diff -r 000000000000 -r 164170e6151a wim/WimPlugin/inc/WimCertStore.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wim/WimPlugin/inc/WimCertStore.h Tue Jan 26 15:20:08 2010 +0200 @@ -0,0 +1,675 @@ +/* +* Copyright (c) 2002 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: An implementation of certificate store interface +* +*/ + + +#ifndef CWIMCERTSTORE_H +#define CWIMCERTSTORE_H + +// INCLUDES + +#include "WimCertStoreMappings.h" +#include +#include +#include + +// FORWARD DECLARATION + +class CWimCertConverter; +class CWimCertInfo; +class CWimTrustSettingsAPI; +class CWimToken; + + +// CLASS DECLARATION + +/** +* Represents read only and writable certificate store. +* +* @lib WimPlugin +* @since Series60 2.1 +*/ + +class CWimCertStore : public CActive, public MCTWritableCertStore + { + public: + + /** + * Two-phased constructor + * @param aToken (IN) A refernece to curren token + * @return An instance of this class + */ + static CWimCertStore* NewL( CWimToken& aToken ); + + /** + * Destructor. + */ + virtual ~CWimCertStore(); + + public: // A function from base class MCTTokenInterface + + /** + * Returns a reference to current token. + * @return A reference to current token. + */ + MCTToken& Token(); + + public: // Functions from base class MCertStore + + /** + * Lists certificates from the store. + * The caller of this function owns all its parameters. + * @param aCerts (OUT) An array into which the returned certificates + * are placed. + * @param aFilter (IN) A filter to select which certificates should + * be included. + * @param aStatus (IN/OUT) A Request status that will be completed when + * the operation completes. + * KErrNone, if no errors detected. Note: if certificates not + * found, it is also KErrNone + * KErrCancel, if call is canceled + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void List( RMPointerArray& aCerts, + const CCertAttributeFilter& aFilter, + TRequestStatus& aStatus ); + + /** + * Cancels ongoing list operation. + * @return void + */ + void CancelList(); + + /** + * Gets a certificate info according to given handle. + * The caller of this function owns all its parameters. + * @param aCertInfo (OUT) The returned certificate info. + * @param aHandle (IN) The handle of the certificate info to return. + * @param aStatus (IN/OUT) A request status that is completed when + * the operation has finished. + * KErrNone, if no errors detected. + * KErrNotFound, if certificate with given handle not found + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void GetCert( CCTCertInfo*& aCertInfo, + const TCTTokenObjectHandle& aHandle, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing GetCert operation. No influence. + * @return void + */ + void CancelGetCert(); + + /** + * Queries the applications that given certificate supports. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate to return applications for. + * @param aApplications (OUT) An array where applications are added in. + * @param aStatus A request status that is completed when the + * operation has finished. + * KErrNone, if no errors detected + * KErrNotFound, if aCertInfo not found + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void Applications( const CCTCertInfo& aCertInfo, + RArray& aApplications, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing Applications operation. No influence. + * @return void + */ + void CancelApplications(); + + /** + * Indicates if a particular certificate is applicable to a particular + * application. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate in question. + * @param aApplication (IN) The application. + * @param aIsApplicable (OUT) Set to ETrue or EFalse by the function + * to return the result. + * @param aStatus (IN/OUT) A request status that is completed when the + * operation has finished. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void IsApplicable( const CCTCertInfo& aCertInfo, + TUid aApplication, + TBool& aIsApplicable, + TRequestStatus& aStatus ); + + /** + * Cancels an IsApplicable operation. No influence. + * @return void + */ + void CancelIsApplicable(); + + /** + * Returns true value if given certificate is trusted. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate we're interested in. + * @param aTrusted (OUT) Used to return the trust status. + * @param aStatus (IN/OUT) A request status that is completed when the + * operation has finished. