|
1 /* |
|
2 * Copyright (c) 2006-2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: CPKIMapper class holds the information required to map API set |
|
15 * to use the storage model which is not native for that API. |
|
16 * |
|
17 */ |
|
18 |
|
19 |
|
20 |
|
21 #if !defined (__PKIMAPPER_H__) |
|
22 #define __PKIMAPPER_H__ |
|
23 |
|
24 #include <e32base.h> |
|
25 #include <securitydefs.h> |
|
26 |
|
27 #include "pkidefs.h" |
|
28 #include "pkiserviceclientservercommon.h" |
|
29 |
|
30 class TSecurityObjectDescriptor; |
|
31 class CX500DistinguishedName; |
|
32 class CX520AttributeTypeAndValue; |
|
33 |
|
34 enum TValidity |
|
35 { |
|
36 EValid, |
|
37 EExpired, |
|
38 ENotValidYet |
|
39 }; |
|
40 |
|
41 |
|
42 /** |
|
43 * CMapDescriptor |
|
44 * |
|
45 * Maintains information of installed certificates and keys |
|
46 * |
|
47 * @lib internal (pkiservice.exe) |
|
48 * @since S60 v3.0 |
|
49 */ |
|
50 class CMapDescriptor : public CBase |
|
51 { |
|
52 public: |
|
53 CMapDescriptor() |
|
54 { |
|
55 iOwnerType = EPKICACertificate; |
|
56 iKeySize = 0; |
|
57 iKeyAlgorithm = EPKIInvalidAlgorithm; |
|
58 }; |
|
59 |
|
60 ~CMapDescriptor() |
|
61 { |
|
62 delete iTrustedAuthority; |
|
63 iTrustedAuthority = NULL; |
|
64 delete iIdentitySubjectName; |
|
65 iIdentitySubjectName = NULL; |
|
66 delete iIdentityRfc822Name; |
|
67 iIdentityRfc822Name = NULL; |
|
68 delete iSerialNumber; |
|
69 iSerialNumber = NULL; |
|
70 iApplUids.Close(); |
|
71 }; |
|
72 CMapDescriptor(TSecurityObjectDescriptor& aDesc); |
|
73 CMapDescriptor& operator=(CMapDescriptor& aMapDesc); |
|
74 void SetMapObjectName(const TDesC& aFilename) {iObjectName.Copy(aFilename);}; |
|
75 TBool IsMatchingL(TSecurityObjectDescriptor &aDesc, |
|
76 const TBool aInfoOnly, |
|
77 TPkiServiceStoreType aCertStoreType) const; |
|
78 |
|
79 TBool IsEqual(CMapDescriptor &aDesc); |
|
80 void SetMapSubjectKeyId(const TPKIKeyIdentifier &aKeyId) |
|
81 { |
|
82 iSubjectKeyId.Copy(aKeyId); |
|
83 }; |
|
84 void SetMapOwnerType(const TPKICertificateOwnerType aOwnerType) {iOwnerType = aOwnerType;}; |
|
85 void SetMapKeyUsageDer(const TDesC8 &aKeyUsage) |
|
86 { |
|
87 iKeyUsageDer.Copy(aKeyUsage); |
|
88 }; // Optional if only certificate is needed |
|
89 // Key usage is not defined in the filter, this will be checked separately |
|
90 void SetMapKeySize(const TUint aKeySize) {iKeySize = aKeySize;}; // Optional if only certificate is needed |
|
91 // Issuer and serial are not defined in the filter, these will be checked separately |
|
92 void SetMapTrustedAuthorityL(const TDesC8 &aTrustedAuthority) |
|
93 { |
|
94 delete iTrustedAuthority; |
|
95 iTrustedAuthority = NULL; |
|
96 iTrustedAuthority = aTrustedAuthority.AllocL(); |
|
97 }; |
|
98 void SetMapIdentitySubjectNameL(const TDesC8 &aIdentitySubjectName) |
|
99 { |
|
100 delete iIdentitySubjectName; |
|
101 iIdentitySubjectName = NULL; |
|
102 iIdentitySubjectName = aIdentitySubjectName.AllocL(); |
|
103 }; |
|
104 void SetMapIdentityRfc822NameL(const TDesC8 &aIdentityRfc822Name) |
|
105 { |
|
106 delete iIdentityRfc822Name; |
|
107 iIdentityRfc822Name = NULL; |
|
108 iIdentityRfc822Name = aIdentityRfc822Name.AllocL(); |
|
109 }; |
|
110 void SetMapSerialNumberL(const TDesC8 &aSerialNumber) |
|
111 { |
|
112 delete iSerialNumber; |
|
113 iSerialNumber = NULL; |
|
114 iSerialNumber = aSerialNumber.AllocL(); |
|
115 }; |
|
116 |
|
117 void SetCertStoreType(TPkiServiceStoreType aCertStoreType); |
|
118 |
|
119 void SetMapKeyAlgorithm(const TPKIKeyAlgorithm &aKeyAlgorithm) {iKeyAlgorithm = aKeyAlgorithm;}; |
|
120 void SetMapStartTime(const TTime &aTime) {iStartTime = aTime;}; |
|
121 void SetMapEndTime(const TTime &aTime) {iEndTime = aTime;}; |
|
122 void SetMapTrusted(const TBool &aTrusted) {iIsTrusted = aTrusted;}; |
|
123 void SetMapIsDeletable(const TBool &aIsDeletable) {iIsDeletable = aIsDeletable;}; |
|
124 void SetMapApplications(const RArray<TUid> &aApplications) {for(TInt i=0; i<aApplications.Count();i++){ iApplUids.Append(aApplications[i]);}}; |
|
125 |
|
126 TBool IsMatchingCertStore(const TDesC& aCertStoreName); |
|
127 |
|
128 public: // data |
|
129 // No get methods introduced, values are used directly! |
|
130 |
|
131 /// Key or certificate: used internally, depends on the operation |
