|
1 /* |
|
2 * Copyright (c) 2004-2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Session class for handling roap storage client requests |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // INCLUDE FILES |
|
20 #include <s32file.h> |
|
21 #include <f32file.h> |
|
22 #include <x509cert.h> |
|
23 #include <x509keys.h> |
|
24 #include <asn1dec.h> |
|
25 #include <hash.h> |
|
26 #include <s32mem.h> |
|
27 #include <centralrepository.h> |
|
28 #include <uri8.h> |
|
29 #ifdef RD_DRM_METERING |
|
30 #include <DRMRightsClient.h> |
|
31 #include <random.h> |
|
32 #endif //RD_DRM_METERING |
|
33 #ifdef RD_MULTIPLE_DRIVE |
|
34 #include <DriveInfo.h> |
|
35 #endif |
|
36 #include <e32base.h> // CleanupResetAndDestroyPushL dependencies |
|
37 #include "drmaescrypto.h" |
|
38 #include "RoapStorageSession.h" |
|
39 #include "DRMContextDB.h" |
|
40 #include "DRMRIContext.h" |
|
41 #include "DRMDomainContext.h" |
|
42 #include "RoapStorageServer.h" |
|
43 #include "CmlaCrypto.h" |
|
44 #include "DrmAesCrypto.h" |
|
45 #include "DrmKeyStorage.h" |
|
46 #include "RoapDef.h" |
|
47 #include "RoapLog.h" |
|
48 #include "drmroapclientserver.h" |
|
49 #include "drmclockclient.h" |
|
50 #include "DrmTypes.h" |
|
51 #include "drmpointerarray.h" |
|
52 //OCSP classes |
|
53 #include "roapocsp.h" |
|
54 #include "responsedecoder.h" |
|
55 #include "certid.h" |
|
56 //drm clock |
|
57 #include "drmclockclient.h" |
|
58 |
|
59 #include "base64.h" |
|
60 |
|
61 #include "cleanupresetanddestroy.h" // CleanupResetAndDestroyPushL |
|
62 // NAMESPACES |
|
63 using namespace Roap; |
|
64 |
|
65 // EXTERNAL DATA STRUCTURES |
|
66 // EXTERNAL FUNCTION PROTOTYPES |
|
67 |
|
68 // CONSTANTS |
|
69 const TInt KMaxElementLength = 327680; |
|
70 const TInt KMinDomainIdLength = 4; |
|
71 // DEBUG PRINT MACROS |
|
72 #ifdef _DEBUG |
|
73 #include <flogger.h> |
|
74 _LIT(KMacLogDir, "DRM"); |
|
75 _LIT(KMacLogFile, "MAC.log"); |
|
76 #define MACLOG( a ) RFileLogger::Write( KMacLogDir(), KMacLogFile(), EFileLoggingModeAppend, a ); |
|
77 #define MACLOGHEX( ptr, len ) RFileLogger::HexDump( KMacLogDir(), KMacLogFile(), EFileLoggingModeAppend, _S(""), _S(""), ptr, len ); |
|
78 #define MACLOGLIT( a ) MACLOG( _L ( a ) ) |
|
79 #define _DRM_DETAILED_DEBUG // uncomment if want detailed debugs to log file |
|
80 #else |
|
81 #undef _DRM_DETAILED_DEBUG |
|
82 #define MACLOG( a ) |
|
83 #define MACLOGHEX( ptr, len ) |
|
84 #define MACLOGLIT( a ) |
|
85 #endif |
|
86 #ifdef _DRM_DETAILED_DEBUG |
|
87 #define MACLOGDETAIL( a ) MACLOG( a ) |
|
88 #define MACLOGHEXDETAIL( ptr, len ) MACLOGHEX( ptr, len ) |
|
89 #define MACLOGLITDETAIL( a ) MACLOGLIT( a ) |
|
90 #define MACLOGLDETAIL( a ) MACLOGLIT( a ) |
|
91 #define CERTDETAIL( c ) \ |
|
92 { \ |
|
93 const TPtrC8* n( c->DataElementEncoding( CX509Certificate::ESerialNumber ) ); \ |
|
94 const TPtrC8* a( c->DataElementEncoding( CX509Certificate::EAlgorithmId ) ); \ |
|
95 const TPtrC8* s( c->DataElementEncoding( CX509Certificate::ESubjectName ) ); \ |
|
96 const TPtrC8* i( c->DataElementEncoding( CX509Certificate::EIssuerName ) ); \ |
|
97 const TPtrC8* p( c->DataElementEncoding( CX509Certificate::ESubjectPublicKeyInfo ) ); \ |
|
98 MACLOGLDETAIL( "certificate (subject issuer serial algorithm key)" ) \ |
|
99 MACLOGHEXDETAIL( s->Ptr(), s->Length() ) \ |
|
100 MACLOGHEXDETAIL( i->Ptr(), i->Length() ) \ |
|
101 MACLOGHEXDETAIL( n->Ptr(), n->Length() ) \ |
|
102 MACLOGHEXDETAIL( a->Ptr(), a->Length() ) \ |
|
103 MACLOGHEXDETAIL( p->Ptr(), p->Length() ) \ |
|
104 } |
|
105 #else |
|
106 #define MACLOGDETAIL( a ) |
|
107 #define MACLOGHEXDETAIL( ptr, len ) |
|
108 #define MACLOGLITDETAIL( a ) |
|
109 #define MACLOGLDETAIL( a ) |
|
110 #define CERTDETAIL( a ) |
|
111 #endif |
|
112 // END OF DEBUG PRINT MACROS |
|
113 // LOCAL CONSTANTS AND MACROS |
|
114 _LIT8( KRoapDomainKey, "roap:domainKey"); |
|
115 _LIT8( KRoapX509SPKIHash, "roap:X509SPKIHash"); |
|
116 _LIT8( KRoapXmlNs, " xmlns:roap=\"urn:oma:bac:dldrm:roap-1.0\""); |
|
117 #ifdef RD_DRM_METERING |
|
118 _LIT8( KCmlaIp1, "http://www.cm-la.com/tech/cmlaip/cmlaip#cmlaip-1"); |
|
119 #endif |
|
120 |
|
121 static const TUid KCRUidRoapHandler = |
|
122 { |
|
123 0x10205CBF |
|
124 }; |
|
125 static const TInt KRoapHandlerRegistrationWhitelist = 1; |
|
126 static const TInt KMaxWhiteListLen = 1024; |
|
127 |
|
128 static const TInt KTzZulu( 0 ); //UTC time zone |
|
129 #ifdef RD_MULTIPLE_DRIVE |
|
130 _LIT( KRIContextFileName, "_:\\private\\101F51F2\\ricontexts.dat" ); |
|
131 _LIT( KDomainContextFileName, "_:\\private\\101F51F2\\domaincontexts.dat" ); |
|
132 #endif |
|
133 |
|
134 #define ROAPDB ( ( CRoapStorageServer* )( Server() ) )->ContextDB() |
|
135 |
|
136 static const TInt KP3( 3 ); |
|
137 #define IPCREAD0L( a ) aMessage.ReadL( 0, a ) |
|
138 #define IPCREAD1L( a ) aMessage.ReadL( 1, a ) |
|
139 #define IPCREAD2L( a ) aMessage.ReadL( 2, a ) |
|
140 #define IPCREAD3L( a ) aMessage.ReadL( KP3, a ) |
|
141 #define IPCWRITE0L( a ) aMessage.WriteL( 0, a ) |
|
142 #define IPCWRITE1L( a ) aMessage.WriteL( 1, a ) |
|
143 #define IPCWRITE2L( a ) aMessage.WriteL( 2, a ) |
|
144 #define IPCWRITE3L( a ) aMessage.WriteL( KP3, a ) |
|
145 #define IPCGETDESLEN0 aMessage.GetDesLength( 0 ) |
|
146 #define IPCGETDESLEN1 aMessage.GetDesLength( 1 ) |
|
147 #define IPCGETDESLEN2 aMessage.GetDesLength( 2 ) |
|
148 #define IPCGETDESLEN3 aMessage.GetDesLength( KP3 ) |
|
149 #define IPCGETDESMAXLEN0 aMessage.GetDesMaxLength( 0 ) |
|
150 #define IPCGETDESMAXLEN1 aMessage.GetDesMaxLength( 1 ) |
|
151 #define IPCGETDESMAXLEN2 aMessage.GetDesMaxLength( 2 ) |
|
152 #define IPCGETDESMAXLEN3 aMessage.GetDesMaxLength( KP3 ) |
|
153 |
|
154 const TInt KSanityDataLengthLow = 0; |
|
155 const TInt KSanityDataLengthHigh = 32768; |
|
156 // DATA TYPES |
|
157 // LOCAL FUNCTION PROTOTYPES |
|
158 LOCAL_C RPointerArray<HBufC8> BufferToArrayL( TDesC8& aBuffer ); |
|
159 LOCAL_C HBufC8* ArrayToBufferLC( const RPointerArray<HBufC8>& aArray ); |
|
160 |
|
161 LOCAL_C void UnwrapDomainKeyL( MDrmKeyStorage* aKeyStorage, |
|
162 const TDesC8& aProtectedDomainKey, HBufC8*& aDomainKey, HBufC8*& aMacKey, |
|
163 TKeyTransportScheme& aTransportScheme ); |
|
164 LOCAL_C TBool VerifyMacL( TDesC8& aDomainElements, TDesC8& aMacs, |
|
165 RPointerArray<HBufC8>& aMacKeys ); |
|
166 |
|
167 // --------------------------------------------------------------------------- |
|
168 // DeleteAndSetNull |
|
169 // --------------------------------------------------------------------------- |
|
170 // |
|
171 template<typename Taa> Taa*& DeleteAndSetNull( Taa*& aArg ) |
|
172 { |
|
173 if ( aArg ) |
|
174 { |
|
175 delete aArg; |
|
176 aArg = NULL; |
|
177 } |
|
178 return aArg; |
|
179 } |
|
180 |
|
181 // --------------------------------------------------------------------------- |
|
182 // SanitizeL |
|
183 // Performs a sanity check on length parameters |
|
184 // --------------------------------------------------------------------------- |
|
185 // |
|
186 LOCAL_C void SanitizeL( TInt aParam ) |
|
187 { |
|
188 User::LeaveIfError( aParam ); |
|
189 if ( aParam <= KSanityDataLengthLow || aParam > KSanityDataLengthHigh ) |
|
190 { |
|
191 User::Leave( KErrArgument ); |
|
192 } |
|
193 } |
|
194 |
|
195 // --------------------------------------------------------------------------- |
|
196 // Swap elements |
|
197 // --------------------------------------------------------------------------- |
|
198 // |
|
199 template<typename T> |
|
200 LOCAL_C void SwapElement( RPointerArray<T>& aArray, TInt aFirst, TInt aSecond ) |
|
201 { |
|
202 if ( aFirst != aSecond ) |
|
203 { |
|
204 T* temp( NULL); |
|
205 temp = aArray[aFirst]; |
|
206 aArray[aFirst] = aArray[aSecond]; |
|
207 aArray[aSecond] = temp; |
|
208 } |
|
209 } |
|
210 // --------------------------------------------------------------------------- |
|
211 // Sort Ocsp responses for certChain validation |
|
212 // --------------------------------------------------------------------------- |
|
213 // |
|
214 LOCAL_C TBool SortOcspCertsL( RPointerArray<CX509Certificate>& aOcspCerts, |
|
215 const CX509Certificate* aRootCert ) |
|
216 { |
|
217 MACLOGLITDETAIL( "::SortOcspCertsL -->" ) |
|
218 const TInt last( aOcspCerts.Count() - 1 ); |
|
219 TBool sortable( EFalse ); |
|
220 |
|
221 // Find first find cert issued by root cert |
|
222 // There can be only one cert issued by Root on valid cert chain |
|
223 for ( TInt i( 0 ); !sortable && i <= last; i++ ) |
|
224 { |
|
225 if ( aRootCert->SubjectName().ExactMatchL( |
|
226 aOcspCerts[i]->IssuerName() ) ) |
|
227 { |
|
228 SwapElement<CX509Certificate> ( aOcspCerts, i, last ); |
|
229 sortable = ETrue; |
|
230 } |
|
231 } |
|
232 |
|
233 for ( TInt s(last); sortable && s > 0; s-- ) |
|
234 { |
|
235 sortable = EFalse; |
|
236 for ( TInt i( s - 1 ); !sortable && i >= 0; i-- ) |
|
237 { |
|
238 // compare cert s subject to issuer i |
|
239 if ( aOcspCerts[s]->SubjectName().ExactMatchL( |
|
240 aOcspCerts[i]->IssuerName() ) ) |
|
241 { |
|
242 SwapElement<CX509Certificate> ( aOcspCerts, i, s-1 ); |
|
243 sortable = ETrue; |
|
244 } |
|
245 } |
|
246 } |
|
247 MACLOGLITDETAIL( "--> ::SortOcspCertsL" ) |
|
248 return sortable; |
|
249 } |
|
250 |
|
251 // --------------------------------------------------------------------------- |
|
252 // VerifyOcspCertChainL() |
|
253 // --------------------------------------------------------------------------- |
|
254 // |
|
255 LOCAL_C TBool VerifyOcspCertChainL( const COCSPResponse& aResponse, |
|
256 const CX509Certificate* aRootCert, CX509Certificate*& aOcspCert ) |
|
257 { |
|
258 MACLOGLITDETAIL( "::VerifyOcspCertChainL -->" ) |
|
259 |
|
260 |
|
261 |
|
262 CX509Certificate* cert = NULL; |
|
263 const CX509Certificate* signingCert = NULL; |
|
264 TInt pos = 0; |
|
265 TBool result = ETrue; |
|
266 |
|
267 RPointerArray<CX509Certificate> certArray; |
|
268 CleanupResetAndDestroyPushL( certArray ); |
|
269 |
|
270 const TPtrC8* ocspCerts( aResponse.SigningCerts() ); |
|
271 |
|
272 if ( !ocspCerts ) |
|
273 { |
|
274 MACLOGLIT( "No OCSP certs present" ) |
|
275 #ifdef _DISABLE_OCSP_CHECK |
|
276 CleanupStack::PopAndDestroy( &certArray ); |
|
277 return ETrue; |
|
278 #endif |
|
279 User::Leave( KErrRoapServerFatal ); |
|
280 } |
|
281 |
|
282 MACLOGLITDETAIL( "getting certs in OCSP response" ) |
|
283 while ( pos < ocspCerts->Length() ) |
|
284 { |
|
285 cert = CX509Certificate::NewLC( *ocspCerts, pos ); |
|
286 certArray.AppendL( cert ); |
|
287 CleanupStack::Pop( cert ); |
|
288 CERTDETAIL( cert ) |
|
289 } |
|
290 |
|
291 result = SortOcspCertsL( certArray, aRootCert ); |
|
292 |
|
293 // validate the OCSP cert chain up till root cert (root cert is already validated) |
|
294 for ( TInt i = 0; i < certArray.Count() && result; i++ ) |
|
295 { |
|
296 cert = certArray[i]; |
|
297 if ( certArray.Count() - 1 == i ) |
|
298 { |
|
299 signingCert = aRootCert; |
|
300 } |
|
301 else |
|
302 { |
|
303 signingCert = certArray[i + 1]; |
|
304 } |
|
305 MACLOGLDETAIL( "OCSP verify, using certificate" ) |
|
306 CERTDETAIL( cert ) |
|
307 result = cert->VerifySignatureL( signingCert->PublicKey().KeyData() ); |
|
308 #ifdef _DEBUG |
|
