|
1 // Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 /** |
|
17 @file CNwssWspSession.h |
|
18 @warning : This file contains Rose Model ID comments - please do not delete |
|
19 */ |
|
20 |
|
21 #ifndef __CNWSSWSPSESSION_H__ |
|
22 #define __CNWSSWSPSESSION_H__ |
|
23 |
|
24 // System includes |
|
25 #include <e32base.h> |
|
26 #include <wapcli.h> |
|
27 #include <ssl.h> |
|
28 #include <http/framework/logging.h> |
|
29 |
|
30 // Local includes |
|
31 #include "mnwsswapserver.h" |
|
32 |
|
33 // Forward declarations |
|
34 class MNwssWapServer; |
|
35 class MConnectionInfoProvider; |
|
36 class MSecurityPolicy; |
|
37 |
|
38 |
|
39 /** |
|
40 @since 7.0 |
|
41 This abstract class encapsulates a WSP session as implemented by the NWSS WAP |
|
42 Stack. It must be specialised to provide Connection-Oriented or Connectionless |
|
43 WSP services. It is an Active Object class, and uses an active state machine |
|
44 to drive a WTLS handshake through four phases. For non-secure WSP sessions, |
|
45 the handshake is skipped, and two phases are used to complete a WSP connection. |
|
46 */ |
|
47 |
|
48 //##ModelId=3C4C46CF020B |
|
49 class CNwssWspSession : public CActive |
|
50 { |
|
51 // Unit testing only - give friendship to a public state accessor |
|
52 #ifdef __UNIT_TESTING__ |
|
53 friend class TNwssWspCOSession_StateAccessor; |
|
54 #endif |
|
55 |
|
56 public: // type defections / enumerations |
|
57 |
|
58 /** An enumeration of the states the CNwssWspSession class can be in. When in the |
|
59 EReady state, further processing is done in the derived session class. |
|
60 */ |
|
61 enum TState |
|
62 { |
|
63 EDisconnected, //< the initial state following construction in which there is no WSP session open or connected |
|
64 ESessionOpen, //< the state in which a WSP session has been opened (either CO or CL) |
|
65 EDoingWtlsPhase1, //< the state during a phase 1 WTLS handshake |
|
66 ECheckingServerCert, //< the state during presentation of an untrusted WTLS certificate |
|
67 EDoingWtlsPhase2, //< the state during a phase 2 WTLS handshake |
|
68 ECheckingNegotiated, //< the state in which the negotiated security settings are checked with the security policy following a successful handshake |
|
69 EReady //< the state in which the WSP session is processing events (either CO or CL) |
|
70 }; |
|
71 |
|
72 public: // methods |
|
73 |
|
74 /** Destructor. |
|
75 @since 7.0 |
|
76 */ |
|
77 //##ModelId=3C4C46CF0311 |
|
78 virtual ~CNwssWspSession(); |
|
79 |
|
80 /** Get the Server Certificate for this session. |
|
81 @param aServerCert A TCertInfo which will be filled with the certificate information |
|
82 @return An error code. KErrNone if aServerCert has been completed, otherwise one of |
|
83 the system wide error codes |
|
84 */ |
|
85 //##ModelId=3C9B094B0393 |
|
86 TInt ServerCert(TCertInfo& aCertInfo); |
|
87 |
|
88 protected: // methods |
|
89 |
|
90 /** Normal constructor. Creates an instance of the session, keeping |
|
91 references to the supplied providers from the client. |
|
92 @since 7.0 |
|
93 @param aStringPool (in) The client's string pool. |
|
94 @param aWapStackProvider (in) An owner of a WAP stack server session. |
|
95 @param aConnInfoProvider (in) A collection of client interfaces that |
