diff -r 675a964f4eb5 -r 35751d3474b7 cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h --- a/cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h Tue Jul 21 01:04:32 2009 +0100 +++ b/cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h Thu Sep 10 14:01:51 2009 +0300 @@ -1,612 +1,610 @@ -/* -* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). -* All rights reserved. -* This component and the accompanying materials are made available -* under the terms of the License "Eclipse Public License v1.0" -* which accompanies this distribution, and is available -* at the URL "http://www.eclipse.org/legal/epl-v10.html". -* -* Initial Contributors: -* Nokia Corporation - initial contribution. -* -* Contributors: -* -* Description: -* -*/ - - - - -/** - @file - @publishedPartner - @released -*/ - -#ifndef CMSSIGNEDOBJECT_H -#define CMSSIGNEDOBJECT_H - -#include -#include -#include - -class CCmsSignerInfo; -class CDSAPrivateKey; -class CRSAPrivateKey; -class CCmsSignerIdentifier; -class CCmsContentInfo; -class CEncapsulatedContentInfo; -class CX509Certificate; -class CX509AlgorithmIdentifier; -class CCmsCertificateChoice; -class CASN1EncSequence; -class CASN1EncBase; - -const TInt KCmsMaxSignedDataElements = 6; -/** - A representation of a RFC2630 (signed data) entity. - */ -class CCmsSignedObject : public CSignedObject - { -public: - - /** - Index of CMS object fields. - */ - enum - { - /** - Index of version field - */ - EVersionNumber = 0, - - /** - Index of digest algorithm set field - */ - EDigestAlgorithms = 1, - - /** - Index of encapsulated content info field - */ - EEncapsulatedContentInfo = 2, - - /** - Index of certificate set field - */ - ECertificates = 3, - - /** - Index of revocation list field - */ - ERevocationLists = 4, - - /** - Index of signer info set field - */ - ESignedInfo = 5 - }; - - /** - Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by - this API contains no signer info. SignL() method can be called to add more signer info. - @param aType The type of the encapsulated content. - @param aIsDetached A boolean indicating whether the encapsulated data is detached. - @param aContentData The encapsulated data. - If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave - with KErrArgument. - If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash - value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, - TBool aIsDetached, - const TDesC8& aContentData); - - /** - Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack. - this API contains no signer info. SignL() method can be called to add more signer info. - @param aType The type of the encapsulated content. - @param aIsDetached A boolean indicating whether the encapsulated data is detached. - @param aContentData The encapsulated data. - If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave - with KErrArgument. - If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash - value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, - TBool aIsDetached, - const TDesC8& aContentData); - - /** - Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data - as no data content is provided. The CMS signed data created by this API contains one signer info. - SignL() method can be called to add more signer info. - @param aType Encapsulated Content data type. - @param aHashValue The hash value of the data content to be signed. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey The DSA private key used to sign. - @param aCert The signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CDSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. - This API only creates detached signed data as no data content is provided. The CMS signed data - created by this API contains one signer info. SignL() method can be called to add more signer info. - @param aType Encapsulated Content data type. - @param aHashValue The hash value of the data content to be signed. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey The DSA private key used to sign. - @param aCert The signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CDSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data - as no data content is provided. The CMS signed data created by this API contains one signer info. - SignL() method can be called to add more signer info. - @param aType Encapsulated Content data type. - @param aHashValue The hash value of the data content to be signed. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey The RSA private key used to sign. - @param aCert aCert The signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CRSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. - This API only creates detached signed data as no data content is provided. The CMS signed data - created by this API contains one signer info. SignL() method can be called to add more signer info. - @param aType Encapsulated Content data type. - @param aHashValue The hash value of the data content to be signed. