MCL/sf/os/security: comparison cryptoservices/certificateandkeymgmt/inc/x509CertExt

equal deleted inserted replaced

-:675a964f4eb5
+:35751d3474b7
 * 12)   inhibit-any policy
 *
 */
 /**
 @file
-@internalAll
+@publishedAll
 @released
 */
 #if !defined (__X509CERTEXT_H__)
 #define __X509CERTEXT_H__
 #include <e32base.h>
 #include <e32std.h>
 #include <x509gn.h>
+#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <x509bitstring.h>
+#endif
 class RReadStream;
 class RWriteStream;
+class CX509BitString;
-/** X509 Extension OIDs
-*
-* @publishedAll
-* @released
-* @since v9.5 */
-//OIDS for the extensions we define here...
-_LIT(KBasicConstraints,"2.5.29.19");
-_LIT(KSubjectAltName,"2.5.29.17");
-_LIT(KIssuerAltName,"2.5.29.18");
-_LIT(KKeyUsage,"2.5.29.15");
-_LIT(KNameConstraints,"2.5.29.30");
-_LIT(KPolicyConstraints,"2.5.29.36");
-_LIT(KCertPolicies,"2.5.29.32");
-_LIT(KPolicyMapping,"2.5.29.33");
-_LIT(KAuthorityKeyId,"2.5.29.35");
-_LIT(KSubjectKeyId,"2.5.29.14");
-_LIT(KExtendedKeyUsage,"2.5.29.37");
-_LIT(KAuthorityInfoAccess, "1.3.6.1.5.5.7.1.1");
-_LIT(KInhibitAnyPolicy, "2.5.29.54");
-// OIDs for access methods
-_LIT(KAccessMethodOCSP, "1.3.6.1.5.5.7.48.1");
-//deprecated OIDs we might still encounter
-_LIT(KOldBasicConstraints,"2.5.29.10");
-_LIT(KOldBasicConstraints2,"2.5.29.13");
-_LIT(KOldSubjectAltName,"2.5.29.7");
-_LIT(KOldIssuerAltName,"2.5.29.8");
-_LIT(KOldNameConstraints,"2.5.29.11");
-_LIT(KOldPolicyConstraints,"2.5.29.2");
-_LIT(KOldPolicyConstraints2,"2.5.29.34");
-_LIT(KOldCertPolicies,"2.5.29.3");
-_LIT(KOldPolicyMapping,"2.5.29.5");
-_LIT(KOldAuthorityKeyId,"2.5.29.1");
-// Define OIDs for Symbian certificate constraints.
-_LIT(KDeviceIdListConstraint,"1.2.826.0.1.1796587.1.1.1.1");
-_LIT(KSidListConstraint,"1.2.826.0.1.1796587.1.1.1.4");
-_LIT(KVidListConstraint,"1.2.826.0.1.1796587.1.1.1.5");
-_LIT(KCapabilitiesConstraint,"1.2.826.0.1.1796587.1.1.1.6");
-//1) basic constraints...
-class CX509ExtensionBase : public CBase
-/** A certificate extension base class.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
-	{
-protected:
-	/** Second-phase constructor.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @param aPos			The position from which to start decoding. */
-	virtual void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
-	/** Implementation for second-phase construction.
-	*
-	* This is called by ConstructL().
-	*
-	* @param aBinaryData	The encoded binary representation. This is the same as
-	* 						passed to ConstructL().
-	* @param aPos			The position from which to start decoding. Note that the value
-	* 						passed points, in effect, to the content, by passing the header data. */
-	virtual void DoConstructL(const TDesC8& aBinaryData, TInt& aPos) = 0;
-	};
-class CX509BasicConstraintsExt : public CX509ExtensionBase
-/** An X.509 certificate extension that defines basic constraints.
-*
-* It indicates whether the certificate belongs to a Certificate Authority or
-* an end Entity.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
-	{
-public:
-	/** Creates a new CX509BasicConstraintsExt object from the specified
-	* buffer containing the binary coded representation.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @return				The new CX509BasicConstraintsExt object. */
-	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData);
-	/** Creates a new CX509BasicConstraintsExt object from the specified
-	* buffer containing the binary coded representation, and puts a pointer to it
-	* onto the cleanup stack.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @return				The new CX509BasicConstraintsExt object. */
-	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData);
-	/** Creates a new CX509BasicConstraintsExt object from the specified
-	* buffer containing the binary coded representation, starting at the specified
-	* offset.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @param aPos			The offset position from which to start decoding.
