|
1 /* |
|
2 * Copyright (c) 2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Implementation of DevCertKeyStoreServer |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include <securityerr.h> |
|
20 #include <asnpkcs.h> |
|
21 #include <asn1enc.h> |
|
22 #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS |
|
23 #include <x509keys.h> |
|
24 #else |
|
25 #include <x509keys.h> |
|
26 #include <x509keyencoder.h> |
|
27 #endif |
|
28 #include <keyidentifierutil.h> |
|
29 #include <mctauthobject.h> |
|
30 #include <utf.h> |
|
31 |
|
32 #include "DevCertKeyStoreServer.h" |
|
33 #include "DevCertKeyStoreSession.h" |
|
34 #include "DevCertKeyDataManager.h" |
|
35 #include "DevCertKeyStoreConduit.h" |
|
36 #include "DevCertKeyStoreSession.h" |
|
37 #include "DevCertOpenedKeysSrv.h" |
|
38 #include "DevTokenCliServ.h" |
|
39 #include "DevCertCreateKey.h" |
|
40 #include "DevCertOpenedKeys.h" |
|
41 #include "DevTokenDataTypes.h" |
|
42 #include "DevCertKeyStreamUtils.h" |
|
43 #include "DevTokenUtil.h" |
|
44 #include "DevCertKeyEncryptor.h" |
|
45 #include "DevTokenPWManager.h" |
|
46 |
|
47 // We don't currently allow any keys larger than 2048 bits. It may be necessary to |
|
48 // increase this limit in the future. |
|
49 const TUint KTheMinKeySize = 512; |
|
50 const TUint KTheMaxKeySize = 2048; |
|
51 |
|
52 // Security policies |
|
53 _LIT_SECURITY_POLICY_C1(KImportRemoveSecurityPolicy, ECapabilityWriteDeviceData); |
|
54 _LIT_SECURITY_POLICY_C1(KCreateSecurityPolicy, ECapabilityReadDeviceData); |
|
55 _LIT_SECURITY_POLICY_C1(KOpenSecurityPolicy, ECapabilityReadDeviceData); |
|
56 _LIT_SECURITY_POLICY_C1(KListSecurityPolicy, ECapabilityReadUserData); |
|
57 |
|
58 |
|
59 // ======== MEMBER FUNCTIONS ======== |
|
60 |
|
61 // --------------------------------------------------------------------------- |
|
62 // CDevCertKeyStoreServer::NewL() |
|
63 // --------------------------------------------------------------------------- |
|
64 // |
|
65 CDevCertKeyStoreServer* CDevCertKeyStoreServer::NewL() |
|
66 { |
|
67 CDevCertKeyStoreServer* me = new (ELeave) CDevCertKeyStoreServer(); |
|
68 CleanupStack::PushL(me); |
|
69 me->ConstructL(); |
|
70 CleanupStack::Pop(me); |
|
71 return (me); |
|
72 } |
|
73 |
|
74 |
|
75 // --------------------------------------------------------------------------- |
|
76 // CDevCertKeyStoreServer::CDevCertKeyStoreServer() |
|
77 // --------------------------------------------------------------------------- |
|
78 // |
|
79 CDevCertKeyStoreServer::CDevCertKeyStoreServer() : |
|
80 CActive(EPriorityStandard), |
|
81 iAction(EIdle), |
|
82 iExportBuf(NULL, 0) |
|
83 { |
|
84 } |
|
85 |
|
86 |
|
87 // --------------------------------------------------------------------------- |
|
88 // CDevCertKeyStoreServer::ConstructL() |
|
89 // --------------------------------------------------------------------------- |
|
90 // |
|
91 void CDevCertKeyStoreServer::ConstructL() |
|
92 { |
|
93 iKeyDataManager = CDevCertKeyDataManager::NewL(); |
|
94 iConduit = CDevCertKeyStoreConduit::NewL(*this); |
|
95 CActiveScheduler::Add(this); |
|
96 } |
|
97 |
|
98 |
|
99 // --------------------------------------------------------------------------- |
|
100 // CDevCertKeyStoreServer::~CDevCertKeyStoreServer() |
|
101 // --------------------------------------------------------------------------- |
|
102 // |
|
103 CDevCertKeyStoreServer::~CDevCertKeyStoreServer() |
|
104 { |
|
105 Cancel(); |
|
106 |
|
107 delete iKeyDataManager; |
|
108 delete iConduit; |
|
109 delete iKeyCreator; |
|
110 iSessions.Close(); |
|
111 } |
|
112 |
|
113 |
|
114 // --------------------------------------------------------------------------- |
|
115 // CDevCertKeyStoreServer::CreateSessionL() |
|
116 // --------------------------------------------------------------------------- |
|
117 // |
|
118 CDevCertKeyStoreSession* CDevCertKeyStoreServer::CreateSessionL() |
|
119 { |
|
120 CDevCertKeyStoreSession* session = CDevCertKeyStoreSession::NewL(*this ); |
|
121 CleanupStack::PushL(session); |
|
122 User::LeaveIfError(iSessions.Append(session)); |
|
123 CleanupStack::Pop(session); |
|
124 return session; |
|
125 } |
|
126 |
|
127 |
|
128 // --------------------------------------------------------------------------- |
|
129 // CDevCertKeyStoreServer::RemoveSession() |
|
130 // --------------------------------------------------------------------------- |
|
131 // |
|
132 void CDevCertKeyStoreServer::RemoveSession(CDevCertKeyStoreSession& aSession) |
|
133 { |
|
134 if (iSession == &aSession) // just in case |
|
135 { |
|
136 iSession = NULL; |
|
137 } |
|
138 |
|
139 for (TInt index = 0 ; index < iSessions.Count() ; ++index) |
|
140 { |
|
141 if (iSessions[index] == &aSession) |
|
142 { |
|
143 iSessions.Remove(index); |
|
144 return; |
|
145 } |
|
146 } |
|
147 User::Invariant(); |
|
148 } |
|
149 |
|
150 |
|
151 // --------------------------------------------------------------------------- |
|
152 // CDevCertKeyStoreServer::ServiceRequestL() |
|
153 // --------------------------------------------------------------------------- |
|
154 // |
|
155 void CDevCertKeyStoreServer::ServiceRequestL(const RMessage2& aMessage, CDevCertKeyStoreSession& aSession) |
