--- a/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Fri Jun 11 14:28:40 2010 +0300
+++ b/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Wed Jun 23 19:10:54 2010 +0300
@@ -24,7 +24,7 @@
#include "CTSelectCertificateDialog.h"
#include "CTQueryDialog.h"
#include "CTPinPinQueryDialog.h"
-#include "CTNoTrustQuery.h"
+#include "CTUntrustedCertQuery.h"
#include "CTInvalidCertNote.h"
#include <PKIDlg.h>
#include <badesca.h>
@@ -53,8 +53,6 @@
const TInt KMaxLengthTextCertLabelVisible = 200;
// "dd/mm/yyyy0"
const TInt KMaxLengthTextDateString = 20;
-// HH0
-const TInt KMaxLengthTextSerialNumberFormatting = 3;
// Maximum length of a certificate
const TInt KMaxCertificateLength = 5000;
@@ -63,12 +61,8 @@
const TInt KMinImportKeyPwLen = 1;
-const TInt KMaxCNLength = 64;
+const TInt KMaxCommonNameLength = 64;
-_LIT(KCertManUIDetailsViewHexFormat, "%02X");
-
-const TInt KFileCertStoreUid( 0x101F501A );
-const TInt KWIMCertStoreUid ( 0x101F79D9 );
const TUid KTrustedServerTokenUid = { 0x101FB66F };
const TUid KDeviceCertStoreTokenUid = { 0x101FB668 };
@@ -81,6 +75,18 @@
_LIT( KKeyStoreExportKeyLabel, "Passphrase of the exported key file" );
_LIT( KPKCS12TokenLabel, "PKCS12");
+
+// TODO: replace with OST tracing
+#ifdef _DEBUG
+#include <e32debug.h>
+#define TRACE(x) RDebug::Printf(x)
+#define TRACE1(x,y) RDebug::Printf(x,y)
+#else
+#define TRACE(x)
+#define TRACE1(x,y)
+#endif
+
+
// ============================ MEMBER FUNCTIONS ===============================
// -----------------------------------------------------------------------------
@@ -106,9 +112,6 @@
void CCTSecurityDialogsAO::ConstructL()
{
iDeleted = EFalse;
-
- iQueryDialog = NULL;
- iQueryDialogDeleted = ETrue;
}
// -----------------------------------------------------------------------------
@@ -184,6 +187,7 @@
iMessagePtr = aMessage;
WIMSECURITYDIALOGS_WRITE_FORMAT( "CCTSecurityDialogsAO::StartLD iOperation=%d", iOperation );
+ TRACE1( "CCTSecurityDialogsAO::StartLD iOperation=%d", iOperation );
MapTlsProviderOperation( iOperation );
@@ -338,6 +342,8 @@
//
void CCTSecurityDialogsAO::DoHandleServerAuthFailL( const TDesC8& aBuffer )
{
+ TRACE( "CCTSecurityDialogsAO::DoHandleServerAuthFailL" );
+
CServerAuthenticationFailureInput* srvAuthFail =
CServerAuthenticationFailureInput::NewLC( aBuffer );
TPtrC8 cert;
@@ -350,33 +356,31 @@
iServerName = HBufC::NewL( serverName.Length() );
iServerName->Des().Copy( serverName );
+ iCertLabel = NULL;
- HBufC* cn = NULL;
- iCertLabel = NULL;
// Site will be checked later. For now it is not trusted
iTrustedSite = EFalse;
-
CX509Certificate* serverCert = CX509Certificate::NewLC( cert );
- // Retrieve subject name
const CX500DistinguishedName& dName = serverCert->SubjectName();
- // Retrieve CN
- cn = dName.ExtractFieldL( KX520CommonName );
- if ( cn != NULL )
+
+ HBufC* commonName = dName.ExtractFieldL( KX520CommonName );
+ CleanupStack::PushL( commonName );
+ if( commonName != NULL )
{
- // commonName exist in the certificate.
// Check the length of CN. RFC 3280 states
// that max length of CN is 64.
