FCL/sf/mw/securitysrv: comparison gba/gbafilter/src/HTTPFilterGBA.cpp

equal deleted inserted replaced

--1:000000000000
+:164170e6151a
+/*
+* Copyright (c) 2007 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  Implementation of CHTTPFilterGBA
+*
+*/
+#include <http/rhttptransaction.h>
+#include <http/rhttpheaders.h>
+#include <http/rhttpresponse.h>
+#include <httperr.h>
+#include <httpstringconstants.h>
+#include <imcvcodc.h>      //for base64 en/decoding
+#include "HTTPFilterGBA.h"
+#include "GbaCommon.h"
+#include <bautils.h>
+#include <e32math.h>
+#include <hash.h>
+#include <e32const.h>
+#include "GBALogger.h"
+//Constants
+const TInt KStatusTextLength512 = 512;
+const TInt KB64KeySize = 64;
+const TInt KIntegerConstant8 = 8;
+const TInt KIntegerConstant32 = 32;
+const TInt KIntegerConstant33 = 33;
+// Length of a digest hash when represented in hex
+const TInt KHashLength = 32;
+// Length of a digest hash before converting to hex.
+const TInt KRawHashLength = 16;
+// Length of nonce-count
+const TInt KNonceCountLength = 8;
+_LIT8( KUserAgentProductToken,"3gpp-gba");
+_LIT8(K3GPPRealmString,"3GPP-Bootstrapping@");
+_LIT8( KMd5AlgorithmStr, "MD5" );
+_LIT8( KMd5SessAlgorithmStr, "MD5-sess" );
+_LIT8( KQopAuthStr, "auth" );
+_LIT8( KQopAuthIntStr, "auth-int" );
+_LIT8( KAuthenticationInfoStr, "Authentication-Info" );
+_LIT8( KColon, ":" );
+_LIT8( KDefaultProtocolAlg, "\x01\x00\x00\x00\x02");
+_LIT(KGBAHttpFilter, "HTTP FILTER GBA");
+// format for output of data/time values
+#if defined (_DEBUG) && defined (_LOGGING)
+_LIT(KDateFormat,"%D%M%Y%/0%1%/1%2%/2%3%/3 %:0%H%:1%T%:2%S.%C%:3");
+#endif
+void PanicGBAHttpFilters(TInt aErr = 0)
+{
+User::Panic(KGBAHttpFilter, aErr);
+}
+// ============================ MEMBER FUNCTIONS ===============================
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::CHTTPFilterGBA
+// Constructor
+// -----------------------------------------------------------------------------
+//
+CHTTPFilterGBA::CHTTPFilterGBA()
+		: iBootstrapCount(0),iHaveGbaBootstrapCredentials(EFalse)
+{
+}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::InstallFilterL
+// Initialize the filter and register it to sesssion's filter collection
+// -----------------------------------------------------------------------------
+//
+CEComFilter* CHTTPFilterGBA::InstallFilterL(TAny* aParams)
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::CHTTPFilterGBA++"));
+	__ASSERT_DEBUG(aParams != NULL, PanicGBAHttpFilters());
+	RHTTPSession* session = REINTERPRET_CAST(RHTTPSession*, aParams);
+	CHTTPFilterGBA* filter = new (ELeave) CHTTPFilterGBA();
+	CleanupStack::PushL(filter);
+	filter->ConstructL(*session);
+	CleanupStack::Pop(filter);
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::CHTTPFilterGBA--"));
+	return filter;
+}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::ConstructL
+// Memory and resource allocation, leaves
+// -----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::ConstructL(RHTTPSession aSession)
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::ConstructL++"));
+	//......................................................................................
+	//Unload GBA http filter from existing GBA and MBMS server's
+	//This GBA http filter cannot be loaded from old GBA server (GBAServer) and it's
+	//Required to reject a filter loading request from a GBA server  on existing platforms
+	//where GBA component is already built-in and the GBA server UID3 is 0x2000F868
+	//Note- some s60 3.2 and 5.0 platforms already has GBA component as built in.
+	//Reason: Ub interface should not have the User-Agent string "3gpp-gba"
+if( RProcess().SecureId() == TSecureId (0x2000F868))
+{
+	GBA_TRACE_DEBUG(("Not accessible from GBA Server++"));
+return;
+}
+//This GBA http filter cannot be loaded from MBMS server (MBMSServer) and it's
+//Required to reject a filter loading request from a MBMS server
+//where MBMS component is already build-in[N96 platforms only] and the mbms server UID3 is 0x2001957B
+//Reason: Ub interface should not have the User-Agent string "3gpp-gba"
+if( RProcess().SecureId() == TSecureId (0x2001957B))
+{
+GBA_TRACE_DEBUG(("Not accessible from MBMS Server++"));
+return;
+}
+//......................................................................................
+	iProtocolIdentifier.Copy(KDefaultProtocolAlg);
+	iUICCLabel = KUSIM;
+	iStringPool = aSession.StringPool();
+	// register the filter
+	RStringF filterName = iStringPool.OpenFStringL( KHTTPFilterGBAName );
+	CleanupClosePushL( filterName );
+iOpaqueStr = iStringPool.StringF( HTTP::EOpaque, RHTTPSession::GetTable() );
+iNonceStr = iStringPool.StringF( HTTP::ENonce, RHTTPSession::GetTable() );
+iQopStr = iStringPool.StringF( HTTP::EQop, RHTTPSession::GetTable() );
+iStaleStr = iStringPool.StringF( HTTP::EStale, RHTTPSession::GetTable() );
+iMd5Str = iStringPool.OpenFStringL( KMd5AlgorithmStr );
+iMd5SessStr = iStringPool.OpenFStringL( KMd5SessAlgorithmStr );
+iQopAuthStr = iStringPool.OpenFStringL( KQopAuthStr );
+iAuthInfo = iStringPool.OpenFStringL( KAuthenticationInfoStr );
+iRealmStr = iStringPool.StringF( HTTP::ERealm, RHTTPSession::GetTable() );
+iUsernameStr = iStringPool.StringF( HTTP::EUsername, RHTTPSession::GetTable() );
+iPasswordStr = iStringPool.StringF( HTTP::EPassword, RHTTPSession::GetTable() );
+	iUserAgent = iStringPool.OpenFStringL( KUserAgentProductToken );
+//Regsiter for THTTPEvent::ESubmit http event
+//The User-Agent string gets appended with "3gpp-gba" string,
+//indicating client is gba capable to the application server.
+aSession.FilterCollection().AddFilterL( *this,
+THTTPEvent::ESubmit,
+RStringF(),
+KAnyStatusCode,
+EStatusCodeHandler,
+filterName);
+//Regsiter for THTTPEvent::EGotResponseHeaders http event with "Authentication-Info" header
+//and HTTPStatus::EOk http status code,just to know if the credentials established are valid.