-	* @return				The new CX509BasicConstraintsExt object. */
-	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData, TInt& aPos);
-	/** Creates a new CX509BasicConstraintsExt object from the specified
-	* buffer containing the binary coded representation, starting at the specified
-	* offset, and puts a pointer to it onto the cleanup stack.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @param aPos			The offset position from which to start decoding.
-	* @return				The new CX509BasicConstraintsExt object. */
-	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-	/** Destructor.
-	*
-	* Frees all resources owned by the object, prior to its destruction. */
-	virtual ~CX509BasicConstraintsExt();
-	/** Tests whether the certificate belongs to a Certificate Authority.
-	*
-	* @return	ETrue, if the certificate belongs to a Certificate Authority;
-	* 			EFalse, otherwise. */
-	IMPORT_C TBool IsCA() const;
-	/** Gets the maximum number of certificates that can follow this one in the chain.
-	*
-	* @return	The number of certificates. */
-	IMPORT_C TInt MaxChainLength() const;//0 if not set
-private:
-	CX509BasicConstraintsExt();
-	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);
-	TBool iIsCA;
-	TInt iMaxChainLen;
-	};
-//2) alt name
-class CX509AltNameExt : public CX509ExtensionBase
-/** An X.509 certificate extension that defines an alternate name.
-*
-* It appears as an Issuer Alt Name extension or a Subject Alt Name extension
-* and is used to contain extra identifying information that will not fit into
-* a Distinguished Name.
-*
-* It consists of an array of X.509 General Names.
-*
-* @publishedAll
-* @released
-* @since v6.0 */
-	{
-public:
-	/** Creates a new CX509AltNameExt object from the specified
-	* buffer containing the binary coded representation.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @return				The new CX509AltNameExt object. */
-	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData);
-	/** Creates a new CX509AltNameExt object from the specified
-	* buffer containing the binary coded representation, and puts a pointer to it
-	* onto the cleanup stack.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @return				The new CX509AltNameExt object. */
-	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData);
-	/** Creates a new CX509AltNameExt object from the specified
-	* buffer containing the binary coded representation, starting at the specified
-	* offset.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @param aPos			The offset position from which to start decoding.
-	* @return				The new CX509AltNameExt object. */
-	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData, TInt& aPos);
-	/** Creates a new CX509AltNameExt object from the specified
-	* buffer containing the binary coded representation, starting at the specified
-	* offset, and puts a pointer to it onto the cleanup stack.
-	*
-	* @param aBinaryData	The encoded binary representation.
-	* @param aPos			The offset position from which to start decoding.
-	* @return				The new CX509AltNameExt object. */
-	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);
-	/** Destructor.
-	*
-	* Frees all resources owned by the object, prior to its destruction. */
-	 virtual ~CX509AltNameExt();
-	/** Gets a reference to the array of general names that forms the alternate name
-	* extension.
-	*
-	* @return	The array of general names. */
-	IMPORT_C const CArrayPtrFlat<CX509GeneralName>& AltName() const;
-	/** Checks whether the corressponding elements of two equally sized arrays of X.509 general names
-	* match.
-	*
-	* @param aExt	An X.509 certificate extension object that defines an alternate name.
-	* @return		TRUE if all the elements in the arrays match.
-	*/
-	IMPORT_C TBool Match(const CX509AltNameExt& aExt) const;
-private:
-	CX509AltNameExt();
-	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);
-	CArrayPtrFlat<CX509GeneralName>* iAuthorityName;
-	};
-//3) key usage
-class CX509BitString : public CBase
-/** An X.509 bit string.
-*
-* @internalTechnology
-* @released
-* @since v6.0 */
-	{
-public:
-	/** Destructor.
-	*
-	* Frees all resources owned by the object. */
-	~CX509BitString();
-	/** Tests whether the specified bit is set.
-	*
-	* @param aBit	The offset of the bit to be tested. This is a value relative to
-	* 				zero. Any value greater than or equal to the length of the bit
-	*				string will always cause EFalse to be returned.
