|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #ifndef CSTSCREDENTIALMANAGER_H |
|
20 #define CSTSCREDENTIALMANAGER_H |
|
21 |
|
22 // INCLUDES |
|
23 #include "functionserver.h" |
|
24 #include <e32base.h> |
|
25 #include <ct/rmpointerarray.h> |
|
26 #include <cctcertinfo.h> |
|
27 #include <ct/tcttokenobjecthandle.h> |
|
28 |
|
29 using namespace java::util; |
|
30 // CONSTANTS |
|
31 |
|
32 // FORWARD DECLARATIONS |
|
33 class CCTKeyInfo; |
|
34 class MPKIDialog; |
|
35 class CUnifiedCertStore; |
|
36 class CUnifiedKeyStore; |
|
37 class CX500DistinguishedName; |
|
38 class CX520AttributeTypeAndValue; |
|
39 class CPKCS10Request; |
|
40 class CCMSIssuerAndSerialNumber; |
|
41 |
|
42 |
|
43 // Key usage constants |
|
44 const TInt KSTSKeyUsageAuthentication = 0; |
|
45 const TInt KSTSKeyUsageNonRepudiation = 1; |
|
46 |
|
47 |
|
48 |
|
49 // Algorithm ID constants |
|
50 _LIT(KSTSAlgorithmDsa, "1.2.840.10040.4.1"); |
|
51 _LIT(KSTSAlgorithmRsa, "1.2.840.113549.1.1"); |
|
52 const TUint KSTSDot = '.'; |
|
53 const TUint KSTSLine = '-'; |
|
54 |
|
55 |
|
56 // CLASS DECLARATION |
|
57 |
|
58 /** |
|
59 * Provides functionality for user credential management. |
|
60 * This class can be used for creating certificate signing requests, |
|
61 * adding user credentials and removing user credentials. |
|
62 * |
|
63 */ |
|
64 NONSHARABLE_CLASS(CSTSCredentialManager): public CActive, public FunctionServer |
|
65 { |
|
66 public: // type definitions |
|
67 enum TState |
|
68 { |
|
69 EReady, |
|
70 EInitialising, |
|
71 EKeyStoreInit, |
|
72 EAddListing, |
|
73 EAddRetrieve, |
|
74 EAddDialog, |
|
75 EAdding, |
|
76 ERemoveListing, |
|
77 ERemoveRetrieve, |
|
78 ERemoveDialog, |
|
79 EDeleting, |
|
80 ESearchingKey, |
|
81 ECSRDialog, |
|
82 ECreatingCSR, |
|
83 EError |
|
84 }; |
|
85 |
|
86 struct TGenerateCSRParams |
|
87 { |
|
88 public: |
|
89 const TDesC* iNameInfo; |
|
90 const TDesC* iAlgorithm; |
|
91 TInt iKeyLen; |
|
92 TInt iKeyUsage; |
|
93 const TDesC* iSecurityElementID; |
|
94 const TDesC* iSecurityElementPrompt; |
|
95 }; |
|
96 |
|
97 public: // Constructors and destructor |
|
98 |
|
99 /** |
|
100 * Two-phased constructor. |
|
101 */ |
|
102 static CSTSCredentialManager* NewLC(); |
|
103 |
|
104 /** |
|
105 * Destructor. |
|
106 */ |
|
107 virtual ~CSTSCredentialManager(); |
|
108 |
|
109 public: // New functions |
|
110 |
|
111 /** |
|
112 * Adds a certificate or certificate URI to certificate store |
|
113 * |
|
114 * @param aCertDisplayName The user friendly name associated |
|
115 * with the certificate. |
|
116 * @param aPkiPath DER encoded PKIPath containing user |
|
117 * certificate and certificate authority certificates |
|
118 * @param aUri URI that resolvers to a X.509v3 certificate. |
|
119 * |
|
120 * @return true if the operation was successful |
|
121 * @par Leaving: |
|
122 * @li KErrNotReady - The manager is not in ready state |
|
123 * @li KErrNotSupported - No writable certificate stores found |
|
124 * @li KErrCancel - Operation was cancelled by the user |
|
125 * @li KSTSErrAlreadyRegistered - aPkiPath was already |
|
126 * registered |
|
127 * @li KErrArgument - Invalid Argument |
|
