/*
* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: EAP and WLAN authentication protocols.
*
*/
/*
* %version: 86.1.2 %
*/
#if !defined(_EAP_AM_TYPE_TLS_PEAP_SYMBIAN_H_)
#define _EAP_AM_TYPE_TLS_PEAP_SYMBIAN_H_
#include "eap_tools.h"
#include "eap_variable_data.h"
#include "eap_am_export.h"
#include "abs_eap_am_type_tls_peap.h"
#include "eap_am_type_tls_peap.h"
#include "eap_am_network_id.h"
#include <d32dbms.h>
#include <EapType.h>
#include <unifiedcertstore.h>
#include <mctwritablecertstore.h>
#include <pkixcertchain.h>
#include "EapTlsPeapNotifierStructs.h"
#include "EapTlsPeapUtils.h"
#include <bigint.h>
#if defined(USE_FAST_EAP_TYPE)
#include "EapFastNotifierStruct.h"
#include <etelmm.h>
#endif
#include "EapTtlsPapDbInfoStruct.h"
class CX509Certificate;
class CEapTlsPeapCertInterface;
class eap_am_tools_symbian_c;
class abs_tls_am_application_eap_fast_c;
#if defined(USE_FAST_EAP_TYPE)
class CEapFastActive;
#endif
class CEapTtlsPapActive;
#ifdef USE_PAC_STORE
class CPacStoreDatabase;
struct SInfoEntry;
#endif
#if defined(USE_EAP_CONFIGURATION_TO_SKIP_USER_INTERACTIONS)
class eap_file_config_c;
#endif
const TInt KMaxLabelLength = 64;
const TInt KMaxDatabaseTableName = 64;
#if defined(USE_FAST_EAP_TYPE)
const char KEapFastPacProvisResultKey[] = "eap_am_type_tls_peap_symbian_c prov. result";
const TInt KEapFastPacProvisResultType = 1;
const u32_t KEapFastPacProvisResultDefaultTimeout = 10000; // in milliseconds = 10 seconds
#endif
/// This class is interface to adaptation module of EAP/TLS and PEAP.
class EAP_EXPORT eap_am_type_tls_peap_symbian_c
: public CActive, public eap_am_type_tls_peap_c
,public abs_eap_base_timer_c
{
public:
#if defined(USE_FAST_EAP_TYPE)
enum TEapFastPacProvisResultValue
{
EEapFastPacProvisResultFailure, /* 0 */
EEapFastPacProvisResultSuccess /* 1 */
};
#endif
private: // data
//--------------------------------------------------
RDbs m_session;
RDbNamedDatabase m_database;
enum TState
{
EHandlingIdentityQuery, /* 0 */
EHandlingManualIdentityQuery, /* 1 */
EHandlingChainQuery, /* 2 */
EHandlingCipherSuiteQuery, /* 3 */
#if defined(USE_FAST_EAP_TYPE) /* 4 */
EHandlingNotifierQuery, /* 5 */
EPasswordQuery, /* 6 */
EWrongPassword, /* 7 */
EFilePasswordQuery, /* 8 */
EMasterkeyQuery, /* 9 */
EPasswordCancel, /* 10 */
EShowProvSuccesstNote, /* 11 */
EShowProvNotSuccesstNote, /* 12 */
ENone /* 13 */
#endif //#if defined(USE_FAST_EAP_TYPE)
};
TState m_state;
TState m_prev_state;
TIndexType m_index_type;
TInt m_index;
eap_type_value_e m_tunneling_type;
abs_eap_base_type_c *m_partner;
eap_am_tools_symbian_c *m_am_tools;
abs_eap_am_type_tls_peap_c *m_am_partner;
abs_tls_am_services_c * m_tls_am_partner;
#if defined(USE_FAST_EAP_TYPE)
abs_tls_am_application_eap_fast_c * m_tls_application;
CEapFastActive* iEapFastActiveWaitNote;
CEapFastActive* iEapFastActiveNotes;
enum TAlterTableCmd
{
EAddColumn,
ERemoveColumn
};
#endif //#if defined(USE_FAST_EAP_TYPE)
bool m_is_valid;
bool m_is_client;
eap_type_value_e m_current_eap_type;
// These are the vendor-types for EAP type and tunneling EAP type.