+aSession.FilterCollection().AddFilterL( *this,
+THTTPEvent::EGotResponseHeaders,
+iAuthInfo,
+HTTPStatus::EOk,
+EStatusCodeHandler,
+filterName );
+//Regsiter for THTTPEvent::EGotResponseHeaders http event with "WWW-Authenticate" header
+//and HTTPStatus::EUnauthorized http status code
+//The priority for this is set to MHTTPFilter::EStatusCodeHandler - 1,
+//so the gba filter intercepts the transaction before the default
+//http digest authentication filter(which has priority MHTTPFilter::EStatusCodeHandler).
+aSession.FilterCollection().AddFilterL( *this,
+											THTTPEvent::EGotResponseHeaders,	// Any transaction event
+											iStringPool.StringF(HTTP::EWWWAuthenticate,RHTTPSession::GetTable()),
+											HTTPStatus::EUnauthorized,
+											MHTTPFilter::EStatusCodeHandler - 1,	  // Priority of filter
+											filterName );						      // Name of filter
+	CleanupStack::PopAndDestroy( &filterName );
+	//Check if the "user agent" header field in http session headers has "3gpp-gba" string in it.
+	//If it does n't have "3gpp-gba" string,append  it to the existing value.
+TBool found = EFalse;
+TPtrC8 rawFieldData;
+RHTTPHeaders sessionHeaders = aSession.RequestSessionHeadersL();
+RStringF sessionHeaderfieldname = aSession.StringPool().StringF( HTTP::EUserAgent, RHTTPSession::GetTable());
+sessionHeaders.GetRawField(sessionHeaderfieldname, rawFieldData);
+found = rawFieldData.Find(iUserAgent.DesC()) != KErrNotFound;
+if(!found)
+sessionHeaders.SetFieldL( sessionHeaderfieldname, iUserAgent );
+iMD5Calculator = CMD5::NewL();
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::ConstructL--"));
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::~CHTTPFilterGBA
+// Destructor
+//------------------------------------------------------------------------
+//
+CHTTPFilterGBA::~CHTTPFilterGBA()
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::~CHTTPFilterGBA++"));
+	CleanupAll();
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::~CHTTPFilterGBA--"));
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFLoad
+//------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::MHFLoad(RHTTPSession, THTTPFilterHandle)
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFLoad"));
+	++iLoadCount;
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFUnload
+//------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::MHFUnload(RHTTPSession , THTTPFilterHandle)
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFUnload++"));
+__ASSERT_DEBUG( iLoadCount >= 0, PanicGBAHttpFilters() );
+	if (--iLoadCount)
+	{
+		return;
+	}
+	delete this;
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFUnload--"));
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFRunL
+// See MHTTPFilterBase::MHFRunL
+//------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::MHFRunL(RHTTPTransaction aTransaction, const THTTPEvent& aEvent)
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFRunL++"));
+	GBA_TRACE_DEBUG_NUM(("MHFRunL Event %d"), aEvent.iStatus );
+	if (aEvent.iUID != KHTTPUid)
+		return;
+	switch(aEvent.iStatus)
+	{
+		case THTTPEvent::ESubmit:
+		{
+			DoSubmitL(aTransaction);
+		}
+		break;
+		case THTTPEvent::EGotResponseHeaders:
+		{
+			// Get HTTP status code from header (e.g. 200)
+			RHTTPResponse resp = aTransaction.Response();
+			TInt status = resp.StatusCode();
+			GBA_TRACE_DEBUG_NUM(("MHFRunL staus code %d"), status );
+			// Get status text (e.g. "OK")
+			TBuf<KStatusTextLength512> statusText;
+			statusText.Copy(resp.StatusText().DesC());
+			GBA_TRACE_DEBUG(("status text:"));
+			GBA_TRACE_DEBUG(statusText);
+			CheckHeadersL( aTransaction );
+		}
+		break;
+		case THTTPEvent::EGotResponseBodyData:
+		{
+GBA_TRACE_DEBUG(("Event: EGotResponseBodyData"));
+		}
+		break;
+		case THTTPEvent::EResponseComplete:
+		{
+GBA_TRACE_DEBUG(("Event: EResponseComplete"));
+			Cleanup( aTransaction );
+		}
+		break;
+		case THTTPEvent::EFailed:
+		{
+GBA_TRACE_DEBUG(("Event: EFailed"));
+			Cleanup( aTransaction );
+		}
+		default:
+		{
+GBA_TRACE_DEBUG_NUM(("Unknow Event: ID - %d" ), aEvent.iStatus );
+		}
+		break;
+	}
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFRunL--"));
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFRunError
+// See MHTTPFilterBase::MHFRunError
+//------------------------------------------------------------------------
+//
+TInt CHTTPFilterGBA::MHFRunError(TInt /*aError*/, RHTTPTransaction aTransaction, const THTTPEvent& )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFRunError++"));
+	TInt error = 0;
+	// map aError to global error message
+	// pass the errorcode forward
+	THTTPEvent httpEvent(error);
+	TRAP_IGNORE(aTransaction.SendEventL(httpEvent, THTTPEvent::EIncoming, THTTPFilterHandle::ECurrentFilter ));
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFRunError--"));
+	return KErrNone;
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFSessionRunL
+// See MHTTPFilterBase::MHFSessionRunL
+//------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::MHFSessionRunL(const THTTPSessionEvent& )
+{
+	// do nothing
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::MHFSessionRunL
+// See MHTTPFilterBase::MHFSessionRunL
+//------------------------------------------------------------------------
+//
+TInt CHTTPFilterGBA::MHFSessionRunError(TInt aError, const THTTPSessionEvent& )
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::MHFSessionRunError"));
+	// session problem, need to close GBA engine
+	return aError;
+}
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::DumpResponseHeadersL
+// Dump the response headers to LOG file
+//------------------------------------------------------------------------
+//
+#if defined (_DEBUG)
+void CHTTPFilterGBA::DumpResponseHeadersL( RHTTPResponse& aResponse )
+{
+	GBA_TRACE_DEBUG("Dump the header...");
+	RHTTPHeaders headers = aResponse.GetHeaderCollection();
+	THTTPHdrFieldIter it = headers.Fields();
+	while( it.AtEnd() == EFalse )
+	{
+RStringTokenF fieldName = it();
+RStringF fieldNameStr = iStringPool.StringF (fieldName );
+THTTPHdrVal fieldVal;
+TInt fieldParts = 0; // For the case if next the call fails.
