1 /*

     2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 *

    16 */

    17 

    18 

    19 #include "pkixchainbuilder.h"

    20 

    21 CPKIXChainBuilder* CPKIXChainBuilder::NewL()

    22 	{

    23 	CPKIXChainBuilder* s = CPKIXChainBuilder::NewLC();

    24 	CleanupStack::Pop(s);

    25 	return s;

    26 	}

    27 

    28 CPKIXChainBuilder* CPKIXChainBuilder::NewLC()

    29 	{

    30 	CPKIXChainBuilder* s = new (ELeave) CPKIXChainBuilder;

    31 	CleanupStack::PushL(s);

    32 	s->ConstructL();

    33 	return s;

    34 	}

    35 

    36 CPKIXChainBuilder::~CPKIXChainBuilder()

    37 	{

    38 	Cancel();

    39 	iSources.Close();

    40 	iCandidates.ResetAndDestroy();

    41 	iCandidates.Close();

    42 	}

    43 

    44 void CPKIXChainBuilder::AddSourceL(MPKIXCertSource* aSource)

    45 	{

    46 	User::LeaveIfError(iSources.Append(aSource));

    47 	}

    48 

    49 void CPKIXChainBuilder::AddIssuer(TInt& aNumberOfCertsAdded,

    50 								  TBool& aResult, 

    51 								  CArrayPtrFlat<CX509Certificate>& aChain, 

    52 								  TRequestStatus& aStatus)

    53 	{

    54 	iOriginalRequestStatus = &aStatus;

    55 	aStatus = KRequestPending;

    56 	iResult = &aResult;

    57 	iChain = &aChain;

    58 	iNumberOfCertsAdded = &aNumberOfCertsAdded;

    59 

    60 	iSubject = aChain[aChain.Count()-1];

    61 	__ASSERT_DEBUG(iSubject, User::Panic(_L("CPKICCertChainAO"), 1));

    62 	__ASSERT_DEBUG(!iCandidates.Count(), User::Panic(_L("CPKICCertChainAO"), 1));

    63 

    64 	iIndex = -1;

    65 	iState = EAddCandidate;

    66 	TRequestStatus* status = &iStatus;

    67 	User::RequestComplete(status, KErrNone);

    68 	SetActive();

    69 	}

    70 

    71 CPKIXChainBuilder::CPKIXChainBuilder()

    72 : CActive(EPriorityNormal)

    73 	{

    74 	CActiveScheduler::Add(this);

    75 	}

    76 

    77 void CPKIXChainBuilder::ConstructL()

    78 	{

    79 	}

    80 

    81 TBool CPKIXChainBuilder::ResolveIssuersL(CArrayPtr<CX509Certificate>& aChain,

    82 										 const RPointerArray<CX509Certificate>& aCandidates) const

    83 	{

    84 	//*this function attempts to figure out which certificate in aCandidates is the issuer of

    85 	//the last cert in the aChain, and adds a *copy* of the best guess to aChain

    86 	//*it assumes that the names match already

    87 	//*if it establishes that none are any good it returns EFalse

    88 	TInt count = aCandidates.Count();

    89 	if (count == 0)

    90 		{

    91 		return EFalse;

    92 		}

    93 	if (count == 1)

    94 		{

    95 		CX509Certificate* cert = CX509Certificate::NewLC(*aCandidates[0]);

    96 		aChain.AppendL(cert);

    97 		(*iNumberOfCertsAdded)++;

    98 		CleanupStack::Pop(cert);

    99 		return ETrue;

   100 		}

   101 

   102 	const CX509Certificate* current = aChain[aChain.Count() - 1];

   103 			//1)  look for SKI/AKI to distinguish

   104 	const CX509CertExtension* akiExt = current->Extension(KAuthorityKeyId);

   105 	if (akiExt)

   106 		{

   107 		const CX509AuthorityKeyIdExt* aki = CX509AuthorityKeyIdExt::NewLC(akiExt->Data());

