--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/webservices/wsstar/wsstarplugin/src/wsstartrustclient.cpp Thu Jan 07 16:19:19 2010 +0200
@@ -0,0 +1,1209 @@
+/*
+* Copyright (c) 2006-2006 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+
+
+
+
+
+
+
+
+
+// INCLUDE FILES
+#include "wsstartrustclient.h"
+
+#include <s32mem.h>
+#include <f32file.h>
+#include <s32file.h>
+#include <SenXmlUtils.h>
+#include "sencryptoutils.h"
+
+#include "wsstarservicesession.h"
+#include "SenXmlUtils.h"
+#include "msencoreservicemanager.h"
+#include "sendebug.h"
+#include "senlogger.h"
+#include "MSenServiceDescription.h"
+#include "senlogger.h"
+#include "SenServiceConnection.h"
+#include "seninternalserviceconsumer.h"
+#include "wsstarrstresponse.h"
+#include <SenCredential.h>
+#include "wsstarpolicy.h"
+#include "wsstarplugin.h"
+#include <SenTransportProperties.h>
+#include "senwspattern.h"
+
+using namespace WSTrust;
+using namespace WSPolicy;
+
+_LIT8(KRemoteConsumer, "RemoteConsumer");
+
+//---------------------------------------------------------------------------
+// Creates and returns a new instace of this class.
+//---------------------------------------------------------------------------
+//
+CWSStarTrustClient* CWSStarTrustClient::NewL(
+ CSIF& aSIF,
+ RFileLogger& aLogger)
+ {
+ CWSStarTrustClient* pNew = NewLC(aSIF, aLogger);
+ CleanupStack::Pop(pNew);
+ return pNew;
+ }
+
+//---------------------------------------------------------------------------
+// Creates and returns a new instace of this class and leaves the object on the cleanup stack
+//---------------------------------------------------------------------------
+//
+CWSStarTrustClient* CWSStarTrustClient::NewLC(
+ CSIF& aSIF,
+ RFileLogger& aLogger)
+ {
+ CWSStarTrustClient* pNew =
+ new (ELeave) CWSStarTrustClient(
+ aSIF,
+ MSenServiceDescription::EWSStarSTSClient,
+ aLogger);
+
+ CleanupStack::PushL(pNew);
+ pNew->BaseConstructL();
+ return pNew;
+ }
+
+//---------------------------------------------------------------------------
+// Constructor
+//---------------------------------------------------------------------------
+//
+CWSStarTrustClient::CWSStarTrustClient(
+ CSIF& aSIF,
+ TDescriptionClassType aType,
+ RFileLogger& aLogger)
+ : CSenInternalServiceConsumer(aType, aSIF),
+ iLog(aLogger)
+ {
+ }
+
+void CWSStarTrustClient::BaseConstructL()
+ {
+ CSenInternalServiceConsumer::ConstructL();
+ iTpCounter = 0;
+ TLSLOG(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,(_L("CWSStarTrustClient::ConstructL()")));
+ }
+
+//---------------------------------------------------------------------------
+// Destructor
+//---------------------------------------------------------------------------
+//
+CWSStarTrustClient::~CWSStarTrustClient()
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::~CWSStarTrustClient");
+ delete iSTSSession;
+ delete iEntropyClient;
+ delete iAppliesTo;
+ delete ipTransport;
+ delete iTokenType;
+ delete iSTSOrginalEndpoint;
+ }
+
+
+//---------------------------------------------------------------------------
+// The most siginificant method of this class. Make validation of session,
+// credentails obtained if needed.
+// Sequential logic, synchronized, step bye SOAP exchange scenrio.
+//---------------------------------------------------------------------------
+//
+TInt CWSStarTrustClient::ValidateL( CWSStarServiceSession& aSession,
+ TBool aRenewing,
+ HBufC8*& aErrorMessage,
+ TBool aOnlySharing )
+ {
+ iSTSSession->CompleteServerMessagesOnOffL(ETrue);
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL(..)");
+ TInt retVal(KErrNone); // for returning error codes
+ iWSStarServiceSession = &aSession; // save session
+
+//----------------------
+//0 token sharing
+//----------------------
+ TBool sharingSucceed = EFalse;
+ HBufC8* clusterUsed = CWSStarPolicy::GetPolicyValueL(KIssuedToken, KRPSCluster, *iHndCtx, iSTSSession);
+ CleanupStack::PushL(clusterUsed);
+
+ //its mean - if our provider uses cluster template,
+ //so we can try copy MT and SCT form other msn services which use same provider ID
+ if (clusterUsed)
+ {
+ RPointerArray<CSenWSDescription> msnSDs;
+ CleanupClosePushL(msnSDs);
+ CSenWSPattern* pattern = CSenWSPattern::NewLC();
+
+ //select * from session_of_SD where session is (ws* framework, and has same provideId)
+ //here we assume that provider use cluster template
+
+ pattern->SetFrameworkIdL(KDefaultWSStarFrameworkID);
+ pattern->AsElement().AddElementL(KSenIdpProviderIdLocalname).SetContentL(iIdentityProvider->ProviderID());
+ //pattern->AsElement().AddElementL(WSStarSession::KProviderIdElementLocalName).SetContentL(iIdentityProvider->ProviderID());
+ //seeking
+ CWSStarServiceSession* msnSession = NULL;
+ TRAPD(leaveError, retVal = Framework().Manager().ServiceDescriptionsL(msnSDs, *pattern));
+ if(!retVal && !leaveError)
+ {
+ TInt count = msnSDs.Count();
+ TBool pMTwasReplaceBySCT = EFalse;
+ TBool seekSCT = EFalse;
+ for(TInt i = 0; i < msnSDs.Count(); i++)
+ {