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void Trusted( const CCTCertInfo& aCertInfo, + TBool& aTrusted, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing Trusted operation. No influence. + * @return void + */ + void CancelTrusted(); + + /** + * Retrieves the actual certificate. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate to retrieve. + * @param aEncodedCert (OUT) A buffer to put the certificate in. + * It must be big enough. The size is stored in aCertInfo. + * @param aStatus (IN/OUT) A request status that is completed when the + * operation has finished. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void Retrieve( const CCTCertInfo& aCertInfo, + TDes8& aEncodedCert, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing Retrieve operation. + * @return void + */ + void CancelRetrieve(); + + public: // From base class MCTWritableCertStore + + /** + * CURRENTLY NOT SUPPORTED. Adds a certificate to the cert store. + * The caller of this function owns all its parameters. + * @param aLabel (IN) The label of the certificate to add + * @param aFormat (IN) the format of the certificate + * @param aCertificateOwnerType (IN) The owner type + * @param aSubjectKeyId (IN) The Subject key ID + * @param aIssuerKeyId (IN) The issuer key ID + * @param aCert (IN) The certificate to add + * @param aStatus (IN/OUT) This is completed with the return result + * when the add has completed + * KErrNone, if no errors detected. + * KErrArgument, + * - if label length is zero, or + * - certificate owner type is unknown, or + * - certificate is X509 or WTLS and computed subject key id + * is not as given subject key id + * - X509 and Url, and subject key is not given + * KErrNotSupported, if certificate format not supported. + * (Supported formats are: X509, WTLS and URL) + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * return void + */ + void Add( const TDesC& aLabel, + TCertificateFormat aFormat, + TCertificateOwnerType aCertificateOwnerType, + const TKeyIdentifier* aSubjectKeyId, + const TKeyIdentifier* aIssuerKeyId, + const TDesC8& aCert, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing add operation. + * @return void + */ + void CancelAdd(); + + /** + * CURRENTLY NOT SUPPORTED. Removes a certificate from Wim cert store. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate to remove. + * @param aStatus (IN/OUT) This is completed with the return result + * when the remove has completed. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrNotSupported, if certificate format not supported. + * (Supported formats are: X509, WTLS and URL) + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + */ + void Remove( const CCTCertInfo& aCertInfo, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing remove operation. + * @return void + */ + void CancelRemove(); + + /** + * Replaces the current applicability settings with the settings + * in the supplied array. + * The caller of this function owns all its parameters except aApplications + * which ownership is transferred to this class + * @param aCertInfo (IN) The certificate whose applicability should + * be updated. + * @param aApplications (IN) The new applications. + * @param aStatus (IN/OUT) This is completed with the return result + * when the operation has completed. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrArgument, if some of the given applications is not + * found from system file (certclients.dat) + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + */ + void SetApplicability( const CCTCertInfo& aCertInfo, +#ifdef __SECURITY_PLATSEC_ARCH__ + const RArray& aApplications, +#else + RArray* aApplications, +#endif + TRequestStatus &aStatus ); + + /** + * Cancels an ongoing operation. No influence. + * @return void + */ + void CancelSetApplicability(); + + /** + * Changes the trust settings. CA certificate is + * trusted if the user is willing to use it for authenticating servers. + * It has no meaning with other types of certificates. + * The caller of this function owns all its parameters. + * @param aCertInfo (IN) The certificate to update. + * @param aTrusted (IN) Whether or not it is trusted + * @param aStatus (IN/OUT) This is completed with the return result + * when the operation has completed. + * KErrNone, if no errors detected. + * KErrNotFound, if aCertInfo not found + * KErrArgument, if given aTrusted parameter is not true or false. + * KErrHardwareNotAvailable, if Wim card suddenly removed + * Any other system wide error code (e.g. KErrNoMemory) + * @return void + */ + void