|
156 { |
|
157 iMessage = &aMessage; |
|
158 iSession = &aSession; |
|
159 iConduit->ServiceRequestL(aMessage, aSession); |
|
160 } |
|
161 |
|
162 |
|
163 // From MCTKeyStore |
|
164 |
|
165 // --------------------------------------------------------------------------- |
|
166 // CDevCertKeyStoreServer::ListL() |
|
167 // --------------------------------------------------------------------------- |
|
168 // |
|
169 void CDevCertKeyStoreServer::ListL(const TCTKeyAttributeFilter& aFilter, |
|
170 RPointerArray<CDevTokenKeyInfo>& aKeys) |
|
171 { |
|
172 ASSERT(iMessage); |
|
173 |
|
174 // Check the calling process has ReadUserData capability |
|
175 if (!KListSecurityPolicy.CheckPolicy(*iMessage)) |
|
176 { |
|
177 User::Leave(KErrPermissionDenied); |
|
178 } |
|
179 |
|
180 TInt count = iKeyDataManager->Count(); |
|
181 |
|
182 for (TInt i = 0; i < count; ++i) |
|
183 { |
|
184 const CDevCertKeyData* data = (*iKeyDataManager)[i]; |
|
185 CDevTokenKeyInfo* info = iKeyDataManager->ReadKeyInfoLC(*data); |
|
186 if (KeyMatchesFilterL(*info, aFilter)) |
|
187 { |
|
188 User::LeaveIfError(aKeys.Append(info)); |
|
189 CleanupStack::Pop(info); |
|
190 } |
|
191 else |
|
192 { |
|
193 CleanupStack::PopAndDestroy(info); |
|
194 } |
|
195 } |
|
196 } |
|
197 |
|
198 |
|
199 // --------------------------------------------------------------------------- |
|
200 // CDevCertKeyStoreServer::KeyMatchesFilterL() |
|
201 // --------------------------------------------------------------------------- |
|
202 // |
|
203 TBool CDevCertKeyStoreServer::KeyMatchesFilterL(const CDevTokenKeyInfo& aInfo, |
|
204 const TCTKeyAttributeFilter& aFilter) |
|
205 { |
|
206 ASSERT(iMessage); |
|
207 |
|
208 if (aFilter.iKeyId.Length() && aFilter.iKeyId != aInfo.ID()) |
|
209 { |
|
210 return EFalse; |
|
211 } |
|
212 |
|
213 if (aFilter.iUsage != EPKCS15UsageAll) |
|
214 { |
|
215 if ((aInfo.Usage() & aFilter.iUsage) == 0) |
|
216 return EFalse; |
|
217 } |
|
218 |
|
219 if (aFilter.iKeyAlgorithm != CCTKeyInfo::EInvalidAlgorithm && |
|
220 aFilter.iKeyAlgorithm != aInfo.Algorithm()) |
|
221 { |
|
222 return EFalse; |
|
223 } |
|
224 |
|
225 switch (aFilter.iPolicyFilter) |
|
226 { |
|
227 case TCTKeyAttributeFilter::EAllKeys: |
|
228 // All keys pass |
|
229 break; |
|
230 |
|
231 case TCTKeyAttributeFilter::EUsableKeys: |
|
232 if (!aInfo.UsePolicy().CheckPolicy(*iMessage)) |
|
233 { |
|
234 return EFalse; |
|
235 } |
|
236 break; |
|
237 |
|
238 case TCTKeyAttributeFilter::EManageableKeys: |
|
239 if (!aInfo.ManagementPolicy().CheckPolicy(*iMessage)) |
|
240 { |
|
241 return EFalse; |
|
242 } |
|
243 break; |
|
244 |
|
245 case TCTKeyAttributeFilter::EUsableOrManageableKeys: |
|
246 if (!aInfo.UsePolicy().CheckPolicy(*iMessage) && |
|
247 !aInfo.ManagementPolicy().CheckPolicy(*iMessage)) |
|
248 { |
|
249 return EFalse; |
|
250 } |
|
251 break; |
|
252 |
|
253 default: |
|
254 User::Leave(KErrArgument); |
|
255 } |
|
256 |
|
257 return ETrue; |
|
258 } |
|
259 |
|
260 |
|
261 // --------------------------------------------------------------------------- |
|
262 // CDevCertKeyStoreServer::GetKeyInfoL() |
|
263 // --------------------------------------------------------------------------- |
|
264 // |
|
265 void CDevCertKeyStoreServer::GetKeyInfoL(TInt aObjectId, CDevTokenKeyInfo*& aInfo) |
|
266 { |
|
267 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
268 if (!keyData) |
|
269 { |
|
270 User::Leave(KErrNotFound); |
|
271 } |
|
272 |
|
273 CDevTokenKeyInfo* result = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
274 if (!result->UsePolicy().CheckPolicy(*iMessage)) |
|
275 { |
|
276 User::Leave(KErrPermissionDenied); |
|
277 } |
|
278 |
|
279 aInfo = result; |
|
280 CleanupStack::Pop(aInfo); |
|
281 } |
|
282 |
|
283 |
|
284 // --------------------------------------------------------------------------- |
|
285 // CDevCertKeyStoreServer::GetKeyLengthL() |
|
286 // --------------------------------------------------------------------------- |
|
287 // |
|
288 TInt CDevCertKeyStoreServer::GetKeyLengthL(TInt aObjectId) |
|
289 { |
|
290 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
291 if (!keyData) |
|
292 { |
|
293 User::Leave(KErrNotFound); |
|
294 } |
|
295 |
|
296 // this could be cached in memory (would break file format though) |
|
297 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
298 TInt result = keyInfo->Size(); |
|
299 CleanupStack::PopAndDestroy(keyInfo); |
|
300 |
|
301 return result; |
|
302 } |
|
303 |
|
304 |
|
305 // --------------------------------------------------------------------------- |
|
306 // CDevCertKeyStoreServer::OpenKeyL() |
|
307 // --------------------------------------------------------------------------- |
|
308 // |
|
309 CDevCertOpenedKeySrv* CDevCertKeyStoreServer::OpenKeyL(TInt aHandle, TUid aOpenedKeyType) |
|
310 { |
|
311 ASSERT(iMessage); |
|
312 |
|
313 if (!KOpenSecurityPolicy.CheckPolicy(*iMessage)) |
|
314 { |
|
315 User::Leave(KErrPermissionDenied); |
|
316 } |
|
317 |
|
318 |
|
319 const CDevCertKeyData *keyData = iKeyDataManager->Lookup(aHandle); |
|
320 if (!keyData) |
|
321 { |
|
322 User::Leave(KErrNotFound); |