+ //all sessions (so in practice we have also access to SCT, not only MT),
+ // to eliminate client, just for case we check type
+ TDescriptionClassType dt = msnSDs[i]->DescriptionClassType();
+ if (dt == MSenServiceDescription::EWSStarServiceSession)
+ {
+ msnSession = (CWSStarServiceSession*)msnSDs[i];
+ //dont share to itself
+ if (msnSession != iWSStarServiceSession)
+ {
+ TRAPD(err, retVal = msnSession->ShareTokenWithL(
+ iWSStarServiceSession, pMTwasReplaceBySCT,
+ seekSCT));
+ if ((retVal == KErrNone) && (err == KErrNone))
+ {
+ sharingSucceed = ETrue;
+ if (pMTwasReplaceBySCT)
+ {
+ break;
+ }
+ else
+ {
+ seekSCT = ETrue;//in order to find other session which can have additioanly SCT
+ }
+ }
+ }
+ }
+ }
+ if ( !pMTwasReplaceBySCT && !sharingSucceed )
+ {
+ // Did not find valid MT (<=> sharingSucceed == EFalse)
+ // AND did not find valid SCT (<=> pMTwasReplaceBySCT == EFalse)
+ //
+ // Try to search valid MT directly from CredentialManager
+ // (This is needed especially in case when MT is imported
+ // through Public API
+ // => There is not yet Session which holds imported MT)
+ if ( iWSStarServiceSession->TryToSearchValidCredentialL() == KErrNone ) //codescannerwarnings
+ {
+ iWSStarServiceSession->SetStatusL();
+ iWSStarServiceSession->AddSecurityTokenToContextL();
+ sharingSucceed = ETrue;
+ }
+ }
+ }
+ CleanupStack::PopAndDestroy(2, &msnSDs);
+ }
+ CleanupStack::PopAndDestroy(clusterUsed);
+
+ if (sharingSucceed)
+ {
+ iWSStarServiceSession->SetTrustAnchorL(iIdentityProvider->ProviderID());
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL(..) - sharing succed, we don't need more validation");
+ return KErrNone;
+ }
+ if (aOnlySharing)
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL(..) - only sharing was allowed so NO continuation");
+ return KErrNone;
+ }
+
+
+//-----------------
+//1 Init session
+//-----------------
+
+ if (!iSTSSession)// if trustClient has NOT been registered earlier
+ {
+ iSTSSession = CWSStarServiceSession::NewL(Framework());
+ iSTSSession->InitializeFromL(*this);
+ iSTSSession->SetEndPointL(iIdentityProvider->Endpoint());
+ iSTSSession->SetContractL(KWSStarSTSContract);
+ iSTSSession->AddConsumerL(*this);
+ }
+ CSenXmlReader* reader = Framework().Manager().XMLReader();
+ CWSStarSessionContext* stsSsnContext = iSTSSession->SessionContext();
+ iPassportMode = CWSStarPolicy::CheckPolicyValueL(KPassportExtensions, iSTSSession);
+ if (iPassportMode)
+ {
+ stsSsnContext->Update(WSStarContextKeys::KPassportEnabled, ETrue);
+ aRenewing = FALSE; //MS passport doesn't support renewing binding. So we force here issue binding
+ }
+ iRenewingMode = aRenewing;
+
+//-----------------
+//2.preparing context
+//-----------------------WS-TRUST 2005-02 chapter 6 - RST issue-------------------------
+ stsSsnContext->Update(WSStarContextKeys::KAction, GetAction());
+
+ TInt retryCounter(0);
+ TBool retry(ETrue);
+ TBool authenticationInfoPromptedFromUser(EFalse);
+ TPckgBuf<TSenAuthentication> authInfo;
+ HBufC8* responseXML = NULL;
+ HBufC8* pBodyXML = NULL;
+ MSenRemoteServiceConsumer* pConsumer = NULL;
+
+ while ( retry ) // Authentication loop starts
+ {
+ retry = EFalse;
+
+ //setting secure profile of authentication with sts, can X509, so in future some factory calling
+ if (CWSStarPolicy::CheckPolicyValueL(KUsernameTokenOverTLS, iSTSSession))
+ {
+ HBufC8* token = NULL;
+ if ( authenticationInfoPromptedFromUser )
+ {
+ CSenWsSecurityHeader::UsernameTokenL(authInfo().iUsername,
+ authInfo().iPassword,
+ token);
+ }
+ else
+ {
+ CSenWsSecurityHeader::UsernameTokenL(iIdentityProvider->UserName(),
+ iIdentityProvider->Password(),
+ token);
+ }
+ stsSsnContext->Update(WSStarContextKeys::KSecurityToken, *token);
+ delete token;
+ token = NULL;
+ }
+
+ //building body
+ CWSStarPlugin& frmWSStar = (CWSStarPlugin&)Framework();
+ CSenElement* pBody = CreateBodyL();
+ stsSsnContext->Update(WSStarContextKeys::KBodyElement, pBody);
+ pBodyXML = pBody->AsXmlL();
+ CleanupStack::PushL(pBodyXML);
+ //-----------------
+ //_____________________________________SYNC Sending____________________________________________
+
+ CSenTransportProperties* transProp = CSenTransportProperties::NewLC();
+ const TDesC8* value =stsSsnContext->GetDesC8L(WSStarContextKeys::KAction);
+ if(value)
+ transProp->SetSoapActionL(*value);
+
+ // IAP dialog used to appear though IAP id is provided as a part of Service Description
+ // Get the IAP setting and accordingly set the transport properties
+ TUint32 id = 0;
+ TInt getIapRetCode = IapId(id);
+
+ ;
+ // Check whether IAP ID is pre-defined, and copy it only if such property value is found
+ //if ( getIapRetCode == KErrNone && id < 4294967295) // unsigned 4294967295 == -1 signed
+ if ( getIapRetCode == KErrNone && id < (TUint32)KErrNotFound) // unsigned 4294967295 == -1 signed
+ {
+ transProp->SetIapIdL(id);
+ }
+ // ETMI-6WAGDB end
+
+ //limit http timeout,
+ // if sts hangs and can not send any response, then we block every async client method.