309 if ( result ) |
|
310 { |
|
311 MACLOGLIT( "Verify succeeded." ) |
|
312 } |
|
313 else |
|
314 { |
|
315 MACLOGLIT( "Verify failed." ) |
|
316 } |
|
317 #endif |
|
318 } |
|
319 |
|
320 // Copy OCSP cert and return it |
|
321 aOcspCert = CX509Certificate::NewL( *certArray[0] ); |
|
322 |
|
323 CleanupStack::PopAndDestroy( &certArray ); |
|
324 MACLOGLITDETAIL( "--> ::VerifyOcspCertChainL" ) |
|
325 return result; |
|
326 } |
|
327 |
|
328 |
|
329 #ifdef _DISABLE_DRM_TIME_UPDATE_CHECK |
|
330 LOCAL_C TBool IsCmlaRootL( |
|
331 const RPointerArray<HBufC8>& /*aTrustedRoots*/, |
|
332 const CX509Certificate* /* aRootCert */) |
|
333 { |
|
334 MACLOGLITDETAIL( "IsCmlaRootL -->\n--> IsCmlaRootL" ) |
|
335 return ETrue; |
|
336 } |
|
337 #else |
|
338 LOCAL_C TBool IsCmlaRootL( const RPointerArray<HBufC8>& aTrustedRoots, |
|
339 const CX509Certificate* aRootCert ) |
|
340 { |
|
341 MACLOGLITDETAIL( "IsCmlaRootL -->" ) |
|
342 TBool isCmlaRoot( EFalse ); |
|
343 // Check are we running on a CMLA device |
|
344 for ( TInt i = 0; i < aTrustedRoots.Count() && !isCmlaRoot; i++ ) |
|
345 { |
|
346 HBufC8* encodedRoot( Base64EncodeL( *aTrustedRoots[i] ) ); |
|
347 CleanupStack::PushL( encodedRoot ); |
|
348 if ( encodedRoot->CompareF( KRoapCmlaRootHash() ) == 0 |
|
349 || encodedRoot->CompareF( KRoapCmlaRnDRootHash() ) == 0 |
|
350 || encodedRoot->CompareF( KRoapCmlaRnDRootHashOld() ) == 0 ) |
|
351 { |
|
352 isCmlaRoot = ETrue; |
|
353 } |
|
354 CleanupStack::PopAndDestroy( encodedRoot ); |
|
355 encodedRoot = NULL; |
|
356 } |
|
357 if ( isCmlaRoot ) |
|
358 { |
|
359 __UHEAP_MARK; |
|
360 // The root cert found, check that it's the CMLA (production or R&D) root |
|
361 CSHA1* hash( CSHA1::NewL() ); |
|
362 CleanupStack::PushL( hash ); |
|
363 hash->Hash( *aRootCert->DataElementEncoding( |
|
364 CX509Certificate::ESubjectPublicKeyInfo ) ); |
|
365 MACLOGLDETAIL( "Inputs for SHA1" ) |
|
366 MACLOGHEXDETAIL( |
|
367 aRootCert->DataElementEncoding( |
|
368 CX509Certificate::ESubjectPublicKeyInfo )->Ptr(), |
|
369 aRootCert->DataElementEncoding( |
|
370 CX509Certificate::ESubjectPublicKeyInfo )->Length() ) |
|
371 |
|
372 HBufC8* encodedRoot( Base64EncodeL( hash->Final() ) ); |
|
373 CleanupStack::PushL( encodedRoot ); |
|
374 |
|
375 MACLOGLDETAIL( "Encoded root (base64 encoded SHA1 of public key)" ) |
|
376 MACLOGDETAIL( *encodedRoot ) |
|
377 MACLOGLDETAIL( "CMLA root" ) |
|
378 MACLOGDETAIL( KRoapCmlaRootHash() ) |
|
379 MACLOGLDETAIL( "CMLA RD root" ) |
|
380 MACLOGDETAIL( KRoapCmlaRnDRootHash() ) |
|
381 MACLOGLDETAIL( "old CMLA RD root" ) |
|
382 MACLOGDETAIL( KRoapCmlaRnDRootHashOld() ) |
|
383 |
|
384 if ( encodedRoot->CompareF( KRoapCmlaRootHash() ) != 0 |
|
385 && encodedRoot->CompareF( KRoapCmlaRnDRootHash() ) != 0 |
|
386 && encodedRoot->CompareF( KRoapCmlaRnDRootHashOld() ) != 0 ) |
|
387 { |
|
388 // The RI CA cert is not signed by CMLA root |
|
389 MACLOGLIT( "The RI CA cert is not signed by CMLA (production or R&D) root" ) |
|
390 isCmlaRoot = EFalse; |
|
391 } |
|
392 else |
|
393 { |
|
394 // We are running on a CMLA device and |
|
395 // RI certificate is signed by the CMLA (production or R&D) root |
|
396 // -> Verify still that the OCSP chain is signed by CMLA |
|
397 MACLOGLIT( "RI certificate is signed by the CMLA root" ) |
|
398 } |
|
399 CleanupStack::PopAndDestroy( encodedRoot ); |
|
400 CleanupStack::PopAndDestroy( hash ); |
|
401 __UHEAP_MARKEND; |
|
402 } |
|
403 MACLOGLITDETAIL( "--> IsCmlaRootL" ) |
|
404 return isCmlaRoot; |
|
405 } |
|
406 #endif |
|
407 |
|
408 |
|
409 // --------------------------------------------------------------------------- |
|
410 // ValidateNonceL |
|
411 // --------------------------------------------------------------------------- |
|
412 // |
|
413 LOCAL_C TBool ValidateNonceL( const COCSPResponse& aResponse, |
|
414 const TDesC8& aRegReqNonce ) |
|
415 { |
|
416 // check that nonce in OCSP response equals to the nonce sent in Reg Request |
|
417 TBool ret( EFalse ); |
|
418 const TPtrC8 * nonce( aResponse.DataElementEncoding( |
|
419 COCSPResponse::ENonce ) ); |
|
420 |
|
421 if ( !nonce ) |
|
422 { |
|
423 // no nonce found -> don't update DRM Time |
|
424 MACLOGLIT( "No nonce in the OCSP response!" ) |
|
425 ret = EFalse; |
|
426 } |
|
427 else if ( nonce->CompareF( aRegReqNonce ) != 0 ) |
|
428 { |
|
429 // Maybe the nonce is in ASN.1 format? |
|
430 // -> Remove the first two bytes (type and size), and try again |
|
431 TASN1DecGeneric asn1Dec( *nonce ); |
|
432 asn1Dec.InitL(); |
|
433 TPtrC8 ptr( asn1Dec.GetContentDER() ); |
|
434 if ( ptr.CompareF( aRegReqNonce ) != 0 ) |
|
435 { |
|
436 MACLOGLIT( "Fatal server error: OCSP nonce != RegRequest nonce!" ) |
|
437 User::Leave( KErrRoapServerFatal ); |
|
438 } |
|
439 else |
|
440 { |
|
441 MACLOGLIT( "OCSP nonce == RegRequest nonce." ) |
|
442 ret = ETrue; |
|
443 } |
|
444 MACLOGLDETAIL( "values ( OCSP nonce, request nonce )" ) |
|
445 MACLOGHEXDETAIL( nonce->Ptr(), nonce->Length() ) |
|
446 MACLOGHEXDETAIL( aRegReqNonce.Ptr(), aRegReqNonce.Length() ) |
|
447 } |
|
448 else |
|
449 { |
|
450 ret = ETrue; |
|
451 MACLOGLDETAIL( "values ( OCSP nonce, request nonce )" ) |
|
452 MACLOGHEXDETAIL( nonce->Ptr(), nonce->Length() ) |
|
453 MACLOGHEXDETAIL( aRegReqNonce.Ptr(), aRegReqNonce.Length() ) |
|
454 } |
|
455 return ret; |
|
456 } |
|
457 // --------------------------------------------------------------------------- |
|
458 // IsTimeUpdateAllowedL() |
|
459 // --------------------------------------------------------------------------- |
|
460 // |
|
461 LOCAL_C TBool IsTimeUpdateAllowedL( |
|
462 const RPointerArray<HBufC8>& aTrustedRoots, |
|
463 const RPointerArray<HBufC8>& aRootCertificates, |
|
464 const RPointerArray<HBufC8>& aCertChain, |
|
465 const COCSPResponse& aOcspResponse, |
|
466 const TDesC8& aRegReqNonce ) |
|
467 { |
|
468 MACLOGLITDETAIL( "::IsTimeUpdateAllowedL -->" ) |
|
469 |
|
470 |
|
471 // check that nonce in OCSP response equals to the nonce sent in Reg Request |
|
472 TBool bIsAllowed( ValidateNonceL( aOcspResponse, aRegReqNonce ) ); |
|
473 |
|
474 if ( !bIsAllowed ) |
|
475 { |
|
476 MACLOGLIT( "No nonce. Not possible to update DRM time" ) |
|
477 return bIsAllowed; |
|
478 } |
|
479 |
|
480 |
|
481 if ( !aCertChain.Count() ) |
|
482 { |
|
483 MACLOGLIT( "Wrong input data - No certificates or OCSP responses" ) |
|
484 bIsAllowed = EFalse; |
|
485 return bIsAllowed; |
|
486 } |
|
487 |
|
488 CX509Certificate* riCa = NULL; |
|
489 CX509Certificate* rootCert = NULL; |
|
490 // Get the last cert from the chain. |
|
491 // It should be signed by some of our trusted anchor |
|
492 riCa = CX509Certificate::NewLC( *( aCertChain[aCertChain.Count() - 1] ) ); |
|
493 MACLOGLITDETAIL( "Selected as RI CA" ) // (last of given cert chain) |
|
494 CERTDETAIL( riCa ) |
|
495 |
|
496 // iterate over root certificates and check, whether given |
|
497 // RI CA issuer matches name of the selected root |
|
498 for ( TInt i = 0; i < aRootCertificates.Count() && !rootCert; i++ ) |
|
499 { |
|
500 rootCert = CX509Certificate::NewL( *aRootCertificates[i] ); |
|
501 if ( !rootCert->SubjectName().ExactMatchL( riCa->IssuerName() ) ) |
|
502 { |
|
503 delete rootCert; |
|
504 rootCert = NULL; |
|
505 } |
|
506 } |
|
507 |
|
508 if ( rootCert ) |
|
509 { |
|
510 MACLOGLDETAIL( "Selected root CERT" ) |
|
511 CERTDETAIL( rootCert ) |
|
512 CleanupStack::PushL( rootCert ); |
|
513 |
|
514 if ( IsCmlaRootL( aTrustedRoots, rootCert ) ) |
|
515 { |
|
516 CX509Certificate* ocspCert = NULL; |
|
517 __UHEAP_MARK; |
|
518 // Try to verify OCSP cert chain with the root cert |
|
519 if ( VerifyOcspCertChainL( aOcspResponse, rootCert, |
|
520 DeleteAndSetNull<CX509Certificate> ( ocspCert ) ) ) |
|
521 { |
|
522 MACLOGLITDETAIL( "OCSP cert chain verified with root cert" ) |
|
523 MACLOGLIT( "DRM Time update allowed!" ) |
|
524 bIsAllowed = ETrue; |
|
525 } |
|
526 // Try to verify OCSP cert chain with the RI CA cert |
|
527 |
|
528 else if ( VerifyOcspCertChainL( aOcspResponse, riCa, |
|
529 DeleteAndSetNull<CX509Certificate> ( ocspCert ) ) ) |
|
530 { |
|
531 MACLOGLITDETAIL( "OCSP cert chain verified with RI CA cert" ) |
|
532 // Check signing of RiCa |
|
533 bIsAllowed = riCa->VerifySignatureL( |
|
534 rootCert->PublicKey().KeyData() ); |
|
535 if ( !bIsAllowed ) |
|
536 { |
|
537 MACLOGLITDETAIL( "RI CA cert verify failed" ) |
|
538 MACLOGLIT( "DRM time update not allowed!" ) |
|
539 } |
|
540 else |
|
541 { |
|
542 MACLOGLITDETAIL( "RI CA verified with root cert" ) |
|
543 MACLOGLIT( "DRM time update allowed" ) |
|
544 } |
|
545 } |
|
546 else |
|
547 { |
|
548 MACLOGLITDETAIL( "OCSP cert chain verify failed" ) |
|
549 MACLOGLIT( "DRM Time update is not allowed!" ) |
|
550 bIsAllowed = EFalse; |
|
551 } |
|
552 |
|
553 if ( ocspCert ) |
|
554 { |
|
555 if ( !aOcspResponse.VerifySignatureL( |
|
556 ocspCert->PublicKey().KeyData() ) ) |
|
557 { |
|
558 MACLOGLIT( "OCSP response signature verification failed" ) |
|
559 bIsAllowed = EFalse; |
|
560 } |
|
561 if ( bIsAllowed ) |
|
562 { |
|
563 const TTime timeCandidate( aOcspResponse.ProducedAt() ); |
|
564 if ( !ocspCert->ValidityPeriod().Valid( timeCandidate ) ) |
|
565 { |
|
566 MACLOGLIT( "OCSP responder cert expired in respect to proposed new time" ) |
|
567 bIsAllowed = EFalse; |
|
568 } |
|
569 } |
|
570 } |
|
571 DeleteAndSetNull<CX509Certificate> ( ocspCert ); |
|
572 __UHEAP_MARKEND; |
|
573 } |
|
574 CleanupStack::PopAndDestroy( rootCert ); |
|
575 rootCert = NULL; |
|
576 } |
|
577 CleanupStack::PopAndDestroy( riCa ); |
|
578 riCa = NULL; |
|
579 MACLOGLITDETAIL( "--> ::IsTimeUpdateAllowedL" ) |
|
580 return bIsAllowed; |
|
581 } |
|
582 |
|
583 //LOCAL CLASS DECLARATION |
|
584 // Used for lazy connecting to clock server (only connected if needed) |
|
585 class LazyClockClient |
|
586 { |
|
587 public: |
|
588 inline LazyClockClient(); |
|
589 inline virtual ~LazyClockClient(); |
|
590 inline void GetSecureTimeL( TTime& aTime, TInt& aZone, |
|
591 DRMClock::ESecurityLevel& aLevel ); |
|
592 inline void UpdateSecureTimeL( const TTime& aTime, const TInt aZone ); |
|
593 inline void Close(); |
|
594 private: |
|
595 inline void ConnectL(); |
|
596 TBool iConnected; |
|
597 RDRMClockClient iClock; |
|
598 }; |
|
599 |
|
600 // ============================ MEMBER FUNCTIONS =============================== |
|
601 |
|
602 // --------------------------------------------------------------------------- |
|
603 inline LazyClockClient::LazyClockClient() : |
|
604 iConnected( EFalse ) |
|
605 { |
|
606 } |
|
607 |
|
608 // --------------------------------------------------------------------------- |
|
609 inline LazyClockClient::~LazyClockClient() |
|
610 { |
|
611 Close(); |
|
612 } |
|
613 |
|
614 // --------------------------------------------------------------------------- |
|
615 inline void LazyClockClient::Close() |
|
616 { |
|
617 iClock.Close(); |
|
618 iConnected = EFalse; |
|
619 } |
|
620 |
|
621 // --------------------------------------------------------------------------- |
|
622 inline void LazyClockClient::ConnectL() |
|
623 { |
|
624 if ( !iConnected ) |
|
625 { |
|
626 User::LeaveIfError( iClock.Connect() ); |