+TRAP_IGNORE( fieldParts =  headers.FieldPartsL( fieldNameStr ) );
+		// dump the first part of  a  header field
+		for ( TInt ii = 0; ii < fieldParts; ii++ )
+		{
+			if( headers.GetField( fieldNameStr, ii, fieldVal ) == KErrNone )
+			{
+				const TDesC8& fieldNameDesC = fieldNameStr.DesC();
+				GBA_TRACE_DEBUG(" : ");
+GBA_TRACE_DEBUG(fieldNameDesC);
+				switch( fieldVal.Type() )
+				{
+				case THTTPHdrVal::KTIntVal:
+					{
+						GBA_TRACE_DEBUG_NUM(("%d"), fieldVal.Int() );
+					}
+					break;
+				case THTTPHdrVal::KStrFVal:
+					{
+						RStringF fieldValStr = iStringPool.StringF( fieldVal.StrF() );
+						const TDesC8& fieldValDesC = fieldValStr.DesC();
+GBA_TRACE_DEBUG(fieldValDesC);
+					}
+					break;
+				case THTTPHdrVal::KStrVal:
+					{
+						RString fieldValStr = iStringPool.String( fieldVal.Str() );
+						const TDesC8& fieldValDesC = fieldValStr.DesC();
+						GBA_TRACE_DEBUG(fieldValDesC);
+					}
+					break;
+				case THTTPHdrVal::KDateVal:
+					{
+						TDateTime date = fieldVal.DateTime();
+						TBuf<KStatusTextLength512> dateTimeString;
+						TTime t( date );
+						t.FormatL( dateTimeString, KDateFormat );
+						TBuf8<KStatusTextLength512> dtStr;
+						dtStr.Copy( dateTimeString.Left( 128 ) );
+						GBA_TRACE_DEBUG(dtStr);
+					}
+					break;
+				case THTTPHdrVal::KNoType:
+				default:
+					{
+					GBA_TRACE_DEBUG("Unrecognized value type");
+					}
+					break;
+				}
+			}
+		}
+		++it;
+	}
+	GBA_TRACE_DEBUG("Header is Dumped already");
+}
+#endif
+//------------------------------------------------------------------------
+// CHTTPFilterGBA::CheckHeadersL
+// Check HTTP headers and extract MIME type
+//------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::CheckHeadersL(  RHTTPTransaction& aTrans )
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::CheckHeadersL++"));
+	// read the header data and check the MIME type here
+	// check the status and body
+	RHTTPResponse response = aTrans.Response();
+	TInt status = response.StatusCode();
+	#if defined (_DEBUG)
+	DumpResponseHeadersL( response );
+	#endif
+	THTTPHdrVal fieldVal;
+	// check if status == 401 and realm is 3GPP then we need to bootstrap, if we are already bootstrappign this is the second call
+	if(  status == HTTPStatus::EUnauthorized )
+	{
+	    TInt headerPart = FindHeaderPartToUseL(aTrans);
+if( headerPart == KErrNotFound )
+return;
+	    THTTPHdrVal headerVal;
+TInt cred = KErrNotFound;
+	    if( aTrans.PropertySet().Property( iRealmStr, headerVal ) )
+	    	cred = DFindCredentials( headerVal, aTrans.Request().URI() );
+	    RStringF wwwAuthHeader = iStringPool.StringF(HTTP::EWWWAuthenticate,RHTTPSession::GetTable());
+	    RHTTPHeaders headers(aTrans.Response().GetHeaderCollection());
+	    RString realm;
+	    THTTPHdrVal hdrVal;
+	    if (!headers.GetParam(wwwAuthHeader, iStringPool.StringF(HTTP::ERealm,RHTTPSession::GetTable()),
+				  hdrVal, headerPart))
+	    {
+			realm = hdrVal;
+			const TDesC8& val = realm.DesC();
+			if(val.FindF(K3GPPRealmString) == 0)
+			{
+				GBA_TRACE_DEBUG(("3GPP-Bootstrapping realm detected...\n"));
+	            THTTPHdrVal authTypeParam;
+	            if ( headers.GetField( wwwAuthHeader, headerPart, authTypeParam ) == KErrNone )
+	                // we need to store realm, opaque, nonce and qop values to
+	                // use them when resubmitting the request
+	                {
+	                THTTPHdrVal algorithmVal;
+	                THTTPHdrVal nonceVal;
+	                THTTPHdrVal realmVal;
+	                THTTPHdrVal opaqueVal;
+	                THTTPHdrVal staleVal;
+	                TInt algVal( EAlgUnknown );
+	                TInt authVal( EQopNone );
+	                aTrans.PropertySet().RemoveProperty( iNonceStr );
+	                aTrans.PropertySet().RemoveProperty( iRealmStr );
+	                aTrans.PropertySet().RemoveProperty( iOpaqueStr );
+	                aTrans.PropertySet().RemoveProperty( iQopStr );
+	                aTrans.PropertySet().RemoveProperty( iStaleStr );
+	                if( !headers.GetParam( wwwAuthHeader,
+	                                      iStringPool.StringF( HTTP::EAlgorithm,
+	                                                      RHTTPSession::GetTable() ),
+	                                      algorithmVal,
+	                                      headerPart ) )
+	                    {
+	                    if( !algorithmVal.Str().DesC().CompareF( iMd5Str.DesC() ) )
+	                        {
+	                        algVal = EAlgMd5;
+	                        }
+	                    else if( !algorithmVal.Str().DesC().CompareF( iMd5SessStr.DesC() ) )
+	                        {
+	                        algVal = EAlgMd5Sess;
+	                        }
+	                    }
+	                authVal = CheckQop( headers, wwwAuthHeader, headerPart );
+	                headers.GetParam( wwwAuthHeader, iNonceStr, nonceVal, headerPart );
+	                headers.GetParam( wwwAuthHeader, iRealmStr, realmVal, headerPart );
+	                headers.GetParam( wwwAuthHeader, iOpaqueStr, opaqueVal, headerPart );
+	                headers.GetParam( wwwAuthHeader, iStaleStr, staleVal, headerPart );
+	                if( ( authVal & EQopAuth || authVal == EQopNone )
+	                    && nonceVal.Type() == THTTPHdrVal::KStrVal
+	                    && realmVal.Type() == THTTPHdrVal::KStrVal )
+	                    {
+	                    aTrans.PropertySet().SetPropertyL( iNonceStr, nonceVal );
+	                    aTrans.PropertySet().SetPropertyL( iRealmStr, realmVal );
+	                    // Opaque
+	                    if( opaqueVal.Type() == THTTPHdrVal::KStrVal )
+	                        {
+	                        aTrans.PropertySet().SetPropertyL( iOpaqueStr, opaqueVal );
+	                        }
+	                    // Qop
+	                    aTrans.PropertySet().SetPropertyL( iQopStr, authVal );
+	                    // Algorithm
+	                    aTrans.PropertySet().SetPropertyL( iStringPool.StringF( HTTP::EAlgorithm,
+	                                                              RHTTPSession::GetTable() ),
+	                                                              algVal );
+	                    _LIT8( KTrue, "TRUE" );
+	                    if( staleVal.Type() == THTTPHdrVal::KStrVal
+	                        && !staleVal.Str().DesC().CompareF( KTrue ) )
+	                        // stale is true -> nonce expired
+	                        {
+GBA_TRACE_DEBUG(("Stale found"));
+	                        // update nonce value
+	                        TDCredentials& creds = iDCredentials[cred];
+	                        iStringPool.String( creds.iNonce ).Close();
+	                        creds.iNonce = nonceVal.Str().Copy();
+	                        // indicate to engine that no uname/pwd dialog needed
+	                        staleVal.SetInt( 1 );
+	                        aTrans.PropertySet().SetPropertyL( iStaleStr, staleVal );
