--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptoservices/certificateandkeymgmt/inc/x509certchain.h Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,191 @@
+/*
+* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* X509 certificate chain and the validation status implementations
+*
+*/
+
+
+
+
+/**
+ @file
+ @publishedAll
+ @released
+*/
+
+#ifndef __X509CERTCHAIN_H__
+#define __X509CERTCHAIN_H__
+
+#include <e32std.h>
+#include <x509cert.h>
+#include <ct.h>
+
+class TValidationStatus
+/** The validation status.
+*
+* Some errors cannot be blamed on any single certificate, in which case the
+* iCert value is meaningless. The same structure is used for errors and for
+* warnings.
+*
+* @publishedAll
+* @released
+* @since v6.0 */
+ {
+public:
+ /** Creates a validation status object.
+ *
+ * @param aError The error type that occurred when validating the certificate chain.
+ * @param aCert The index number identifying the certificate that gave rise to
+ * the error. */
+ IMPORT_C TValidationStatus(const TValidationError aError, const TInt aCert);
+
+ /** The reason for the error. */
+ TValidationError iReason;
+
+ /** The index number identifying the certificate that gave rise to the error. */
+ TInt iCert;
+ };
+
+class CX509CertChain : public CBase
+/** Abstract base class for X.509 certificate chain validation;
+* derive from this to suit your profile.
+*
+* @publishedAll
+* @released
+* @since v6.0 */
+ {
+public:
+ /** Gets the number of certificates in the chain.
+ *
+ * @return The number of certificates in the chain. */
+ IMPORT_C TInt Count() const;
+
+ /** Gets the certificate identified by the specified index.
+ * Note that Cert(Count()) corresponds to the root (if any)
+ * whilst Cert(0) corresponds to the outmost certificate in the chain.
+ *
+ * @param aIndex The ordinal number representing the position of the certificate
+ * within the chain.
+ * @return The X.509 certificate at the specified index. */
+ IMPORT_C const CX509Certificate& Cert(TInt aIndex) const;
+
+ /** Decodes the individual elements of the signed data to construct the certificates.
+ *
+ * @param aBinaryData The encoded binary representation.
+ * @return The certificate objects. */
+ IMPORT_C CArrayPtrFlat<CX509Certificate>* CX509CertChain::DecodeCertsL(const TDesC8& aBinaryData);
+
+ /** Destructor.
+ *
+ * Frees all resources owned by the object, prior to its destruction. */
+ IMPORT_C ~CX509CertChain();
+
+ /** Tests whether the specified X.509 certificate chain is equal to this X.509
+ * certificate chain.
+ *
+ * @param aOther The X.509 certificate chain to be compared.
+ * @return ETrue, if the certificate chains are equal;EFalse, otherwise. */
+ IMPORT_C TBool IsEqualL(const CX509CertChain& aOther) const;
+protected:
+ //certificate chain
+ CArrayPtrFlat<CX509Certificate>* iChain;
+private:
+ static void CleanupCertArray(TAny* aArray);
+ };
+
+class CCertificateValidationWarnings : public CBase
+ /** Encapsulates the critical extensions encountered and any warnings found
+ * for a particular certificate in the chain during the process of validation.
+ *
+ * @publishedAll
+ * @released
+ * @since v9.5 */
+ {
+ public:
+ /** Creates an instance of CCertificateValidationWarnings.
+ *
+ * @param aIndex The index of aCert in the certificate chain.
+ * @return A pointer to the new CCertificateWarning object. */
+ IMPORT_C static CCertificateValidationWarnings* NewL(TInt aIndex);
+
+ /** Creates an instance of CCertificateValidationWarnings.
+ *
+ * @param aIndex The index of aCert in the certificate chain.
+ * @return A pointer to the new CCertificateWarning object. */
+ IMPORT_C static CCertificateValidationWarnings* NewLC(TInt aIndex);
+
+ /** Gets a list of critical extension OIDs found in the certificate.
+ *
+ * @return An array of critical extensions found. */
+ IMPORT_C const RPointerArray<TDesC>& CriticalExtensionsFound() const;
+
+ /** Gets a list of warnings generated by the certificate.
+ *
+ * @return An array of warnings generated. */
+ IMPORT_C const RArray<TValidationStatus>& Warnings() const;
+
+ /** Gets the index of the certificate in the chain.
+ *
+ * @return The certificate index number. */
+ IMPORT_C TInt CertIndex() const;
+
+ /** Externalises an object of this class to a write stream.
+ *
+ * The presence of this function means that the standard templated operator<<()
+ * can be used to externalise objects of this class.
+ *
+ * @param aStream Stream to which the object should be externalised. */
+ IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
+
+ /** Internalises an object of this class from a read stream.
+ *
+ * The presence of this function means that the standard templated operator>>()
+ * can be used to internalise objects of this class.
+ *
+ * Note that this function has assignment semantics: it replaces the old value
+ * of the object with a new value read from the read stream.
+ *
+ * @param aStream Stream from which the object should be internalised.
+ * @return A pointer to the new CCertificateWarning object. */
+ IMPORT_C static CCertificateValidationWarnings* InternalizeL(RReadStream& aStream);
+
+ /** The destructor.
+ *
+ * Frees all resources owned by the object. */
+ IMPORT_C ~CCertificateValidationWarnings();
+
+ public:
+ /** Adds a warning.
+ *
+ * @internalComponent
+ * @released */
+ IMPORT_C void AppendWarningL(TValidationStatus aWarning);
+
+ /** Adds a critical extension OID warning.
+ *
+ * @internalComponent
+ * @released */
+ IMPORT_C void AppendCriticalExtensionWarningL(TDesC& aCriticalExt);
+
+ private:
+ CCertificateValidationWarnings(TInt aIndex);
+
+ private:
+ TInt iCertIndex;
+ RPointerArray<TDesC> iCriticalExtsFound;
+ RArray<TValidationStatus> iWarnings;
+ };
+
+#endif