cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.cpp
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Fri, 12 Mar 2010 15:51:07 +0200
branchRCL_3
changeset 48 eb9b28acd381
parent 8 35751d3474b7
permissions -rw-r--r--
Revision: 201008 Kit: 201008

/*
* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include "pkixcerts.h"
#include <ccertattributefilter.h>
#include <cctcertinfo.h>

// CPKIXCertSource
////////////////////

MPKIXCertSource::~MPKIXCertSource()
	{
	}

// This function returns ETrue iff the issuer altname in aSubjectCert matches the
// subject altname in aIssuerCert
TBool MPKIXCertSource::AltNameMatchL(const CX509Certificate& aSubjectCert, 
									 const CX509Certificate& aIssuerCert) const 
	{
	TBool res = EFalse;
	const CX509CertExtension* subjectExt = aSubjectCert.Extension(KIssuerAltName);
	const CX509CertExtension* issuerExt = aIssuerCert.Extension(KSubjectAltName);
	if ((subjectExt) && (issuerExt))
		{
		const CX509AltNameExt* issuerAltName = CX509AltNameExt::NewLC(subjectExt->Data());
		const CX509AltNameExt* subjectAltName = CX509AltNameExt::NewLC(issuerExt->Data());
		if (subjectAltName->Match(*issuerAltName))
			{
			res = ETrue;
			}
		CleanupStack::PopAndDestroy(2);//subjectAltName, issuerAltName
		}
	return res;
	}

// CPKIXCertsFromStore
////////////////////////

CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore)
	{
	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore);
	CleanupStack::Pop(self);
	return self;
	}

CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore)
	{
	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore);
	CleanupStack::PushL(self);
	self->ConstructL();
	return self;
	}

CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore, TUid aClient)
	{
	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore, aClient);
	CleanupStack::Pop(self);
	return self;
	}

CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore, TUid aClient)
	{
	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore, aClient);
	CleanupStack::PushL(self);
	self->ConstructL(aClient);
	return self;
	}

void CPKIXCertsFromStore::Initialize(TRequestStatus& aStatus)
	{
	// In the case of a WIM, we don't have trust settings,
	// the WIM store will ignore the filter and return all certificates
	aStatus = KRequestPending;
	iOriginalRequestStatus = &aStatus;
	iState = EInitialize;
	iCertStore.List(iCertInfos, *iFilter, iStatus);
	SetActive();
	}

void CPKIXCertsFromStore::CandidatesL(const CX509Certificate& aSubject,
									 RPointerArray<CX509Certificate>& aCandidates, 
									 TRequestStatus& aStatus)
	{
	aStatus = KRequestPending;
	iOriginalRequestStatus = &aStatus;

	iRootName = &aSubject.IssuerName();
	iSubject = &aSubject;
	iCandidates = &aCandidates;
	iEntriesIndex = -1;
	
	iState = ECheckTrusted;
	TRequestStatus* status = &iStatus;
	User::RequestComplete(status, KErrNone);
	SetActive();
	}

void CPKIXCertsFromStore::CancelCandidates()
	{
	Cancel();
	}

void CPKIXCertsFromStore::Release()
	{
	delete this;
	}

CPKIXCertsFromStore::~CPKIXCertsFromStore()
	{
	Cancel();

	iCertInfos.Close();

	delete iFilter;
	
	delete iCertData;
	delete iCertPtr;
	}

//private functions
CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore)
	: CActive(EPriorityNormal), iCertStore(aCertStore)
	{
	CActiveScheduler::Add(this);
	}

CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient)
: CActive(EPriorityNormal), iClient(aClient), iCertStore(aCertStore)
	{
	CActiveScheduler::Add(this);
	}

void CPKIXCertsFromStore::ConstructL()
	{
	iFilter = CCertAttributeFilter::NewL();
	iFilter->SetFormat(EX509Certificate);
	iFilter->SetOwnerType(ECACertificate);
	}

void CPKIXCertsFromStore::ConstructL(TUid aClient)
	{
	iFilter = CCertAttributeFilter::NewL();
	iFilter->SetUid(aClient);
	iFilter->SetFormat(EX509Certificate);
	iFilter->SetOwnerType(ECACertificate);
	}

void CPKIXCertsFromStore::RunL()
	{
	User::LeaveIfError(iStatus.Int());

	switch (iState)
		{
		case EInitialize:
			iState = EIdle;
			User::RequestComplete(iOriginalRequestStatus, iStatus.Int());
			break;

		case ECheckTrusted:
			HandleECheckTrusted();
			break;

		case EGetCertificate:
			HandleEGetCertificateL();
			break;

		case EAddCandidate:
			HandleEAddCandidateL();
			break;

		case EEnd:
			iState = EIdle;
			User::RequestComplete(iOriginalRequestStatus, KErrNone);
			break;

		default:
			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));
			break;
			}
	}

TInt CPKIXCertsFromStore::RunError(TInt aError)
	{
	User::RequestComplete(iOriginalRequestStatus, aError);
	return KErrNone;
	}

void CPKIXCertsFromStore::DoCancel()
	{
	switch(iState)
		{
		case EInitialize:
			iCertStore.CancelList();
			break;

		case EGetCertificate:
			iCertStore.CancelTrusted();
			break;

		case EAddCandidate:
			iCertStore.CancelRetrieve();
			break;

		case ECheckTrusted:
		case EEnd:
			// nothing to do
			break;

		default:
			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));
			break;
		}
	