+	                        }
+	                    }
+	                }
+	 				RHTTPTransactionPropertySet propSet = aTrans.PropertySet();
+	                THTTPHdrVal staleVal;
+					// don't show the uname&pwd dialog
+	                staleVal.SetInt( 1 );
+	                propSet.SetPropertyL( iStaleStr, staleVal );
+	                // if we are already bootstrapping results will be retrieved when request is resubmitted
+	                GBA_TRACE_DEBUG(("Do Bootstrap\n"));
+	                // start bootstrap process
+	                if(!iGbaUtility)
+	                    {
+	                    iGbaUtility = CGbaUtility::NewL(*this);
+	                    //setbsf address required only for testing purpose
+	                    if(iBsfAddress.Size())
+	                        {
+iGbaUtility->SetBSFAddress(iBsfAddress);
+	                        }
+	                    }
+	                // obtain NAF FQDN from URI
+	                iGbaInputParams.iNAFName.Copy(aTrans.Request().URI().UriDes());
+	                iGbaInputParams.iUICCLabel.Copy(iUICCLabel);
+	                iGbaInputParams.iProtocolIdentifier.Copy(iProtocolIdentifier);
+	                //iBootstrapCount == 0  - soft bootstrapp - get cradentials from gba cache
+	                //iBootstrapCount == 1  - force bootstrapp - get cradentials from BSF server
+	                //iBootstrapCount > 1  need to cancel http transaction to break out of the UE-NAF communication loop
+	                if(iBootstrapCount == 0){
+	                iGbaInputParams.iFlags = EGBADefault;
+GBA_TRACE_DEBUG(("iCredentials.Flags = EGBADefault"));
+	                }
+	                else if(iBootstrapCount == 1){
+	                iGbaInputParams.iFlags = EGBAForce;
+GBA_TRACE_DEBUG(("iCredentials.Flags = EGBAForce"));
+	                }
+	                else{
+GBA_TRACE_DEBUG(("iCredentials.Flags"));
+iBootstrapCount = 0;
+return;
+	                }
+	                //Default accesspoint will be used - iAPID = -1
+	                iGbaInputParams.iAPID = -1;
+	                //Cancel the transaction
+	                aTrans.Cancel();
+	                // fetch credentials from bootstrapper
+	                iGbaUtility->Bootstrap(iGbaInputParams, iGbaOutputParams);
+	                iBootstrapCount++;
+	                iBootstrapPending = ETrue;
+	                if(!iBootstrapWait.IsStarted())
+	                    {
+iBootstrapWait.Start();
+	                    }
+	                if( iHaveGbaBootstrapCredentials )
+	                    {
+GBA_TRACE_DEBUG(("Have stored credentials"));
+RHTTPTransactionPropertySet propSet = aTrans.PropertySet();
+GBA_TRACE_DEBUG(("BTID:"));
+GBA_TRACE_DEBUG(iGbaOutputParams.iBTID);
+// Encodes the KNAF to generate a password
+TImCodecB64 b64coder;
+TBuf8<KB64KeySize> keyBase64;
+b64coder.Initialise();
+b64coder.Encode( iGbaOutputParams.iKNAF, keyBase64 );
+RString username = iStringPool.OpenStringL( iGbaOutputParams.iBTID );
+CleanupClosePushL<RString>( username );
+RString password = iStringPool.OpenStringL( keyBase64 );
+CleanupClosePushL<RString>( password );
+propSet.SetPropertyL( iUsernameStr, username );
+propSet.SetPropertyL( iPasswordStr, password );
+CleanupStack::PopAndDestroy(&password);
+CleanupStack::PopAndDestroy(&username);
+// Re-submit the http request with much needed credentials
+aTrans.SubmitL();
+}
+	                else
+	                    {
+//Since bootstrapping failed,Do not have to resubmit the http request ?
+return;
+}
+			}
+	    }
+		}
+	if( status == HTTPStatus::EOk && iGbaUtility){
+		// if we have bootstrapped, it seems that we have succeeded
+		iBootstrapCount = 0;
+	}
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::CheckHeadersL--"));
+}
+void CHTTPFilterGBA::DoSubmitL( RHTTPTransaction aTransaction )
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::DoSubmitL++"));
+// always add 3gpp-gba into user-agent field in headers,
+// THIS CAN BE REMOVED WHEN GBA IS ADDED INTO THE CATALOG OF THE DEVICE
+// WHICH IS STATIC.
+	RHTTPHeaders hdr = aTransaction.Request().GetHeaderCollection();
+	RStringF fieldname = aTransaction.Session().StringPool().StringF(HTTP::EUserAgent,RHTTPSession::GetTable());
+	TBool found = EFalse;
+	TPtrC8 rawFieldData;
+	hdr.GetRawField(fieldname, rawFieldData);
+	found = rawFieldData.Find(iUserAgent.DesC()) != KErrNotFound;
+	//Append "3gpp-gba" string to the "user agent" transaction header field only when,
+	//http transaction user agent header field has been set already(rawFieldData.Size() > 0) by an application,
+	//which opened the http transaction and also
+	//the transaction user agent header field value does not have "3gpp-gba" string in it.
+	if(!found && rawFieldData.Size())
+	    hdr.SetFieldL(fieldname, iUserAgent);
+TInt cred = KErrNotFound;
+//iHaveGbaBootstrapCredentials - ETrue ,when the GBA bootstrapping is completed successfully
+if( iHaveGbaBootstrapCredentials )
+{
+// Get credentials from URI, only for wwwAuthenticate
+// If there are credentials in the transaction properties, add them to the list
+DGetCredentialsFromPropertiesL( aTransaction );
+// just in case we always remove stale value from properties
+aTransaction.PropertySet().RemoveProperty( iStaleStr );
+// If we have credentials for this URL, add them
+cred = DFindCredentialsForURI( aTransaction.Request().URI() );
+if ( cred != KErrNotFound )
+{
+EncodeDigestAuthL( cred, aTransaction );
+}
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DoSubmitL--"));
+}
+//-----------------------------------------------------------------------------
+// CHTTPFilterGBA::Cleanup
+// Cleanup the resource related with a transaction
+//-----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::Cleanup( const RHTTPTransaction& /*aTrans*/ )
+{
+}
+//-----------------------------------------------------------------------------
+// CHTTPFilterGBA::CleanupAll
+// Cleanup all the GBA transactions, in case a session error happens or a session
+// is closed.
+//-----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::CleanupAll()
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::CleanupAll++"));
+	while(TInt i = iDCredentials.Count())
+	{
+		DRemoveCredentialsFromList(i-1);
+	}
+	iQopAuthStr.Close();
+	iMd5SessStr.Close();
+	iMd5Str.Close();
+	iAuthInfo.Close();
+	iUserAgent.Close();
+delete iMD5Calculator;
+iMD5Calculator = NULL;
+delete 	iGbaUtility;
+iGbaUtility = NULL;
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::CleanupAll--"));
+}
+TInt CHTTPFilterGBA::FindHeaderPartToUseL(RHTTPTransaction aTransaction) const
+{
+// There may be several different authentication fields. We need
+// to chose the strongest one we understnad. Currently, we only
+// support 2, Basic and Digest, and Digest is the strongest
+// assuming there is a qop that we can accept. Therefore, we keep
+// track of the last good basic one we found, and return the
+// moment we find an acceptable digest one.