|
627 iConnected = ETrue; |
|
628 } |
|
629 } |
|
630 |
|
631 // --------------------------------------------------------------------------- |
|
632 inline void LazyClockClient::GetSecureTimeL( TTime& aTime, TInt& aZone, |
|
633 DRMClock::ESecurityLevel& aLevel ) |
|
634 { |
|
635 ConnectL(); |
|
636 User::LeaveIfError( iClock.GetSecureTime( aTime, aZone, aLevel ) ); |
|
637 } |
|
638 |
|
639 // --------------------------------------------------------------------------- |
|
640 inline void LazyClockClient::UpdateSecureTimeL( const TTime& aTime, |
|
641 const TInt aZone ) |
|
642 { |
|
643 ConnectL(); |
|
644 User::LeaveIfError( iClock.UpdateSecureTime( aTime, aZone ) ); |
|
645 } |
|
646 |
|
647 |
|
648 // CRoapStorageSession methods |
|
649 |
|
650 // --------------------------------------------------------------------------- |
|
651 // CRoapStorageSession::NewLC |
|
652 // Two-phased constructor. |
|
653 // --------------------------------------------------------------------------- |
|
654 // |
|
655 CRoapStorageSession* CRoapStorageSession::NewL() |
|
656 { |
|
657 CRoapStorageSession* self = new ( ELeave ) CRoapStorageSession(); |
|
658 CleanupStack::PushL( self ); |
|
659 self->ConstructL(); |
|
660 CleanupStack::Pop( self ); |
|
661 return self; |
|
662 } |
|
663 |
|
664 // --------------------------------------------------------------------------- |
|
665 // CRoapStorageSession::~CRoapStorageSession |
|
666 // Destructor. |
|
667 // --------------------------------------------------------------------------- |
|
668 // |
|
669 CRoapStorageSession::~CRoapStorageSession() |
|
670 { |
|
671 delete iPreparedData; |
|
672 delete iKeyStorage; |
|
673 delete iLazyClock; |
|
674 } |
|
675 |
|
676 // --------------------------------------------------------------------------- |
|
677 // CRoapStorageSession::ServiceL |
|
678 // --------------------------------------------------------------------------- |
|
679 // |
|
680 void CRoapStorageSession::ServiceL( const RMessage2& aMessage ) |
|
681 { |
|
682 DispatchL( aMessage ); |
|
683 } |
|
684 |
|
685 // --------------------------------------------------------------------------- |
|
686 // CRoapStorageSession::DispatchL |
|
687 // --------------------------------------------------------------------------- |
|
688 // |
|
689 void CRoapStorageSession::DispatchL( const RMessage2& aMessage ) |
|
690 { |
|
691 switch ( aMessage.Function() ) |
|
692 { |
|
693 case EAddRiContext: |
|
694 { |
|
695 AddRiContextL( aMessage ); |
|
696 break; |
|
697 } |
|
698 case EAddDomainContext: |
|
699 { |
|
700 AddDomainContextL( aMessage ); |
|
701 break; |
|
702 } |
|
703 case EGetRiContext: |
|
704 { |
|
705 GetRiContextL( aMessage ); |
|
706 break; |
|
707 } |
|
708 case EGetDomainContext: |
|
709 { |
|
710 GetDomainContextL( aMessage ); |
|
711 break; |
|
712 } |
|
713 case EGetData: |
|
714 { |
|
715 GetDataL( aMessage ); |
|
716 break; |
|
717 } |
|
718 case EDeleteRiContext: |
|
719 { |
|
720 DeleteRiContextL( aMessage ); |
|
721 break; |
|
722 } |
|
723 case EDeleteDomainContext: |
|
724 { |
|
725 DeleteDomainContextL( aMessage ); |
|
726 break; |
|
727 } |
|
728 case EDeleteExpiredRIs: |
|
729 { |
|
730 DeleteExpiredRIsL( aMessage ); |
|
731 break; |
|
732 } |
|
733 case EDeleteExpiredDomains: |
|
734 { |
|
735 DeleteExpiredDomainsL( aMessage ); |
|
736 break; |
|
737 } |
|
738 case EWhiteListCheck: |
|
739 { |
|
740 WhiteListUrlExistsL( aMessage ); |
|
741 break; |
|
742 } |
|
743 case EGetPublicKey: |
|
744 { |
|
745 GetDevicePublicKeyDerL( aMessage ); |
|
746 break; |
|
747 } |
|
748 case EGetCertificates: |
|
749 { |
|
750 GetDeviceCertificateChainL( aMessage ); |
|
751 break; |
|
752 } |
|
753 case ESignMessage: |
|
754 { |
|
755 SignL( aMessage ); |
|
756 break; |
|
757 } |
|
758 case ESelectRoot: |
|
759 { |
|
760 SelectTrustedRootL( aMessage ); |
|
761 break; |
|
762 } |
|
763 case EActivateRoot: |
|
764 { |
|
765 ActivateTrustedRootL( aMessage ); |
|
766 break; |
|
767 } |
|
768 case EGetTrustedRoots: |
|
769 { |
|
770 GetTrustedRootsL( aMessage ); |
|
771 break; |
|
772 } |
|
773 case EGetRootCert: |
|
774 { |
|
775 GetRootCertificateL( aMessage ); |
|
776 break; |
|
777 } |
|
778 case EDeleteExpired: |
|
779 { |
|
780 DeleteExpiredContextsL( aMessage ); |
|
781 break; |
|
782 } |
|
783 case EDeleteAll: |
|
784 { |
|
785 DeleteAllL( aMessage ); |
|
786 break; |
|
787 } |
|
788 case ERsaSign: |
|
789 { |
|
790 RsaSignL( aMessage ); |
|
791 break; |
|
792 } |
|
793 #ifdef RD_DRM_METERING |
|
794 case EGetMeteringData: |
|
795 { |
|
796 GetMeteringDataL( aMessage ); |
|
797 break; |
|
798 } |
|
799 case EDeleteMeteringData: |
|
800 { |
|
801 DeleteMeteringDataL( aMessage ); |
|
802 break; |
|
803 } |
|
804 case ERetrieveAllRIContexts: |
|
805 { |
|
806 GetAllRIContextsL( aMessage ); |
|
807 break; |
|
808 } |
|
809 case EUpdateRIContext: |
|
810 { |
|
811 UpdateRIContextL( aMessage ); |
|
812 break; |
|
813 } |
|
814 #endif // RD_DRM_METERING |
|
815 case EUpdateDrmTime: |
|
816 { |
|
817 UpdateDrmTimeL( aMessage ); |
|
818 break; |
|
819 } |
|
820 case EVerifyOcspResponses: |
|
821 { |
|
822 VerifyOcspResponsesL( aMessage ); |
|
823 break; |
|
824 } |
|
825 case EGetOcspResponderId: |
|
826 { |
|
827 GetOcspResponderIdL( aMessage ); |
|
828 break; |
|
829 } |
|
830 default: |
|
831 MACLOGLIT( "CRoapStorageSession::ServiceL: Invalid command" ) |
|
832 PanicClient( aMessage, EPanicBadFunction ); |
|
833 } |
|
834 } |
|
835 |
|
836 // --------------------------------------------------------------------------- |
|
837 // CRoapStorageSession::PanicClient |
|
838 // --------------------------------------------------------------------------- |
|
839 // |
|
840 void CRoapStorageSession::PanicClient( |
|
841 const RMessage2& aMessage, |
|
842 TPanic aReason ) |
|
843 { |
|
844 _LIT( KPanicCategory, "RoapStorageSession" ); |
|
845 if ( !aMessage.IsNull() ) |
|
846 { |
|
847 aMessage.Panic( KPanicCategory, aReason ); |
|
848 } |
|
849 } |
|
850 |
|
851 // --------------------------------------------------------------------------- |
|
852 // CRoapStorageSession::ServiceError |
|
853 // --------------------------------------------------------------------------- |
|
854 // |
|
855 void CRoapStorageSession::ServiceError( |
|
856 const RMessage2& aMessage, |
|
857 TInt aError ) |
|
858 { |
|
859 MACLOGLITDETAIL( "CRoapStorageSession::ServiceError -->" ) |
|
860 |
|
861 if ( aError == KErrBadDescriptor ) |
|
862 { |
|
863 PanicClient( aMessage, EPanicBadDescriptor ); |
|
864 } |
|
865 else |
|
866 { |
|
867 CSession2::ServiceError( aMessage, aError ); |
|
868 } |
|
869 MACLOGLITDETAIL( "--> CRoapStorageSession::ServiceError" ) |
|
870 } |
|
871 |
|
872 // --------------------------------------------------------------------------- |
|
873 // CRoapStorageSession::CRoapStorageSession |
|
874 // Default constructor. |
|
875 // --------------------------------------------------------------------------- |
|
876 // |
|
877 CRoapStorageSession::CRoapStorageSession() |
|
878 { |
|
879 } |
|
880 |
|
881 // --------------------------------------------------------------------------- |
|
882 // CRoapStorageSession::ConstructL |
|
883 // Second phase constructor. Initializes the log tool in DRM internal testing. |
|
884 // --------------------------------------------------------------------------- |
|
885 // |
|
886 void CRoapStorageSession::ConstructL() |
|
887 { |
|
888 iKeyStorage = DrmKeyStorageNewL(); |
|
889 iKeyStorage->SelectDefaultRootL(); |
|
890 iDeleteExpired = ETrue; |
|
891 iLazyClock = new ( ELeave ) LazyClockClient(); |
|
892 } |
|
893 |
|
894 // --------------------------------------------------------------------------- |
|
895 // CRoapStorageSession::AddRiContextL |
|
896 // --------------------------------------------------------------------------- |
|
897 // |
|
898 void CRoapStorageSession::AddRiContextL( const RMessage2& aMessage ) |
|
899 { |
|
900 MACLOGLITDETAIL( "CRoapStorageSession::AddRiContextL -->" ) |
|
901 CDRMRIContext* context = NULL; |
|
902 HBufC8* contextData = NULL; |
|
903 TPtr8 data( NULL, 0 ); |
|
904 TInt size = 0; |
|
905 |
|
906 if ( iDeleteExpired ) |
|
907 { |
|
908 TTime drmTime; |
|
909 DRMClock::ESecurityLevel level; |
|
910 TInt zone = KTzZulu; |
|
911 iLazyClock->GetSecureTimeL( drmTime, zone, level ); |
|
912 |
|
913 if ( level == DRMClock::KSecure ) |
|
914 { |
|
915 ROAPDB->DeleteExpiredRightsIssuerContextsL( drmTime ); |
|
916 ROAPDB->DeleteExpiredDomainContextsL( drmTime ); |
|
917 iDeleteExpired = EFalse; |
|
918 } |
|
919 } |
|
920 |
|
921 size = User::LeaveIfError( IPCGETDESLEN0 ); |
|
922 contextData = HBufC8::NewMaxLC( size ); |
|
923 data.Set( const_cast<TUint8*> ( contextData->Ptr() ), 0, size ); |
|
924 IPCREAD0L( data ); |
|
925 MACLOGLITDETAIL( "Serialized RI context" ) |
|
926 MACLOGHEXDETAIL( contextData->Ptr(), contextData->Length() ) |
|
927 |
|
928 context = CDRMRIContext::NewLC(); |
|
929 context->ImportL( data ); |
|
930 ROAPDB->StoreRightsIssuerContextL( *context ); |
|
931 |
|
932 CleanupStack::PopAndDestroy( context ); |
|
933 CleanupStack::PopAndDestroy( contextData ); |
|
934 aMessage.Complete( KErrNone ); |
|
935 MACLOGLITDETAIL( "--> CRoapStorageSession::AddRiContextL" ) |
|
936 } |
|
937 |
|
938 // --------------------------------------------------------------------------- |
|
939 // CRoapStorageSession::AddDomainContextL |
|
940 // --------------------------------------------------------------------------- |
|
941 // |
|
942 void CRoapStorageSession::AddDomainContextL( const RMessage2& aMessage ) |
|
943 { |
|
944 MACLOGLITDETAIL( "CRoapStorageSession::AddDomainContextL -->" ) |
|
945 CDRMDomainContext* context = NULL; |
|
946 HBufC8* contextData = NULL; |
|
947 HBufC8* domainElements = NULL; |
|
948 HBufC8* macs = NULL; |
|
949 TPtr8 data( NULL, 0 ); |
|
950 TInt size = 0; |
|
951 TKeyTransportScheme transScheme; |
|
952 TPckg<TKeyTransportScheme> package( transScheme ); |
|
953 |
|
954 HBufC8* plainDomainKey = NULL; |
|
955 HBufC8* plainMacKey = NULL; |
|
956 |
|
957 if ( iDeleteExpired ) |
|
958 { |
|
959 TTime drmTime; |
|
960 DRMClock::ESecurityLevel level; |
|
961 TInt zone = KTzZulu; |
|
962 iLazyClock->GetSecureTimeL( drmTime, zone, level ); |
|
963 |
|
964 if ( level == DRMClock::KSecure ) |
|
965 { |
|
966 ROAPDB->DeleteExpiredRightsIssuerContextsL( drmTime ); |
|
967 ROAPDB->DeleteExpiredDomainContextsL( drmTime ); |
|
968 iDeleteExpired = EFalse; |
|
969 } |
|
970 } |
|
971 |
|
972 RPointerArray<HBufC8> plainDomainKeys; |
|
973 CleanupResetAndDestroyPushL( plainDomainKeys ); |
|
974 |
|
975 RPointerArray<HBufC8> plainMacKeys; |
|
976 CleanupResetAndDestroyPushL( plainMacKeys ); |
|
977 |
|
978 size = IPCGETDESLEN0; |
|
979 |
|
980 if ( size <= 0 ) |
|
981 { |
|
982 User::Leave( KErrArgument ); |
|
983 } |
|
984 |
|
985 contextData = HBufC8::NewMaxLC( size ); |
|
986 data.Set( const_cast<TUint8*> ( contextData->Ptr() ), 0, size ); |
|
987 IPCREAD0L( data ); |
|
988 MACLOGLITDETAIL( "Serialized domain context" ) |
|
989 MACLOGHEXDETAIL( contextData->Ptr(), contextData->Length() ) |
|
990 |
|
991 context = CDRMDomainContext::NewLC(); |
|
