|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // INCLUDE FILES |
|
20 #include "cstssignatureservice.h" |
|
21 #include "tstsdistinguishednameconverter.h" |
|
22 #include "secdlg.h" |
|
23 #include <unifiedcertstore.h> |
|
24 #include <asn1enc.h> |
|
25 #include <x500dn.h> |
|
26 #include <charconv.h> |
|
27 #include <unifiedkeystore.h> |
|
28 #include <mctwritablecertstore.h> |
|
29 #include <signed.h> |
|
30 #include <asymmetric.h> |
|
31 #include <CCMSX509Certificate.h> |
|
32 #include <CCMSSignerInfo.h> |
|
33 #include <CCMSEncapsulatedContentInfo.h> |
|
34 #include <CCMSSignedData.h> |
|
35 #include <PKIDlg.h> |
|
36 #include "cstsseprompt.h" |
|
37 |
|
38 #include <hash.h> |
|
39 #include "fs_methodcall.h" |
|
40 #include <jutils.h> |
|
41 #include "satsajnitools.h" |
|
42 #include "logger.h" |
|
43 #include "jstringutils.h" |
|
44 |
|
45 // CONSTANTS |
|
46 const TInt KDefaultGranularity = 1; |
|
47 |
|
48 const TInt KOptionIncludeContent = 1; |
|
49 const TInt KOptionIncludeCertificate = 2; |
|
50 |
|
51 _LIT(KIdData, "1.2.840.113549.1.7.1"); |
|
52 _LIT(KIdSignedData, "1.2.840.113549.1.7.2"); |
|
53 |
|
54 // ============================ MEMBER FUNCTIONS =============================== |
|
55 |
|
56 // ----------------------------------------------------------------------------- |
|
57 // CSTSSignatureService::NewL |
|
58 // Two-phased constructor. |
|
59 // ----------------------------------------------------------------------------- |
|
60 // |
|
61 CSTSSignatureService* CSTSSignatureService::NewL() |
|
62 { |
|
63 CSTSSignatureService* self = new(ELeave) CSTSSignatureService; |
|
64 CallMethodL(self, &CSTSSignatureService::AddToScheduler, self); |
|
65 CleanupStack::PushL(self); |
|
66 CallMethodL(self, &CSTSSignatureService::ConstructL, self); |
|
67 CleanupStack::Pop(self); |
|
68 return self; |
|
69 } |
|
70 |
|
71 void CSTSSignatureService::AddToScheduler() |
|
72 { |
|
73 CActiveScheduler::Add(this); |
|
74 } |
|
75 |
|
76 // Destructor |
|
77 CSTSSignatureService::~CSTSSignatureService() |
|
78 { |
|
79 if (iDialog) |
|
80 { |
|
81 iDialog->Release(); // Release deletes the object |
|
82 } |
|
83 if (iPKIDialog) |
|
84 { |
|
85 iPKIDialog->Release(); |
|
86 } |
|
87 iCertificateArray.Close(); |
|
88 iCertInfos.Close(); |
|
89 delete iFilter; |
|
90 iDERNamesHBufC.ResetAndDestroy(); |
|
91 iDERNames.Close(); |
|
92 delete iTextToDisplay; |
|
93 if (iCertificate) |
|
94 { |
|
95 iCertificate->Release(); |
|
96 } |
|
97 delete iX509Certificate; |
|
98 if (iRSASigner) |
|
99 { |
|
100 iRSASigner->Release(); |
|
101 } |
|
102 if (iDSASigner) |
|
103 { |
|
104 iDSASigner->Release(); |
|
105 } |
|
106 delete iCertStore; |
|
107 delete iKeyStore; |
|
108 iKeys.Close(); |
|
109 delete iRSASignature; |
|
110 delete iDSASignature; |
|
111 delete iSignature; |
|
112 iFileServer.Close(); |
|
113 delete iWait; |
|
114 delete iSecurityElementPrompt; |
|
115 delete iSignerInfo; |
|
116 delete iEncodedSignedAttributesHash; |
|
117 delete iCMSCertificate; |
|
118 } |
|
119 |
|
120 // ----------------------------------------------------------------------------- |
|
121 // CSTSSignatureService::AuthenticateL |
|
122 // Authenticates given data |
|
123 // ----------------------------------------------------------------------------- |
|
124 // |
|
125 HBufC8* CSTSSignatureService::AuthenticateL(const TDesC8& abytesToAuthenticate, |
|
126 TInt aOptions, const CDesCArray& aCaNames, |
|
127 const TDesC& asecurityElementPrompt, TBool aShowData) |
|
128 { |
|
129 LOG(ESATSA, EInfo, "+ CSTSSignatureService::AuthenticateL"); |
|
130 if (iState != EReady) |
|
131 { |
|
132 ELOG(ESATSA, "CSTSSignatureService::AuthenticateL: Not Ready"); |
|
133 User::Leave(KErrNotReady); |
|
134 } |
|
135 |
|
136 LOG(ESATSA, EInfo, "CSTSSignatureService::AuthenticateL:After convertions"); |
|
137 // First we need to convert the data to unicode, if we have to display it |
|
138 HBufC* textToDisplay = NULL; |
|
139 if (aShowData) |
|
140 { |
|
141 textToDisplay = ConvertUTF8ToUnicodeL(abytesToAuthenticate); |
|
142 iAuthType = EAuthWithText; |
|
143 } |
|
144 else |
|
145 { |
|
146 textToDisplay = KNullDesC().AllocL(); |
|
147 iAuthType = EAuthWithoutText; |
|
148 } |
|
149 |
|
150 delete iTextToDisplay; |
|
151 iTextToDisplay = textToDisplay; |
|
152 |
|
153 iMessage.Set(abytesToAuthenticate); |
|
154 |
|
155 iOptions = aOptions; |
|
156 |
|
157 iShowNotes = EFalse; |
|
158 |
|
