--- a/layers.sysdef.xml Tue May 25 13:36:52 2010 +0300
+++ b/layers.sysdef.xml Wed Jun 09 10:38:11 2010 +0300
@@ -18,7 +18,7 @@
</layer>
<layer name="api_test_layer">
<module name="securitysrv_test">
- <unit unitID="sedo.securitysrv_test" mrp="" bldFile="&layer_real_source_path;/tsrc/group" name="securitysrv_test" />
+ <unit unitID="sedo.securitysrv_test" mrp="" bldFile="&layer_real_source_path;/tsrc/group" name="securitysrv_test" filter="TA_SECURITYSRV" />
</module>
</layer>
</systemModel>
--- a/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Tue May 25 13:36:52 2010 +0300
+++ b/pkiutilities/CTSecurityDialogs/NotifSrc/CTSecurityDialogsAO.cpp Wed Jun 09 10:38:11 2010 +0300
@@ -45,6 +45,7 @@
#include <x509certext.h>
#include <TrustedSitesStore.h>
#include <mctwritablecertstore.h>
+#include <coreapplicationuisdomainpskeys.h> // KCoreAppUIsAutolockStatus
// LOCAL CONSTANTS AND MACROS
const TInt KCertArrayGranularity = 3;
@@ -1473,92 +1474,117 @@
//
void CCTSecurityDialogsAO::ShowNoTrustDialogL()
{
- CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() );
- TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
- TBool showPermAccept = ETrue;
-
- if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked )
+ // Cannot display untrusted certificate dialog if device is locked. Untrusted
+ // certificate dialog would be displayed on top of possible lock code query.
+ TInt value = 0;
+ TInt err = RProperty::Get( KPSUidCoreApplicationUIs, KCoreAppUIsAutolockStatus, value );
+ if( !err && value > EAutolockOff )
{
- // Invalid or revoked certificate
- CCTInvalidCertificateNote* note =
- new( ELeave ) CCTInvalidCertificateNote( *this, iStatus );
- note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE );
iRetValue = EServerCertNotAccepted;
+ iStatus = KRequestPending;
+ TRequestStatus* status( &iStatus );
+ User::RequestComplete( status, KErrNone );
}
else
{
- if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange )
+ CX509Certificate* cert = CX509Certificate::NewLC( iCertBuf->Des() );
+ TInt dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
+ TInt promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
+ TBool showPermAccept = ETrue;
+
+ if( iAuthFailReason == ESignatureInvalid || iAuthFailReason == ECertificateRevoked )
{
- // Trusted certificate, but problems with CN or date
+ // Invalid or revoked certificate
+ CCTInvalidCertificateNote* note =
+ new( ELeave ) CCTInvalidCertificateNote( *this, iStatus );
+ note->ExecuteLD( R_WIM_INVALID_CERTIFICATE_INFORMATION_NOTE );
+ iRetValue = EServerCertNotAccepted;
- // Retrieve subject name
- const CX500DistinguishedName& dName = cert->SubjectName();
+ // CCTNoTrustQuery below self-completes this active object. It is necessary to
+ // complete it here too, in order to run the next step EServerCertCheckUserResp.
+ iStatus = KRequestPending;
+ TRequestStatus* status( &iStatus );
+ User::RequestComplete( status, KErrNone );
+ }
+ else
+ {
+ if( iAuthFailReason == EValidatedOK || iAuthFailReason == EDateOutOfRange )
+ {
+ // Trusted certificate, but problems with CN or date
+
+ // Retrieve subject name
+ const CX500DistinguishedName& dName = cert->SubjectName();
+
+ // Retrieve common name
+ HBufC* cn = dName.ExtractFieldL( KX520CommonName );
- // Retrieve common name
- HBufC* cn = dName.ExtractFieldL( KX520CommonName );
-
- // Check common name first and then date
- if( !cn )
+ // Check common name first and then date
+ if( !cn )
+ {
+ // Couldn't retrieve CN from certificate
+ dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
+ promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
+ }
+ else if( iServerName->Des() != cn->Des() )
+ {
+ // Domain name doesn't match with CN
+ dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE;
+ promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE;
+ }
+ else if( iAuthFailReason == EDateOutOfRange )
+ {
+ // Certificate is out of date
+ dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD;
+ promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD;
+ showPermAccept = EFalse;
+ }
+ else
+ {
+ // Otherwise show general untrusted note
+ dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
+ promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
+ }
+ }
+ else
{
- // Couldn't retrieve CN from certificate
+ // Untrusted certificate
dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
}
- else if( iServerName->Des() != cn->Des() )
+
+ // No "Accept Permanently" option if certificate is out of date, or
+ // if domain name is not defined, or if trusted site store failed to
+ // open (and it's not possible to save the server certificate).