- if ( cn->Length() <= KMaxCNLength )
+ if( commonName->Length() <= KMaxCommonNameLength )
{
- iCertLabel = HBufC::NewL( cn->Length() );
- iCertLabel->Des().Append( cn->Des() );
+ iCertLabel = HBufC::NewL( commonName->Length() );
+ iCertLabel->Des().Append( commonName->Des() );
}
}
+ CleanupStack::PopAndDestroy( commonName );
- if ( iCertLabel == NULL )
+ if( iCertLabel == NULL )
{
- // No or invalid commonName. Use domain name as label
+ // No or invalid commonName. Use domain name as label.
iCertLabel = HBufC::NewL( iServerName->Length() );
iCertLabel->Des().Append( iServerName->Des() );
}
@@ -801,6 +805,8 @@
//
void CCTSecurityDialogsAO::InitCertStoreL()
{
+ TRACE( "CCTSecurityDialogsAO::InitCertStoreL" );
+
switch(iOperation)
{
case ESignText:
@@ -936,13 +942,15 @@
{
WIMSECURITYDIALOGS_WRITE_FORMAT( "CCTSecurityDialogsAO::RunL, iStatus %d", iStatus.Int() );
WIMSECURITYDIALOGS_WRITE_FORMAT( " iNextStep %d", iNextStep );
+ TRACE1( "CCTSecurityDialogsAO::RunL, iStatus.Int()=%d", iStatus.Int() );
- if ( iStatus != KErrNone )
+ if( iStatus != KErrNone )
{
User::Leave( iStatus.Int() );
- } // if
+ }
- switch ( iNextStep )
+ TRACE1( "CCTSecurityDialogsAO::RunL, iNextStep=%d", iNextStep );
+ switch( iNextStep )
{
case EOperationCompleted:
{
@@ -950,35 +958,34 @@
HandleResponseAndCompleteL();
break;
}
+
case ECheckServerCerts:
{
WIMSECURITYDIALOGS_WRITE( "ECheckServerCerts" );
TBool foundCert( EFalse );
- if ( iServerCerts.Count() )
+ if( iServerCerts.Count() )
{
// Found certificates in the trusted site certificate storage.
// Compare them with the one received from TlsProvider
iCertPtr.Set( iCertBuf->Des() );
CX509Certificate* serverCert = CX509Certificate::NewLC( iCertPtr );
- for (TInt i=0; i<iServerCerts.Count(); i++ )
+ for( TInt i = 0; i < iServerCerts.Count(); i++ )
{
TPtr8 certPtr( iServerCerts[i]->Des() );
-
CX509Certificate* cert = CX509Certificate::NewLC( certPtr );
-
- // Compare fingerprints
- if ( cert->Fingerprint() == serverCert->Fingerprint() )
+ if( cert->Fingerprint() == serverCert->Fingerprint() )
{
- // Fingerprints match
foundCert = ETrue;
}
CleanupStack::PopAndDestroy( cert );
}
+
CleanupStack::PopAndDestroy( serverCert );
- if ( foundCert )
+
+ if( foundCert )
{
// Found matching certificate. Complete the operation
iRetValue = EServerCertAcceptedPermanently;
@@ -987,24 +994,26 @@
}
}
- if ( !foundCert )
- {
- // Couldn't find matching certificate. Prompt user
- ShowNoTrustDialogL();
- }
-
+ if ( !foundCert )
+ {
+ // Couldn't find matching certificate. Prompt user
+ ShowNoTrustDialogL();
+ }
break;
}
+
case EProcessTrustedSite:
{
WIMSECURITYDIALOGS_WRITE( "EProcessTrustedSite" );
+ TRACE( "CCTSecurityDialogsAO::RunL, EProcessTrustedSite" );
+
TInt count = iCertStore->WritableCertStoreCount();
- for ( TInt i = 0; i < count; i++ )
+ for( TInt i = 0; i < count; i++ )
{
MCTWritableCertStore *certstore = &iCertStore->WritableCertStore( i );
MCTToken& token = certstore->Token();
TUid tokenuid = token.Handle().iTokenTypeUid;
- if ( tokenuid == KTrustedServerTokenUid )
+ if( tokenuid == KTrustedServerTokenUid )
{
iTrustedSiteCertStore = certstore;
}
@@ -1016,11 +1025,11 @@
// Find out whether or not site associated with certificate is trusted
