14 * Description: EAP and WLAN authentication protocols. |
14 * Description: EAP and WLAN authentication protocols. |
15 * |
15 * |
16 */ |
16 */ |
17 |
17 |
18 /* |
18 /* |
19 * %version: 11.1.29 % |
19 * %version: 11.1.2.1.3 % |
20 */ |
20 */ |
21 |
21 |
22 // Refer the document S60_3_1_EAP_Symbian_Adaptation_Design_C.doc for more |
22 // Refer the document S60_3_1_EAP_Symbian_Adaptation_Design_C.doc for more |
23 // details of using EAPSettings. Refer section 9.2 for code samples. |
23 // details of using EAPSettings. Refer section 9.2 for code samples. |
24 |
24 |
25 #ifndef EAP_SETTINGS_H |
25 #ifndef EAP_SETTINGS_H |
26 #define EAP_SETTINGS_H |
26 #define EAP_SETTINGS_H |
27 |
27 |
28 #include <unifiedcertstore.h> |
|
29 #include <cctcertinfo.h> |
|
30 #include "EapExpandedType.h" |
|
31 |
|
32 const TUint KGeneralStringMaxLength = 255; |
28 const TUint KGeneralStringMaxLength = 255; |
33 const TUint KKeyIdentifierLength = 255; |
29 const TUint KKeyIdentifierLength = 255; |
34 const TUint KThumbprintMaxLength = 64; |
30 const TUint KThumbprintMaxLength = 64; |
35 /* This is the maximum length of a certificate primary/secondary name we are interested in. */ |
|
36 const TUint32 KMaxCertNameLength = 64; |
|
37 |
31 |
38 |
32 class CertificateEntry |
39 //------------------------------------------------------------------------------- |
|
40 |
|
41 class EapCertificateEntry |
|
42 : public CBase |
|
43 { |
33 { |
44 |
|
45 public: |
34 public: |
46 |
35 |
47 enum TCertType |
36 CertificateEntry(); |
48 { |
37 |
49 ENone, |
38 enum TCertType { |
50 EUser, |
39 EUser, |
51 ECA |
40 ECA |
52 }; |
41 }; |
53 |
|
54 IMPORT_C EapCertificateEntry(); |
|
55 |
|
56 IMPORT_C virtual ~EapCertificateEntry(); |
|
57 |
|
58 IMPORT_C void trace() const; |
|
59 |
|
60 IMPORT_C EapCertificateEntry * Copy(); |
|
61 |
|
62 // This operator is indentionally without implementation. |
|
63 EapCertificateEntry * const operator = (const EapCertificateEntry * const right_type_value); // Do not use this. |
|
64 |
|
65 IMPORT_C EapCertificateEntry &operator = (const EapCertificateEntry &right_type_value); |
|
66 |
|
67 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
68 |
|
69 IMPORT_C TBool GetSubjectNamePresent() const; |
|
70 |
|
71 IMPORT_C TBool GetIssuerNamePresent() const; |
|
72 |
|
73 IMPORT_C TBool GetSerialNumberPresent() const; |
|
74 |
|
75 IMPORT_C TBool GetThumbprintPresent() const; |
|
76 |
|
77 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
78 |
|
79 IMPORT_C TBool GetLabelPresent() const; |
|
80 |
|
81 IMPORT_C TBool GetPrimaryNamePresent() const; |
|
82 |
|
83 IMPORT_C TBool GetSecondaryNamePresent() const; |
|
84 |
|
85 IMPORT_C TBool GetIsEnabledPresent() const; |
|
86 |
|
87 IMPORT_C TBool GetSubjectKeyIdPresent() const; |
|
88 |
|
89 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
90 |
|
91 IMPORT_C void SetSubjectNamePresent(); |
|
92 |
|
93 IMPORT_C void SetIssuerNamePresent(); |
|
94 |
|
95 IMPORT_C void SetSerialNumberPresent(); |
|
96 |
|
97 IMPORT_C void SetThumbprintPresent(); |
|
98 |
|
99 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
100 |
|
101 IMPORT_C void SetLabelPresent(); |
|
102 |
|
103 IMPORT_C void SetPrimaryNamePresent(); |
