1471 // CCTSecurityDialogsAO::ShowNoTrustDialogL() |
1472 // CCTSecurityDialogsAO::ShowNoTrustDialogL() |
1472 // ----------------------------------------------------------------------------- |
1473 // ----------------------------------------------------------------------------- |
1473 // |
1474 // |
1474 void CCTSecurityDialogsAO::ShowNoTrustDialogL() |
1475 void CCTSecurityDialogsAO::ShowNoTrustDialogL() |
1475 { |
1476 { |
1476 CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() ); |
1477 // Cannot display untrusted certificate dialog if device is locked. Untrusted |
1477 TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1478 // certificate dialog would be displayed on top of possible lock code query. |
1478 TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1479 TInt value = 0; |
1479 TBool showPermAccept = ETrue; |
1480 TInt err = RProperty::Get( KPSUidCoreApplicationUIs, KCoreAppUIsAutolockStatus, value ); |
1480 |
1481 if( !err && value > EAutolockOff ) |
1481 if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked ) |
1482 { |
1482 { |
|
1483 // Invalid or revoked certificate |
|
1484 CCTInvalidCertificateNote* note = |
|
1485 new( ELeave ) CCTInvalidCertificateNote( *this, iStatus ); |
|
1486 note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE ); |
|
1487 iRetValue = EServerCertNotAccepted; |
1483 iRetValue = EServerCertNotAccepted; |
|
1484 iStatus = KRequestPending; |
|
1485 TRequestStatus* status( &iStatus ); |
|
1486 User::RequestComplete( status, KErrNone ); |
1488 } |
1487 } |
1489 else |
1488 else |
1490 { |
1489 { |
1491 if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange ) |
1490 CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() ); |
1492 { |
1491 TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1493 // Trusted certificate, but problems with CN or date |
1492 TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1494 |
1493 TBool showPermAccept = ETrue; |
1495 // Retrieve subject name |
1494 |
1496 const CX500DistinguishedName& dName = cert->SubjectName(); |
1495 if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked ) |
1497 |
1496 { |
1498 // Retrieve common name |
1497 // Invalid or revoked certificate |
1499 HBufC* cn = dName.ExtractFieldL( KX520CommonName ); |
1498 CCTInvalidCertificateNote* note = |
1500 |
1499 new( ELeave ) CCTInvalidCertificateNote( *this, iStatus ); |
1501 // Check common name first and then date |
1500 note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE ); |
1502 if( !cn ) |
1501 iRetValue = EServerCertNotAccepted; |
|
1502 |
|
1503 // CCTNoTrustQuery below self-completes this active object. It is necessary to |
|
1504 // complete it here too, in order to run the next step EServerCertCheckUserResp. |
|
1505 iStatus = KRequestPending; |
|
1506 TRequestStatus* status( &iStatus ); |
|
1507 User::RequestComplete( status, KErrNone ); |
|
1508 } |
|
1509 else |
|
1510 { |
|
1511 if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange ) |
1503 { |
1512 { |
1504 // Couldn't retrieve CN from certificate |
1513 // Trusted certificate, but problems with CN or date |
|
1514 |
|
1515 // Retrieve subject name |
|
1516 const CX500DistinguishedName& dName = cert->SubjectName(); |
|
1517 |
|
1518 // Retrieve common name |
|
1519 HBufC* cn = dName.ExtractFieldL( KX520CommonName ); |
|
1520 |
|
1521 // Check common name first and then date |
|
1522 if( !cn ) |
|
1523 { |
|
1524 // Couldn't retrieve CN from certificate |
|
1525 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
|
1526 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
|
1527 } |
|
1528 else if( iServerName->Des() != cn->Des() ) |
|
1529 { |
|
1530 // Domain name doesn't match with CN |
|
1531 dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE; |
|
1532 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE; |
|
1533 } |
|
1534 else if( iAuthFailReason == EDateOutOfRange ) |
|
1535 { |
|
1536 // Certificate is out of date |
|
1537 dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD; |
|
1538 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD; |
|
1539 showPermAccept = EFalse; |
|
1540 } |
|
1541 else |
|
1542 { |
|
1543 // Otherwise show general untrusted note |
|
