diff -r e03a3db4489e -r 9abfd4f00d37 eapol/eapol_framework/eapol_symbian/am/type/tls_peap/symbian/EapTlsPeapCertInterface.cpp --- a/eapol/eapol_framework/eapol_symbian/am/type/tls_peap/symbian/EapTlsPeapCertInterface.cpp Thu May 13 22:51:27 2010 +0300 +++ b/eapol/eapol_framework/eapol_symbian/am/type/tls_peap/symbian/EapTlsPeapCertInterface.cpp Mon May 24 20:32:47 2010 +0300 @@ -16,7 +16,7 @@ */ /* -* %version: 42 % +* %version: 38.1.24 % */ // This is enumeration of EAPOL source code. @@ -34,10 +34,13 @@ #include #include #include "eap_tlv_message_data.h" -#include "eap_am_trace_symbian.h" +#include "EapTraceSymbian.h" +#include "eap_automatic_variable.h" -const TText8 KKeyStoreHandlePrefix[] = "EapTlsPeapKeyStoreHandler"; -const TText8 KKeyStoreHandleKey[] = "CEapTlsPeapCertInterface KeyStore handle"; +#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + const TText8 KKeyStoreHandlePrefix[] = "EapTlsPeapKeyStoreHandler"; + const TText8 KKeyStoreHandleKey[] = "CEapTlsPeapCertInterface KeyStore handle"; +#endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) enum TAlgorithmAndSignedType { @@ -61,6 +64,14 @@ CEapTlsPeapCertInterface* CEapTlsPeapCertInterface::NewL(abs_eap_am_tools_c* const aTools, eap_am_type_tls_peap_symbian_c* const aParent) { + EAP_TRACE_DEBUG( + aTools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::NewL()\n"))); + + EAP_TRACE_RETURN_STRING(aTools, "returns: CEapTlsPeapCertInterface::NewL()"); + + CEapTlsPeapCertInterface* self = new(ELeave) CEapTlsPeapCertInterface(aTools, aParent); CleanupStack::PushL(self); self->ConstructL(); @@ -72,14 +83,22 @@ CEapTlsPeapCertInterface::CEapTlsPeapCertInterface(abs_eap_am_tools_c* const aTools, eap_am_type_tls_peap_symbian_c* const aParent) : CActive(CActive::EPriorityStandard) -,iParent(aParent) -,m_am_tools(aTools) -,iAllowedUserCerts(1) -,iEncodedCertificate(0) -,iCertPtr(0,0) -,iMatchingUserCertInfos(1) -,iCAIndex(0) +, iParent(aParent) +, m_am_tools(aTools) +, iAllowedUserCerts(1) +, iEncodedCertificate(0) +, iCertPtr(0,0) +, iMatchingUserCertInfos(1) +, iCAIndex(0) +, iUseAutomaticCaCertificate(EFalse) { + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::CEapTlsPeapCertInterface()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::CEapTlsPeapCertInterface()"); + EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); } @@ -88,8 +107,13 @@ void CEapTlsPeapCertInterface::ConstructL() { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::ConstructL()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ConstructL()"); + User::LeaveIfError(iFs.Connect()); CActiveScheduler::Add(this); @@ -106,19 +130,72 @@ CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface() { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface()"); + + if(IsActive()) + { + Cancel(); + } + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iMatchingUserCerts.ResetAndDestroy()\n"))); + iMatchingUserCerts.ResetAndDestroy(); - iMatchingUserCertInfos.Reset(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iMatchingUserCertInfos.ResetAndDestroy()\n"))); + + iMatchingUserCertInfos.ResetAndDestroy(); - iAllowedUserCerts.Reset(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iAllowedUserCerts.ResetAndDestroy()\n"))); + + iAllowedUserCerts.ResetAndDestroy(); + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iAllowedCACerts.ResetAndDestroy()\n"))); + + iAllowedCACerts.ResetAndDestroy(); + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iRootCerts.ResetAndDestroy()\n"))); iRootCerts.ResetAndDestroy(); + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iUserCertChain.ResetAndDestroy()\n"))); + iUserCertChain.ResetAndDestroy(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iCertAuthorities.ResetAndDestroy()\n"))); + iCertAuthorities.ResetAndDestroy(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iCertInfos.Reset()\n"))); + TInt i(0); for (i = 0; i < iCertInfos.Count(); i++) { @@ -126,12 +203,22 @@ } iCertInfos.Reset(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iKeyInfos.Reset()\n"))); + for (i = 0; i < iKeyInfos.Count(); i++) { iKeyInfos[i]->Release(); } iKeyInfos.Reset(); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): delete rest\n"))); + delete iCertFilter; delete iCertStore; delete iCertChain; @@ -143,9 +230,18 @@ delete iSignature; delete iPtrOut; delete iSignaturePtr; + delete iRSASignature; + delete iDSASignature; + delete iKeyFilter; + +#if !defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + + delete iKeyStore; + +#endif //#if !defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) - iFs.Close(); - + iFs.Close(); + EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, @@ -157,7 +253,7 @@ //-------------------------------------------------- void CEapTlsPeapCertInterface::GetMatchingCertificatesL( - const RArray& aAllowedUserCerts, + const RPointerArray& aAllowedUserCerts, const TBool aUseCertAuthoritiesFilter, EAP_TEMPLATE_CONST eap_array_c * const aCertAuthorities, const TBool aUseCertTypesFilter, @@ -165,54 +261,61 @@ const TBool aUseAllowedCipherSuitesFilter, const RArray& aAllowedCipherSuites) { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): Total allowed user certs=%d, aAllowedUserCerts=0x%08x, iAllowedUserCerts=0x%08x, aCertAuthorities=0x%08x, aCertTypes=0x%08x, aAllowedCipherSuites=0x%08x\n"), + aAllowedUserCerts.Count(), + &aAllowedUserCerts, + &iAllowedUserCerts, + aCertAuthorities, + aCertTypes, + &aAllowedCipherSuites)); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::GetMatchingCertificatesL()"); + iUseCertAuthoritiesFilter = aUseCertAuthoritiesFilter; iUseCertTypesFilter = aUseCertTypesFilter; iUseAllowedCipherSuitesFilter = aUseAllowedCipherSuitesFilter; - iAllowedUserCerts.Reset(); - EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: Total allowed user certs=%d\n"), - aAllowedUserCerts.Count())); + (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): iAllowedUserCerts.Count()=%d\n"), + iAllowedUserCerts.Count())); + + iAllowedUserCerts.ResetAndDestroy(); EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL:UseCertAuthoritiesFilter=%d, UseCertTypesFilter=%d, UseAllowedCipherSuitesFilter=%d\n"), - iUseCertAuthoritiesFilter,iUseCertTypesFilter,iUseAllowedCipherSuitesFilter)); + (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): UseCertAuthoritiesFilter=%d, UseCertTypesFilter=%d, UseAllowedCipherSuitesFilter=%d\n"), + iUseCertAuthoritiesFilter, + iUseCertTypesFilter, + iUseAllowedCipherSuitesFilter)); for (TInt j = 0; j < aAllowedUserCerts.Count(); j++) { - iAllowedUserCerts.AppendL(aAllowedUserCerts[j]); - -#if defined(_DEBUG) || defined(DEBUG) + EapCertificateEntry * const copy_cert = aAllowedUserCerts[j]->Copy(); + if (copy_cert == 0) + { + User::Leave(KErrNoMemory); + } - // This is just for the debug prints. - TCertLabel tempLabel = iAllowedUserCerts[j].iLabel; - TKeyIdentifier tempSubjectKeyId = iAllowedUserCerts[j].iSubjectKeyId; - - EAP_TRACE_DEBUG( - m_am_tools, - TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: details of allowed user certs,Label=%S\n"), - &tempLabel)); - - EAP_TRACE_DATA_DEBUG_SYMBIAN( ( "GetMatchingCertificatesL : Subject Key Id:", - tempSubjectKeyId.Ptr(), tempSubjectKeyId.Size() ) ); -#endif + iAllowedUserCerts.AppendL(copy_cert); + + EAP_TRACE_SETTINGS(copy_cert); } if (iCertAuthorities.Count() > 0) { iCertAuthorities.ResetAndDestroy(); } - if (aUseCertAuthoritiesFilter) + + if (aUseCertAuthoritiesFilter + && aCertAuthorities) { for (TUint i = 0; i < aCertAuthorities->get_object_count(); i++) { @@ -223,8 +326,8 @@ // Try to form distiguished name CX500DistinguishedName* tmp = 0; - TRAPD(err, tmp = CX500DistinguishedName::NewL(ptr)); - if (err == KErrNone) + TRAPD(error, tmp = CX500DistinguishedName::NewL(ptr)); + if (error == KErrNone) { CleanupStack::PushL(tmp); // Distinguished name was found -> add it to array. @@ -262,7 +365,7 @@ if (iCertStore == 0) { - iCertStore = CUnifiedCertStore::NewL(iFs, false); + iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); iCertStore->Initialize(iStatus); } else @@ -277,16 +380,22 @@ //-------------------------------------------------- -void CEapTlsPeapCertInterface::ReadCertificateL(SCertEntry& aCertInfo, const TBool aRetrieveChain) +void CEapTlsPeapCertInterface::ReadCertificateL(EapCertificateEntry& aCertInfo, const TBool aRetrieveChain) { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::ReadCertificateL()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ReadCertificateL()"); + iCertInfo = aCertInfo; iRetrieveChain = aRetrieveChain; iState = EReadCertInitStore; if (iCertStore == 0) { - iCertStore = CUnifiedCertStore::NewL(iFs, false); + iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); iCertStore->Initialize(iStatus); } else @@ -300,17 +409,21 @@ //-------------------------------------------------- -void CEapTlsPeapCertInterface::ReadCACertificateL(SCertEntry& aCertInfo) +void CEapTlsPeapCertInterface::ReadCACertificateL(EapCertificateEntry& aCertInfo) { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("CEapTlsPeapCertInterface::ReadCACertificateL.