--- a/vpnengine/vpnmanager/src/vpnapiservant.cpp	Thu Jan 07 13:26:15 2010 +0200
+++ b/vpnengine/vpnmanager/src/vpnapiservant.cpp	Mon Jan 18 21:14:04 2010 +0200
@@ -381,15 +381,55 @@
 
     // Read policy data
     TInt len = aMessage.GetDesLength(SECOND_ARGUMENT);
-    HBufC8* policyData = HBufC8::NewL(len);
-    CleanupStack::PushL(policyData);
-
+    HBufC8* policyData = HBufC8::NewLC(len);
     TPtr8 ptrPolicyData = policyData->Des();
     aMessage.ReadL(SECOND_ARGUMENT, ptrPolicyData);
 
+    //Make a validy check to the policy data
+    //by parsing it and checking certificate formats
+    HBufC* policyData16 = HBufC::NewLC(policyData->Length());
+    policyData16->Des().Copy(*policyData);
+    
+    CIkeDataArray* ikeDataArray = CIkeDataArray::NewL(1);
+    CleanupStack::PushL(ikeDataArray);
+    
+    TIkeParser* ikeParser = new (ELeave) TIkeParser(*policyData16);
+    CleanupStack::PushL(ikeParser);
+    ikeParser->ParseIKESectionsL(ikeDataArray);
 
+    for (TInt i = 0; i < ikeDataArray->Count(); ++i)
+        {
+        const CIkeData* ikeData = ikeDataArray->At(i);
+        if (ikeData->iCAList != NULL)
+            {
+            for (TInt j = 0; j < ikeData->iCAList->Count(); j++)
+                {
+                if (ikeData->iCAList->At(j)->iFormat == BIN_CERT)
+                    {
+                    LOG(Log::Printf(_L("Policy contains BIN certificates --> Failing")));
+                    //Ca cert in wrong format --> Error
+                    User::Leave(KVpnErrInvalidPolicyFile);
+                    }
+                }            
+            }
+        if ((ikeData->iOwnCert.iData.Length() > 0 &&
+             ikeData->iOwnCert.iFormat == BIN_CERT) ||
+            (ikeData->iPrivKey.iData.Length() > 0 &&
+             ikeData->iPrivKey.iFormat == BIN_CERT) ||
+            (ikeData->iPeerCert.iData.Length() > 0 &&
+            ikeData->iPeerCert.iFormat == BIN_CERT))
+            {
+            LOG(Log::Printf(_L("Policy contains BIN certificates --> Failing")));    
+            //Key or user cert in wrong format
+            User::Leave(KVpnErrInvalidPolicyFile);
+            }        
+        }
+    
+    CleanupStack::PopAndDestroy(); //ikeParser
+    CleanupStack::PopAndDestroy(ikeDataArray);
+    CleanupStack::PopAndDestroy(policyData16);
+    
     LOG(Log::Printf(_L("Calling: iPolicyStore->AddNewPolicyL")));    
-    // Add the policy to the policy store
     TRAPD(err, iPolicyStore->AddNewPolicyL(*policyDetails, *policyData));
     if (err == KErrNone)
     {