cryptoservices/certificateandkeymgmt/tpkixcert/Tactionvalidate.cpp
author William Roberts <williamr@symbian.org>
Sat, 27 Feb 2010 23:09:01 +0000
branchRCL_3
changeset 44 ea00662efad9
parent 8 35751d3474b7
permissions -rw-r--r--
Re-merge fix for Bug 1301

/*
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include "tactionvalidate.h"
#include "t_inputextra.h"

_LIT(KChainStart, "<chain>");
_LIT(KChainEnd, "</chain>");
_LIT(KIOStart, "<io>");
_LIT(KIOEnd, "</io>");
_LIT(KCertPath, "\\pkixtestdata\\");

CActionValidate::~CActionValidate()
	{
	if (iPolicies)
		{
		iPolicies->ResetAndDestroy();
		delete iPolicies;
		iPolicies = 0;
		}

	delete iValidationResult;
	delete iChain;

	delete iCertUtils;

	delete iTestChain;
	delete iTestIO;
	}

CActionValidate::CActionValidate(RFs& aFs, 
								 CConsoleBase& aConsole,
								 Output& aOut)
: CTestAction(aConsole, aOut), iFs(aFs)
	{
	}


void CActionValidate::ConstructL(const TTestActionSpec& aTestActionSpec)
	{
	CTestAction::ConstructL(aTestActionSpec);
	HBufC* aBody = HBufC::NewLC(aTestActionSpec.iActionBody.Length());
	aBody->Des().Copy(aTestActionSpec.iActionBody);
	TInt pos = 0;
	TInt err = KErrNone;
	TPtrC chainBuf = Input::ParseElement(*aBody, KChainStart, KChainEnd, pos, err);
	iTestChain = CTestChain::NewL(chainBuf);
	if (!AddParametersL(*aBody, pos))
		{
		// There must be at least one IO thing
		User::Leave(KErrNotFound);
		}
	while(AddParametersL(*aBody, pos))
		{
		}

	iValidationResult = CPKIXValidationResult::NewL();
	TDriveUnit sysDrive (RFs::GetSystemDrive());
	TDriveName driveName(sysDrive.Name());
	iCertPath.Copy(driveName);
	iCertPath.Append(KCertPath);

	CleanupStack::PopAndDestroy(aBody);
	}

void CActionValidate::PerformAction(TRequestStatus& aStatus)
	{
	switch (iState)
		{
		case EDoValidateTestStart:
			{
			__ASSERT_DEBUG(!iChain, User::Panic(_L("CPKIXCertTest"), 1));
			TRAPD(err, CreateChainL());
			iState = EDoValidateTestValidate;
			TRequestStatus* status = &aStatus;
			User::RequestComplete(status, err);
			break;
			}

		case EDoValidateTestValidate:
			{
			// 1) write the overall result we expect
			iOut.writeSpaces(4);
			iOut.writeString(_L("Expected result = "));
			iOut.writeString(iTestIO->iError);
			iOut.writeNewLine();

			// 2) now do the validation

			iTime.UniversalTime();
	
			if (iTestIO->iPolicyInput->Count() > 0)
				{
				__ASSERT_DEBUG(!iPolicies, User::Panic(_L("CPKIXCertTest"), 1));
				__ASSERT_DEBUG(iChain, User::Panic(_L("CPKIXCertTest"), 1));

				iPolicies = new (ELeave) CArrayPtrFlat<HBufC> (1);
				TInt count = iTestIO->iPolicyInput->Count();
				for (TInt i = 0; i < count; i++)
					{
					TPtrC policy = iTestIO->iPolicyInput->MdcaPoint(i);
					HBufC* pBuf = policy.AllocL();
					CleanupStack::PushL(pBuf);
					iPolicies->AppendL(pBuf);
					CleanupStack::Pop();
					}
					
				iChain->ValidateL(*iValidationResult, iTime, *iPolicies, aStatus);	
				}
			else
				{
				iChain->ValidateL(*iValidationResult, iTime, aStatus);
				}
			iState = EDoValidateTestValidated;
			}
			break;

		case EDoValidateTestValidated:
			{
			// 3) write the overall result
			iOut.writeSpaces(4);
			iOut.writeString(_L("Actual result = "));
			CCertUtils::WriteError(iValidationResult->Error().iReason, iOut);
			TBuf<128> iActualResult = CCertUtils::MapError(iValidationResult->Error().iReason);
			iOut.writeNewLine();
			iOut.writeNewLine();