// Valid for both expanded and non-expanded EAP types.
u32_t m_current_eap_vendor_type;
u32_t m_tunneling_vendor_type;
TBufC<KMaxDatabaseTableName> m_db_table_name;
TBufC<KMaxDatabaseTableName> m_db_user_cert_table_name;
TBufC<KMaxDatabaseTableName> m_db_ca_cert_table_name;
TBufC<KMaxDatabaseTableName> m_db_cipher_suite_table_name;
TBufC<KMaxDatabaseTableName> m_db_name;
#if defined (USE_FAST_EAP_TYPE)
TBufC<KMaxDatabaseTableName> m_db_fast_special_table_name;
RArray<SInfoEntry> m_info_array;
#endif
u32_t m_max_count_of_session_resumes;
tls_cipher_suites_e m_cipher_suite;
CX509Certificate* m_ca_certificate;
CX509Certificate* m_own_certificate;
CX509Certificate* m_peer_certificate;
CEapTlsPeapCertInterface* m_cert_if;
SCertEntry m_own_certificate_info;
eap_am_network_id_c m_receive_network_id;
u8_t m_eap_identifier;
TKeyIdentifier m_subject_key_id;
RArray<SCertEntry> m_allowed_ca_certs;
RArray<SCertEntry> m_allowed_user_certs;
RArray<SCertEntry> m_allowed_server_certs;
RArray<TUint> m_allowed_cipher_suites;
eap_variable_data_c m_peer_public_key;
eap_variable_data_c m_param_p;
eap_variable_data_c m_param_q;
eap_variable_data_c m_param_g;
bool m_shutdown_was_called;
#ifdef USE_EAP_EXPANDED_TYPES
/// Tunneling EAP configuration data from EAP database.
RExpandedEapTypePtrArray m_enabled_tunneling_exp_eap_array;
RExpandedEapTypePtrArray m_disabled_tunneling_exp_eap_array;
#else
/// Tunneling EAP configuration data from EAP database.
TEapArray m_iap_eap_array;
#endif // #ifdef USE_EAP_EXPANDED_TYPES
TIdentityInfo* m_identity_info;
TBuf8<4> m_selector_output;
eap_type_value_e m_tunneled_type;
bool m_verify_certificate_realm;
bool m_allow_subdomain_matching;
tls_alert_description_e m_latest_alert_description;
bool m_use_manual_username;
eap_variable_data_c m_manual_username;
bool m_use_manual_realm;
eap_variable_data_c m_manual_realm;
bool m_tls_peap_server_authenticates_client_policy_flag;
/// This flag prevents double configuration. This can happen when
/// this class implements many interfaces.
bool m_configured;
// This holds the max session time read from the configuration file.
TInt64 m_max_session_time;
#if defined(USE_EAP_TLS_SESSION_TICKET)
/// This flag allows use of session ticket, see RFC 4507.
bool m_use_session_ticket;
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
#if defined(USE_FAST_EAP_TYPE)
tls_extension_c * m_received_tunnel_pac_in_session_ticket;
tls_extension_c * m_received_user_authorization_pac_in_session_ticket;
eap_fast_pac_type_e m_saved_pac_type;
eap_fast_completion_operation_e m_completion_operation;
eap_status_e m_verification_status;
eap_fast_pac_type_e m_pac_type;
eap_variable_data_c m_PAC_store_password;
eap_variable_data_c m_imported_PAC_data_password;
eap_variable_data_c m_PAC_store_path;
eap_variable_data_c m_EAP_FAST_IAP_reference;
eap_variable_data_c m_EAP_FAST_Group_reference;
eap_variable_data_c m_EAP_FAST_import_path;
eap_status_e m_eap_fast_completion_status;
eap_fast_pac_store_pending_operation_e m_eap_fast_pac_store_pending_operation;
eap_array_c<eap_fast_pac_store_data_c> m_references_and_data_blocks;
eap_array_c<eap_fast_pac_store_data_c> m_new_references_and_data_blocks;
eap_array_c<eap_fast_pac_store_data_c> m_ready_references_and_data_blocks;
bool m_serv_unauth_prov_mode;
bool m_serv_auth_prov_mode;
// For FAST notifiers
RNotifier m_notifier;
bool m_is_notifier_connected; // Tells if notifier server is connected.
TEapFastNotifierStruct * m_notifier_data_to_user;
TPckg<TEapFastNotifierStruct> * m_notifier_data_pckg_to_user;
TEapFastNotifierStruct * m_notifier_data_from_user;
TPckg<TEapFastNotifierStruct> * m_notifier_data_pckg_from_user;
/* For MMETEL */
// ETel connection.