\n"))); - + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::ReadCACertificateL()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ReadCACertificateL()"); + iCertInfo = aCertInfo; iState = EReadCACertInitStore; if (iCertStore == 0) { - iCertStore = CUnifiedCertStore::NewL(iFs, false); + iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); iCertStore->Initialize(iStatus); } else @@ -325,19 +438,48 @@ //-------------------------------------------------- -void CEapTlsPeapCertInterface::ValidateChainL(TDesC8& aCertChain, RArray& aAllowedCACerts) -{ - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); +void CEapTlsPeapCertInterface::ValidateChainL( + TDesC8& aCertChain, + RPointerArray& aAllowedCACerts, + const TBool aUseAutomaticCaCertificate) +{ + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::ValidateChainL(): aUseAutomaticCaCertificate=%d\n"), + aUseAutomaticCaCertificate)); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ValidateChainL()"); + + iUseAutomaticCaCertificate = aUseAutomaticCaCertificate; iCAIndex = 0; - iAllowedCACerts = aAllowedCACerts; + iAllowedCACerts.ResetAndDestroy(); + + if (!iUseAutomaticCaCertificate) + { + for (TInt j = 0; j < aAllowedCACerts.Count(); j++) + { + EapCertificateEntry * const copy_cert = aAllowedCACerts[j]->Copy(); + if (copy_cert == 0) + { + User::Leave(KErrNoMemory); + } + + iAllowedCACerts.AppendL(copy_cert); + + EAP_TRACE_SETTINGS(copy_cert); + } + } + delete iInputCertChain; iInputCertChain = 0; iInputCertChain = aCertChain.AllocL(); iState = EValidateChainInitStore; + if (iCertStore == 0) { - iCertStore = CUnifiedCertStore::NewL(iFs, false); + iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); iCertStore->Initialize(iStatus); } else @@ -345,7 +487,9 @@ TRequestStatus* status = &iStatus; User::RequestComplete(status, KErrNone); } + SetActive(); + EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); } @@ -353,13 +497,13 @@ void CEapTlsPeapCertInterface::DoCancel() { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("CEapTlsPeapCertInterface::DoCancel()\n"))); + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::DoCancel()"); + if (iCertStore != 0 && iCertStore->IsActive()) { EAP_TRACE_DEBUG( @@ -457,15 +601,23 @@ //-------------------------------------------------- void CEapTlsPeapCertInterface::SignL( - TKeyIdentifier& aKeyId, + const TKeyIdentifier& aKeyId, const TDesC8& aHashIn, const TUint aSignatureLength) { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::SignL()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::SignL()"); + iKeyIdentifier = aKeyId; if (aHashIn.Size() > KMaxHashLength) { - EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Illegal hash size to SignL.\n"))); + EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Illegal hash size %d to SignL(), shoudbe <= %d.\n"), + aHashIn.Size(), + KMaxHashLength)); EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); User::Leave(KErrGeneral); } @@ -493,6 +645,9 @@ if (iKeyStore == 0) { + +#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + // Try to get the keystore class pointer from memory store eap_variable_data_c key(m_am_tools); eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); @@ -511,12 +666,17 @@ eap_tlv_message_data_c tlv_data(m_am_tools); status = m_am_tools->memory_store_get_data(&key, &tlv_data); + if (status != eap_status_ok) { + +#endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + + EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); + (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::SignL(): cannot get previous CUnifiedKeyStore handle.\n"))); // At this point we can set the passphrase timeout because it the passphrase @@ -527,6 +687,8 @@ iKeyStore = CUnifiedKeyStore::NewL(iFs); iKeyStore->Initialize(iStatus); +#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + status = tlv_data.add_message_data( eap_type_tlspeap_stored_keystore_handle, sizeof(iKeyStore), @@ -601,15 +763,24 @@ User::Leave(KErrGeneral); } } + +#endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + } else { + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::SignL(): uses previous CUnifiedKeyStore handle.\n"))); + // Skip passphrase setting because it clears the passphrase cache iState = ESetPassphraseTimeout; TRequestStatus* status = &iStatus; User::RequestComplete(status, KErrNone); } + SetActive(); @@ -620,10 +791,16 @@ //-------------------------------------------------- void CEapTlsPeapCertInterface::DecryptL( - TKeyIdentifier& aKeyId, + const TKeyIdentifier& aKeyId, const TDesC8& aDataIn) { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::DecryptL()\n"))); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::DecryptL()"); + iKeyIdentifier = aKeyId; delete iDataIn; @@ -647,6 +824,9 @@ // Try to get the keystore handler class from memory store if (iKeyStore == 0) { + +#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + // Try to get the keystore class pointer from memory store eap_variable_data_c key(m_am_tools); eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); @@ -665,16 +845,22 @@ eap_tlv_message_data_c tlv_data(m_am_tools); status = m_am_tools->memory_store_get_data(&key, &tlv_data); + if (status != eap_status_ok) { + +#endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); + (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): cannot get previous CUnifiedKeyStore handle.