|
96 provide connection-related information |
|
97 @param aSecurityPolicy (in) A security policy provider. |
|
98 */ |
|
99 //##ModelId=3C4C46CF02F3 |
|
100 CNwssWspSession(RStringPool& aStringPool, |
|
101 MNwssWapServer& aWapStackProvider, |
|
102 MConnectionInfoProvider& aConnInfoProvider, |
|
103 MSecurityPolicy& aSecurityPolicy); |
|
104 |
|
105 /** Second phase construction. Does initial allocations required |
|
106 for this class. |
|
107 @since 7.0 |
|
108 @leave System error codes, e.g. KErrNoMemory |
|
109 */ |
|
110 //##ModelId=3C4C46CF02F2 |
|
111 void BaseConstructL(); |
|
112 |
|
113 /** Used by sub-classes to initiate a new connection to a WAP proxy, |
|
114 the various steps of which are performed in an asynchronous |
|
115 state machine in this class. |
|
116 @since 7.0 |
|
117 */ |
|
118 //##ModelId=3C4C46CF02EA |
|
119 void InitiateProxyConnection(); |
|
120 |
|
121 /** Accessor to the state, for use by subclasses. |
|
122 @since 7.0 |
|
123 @return The current state of this object. |
|
124 */ |
|
125 //##ModelId=3C591A970069 |
|
126 TState State() const; |
|
127 |
|
128 /** Callback for use by sub-classes, to indicate when the session |
|
129 with a WAP proxy has been disconnected. Causes the WSP session |
|
130 to be closed. |
|
131 @since 7.0 |
|
132 @return A system error code. |
|
133 */ |
|
134 //##ModelId=3C4C46CF02E9 |
|
135 TInt SessionDisconnectedCallback(); |
|
136 |
|
137 /** Map NWSS stack error codes to local panic codes. Panics the |
|
138 client using the mapped panic code. |
|
139 @since 7.0 |
|
140 */ |
|
141 //##ModelId=3C4C46CF02DF |
|
142 void MapToPanic(TInt aErrorCode) const; |
|
143 |
|
144 private: // methods inherited from CActive |
|
145 |
|
146 /** Called when the active object fires, ie. its asynchronous request |
|
147 has completed |
|
148 @since 7.0 |
|
149 @leave System error codes, e.g. KErrNoMemory and internal error codes |
|
150 generated for WTLS handshake failures, see <wsperror.h> |
|
151 */ |
|
152 //##ModelId=3C4C46CF02DE |
|
153 virtual void RunL(); |
|
154 |
|
155 /** Called if RunL leaves, to allow the AO to handle the error before |
|
156 the scheduler does |
|
157 @since 7.0 |
|
158 @param aError (in) The error code to be handled, which RunL() left with |
|
159 @return A final error code, should aError not have been handled, which the |
|
160 active scheduler handles. |
|
161 */ |
|
162 //##ModelId=3C4C46CF02D5 |
|
163 virtual TInt RunError(TInt aError); |
|
164 |
|
165 /** Cancellation protocol for the active object. It cancels any |
|
166 outstanding requests it has made, according to its state. |
|
167 @since 7.0 |
|
168 */ |
|
169 //##ModelId=3C4C46CF02D4 |
|
170 virtual void DoCancel(); |
|
171 |
|
172 private: // methods to be implemented in derived classes |
|
173 |
|
174 /**Hook that allows the class to cause a particular type of |
|
175 WSP session to the specified proxy to be opened. Must be |
|
176 implemented in sub-classes which deal with either CO or CL |
|
177 WSP. |
|
178 @since 7.0 |
|
179 @param aRemoteHost (in) The bearer-dependent address of the proxy. |
|
180 @param aRemotePort (in) The proxy port to which a connection is made. |
|
181 @param aLocalPort (in) (optional) The local port to which proxy replies |