+// While we're here, we check that all desired fields are there.
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::FindHeaderPartToUseL++"));
+RStringF wwwAuthenticate = iStringPool.StringF(HTTP::EWWWAuthenticate,RHTTPSession::GetTable());
+RStringF realm = iStringPool.StringF(HTTP::ERealm,RHTTPSession::GetTable());
+RStringF nonce = iStringPool.StringF(HTTP::ENonce,RHTTPSession::GetTable());
+RStringF qop   = iStringPool.StringF(HTTP::EQop,RHTTPSession::GetTable());
+TInt lastGoodBasic = KErrNotFound;
+RHTTPHeaders headers = aTransaction.Response().GetHeaderCollection();
+const TInt parts = headers.FieldPartsL(wwwAuthenticate);
+GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL part no:1 = %d"), parts );
+for (TInt ii = 0; ii < parts; ii++)
+{
+	THTTPHdrVal fieldVal;// The name of the current field.
+	THTTPHdrVal hdrVal;//A scratch hdrVal
+	headers.GetField(wwwAuthenticate, ii, fieldVal);
+	TInt x = fieldVal.StrF().Index(RHTTPSession::GetTable());
+	GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL part no:1 = %d"), x );
+	switch (fieldVal.StrF().Index(RHTTPSession::GetTable()))
+	{
+	    case HTTP::EDigest:
+	    	{
+	    	GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL realm  = %d"), headers.GetParam(wwwAuthenticate, realm, hdrVal, ii) );
+	    	GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL nonce  = %d"), headers.GetParam(wwwAuthenticate, nonce, hdrVal, ii) );
+			if (headers.GetParam(wwwAuthenticate, realm, hdrVal, ii) ==
+			    KErrNone &&
+			    headers.GetParam(wwwAuthenticate, nonce, hdrVal, ii) ==
+			    KErrNone)
+			{
+				GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL qop  = %d"), headers.GetParam(wwwAuthenticate, qop, hdrVal, ii) );
+			    // We've got a realm and a nonce. If there's a qop, we
+			    // need to check it's acceptable.
+			    if (headers.GetParam(wwwAuthenticate, qop, hdrVal, ii) !=
+				KErrNone || FindAuth(hdrVal.Str().DesC()))
+			    	{
+			    	GBA_TRACE_DEBUG_NUM((" FindHeaderPartToUseL part no = %d"), ii );
+			    	return ii;
+			    	}
+			}
+	    	}
+		break;
+	    default:
+		// We don't understand this, whatever it is. Ignore it.
+		break;
+	}
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::FindHeaderPartToUseL--"));
+return lastGoodBasic;
+}
+TBool CHTTPFilterGBA::FindAuth(const TDesC8& aQop) const
+{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::FindAuth++"));
+TPtrC8 tokens = aQop;
+TPtrC8 token;
+const TDesC8& auth = iStringPool.StringF(HTTP::EAuth,RHTTPSession::GetTable()).DesC();
+TInt len;
+do
+{
+	len = tokens.Locate(',');
+	if(len == -1)
+		len = tokens.Length();
+	token.Set(tokens.Ptr(),len);
+		if (token.Compare(auth) == 0)
+		{
+		    return ETrue;
+	}
+	tokens.Set(tokens.Ptr()+len);
+}  while(tokens.Length());
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::FindAuth--"));
+return EFalse;
+}
+void CHTTPFilterGBA::EncodeDigestAuthL( TInt aCred, RHTTPTransaction aTransaction )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::EncodeDigestAuthL++"));
+	// For now, only support RFC2069 format. The digest is
+	// MD5(H(A1):nonce:H(A2))
+	TBuf8<KHashLength> hash;
+TBuf8<KNonceCountLength> nonceCount;
+TDCredentials cred = iDCredentials[aCred];
+THTTPHdrVal nonce( iStringPool.String( cred.iNonce ) );
+THTTPHdrVal realm( iStringPool.String( cred.iRealm ) );
+THTTPHdrVal qop;
+THTTPHdrVal uname( iStringPool.String( cred.iUser ) );
+THTTPHdrVal password( iStringPool.String( cred.iPassword ) );
+THTTPHdrVal opaque( iStringPool.String( cred.iOpaque ) );
+if( cred.iQop & EQopAuth )
+// recent release supports only qop 'auth'.
+{
+qop.SetStrF( iQopAuthStr );
+}
+	THTTPHdrVal requestUri;
+// we get url from request and modify as made in chttpclienthandler.cpp
+RString uriStr = RequestUriL( aTransaction );
+CleanupClosePushL<RString>( uriStr );
+	requestUri.SetStr( uriStr );
+	HBufC8* stringToHash = NULL;
+	RStringF auth = iStringPool.StringF(HTTP::EAuth,RHTTPSession::GetTable());
+	TBuf8<KHashLength> cnonce;
+	if ( cred.iQop != EQopNone )
+		{
+GenerateCNonce( cnonce );
+// 7 is for colons
+// 8 for nc-value
+stringToHash = HBufC8::NewMaxLC( KHashLength +  // H(A1)
+1 +    // ":"
+nonce.Str().DesC().Length() +
+1 +    // ":"
+KIntegerConstant8 +    // nc value
+1 +    // ":"
+KHashLength +  // cnonce
+1 +    // ":"
+										 qop.StrF().DesC().Length() +
+1 +    // ":"
+										 KHashLength ); // H(A2)
+		TPtr8 stringMod = stringToHash->Des();
+		stringMod.Zero();
+		HAOneL( cred.iAlgorithm, uname, password, realm.Str(), nonce, cnonce, stringMod );
+		stringMod.Append(':');
+		stringMod.Append(nonce.Str().DesC());
+// nc value
+		stringMod.Append(':');
+++cred.iNc;
+// nc value is of 8 chars length and in hexadecimal format
+nonceCount.NumFixedWidth( cred.iNc, EHex, KIntegerConstant8 );
+		stringMod.Append( nonceCount );
+		stringMod.Append(':');
+		stringMod.Append(cnonce);
+		stringMod.Append(':');
+		stringMod.Append(auth.DesC());
+		stringMod.Append(':');
+		HATwoL(aTransaction.Request().Method(), requestUri.Str(), hash);
+		stringMod.Append(hash);
+		}
+	else
+		{
+		// The response is the hash of H(A1):nonce:H(A2).