\n"))); iKeyStore = CUnifiedKeyStore::NewL(iFs); iKeyStore->Initialize(iStatus); +#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + status = tlv_data.add_message_data( eap_type_tlspeap_stored_keystore_handle, sizeof(iKeyStore), @@ -700,7 +886,7 @@ EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("EAP_type_TLSPEAP: Found previous keystore handle.\n"))); + (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): Found previous keystore handle.\n"))); // Parse read data. eap_array_c tlv_blocks(m_am_tools); @@ -743,14 +929,23 @@ User::Leave(KErrGeneral); } } + +#endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) + } else { + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): uses previous CUnifiedKeyStore handle.\n"))); + TRequestStatus* status = &iStatus; User::RequestComplete(status, KErrNone); } - SetActive(); + SetActive(); + EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); } @@ -758,49 +953,51 @@ void CEapTlsPeapCertInterface::RunL() { - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - - EAP_TRACE_DEBUG_SYMBIAN( - (_L("CEapTlsPeapCertInterface::RunL(): TEMP iStatus=%d, iState=%d"), - iStatus.Int(), iState)); - EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::RunL(): iStatus %d\n"), - iStatus.Int())); + (EAPL("CEapTlsPeapCertInterface::RunL(): TEMP iStatus=%d, iState=%d\n"), + iStatus.Int(), + iState)); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::RunL()"); if (!(iStatus.Int() == KErrNone)) { EAP_TRACE_ERROR( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("ERROR: EAP-TLS certificate interface failed: %d.\n"), + (EAPL("ERROR: EAP-TLS certificate interface failed: error=%d.\n"), iStatus.Int())); iParent->SendErrorNotification(eap_status_user_cancel_authentication); if(iState == ESignOpenKeyStore) { // User probably cancelled the keystore password query. - - EAP_TRACE_DEBUG_SYMBIAN( - (_L("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore Failed"))); - + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore Failed\n"))); + if(iRSASigner != NULL) { iRSASigner->Release(); - EAP_TRACE_DEBUG_SYMBIAN( - (_L("CEapTlsPeapCertInterface::RunL(): iRSASigner->Release() OK"))); - + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::RunL(): iRSASigner->Release() OK\n"))); } if(iDSASigner != NULL) { iDSASigner->Release(); - EAP_TRACE_DEBUG_SYMBIAN( - (_L("CEapTlsPeapCertInterface::RunL(): iDSASigner->Release() OK"))); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::RunL(): iDSASigner->Release() OK\n"))); } } @@ -827,12 +1024,12 @@ } iCertInfos.Reset(); - TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); - if (err != KErrNone) + TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - CArrayFixFlat tmp(sizeof(SCertEntry)); + RPointerArray tmp(sizeof(EapCertificateEntry)); m_am_tools->enter_global_mutex(); @@ -863,7 +1060,7 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize, Total Certs: iCertInfos.Count()=%d\n"), iCertInfos.Count())); - iMatchingUserCertInfos.Reset(); + iMatchingUserCertInfos.ResetAndDestroy(); // Remove non-allowed TInt i(0); @@ -872,10 +1069,10 @@ { for (j = 0; j < iAllowedUserCerts.Count(); j++) { - if ( (iCertInfos[i]->Label().Compare(iAllowedUserCerts[j].iLabel) == 0 + if ( (iCertInfos[i]->Label().Compare(*(iAllowedUserCerts[j]->GetLabel())) == 0 || iCertInfos[i]->Label().Length() == 0 - || iAllowedUserCerts[j].iLabel.Length() == 0) - && iCertInfos[i]->SubjectKeyId() == iAllowedUserCerts[j].iSubjectKeyId) + || iAllowedUserCerts[j]->GetLabel()->Length() == 0) + && iCertInfos[i]->SubjectKeyId() == iAllowedUserCerts[j]->GetSubjectKeyId()) { EAP_TRACE_DEBUG( @@ -883,14 +1080,19 @@ TRACE_FLAGS_DEFAULT, (EAPL("RunL(): EGetMatchingCertsInitialize, Found a Matching USER cert\n"))); - EAP_TRACE_DEBUG( + EAP_TRACE_DATA_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("RunL(): EGetMatchingCertsInitialize,Label of matching cert=%S\n"), - &(iCertInfos[i]->Label()))); - - EAP_TRACE_DATA_DEBUG_SYMBIAN(("RunL(): EGetMatchingCertsInitialize,SubjectkeyID of matching cert", - iCertInfos[i]->SubjectKeyId().Ptr(), iCertInfos[i]->SubjectKeyId().Size())); + (EAPL("RunL(): EGetMatchingCertsInitialize, Label of matching