313 /** |
|
314 * This UID is associated with certificates which are trusted for |
|
315 * software installation of native applications. |
|
316 * |
|
317 * @see MCertStore::Applications |
|
318 * @see MCTWritableCertStore::SetApplicability |
|
319 * |
|
320 * @publishedPartner |
|
321 * @released |
|
322 */ |
|
323 const TUid KSwiApplicabilityUid = {0x100042AB}; |
|
324 |
|
325 /** |
|
326 * This UID is associated with certificates which are trusted for |
|
327 * OCSP checks. |
|
328 * |
|
329 * @see MCertStore::Applications |
|
330 * @see MCTWritableCertStore::SetApplicability |
|
331 * |
|
332 * @publishedPartner |
|
333 * @released |
|
334 */ |
|
335 const TUid KSwiOcspApplicabilityUid = {0x1000A8B6}; |
|
336 |
|
337 /** |
|
338 * This UID is associated with certificates which are trusted for |
|
339 * Java midlet installation. |
|
340 * |
|
341 * @see MCertStore::Applications |
|
342 * @see MCTWritableCertStore::SetApplicability |
|
343 * |
|
344 * @publishedPartner |
|
345 * @released |
|
346 */ |
|
347 const TUid KMidletInstallApplicabilityUid = {0x101F9B28}; |
|
348 |
|
349 /** |
|
350 * This UID is associated with certificates which are trusted for |
|
351 * SSL/TLS connectivity. |
|
352 * |
|
353 * @see MCertStore::Applications |
|
354 * @see MCTWritableCertStore::SetApplicability |
|
355 * |
|
356 * @publishedPartner |
|
357 * @released |
|
358 */ |
|
359 const TUid KTlsApplicabilityUid = {0x1000183D}; |
|
360 |
|
361 /** |
|
362 * This OID is associated with X.509 certificates |
|
363 * trusted for TLS WWW server authentication. |
|
364 * |
|
365 * @publishedPartner |
|
366 * @released |
|
367 */ |
|
368 _LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1"); |
|
369 |
|
370 /** |
|
371 * This OID is associated with X.509 certificates |
|
372 * trusted for TLS WWW client authentication. |
|
373 * |
|
374 * @publishedPartner |
|
375 * @released |
|
376 */ |
|
377 // SSL Client |
|
378 _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2"); |
|
379 |
|
380 /** |
|
381 * This OID is associated with X.509 certificates |
|
382 * trusted for signing of downloadable executable code. |
|
383 * |
|
384 * @publishedPartner |
|
385 * @released |
|
386 */ |
|
387 _LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3"); |
|
388 |
|
389 /** |
|
390 * This OID is associated with X.509 certificates |
|
391 * trusted for email protection . |
|
392 * |
|
393 * @publishedPartner |
|
394 * @released |
|
395 */ |
|
396 _LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4"); |
|
397 |
|
398 /** |
|
399 * This OID is associated with X.509 certificates |
|
400 * trusted for Ipsec end system. |
|
401 * |
|
402 * @publishedPartner |
|
403 * @released |
|
404 */ |
|
405 _LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5"); |
|
406 |
|
407 /** |
|
408 * This OID is associated with X.509 certificates |
|
409 * trusted for Ipsec tunnel. |
|
410 * |
|
411 * @publishedPartner |
|
412 * @released |
|
413 */ |
|
414 _LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6"); |
|
415 |
|
416 /** |
|
417 * This OID is associated with X.509 certificates |
|
418 * trusted for Ipsec user. |
|
419 * |
|
420 * @publishedPartner |
|
421 * @released |
|
422 */ |
|
423 _LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7"); |
|
424 |
|
425 /** |
|
426 * This OID is associated with X.509 certificates |
|
427 * trusted for binding the hash of an object to a time. |
|
428 * |
|
429 * @publishedPartner |
|
430 * @released |
|
431 */ |
|
432 _LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8"); |
|
433 |
|
434 /** |
|
435 * This OID is associated with X.509 certificates |
|
436 * trusted for signing OCSP responses. |
|
437 * |
|
438 * @publishedPartner |
|
439 * @released |
|
440 */ |
|
441 _LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9"); |
|
442 |
|
443 |
|
444 |
296 |
445 #include "securitydefs.inl" |
297 #include "securitydefs.inl" |
446 |
298 |
447 #endif |
299 #endif |