iTrustedSite = trustedSitesStore->IsTrustedSiteL( *iCertBuf, *iServerName );
- if ( iTrustedSite )
+ if( iTrustedSite )
{
TBool allowOutOfDate = trustedSitesStore->IsOutOfDateAllowedL(*iCertBuf, *iServerName);
- if (!allowOutOfDate)
+ if( !allowOutOfDate )
{
CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() );
@@ -1041,7 +1050,7 @@
}
CleanupStack::PopAndDestroy( trustedSitesStore );
- if ( iTrustedSite )
+ if( iTrustedSite )
{
// Site is trusted. Next step is to check that server
// certificate is in the trusted site certificate storage
@@ -1108,9 +1117,11 @@
}
break;
}
+
case EAddTrustedSite:
{
- if ( iStatus.Int() == KErrNone )
+ TRACE( "CCTSecurityDialogsAO::RunL, EAddTrustedSite" );
+ if( iStatus.Int() == KErrNone )
{
//Added server certificate succesfully
CTrustSitesStore* trustedSitesStore = CTrustSitesStore::NewL();
@@ -1119,7 +1130,7 @@
TInt status = trustedSitesStore->AddL( *iCertBuf, *iServerName );
CleanupStack::PopAndDestroy( trustedSitesStore );
- if ( status == KErrNone )
+ if( status == KErrNone )
{
iRetValue = EServerCertAcceptedPermanently;
}
@@ -1134,23 +1145,27 @@
else
{
//Adding server certificate failed
+ // TODO: unreached code?
iNextStep = EOperationCompleted;
iRetValue = EServerCertNotAccepted;
HandleResponseAndCompleteL();
}
- break;
+ break;
}
case ESaveServerCert:
{
WIMSECURITYDIALOGS_WRITE( "ESaveServerCert" );
+ TRACE( "CCTSecurityDialogsAO::RunL, ESaveServerCert" );
DoHandleSaveServerCertL();
break;
}
+
case EServerCertCheckUserResp:
{
WIMSECURITYDIALOGS_WRITE( "EServerCertCheckUserResp" );
- if ( iRetValue == EServerCertAcceptedPermanently )
+ TRACE( "CCTSecurityDialogsAO::RunL, EServerCertCheckUserResp" );
+ if( iRetValue == EServerCertAcceptedPermanently )
{
// User accepted to select certificate permanently.
// First add server certificate
@@ -1167,6 +1182,7 @@
}
break;
}
+
case EOperationSignTextShown:
{
if ( iRetValue || iOperation == EUserAuthentication )
@@ -1183,6 +1199,7 @@
User::RequestComplete( status, KErrNone );
break;
}
+
case EOperationInitCertStore:
{
TInt err = KErrNone;
@@ -1200,6 +1217,7 @@
iNextStep = EOperationRetrieveCertInfos;
break;
}
+
case EOperationRetrieveCertInfos:
{
if ( iCertInfo )
@@ -1235,11 +1253,13 @@
}
break;
}
+
case EOperationSelectCert:
{
DoHandleSelectCertificateL();
break;
}
+
case EGetCertInfo:
{
iStatus = KRequestPending;
@@ -1249,6 +1269,7 @@
SetActive();
break;
}
+
case EGetCertificate:
{
iStatus = KRequestPending;
@@ -1268,36 +1289,42 @@
iNextStep = EInitKeyStore;
break;
}
+
case EInitKeyStore:
{
InitKeyStoreL();
iNextStep = EGetKeyInfos;
break;
}
+
case EGetKeyInfos:
{
GetKeyInfosL();
iNextStep = EShowCertDialog;
break;
}
+
case EGetKeyInfoByHandle:
{
GetKeyInfoByHandleL();
iNextStep = EShowCSRDialog;
break;
}
+
case EShowCSRDialog:
{
ShowCSRDialogL();
iNextStep = EOperationCompleted;
break;
}
+
case EShowCertDialog:
{
ShowCertDialogL();
iNextStep = EOperationCompleted;
break;
}
+
/////////////
// PIN steps
/////////////
@@ -1340,11 +1367,13 @@
}
break;
}
+
case EVerifyPINs:
{
VerifyPinsL();
break;
}
+
default:
{
User::Panic( _L("CTestSecDlgNotifier"), 0 );
@@ -1434,84 +1463,40 @@
//
void CCTSecurityDialogsAO::ShowNoTrustDialogL()
{
- CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() );