RTelServer iServer;
RMobilePhone iPhone;
// Stores the last queried Phone identities like manufacturer, model,
// revision and serial number
RMobilePhone::TMobilePhoneIdentityV1 iDeviceId;
// Tells if MMETEL is connected already or not.
TBool iMMETELConnectionStatus;
TBool m_completed_with_zero;
TBool m_verificationStatus;
HBufC8* m_pacStorePWBuf8;
EEapFastNotifierUserAction m_userAction;
eap_pac_store_data_type_e m_pacStoreDataRefType;
eap_fast_pac_store_data_c m_data_reference;
TBool m_notifier_complete;
eap_variable_data_c m_userResponse;
eap_fast_pac_store_pending_operation_e m_pending_operation;
TInt m_both_completed;
TInt m_both_asked;
TUint m_ready_references_array_index;
eap_fast_completion_operation_e m_provisioning_mode;
/**
* This member is used to store completion operation value
* in initialize_PAC_store() call from common side.
* The value is given later in complete call.
*/
eap_fast_completion_operation_e iCompletionOperation;
/**
* This member is used to store initialize-pac-store-completion value
* in initialize_PAC_store() call from common side.
* The value is given later in complete call.
*/
eap_fast_initialize_pac_store_completion_e iCompletion;
#endif //#if defined(USE_FAST_EAP_TYPE)
#ifdef USE_PAC_STORE
CPacStoreDatabase * iPacStoreDb;
#endif
#ifdef USE_EAP_CONFIGURATION_TO_SKIP_USER_INTERACTIONS
TBool m_skip_user_interactions;
/// This is object to handle file configuration.
eap_file_config_c * m_fileconfig;
#endif
/**
* Maximum TTLS-PAP session time read from the configuration file.
*/
TInt64 iEapTtlsPapMaxSessionConfigTime;
/**
* Provides asynch services used by the caller such as
* query for TTLS-PAP user name and password.
*/
CEapTtlsPapActive* iEapTtlsPapActive;
//--------------------------------------------------
private: // methods
//--------------------------------------------------
EAP_FUNC_IMPORT abs_tls_am_services_c * get_tls_am_partner();
abs_eap_am_type_tls_peap_c * get_am_partner();
void type_configure_readL(
eap_config_string field,
const u32_t field_length,
eap_variable_data_c * const data);
void verify_certificate_chainL(
EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
const tls_cipher_suites_e required_cipher_suite);
void WriteBinaryParamL(
eap_config_string field,
const u32_t field_length,
const eap_variable_data_c * const data);
void WriteIntParamL(
eap_config_string field,
const u32_t field_length,
eap_variable_data_c * const data);
void WriteIntParamL(
eap_config_string field,
const u32_t field_length,
const u32_t value);
void get_identity_from_alternative_nameL(
const CX509Certificate * const aCertificate,
eap_variable_data_c * const aIdentity);
void get_identities_from_distinguished_namesL(
const CX509Certificate * const aCertificate,
eap_variable_data_c * const aSubjectIdentity,
eap_variable_data_c * const aIssuerIdentity);
eap_status_e load_module(
const eap_type_value_e type,
const eap_type_value_e /* tunneling_type */,
abs_eap_base_type_c * const partner,
eap_base_type_c ** const eap_type,
const bool is_client_when_true,
const eap_am_network_id_c * const receive_network_id);
eap_status_e check_is_valid_eap_type(const eap_type_value_e eap_type);
eap_status_e get_eap_type_list(
eap_array_c<eap_type_value_e> * const eap_type_list);
eap_status_e unload_module(const eap_type_value_e type);
void complete_signL(const RInteger& aR, const RInteger& aS, eap_status_e aStatus);
eap_status_e get_realms_from_certificate(
CX509Certificate* certificate,
eap_variable_data_c * const subject_realm,
eap_variable_data_c * const issuer_realm);
void authentication_finishedL(
const bool true_when_successful,
const tls_session_type_e tls_session_type);
void read_dsa_parametersL();
eap_status_e SaveManualIdentityL(
const TBool use_manual_username,
TDesC& manual_username,
const TBool use_manual_realm,
TDesC& manual_realm);
void send_error_notification(const eap_status_e error);
eap_status_e show_certificate_selection_dialog();
eap_status_e show_manual_identity_dialog();
void ResetSessionIdL();
/**
* Returns true if the full authenticated session is valid.