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey The RSA private key used to sign. - @param aCert The signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CRSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Creates a CMS signed data object as defined in RFC2630. - @param aContentInfo The CMS content info that contains the encoded signed object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo); - - /** - Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack. - @param aContentInfo The CMS content info that contains the encoded signed object. - @return The fully constructed object. - */ - IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo); - - - /** - Creates one signature and adds it to the Signer info list. The signing certificate - is added to the certificate list if the last boolean parameter aAddCertificate is true and - it does not exist in the list. The digest algorithm is added to the digest algorithm list if it - does not exist in the list. Calling this API multiple times will create multiple signatures. - @param aHashValue The hash value to be signed. If this is an empty string, - the content data to be signed must have been passed in via - NewL method and hash value will be calculated by the implementation - of this method. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey the DSA private key used to sign. - @param aCert the signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @leave KErrArgument if no hash nor data content is provided. - */ - IMPORT_C void SignL(const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CDSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - - /** - Creates one signature and adds it to the Signer info list. The signing certificate - is added to the certificate list if the last boolean parameter aAddCertificate is true and - it does not exist in the list. The digest algorithm is added to the digest algorithm list if it - does not exist in the list. Calling this API multiple times will create multiple signatures. - @param aHashValue The hash value to be signed. If this is an empty string, - the content data to be signed must have been passed in via - NewL method and hash value will be calculated by the implementation - of this method. - @param aDigestAlgorithm The digest algorithm used to create the hash. - @param aKey the RSA private key used to sign. - @param aCert the signer's certificate. - @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. - @leave KErrArgument if no hash nor data content is provided. - */ - IMPORT_C void SignL(const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CRSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Destructor - */ - IMPORT_C ~CCmsSignedObject(); - - /* - virtual from signedobject class - */ - IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const; - IMPORT_C virtual void InternalizeL(RReadStream& aStream) ; - IMPORT_C virtual const TPtrC8 SignedDataL() const; - - /** - Returns whether the certificate list exists. - @return Boolean indicating whether the certificate list exists. - */ - IMPORT_C TBool IsCertificateSetPresent() const; - - /** - Returns whether the certificate revocation list exists. - @return Boolean indicating whether the certificate Revocation list exists. - */ - IMPORT_C TBool IsCertificateRevocationListsPresent() const; - - /** - Returns the version of this CMS signed object. - @return The version of this CMS signed object. - */ - IMPORT_C TInt Version() const; - - /** - Returns the employed algorithm list. - @return The employed algorithm list reference. - */ - IMPORT_C const RPointerArray& DigestAlgorithms() const; - - /** - Returns the certificates list. - @return The certificates list reference. - */ - IMPORT_C const RPointerArray& Certificates() const; - - /** - Returns the encapsulated content info of this signed object. - @return The encapsulated content info reference. - */ - IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const; - - - /** - Retrieves the list of SignerInfo objects. - @return The signer info list reference. - */ - IMPORT_C const RPointerArray& SignerInfo() const; - - - /** - Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack. - @return ASN1 sequence of this object. - */ - IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const; - - /** - Appends the X509 certificate to the certificate list. - @param aCert The X509 certificate to be appended. - */ - IMPORT_C void AddCertificateL(const CX509Certificate& aCert); - - - /** - Appends an encoded attribute certificate to the certificate list. - @param aCert The encoded certificate to be appended. - @param aType The type of the encoded certificate.. - */ - IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType); - - /** - Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. - @param aSignerInfo The signer to be validated. - @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. - @leave KErrNotFound There is no matching certificate. - @return Boolean that identifies whether the signer can be validated. - */ - IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding); - - /** - Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. - @param aSignerInfo The signer to be validated. - @param aCertificates The certificate list provided by the user to validate the signature. - @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. - @return Boolean that identifies whether the signer can be validated. - @leave KErrNotFound There is