diff -r 000000000000 -r 2c201484c85f cryptoservices/certificateandkeymgmt/inc/pkcs10.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cryptoservices/certificateandkeymgmt/inc/pkcs10.h Wed Jul 08 11:25:26 2009 +0100 @@ -0,0 +1,219 @@ +/* +* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* Declares classes for producing PKCS#10 certificate requests. +* +*/ + + + + +/** + @file + @publishedPartner + @released +*/ + +#ifndef __PKCS10_H__ +#define __PKCS10_H__ + +#include +#include +#include +#include + +class CX500DistinguishedName; +class CASN1EncBase; +class CPKCS10Attributes; +class CPKCS10KeyHelper; +class CMessageDigest; +class TX509KeyEncoder; + +/** + * Class for making PKCS#10 Certificate Request objects. + * + * Keys are specified by a cryptotokens key info object - this means that this + * API can only be used to generate cert requests for keys that are held in a + * keystore on the device. + * + */ +class CPKCS10Request : public CActive + { +public: + /** + * Creates a new PKCS#10 request object. + * + * @param aDN X500 distinguished name of the entity provided by caller. + * Stored in iDN member variable. Ownership is not transferred. + * @param aKeyInfo The key info object of the key to sign the request with. + * Does not take ownership. + * @param aAttr (Optional) The PKCS10 attributes to include in the request. + * Takes ownership. + * @return A pointer to the newly allocated object. + */ + IMPORT_C static CPKCS10Request* NewL(const CX500DistinguishedName& aDN, + const CCTKeyInfo& aKeyInfo, + CPKCS10Attributes* aAttr = NULL); + + /** + * Creates a new PKCS#10 request object. + * + * @param aDN X500 distinguished name of the entity provided by caller. + * Stored in iDN member variable. Ownership is not transferred. + * @param aKeyInfo The key info object of the key to sign the request with. + * Does not take ownership. + * @param aAttr (Optional) The PKCS10 attributes to include in the request. + * Takes ownership. + * @return A pointer to the newly allocated object that is left on the + * cleanup stack. + */ + IMPORT_C static CPKCS10Request* NewLC(const CX500DistinguishedName& aDN, + const CCTKeyInfo& aKeyInfo, + CPKCS10Attributes* aAttr = NULL); + + /** + * Destructs PKCS#10 object, deletes encoding buffer and attributes. + */ + IMPORT_C virtual ~CPKCS10Request(); + +public: + + /** + * Set the attributes to be encoded in the request. It replaces existing + * attributes, if any. + * @param aAttr The attributes - this object takes ownership. + */ + IMPORT_C void SetAttributes(CPKCS10Attributes* aAttr); + + /** + * Set the digest algorithm to use when signing the request. If this method + * is not called, the default SHA-1 is used. + * + * @param aDigest For RSA keys, one of EMD2, EMD5 or ESHA1. + * For DSA keys, ESHA1 is the only permitted value. + * @leave KErrArgument if the specified algorithm is not supported. + */ + IMPORT_C void SetDigestAlgL(TAlgorithmId aDigest); + + /** + * Set the distinguished name of the entity. It replaces existing + * name, if any. + * @param aDN X500 distinguished name of the entity provided by caller. + * Stored in iDN member variable. Ownership is not transferred. + */ + IMPORT_C void SetDistinguishedNameL(const CX500DistinguishedName& aDN); + + /** + * Set the information of the key to sign with. It replaces existing + * key info, if any. + * @param aKeyInfo The key info object of the key to sign the request with. + * Does not take ownership. + */ + IMPORT_C void SetKeyInfoL(const CCTKeyInfo& aKeyInfo); + + /** + * Create the ASN.1 DER encoding of the certificate request. This is an + * asynchronous method. The Cancel() method can be called to cancel an + * outstanding request. This method can be called repeatedly to create + * certificate requests after setting the various parameters. However an + * outstanding request must complete or be cancelled before calling this + * method again. + * + * + * @param aResult On successful completion, this points to a newly + * allocated buffer containing the encoded certificate request. + * @param aStatus Asynchronous status notification + */ + IMPORT_C void CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus); + +private: + + virtual void RunL(); + virtual TInt RunError(TInt aErr); + virtual void DoCancel(); + + enum TState + { + EIdle, + EInitialize, + EGetKeyStore, + EGetPublicKey, + EOpenSigner, + ESign + }; + +private: + /** Private constructor that initializes essential member variables. */ + CPKCS10Request(const CX500DistinguishedName* aDN, + const CCTKeyInfo* aKeyInfo, + CPKCS10Attributes* aAttr); + + // Methods making ASN.1 encoding objects + + /** + * Performs the actual ASN.1 encoding of the request without signing it. + * certRequestInfo is what gets signed with private key. + * @return Pointer to a newly allocated CASN1EncSequence object. + */ + CASN1EncSequence* MakeCertRequestInfoEncLC(); + + /** + * Encodes desired certificate attributes into ASN1. Takes whatever + * attributes are in the iAttributes and adds them below a + * sequence. If there are no attributes stored, leaves the set empty. + * + * The structure of the attribute node is as follows: + * @code + * Context-specific[0] + * SEQUENCE-OF + * OID of the organization + * SET-OF + * SEQUENCE-OF (stored in iAttributes) + * SEQUENCE-OF + * OID of attribute + * OCTET STRING value + * SEQUENCE-OF + * OID of attribute + * OCTET STRING value + * ... + * @endcode + * @return Pointer to a newly allocated encoding object containing + * desired certificate attributes. + */ + CASN1EncBase* MakeAttrEncLC(); + + /** + * Generates data to be signed. + */ + void EncodeTBSDataL(); + + void CreateFinalEncodingL(); + + void Reset(); + +private: + const CX500DistinguishedName* iDN; + const CCTKeyInfo* iKeyInfo; + CPKCS10Attributes* iAttributes; + TAlgorithmId iDigestId; + TRequestStatus* iClientStatus; + TState iState; + HBufC8** iResult; + MCTKeyStore* iKeyStore; + CPKCS10KeyHelper* iKeyHelper; + HBufC8* iExportedKey; + HBufC8* iTBSData; + }; + +#endif