* It finds the difference between current time and the
* last full authentication time. If the difference is less than the
* Maximum Session Validity Time, then session is valid, returns true.
* Otherwise returns false.
* Full authentication should be done if the session is not valid.
*/
bool is_session_validL();
/**
* Stores current universal time as the the full authentication time
* in the database. Returns KErrNone if storing succeeds.
*/
void store_authentication_timeL();
#ifdef USE_PAC_STORE
void GetPacStoreDbDataL(
const eap_pac_store_data_type_e aPacStoreDataType,
eap_variable_data_c * aPacStoreData,
const eap_variable_data_c * const aPacStoreReference = NULL);
#endif // End: #ifdef USE_PAC_STORE
#if defined(USE_FAST_EAP_TYPE)
void ReadPACStoredataL(
const eap_fast_pac_store_pending_operation_e in_pending_operation,
EAP_TEMPLATE_CONST eap_array_c<eap_fast_pac_store_data_c> * const in_references);
void WritePACStoreDataL(
const eap_fast_pac_store_pending_operation_e in_pending_operation,
EAP_TEMPLATE_CONST eap_array_c<eap_fast_pac_store_data_c> * const in_references_and_data_blocks);
eap_status_e ShowNotifierItemAndGetResponse(
EEapFastNotifierUiItem aNotifierUiItem, TBool aSetActive );
eap_status_e RemoveIAPReference();
eap_status_e ImportFilesL();
eap_status_e PasswordQueryL();
eap_status_e CompletePasswordQueryL();
eap_status_e CompleteFilePasswordQueryL();
eap_status_e CompleteNotifierL();
eap_status_e CompleteFilePasswordQuery();
eap_status_e FinalCompleteReadPACStoreDataL(eap_status_e status);
void ConvertUnicodeToAsciiL(const TDesC16& aFromUnicode, TDes8& aToAscii);
void UpdatePasswordTimeL();
void CheckPasswordTimeValidityL();
/**
* Alter table: remove/add columns.
*
* @param aDb Reference to database.
* @param aCmd Action type: remove/add column.
* @param aTableName Name of table to be altered.
* @param aColumnName Name of column.
* @param aColumnDef Drop-column-set.
*/
void AlterTableL( RDbNamedDatabase& aDb,
TAlterTableCmd aCmd,
const TDesC& aTableName,
const TDesC& aColumnName,
const TDesC& aColumnDef = KNullDesC );
/**
* Fix old tables for password identity time.
*
* Remove password identity time from fast table;
* add password identity time to PAC store table;
* update password identity time.
*/
void FixOldTablesForPwdIdentityTimeL();
/**
* Add PAC_store_initialized to PAC store
* if it does not exists.
*/
void FixOldTableForPacStoreInitL();
/**
* Read integer column value.
*
* @param aDb Reference to database.
* @param aColumnName Name of the target column.
* @param aSqlStatement SQL statement to be used.
* @return Column value.
**/
TInt64 ReadIntDbValueL( RDbNamedDatabase& aDb,
const TDesC& aColumnName,
const TDesC& aSqlStatement );
eap_status_e ConfigureL();
eap_status_e CreateMasterkeyL();
eap_status_e QueryUserPermissionForAIDL(
const eap_fast_variable_data_c * const in_pac_attribute_A_ID_info,
const eap_fast_variable_data_c * const in_pac_attribute_A_ID);
void CompleteAddImportedPACFileL(
const eap_variable_data_c * const in_imported_PAC_filename,
const eap_variable_data_c * const out_used_group_reference);
#endif //#if defined(USE_FAST_EAP_TYPE)
/**
* Check whether password is older than allowed
* by max TTLS-PAP session timeout.
*
* @return ETrue - session is valid, EFalse - otherwise.
*/
TBool IsTtlsPapSessionValidL();
/**
* Check TTLS-PAP session validity.
*
* @return ETrue if currentTime < aInLastFullAuthTime + aInMaxSessionTime,
* EFalse - otherwise.
