--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/javaextensions/satsa/pki/src.s60/cstscredentialmanager.h Tue Apr 27 16:30:29 2010 +0300
@@ -0,0 +1,422 @@
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+#ifndef CSTSCREDENTIALMANAGER_H
+#define CSTSCREDENTIALMANAGER_H
+
+// INCLUDES
+#include "functionserver.h"
+#include <e32base.h>
+#include <ct/rmpointerarray.h>
+#include <cctcertinfo.h>
+#include <ct/tcttokenobjecthandle.h>
+
+using namespace java::util;
+// CONSTANTS
+
+// FORWARD DECLARATIONS
+class CCTKeyInfo;
+class MPKIDialog;
+class CUnifiedCertStore;
+class CUnifiedKeyStore;
+class CX500DistinguishedName;
+class CX520AttributeTypeAndValue;
+class CPKCS10Request;
+class CCMSIssuerAndSerialNumber;
+
+
+// Key usage constants
+const TInt KSTSKeyUsageAuthentication = 0;
+const TInt KSTSKeyUsageNonRepudiation = 1;
+
+
+
+// Algorithm ID constants
+_LIT(KSTSAlgorithmDsa, "1.2.840.10040.4.1");
+_LIT(KSTSAlgorithmRsa, "1.2.840.113549.1.1");
+const TUint KSTSDot = '.';
+const TUint KSTSLine = '-';
+
+
+// CLASS DECLARATION
+
+/**
+* Provides functionality for user credential management.
+* This class can be used for creating certificate signing requests,
+* adding user credentials and removing user credentials.
+*
+*/
+NONSHARABLE_CLASS(CSTSCredentialManager): public CActive, public FunctionServer
+{
+public: // type definitions
+ enum TState
+ {
+ EReady,
+ EInitialising,
+ EKeyStoreInit,
+ EAddListing,
+ EAddRetrieve,
+ EAddDialog,
+ EAdding,
+ ERemoveListing,
+ ERemoveRetrieve,
+ ERemoveDialog,
+ EDeleting,
+ ESearchingKey,
+ ECSRDialog,
+ ECreatingCSR,
+ EError
+ };
+
+ struct TGenerateCSRParams
+ {
+public:
+ const TDesC* iNameInfo;
+ const TDesC* iAlgorithm;
+ TInt iKeyLen;
+ TInt iKeyUsage;
+ const TDesC* iSecurityElementID;
+ const TDesC* iSecurityElementPrompt;
+ };
+
+public: // Constructors and destructor
+
+ /**
+ * Two-phased constructor.
+ */
+ static CSTSCredentialManager* NewLC();
+
+ /**
+ * Destructor.
+ */
+ virtual ~CSTSCredentialManager();
+
+public: // New functions
+
+ /**
+ * Adds a certificate or certificate URI to certificate store
+ *
+ * @param aCertDisplayName The user friendly name associated
+ * with the certificate.
+ * @param aPkiPath DER encoded PKIPath containing user
+ * certificate and certificate authority certificates
+ * @param aUri URI that resolvers to a X.509v3 certificate.
+ *
+ * @return true if the operation was successful
+ * @par Leaving:
+ * @li KErrNotReady - The manager is not in ready state
+ * @li KErrNotSupported - No writable certificate stores found
+ * @li KErrCancel - Operation was cancelled by the user
+ * @li KSTSErrAlreadyRegistered - aPkiPath was already
+ * registered
+ * @li KErrArgument - Invalid Argument
+ * @li KErrBadName - aCertDisplayName already exists
+ */
+
+ TBool AddCredentialL(TInt aCertDisplayName,
+ TInt aPkiPath);
+
+ static void StaticAddCredentialL(TInt aManager,
+ TInt aCertDisplayName,
+ TInt aPkiPath,
+ TInt aRetVal);
+
+
+ /**
+ * Creates a DER encoded PKCS#10 certificate enrollment
+ * request.
+ *
+ * @param aNameInfo The distinguished name to be included in
+ * The CSR.
+ * @param aAlgorithm OID for the algorithm to use
+ * @param aKeyLen the key length
+ * @param aKeyUsage The functionality for which the key is
+ * marked inside the security element. Either
+ * KSTSKeyUsageAuthentication or KSTSKeyUsageNonRepudiation.