- TInt resourceid = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- TBool showPermAccept = ETrue;
+ TRACE( "CCTSecurityDialogsAO::ShowNoTrustDialogL, begin" );
- if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked )
- {
- // Invalid or revoked certificate
- CCTInvalidCertificateNote* note =
- new( ELeave ) CCTInvalidCertificateNote( *this, iStatus );
- note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE );
- iRetValue = EServerCertNotAccepted;
- }
- else
- {
- if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange )
- {
- // Trusted certificate, but problems with CN or date
-
- // Retrieve subject name
- const CX500DistinguishedName& dName = cert->SubjectName();
-
- // Retrieve common name
- HBufC* cn = dName.ExtractFieldL( KX520CommonName );
+ // If trusted site certstore open has failed, then it is not possible to save
+ // the host name for permanent use. Hence, choice for permanent accept is not
+ // displayed if trusted site certstore open has failed. Other restrictions for
+ // permanent accept are defined in device dialog (UntrustedCertificateWidget).
+ TBool isTrustedSiteCertStoreOpened = ( iTrustedSiteCertStore != NULL );
+ CCTUntrustedCertQuery *untrustedCertDlg = CCTUntrustedCertQuery::NewLC(
+ iAuthFailReason, *iCertBuf, *iServerName, isTrustedSiteCertStoreOpened );
- // Check common name first and then date
- if( !cn )
- {
- // Couldn't retrieve CN from certificate
- resourceid = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- }
- else if( iServerName->Des() != cn->Des() )
- {
- // Domain name doesn't match with CN
- resourceid = R_WIM_NO_TRUST_QUERY_SITE;
- }
- else if( iAuthFailReason == EDateOutOfRange )
- {
- // Certificate is out of date
- resourceid = R_WIM_NO_TRUST_QUERY_OOD;
- showPermAccept = EFalse;
- }
- else
- {
- // Otherwise show general untrusted note
- resourceid = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- }
- }
- else
- {
- // Untrusted certificate
- resourceid = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- }
-
- // No "Accept Permanently" option if certificate is out of date, or
- // if domain name is not defined, or if trusted site store failed to
- // open (and it's not possible to save the server certificate).
- const CValidityPeriod& validityPeriod = cert->ValidityPeriod();
- const TTime& startValue = validityPeriod.Start();
- const TTime& finishValue = validityPeriod.Finish();
- TTime current;
- current.UniversalTime();
-
- if( (( startValue > current ) || ( finishValue < current )) ||
- ( iServerName->Des().Length() == 0 ) ||
- ( !iTrustedSiteCertStore ) )
- {
- showPermAccept = EFalse;
- }
-
- iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, iServerName,
- showPermAccept, iQueryDialogDeleted );
- iQueryDialog->ExecuteLD( resourceid );
+ CCTUntrustedCertQuery::TResponse response = CCTUntrustedCertQuery::EQueryRejected;
+ untrustedCertDlg->ShowQueryAndWaitForResponseL( response );
+ switch( response )
+ {
+ case CCTUntrustedCertQuery::EQueryAccepted:
+ iRetValue = EServerCertAcceptedTemporarily;
+ break;
+ case CCTUntrustedCertQuery::EQueryAcceptedPermanently:
+ // TODO: show confirmation note, qtn_httpsec_query_perm_accept_text
+ // "Connection to site %U will be made in future without any warnings. Continue?""
