1 // Copyright (c) 2003-2010 Nokia Corporation and/or its subsidiary(-ies). |
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
2 // All rights reserved. |
2 // All rights reserved. |
3 // This component and the accompanying materials are made available |
3 // This component and the accompanying materials are made available |
4 // under the terms of "Eclipse Public License v1.0" |
4 // under the terms of "Eclipse Public License v1.0" |
5 // which accompanies this distribution, and is available |
5 // which accompanies this distribution, and is available |
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
482 } |
478 } |
483 |
479 |
484 return; |
480 return; |
485 } |
481 } |
486 |
482 |
487 // This patch is to fix-up the Common Name component of the Subject field. |
|
488 // This is due to a bug in TASN1DecBMPString::DecodeContentsL which is incorrectly decoding the BMP String contents. |
|
489 // Since fixing TASN1DecBMPString would cause a major break in public API, this fix-up is being done here locally. |
|
490 // This patch is active only if the encoding is in BMP String. If TASN1DecBMPString::DecodeContentsL is ever fixed (which |
|
491 // means CX500DistinguishedName::DisplayNameL is also automatically fixed) then this patch MUST to be removed. |
|
492 |
|
493 HBufC* CTlsProviderImpl::ExtractCertFieldL(const TDesC& aFieldName, const CX500DistinguishedName& aDistinguishedName) |
|
494 { |
|
495 TInt count = aDistinguishedName.Count(); |
|
496 for (TInt i = 0; i < count; i++) |
|
497 { |
|
498 const CX520AttributeTypeAndValue& ava = aDistinguishedName.Element(i); |
|
499 if (ava.Type() == aFieldName) |
|
500 { |
|
501 HBufC* res = ava.ValueL(); |
|
502 CleanupStack::PushL(res); |
|
503 TPtr pRes = res->Des(); |
|
504 TUint8* data = const_cast<TUint8 *>(reinterpret_cast<const TUint8 *>(res->Ptr())); |
|
505 TUint len = pRes.Length()*2; |
|
506 TASN1DecGeneric gen(ava.EncodedValue()); |
|
507 gen.InitL(); |
|
508 if (gen.Tag() == EASN1BMPString) |
|
509 { |
|
510 // Bmp String internally store them as little endian, as a string we want it big |
|
511 // endian interchange least and most significent byte |
|
512 for(TUint i=0; i<len; i+=2) |
|
513 { |
|
514 TUint8 temp = data[i]; |
|
515 data[i] = data[i+1]; |
|
516 data[i+1] = temp; |
|
517 } |
|
518 } |
|
519 CleanupStack::Pop(); |
|
520 return res; |
|
521 } |
|
522 } |
|
523 return NULL; |
|
524 } |
|
525 |
483 |
526 |
484 |
527 TBool CTlsProviderImpl::VerifySignatureL( |
485 TBool CTlsProviderImpl::VerifySignatureL( |
528 const CSubjectPublicKeyInfo& aServerPublicKey, |
486 const CSubjectPublicKeyInfo& aServerPublicKey, |
529 const TDesC8& aDigest,const TDesC8& aSignature) |
487 const TDesC8& aDigest,const TDesC8& aSignature) |
1075 iCurrentState = iOriginalState = ENullState; |
1033 iCurrentState = iOriginalState = ENullState; |
1076 User::RequestComplete(iOriginalRequestStatus,KErrNone); |
1034 User::RequestComplete(iOriginalRequestStatus,KErrNone); |
1077 } |
1035 } |
1078 else |
1036 else |
1079 { |
1037 { |
1080 TBool allowUntrustedCertificates = EFalse; |
1038 if(iTlsCryptoAttributes && iTlsCryptoAttributes->iDialogNonAttendedMode) |
1081 allowUntrustedCertificates = CFeatureDiscovery::IsFeatureSupportedL(NFeature::KFeatureIdFfHttpAllowUntrustedCertificates); |
|
1082 |
|
1083 if ( allowUntrustedCertificates && iTlsCryptoAttributes && ETTLSDialogModeAllowAutomatic == iTlsCryptoAttributes->iDialogMode ) |
|
1084 { |
|
1085 iCurrentState = iOriginalState = ENullState; |
|
1086 User::RequestComplete(iOriginalRequestStatus,KErrNone); |
|
1087 } |
|
1088 else if((allowUntrustedCertificates && iTlsCryptoAttributes && ETTLSDialogModeUnattended == iTlsCryptoAttributes->iDialogMode ) || (iTlsCryptoAttributes && iTlsCryptoAttributes->iDialogNonAttendedMode)) |
|
1089 { |
1039 { |
1090 TLSPROV_LOG(_L("Server Certificate validation failed but in DialogNonAttended mode")) |
1040 TLSPROV_LOG(_L("Server Certificate validation failed but in DialogNonAttended mode")) |
1091 TInt err(0); |
1041 TInt err(0); |
1092 |
1042 |
1093 switch(iValidationStatus.iReason) |
1043 switch(iValidationStatus.iReason) |
1574 |
1524 |
1575 // if the certificate has an alternative name extension, with DNS entries, ignore the common name |
1525 // if the certificate has an alternative name extension, with DNS entries, ignore the common name |
1576 if(!hasAltNameExt) |
1526 if(!hasAltNameExt) |
1577 { |
1527 { |
1578 // no name yet lets try common name from Subject |
1528 // no name yet lets try common name from Subject |
1579 //HBufC* commonName = aSource.SubjectName().ExtractFieldL(KX520CommonName); |
1529 HBufC* commonName = aSource.SubjectName().ExtractFieldL(KX520CommonName); |
1580 HBufC* commonName = ExtractCertFieldL(KX520CommonName, aSource.SubjectName()); |
|
1581 if(commonName) |
1530 if(commonName) |
1582 { |
1531 { |
1583 CleanupStack::PushL(commonName); |
1532 CleanupStack::PushL(commonName); |
1584 TPtr name = commonName->Des(); |
1533 TPtr name = commonName->Des(); |
1585 // check for wildcard, we consider it only if left-most name component (see RFC 2595) |
1534 // check for wildcard, we consider it only if left-most name component (see RFC 2595) |