-	* @return		ETrue, if the bit is set; EFalse, otherwise. */
-	TBool IsSet(TInt aBit) const;
-	/** Creates the X.509 bit string.
-	*
-	* @param aData				A heap descriptor representing the bit string data.
-	* @param aEffectiveLength	The number of bits in the string. */
-	CX509BitString(HBufC8* aData, TInt aEffectiveLength);
-private:
-	HBufC8* iData;
-	TInt iLength;
-	};
 /** A list of values that defines what an X.509 key can be used for.
 * These values can be ANDed together if a key has several usages.
 *
-* @internalTechnology
 * @since v7.0 */
 enum TX509KeyUsage
 	{
 	/** A digital signature. */
 	EX509DigitalSignature,
 	EX509EncipherOnly,
 	/** Decipher only. */
 	EX509DecipherOnly
 	};
+/** X509 Extension OIDs
+*
+* @since v9.5 */
+//OIDS for the extensions we define here...
+_LIT(KBasicConstraints,"2.5.29.19");
+_LIT(KSubjectAltName,"2.5.29.17");
+_LIT(KIssuerAltName,"2.5.29.18");
+_LIT(KKeyUsage,"2.5.29.15");
+_LIT(KNameConstraints,"2.5.29.30");
+_LIT(KPolicyConstraints,"2.5.29.36");
+_LIT(KCertPolicies,"2.5.29.32");
+_LIT(KPolicyMapping,"2.5.29.33");
+_LIT(KAuthorityKeyId,"2.5.29.35");
+_LIT(KSubjectKeyId,"2.5.29.14");
+_LIT(KExtendedKeyUsage,"2.5.29.37");
+_LIT(KAuthorityInfoAccess, "1.3.6.1.5.5.7.1.1");
+_LIT(KInhibitAnyPolicy, "2.5.29.54");
+// OIDs for access methods
+_LIT(KAccessMethodOCSP, "1.3.6.1.5.5.7.48.1");
+//deprecated OIDs we might still encounter
+_LIT(KOldBasicConstraints,"2.5.29.10");
+_LIT(KOldBasicConstraints2,"2.5.29.13");
+_LIT(KOldSubjectAltName,"2.5.29.7");
+_LIT(KOldIssuerAltName,"2.5.29.8");
+_LIT(KOldNameConstraints,"2.5.29.11");
+_LIT(KOldPolicyConstraints,"2.5.29.2");
+_LIT(KOldPolicyConstraints2,"2.5.29.34");
+_LIT(KOldCertPolicies,"2.5.29.3");
+_LIT(KOldPolicyMapping,"2.5.29.5");
+_LIT(KOldAuthorityKeyId,"2.5.29.1");
+// Define OIDs for Symbian certificate constraints.
+_LIT(KDeviceIdListConstraint,"1.2.826.0.1.1796587.1.1.1.1");
+_LIT(KSidListConstraint,"1.2.826.0.1.1796587.1.1.1.4");
+_LIT(KVidListConstraint,"1.2.826.0.1.1796587.1.1.1.5");
+_LIT(KCapabilitiesConstraint,"1.2.826.0.1.1796587.1.1.1.6");
+//1) basic constraints...
+class CX509ExtensionBase : public CBase
+/** A certificate extension base class.
+*
+* @since v6.0 */
+	{
+protected:
+	/** Second-phase constructor.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @param aPos			The position from which to start decoding. */
+	virtual void ConstructL(const TDesC8& aBinaryData, TInt& aPos);
+	/** Implementation for second-phase construction.
+	*
+	* This is called by ConstructL().
+	*
+	* @param aBinaryData	The encoded binary representation. This is the same as
+	* 						passed to ConstructL().
+	* @param aPos			The position from which to start decoding. Note that the value
+	* 						passed points, in effect, to the content, by passing the header data. */
+	virtual void DoConstructL(const TDesC8& aBinaryData, TInt& aPos) = 0;
+	};
+class CX509BasicConstraintsExt : public CX509ExtensionBase
+/** An X.509 certificate extension that defines basic constraints.
+*
+* It indicates whether the certificate belongs to a Certificate Authority or
+* an end Entity.