1544 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
|
1545 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
|
1546 } |
|
1547 } |
|
1548 else |
|
1549 { |
|
1550 // Untrusted certificate |
1505 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1551 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1506 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1552 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1507 } |
1553 } |
1508 else if( iServerName->Des() != cn->Des() ) |
1554 |
|
1555 // No "Accept Permanently" option if certificate is out of date, or |
|
1556 // if domain name is not defined, or if trusted site store failed to |
|
1557 // open (and it's not possible to save the server certificate). |
|
1558 const CValidityPeriod& validityPeriod = cert->ValidityPeriod(); |
|
1559 const TTime& startValue = validityPeriod.Start(); |
|
1560 const TTime& finishValue = validityPeriod.Finish(); |
|
1561 TTime current; |
|
1562 current.UniversalTime(); |
|
1563 |
|
1564 if( (( startValue > current ) || ( finishValue < current )) || |
|
1565 ( iServerName->Des().Length() == 0 ) || |
|
1566 ( !iTrustedSiteCertStore ) ) |
1509 { |
1567 { |
1510 // Domain name doesn't match with CN |
|
1511 dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE; |
|
1512 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE; |
|
1513 } |
|
1514 else if( iAuthFailReason == EDateOutOfRange ) |
|
1515 { |
|
1516 // Certificate is out of date |
|
1517 dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD; |
|
1518 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD; |
|
1519 showPermAccept = EFalse; |
1568 showPermAccept = EFalse; |
1520 } |
1569 } |
1521 else |
1570 |
1522 { |
1571 // CCTNoTrustQuery completes iStatus asynchronously when ready. Note that |
1523 // Otherwise show general untrusted note |
1572 // it happens after ExecuteLD() and also this function have returned. |
1524 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1573 iStatus = KRequestPending; |
1525 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1574 |
1526 } |
1575 iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, |
1527 } |
1576 iServerName, showPermAccept, iQueryDialogDeleted ); |
1528 else |
1577 HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName ); |
1529 { |
1578 |
1530 // Untrusted certificate |
1579 iQueryDialog->ExecuteLD( dialogResourceId, *prompt ); |
1531 dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; |
1580 |
1532 promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; |
1581 CleanupStack::PopAndDestroy( prompt ); |
1533 } |
1582 } |
1534 |
1583 |
1535 // No "Accept Permanently" option if certificate is out of date, or |
1584 CleanupStack::PopAndDestroy( cert ); |
1536 // if domain name is not defined, or if trusted site store failed to |
1585 } |
1537 // open (and it's not possible to save the server certificate). |
|
1538 const CValidityPeriod& validityPeriod = cert->ValidityPeriod(); |
|
1539 const TTime& startValue = validityPeriod.Start(); |
|
1540 const TTime& finishValue = validityPeriod.Finish(); |
|
1541 TTime current; |
|
1542 current.UniversalTime(); |
|
1543 |
|
1544 if( (( startValue > current ) || ( finishValue < current )) || |
|
1545 ( iServerName->Des().Length() == 0 ) || |
|
1546 ( !iTrustedSiteCertStore ) ) |
|
1547 { |
|
1548 showPermAccept = EFalse; |
|
1549 } |
|
1550 |
|
1551 iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, iServerName, |
|
1552 showPermAccept, iQueryDialogDeleted ); |
|
1553 HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName ); |
|
1554 iQueryDialog->ExecuteLD( dialogResourceId, *prompt ); |
|
1555 CleanupStack::PopAndDestroy( prompt ); |
|
1556 } |
|
1557 |
|
1558 CleanupStack::PopAndDestroy( cert ); |
|
1559 |
1586 |
1560 iNextStep = EServerCertCheckUserResp; |
1587 iNextStep = EServerCertCheckUserResp; |
1561 iStatus = KRequestPending; |
|
1562 SetActive(); |
1588 SetActive(); |
1563 } |
1589 } |
1564 |
1590 |
1565 // ----------------------------------------------------------------------------- |
1591 // ----------------------------------------------------------------------------- |
1566 // CCTSecurityDialogsAO::ShowCSRDialogL() |
1592 // CCTSecurityDialogsAO::ShowCSRDialogL() |