|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 #include "Ctlsclntauthenticate.h" |
|
17 #include <cctcertinfo.h> |
|
18 #include <ccertattributefilter.h> |
|
19 |
|
20 #ifdef SYMBIAN_ENABLE_SPLIT_HEADERS |
|
21 #include <tlstypedef_internal.h> |
|
22 #endif |
|
23 |
|
24 // |
|
25 // CTlsClntAuthenticate |
|
26 // |
|
27 |
|
28 |
|
29 CTlsClntAuthenticate* CTlsClntAuthenticate::NewL(const CTlsCryptoAttributes& aTlsCryptoAttributes, |
|
30 HBufC8* aEncodedServerCerts) |
|
31 { |
|
32 CTlsClntAuthenticate* aPtrClnt = new (ELeave)CTlsClntAuthenticate( |
|
33 aTlsCryptoAttributes, aEncodedServerCerts); |
|
34 return(aPtrClnt); |
|
35 } |
|
36 |
|
37 |
|
38 CTlsClntAuthenticate::CTlsClntAuthenticate(const CTlsCryptoAttributes& aTlsCryptoAttributes, |
|
39 HBufC8* aEncodedServerCerts) |
|
40 : CActive(0), |
|
41 iTlsCryptoAttributes(aTlsCryptoAttributes), |
|
42 iEncodedServerCerts(aEncodedServerCerts) |
|
43 { |
|
44 if(CActiveScheduler::Current()) //Allready installed? |
|
45 { |
|
46 CActiveScheduler::Add( this ); |
|
47 } |
|
48 } |
|
49 |
|
50 |
|
51 void CTlsClntAuthenticate::DoClientAuthenticate( |
|
52 CCTCertInfo*& aSelectedCertInfo, |
|
53 CCTKeyInfo*& aSelectedKeyInfo, |
|
54 RPointerArray<CCertificate>* aStoredIntermediatesCACertificates, |
|
55 TRequestStatus& aStatus) |
|
56 { |
|
57 TLSPROV_LOG(_L("CTlsClntAuthenticate::DoClientAuthenticate()...")) |
|
58 aStatus = KRequestPending; |
|
59 iOriginalRequestStatus = &aStatus; |
|
60 iCurrentState = ENullState; |
|
61 TInt err = KErrNone; |
|
62 |
|
63 if(IsActive()) |
|
64 { |
|
65 err = KErrInUse; |
|
66 } |
|
67 else |
|
68 { |
|
69 |
|
70 iSelectedCertInfo = &aSelectedCertInfo; |
|
71 iSelectedKeyInfo = &aSelectedKeyInfo; |
|
72 iStoredIntermediatesCACertificates = aStoredIntermediatesCACertificates; |
|
73 |
|
74 err=iFs.Connect(); |
|
75 if (err==KErrNone) |
|
76 { |
|
77 TRAP(err, GetAvailableKeyListL()); |
|
78 } |
|
79 } |
|
80 |
|
81 if(err != KErrNone) |
|
82 User::RequestComplete(iOriginalRequestStatus, err); |
|
83 |
|
84 |
|
85 } |
|
86 |
|
87 |
|
88 void CTlsClntAuthenticate::GetAvailableKeyListL() |
|
89 { |
|
90 TLSPROV_LOG(_L("CTlsClntAuthenticate::GetAvailableKeyListL()...")) |
|
91 iFs.Connect(); |
|
92 iPtrUnifiedKeyStore = CUnifiedKeyStore::NewL(iFs); |
|
93 |
|
94 iStatus = KRequestPending; |
|
95 iCurrentState = EGetAvailableKeyList; |
|
96 iPtrUnifiedKeyStore->Initialize(iStatus); |
|
97 SetActive(); |
|
98 return; |
|
99 } |
|
100 |
|
101 |
|
102 |
|
103 void CTlsClntAuthenticate::OnGetAvailableKeyListL() |
|
104 { |
|
105 |
|
106 TInt KeyStoreCount = iPtrUnifiedKeyStore->KeyStoreCount(); |
|
107 TLSPROV_LOG2(_L("CTlsClntAuthenticate::GetAvailableKeyListL() KeyStoreCount = %d..."), KeyStoreCount) |
|
