/*
* Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: EAP and WLAN authentication protocols.
*
*/
/*
* %version: 11.1.29 %
*/
// Refer the document S60_3_1_EAP_Symbian_Adaptation_Design_C.doc for more
// details of using EAPSettings. Refer section 9.2 for code samples.
#ifndef EAP_SETTINGS_H
#define EAP_SETTINGS_H
#include <unifiedcertstore.h>
#include <cctcertinfo.h>
#include "EapExpandedType.h"
const TUint KGeneralStringMaxLength = 255;
const TUint KKeyIdentifierLength = 255;
const TUint KThumbprintMaxLength = 64;
/* This is the maximum length of a certificate primary/secondary name we are interested in. */
const TUint32 KMaxCertNameLength = 64;
//-------------------------------------------------------------------------------
class EapCertificateEntry
: public CBase
{
public:
enum TCertType
{
ENone,
EUser,
ECA
};
IMPORT_C EapCertificateEntry();
IMPORT_C virtual ~EapCertificateEntry();
IMPORT_C void trace() const;
IMPORT_C EapCertificateEntry * Copy();
// This operator is indentionally without implementation.
EapCertificateEntry * const operator = (const EapCertificateEntry * const right_type_value); // Do not use this.
IMPORT_C EapCertificateEntry &operator = (const EapCertificateEntry &right_type_value);
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TBool GetSubjectNamePresent() const;
IMPORT_C TBool GetIssuerNamePresent() const;
IMPORT_C TBool GetSerialNumberPresent() const;
IMPORT_C TBool GetThumbprintPresent() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TBool GetLabelPresent() const;
IMPORT_C TBool GetPrimaryNamePresent() const;
IMPORT_C TBool GetSecondaryNamePresent() const;
IMPORT_C TBool GetIsEnabledPresent() const;
IMPORT_C TBool GetSubjectKeyIdPresent() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C void SetSubjectNamePresent();
IMPORT_C void SetIssuerNamePresent();
IMPORT_C void SetSerialNumberPresent();
IMPORT_C void SetThumbprintPresent();
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C void SetLabelPresent();
IMPORT_C void SetPrimaryNamePresent();
IMPORT_C void SetSecondaryNamePresent();
IMPORT_C void SetIsEnabledPresent();
IMPORT_C void SetSubjectKeyIdPresent();
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TCertType GetCertType() const;
IMPORT_C const TDes * GetSubjectName() const;
IMPORT_C const TDes * GetIssuerName() const;
IMPORT_C const TDes * GetSerialNumber() const;
IMPORT_C const TDes * GetThumbprint() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TDes * GetSubjectNameWritable();
IMPORT_C TDes * GetIssuerNameWritable();
IMPORT_C TDes * GetSerialNumberWritable();
IMPORT_C TDes * GetThumbprintWritable();
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C const TDes * GetLabel() const;
IMPORT_C const TKeyIdentifier & GetSubjectKeyId() const;
IMPORT_C const TDes * GetPrimaryName() const;
IMPORT_C const TDes * GetSecondaryName() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TDes * GetLabelWritable();
IMPORT_C TKeyIdentifier * GetSubjectKeyIdWritable();
IMPORT_C TDes * GetPrimaryNameWritable();
IMPORT_C TDes * GetSecondaryNameWritable();
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TInt SetCertType(const TCertType & aType);
IMPORT_C TInt SetSubjectName(const TBuf<KGeneralStringMaxLength> & aSubjectName);
IMPORT_C TInt SetIssuerName(const TBuf<KGeneralStringMaxLength> & aIssuerName);
IMPORT_C TInt SetSerialNumber(const TBuf<KGeneralStringMaxLength> & aSerialNumber);
IMPORT_C TInt SetThumbprint(const TBuf<KThumbprintMaxLength> & aThumbprint);
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TInt SetLabel(const TCertLabel & aLabel);
IMPORT_C TInt SetSubjectKeyId(const TKeyIdentifier & aSubjectKeyId);
IMPORT_C TInt SetPrimaryName(const TBuf<KMaxCertNameLength> & aPrimaryName);
IMPORT_C TInt SetSecondaryName(const TBuf<KMaxCertNameLength> & aSecondaryName);
IMPORT_C TInt SetIsEnabled(const TBool aIsEnabled);
IMPORT_C TInt SetIsValid(const TBool aIsValid);
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORT_C TBool GetIsEnabled() const;
IMPORT_C TBool GetIsValid() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
private:
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// These members are used by authentication protocols.
// Specifies whether this entry describes user or CA certificate (mandatory)
TCertType iCertType;
// Subject name in distinguished name ASCII form. This is optional.
// For example "/C=US/O=Some organization/CN=Some common name".
TBool iSubjectNamePresent;
TBuf<KGeneralStringMaxLength> iSubjectName;
// Issuer name in distinguished name ASCII form. This is optional.
// For example "/C=US/O=Some organization/CN=Some common name".
TBool iIssuerNamePresent;
TBuf<KGeneralStringMaxLength> iIssuerName;
// Serial number in ASCII form. This is optional.
TBool iSerialNumberPresent;
TBuf<KGeneralStringMaxLength> iSerialNumber;
// Thumbprint in binary form. This is optional.
TBool iThumbprintPresent;
TBuf<KThumbprintMaxLength> iThumbprint;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// These members are used by UI.
// This holds only the certificate label. This is the text UI will show.
TBool iLabelPresent;
TCertLabel iLabel;
// Primary name of the certificate if any.
TBool iPrimaryNamePresent;
TBuf<KMaxCertNameLength> iPrimaryName;
// Secondary name of the certificate if any.
TBool iSecondaryNamePresent;
TBuf<KMaxCertNameLength> iSecondaryName;
// UI uses this to indicate enabled certificate.