+ iRetValue = EServerCertAcceptedPermanently;
+ break;
+ case CCTUntrustedCertQuery::EQueryRejected:
+ default:
+ iRetValue = EServerCertNotAccepted;
+ break;
}
-
- CleanupStack::PopAndDestroy( cert );
+ CleanupStack::PopAndDestroy( untrustedCertDlg );
+ TRACE1( "CCTSecurityDialogsAO::ShowNoTrustDialogL, iRetValue=%d", iRetValue );
iNextStep = EServerCertCheckUserResp;
iStatus = KRequestPending;
+ TRequestStatus* status = &iStatus;
+ User::RequestComplete( status, KErrNone );
SetActive();
}
@@ -2028,9 +2013,9 @@
// CCTSecurityDialogsAO::AddCertFormatL(...)
// -----------------------------------------------------------------------------
//
-void CCTSecurityDialogsAO::AddCertFormatL( TDes& aMessage, TCertificateFormat aCertFormat)
+void CCTSecurityDialogsAO::AddCertFormatL( TDes& /*aMessage*/, TCertificateFormat aCertFormat)
{
- TInt fieldType = 0;
+ //TInt fieldType = 0;
switch ( aCertFormat )
{
case EX509CertificateUrl:
@@ -2312,6 +2297,7 @@
iMessagePtr.WriteL( iReplySlot, pinValueBufPtr );
break;
}
+
case EChangePIN:
case EUnblockPIN:
{
@@ -2322,6 +2308,7 @@
iMessagePtr.WriteL( iReplySlot, twoPINOutputBuf );
break;
}
+
case ESignText: // flow thru
case EUserAuthenticationText: // flow thru
case EUserAuthentication:
@@ -2330,13 +2317,14 @@
iMessagePtr.WriteL( iReplySlot, tokenObjectHandleBuf );
break;
}
+
case EServerAuthenticationFailure:
{
TServerAuthenticationFailureDialogResult result = EStop;
- if ( iRetValue != EServerCertAcceptedPermanently )
+ if( iRetValue != EServerCertAcceptedPermanently )
{
- if ( iRetValue == EServerCertAcceptedTemporarily )
+ if( iRetValue == EServerCertAcceptedTemporarily )
{
result = EContinue;
}
@@ -2357,12 +2345,14 @@
break;
}
+
case EPINBlocked:
case EUnblockPINInClear:
{
User::Leave( KErrNotSupported );
break;
}
+
case ECreateCSR:
case ECertDetails:
case ESaveCert:
@@ -2378,6 +2368,7 @@
{
break; // Complete is enough
}
+
default:
User::Panic( _L("CTestSecDlgNotifier"), 0 );
}
@@ -2425,18 +2416,7 @@
void CCTSecurityDialogsAO::DoCancel()
{
WIMSECURITYDIALOGS_WRITE( "CCTSecurityDialogsAO::DoCancel" );
-
- // Note that iQueryDialog may point to already deleted memory.
- // Dialogs need to set and reset iQueryDialogDeleted flag to
- // allow deleting the dialog from CCTSecurityDialogsAO.
- if( !iQueryDialogDeleted )
- {
- delete iQueryDialog;
- iQueryDialogDeleted = ETrue;
- }
- iQueryDialog = NULL;
-
- if ( !iPinQueryDialogDeleted )
+ if( !iPinQueryDialogDeleted )
{
delete iPinQueryDialog;
iPinQueryDialogDeleted = ETrue;
@@ -2469,10 +2449,12 @@
//
void CCTSecurityDialogsAO::DoHandleSaveServerCertL()
{
+ TRACE( "CCTSecurityDialogsAO::DoHandleSaveServerCertL" );
+
if ( iTrustedSiteCertStore )
{
iTrustedSiteCertStore->Add( *iCertLabel, EX509Certificate,
- EPeerCertificate, NULL, NULL, *iCertBuf, iStatus );
+ EPeerCertificate, NULL, NULL, *iCertBuf, iStatus );
// Next step is to update trust site db
iNextStep = EAddTrustedSite;