no matching certificate. - */ - IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray& aCertificates, HBufC8*& aCertChainEncoding); - - - - /** - Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. - @param aSignerInfo The signer to be validated. - @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. - @param aIsHash The flag represent if the next parameter is the hash of the data content. - @param aContentDataOrHash the descriptor that contains the data content or its hash - @leave KErrNotFound There is no matching certificate. - @return Boolean that identifies whether the signer can be validated. - */ - IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); - - /** - Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. - @param aSignerInfo The signer to be validated. - @param aCertificates The certificate list provided by the user to validate the signature. - @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. - @param aIsHash The flag represent if the next parameter is the hash of the data content. - @param aContentDataOrHash the descriptor that contains the data content or its hash - @return Boolean that identifies whether the signer can be validated. - @leave KErrNotFound There is no matching certificate. - */ - IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); - - -private: - /** - Constructor - */ - CCmsSignedObject(); - - -private: - /** - Second phase constructor for decoding a CMS signed data object - @param aContentInfo the content info which contains the CMS signed data. - */ - void ConstructL(const CCmsContentInfo& aContentInfo); - - /** - Second phase constructor for constructing a CMS signed data object from data content. - @param aType the encapsulated content info type. - @param aIsDetached if the CMS signed data does not contains the data content being signed. - @param aContentData the content data descriptor. - */ - void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData); - - /** - Second phase constructor for constructing a CMS signed data object from data content hash - @param aType the encapsulated content info type. - @param aHashValue the hash of the data content to create the signature. - @param aDigestAlgorithm the digest algorithm. - @param aKey the DSA private to create signature. - @param aCert the signer's certficate - @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. - */ - void ConstructL(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CDSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - /** - Second phase constructor for constructing a CMS signed data object from data content hash - @param aType the encapsulated content info type. - @param aHashValue the hash of the data content to create the signature. - @param aDigestAlgorithm the digest algorithm. - @param aKey the RSA private to create signature. - @param aCert the signer's certficate - @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. - */ - void ConstructL(TCmsContentInfoType aType, - const TDesC8& aHashValue, - TAlgorithmId aDigestAlgorithm, - const CRSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - /** - Append the algorithm to the algoritm list - @param aDigestAlgorithm the algorithm ID. - */ - void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm); - - /** - Build the signer's identifier from the signer's certificate. If the signer's certificate - contains the subject identifier extension, the signer identifier is subject id extension. - otherwise, the signer identifier is isuuer name and serial number. - @param aCert the signer's certificate. - @return a CMS signer identifier instance pointer - */ - CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert); - - /** - Build the signer list, algorithm list and certificate list in the CMS signer data. - @param aDigestAlgorithm the digest algorithm identifier. - @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data - @param aValue the data content or its hash. - @param aKey the DSA private used to sign. - @param aCert the signer's certificate - @param aAddCertificate the flag to represent if the certificate is added to the certificate set - */ - void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, - TBool aIsHash, - const TDesC8& aValue, - const CDSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - - /** - Build the signer list, algorithm list and certificate list in the CMS signer data. - @param aDigestAlgorithm the digest algorithm identifier. - @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data - @param aValue the data content or its hash. - @param aKey the RSA private used to sign. - @param aCert the signer's certificate - @param aAddCertificate the flag to represent if the certificate is added to the certificate set - */ - void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, - TBool aIsHash, - const TDesC8& aValue, - const CRSAPrivateKey& aKey, - const CX509Certificate& aCert, - TBool aAddCertificate); - /** - Initialise the signed data base class members for the validation process. - @param aRawData the raw data of the CMS signed data. - */ - void InitSignedObjectL(const TDesC8& aRawData); - - - /** - Decode the CMS Signer data. - @param aRawData the raw data of the CMS