|
323 } |
|
324 |
|
325 return CDevCertOpenedKeySrv::NewL( *keyData, aOpenedKeyType, *iMessage,*iKeyDataManager ); |
|
326 } |
|
327 |
|
328 |
|
329 // --------------------------------------------------------------------------- |
|
330 // CDevCertKeyStoreServer::ExportPublicL() |
|
331 // --------------------------------------------------------------------------- |
|
332 // |
|
333 void CDevCertKeyStoreServer::ExportPublicL(TInt aObjectId, |
|
334 TDes8& aOut) |
|
335 { |
|
336 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
337 if (!keyData) |
|
338 { |
|
339 User::Leave(KErrNotFound); |
|
340 } |
|
341 |
|
342 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
343 |
|
344 RStoreReadStream stream; |
|
345 iKeyDataManager->OpenPublicDataStreamLC(*keyData, stream); |
|
346 |
|
347 CDevTokenKeyInfo::EKeyAlgorithm keyAlgorithm = keyInfo->Algorithm(); |
|
348 |
|
349 switch(keyAlgorithm) |
|
350 { |
|
351 case (CDevTokenKeyInfo::ERSA): |
|
352 { |
|
353 CRSAPublicKey* publicKey = NULL; |
|
354 |
|
355 CreateL(stream, publicKey); |
|
356 ASSERT(publicKey); |
|
357 CleanupStack::PushL(publicKey); |
|
358 |
|
359 TX509RSAKeyEncoder encoder(*publicKey, ESHA1); |
|
360 CASN1EncBase* encoded = encoder.EncodeKeyLC(); |
|
361 |
|
362 if (encoded->LengthDER() > static_cast<TUint>(aOut.MaxLength())) |
|
363 { |
|
364 User::Leave(KErrOverflow); |
|
365 } |
|
366 |
|
367 // Get the Public key DER encoding |
|
368 TUint pos=0; |
|
369 encoded->WriteDERL(aOut, pos); |
|
370 |
|
371 // WriteDERL does not set the length of the buffer, we do it ourselves |
|
372 aOut.SetLength(encoded->LengthDER()); |
|
373 |
|
374 CleanupStack::PopAndDestroy(2, publicKey); |
|
375 } |
|
376 break; |
|
377 |
|
378 case (CDevTokenKeyInfo::EDSA): |
|
379 { |
|
380 CDSAPublicKey* publicKey = NULL; |
|
381 |
|
382 CreateL(stream, publicKey); |
|
383 ASSERT(publicKey); |
|
384 CleanupStack::PushL(publicKey); |
|
385 |
|
386 TX509DSAKeyEncoder encoder(*publicKey, ESHA1); |
|
387 CASN1EncBase* encoded = encoder.EncodeKeyLC(); |
|
388 |
|
389 if (encoded->LengthDER() > static_cast<TUint>(aOut.MaxLength())) |
|
390 { |
|
391 User::Leave(KErrOverflow); |
|
392 } |
|
393 |
|
394 // Get the Public key DER encoding |
|
395 TUint pos=0; |
|
396 encoded->WriteDERL(aOut, pos); |
|
397 |
|
398 // WriteDERL does not set the length of the buffer, we do it ourselves |
|
399 aOut.SetLength(encoded->LengthDER()); |
|
400 |
|
401 CleanupStack::PopAndDestroy(2, publicKey); |
|
402 } |
|
403 break; |
|
404 |
|
405 case (CDevTokenKeyInfo::EDH): |
|
406 default: |
|
407 User::Leave(KErrKeyAlgorithm); |
|
408 break; |
|
409 } |
|
410 |
|
411 CleanupStack::PopAndDestroy(2, keyInfo); //stream, keyinfo |
|
412 } |
|
413 |
|
414 |
|
415 // From MCTKeyStoreManager |
|
416 |
|
417 // --------------------------------------------------------------------------- |
|
418 // CDevCertKeyStoreServer::CheckKeyAttributes() |
|
419 // --------------------------------------------------------------------------- |
|
420 // |
|
421 TInt CDevCertKeyStoreServer::CheckKeyAttributes(CDevTokenKeyInfo& aKey, TNewKeyOperation aOp) |
|
422 { |
|
423 ASSERT(iMessage); |
|
424 |
|
425 // Sort out the access rights |
|
426 TInt access = aKey.AccessType(); |
|
427 |
|
428 // Only allow sensitive and extractable to be sepcified |
|
429 if (access & ~(CDevTokenKeyInfo::ESensitive | CDevTokenKeyInfo::EExtractable)) |
|
430 { |
|
431 return KErrKeyAccess; |
|
432 } |
|
433 |
|
434 // If it's sensitive and either created internally |
|
435 // or imported from an encrypted source then it's always been sensitive |
|
436 if ((access & CDevTokenKeyInfo::ESensitive) && |
|
437 (aOp == ENewKeyCreate)) |
|
438 { |
|
439 access |= CDevTokenKeyInfo::EAlwaysSensitive; |
|
440 } |
|
441 |
|
442 // If it's not extractable and it's created internally |
|
443 // then it's never been extractable |
|
444 if ((!(access & CDevTokenKeyInfo::EExtractable)) && aOp == ENewKeyCreate) |
|
445 { |
|
446 access |= CDevTokenKeyInfo::ENeverExtractable; |
|
447 } |
|
448 |
|
449 aKey.SetAccessType(access); |
|
450 |
|
451 // check management policy allows the calling process to manage the key |
|
452 if (!aKey.ManagementPolicy().CheckPolicy(*iMessage)) |
|
453 { |
|
454 return KErrArgument; |
|
455 } |
|
456 |
|
457 // check end date is not in the past |
|
458 TTime timeNow; |
|
459 timeNow.UniversalTime(); |
|
460 if (aKey.EndDate().Int64() != 0 && aKey.EndDate() <= timeNow) |
|
461 { |
|
462 return KErrKeyValidity; |
|
463 } |
|
464 |
|
465 // We don't support non-repudiation, however we currently allow keys |
|
466 // to be created with this usage |
|
467 |
|
468 return KErrNone; |
|
469 } |
|
470 |
|
471 |
|
472 // --------------------------------------------------------------------------- |
|
473 // CDevCertKeyStoreServer::CheckKeyAlgorithmAndSize() |
|
474 // --------------------------------------------------------------------------- |
|
475 // |
|
476 TInt CDevCertKeyStoreServer::CheckKeyAlgorithmAndSize(CDevTokenKeyInfo& aKey) |
|
477 { |
|
478 CDevTokenKeyInfo::EKeyAlgorithm keyAlgorithm = aKey.Algorithm(); |
|
479 if ( ((keyAlgorithm!=CDevTokenKeyInfo::ERSA) && (keyAlgorithm!=CDevTokenKeyInfo::EDSA) && (keyAlgorithm!=CDevTokenKeyInfo::EDH) )) |