|
182 are sent. A value of zero means 'don't care'. |
|
183 @param aBearer (in) The bearer on which the connection is made. |
|
184 @param aSecureConn (in) Flag indicating whether WTLS is to be used. |
|
185 @return A system error code originating from the NWSS WAP Stack. |
|
186 */ |
|
187 //##ModelId=3C4C46CF02AC |
|
188 virtual TInt OpenWspSession(const TDesC8& aRemoteHost, |
|
189 RWAPConn::TPort aRemotePort, |
|
190 RWAPConn::TPort aLocalPort, |
|
191 TBearer aBearer, |
|
192 TBool aSecureConn) = 0; |
|
193 |
|
194 /**Hook that allows the class to cause an opened WSP session to |
|
195 be closed. Must be implemented in sub-classes which deal with |
|
196 either CO or CL WSP. |
|
197 @since 7.0 |
|
198 @return A system error code originating from the NWSS WAP Stack. |
|
199 */ |
|
200 //##ModelId=3C591A97000E |
|
201 virtual TInt CloseWspSession() = 0; |
|
202 |
|
203 /**Hook that allows the class to perform any required actions to |
|
204 complete a connection to the WAP Proxy after the WSP session |
|
205 has been opened, and optionally a WTLS handshake performed. |
|
206 Must be implemented in sub-classes which deal with either CO or |
|
207 CL WSP. |
|
208 @since 7.0 |
|
209 @leave A system error code originating from the NWSS WAP Stack. |
|
210 */ |
|
211 //##ModelId=3C4C46CF02A3 |
|
212 virtual void CompleteProxyConnectionL() = 0; |
|
213 |
|
214 /** Obtains the WTLS handle from the current opened WSP session. |
|
215 Must be implemented in sub-classes which deal with either CO or |
|
216 CL WSP. |
|
217 @since 7.0 |
|
218 @return A handle for the WTLS layer of the WAP protocol stack. |
|
219 */ |
|
220 //##ModelId=3C4C46CF02A2 |
|
221 virtual RWTLS WtlsHnd() = 0; |
|
222 |
|
223 /** Allows sub-classes to perform specific actions in response to |
|
224 this class' RunError(). This is called in the EReady state, |
|
225 where processing in the RunL is performed in the sub-class. In |
|
226 practice, this will handle situations where |
|
227 CompleteProxyConnectionL() has left. |
|
228 @since 7.0 |
|
229 @param aError (in) The error code to be handled, which RunL() left with |
|
230 */ |
|
231 //##ModelId=3C4C46CF029A |
|
232 virtual void DoRunError(TInt aError) = 0; |
|
233 |
|
234 /** Allows sub-classes to perform specific actions in response to |
|
235 this class' DoCancel(). This is called in the EReady state. |
|
236 @since 7.0 |
|
237 @return Flag indicating whether, following cancellation, this class |
|
238 must return to the EDisconnected state. |
|
239 */ |
|
240 //##ModelId=3C591A9603A6 |
|
241 virtual TBool SubDoCancel() = 0; |
|
242 |
|
243 private: // methods called from the RunL state machine |
|
244 |
|
245 /** Open the WSP session to the proxy identified by the |
|
246 client's Proxy Info Provider. |
|
247 @since 7.0 |
|
248 @leave System-wide error codes, e.g. KErrNoMemory |
|
249 @return Flag indicating whether WTLS is to be used or not. |
|
250 */ |
|
251 //##ModelId=3C4C46CF0299 |
|
252 TBool OpenWapProxyL(); |
|
253 |
|
254 |
|
255 /** Pre-handshake phase of WTLS negotiations with the WAP Stack. |
|
256 The WTLS settings are configured according to the security |
|
257 policy plug-in. |
|
258 @since 7.0 |
|
259 @leave System error codes, e.g. KErrNoMemory |
