CPKIXCertChain Class Reference

#include <pkixcertchain.h>

Link against: pkixcert.lib

class CPKIXCertChain : public CPKIXCertChainBase

Inherits from

Public Member Functions
~CPKIXCertChain()
IMPORT_C voidAddCertL(const TPtrC8 &)
IMPORT_C voidAddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)
IMPORT_C voidCancelValidate()
IMPORT_C TBoolChainHasRoot()
IMPORT_C CPKIXCertChain *NewL(RFs &, const TPtrC8 &, const TUid)
IMPORT_C CPKIXCertChain *NewL(RFs &, const TPtrC8 &, const RPointerArray< CX509Certificate > &)
IMPORT_C CPKIXCertChain *NewLC(RFs &, const TPtrC8 &, const TUid)
IMPORT_C CPKIXCertChain *NewLC(RFs &, const TPtrC8 &, const RPointerArray< CX509Certificate > &)
IMPORT_C voidRemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &)
IMPORT_C voidResetSupportedCriticalExtsToDefaultL()
IMPORT_C voidSetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)
IMPORT_C voidSetValidityPeriodCheckFatal(TBool)
IMPORT_C const RPointerArray< TDesC > &SupportedCriticalExtensions()
IMPORT_C voidValidateL(CPKIXValidationResult &, const TTime &, TRequestStatus &)
IMPORT_C voidValidateL(CPKIXValidationResult &, const TTime &, const CArrayPtr< HBufC > &, TRequestStatus &)
Inherited Attributes
CX509CertChain::iChain
Inherited Functions
CBase::CBase()
CBase::Delete(CBase *)
CBase::Extension_(TUint,TAny *&,TAny *)
CBase::operator new(TUint)
CBase::operator new(TUint,TAny *)
CBase::operator new(TUint,TLeave)
CBase::operator new(TUint,TLeave,TUint)
CBase::operator new(TUint,TUint)
CBase::~CBase()
CPKIXCertChainBase::CPKIXCertChainBase()
CPKIXCertChainBase::Chain()
CPKIXCertChainBase::ChainHasRoot()
CPKIXCertChainBase::ConstructL(MCertStore &,const TPtrC8 &,TUid)
CPKIXCertChainBase::ConstructL(MCertStore &,const TPtrC8 &,const RPointerArray< CX509Certificate > &)
CPKIXCertChainBase::IntermediateCerts()
CPKIXCertChainBase::NewL(MCertStore &,const TPtrC8 &,const RPointerArray< CX509Certificate > &)
CPKIXCertChainBase::NewL(MCertStore &,const TPtrC8 &,const TUid)
CPKIXCertChainBase::NewLC(MCertStore &,const TPtrC8 &,const RPointerArray< CX509Certificate > &)
CPKIXCertChainBase::NewLC(MCertStore &,const TPtrC8 &,const TUid)
CPKIXCertChainBase::RemoveLastCerts(TInt)
CPKIXCertChainBase::SetChainHasRoot(TBool)
CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase &,const TTime &,TRequestStatus &)
CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase &,const TTime &,const CArrayPtr< HBufC > &,TRequestStatus &)
CPKIXCertChainBase::ValidityPeriodCheckFatal()const
CPKIXCertChainBase::~CPKIXCertChainBase()
CX509CertChain::Cert(TInt)const
CX509CertChain::Count()const
CX509CertChain::DecodeCertsL(const TDesC8 &)
CX509CertChain::IsEqualL(const CX509CertChain &)const
CX509CertChain::~CX509CertChain()

Detailed Description

This class implements a PKIX certificate chain.

Since
v6.0

Constructor & Destructor Documentation

~CPKIXCertChain ( )

IMPORT_C~CPKIXCertChain()

Destructor.

Frees all resources owned by the object.

Member Function Documentation

AddCertL ( const TPtrC8 & )

IMPORT_C voidAddCertL(const TPtrC8 &aEncodedCerts)

Reimplemented from CPKIXCertChainBase::AddCertL(const TPtrC8 &)

Adds a certificate (if it is not self-signed) to the chain .

Parameters
aEncodedCertsA DER encoded X.509 certificate.

AddSupportedCriticalExtensionsL ( const RPointerArray< TDesC > & )

IMPORT_C voidAddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &aCriticalExtOids)

Reimplemented from CPKIXCertChainBase::AddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)

Adds one or more critical extension OIDs to the list of supported critical extensions. Duplicate OID values are not added.

Parameters
aCriticalExtOidsA list of the critical extensions OIDs to append to the supported list. Ownership is not transferred from the caller.

CancelValidate ( )

IMPORT_C voidCancelValidate()

Reimplemented from CPKIXCertChainBase::CancelValidate()

Cancels an asynchronous ValidateL() operation.

ChainHasRoot ( )

IMPORT_C TBoolChainHasRoot()const

Reimplemented from CPKIXCertChainBase::ChainHasRoot()const

Tests whether the root certificate of the chain is locatable.