+ // Possibel revalidation during sendL can take too long time therefore we create new limit
+ transProp->SetMaxTimeToLiveL(WSStarSession::KMaxHttpTimeOut);
+
+ HBufC8* transPropAsXml = transProp->AsUtf8LC();
+ /*
+ if( iWSStarServiceSession )
+ {
+ iWSStarServiceSession->SendStatusToConsumerL( KSenStatusAuthentication );
+ }
+ */
+ //overwrite passport endpoint (provided by GUI) by endpoint provided by policy
+ AdaptStsEndpointL(); //codescannerwarnings
+ iTpCounter++;
+ retVal = iSTSSession->SubmitL(*pBodyXML, *transPropAsXml, *this, responseXML);
+ iTpCounter--;
+ CWSStarSessionContext* pSessionCtxt = iWSStarServiceSession->SessionContext();// redundant code
+ TAny* ptr = pSessionCtxt->GetAnyL(KRemoteConsumer()); //codescannerwarnings
+ if ( ptr )
+ {
+ pConsumer = REINTERPRET_CAST(MSenRemoteServiceConsumer*, ptr);
+ }
+ else
+ {
+ pConsumer = iWSStarServiceSession->Consumer();
+ }
+
+ pConsumer->SetDataTrafficDetails(iTrustDetails);
+ AdaptStsEndpointL(ETrue);
+ CleanupStack::PopAndDestroy(transPropAsXml);
+ CleanupStack::PopAndDestroy(transProp);
+ CleanupStack::PopAndDestroy(pBodyXML);
+
+ CleanupStack::PushL(responseXML);
+
+ if ( retVal == KErrSenSoapFault )
+ {
+ //CREDLOG_L(KSenCredsLogLevelNormal,".......failed (SOAP Fault)");
+ CWSStarSessionContext* pSessionContext = iWSStarServiceSession->SessionContext();
+ TAny* ptr = pSessionContext->GetAnyL(KRemoteConsumer()); //codescannerwarnings
+ if ( ptr )
+ {
+ pConsumer = REINTERPRET_CAST(MSenRemoteServiceConsumer*, ptr);
+ }
+ else
+ {
+ pConsumer = iWSStarServiceSession->Consumer();
+ }
+
+ if ( pConsumer && !pConsumer->HasAuthenticationCallback() &&
+ retryCounter < 3 )
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - Consumer does not have AuthenticationCallback");
+
+ const TDesC8* pValue = iIdentityProvider->AsElement().AttrValue( KSenAttrPromptUserInfo );
+
+#ifdef _RD_SEN_WS_STAR_DO_NOT_PROMPT_AUTHINFO_BY_DEFAULT
+ if ( pValue && *pValue != _L8("false") )
+ // attribute has to exist, otherwise logic defaults to: DO NOT PROMPT
+#else
+ if ( !pValue || *pValue != _L8("false") )
+ // even when attribute does NOT exist, or when it does and has any other value but "false", default to: PROMPT
+#endif
+ {
+ const TBool* renewingPtr = stsSsnContext->GetIntL(WSStarContextKeys::KReAuthNeeded);
+ if ( renewingPtr )
+ {
+ if ( *renewingPtr )
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"- Prompt is used to get AuthenticationInfo");
+ TInt ret = (Framework().Manager()).AuthenticationForL(*iIdentityProvider,
+ authInfo);
+ if ( ret == KErrNone )
+ {
+ retryCounter++;
+ retry = ETrue;
+ authenticationInfoPromptedFromUser = ETrue;
+ }
+ }
+ }
+ }
+ else
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::ValidateL - promptUserInfo = false");
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel," => prompt is not used.");
+ }
+ }
+ if ( pConsumer && pConsumer->HasAuthenticationCallback() &&
+ retryCounter < 3 )
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::ValidateL - Consumer has AuthenticationCallback");
+
+ const TDesC8* pValue = iIdentityProvider->AsElement().AttrValue( KSenAttrPromptUserInfo );
+
+ if ( !pValue || *pValue != _L8("false") )
+ {
+ const TBool* renewingPtr = stsSsnContext->GetIntL(WSStarContextKeys::KReAuthNeeded);
+ if ( renewingPtr && *renewingPtr )
+ {
+ const TBool* renewingByCredObserv = iWSStarServiceSession->SessionContext()->GetIntL(WSStarContextKeys::KReAuthNeededFromCredObserv);
+ if( renewingByCredObserv != NULL && *renewingByCredObserv )
+ {
+ // Credential Observer -> call reauthenticatino through connection agent
+ CSenIdentityProvider* newIdP = iIdentityProvider;
+ TRAPD(error, retVal = pConsumer->ReauthenticationNeededL(newIdP));
+ if(error == KErrNone && retVal == KErrNone)
+ {
+ // Update identity provider in case old one got corrupted
+ iIdentityProvider = newIdP;
+ retryCounter++;
+ retry = ETrue;
+ }
+ else
+ {
+ retVal = KErrSenFailedAuthentication;
+ }
+ }
+ else
+ {
+ retVal = KErrSenFailedAuthentication;