159 LOG(ESATSA, EInfo, "CSTSSignatureService::AuthenticateL:Going to call CreateSignatureL"); |
|
160 // get handles to applicable certificates |
|
161 HBufC8* retVal = CreateSignatureL(aCaNames, EX509UsageDigitalSignature, |
|
162 asecurityElementPrompt); |
|
163 LOG(ESATSA, EInfo, "CSTSSignatureService::AuthenticateL:After call to CreateSignatureL"); |
|
164 |
|
165 LOG(ESATSA, EInfo, "-- CSTSSignatureService::AuthenticateL"); |
|
166 return retVal; |
|
167 } |
|
168 |
|
169 TInt CSTSSignatureService::StaticAuthenticateL(JNIEnv* aJniEnv, |
|
170 CSTSSignatureService* service, jbyteArray aByteArrayToAuthenticate, |
|
171 jint aOptions, jobjectArray aCaNames, jstring aSecurityElementPrompt, |
|
172 jboolean aShowData, HBufC8** aRetVal) |
|
173 { |
|
174 LOG(ESATSA, EInfo, "+ CSTSSignatureService::StaticAuthenticateL"); |
|
175 const TInt byteArrayLength = aJniEnv->GetArrayLength( |
|
176 aByteArrayToAuthenticate); |
|
177 jbyte* bytesToAuthenticate = aJniEnv->GetByteArrayElements( |
|
178 aByteArrayToAuthenticate, NULL); |
|
179 |
|
180 if (!bytesToAuthenticate) |
|
181 { |
|
182 ELOG(ESATSA, "CSTSSignatureService::StaticAuthenticateL: No memory,return"); |
|
183 return NULL; |
|
184 } |
|
185 |
|
186 TPtrC8 desToAuthenticate(reinterpret_cast<TUint8*>(bytesToAuthenticate), |
|
187 byteArrayLength); |
|
188 |
|
189 CDesCArrayFlat* nativeCaNames = STSCreateNativeStringArrayL(aJniEnv, |
|
190 aCaNames); |
|
191 |
|
192 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticAuthenticateL: prepare se prompt"); |
|
193 const JStringUtils securityElementPrompt(*aJniEnv, aSecurityElementPrompt); |
|
194 |
|
195 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticAuthenticateL: start convertions to TInt"); |
|
196 TBool ShowData = static_cast<TBool>(aShowData); |
|
197 const TDesC* sec = static_cast<const TDesC*>(&securityElementPrompt); |
|
198 |
|
199 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticAuthenticateL: After convertions,going to call CallMethodL"); |
|
200 TRAPD(err, CallMethodL(*aRetVal, service, |
|
201 &CSTSSignatureService::AuthenticateL, desToAuthenticate, aOptions, |
|
202 *nativeCaNames, *sec, ShowData, service)); |
|
203 |
|
204 LOG(ESATSA, EInfo, "+ CSTSSignatureService::StaticAuthenticateL:After CallmethodL"); |
|
205 LOG(ESATSA, EInfo, "-- return CSTSSignatureService::StaticAuthenticateL"); |
|
206 return err; |
|
207 |
|
208 } |
|
209 |
|
210 // ----------------------------------------------------------------------------- |
|
211 // CSTSSignatureService::SignL |
|
212 |
|
213 // Signs given data |
|
214 // ----------------------------------------------------------------------------- |
|
215 |
|
216 HBufC8* CSTSSignatureService::SignL(const TDesC8& aBytesToSign, TInt aOptions, |
|
217 const CDesCArray& aCaNames, const TDesC& aSecurityElementPrompt) |
|
218 { |
|
219 LOG(ESATSA, EInfo, "+ CSTSSignatureService::SignL"); |
|
220 if (iState != EReady) |
|
221 { |
|
222 ELOG(ESATSA, "CSTSSignatureService::SignL: Not Ready"); |
|
223 User::Leave(KErrNotReady); |
|
224 } |
|
225 |
|
226 LOG(ESATSA, EInfo, "CSTSSignatureService::SignL: start convertions!"); |
|
227 LOG(ESATSA, EInfo, "CSTSSignatureService::SignL: After convertions"); |
|
228 // convert text from UTF8 |
|
229 HBufC* textToDisplay = ConvertUTF8ToUnicodeL(aBytesToSign); |
|
230 delete iTextToDisplay; |
|
231 iTextToDisplay = textToDisplay; |
|
232 |
|
233 iAuthType = ESignWithText; |
|
234 |
|
235 iMessage.Set(aBytesToSign); |
|
236 |
|
237 iOptions = aOptions; |
|
238 |
|
239 iShowNotes = ETrue; |
|
240 |
|
241 LOG(ESATSA, EInfo, "CSTSSignatureService::SignL: Before call to CreateSignatureL"); |
|
242 // get handles to applicable certificates |
|
243 HBufC8* retVal = CreateSignatureL(aCaNames, EX509UsageNonRepudiation, |
|
244 aSecurityElementPrompt); |
|
245 |
|
246 LOG(ESATSA, EInfo, "-- return CSTSSignatureService::SignL"); |
|
247 return retVal; |
|
248 } |
|
249 |
|
250 // ----------------------------------------------------------------------------- |
|
251 // CSTSSignatureService::StaticSignL |
|
252 // Authenticates given data |
|
253 // ----------------------------------------------------------------------------- |
|
254 // |
|
255 TInt CSTSSignatureService::StaticSignL(JNIEnv* aJniEnv, |
|
256 CSTSSignatureService* service, jbyteArray aBytesToSign, jint aOptions, |
|
257 jobjectArray aCaNames, jstring aSecurityElementPrompt, HBufC8** aRetVal) |
|
258 { |
|