*/
TBool CheckTtlsPapSessionValidity(
const TInt64& aInMaxSessionTime,
const TInt64& aInLastFullAuthTime );
//--------------------------------------------------
protected: // methods
//--------------------------------------------------
eap_am_type_tls_peap_symbian_c(
abs_eap_am_tools_c * const aTools,
abs_eap_base_type_c * const aPartner,
const TIndexType aIndexType,
const TInt aIndex,
const eap_type_value_e aTunnelingType,
const eap_type_value_e aEapType,
const bool aIsClient,
const eap_am_network_id_c * const receive_network_id);
void ConstructL();
void RunL();
void DoCancel();
//--------------------------------------------------
public: // methods
//--------------------------------------------------
//
static eap_am_type_tls_peap_symbian_c* NewL(
abs_eap_am_tools_c * const aTools,
abs_eap_base_type_c * const aPartner,
const TIndexType aIndexType,
const TInt aIndex,
const eap_type_value_e aTunnelingType,
const eap_type_value_e aEapType,
const bool aIsClient,
const eap_am_network_id_c * const receive_network_id);
EAP_FUNC_IMPORT virtual ~eap_am_type_tls_peap_symbian_c();
EAP_FUNC_EXPORT eap_status_e shutdown();
EAP_FUNC_IMPORT void set_is_valid();
EAP_FUNC_IMPORT bool get_is_valid();
EAP_FUNC_IMPORT void set_tls_am_partner(abs_tls_am_services_c * const tls_am_partner);
#if defined(USE_FAST_EAP_TYPE)
/// This function sets pointer to application of TLS. See abs_tls_am_application_eap_fast_c.
EAP_FUNC_IMPORT void set_tls_application(abs_tls_am_application_eap_fast_c * const tls_application);
/**
* Check provisioning mode.
*
* @return ETrue - authenticated provisioning mode,
* EFalse - unauthenticated provisioning mode.
*/
TBool IsProvisioningMode();
/**
* Send error notification to common side.
*
* @param aUserAction EEapFastNotifierUserActionOk or
* EEapFastNotifierUserActionCancel.
* @return EAP status.
*/
eap_status_e CompleteQueryUserPermissionForAid(
EEapFastNotifierUserAction aUserAction );
void ContinueInitializePacStore();
#endif //#if defined(USE_FAST_EAP_TYPE)
/**
* Send error notification to common side.
*
* @param aError EAP status.
*/
void SendErrorNotification( const eap_status_e aError );
EAP_FUNC_IMPORT void notify_configuration_error(
const eap_status_e configuration_status);
EAP_FUNC_IMPORT eap_status_e configure();
void set_am_partner(abs_eap_am_type_tls_peap_c * const partner);
/** Client calls this function.
* EAP-TLS/PEAP AM could do finishing operations to databases etc. based on authentication status and type.
*/
EAP_FUNC_IMPORT eap_status_e reset();
/** Client calls this function.
* EAP-TLS/PEAP AM could make some fast operations here, heavy operations should be done in the reset() function.
*/
EAP_FUNC_IMPORT eap_status_e authentication_finished(
const bool true_when_successfull,
const tls_session_type_e tls_session_type);
/** Client calls this function.
* AM must copy identity to output parameters if call is syncronous.
* This function could be completed asyncronously with abs_eap_am_type_tls_peap_c::complete_query_eap_identity_query() function call.
*/
EAP_FUNC_IMPORT eap_status_e query_eap_identity(
eap_variable_data_c * const identity,
const eap_am_network_id_c * const receive_network_id,
const u8_t eap_identifier,
bool * const use_manual_username,
eap_variable_data_c * const manual_username,
bool *const use_manual_realm,
eap_variable_data_c * const manual_realm);
/** Client calls this function.
* This call cancels asyncronous query_SIM_IMSI_or_pseudonym_or_reauthentication_id() function call.
* AM must not complete query_SIM_IMSI_or_pseudonym_or_reauthentication_id()
* with abs_eap_am_type_gsmsim_c::complete_SIM_IMSI_or_pseudonym_or_reauthentication_id_query() after
* cancel_SIM_IMSI_or_pseudonym_or_reauthentication_id_query() call.
*/
EAP_FUNC_IMPORT eap_status_e cancel_identity_query();
//
EAP_FUNC_IMPORT eap_status_e timer_expired(
const u32_t id, void *data);
//
EAP_FUNC_IMPORT eap_status_e timer_delete_data(
const u32_t id, void *data);
/**
* The type_configure_read() function reads the configuration data identified
* by the field string of field_length bytes length. Adaptation module must direct
* the query to some persistent store.