108 |
|
109 MCTKeyStore* IndividualKeyStore; |
|
110 for(TInt i = 0; i<KeyStoreCount;i++ ) |
|
111 { |
|
112 IndividualKeyStore= &(iPtrUnifiedKeyStore->KeyStore(i)); |
|
113 User::LeaveIfError(iSupportedKeyStores.Append(IndividualKeyStore)); |
|
114 } |
|
115 |
|
116 iKeyCount = iSupportedKeyStores.Count(); |
|
117 if(iKeyCount) |
|
118 { |
|
119 iCurrentState = EGetKeyList; |
|
120 TRequestStatus* MyStatus = &iStatus; |
|
121 User::RequestComplete(MyStatus,KErrNone); |
|
122 SetActive(); |
|
123 return; |
|
124 } |
|
125 else |
|
126 User::Leave(KErrNotFound); |
|
127 |
|
128 } |
|
129 |
|
130 |
|
131 |
|
132 void CTlsClntAuthenticate::OnEGetKeyListL() |
|
133 { |
|
134 |
|
135 TLSPROV_LOG2(_L("CTlsClntAuthenticate::GetAvailableKeyListL() iKeyCount = %d..."), iKeyCount) |
|
136 if((iKeyCount > 0)) |
|
137 { |
|
138 TCTKeyAttributeFilter keysFilter; |
|
139 keysFilter.iUsage = EPKCS15UsageSign; |
|
140 |
|
141 keysFilter.iKeyAlgorithm = iTlsCryptoAttributes.isignatureAlgorithm == ERsaSigAlg ? CCTKeyInfo::ERSA : CCTKeyInfo::EDSA; |
|
142 |
|
143 iCurrentState = EGetKeyList; |
|
144 iStatus = KRequestPending; |
|
145 iSupportedKeyStores[--iKeyCount]->List(iKeyInfos , keysFilter, iStatus ); |
|
146 SetActive(); |
|
147 return; |
|
148 } |
|
149 iSupportedKeyStores.Reset(); |
|
150 |
|
151 if(iKeyInfos.Count()) |
|
152 { |
|
153 |
|
154 iKeyCount = iKeyInfos.Count(); |
|
155 TLSPROV_LOG2(_L("CTlsClntAuthenticate::GetAvailableKeyListL() iKeyCount in key store= %d..."), iKeyCount) |
|
156 iPtrFilter = CCertAttributeFilter::NewL(); |
|
157 //Only user certificates are considered for client authentication |
|
158 iPtrFilter->SetOwnerType(EUserCertificate); |
|
159 iPtrUnifiedCertStore = CUnifiedCertStore::NewL(iFs,EFalse); |
|
160 |
|
161 iStatus = KRequestPending; |
|
162 |
|
163 CTlsProviderPolicy* tlsProviderPolicy(NULL); |
|
164 TRAP_IGNORE(tlsProviderPolicy=CTlsProviderPolicy::NewL()); |
|
165 |
|
166 if (tlsProviderPolicy) |
|
167 { |
|
168 iClientAuthenticationDlgEnabled=tlsProviderPolicy->ClientAuthenticationDialogEnabled(); |
|
169 delete tlsProviderPolicy; |
|
170 } |
|
171 |
|
172 //if the issuer name is empty, then we will not filter the cert by issuer's DN name. |
|
173 //otherwise the Intermediates CAcerts need to be retrieved in order to add more issuer name. |
|
174 TInt count=iTlsCryptoAttributes.iDistinguishedCANames.Count(); |
|
175 if (!count) |
|
176 { |
|
177 iCurrentState = EGetCertList; |
|
178 } |
|
179 else |
|
180 { |
|
181 //start building the full list |
|
182 for (TInt i=0;i<count;i++) |
|
183 { |
|
184 HBufC8* tmp=iTlsCryptoAttributes.iDistinguishedCANames[i]->AllocLC(); |
|
185 TLSPROV_LOG2(_L("iDistinguishedCANames[%d] :"),i) |
|