+ }
+ }
+ }
+ else
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::ValidateL - UserInfoPrompt = false");
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel," => AuthenticationCallback is not used.");
+ }
+
+ }
+ }
+
+ if ( retry )
+ {
+ CleanupStack::PopAndDestroy(responseXML);
+ }
+ } // Authentication loop ends
+
+ if (!retVal)
+ {
+ const TDesC8* responseAction = stsSsnContext->GetDesC8L(WSStarContextKeys::KResponseAction);
+ if (responseAction &&
+ responseAction->Length())
+ {
+ if (*responseAction != GetActionResponse())
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::ValidateL - wrong action in response");
+
+ retVal = KErrNotFound;
+ //no ws-trust specifiv fault defined for invalid RESPONSE. I can only answer iwth addressign fault
+ //but no access to addressing handler directly
+ }
+ }
+ }
+ if (retVal != KErrNone)
+ {
+ TLSLOG_FORMAT((KSenCoreServiceManagerLogChannelBase , KNormalLogLevel, _L8("CWSStarTrustClient::ValidateL - error when submit to STS %d"), retVal));
+
+ if (responseXML)
+ {
+ aErrorMessage = responseXML;
+ }
+
+ CleanupStack::Pop(responseXML);
+ if (! iTpCounter)
+ {
+ //we don't have to keep transport. Important expecially during night test,
+ // when transport and its RConnection exceed idle timeout
+ delete ipTransport;
+ ipTransport = NULL;
+ }
+ return retVal;
+ }
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - response from STS is a valid SOAP");
+ #ifdef RD_SEN_VTCP_SUPPORT
+ //#ifdef RD_SEN_CO_BRAND_SUPPORT
+ //stsSsnContext->Update(WSStarContextKeys::KBrandIDEnabled, EFalse);
+ const TDesC8* mainBrandID = stsSsnContext->GetDesC8L(WSStarContextKeys::KMainBrandID);
+ if (mainBrandID && mainBrandID->Length())
+ {
+ if(iPassportMode)
+ {
+ //Call Back Consumer
+ CWSStarSessionContext* pSessionContext = iWSStarServiceSession->SessionContext();
+ TAny* ptr = pSessionContext->GetAnyL(KRemoteConsumer()); //codescannerwarnings
+ if ( ptr )
+ {
+ pConsumer = REINTERPRET_CAST(MSenRemoteServiceConsumer*, ptr);
+ }
+ else
+ {
+ pConsumer = iWSStarServiceSession->Consumer();
+ }
+
+ if ( pConsumer && pConsumer->HasCoBrandingCallback() )
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::HasCoBrandingCallback");
+ const TDesC8* brandIDList = stsSsnContext->GetDesC8L(WSStarContextKeys::KBrandIDList);
+
+ RBuf8 selectedBrandId;
+ //User will reply with go/no go optoin
+ if(pConsumer->OnGetBrandIdL(*brandIDList,selectedBrandId))
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::Brand ID Is Enabled");
+ // co-branding - Add co branding details in context
+ stsSsnContext->Update(WSStarContextKeys::KBrandIDEnabled, ETrue);
+ }
+ else
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KNormalLogLevel,"CWSStarTrustClient::Brand ID Is Disabled");
+ // co-branding - Add co branding details in context
+ stsSsnContext->Update(WSStarContextKeys::KBrandIDEnabled, EFalse);
+ }
+
+ }
+
+ }
+ }
+
+ TBool cacheToken = ETrue;
+ const TBool* brandID = stsSsnContext->GetIntL(WSStarContextKeys::KBrandIDEnabled);
+ if(brandID && !(*brandID))
+ {
+ cacheToken = EFalse;
+ retVal = KErrSenBrandNotSupported;
+ }
+
+ if(cacheToken)
+ {
+ //#endif//RD_SEN_CO_BRAND_SUPPORT
+ #endif//RD_SEN_VTCP_SUPPORT
+//-----------------
+//4 building response
+//-----------------
+ CWSStarRSTResponse* rstResponse = CWSStarRSTResponse::NewLC(FALSE, *iAppliesTo, iVersion);
+ rstResponse->SetPolicyVersion(&GetPolicyNs());
+ rstResponse->UpdateAddressingHoldersL(*stsSsnContext);
+ rstResponse->SetReader(*Framework().Manager().XMLReader());
+ //shouldnt be error, parsing is done earlier by core so we can be sure, that it is valid SOAP XML
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - building RSTResponse");
+ rstResponse->BuildFrom(*responseXML);
+
+ if (! iWSStarServiceSession->ExistConsumerL())
+ {
+ retVal = KErrNotFound;
+ }
+ else
+ {
+ iWSStarServiceSession->SetTrustAnchorL(iIdentityProvider->ProviderID());
+ if (rstResponse->IsResponse())
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - set ctx basing on RSTR");