+ * @param aSecurityElementID identifies the security element
+ * on which the key resides or will be generated.
+ * @param aSecurityElementPrompt guides the user to insert the
+ * security element
+ * @param aForceKeyGen if true, a new key MUST be generated.
+ *
+ * @return DER encoded PKCS#10 CER, ownership is not transferred.
+ *
+ * @par Leaving:
+ * @li KErrCancel - User cancelled the operation
+ * @li KSTSErrSeNoKeys - SE contains no keys that could be used
+ * @li KSTSErrSeNotFound - SE could not be found
+ * @li KErrKeyUsage - Invalid key usage
+ * @li KErrArgument - Invalid argument
+ * @li KErrLocked - PIN is blocked.
+ */
+ TDesC8& GenerateCSRL(const TDesC& aNameInfo, const TDesC& aAlgorithm,
+ TInt aKeyLen, TInt aKeyUsage,
+ const TDesC* aSecurityElementID,
+ const TDesC* aSecurityElementPrompt);
+
+
+ void StaticGenerateCSRL(TInt aParams,
+ TInt aRetVal);
+
+
+ /**
+ * Removes a certificate or certificate URI from a certificate
+ * store.
+ *
+ * @param aCertDisplayName User friendly name associated with
+ * the certificate.
+ * @param aIssuerAndSerialNumber DER encoded ASN.1 structure
+ * that contains the certificate issuer and serial number.
+ * @param aSecurityElementID identifies the security element
+ * where the key resides.
+ * @param aSecurityElementPrompt guides the user to insert the
+ * security element.
+ *
+ * @return true if operation was successful
+ * @li KErrCancel - Operation was cancelled by user
+ * @li KErrNotFound - Credential was not found
+ * @li KErrArgument - Invalid argument
+ * @li KSTSErrSeNotFound - SE was not found
+ */
+ TBool RemoveCredentialL(const TDesC& aCertDisplayName,
+ const TDesC8& aIssuerAndSerialNumber,
+ const TDesC* aSecurityElementID,
+ const TDesC* aSecurityElementPrompt);
+
+ void StaticRemoveCredentialL(TInt aCertDisplayName,
+ TInt aIssuerAndSerialNumber,
+ TInt aSecurityElementID,
+ TInt aSecurityElementPrompt,
+ TInt aRetVal);
+
+
+
+public: // CActive
+
+ /**
+ * Handles an active object's request completion event.
+ */
+ void RunL();
+
+ /**
+ * Handles a leave occurring in the request completion event handler RunL().
+ */
+ TInt RunError(TInt aError);
+
+ /**
+ * Implements cancellation of an outstanding request.
+ */
+ void DoCancel();
+
+private:
+
+ // From FunctionServer
+ virtual void vmAttached();
+ virtual void doServerSideInit();
+ void AddToScheduler();
+
+ /**
+ * C++ default constructor.
+ */
+ CSTSCredentialManager();
+
+ /**
+ * By default Symbian 2nd phase constructor is private.
+ */
+ void ConstructL();
+
+ /**
+ * Completes current asynchronic operation.
+ * If aError is not KErrNone, sets iError before calling
+ * iWait->AsyncStop().
+ * @param aError return value from the completed operation.
+ */
+ void Complete(TInt aError);
+
+ /**
+ * Waits for the current asynchronic operation to complete.
+ * Leaves with the error code if the asynchronic operation fails.
+ */
+ void WaitForCompletionL();
+
+ /**
+ * Retrieves the certificate to be removed, in order to check
+ * the Issuer and SerialNumber of the certificate
+ */
+ void RemoveRetrieveL();
+
+ /**
+ * Retrieves possibly conflicting certificate for adding, in order
+ * to check SerialNumber (issuer and subject are certainly same)
+ */
+ void AddRetrieveL();
+
+ /**
+ * verifies that the retrieved certificate has correct Issuer
+ * and SerialNumber.
+ */
+ void RemoveVerifyL();
+
+ /**
+ * verifies that the retrieved certificate does not have correct
+ * SerialNumber.
+ */
+ void AddVerifyL();
+
+ /**
+ * Displays a dialog asking user permission to remove a certificate
+ */
+ void RemoveDialog();
+
+ /**
+ * Removes the found certificate.