|
104 |
|
105 IMPORT_C void SetSecondaryNamePresent(); |
|
106 |
|
107 IMPORT_C void SetIsEnabledPresent(); |
|
108 |
|
109 IMPORT_C void SetSubjectKeyIdPresent(); |
|
110 |
|
111 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
112 |
|
113 IMPORT_C TCertType GetCertType() const; |
|
114 |
|
115 IMPORT_C const TDes * GetSubjectName() const; |
|
116 |
|
117 IMPORT_C const TDes * GetIssuerName() const; |
|
118 |
|
119 IMPORT_C const TDes * GetSerialNumber() const; |
|
120 |
|
121 IMPORT_C const TDes * GetThumbprint() const; |
|
122 |
|
123 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
124 |
|
125 IMPORT_C TDes * GetSubjectNameWritable(); |
|
126 |
|
127 IMPORT_C TDes * GetIssuerNameWritable(); |
|
128 |
|
129 IMPORT_C TDes * GetSerialNumberWritable(); |
|
130 |
|
131 IMPORT_C TDes * GetThumbprintWritable(); |
|
132 |
|
133 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
134 |
|
135 IMPORT_C const TDes * GetLabel() const; |
|
136 |
|
137 IMPORT_C const TKeyIdentifier & GetSubjectKeyId() const; |
|
138 |
|
139 IMPORT_C const TDes * GetPrimaryName() const; |
|
140 |
|
141 IMPORT_C const TDes * GetSecondaryName() const; |
|
142 |
|
143 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
144 |
|
145 IMPORT_C TDes * GetLabelWritable(); |
|
146 |
|
147 IMPORT_C TKeyIdentifier * GetSubjectKeyIdWritable(); |
|
148 |
|
149 IMPORT_C TDes * GetPrimaryNameWritable(); |
|
150 |
|
151 IMPORT_C TDes * GetSecondaryNameWritable(); |
|
152 |
|
153 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
154 |
|
155 IMPORT_C TInt SetCertType(const TCertType & aType); |
|
156 |
|
157 IMPORT_C TInt SetSubjectName(const TBuf<KGeneralStringMaxLength> & aSubjectName); |
|
158 |
|
159 IMPORT_C TInt SetIssuerName(const TBuf<KGeneralStringMaxLength> & aIssuerName); |
|
160 |
|
161 IMPORT_C TInt SetSerialNumber(const TBuf<KGeneralStringMaxLength> & aSerialNumber); |
|
162 |
|
163 IMPORT_C TInt SetThumbprint(const TBuf<KThumbprintMaxLength> & aThumbprint); |
|
164 |
|
165 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
166 |
|
167 IMPORT_C TInt SetLabel(const TCertLabel & aLabel); |
|
168 |
|
169 IMPORT_C TInt SetSubjectKeyId(const TKeyIdentifier & aSubjectKeyId); |
|
170 |
|
171 IMPORT_C TInt SetPrimaryName(const TBuf<KMaxCertNameLength> & aPrimaryName); |
|
172 |
|
173 IMPORT_C TInt SetSecondaryName(const TBuf<KMaxCertNameLength> & aSecondaryName); |
|
174 |
|
175 IMPORT_C TInt SetIsEnabled(const TBool aIsEnabled); |
|
176 |
|
177 IMPORT_C TInt SetIsValid(const TBool aIsValid); |
|
178 |
|
179 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
180 |
|
181 IMPORT_C TBool GetIsEnabled() const; |
|
182 |
|
183 IMPORT_C TBool GetIsValid() const; |
|
184 |
|
185 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
186 |
|
187 private: |
|
188 |
|
189 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
190 // These members are used by authentication protocols. |
|
191 |
42 |
192 // Specifies whether this entry describes user or CA certificate (mandatory) |
43 // Specifies whether this entry describes user or CA certificate (mandatory) |
193 TCertType iCertType; |
44 TCertType iCertType; |
194 |
45 |
195 // Subject name in distinguished name ASCII form. This is optional. |