|
480 { |
|
481 return KErrKeyAlgorithm; |
|
482 } |
|
483 |
|
484 if (aKey.Size() < KTheMinKeySize || aKey.Size() > KTheMaxKeySize) |
|
485 { |
|
486 return KErrKeySize; |
|
487 } |
|
488 |
|
489 return KErrNone; |
|
490 } |
|
491 |
|
492 |
|
493 // --------------------------------------------------------------------------- |
|
494 // CDevCertKeyStoreServer::CreateKey() |
|
495 // --------------------------------------------------------------------------- |
|
496 // |
|
497 void CDevCertKeyStoreServer::CreateKey(CDevTokenKeyInfo& aReturnedKey, TRequestStatus& aStatus) |
|
498 { |
|
499 ASSERT(iSession); |
|
500 ASSERT(iMessage); |
|
501 |
|
502 TInt err = KErrNone; |
|
503 |
|
504 // Check the calling process has WriteUserData capability |
|
505 if (!KCreateSecurityPolicy.CheckPolicy(*iMessage)) |
|
506 { |
|
507 err = KErrPermissionDenied; |
|
508 } |
|
509 |
|
510 // Check the incoming information has been initialised correctly |
|
511 if (err == KErrNone) |
|
512 { |
|
513 err = CheckKeyAttributes(aReturnedKey, ENewKeyCreate); |
|
514 } |
|
515 |
|
516 if (err == KErrNone) |
|
517 { |
|
518 err = CheckKeyAlgorithmAndSize(aReturnedKey); |
|
519 } |
|
520 |
|
521 if (err != KErrNone) |
|
522 { |
|
523 TRequestStatus* status = &aStatus; |
|
524 User::RequestComplete(status, err); |
|
525 return; |
|
526 } |
|
527 |
|
528 // should make it local only if it's created in the keystore |
|
529 aReturnedKey.SetAccessType(aReturnedKey.AccessType() | CDevTokenKeyInfo::ELocal); |
|
530 |
|
531 if (iKeyDataManager->IsKeyAlreadyInStore(aReturnedKey.Label())) |
|
532 { |
|
533 TRequestStatus* status = &aStatus; |
|
534 User::RequestComplete(status, KErrAlreadyExists); |
|
535 return; |
|
536 } |
|
537 |
|
538 iCallerRequest = &aStatus; |
|
539 iKeyInfo = &aReturnedKey; |
|
540 |
|
541 iStatus = KRequestPending; |
|
542 iAction = ECreateKeyCreate; |
|
543 SetActive(); |
|
544 TRequestStatus* status = &iStatus; |
|
545 User::RequestComplete(status, KErrNone); |
|
546 } |
|
547 |
|
548 |
|
549 // --------------------------------------------------------------------------- |
|
550 // CDevCertKeyStoreServer::CancelCreateKey() |
|
551 // --------------------------------------------------------------------------- |
|
552 // |
|
553 void CDevCertKeyStoreServer::CancelCreateKey() |
|
554 { |
|
555 if (iAction == ECreateKeyCreate || |
|
556 iAction == ECreateKeyFinal) |
|
557 { |
|
558 Cancel(); |
|
559 } |
|
560 } |
|
561 |
|
562 |
|
563 // --------------------------------------------------------------------------- |
|
564 // CDevCertKeyStoreServer::DoCreateKeyL() |
|
565 // --------------------------------------------------------------------------- |
|
566 // |
|
567 void CDevCertKeyStoreServer::DoCreateKeyL() |
|
568 { |
|
569 __ASSERT_DEBUG(iAction==ECreateKeyCreate, PanicServer(EPanicECreateKeyNotReady)); |
|
570 __ASSERT_DEBUG(iKeyInfo, PanicServer(EPanicNoClientData)); |
|
571 |
|
572 if (iKeyCreator) |
|
573 { |
|
574 delete iKeyCreator; |
|
575 iKeyCreator = NULL; |
|
576 } |
|
577 |
|
578 iKeyCreator = new (ELeave) CDevCertKeyCreator(); |
|
579 iStatus = KRequestPending; |
|
580 iAction = EKeyCreated; |
|
581 iKeyCreator->DoCreateKeyAsyncL(iKeyInfo->Algorithm(), iKeyInfo->Size(), iStatus); |
|
582 SetActive(); |
|
583 } |
|
584 |
|
585 |
|
586 // --------------------------------------------------------------------------- |
|
587 // CDevCertKeyStoreServer::DoStoreKeyL() |
|
588 // --------------------------------------------------------------------------- |
|
589 // |
|
590 void CDevCertKeyStoreServer::DoStoreKeyL() |
|
591 { |
|
592 __ASSERT_DEBUG(iAction==ECreateKeyFinal, PanicServer(EPanicECreateKeyNotReady)); |
|
593 __ASSERT_DEBUG(iKeyInfo, PanicServer(EPanicNoClientData)); |
|
594 __ASSERT_DEBUG(iKeyCreator, PanicServer(ENoCreatedKeyData)); |
|
595 |
|
596 const CDevCertKeyData* keyData = iKeyDataManager->CreateKeyDataLC(iKeyInfo->Label()); |
|
597 |
|
598 RStoreWriteStream privateStream; |
|
599 iKeyDataManager->OpenPrivateDataStreamLC(*keyData, privateStream); |
|
600 |
|
601 CDevTokenKeyInfo::EKeyAlgorithm keyAlgorithm = iKeyInfo->Algorithm(); |
|
602 |
|
603 // Get key identifier and externalize private key |
|
604 TKeyIdentifier theKeyId; |
|
605 switch (keyAlgorithm) |
|
606 { |
|
607 case (CDevTokenKeyInfo::ERSA): |
|
608 { |
|
609 CRSAKeyPair* newKey = iKeyCreator->GetCreatedRSAKey(); |
|
610 KeyIdentifierUtil::RSAKeyIdentifierL(newKey->PublicKey(), theKeyId); |
|
611 privateStream << newKey->PrivateKey(); |
|
612 break; |
|
613 } |
|
614 |
|
615 case (CDevTokenKeyInfo::EDSA): |
|
616 { |
|
617 CDSAKeyPair* newKey = iKeyCreator->GetCreatedDSAKey(); |
|
618 KeyIdentifierUtil::DSAKeyIdentifierL(newKey->PublicKey(), theKeyId); |
|
619 privateStream << newKey->PrivateKey(); |
|
620 break; |
|
621 } |
|
622 |
|
623 case (CDevTokenKeyInfo::EDH): |
|
624 { |
|
625 CDevCertKeyEncryptor* encryptor = CDevCertKeyEncryptor::NewLC(); |
|
626 if( encryptor->IsPluginExistL() ) |
|
627 { |
|
628 //SetEncryptor( encryptor->CreateImplementationL() ); |
|
629 MKeyEncryptor* encrypt = encryptor->CreateImplementationL(); |
|
630 |
|
631 RInteger newKey; |
|