signed data. - */ - void DecodeSignedDataL(const TDesC8& aRawData); - - /** - Decode the digest algorithm set. - @param the raw data of the algorithm list. - */ - void DecodeDigestAlgorithmsL(const TDesC8& aRawData); - - /** - Decode the encapsulated content info - @param the raw data of the encapsulated content info. - */ - void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData); - - /** - Decode the certificate set. - @param the raw data of the certificate list - */ - void DecodeCertificatesL(const TDesC8& aRawData); - - /** - Decode the certificate revocation set. Not implemented now! - @param the raw data of the certificate revocation list. - */ - void DecodeRevocationListsL(const TDesC8& aRawData); - - /** - Decode the signer info set. - @param the raw data of the certificate revocation list. - */ - void DecodeSignerInfoL(const TDesC8& aRawData); - - /** - Encode the certificate set - @return the encoding of the certificate set - */ - CASN1EncBase* EncodeCertificatesLC() const; - - /** - Encode the algorithm set - @return the encoding of the digest algorithm set - */ - CASN1EncBase* EncodeAlgorithmsLC() const; - - /** - Encode the signer info set - @return the encoding of the certificate set - */ - CASN1EncBase* EncodeSignerInfoLC() const; - - /** - Validate the signature by the given certificate. - @param aSignerInfo the signer info reference contains the signature - @param aEndEntityCert the certificate used to create the signature. - @return if the signature can be validated - */ - TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert); - - /** - This function is called when validating a detached CMS signed object. - It sets the data content being signed so that the signed data can be validated. - @param aContentData The data content being signed. - */ - void SetContentData(const TDesC8& aContentData); - - /** - This function is called when validating a detached CMS signed object. - It sets the hash being signed so that the signed data can be validated. - @param aHash The hash being signed. - */ - void SetHash(const TDesC8& aHash); - - -private: - /** - Reprents if the certificate set is present - */ - TBool iIsCertificateSetPresent; - - /** - Reprents if the certificate revocationlisy is present - */ - TBool iIsCertificateRevocationListsPresent; - - /** - Version of the Signed object - */ - TInt iVersion; - - /** - Algorithm Set - */ - RPointerArray iDigestAlgorithms; - - /** - Encapsulated Content List - */ - CEncapsulatedContentInfo* iContentInfo; - - /** - Certificate Set - */ - RPointerArray iCertificates; - - /** - Signer Info Set - */ - RPointerArray iSignerInfo; - - /** - Array of Encoded fields - */ - TFixedArray iDataElements; - - /** - The data content being signed - */ - TPtrC8 iContentData; - - /** - The Hash being signed - */ - TPtrC8 iHash; - }; - - -#endif //CMSSIGNEDOBJECT_H +/* +* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + +/** + @file + @publishedPartner + @released +*/ + +#ifndef CMSSIGNEDOBJECT_H +#define CMSSIGNEDOBJECT_H + +#include +#include +#include + +class CCmsSignerInfo; +class CDSAPrivateKey; +class CRSAPrivateKey; +class CCmsSignerIdentifier; +class CCmsContentInfo; +class CEncapsulatedContentInfo; +class CX509Certificate; +class CX509AlgorithmIdentifier; +class CCmsCertificateChoice; +class CASN1EncSequence; +class CASN1EncBase; + +const TInt KCmsMaxSignedDataElements = 6; +/** + A representation of a RFC2630 (signed data) entity. + */ +class CCmsSignedObject : public CSignedObject + { +public: + + /** + Index of CMS object fields. + */ + enum + { + /** + Index of version field + */ + EVersionNumber = 0, + + /** + Index of digest algorithm set field + */ + EDigestAlgorithms = 1, + + /** + Index of encapsulated content info field + */ + EEncapsulatedContentInfo = 2, + + /** + Index of certificate set field + */ + ECertificates = 3, + + /** + Index of revocation list field + */ + ERevocationLists = 4, + + /** + Index of signer info set field + */ + ESignedInfo = 5 + }; + + /** + Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by + this API contains no signer info. SignL() method can be called to add more signer info. + @param aType The type of the encapsulated content. + @param aIsDetached A boolean indicating whether the encapsulated data is detached. + @param aContentData The encapsulated data. + If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave + with KErrArgument. + If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash + value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, + TBool aIsDetached, + const TDesC8& aContentData); + + /** + Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack. + this API contains no signer info. SignL() method can be called to add more signer info. + @param aType The type of the encapsulated content. + @param aIsDetached A boolean indicating whether the encapsulated data is detached. + @param aContentData The encapsulated data. + If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave + with KErrArgument. + If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash + value when later calling SignL(). Otherwise SignL() leaves with KErrArguement. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, + TBool aIsDetached, + const TDesC8& aContentData); + + /** + Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data + as no data content is provided. The CMS signed data created by this API contains one signer info. + SignL() method can be called to add more signer info. + @param aType Encapsulated Content data type. + @param aHashValue The hash value of the data content to be signed. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey The DSA private key used to sign. + @param aCert The signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CDSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. + This API only creates detached signed data as no data content is provided. The CMS signed data + created by this API contains one signer info. SignL() method can be called to add more signer info. + @param aType Encapsulated Content data type. + @param aHashValue The hash value of the data content to be signed. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey The DSA private key used to sign. + @param aCert The signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CDSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data + as no data content is provided. The CMS signed data created by this API contains one signer info. + SignL() method can be called to add more signer info. + @param aType Encapsulated Content data type. + @param aHashValue The hash value of the data content to be signed. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey The RSA private key used to sign. + @param aCert aCert The signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CRSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack. + This API only creates detached signed data as no data content is provided. The CMS signed data + created by this API contains one signer info. SignL() method can be called to add more signer info. + @param aType Encapsulated Content data type. + @param aHashValue The hash value of the data content to be signed. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey The RSA private key used to sign. + @param aCert The signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CRSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Creates a CMS signed data object as defined in RFC2630. + @param aContentInfo The CMS content info that contains the encoded signed object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo); + + /** + Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack. + @param aContentInfo The CMS content info that contains the encoded signed object. + @return The fully constructed object. + */ + IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo); + + + /** + Creates one signature and adds it to the Signer info list. The signing certificate + is added to the certificate list if the last boolean parameter aAddCertificate is true and + it does not exist in the list. The digest algorithm is added to the digest algorithm list if it + does not exist in the list. Calling this API multiple times will create multiple signatures. + @param aHashValue The hash value to be signed. If this is an empty string, + the content data to be signed must have been passed in via + NewL method and hash value will be calculated by the implementation + of this method. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey the DSA private key used to sign. + @param aCert the signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @leave KErrArgument if no hash nor data content is provided. + */ + IMPORT_C void SignL(const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CDSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + + /** + Creates one signature and adds it to the Signer info list. The signing certificate + is added to the certificate list if the last boolean parameter aAddCertificate is true and + it does not exist in the list. The digest algorithm is added to the digest algorithm list if it + does not exist in the list. Calling this API multiple times will create multiple signatures. + @param aHashValue The hash value to be signed. If this is an empty string, + the content data to be signed must have been passed in via + NewL method and hash value will be calculated by the implementation + of this method. + @param aDigestAlgorithm The digest algorithm used to create the hash. + @param aKey the RSA private key used to sign. + @param aCert the signer's certificate. + @param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object. + @leave KErrArgument if no hash nor data content is provided. + */ + IMPORT_C void SignL(const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CRSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Destructor + */ + IMPORT_C ~CCmsSignedObject(); + + /* + virtual from signedobject class + */ + IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const; + IMPORT_C virtual void InternalizeL(RReadStream& aStream) ; + IMPORT_C virtual const TPtrC8 SignedDataL() const; + + /** + Returns whether the certificate list exists. + @return Boolean indicating whether the certificate list exists. + */ + IMPORT_C TBool IsCertificateSetPresent() const; + + /** + Returns whether the certificate revocation list exists. + @return Boolean indicating