+		// Crqeate a buffer for the string to convert into MD5. The
+		// length is 32 characters for each of the hashes, 2
+		// characters for the 2 colons, plus the length of the nonce
+		stringToHash = HBufC8::NewMaxLC(nonce.Str().DesC().Length() +
+												 2 * KHashLength + 2);
+		TPtr8 stringMod = stringToHash->Des();
+		stringMod.Zero();
+		HAOneL( cred.iAlgorithm, uname, password, realm.Str(), nonce, cnonce, stringMod );
+		stringMod.Append(':');
+		stringMod.Append(nonce.Str().DesC());
+		stringMod.Append(':');
+		HATwoL(aTransaction.Request().Method(), requestUri.Str(), hash);
+		stringMod.Append(hash);
+		}
+	Hash(*stringToHash, hash);
+	CleanupStack::PopAndDestroy(stringToHash);
+	// OK. hash now contains the digest response. Set up the header.
+	RHTTPHeaders requestHeaders(aTransaction.Request().GetHeaderCollection());
+	requestHeaders.RemoveField(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()));
+	requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+							 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+							 iStringPool.StringF(HTTP::EUsername,RHTTPSession::GetTable()),
+							 uname);
+	requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+							 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+							 iStringPool.StringF(HTTP::ERealm,RHTTPSession::GetTable()),
+							 realm);
+	requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+							 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+							 iStringPool.StringF(HTTP::ENonce,RHTTPSession::GetTable()),
+							 nonce);
+	RString hashStr = iStringPool.OpenStringL(hash);
+	CleanupClosePushL<RString>(hashStr);
+	THTTPHdrVal hdrVal;
+hdrVal.SetStr(hashStr);
+	requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+							 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+							 iStringPool.StringF(HTTP::EResponse,RHTTPSession::GetTable()),
+							 hdrVal);
+	requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+							 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+							 iStringPool.StringF(HTTP::EUri,RHTTPSession::GetTable()),
+							 requestUri);
+	CleanupStack::PopAndDestroy(&hashStr);
+	if ( cred.iQop != EQopNone )
+		{
+// QOP
+		hdrVal.SetStrF( auth );
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::EQop,RHTTPSession::GetTable()),
+								 hdrVal);
+		RString cnonceString = iStringPool.OpenStringL(cnonce);
+// CNonce
+		CleanupClosePushL<RString>( cnonceString );
+		hdrVal.SetStr(cnonceString);
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::ECnonce,RHTTPSession::GetTable()),
+								 hdrVal);
+		CleanupStack::PopAndDestroy( &cnonceString );
+// Nonce-count
+RString nonceStr = iStringPool.OpenStringL( nonceCount );
+CleanupClosePushL<RString>( nonceStr );
+		hdrVal.SetStr( nonceStr );
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::ENc,RHTTPSession::GetTable()),
+								 hdrVal);
+CleanupStack::PopAndDestroy( &nonceStr );
+		}
+	if(  opaque.Str().DesC().Length() )
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::EOpaque,RHTTPSession::GetTable()),
+								 opaque );
+if( cred.iAlgorithm == EAlgMd5 )
+{
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::EAlgorithm,RHTTPSession::GetTable()),
+								 iMd5Str );
+}
+else if( cred.iAlgorithm == EAlgMd5Sess )
+{
+		requestHeaders.SetFieldL(iStringPool.StringF(HTTP::EAuthorization,RHTTPSession::GetTable()),
+								 THTTPHdrVal(iStringPool.StringF(HTTP::EDigest,RHTTPSession::GetTable())),
+								 iStringPool.StringF(HTTP::EAlgorithm,RHTTPSession::GetTable()),
+								 iMd5SessStr );
+}
+// set it again
+// this may be needed if auth. fails and stale is true.
+aTransaction.PropertySet().SetPropertyL( iRealmStr, realm );
+CleanupStack::PopAndDestroy( &uriStr );
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::EncodeDigestAuthL--"));
+}
+void CHTTPFilterGBA::DAddCredentialsToListL( RString aUsernameStr,
+RString aPasswordStr,
+RString aRealmStr,
+RStringF aUriStr,
+RString aOpaque,
+RString aNonce,
+TInt aQop,
+TInt aAuthAlg )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DAddCredentialsToListL++"));
+GBA_TRACE_DEBUG("uname: ");
+GBA_TRACE_DEBUG(aUsernameStr.DesC());
+GBA_TRACE_DEBUG("pwd: ");
+GBA_TRACE_DEBUG(aPasswordStr.DesC());
+GBA_TRACE_DEBUG("realm: ");
+GBA_TRACE_DEBUG(aRealmStr.DesC());
+GBA_TRACE_DEBUG("uri: ");
+GBA_TRACE_DEBUG(aUriStr.DesC());
+GBA_TRACE_DEBUG_NUM(("qop: %d"), aQop );
+GBA_TRACE_DEBUG_NUM(("alg: %d"), aAuthAlg );
+TDCredentials newCred;
+newCred.iUser = aUsernameStr;
+newCred.iPassword = aPasswordStr;
+newCred.iRealm = aRealmStr;
+newCred.iURI = aUriStr;
+newCred.iOpaque = aOpaque;
+newCred.iNonce = aNonce;
+newCred.iQop = aQop;
+newCred.iAlgorithm = aAuthAlg;
+newCred.iNc = 0;
+User::LeaveIfError( iDCredentials.Append( newCred ) );
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DAddCredentialsToListL--"));
+}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::HAOneL
+// Calculates H(A1)
+// -----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::HAOneL(int aAlgorithm,
+const RString& aUsername,
+const RString& aPW,
+								           const RString& aRealm,
+const RString& aNonceValue,
+TDesC8& aCNonce,
+TDes8& aResult )
+	{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::HAOneL++"));
+TBuf8<KHashLength> hash;
+	HBufC8* a1 = HBufC8::NewMaxL(aUsername.DesC().Length() +
+								 aPW.DesC().Length() +
+								 aRealm.DesC().Length() + 2 );
+	TPtr8 a1Mod = a1->Des();
+	a1Mod.Zero();
+	a1Mod.Append( aUsername.DesC() );
+	a1Mod.Append( KColon );
+	a1Mod.Append( aRealm.DesC() );
+	a1Mod.Append( KColon );
+	a1Mod.Append( aPW.DesC() );
+	GBA_TRACE_DEBUG("a1 first hash material");
+	GBA_TRACE_DEBUG(*a1);
+	Hash( *a1, hash );
+	GBA_TRACE_DEBUG("a1 first hash");
+	GBA_TRACE_DEBUG(hash);
+delete a1;
+a1 = NULL;
+if( aAlgorithm == EAlgMd5Sess )
+{
+	    a1 = HBufC8::NewMaxL( KHashLength +
+1 +  // ":"
+aNonceValue.DesC().Length() +
+1 +  // ":"
+							   aCNonce.Length() );
+	    TPtr8 a1Mod = a1->Des();
+	    a1Mod.Zero();
+a1Mod.Append( hash );
+a1Mod.Append( KColon );
+a1Mod.Append( aNonceValue.DesC() );
+a1Mod.Append( KColon );
+a1Mod.Append( aCNonce );
+GBA_TRACE_DEBUG("a1 final hash material");
+GBA_TRACE_DEBUG(*a1);
+	    Hash(*a1, aResult);
+GBA_TRACE_DEBUG("a1 final hash");
+GBA_TRACE_DEBUG(hash);
+	    delete a1;
+a1 = NULL;
+}
+else
+{
+aResult.Copy( hash );
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::HAOneL--"));
+	}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::HAtwoL
+// Calculates H(A2)
+// -----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::HATwoL(const RStringF& aMethod,
+								           const RString& aRequestUri,
+								           TDes8& aResult)
+	{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::HAtwoL++"));
+	// In the auth qop, a2 is Method:digest-uri-value
+	// Digest-uri-value. We don't support auth-int qop
+	// Allocate enough space for the method, the URI and the colon.