+ const CValidityPeriod& validityPeriod = cert->ValidityPeriod();
+ const TTime& startValue = validityPeriod.Start();
+ const TTime& finishValue = validityPeriod.Finish();
+ TTime current;
+ current.UniversalTime();
+
+ if( (( startValue > current ) || ( finishValue < current )) ||
+ ( iServerName->Des().Length() == 0 ) ||
+ ( !iTrustedSiteCertStore ) )
{
- // Domain name doesn't match with CN
- dialogResourceId = R_WIM_NO_TRUST_QUERY_SITE;
- promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_SITE;
- }
- else if( iAuthFailReason == EDateOutOfRange )
- {
- // Certificate is out of date
- dialogResourceId = R_WIM_NO_TRUST_QUERY_OOD;
- promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_OOD;
showPermAccept = EFalse;
}
- else
- {
- // Otherwise show general untrusted note
- dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
- }
- }
- else
- {
- // Untrusted certificate
- dialogResourceId = R_WIM_NO_TRUST_QUERY_UNTRUSTED;
- promptResourceId = R_QTN_ICS_SSL_CONF_Q_ACCEPT_UNTRUSTED;
+
+ // CCTNoTrustQuery completes iStatus asynchronously when ready. Note that
+ // it happens after ExecuteLD() and also this function have returned.
+ iStatus = KRequestPending;
+
+ iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus,
+ iServerName, showPermAccept, iQueryDialogDeleted );
+ HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName );
+
+ iQueryDialog->ExecuteLD( dialogResourceId, *prompt );
+
+ CleanupStack::PopAndDestroy( prompt );
}
- // No "Accept Permanently" option if certificate is out of date, or
- // if domain name is not defined, or if trusted site store failed to
- // open (and it's not possible to save the server certificate).
- const CValidityPeriod& validityPeriod = cert->ValidityPeriod();
- const TTime& startValue = validityPeriod.Start();
- const TTime& finishValue = validityPeriod.Finish();
- TTime current;
- current.UniversalTime();
-
- if( (( startValue > current ) || ( finishValue < current )) ||
- ( iServerName->Des().Length() == 0 ) ||
- ( !iTrustedSiteCertStore ) )
- {
- showPermAccept = EFalse;
- }
-
- iQueryDialog = new( ELeave ) CCTNoTrustQuery( *this, iRetValue, iStatus, iServerName,
- showPermAccept, iQueryDialogDeleted );
- HBufC* prompt = StringLoader::LoadLC( promptResourceId, *iServerName );
- iQueryDialog->ExecuteLD( dialogResourceId, *prompt );
- CleanupStack::PopAndDestroy( prompt );
+ CleanupStack::PopAndDestroy( cert );
}
- CleanupStack::PopAndDestroy( cert );
-
iNextStep = EServerCertCheckUserResp;
- iStatus = KRequestPending;
SetActive();
}
--- a/securitydialogs/lockapp/rom/lockapp.iby Tue May 25 13:36:52 2010 +0300
+++ b/securitydialogs/lockapp/rom/lockapp.iby Wed Jun 09 10:38:11 2010 +0300
@@ -21,8 +21,7 @@
#include <data_caging_paths_for_iby.hrh>
-//S60_APP_EXE(lockapp)
-S60_APP_EXE_UDEB(lockapp)
+S60_APP_EXE(lockapp)
S60_APP_AIF_RSC(lockapp)
// To enable updating
--- a/securitydialogs/lockapp/src/lockappappui.cpp Tue May 25 13:36:52 2010 +0300
+++ b/securitydialogs/lockapp/src/lockappappui.cpp Wed Jun 09 10:38:11 2010 +0300
@@ -70,7 +70,9 @@
Exit();
}
+ #if defined(_DEBUG)
INFO( "CLockAppAppUi::ConstructL started" );
+ #endif
// start the server with the specified name
iLockServer = CLockAppServer::NewL( KLockAppServerName );
@@ -100,7 +102,9 @@
// the main control is given high stack priority
// ECoeStackPriorityEnvironmentFilter-1 used to allow hw keys for keyfiler even if keypad is locked.
AddToStackL( iStateControl, ECoeStackPriorityEnvironmentFilter-1, ECoeStackFlagStandard );
+ #if defined(_DEBUG)
INFO( "CLockAppAppUi::ConstructL finished" );
+ #endif
}
// ---------------------------------------------------------------------------
@@ -158,18 +162,24 @@
CleanupClosePushL( scpClient );
if ( scpClient.QueryAdminCmd( ESCPCommandUnlockPhone ) )
{
+ #if defined(_DEBUG)
INFO( "CLockAppAppUi::HandleMessageL(): Admin command received, unlocking" );
+ #endif
iStateControl->DisableDevicelockL();
}
else
{
+ #if defined(_DEBUG)
INFO( "CLockAppAppUi::HandleMessageL(): Unauthorized attempt to unlock" );
+ #endif
}
CleanupStack::PopAndDestroy(); // calls Close() on scpClient
}
else
{
+ #if defined(_DEBUG)
INFO( "CLockAppAppUi::HandleMessageL(): Failed to connect to SCP, ignoring unlock-message." );
+ #endif
}
}
else // aMessageUid.iUid != SCP_CMDUID_UNLOCK