whether the certificate Revocation list exists. + */ + IMPORT_C TBool IsCertificateRevocationListsPresent() const; + + /** + Returns the version of this CMS signed object. + @return The version of this CMS signed object. + */ + IMPORT_C TInt Version() const; + + /** + Returns the employed algorithm list. + @return The employed algorithm list reference. + */ + IMPORT_C const RPointerArray& DigestAlgorithms() const; + + /** + Returns the certificates list. + @return The certificates list reference. + */ + IMPORT_C const RPointerArray& Certificates() const; + + /** + Returns the encapsulated content info of this signed object. + @return The encapsulated content info reference. + */ + IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const; + + + /** + Retrieves the list of SignerInfo objects. + @return The signer info list reference. + */ + IMPORT_C const RPointerArray& SignerInfo() const; + + + /** + Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack. + @return ASN1 sequence of this object. + */ + IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const; + + /** + Appends the X509 certificate to the certificate list. + @param aCert The X509 certificate to be appended. + */ + IMPORT_C void AddCertificateL(const CX509Certificate& aCert); + + + /** + Appends an encoded attribute certificate to the certificate list. + @param aCert The encoded certificate to be appended. + @param aType The type of the encoded certificate.. + */ + IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType); + + /** + Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. + @param aSignerInfo The signer to be validated. + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. + @leave KErrNotFound There is no matching certificate. + @return Boolean that identifies whether the signer can be validated. + */ + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding); + + /** + Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature. + @param aSignerInfo The signer to be validated. + @param aCertificates The certificate list provided by the user to validate the signature. + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. + @return Boolean that identifies whether the signer can be validated. + @leave KErrNotFound There is no matching certificate. + */ + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray& aCertificates, HBufC8*& aCertChainEncoding); + + + + /** + Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. + @param aSignerInfo The signer to be validated. + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. + @param aIsHash The flag represent if the next parameter is the hash of the data content. + @param aContentDataOrHash the descriptor that contains the data content or its hash + @leave KErrNotFound There is no matching certificate. + @return Boolean that identifies whether the signer can be validated. + */ + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); + + /** + Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature. + @param aSignerInfo The signer to be validated. + @param aCertificates The certificate list provided by the user to validate the signature. + @param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function. + @param aIsHash The flag represent if the next parameter is the hash of the data content. + @param aContentDataOrHash the descriptor that contains the data content or its hash + @return Boolean that identifies whether the signer can be validated. + @leave KErrNotFound There is no matching certificate. + */ + IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash); + + +private: + /** + Constructor + */ + CCmsSignedObject(); + + +private: + /** + Second phase constructor for decoding a CMS signed data object + @param aContentInfo the content info which contains the CMS signed data. + */ + void ConstructL(const CCmsContentInfo& aContentInfo); + + /** + Second phase constructor for constructing a CMS signed data object from data content. + @param aType the encapsulated content info type. + @param aIsDetached if the CMS signed data does not contains the data content being signed. + @param aContentData the content data descriptor. + */ + void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData); + + /** + Second phase constructor for constructing a CMS signed data object from data content hash + @param aType the encapsulated content info type. + @param aHashValue the hash of the data content to create the signature. + @param aDigestAlgorithm the digest algorithm. + @param aKey the DSA private to create signature. + @param aCert the signer's certficate + @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. + */ + void ConstructL(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CDSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + /** + Second phase constructor for constructing a CMS signed data object from data content hash + @param aType the encapsulated content info type. + @param aHashValue the hash of the data content to create the signature. + @param aDigestAlgorithm the digest algorithm. + @param aKey the RSA private to create signature. + @param aCert the signer's certficate + @param aAddCertificate a flag to represent if the signer's certificate is