+	TPtrC8 requestUri = aRequestUri.DesC();
+	TPtrC8 method = aMethod.DesC();
+	HBufC8* a2 = HBufC8::NewMaxLC(requestUri.Length() + method.Length() + 1);
+	TPtr8 a2Mod = a2->Des();
+	a2Mod.Zero();
+	a2Mod.Append(method);
+	a2Mod.Append(':');
+	a2Mod.Append(requestUri);
+GBA_TRACE_DEBUG("a2 final hash material");
+GBA_TRACE_DEBUG(*a2);
+	Hash(*a2, aResult);
+GBA_TRACE_DEBUG("a2 final hash");
+GBA_TRACE_DEBUG(aResult);
+	CleanupStack::PopAndDestroy(a2);
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::HAtwoL--"));
+	}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::Hash
+// Calculates hash value
+// -----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::Hash(const TDesC8& aMessage, TDes8& aHash)
+	{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::Hash++"));
+	// Calculate the 128 bit (16 byte) hash
+	iMD5Calculator->Reset();
+	TPtrC8 hash = iMD5Calculator->Hash( aMessage );
+	// Now print it as a 32 byte hex number
+	aHash.Zero();
+	_LIT8(formatStr, "%02x");
+	for (TInt ii = 0; ii < KRawHashLength; ii++)
+		{
+		TBuf8<2> scratch;
+		scratch.Zero();
+		scratch.Format( formatStr, hash[ii] );
+		aHash.Append( scratch );
+		}
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::Hash--"));
+	}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::GenerateCNonce
+// Generate unique cnonce value.
+// -----------------------------------------------------------------------------
+//
+void CHTTPFilterGBA::GenerateCNonce(TDes8& aNonce)
+	{
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::GenerateCNonce++"));
+	// 'Inspired by' CObexAuthenticator
+	// The purpose of the client nonce is to protect against 'chosen
+	// plaintext' attacks where a hostile server tricks the client
+	// into supplying a password using a specific server nonce that
+	// allows an (as yet undiscovered) flaw in MD5 to recover the
+	// password. As such the only important thing about client nonces
+	// is that they change and aren't predictable. See section 4.9 of
+	// RFC2616
+	TTime time;
+	time.UniversalTime();
+	TInt64 randomNumber = Math::Rand(iSeed);
+	randomNumber <<= KIntegerConstant32;
+	randomNumber += Math::Rand(iSeed);
+	TBuf8<KIntegerConstant33> key;
+	key.Zero();
+	key.AppendNum(time.Int64(), EHex);
+	key.Append(_L8(":"));
+	key.AppendNum(randomNumber, EHex);
+	Hash(key, aNonce);
+	GBA_TRACE_DEBUG(("CHTTPFilterGBA::GenerateCNonce--"));
+	}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::RequestUriLC
+// Returns requested URI in form that can be used in uri field.
+// This code comes from
+// Application-protocols/http/httpclient/chttpclienthandler.cpp.
+// -----------------------------------------------------------------------------
+//
+RString CHTTPFilterGBA::RequestUriL( RHTTPTransaction& aTransaction )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::RequestUriL++"));
+TBool useProxy( EFalse );
+THTTPHdrVal useProxyHdr;
+RStringF proxyUsage = iStringPool.StringF( HTTP::EProxyUsage, RHTTPSession::GetTable() );
+RHTTPRequest request = aTransaction.Request();
+const TUriC8& uri = request.URI();
+RStringF scheme = iStringPool.OpenFStringL( uri.Extract( EUriScheme ) );
+CleanupClosePushL<RStringF>( scheme );
+CUri8* uriToUse = CUri8::NewLC( uri );
+if( aTransaction.Session().ConnectionInfo().Property( proxyUsage, useProxyHdr ) )
+{
+	    // Is a proxy being used?
+useProxy = ( useProxyHdr.StrF().Index(RHTTPSession::GetTable()) == HTTP::EUseProxy );
+}
+	if( !useProxy || (useProxy && scheme.Index(RHTTPSession::GetTable()) == HTTP::EHTTPS ))
+		{
+		// Not going via a proxy - need to remove the scheme and authority parts
+		uriToUse->RemoveComponentL( EUriScheme );
+		uriToUse->RemoveComponentL( EUriHost );	// this also removes the userinfo + port
+		}
+RString uriStr = iStringPool.OpenStringL( uriToUse->Uri().UriDes()  );
+CleanupStack::PopAndDestroy( uriToUse );
+CleanupStack::PopAndDestroy( &scheme );
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::RequestUriL--"));
+return uriStr;
+}
+// -----------------------------------------------------------------------------
+// CHTTPFilterGBA::CheckQop
+//
+// -----------------------------------------------------------------------------
+//
+TInt CHTTPFilterGBA::CheckQop( RHTTPHeaders& aHeaders,
+RStringF& aWwwAuthHeader,
+TInt aHeaderPart )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::CheckQop++"));
+THTTPHdrVal qopVal;
+TInt retVal( EQopNone );
+if( !aHeaders.GetParam( aWwwAuthHeader, iQopStr, qopVal, aHeaderPart ) )
+{
+TPtrC8 qopBuf( qopVal.Str().DesC() );
+TPtrC8 qopValue;
+TInt comma;
+do
+{
+comma = qopBuf.Locate( ',' );
+if( comma != KErrNotFound )
+{
+qopValue.Set( qopBuf.Left(comma) );
+}
+else
+{
+qopValue.Set( qopBuf );
+}
+if( !qopValue.CompareF(iQopAuthStr.DesC()) )
+{
+retVal |= EQopAuth;
+}
+else if( !qopValue.CompareF(KQopAuthIntStr) )
+{
+retVal |= EQopAuthInt;
+}
+qopBuf.Set( qopBuf.Right(qopBuf.Length()-comma-1));
+}while( comma != KErrNotFound );
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::CheckQop--"));
+return retVal;
+}
+void CHTTPFilterGBA::DGetCredentialsFromPropertiesL( RHTTPTransaction& aTransaction )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DGetCredentialsFromPropertiesL++"));
+THTTPHdrVal usernameVal;
+THTTPHdrVal passwordVal;
+THTTPHdrVal realmVal;
+THTTPHdrVal nonceVal;
+THTTPHdrVal staleVal;
+const TUriC8& uri = aTransaction.Request().URI();
+RHTTPTransactionPropertySet propSet = aTransaction.PropertySet();
