Mercurial Mercurial > oss > MCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/inc/pkcs7signedobject.h
changeset 0 2c201484c85f
child 8 35751d3474b7 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptoservices/certificateandkeymgmt/inc/pkcs7signedobject.h	Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,155 @@
+/*
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+
+
+/**
+ @file
+ @publishedPartner
+ @released
+*/
+
+#ifndef __PKCS7_SIGNED_OBJECT_H__
+#define __PKCS7_SIGNED_OBJECT_H__
+
+#include <signed.h>
+#include <e32base.h>
+
+class CPKCS7ContentInfo;
+class CPKCS7ExtendedCertificateOrCertificate;
+class CPKCS7SignerInfo;
+class TASN1DecGeneric;
+class CX509AlgorithmIdentifier;
+class CX509Certificate;
+
+const TInt KPKCS7MaxDataElements = 6;
+
+/**
+ A representation of a PKCS7 (signed data) entity
+ This class is only used for update notifications and so does not provide
+ full functionality. In particular, there is no means for creating a new 
+ PKCS7 object (other than from binary data),there is no means to modify it 
+ and revokation lists are not supported.  The optional fields in signerinfo
+ are not supported and are ignored.
+ @internalTechnology
+ */
+class CPKCS7SignedObject : public CSignedObject
+	{
+public:
+	/**
+	Values for encoded data element positions in tbsCert data structure.
+	These values are passed as the index to the DataElementEncoding() function
+	Objects containing revokation lists are not supported
+	*/
+	enum
+		{
+		EVersionNumber = 0,	
+		EDigestAlgorithms = 1,
+		EContentInfo = 2,
+		ECertificates = 3,
+		ERevocationLists = 4,
+		ESignedInfo = 5
+		};
+	/**
+	Creates a PKCS7 object from the RFC2315 representation
+	@param aRawData	The binary ASN1 encoded entity
+	@return			The fully constructed object
+	*/
+	IMPORT_C static CPKCS7SignedObject* NewL(const CPKCS7ContentInfo& aContentInfo);
+
+	/**
+	Creates a PKCS7-2 object from the RFC2315 representation
+	@param aRawData	The binary ASN1 encoded entity
+	@return			The fully constructed object
+	*/
+	IMPORT_C static CPKCS7SignedObject* NewLC(const CPKCS7ContentInfo& aContentInfo);
+
+	/** (From CSignedObject) 
+	Accesses one of the encoded fields
+	@param aIndex	One of the data element positions listed in the preceding enum
+	@return			The encoded field
+	*/
+	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
+	/** (From CSignedObject) 
+	Not supported
+	*/
+	IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;
+	/** (From CSignedObject) 
+	Provides access to the signed data (PKCS7-2) part of the PKCS7 object
+	@return			The signed data
+	*/
+	IMPORT_C virtual const TPtrC8 SignedDataL() const;
+	/**
+	Provides access to the digest algorithms
+	@return			The digest algorithms
+	*/
+	IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;
+	/**
+	Provides access to the PKCS7 version number
+	@return			The version number
+	*/
+	IMPORT_C TInt Version() const;
+	/**
+	Provides access to the PKCS7 version number
+	@return			The version number
+	*/
+	IMPORT_C const CPKCS7ContentInfo& ContentInfo() const;
+	/**
+	Provides access to the certificates
+	@return			The certificates
+	*/
+	IMPORT_C const RPointerArray<CPKCS7ExtendedCertificateOrCertificate>& Certificates() const;
+	/**
+	Provides access to the signer information
+	@return			The signer information
+	*/
+	IMPORT_C const RPointerArray<CPKCS7SignerInfo>& SignerInfo() const;
+	/**
+	Validates the signer and creates the certificate chain for that signer
+	@param aSignerInfo			The signer to be validated
+	@param aCertChainEncoding	The certificate chain.  This is created and pushed onto the
+								cleanup stack by the function.
+	*/
+	IMPORT_C TBool ValidateSignerL(const CPKCS7SignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);
+	/** The destructor */
+	IMPORT_C ~CPKCS7SignedObject();
+protected:
+	IMPORT_C CPKCS7SignedObject(void);
+	IMPORT_C void ConstructL(const CPKCS7ContentInfo& aContentInfo);
+
+
+private:
+	CPKCS7SignedObject(const CPKCS7SignedObject&);
+	void InitSignedObjectL(const TDesC8& aRawData);
+	void DecodeSignedDataL(const TDesC8& aRawData);
+	void DecodeDigestAlgorithmsL(const TDesC8& aRawData);
+	void DecodeCertificatesL(const TDesC8& aRawData);
+	void DecodeRevocationListsL(const TDesC8& aRawData);
+	void DecodeSignerInfoL(const TDesC8& aRawData);
+
+	TBool ValidateSignatureL(const CPKCS7SignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);
+protected:
+	RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;
+	TInt iVersion;
+	CPKCS7ContentInfo* iContentInfo;
+	RPointerArray<CPKCS7ExtendedCertificateOrCertificate> iCertificates;
+	RPointerArray<CPKCS7SignerInfo> iSignerInfo;
+	TFixedArray<TPtrC8*, KPKCS7MaxDataElements> iDataElements;
+	};
+
+#endif //__PKCS7_SIGNED_OBJECT_H__
MCL/sf/os/security