# HG changeset patch # User Dremov Kirill (Nokia-D-MSW/Tampere) # Date 1276069091 -10800 # Node ID fabe5ded361acb1650782395b8a9510f2923da02 # Parent 33ad376816a80eff3f8d756c769ab21dba9e272d Revision: 201021 Kit: 2010123 diff -r 33ad376816a8 -r fabe5ded361a layers.sysdef.xml --- a/layers.sysdef.xml Tue May 25 13:36:52 2010 +0300 +++ b/layers.sysdef.xml Wed Jun 09 10:38:11 2010 +0300 @@ -18,7 +18,7 @@ - + diff -r 33ad376816a8 -r fabe5ded361a pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp --- a/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Tue May 25 13:36:52 2010 +0300 +++ b/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Wed Jun 09 10:38:11 2010 +0300 @@ -45,6 +45,7 @@ #include #include #include +#include // KCoreAppUIsAutolockStatus // LOCAL CONSTANTS AND MACROS const TInt KCertArrayGranularity = 3; @@ -1473,92 +1474,117 @@ // void CCTSecurityDialogsAO::ShowNoTrustDialogL() { - CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() ); - TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; - TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; - TBool showPermAccept = ETrue; - - if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked ) + // Cannot display untrusted certificate dialog if device is locked. Untrusted + // certificate dialog would be displayed on top of possible lock code query. + TInt value = 0; + TInt err = RProperty::Get( KPSUidCoreApplicationUIs, KCoreAppUIsAutolockStatus, value ); + if( !err && value > EAutolockOff ) { - // Invalid or revoked certificate - CCTInvalidCertificateNote* note = - new( ELeave ) CCTInvalidCertificateNote( *this, iStatus ); - note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE ); iRetValue = EServerCertNotAccepted; + iStatus = KRequestPending; + TRequestStatus* status( &iStatus ); + User::RequestComplete( status, KErrNone ); } else { - if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange ) + CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() ); + TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; + TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; + TBool showPermAccept = ETrue; + + if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked ) { - // Trusted certificate, but problems with CN or date + // Invalid or revoked certificate + CCTInvalidCertificateNote* note = + new( ELeave ) CCTInvalidCertificateNote( *this, iStatus ); + note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE ); + iRetValue = EServerCertNotAccepted; - // Retrieve subject name - const CX500DistinguishedName& dName = cert->SubjectName(); + // CCTNoTrustQuery below self-completes this active object. It is necessary to + // complete it here too, in order to run the next step EServerCertCheckUserResp. + iStatus = KRequestPending; + TRequestStatus* status( &iStatus ); + User::RequestComplete( status, KErrNone ); + } + else + { + if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange ) + { + // Trusted certificate, but problems with CN or date + + // Retrieve subject name + const CX500DistinguishedName& dName = cert->SubjectName(); + + // Retrieve common name + HBufC* cn = dName.ExtractFieldL( KX520CommonName ); - // Retrieve common name - HBufC* cn = dName.ExtractFieldL( KX520CommonName ); - - // Check common name first and then date - if( !cn ) + // Check common name first and then date + if( !cn ) + { + // Couldn't retrieve CN from certificate + dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; + promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; + } + else if( iServerName->Des() != cn->Des() ) + { + // Domain name doesn't match with CN + dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE; + promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE; + } + else if( iAuthFailReason == EDateOutOfRange ) + { + // Certificate is out of date + dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD; + promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD; + showPermAccept = EFalse; + } + else + { + // Otherwise show general untrusted note + dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; + promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; + } + } + else { - // Couldn't retrieve CN from certificate + // Untrusted certificate dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; } - else if( iServerName->Des() != cn->Des() ) + + // No "Accept Permanently" option if certificate is out of date, or + // if domain name is not defined, or if trusted site store failed to + // open (and it's not possible