46 // Subject name in distinguished name ASCII form. This is optional. |
204 |
55 |
205 // Serial number in ASCII form. This is optional. |
56 // Serial number in ASCII form. This is optional. |
206 TBool iSerialNumberPresent; |
57 TBool iSerialNumberPresent; |
207 TBuf<KGeneralStringMaxLength> iSerialNumber; |
58 TBuf<KGeneralStringMaxLength> iSerialNumber; |
208 |
59 |
|
60 // Subject key in binary form. This is mandatory. |
|
61 TBool iSubjectKeyIDPresent; |
|
62 TBuf8<KKeyIdentifierLength> iSubjectKeyID; |
|
63 |
209 // Thumbprint in binary form. This is optional. |
64 // Thumbprint in binary form. This is optional. |
210 TBool iThumbprintPresent; |
65 TBool iThumbprintPresent; |
211 TBuf<KThumbprintMaxLength> iThumbprint; |
66 TBuf<KThumbprintMaxLength> iThumbprint; |
212 |
|
213 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
214 // These members are used by UI. |
|
215 |
|
216 // This holds only the certificate label. This is the text UI will show. |
|
217 TBool iLabelPresent; |
|
218 TCertLabel iLabel; |
|
219 |
|
220 // Primary name of the certificate if any. |
|
221 TBool iPrimaryNamePresent; |
|
222 TBuf<KMaxCertNameLength> iPrimaryName; |
|
223 |
|
224 // Secondary name of the certificate if any. |
|
225 TBool iSecondaryNamePresent; |
|
226 TBuf<KMaxCertNameLength> iSecondaryName; |
|
227 |
|
228 // UI uses this to indicate enabled certificate. |
|
229 TBool iIsEnabledPresent; |
|
230 TBool iIsEnabled; |
|
231 |
|
232 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
233 // These members are used by both authentication protocols and UI. |
|
234 |
|
235 // Subject key in binary form. This is mandatory field to find correct certificate from CUnifiedCertStore. UI uses this too. |
|
236 TBool iSubjectKeyIdPresent; |
|
237 //TBuf8<KKeyIdentifierLength> iSubjectKeyId; |
|
238 TKeyIdentifier iSubjectKeyId; // This is mandatory field to find correct certificate from CUnifiedCertStore. |
|
239 |
|
240 // Indicates this object is correctly initialized. |
|
241 TBool iIsValid; |
|
242 |
|
243 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
244 }; |
67 }; |
245 |
|
246 //------------------------------------------------------------------------------- |
|
247 |
68 |
248 class EAPSettings : public CBase |
69 class EAPSettings : public CBase |
249 { |
70 { |
250 public: |
71 public: |
251 |
72 |
252 IMPORT_C EAPSettings(); |
73 EAPSettings(); |
253 |
74 |
254 IMPORT_C virtual ~EAPSettings(); |
75 enum TEapType |
255 |
76 { |
256 IMPORT_C void trace() const; |
77 EEapNone = 0, |
257 |
78 EEapGtc = 6, |
258 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
79 EEapTls = 13, |
|
80 EEapLeap = 17, |
|
81 EEapSim = 18, |
|
82 EEapTtls = 21, |
|
83 EEapAka = 23, |
|
84 EEapPeap = 25, |
|
85 EEapMschapv2 = 26, |
|
86 EEapSecurid = 32, |
|
87 EEapFast = 43, |
|
88 ETtlsPlainPap = 98, |
|
89 EPlainMschapv2 = 99 |
|
90 }; |
259 |
91 |
260 // Specifies the EAP type these settings are for. |
92 // Specifies the EAP type these settings are for. |
261 // Is not really needed but is here so just some sanity checks can be made |
93 // Is not really needed but is here so just some sanity checks can be made |
262 TEapExpandedType iEAPExpandedType; // Use this in new code. |