+ //const TBool* brandID = stsSsnContext->GetIntL(WSStarContextKeys::KBrandIDEnabled);
+ TBool isWAPExists = CWSStarPolicy::CheckPolicyValueL(WSStarContextKeys::KWAPGW, iSTSSession);
+ #ifdef RD_SEN_VTCP_SUPPORT
+ //#ifdef RD_SEN_CO_BRAND_SUPPORT
+ if(isWAPExists && (brandID && *brandID))
+ #else
+ if(isWAPExists)
+ //#endif//RD_SEN_CO_BRAND_SUPPORT
+ #endif//RD_SEN_VTCP_SUPPORT
+ {
+ retVal = iWSStarServiceSession->SessionContext()->SetTokenKeysL(
+ *rstResponse, iEntropyClient,EFalse);
+ }
+ else
+ {
+ retVal = iWSStarServiceSession->SessionContext()->SetTokenKeysL(
+ *rstResponse, iEntropyClient,ETrue);
+ }
+ iWSStarServiceSession->ActiveTicketObserverL();
+ //SetTokenKeys call indirectly SetStatus in order to signal session's consumers that connection is ready for sending
+ if (retVal)
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - response from STS is wrong RSTR, maybe some nested Fault");
+ //CREDLOG_L(KSenCredsLogLevelNormal,".......failed, problem with RSTR analizing");
+ aErrorMessage = responseXML;
+ if (retVal == KErrNotFound)
+ {
+ retVal = KErrSenSoapFault;
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel," ------- returning SOAP Fault for MS and clearing the credential if any");
+ iWSStarServiceSession->DetachCredentialsL();
+ }
+ }
+ /*else
+ {
+ #ifdef _SENDEBUG
+ _LIT8(KCredsLogLine, "...Token has been issued (period = %S - %S)");
+ CREDLOG_FORMAT((KSenCredsLogChannel, KSenCredsLogLevelNormal, KCredsLogLine, &(rstResponse->CredentialCreated()), &(rstResponse->CredentialExpires())));
+ #endif
+ }*/
+ }
+ else
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::ValidateL - response from STS is not a proper RSTR");
+ aErrorMessage = responseXML;
+ retVal = KErrNotFound;
+ }
+ TLSLOG_FORMAT((KSenCoreServiceManagerLogChannelBase , KNormalLogLevel, _L8("CWSStarTrustClient::ValidateL - building session Ctx: %d"), retVal));
+ }
+
+ CleanupStack::PopAndDestroy(rstResponse);
+#ifdef RD_SEN_VTCP_SUPPORT
+//#ifdef RD_SEN_CO_BRAND_SUPPORT
+ }
+//#endif//RD_SEN_CO_BRAND_SUPPORT
+#endif//RD_SEN_VTCP_SUPPORT
+ if (!aErrorMessage)
+ {
+ CleanupStack::PopAndDestroy(responseXML);
+ }
+ else
+ {
+ CleanupStack::Pop(responseXML);
+ }
+ if (! iTpCounter)
+ {
+ delete ipTransport;
+ ipTransport = NULL;
+ }
+ return retVal;
+ }
+
+
+
+//---------------------------------------------------------------------------
+// SetStatus
+//---------------------------------------------------------------------------
+//
+
+void CWSStarTrustClient::SetStatus(TInt /*aStatus */)
+ {
+ // No implementation in Java
+ }
+
+//---------------------------------------------------------------------------
+// SetAccount
+//---------------------------------------------------------------------------
+//
+void CWSStarTrustClient::SetAccount(
+ CSenIdentityProvider* aIdentityProvicer)
+ {
+ iIdentityProvider = aIdentityProvicer;
+ }
+/*CSenIdentityProvider* CWSStarTrustClient::Account()
+ {
+ return iIdentityProvider;
+ }*/
+/*TInt CWSStarTrustClient::SetProviderIdL(const TDesC8& aProviderID)
+ {
+ HBufC8* pNew = NULL;
+ if(aProviderID.Length()>0)
+ {
+ pNew = aProviderID.AllocL();
+ }
+ delete ipProviderId;
+ ipProviderId = pNew;
+ return KErrNone;
+ }
+TPtrC8 CWSStarTrustClient::ProviderId()
+ {
+ if(ipProviderId)
+ return *ipProviderId;
+ else
+ return KNullDesC8();
+ }*/
+
+//---------------------------------------------------------------------------
+// ServiceSession
+//---------------------------------------------------------------------------
+//
+CSenServiceSession* CWSStarTrustClient::ServiceSession()
+ {
+ return iWSStarServiceSession;
+ }
+
+//---------------------------------------------------------------------------
+// Obtain Transport using a factory from Core Manager
+//---------------------------------------------------------------------------
+//
+MSenTransport& CWSStarTrustClient::TransportL()
+ {
+ if(!ipTransport)
+ {
+ // Core is capable of working as transport factory, too.