cert"), + iCertInfos[i]->Label().Ptr(), + iCertInfos[i]->Label().Size())); + + EAP_TRACE_DATA_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("RunL(): EGetMatchingCertsInitialize, SubjectkeyID of matching cert"), + iCertInfos[i]->SubjectKeyId().Ptr(), + iCertInfos[i]->SubjectKeyId().Size())); break; } @@ -901,7 +1103,8 @@ iCertInfos.Remove(i); i--; } - } + } + if (iCertInfos.Count() == 0) { EAP_TRACE_DEBUG( @@ -911,10 +1114,10 @@ // No matching certs - CArrayFixFlat* tmp = NULL; + RPointerArray* tmp = NULL; - TRAPD(err, tmp = new (ELeave) CArrayFixFlat(1) ); - if (tmp == 0 || err != KErrNone) + tmp = new (ELeave) RPointerArray(1); + if (tmp == 0) { // Timeout handles error situation EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -939,29 +1142,29 @@ iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - - CArrayFixFlat tmp(sizeof(SCertEntry)); - + + RPointerArray tmp(sizeof(EapCertificateEntry)); + m_am_tools->enter_global_mutex(); - + iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure - + m_am_tools->leave_global_mutex(); break; } - + iCertPtr.Set(iEncodedCertificate->Des()); iCertStore->Retrieve( *(iCertInfos[iUserCertIndex]), iCertPtr, iStatus); - + SetActive(); } break; @@ -974,12 +1177,12 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsLoop\n"))); CX509Certificate* cert = 0; - TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); - if (err != KErrNone || cert == 0) + TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); + if (error != KErrNone || cert == 0) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - CArrayFixFlat tmp(sizeof(SCertEntry)); + RPointerArray tmp(sizeof(EapCertificateEntry)); m_am_tools->enter_global_mutex(); @@ -995,7 +1198,7 @@ delete cert; EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - CArrayFixFlat tmp(sizeof(SCertEntry)); + RPointerArray tmp(sizeof(EapCertificateEntry)); m_am_tools->enter_global_mutex(); @@ -1009,17 +1212,36 @@ // No need to validate iCertInfos here as the execution doesn't come to this case if iCertInfos // is empty, check is done in the above case. - SCertEntry entry; - entry.iLabel.Copy(iCertInfos[iUserCertIndex]->Label()); - entry.iSubjectKeyId = iCertInfos[iUserCertIndex]->SubjectKeyId(); + EapCertificateEntry * entry = new EapCertificateEntry; + entry = new (ELeave) EapCertificateEntry; + if (entry == 0 || error != KErrNone) + { + // Timeout handles error situation + EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); + + RPointerArray tmp(sizeof(EapCertificateEntry)); + + m_am_tools->enter_global_mutex(); + + iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure + + m_am_tools->leave_global_mutex(); + + delete entry; + + break; + } + + entry->SetLabel(iCertInfos[iUserCertIndex]->Label()); + entry->SetSubjectKeyId(iCertInfos[iUserCertIndex]->SubjectKeyId()); - TRAP(err, iMatchingUserCertInfos.AppendL(entry)); - if (err != KErrNone) + TRAP(error, iMatchingUserCertInfos.AppendL(entry)); + if (error != KErrNone) { EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - CArrayFixFlat tmp(sizeof(SCertEntry)); - + RPointerArray tmp(sizeof(EapCertificateEntry)); + m_am_tools->enter_global_mutex(); iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure @@ -1052,13 +1274,15 @@ // Matches break; } - } + } // for() + if (j == iCertAuthorities.Count()) { // No match. Remove delete iMatchingUserCerts[i]; iMatchingUserCerts.Remove(i); - iMatchingUserCertInfos.Delete(i); + delete iMatchingUserCertInfos[i]; + iMatchingUserCertInfos.Remove(i); i--; EAP_TRACE_DEBUG( @@ -1069,7 +1293,8 @@ } } // Check Certificate types - if (iUseCertTypesFilter) + if (iUseCertTypesFilter + && iCertTypes != 0) { for (i = 0; i < (TInt) iMatchingUserCerts.Count(); i++) { @@ -1081,27 +1306,33 @@ for (j = 0; j < iCertTypes->get_object_count(); j++) { u8_t* val = iCertTypes->get_object(j); - if (algorithm == ERSA - && (*val == ERSASign - || *val == ERSASignWithFixedDH - || *val == ERSASignWithEphemeralDH)) + + if (val != 0) { - break; + if (algorithm == ERSA + && (*val == ERSASign + || *val == ERSASignWithFixedDH + || *val == ERSASignWithEphemeralDH)) + { + break; + } + else if (algorithm == EDSA + && (*val == EDSASign + || *val == EDSASignWithFixedDH + || *val == EDSASignWithEphemeralDH)) + { + break; + } } - if (algorithm == EDSA - && (*val == EDSASign - || *val == EDSASignWithFixedDH - || *val == EDSASignWithEphemeralDH)) - { - break; - } - } + } // for() + if (j == iCertTypes->get_object_count()) { // No match. Remove delete iMatchingUserCerts[i]; iMatchingUserCerts.Remove(i); - iMatchingUserCertInfos.Delete(i); + delete iMatchingUserCertInfos[i]; + iMatchingUserCertInfos.Remove(i); i--; EAP_TRACE_DEBUG( @@ -1113,6 +1344,7 @@ } } + // Check cipher suites if (iUseAllowedCipherSuitesFilter) { @@ -1132,7 +1364,8 @@ // No match. Remove delete iMatchingUserCerts[i]; iMatchingUserCerts.Remove(i); - iMatchingUserCertInfos.Delete(i); + delete iMatchingUserCertInfos[i]; + iMatchingUserCertInfos.Remove(i); i--; EAP_TRACE_DEBUG( @@ -1157,12 +1390,12 @@ iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - CArrayFixFlat tmp(sizeof(SCertEntry)); + RPointerArray tmp(sizeof(EapCertificateEntry)); m_am_tools->enter_global_mutex(); @@ -1202,8 +1435,8 @@ } iCertInfos.Reset(); - TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); - if (err != KErrNone || iCertFilter == 0) + TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); + if (error != KErrNone || iCertFilter == 0) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1220,10 +1453,13 @@ iCertFilter->SetFormat(EX509Certificate); iCertFilter->SetOwnerType(EUserCertificate); - iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); - if (iCertInfo.iLabel.Size()>0) - iCertFilter->SetLabel(iCertInfo.iLabel); // We can not use Label in the filter as certificates saved + iCertFilter->SetSubjectKeyId(iCertInfo.GetSubjectKeyId()); + + if (iCertInfo.GetLabel()->Size() > 0) + { + iCertFilter->SetLabel(*(iCertInfo.GetLabel())); // We can not use Label in the filter as certificates saved // by using SetConfigurationL (OMA DM etc uses it) will not have Label. + } iState = EReadCertList; iCertStore->List( @@ -1266,8 +1502,8 @@ iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1300,8 +1536,8 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCert\n"))); CX509Certificate* cert = 0; - TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); - if (err != KErrNone) + TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1344,7 +1580,7 @@ iState = ERetrieveChainInitStore; if (iCertStore == 0) { - iCertStore = CUnifiedCertStore::NewL(iFs, false); + iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); iCertStore->Initialize(iStatus); } else @@ -1378,8 +1614,8 @@ } iCertInfos.Reset(); - TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); - if (err != KErrNone) + TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1452,8 +1688,8 @@ iState = ECreateCertChain; iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1487,8 +1723,8 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): ECreateCertChain\n"))); CX509Certificate* cert = 0; - TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); - if (err != KErrNone || cert == 0) + TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); + if (error != KErrNone || cert == 0) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1505,24 +1741,33 @@ #if defined(_DEBUG) || defined(DEBUG) + { // No need to validate iCertInfos in here as it is done in case: EGetAllCerts CCTCertInfo* tempInfo; tempInfo = iCertInfos[iCAIndex]; // These are for the trace debug. TCertLabel label = tempInfo->Label(); - TKeyIdentifier KeyIdentifier = tempInfo->SubjectKeyId(); + TKeyIdentifier SubjectKeyId = tempInfo->SubjectKeyId(); TKeyIdentifier IssuerId = tempInfo->IssuerKeyId(); TCertificateFormat format = tempInfo->CertificateFormat(); TCertificateOwnerType ownerType = tempInfo->CertificateOwnerType(); - EAP_TRACE_DEBUG_SYMBIAN((_L("\n CEapTlsPeapCertInterface::RunL() : About to retrieve Cert with details, Label = %S"), &label)); - EAP_TRACE_DEBUG_SYMBIAN((_L("Other detials- Format=%d, Owner type=%d, IsDeletable=%d, Type UID=%d"), - format, ownerType, tempInfo->IsDeletable(), tempInfo->Type())); + EAP_TRACE_DEBUG_SYMBIAN((_L("\n CEapTlsPeapCertInterface::RunL() : About to retrieve Cert with details, Label = %S"), + &label)); + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("Other detials- Format=%d, Owner type=%d, IsDeletable=%d, Type UID=%d\n"), + format, + ownerType, + tempInfo->IsDeletable(), + tempInfo->Type())); EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Subject key Id is"), - KeyIdentifier.Ptr(), - KeyIdentifier.Size())); + SubjectKeyId.Ptr(), + SubjectKeyId.Size())); EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Issuer Id is"), IssuerId.Ptr(), @@ -1550,14 +1795,15 @@ } else { - EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("WARNING: No extension for this certificate\n"))); + EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("WARNING: No extension for this certificate\n"))); } } else { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: No Certs here!