to save the server certificate). + const CValidityPeriod& validityPeriod = cert->ValidityPeriod(); + const TTime& startValue = validityPeriod.Start(); + const TTime& finishValue = validityPeriod.Finish(); + TTime current; + current.UniversalTime(); + + if( (( startValue > current ) || ( finishValue < current )) || + ( iServerName->Des().Length() == 0 ) || + ( !iTrustedSiteCertStore ) ) { - // Domain name doesn't match with CN - dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE; - promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE; - } - else if( iAuthFailReason == EDateOutOfRange ) - { - // Certificate is out of date - dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD; - promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD; showPermAccept = EFalse; } - else - { - // Otherwise show general untrusted note - dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; - promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; - } - } - else - { - // Untrusted certificate - dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED; - promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED; + + // CCTNoTrustQuery completes iStatus asynchronously when ready. Note that + // it happens after ExecuteLD() and also this function have returned. + iStatus = KRequestPending; + + iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, + iServerName, showPermAccept, iQueryDialogDeleted ); + HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName ); + + iQueryDialog->ExecuteLD( dialogResourceId, *prompt ); + + CleanupStack::PopAndDestroy( prompt ); } - // No "Accept Permanently" option if certificate is out of date, or - // if domain name is not defined, or if trusted site store failed to - // open (and it's not possible to save the server certificate). - const CValidityPeriod& validityPeriod = cert->ValidityPeriod(); - const TTime& startValue = validityPeriod.Start(); - const TTime& finishValue = validityPeriod.Finish(); - TTime current; - current.UniversalTime(); - - if( (( startValue > current ) || ( finishValue < current )) || - ( iServerName->Des().Length() == 0 ) || - ( !iTrustedSiteCertStore ) ) - { - showPermAccept = EFalse; - } - - iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, iServerName, - showPermAccept, iQueryDialogDeleted ); - HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName ); - iQueryDialog->ExecuteLD( dialogResourceId, *prompt ); - CleanupStack::PopAndDestroy( prompt ); + CleanupStack::PopAndDestroy( cert ); } - CleanupStack::PopAndDestroy( cert ); - iNextStep = EServerCertCheckUserResp; - iStatus = KRequestPending; SetActive(); } diff -r 33ad376816a8 -r fabe5ded361a securitydialogs/lockapp/rom/lockapp.iby --- a/securitydialogs/lockapp/rom/lockapp.iby Tue May 25 13:36:52 2010 +0300 +++ b/securitydialogs/lockapp/rom/lockapp.iby Wed Jun 09 10:38:11 2010 +0300 @@ -21,8 +21,7 @@ #include -//S60_APP_EXE(lockapp) -S60_APP_EXE_UDEB(lockapp) +S60_APP_EXE(lockapp) S60_APP_AIF_RSC(lockapp) // To enable updating diff -r 33ad376816a8 -r fabe5ded361a securitydialogs/lockapp/src/lockappappui.cpp --- a/securitydialogs/lockapp/src/lockappappui.cpp Tue May 25 13:36:52 2010 +0300 +++ b/securitydialogs/lockapp/src/lockappappui.cpp Wed Jun 09 10:38:11 2010 +0300 @@ -70,7 +70,9 @@ Exit(); } + #if defined(_DEBUG) INFO( "CLockAppAppUi::ConstructL started" ); + #endif // start the server with the specified name iLockServer = CLockAppServer::NewL( KLockAppServerName ); @@ -100,7 +102,9 @@ // the main control is given high stack priority // ECoeStackPriorityEnvironmentFilter-1 used to allow hw keys for keyfiler even if keypad is locked. AddToStackL( iStateControl, ECoeStackPriorityEnvironmentFilter-1, ECoeStackFlagStandard ); + #if defined(_DEBUG) INFO( "CLockAppAppUi::ConstructL finished" ); + #endif } // --------------------------------------------------------------------------- @@ -158,18 +162,24 @@ CleanupClosePushL( scpClient ); if ( scpClient.QueryAdminCmd( ESCPCommandUnlockPhone ) ) { + #if defined(_DEBUG) INFO( "CLockAppAppUi::HandleMessageL(): Admin command received, unlocking" ); + #endif iStateControl->DisableDevicelockL(); } else { + #if defined(_DEBUG) INFO( "CLockAppAppUi::HandleMessageL(): Unauthorized attempt to unlock" ); + #endif } CleanupStack::PopAndDestroy(); // calls Close() on scpClient } else { + #if defined(_DEBUG) INFO( "CLockAppAppUi::HandleMessageL(): Failed to connect to SCP, ignoring unlock-message." ); + #endif } } else // aMessageUid.iUid != SCP_CMDUID_UNLOCK