128 * @li KErrBadName - aCertDisplayName already exists |
|
129 */ |
|
130 |
|
131 TBool AddCredentialL(TInt aCertDisplayName, |
|
132 TInt aPkiPath); |
|
133 |
|
134 static void StaticAddCredentialL(TInt aManager, |
|
135 TInt aCertDisplayName, |
|
136 TInt aPkiPath, |
|
137 TInt aRetVal); |
|
138 |
|
139 |
|
140 /** |
|
141 * Creates a DER encoded PKCS#10 certificate enrollment |
|
142 * request. |
|
143 * |
|
144 * @param aNameInfo The distinguished name to be included in |
|
145 * The CSR. |
|
146 * @param aAlgorithm OID for the algorithm to use |
|
147 * @param aKeyLen the key length |
|
148 * @param aKeyUsage The functionality for which the key is |
|
149 * marked inside the security element. Either |
|
150 * KSTSKeyUsageAuthentication or KSTSKeyUsageNonRepudiation. |
|
151 * @param aSecurityElementID identifies the security element |
|
152 * on which the key resides or will be generated. |
|
153 * @param aSecurityElementPrompt guides the user to insert the |
|
154 * security element |
|
155 * @param aForceKeyGen if true, a new key MUST be generated. |
|
156 * |
|
157 * @return DER encoded PKCS#10 CER, ownership is not transferred. |
|
158 * |
|
159 * @par Leaving: |
|
160 * @li KErrCancel - User cancelled the operation |
|
161 * @li KSTSErrSeNoKeys - SE contains no keys that could be used |
|
162 * @li KSTSErrSeNotFound - SE could not be found |
|
163 * @li KErrKeyUsage - Invalid key usage |
|
164 * @li KErrArgument - Invalid argument |
|
165 * @li KErrLocked - PIN is blocked. |
|
166 */ |
|
167 TDesC8& GenerateCSRL(const TDesC& aNameInfo, const TDesC& aAlgorithm, |
|
168 TInt aKeyLen, TInt aKeyUsage, |
|
169 const TDesC* aSecurityElementID, |
|
170 const TDesC* aSecurityElementPrompt); |
|
171 |
|
172 |
|
173 void StaticGenerateCSRL(TInt aParams, |
|
174 TInt aRetVal); |
|
175 |
|
176 |
|
177 /** |
|
178 * Removes a certificate or certificate URI from a certificate |
|
179 * store. |
|
180 * |
|
181 * @param aCertDisplayName User friendly name associated with |
|
182 * the certificate. |
|
183 * @param aIssuerAndSerialNumber DER encoded ASN.1 structure |
|
184 * that contains the certificate issuer and serial number. |
|
185 * @param aSecurityElementID identifies the security element |
|
186 * where the key resides. |
|
187 * @param aSecurityElementPrompt guides the user to insert the |
|
188 * security element. |
|
189 * |
|
190 * @return true if operation was successful |
|
191 * @li KErrCancel - Operation was cancelled by user |
|
192 * @li KErrNotFound - Credential was not found |
|
193 * @li KErrArgument - Invalid argument |
|
194 * @li KSTSErrSeNotFound - SE was not found |
|
195 */ |
|
196 TBool RemoveCredentialL(const TDesC& aCertDisplayName, |
|
197 const TDesC8& aIssuerAndSerialNumber, |
|
198 const TDesC* aSecurityElementID, |
|
199 const TDesC* aSecurityElementPrompt); |
|
200 |
|
201 void StaticRemoveCredentialL(TInt aCertDisplayName, |
|
202 TInt aIssuerAndSerialNumber, |
|
203 TInt aSecurityElementID, |
|
204 TInt aSecurityElementPrompt, |
|
205 TInt aRetVal); |
|
206 |
|
207 |
|
208 |
|
209 public: // CActive |
|
210 |
|
211 /** |
|
212 * Handles an active object's request completion event. |
|
213 */ |
|
214 void RunL(); |
|
