--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptoservices/certificateandkeymgmt/tpkixcert_tef/src/validateteststep.cpp Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,402 @@
+/*
+* Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+#include "validateteststep.h"
+
+
+CValidateCertChainStep::CValidateCertChainStep()
+ {
+ SetTestStepName(KValidateCertChainStep);
+ }
+
+CValidateCertChainStep::~CValidateCertChainStep()
+ {
+ delete iActiveObject;
+ }
+
+TVerdict CValidateCertChainStep::doTestStepPreambleL()
+ {
+ CPkixCertStepBase::doTestStepPreambleL();
+ GetIntFromConfig(ConfigSection(), KNumberOfCerts, iNumberOfCerts);
+ return EPass;
+ }
+
+void CValidateCertChainStep::PerformTestL()
+ {
+ CPkixCertStepBase::PerformTestL();
+
+ iCertChain->SetSupportedCriticalExtensionsL(iProcessedOids);
+
+ TTime time;
+ time.UniversalTime();
+
+ ValidateL(time, ConfigSection());
+
+ CleanupStack::PopAndDestroy(iCertChain);
+
+ }
+
+
+void CValidateCertChainStep::ValidateL(TTime aValidateTime, TDes& aConfigSection)
+ {
+
+ CPKIXValidationResult* result = CPKIXValidationResult::NewLC();
+
+ iActiveObject = new (ELeave) CValidateCertChainHelper(Logger());
+ CleanupStack::PushL(iActiveObject);
+
+ User::LeaveIfError(iActiveObject->PerformTestL(iCertChain, *result, aValidateTime));
+
+ CleanupStack::PopAndDestroy(iActiveObject);
+ iActiveObject = NULL;
+
+ TInt expectedError;
+ GetIntFromConfig(aConfigSection, KError, expectedError);
+
+ if ((result->Error()).iReason != expectedError)
+ {
+ ERR_PRINTF3(_L("ERROR: Error: %d. Expected error: %d"), (result->Error()).iReason, expectedError);
+ User::Leave(KErrGeneral);
+ }
+
+ if (expectedError != EValidatedOK)
+ {
+ //we are expected to error
+ TInt certIndex;
+ GetIntFromConfig(aConfigSection, KErrorIndex, certIndex);
+ if ((result->Error()).iCert != certIndex)
+ {
+ ERR_PRINTF3(_L("ERROR: Error certificate index: %d. Expected index: %d"), (result->Error()).iCert, certIndex);
+ User::Leave(KErrGeneral);
+ }
+ else{
+ CleanupStack::PopAndDestroy(result);
+ return; //we have passed
+ }
+ }
+
+
+ const CArrayFixFlat<TValidationStatus>& warns = result->Warnings();
+ RArray<TValidationStatus> resultOldWarnings;
+ CleanupClosePushL(resultOldWarnings);
+ TInt i;
+ for (i=0; i < warns.Count(); ++i)
+ {
+ resultOldWarnings.AppendL(warns[i]);
+ }
+
+ const RPointerArray<CCertificateValidationWarnings>& certificateWarningsArray = result->ValidationWarnings();
+
+ HBufC* key;
+
+ RArray<TValidationStatus> processedPolicyQualifiers;
+ CleanupClosePushL(processedPolicyQualifiers);
+
+ TInt qualifierWarning = 18;
+
+ for (i=0; i < iNumberOfCerts; ++i)
+ {
+ key = HBufC::NewLC(KCert().Length() + KKeyFormat().Length() + KPolicyIndex().Length());
+ TPtr ptr(key->Des());
+ ptr = KCert();
+ ptr.AppendFormat(KKeyFormat(), i);
+ ptr.Append(KPolicyIndex());
+
+ TInt policyIndex = 0;
+ GetIntFromConfig(aConfigSection, *key, policyIndex);
+
+ if (policyIndex > 0)
+ {
+ TValidationError error = (TValidationError) qualifierWarning;
+ processedPolicyQualifiers.Append(TValidationStatus(error, policyIndex));
+ }
+
+ CleanupStack::PopAndDestroy(key);
+ }
+
+ //handle 1st part old warnings first - check any warnings we expect are present (later we check no additionals)
+ CheckWarningsPresentAndRemoveL(processedPolicyQualifiers, resultOldWarnings);
+
+ RArray<TInt> configOldWarnings;
+ CleanupClosePushL(configOldWarnings);
+ RArray<TValidationStatus> processedConfigOldWarnings;
+ CleanupClosePushL(processedConfigOldWarnings);