|
132 /// Own: Cert TrustedAuthority |
|
133 HBufC8* iTrustedAuthority; |
|
134 HBufC8* iIdentitySubjectName; // Identity subject name |
|
135 HBufC8* iIdentityRfc822Name; // Identity subjectAltName rfc822 name |
|
136 HBufC8* iSerialNumber; // Serialnumber |
|
137 TPKIKeyIdentifier iSubjectKeyId; // SHA1 hash of the corresponding private key |
|
138 TPKICertificateOwnerType iOwnerType; // User, CA or peer. If user certificate, at least key usage must be set |
|
139 TBuf8<KMaxUsageDer> iKeyUsageDer; // Der format flags |
|
140 TBuf<SHORT_FILENAME_LENGTH> iObjectName; |
|
141 TUint iKeySize; // Key size |
|
142 TPKIKeyAlgorithm iKeyAlgorithm; // RSA, DSA |
|
143 TTime iStartTime; |
|
144 TTime iEndTime; |
|
145 TBool iIsDeletable; |
|
146 TBool iIsTrusted; |
|
147 RArray<TUid> iApplUids; |
|
148 TPkiServiceStoreType iCertStoreType; |
|
149 }; |
|
150 |
|
151 /** |
|
152 * CPKIMapper |
|
153 * |
|
154 * Maintains array of CMapDescriptor objects |
|
155 * |
|
156 * @lib internal (pkiservice.exe) |
|
157 * @since S60 v3.0 |
|
158 */ |
|
159 class CPKIMapper : public CBase |
|
160 { |
|
161 public: |
|
162 // Constructors, destructor |
|
163 // When constructing an invocation, check if some key/certificate has been manually removed. |
|
164 static CPKIMapper* NewL(); |
|
165 static TValidity CertValidity(const TTime &aStartTime, const TTime &aEndTime); |
|
166 ~CPKIMapper(); |
|
167 |
|
168 //////////////////////////////////////////////////////////////////////////////////////////// |
|
169 // Mapping methods |
|
170 //////////////////////////////////////////////////////////////////////////////////////////// |
|
171 // These are new methods, which will be called from ipsecmanager when importing policy or deleting a certificate/key |
|
172 // In acuagent, these will be called after user key has been generated and authorized by CA |
|
173 TInt AddMapping(CMapDescriptor &aMap); |
|
174 TInt DeleteMapping(CMapDescriptor &aDesc); |
|
175 CMapDescriptor& GetMapDescriptorAtIndex(TInt aIndex); |
|
176 // One-to-one mapping functions |
|
177 void GetCertificateKeyIdL(TSecurityObjectDescriptor &aDescriptor, TPKIKeyIdentifier &aKeyId, |
|
178 TPkiServiceStoreType aStoreType = EPkiStoreTypeUser) const; |
|
179 |
|
180 TInt ResolveCertMappingL(TSecurityObjectDescriptor &aDescriptor, TDes16 &aFilename, |
|
181 TInt &aIndex, const TBool aInfoOnly, |
|
182 TPkiServiceStoreType aStoreType = EPkiStoreTypeUser) const; |
|
183 |
|
184 TInt CertCount(void); |
|
185 TInt ApplicableCertCount(const RArray<TUid>& aUidArray); |
|
186 TInt GetCertListL(const RMessage2& aMessage, TPkiServiceStoreType aStoreType, TBool aDescUsed = EFalse); |
|
187 void GetApplicableCertListL(const RMessage2& aMessage, const RArray<TUid>& aUidArray); |
|
188 |
|
189 // Function to check whether the given certificate is unique (doesn't exist in cert store) |
|
190 TBool CertificateIsUniqueL(const TDesC8& aCertData); |
|
191 |
|
192 // Function that returns a guaranteedly unique certificate label. |
|
193 void GenerateUniqueNameL(const TDesC8& aCertData, TDes& aName, |
|
194 TCertificateOwnerType aOwnerType = ECACertificate); |
|
195 void SetCacheCreated(); |
|
196 TBool CacheCreated(); |
|
197 |
|
198 private: // implementation |
|
199 |
|
200 void DeleteMapping(TInt aIndex); |
|
201 TBool LabelIsUnique(const TDesC& aLabel) const; |
|
202 void LogMap(CMapDescriptor& aDescriptor) const; |
|
203 void LogSearchArguments(TSecurityObjectDescriptor& aDescriptor) const; |
|
204 |
|
205 private: // C'tor |
|
206 |
|
207 CPKIMapper(); |
|
208 void ConstructL(); |
|
209 |
|
210 private: // data |
|
211 TBool iCacheCreated; |
|
212 TInt iCount; |
|
213 /// Used when generating uniqname |
|
214 |
|
215 RPointerArray<CMapDescriptor>* iMapping; |
|
216 TPckgBuf<TSecurityObjectDescriptor> iCurrentDescriptor; |
|
217 TBuf<MAX_FILENAME_LENGTH> iObjectName; |
|
218 }; |
|
219 |
|
220 class PkiUtil |
|
221 { |
|
222 public: |
|
223 static TBool MatchL(const CX500DistinguishedName& aDn1, |
|
224 const CX500DistinguishedName& aDn2); |
|
225 |
|
226 private: |
|
227 static TBool HasElementL(const CX500DistinguishedName& aDn, |
|
228 const CX520AttributeTypeAndValue& aElement); |
|
229 }; |
|
230 |
|
231 |
|
232 #endif |