Symbian
Symbian Developer Library

SYMBIAN OS V9.4

Feedback

[Index] [Previous] [Next]

#include <pkixCertChain_v2.h>
Link against: pkixcert.lib
This item is not part of the S60 5th Edition SDK

Class CPKIXCertChain

class CPKIXCertChain : public CPKIXCertChainBase;

Description

This class implements a PKIX certificate chain.

Derivation

Members

Defined in CPKIXCertChain:


Construction and destruction


NewL(RFs &,const TPtrC8 &,const TUid)

IMPORT_C static CPKIXCertChain* NewL(RFs &aFs, const TPtrC8 &aEncodedCerts, const TUid aClient);

Description

Creates a certificate chain using the binary data in aEncodedCerts.

Parameters

RFs &aFs

An open file server session.

const TPtrC8 &aEncodedCerts

One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.

const TUid aClient

The Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.

Return value

CPKIXCertChain *


NewLC(RFs &,const TPtrC8 &,const TUid)

IMPORT_C static CPKIXCertChain* NewLC(RFs &aFs, const TPtrC8 &aEncodedCerts, const TUid aClient);

Description

Creates a certificate chain using the binary data in aEncodedCerts, and puts a pointer to the new object onto the cleanup stack.

Parameters

RFs &aFs

An open file server session

const TPtrC8 &aEncodedCerts

One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. The individual certificates can be retrieved since each one contains its own length.

const TUid aClient

The Uid identifying the purpose for which the chain will be used. This value will be used to select a subset of stored certificates, by way of their trust settings, to be used as candidate root certificates.

Return value

CPKIXCertChain *


NewL(RFs &,const TPtrC8 &,const RPointerArray< CX509Certificate > &)

IMPORT_C static CPKIXCertChain* NewL(RFs &aFs, const TPtrC8 &aEncodedCerts, const RPointerArray< CX509Certificate > &aRootCerts);

Description

Creates a certificate chain using the binary data in aEncodedCerts.

Parameters

RFs &aFs

An open file server session.

const TPtrC8 &aEncodedCerts

One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded, as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.

const RPointerArray< CX509Certificate > &aRootCerts

An array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.

Return value

CPKIXCertChain *


NewLC(RFs &,const TPtrC8 &,const RPointerArray< CX509Certificate > &)

IMPORT_C static CPKIXCertChain* NewLC(RFs &aFs, const TPtrC8 &aEncodedCerts, const RPointerArray< CX509Certificate > &aRootCerts);

Description

Creates a certificate chain using the binary data in aEncodedCerts and puts a pointer to the new object onto the cleanup stack.

Parameters

RFs &aFs

An open file server session.

const TPtrC8 &aEncodedCerts

One or more concatenated DER encoded X.509 certificates. The first certificate will be interpreted as the end entity certificate to be validated; subsequent certificates may be in any order and may be used by the chain as intermediate certificates, but not root certificates. Any self signed certificates supplied here after the first one will be discarded as self signed certificates cannot by definition be intermediate certificates. The individual certificates can be retrieved since each one contains its own length.

const RPointerArray< CX509Certificate > &aRootCerts

An array of certificates which the chain will treat as candidate root certificates. If one of these overloads is used, the chain will not look in stores for root certificates, but will only use the certificates supplied here.

Return value

CPKIXCertChain *


~CPKIXCertChain()

IMPORT_C ~CPKIXCertChain();

Description

Destructor.

Frees all resources owned by the object.

[Top]


Member functions


ValidateL(CPKIXValidationResult &,const TTime &,TRequestStatus &)

IMPORT_C void ValidateL(CPKIXValidationResult &aValidationResult, const TTime &aValidationTime, TRequestStatus &aStatus);

Description

Validates the chain.

Parameters

CPKIXValidationResult &aValidationResult

On completion, this contains the result of the validation.

const TTime &aValidationTime

The time that should be presumed to be the current time when checking timestamps.

TRequestStatus &aStatus

An asynchronous request status object.