259 LOG(ESATSA, EInfo, "+ CSTSSignatureService::StaticSignL"); |
|
260 const TInt byteArrayLength = aJniEnv->GetArrayLength(aBytesToSign); |
|
261 jbyte* bytesToSign = aJniEnv->GetByteArrayElements(aBytesToSign, NULL); |
|
262 |
|
263 if (!bytesToSign) |
|
264 { |
|
265 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticSignL: No memory"); |
|
266 return NULL; |
|
267 } |
|
268 |
|
269 TPtrC8 desToSign(reinterpret_cast<TUint8*>(bytesToSign), byteArrayLength); |
|
270 |
|
271 CDesCArrayFlat* nativeCaNames = STSCreateNativeStringArrayL(aJniEnv, |
|
272 aCaNames); |
|
273 |
|
274 const JStringUtils securityElementPrompt(*aJniEnv, aSecurityElementPrompt); |
|
275 |
|
276 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticSignL: Start convertions"); |
|
277 LOG(ESATSA, EInfo, "CSTSSignatureService::StaticSignL: Before callmethodl"); |
|
278 |
|
279 const TDesC* sec = static_cast<const TDesC*>(&securityElementPrompt); |
|
280 |
|
281 TRAPD(err, CallMethodL(*aRetVal, service, &CSTSSignatureService::SignL, |
|
282 desToSign, aOptions, *nativeCaNames, *sec, service)); |
|
283 |
|
284 LOG(ESATSA, EInfo, "-- ret CSTSSignatureService::StaticSignL"); |
|
285 return err; |
|
286 } |
|
287 |
|
288 // ----------------------------------------------------------------------------- |
|
289 // CSTSSignatureService::RunL |
|
290 // CActive callback |
|
291 // ----------------------------------------------------------------------------- |
|
292 // |
|
293 void CSTSSignatureService::RunL() |
|
294 { |
|
295 LOG(ESATSA, EInfo, "+ CSTSSignatureService::RunL"); |
|
296 if (iStatus == KErrCancel) |
|
297 { |
|
298 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: KErrCancel"); |
|
299 if (iShowNotes) |
|
300 { |
|
301 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: ShowNote"); |
|
302 iState = EFinalNote; |
|
303 iStatus = KErrNone; |
|
304 iPKIDialog->Note(MPKIDialog::ESigningCancelled, iStatus); |
|
305 SetActive(); |
|
306 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: Done ShowNote"); |
|
307 } |
|
308 else |
|
309 { |
|
310 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: Complete"); |
|
311 Complete(KErrNone); |
|
312 } |
|
313 } |
|
314 else if (iStatus != KErrNone) |
|
315 { |
|
316 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: Error occured"); |
|
317 // Error has occured; inform java |
|
318 Complete(iStatus.Int()); |
|
319 } |
|
320 else |
|
321 { |
|
322 switch (iState) |
|
323 { |
|
324 case EInitialising: |
|
325 { |
|
326 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EInitialising"); |
|
327 iState = EKeyStoreInit; |
|
328 iKeyStore->Initialize(iStatus); |
|
329 SetActive(); |
|
330 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case EInitialising"); |
|
331 break; |
|
332 } |
|
333 case EKeyStoreInit: |
|
334 { |
|
335 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EKeyStoreInit"); |
|
336 Complete(KErrNone); |
|
337 break; |
|
338 } |
|
339 case EListing: |
|
340 { |
|
341 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EListing"); |
|
342 HandlesFromCertInfosL(); |
|
343 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case EListing"); |
|
344 break; |
|
345 } |
|
346 case EDialog: |
|
347 { |
|
348 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EDialog"); |
|
349 iState = EGetCert; |
|
350 if (iCertificate) |
|
351 { |
|
352 iCertificate->Release(); |
|
353 iCertificate = NULL; |
|
354 } |
|
355 // if there is only 1 handle, the dialog won't return it. |
|
356 if (iCertificateArray.Count() == 1) |
|
357 { |
|
358 iCertificateHandle = iCertificateArray[0]; |
|
359 } |
|
360 |
|
361 iCertStore->GetCert(iCertificate, iCertificateHandle, iStatus); |
|
362 SetActive(); |
|
363 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case EDialog"); |
|
364 break; |
|
365 } |
|
366 case EGetCert: |
|
367 { |
|
368 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EGetCert"); |
|
369 if (iX509Certificate) |
|
370 { |
|
371 delete iX509Certificate; |
|
372 iX509Certificate = NULL; |
|
373 } |
|
374 iState = ERetrieveCert; |
|
375 iCertStore->Retrieve(*iCertificate, iX509Certificate, iStatus); |
|
376 SetActive(); |
|
377 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case EGetCert"); |
|
378 break; |
|
379 } |
|
380 case ERetrieveCert: |
|
381 { |
|
382 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case ERetrieveCert"); |
|
383 FindKeyL(); |
|
384 break; |
|
385 } |
|
386 case EFindKey: |
|
387 { |
|