186 TLSPROV_LOG_HEX(iTlsCryptoAttributes.iDistinguishedCANames[i]->Ptr(),iTlsCryptoAttributes.iDistinguishedCANames[i]->Length()) |
|
187 iFullIssuerDistinguishedCANames.AppendL(tmp); |
|
188 CleanupStack::Pop(tmp); |
|
189 |
|
190 //start building the current work list of issuer's name |
|
191 HBufC8* tmp1=iTlsCryptoAttributes.iDistinguishedCANames[i]->AllocLC(); |
|
192 iCurrentIssuerDistinguishedCANames.AppendL(tmp1); |
|
193 CleanupStack::Pop(tmp1); |
|
194 } |
|
195 |
|
196 //Only retrieve the CA cert till there are no child CA certs left |
|
197 iPtrIntermediatesCACertFilter=CCertAttributeFilter::NewL(); |
|
198 iPtrIntermediatesCACertFilter->SetOwnerType(ECACertificate); |
|
199 iToListIntermediatesCACert=ETrue; |
|
200 iCurrentState = EListIntermediatesCACerts; |
|
201 } |
|
202 |
|
203 iPtrUnifiedCertStore->Initialize(iStatus); |
|
204 SetActive(); |
|
205 } |
|
206 else |
|
207 User::Leave(KErrNotFound); |
|
208 } |
|
209 |
|
210 void CTlsClntAuthenticate::OnEListIntermediatesCACertsL() |
|
211 { |
|
212 //Only when we need to list all the CA cert and there are new issuer name avalible |
|
213 if (iToListIntermediatesCACert && iCurrentIssuerDistinguishedCANames.Count()>0) |
|
214 { |
|
215 //List all the intermediates CA certificate. |
|
216 iPtrUnifiedCertStore->List(iIntermediatesCACertInfos, |
|
217 *iPtrIntermediatesCACertFilter, |
|
218 iCurrentIssuerDistinguishedCANames, |
|
219 iStatus); |
|
220 iCurrentState = EListIntermediatesCACerts; |
|
221 //Clear the flag for next time |
|
222 iToListIntermediatesCACert=EFalse; |
|
223 SetActive(); |
|
224 } |
|
225 else |
|
226 { |
|
227 //Reset the iCurrentIssuerDistinguishedCANames for the next level CA Cert |
|
228 iCurrentIssuerDistinguishedCANames.ResetAndDestroy(); |
|
229 iIntermediatesCACertCount=iIntermediatesCACertInfos.Count(); |
|
230 iToListIntermediatesCACert=EFalse; |
|
231 |
|
232 if (iIntermediatesCACertCount>0) |
|
233 { |
|
234 //add more intermediate CA certs in next state if possible |
|
235 iCurrentState = EGetIntermediatesIssuer; |
|
236 } |
|
237 else |
|
238 { |
|
239 //Got all the issuer's DN name and Intermediate CA certs |
|
240 iCurrentState = EGetCertList; |
|
241 } |
|
242 |
|
243 TRequestStatus* MyStatus = &iStatus; |
|
244 User::RequestComplete(MyStatus,KErrNone); |
|
245 SetActive(); |
|
246 } |
|
247 } |
|
248 |
|
249 #ifdef _DEBUG |
|
250 static void LogHBufC(TRefByValue<const TDesC> aFmt, HBufC* aBuffer) |
|
251 { |
|
252 HBufC *buf = HBufC::NewL(aBuffer->Length() + 1); |
|
253 buf->Des().FillZ(); |
|
254 buf->Des().Copy(aBuffer->Des()); |
|
255 TLSPROV_LOG2(aFmt,buf->Des().PtrZ()) |
|
256 delete buf; |
|
257 } |
|
258 |
|
259 static void LogCert(CX509Certificate* aX509Cert, TRefByValue<const TDesC> aMsg, TBool aFound) |
|
260 { |