			// 4) write the policy info
			TBool checkingPolicies = 
				((iTestIO->iIPoliciesSet) || (iTestIO->iOPoliciesSet));
			if (checkingPolicies)
				{
				if (iTestIO->iIPoliciesSet)
					{
					// 4.1) policies we supplied
					iOut.writeSpaces(4);
					iOut.writeString(_L("Supplied policy set: "));
					iOut.writeNewLine();
					WritePolicies(*(iTestIO->iPolicyInput));
					}
				if (iTestIO->iOPoliciesSet)
					{
					// 4.2) policies we expect
					iOut.writeSpaces(4);
					iOut.writeString(_L("Expected user-constrained policy set: "));
					iOut.writeNewLine();
					WritePolicies(*(iTestIO->iExpectedPolicyOutput));
					}

				// 4.3) policies we collected
				iOut.writeSpaces(4);
				iOut.writeString(_L("Actual user-constrained policy set: "));
				iOut.writeNewLine();
				const CArrayPtrFlat<CX509CertPolicyInfo>& policies = iValidationResult->Policies();
				TInt actualPolicyCount = policies.Count();
				for (TInt j = 0; j < actualPolicyCount; j++)
					{
					iOut.writeSpaces(8);
					iOut.writeString(policies.At(j)->Id());
					iOut.writeNewLine();	
					}
				iOut.writeNewLine();	

			//check expected user-constrained policy set == actual user-constrained policy set
				TBool policyOutputCorrect = ETrue;
				CDesCArray* expectedPolicies = iTestIO->iExpectedPolicyOutput;
				TInt expectedPolicyCount = expectedPolicies->MdcaCount();
				if (expectedPolicyCount == actualPolicyCount)
					{
					for (TInt k = 0; k < expectedPolicyCount; k++)
						{
						TPtrC expectedPolicy = expectedPolicies->MdcaPoint(k);
						TBool policyFound = EFalse;
						for (TInt l = 0; l < actualPolicyCount; l++)
							{
							TPtrC actualPolicy = policies.At(l)->Id();
							if (actualPolicy == expectedPolicy)
								{
								policyFound = ETrue;
								break;
								}
							}
						if (!policyFound)
							{
							policyOutputCorrect = EFalse;
							}	
						}
					}
				else
					{
					policyOutputCorrect = EFalse;
					}
				iResult = (iTestIO->iError == iActualResult) && (policyOutputCorrect);
				}
			else	//! checking policies 
				{
				iResult = (iTestIO->iError == iActualResult);
				}
			iState = EDoValidateTestFinished;
			if (iPolicies)
				{
				iPolicies->ResetAndDestroy();
				delete iPolicies;
				iPolicies = 0;
				}
			TRequestStatus* status = &aStatus;
			User::RequestComplete(status, KErrNone);
			}
			break;

		case EDoValidateTestFinished:
			{
			__ASSERT_DEBUG(!iPolicies, User::Panic(_L("CPKIXCertTest"), 1));
			delete iChain;
			iChain = 0;
			iState = ERemoveCertsAfterTest;
			iActionState = EPostrequisite;
			TRequestStatus* status = &aStatus;
			User::RequestComplete(status, KErrNone);
			}
			break;
		default:
			break;
		}
	}

TBool CActionValidate::TestResult(TInt /*aError*/)
	{
	return 0;
	}
	
void CActionValidate::PerformCancel()
	{
	delete iChain;
	iChain = 0;
	}

void CActionValidate::AfterOOMFailure()
	{
	if (iPolicies)
		{
		iPolicies->ResetAndDestroy();
		delete iPolicies;
		iPolicies = 0;
		}
	}
	
void CActionValidate::Reset()
	{
	iState = EDoValidateTestStart;
	if (iPolicies)
		{
		iPolicies->ResetAndDestroy();
		delete iPolicies;
		iPolicies = 0;
		}
	delete iChain;
	iChain = 0;
	}