+*
+* @since v6.0 */
+	{
+public:
+	/** Creates a new CX509BasicConstraintsExt object from the specified
+	* buffer containing the binary coded representation.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @return				The new CX509BasicConstraintsExt object. */
+	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData);
+	/** Creates a new CX509BasicConstraintsExt object from the specified
+	* buffer containing the binary coded representation, and puts a pointer to it
+	* onto the cleanup stack.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @return				The new CX509BasicConstraintsExt object. */
+	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData);
+	/** Creates a new CX509BasicConstraintsExt object from the specified
+	* buffer containing the binary coded representation, starting at the specified
+	* offset.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @param aPos			The offset position from which to start decoding.
+	* @return				The new CX509BasicConstraintsExt object. */
+	IMPORT_C static CX509BasicConstraintsExt* NewL(const TDesC8& aBinaryData, TInt& aPos);
+	/** Creates a new CX509BasicConstraintsExt object from the specified
+	* buffer containing the binary coded representation, starting at the specified
+	* offset, and puts a pointer to it onto the cleanup stack.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @param aPos			The offset position from which to start decoding.
+	* @return				The new CX509BasicConstraintsExt object. */
+	IMPORT_C static CX509BasicConstraintsExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+	/** Destructor.
+	*
+	* Frees all resources owned by the object, prior to its destruction. */
+	virtual ~CX509BasicConstraintsExt();
+	/** Tests whether the certificate belongs to a Certificate Authority.
+	*
+	* @return	ETrue, if the certificate belongs to a Certificate Authority;
+	* 			EFalse, otherwise. */
+	IMPORT_C TBool IsCA() const;
+	/** Gets the maximum number of certificates that can follow this one in the chain.
+	*
+	* @return	The number of certificates. */
+	IMPORT_C TInt MaxChainLength() const;//0 if not set
+private:
+	CX509BasicConstraintsExt();
+	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);
+	TBool iIsCA;
+	TInt iMaxChainLen;
+	};
+//2) alt name
+class CX509AltNameExt : public CX509ExtensionBase
+/** An X.509 certificate extension that defines an alternate name.
+*
+* It appears as an Issuer Alt Name extension or a Subject Alt Name extension
+* and is used to contain extra identifying information that will not fit into
+* a Distinguished Name.
+*
+* It consists of an array of X.509 General Names.
+*
+* @since v6.0 */
+	{
+public:
+	/** Creates a new CX509AltNameExt object from the specified
+	* buffer containing the binary coded representation.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @return				The new CX509AltNameExt object. */
+	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData);
+	/** Creates a new CX509AltNameExt object from the specified
+	* buffer containing the binary coded representation, and puts a pointer to it
+	* onto the cleanup stack.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @return				The new CX509AltNameExt object. */
+	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData);
+	/** Creates a new CX509AltNameExt object from the specified
+	* buffer containing the binary coded representation, starting at the specified
+	* offset.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @param aPos			The offset position from which to start decoding.
+	* @return				The new CX509AltNameExt object. */
+	IMPORT_C static CX509AltNameExt* NewL(const TDesC8& aBinaryData, TInt& aPos);
+	/** Creates a new CX509AltNameExt object from the specified
+	* buffer containing the binary coded representation, starting at the specified
+	* offset, and puts a pointer to it onto the cleanup stack.
+	*
+	* @param aBinaryData	The encoded binary representation.
+	* @param aPos			The offset position from which to start decoding.
+	* @return				The new CX509AltNameExt object. */
+	IMPORT_C static CX509AltNameExt* NewLC(const TDesC8& aBinaryData, TInt& aPos);
+	/** Destructor.
+	*
+	* Frees all resources owned by the object, prior to its destruction. */
+	 virtual ~CX509AltNameExt();
+	/** Gets a reference to the array of general names that forms the alternate name
+	* extension.
+	*
+	* @return	The array of general names. */
+	IMPORT_C const CArrayPtrFlat<CX509GeneralName>& AltName() const;
+	/** Checks whether the corressponding elements of two equally sized arrays of X.509 general names
+	* match.
+	*
+	* @param aExt	An X.509 certificate extension object that defines an alternate name.
+	* @return		TRUE if all the elements in the arrays match.
+	*/
+	IMPORT_C TBool Match(const CX509AltNameExt& aExt) const;
+private:
+	CX509AltNameExt();
+	void DoConstructL(const TDesC8& aBinaryData, TInt& aPos);
+	CArrayPtrFlat<CX509GeneralName>* iAuthorityName;
+	};
 class CX509KeyUsageExt : public CX509ExtensionBase
 /** An X.509 certificate extension that defines the uses to which a key may be put.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509KeyUsageExt object from the specified buffer
 	* containing the binary coded representation.