\n"))); } - + } + #endif @@ -1625,8 +1871,8 @@ const CSubjectPublicKeyInfo& key = iRootCerts[i]->PublicKey(); const TPtrC8 params = key.EncodedParams(); - TRAPD(err, dsaParams = CX509DSAPublicKey::DSAParametersL(params)); - if (err != KErrNone) + TRAPD(error, dsaParams = CX509DSAPublicKey::DSAParametersL(params)); + if (error != KErrNone) { RPointerArray tmp; @@ -1639,8 +1885,8 @@ return; } - TRAP(err, signParams = CSigningKeyParameters::NewL()); - if (err != KErrNone) + TRAP(error, signParams = CSigningKeyParameters::NewL()); + if (error != KErrNone) { RPointerArray tmp; @@ -1653,8 +1899,8 @@ delete dsaParams; return; } - TRAP(err, signParams->SetDSAParamsL(*dsaParams)); - if (err != KErrNone) + TRAP(error, signParams->SetDSAParamsL(*dsaParams)); + if (error != KErrNone) { RPointerArray tmp; @@ -1669,8 +1915,8 @@ return; } - TRAP(err, iUserCertChain[iUserCertChain.Count()-1]->SetParametersL(*signParams)); - if (err != KErrNone) + TRAP(error, iUserCertChain[iUserCertChain.Count()-1]->SetParametersL(*signParams)); + if (error != KErrNone) { RPointerArray tmp; m_am_tools->enter_global_mutex(); @@ -1741,8 +1987,8 @@ iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -1786,8 +2032,8 @@ } iCertInfos.Reset(); - TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); - if (err != KErrNone) + TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); RPointerArray tmp; @@ -1802,10 +2048,13 @@ iCertFilter->SetFormat(EX509Certificate); iCertFilter->SetOwnerType(ECACertificate); - iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); - if (iCertInfo.iLabel.Size()>0) - iCertFilter->SetLabel(iCertInfo.iLabel);// We can not use Label in the filter as certificates saved + iCertFilter->SetSubjectKeyId(iCertInfo.GetSubjectKeyId()); + + if (iCertInfo.GetLabel()->Size() > 0) + { + iCertFilter->SetLabel(*(iCertInfo.GetLabel()));// We can not use Label in the filter as certificates saved // by using SetConfigurationL (OMA DM etc uses it) will not have Label. + } iState = EReadCACertList; iCertStore->List( @@ -1846,8 +2095,8 @@ iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); RPointerArray tmp; @@ -1885,8 +2134,8 @@ iEncodedCertificate->Size())); CX509Certificate* cert = 0; - TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); - if (err != KErrNone) + TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); RPointerArray tmp; @@ -1936,8 +2185,8 @@ } iCertInfos.Reset(); - TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); - if (err != KErrNone) + TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); CPKIXValidationResult* tmp = 0; @@ -1949,10 +2198,12 @@ m_am_tools->leave_global_mutex(); break; } + iCertFilter->SetOwnerType(ECACertificate); iCertFilter->SetFormat(EX509Certificate); iState = EValidateChainGetCACertList; + iCertStore->List( iCertInfos, *iCertFilter, @@ -1969,31 +2220,44 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList\n"))); int index; - TIdentityRelation comparator(&EapTlsPeapUtils::CompareSCertEntries); - // Remove disallowed CA certs from the array - for (TInt i = 0; i < iCertInfos.Count(); i++) + TIdentityRelation comparator(&EapTlsPeapUtils::CompareSCertEntries); + + if (iUseAutomaticCaCertificate) + { + // All CA certificates are allowed. + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList: All CA certificates are allowed.\n"))); + } + else { - SCertEntry certEntry; - certEntry.iLabel.Copy(iCertInfos[i]->Label()); - certEntry.iSubjectKeyId.Copy(iCertInfos[i]->SubjectKeyId()); - index = iAllowedCACerts.Find(certEntry, comparator); - - if (index == KErrNotFound) + // Remove disallowed CA certs from the array + for (TInt i = 0; i < iCertInfos.Count(); i++) { - // Remove - iCertInfos[i]->Release(); - iCertInfos.Remove(i); - i--; + EapCertificateEntry certEntry; + certEntry.SetLabel(iCertInfos[i]->Label()); + certEntry.SetSubjectKeyId(iCertInfos[i]->SubjectKeyId()); + index = iAllowedCACerts.Find(&certEntry, comparator); + + if (index == KErrNotFound) + { + // Remove + iCertInfos[i]->Release(); + iCertInfos.Remove(i); + i--; + } } } + if (iCertInfos.Count() == 0) { // Create new validation result for this failure case. // CPKIXValidationResult does include a Reset-member function // but it is not in x500.lib as the documentation says. CPKIXValidationResult* validationResult = 0; - TRAPD(err, validationResult = CPKIXValidationResult::NewL()); - if (err != KErrNone) + TRAPD(error, validationResult = CPKIXValidationResult::NewL()); + if (error != KErrNone) { // Do nothing. Session timeout takes care of cleanup... EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); @@ -2006,37 +2270,39 @@ delete validationResult; break; } - - CCTCertInfo* info; - info = iCertInfos[0]; - iCAIndex = 0; + + { + CCTCertInfo* info; + info = iCertInfos[0]; + iCAIndex = 0; + + iState = EValidateChainGetCACert; - iState = EValidateChainGetCACert; - - iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) - { - EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); - - CPKIXValidationResult* tmp = 