215 |
|
216 /** |
|
217 * Handles a leave occurring in the request completion event handler RunL(). |
|
218 */ |
|
219 TInt RunError(TInt aError); |
|
220 |
|
221 /** |
|
222 * Implements cancellation of an outstanding request. |
|
223 */ |
|
224 void DoCancel(); |
|
225 |
|
226 private: |
|
227 |
|
228 // From FunctionServer |
|
229 virtual void vmAttached(); |
|
230 virtual void doServerSideInit(); |
|
231 void AddToScheduler(); |
|
232 |
|
233 /** |
|
234 * C++ default constructor. |
|
235 */ |
|
236 CSTSCredentialManager(); |
|
237 |
|
238 /** |
|
239 * By default Symbian 2nd phase constructor is private. |
|
240 */ |
|
241 void ConstructL(); |
|
242 |
|
243 /** |
|
244 * Completes current asynchronic operation. |
|
245 * If aError is not KErrNone, sets iError before calling |
|
246 * iWait->AsyncStop(). |
|
247 * @param aError return value from the completed operation. |
|
248 */ |
|
249 void Complete(TInt aError); |
|
250 |
|
251 /** |
|
252 * Waits for the current asynchronic operation to complete. |
|
253 * Leaves with the error code if the asynchronic operation fails. |
|
254 */ |
|
255 void WaitForCompletionL(); |
|
256 |
|
257 /** |
|
258 * Retrieves the certificate to be removed, in order to check |
|
259 * the Issuer and SerialNumber of the certificate |
|
260 */ |
|
261 void RemoveRetrieveL(); |
|
262 |
|
263 /** |
|
264 * Retrieves possibly conflicting certificate for adding, in order |
|
265 * to check SerialNumber (issuer and subject are certainly same) |
|
266 */ |
|
267 void AddRetrieveL(); |
|
268 |
|
269 /** |
|
270 * verifies that the retrieved certificate has correct Issuer |
|
271 * and SerialNumber. |
|
272 */ |
|
273 void RemoveVerifyL(); |
|
274 |
|
275 /** |
|
276 * verifies that the retrieved certificate does not have correct |
|
277 * SerialNumber. |
|
278 */ |
|
279 void AddVerifyL(); |
|
280 |
|
281 /** |
|
282 * Displays a dialog asking user permission to remove a certificate |
|
283 */ |
|
284 void RemoveDialog(); |
|
285 |
|
286 /** |
|
287 * Removes the found certificate. |
|
288 */ |
|
289 void Remove(); |
|
290 |
|
291 /** |
|
292 * Adds a certificate |
|
293 */ |
|
294 void AddL(); |
|
295 |
|
296 /** |
|
297 * Displays a CSR creation dialog |
|
298 */ |
|
299 void CSRDialog(); |
|
300 |
|
301 /** |
|
302 * Creates a CSR from the member data, stored in iRequestEncoded. |
|
303 */ |
|
304 void CreateCSRL(); |
|
305 |
|
306 /** |
|
307 * Checks the results of a key search, and if a key has been found, |
|
308 * creates a CSR. |
|
309 */ |
|
310 void CheckSearchResultsL(); |
|
311 |
|
312 /** |
|
313 * Checks if given SecurityElementID is available as a |
|
314 * (readable) key store, and prompts user |
|
315 * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be |
|
316 * found even after prompt, or if aSecurityElementPrompt is null |
|
317 * @param aSecurityElementID ID of the SE to search for |
|
318 * @param aSecurityElementPrompt displayed to user if needed |
|
319 * @return index of the key/cert store to use |
|
320 */ |
|
321 TInt CheckKeyStoreSEIDL(const TDesC* aSecurityElementID, |
|
322 const TDesC* aSecurityElementPrompt); |
|
323 |
|
324 /** |
|
325 * Checks if given SecurityElementID is available as a |