SetTrust( const CCTCertInfo& aCertInfo, + TBool aTrusted, + TRequestStatus& aStatus ); + + /** + * Cancels an ongoing operation. No influence. + * @return void + */ + void CancelSetTrust(); + + private: // New functions + + /** + * Makes some initializations. + * @return void + */ + void Initialize(); + + /** + * Sets trusted and appliaction info on certificate mapping. + * @param aTrusted (IN) True or false value + * @param aCertificateApps (IN) An array of application uids for + * certificate + * @return void + */ + void SetTrustSettingsOnMappingL( TBool aTrusted, + RArray* aCertificateApps ); + + protected: // From base class MCTTokenInterface + + virtual void DoRelease(); + + protected: // From base class CActive + + void RunL(); + + TInt RunError(TInt aError); + + void DoCancel(); + + private: // New functions + + /** + * Creates iCerts array and loads certificate infos into it. + * @return void + */ + void LoadMappingsL(); + + // Computes and checks subject key in add operation + void ComputeAndCheckSubjectKeyIdL(); + + /** + * Checks if given application is known by system + * @param aCertInfo (IN) The certificate that the update concern + * @param aApplications (IN) An array of application uids for the + * certificate + * @param aStatus (IN/OUT) This is completed with the return result + * when the operation has completed. + * @return void + */ + + void CheckApplicabilityL( +#ifdef __SECURITY_PLATSEC_ARCH__ + const RArray& aTrusters ); +#else + RArray* aTrusters ); +#endif + + /** + * Starts applicability updates and completes the message + * @return void + */ + + void DoSetApplicability(); + + /** + * Contains actual functions to update applicability + * @return void + */ + + void DoSetApplicabilityL(); + + /** + * Sets trust information for a certificate + * @param aCertInfo (IN) The certificate that the update concern + * @param aTrusted (IN) Trusted info for the certificate, values + * are true (trusted) or false (not trusted) + * @param aStatus (IN/OUT) This is completed with the return result + * when the operation has completed. + * @return void + */ + void DoSetTrustL(); + + // General function to free unified key storage objects + void FreeUnifiedKeyStore(); + + // RunL phase where LoadMappingsL is called + void DoInitializeLoadMappingsL(); + + // RunL phase where trust settings are loaded + void DoInitializeLoadTrustSettingsStartL(); + + // RunL phase where trust settings call are waited + void DoInitializeLoadTrustSettingsWaitL(); + + // RunL phase where key infos are fetched + void DoGetKeyInfos(); + + // RunL phase where list operation is actually done + void DoListGoL(); + + // RunL phase where list operation is actually started + void DoInitializeGetCertListL(); + + // RunL phase where list operation is started + void DoList(); + + // RunL phase where private key is checked + void DoCheckCorrespondingPrivateKey(); + + // RunL phase where delete from wim is checked + void DoCheckDeleteFromWim(); + + // Returns the status of token + TBool TokenRemoved(); + + /** + * Checks if token is removed or is this object active + * @param aStatus (IN/OUT) This is completed with the return result + * when the operation has completed. + * @return TBool + */ + TBool EnteringAllowed( TRequestStatus& aStatus ); + + // RunL phase for getting a certificate info + void DoGetCert(); + + // RunL phase for getting a certificate applications + void DoApplications(); + + // RunL phase for checking application applicability + void DoIsApplicable(); + + // RunL phase for checking certificate's trust info + void DoTrusted(); + + // RunL phase for retrieving certificate binary data + void DoRetrieve(); + + // RunL phase for adding a certificate + void DoAdd(); + + // RunL phase for certificate removal + void DoRemove(); + + // RunL phase for certificate trusted info + void DoSetTrust(); + + /** + * Cleans trusters array if leave occurs + * @param aTrusters (IN) An array of applications (trusters) + * @return void + */ + static void CleanTrustersArray( TAny* aTrusters ); + + private: // Constructors + + /** + * The default constructor + * @param aToken (IN) A reference of current token + * @return None + */ + CWimCertStore( CWimToken& aToken ); + + // Second phase constructor + void ConstructL(); + + private: // Data + + // Reference to current token of this cert store interface. + + CWimToken& iToken; + + // State flag for RunL + + enum TPhase + { + EInitializeGetCertList = 