992 context->ImportL( data ); |
|
993 |
|
994 TPtrC8 domainId = context->DomainID(); |
|
995 |
|
996 if ( domainId.Length() <= 0 ) |
|
997 { |
|
998 User::Leave( KErrArgument ); |
|
999 } |
|
1000 |
|
1001 IPCREAD1L( package ); |
|
1002 |
|
1003 size = IPCGETDESLEN2; |
|
1004 |
|
1005 if ( size <= 0 ) |
|
1006 { |
|
1007 User::Leave( KErrArgument ); |
|
1008 } |
|
1009 |
|
1010 macs = HBufC8::NewLC( size ); |
|
1011 data.Set( macs->Des() ); |
|
1012 IPCREAD2L( data ); |
|
1013 |
|
1014 size = IPCGETDESLEN3; |
|
1015 |
|
1016 if ( size <= 0 ) |
|
1017 { |
|
1018 User::Leave( KErrArgument ); |
|
1019 } |
|
1020 |
|
1021 domainElements = HBufC8::NewLC( size ); |
|
1022 data.Set( domainElements->Des() ); |
|
1023 IPCREAD3L( data ); |
|
1024 |
|
1025 const RPointerArray<HBufC8>& domainKeys( context->DomainKeys() ); |
|
1026 |
|
1027 for ( TInt i = 0; i < domainKeys.Count(); i++ ) |
|
1028 { |
|
1029 UnwrapDomainKeyL( iKeyStorage, *domainKeys[i], plainDomainKey, |
|
1030 plainMacKey, transScheme ); |
|
1031 TInt ret( plainDomainKeys.Append( plainDomainKey ) ); |
|
1032 if ( ret ) |
|
1033 { |
|
1034 // Append did not succeed, |
|
1035 // delete buffers not in CleanupStack and leave. |
|
1036 delete plainDomainKey; |
|
1037 plainDomainKey = NULL; |
|
1038 delete plainMacKey; |
|
1039 plainMacKey = NULL; |
|
1040 User::LeaveIfError( ret ); |
|
1041 } |
|
1042 CleanupStack::PushL( plainMacKey ); |
|
1043 plainMacKeys.AppendL( plainMacKey ); |
|
1044 CleanupStack::Pop( plainMacKey ); |
|
1045 } |
|
1046 |
|
1047 if ( !VerifyMacL( *domainElements, *macs, plainMacKeys ) ) |
|
1048 { |
|
1049 User::Leave( KErrRoapServerFatal ); |
|
1050 } |
|
1051 |
|
1052 context->SetDomainKeysL( plainDomainKeys ); |
|
1053 |
|
1054 ROAPDB->StoreDomainContextL( *context ); |
|
1055 |
|
1056 CleanupStack::PopAndDestroy( domainElements ); |
|
1057 CleanupStack::PopAndDestroy( macs ); |
|
1058 CleanupStack::PopAndDestroy( context ); |
|
1059 CleanupStack::PopAndDestroy( contextData ); |
|
1060 CleanupStack::PopAndDestroy( &plainMacKeys ); |
|
1061 CleanupStack::PopAndDestroy( &plainDomainKeys ); |
|
1062 aMessage.Complete( KErrNone ); |
|
1063 MACLOGLITDETAIL( "--> CRoapStorageSession::AddDomainContextL" ) |
|
1064 } |
|
1065 |
|
1066 // --------------------------------------------------------------------------- |
|
1067 // CRoapStorageSession::GetRiContextL |
|
1068 // --------------------------------------------------------------------------- |
|
1069 // |
|
1070 void CRoapStorageSession::GetRiContextL( const RMessage2& aMessage ) |
|
1071 { |
|
1072 MACLOGLITDETAIL( "CRoapStorageSession::GetRiContextL -->" ) |
|
1073 CDRMRIContext* context = CDRMRIContext::NewLC(); |
|
1074 HBufC8* riId = NULL; |
|
1075 TInt size = 0; |
|
1076 TPtr8 data( NULL, 0 ); |
|
1077 |
|
1078 TPckg<TInt> package( size ); |
|
1079 riId = HBufC8::NewLC( User::LeaveIfError( IPCGETDESLEN1 ) ); |
|
1080 data.Set( riId->Des() ); |
|
1081 IPCREAD1L( data ); |
|
1082 if ( riId->Length() != SHA1_HASH ) |
|
1083 { |
|
1084 User::Leave( KErrArgument ); |
|
1085 } |
|
1086 context->SetRIIDL( *riId ); |
|
1087 ROAPDB->FetchRightsIssuerContextL( *context ); |
|
1088 size = context->Size(); |
|
1089 IPCWRITE0L( package ); |
|
1090 delete iPreparedData; |
|
1091 iPreparedData = NULL; |
|
1092 iPreparedData = context->ExportL(); |
|
1093 |
|
1094 CleanupStack::PopAndDestroy( riId ); // riId, context |
|
1095 CleanupStack::PopAndDestroy( context ); // riId, context |
|
1096 aMessage.Complete( KErrNone ); |
|
1097 MACLOGLITDETAIL( " --> CRoapStorageSession::GetRiContextL" ) |
|
1098 } |
|
1099 |
|
1100 // --------------------------------------------------------------------------- |
|
1101 // CRoapStorageSession::GetDomainContextL |
|
1102 // --------------------------------------------------------------------------- |
|
1103 // |
|
1104 void CRoapStorageSession::GetDomainContextL( const RMessage2& aMessage ) |
|
1105 { |
|
1106 MACLOGLITDETAIL( "CRoapStorageSession::GetDomainContextL -->" ) |
|
1107 RThread thread; |
|
1108 aMessage.ClientL( thread ); |
|
1109 CleanupClosePushL( thread ); |
|
1110 |
|
1111 CDRMDomainContext* context = CDRMDomainContext::NewLC(); |
|
1112 HBufC8* domainId = NULL; |
|
1113 TInt size = 0; |
|
1114 TPtr8 data( NULL, 0 ); |
|
1115 _LIT_SECURITY_POLICY_V0(vidCheck, VID_DEFAULT); |
|
1116 // Check Default VID |
|
1117 |
|
1118 TPckg<TInt> package( size ); |
|
1119 domainId = HBufC8::NewLC( User::LeaveIfError( IPCGETDESLEN1 ) ); |
|
1120 data.Set( domainId->Des() ); |
|
1121 IPCREAD1L( data ); |
|
1122 if ( domainId->Length() < KMinDomainIdLength || domainId->Length() |
|
1123 > SHA1_HASH ) |
|
1124 { |
|
1125 User::Leave( KErrArgument ); |
|
1126 } |
|
1127 |
|
1128 context->SetDomainIDL( *domainId ); |
|
1129 ROAPDB->FetchDomainContextL( *context ); |
|
1130 if ( !vidCheck.CheckPolicy( thread ) ) |
|
1131 { |
|
1132 // Remove sensitive data since trusted vendor id not present |
|
1133 RPointerArray<HBufC8> emptyDomainKeys; |
|
1134 CleanupResetAndDestroyPushL( emptyDomainKeys ); |
|
1135 emptyDomainKeys.Reset(); |
|
1136 context->SetDomainKeysL( emptyDomainKeys ); |
|
1137 CleanupStack::PopAndDestroy( &emptyDomainKeys ); |
|
1138 } |
|
1139 size = context->Size(); |
|
1140 IPCWRITE0L( package ); |
|
1141 delete iPreparedData; |
|
1142 iPreparedData = NULL; |
|
1143 iPreparedData = context->ExportL(); |
|
1144 |
|
1145 CleanupStack::PopAndDestroy( domainId ); |
|
1146 CleanupStack::PopAndDestroy( context ); |
|
1147 CleanupStack::PopAndDestroy( &thread ); |
|
1148 aMessage.Complete( KErrNone ); |
|
1149 MACLOGLITDETAIL( " --> CRoapStorageSession::GetDomainContextL" ) |
|
1150 } |
|
1151 |
|
1152 // --------------------------------------------------------------------------- |
|
1153 // CRoapStorageSession::GetDataL |
|
1154 // --------------------------------------------------------------------------- |
|
1155 // |
|
1156 void CRoapStorageSession::GetDataL( const RMessage2& aMessage ) |
|
1157 { |
|
1158 if ( !iPreparedData ) |
|
1159 { |
|
1160 User::Leave( KErrNotReady ); |
|
1161 } |
|
1162 |
|
1163 IPCWRITE0L( iPreparedData->Des() ); |
|
1164 |
|
1165 delete iPreparedData; |
|
1166 iPreparedData = NULL; |
|
1167 |
|
1168 aMessage.Complete( KErrNone ); |
|
1169 } |
|
1170 |
|
1171 // --------------------------------------------------------------------------- |
|
1172 // CRoapStorageSession::DeleteRiContextL |
|
1173 // --------------------------------------------------------------------------- |
|
1174 // |
|
1175 void CRoapStorageSession::DeleteRiContextL( const RMessage2& aMessage ) |
|
1176 { |
|
1177 MACLOGLITDETAIL( "CRoapStorageSession::DeleteRiContextL -->" ) |
|
1178 HBufC8* riId = NULL; |
|
1179 TPtr8 data( NULL, 0 ); |
|
1180 |
|
1181 SanitizeL( aMessage.GetDesLength( 0 ) ); |
|
1182 |
|
1183 riId = HBufC8::NewLC( IPCGETDESLEN0 ); |
|
1184 data.Set( riId->Des() ); |
|
1185 IPCREAD0L( data ); |
|
1186 |
|
1187 if ( riId->Length() != SHA1_HASH ) |
|
1188 { |
|
1189 User::Leave( KErrArgument ); |
|
1190 } |
|
1191 |
|
1192 ROAPDB->DeleteRightsIssuerContextL( *riId ); |
|
1193 |
|
1194 CleanupStack::PopAndDestroy( riId ); |
|
1195 aMessage.Complete( KErrNone ); |
|
1196 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteRiContextL" ) |
|
1197 } |
|
1198 |
|
1199 // --------------------------------------------------------------------------- |
|
1200 // CRoapStorageSession::DeleteDomainContextL |
|
1201 // --------------------------------------------------------------------------- |
|
1202 // |
|
1203 void CRoapStorageSession::DeleteDomainContextL( const RMessage2& aMessage ) |
|
1204 { |
|
1205 MACLOGLITDETAIL( "CRoapStorageSession::DeleteDomainContextL -->" ) |
|
1206 HBufC8* domainId = NULL; |
|
1207 TPtr8 data( NULL, 0 ); |
|
1208 |
|
1209 SanitizeL( aMessage.GetDesLength( 0 ) ); |
|
1210 |
|
1211 domainId = HBufC8::NewLC( IPCGETDESLEN0 ); |
|
1212 data.Set( domainId->Des() ); |
|
1213 IPCREAD0L( data ); |
|
1214 |
|
1215 if ( domainId->Length() < KMinDomainIdLength || domainId->Length() |
|
1216 > SHA1_HASH ) |
|
1217 { |
|
1218 User::Leave( KErrArgument ); |
|
1219 } |
|
1220 |
|
1221 ROAPDB->DeleteDomainContextL( *domainId ); |
|
1222 |
|
1223 CleanupStack::PopAndDestroy( domainId ); |
|
1224 aMessage.Complete( KErrNone ); |
|
1225 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteDomainContextL" ) |
|
1226 } |
|
1227 |
|
1228 // --------------------------------------------------------------------------- |
|
1229 // CRoapStorageSession::DeleteExpiredRIsL |
|
1230 // --------------------------------------------------------------------------- |
|
1231 // |
|
1232 void CRoapStorageSession::DeleteExpiredRIsL( const RMessage2& aMessage ) |
|
1233 { |
|
1234 MACLOGLITDETAIL( "CRoapStorageSession::DeleteExpiredRIsL -->" ) |
|
1235 TTime time; |
|
1236 TPckg<TTime> package( time ); |
|
1237 |
|
1238 IPCREAD0L( package ); |
|
1239 ROAPDB->DeleteExpiredRightsIssuerContextsL( time ); |
|
1240 |
|
1241 aMessage.Complete( KErrNone ); |
|
1242 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteExpiredRIsL" ) |
|
1243 } |
|
1244 |
|
1245 // --------------------------------------------------------------------------- |
|
1246 // CRoapStorageSession::DeleteExpiredDomainsL |
|
1247 // --------------------------------------------------------------------------- |
|
1248 // |
|
1249 void CRoapStorageSession::DeleteExpiredDomainsL( const RMessage2& aMessage ) |
|
1250 { |
|
1251 MACLOGLITDETAIL( "CRoapStorageSession::DeleteExpiredDomainsL -->" ) |
|
1252 TTime time; |
|
1253 TPckg<TTime> package( time ); |
|
1254 |
|
1255 IPCREAD0L( package ); |
|
1256 ROAPDB->DeleteExpiredDomainContextsL( time ); |
|
1257 |
|
1258 aMessage.Complete( KErrNone ); |
|
1259 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteExpiredDomainsL" ) |
|
1260 } |
|
1261 |
|
1262 // --------------------------------------------------------------------------- |
|
1263 // CRoapStorageSession::WhiteListUrlExistsL |
|
1264 // --------------------------------------------------------------------------- |
|
1265 // |
|
1266 void CRoapStorageSession::WhiteListUrlExistsL( const RMessage2& aMessage ) |
|
1267 { |
|
1268 MACLOGLITDETAIL( "CRoapStorageSession::WhiteListURLExistsL -->" ) |
|
1269 HBufC8* url = NULL; |
|
1270 TPtr8 data( NULL, 0 ); |
|
1271 TBool exists = EFalse; |
|
1272 |
|
1273 __UHEAP_MARK; |
|
1274 SanitizeL( aMessage.GetDesLength( 0 ) ); |
|
1275 User::LeaveIfError( IPCGETDESLEN1 ); |
|
1276 TBool fromPreConfiguredWhiteList( EFalse ); |
|
1277 TPckg<TBool> preConfiguredInOutParam( fromPreConfiguredWhiteList ); |
|
1278 |
|
1279 url = HBufC8::NewLC( IPCGETDESLEN0 ); |
|
1280 data.Set( url->Des() ); |
|
1281 IPCREAD0L( data ); |
|
1282 IPCREAD1L( preConfiguredInOutParam ); |
|
1283 exists = ROAPDB->WhiteListURLExistsL( *url ); |
|
1284 |
|
1285 if ( exists ) |
|
1286 { |
|
1287 fromPreConfiguredWhiteList = EFalse; |
|
1288 } |
|
1289 else if ( fromPreConfiguredWhiteList ) |
|
1290 { |
|
1291 TPtrC8 whitelistElement( NULL, 0 ); |
|
1292 HBufC* buffer = HBufC::NewLC( KMaxWhiteListLen ); |
|
1293 HBufC8* whitelist = HBufC8::NewLC( KMaxWhiteListLen ); |
|
1294 |
|
1295 TPtr ptr( NULL, 0 ); |
|
1296 ptr.Set( buffer->Des() ); |
|