|
260 */ |
|
261 //##ModelId=3C4C46CF0298 |
|
262 void DoWTLSConnectionPreHandshakeL(); |
|
263 |
|
264 /**First phase of WTLS negotiations with the WAP Stack - the first |
|
265 of two phases for authentication, but the one and only phase |
|
266 for anonymous. |
|
267 @since 7.0 |
|
268 */ |
|
269 //##ModelId=3C4C46CF028E |
|
270 void DoWTLSConnectionPhaseOne(TBool aTwoPhaseHandshake); |
|
271 |
|
272 /**Cancellation of phase 1 of the secure handshake, if eg. ciphers |
|
273 are not available or a certificate was not obtained, or the |
|
274 entire connection has been cancelled. |
|
275 @since 7.0 |
|
276 */ |
|
277 //##ModelId=3C4C46CF0287 |
|
278 void CancelWTLSConnectionPhaseOne(); |
|
279 |
|
280 /**Mid phase of WTLS negotiations - used only for authenticating |
|
281 connections - obtains the WAP Gateway certificate information |
|
282 and asks the security policy to determine if it the server can |
|
283 be trusted. |
|
284 @since 7.0 |
|
285 @leave System error codes, e.g. KErrNoMemory and internal error codes |
|
286 generated for WTLS handshake failures, see <wsperror.h> |
|
287 */ |
|
288 //##ModelId=3C4C46CF0286 |
|
289 void ValidateUntrustedServerCertL(); |
|
290 |
|
291 /**Gets the server certificate from the wap stack and converts it |
|
292 to a TCertInfo which is stored in iServerCert. |
|
293 @since 7.0 |
|
294 @leave System error codes, e.g. KErrNoMemory and internal error codes |
|
295 generated for WTLS handshake failures, see <wsperror.h> |
|
296 */ |
|
297 //##ModelId=3C9B094B0310 |
|
298 void GetServerCertL(); |
|
299 |
|
300 /**Cancel the validation of an untrusted server cert. |
|
301 @since 7.0 |
|
302 */ |
|
303 //##ModelId=3C591A96036A |
|
304 void CancelValidateUntrustedServerCert(); |
|
305 |
|
306 /**Second phase of WTLS negotiations with the WAP Stack (used for |
|
307 authenticating connections only). |
|
308 @since 7.0 |
|
309 */ |
|
310 //##ModelId=3C4C46CF0285 |
|
311 void DoWTLSConnectionPhaseTwo(); |
|
312 |
|
313 /**Cancellation of phase 2 of the secure handshake, if eg. ciphers |
|
314 are not available or a certificate was not obtained, or the |
|
315 entire connection has been cancelled. |
|
316 @since 7.0 |
|
317 */ |
|
318 //##ModelId=3C4C46CF0284 |
|
319 void CancelWTLSConnectionPhaseTwo(); |
|
320 |
|
321 /**Post-security handshake finalisation of WTLS via the WAP Stack. |
|
322 @since 7.0 |
|
323 @leave System error codes, e.g. KErrNoMemory and internal error codes |
|
324 generated for WTLS handshake failures, see <wsperror.h> |
|
325 */ |
|
326 //##ModelId=3C4C46CF027C |
|
327 void DoWTLSConnectionPostHandshakeL(); |
|
328 |
|
329 /**Short-cut for call to the security policy plug-in, which checks |
|
330 a named property to see if anonymous authentication is allowed |
|
331 or not. |
|
332 @return Flag indicating whether, the policy allows anonymous handshakes. |
|
333 @since 7.0 |
|
334 */ |
|
335 //##ModelId=3C4C46CF027B |
|
336 TBool AnonymousAuthenticationAllowedL(); |
|
337 |
|
338 /**Active object self completion. |
|
339 @since 7.0 |
|
340 */ |
|
341 //##ModelId=3C4C46CF027A |
|
342 void CompleteSelf(); |
|
343 |
|
344 #ifdef _DEBUG |
|
345 private: // Debug-only methods that dump negotiated WTLS parameters |
|
346 |
|