+TBool staleAvail = propSet.Property( iStaleStr, staleVal );
+if ( propSet.Property( iUsernameStr, usernameVal ) &&
+propSet.Property( iPasswordStr, passwordVal ) &&
+propSet.Property( iRealmStr, realmVal ) &&
+propSet.Property( iNonceStr, nonceVal )
+)
+// if stale is TRUE we don't need to update credential
+{
+TInt pushCounter( 0 );
+TInt cred = DFindCredentialsForURI( uri );
+if ( cred != KErrNotFound )
+{
+// Remove old credentials from the list
+DRemoveCredentialsFromList( cred );
+}
+TPtrC8 uriPathPtr( uri.UriDes() );
+if ( uriPathPtr.LocateReverse( '/' ) > 0 )
+{
+uriPathPtr.Set( uriPathPtr.Left( uriPathPtr.LocateReverse( '/' ) ) );
+}
+RStringF uriStr = iStringPool.OpenFStringL( uriPathPtr );
+CleanupClosePushL( uriStr );
+++pushCounter;
+THTTPHdrVal opaqueVal;
+RString opaqueStr;
+if( !propSet.Property( iOpaqueStr, opaqueVal ) )
+// this isn't a error case
+{
+opaqueStr = iStringPool.OpenStringL( KNullDesC8 );
+CleanupClosePushL<RString>( opaqueStr );
+++pushCounter;
+}
+else
+{
+opaqueStr = opaqueVal;
+}
+THTTPHdrVal qopVal;
+if( !propSet.Property( iQopStr, qopVal ) )
+// this isn't a error case
+{
+qopVal.SetInt( EQopNone );
+}
+THTTPHdrVal algVal;
+if( !propSet.Property( iStringPool.StringF( HTTP::EAlgorithm,
+RHTTPSession::GetTable() ), algVal) )
+{
+algVal.SetInt( EAlgUnknown );
+}
+// Add credentials to the list from the transaction's properties
+DAddCredentialsToListL( usernameVal.Str().Copy(),
+passwordVal.Str().Copy(),
+realmVal.Str().Copy(),
+uriStr.Copy(),
+opaqueStr.Copy(),
+nonceVal.Str().Copy(),
+qopVal.Int(),
+algVal.Int()
+);
+// this is not the traditional way to pop and destroy elements
+// but in this case this is the simplest one.
+CleanupStack::PopAndDestroy( pushCounter ); // [opaqueVal,]uriStr
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DGetCredentialsFromPropertiesL--"));
+}
+TInt CHTTPFilterGBA::DFindCredentialsForURI( const TUriC8& aURI )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DFindCredentialsForURI++"));
+// Check if any of the stored URIs are the beginning of the URI
+// we're trying now. If they are, we can immediately attempt to
+// re-use the existing credentials.
+_LIT8 ( KSchemeEnd, "://" );
+TInt count = iDCredentials.Count();
+for ( TInt cred = 0; cred < count; ++cred )
+{
+const TPtrC8& transDes = aURI.UriDes();
+const TPtrC8& credDes =
+iStringPool.StringF( iDCredentials[ cred ].iURI ).DesC();
+TPtrC8 transNoSchemePtr( transDes );
+TPtrC8 credNoSchemePtr( credDes );
+if ( transNoSchemePtr.Find( KSchemeEnd() ) > 0 )
+{
+transNoSchemePtr.Set( transNoSchemePtr.Mid( transNoSchemePtr.Find( KSchemeEnd ) ) );
+}
+if ( credNoSchemePtr.Find( KSchemeEnd() ) > 0 )
+{
+credNoSchemePtr.Set( credNoSchemePtr.Mid( credNoSchemePtr.Find( KSchemeEnd ) ) );
+}
+if ( transNoSchemePtr.Length() >= credNoSchemePtr.Length() )
+{
+// The URI is long enough, which is a good start.
+if ( transNoSchemePtr.Left( credNoSchemePtr.Length() ).Compare( credNoSchemePtr ) == 0 )
+{
+// The descriptors match. Things are looking good. In
+// the interests of paranoia, if we haven't matched
+// the entire URI, check that the character after the
+// match is '/'.
+if ( transNoSchemePtr.Length() == credNoSchemePtr.Length() )
+{
+GBA_TRACE_DEBUG_NUM("Found cred(1): %d", cred );
+GBA_TRACE_DEBUG("uri: ");
+GBA_TRACE_DEBUG(aURI.UriDes());
+return cred;
+}
+else if ( transNoSchemePtr[ credNoSchemePtr.Length() ] == '/' )
+{
+GBA_TRACE_DEBUG_NUM("Found cred(2): %d", cred );
+GBA_TRACE_DEBUG("uri: ");
+GBA_TRACE_DEBUG(aURI.UriDes());
+return cred;
+}
+}
+}
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DFindCredentialsForURI--"));
+return KErrNotFound;
+}
+void CHTTPFilterGBA::DRemoveCredentialsFromList( TInt aCredId )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DRemoveCredentialsFromList++"));
+GBA_TRACE_DEBUG_NUM("DRemoveCredentialsFromList: %d", aCredId );
+TDCredentials& creds = iDCredentials[ aCredId ];
+iStringPool.String( creds.iUser ).Close();
+iStringPool.String( creds.iPassword ).Close();
+iStringPool.StringF( creds.iURI ).Close();
+iStringPool.String( creds.iRealm ).Close();
+iStringPool.String( creds.iOpaque ).Close();
+iStringPool.String( creds.iNonce ).Close();
+iDCredentials.Remove( aCredId );
+iDCredentials.Close();
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DRemoveCredentialsFromList--"));
+}
+TInt CHTTPFilterGBA::DFindCredentials( const RString& aRealm,
+const TUriC8& aURI )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DFindCredentials++"));
+TInt count = iDCredentials.Count();
+for ( TInt cred = 0; cred < count; ++cred )
+{
+if ( iDCredentials[ cred ].iRealm == aRealm )
+{
+TUriParser8 parser;
+parser.Parse( iStringPool.StringF( iDCredentials[ cred ].iURI ).DesC() );
+if ( !parser.Compare( aURI, EUriHost ) &&
+( ( !parser.Compare( aURI, EUriPort ) )
+|| ( !parser.IsPresent( EUriPort ) &&
+!aURI.IsPresent( EUriPort ) ) ) )
+{
+GBA_TRACE_DEBUG_NUM("Found cred(3): %d", cred );
+return cred;
+}
+}
+}
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::DFindCredentials--"));
+return KErrNotFound;
+}
+void CHTTPFilterGBA::BootstrapComplete( TInt aError )
+{
+GBA_TRACE_DEBUG(("CHTTPFilterGBA::BootstrapComplete--"));
+if( aError == KErrNone)
+{
+iBootstrapPending = EFalse;
+iHaveGbaBootstrapCredentials = ETrue;
+}
+else
+{
+iBootstrapPending = EFalse;
+iHaveGbaBootstrapCredentials = EFalse;
+}
+iBootstrapWait.AsyncStop();
+}
+//EOF

changeset 0	164170e6151a
child 5	3b17fc5c9564
child 14	b75757c81051