1297 CRepository* repository = CRepository::NewLC( KCRUidRoapHandler ); |
|
1298 repository->Get( KRoapHandlerRegistrationWhitelist, ptr ); |
|
1299 data.Set( whitelist->Des() ); |
|
1300 data.Copy( ptr ); |
|
1301 TLex8 lex( *whitelist ); |
|
1302 |
|
1303 TUriParser8 uri; |
|
1304 uri.Parse( *url ); |
|
1305 |
|
1306 const TDesC8& host = uri.Extract( EUriHost ); |
|
1307 while ( !exists && !lex.Eos() ) |
|
1308 { |
|
1309 whitelistElement.Set( lex.NextToken() ); |
|
1310 if ( host.Right( whitelistElement.Length() ).CompareF( |
|
1311 whitelistElement ) == 0 ) |
|
1312 { |
|
1313 exists = ETrue; |
|
1314 } |
|
1315 } |
|
1316 fromPreConfiguredWhiteList = exists; |
|
1317 CleanupStack::PopAndDestroy( repository ); |
|
1318 CleanupStack::PopAndDestroy( whitelist ); |
|
1319 CleanupStack::PopAndDestroy( buffer ); |
|
1320 } |
|
1321 |
|
1322 CleanupStack::PopAndDestroy( url ); |
|
1323 IPCWRITE1L( preConfiguredInOutParam ); |
|
1324 exists ? aMessage.Complete( KErrNone ) : aMessage.Complete( KErrNotFound ); |
|
1325 __UHEAP_MARKEND; |
|
1326 MACLOGLITDETAIL( "--> CRoapStorageSession::WhiteListURLExistsL" ) |
|
1327 } |
|
1328 |
|
1329 // --------------------------------------------------------------------------- |
|
1330 // CRoapStorageSession::GetDevicePublicKeyDerL |
|
1331 // --------------------------------------------------------------------------- |
|
1332 // |
|
1333 void CRoapStorageSession::GetDevicePublicKeyDerL( const RMessage2& aMessage ) |
|
1334 { |
|
1335 MACLOGLITDETAIL( "CRoapStorageSession::GetDevicePublicKeyDerL -->" ) |
|
1336 HBufC8* publicKey = NULL; |
|
1337 TInt size = 0; |
|
1338 TPtr8 data( NULL, 0 ); |
|
1339 TPckg<TInt> package( size ); |
|
1340 CX509Certificate* cert = NULL; |
|
1341 RPointerArray<HBufC8> certChain; |
|
1342 |
|
1343 CleanupResetAndDestroyPushL( certChain ); |
|
1344 |
|
1345 iKeyStorage->GetCertificateChainL( certChain ); |
|
1346 if ( certChain.Count() > 0 ) |
|
1347 cert = CX509Certificate::NewL( *certChain[0] ); |
|
1348 else |
|
1349 User::Leave( KErrNotFound ); |
|
1350 CleanupStack::PopAndDestroy( &certChain ); |
|
1351 CleanupStack::PushL( cert ); |
|
1352 publicKey = cert->DataElementEncoding( |
|
1353 CX509Certificate::ESubjectPublicKeyInfo )->AllocLC(); |
|
1354 size = publicKey->Size(); |
|
1355 IPCWRITE0L( package ); |
|
1356 delete iPreparedData; |
|
1357 iPreparedData = NULL; |
|
1358 iPreparedData = publicKey; |
|
1359 CleanupStack::Pop( publicKey ); |
|
1360 CleanupStack::PopAndDestroy( cert ); |
|
1361 aMessage.Complete( KErrNone ); |
|
1362 MACLOGLITDETAIL( "--> CRoapStorageSession::GetDevicePublicKeyDerL" ) |
|
1363 } |
|
1364 |
|
1365 // --------------------------------------------------------------------------- |
|
1366 // CRoapStorageSession::GetDeviceCertificateChainL |
|
1367 // --------------------------------------------------------------------------- |
|
1368 // |
|
1369 void CRoapStorageSession::GetDeviceCertificateChainL( |
|
1370 const RMessage2& aMessage ) |
|
1371 { |
|
1372 MACLOGLITDETAIL( "CRoapStorageSession::GetCertificateChainL -->" ) |
|
1373 RPointerArray<HBufC8> certChain; |
|
1374 HBufC8* certChainBuf = NULL; |
|
1375 TInt bufferSize = 0; |
|
1376 TPckg<TInt> package( bufferSize ); |
|
1377 |
|
1378 CleanupResetAndDestroyPushL( certChain ); |
|
1379 |
|
1380 iKeyStorage->GetCertificateChainL( certChain ); |
|
1381 certChainBuf = ArrayToBufferLC( certChain ); |
|
1382 CleanupStack::Pop( certChainBuf ); |
|
1383 CleanupStack::PopAndDestroy( &certChain ); |
|
1384 CleanupStack::PushL( certChainBuf ); |
|
1385 bufferSize = certChainBuf->Size(); |
|
1386 IPCWRITE0L( package ); |
|
1387 delete iPreparedData; |
|
1388 iPreparedData = certChainBuf; |
|
1389 CleanupStack::Pop( certChainBuf ); |
|
1390 aMessage.Complete( KErrNone ); |
|
1391 MACLOGLITDETAIL( "--> CRoapStorageSession::GetCertificateChainL" ) |
|
1392 } |
|
1393 |
|
1394 // --------------------------------------------------------------------------- |
|
1395 // CRoapStorageSession::SignL |
|
1396 // --------------------------------------------------------------------------- |
|
1397 // |
|
1398 void CRoapStorageSession::SignL( const RMessage2& aMessage ) |
|
1399 { |
|
1400 MACLOGLITDETAIL( "CRoapStorageSession::SignL -->" ) |
|
1401 HBufC8* hash = NULL; |
|
1402 HBufC8* signature = NULL; |
|
1403 TInt size = 0; |
|
1404 TPtr8 data( NULL, 0 ); |
|
1405 TPckg<TInt> package( size ); |
|
1406 |
|
1407 if ( IPCGETDESLEN1 <= 0 || IPCGETDESLEN1 >= KMaxTInt / 2 ) |
|
1408 { |
|
1409 User::Leave( KErrArgument ); |
|
1410 } |
|
1411 |
|
1412 hash = HBufC8::NewLC( IPCGETDESLEN1 ); |
|
1413 |
|
1414 data.Set( hash->Des() ); |
|
1415 IPCREAD1L( data ); |
|
1416 signature = OmaCrypto::RsaPssSignHashL( iKeyStorage, *hash ); |
|
1417 CleanupStack::PushL( signature ); |
|
1418 size = signature->Size(); |
|
1419 IPCWRITE0L( package ); |
|
1420 delete iPreparedData; |
|
1421 iPreparedData = signature; |
|
1422 CleanupStack::Pop( signature ); |
|
1423 CleanupStack::PopAndDestroy( hash ); |
|
1424 aMessage.Complete( KErrNone ); |
|
1425 MACLOGLITDETAIL( "--> CRoapStorageSession::SignL" ) |
|
1426 } |
|
1427 |
|
1428 // --------------------------------------------------------------------------- |
|
1429 // CRoapStorageSession::RsaSignL |
|
1430 // --------------------------------------------------------------------------- |
|
1431 // |
|
1432 void CRoapStorageSession::RsaSignL( const RMessage2& aMessage ) |
|
1433 { |
|
1434 MACLOGLITDETAIL( "CRoapStorageSession::RsaSignL -->" ) |
|
1435 HBufC8* hash = NULL; |
|
1436 HBufC8* signature = NULL; |
|
1437 TInt size = 0; |
|
1438 TPtr8 data( NULL, 0 ); |
|
1439 TPckg<TInt> package( size ); |
|
1440 |
|
1441 if ( IPCGETDESLEN1 <= 0 || IPCGETDESLEN1 >= KMaxTInt / 2 ) |
|
1442 { |
|
1443 User::Leave( KErrArgument ); |
|
1444 } |
|
1445 |
|
1446 hash = HBufC8::NewLC( IPCGETDESLEN1 ); |
|
1447 |
|
1448 data.Set( hash->Des() ); |
|
1449 IPCREAD1L( data ); |
|
1450 signature = iKeyStorage->RsaSignL( data ); |
|
1451 CleanupStack::PushL( signature ); |
|
1452 size = signature->Size(); |
|
1453 IPCWRITE0L( package ); |
|
1454 delete iPreparedData; |
|
1455 iPreparedData = signature; |
|
1456 CleanupStack::Pop( signature ); |
|
1457 CleanupStack::PopAndDestroy( hash ); |
|
1458 aMessage.Complete( KErrNone ); |
|
1459 MACLOGLITDETAIL( "--> CRoapStorageSession::RsaSignL" ) |
|
1460 } |
|
1461 |
|
1462 // --------------------------------------------------------------------------- |
|
1463 // CRoapStorageSession::SelectTrustedRootL |
|
1464 // --------------------------------------------------------------------------- |
|
1465 // |
|
1466 void CRoapStorageSession::SelectTrustedRootL( const RMessage2& aMessage ) |
|
1467 { |
|
1468 MACLOGLITDETAIL( "CRoapStorageSession::SelectTrustedRootL -->" ) |
|
1469 RPointerArray<HBufC8> riRoots; |
|
1470 RPointerArray<HBufC8> deviceRoots; |
|
1471 HBufC8* rootsBuf = NULL; |
|
1472 TPtr8 data( NULL, 0 ); |
|
1473 TBool commonRootFound = EFalse; |
|
1474 TInt i = 0; |
|
1475 TInt j = 0; |
|
1476 |
|
1477 CleanupResetAndDestroyPushL( riRoots ); |
|
1478 CleanupResetAndDestroyPushL( deviceRoots ); |
|
1479 |
|
1480 SanitizeL( aMessage.GetDesLength( 0 ) ); |
|
1481 rootsBuf = HBufC8::NewLC( IPCGETDESLEN0 ); |
|
1482 |
|
1483 data.Set( rootsBuf->Des() ); |
|
1484 IPCREAD0L( data ); |
|
1485 riRoots = BufferToArrayL( *rootsBuf ); |
|
1486 iKeyStorage->GetTrustedRootsL( deviceRoots ); |
|
1487 |
|
1488 while ( i < deviceRoots.Count() && !commonRootFound ) |
|
1489 { |
|
1490 j = 0; |
|
1491 while ( j < riRoots.Count() && !commonRootFound ) |
|
1492 { |
|
1493 if ( deviceRoots[i]->CompareF( *riRoots[j] ) == KErrNone ) |
|
1494 { |
|
1495 commonRootFound = ETrue; |
|
1496 } |
|
1497 ++j; |
|
1498 } |
|
1499 ++i; |
|
1500 } |
|
1501 if ( !commonRootFound ) |
|
1502 { |
|
1503 User::Leave( KErrNotFound ); |
|
1504 } |
|
1505 |
|
1506 const TPtrC8 selectedRoot( *( deviceRoots[i - 1] ) ); |
|
1507 iKeyStorage->SelectTrustedRootL( selectedRoot ); |
|
1508 IPCWRITE1L( selectedRoot ); |
|
1509 MACLOGLITDETAIL( "Selected trusted root" ) |
|
1510 MACLOGHEXDETAIL( selectedRoot.Ptr(), selectedRoot.Length() ) |
|
1511 |
|
1512 CleanupStack::PopAndDestroy( rootsBuf ); |
|
1513 CleanupStack::PopAndDestroy( &deviceRoots ); |
|
1514 CleanupStack::PopAndDestroy( &riRoots ); |
|
1515 aMessage.Complete( KErrNone ); |
|
1516 MACLOGLITDETAIL( "--> CRoapStorageSession::SelectTrustedRootL" ) |
|
1517 } |
|
1518 |
|
1519 // --------------------------------------------------------------------------- |
|
1520 // CRoapStorageSession::ActivateTrustedRootL |
|
1521 // --------------------------------------------------------------------------- |
|
1522 // |
|
1523 void CRoapStorageSession::ActivateTrustedRootL( const RMessage2& aMessage ) |
|
1524 { |
|
1525 MACLOGLITDETAIL( "CRoapStorageSession::ActivateTrustedRootL -->" ) |
|
1526 TBuf8<SHA1_HASH> trustedRoot; |
|
1527 |
|
1528 if ( IPCGETDESLEN0 <= 0 ) |
|
1529 { |
|
1530 // select default root |
|
1531 iKeyStorage->SelectTrustedRootL( KNullDesC8 ); |
|
1532 } |
|
1533 else |
|
1534 { |
|
1535 // select the root indicated by the client |
|
1536 IPCREAD0L( trustedRoot ); |
|
1537 if ( trustedRoot.Length() != SHA1_HASH ) |
|
1538 { |
|
1539 User::Leave( KErrArgument ); |
|
1540 } |
|
1541 iKeyStorage->SelectTrustedRootL( trustedRoot ); |
|
1542 } |
|
1543 aMessage.Complete( KErrNone ); |
|
1544 MACLOGLITDETAIL( "--> CRoapStorageSession::ActivateTrustedRootL" ) |
|
1545 } |
|
1546 |
|
1547 // --------------------------------------------------------------------------- |
|
1548 // CRoapStorageSession::GetTrustedRootsL |
|
1549 // --------------------------------------------------------------------------- |
|
1550 // |
|
1551 void CRoapStorageSession::GetTrustedRootsL( const RMessage2& aMessage ) |
|
1552 { |
|
1553 MACLOGLITDETAIL( "CRoapStorageSession::GetTrustedRootsL -->" ) |
|
1554 RPointerArray<HBufC8> deviceRoots; |
|
1555 TInt size = 0; |
|
1556 HBufC8* rootsData = NULL; |
|
1557 |
|
1558 CleanupResetAndDestroyPushL( deviceRoots ); |
|
1559 |
|
1560 TPckg<TInt> package( size ); |
|
1561 iKeyStorage->GetTrustedRootsL( deviceRoots ); |
|
1562 rootsData = ArrayToBufferLC( deviceRoots ); |
|
1563 size = rootsData->Size(); |
|
1564 IPCWRITE0L( package ); |
|
1565 delete iPreparedData; |
|
1566 iPreparedData = NULL; |
|
1567 iPreparedData = rootsData; |
|
1568 |
|
1569 CleanupStack::Pop( rootsData ); |
|
1570 CleanupStack::PopAndDestroy( &deviceRoots ); |
|
1571 aMessage.Complete( KErrNone ); |
|
1572 MACLOGLITDETAIL( "--> CRoapStorageSession::GetTrustedRootsL" ) |
|
1573 } |
|
1574 |
|
1575 // --------------------------------------------------------------------------- |
|
1576 // CRoapStorageSession::GetRootCertificateL |
|
1577 // --------------------------------------------------------------------------- |
|
1578 // |
|
1579 void CRoapStorageSession::GetRootCertificateL( const RMessage2& aMessage ) |
|
1580 { |
|
1581 MACLOGLITDETAIL( "CRoapStorageSession::GetRootCertificateL -->" ) |
|
1582 HBufC8* rootCertBuf( NULL ); |
|
1583 HBufC* subject( NULL ); |
|
1584 TInt size( 0 ); |
|
1585 TPtr data( NULL, 0 ); |
|
1586 RPointerArray<HBufC8> rootCerts; |
|