632 iKeyCreator->GetCreatedDHKey(newKey); |
|
633 KeyIdentifierUtil::DHKeyIdentifierL(newKey, theKeyId); |
|
634 |
|
635 if (newKey.IsZero()) |
|
636 User::Leave(KErrArgument); |
|
637 |
|
638 //privateStream << newKey; |
|
639 EncryptAndStoreL(newKey, privateStream, encrypt ); |
|
640 |
|
641 privateStream.CommitL(); |
|
642 |
|
643 } |
|
644 else |
|
645 { |
|
646 RInteger newKey; |
|
647 iKeyCreator->GetCreatedDHKey(newKey); |
|
648 KeyIdentifierUtil::DHKeyIdentifierL(newKey, theKeyId); |
|
649 |
|
650 if (newKey.IsZero()) |
|
651 User::Leave(KErrArgument); |
|
652 |
|
653 privateStream << newKey; |
|
654 privateStream.CommitL(); |
|
655 } |
|
656 CleanupStack::PopAndDestroy( encryptor ); |
|
657 break; |
|
658 } |
|
659 |
|
660 default: |
|
661 __ASSERT_DEBUG(EFalse, PanicServer(EPanicInvalidKeyCreateReq)); |
|
662 break; |
|
663 } |
|
664 |
|
665 privateStream.CommitL(); |
|
666 CleanupStack::PopAndDestroy(); // privateStream |
|
667 |
|
668 // Fill in the CCTKeyInfo data currently missing (TKeyIdentifier and handle) |
|
669 iKeyInfo->SetHandle(keyData->Handle()); |
|
670 iKeyInfo->SetIdentifier(theKeyId); |
|
671 |
|
672 // Externalize public key |
|
673 |
|
674 RStoreWriteStream publicStream; |
|
675 iKeyDataManager->OpenPublicDataStreamLC(*keyData, publicStream); |
|
676 |
|
677 switch (keyAlgorithm) |
|
678 { |
|
679 case (CDevTokenKeyInfo::ERSA): |
|
680 publicStream << iKeyCreator->GetCreatedRSAKey()->PublicKey(); |
|
681 break; |
|
682 |
|
683 case (CDevTokenKeyInfo::EDSA): |
|
684 publicStream << iKeyCreator->GetCreatedDSAKey()->PublicKey(); |
|
685 break; |
|
686 |
|
687 case (CDevTokenKeyInfo::EDH): |
|
688 // Nothing to do for DH |
|
689 break; |
|
690 |
|
691 default: |
|
692 __ASSERT_DEBUG(EFalse, PanicServer(EPanicInvalidKeyCreateReq)); |
|
693 break; |
|
694 } |
|
695 |
|
696 publicStream.CommitL(); |
|
697 CleanupStack::PopAndDestroy(); // publicStream |
|
698 |
|
699 // Finished with the key creator |
|
700 if (iKeyCreator) |
|
701 { |
|
702 delete iKeyCreator; |
|
703 iKeyCreator = NULL; |
|
704 } |
|
705 |
|
706 // Externalize the CDevTokenKeyInfo data associated with the key, |
|
707 iKeyDataManager->WriteKeyInfoL(*keyData, *iKeyInfo); |
|
708 |
|
709 // Now add the new key to the data manager (which adds it to the store) |
|
710 iKeyDataManager->AddL(keyData); |
|
711 CleanupStack::Pop(); // keydata |
|
712 } |
|
713 |
|
714 |
|
715 // --------------------------------------------------------------------------- |
|
716 // CDevCertKeyStoreServer::ImportKey() |
|
717 // --------------------------------------------------------------------------- |
|
718 // |
|
719 void CDevCertKeyStoreServer::ImportKey(const TDesC8& aKey, CDevTokenKeyInfo& aReturnedKey, TBool aIsEncrypted, TRequestStatus& aStatus) |
|
720 { |
|
721 ASSERT(iMessage); |
|
722 |
|
723 TInt err = KErrNone; |
|
724 |
|
725 // Check the calling process has WriteUserData capability |
|
726 if (!KImportRemoveSecurityPolicy.CheckPolicy(*iMessage)) |
|
727 { |
|
728 err = KErrPermissionDenied; |
|
729 } |
|
730 |
|
731 if (err == KErrNone) |
|
732 { |
|
733 err = CheckKeyAttributes(aReturnedKey, ENewKeyImportPlaintext); |
|
734 } |
|
735 |
|
736 if (err == KErrNone && iKeyDataManager->IsKeyAlreadyInStore(aReturnedKey.Label())) |
|
737 { |
|
738 err = KErrAlreadyExists; |
|
739 } |
|
740 |
|
741 if (err != KErrNone) |
|
742 { |
|
743 TRequestStatus* status = &aStatus; |
|
744 User::RequestComplete(status, err); |
|
745 return; |
|
746 } |
|
747 |
|
748 iPKCS8Data.Set(aKey); |
|
749 |
|
750 iImportingEncryptedKey = aIsEncrypted; |
|
751 |
|
752 iCallerRequest = &aStatus; |
|
753 iKeyInfo = &aReturnedKey; |
|
754 |
|
755 iAction = EImportKey; |
|
756 SetActive(); |
|
757 |
|
758 if ( aIsEncrypted ) |
|
759 { |
|
760 TDevTokenPWManager::ImportPassword( iPassword, iStatus ); |
|
761 } |
|
762 else |
|
763 { |
|
764 TRequestStatus* status = &iStatus; |
|
765 User::RequestComplete(status, KErrNone); |
|
766 } |
|
767 } |
|
768 |
|
769 |
|
770 // --------------------------------------------------------------------------- |
|
771 // CDevCertKeyStoreServer::CancelImportKey() |
|
772 // --------------------------------------------------------------------------- |
|
773 // |
|
774 void CDevCertKeyStoreServer::CancelImportKey() |
|
775 { |
|
776 if (iAction == EImportOpenPrivateStream || |
|
777 iAction == EImportKey) |
|
778 { |
|
779 Cancel(); |
|
780 } |
|
781 } |
|
782 |
|
783 |
|
784 // --------------------------------------------------------------------------- |
|
785 // CDevCertKeyStoreServer::DoImportKeyL() |
|
786 // --------------------------------------------------------------------------- |
|
787 // |
|
788 void CDevCertKeyStoreServer::DoImportKeyL() |
|
789 { |
|
790 // Generate a decode PKCS8 data object from the incoming descriptor of PKCS8 |
|
791 // data Creation of this will parse the DER stream and generate the |
|
792 // appropriate key representation based on the algorithm |
|
793 |
|
794 ASSERT(iPKCS8Data.Ptr()); |
|
795 |
|
796 CDecPKCS8Data* pkcs8Data = NULL; |
|
797 |
|
798 if ( iImportingEncryptedKey ) |
|
799 { |
|
800 // Convert import passphrase to 8 bit representation |
|
801 TBuf8<32> password; |
|