|
261 HBufC *pIssuer = aX509Cert->IssuerL(); |
|
262 HBufC *pSubject = aX509Cert->SubjectL(); |
|
263 if ( aFound ) |
|
264 { |
|
265 TLSPROV_LOG(aMsg) |
|
266 TLSPROV_LOG(_L(" (found)")) |
|
267 } |
|
268 else |
|
269 { |
|
270 TLSPROV_LOG(aMsg) |
|
271 TLSPROV_LOG(_L(" (not found)")) |
|
272 } |
|
273 LogHBufC(_L("Issuer: %s"), pIssuer); |
|
274 LogHBufC(_L("Subject: %s"), pSubject); |
|
275 delete pSubject; |
|
276 delete pIssuer; |
|
277 } |
|
278 #endif |
|
279 |
|
280 TBool CTlsClntAuthenticate::LookupCert(CX509Certificate* aCert) |
|
281 { |
|
282 TBool found = EFalse; |
|
283 TInt certCount = iStoredIntermediatesCACertificates->Count(); |
|
284 for (int i = 0; i < certCount; i++) |
|
285 { |
|
286 CX509Certificate *x509Cert = (CX509Certificate*)((*iStoredIntermediatesCACertificates)[i]); |
|
287 #ifdef _DEBUG |
|
288 LogCert(x509Cert, _L("Verified cert"), ETrue); |
|
289 #endif |
|
290 if ( x509Cert->IsEqualL(*aCert) ) |
|
291 { |
|
292 found = ETrue; |
|
293 break; |
|
294 } |
|
295 } |
|
296 return found; |
|
297 } |
|
298 |
|
299 void CTlsClntAuthenticate::OnEGetIntermediatesIssuerL() |
|
300 { |
|
301 //update the issuer list |
|
302 if (iIntermediatesCertificate) |
|
303 { |
|
304 //get the x509 certificate and the certs' subject name |
|
305 CX509Certificate* x509Cert=(CX509Certificate*)iIntermediatesCertificate; |
|
306 const TPtrC8* subName=x509Cert->DataElementEncoding(CX509Certificate::ESubjectName); |
|
307 |
|
308 //Check if the intermediate CA certificate's subject name is already in the final list |
|
309 TBool found(EFalse); |
|
310 TInt count=iFullIssuerDistinguishedCANames.Count(); |
|
311 for (TInt i=0;i<count;i++) |
|
312 { |
|
313 if (*subName==*iFullIssuerDistinguishedCANames[i]) |
|
314 { |
|
315 // if found then break immediately |
|
316 found=ETrue; |
|
317 break; |
|
318 } |
|
319 } |
|
320 |
|
321 //update the issuer DN name arrays and current working issuer array |
|
322 //only if the name is not found before |
|
323 if (!found) |
|
324 { |
|
325 #ifdef _DEBUG |
|
326 LogCert(x509Cert, _L("New Certificate"), EFalse); |
|
327 #endif |
|
328 HBufC8* subject = NULL; |
|
329 |
|
330 subject = subName->AllocLC(); |
|
331 iFullIssuerDistinguishedCANames.AppendL(subject); |
|
332 CleanupStack::Pop(subject); |
|
333 |
|
334 subject = subName->AllocLC(); |
|
335 iCurrentIssuerDistinguishedCANames.AppendL(subject); |
|
336 CleanupStack::Pop(subject); |
|
337 |
|
338 // Store a copy of new imtermediate certificate |
|
339 CX509Certificate *cert = CX509Certificate::NewL(*x509Cert); |
|
340 iStoredIntermediatesCACertificates->Append(cert); |
|
341 } |
|
342 else |
|
343 { |
|
344 if ( !LookupCert(x509Cert) ) |
|
345 { |
|
346 // Store a copy of new certificate (probably requested CA) |