* @param field is generic configure string idenfying the required configure data.
* @param data is pointer to existing eap_variable_data object.
*/
EAP_FUNC_IMPORT eap_status_e type_configure_read(
const eap_configuration_field_c * const field,
eap_variable_data_c * const data);
/**
* The type_configure_write() function writes the configuration data identified
* by the field string of field_length bytes length. Adaptation module must direct
* the action to some persistent store.
* @param field is generic configure string idenfying the required configure data.
* @param data is pointer to existing eap_variable_data object.
*/
EAP_FUNC_IMPORT eap_status_e type_configure_write(
const eap_configuration_field_c * const field,
eap_variable_data_c * const data);
EAP_FUNC_IMPORT eap_status_e alert_received(
const tls_alert_level_e alert_level,
const tls_alert_description_e alert_description);
EAP_FUNC_IMPORT eap_status_e query_cipher_suites_and_previous_session();
#if defined(USE_EAP_TLS_SESSION_TICKET)
EAP_FUNC_IMPORT eap_status_e query_new_session_ticket();
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
EAP_FUNC_IMPORT eap_status_e select_cipher_suite_and_check_session_id(
EAP_TEMPLATE_CONST eap_array_c<u16_t> * const cipher_suite_proposal,
const eap_variable_data_c * const session_id
#if defined(USE_EAP_TLS_SESSION_TICKET)
, const tls_extension_c * const session_ticket
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
);
EAP_FUNC_IMPORT eap_status_e verify_certificate_chain(
EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
const tls_cipher_suites_e required_cipher_suite);
EAP_FUNC_IMPORT eap_status_e query_certificate_chain(
EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_authorities,
EAP_TEMPLATE_CONST eap_array_c<u8_t> * const certificate_types,
const tls_cipher_suites_e required_cipher_suite);
EAP_FUNC_IMPORT eap_status_e query_certificate_authorities_and_types();
EAP_FUNC_IMPORT eap_status_e query_dh_parameters(
EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain,
const tls_cipher_suites_e required_cipher_suite);
EAP_FUNC_IMPORT eap_status_e query_realm(
EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const certificate_chain);
// This is always syncronous call.
EAP_FUNC_IMPORT eap_status_e save_tls_session(
const eap_variable_data_c * const session_id,
const eap_variable_data_c * const master_secret,
const tls_cipher_suites_e used_cipher_suite
#if defined(USE_EAP_TLS_SESSION_TICKET)
, const tls_extension_c * const new_session_ticket
#endif //#if defined(USE_EAP_TLS_SESSION_TICKET)
);
/// This is always syncronous call.
/// Function encrypts data with own RSA private key.
EAP_FUNC_IMPORT eap_status_e rsa_encrypt_with_public_key(
const eap_variable_data_c * const premaster_secret);
/// This is always syncronous call.
/// Function decrypts data with own RSA private key.
EAP_FUNC_IMPORT eap_status_e rsa_decrypt_with_private_key(
const eap_variable_data_c * const encrypted_premaster_secret);
/// Function signs data with own PKI private key.
/// NOTE this is syncronous at moment. Asyncronous completion needs many changes.
EAP_FUNC_IMPORT eap_status_e sign_with_private_key(
const eap_variable_data_c * const message_hash);
/// Function verifies signed data with peer PKI public key.
/// NOTE this is syncronous at moment. Asyncronous completion needs many changes.