 	* Frees all resources owned by the object, prior to its destruction. */
 	virtual ~CX509KeyUsageExt();
 	/** Tests whether a particular usage is set in the extension.
 	*
-	* @internalTechnology
+	*
 	* @param aUsage	The usage.
 	* @return		ETrue, if the specific usage is set in the extension; EFalse, otherwise. */
 	IMPORT_C TBool IsSet(TX509KeyUsage aUsage) const;
 private:
 	CX509KeyUsageExt();
 //4) name constraints
 class CX509GeneralSubtree : public CBase
 /** Provides access to the general name and the min/max lengths of the subtree.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/**
 	 * @internalComponent
 /** An X.509 certificate extension that defines constraints on an entity's name.
 *
 * This extension allows Certification Authorities to restrict or prevent the issuing
 * of certificates to entities whose names lie within a defined name space.
 *
-* @publishedAll
+*/
-* @released */
 	{
 public:
 	/** Creates a new CX509NameConstraintsExt object from the specified
 	* buffer containing the binary coded representation.
 	*
 *
 * Enables a CA to constrain the use of policies in two ways: they can enforce
 * the appearance of explicit certificate policies in subsequent certificates,
 * and prevent policy mapping from being performed.
 *
-* @publishedAll
-* @released
 */
 	{
 public:
 	/**
 	 * @internalComponent
 class CX509PolicyConstraintsExt : public CX509ExtensionBase
 /** Enables a Certification Authority to constrain the use of policies in two ways:
 * @li to enforce the appearance of explicit certificate policies in subsequent certificates
 * @li to prevent policy mapping from being performed.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509PolicyConstraintsExt object from the specified buffer
 	* containing the encoded binary representation.
 //6) policies
 class CX509PolicyQualifierInfo : public CBase
 /** Gets X.509 policy qualifier information.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/**
 	 * @internalComponent
 *
 * The policy under which a certificate has been issued may contain a number
 * of these specific policies.
 *
 * @see CX509CertPoliciesExt
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/**
 	 * @internalComponent
 class CX509CertPoliciesExt : public CX509ExtensionBase
 /**  The policy under which this certificate has been issued.
 *
 * Contains further information on a client's signature.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509CertPoliciesExt object from the specified buffer
 	* containing the encoded binary representation.
 //7) policy mapping
 class CX509PolicyMapping : public CBase
 /** A set of policy mappings.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/**
 	 * @internalComponent
 /** An X.509 certificate extension that contains a set of policy mappings.
 *
 * A policy mapping allows a Certification Authority to declare that two certificate
 * policies are equivalent.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509PolicyMappingExt object from the specified buffer containing
 	* the binary coded representation.
 *
 * The key may be identified by the issuer's name and the issuing certificate's
 * serial number, or by a key identifier value either derived from the public
 * key or by some method of generating unique IDs.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509AuthorityKeyIdExt object from the specified buffer containing
 	* the binary coded representation.
 * This is referred to as the subject key ID extension.
 *
 * It consists of a key identifier value either derived from the public key or
 * by some method of generating unique IDs.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509SubjectKeyIdExt object from the specified buffer containing
 	* the binary coded representation.
 class CX509ExtendedKeyUsageExt : public CX509ExtensionBase
 /** An X.509 certificate extension that defines the extra uses to which a key may be put.
 *
 * This is referred to as the extended key usage extension.
 *
-* @publishedAll
-* @released
 * @since v6.0 */
 	{
 public:
 	/** Creates a new CX509ExtendedKeyUsageExt object from the specified buffer
 	* containing the binary coded representation.
 class CX509AccessDescription : public CBase
 /** This class provides the access method OID and access location as used by X.509 private internet extensions
 * (authority information access).
 *
-* @publishedAll
-* @released
 */
 	{
 public:
 	/**
 class CX509AuthInfoAccessExt : public CX509ExtensionBase
 /** An X.509 certificate extension that defines the authority information access.
 *
 *
-* @publishedAll
-* @released
 */
 	{
 public:

changeset 8	35751d3474b7
parent 0	2c201484c85f