|
347 CX509Certificate *cert = CX509Certificate::NewL(*x509Cert); |
|
348 iStoredIntermediatesCACertificates->Append(cert); |
|
349 } |
|
350 #ifdef _DEBUG |
|
351 LogCert(x509Cert, _L("Existing Certificate"), ETrue); |
|
352 #endif |
|
353 } |
|
354 //delete the certificate for next retrieve |
|
355 delete iIntermediatesCertificate; |
|
356 iIntermediatesCertificate=NULL; |
|
357 } |
|
358 |
|
359 //Go through all the intermediate CA certs in the level. |
|
360 if (iIntermediatesCACertCount-- > 0) |
|
361 { |
|
362 iCurrentState = EGetIntermediatesIssuer; |
|
363 //Retrieve the certificate in order to get the subject DN name. |
|
364 iPtrUnifiedCertStore->Retrieve(*iIntermediatesCACertInfos[iIntermediatesCACertCount], iIntermediatesCertificate, iStatus); |
|
365 } |
|
366 else |
|
367 { |
|
368 //If this level's CA certs are done, go back to EListIntermediatesCACerts |
|
369 iCurrentState = EListIntermediatesCACerts; |
|
370 //Reset the certinfo and the count for next level intermediate CA certs |
|
371 iIntermediatesCACertCount=iIntermediatesCACertInfos.Count(); |
|
372 |
|
373 for (TInt i=iIntermediatesCACertCount-1;i>=0;i--) |
|
374 { |
|
375 CCTCertInfo* tmp=iIntermediatesCACertInfos[i]; |
|
376 TLSPROV_LOG2(_L("Found Intermediate Cert: <%s>"),tmp->Label().Ptr()) |
|
377 iIntermediatesCACertInfos.Remove(i); |
|
378 tmp->Release(); |
|
379 } |
|
380 iIntermediatesCACertInfos.Reset(); |
|
381 iIntermediatesCACertCount=0; |
|
382 iToListIntermediatesCACert=ETrue; |
|
383 |
|
384 //All the intermediate CA in this level has been processed. |
|
385 TRequestStatus* MyStatus = &iStatus; |
|
386 User::RequestComplete(MyStatus,KErrNone); |
|
387 } |
|
388 SetActive(); |
|
389 } |
|
390 |
|
391 |
|
392 void CTlsClntAuthenticate::OnEGetCertListL() |
|
393 { |
|
394 TInt CertList; |
|
395 |
|
396 if(iKeyCount-- > 0) |
|
397 { |
|
398 CertList = iCertInfos.Count(); |
|
399 |
|
400 iPtrFilter->SetSubjectKeyId(iKeyInfos[iKeyCount]->ID() ); |
|
401 |
|
402 iCurrentState = EGetCertList; |
|
403 iStatus = KRequestPending; |
|
404 |
|
405 if(iFullIssuerDistinguishedCANames.Count()) |
|
406 { |
|
407 TLSPROV_LOG2(_L("CTlsClntAuthenticate::OnEGetCertListL() distinquished names...CertListCount = %d"), CertList) |
|
408 TLSPROV_LOG(_L("iPtrFilter->iSubjectKeyId")) |
|
409 TLSPROV_LOG_HEX( iPtrFilter->iSubjectKeyId.Ptr(), iPtrFilter->iSubjectKeyId.Length() ) |
|
410 TLSPROV_LOG2(_L("iTlsCryptoAttributes.iDistinguishedCANames.Count() = %d"), iTlsCryptoAttributes.iDistinguishedCANames.Count()) |
|
411 for (int i = 0; i < iTlsCryptoAttributes.iDistinguishedCANames.Count(); i++) |
|
412 { |
|
413 TLSPROV_LOG_HEX( iTlsCryptoAttributes.iDistinguishedCANames[i]->Ptr(), iTlsCryptoAttributes.iDistinguishedCANames[i]->Length() ) |