1587 TPckg<TInt> package( size ); |
|
1588 CX509Certificate* rootCert( NULL ); |
|
1589 HBufC* rootName( NULL ); |
|
1590 TInt i = 0; |
|
1591 |
|
1592 SanitizeL( IPCGETDESLEN1 ); |
|
1593 subject = HBufC::NewLC( User::LeaveIfError( IPCGETDESLEN1 ) ); |
|
1594 data.Set( subject->Des() ); |
|
1595 IPCREAD1L( data ); |
|
1596 |
|
1597 iKeyStorage->GetRootCertificatesL( rootCerts ); |
|
1598 |
|
1599 CleanupResetAndDestroyPushL( rootCerts ); |
|
1600 |
|
1601 for ( i = 0; i < rootCerts.Count() && !rootCertBuf; i++ ) |
|
1602 { |
|
1603 rootCert = CX509Certificate::NewLC( *( rootCerts[i] ) ); |
|
1604 rootName = rootCert->IssuerName().DisplayNameL(); |
|
1605 CleanupStack::PushL( rootName ); |
|
1606 const TInt compareResult( rootName->CompareF( *subject ) ); |
|
1607 CleanupStack::PopAndDestroy( rootName ); |
|
1608 CleanupStack::PopAndDestroy( rootCert ); |
|
1609 if ( compareResult == KErrNone ) |
|
1610 { |
|
1611 rootCertBuf = rootCerts[i]->AllocLC(); |
|
1612 } |
|
1613 } |
|
1614 |
|
1615 if ( !rootCertBuf ) |
|
1616 { |
|
1617 User::Leave( KErrNotFound ); |
|
1618 } |
|
1619 |
|
1620 size = rootCertBuf->Size(); |
|
1621 IPCWRITE0L( package ); |
|
1622 delete iPreparedData; |
|
1623 iPreparedData = NULL; |
|
1624 iPreparedData = rootCertBuf; |
|
1625 |
|
1626 CleanupStack::Pop( rootCertBuf ); |
|
1627 CleanupStack::PopAndDestroy( &rootCerts ); |
|
1628 CleanupStack::PopAndDestroy( subject ); |
|
1629 aMessage.Complete( KErrNone ); |
|
1630 MACLOGLITDETAIL( "--> CRoapStorageSession::GetRootCertificateL" ) |
|
1631 } |
|
1632 |
|
1633 // --------------------------------------------------------------------------- |
|
1634 // CRoapStorageSession::DeleteExpiredContextsL |
|
1635 // --------------------------------------------------------------------------- |
|
1636 // |
|
1637 void CRoapStorageSession::DeleteExpiredContextsL( const RMessage2& aMessage ) |
|
1638 { |
|
1639 MACLOGLITDETAIL( "CRoapStorageSession::DeleteExpiredContextsL -->" ) |
|
1640 TTime time; |
|
1641 TPckg<TTime> package( time ); |
|
1642 |
|
1643 IPCREAD0L( package ); |
|
1644 ROAPDB->DeleteExpiredRightsIssuerContextsL( time ); |
|
1645 ROAPDB->DeleteExpiredDomainContextsL( time ); |
|
1646 |
|
1647 aMessage.Complete( KErrNone ); |
|
1648 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteExpiredContextsL" ) |
|
1649 } |
|
1650 |
|
1651 // --------------------------------------------------------------------------- |
|
1652 // CRoapStorageSession::DeleteAllL |
|
1653 // --------------------------------------------------------------------------- |
|
1654 // |
|
1655 void CRoapStorageSession::DeleteAllL( const RMessage2& aMessage ) |
|
1656 { |
|
1657 |
|
1658 MACLOGLITDETAIL( "CRoapStorageSession::DeleteAllL -->" ) |
|
1659 #ifndef RD_MULTIPLE_DRIVE |
|
1660 |
|
1661 ROAPDB->DeleteAllL( KRIContextFile(), KDomainContextFile() ); |
|
1662 |
|
1663 #else //RD_MULTIPLE_DRIVE |
|
1664 RFs fs; |
|
1665 TInt driveNumber( -1 ); |
|
1666 TChar driveLetter; |
|
1667 DriveInfo::GetDefaultDrive( DriveInfo::EDefaultSystem, driveNumber ); |
|
1668 |
|
1669 User::LeaveIfError( fs.Connect() ); |
|
1670 CleanupClosePushL( fs ); |
|
1671 fs.DriveToChar( driveNumber, driveLetter ); |
|
1672 CleanupStack::PopAndDestroy( &fs ); |
|
1673 |
|
1674 TFileName riContextFile; |
|
1675 riContextFile.Copy( KRIContextFileName ); |
|
1676 __ASSERT_ALWAYS( riContextFile.Length()>0, User::Invariant() ); |
|
1677 riContextFile[0] = ( TUint )driveLetter; |
|
1678 |
|
1679 TFileName domainContextFile; |
|
1680 domainContextFile.Copy( KDomainContextFileName ); |
|
1681 __ASSERT_ALWAYS( domainContextFile.Length()>0, User::Invariant() ); |
|
1682 domainContextFile[0] = ( TUint )driveLetter; |
|
1683 |
|
1684 ROAPDB->DeleteAllL( riContextFile, domainContextFile ); |
|
1685 |
|
1686 #endif |
|
1687 |
|
1688 aMessage.Complete( KErrNone ); |
|
1689 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteAllL" ) |
|
1690 } |
|
1691 |
|
1692 // --------------------------------------------------------------------------- |
|
1693 // CRoapStorageSession::GetMeteringDataL |
|
1694 // --------------------------------------------------------------------------- |
|
1695 // |
|
1696 void CRoapStorageSession::GetMeteringDataL( const RMessage2& aMessage ) |
|
1697 { |
|
1698 MACLOGLITDETAIL( "CRoapStorageSession::GetMeteringDataL -->" ) |
|
1699 #ifndef RD_DRM_METERING |
|
1700 aMessage.Complete( KErrNotSupported ); |
|
1701 #else |
|
1702 HBufC8* riId = NULL; |
|
1703 HBufC8* meteringData = NULL; |
|
1704 HBufC8* encryptedMeteringData = NULL; |
|
1705 RDRMRightsClient client; |
|
1706 TInt mekAndMakSize = 0; |
|
1707 TInt meteringDataSize = 0; |
|
1708 TPtr8 data( NULL, 0 ); |
|
1709 TPtr8 ptr( NULL, 0 ); |
|
1710 TPckg<TInt> MakMek( mekAndMakSize ); |
|
1711 TPckg<TInt> dataSize( meteringDataSize ); |
|
1712 TBuf8<KDCFKeySize> mac; |
|
1713 TBuf8<KDCFKeySize> mek; |
|
1714 TBuf8<KDCFKeySize> initializingVector; |
|
1715 CRSAPublicKey* riPublicKey = NULL; |
|
1716 CX509Certificate* cert = NULL; |
|
1717 CSHA1* hasher = NULL; |
|
1718 TBuf8<SHA1_HASH> encKeyHash; |
|
1719 TX509KeyFactory factory; |
|
1720 TKeyTransportScheme selectedAlgorithm = EOma; |
|
1721 HBufC8* encryptedMekAndMak = NULL; |
|
1722 CDRMRIContext* context = NULL; |
|
1723 |
|
1724 User::LeaveIfError( client.Connect() ); |
|
1725 CleanupClosePushL( client ); |
|
1726 |
|
1727 SanitizeL( aMessage.GetDesLength( 0 ) ); |
|
1728 |
|
1729 riId = HBufC8::NewLC( IPCGETDESLEN0 ); |
|
1730 data.Set( riId->Des() ); |
|
1731 IPCREAD0L( data ); |
|
1732 |
|
1733 // generate mek |
|
1734 mek.SetLength( OmaCrypto::KKeySize ); |
|
1735 TRandom::Random( mek ); |
|
1736 |
|
1737 // generate mac |
|
1738 mac.SetLength( OmaCrypto::KMacSize ); |
|
1739 TRandom::Random( mac ); |
|
1740 |
|
1741 initializingVector.SetLength( KDCFKeySize ); |
|
1742 TRandom::Random( initializingVector ); |
|
1743 |
|
1744 context = CDRMRIContext::NewLC(); |
|
1745 context->SetRIIDL( *riId ); |
|
1746 ROAPDB->FetchRightsIssuerContextL( *context ); |
|
1747 |
|
1748 cert = CX509Certificate::NewLC( *( context->CertificateChain() )[0] ); |
|
1749 |
|
1750 hasher = CSHA1::NewL(); |
|
1751 CleanupStack::PushL( hasher ); |
|
1752 // Calculate SHA1_HASH for RI public key |
|
1753 hasher->Hash( *cert->DataElementEncoding( |
|
1754 CX509Certificate::ESubjectPublicKeyInfo ) ); |
|
1755 encKeyHash.Append( hasher->Final() ); |
|
1756 CleanupStack::PopAndDestroy( hasher ); |
|
1757 |
|
1758 riPublicKey = factory.RSAPublicKeyL( cert->PublicKey().KeyData() ); |
|
1759 CleanupStack::PopAndDestroy( cert ); |
|
1760 cert = NULL; |
|
1761 CleanupStack::PushL( riPublicKey ); |
|
1762 |
|
1763 // check if we are not using OMA algorithms |
|
1764 for ( TInt i = 0; i < context->Algorithms().Count(); i++ ) |
|
1765 { |
|
1766 if ( context->Algorithms()[i]->CompareF( KCmlaIp1() ) == KErrNone ) |
|
1767 { |
|
1768 selectedAlgorithm = ECmlaIp1; |
|
1769 break; |
|
1770 } |
|
1771 } |
|
1772 |
|
1773 // Wrap Mek and Mac with RI's public key |
|
1774 if ( selectedAlgorithm == EOma ) |
|
1775 { |
|
1776 encryptedMekAndMak = OmaCrypto::RsaKemKwsEncryptL( riPublicKey, mek, |
|
1777 mac ); |
|
1778 } |
|
1779 else |
|
1780 { // CMLA |
|
1781 encryptedMekAndMak = CmlaCrypto::CmlaIpEncryptL( selectedAlgorithm, |
|
1782 riPublicKey, mek, mac ); |
|
1783 } |
|
1784 CleanupStack::PopAndDestroy( riPublicKey ); |
|
1785 riPublicKey = NULL; |
|
1786 CleanupStack::PopAndDestroy( context ); |
|
1787 context = NULL; |
|
1788 |
|
1789 CleanupStack::PushL( encryptedMekAndMak ); |
|
1790 |
|
1791 mekAndMakSize = encryptedMekAndMak->Size(); |
|
1792 // Get the actual metering data!!! |
|
1793 meteringData = client.GetMeteringDataL( *riId ); |
|
1794 |
|
1795 if ( !meteringData ) |
|
1796 { |
|
1797 MACLOGLIT( "No metering Data found from DB!:" ) |
|
1798 } |
|
1799 else |
|
1800 { |
|
1801 MACLOGLIT( "Raw meteringData:" ) |
|
1802 MACLOGHEX( meteringData->Ptr(), meteringData->Length() ) |
|
1803 CleanupStack::PushL( meteringData ); |
|
1804 |
|
1805 encryptedMeteringData = DrmAesCrypto::DrmAesEncryptL( mek, |
|
1806 initializingVector, ETrue, meteringData->Des() ); |
|
1807 |
|
1808 CleanupStack::PopAndDestroy( meteringData ); |
|
1809 meteringData = NULL; |
|
1810 |
|
1811 CleanupStack::PushL( encryptedMeteringData ); |
|
1812 |
|
1813 MACLOGLIT( "Ciphered meteringData with 128-bit AESCBC:" ) |
|
1814 MACLOGHEX( encryptedMeteringData->Ptr(), encryptedMeteringData->Length()) |
|
1815 meteringDataSize = encryptedMeteringData->Size(); |
|
1816 } |
|
1817 |
|
1818 IPCWRITE1L( MakMek ); |
|
1819 IPCWRITE2L( dataSize ); |
|
1820 if ( iPreparedData ) |
|
1821 { |
|
1822 delete iPreparedData; |
|
1823 iPreparedData = NULL; |
|
1824 } |
|
1825 iPreparedData = HBufC8::NewL( OmaCrypto::KMacSize + SHA1_HASH |
|
1826 + mekAndMakSize + meteringDataSize ); |
|
1827 ptr.Set( iPreparedData->Des() ); |
|
1828 ptr.Copy( mac ); |
|
1829 ptr.Append( encKeyHash ); |
|
1830 ptr.Append( *encryptedMekAndMak ); |
|
1831 if ( encryptedMeteringData ) |
|
1832 { |
|
1833 ptr.Append( *encryptedMeteringData ); |
|
1834 CleanupStack::PopAndDestroy( encryptedMeteringData ); |
|
1835 } |
|
1836 |
|
1837 MACLOGLIT( "Final iPreparedData:" ) |
|
1838 MACLOGHEX( iPreparedData->Ptr(), iPreparedData->Length() ) |
|
1839 |
|
1840 CleanupStack::PopAndDestroy( encryptedMekAndMak ); |
|
1841 CleanupStack::PopAndDestroy( riId ); |
|
1842 CleanupStack::PopAndDestroy( &client ); |
|
1843 // riId, client |
|
1844 aMessage.Complete( KErrNone ); |
|
1845 #endif //RD_DRM_METERING |
|
1846 MACLOGLITDETAIL( "--> CRoapStorageSession::GetMeteringDataL" ) |
|
1847 } |
|
1848 |
|
1849 // --------------------------------------------------------------------------- |
|
1850 // CRoapStorageSession::DeleteMeteringDataL |
|
1851 // --------------------------------------------------------------------------- |
|
1852 // |
|
1853 void CRoapStorageSession::DeleteMeteringDataL( const RMessage2& aMessage ) |
|
1854 { |
|
1855 MACLOGLITDETAIL( "CRoapStorageSession::DeleteMeteringDataL -->" ) |
|
1856 #ifndef RD_DRM_METERING |
|
1857 aMessage.Complete( KErrNotSupported ); |
|
1858 #else |
|
1859 HBufC8* riId = NULL; |
|
1860 TPtr8 data( NULL, 0 ); |
|
1861 RDRMRightsClient client; |
|
1862 |
|
1863 User::LeaveIfError( client.Connect() ); |
|
1864 CleanupClosePushL( client ); |
|
1865 riId = HBufC8::NewLC( User::LeaveIfError( IPCGETDESLEN0 ) ); |
|
1866 data.Set( riId->Des() ); |
|
1867 IPCREAD0L( data ); |
|
1868 client.DeleteMeteringDataL( *riId ); |
|
1869 |
|
1870 CleanupStack::PopAndDestroy( riId ); |
|
1871 CleanupStack::PopAndDestroy( &client ); |
|
1872 |
|
1873 aMessage.Complete( KErrNone ); |
|
1874 #endif // RD_DRM_METERING |
|
1875 MACLOGLITDETAIL( "--> CRoapStorageSession::DeleteMeteringDataL" ) |
|
1876 } |
|
1877 |
|
1878 // --------------------------------------------------------------------------- |
|
1879 // CRoapStorageSession::GetAllRIContextsL |
|
1880 // --------------------------------------------------------------------------- |
|
1881 // |
|
1882 void CRoapStorageSession::GetAllRIContextsL( const RMessage2& aMessage ) |
|
1883 { |
|
1884 MACLOGLITDETAIL( "CRoapStorageSession::GetAllRIContextsL -->" ) |
|