802 |
|
803 CnvUtfConverter::ConvertFromUnicodeToUtf8(password, iPassword); |
|
804 pkcs8Data = TASN1DecPKCS8::DecodeEncryptedDERL(iPKCS8Data, password); |
|
805 } |
|
806 else |
|
807 { |
|
808 pkcs8Data = TASN1DecPKCS8::DecodeDERL(iPKCS8Data); |
|
809 } |
|
810 |
|
811 CleanupStack::PushL(pkcs8Data); |
|
812 PKCS8ToKeyL(pkcs8Data); |
|
813 CleanupStack::PopAndDestroy(pkcs8Data); |
|
814 } |
|
815 |
|
816 |
|
817 // --------------------------------------------------------------------------- |
|
818 // CDevCertKeyStoreServer::PKCS8ToKeyL() |
|
819 // --------------------------------------------------------------------------- |
|
820 // |
|
821 void CDevCertKeyStoreServer::PKCS8ToKeyL(CDecPKCS8Data* aPKCS8Data) |
|
822 { |
|
823 ASSERT(aPKCS8Data); |
|
824 |
|
825 MPKCS8DecodedKeyPairData* keyPairData = aPKCS8Data->KeyPairData(); |
|
826 |
|
827 // Set algorithm and size from pkcs8 data, and sanity check them |
|
828 if (aPKCS8Data->Algorithm() != ERSA && aPKCS8Data->Algorithm() != EDSA) |
|
829 { |
|
830 User::Leave(KErrKeyAlgorithm); |
|
831 } |
|
832 iKeyInfo->SetAlgorithm((aPKCS8Data->Algorithm() == ERSA) ? CKeyInfoBase::ERSA : CKeyInfoBase::EDSA); |
|
833 iKeyInfo->SetSize(keyPairData->KeySize()); |
|
834 User::LeaveIfError(CheckKeyAlgorithmAndSize(*iKeyInfo)); |
|
835 |
|
836 // Retrieve and store any PKCS8 attributes (in DER encoded descriptor) |
|
837 // These will form part of CDevTokenKeyInfo & available for callers to decode |
|
838 TPtrC8 theAttributes(aPKCS8Data->PKCS8Attributes()); |
|
839 if (theAttributes != KNullDesC8) |
|
840 { |
|
841 iKeyInfo->SetPKCS8AttributeSet(theAttributes.AllocL()); |
|
842 } |
|
843 |
|
844 const CDevCertKeyData* keyData = iKeyDataManager->CreateKeyDataLC(iKeyInfo->Label()); |
|
845 RStoreWriteStream privateStream; |
|
846 iKeyDataManager->OpenPrivateDataStreamLC(*keyData, privateStream); |
|
847 |
|
848 // Generate the key identifier |
|
849 TKeyIdentifier theKeyId; |
|
850 keyPairData->GetKeyIdentifierL(theKeyId); |
|
851 |
|
852 // Fill in the CDevTokenKeyInfo data currently missing (TKeyIdentifier and handle) |
|
853 iKeyInfo->SetHandle(keyData->Handle()); |
|
854 iKeyInfo->SetIdentifier(theKeyId); |
|
855 |
|
856 CDevTokenKeyInfo::EKeyAlgorithm keyAlgorithm = iKeyInfo->Algorithm(); |
|
857 |
|
858 // Externalize private key data |
|
859 switch (keyAlgorithm) |
|
860 { |
|
861 case (CDevTokenKeyInfo::ERSA): |
|
862 privateStream << static_cast<CPKCS8KeyPairRSA*>(keyPairData)->PrivateKey(); |
|
863 break; |
|
864 |
|
865 case (CDevTokenKeyInfo::EDSA): |
|
866 privateStream << static_cast<CPKCS8KeyPairDSA*>(keyPairData)->PrivateKey(); |
|
867 break; |
|
868 |
|
869 default: |
|
870 __ASSERT_DEBUG(EFalse, PanicServer(EPanicInvalidKeyCreateReq)); |
|
871 break; |
|
872 } |
|
873 |
|
874 privateStream.CommitL(); |
|
875 CleanupStack::PopAndDestroy(&privateStream); |
|
876 |
|
877 // Externalize public key data |
|
878 RStoreWriteStream publicStream; |
|
879 iKeyDataManager->OpenPublicDataStreamLC(*keyData, publicStream); |
|
880 |
|
881 switch (keyAlgorithm) |
|
882 { |
|
883 case (CDevTokenKeyInfo::ERSA): |
|
884 publicStream << static_cast<CPKCS8KeyPairRSA*>(keyPairData)->PublicKey(); |
|
885 break; |
|
886 |
|
887 case (CDevTokenKeyInfo::EDSA): |
|
888 publicStream << static_cast<CPKCS8KeyPairDSA*>(keyPairData)->PublicKey(); |
|
889 break; |
|
890 |
|
891 default: |
|
892 __ASSERT_DEBUG(EFalse, PanicServer(EPanicInvalidKeyCreateReq)); |
|
893 break; |
|
894 } |
|
895 |
|
896 publicStream.CommitL(); |
|
897 CleanupStack::PopAndDestroy(&publicStream); |
|
898 |
|
899 // Externalize the CDevTokenKeyInfo data associated with the key, |
|
900 iKeyDataManager->WriteKeyInfoL(*keyData, *iKeyInfo); |
|
901 |
|
902 // Now add the new key to the data manager (which adds it to the store) |
|
903 iKeyDataManager->AddL(keyData); |
|
904 CleanupStack::Pop(const_cast<CDevCertKeyData*>(keyData)); |
|
905 } |
|
906 |
|
907 |
|
908 // --------------------------------------------------------------------------- |
|
909 // CDevCertKeyStoreServer::ExportKey() |
|
910 // --------------------------------------------------------------------------- |
|
911 // |
|
912 void CDevCertKeyStoreServer::ExportKey(TInt aObjectId, const TPtr8& aKey, TRequestStatus& aStatus) |
|
913 { |
|
914 TRAPD(err, DoExportKeyL(aObjectId, aKey, aStatus)); |
|
915 if (err != KErrNone) |
|
916 { |
|
917 TRequestStatus* status = &aStatus; |
|
918 User::RequestComplete(status, err); |
|
919 } |
|
920 } |
|
921 |
|
922 |
|
923 // --------------------------------------------------------------------------- |
|
924 // CDevCertKeyStoreServer::CancelExportKey() |
|
925 // --------------------------------------------------------------------------- |
|
926 // |
|
927 void CDevCertKeyStoreServer::CancelExportKey() |
|
928 { |
|
929 if ( iAction == EExportKey ) |
|
930 { |
|
931 Cancel(); |
|
932 } |
|
933 } |
|
934 |
|
935 |
|
936 // --------------------------------------------------------------------------- |
|
937 // CDevCertKeyStoreServer::DoExportKeyL() |
|
938 // --------------------------------------------------------------------------- |
|
939 // |
|