|
414 } |
|
415 iPtrUnifiedCertStore->List(iCertInfos, |
|
416 *iPtrFilter, |
|
417 iFullIssuerDistinguishedCANames, |
|
418 iStatus); |
|
419 } |
|
420 else |
|
421 { |
|
422 // We can not filter by Issuers DN, so retrieve a list of all client certs |
|
423 TLSPROV_LOG(_L("CTlsClntAuthenticate::OnEGetCertListL()...")) |
|
424 TLSPROV_LOG(_L("iPtrFilter->iSubjectKeyId")) |
|
425 TLSPROV_LOG_HEX( iPtrFilter->iSubjectKeyId.Ptr(), iPtrFilter->iSubjectKeyId.Length() ) |
|
426 iPtrUnifiedCertStore->List(iCertInfos, |
|
427 *iPtrFilter, |
|
428 iStatus); |
|
429 } |
|
430 |
|
431 SetActive(); |
|
432 return; |
|
433 } |
|
434 |
|
435 // we have all the certificate candidates, so let's check to see if any have expired and remove them if they are... |
|
436 RemoveExpiredCertificatesL(); |
|
437 |
|
438 CertList = iCertInfos.Count(); |
|
439 |
|
440 if(CertList) |
|
441 { |
|
442 //Display dialog |
|
443 |
|
444 TLSPROV_LOG(_L("CTlsClntAuthenticate::OnEGetCertListL() create & display certificate list...")) |
|
445 while(CertList--) |
|
446 { |
|
447 User::LeaveIfError(iClientCertHandleList.Append(iCertInfos[CertList]->Handle())); |
|
448 } |
|
449 iCurrentState = EUserDialog; |
|
450 |
|
451 if (iClientAuthenticationDlgEnabled) |
|
452 { |
|
453 TLSPROV_LOG(_L("Client Certificate Selection Dialog")) |
|
454 iSecurityDialog = SecurityDialogFactory::CreateL(); |
|
455 iStatus = KRequestPending; |
|
456 TBool doClientAuthentication(ETrue); |
|
457 TPtrC8 encodedCert(iEncodedServerCerts->Des()); |
|
458 iSecurityDialog->EstablishSecureConnection(encodedCert, iClientCertHandleList, MSecurityDialog::ETLS, doClientAuthentication, iUserSelectedCert, iStatus); |
|
459 SetActive(); |
|
460 return; |
|
461 } |
|
462 |
|
463 iUserSelectedCert = iClientCertHandleList[0]; |
|
464 TRequestStatus* MyStatus = &iStatus; |
|
465 SetActive(); |
|
466 User::RequestComplete(MyStatus,KErrNone); |
|
467 } |
|
468 else |
|
469 User::Leave(KErrNotFound); |
|
470 } |
|
471 |
|
472 |
|
473 void CTlsClntAuthenticate::OnEUserDialogL() |
|
474 { |
|
475 iClientCertHandleList.Reset(); |
|
476 TInt err = iStatus.Int(); |
|
477 |
|
478 if(!err) |
|
479 { |
|
480 |
|
481 TLSPROV_LOG(_L("CTlsClntAuthenticate::OnEUserDialogL() certificate selected")) |
|
482 TInt CertList = iCertInfos.Count(); |
|
483 TInt KeyList = iKeyInfos.Count(); |
|
484 |
|
485 TLSPROV_LOG3(_L("CertList = %d, KeyList = %d"),CertList,KeyList); |
|
486 |
|
487 for(TInt i = 0; i < CertList; i++) |
|
488 { |
|
489 if( iCertInfos[i]->Handle() == iUserSelectedCert) |
|
490 { |
|
491 //Matching certificate found |
|
492 |
|
493 for(TInt j = 0; j < KeyList; j++ ) |
|
494 { |
|
495 if(iKeyInfos[j]->ID() == iCertInfos[i]->SubjectKeyId()) |