388 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EFindKey"); |
|
389 OpenSignerL(); |
|
390 break; |
|
391 } |
|
392 case EOpenSigner: |
|
393 { |
|
394 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EOpenSigner"); |
|
395 SignL(); |
|
396 break; |
|
397 } |
|
398 case ESign: |
|
399 { |
|
400 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case ESign"); |
|
401 CreateSignedDataL(); |
|
402 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case ESign"); |
|
403 break; |
|
404 } |
|
405 case EFinalNote: |
|
406 { |
|
407 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case EFinalNote"); |
|
408 Complete(KErrNone); |
|
409 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: over case EFinalNote"); |
|
410 break; |
|
411 } |
|
412 default: |
|
413 { |
|
414 LOG(ESATSA, EInfo, "CSTSSignatureService::RunL: case default"); |
|
415 Complete(KErrGeneral); |
|
416 } |
|
417 } |
|
418 } |
|
419 } |
|
420 |
|
421 // ----------------------------------------------------------------------------- |
|
422 // CSTSSignatureService::RunError |
|
423 // CActive error callback |
|
424 // ----------------------------------------------------------------------------- |
|
425 // |
|
426 TInt CSTSSignatureService::RunError(TInt aError) |
|
427 { |
|
428 LOG(ESATSA, EInfo, "+ CSTSSignatureService::RunError"); |
|
429 Complete(aError); |
|
430 return KErrNone; |
|
431 } |
|
432 |
|
433 // ----------------------------------------------------------------------------- |
|
434 // CSTSSignatureService::DoCancel |
|
435 // CActive cancellation callback |
|
436 // ----------------------------------------------------------------------------- |
|
437 // |
|
438 void CSTSSignatureService::DoCancel() |
|
439 { |
|
440 switch (iState) |
|
441 { |
|
442 case EInitialising: |
|
443 { |
|
444 iCertStore->CancelInitialize(); |
|
445 break; |
|
446 } |
|
447 case EKeyStoreInit: |
|
448 { |
|
449 iKeyStore->CancelInitialize(); |
|
450 break; |
|
451 } |
|
452 case EListing: |
|
453 { |
|
454 iCertStore->CancelList(); |
|
455 break; |
|
456 } |
|
457 case EDialog: |
|
458 { |
|
459 iDialog->Cancel(); |
|
460 break; |
|
461 } |
|
462 case EGetCert: |
|
463 { |
|
464 iCertStore->CancelGetCert(); |
|
465 break; |
|
466 } |
|
467 case ERetrieveCert: |
|
468 { |
|
469 iCertStore->CancelRetrieve(); |
|
470 break; |
|
471 } |
|
472 case EFindKey: |
|
473 { |
|
474 iKeyStore->CancelList(); |
|
475 break; |
|
476 } |
|
477 case EOpenSigner: |
|
478 { |
|
479 iKeyStore->CancelOpen(); |
|
480 break; |
|
481 } |
|
482 case ESign: |
|
483 { |
|
484 if (iRSASigner) |
|
485 { |
|
486 iRSASigner->CancelSign(); |
|
487 } |
|
488 if (iDSASigner) |
|
489 { |
|
490 iDSASigner->CancelSign(); |
|
491 } |
|
492 break; |
|
493 } |
|
494 default: |
|
495 { |
|
496 // nothing to cancel |
|
497 } |
|
498 } |
|
499 iState = EERROR; |
|
500 iError = KErrCancel; |
|
501 } |
|
502 |
|
503 // ----------------------------------------------------------------------------- |
|
504 // CSTSSignatureService::CSTSSignatureService |
|
505 // C++ default constructor can NOT contain any code, that |
|
506 // might leave. |
|
507 // ----------------------------------------------------------------------------- |
|
508 // |
|
509 CSTSSignatureService::CSTSSignatureService() : |
|
510 CActive(EPriorityStandard), java::util::FunctionServer("MySignatureServer"), |
|
511 iState(EInitialising) |
|
512 { |
|
513 |
|
514 createServerToNewThread(); |
|
515 |
|
516 } |
|
517 |
|
518 // ----------------------------------------------------------------------------- |
|
519 // CSTSSignatureService::ConstructL |
|
520 // Symbian 2nd phase constructor can leave. |
|
521 // ----------------------------------------------------------------------------- |
|
522 // |
|
523 void CSTSSignatureService::ConstructL() |
|
524 { |
|
525 User::LeaveIfError(iFileServer.Connect()); |
|
526 iDialog = SecurityDialogFactory::CreateL(); |
|
527 iPKIDialog = PKIDialogFactory::CreateNoteL(); |
|
528 |
|
529 iFilter = CCertAttributeFilter::NewL(); |
|
530 |
|
531 iWait = new(ELeave) CActiveSchedulerWait; |
|
532 iCertStore = CUnifiedCertStore::NewL(iFileServer, ETrue); |
|
533 iKeyStore = CUnifiedKeyStore::NewL(iFileServer); |
|
534 iCertStore->Initialize(iStatus); |
|
535 WaitForCompletionL(); |
|
536 } |
|
537 |
|
538 // ----------------------------------------------------------------------------- |
|
539 // CSTSSignatureService::Complete |
|
540 // Completes the operation |
|