940 void CDevCertKeyStoreServer::DoExportKeyL(TInt aObjectId, const TPtr8& aKey, TRequestStatus& aStatus) |
|
941 { |
|
942 ASSERT(iMessage); |
|
943 ASSERT(!iKeyData); |
|
944 ASSERT(!iKeyInfo); |
|
945 |
|
946 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
947 if (!keyData) |
|
948 { |
|
949 User::Leave(KErrNotFound); |
|
950 } |
|
951 |
|
952 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
953 |
|
954 // Check access flags allow key to be exported |
|
955 if (!(keyInfo->AccessType() & CCTKeyInfo::EExtractable) || |
|
956 ((keyInfo->AccessType() & CCTKeyInfo::ESensitive))) |
|
957 { |
|
958 User::Leave(KErrKeyAccess); |
|
959 } |
|
960 |
|
961 // Check this isn't a DH key |
|
962 if (keyInfo->Algorithm() != CDevTokenKeyInfo::ERSA && |
|
963 keyInfo->Algorithm() != CDevTokenKeyInfo::EDSA) |
|
964 { |
|
965 User::Leave(KErrNotSupported); |
|
966 } |
|
967 |
|
968 // Check the caller is allowed by the management policy |
|
969 if (!keyInfo->ManagementPolicy().CheckPolicy(*iMessage)) |
|
970 { |
|
971 User::Leave(KErrPermissionDenied); |
|
972 } |
|
973 |
|
974 iKeyData = keyData; |
|
975 iKeyInfo = keyInfo; |
|
976 CleanupStack::Pop(keyInfo); |
|
977 iExportBuf.Set(aKey); |
|
978 iCallerRequest = &aStatus; |
|
979 |
|
980 iAction = EExportKey; |
|
981 |
|
982 SetActive(); |
|
983 TRequestStatus* status = &iStatus; |
|
984 User::RequestComplete(status, KErrNone); |
|
985 } |
|
986 |
|
987 |
|
988 // --------------------------------------------------------------------------- |
|
989 // CDevCertKeyStoreServer::CompleteKeyExportL() |
|
990 // --------------------------------------------------------------------------- |
|
991 // |
|
992 void CDevCertKeyStoreServer::CompleteKeyExportL() |
|
993 { |
|
994 ASSERT(iKeyData); |
|
995 ASSERT(iExportBuf.Ptr()); |
|
996 |
|
997 CDevTokenKeyInfo::EKeyAlgorithm keyAlgorithm = iKeyInfo->Algorithm(); |
|
998 RStoreReadStream privStream; |
|
999 iKeyDataManager->OpenPrivateDataStreamLC(*iKeyData, privStream); |
|
1000 |
|
1001 CASN1EncSequence* encoded = NULL; |
|
1002 |
|
1003 switch(keyAlgorithm) |
|
1004 { |
|
1005 case (CDevTokenKeyInfo::ERSA): |
|
1006 { |
|
1007 RStoreReadStream pubStream; |
|
1008 iKeyDataManager->OpenPublicDataStreamLC(*iKeyData, pubStream); |
|
1009 CRSAPublicKey* publicKey = NULL; |
|
1010 CreateL(pubStream, publicKey); |
|
1011 ASSERT(publicKey); |
|
1012 CleanupStack::PushL(publicKey); |
|
1013 |
|
1014 CRSAPrivateKey* privateKey = NULL; |
|
1015 CreateL(privStream, privateKey); |
|
1016 ASSERT(privateKey); |
|
1017 CleanupStack::PushL(privateKey); |
|
1018 |
|
1019 encoded = TASN1EncPKCS8::EncodeL(*(static_cast<CRSAPrivateKeyCRT*>(privateKey)), *publicKey, iKeyInfo->PKCS8AttributeSet()); |
|
1020 |
|
1021 CleanupStack::PopAndDestroy(3, &pubStream); // privateKey, publicKey, pubStream |
|
1022 } |
|
1023 break; |
|
1024 |
|
1025 case (CDevTokenKeyInfo::EDSA): |
|
1026 { |
|
1027 CDSAPrivateKey* privateKey = NULL; |
|
1028 |
|
1029 CreateL(privStream, privateKey); |
|
1030 ASSERT(privateKey); |
|
1031 CleanupStack::PushL(privateKey); |
|
1032 |
|
1033 encoded = TASN1EncPKCS8::EncodeL(*privateKey, iKeyInfo->PKCS8AttributeSet()); |
|
1034 |
|
1035 CleanupStack::PopAndDestroy(privateKey); |
|
1036 } |
|
1037 break; |
|
1038 |
|
1039 case (CDevTokenKeyInfo::EInvalidAlgorithm): |
|
1040 default: |
|
1041 User::Leave(KErrKeyAlgorithm); |
|
1042 break; |
|
1043 } |
|
1044 |
|
1045 // common to all algorithms |
|
1046 ASSERT(encoded); |
|
1047 CleanupStack::PushL(encoded); |
|
1048 if (encoded->LengthDER() > static_cast<TUint>(iExportBuf.MaxLength())) |
|
1049 { |
|
1050 User::Leave(KErrOverflow); |
|
1051 } |
|
1052 TUint pos=0; |
|
1053 encoded->WriteDERL(iExportBuf, pos); |
|
1054 |
|
1055 // WriteDERL does not set the length of the buffer, we do it ourselves |
|
1056 iExportBuf.SetLength(encoded->LengthDER()); |
|
1057 |
|
1058 CleanupStack::PopAndDestroy(encoded); |
|
1059 CleanupStack::PopAndDestroy(&privStream); |
|
1060 RunError(KErrNone); |
|
1061 } |
|
1062 |
|
1063 |
|
1064 // --------------------------------------------------------------------------- |
|
1065 // CDevCertKeyStoreServer::DeleteKeyL() |
|
1066 // --------------------------------------------------------------------------- |
|
1067 // |
|
1068 void CDevCertKeyStoreServer::DeleteKeyL(TInt aObjectId) |
|
1069 { |
|
1070 ASSERT(iMessage); |
|
1071 |
|
1072 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
1073 if (!keyData) |
|
1074 { |
|
1075 User::Leave(KErrNotFound); |
|
1076 } |
|
1077 |
|
1078 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
1079 |
|
1080 // Check the caller is allowed by the management policy |
|
1081 if (!KImportRemoveSecurityPolicy.CheckPolicy(*iMessage)) |
|
1082 { |
|
1083 User::Leave(KErrPermissionDenied); |
|
1084 } |
|
1085 |
|
1086 CleanupStack::PopAndDestroy(keyInfo); |
|
1087 |
|
1088 // Check if any session has this key open |
|
1089 for (TInt i = 0 ; i < iSessions.Count() ; ++i) |
|
1090 { |
|
1091 CDevCertKeyStoreSession& session = *iSessions[i]; |
|
1092 if (session.HasOpenKey(aObjectId)) |
|
1093 { |
|
1094 User::Leave(KErrInUse); |
|
1095 } |
|
1096 } |
|
1097 |
|
1098 iKeyDataManager->RemoveL(aObjectId); |
|
1099 } |
|
1100 |
|
1101 |
|