94 TEapType iEAPType; |
263 |
95 |
264 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
265 |
|
266 // Use automatic CA certificate. |
|
267 TBool iUseAutomaticCACertificatePresent; |
|
268 TBool iUseAutomaticCACertificate; |
|
269 |
|
270 // Use automatic username. |
|
271 TBool iUseAutomaticUsernamePresent; |
|
272 TBool iUseAutomaticUsername; |
|
273 |
|
274 // Use automatic realm. |
|
275 TBool iUseAutomaticRealmPresent; |
|
276 TBool iUseAutomaticRealm; |
|
277 |
|
278 // Username in ASCII format |
96 // Username in ASCII format |
279 TBool iUsernamePresent; |
97 TBool iUsernamePresent; |
280 TBuf<KGeneralStringMaxLength> iUsername; |
98 TBuf<KGeneralStringMaxLength> iUsername; |
281 |
99 |
282 /// Get: Whether password is stored in database. |
|
283 /// Set: Whether password must be cleared from database. |
|
284 TBool iPasswordExistPresent; |
|
285 TBool iPasswordExist; |
|
286 |
|
287 // Password in ASCII format |
100 // Password in ASCII format |
288 TBool iPasswordPresent; |
101 TBool iPasswordPresent; |
289 TBuf<KGeneralStringMaxLength> iPassword; |
102 TBuf<KGeneralStringMaxLength> iPassword; |
290 |
103 |
291 // Realm in ASCII format |
104 // Realm in ASCII format |
292 TBool iRealmPresent; |
105 TBool iRealmPresent; |
293 TBuf<KGeneralStringMaxLength> iRealm; |
106 TBuf<KGeneralStringMaxLength> iRealm; |
294 |
107 |
295 // Use pseudonym identities in EAP-SIM/AKA |
108 // Use pseudonym identities in EAP-SIM/AKA |
296 TBool iUsePseudonymsPresent; |
109 TBool iUsePseudonymsPresent; |
297 TBool iUsePseudonyms; |
110 TBool iUsePseudonyms; |
298 |
111 |
299 // Whether EAP-TLS/TTLS/PEAP should verify server realm |
112 // Whether EAP-TLS/TTLS/PEAP should verify server realm |
300 TBool iVerifyServerRealmPresent; |
113 TBool iVerifyServerRealmPresent; |
301 TBool iVerifyServerRealm; |
114 TBool iVerifyServerRealm; |
302 |
115 |
303 // Whether EAP-TLS/TTLS/PEAP should require client authentication |
116 // Whether EAP-TLS/TTLS/PEAP should require client authentication |
304 TBool iRequireClientAuthenticationPresent; |
117 TBool iRequireClientAuthenticationPresent; |
305 TBool iRequireClientAuthentication; |
118 TBool iRequireClientAuthentication; |
306 |
119 |
307 // General session validity time (in minutes) |
120 // General session validity time (in minutes) |
308 TBool iSessionValidityTimePresent; |
121 TBool iSessionValidityTimePresent; |
309 TUint iSessionValidityTime; |
122 TUint iSessionValidityTime; |
310 |
123 |
311 // An array of allowed cipher suites for EAP-TLS/TTLS/PEAP. |
124 // An array of allowed cipher suites for EAP-TLS/TTLS/PEAP. |
312 // Refer to RFC2246 chapter A.5 for the values. |
125 // Refer to RFC2246 chapter A.5 for the values. |
313 TBool iCipherSuitesPresent; |
126 TBool iCipherSuitesPresent; |
314 RArray<TUint> iCipherSuites; |
127 RArray<TUint> iCipherSuites; |
315 |
128 |
321 |
134 |
322 // Array listing the allowed certificates for EAP-TLS/TTLS/PEAP. |
135 // Array listing the allowed certificates for EAP-TLS/TTLS/PEAP. |
323 // Subject key ID and Certificate type are the only mandatory certificate |
136 // Subject key ID and Certificate type are the only mandatory certificate |
324 // details needed at the moment. |