541 // ----------------------------------------------------------------------------- |
|
542 // |
|
543 void CSTSSignatureService::Complete(TInt aError) |
|
544 { |
|
545 LOG(ESATSA, EInfo, "+ CSTSSignatureService::Complete"); |
|
546 if (KErrNone == aError) |
|
547 { |
|
548 iState = EReady; |
|
549 } |
|
550 else |
|
551 { |
|
552 iState = EERROR; |
|
553 iError = aError; |
|
554 } |
|
555 iWait->AsyncStop(); |
|
556 LOG(ESATSA, EInfo, "-- ret CSTSSignatureService::Complete"); |
|
557 } |
|
558 |
|
559 // ----------------------------------------------------------------------------- |
|
560 // CSTSSignatureService::WaitForCompletionL() |
|
561 // Wait for completion, leave on error |
|
562 // ----------------------------------------------------------------------------- |
|
563 // |
|
564 void CSTSSignatureService::WaitForCompletionL() |
|
565 { |
|
566 LOG(ESATSA, EInfo, "+ CSTSSignatureService::WaitForCompletionL"); |
|
567 SetActive(); |
|
568 iWait->Start(); |
|
569 if (iState != EReady) |
|
570 { |
|
571 // we need to be ready for the next request |
|
572 iState = EReady; |
|
573 |
|
574 User::Leave(iError); |
|
575 } |
|
576 LOG(ESATSA, EInfo, "- ret CSTSSignatureService::WaitForCompletionL"); |
|
577 } |
|
578 |
|
579 // ----------------------------------------------------------------------------- |
|
580 // CSTSSignatureService::CreateSignatureL() |
|
581 // Creates the signature |
|
582 // ----------------------------------------------------------------------------- |
|
583 // |
|
584 HBufC8* CSTSSignatureService::CreateSignatureL(const CDesCArray& aCaNames, |
|
585 const TKeyUsageX509 aUsage, const TDesC& aSecurityElementPrompt) |
|
586 { |
|
587 LOG(ESATSA, EInfo, "+ CSTSSignatureService::CreateSignatureL"); |
|
588 HBufC* sePrompt = NULL; |
|
589 if (aSecurityElementPrompt != KNullDesC()) |
|
590 { |
|
591 sePrompt = aSecurityElementPrompt.AllocL(); |
|
592 } |
|
593 delete iSecurityElementPrompt; |
|
594 iSecurityElementPrompt = sePrompt; |
|
595 LOG(ESATSA, EInfo, "CSTSSignatureService::CreateSignatureL: call findcertificates"); |
|
596 FindCertificatesL(aCaNames, aUsage); |
|
597 LOG(ESATSA, EInfo, "CSTSSignatureService::CreateSignatureL: After call to findcertificates"); |
|
598 WaitForCompletionL(); |
|
599 LOG(ESATSA, EInfo, "CSTSSignatureService::CreateSignatureL: call WaitForCompletion"); |
|
600 HBufC8* retVal = iSignature; |
|
601 iSignature = NULL; |
|
602 LOG(ESATSA, EInfo, "-- ret CSTSSignatureService::CreateSignatureL"); |
|
603 return retVal; |
|
604 } |
|
605 // ----------------------------------------------------------------------------- |
|
606 // CSTSSignatureService::FindCertificatesL() |
|
607 // Find applicable certificates |
|
608 // ----------------------------------------------------------------------------- |
|
609 // |
|
610 void CSTSSignatureService::FindCertificatesL(const CDesCArray& aCaNames, |
|
611 const TKeyUsageX509 aUsage) |
|
612 { |
|
613 |
|
614 LOG(ESATSA, EInfo, "+ CSTSSignatureService::FindCertificatesL"); |
|
615 iFilter->SetKeyUsage(aUsage); |
|
616 iFilter->SetOwnerType(EUserCertificate); |
|
617 iFilter->SetFormat(EX509Certificate); |
|
618 |
|
619 iCertInfos.Close(); |
|
620 |
|
621 TInt caNameCount = aCaNames.Count(); |
|
622 if (0 == caNameCount) |
|
623 { |
|
624 // no caNames, so we may use any. |
|
625 iState = EListing; |
|
626 iCertStore->List(iCertInfos, *iFilter, iStatus); |
|
627 } |
|
628 else |
|
629 { |
|
630 // first we need to convert aCaNames to DER encoding |
|
631 // make sure the array is empty |
|
632 iDERNames.Reset(); |
|
633 iDERNamesHBufC.ResetAndDestroy(); |
|
634 |
|
635 TSTSDistinguishedNameConverter dnConverter; |
|
636 |
|
637 for (TInt i = 0; i < caNameCount; i++) |
|
638 { |
|
639 CX500DistinguishedName* dName = dnConverter.CreateDNL(aCaNames[i]); |
|
640 CleanupStack::PushL(dName); |
|
641 |
|
642 CASN1EncSequence* dnEncoder = dName->EncodeASN1LC(); |
|
643 // encode the object in a DER encoding |
|
644 HBufC8* der = HBufC8::NewMaxLC(dnEncoder->LengthDER()); |
|
645 TPtr8 pder(der->Des()); |
|
646 TUint pos = 0; |
|
647 dnEncoder->WriteDERL(pder, pos); |
|
648 User::LeaveIfError(iDERNamesHBufC.Append(der)); |
|
649 CleanupStack::Pop(der); |
|
650 User::LeaveIfError(iDERNames.Append(der)); |
|
651 CleanupStack::PopAndDestroy(2); // dnEncoder, dName |
|
652 } |
|
653 |
|
654 iState = EListing; |
|
655 iCertStore->List(iCertInfos, *iFilter, iDERNames, iStatus); |
|
656 } |
|