|
326 * writable cert store, and prompts user |
|
327 * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be |
|
328 * found even after prompt, or if aSecurityElementPrompt is null |
|
329 * @param aSecurityElementID ID of the SE to search for |
|
330 * @param aSecurityElementPrompt displayed to user if needed |
|
331 * @return index of the key/cert store to use |
|
332 */ |
|
333 TInt CheckWriteCertStoreSEIDL(const TDesC* aSecurityElementID, |
|
334 const TDesC* aSecurityElementPrompt); |
|
335 |
|
336 |
|
337 /** |
|
338 * Checks if given string is a RFC1778 formatted OID. If it is not, |
|
339 * leaves with KErrArgument. |
|
340 * @param aOID OID to check. |
|
341 */ |
|
342 void CheckOIDL(const TDesC& aOID); |
|
343 |
|
344 private: // Data |
|
345 |
|
346 // internal state |
|
347 TState iState; |
|
348 |
|
349 // internal error variable |
|
350 TInt iError; |
|
351 |
|
352 // PKI Dialog, owned |
|
353 MPKIDialog* iPKIDialog; |
|
354 |
|
355 // The actual store, owned |
|
356 CUnifiedCertStore* iStore; |
|
357 |
|
358 // Key store, used for creating keys when needed, owned |
|
359 CUnifiedKeyStore* iKeyStore; |
|
360 |
|
361 // index to current writable cert store, which is used in current |
|
362 TInt iWritableCertStoreIndex; |
|
363 |
|
364 // Waits for the operation to complete. Owned. |
|
365 CActiveSchedulerWait* iWait; |
|
366 |
|
367 // Used by CUnifiedCertStore |
|
368 RFs iFileServer; |
|
369 |
|
370 // Used for storing the results of search operations, owned |
|
371 RMPointerArray< CCTCertInfo >* iCertInfoArray; |
|
372 |
|
373 // Used for storing the results of search operations, owned |
|
374 RMPointerArray< CCTKeyInfo >* iKeyInfoArray; |
|
375 |
|
376 // Key info object, not owned but must call Release() |
|
377 CCTKeyInfo* iKeyInfo; |
|
378 |
|
379 // Length of the key we are searching for |
|
380 TInt iKeyLen; |
|
381 |
|
382 // Distinguished name, used for creating CSR, owned |
|
383 CX500DistinguishedName* iDistinguishedName; |
|
384 |
|
385 // Display name, used for displaying the CSR info, owned |
|
386 HBufC* iDisplayName; |
|
387 |
|
388 // Display name, used when adding a certificate to the database, not owned |
|
389 const TDesC* iCertDisplayName; |
|
390 |
|
391 // Certificate to be added |
|
392 TPtrC8 iSubject; |
|
393 |
|
394 // Key Identifier of the certificate to be added |
|
395 TKeyIdentifier iSubjectKeyId; |
|
396 |
|
397 // Key Identifier of the issuer of the certificate to be added |
|
398 TKeyIdentifier iIssuerKeyId; |
|
399 |
|
400 // Used for creating CSR, owned |
|
401 CPKCS10Request* iRequest; |
|
402 |
|
403 // Stores the created request, owned |
|
404 HBufC8* iRequestEncoded; |
|
405 |
|
406 // contains handle to an object which is used in a PKI dialog |
|
407 TCTTokenObjectHandle iHandle; |
|
408 |
|
409 // contains the IssuerAndSerialNumber of the certificate to be |
|
410 // added or removed, owned |
|
411 CCMSIssuerAndSerialNumber* iIssuerAndSerialNumber; |
|
412 |
|
413 // certificate to be removed, owned |
|
414 HBufC8* iEncodedCert; |
|
415 TPtr8 iEncodedCertDes; |
|
416 |
|
417 }; |
|
418 |
|
419 |
|
420 #endif // CSTSCREDENTIALMANAGER_H |
|
421 |
|
422 // End of File |