Note that the value is only significant after a successfull call to ValidateL().

Return Value
ETrue if the chain has a root; EFalse, otherwise.

NewL ( RFs &, const TPtrC8 &, const TUid )

IMPORT_C CPKIXCertChain *NewL(RFs &aFs,
const TPtrC8 &aEncodedCerts,
const TUidaClient
)[static]

Creates a certificate chain using the binary data in aEncodedCerts.

Parameters
aFsAn open file server session.
aEncodedCertsOne or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.
aClientThe Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.

NewL ( RFs &, const TPtrC8 &, const RPointerArray< CX509Certificate > & )

IMPORT_C CPKIXCertChain *NewL(RFs &aFs,
const TPtrC8 &aEncodedCerts,
const RPointerArray< CX509Certificate > &aRootCerts
)[static]

Creates a certificate chain using the binary data in aEncodedCerts.

Parameters
aFsAn open file server session.
aEncodedCertsOne or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded, as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.
aRootCertsAn array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.

NewLC ( RFs &, const TPtrC8 &, const TUid )

IMPORT_C CPKIXCertChain *NewLC(RFs &aFs,
const TPtrC8 &aEncodedCerts,
const TUidaClient
)[static]

Creates a certificate chain using the binary data in aEncodedCerts, and puts a pointer to the new object onto the cleanup stack.

Parameters
aFsAn open file server session
aEncodedCertsOne or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.
aClientThe Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.

NewLC ( RFs &, const TPtrC8 &, const RPointerArray< CX509Certificate > & )

IMPORT_C CPKIXCertChain *NewLC(RFs &aFs,
const TPtrC8 &aEncodedCerts,
const RPointerArray< CX509Certificate > &aRootCerts
)[static]

Creates a certificate chain using the binary data in aEncodedCerts and puts a pointer to the new object onto the cleanup stack.

Parameters
aFsAn open file server session.
aEncodedCertsOne or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.
aRootCertsAn array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.

RemoveSupportedCriticalExtensions ( const RPointerArray< TDesC > & )

IMPORT_C voidRemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &aCriticalExtOids)

Reimplemented from CPKIXCertChainBase::RemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &)

Removes one or more critical extension OIDs from the list of supported critical extensions.

ResetSupportedCriticalExtsToDefaultL ( )

IMPORT_C voidResetSupportedCriticalExtsToDefaultL()

Resets the current list of supported critical extensions and re-populates it with the default set which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.

SetSupportedCriticalExtensionsL ( const RPointerArray< TDesC > & )

IMPORT_C voidSetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &aCriticalExtOids)

Completely replaces the set of supported critical extensions for certificate validation. If a critical extension is encountered matching one of these OIDs then its occurrence is treated as a warning rather than an error. The results of which can be queried through a call to CPKIXValidationResult::ValidationWarnings().

Parameters
aCriticalExtOidsA list of the critical extensions OIDs for the class to support. Ownership is not transferred from the caller.

SetValidityPeriodCheckFatal ( TBool )

IMPORT_C voidSetValidityPeriodCheckFatal(TBoolaIsFatal)

Specify if a failed check on the certificate validity date is treated as an error or a warning.

Parameters
aIsFatalETrue for reporting as an error; EFalse for a warning.

SupportedCriticalExtensions ( )

IMPORT_C const RPointerArray< TDesC > &SupportedCriticalExtensions()const

Returns a list of the critical extension OIDs that are supported by the chain validator. If a critical extension is encountered in a certificate chain whose OID matches an element in this set then the chain validator shall treat this as a warning instead of an error.

If CPKIXCertChain::SetSupportedCriticalExtensionsL() has not been called, this list will return the default set of supported critical extensions which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.

Return Value
The current list of supported critical extension OIDs. Ownership is not transferred to the caller.

ValidateL ( CPKIXValidationResult &, const TTime &, TRequestStatus & )

IMPORT_C voidValidateL(CPKIXValidationResult &aValidationResult,
const TTime &aValidationTime,
TRequestStatus &aStatus
)

Validates the chain.

Parameters
aValidationResultOn completion, this contains the result of the validation.
aValidationTimeThe time that should be presumed to be the current time when checking timestamps.
aStatusAn asynchronous request status object.

ValidateL ( CPKIXValidationResult &, const TTime &, const CArrayPtr< HBufC > &, TRequestStatus & )

IMPORT_C voidValidateL(CPKIXValidationResult &aValidationResult,
const TTime &aValidationTime,
const CArrayPtr< HBufC > &aInitialPolicies,
TRequestStatus &aStatus
)

Validates the chain.

Parameters
aValidationResultOn completion, this contains the result of the validation.
aValidationTimeThe time that should be presumed to be the current time when checking timestamps.
aInitialPoliciesThe policies we want to be present in the certificate chain.
aStatusAn asynchronous request status object.