657 LOG(ESATSA, EInfo, "-- ret CSTSSignatureService::FindCertificatesL"); |
|
658 } |
|
659 |
|
660 // ----------------------------------------------------------------------------- |
|
661 // CSTSSignatureService::HandlesFromCertInfosL() |
|
662 // Fills iCertificateArray from iCertInfos. |
|
663 // ----------------------------------------------------------------------------- |
|
664 // |
|
665 void CSTSSignatureService::HandlesFromCertInfosL() |
|
666 { |
|
667 LOG(ESATSA, EInfo, "+ CSTSSignatureService::HandlesFromCertInfosL"); |
|
668 TInt certificateCount = iCertInfos.Count(); |
|
669 if (certificateCount == 0) |
|
670 { |
|
671 ELOG(ESATSA, "CSTSSignatureService::HandlesFromCertInfosL, KErrNotFound"); |
|
672 User::Leave(KErrNotFound); |
|
673 } |
|
674 |
|
675 iCertificateArray.Reset(); |
|
676 for (TInt i = 0; i < certificateCount; i++) |
|
677 { |
|
678 LOG(ESATSA, EInfo, "+ CSTSSignatureService::HandlesFromCertInfosL: No Certificates"); |
|
679 User::LeaveIfError(iCertificateArray.Append(iCertInfos[i]->Handle())); |
|
680 } |
|
681 |
|
682 // next is a dialog shown depending on the authentication type |
|
683 switch (iAuthType) |
|
684 { |
|
685 case EAuthWithoutText: |
|
686 { |
|
687 LOG(ESATSA, EInfo, "CSTSSignatureService::HandlesFromCertInfosL: case EAuthWithoutText"); |
|
688 iPKIDialog->UserAuthentication(iCertificateArray, iCertificateHandle, |
|
689 iStatus); |
|
690 LOG(ESATSA, EInfo, "CSTSSignatureService::HandlesFromCertInfosL: over case EAuthWithoutText"); |
|
691 break; |
|
692 } |
|
693 case EAuthWithText: |
|
694 { |
|
695 LOG(ESATSA, EInfo, "CSTSSignatureService::HandlesFromCertInfosL: case EAuthWithText"); |
|
696 iPKIDialog->UserAuthenticationText(*iTextToDisplay, iCertificateArray, |
|
697 iCertificateHandle, iStatus); |
|
698 LOG(ESATSA, EInfo, "CSTSSignatureService::HandlesFromCertInfosL: over case EAuthWithText"); |
|
699 break; |
|
700 } |
|
701 case ESignWithText: |
|
702 { |
|
703 iDialog->SignText(*iTextToDisplay, iCertificateArray, |
|
704 iCertificateHandle, iStatus); |
|
705 break; |
|
706 } |
|
707 default: |
|
708 { |
|
709 |
|
710 } |
|
711 } |
|
712 iState = EDialog; |
|
713 SetActive(); |
|
714 |
|
715 } |
|
716 |
|
717 // ----------------------------------------------------------------------------- |
|
718 // CSTSSignatureService::FindKeyL() |
|
719 // Finds the key used in iCertificate. |
|
720 // ----------------------------------------------------------------------------- |
|
721 // |
|
722 void CSTSSignatureService::FindKeyL() |
|
723 { |
|
724 LOG(ESATSA, EInfo, "+ CSTSSignatureService::FindKeyL"); |
|
725 iKeyFilter.iKeyAlgorithm = CKeyInfoBase::EInvalidAlgorithm; |
|
726 iKeyFilter.iKeyId = iCertificate->SubjectKeyId(); |
|
727 |
|
728 iKeyFilter.iUsage = EPKCS15UsageAll; |
|
729 iKeys.Close(); |
|
730 iState = EFindKey; |
|
731 iKeyStore->List(iKeys, iKeyFilter, iStatus); |
|
732 SetActive(); |
|
733 |
|
734 } |
|
735 |
|
736 // ----------------------------------------------------------------------------- |
|
737 // CSTSSignatureService::OpenSignerL() |
|
738 // Opens a signer for the key in iKeys. |
|
739 // ----------------------------------------------------------------------------- |
|
740 // |
|
741 void CSTSSignatureService::OpenSignerL() |
|
742 { |
|
743 LOG(ESATSA, EInfo, "+ CSTSSignatureService::OpenSignerL"); |
|
744 // if key is not found, display security element prompt and search again |
|
745 if (iKeys.Count() == 0) |
|
746 { |
|
747 if (iSecurityElementPrompt) |
|
748 { |
|
749 CSTSSEPrompt* prompt = CSTSSEPrompt::NewLC(); |
|
750 prompt->DisplayPromptL(*iSecurityElementPrompt); |
|
751 CleanupStack::PopAndDestroy(prompt); |
|
752 // delete prompt so we only display it once. |
|
753 delete iSecurityElementPrompt; |
|
754 iSecurityElementPrompt = NULL; |
|
755 FindKeyL(); |
|
756 return; |
|
757 } |
|
758 else |
|
759 { |
|
760 User::Leave(KErrNotFound); |
|
761 } |
|
762 } |
|
763 |
|
764 CCTKeyInfo* keyInfo = iKeys[0]; |
|
765 |
|
766 if (iRSASigner) |
|
767 { |
|
768 iRSASigner->Release(); |
|
769 iRSASigner = NULL; |
|
770 } |
|
771 if (iDSASigner) |
|
772 { |
|
773 iDSASigner->Release(); |
|
774 iDSASigner = NULL; |
|
775 } |
|
776 |
|
777 iState = EOpenSigner; |
|
778 switch (keyInfo->Algorithm()) |
|
779 { |
|
780 case CCTKeyInfo::ERSA: |
|
781 { |
|
782 iKeyStore->Open(keyInfo->Handle(), iRSASigner, iStatus); // codescanner::open |
|
783 break; |
|
784 } |
|
785 case CCTKeyInfo::EDSA: |
|
786 { |