+
+ RArray<TValidationStatus> configNewWarnings;
+ CleanupClosePushL(configNewWarnings);
+ RArray<TPtrC> configCritOids;
+ CleanupClosePushL(configCritOids);
+
+ for (TInt cert_index=0; cert_index < iNumberOfCerts; ++cert_index)
+ {
+ INFO_PRINTF2(_L("Certificate index: %d"), cert_index);
+ key = HBufC::NewLC(KCert().Length() + KKeyFormat().Length() + KOldWarnings().Length());
+ TPtr ptr(key->Des());
+ ptr = KCert();
+ ptr.AppendFormat(KKeyFormat(), cert_index);
+ ptr.Append(KOldWarnings());
+
+ GetIntArrayFromConfigL(aConfigSection, *key, configOldWarnings);
+
+ processedConfigOldWarnings.Reset();
+ for (TInt i=0; i < configOldWarnings.Count(); ++i)
+ {
+ TValidationError error = (TValidationError) configOldWarnings[i];
+ processedConfigOldWarnings.Append(TValidationStatus(error, cert_index));
+ }
+
+ TransferToNewWarningsL(configOldWarnings, configNewWarnings, cert_index);
+
+ ptr.Zero();
+ ptr = KCert();
+ ptr.AppendFormat(KKeyFormat(), cert_index);
+ ptr.Append(KCritOid());
+
+ GetStringArrayFromConfigL(aConfigSection, *key, configCritOids);
+
+ CleanupStack::PopAndDestroy(key);
+
+ //we now have all our arguments from the config file
+
+ //handle 1st part old warnings first - check any warnings we expect are present (later we check no additionals)
+ CheckWarningsPresentAndRemoveL(processedConfigOldWarnings, resultOldWarnings);
+
+
+ CCertificateValidationWarnings* certWarning = certificateWarningsArray[((iNumberOfCerts - cert_index) - 1)]; //not owned //warnings returned in reverse order
+
+ //check cert and certindex match up correctly
+ if (certWarning->CertIndex() != cert_index)
+ {
+ ERR_PRINTF3(_L("ERROR: Certificate indexes do not match. Certificate index: %d. Expected index: %d"), certWarning->CertIndex(), cert_index);
+ User::Leave(KErrGeneral);
+ }
+
+ key = HBufC::NewLC(KCert().Length() + KKeyFormat().Length() + KPolicyIndex().Length());
+ TPtr pt(key->Des());
+ pt = KCert();
+ pt.AppendFormat(KKeyFormat(), cert_index);
+ pt.Append(KPolicyIndex());
+
+ TInt policyIndex = 0;
+ GetIntFromConfig(aConfigSection, *key, policyIndex);
+
+ if (policyIndex > 0)
+ {
+ TValidationError error = (TValidationError) qualifierWarning;
+ configNewWarnings.Append(TValidationStatus(error, policyIndex));
+ }
+
+ CleanupStack::PopAndDestroy(key);
+
+ //check new warnings behave correctly
+ CheckWarningsPresentAndRemoveL(certWarning->Warnings(), configNewWarnings);
+
+ if (configNewWarnings.Count() != 0)
+ {
+ for (TInt err=0; err < configNewWarnings.Count(); ++err)
+ {
+ ERR_PRINTF2(_L("ERROR: Warning(new API) not reported: %d"), (configNewWarnings[err]).iReason);
+ }
+ User::Leave(KErrGeneral);
+ }
+
+
+ //check critoids behave correctly
+ CheckCriticalExtsPresentAndRemoveL(certWarning->CriticalExtensionsFound(), configCritOids);
+ if (configCritOids.Count() != 0)
+ {
+ for (TInt err=0; err < configCritOids.Count(); ++err)
+ {
+ ERR_PRINTF2(_L("ERROR: Critical extension not reported: %S"), &configCritOids[err]);
+ }
+ User::Leave(KErrGeneral);
+ }
+
+ configOldWarnings.Reset();
+ configNewWarnings.Reset();
+ configCritOids.Reset();
+ }
+
+ CleanupStack::PopAndDestroy(5, &processedPolicyQualifiers);
+
+ //check if any warnings in old api we weren't expecting
+ if (resultOldWarnings.Count() != 0)
+ {
+ for (TInt warn=0; warn < resultOldWarnings.Count(); ++warn)
+ {
+ ERR_PRINTF3(_L("ERROR: Warning(old API) not reported: %d. Index: %d"), (resultOldWarnings[warn]).iReason, (resultOldWarnings[warn]).iCert);
+ }