+ // The returned transport instancies may or may not be
+ // ECOM plugins:
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::Instantiating new transport");
+ ipTransport = Framework().Manager().CreateL(*iSTSSession, iSTSSession);
+ }
+ return *ipTransport;
+ }
+//---------------------------------------------------------------------------
+// SetSTSSessionL
+//---------------------------------------------------------------------------
+//
+void CWSStarTrustClient::SetSTSSessionL(
+ CWSStarServiceSession* aSession)
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::SetServiceSessionL");
+ _LIT8(KTouch, "touch");
+ // free memory
+ //delete iSTSSession;
+ const TDesC8* attrValue = aSession->AsElement().AttrValue(KTouch);
+ if(attrValue != NULL)
+ {
+ AsElement().AddAttrL(KTouch, *attrValue);
+ }
+ iSTSSession = aSession;
+ if(iSTSSession)
+ {
+ iSTSSession->AddConsumerL(*this);
+ }
+ }
+
+CWSStarServiceSession* CWSStarTrustClient::GetSTSSessionL()
+{
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::SetServiceSessionL");
+ if(iSTSSession)
+ {
+ return iSTSSession;
+ }
+ else
+ {
+ return NULL;
+ }
+}
+//---------------------------------------------------------------------------
+// Create body for STS request
+//---------------------------------------------------------------------------
+//
+CSenElement* CWSStarTrustClient::CreateBodyL()
+ {
+ HBufC8* value = const_cast<HBufC8*>(CWSStarPolicy::GetPolicyValueL(KIssuedToken, KRPSCluster, *iHndCtx, iSTSSession));
+ CleanupStack::PushL(value);
+
+//-----------------
+//1 RST part (1st otken, proper one)
+//-----------------
+ CSenElement* specificRST = NULL;
+ if (value && iPassportMode)
+ {
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::CreateBodyL - found cluster");
+ delete iAppliesTo;
+ iAppliesTo = NULL;
+ iAppliesTo = value;
+ specificRST = CreateRSTL(iRenewingMode, value->Des());
+ CleanupStack::Pop(value);
+ value = NULL;
+ }
+ else
+ {
+ delete iAppliesTo;
+ iAppliesTo = NULL;
+ iAppliesTo = iWSStarServiceSession->Endpoint().AllocL();
+ specificRST = CreateRSTL(iRenewingMode, *iAppliesTo);
+ CleanupStack::PopAndDestroy(value);
+ //Renewing - check from policy
+ //@Allow not specified, the default value is true.
+ //@OK not specified, the default value is false.
+ specificRST->AddElementL(*iVersion, KRenewingTag);
+ }
+ CleanupStack::PushL(specificRST);
+
+//-----------------
+//2 entropy
+//-----------------
+
+ if (CWSStarPolicy::CheckPolicyValueL(KClientEntropy, iSTSSession))
+ {
+ TRAPD(error, RandomEntropyClientL());
+ if (!error)
+ {
+ CSenElement& entrElement = specificRST->AddElementL(*iVersion, KEntropyTag);
+ entrElement.AddElementL(*iVersion, KBinarySecretTag).SetContentL(*iEntropyClient);
+ }
+ }
+
+//-----------------
+//3 excluding dynamic RST by RST template
+//-----------------
+ delete iTokenType;
+ iTokenType = NULL;
+ iTokenType = CWSStarPolicy::GetPolicyValueL(WSPolicy::KTokenType, iSTSSession);
+ if (!iTokenType && iPassportMode)
+ {
+ iTokenType = WSPassport32::KDefaultTokenType().AllocL();
+ }
+
+
+ RPointerArray<CSenElement> elements;
+ if (iTokenType)
+ {
+/*#ifdef _RD_SEN_ENABLE_CREDLOG
+ _LIT8(KCredsLogLine, "Sending RST to STS to get new token (type %S)....");
+ CREDLOG_FORMAT((KSenCredsLogChannel, KSenCredsLogLevelNormal, KCredsLogLine, tokenType));
+#endif */
+ value = CWSStarPolicy::GetPolicyValueL(*iTokenType, KIssuedToken, KRequestSecurityTokenTemplate, *iHndCtx, iSTSSession, elements);
+ }
+ else
+ {
+ value = CWSStarPolicy::GetPolicyValueL(KIssuedToken, KRequestSecurityTokenTemplate, *iHndCtx, iSTSSession, elements);
+ }
+ if (!value)
+ {
+ if (iTokenType)
+ {
+ specificRST->AddElementL(*iVersion,
+ KTokenTypeTag).SetContentL(*iTokenType);
+ }
+ }
+ else
+ {
+ TLSLOG_ALL(KSenCoreServiceManagerLogChannelBase , KMaxLogLevel,(*value));//in debug we dont have to push to cleanup stack
+ delete value;
+ value = NULL;
+ CleanupStack::PopAndDestroy(specificRST);
+ CSenDomFragment* domFrg = CSenDomFragment::NewL(*iVersion,
+ KRSTTag,
+ KRSTQTag);
+ CleanupStack::PushL(domFrg);
+ specificRST = domFrg->ExtractElement();
+ CleanupStack::PopAndDestroy(domFrg);
+ CleanupStack::PushL(specificRST);
+
+ for (TInt i = 0; i<elements.Count(); i++ )
+ {
+ CSenDomFragment* rstTemplate = CSenDomFragment::NewL(*elements[i]);
+ CSenElement* rstTemplateEl = rstTemplate->ExtractElement();
+ delete rstTemplate;
+ rstTemplate = NULL;
+ CleanupStack::PushL(rstTemplateEl);
+ specificRST->AddElementL(*rstTemplateEl);
+ CleanupStack::Pop(rstTemplateEl);
+ }
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::CreateBodyL - added template");
+ }
+
+
+//-----------------
+//4 add passport RST (redundant info, but passport requires that)
+// and enable multirequest
+//-----------------
+ if (!iPassportMode)
+ {
+ CleanupStack::Pop(specificRST);
+ return specificRST;
+ }
+ else
+ {
+ CSenElement* passportRST = CreateRSTL(EFalse, WSPassport32::KPassportAppliesTo());
+ CleanupStack::PushL(passportRST);
+ CSenDomFragment* domFrg = CSenDomFragment::NewL(WSStarContextKeys::KMultiReqTagMark);
+ CSenElement* reqMultiple = domFrg->ExtractElement();
+ delete domFrg;
+ CleanupStack::PushL(reqMultiple);
+ reqMultiple->AddElementL(*specificRST);
+ reqMultiple->AddElementL(*passportRST);
+ CleanupStack::Pop(3, specificRST);
+ return reqMultiple;
+ }
+ }
+//---------------------------------------------------------------------------
+// Create RST skeleton.
