Mercurial Mercurial > oss > MCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/inc/pkcs10.h
changeset 0 2c201484c85f
child 8 35751d3474b7 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptoservices/certificateandkeymgmt/inc/pkcs10.h	Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,219 @@
+/*
+* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+* Declares classes for producing PKCS#10 certificate requests.
+*
+*/
+
+
+
+
+/**
+ @file
+ @publishedPartner
+ @released 
+*/
+
+#ifndef __PKCS10_H__
+#define __PKCS10_H__
+
+#include <e32base.h>
+#include <asn1enc.h>
+#include <mctkeystore.h>
+#include <signed.h>
+
+class CX500DistinguishedName;
+class CASN1EncBase;
+class CPKCS10Attributes;
+class CPKCS10KeyHelper;
+class CMessageDigest;
+class TX509KeyEncoder;
+
+/** 
+ * Class for making PKCS#10 Certificate Request objects.
+ *
+ * Keys are specified by a cryptotokens key info object - this means that this
+ * API can only be used to generate cert requests for keys that are held in a
+ * keystore on the device.
+ * 
+ */
+class CPKCS10Request : public CActive
+	{
+public:
+	/**
+	 * Creates a new PKCS#10 request object.
+	 * 
+	 * @param aDN X500 distinguished name of the entity provided by caller.
+	 *     Stored in iDN member variable. Ownership is not transferred.
+	 * @param aKeyInfo The key info object of the key to sign the request with.
+	 * 	   Does not take ownership.
+	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.
+	 * 	   Takes ownership.
+	 * @return A pointer to the newly allocated object.
+	 */
+	IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN,
+										 const CCTKeyInfo& aKeyInfo,
+										 CPKCS10Attributes* aAttr = NULL);
+	
+	/**
+	 * Creates a new PKCS#10 request object.
+	 * 
+	 * @param aDN X500 distinguished name of the entity provided by caller.
+	 *     Stored in iDN member variable. Ownership is not transferred.
+	 * @param aKeyInfo The key info object of the key to sign the request with.
+	 * 	   Does not take ownership.
+	 * @param aAttr (Optional) The PKCS10 attributes to include in the request.
+	 * 	   Takes ownership.
+	 * @return A pointer to the newly allocated object that is left on the
+	 * 	   cleanup stack.
+	 */
+	IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN,
+										 const CCTKeyInfo& aKeyInfo,
+										 CPKCS10Attributes* aAttr = NULL);
+
+	/**
+	 * Destructs PKCS#10 object, deletes encoding buffer and attributes.
+	 */
+	IMPORT_C virtual ~CPKCS10Request();
+
+public:
+
+	/**
+	 * Set the attributes to be encoded in the request. It replaces existing
+	 * attributes, if any.
+	 * @param aAttr The attributes - this object takes ownership.
+	 */
+	IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr);
+
+	/**
+	 * Set the digest algorithm to use when signing the request.  If this method
+	 * is not called, the default SHA-1 is used. 
+	 *
+	 * @param aDigest	For RSA keys, one of EMD2, EMD5 or ESHA1.  
+	 * 					For DSA keys, ESHA1 is the only permitted value.
+	 * @leave KErrArgument if the specified algorithm is not supported.
+	 */
+	IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest);
+
+	/**
+	 * Set the distinguished name of the entity. It replaces existing
+	 * name, if any.
+	 * @param aDN X500 distinguished name of the entity provided by caller.
+	 *     Stored in iDN member variable. Ownership is not transferred.
+	 */
+	IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN);
+
+	/**
+	 * Set the information of the key to sign with. It replaces existing
+	 * key info, if any.
+	 * @param aKeyInfo The key info object of the key to sign the request with.
+	 * 	   Does not take ownership.
+	 */
+	IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo);
+
+	/**
+	 * Create the ASN.1 DER encoding of the certificate request.  This is an
+	 * asynchronous method. The Cancel() method can be called to cancel an
+	 * outstanding request. This method can be called repeatedly to create 
+	 * certificate requests after setting the various parameters. However an
+	 * outstanding request must complete or be cancelled before calling this 
+	 * method again.
+	 * 
+	 * 
+	 * @param aResult	On successful completion, this points to a newly
+	 * 					allocated buffer containing the encoded certificate request.
+	 * @param aStatus	Asynchronous status notification 
+	 */	
+	IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus);
+	
+private:
+
+	virtual void RunL();
+	virtual TInt RunError(TInt aErr);
+	virtual void DoCancel();
+
+	enum TState
+		{
+		EIdle,
+		EInitialize,
+		EGetKeyStore,
+		EGetPublicKey,
+		EOpenSigner,
+		ESign
+		};
+
+private:
+	/** Private constructor that initializes essential member variables. */
+	CPKCS10Request(const CX500DistinguishedName* aDN,
+				   const CCTKeyInfo* aKeyInfo,
+				   CPKCS10Attributes* aAttr);
+
+	// Methods making ASN.1 encoding objects
+
+	/**	
+	 * Performs the actual ASN.1 encoding of the request without signing it.
+	 * certRequestInfo is what gets signed with private key.
+	 * @return Pointer to a newly allocated CASN1EncSequence object.
+	 */
+	CASN1EncSequence* MakeCertRequestInfoEncLC();
+
+	/**
+	 * Encodes desired certificate attributes into ASN1. Takes whatever 
+	 * attributes are in the iAttributes and adds them below a 
+	 * sequence. If there are no attributes stored, leaves the set empty.
+	 * 
+	 * The structure of the attribute node is as follows:
+	 * @code
+     * Context-specific[0]
+     *    SEQUENCE-OF
+     *      OID of the organization
+     *      SET-OF
+     *        SEQUENCE-OF (stored in iAttributes)
+     *          SEQUENCE-OF
+     *            OID of attribute
+     *            OCTET STRING value
+     *          SEQUENCE-OF
+     *            OID of attribute
+     *            OCTET STRING value
+     *          ...
+	 * @endcode
+	 * @return Pointer to a newly allocated encoding object containing 
+	 *     desired certificate attributes.
+	 */
+	CASN1EncBase* MakeAttrEncLC();
+
+	/**
+	 * Generates data to be signed.
+	 */
+	void EncodeTBSDataL();
+
+	void CreateFinalEncodingL();
+
+	void Reset();
+
+private:
+	const CX500DistinguishedName*	iDN;
+	const CCTKeyInfo* 				iKeyInfo;
+	CPKCS10Attributes*				iAttributes;
+	TAlgorithmId					iDigestId;
+	TRequestStatus*					iClientStatus;
+	TState 							iState;
+	HBufC8**						iResult;
+	MCTKeyStore*					iKeyStore;
+	CPKCS10KeyHelper*				iKeyHelper;
+	HBufC8*							iExportedKey;
+	HBufC8*							iTBSData;
+	};
+
+#endif
MCL/sf/os/security