137 // details needed at the moment. |
325 TBool iCertificatesPresent; |
138 TBool iCertificatesPresent; |
326 RPointerArray<EapCertificateEntry> iCertificates; |
139 CArrayFixFlat<CertificateEntry> iCertificates; |
327 |
|
328 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
329 |
|
330 // Use this in new code. |
|
331 // Array listing the enabled encapsulated Expanded EAP types (in priority order). |
|
332 // Use constant Expanded EAP type values from EapExpandedType.h. |
|
333 TBool iEnabledEncapsulatedEAPExpandedTypesPresent; |
|
334 RArray<TEapExpandedType> iEnabledEncapsulatedEAPExpandedTypes; |
|
335 |
140 |
336 // Use this in new code. |
141 // Array listing the encapsulated EAP types (in priority order). |
337 // Array listing the disabled encapsulated Expanded EAP types. |
142 // Use EAP type values from TEapType. |
338 // Use constant Expanded EAP type values from EapExpandedType.h. |
143 TBool iEncapsulatedEAPTypesPresent; |
339 TBool iDisabledEncapsulatedEAPExpandedTypesPresent; |
144 RArray<TUint> iEncapsulatedEAPTypes; |
340 RArray<TEapExpandedType> iDisabledEncapsulatedEAPExpandedTypes; |
|
341 |
145 |
342 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
343 |
|
344 // Whether Authenticated provisioning mode allowed or not in EAP-FAST. |
146 // Whether Authenticated provisioning mode allowed or not in EAP-FAST. |
345 TBool iAuthProvModeAllowedPresent; |
147 TBool iAuthProvModeAllowedPresent; |
346 TBool iAuthProvModeAllowed; |
148 TBool iAuthProvModeAllowed; |
347 |
149 |
348 // Whether Unauthenticated provisioning mode allowed or not in EAP-FAST. |
150 // Whether Unauthenticated provisioning mode allowed or not in EAP-FAST. |
365 |
167 |
366 // Whether to Warn (or Prompt) when client encouters a server that has provisioned |
168 // Whether to Warn (or Prompt) when client encouters a server that has provisioned |
367 // the client with a PAC before but is not currently selected as the default server. |
169 // the client with a PAC before but is not currently selected as the default server. |
368 // EAP-FAST specific. |
170 // EAP-FAST specific. |
369 TBool iWarnNotDefaultServerPresent; |
171 TBool iWarnNotDefaultServerPresent; |
370 TBool iWarnNotDefaultServer; |
172 TBool iWarnNotDefaultServer; |
371 |
|
372 TBool iShowPassWordPromptPresent; |
|
373 TBool iShowPassWordPrompt; |
|
374 |
|
375 // This is used in TLS/PEAP/TTLS/FAST. It activates TLS-renegotiation, that will send user certificate with in TLS-protected application data. |
|
376 TBool iUseIdentityPrivacyPresent; |
|
377 TBool iUseIdentityPrivacy; |
|
378 |
|
379 }; |
173 }; |
380 |
174 |
381 //#include "EapSettings.inl" |
175 #include "EapSettings.inl" |
382 |
|
383 //------------------------------------------------------------------------------- |
|
384 |
|
385 #if defined(USE_EAP_TRACE) |
|
386 |
|
387 #define EAP_TRACE_SETTINGS(settings) { (settings)->trace(); } |
|
388 |
|
389 #else |
|
390 |
|
391 #define EAP_TRACE_SETTINGS(settings) |
|
392 |
|
393 #endif //#if defined(USE_EAP_TRACE) |
|
394 |
|
395 |
|
396 //------------------------------------------------------------------------------- |
|
397 |
176 |
398 #endif |
177 #endif |
399 |
|
400 // End of file |
178 // End of file |