0, + EInitializeLoadMappings, + EInitializeLoadTrustSettingsStart, + EInitializeLoadTrustSettingsWait, + EList, + EListGo, + EGetKeyInfos, + EGetCert, + EApplications, + EIsApplicable, + ETrusted, + ERetrieve, + ERetrieveFromWim, + ERetrieveWait, + EGetCorrespondingPrivateKey, + ECheckCorrespondingPrivateKey, + EAdd, + EAddToWim, + ECheckAddToWim, + ERemove, + EWaitRemoveTrustSettings, + EDeleteFromWim, + ECheckDeleteFromWim, + ESetApplicability, + EWaitSetApplicability, + ESetTrust, + EWaitSetTrust, + ECompleteMessage, + EIdle + }; + + // Flag for internal state machine + TPhase iPhase; + + // Save place for original state + TPhase iPhaseOriginal; + + // Used for saving caller status + // This class don't own the pointed object + TRequestStatus* iOriginalRequestStatus; + + // The list of certificates (mapping objects) contained in the + // trust store. + // This class owns the pointed objects and is responsible + // to release them in the end of this class life cycle. + CWimCertStoreMappings* iCerts; + + // Temporal array for certificate infos. + // This array is used to fetch certificate infos from WimClient. + // At first this class owns the pointed objects. Ownership is + // transferred to iCerts. See iCerts above. + RPointerArray iCertInfos; + + // Temporal array for certificate info pointers + // This array is used to append certificate infos in List operation + // This class don't own the pointed objects + RPointerArray* iCertsList; + + // Array for adding certificate applications to trust store + // This class don't own the pointed objects + RArray* iCertificateApps; + + // Index for going through all certificates + TInt iCertIndex; + + // Used for fetching and updating trust settings + TBool iTrusted; + + // Used in List operation in order to use in RunL + // This class don't own the pointed object. + const CCertAttributeFilter* iFilter; + + // Used with unified key store to filter keys + TCTKeyAttributeFilter iKeyFilter; + + // Used with unified key store to save keys for a while + RMPointerArray iKeyInfos; + + // A pointer to unified key store + // This class owns also the pointed object + CUnifiedKeyStore* iUnifiedKeyStore; + + // Used in Retrieve operation in order to use in RunL + // Points to whole certificate data string + // This class don't own the pointed data + TDes8* iEncodedCert; + + // The pointed object acts as a converter between + // CWimCertStore interface and WimClient + // This class owns the pointed object + CWimCertConverter* iCWimCertConverter; + + // The pointed object acts as a database store for trust settings + // This class owns the pointed object + CWimTrustSettingsAPI* iCWimTrustSettingsStore; + + // A pointer to label of certificate to be added + // This class don't own the pointed object + const TDesC* iLabel; + + // A pointer to format of certificate to be added + TCertificateFormat iFormat; + + // Owner type of certificate to be added + TCertificateOwnerType iCertificateOwnerType; + + // A pointer to subject key id of certificate to be added + // This class don't own the pointed object + const TKeyIdentifier* iSubjectKeyId; + + // A pointer to issuer key id of certificate to be added + // This class don't own the pointed object + const TKeyIdentifier* iIssuerKeyId; + + // A pointer to binary data of certificate to be added + // This class don't own the pointed object + const TDesC8* iCert; + + // A hash of subject key id of certificate to be added + TKeyIdentifier iComputedSubjectKeyId; + + // For the call of unified keystore. + RFs iFs; + + // A pointer to user's certificate data area. Used during + // set active object. Not owned. + CCTCertInfo** iCertInfo; + + // A pointer to user given certificate handle. Not owned. + const TCTTokenObjectHandle* iHandle; + + // A pointer to user's certificate data area. Used during + // set active object. Not owned. + const CCTCertInfo* iCertInfoReadOnly; + + // A pointer array application Uids + RArray* iApplications; + + // A place holder to application Uid + TUid iApplication; + + // A pointer to boolean variable in user area. Not owned. + TBool* iIsApplicable; + + // A pointer to boolean variable in user area. Not owned. + TBool* iTrustedCert; + + // Place holder for certificate trusted info update + TBool iTrustedValue; + + // Save old trust value for back up reason + TBool iOldTrusted; + + // Pointer array for old applications. Ownership moved to mapping + // if setting new applications fails. + RArray* iOldTrusters; + +}; + +#endif // CWIMCERTSTORE_H + +// End of File