EAP_FUNC_IMPORT eap_status_e verify_with_public_key(
const eap_variable_data_c * const message_hash,
const eap_variable_data_c * const signed_message_hash);
EAP_FUNC_IMPORT eap_status_e cancel_query_cipher_suites_and_previous_session();
EAP_FUNC_IMPORT eap_status_e cancel_select_cipher_suite_and_check_session_id();
EAP_FUNC_IMPORT eap_status_e cancel_verify_certificate_chain();
EAP_FUNC_IMPORT eap_status_e cancel_query_certificate_chain();
EAP_FUNC_IMPORT eap_status_e cancel_query_certificate_authorities_and_types();
EAP_FUNC_IMPORT eap_status_e cancel_query_dh_parameters();
EAP_FUNC_IMPORT eap_status_e cancel_query_realm();
EAP_FUNC_IMPORT eap_status_e cancel_query_dsa_parameters();
EAP_FUNC_IMPORT eap_status_e cancel_rsa_encrypt_with_public_key();
EAP_FUNC_IMPORT eap_status_e cancel_rsa_decrypt_with_private_key();
EAP_FUNC_IMPORT eap_status_e cancel_sign_with_private_key();
EAP_FUNC_IMPORT eap_status_e cancel_verify_with_public_key();
eap_status_e complete_read_own_certificate(
const RPointerArray<CX509Certificate>& aCertChain, eap_status_e aStatus);
eap_status_e complete_read_ca_certificate(
const RPointerArray<CX509Certificate>& aCertChain, eap_status_e aStatus);
void complete_validate_chain(CPKIXValidationResult& aValidationResult, eap_status_e aStatus);
void complete_get_matching_certificates(CArrayFixFlat<SCertEntry>& aMatchingCerts, eap_status_e aStatus);
void complete_sign(const RInteger& aR, const RInteger& aS, eap_status_e aStatus);
void complete_decrypt(TDes8& aData, eap_status_e aStatus);
/**
* Returns true if the full authenticated session is valid.
* It finds the difference between current time and the
* last full authentication time. If the difference is less than the
* Maximum Session Validity Time, then session is valid, returns true.
* Otherwise returns false.
* Full authentication should be done if the session is not valid.
*/
bool is_session_valid();
EAP_FUNC_IMPORT void set_peap_version(
const peap_version_e peap_version,
const bool use_tppd_tls_peap,
const bool use_tppd_peapv1_acknowledge_hack);
#if defined(USE_FAST_EAP_TYPE)
// This is commented in tls_am_application_eap_fast_c::read_authority_identity().
// Parameter is the authority identity (A-ID).
EAP_FUNC_IMPORT eap_status_e read_authority_identity(eap_variable_data_c * const authority_identity);
// This is commented in tls_am_application_eap_fast_c::query_pac_of_type().
EAP_FUNC_IMPORT eap_status_e query_pac_of_type(const eap_fast_pac_type_e pac_type);
#if defined(USE_EAP_CORE_SERVER)
/**
* This function call is always asyncronous.
* It will be completed always with complete_verify_pac() function call.
* Function verifies the received PAC is valid.
*/
EAP_FUNC_IMPORT eap_status_e verify_pac(const eap_fast_variable_data_c * const tlv_pac);
#endif //#if defined(USE_EAP_CORE_SERVER)
// This is commented in eap_am_fast_pac_store_services_c::query_user_permission_for_A_ID().
EAP_FUNC_IMPORT eap_status_e query_user_permission_for_A_ID(
const eap_fast_pac_store_pending_operation_e in_pending_operation,
const eap_fast_variable_data_c * const in_pac_attribute_A_ID_info,
const eap_fast_variable_data_c * const in_pac_attribute_A_ID);
// This is commented in eap_am_fast_pac_store_services_c::read_PAC_store_data().
EAP_FUNC_IMPORT eap_status_e read_PAC_store_data(
const eap_fast_pac_store_pending_operation_e in_pending_operation,
EAP_TEMPLATE_CONST eap_array_c<eap_fast_pac_store_data_c> * const in_references);
// This is commented in eap_am_fast_pac_store_services_c::write_PAC_store_data().
EAP_FUNC_IMPORT eap_status_e write_PAC_store_data(
const bool when_true_must_be_synchronous_operation,
const eap_fast_pac_store_pending_operation_e in_pending_operation,
EAP_TEMPLATE_CONST eap_array_c<eap_fast_pac_store_data_c> * const in_references_and_data_blocks);
// This is commented in eap_am_fast_pac_store_services_c::complete_add_imported_PAC_file().
EAP_FUNC_IMPORT eap_status_e complete_add_imported_PAC_file(
const eap_status_e in_completion_status,
const eap_variable_data_c * const in_imported_PAC_filename,
const eap_variable_data_c * const out_used_group_reference);
// This is commented in eap_am_fast_pac_store_services_c::complete_remove_PAC().
EAP_FUNC_IMPORT eap_status_e complete_remove_PAC(
const eap_status_e completion_status,
const eap_variable_data_c * const out_used_group_reference);
// This is commented in eap_am_fast_pac_store_services_c::complete_remove_IAP_reference().
EAP_FUNC_IMPORT eap_status_e complete_remove_IAP_reference(
const eap_status_e completion_status);
// This is commented in eap_am_fast_pac_store_services_c::cancel_PAC_store_operations().
