diff -r 000000000000 -r 33413c0669b9 vpnengine/ikecert/inc/ikepkiutils.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikecert/inc/ikepkiutils.h	Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,149 @@
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:   static method for certficate handling
+*
+*/
+
+
+
+
+#ifndef IKEPKIUTILS_H
+#define IKEPKIUTILS_H
+
+#include <e32base.h>
+
+class CX509Certificate;
+class TCertPayloadIkev2;
+class CIkeCaList;
+class TCertificateISAKMP;
+class TASN1DecGeneric;
+
+class IkePkiUtils    
+    {
+public:
+
+    /*
+    * Verifies an IKEv2 signature with a public of
+    * specified certificate
+    * 
+    * @param aSignature Signature data verified.
+    * @param aAuthData Data signed.
+    * @param aCert Certificate which contains the public key used for verification      
+    * @result ETrue if signature is vefified OK, otherwise EFalse
+    */
+	IMPORT_C static TBool VerifyIkev2SignatureL(const TDesC8& aSignature, 
+	                                            const TDesC8& aRefHash, 
+	                                            const CX509Certificate& aCerts);
+	         
+	         
+    /*    
+    * Verifies an IKEv1 signature with a public of
+    * specified certificate
+    *    
+    * @param aSignature Signature data verified.
+    * @param aRefHash Hash data which has been signed (= Encrypted with private key)
+    * @param aCert Certificate which contains the public key used for verification      
+    * @result ETrue if signature is vefified OK, otherwise EFalse
+    */	                                            
+	IMPORT_C static TBool VerifyIkev1SignatureL(const TDesC8& aSignature, 
+	                                            const TDesC8& aRefHash, 
+	                                            const CX509Certificate& aCerts);
+
+    /*
+    * Gets IKE DER encoded Subject Name from the certificate and
+    * copy it into specified buffer 
+    * 
+    * @param aCert Certificate object pointer
+    * @param aSubjectName Reference to the subject name (returned)
+    * @result ETrue if operation succeeded, otherwise EFalse
+    */
+    IMPORT_C static TBool GetCertSubjectNameDERL(const CX509Certificate* aCert, 
+                                                 TDes8& aSubjectName);
+                                                 
+    /*
+    * Gets IKE identity data from specified certificate
+    * 
+    * @param aIdType Specified IKE Identity type wanted.
+    * @param aCertData Certificate data from where the specified Identity data is taken
+    * @result The identity data buffer of NULL
+    */
+    IMPORT_C static HBufC8* GetIdentityFromCertL(TUint8 aIdType, const TDesC8& aCertData);
+    
+    
+    /*
+    * Ccertifies a specified IKE identity with
+    * Certificate Identities
+    *
+    * @param aCert Verified user certificate
+    * @param aId IKE identity data used by peer
+    * @param aIdType IKE identity type 
+    * @result ETrue if Identity is certified otherwise EFalse
+    */
+    IMPORT_C static TBool CertifyIdentityL(const CX509Certificate* aCert, 
+                                           TDesC8& aId, TInt aIdType);
+
+
+    /*
+    * Verifies the user Certificate used by the IKE peer.
+    * 
+    * @param aCerts The array of IKE certificate payload(s) from where verified
+    *               Certificate is found
+    * @result A pointer to a verified X509 certificate or NULL 
+    */
+    IMPORT_C static CX509Certificate* VerifyCertificateL(const CArrayFixFlat<TCertPayloadIkev2*>& aCerts,
+                                                         const CIkeCaList& aTrustedCAList);
+
+
+    /*
+    * Verifies the user Certificate used by the IKE peer.
+    * 
+    * @param aCerts The array of IKE certificate payload(s) from where verified
+    *               Certificate is found
+    * @result A pointer to a verified X509 certificate or NULL 
+    */
+    IMPORT_C static CX509Certificate* VerifyCertificateL(const CArrayFixFlat<const TCertificateISAKMP*>& aCerts,
+                                                         const CIkeCaList& aTrustedCAList);
+
+    IMPORT_C static CX509Certificate* VerifyCertChainL(const CArrayFixFlat<CX509Certificate*>& aCerts, CX509Certificate*& realUserCert,const CIkeCaList& aTrustedCAList);
+    
+private:
+    static TBool VerifySignatureL(const TInt aIkeVersion, 
+                                  const TDesC8& aSignature, 
+                                  const TDesC8& aRefHash, 
+                                  const CX509Certificate& aCert);     
+     
+    static CArrayPtrFlat<TASN1DecGeneric>* DecodeDERL(const TDesC8& aPtr, TInt& aPosition);     
+    
+  	/*
+	* Verifies user certificate by taking the following actions:
+	* -- Verify the signature of the user certificate with the public
+	*    key of the CA certificate.
+	* -- Check the validity of the user certificate 
+	* -- Check that extension field of the user certificate are correct
+	*/
+    static CX509Certificate* VerifyX509CertificateL(const CX509Certificate& aCaCert, 
+                                                    CX509Certificate& aCert);
+
+
+    static CX509Certificate* FindCaCertificateL(const CX509Certificate& aUserCert, 
+                                                const CIkeCaList& aTrustedCAList);
+                                                
+    static const CArrayFixFlat<TCertPayloadIkev2*>* CastCertArray(const CArrayFixFlat<const TCertificateISAKMP*>* aCerts);                                                
+
+    
+    
+    
+    };
+
+#endif //IKEPKIUTILS_H