347 /**Writes details to log of a ciphersuite, either requested or negotiated. |
|
348 @since 7.0 |
|
349 @param aCipherSuite (in) A NWSS WAP stack cipher suite representation |
|
350 @param aRequested (in) Flag that determines if 'requested' or 'negotiated' is written |
|
351 on the log line. |
|
352 */ |
|
353 //##ModelId=3C9B094B01BC |
|
354 void DumpCipherSuite(RWTLS::TCipherSuite aCipherSuite, TBool aRequested); |
|
355 |
|
356 /**Writes details to log of a key exchange suite, either requested or negotiated. |
|
357 @since 7.0 |
|
358 @param aKeyExchSuite (in) A NWSS WAP stack key exchange suite representation |
|
359 @param aStackIdType (in) A NWSS WAP stack ID type representation |
|
360 @param aRequested (in) Flag that determines if 'requested' or 'negotiated' is written |
|
361 on the log line. |
|
362 */ |
|
363 //##ModelId=3C9B094A03E1 |
|
364 void DumpKeyExchangeSuite(RWTLS::TKeyExchangeSuite aKeyExchSuite, RWTLS::TIdType aStackIdType, TBool aRequested); |
|
365 |
|
366 /**Writes details to log of a sequence number mode, either requested or negotiated. |
|
367 @since 7.0 |
|
368 @param aSeqNumMode (in) A NWSS WAP stack sequence number mode representation |
|
369 @param aRequested (in) Flag that determines if 'requested' or 'negotiated' is written |
|
370 on the log line. |
|
371 */ |
|
372 //##ModelId=3C9B094A0297 |
|
373 void DumpSequenceNumberMode(RWTLS::TSequenceNumberMode aSeqNumMode, TBool aRequested); |
|
374 |
|
375 //##ModelId=3C9B094A0156 |
|
376 void DumpKeyRefreshRate(TUint8 aKeyRefreshRate, TBool aRequested); |
|
377 //##ModelId=3C9B094A0098 |
|
378 void DumpSharedSecret(const TDesC8& aSharedSecret); |
|
379 //##ModelId=3C9B09490340 |
|
380 void DumpRecordLengthUsage(TBool aRecordLengthUsage, TBool aRequested); |
|
381 |
|
382 #endif |
|
383 |
|
384 protected: // attributes |
|
385 |
|
386 /** Logger handle |
|
387 */ |
|
388 __DECLARE_LOG |
|
389 |
|
390 /** The client's string pool - not opened or closed here |
|
391 */ |
|
392 //##ModelId=3C4C46CF0272 |
|
393 RStringPool& iStringPool; |
|
394 |
|
395 /** The WAP Stack provider |
|
396 */ |
|
397 //##ModelId=3C4C46CF0265 |
|
398 MNwssWapServer& iWapStackProvider; |
|
399 |
|
400 /** The client connection information provider |
|
401 */ |
|
402 //##ModelId=3C4C46CF0253 |
|
403 MConnectionInfoProvider& iConnInfoProvider; |
|
404 |
|
405 private: // attributes |
|
406 |
|
407 /** State of the WSP session |
|
408 */ |
|
409 //##ModelId=3C4D961900D5 |
|
410 TState iState; |
|
411 |
|
412 /** Security policy provider |
|
413 */ |
|
414 //##ModelId=3C4C46CF023D |
|
415 MSecurityPolicy& iSecurityPolicy; |
|
416 |
|
417 /** Flag that records if the secure handshake resulted in anonymous key exchange suites |
|
418 being agreed with the WAP proxy. |
|
419 */ |
|
420 //##ModelId=3C9B09490321 |
|
421 TBool iHandshakeWasAnonymous; |
|
422 |
|
423 /** Storage for the WAP proxy's server certificate, in the form used by the |
|
424 security policy plugin |
|
425 */ |
|
426 //##ModelId=3C4D95A40325 |
|
427 TCertInfo iServerCert; |
|
428 |
|
429 /** Flag indicating that the variable iServerCert contains a valid server certificate */ |
|
430 //##ModelId=3C9B09490303 |
|
431 TBool iServerCertValid; |
|
432 }; |
|
433 |
|
434 |
|
435 #endif // __CNWSSWSPSESSION_H__ |