1885 #ifndef RD_DRM_METERING |
|
1886 aMessage.Complete( KErrNotSupported ); |
|
1887 #else |
|
1888 TInt size = 0; |
|
1889 TPtr8 data( NULL, 0 ); |
|
1890 CDRMPointerArray<CDRMRIContext>* contexts = CDRMPointerArray< |
|
1891 CDRMRIContext>::NewLC(); |
|
1892 contexts->SetAutoCleanup( ETrue ); |
|
1893 |
|
1894 TPckg<TInt> package( size ); |
|
1895 |
|
1896 ROAPDB->FetchAllRightsIssuerContextsL( *contexts ); |
|
1897 |
|
1898 // Calculate the size of the output buffer: |
|
1899 if ( contexts->Count() ) |
|
1900 { |
|
1901 size = contexts->Count() * sizeof(TInt) + sizeof(TInt); |
|
1902 for ( TInt i = 0; i < contexts->Count(); i++ ) |
|
1903 { |
|
1904 size += ( *contexts )[i]->Size(); |
|
1905 } |
|
1906 } |
|
1907 else |
|
1908 { |
|
1909 User::Leave( KErrNotFound ); |
|
1910 } |
|
1911 |
|
1912 IPCWRITE0L( package ); |
|
1913 |
|
1914 // Create a buffer of the proper size and export the data to the buffer: |
|
1915 if ( iPreparedData ) |
|
1916 { |
|
1917 delete iPreparedData; |
|
1918 iPreparedData = NULL; |
|
1919 } |
|
1920 iPreparedData = HBufC8::NewMaxL( size ); |
|
1921 |
|
1922 if ( !iPreparedData ) |
|
1923 { |
|
1924 User::Leave( KErrNoMemory ); |
|
1925 } |
|
1926 |
|
1927 RMemWriteStream stream( ( TAny* )( iPreparedData->Ptr() ), size ); |
|
1928 CleanupClosePushL( stream ); |
|
1929 TInt value = 0; |
|
1930 |
|
1931 for ( TInt i = 0; i < contexts->Count(); i++ ) |
|
1932 { |
|
1933 // Size: |
|
1934 value = ( *contexts )[i]->Size(); |
|
1935 stream.WriteInt32L( value ); |
|
1936 |
|
1937 // Data: |
|
1938 ( *contexts )[i]->ExternalizeL( stream ); |
|
1939 } |
|
1940 // Finishing size: |
|
1941 value = 0; |
|
1942 stream.WriteInt32L( value ); |
|
1943 |
|
1944 CleanupStack::PopAndDestroy( 2, contexts ); // stream, contexts |
|
1945 |
|
1946 aMessage.Complete( KErrNone ); |
|
1947 #endif // RD_DRM_METERING |
|
1948 MACLOGLITDETAIL( "--> CRoapStorageSession::GetAllRIContextsL" ) |
|
1949 } |
|
1950 |
|
1951 // --------------------------------------------------------------------------- |
|
1952 // CRoapStorageSession::UpdateRIContextL |
|
1953 // --------------------------------------------------------------------------- |
|
1954 // |
|
1955 void CRoapStorageSession::UpdateRIContextL( const RMessage2& aMessage ) |
|
1956 { |
|
1957 MACLOGLITDETAIL( "CRoapStorageSession::UpdateRIContextL -->" ) |
|
1958 #ifndef RD_DRM_METERING |
|
1959 aMessage.Complete( KErrNotSupported ); |
|
1960 #else |
|
1961 CDRMRIContext* context = NULL; |
|
1962 HBufC8* contextData = NULL; |
|
1963 TPtr8 data( NULL, 0 ); |
|
1964 TInt size = 0; |
|
1965 |
|
1966 size = User::LeaveIfError( IPCGETDESLEN0 ); |
|
1967 contextData = HBufC8::NewMaxLC( size ); |
|
1968 data.Set( const_cast<TUint8*> ( contextData->Ptr() ), 0, size ); |
|
1969 IPCREAD0L( data ); |
|
1970 context = CDRMRIContext::NewLC(); |
|
1971 context->ImportL( data ); |
|
1972 |
|
1973 // Update RI context: |
|
1974 ROAPDB->UpdateRightsIssuerContextL( *context ); |
|
1975 |
|
1976 CleanupStack::PopAndDestroy( context ); |
|
1977 CleanupStack::PopAndDestroy( contextData ); |
|
1978 aMessage.Complete( KErrNone ); |
|
1979 #endif // RD_DRM_METERING |
|
1980 MACLOGLITDETAIL( "--> CRoapStorageSession::UpdateRIContextL" ) |
|
1981 } |
|
1982 |
|
1983 // --------------------------------------------------------------------------- |
|
1984 // CRoapStorageSession::UpdateDrmTimeL |
|
1985 // --------------------------------------------------------------------------- |
|
1986 // |
|
1987 void CRoapStorageSession::UpdateDrmTimeL( const RMessage2& aMessage ) |
|
1988 { |
|
1989 MACLOGLITDETAIL( "CRoapStorageSession::UpdateDrmTimeL -->" ) |
|
1990 COCSPResponseDecoder* responseDecoder = NULL; |
|
1991 COCSPResponse* response = NULL; |
|
1992 RPointerArray<HBufC8> ocspResponses; |
|
1993 |
|
1994 RPointerArray<HBufC8> riCertChain; |
|
1995 |
|
1996 TBool clockUpdated( EFalse ); |
|
1997 TPckg<TBool> retBuf( clockUpdated ); |
|
1998 |
|
1999 // Some sanity checks |
|
2000 const TInt argLen0( IPCGETDESLEN0 ); |
|
2001 const TInt argLen1( IPCGETDESLEN1 ); |
|
2002 const TInt argLen2( IPCGETDESLEN2 ); |
|
2003 SanitizeL( argLen0 ); |
|
2004 SanitizeL( argLen1 ); |
|
2005 SanitizeL( argLen2 ); |
|
2006 User::LeaveIfError( IPCGETDESLEN3 ); |
|
2007 |
|
2008 RBuf8 readBuf; |
|
2009 CleanupClosePushL( readBuf ); |
|
2010 readBuf.CreateL( Max( argLen0, Max( argLen1, argLen2 ) ) ); |
|
2011 |
|
2012 readBuf.Zero(); |
|
2013 IPCREAD0L( readBuf ); |
|
2014 MACLOGLDETAIL( "---- read Ri Cert Chain ----" ) |
|
2015 MACLOGHEXDETAIL( readBuf.Ptr(), readBuf.Length() ) |
|
2016 riCertChain = BufferToArrayL( readBuf ); |
|
2017 CleanupResetAndDestroyPushL( riCertChain ); |
|
2018 |
|
2019 readBuf.Zero(); |
|
2020 IPCREAD1L( readBuf ); |
|
2021 MACLOGLDETAIL( "---- read serialized OCSP responses ----" ) |
|
2022 MACLOGHEXDETAIL( readBuf.Ptr(), readBuf.Length() ) |
|
2023 ocspResponses = BufferToArrayL( readBuf ); |
|
2024 CleanupResetAndDestroyPushL( ocspResponses ); |
|
2025 |
|
2026 readBuf.Zero(); |
|
2027 IPCREAD2L( readBuf ); |
|
2028 MACLOGLDETAIL( "---- read request nonce ----" ) |
|
2029 MACLOGHEXDETAIL( readBuf.Ptr(), readBuf.Length() ) |
|
2030 const TPtrC8 regReqNonce( readBuf ); // Do not modify readBuf after this. |
|
2031 |
|
2032 // Get trusted roots and root certificates. |
|
2033 RPointerArray<HBufC8> trustedRoots; |
|
2034 CleanupResetAndDestroyPushL( trustedRoots ); |
|
2035 iKeyStorage->GetTrustedRootsL( trustedRoots ); |
|
2036 RPointerArray<HBufC8> rootCertificates; |
|
2037 CleanupResetAndDestroyPushL( rootCertificates ); |
|
2038 iKeyStorage->GetRootCertificatesL( rootCertificates ); |
|
2039 |
|
2040 //First, check, if update is allowed |
|
2041 if ( ocspResponses.Count() ) |
|
2042 { |
|
2043 responseDecoder = COCSPResponseDecoder::NewL( *ocspResponses[0] ); |
|
2044 CleanupStack::PushL( responseDecoder ); |
|
2045 response = responseDecoder->TakeResponse(); // CRoapEng owns the response now |
|
2046 User::LeaveIfNull( response ); |
|
2047 CleanupStack::PopAndDestroy( responseDecoder ); |
|
2048 responseDecoder = NULL; |
|
2049 CleanupStack::PushL( response ); |
|
2050 if ( ::IsTimeUpdateAllowedL( trustedRoots, rootCertificates, |
|
2051 riCertChain, *response, regReqNonce ) ) |
|
2052 { |
|
2053 iLazyClock->UpdateSecureTimeL( response->ProducedAt(), KTzZulu ); |
|
2054 clockUpdated = ETrue; |
|
2055 MACLOGLIT( "DRM time updated" ) |
|
2056 } |
|
2057 |
|
2058 CleanupStack::PopAndDestroy( response ); |
|
2059 } |
|
2060 else |
|
2061 { |
|
2062 MACLOGLIT( "No OCSP responses present!" ) |
|
2063 // So wrong argument got |
|
2064 } |
|
2065 CleanupStack::PopAndDestroy( &rootCertificates ); |
|
2066 CleanupStack::PopAndDestroy( &trustedRoots ); |
|
2067 CleanupStack::PopAndDestroy( &ocspResponses ); |
|
2068 CleanupStack::PopAndDestroy( &riCertChain ); |
|
2069 CleanupStack::PopAndDestroy( &readBuf ); |
|
2070 IPCWRITE3L( retBuf ); |
|
2071 |
|
2072 aMessage.Complete( KErrNone ); |
|
2073 MACLOGLITDETAIL( "--> CRoapStorageSession::UpdateDrmTimeL" ) |
|
2074 } |
|
2075 |
|
2076 // --------------------------------------------------------------------------- |
|
2077 // BufferToArrayL |
|
2078 // Created buffer will contain |
|
2079 // <amount of elements:int32, element data1, element data2...> |
|
2080 // --------------------------------------------------------------------------- |
|
2081 // |
|
2082 LOCAL_C RPointerArray<HBufC8> BufferToArrayL( TDesC8& aBuffer ) |
|
2083 { |
|
2084 TInt32 count = 0; |
|
2085 HBufC8* element = NULL; |
|
2086 RPointerArray<HBufC8> array; |
|
2087 CleanupResetAndDestroyPushL( array ); |
|
2088 TInt size = aBuffer.Size(); |
|
2089 RMemReadStream stream( ( TAny* )( aBuffer.Ptr() ), size ); |
|
2090 CleanupClosePushL( stream ); |
|
2091 |
|
2092 // amount of elements |
|
2093 count = stream.ReadInt32L(); |
|
2094 |
|
2095 // for each element in RPointerArray |
|
2096 for ( TInt i = 0; i < count; i++ ) |
|
2097 { |
|
2098 // Read the element and append it to array |
|
2099 element = HBufC8::NewLC( stream, KMaxElementLength ); |
|
2100 array.AppendL( element ); |
|
2101 CleanupStack::Pop( element ); |
|
2102 } |
|
2103 |
|
2104 CleanupStack::PopAndDestroy( &stream ); |
|
2105 CleanupStack::Pop( &array ); |
|
2106 return array; |
|
2107 } |
|
2108 |
|
2109 // --------------------------------------------------------------------------- |
|
2110 // ArrayToBuffer |
|
2111 // Created buffer will contain <amount of elements:int32, data1, data2 ...> |
|
2112 // --------------------------------------------------------------------------- |
|
2113 // |
|
2114 LOCAL_C HBufC8* ArrayToBufferLC( const RPointerArray<HBufC8>& aArray ) |
|
2115 { |
|
2116 HBufC8* buffer = NULL; |
|
2117 TInt32 sizeOfElements = 0; |
|
2118 |
|
2119 for ( TInt i = 0; i < aArray.Count(); i++ ) |
|
2120 { |
|
2121 sizeOfElements += aArray[i]->Length() + sizeof(TInt); // sizeof(TInt) is for |
|
2122 // element length info |
|
2123 } |
|
2124 // length of elements + amount of elements |
|
2125 sizeOfElements += sizeof(TInt32); |
|
2126 |
|
2127 buffer = HBufC8::NewMaxLC( sizeOfElements ); |
|
2128 |
|
2129 RMemWriteStream stream( ( TAny* )( buffer->Ptr() ), sizeOfElements ); |
|
2130 CleanupClosePushL( stream ); |
|
2131 |
|
2132 stream.WriteInt32L( aArray.Count() ); |
|
2133 |
|
2134 for ( TInt i = 0; i < aArray.Count(); i++ ) |
|
2135 { |
|
2136 stream << *( aArray[i] ); |
|
2137 } |
|
2138 |
|
2139 CleanupStack::PopAndDestroy( &stream ); |
|
2140 |
|
2141 return buffer; |
|
2142 } |
|
2143 |
|
2144 // --------------------------------------------------------------------------- |
|
2145 // UnwrapDomainKeyL |
|
2146 // --------------------------------------------------------------------------- |
|
2147 // |
|
2148 LOCAL_C void UnwrapDomainKeyL( |
|
2149 MDrmKeyStorage* aKeyStorage, |
|
2150 const TDesC8& aProtectedDomainKey, |
|
2151 HBufC8*& aDomainKey, |
|
2152 HBufC8*& aMacKey, |
|
2153 TKeyTransportScheme& aTransportScheme ) |
|
2154 { |
|
2155 MACLOGLITDETAIL( "::UnwrapDomainKeyL -->" ) |
|
2156 TBuf8<OmaCrypto::KMacSize> mac; |
|
2157 TBuf8<OmaCrypto::KKeySize> dk; |
|
2158 TPtrC8 macAndRek( 0, 0 ); |
|
2159 TPtrC8 wrappedCek( 0, 0 ); |
|
2160 |
|
2161 if ( aTransportScheme == EOma ) |
|
2162 { |
|
2163 OmaCrypto::RsaKemKwsDecryptL( aKeyStorage, aProtectedDomainKey, dk, |
|
2164 mac ); |
|
2165 } |
|
2166 else |
|
2167 { |
|
2168 CmlaCrypto::CmlaIpDecryptL( aTransportScheme, aKeyStorage, |
|
2169 aProtectedDomainKey, dk, mac ); |
|
2170 } |
|
2171 |
|
2172 HBufC8* domainKey( dk.AllocLC() ); |
|
2173 aMacKey = mac.AllocL(); |
|
2174 CleanupStack::Pop( domainKey ); |
|
2175 aDomainKey = domainKey; |
|
2176 MACLOGLITDETAIL( "--> ::UnwrapDomainKeyL" ) |
|
2177 } |
|
2178 |
|
2179 // --------------------------------------------------------------------------- |
|
2180 // VerifyMac |
|
2181 // --------------------------------------------------------------------------- |
|
2182 // |
|
2183 LOCAL_C TBool VerifyMacL( |
|
2184 TDesC8& aDomainElements, |
|
2185 TDesC8& aMacs, |
|
2186 RPointerArray<HBufC8>& aMacKeys ) |
|
2187 { |
|
2188 MACLOGLITDETAIL( "::VerifyMacL -->" ) |
|
2189 __UHEAP_MARK; |
|
2190 RPointerArray<HBufC8> domainArray; |
|
