diff -r 000000000000 -r 33413c0669b9 vpnengine/ikecert/inc/ikev2pkiservice.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/ikecert/inc/ikev2pkiservice.h Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,181 @@ +/* +* Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: IKEv2 specifig certificate reading related stuff +* +*/ + + +#ifndef C_IKEV2PKISERVICE_H +#define C_IKEV2PKISERVICE_H + +#include + +#include "pkiserviceapi.h" + +class CIkeCaElem; +class TCertInfo; +class TCReqPayloadIkev2; +class CIkeData; +class CIkeCaList; +class MIkeV2PkiServiceObserver; +class TOwnCertInfo; +class MIkeDebug; + + +class CIkeV2PkiService : public CActive + { +public: + enum TIkeV2PkiServiceState + { + EPkiServiceIdle = 0, + EBuildingCaList, + EReadingCertificate, + EReadingCertificateChain + }; + + + + IMPORT_C static CIkeV2PkiService* NewL(MIkeV2PkiServiceObserver& aObserver, MIkeDebug& aDebug); + IMPORT_C ~CIkeV2PkiService(); + + + /** + * Reads all the CA certs defined in the list to the memory. + * + * This method is completed by calling: + * MIkeV2PkiServiceObserver::IkeV2PkiInitComleteL + * + * @param aCAList List of CA's, which are retrieved. + */ + IMPORT_C void InitIkeV2PkiService(const CIkeData* aIkeData); + + /* + * Computes IKEv2 signature with a specified private key. + * Actually a signature computed happens by referring the related certificate + * when the PKI store produces the signature with corresponding private key. + * + * @param aTrustedAuthority Trusted CA name coded either in ASN1 (DN) format or ASCII format + * @param aOwnCertInfo Own cert info from the IKE policy + * @param aMsgOctets Message data signed. A SHA1 hash is calculated over these message + * octets and result is encoded as PKCS1v15 signature before + * encrypted with private key + * @result signature length. + */ + IMPORT_C TInt Ikev2SignatureL(const TDesC8& aTrustedAuthority, + const TOwnCertInfo& aOwnCertInfo, + const TDesC8& aMsgOctets, + TDes8& aSignature, TUint8 aAuthMeth); + + + /** + * Returns a list of trusted CA certificates. + * If the InitIkeV2PkiService method is not called + * successfully before this method is called an + * empty list is returned. + * + * @result a list of trusted CA certificates. + */ + IMPORT_C const CIkeCaList& CaList() const; + + + /** + * + */ + IMPORT_C const TDesC8& UserCertificateData() const; + + IMPORT_C const TDesC8& I2CertificateData() const; + IMPORT_C const TDesC8& I1CertificateData() const; + /** + * Returns the name of the trsuted authority of + * user certificate. + * + * If no user certificates are loaded an empty string is returned. + * + * @result the name of the trusted authority of the user certificate. + */ + IMPORT_C const TDesC8& TrustedCaName() const; + +protected: + void DoCancel(); + void RunL(); + TInt RunError(TInt aError); + +private: + CIkeV2PkiService(MIkeV2PkiServiceObserver& aObserver, MIkeDebug& aDebug); + void ConstructL(); + + void ReadTrustedUserCertificateL(); + void ReadUserCertificateL(const TDesC8& aTrustedAuthority, TBool aGetCACert); + void ReadCertificateChainL(); + + + void InitIkeV2PkiServiceL(); + void ImportNextCaElemFromIkeDataListL(); + void BuildingCaListRunL(); + void ReadUserCertificateRunL(); + void ReadCertificateChainRunL(); + + static void CIkeV2PkiServiceApplUidArrayCleanup(TAny* any); + + + void SignalObserverL(TInt aStatus); +private: + MIkeV2PkiServiceObserver& iObserver; + MIkeDebug& iDebug; + + RPKIServiceAPI iPkiService; // PKI Service handle + TIkeV2PkiServiceState iState; // Current state + + HBufC8* iCaName; // Ca name work buffer + const CIkeData* iIkeData; // Current policy data object + + + HBufC8* iReadCertificate; // Certificate stream + TPtr8 iCertPtr; // For Pkiserviceapi calls + + HBufC8* iSubjName; // Subject alt name buffer + HBufC8* iRfc822Name; // RFC822 name buffer + TPKIKeyIdentifier iCertKeyId; // Certficate keyid + + TAny* iResArray; // For Pkiserviceapi calls + + RPointerArray iCasTrustedByPeer; // CA name list delivered + CArrayFixFlat* iIkeDataCAList; + CIkeCaList* iTrustedCAList; // Trusted CA certificate list + HBufC8* iUserCertificate; + HBufC8* i2Certificate; // Intermediate certificate Level 2 + HBufC8* i2CertificateName; + HBufC8* i1Certificate; // Intermediate certificate Level 1 + }; + + +/** +* IKE PKI service request complete +* @internalComponent +*/ +class MIkeV2PkiServiceObserver +{ + public: + /** + * IKE PKI service operation completed + * @internalComponent + * @param aStatus completion status of operation + * @param aObject pointer to CIkePkiService object + * + */ + virtual void IkeV2PkiInitCompleteL(TInt aStatus)=0; +}; + + +#endif //C_IKEV2PKISERVICE_H