|
787 iKeyStore->Open(keyInfo->Handle(), iDSASigner, iStatus); // codescanner::open |
|
788 break; |
|
789 } |
|
790 default: |
|
791 { |
|
792 User::Leave(KErrNotSupported); |
|
793 } |
|
794 } |
|
795 SetActive(); |
|
796 |
|
797 } |
|
798 |
|
799 // ----------------------------------------------------------------------------- |
|
800 // CSTSSignatureService::SignL() |
|
801 // Signs the message |
|
802 // ----------------------------------------------------------------------------- |
|
803 // |
|
804 void CSTSSignatureService::SignL() |
|
805 { |
|
806 LOG(ESATSA, EInfo, "+ CSTSSignatureService::SignL"); |
|
807 |
|
808 // first we create a digest of the message |
|
809 |
|
810 CSHA1* sha = CSHA1::NewL(); |
|
811 CleanupStack::PushL(sha); |
|
812 TPtrC8 hash = sha->Hash(iMessage); |
|
813 |
|
814 CCMSX509Certificate* cmsCertificate = CCMSX509Certificate::NewL( |
|
815 static_cast<CX509Certificate&>(*iX509Certificate)); |
|
816 delete iCMSCertificate; |
|
817 iCMSCertificate = cmsCertificate; |
|
818 CCMSSignerInfo* signerInfo = CCMSSignerInfo::NewL(*cmsCertificate, hash); |
|
819 delete iSignerInfo; |
|
820 iSignerInfo = signerInfo; |
|
821 |
|
822 CleanupStack::PopAndDestroy(sha); |
|
823 |
|
824 HBufC8* encodedSignedAttributes = iSignerInfo->SignedAttributesEncodedL(); |
|
825 CleanupStack::PushL(encodedSignedAttributes); |
|
826 |
|
827 sha = CSHA1::NewL(); |
|
828 CleanupStack::PushL(sha); |
|
829 |
|
830 TPtrC8 attributeHash = sha->Hash(*encodedSignedAttributes); |
|
831 |
|
832 // create digest info |
|
833 CASN1EncSequence* digestInfo = CASN1EncSequence::NewLC(); |
|
834 CASN1EncSequence* digestAlgId = CASN1EncSequence::NewLC(); |
|
835 CASN1EncObjectIdentifier* oid = CASN1EncObjectIdentifier::NewLC(KSHA1); |
|
836 digestAlgId->AddAndPopChildL(oid); |
|
837 CASN1EncNull* params = CASN1EncNull::NewLC(); |
|
838 digestAlgId->AddAndPopChildL(params); |
|
839 digestInfo->AddAndPopChildL(digestAlgId); |
|
840 CASN1EncOctetString* hashEncoder = |
|
841 CASN1EncOctetString::NewLC(attributeHash); |
|
842 digestInfo->AddAndPopChildL(hashEncoder); |
|
843 |
|
844 HBufC8* encodedHash = HBufC8::NewMaxL(digestInfo->LengthDER()); |
|
845 delete iEncodedSignedAttributesHash; |
|
846 iEncodedSignedAttributesHash = encodedHash; |
|
847 iEncodedSignedAttributesHashPointer.Set(*encodedHash); |
|
848 TPtr8 pder(encodedHash->Des()); |
|
849 TUint pos = 0; |
|
850 digestInfo->WriteDERL(pder, pos); |
|
851 |
|
852 CleanupStack::PopAndDestroy(digestInfo); |
|
853 CleanupStack::PopAndDestroy(sha); |
|
854 CleanupStack::PopAndDestroy(encodedSignedAttributes); |
|
855 |
|
856 CCTKeyInfo* keyInfo = iKeys[0]; |
|
857 |
|
858 delete iRSASignature; |
|
859 iRSASignature = NULL; |
|
860 delete iDSASignature; |
|
861 iDSASignature = NULL; |
|
862 |
|
863 iState = ESign; |
|
864 switch (keyInfo->Algorithm()) |
|
865 { |
|
866 case CCTKeyInfo::ERSA: |
|
867 { |
|
868 iRSASigner->Sign(iEncodedSignedAttributesHashPointer, iRSASignature, |
|
869 iStatus); |
|
870 break; |
|
871 } |
|
872 case CCTKeyInfo::EDSA: |
|
873 { |
|
874 iDSASigner->Sign(iEncodedSignedAttributesHashPointer, iDSASignature, |
|
875 iStatus); |
|
876 break; |
|
877 } |
|
878 default: |
|
879 { |
|
880 User::Leave(KErrNotSupported); |
|
881 } |
|
882 } |
|
883 |
|
884 SetActive(); |
|
885 |
|
886 } |
|
887 |
|
888 // ----------------------------------------------------------------------------- |
|
889 // CSTSSignatureService::CreateSignedDataL() |
|
890 // Creates signed data |
|
891 // ----------------------------------------------------------------------------- |
|
892 // |
|
893 void CSTSSignatureService::CreateSignedDataL() |
|
894 { |
|
895 LOG(ESATSA, EInfo, "+ CSTSSignatureService::CreateSignedDataL"); |
|
896 CCTKeyInfo* keyInfo = iKeys[0]; |
|
897 |
|
898 HBufC8* signature = NULL; |
|
899 switch (keyInfo->Algorithm()) |
|
900 { |
|
901 case CCTKeyInfo::ERSA: |
|
902 { |
|
903 |
|
904 signature = iRSASignature->S().BufferLC(); |
|
905 break; |
|
906 } |
|
907 case CCTKeyInfo::EDSA: |
|
908 { |
|
909 |
|
910 CASN1EncSequence* signatureEncoder = CASN1EncSequence::NewLC(); |
|
911 CASN1EncBigInt* rEncoder = CASN1EncBigInt::NewLC(iDSASignature->R()); |
|
912 signatureEncoder->AddAndPopChildL(rEncoder); |
|
913 CASN1EncBigInt* sEncoder = CASN1EncBigInt::NewLC(iDSASignature->S()); |
|
914 signatureEncoder->AddAndPopChildL(sEncoder); |
|
915 signature = HBufC8::NewMaxLC(signatureEncoder->LengthDER()); |
|