+//---------------------------------------------------------------------------
+//
+CSenElement* CWSStarTrustClient::CreateRSTL(TBool aRenewing, TPtrC8 aAppliesTo)
+ {
+ //whole logic for RST factory
+ TLSLOG_FORMAT((KSenCoreServiceManagerLogChannelBase , KMinLogLevel, _L8("CWSStarTrustClient::CreateRST - appliesTo: %S"), &aAppliesTo));
+
+ CSenDomFragment* domFrg = CSenDomFragment::NewL(*iVersion,
+ KRSTTag,
+ KRSTQTag);
+ CSenElement* elementRst = domFrg->ExtractElement();
+ CleanupStack::PushL(elementRst);
+ delete domFrg;
+ domFrg = NULL;
+ elementRst->AddElementL(*iVersion, KRequestTypeTag).SetContentL(GetRequestType());
+
+//__________ISSUE
+ if (!aRenewing)
+ {
+ CSenElement& applies = elementRst->AddElementL(GetPolicyNs(),
+ KAppliesToTag,
+ KAppliesToQTag);
+ SenXmlUtils::AddAttributeL(applies, WSStarContextKeys::KAddressAttrMark, aAppliesTo);
+
+ }
+//__________RENEW
+ //in 7. Renewal Binding
+ //Other extensions MAY be specified in the request (and the response), but the key
+ //semantics (size, type, algorithms, scope, etc.) MUST NOT be altered during renewal.
+ else
+ {
+ CSenElement& el = elementRst->AddElementL(*iVersion, KRenewTargetTag);
+ const TDesC8* oldToken = iWSStarServiceSession->SessionContext()->GetDesC8L(WSStarContextKeys::KSecurityTokenBackup);
+ if (oldToken)
+ {
+ el.SetContentL(*oldToken);
+ }
+ }
+ CleanupStack::Pop(elementRst);
+ return elementRst;
+ }
+// End of file
+
+//---------------------------------------------------------------------------
+// Getter for endpoint
+//---------------------------------------------------------------------------
+//
+TPtrC8 CWSStarTrustClient::Endpoint()
+ {
+ return iSTSSession->Endpoint();
+ }
+//---------------------------------------------------------------------------
+// Getter for contract
+//---------------------------------------------------------------------------
+//
+TPtrC8 CWSStarTrustClient::Contract()
+ {
+ return iSTSSession->Contract();
+ }
+//---------------------------------------------------------------------------
+// Getter for providerId
+//---------------------------------------------------------------------------
+//
+TPtrC8 CWSStarTrustClient::ProviderID()
+ {
+ return iSTSSession->ProviderID();
+ }
+
+//---------------------------------------------------------------------------
+// Getter for framework
+//---------------------------------------------------------------------------
+//
+TPtrC8 CWSStarTrustClient::FrameworkId()
+ {
+ return iSTSSession->FrameworkId();
+ }
+//---------------------------------------------------------------------------
+// serialie to xml
+//---------------------------------------------------------------------------
+//
+void CWSStarTrustClient::WriteAsXMLToL(RWriteStream& aWriteStream)
+ {
+ iSTSSession->WriteAsXMLToL(aWriteStream);
+ }
+TInt CWSStarTrustClient::UpdatePolicyL(CWSStarPolicyHandler* aPolicyHandler, MSenServiceDescription* aSD)
+ {
+ return iSTSSession->UpdatePolicyL(aPolicyHandler, aSD);
+ }
+
+MSenServicePolicy* CWSStarTrustClient::ServicePolicy()
+ {
+ return iSTSSession->ServicePolicy();
+ }
+TInt CWSStarTrustClient::IapId(TUint32& aCurrentIapId)
+ {
+ return iSTSSession->IapId(aCurrentIapId);
+ }
+//---------------------------------------------------------------------------
+// randomize entropy for client
+//---------------------------------------------------------------------------
+//
+void CWSStarTrustClient::RandomEntropyClientL()
+ {
+ HBufC8* hashedRandom = SenCryptoUtils::RandomAndHashMd5LC();
+ iEntropyClient = SenCryptoUtils::EncodeBase64L(*hashedRandom);
+ CleanupStack::PopAndDestroy(hashedRandom);
+ if (!iEntropyClient)
+ {
+ User::Leave(KErrNotFound);
+ }
+ }
+//---------------------------------------------------------------------------
+// setter for ws-trust version
+//---------------------------------------------------------------------------
+//
+
+void CWSStarTrustClient::SetVersion(const TDesC8* aVersion)
+ {
+ iVersion = aVersion;
+ }
+
+//---------------------------------------------------------------------------
+// getter for action (depends on version)
+//---------------------------------------------------------------------------
+//
+const TDesC8& CWSStarTrustClient::GetAction()
+ {
+ if (!iRenewingMode)
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KActionIssueRST200502;
+ }
+ else
+ {
+ return KActionIssueRST200404;
+ }
+ }
+ else
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KActionRenewRST200502;
+ }
+ else
+ {
+ return KActionRenewRST200404;
+ }
+ }
+ }
+//---------------------------------------------------------------------------
+// getter for action response (depends on version)
+//---------------------------------------------------------------------------
+//
+const TDesC8& CWSStarTrustClient::GetActionResponse()
+ {
+ if (!iRenewingMode)
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KActionIssueRSTR200502;
+ }
+ else
+ {
+ return KActionIssueRSTR200404;
+ }
+ }
+ else
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KActionRenewRSTR200502;
+ }
+ else
+ {
+ return KActionRenewRSTR200404;
+ }
+ }
+ }
+//---------------------------------------------------------------------------
+// getter for request type (depends on version)
+//---------------------------------------------------------------------------
+//
+
+const TDesC8& CWSStarTrustClient::GetRequestType()
+ {
+ if (!iRenewingMode)
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KRequestTypeIssueRST200502;
+ }
+ else
+ {
+ return KRequestTypeIssueRST200404;
+ }
+ }
+ else
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KRequestTypeRenewRST200502;
+ }
+ else
+ {
+ return KRequestTypeRenewRST200404;
+ }
+ }
+ }
+//---------------------------------------------------------------------------
+// getter for policy namespace(depends on version)
+//---------------------------------------------------------------------------
+//
+
+const TDesC8& CWSStarTrustClient::GetPolicyNs()
+ {
+ if (*iVersion == KTrustNamespace200502)
+ {
+ return KPolicyNamespace200409;
+ }
+ else
+ {
+ return KPolicyNamespace200212 ;
+ }
+ }
+
+TBool CWSStarTrustClient::HasSuperClass( TDescriptionClassType aType )
+ {
+ if( aType == MSenServiceDescription::ESenInternalServiceConsumer ) // direct superclass!