|
496 { |
|
497 // We can pass ownership of the selected cert info back |
|
498 // to the client, but need a key info without the |
|
499 // protector, so a new CCTKeyInfo object is created |
|
500 // here that is almost a copy. |
|
501 TLSPROV_LOG2(_L("\tSelected cert info %08x"), |
|
502 iCertInfos[i]); |
|
503 TLSPROV_LOG2(_L("\tSelected key info %08x"), |
|
504 iKeyInfos[j]); |
|
505 |
|
506 *iSelectedCertInfo = iCertInfos[i]; |
|
507 CCTKeyInfo& keyInfo = *(iKeyInfos[j]); |
|
508 HBufC* label = keyInfo.Label().AllocLC(); |
|
509 |
|
510 *iSelectedKeyInfo = CCTKeyInfo::NewL(keyInfo.ID(), |
|
511 keyInfo.Usage(), |
|
512 keyInfo.Size(), |
|
513 NULL, |
|
514 label, |
|
515 keyInfo.Token(), |
|
516 keyInfo.HandleID(), |
|
517 keyInfo.UsePolicy(), |
|
518 keyInfo.ManagementPolicy(), |
|
519 keyInfo.Algorithm(), |
|
520 keyInfo.AccessType(), |
|
521 keyInfo.Native(), |
|
522 keyInfo.StartDate(), |
|
523 keyInfo.EndDate() |
|
524 ); |
|
525 CleanupStack::Pop(label); |
|
526 |
|
527 iCertInfos.Remove(i); |
|
528 |
|
529 User::RequestComplete(iOriginalRequestStatus, KErrNone); |
|
530 return; |
|
531 } |
|
532 } |
|
533 } |
|
534 |
|
535 } |
|
536 } |
|
537 |
|
538 User::Leave(KErrNotFound); |
|
539 |
|
540 } |
|
541 |
|
542 |
|
543 |
|
544 void CTlsClntAuthenticate::RunL() |
|
545 { |
|
546 User::LeaveIfError(iStatus.Int()); |
|
547 switch(iCurrentState) |
|
548 { |
|
549 case EGetAvailableKeyList: |
|
550 { |
|
551 OnGetAvailableKeyListL(); |
|
552 } |
|
553 break; |
|
554 |
|
555 case EGetKeyList: |
|
556 { |
|
557 OnEGetKeyListL(); |
|
558 } |
|
559 break; |
|
560 |
|
561 case EListIntermediatesCACerts: |
|
562 { |
|
563 OnEListIntermediatesCACertsL(); |
|
564 } |
|
565 break; |
|
566 |
|
567 case EGetIntermediatesIssuer: |
|
568 { |
|
569 OnEGetIntermediatesIssuerL(); |
|
570 } |
|
571 break; |
|
572 |
|
573 case EGetCertList: |
|
574 { |
|
575 OnEGetCertListL(); |
|
576 } |
|
577 break; |
|
578 |
|
579 case EUserDialog: |
|
580 { |
|
581 OnEUserDialogL(); |
|
582 } |
|
583 break; |
|
584 |
|
585 default: |
|
586 User::Leave(KErrNotFound); |
|
587 break; |
|
588 } |
|
589 } |
|
590 |
|
591 void CTlsClntAuthenticate::CancelRequest() |
|
592 { |
|
593 Cancel(); |
|
594 } |
|
595 |
|
596 TInt CTlsClntAuthenticate::RunError(TInt aError) |
|
597 { |
|
598 User::RequestComplete(iOriginalRequestStatus, aError); |
|
599 return KErrNone; |
|
600 } |
|
601 |
|
602 void CTlsClntAuthenticate::DoCancel() |
|
603 { |
|
604 switch(iCurrentState) |
|
605 { |
|
606 case EGetAvailableKeyList: |
|
607 { |
|
608 if(iPtrUnifiedKeyStore) |
|
609 iPtrUnifiedKeyStore->CancelInitialize(); |
|
610 } |
|
611 break; |
|
612 |
|
613 case EGetKeyList: |
|
614 { |
|
615 if(iSupportedKeyStores[iKeyCount]) |
|