+ */
+ void Remove();
+
+ /**
+ * Adds a certificate
+ */
+ void AddL();
+
+ /**
+ * Displays a CSR creation dialog
+ */
+ void CSRDialog();
+
+ /**
+ * Creates a CSR from the member data, stored in iRequestEncoded.
+ */
+ void CreateCSRL();
+
+ /**
+ * Checks the results of a key search, and if a key has been found,
+ * creates a CSR.
+ */
+ void CheckSearchResultsL();
+
+ /**
+ * Checks if given SecurityElementID is available as a
+ * (readable) key store, and prompts user
+ * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be
+ * found even after prompt, or if aSecurityElementPrompt is null
+ * @param aSecurityElementID ID of the SE to search for
+ * @param aSecurityElementPrompt displayed to user if needed
+ * @return index of the key/cert store to use
+ */
+ TInt CheckKeyStoreSEIDL(const TDesC* aSecurityElementID,
+ const TDesC* aSecurityElementPrompt);
+
+ /**
+ * Checks if given SecurityElementID is available as a
+ * writable cert store, and prompts user
+ * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be
+ * found even after prompt, or if aSecurityElementPrompt is null
+ * @param aSecurityElementID ID of the SE to search for
+ * @param aSecurityElementPrompt displayed to user if needed
+ * @return index of the key/cert store to use
+ */
+ TInt CheckWriteCertStoreSEIDL(const TDesC* aSecurityElementID,
+ const TDesC* aSecurityElementPrompt);
+
+
+ /**
+ * Checks if given string is a RFC1778 formatted OID. If it is not,
+ * leaves with KErrArgument.
+ * @param aOID OID to check.
+ */
+ void CheckOIDL(const TDesC& aOID);
+
+private: // Data
+
+ // internal state
+ TState iState;
+
+ // internal error variable
+ TInt iError;
+
+ // PKI Dialog, owned
+ MPKIDialog* iPKIDialog;
+
+ // The actual store, owned
+ CUnifiedCertStore* iStore;
+
+ // Key store, used for creating keys when needed, owned
+ CUnifiedKeyStore* iKeyStore;
+
+ // index to current writable cert store, which is used in current
+ TInt iWritableCertStoreIndex;
+
+ // Waits for the operation to complete. Owned.
+ CActiveSchedulerWait* iWait;
+
+ // Used by CUnifiedCertStore
+ RFs iFileServer;
+
+ // Used for storing the results of search operations, owned
+ RMPointerArray< CCTCertInfo >* iCertInfoArray;
+
+ // Used for storing the results of search operations, owned
+ RMPointerArray< CCTKeyInfo >* iKeyInfoArray;
+
+ // Key info object, not owned but must call Release()
+ CCTKeyInfo* iKeyInfo;
+
+ // Length of the key we are searching for
+ TInt iKeyLen;
+
+ // Distinguished name, used for creating CSR, owned
+ CX500DistinguishedName* iDistinguishedName;
+
+ // Display name, used for displaying the CSR info, owned
+ HBufC* iDisplayName;
+
+ // Display name, used when adding a certificate to the database, not owned
+ const TDesC* iCertDisplayName;
+
+ // Certificate to be added
+ TPtrC8 iSubject;
+
+ // Key Identifier of the certificate to be added
+ TKeyIdentifier iSubjectKeyId;
+
+ // Key Identifier of the issuer of the certificate to be added
+ TKeyIdentifier iIssuerKeyId;
+
+ // Used for creating CSR, owned
+ CPKCS10Request* iRequest;
+
+ // Stores the created request, owned
+ HBufC8* iRequestEncoded;
+
+ // contains handle to an object which is used in a PKI dialog
+ TCTTokenObjectHandle iHandle;
+
+ // contains the IssuerAndSerialNumber of the certificate to be
+ // added or removed, owned
+ CCMSIssuerAndSerialNumber* iIssuerAndSerialNumber;
+
+ // certificate to be removed, owned
+ HBufC8* iEncodedCert;
+ TPtr8 iEncodedCertDes;
+
+};
+
+
+#endif // CSTSCREDENTIALMANAGER_H
+
+// End of File