TBool iIsEnabledPresent;
TBool iIsEnabled;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// These members are used by both authentication protocols and UI.
// Subject key in binary form. This is mandatory field to find correct certificate from CUnifiedCertStore. UI uses this too.
TBool iSubjectKeyIdPresent;
//TBuf8<KKeyIdentifierLength> iSubjectKeyId;
TKeyIdentifier iSubjectKeyId; // This is mandatory field to find correct certificate from CUnifiedCertStore.
// Indicates this object is correctly initialized.
TBool iIsValid;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
};
//-------------------------------------------------------------------------------
class EAPSettings : public CBase
{
public:
IMPORT_C EAPSettings();
IMPORT_C virtual ~EAPSettings();
IMPORT_C void trace() const;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Specifies the EAP type these settings are for.
// Is not really needed but is here so just some sanity checks can be made
TEapExpandedType iEAPExpandedType; // Use this in new code.
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Use automatic CA certificate.
TBool iUseAutomaticCACertificatePresent;
TBool iUseAutomaticCACertificate;
// Use automatic username.
TBool iUseAutomaticUsernamePresent;
TBool iUseAutomaticUsername;
// Use automatic realm.
TBool iUseAutomaticRealmPresent;
TBool iUseAutomaticRealm;
// Username in ASCII format
TBool iUsernamePresent;
TBuf<KGeneralStringMaxLength> iUsername;
/// Get: Whether password is stored in database.
/// Set: Whether password must be cleared from database.
TBool iPasswordExistPresent;
TBool iPasswordExist;
// Password in ASCII format
TBool iPasswordPresent;
TBuf<KGeneralStringMaxLength> iPassword;
// Realm in ASCII format
TBool iRealmPresent;
TBuf<KGeneralStringMaxLength> iRealm;
// Use pseudonym identities in EAP-SIM/AKA
TBool iUsePseudonymsPresent;
TBool iUsePseudonyms;
// Whether EAP-TLS/TTLS/PEAP should verify server realm
TBool iVerifyServerRealmPresent;
TBool iVerifyServerRealm;
// Whether EAP-TLS/TTLS/PEAP should require client authentication
TBool iRequireClientAuthenticationPresent;
TBool iRequireClientAuthentication;
// General session validity time (in minutes)
TBool iSessionValidityTimePresent;
TUint iSessionValidityTime;
// An array of allowed cipher suites for EAP-TLS/TTLS/PEAP.
// Refer to RFC2246 chapter A.5 for the values.
TBool iCipherSuitesPresent;
RArray<TUint> iCipherSuites;
// In EAP-PEAP is version 0 allowed
TBool iPEAPVersionsPresent;
TBool iPEAPv0Allowed;
TBool iPEAPv1Allowed;
TBool iPEAPv2Allowed;
// Array listing the allowed certificates for EAP-TLS/TTLS/PEAP.
// Subject key ID and Certificate type are the only mandatory certificate
// details needed at the moment.
TBool iCertificatesPresent;
RPointerArray<EapCertificateEntry> iCertificates;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Use this in new code.
// Array listing the enabled encapsulated Expanded EAP types (in priority order).
// Use constant Expanded EAP type values from EapExpandedType.h.
TBool iEnabledEncapsulatedEAPExpandedTypesPresent;
RArray<TEapExpandedType> iEnabledEncapsulatedEAPExpandedTypes;
// Use this in new code.
// Array listing the disabled encapsulated Expanded EAP types.
// Use constant Expanded EAP type values from EapExpandedType.h.
TBool iDisabledEncapsulatedEAPExpandedTypesPresent;
RArray<TEapExpandedType> iDisabledEncapsulatedEAPExpandedTypes;
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Whether Authenticated provisioning mode allowed or not in EAP-FAST.
TBool iAuthProvModeAllowedPresent;
TBool iAuthProvModeAllowed;
// Whether Unauthenticated provisioning mode allowed or not in EAP-FAST.
TBool iUnauthProvModeAllowedPresent;
TBool iUnauthProvModeAllowed;
// PAC group reference in ASCII format for EAP-FAST.
TBool iPACGroupReferencePresent;
TBuf<KGeneralStringMaxLength> iPACGroupReference;
// Whether to Warn (or Prompt) for ADHP (Authenticated Diffie-Hellman Protocol)
// auto-provisioning when there is no PAC at all. EAP-FAST specific.
TBool iWarnADHPNoPACPresent;
TBool iWarnADHPNoPAC;
// Whether to Warn (or Prompt) for ADHP auto-provisioning when
// there is no PAC that matches the A-ID sent by server. EAP-FAST specific.
TBool iWarnADHPNoMatchingPACPresent;
TBool iWarnADHPNoMatchingPAC;
// Whether to Warn (or Prompt) when client encouters a server that has provisioned
// the client with a PAC before but is not currently selected as the default server.
// EAP-FAST specific.
TBool iWarnNotDefaultServerPresent;
TBool iWarnNotDefaultServer;
TBool iShowPassWordPromptPresent;
TBool iShowPassWordPrompt;
// This is used in TLS/PEAP/TTLS/FAST. It activates TLS-renegotiation, that will send user certificate with in TLS-protected application data.
TBool iUseIdentityPrivacyPresent;
TBool iUseIdentityPrivacy;
};
//#include "EapSettings.inl"
//-------------------------------------------------------------------------------
#if defined(USE_EAP_TRACE)
#define EAP_TRACE_SETTINGS(settings) { (settings)->trace(); }
#else
#define EAP_TRACE_SETTINGS(settings)
#endif //#if defined(USE_EAP_TRACE)
//-------------------------------------------------------------------------------
#endif
// End of file