ValidateL(CPKIXValidationResult &,const TTime &,const CArrayPtr< HBufC > &,TRequestStatus &)

IMPORT_C void ValidateL(CPKIXValidationResult &aValidationResult, const TTime &aValidationTime, const CArrayPtr< HBufC > &aInitialPolicies, TRequestStatus &aStatus);

Description

Validates the chain.

Parameters

CPKIXValidationResult &aValidationResult

On completion, this contains the result of the validation.

const TTime &aValidationTime

The time that should be presumed to be the current time when checking timestamps.

const CArrayPtr< HBufC16 > &aInitialPolicies

The policies we want to be present in the certificate chain.

TRequestStatus &aStatus

An asynchronous request status object.


CancelValidate()

IMPORT_C void CancelValidate();

Description

Cancels an asynchronous CPKIXCertChain::ValidateL(CPKIXValidationResult &,const TTime &,TRequestStatus &) operation.


AddCertL(const TPtrC8 &)

IMPORT_C void AddCertL(const TPtrC8 &aEncodedCerts);

Description

Adds a certificate (if it is not self-signed) to the chain .

Parameters

const TPtrC8 &aEncodedCerts

A DER encoded X.509 certificate.


ChainHasRoot()const

IMPORT_C TBool ChainHasRoot() const;

Description

Tests whether the root certificate of the chain is locatable.

Note that the value is only significant after a successfull call to CPKIXCertChain::ValidateL(CPKIXValidationResult &,const TTime &,TRequestStatus &).

Return value

TBool

ETrue if the chain has a root; EFalse, otherwise.


SupportedCriticalExtensions()const

IMPORT_C const RPointerArray< TDesC >& SupportedCriticalExtensions() const;

Description

Returns a list of the critical extension OIDs that are supported by the chain validator. If a critical extension is encountered in a certificate chain whose OID matches an element in this set then the chain validator shall treat this as a warning instead of an error.

If CPKIXCertChain::SetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &) has not been called, this list will return the default set of supported critical extensions which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.

Return value

const RPointerArray< TDesC16 > &

The current list of supported critical extension OIDs. Ownership is not transferred to the caller.


AddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)

IMPORT_C void AddSupportedCriticalExtensionsL(const RPointerArray< TDesC > &aCriticalExtOids);

Description

Adds one or more critical extension OIDs to the list of supported critical extensions. Duplicate OID values are not added.

Parameters

const RPointerArray< TDesC16 > &aCriticalExtOids

A list of the critical extensions OIDs to append to the supported list. Ownership is not transferred from the caller.


RemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &)

IMPORT_C void RemoveSupportedCriticalExtensions(const RPointerArray< TDesC > &aCriticalExtOids);

Description

Removes one or more critical extension OIDs from the list of supported critical extensions.

Parameters

const RPointerArray< TDesC16 > &aCriticalExtOids


SetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &)

IMPORT_C void SetSupportedCriticalExtensionsL(const RPointerArray< TDesC > &aCriticalExtOids);

Description

Completely replaces the set of supported critical extensions for certificate validation. If a critical extension is encountered matching one of these OIDs then its occurrence is treated as a warning rather than an error. The results of which can be queried through a call to CPKIXValidationResult::ValidationWarnings()const.

Parameters

const RPointerArray< TDesC16 > &aCriticalExtOids

A list of the critical extensions OIDs for the class to support. Ownership is not transferred from the caller.


ResetSupportedCriticalExtsToDefaultL()

IMPORT_C void ResetSupportedCriticalExtsToDefaultL();

Description

Resets the current list of supported critical extensions and re-populates it with the default set which includes the X.509 standard and Symbian specific SIS file critical extensions. These extensions may change in the future and should not be relied upon.


SetValidityPeriodCheckFatal(TBool)

IMPORT_C void SetValidityPeriodCheckFatal(TBool aIsFatal);

Description

Specify if a failed check on the certificate validity date is treated as an error or a warning.

Parameters

TBool aIsFatal

ETrue for reporting as an error; EFalse for a warning.