   108 		TPtrC8 authorityKeyId = aki->KeyId();

   109 		if (authorityKeyId != KNullDesC8)

   110 			{

   111 			for (TInt i = 0; i < count; i++)

   112 				{

   113 				const CX509CertExtension* skiExt = (aCandidates[i])->Extension(KSubjectKeyId);

   114 				if (skiExt)

   115 					{

   116 					const CX509SubjectKeyIdExt* ski = CX509SubjectKeyIdExt::NewLC(skiExt->Data());

   117 					if (authorityKeyId == ski->KeyId())

   118 						{

   119 						CX509Certificate* issuer = CX509Certificate::NewLC(*aCandidates[i]);

   120 						aChain.AppendL(issuer);

   121 						(*iNumberOfCertsAdded)++;

   122 						CleanupStack::Pop();//issuer

   123 						CleanupStack::PopAndDestroy(2);//aki, ski

   124 						return ETrue;

   125 						}

   126 					else

   127 						{

   128 						CleanupStack::PopAndDestroy();//ski

   129 						}

   130 					}

   131 				}

   132 			}

   133 		//ok, we haven't got a key ID for the issuer, so try for a serial number instead...

   134 		else

   135 			{

   136 			TPtrC8 authoritySerialNo = aki->AuthorityCertSerialNumber();

   137 			for (TInt i = 0; i < count; i++)

   138 				{

   139 				const CX509Certificate* candidate = aCandidates[i];

   140 				if (authoritySerialNo == candidate->SerialNumber())

   141 					{

   142 					CX509Certificate* issuer = CX509Certificate::NewLC(*candidate);

   143 					aChain.AppendL(issuer);

   144 					(*iNumberOfCertsAdded)++;

   145 					CleanupStack::Pop();//issuer

   146 					CleanupStack::PopAndDestroy();//aki

   147 					return ETrue;

   148 					}

   149 				}

   150 			}

   151 		CleanupStack::PopAndDestroy();//aki

   152 		}

   153 

   154 	return EFalse;

   155 	}

   156 

   157 

   158 void CPKIXChainBuilder::RunL()

   159 	{

   160 	User::LeaveIfError(iStatus.Int());

   161 

   162 	switch (iState)

   163 		{

   164 	case EAddCandidate:

   165 		iIndex++;

   166 		if (iIndex < iSources.Count())

   167 			{

   168 			iSources[iIndex]->CandidatesL(*iSubject, iCandidates, iStatus);

   169 			}

   170 		else

   171 			{

   172 			iState = EFinished;

   173 			TRequestStatus* status = &iStatus;

   174 			User::RequestComplete(status, KErrNone);

   175 			}

   176 		SetActive();

   177 		break;

   178 

   179 	case EFinished:

   180 		iState = EIdle;

   181 		*iResult = ResolveIssuersL(*iChain, iCandidates);

   182 		iCandidates.ResetAndDestroy();

   183 		User::RequestComplete(iOriginalRequestStatus, KErrNone);

   184 		break;

   185 

   186 	default:

   187 		User::Panic(_L("CPKIXChainBuilder"), 1);

   188 		break;

   189 		}

   190 	}

   191 

   192 void CPKIXChainBuilder::DoCancel()

   193 	{

   194 	int i = 0;

   195 	int end = iSources.Count();

   196 	while (i < end)

   197 		{

   198 		iSources[i]->CancelCandidates();

   199 		i++;

   200 		}

   201 	iCandidates.ResetAndDestroy();

   202 

   203 	User::RequestComplete(iOriginalRequestStatus, KErrCancel);

   204 

   205 	iState = EIdle;

   206 	}

   207 

   208 TInt CPKIXChainBuilder::RunError(TInt aError)

   209 	{

   210 	iState = EIdle;

   211 	iCandidates.ResetAndDestroy();

   212 	User::RequestComplete(iOriginalRequestStatus, aError);

   213 	return KErrNone;

   214 	}