	User::RequestComplete(iOriginalRequestStatus, KErrCancel);
	iState = EIdle;
	}

void CPKIXCertsFromStore::HandleECheckTrusted()
	{// iEntriesIndex has been initialized to -1 by Candidates
	iEntriesIndex++;
	if (iEntriesIndex < iCertInfos.Count())
		{
		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];

	//	Fix for DEF017139  "PKIXCert ignores trust"
	//	Check the certificate is trusted and discard it if not
		iCertStore.Trusted(*entry, iIsTrusted, iStatus);
		iState = EGetCertificate;
		}
	else
		{
		iState = EEnd;
		TRequestStatus* status = &iStatus;
		User::RequestComplete(status, KErrNone);
		}
	SetActive();
	}

void CPKIXCertsFromStore::HandleEGetCertificateL()
{
	if (iIsTrusted)
	{//	Fine to trust, go ahead
		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];
		__ASSERT_DEBUG(!iCertData, User::Panic(_L("CPKIXCertsFromStore"), 1));
		iCertData = HBufC8::NewL(entry->Size());
		__ASSERT_DEBUG(!iCertPtr, User::Panic(_L("CPKIXCertsFromStore"), 1));
		iCertPtr = new(ELeave) TPtr8(iCertData->Des());
		iCertStore.Retrieve(*entry, *iCertPtr, iStatus);
		iState = EAddCandidate;
	}
	else
	{//	Not trusted, check next for trust
		iState = ECheckTrusted;
		TRequestStatus* status = &iStatus;
		User::RequestComplete(status, KErrNone);
	}
		
	SetActive();
}


TBool CPKIXCertsFromStore::IsDuplicateL(const CX509Certificate& aCandidate)
	{
	
	TInt candidatesCount = iCandidates->Count();
	for (TInt i = 0; i < candidatesCount; i++)
		{
		
		// Certificate is a duplicate iff
		// a) The public keys have the same hash, and
		// b) The serial numbers are identical
		
		CX509Certificate* cert = (*iCandidates)[i];
		if (cert->KeyIdentifierL() == aCandidate.KeyIdentifierL()
			&& cert->SerialNumber() == aCandidate.SerialNumber())
			{
			return ETrue;
			}
		
		}
	
	return EFalse;
	
	}

void CPKIXCertsFromStore::HandleEAddCandidateL()
	{
	CX509Certificate *candidate = CX509Certificate::NewLC(*iCertData);
	delete iCertData;
	iCertData = 0;
	delete iCertPtr;
	iCertPtr = 0;

	if (iRootName->Count() > 0)
		{
		if (candidate->SubjectName().ExactMatchL(*iRootName) && !IsDuplicateL(*candidate))
			{
			User::LeaveIfError(iCandidates->Append(candidate));
			CleanupStack::Pop();	// candidate
			}
		else
			{
			CleanupStack::PopAndDestroy();	// candidate
			}
		}
	else
		{
		const CX500DistinguishedName& candidateName = candidate->SubjectName();
		if ((candidateName.Count() == 0) && (AltNameMatchL(*iSubject, *candidate)))
			{
			User::LeaveIfError(iCandidates->Append(candidate));
			CleanupStack::Pop();	// candidate
			}
		else
			{
			CleanupStack::PopAndDestroy();	// candidate
			}
		}

	iState = ECheckTrusted;
	TRequestStatus* status = &iStatus;
	User::RequestComplete(status, KErrNone);
	SetActive();
	}

//CPKIXCertsFromClient
//public functions
CPKIXCertsFromClient* CPKIXCertsFromClient::NewL(const RPointerArray<CX509Certificate>& aCerts)
	{
	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);
	return self;
	}

CPKIXCertsFromClient* CPKIXCertsFromClient::NewLC(const RPointerArray<CX509Certificate>& aCerts)
	{
	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);
	CleanupStack::PushL(self);
	return self;
	}

void CPKIXCertsFromClient::Release()
	{
	delete this;
	}

CPKIXCertsFromClient::~CPKIXCertsFromClient()
	{
	}

void CPKIXCertsFromClient::CandidatesL(const CX509Certificate& aSubject,
									   RPointerArray<CX509Certificate>& aCandidates, 
									   TRequestStatus& aStatus)
	{
	// There is no need for this to be asynchronous but it is because the base class
	// wants this to be

	const CX500DistinguishedName& rootName = aSubject.IssuerName();
	TInt count = iCerts.Count();
	const CX509Certificate* candidate = NULL;
	if (rootName.Count() > 0)
		{
		for (TInt i = 0; i < count; i++)
			{
			candidate = iCerts[i];
			if (candidate->SubjectName().ExactMatchL(rootName))
				{
				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);
				User::LeaveIfError(aCandidates.Append(cert));
				CleanupStack::Pop();
				}
			}
		}
	else
		{
		for (TInt i = 0; i < count; i++)
			{
			candidate = iCerts[i];
			const CX500DistinguishedName& candidateName = candidate->SubjectName();
			if ((candidateName.Count() ==0) && (AltNameMatchL(aSubject, *candidate)))
				{
				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);
				User::LeaveIfError(aCandidates.Append(cert));
				CleanupStack::Pop();
				}
			}
		}

	TRequestStatus* status = &aStatus;
	User::RequestComplete(status, KErrNone);
	}

void CPKIXCertsFromClient::CancelCandidates()
	{
	// Nothing to do because the function completes immediately
	}

//private functions
CPKIXCertsFromClient::CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts)
	:iCerts(aCerts)
	{
	}