diff -r 000000000000 -r 33413c0669b9 vpnengine/vpnmanager/inc/pkiutil.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/vpnmanager/inc/pkiutil.h Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,130 @@ +/* +* Copyright (c) 2003-2006 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* Provides static PKI-related helper functions +* (such as building Distinguished Names) +* +*/ + + + +#ifndef __PKIUTIL_H__ +#define __PKIUTIL_H__ + +#include +#include "pkidefs.h" +#include "ikepolparser.h" +#include "fileutil.h" + +const TInt KCertDnSizeIncrement = 64; + +_LIT(KComma, ","); +_LIT(KEquals, "="); + +_LIT(KC, "C"); +_LIT(KO, "O"); +_LIT(KOU, "OU"); +_LIT(KL, "L"); +_LIT(KST, "ST"); +_LIT(KCN, "CN"); + +_LIT8(KCN8, "CN"); + +const TInt KExpectedMaxCertSize = 4092; + +class CX500DistinguishedName; +class CX520AttributeTypeAndValue; +class CX509Certificate; +class RPKIServiceAPI; +class CDesC16ArrayFlat; +class TCertInfo; + + +enum TCertStatus + { + ECertValid = 1, + ECertNotValidYet, + ECertExpired, + ECertNotFound, + ECertNotNeeded, + ECertStatusUnknown + }; + +/** + * PKI-related static utility methods + */ +class PkiUtil + { +public: + static HBufC* CertSubjectNameL(const TDesC8& aCertData); + static HBufC* CertIssuerNameL(const TDesC8& aCertData); + static TCertStatus CertStatusL(RPKIServiceAPI& aPkiService, const TDesC8& aTrustedCaDn, + const TDesC8& aSubjectDnSuffix, const TDesC8& aRfc822Name, + TUint aPrivKeyLength, TInt aCertRenewalThreshold = -1); + + static TCertStatus GetValidCaCertSubjectNameListL(RPKIServiceAPI& aPkiService, + const CArrayFixFlat& aIkeCAList, + CDesC8ArrayFlat& aCaCertNameList); + + static TCertStatus CheckUserCertValidityL(RPKIServiceAPI& aPkiService, + CDesC8ArrayFlat& aValidCaCertNameList, + TOwnCertInfo& aOwnCert); + + + static CX500DistinguishedName* DnFromStringL(const TDesC8& aString); + static CX500DistinguishedName* DnWithoutCnFromStringL(const TDesC8& aString); + static TBool DnMatchL(const TDesC8& aDnString1, const TDesC8& aDnString2); + + static TBool MatchL(const CX500DistinguishedName& aDn1, + const CX500DistinguishedName& aDn2); + static HBufC* CertDnL(const CX500DistinguishedName& aName); + + static TInt CertKeySizeL(const TDesC8& aCertData); + +private: + + static TCertStatus CertStatusL(const TDesC8& aCertData, TInt aCertRenewalThreshold = -1); + static TCertStatus CertStatusL(const CX509Certificate& aCert, TInt aCertRenewalThreshold = -1); + + + static void AppendAttributeL(HBufC*& aBuf, const CX520AttributeTypeAndValue& aAttribute); + static HBufC* AttributeTypeToNameL(const TDesC &aType); + static void SmartAppendL(HBufC*& aBuf, const TDesC& aText); + static TBool HasElementL(const CX500DistinguishedName& aDn, + const CX520AttributeTypeAndValue& aElement); + + /** + * Returns the list of validated CA certificate Subject names. + * If some of the certificates in aIkeCAList doesn't match to any CA certificates + * stored in the phone LEAVES with KErrNotFound. If some of the elements in the aIkeCAList + * has iFormat value PEM_CERT or BIN_CERT this function panics. If aIkeCAList->Count < 1 this + * method panics. + */ + static RPointerArray GetCaCertListL(RPKIServiceAPI& aPkiService, + const CArrayFixFlat& aIkeCAList); + + + static CX509Certificate* ReadCertificateLC(RPKIServiceAPI& aPkiService, + const TDesC8& aTrustedAuthority, + const TDesC8& aIdentitySubjectName, + const TDesC8& aIdentityRfc822Name, + const TPKICertificateOwnerType aOwnerType); + + static CX509Certificate* ReadCertificateLC(RPKIServiceAPI& aPkiService, + const TPKIKeyIdentifier& aKeyId); + static HBufC8* PkiUtil::To8BitL(const TDesC16& aDes); + + }; + +#endif // __PKIUTIL_H__ \ No newline at end of file