added to certificate set. + */ + void ConstructL(TCmsContentInfoType aType, + const TDesC8& aHashValue, + TAlgorithmId aDigestAlgorithm, + const CRSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + /** + Append the algorithm to the algoritm list + @param aDigestAlgorithm the algorithm ID. + */ + void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm); + + /** + Build the signer's identifier from the signer's certificate. If the signer's certificate + contains the subject identifier extension, the signer identifier is subject id extension. + otherwise, the signer identifier is isuuer name and serial number. + @param aCert the signer's certificate. + @return a CMS signer identifier instance pointer + */ + CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert); + + /** + Build the signer list, algorithm list and certificate list in the CMS signer data. + @param aDigestAlgorithm the digest algorithm identifier. + @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data + @param aValue the data content or its hash. + @param aKey the DSA private used to sign. + @param aCert the signer's certificate + @param aAddCertificate the flag to represent if the certificate is added to the certificate set + */ + void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, + TBool aIsHash, + const TDesC8& aValue, + const CDSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + + /** + Build the signer list, algorithm list and certificate list in the CMS signer data. + @param aDigestAlgorithm the digest algorithm identifier. + @param aIsHash A flag the represent if the next descriptor is the hash value rather that original data + @param aValue the data content or its hash. + @param aKey the RSA private used to sign. + @param aCert the signer's certificate + @param aAddCertificate the flag to represent if the certificate is added to the certificate set + */ + void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm, + TBool aIsHash, + const TDesC8& aValue, + const CRSAPrivateKey& aKey, + const CX509Certificate& aCert, + TBool aAddCertificate); + /** + Initialise the signed data base class members for the validation process. + @param aRawData the raw data of the CMS signed data. + */ + void InitSignedObjectL(const TDesC8& aRawData); + + + /** + Decode the CMS Signer data. + @param aRawData the raw data of the CMS signed data. + */ + void DecodeSignedDataL(const TDesC8& aRawData); + + /** + Decode the digest algorithm set. + @param the raw data of the algorithm list. + */ + void DecodeDigestAlgorithmsL(const TDesC8& aRawData); + + /** + Decode the encapsulated content info + @param the raw data of the encapsulated content info. + */ + void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData); + + /** + Decode the certificate set. + @param the raw data of the certificate list + */ + void DecodeCertificatesL(const TDesC8& aRawData); + + /** + Decode the certificate revocation set. Not implemented now! + @param the raw data of the certificate revocation list. + */ + void DecodeRevocationListsL(const TDesC8& aRawData); + + /** + Decode the signer info set. + @param the raw data of the certificate revocation list. + */ + void DecodeSignerInfoL(const TDesC8& aRawData); + + /** + Encode the certificate set + @return the encoding of the certificate set + */ + CASN1EncBase* EncodeCertificatesLC() const; + + /** + Encode the algorithm set + @return the encoding of the digest algorithm set + */ + CASN1EncBase* EncodeAlgorithmsLC() const; + + /** + Encode the signer info set + @return the encoding of the certificate set + */ + CASN1EncBase* EncodeSignerInfoLC() const; + + /** + Validate the signature by the given certificate. + @param aSignerInfo the signer info reference contains the signature + @param aEndEntityCert the certificate used to create the signature. + @return if the signature can be validated + */ + TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert); + + /** + This function is called when validating a detached CMS signed object. + It sets the data content being signed so that the signed data can be validated. + @param aContentData The data content being signed. + */ + void SetContentData(const TDesC8& aContentData); + + /** + This function is called when validating a detached CMS signed object. + It sets the hash being signed so that the signed data can be validated. + @param aHash The hash being signed. + */ + void SetHash(const TDesC8& aHash); + + +private: + /** + Reprents if the certificate set is present + */ + TBool iIsCertificateSetPresent; + + /** + Reprents if the certificate revocationlisy is present + */ + TBool iIsCertificateRevocationListsPresent; + + /** + Version of the Signed object + */ + TInt iVersion; + + /** + Algorithm Set + */ + RPointerArray iDigestAlgorithms; + + /** + Encapsulated Content List + */ + CEncapsulatedContentInfo* iContentInfo; + + /** + Certificate Set + */ + RPointerArray iCertificates; + + /** + Signer Info Set + */ + RPointerArray iSignerInfo; + + /** + Array of Encoded fields + */ + TFixedArray iDataElements; + + /** + The data content being signed + */ + TPtrC8 iContentData; + + /** + The Hash being signed + */ + TPtrC8 iHash; + }; + + +#endif //CMSSIGNEDOBJECT_H