void CActionValidate::DoReportAction()
	{
	iConsole.Printf(_L("u"));
	}

void CActionValidate::DoCheckResult(TInt /*aError*/)
	{
	}

TBool CActionValidate::AddParametersL(const TDesC& aBuf, TInt& aPos)
	{
	TPtrC ioBuf = Input::ParseElement(aBuf, KIOStart, KIOEnd, aPos);
	if (ioBuf != KNullDesC)
		{
		iTestIO = CTestParameters::NewL(ioBuf);
		return ETrue;
		}
	return EFalse;
	}

void CActionValidate::WritePolicies(const CDesCArray& aPolicySet)
	{
	TInt count = aPolicySet.Count();
	for (TInt i = 0; i < count; i++)
		{
		iOut.writeSpaces(8);
		iOut.writeString(aPolicySet.MdcaPoint(i));
		iOut.writeNewLine();
		}
	}

/*
validate using the cert store as a source of root certificates
*/

CTestAction* CActionValidateWithStore::NewL(RFs& aFs, CConsoleBase& aConsole,
		Output& aOut, const TTestActionSpec& aTestActionSpec)
	{
	CTestAction* self = CActionValidateWithStore::NewLC(aFs, aConsole,
		aOut, aTestActionSpec);
	CleanupStack::Pop(self);
	return self;
	}

CTestAction* CActionValidateWithStore::NewLC(RFs& aFs, CConsoleBase& aConsole,
		Output& aOut, const TTestActionSpec& aTestActionSpec)
	{
	CActionValidateWithStore* self = new(ELeave) CActionValidateWithStore(aFs, aConsole, aOut);
	CleanupStack::PushL(self);
	self->ConstructL(aTestActionSpec);
	return self;
	}

CActionValidateWithStore::CActionValidateWithStore(RFs& aFs, CConsoleBase& aConsole,Output& aOut)
	:CActionValidate(aFs, aConsole, aOut)
	{
	}

void CActionValidateWithStore::DoPerformPrerequisite(TRequestStatus& aStatus)
	{
	switch (iState)
		{
		case ERemoveCertsBeforeTest:
			__ASSERT_DEBUG(!iCertUtils, User::Panic(_L("CPKIXCertTest"), 1));
			iCertUtils = CCertUtils::NewL(iFs);
			iCertUtils->RemoveCertsL(aStatus);
			iState = EAddRoot;
			break;

		case EAddRoot:
			{
			TUid uid = { 1 };
			TRAPD(err, iCertUtils->RemoveApplicationL(uid));
			iCertUtils->AddApplicationL(_L("testpkix"), uid);
			TUid uid2 = { 2 };
			TRAP(err, iCertUtils->RemoveApplicationL(uid2));
			iCertUtils->AddApplicationL(_L("testpkix"), uid2);
			iCertUtils->AddCertL(iTestChain->iRootCertLabel,
				EX509Certificate, ECACertificate, 1, iCertPath,
				iTestChain->iRootCertFileName, 
				aStatus);	// 1 is trusted for our use
			iState = EAddIntermediateCerts;
			break;
			}

		case EAddIntermediateCerts:
			{
			iCertUtils->AddCACertsL(*(iTestChain->iIntermediateCertsFileName), 
				*(iTestChain->iIntermediateCertsLabel),
				EX509Certificate, 2, iCertPath, 
				aStatus);	//2 not trusted for our use
			iState = EDoValidateTestStart;
			iActionState = EAction;
			break;
			}
		default:
			break;
		}
	}

void CActionValidateWithStore::DoPerformPostrequisite(TRequestStatus& aStatus)
	{
	switch (iState)
		{
		case ERemoveCertsAfterTest:
			iCertUtils->RemoveCertsL(aStatus);
			iState = EEnd;
			break;

		case EEnd:
			{
			delete iCertUtils;
			iCertUtils = 0;
			TRequestStatus* status = &aStatus;
			iFinished = ETrue;
			User::RequestComplete(status, KErrNone);
			}
			break;
		default:
			break;
		}
	}


void CActionValidateWithStore::CreateChainL()
	{
	HBufC8* eeCert = 0;
			