916 TPtr8 signatureDes = signature->Des(); |
|
917 TUint pos = 0; |
|
918 signatureEncoder->WriteDERL(signatureDes, pos); |
|
919 CleanupStack::Pop(signature); |
|
920 CleanupStack::PopAndDestroy(signatureEncoder); |
|
921 CleanupStack::PushL(signature); |
|
922 break; |
|
923 } |
|
924 default: |
|
925 { |
|
926 User::Leave(KErrNotSupported); |
|
927 } |
|
928 } |
|
929 |
|
930 iSignerInfo->SetSignatureValueL(*signature); |
|
931 CArrayPtr<CCMSSignerInfo>* signerInfos = new(ELeave) CArrayPtrFlat< |
|
932 CCMSSignerInfo> (KDefaultGranularity); |
|
933 CleanupStack::PushL(signerInfos); |
|
934 signerInfos->AppendL(iSignerInfo); |
|
935 |
|
936 CArrayPtr<CCMSX509AlgorithmIdentifier> |
|
937 * digestAlgorithmIdentifiers = new(ELeave) CArrayPtrFlat< |
|
938 CCMSX509AlgorithmIdentifier> (KDefaultGranularity); |
|
939 CleanupStack::PushL(digestAlgorithmIdentifiers); |
|
940 |
|
941 CCMSX509AlgorithmIdentifier |
|
942 * digestAlgorithm = |
|
943 CCMSX509AlgorithmIdentifier::NewL( |
|
944 iSignerInfo->DigestAlgorithmIdentifier().AlgorithmIdentifier()); |
|
945 CleanupStack::PushL(digestAlgorithm); |
|
946 |
|
947 digestAlgorithmIdentifiers->AppendL(digestAlgorithm); |
|
948 |
|
949 CCMSEncapsulatedContentInfo* contentInfo = NULL; |
|
950 if ((iOptions & KOptionIncludeContent) != 0) |
|
951 { |
|
952 contentInfo = CCMSEncapsulatedContentInfo::NewLC(KIdData(), &iMessage); |
|
953 } |
|
954 else |
|
955 { |
|
956 contentInfo = CCMSEncapsulatedContentInfo::NewLC(KIdData(), NULL); |
|
957 } |
|
958 |
|
959 CCMSSignedData* signedData = CCMSSignedData::NewLC( |
|
960 *digestAlgorithmIdentifiers, *contentInfo, *signerInfos); |
|
961 |
|
962 if ((iOptions & KOptionIncludeCertificate) != 0) |
|
963 { |
|
964 CCMSCertificateChoices* choices = CCMSCertificateChoices::NewLC( |
|
965 *iCMSCertificate); |
|
966 CArrayPtr<CCMSCertificateChoices>* certificates = |
|
967 new(ELeave) CArrayPtrFlat<CCMSCertificateChoices> (1); |
|
968 CleanupStack::PushL(certificates); |
|
969 certificates->AppendL(choices); |
|
970 signedData->SetCertificatesL(certificates); |
|
971 CleanupStack::PopAndDestroy(2); // certificates, choices |
|
972 } |
|
973 |
|
974 HBufC8* plainSignature = NULL; |
|
975 signedData->EncodeL(plainSignature); |
|
976 CleanupStack::PushL(plainSignature); |
|
977 |
|
978 CCMSContentInfo* encapsulatedSignature = CCMSContentInfo::NewLC( |
|
979 KIdSignedData(), *plainSignature); |
|
980 |
|
981 delete iSignature; |
|
982 iSignature = NULL; |
|
983 |
|
984 encapsulatedSignature->EncodeL(iSignature); |
|
985 |
|
986 CleanupStack::PopAndDestroy(8); |
|
987 if (iShowNotes) |
|
988 { |
|
989 iState = EFinalNote; |
|
990 iPKIDialog->Note(MPKIDialog::ESignatureDone, iStatus); |
|
991 SetActive(); |
|
992 } |
|
993 else |
|
994 { |
|
995 Complete(KErrNone); |
|
996 } |
|
997 LOG(ESATSA, EInfo, "-- ret CSTSSignatureService::CreateSignedDataL"); |
|
998 } |
|
999 |
|
1000 // ----------------------------------------------------------------------------- |
|
1001 // CSTSSignatureService::ConvertUTF8ToUnicodeLC() |
|
1002 // Converts UTF8 data to Unicode |
|
1003 // ----------------------------------------------------------------------------- |
|
1004 // |
|
1005 HBufC* CSTSSignatureService::ConvertUTF8ToUnicodeL(const TDesC8& aUTF8String) |
|
1006 { |
|
1007 CCnvCharacterSetConverter* converter = CCnvCharacterSetConverter::NewLC(); |
|
1008 |
|
1009 CCnvCharacterSetConverter::TAvailability charSetAvailable = |
|
1010 converter->PrepareToConvertToOrFromL(KCharacterSetIdentifierUtf8, |
|
1011 iFileServer); |
|
1012 |
|
1013 if (CCnvCharacterSetConverter::EAvailable != charSetAvailable) |
|
1014 { |
|
1015 User::Leave(KErrGeneral); |
|
1016 } |
|
1017 |
|
1018 TInt state = CCnvCharacterSetConverter::KStateDefault; |
|
1019 |
|
1020 HBufC* textToDisplay = HBufC::NewMaxLC(aUTF8String.Length()); |
|
1021 |
|
1022 TPtr16 textToDisplayDes = textToDisplay->Des(); |
|
1023 |
|
1024 TInt error = converter->ConvertToUnicode(textToDisplayDes, aUTF8String, |
|
1025 state); |
|
1026 User::LeaveIfError(error); |
|
1027 CleanupStack::Pop(textToDisplay); |
|
1028 CleanupStack::PopAndDestroy(converter); |
|
1029 return textToDisplay; |
|
1030 } |
|
1031 |
|
1032 // End of File |
|
1033 |
|
1034 void CSTSSignatureService::vmAttached() |
|
1035 { |
|
1036 |
|
1037 } |
|
1038 |
|
1039 void CSTSSignatureService::doServerSideInit() |
|
1040 { |
|
1041 |
|
1042 FunctionServer::doServerSideInit(); |
|
1043 |
|
1044 } |
|
1045 |
|
1046 |