EAP_FUNC_IMPORT eap_status_e cancel_PAC_store_operations();
/**
* This function initializes PAC store.
* Imported PACs and other configuration can be done within this function call.
* If asyncronous operations are needed the operations must be completed
* by complete_initialize_PAC_store() function call.
*/
EAP_FUNC_IMPORT eap_status_e initialize_PAC_store(
const eap_fast_completion_operation_e aCompletionOperation,
const eap_fast_initialize_pac_store_completion_e aCompletion );
/**
* Indicate provisioning start.
*
* Common side indicates that PAC provisioning started.
* Waiting note is displayed.
*
* @param provisioning_mode Authenticated or unauthenticated provisioning mode.
* @param pac_type PAC type provisioned by server.
*/
EAP_FUNC_IMPORT eap_status_e indicates_eap_fast_provisioning_starts(
const eap_fast_completion_operation_e provisioning_mode,
const eap_fast_pac_type_e pac_type );
/**
* Indicate provisioning end.
*
* Common side indicates that PAC provisioning ended.
* Waiting note is stopped. Provisioning result note is displayed.
*
* @param provisioning_successfull True if provisioning is successful,
* false - otherwise.
* @param provisioning_mode Authenticated or unauthenticated provisioning mode.
* @param pac_type PAC type provisioned by server.
*/
EAP_FUNC_IMPORT eap_status_e indicates_eap_fast_provisioning_ends(
const bool provisioning_successfull,
const eap_fast_completion_operation_e provisioning_mode,
const eap_fast_pac_type_e pac_type );
#endif //#if defined(USE_FAST_EAP_TYPE)
// from tls_am_services_c
/**
* Check whether the PAP password is still valid or
* should we prompt user again to enter the password.
* @return True - password is valid, false - otherwise.
*/
EAP_FUNC_IMPORT bool is_ttls_pap_session_valid();
/**
* From interface tls_am_services_c.
*
* The interface is defined in common part. Request asynchronously
* user name and password for TTLS-PAP authentication.
* Complete request with abs_tls_am_services_c::
* complete_query_ttls_pap_username_and_password( ... ).
* *
* @param aInSrvChallenge Server challenge. It could be empty.
* @return EAP status.
*/
EAP_FUNC_IMPORT eap_status_e query_ttls_pap_username_and_password(
const eap_variable_data_c * const aInSrvChallenge );
/**
* The method has empty implementation which is defined for
* compilation purpose.
*/
eap_status_e verify_ttls_pap_username_and_password(
const eap_variable_data_c * const aUserName,
const eap_variable_data_c * const aUserPassword);
// new
/**
* Complete asynch query for TTLS-PAP user name and password.
*
* @param aEapStatus Status of asynch. query completion.
* @param aUserName PAP user name.
* @param aPassword PAP password.
* @return EAP status.
*/
eap_status_e CompleteQueryTtlsPapUserNameAndPassword(
eap_status_e aEapStatus,
const TDesC8& aUserNameUtf8,
const TDesC8& aPasswordUtf8 );
/**
* Delegate the task to m_am_tools.
*
* @param aErr Symbian general error.
* @return Eapol error converted from aErr.
*/
eap_status_e ConvertAmErrorToEapolError( TInt aErr );
/**
* Read TTLS-PAP database.
*
* @param aOutDbInfo Reference to structure containing TTLS-PAP
* database information.
*/
void ReadTtlsPapDbL( TTtlsPapDbInfo& aOutDbInfo );
/**
* Update TTLS-PAP database.
*
* @param aInDbInfo Reference to structure containing TTLS-PAP
* database information.
*/
void WriteTtlsPapDbL( const TTtlsPapDbInfo& aInDbInfo );
/**
* Set value of specified column to NULL.
*
* @param aColName Reference to column name.
*/
void SetTtlsPapColumnToNullL( const TDesC& aColName );
#if defined(USE_FAST_EAP_TYPE)
#if defined(USE_EAP_CONFIGURATION_TO_SKIP_USER_INTERACTIONS)
eap_status_e ReadFileConfig();
#endif
#endif
}; // class eap_am_type_tls_peap_symbian_c
#endif //#if !defined(_EAP_AM_TYPE_TLS_PEAP_SYMBIAN_H_)
//--------------------------------------------------
// End.