+ User::Leave(KErrGeneral);
+ }
+
+ CleanupStack::PopAndDestroy(2, result);
+ }
+
+void CValidateCertChainStep::TransferToNewWarningsL(RArray<TInt>& aOldWarnings, RArray<TValidationStatus>& aNewWarnings, TInt aCertIndex)
+ {
+ for (TInt i=0; i < aOldWarnings.Count(); ++i)
+ {
+ switch (aOldWarnings[i])
+ {
+ case ECriticalExtendedKeyUsage:
+ break;
+ case ECriticalPolicyMapping:
+ break;
+ case ECriticalDeviceId:
+ break;
+ case ECriticalSid:
+ break;
+ case ECriticalVid:
+ break;
+ case ECriticalCapabilities:
+ break;
+ case ECriticalCertPoliciesWithQualifiers: //handled by ini parameter due to overloading by warning of iCert value
+ break;
+ default:
+ TValidationError error = (TValidationError) aOldWarnings[i];
+ aNewWarnings.AppendL(TValidationStatus(error, aCertIndex));
+ }
+ }
+ }
+
+
+
+
+
+void CValidateCertChainStep::CheckWarningsPresentAndRemoveL(const RArray<TValidationStatus>& aWarningsToCheckFor, RArray<TValidationStatus>& aWarningsToCheckIn)
+ {
+ TBool found;
+ for (TInt warnings_index=0; warnings_index < aWarningsToCheckFor.Count(); ++warnings_index)
+ {
+ found = EFalse;
+ for (TInt k=0; k < aWarningsToCheckIn.Count(); ++k)
+ {
+ if (ValidationStatusEqual(aWarningsToCheckFor[warnings_index], aWarningsToCheckIn[k]))
+ {
+ found = ETrue;
+ aWarningsToCheckIn.Remove(k);
+ break;
+ }
+ }
+
+ if (!found)
+ {
+ ERR_PRINTF2(_L("ERROR: Warning not present: %d"), aWarningsToCheckFor[warnings_index].iReason);
+ User::Leave(KErrGeneral);
+ }
+ }
+ }
+
+
+TBool CValidateCertChainStep::ValidationStatusEqual(const TValidationStatus& aValidationStatus1, const TValidationStatus& aValidationStatus2)
+ {
+ if (aValidationStatus1.iReason != aValidationStatus2.iReason)
+ {
+ return EFalse;
+ }
+ if (aValidationStatus1.iCert != aValidationStatus2.iCert)
+ {
+ return EFalse;
+ }
+ return ETrue;
+ }
+
+
+//takes away from aOidsToCheckAgainst
+void CValidateCertChainStep::CheckCriticalExtsPresentAndRemoveL(const RPointerArray<TDesC>& aOidsToLookFor, RArray<TPtrC>& aOidsToCheckAgainst)
+ {
+ TBool found;
+ for (TInt oid_index=0; oid_index < aOidsToLookFor.Count(); ++oid_index)
+ {
+ found = EFalse;
+ for (TInt k=0; k < aOidsToCheckAgainst.Count(); ++k)
+ {
+ if ((*aOidsToLookFor[oid_index])==(aOidsToCheckAgainst[k]))
+ {
+ found = ETrue;
+ aOidsToCheckAgainst.Remove(k);
+ break;
+ }
+ }
+
+ if (!found)
+ {
+ ERR_PRINTF2(_L("ERROR: Critical extension OID not present: %S"), aOidsToLookFor[oid_index]);
+ User::Leave(KErrGeneral);
+ }
+ }
+ }
+
+
+
+//////////////////////////************
+
+CValidateCertChainHelper::CValidateCertChainHelper(CTestExecuteLogger& aLogger)
+: CActive(EPriorityStandard), iLogger(aLogger)
+ {
+ CActiveScheduler::Add(this);
+ }
+
+
+CValidateCertChainHelper::~CValidateCertChainHelper()
+ {
+ Cancel();
+ }
+
+
+TInt CValidateCertChainHelper::PerformTestL(CPKIXCertChain* aCertChain, CPKIXValidationResult& aValidResult, TTime aValidateTime)
+ {
+ iCertChain = aCertChain;
+
+ //call async
+ aCertChain->ValidateL(aValidResult, aValidateTime, iStatus);
+
+ SetActive();
+ CActiveScheduler::Start();
+
+ return iRunError;
+ }
+
+
+void CValidateCertChainHelper::DoCancel()
+ {
+ iCertChain->CancelValidate();
+ }
+
+
+void CValidateCertChainHelper::RunL()
+ {
+ iRunError = KErrNone;
+ User::LeaveIfError(iStatus.Int());
+
+ //processing here
+
+
+ CActiveScheduler::Stop();
+ }
+
+
+TInt CValidateCertChainHelper::RunError(TInt aError)
+ {
+ iRunError = aError;
+ //processing here
+
+
+ CActiveScheduler::Stop();
+ return KErrNone;
+ }