0; + iEncodedCertificate->Des().SetLength(0); + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) + { + EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); + + CPKIXValidationResult* tmp = 0; + + m_am_tools->enter_global_mutex(); + + iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. + + m_am_tools->leave_global_mutex(); + break; + } + + iCertPtr.Set(iEncodedCertificate->Des()); + + iCertStore->Retrieve( + *info, + iCertPtr, + iStatus); - m_am_tools->enter_global_mutex(); - - iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. - - m_am_tools->leave_global_mutex(); - break; + SetActive(); } - - iCertPtr.Set(iEncodedCertificate->Des()); - - iCertStore->Retrieve( - *info, - iCertPtr, - iStatus); - - SetActive(); } break; @@ -2048,8 +2314,8 @@ (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert\n"))); CX509Certificate* cert = 0; - TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); - if (err != KErrNone) + TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); CPKIXValidationResult* tmp = 0; @@ -2083,10 +2349,10 @@ delete iCertChain; iCertChain = 0; - TRAPD(err, iCertChain = CPKIXCertChain::NewL(iFs, *iInputCertChain, iRootCerts)); - if (err != KErrNone) + TRAPD(error, iCertChain = CPKIXCertChain::NewL(iFs, *iInputCertChain, iRootCerts)); + if (error != KErrNone) { - EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EAP-TLS error %d.\n"), err)); + EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EAP-TLS error %d.\n"), error)); CPKIXValidationResult* tmp = 0; m_am_tools->enter_global_mutex(); @@ -2096,13 +2362,22 @@ m_am_tools->leave_global_mutex(); break; } + // Set the current time iTime.UniversalTime(); iState = EValidateChainEnd; - TRAP(err, iCertChain->ValidateL(*iValidationResult, iTime, iStatus)); - if (err != KErrNone) + + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert, calls iCertChain->ValidateL(), count of root CA certificates = %d\n"), + iRootCerts.Count())); + + TRAP(error, iCertChain->ValidateL(*iValidationResult, iTime, iStatus)); + if (error != KErrNone) { - EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Error in certificate validation in EAP-TLS.\n"))); + EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Error in certificate validation in EAP-TLS, error = %d.\n"), + error)); CPKIXValidationResult* tmp = 0; m_am_tools->enter_global_mutex(); @@ -2111,7 +2386,7 @@ m_am_tools->leave_global_mutex(); break; - } + } SetActive(); // Validate. } else @@ -2122,8 +2397,8 @@ iState = EValidateChainGetCACert; iEncodedCertificate->Des().SetLength(0); - TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); - if (err != KErrNone) + TRAPD(error, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); + if (error != KErrNone) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); CPKIXValidationResult* tmp = 0; @@ -2153,7 +2428,8 @@ EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainEnd\n"))); + (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainEnd, iValidationResult->Error().iReason=%d\n"), + iValidationResult->Error().iReason)); m_am_tools->enter_global_mutex(); @@ -2187,8 +2463,8 @@ delete iKeyFilter; iKeyFilter = 0; - TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); - if (err != KErrNone) + iKeyFilter = new (ELeave) TCTKeyAttributeFilter; + if (!iKeyFilter) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); RInteger tmp; @@ -2310,6 +2586,9 @@ CleanupStack::PushL(R); iParent->complete_sign(R, reinterpret_cast(iRSASignature->S()), eap_status_ok); + + delete iRSASignature; + iRSASignature = 0; CleanupStack::PopAndDestroy(); @@ -2319,6 +2598,9 @@ { iParent->complete_sign(reinterpret_cast(iDSASignature->R()), reinterpret_cast(iDSASignature->S()), eap_status_ok); + + delete iDSASignature; + iDSASignature = 0; iDSASigner->Release(); // This seems to be needed. } @@ -2336,8 +2618,8 @@ delete iKeyFilter; iKeyFilter = 0; - TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); - if (err != KErrNone) + iKeyFilter = new (ELeave) TCTKeyAttributeFilter; + if (!iKeyFilter) { EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); TBuf8<1> tmp; @@ -2425,13 +2707,17 @@ return; } +//-------------------------------------------------- + void CEapTlsPeapCertInterface::CancelSignWithPrivateKey() { EAP_TRACE_DEBUG( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey():Cancelling Signing - iState=%d (13=ESign)\n"), - iState)); + (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey(): iState=%d (13=ESign)\n"), + iState)); + + EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::CancelSignWithPrivateKey()"); if(IsActive()) { @@ -2459,4 +2745,6 @@ } } + +//-------------------------------------------------- // End of file