1102 // --------------------------------------------------------------------------- |
|
1103 // CDevCertKeyStoreServer::SetUsePolicyL() |
|
1104 // --------------------------------------------------------------------------- |
|
1105 // |
|
1106 void CDevCertKeyStoreServer::SetUsePolicyL(TInt aObjectId, const TSecurityPolicy& aPolicy) |
|
1107 { |
|
1108 ASSERT(iMessage); |
|
1109 |
|
1110 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
1111 if (!keyData) |
|
1112 { |
|
1113 User::Leave(KErrNotFound); |
|
1114 } |
|
1115 |
|
1116 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
1117 |
|
1118 // Check the caller is allowed by the management policy |
|
1119 if (!keyInfo->ManagementPolicy().CheckPolicy(*iMessage)) |
|
1120 { |
|
1121 User::Leave(KErrPermissionDenied); |
|
1122 } |
|
1123 |
|
1124 // should revert change if write fails |
|
1125 keyInfo->SetUsePolicy(aPolicy); |
|
1126 iKeyDataManager->SafeWriteKeyInfoL(*keyData, *keyInfo); |
|
1127 |
|
1128 CleanupStack::PopAndDestroy(keyInfo); |
|
1129 } |
|
1130 |
|
1131 |
|
1132 // --------------------------------------------------------------------------- |
|
1133 // CDevCertKeyStoreServer::SetManagementPolicyL() |
|
1134 // --------------------------------------------------------------------------- |
|
1135 // |
|
1136 void CDevCertKeyStoreServer::SetManagementPolicyL(TInt aObjectId, const TSecurityPolicy& aPolicy) |
|
1137 { |
|
1138 ASSERT(iMessage); |
|
1139 |
|
1140 const CDevCertKeyData* keyData = iKeyDataManager->Lookup(aObjectId); |
|
1141 if (!keyData) |
|
1142 { |
|
1143 User::Leave(KErrNotFound); |
|
1144 } |
|
1145 |
|
1146 CDevTokenKeyInfo* keyInfo = iKeyDataManager->ReadKeyInfoLC(*keyData); |
|
1147 |
|
1148 // Check the caller is allowed by current management policy |
|
1149 if (!keyInfo->ManagementPolicy().CheckPolicy(*iMessage)) |
|
1150 { |
|
1151 User::Leave(KErrPermissionDenied); |
|
1152 } |
|
1153 |
|
1154 // Check the caller is allowed by new management policy |
|
1155 if (!aPolicy.CheckPolicy(*iMessage)) |
|
1156 { |
|
1157 User::Leave(KErrArgument); |
|
1158 } |
|
1159 |
|
1160 // should revert change if write fails |
|
1161 keyInfo->SetManagementPolicy(aPolicy); |
|
1162 iKeyDataManager->SafeWriteKeyInfoL(*keyData, *keyInfo); |
|
1163 |
|
1164 CleanupStack::PopAndDestroy(keyInfo); |
|
1165 } |
|
1166 |
|
1167 |
|
1168 // --------------------------------------------------------------------------- |
|
1169 // CDevCertKeyStoreServer::RunError() |
|
1170 // --------------------------------------------------------------------------- |
|
1171 // |
|
1172 TInt CDevCertKeyStoreServer::RunError(TInt aError) |
|
1173 { |
|
1174 // Delete anything we might have created |
|
1175 delete iKeyCreator; iKeyCreator = NULL; |
|
1176 |
|
1177 if ( iAction == EExportKey ) |
|
1178 { |
|
1179 // we only own iKeyInfo for export operations |
|
1180 delete iKeyInfo; |
|
1181 iKeyInfo = NULL; |
|
1182 } |
|
1183 |
|
1184 // Zero pointers to things we don't own |
|
1185 iKeyInfo = NULL; |
|
1186 iKeyData = NULL; |
|
1187 iExportBuf.Set(NULL, 0, 0); |
|
1188 iPKCS8Data.Set(NULL, 0); |
|
1189 iSession = NULL; |
|
1190 iMessage = NULL; |
|
1191 |
|
1192 if (iCallerRequest) |
|
1193 User::RequestComplete(iCallerRequest, aError); |
|
1194 |
|
1195 iAction = EIdle; // Reset action |
|
1196 return (KErrNone); // Handled |
|
1197 } |
|
1198 |
|
1199 |
|
1200 // --------------------------------------------------------------------------- |
|
1201 // CDevCertKeyStoreServer::DoCancel() |
|
1202 // --------------------------------------------------------------------------- |
|
1203 // |
|
1204 void CDevCertKeyStoreServer::DoCancel() |
|
1205 { |
|
1206 switch (iAction) |
|
1207 { |
|
1208 case ECreateKeyFinal: |
|
1209 ASSERT(iKeyCreator); |
|
1210 iKeyCreator->Cancel(); |
|
1211 break; |
|
1212 |
|
1213 default: |
|
1214 // Nothing to do |
|
1215 break; |
|
1216 } |
|
1217 |
|
1218 RunError(KErrCancel); |
|
1219 } |
|
1220 |
|
1221 |
|
1222 // --------------------------------------------------------------------------- |
|
1223 // CDevCertKeyStoreServer::RunL() |
|
1224 // --------------------------------------------------------------------------- |
|
1225 // |
|
1226 void CDevCertKeyStoreServer::RunL() |
|
1227 { |
|
1228 User::LeaveIfError(iStatus.Int()); |
|
1229 |
|
1230 switch (iAction) |
|
1231 { |
|
1232 case ECreateKeyCreate: |
|
1233 DoCreateKeyL(); |
|
1234 iAction = ECreateKeyFinal; |
|
1235 break; |
|
1236 case ECreateKeyFinal: |
|
1237 DoStoreKeyL(); |
|
1238 // Check iKeyInfo was initialised for the caller |
|
1239 ASSERT(iKeyInfo->HandleID() != 0); |
|
1240 RunError(KErrNone); |
|
1241 break; |
|
1242 case EImportKey: |
|
1243 { |
|
1244 TRAPD(err, DoImportKeyL()); |
|
1245 if (err == KErrTooBig) |
|
1246 { |
|
1247 // Returned by ASN library if data is unexpected probably as a result of |
|
1248 // bad import data |
|
1249 err = KErrArgument; |
|
1250 } |
|
1251 User::LeaveIfError(err); |
|
1252 RunError(KErrNone); |
|
1253 break; |
|
1254 } |
|
1255 |
|
1256 case EExportKey: |
|
1257 { |
|
1258 CompleteKeyExportL(); |
|
1259 break; |
|
1260 } |
|
1261 |
|
1262 default: |
|
1263 ASSERT(EFalse); |
|
1264 } |
|
1265 } |
|
1266 |
|
1267 //EOF |
|
1268 |