	TRAPD(err, 
		eeCert = Input::ReadFileL(iTestChain->iEECertFileName,
		iCertPath, iFs));
	if (err != KErrNone)
		{
		iConsole.Printf(_L("Error : couldn't open file "));
		iConsole.Printf(iTestChain->iEECertFileName);
		iConsole.Printf(_L("\n"));
		iOut.writeString(_L("Error : couldn't open file "));
		iOut.writeString(iTestChain->iEECertFileName);
		iOut.writeNewLine();
		User::Leave(err);
		}
	CleanupStack::PushL(eeCert);
	TUid testUid = TUid::Uid(1);
	iChain = CPKIXCertChain::NewL(iFs, *eeCert, testUid);
	CleanupStack::PopAndDestroy(eeCert); 
	}

/*
validate using a set of candidates root certs supplied by the client
*/
CTestAction* CActionValidateWithSuppliedCerts::NewL(RFs& aFs, CConsoleBase& aConsole,
		Output& aOut, const TTestActionSpec& aTestActionSpec)
	{
	CTestAction* self = CActionValidateWithSuppliedCerts::NewLC(aFs, aConsole,
		aOut, aTestActionSpec);
	CleanupStack::Pop(self);
	return self;	
	}

CTestAction* CActionValidateWithSuppliedCerts::NewLC(RFs& aFs, CConsoleBase& aConsole,
		Output& aOut, const TTestActionSpec& aTestActionSpec)
	{
	CActionValidateWithSuppliedCerts* self = new(ELeave) CActionValidateWithSuppliedCerts(aFs, aConsole, aOut);
	CleanupStack::PushL(self);
	self->ConstructL(aTestActionSpec);
	return self;
	}

CActionValidateWithSuppliedCerts::CActionValidateWithSuppliedCerts(RFs& aFs, CConsoleBase& aConsole,Output& aOut)
	:CActionValidate(aFs, aConsole, aOut)
	{
	}

void CActionValidateWithSuppliedCerts::ConstructL(const TTestActionSpec& aTestActionSpec)
	{
	CActionValidate::ConstructL(aTestActionSpec);
	iRootCerts = new(ELeave) RPointerArray<CX509Certificate>;
	}

CActionValidateWithSuppliedCerts::~CActionValidateWithSuppliedCerts()
	{
	if (iRootCerts)
		{
		iRootCerts->ResetAndDestroy();
		delete iRootCerts;
		}
	delete iEndEntityAndIntermediateCerts;
	}

void CActionValidateWithSuppliedCerts::DoPerformPrerequisite(TRequestStatus& aStatus)
	{
//initialise the big descriptor containing ee cert followed by all intermediate certs
//and the array of candidate root certs

	HBufC8* eeCert = Input::ReadFileLC(iTestChain->iEECertFileName, iCertPath, iFs);
	HBufC8* inter = InputExtra::ReadFilesLC(*(iTestChain->iIntermediateCertsFileName), iCertPath, iFs);
	TInt totalSize = (eeCert->Size()) + (inter->Size());
	iEndEntityAndIntermediateCerts = HBufC8::NewL(totalSize);
	TPtr8 pRes = iEndEntityAndIntermediateCerts->Des();
	pRes.Append(*eeCert);
	pRes.Append(*inter);
	CleanupStack::PopAndDestroy(2);//eeCert, inter

	HBufC8* rootBuf = Input::ReadFileLC(iTestChain->iRootCertFileName, iCertPath, iFs);
	CX509Certificate* root = CX509Certificate::NewL(*rootBuf);
	CleanupStack::PopAndDestroy(rootBuf);
	CleanupStack::PushL(root);
	
	User::LeaveIfError(iRootCerts->Append(root));
	CleanupStack::Pop(root);//

	TRequestStatus* status = &aStatus;
	User::RequestComplete(status, KErrNone);
	iState = EDoValidateTestStart;
	iActionState = EAction;
	}

void CActionValidateWithSuppliedCerts::DoPerformPostrequisite(TRequestStatus& aStatus)
	{
	delete iCertUtils;
	iCertUtils = NULL;
	TRequestStatus* status = &aStatus;
	iFinished = ETrue;
	User::RequestComplete(status, KErrNone);
	}

void CActionValidateWithSuppliedCerts::CreateChainL()
	{
//create chain object
	iChain = CPKIXCertChain::NewL(iFs, *iEndEntityAndIntermediateCerts, *iRootCerts);
	}