2191 RPointerArray<HBufC8> macArray; |
|
2192 CMessageDigest* hMac = NULL; |
|
2193 HBufC8* domainKeyWithNs = NULL; |
|
2194 TPtr8 domainKeyWithNsPtr( NULL, NULL ); |
|
2195 TPtrC8 hmac_value( KNullDesC8 ); |
|
2196 TInt index = 0; |
|
2197 |
|
2198 CleanupResetAndDestroyPushL( domainArray ); |
|
2199 CleanupResetAndDestroyPushL( macArray ); |
|
2200 |
|
2201 domainArray = BufferToArrayL( aDomainElements ); |
|
2202 macArray = BufferToArrayL( aMacs ); |
|
2203 |
|
2204 if ( domainArray.Count() != macArray.Count() || macArray.Count() |
|
2205 != aMacKeys.Count() ) |
|
2206 { |
|
2207 User::Leave( KErrRoapServerFatal ); |
|
2208 } |
|
2209 |
|
2210 //Verify macs |
|
2211 for ( TInt i = 0; i < aMacKeys.Count(); i++ ) |
|
2212 { |
|
2213 // Add ROAP namespaces |
|
2214 domainKeyWithNs = HBufC8::NewLC( domainArray[i]->Length() + 2 |
|
2215 * KRoapXmlNs().Length() ); |
|
2216 domainKeyWithNsPtr.Set( domainKeyWithNs->Des() ); |
|
2217 index = domainArray[i]->Find( KRoapDomainKey() ); |
|
2218 if ( index == KErrNotFound ) |
|
2219 { |
|
2220 index = domainArray[i]->Find( KRoapX509SPKIHash() ); |
|
2221 if ( index == KErrNotFound ) |
|
2222 { |
|
2223 User::Leave( KErrCorrupt ); |
|
2224 } |
|
2225 index += KRoapX509SPKIHash().Length(); |
|
2226 } |
|
2227 else |
|
2228 { |
|
2229 index += KRoapDomainKey().Length(); |
|
2230 } |
|
2231 domainKeyWithNsPtr.Copy( domainArray[i]->Left( index ) ); |
|
2232 domainKeyWithNsPtr.Append( KRoapXmlNs() ); |
|
2233 domainKeyWithNsPtr.Append( domainArray[i]->Right( |
|
2234 domainArray[i]->Length() - index ) ); |
|
2235 |
|
2236 hMac = CMessageDigestFactory::NewHMACLC( CMessageDigest::ESHA1, |
|
2237 *aMacKeys[i] ); |
|
2238 hMac->Update( domainKeyWithNsPtr ); |
|
2239 |
|
2240 hmac_value.Set( hMac->Final() ); |
|
2241 |
|
2242 MACLOGLIT( "DomainKeyElement:" ) |
|
2243 MACLOGHEX( domainKeyWithNsPtr.Ptr(), domainKeyWithNsPtr.Length() ) |
|
2244 MACLOGLIT( "Calculated HMAC_value:" ) |
|
2245 MACLOGHEX( hmac_value.Ptr(), hmac_value.Length() ) |
|
2246 MACLOGLIT( "HMAC_value:" ) |
|
2247 MACLOGHEX( macArray[i]->Ptr(), macArray[i]->Length() ) |
|
2248 |
|
2249 if ( hmac_value.CompareF( *macArray[i] ) != 0 ) |
|
2250 { |
|
2251 // MAC validation failed |
|
2252 User::Leave( KErrRightsServerMacFailed ); |
|
2253 } |
|
2254 CleanupStack::PopAndDestroy( 2, domainKeyWithNs ); // hMac, domainKeyWithNs |
|
2255 } |
|
2256 |
|
2257 CleanupStack::PopAndDestroy( &macArray ); |
|
2258 CleanupStack::PopAndDestroy( &domainArray ); |
|
2259 __UHEAP_MARKEND; |
|
2260 MACLOGLITDETAIL( "--> ::VerifyMacL" ) |
|
2261 return ETrue; |
|
2262 } |
|
2263 |
|
2264 // --------------------------------------------------------------------------- |
|
2265 // CRoapStorageSession::VerifyOcspResponsesL() |
|
2266 // --------------------------------------------------------------------------- |
|
2267 // |
|
2268 void CRoapStorageSession::VerifyOcspResponsesL( const RMessage2& aMessage ) |
|
2269 { |
|
2270 MACLOGLITDETAIL( "CRoapStorageSession::VerifyOcspResponsesL -->" ) |
|
2271 |
|
2272 const TInt argLen0( IPCGETDESLEN0 ); |
|
2273 const TInt argLen1( IPCGETDESLEN1 ); |
|
2274 const TInt argLen2( IPCGETDESLEN2 ); |
|
2275 SanitizeL( argLen0 ); |
|
2276 SanitizeL( argLen1 ); |
|
2277 SanitizeL( argLen2 ); |
|
2278 User::LeaveIfError( IPCGETDESLEN3 ); |
|
2279 |
|
2280 COCSPResponseDecoder* responseDecoder = NULL; |
|
2281 COCSPResponse* response = NULL; |
|
2282 COCSPResponseCertInfo* certInfo = NULL; |
|
2283 COCSPCertID* certID = NULL; |
|
2284 CX509Certificate* ocspCert = NULL; |
|
2285 TBool result = EFalse; |
|
2286 TInt certInfoCount = 0; |
|
2287 TInt found = KErrNone; |
|
2288 CX509Certificate* riCaCert( NULL ); |
|
2289 |
|
2290 TPckg<TBool> package( result ); |
|
2291 |
|
2292 RBuf8 readBuf; |
|
2293 CleanupClosePushL( readBuf ); |
|
2294 readBuf.CreateL( Max( argLen0, Max( argLen1, argLen2 ) ) ); |
|
2295 |
|
2296 // read arguments |
|
2297 IPCREAD0L( readBuf ); |
|
2298 RPointerArray<HBufC8> ocspResponses( BufferToArrayL( readBuf ) ); |
|
2299 CleanupResetAndDestroyPushL( ocspResponses ); |
|
2300 readBuf.Zero(); |
|
2301 |
|
2302 IPCREAD1L( readBuf ); |
|
2303 riCaCert = CX509Certificate::NewLC( readBuf ); |
|
2304 readBuf.Zero(); |
|
2305 |
|
2306 IPCREAD2L( readBuf ); |
|
2307 RPointerArray<HBufC8> certSerialNums( BufferToArrayL( readBuf ) ); |
|
2308 CleanupResetAndDestroyPushL( certSerialNums ); |
|
2309 readBuf.Zero(); |
|
2310 |
|
2311 // Check OcspResponses. Only the very first response is checked. |
|
2312 if ( ocspResponses.Count() ) |
|
2313 { |
|
2314 responseDecoder = COCSPResponseDecoder::NewL( *ocspResponses[0] ); |
|
2315 CleanupStack::PushL( responseDecoder ); |
|
2316 response = responseDecoder->TakeResponse(); |
|
2317 CleanupStack::PopAndDestroy( responseDecoder ); |
|
2318 User::LeaveIfNull( response ); |
|
2319 CleanupStack::PushL( response ); |
|
2320 |
|
2321 if ( !response ) |
|
2322 { |
|
2323 MACLOGLIT( "No OCSP certificate!" ) |
|
2324 User::Leave( KErrArgument ); |
|
2325 } |
|
2326 |
|
2327 result = VerifyOcspCertChainL( *response, riCaCert, ocspCert ); |
|
2328 |
|
2329 CleanupStack::PushL( ocspCert ); |
|
2330 |
|
2331 // validate OCSP response signature and |
|
2332 // that all the RI cert in the chain is valid (status == good) |
|
2333 if ( result ) |
|
2334 { |
|
2335 result = response->VerifySignatureL( |
|
2336 ocspCert->PublicKey().KeyData() ); |
|
2337 } |
|
2338 |
|
2339 if ( result ) |
|
2340 { |
|
2341 certInfoCount = response->CertCount(); |
|
2342 if ( certSerialNums.Count() && result ) |
|
2343 { |
|
2344 TBool isCertStatusFound = EFalse; |
|
2345 for ( TInt i = 0; i < certInfoCount && result; i++ ) |
|
2346 { |
|
2347 certInfo = response->CertInfo( i ); // certInfo is owned by response |
|
2348 certID = certInfo->CertID(); // certID is owned by certInfo |
|
2349 found = certSerialNums[0]->Compare( |
|
2350 certID->SerialNumber() ); |
|
2351 if ( found == KErrNone ) |
|
2352 { |
|
2353 isCertStatusFound = ETrue; |
|
2354 if ( certInfo->Status() != OCSP::EGood ) |
|
2355 { |
|
2356 result = EFalse; |
|
2357 } |
|
2358 } |
|
2359 } |
|
2360 if ( !isCertStatusFound ) |
|
2361 { |
|
2362 result = EFalse; |
|
2363 } |
|
2364 } |
|
2365 } |
|
2366 |
|
2367 CleanupStack::PopAndDestroy( ocspCert ); |
|
2368 CleanupStack::PopAndDestroy( response ); |
|
2369 } |
|
2370 CleanupStack::PopAndDestroy( &certSerialNums ); |
|
2371 CleanupStack::PopAndDestroy( riCaCert ); |
|
2372 CleanupStack::PopAndDestroy( &ocspResponses ); |
|
2373 CleanupStack::PopAndDestroy( &readBuf ); |
|
2374 |
|
2375 #ifdef _ROAP_TESTING |
|
2376 if ( result ) |
|
2377 { |
|
2378 MACLOGLIT( "OCSP response verification ok." ) |
|
2379 } |
|
2380 else |
|
2381 { |
|
2382 MACLOGLIT( "OCSP response verification failed." ) |
|
2383 } |
|
2384 #endif |
|
2385 |
|
2386 #ifdef _DISABLE_OCSP_CHECK |
|
2387 result = ETrue; |
|
2388 #endif |
|
2389 IPCWRITE3L( package ); |
|
2390 aMessage.Complete( KErrNone ); |
|
2391 MACLOGLITDETAIL( "--> CRoapStorageSession::VerifyOcspResponsesL" ) |
|
2392 } |
|
2393 // --------------------------------------------------------------------------- |
|
2394 // CRoapStorageSession::GetOcspResponderIdL |
|
2395 // --------------------------------------------------------------------------- |
|
2396 // |
|
2397 void CRoapStorageSession::GetOcspResponderIdL( const RMessage2& aMessage ) |
|
2398 { |
|
2399 MACLOGLITDETAIL( "CRoapStorageSession::GetOCSPResponderIdL -->" ) |
|
2400 COCSPResponseDecoder* rd( NULL ); |
|
2401 COCSPResponse* response( NULL ); |
|
2402 |
|
2403 RPointerArray<CX509Certificate> certArray; |
|
2404 CX509Certificate* cert( NULL ); |
|
2405 CSHA1* hash( NULL ); |
|
2406 TInt pos( 0 ); |
|
2407 TInt size( 0 ); |
|
2408 TPckg<TInt> sizeArg( size ); |
|
2409 |
|
2410 SanitizeL( IPCGETDESLEN0 ); |
|
2411 User::LeaveIfError( IPCGETDESLEN1 ); |
|
2412 CleanupResetAndDestroyPushL( certArray ); |
|
2413 |
|
2414 HBufC8* riId( HBufC8::NewLC( IPCGETDESLEN0 ) ); |
|
2415 TPtr8 data( riId->Des() ); |
|
2416 IPCREAD0L( data ); |
|
2417 if ( riId->Length() != SHA1_HASH ) |
|
2418 { |
|
2419 User::Leave( KErrArgument ); |
|
2420 } |
|
2421 CDRMRIContext* context( CDRMRIContext::NewLC() ); |
|
2422 context->SetRIIDL( *riId ); |
|
2423 CleanupStack::Pop( context ); |
|
2424 CleanupStack::PopAndDestroy( riId ); |
|
2425 riId = NULL; |
|
2426 CleanupStack::PushL( context ); |
|
2427 ROAPDB->FetchRightsIssuerContextL( *context ); |
|
2428 |
|
2429 const RPointerArray<HBufC8>& ocspResponses( context->OCSPResponse() ); |
|
2430 // Fetch OCSP response from given RiId |
|
2431 |
|
2432 if ( !ocspResponses.Count() ) |
|
2433 { |
|
2434 User::Leave( KErrRoapDevice ); |
|
2435 } |
|
2436 |
|
2437 rd = COCSPResponseDecoder::NewL( *ocspResponses[0] ); |
|
2438 CleanupStack::PushL( rd ); |
|
2439 response = rd->TakeResponse(); // CRoapEng owns the response now |
|
2440 CleanupStack::PopAndDestroy( rd ); |
|
2441 rd = NULL; |
|
2442 CleanupStack::PopAndDestroy( context ); |
|
2443 context = NULL; |
|
2444 User::LeaveIfNull( response ); |
|
2445 |
|
2446 CleanupStack::PushL( response ); |
|
2447 const TPtrC8* ocspCerts( response->SigningCerts() ); |
|
2448 |
|
2449 TBool ocspResponseUsable( EFalse ); |
|
2450 // Get SecureTime from ClockServer |
|
2451 TTime secureTime; |
|
2452 TInt zone( KTzZulu ); |
|
2453 DRMClock::ESecurityLevel securityLevel( DRMClock::KInsecure ); |
|
2454 iLazyClock->GetSecureTimeL( secureTime, zone, securityLevel ); |
|
2455 |
|
2456 if ( securityLevel == DRMClock::KSecure ) |
|
2457 { |
|
2458 ocspResponseUsable = ETrue; |
|
2459 } |
|
2460 // Verify that OCSP responses are not expired |
|
2461 for ( TInt i( 0 ); ocspResponseUsable && i < response->CertCount(); ++i ) |
|
2462 { |
|
2463 const TTime* nextUpdate( response->CertInfo( i )->NextUpdate() ); |
|
2464 if ( !nextUpdate || *nextUpdate <= secureTime || response->CertInfo( |
|
2465 i )->RevocationTime() ) |
|
2466 { |
|
2467 ocspResponseUsable = EFalse; |
|
2468 } |
|
2469 } |
|
2470 |
|
2471 if ( ocspResponseUsable ) |
|
2472 { |
|
2473 while ( ocspCerts && pos < ocspCerts->Length() ) |
|
2474 { |
|
2475 cert = CX509Certificate::NewLC( *ocspCerts, pos ); |
|
2476 certArray.AppendL( cert ); |
|
2477 CleanupStack::Pop( cert ); |
|
2478 } |
|
2479 ocspCerts = NULL; |
|
2480 } |
|
2481 CleanupStack::PopAndDestroy( response ); |
|
2482 response = NULL; |
|
2483 |
|
2484 if ( cert ) |
|
2485 { |
|
2486 // hash the SubjectPublicKeyInfo element |
|
2487 hash = CSHA1::NewL(); |
|
2488 CleanupStack::PushL( hash ); |
|
2489 hash->Hash( *cert->DataElementEncoding( |
|
2490 CX509Certificate::ESubjectPublicKeyInfo ) ); |
|
2491 |
|
2492 delete iPreparedData; |
|
2493 iPreparedData = NULL; |
|
2494 iPreparedData = hash->Final().AllocL(); |
|
2495 CleanupStack::PopAndDestroy( hash ); |
|
2496 size = iPreparedData->Length(); |
|
2497 MACLOGLIT( "Got OCSP responder" ) |
|
2498 MACLOGHEX( iPreparedData->Ptr(), iPreparedData->Length() ) |
|
2499 } |
|
2500 CleanupStack::PopAndDestroy( &certArray ); |
|
2501 IPCWRITE1L( sizeArg ); |
|
2502 aMessage.Complete( KErrNone ); |
|
2503 MACLOGLITDETAIL( "--> CRoapStorageSession::GetOCSPResponderIdL" ) |
|
2504 } |
|
2505 |
|
2506 // End of File |