616 iSupportedKeyStores[iKeyCount]->CancelList(); |
|
617 } |
|
618 break; |
|
619 |
|
620 case EListIntermediatesCACerts: |
|
621 { |
|
622 if(iPtrUnifiedCertStore) |
|
623 { |
|
624 iPtrUnifiedCertStore->CancelInitialize(); |
|
625 iPtrUnifiedCertStore->CancelList(); |
|
626 } |
|
627 } |
|
628 break; |
|
629 |
|
630 case EGetIntermediatesIssuer: |
|
631 { |
|
632 if(iPtrUnifiedCertStore) |
|
633 { |
|
634 iPtrUnifiedCertStore->CancelRetrieve(); |
|
635 } |
|
636 } |
|
637 break; |
|
638 |
|
639 case EGetCertList: |
|
640 { |
|
641 if(iPtrUnifiedCertStore) |
|
642 { |
|
643 iPtrUnifiedCertStore->CancelList(); |
|
644 } |
|
645 } |
|
646 break; |
|
647 default: |
|
648 break; |
|
649 } |
|
650 iCurrentState = ENullState; |
|
651 User::RequestComplete(iOriginalRequestStatus, KErrCancel); |
|
652 } |
|
653 |
|
654 |
|
655 CTlsClntAuthenticate::~CTlsClntAuthenticate() |
|
656 { |
|
657 iKeyInfos.Close(); |
|
658 iCertInfos.Close(); |
|
659 delete iPtrUnifiedKeyStore; |
|
660 delete iPtrFilter; |
|
661 delete iPtrUnifiedCertStore; |
|
662 |
|
663 if(iSecurityDialog) |
|
664 iSecurityDialog->Release(); |
|
665 |
|
666 iSupportedKeyStores.Close(); |
|
667 iFs.Close(); |
|
668 iClientCertHandleList.Close(); |
|
669 iFullIssuerDistinguishedCANames.ResetAndDestroy(); |
|
670 |
|
671 iIntermediatesCACertInfos.Close(); |
|
672 delete iPtrIntermediatesCACertFilter; |
|
673 iCurrentIssuerDistinguishedCANames.ResetAndDestroy(); |
|
674 |
|
675 } |
|
676 |
|
677 |
|
678 // return information about the specified key |
|
679 CCTKeyInfo* CTlsClntAuthenticate::GetKeyInfoL(const TKeyIdentifier& aKeyID) |
|
680 { |
|
681 TInt key; |
|
682 // check the key info list for a match and return its details |
|
683 for (key=0; key<iKeyInfos.Count(); key++) |
|
684 { |
|
685 CCTKeyInfo* info = iKeyInfos[key]; |
|
686 if (info->ID()==aKeyID) |
|
687 return info; |
|
688 } |
|
689 return 0; |
|
690 } |
|
691 |
|
692 // removes expired certificates from the certificate list. This is based on the start/end time of the key assoiated with the issuer |
|
693 void CTlsClntAuthenticate::RemoveExpiredCertificatesL() |
|
694 { |
|
695 TInt index = 0; |
|
696 TTime now; |
|
697 |
|
698 // get time now |
|
699 now.UniversalTime(); |
|
700 while (index < iCertInfos.Count()) |
|
701 { |
|
702 TBool bExpired=EFalse; |
|
703 CCTCertInfo* cert = iCertInfos[index]; |
|
704 |
|
705 // check that issuer key not expired |
|
706 CCTKeyInfo* issuer = GetKeyInfoL(cert->IssuerKeyId()); |
|
707 if (issuer && (issuer->StartDate()>now || issuer->EndDate()<now)) |
|
708 bExpired = ETrue; |
|
709 |
|
710 // remove from list if it has expired |
|
711 if (bExpired) |
|
712 { |
|
713 iCertInfos.Remove(index); |
|
714 } |
|
715 else index++; |
|
716 } |
|
717 } |