+ {
+ // If asked type is the know *direct* father/mother, return true:
+ return ETrue;
+ }
+ else
+ {
+ // Otherwise, ask from superclass (chain, recursively)
+ return CSenInternalServiceConsumer::HasSuperClass( aType );
+ }
+ }
+
+void CWSStarTrustClient::SetHandlerCtx(MSenHandlerContext* aHndCtx)
+ {
+ iHndCtx = aHndCtx;
+ }
+TBool CWSStarTrustClient::HasEqualPrimaryKeysL(MSenServiceDescription& aCandidate)
+ {
+ TBool retVal(EFalse);
+ if ( CSenWSDescription::HasEqualPrimaryKeysL(aCandidate) )
+ {
+ // Endpoint, Contract and FrameworkID match, all of them.
+ // Now, in WS-*, also check ProviderID
+ if (aCandidate.DescriptionClassType() == DescriptionClassType())
+ {
+ CWSStarTrustClient& trustCandidate = (CWSStarTrustClient&)aCandidate;
+ if (trustCandidate.ProviderID() == ProviderID())
+ {
+ retVal = ETrue;
+ }
+ }
+ }
+ return retVal;
+ }
+/*
+TBool CWSStarTrustClient::HasEqualPrimaryKeysL(MSenServiceDescription& aCandidate)
+ {
+ TBool retVal(EFalse);
+ //if ( aCandidate.Endpoint() == Endpoint() && aCandidate.Contract() == Contract() && aCandidate.FrameworkId() == FrameworkId() )
+ if ( CSenWSDescription::HasEqualPrimaryKeysL(aCandidate) )
+ {
+ // Endpoint, Contract and FrameworkID match, all of them.
+ // Now, in WS-*, also check ProviderID
+ TPtrC8 providerID = ContentOf( WSStarSession::KProviderIdElementLocalName );
+ CSenWSDescription& xmlSD = (CSenWSDescription&)aCandidate;
+ CSenElement* idElement = xmlSD.AsElement().Element( WSStarSession::KProviderIdElementLocalName );
+ if ( idElement && idElement->Content() == providerID )
+ {
+ // candidate has ProviderID element, which is equal with this sessions's provider ID
+ retVal = ETrue;
+ }
+ }
+ return retVal;
+ }
+*/
+
+void CWSStarTrustClient::AdaptStsEndpointL(TBool aToOrginal) //codescannerwarnings
+ {
+ if (aToOrginal)
+ {
+ iSTSSession->SetEndPointL(*iSTSOrginalEndpoint);
+ return;
+ }
+
+ delete iSTSOrginalEndpoint;
+ iSTSOrginalEndpoint = NULL;
+ iSTSOrginalEndpoint = iSTSSession->Endpoint().AllocL();
+ HBufC8* address = NULL;
+ if (iTokenType)
+ {
+ address = CWSStarPolicy::GetPolicyValueL(*iTokenType, KIssuedToken, KAddress, *iHndCtx, iSTSSession);
+ }
+ else
+ {
+ address = CWSStarPolicy::GetPolicyValueL(KIssuedToken, KAddress, *iHndCtx, iSTSSession);
+ }
+
+ if (address)
+ {
+ iSTSSession->SetEndPointL(*address);
+ TLSLOG_L(KSenCoreServiceManagerLogChannelBase , KMinLogLevel,"CWSStarTrustClient::AdaptStsEndpoint() - endpoint replaced by value from policy");
+ }
+ delete address;
+ address = NULL;
+ }
+TBool CWSStarTrustClient::Matches(MSenServiceDescription& aOtherServiceDescription)
+ {
+ return iSTSSession->Matches(aOtherServiceDescription);
+ }
+void CWSStarTrustClient::SetDataTrafficDetails( TSenDataTrafficDetails& aDetails)
+ {
+ iTrustDetails = aDetails;
+ }
+// End of file
+