|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #ifndef CSTSSIGNATURESERVICE_H |
|
20 #define CSTSSIGNATURESERVICE_H |
|
21 |
|
22 // INCLUDES |
|
23 #include <e32base.h> |
|
24 #include <badesca.h> |
|
25 #include <mctkeystore.h> |
|
26 #include "functionserver.h" |
|
27 |
|
28 // CONSTANTS |
|
29 |
|
30 |
|
31 |
|
32 // FORWARD DECLARATIONS |
|
33 class MSecurityDialog; |
|
34 class MPKIDialog; |
|
35 class CUnifiedCertStore; |
|
36 class CUnifiedKeyStore; |
|
37 class CCTCertInfo; |
|
38 class CCertAttributeFilter; |
|
39 class CCTKeyInfo; |
|
40 class CCertificate; |
|
41 class CCMSSignerInfo; |
|
42 class CCMSX509Certificate; |
|
43 using namespace java::util; |
|
44 |
|
45 // CLASS DECLARATION |
|
46 /** |
|
47 * Provides signature services for cryptographic messages. |
|
48 * This class can be used for creating signatures for authentication |
|
49 * and non-repudiation purposes. |
|
50 * |
|
51 */ |
|
52 NONSHARABLE_CLASS(CSTSSignatureService): public CActive, public FunctionServer |
|
53 { |
|
54 |
|
55 public: // type definitions |
|
56 enum TState |
|
57 { |
|
58 EReady, |
|
59 EInitialising, |
|
60 EKeyStoreInit, |
|
61 EListing, |
|
62 EDialog, |
|
63 EGetCert, |
|
64 ERetrieveCert, |
|
65 EFindKey, |
|
66 EOpenSigner, |
|
67 ESign, |
|
68 EFinalNote, |
|
69 EERROR |
|
70 }; |
|
71 |
|
72 enum TAuthDialogType |
|
73 { |
|
74 EAuthWithoutText, |
|
75 EAuthWithText, |
|
76 ESignWithText |
|
77 }; |
|
78 |
|
79 public: // Constructors and destructor |
|
80 |
|
81 /** |
|
82 * Two-phased constructor. |
|
83 */ |
|
84 static CSTSSignatureService* NewL(); |
|
85 |
|
86 /** |
|
87 * Destructor. |
|
88 */ |
|
89 virtual ~CSTSSignatureService(); |
|
90 |
|
91 public: // New functions |
|
92 |
|
93 /** |
|
94 * Authenticates given data. |
|
95 * @param aBytesToAuthenticate bytes to be authenticated |
|
96 * @param aOptions bitmask of options |
|
97 * @param aCaNames array of distinguished names of certificate |
|
98 * authorities which are trusted to issue certificates which |
|
99 * may be used for authenticating a user. |
|
100 * @param aSecurityElementPrompt shown if the user needs to |
|
101 * insert a security element. |
|
102 * @param aShowData if true, the data is shown to the user |
|
103 * before authentication. |
|
104 * @return DER encoded signature |
|
105 */ |
|
106 HBufC8* AuthenticateL(const TDesC8& abytesToAuthenticate, |
|
107 TInt aOptions, |
|
108 const CDesCArray& acaNames, |
|
109 const TDesC& asecurityElementPrompt, |
|
110 TBool aShowData); |
|
111 |
|
112 static TInt StaticAuthenticateL( |
|
113 JNIEnv* aJniEnv, |
|
114 CSTSSignatureService* service, |
|
115 jbyteArray aByteArrayToAuthenticate, |
|
116 jint aOptions, |
|
117 jobjectArray aCaNames, |
|
118 jstring aSecurityElementPrompt, |
|
119 jboolean aShowData, |
|
120 HBufC8** aRetVal); |
|
121 |
|
122 |
|
123 /** |
|
124 * Signs given data. |
|
125 * @param aBytesToSign bytes to be authenticated |
|
126 * @param aOptions bitmask of options |
|
127 * @param aCaNames array of distinguished names of certificate |
|
128 * authorities which are trusted to issue certificates which |
|
129 * may be used for authenticating a user. |
|
130 * @param aSecurityElementPrompt shown if the user needs to |
|
131 * insert a security element. |
|
132 * @return DER encoded signature |
|
133 */ |
|
134 HBufC8* SignL(const TDesC8& aBytesToSign, |
|
135 TInt aOptions, |
|
136 const CDesCArray& aCaNames, |
|
137 const TDesC& aSecurityElementPrompt); |
|
138 |
|
139 |
|
140 // Wrapper function to use TRAP and Calmethod() of FunctionServer |
|
141 static TInt StaticSignL(JNIEnv* aJniEnv, |
|
142 CSTSSignatureService* service, |
|
143 jbyteArray aBytesToAuthenticate, |
|
144 jint aOptions, |
|
145 jobjectArray aCaNames, |
|
146 jstring aSecurityElementPrompt, |
|
147 HBufC8** aRetVal); |
|
148 |
|
149 |
|
150 public: // CActive |
|
151 |
|
152 /** |
|
153 * Handles an active object's request completion event. |
|
154 */ |
|
155 void RunL(); |
|
156 |
|
157 /** |
|
158 * Handles a leave occurring in the request completion event |
|
159 * handler RunL(). |
|
160 */ |
|
161 TInt RunError(TInt aError); |
|
162 |
|
163 /** |
|
164 * Implements cancellation of an outstanding request. |
|
165 */ |
|
166 void DoCancel(); |
|
167 |
|
168 private: |
|
169 |
|
170 /** |
|
171 * C++ default constructor. |
|
172 */ |
|
173 CSTSSignatureService(); |
|
174 |
|
175 /** |
|
176 * By default Symbian 2nd phase constructor is private. |
|
177 */ |
|
178 void ConstructL(); |
|
179 |
|
180 /** |
|
181 * Completes current asynchronic operation. |
|
182 * If aError is not KErrNone, sets iError before calling |
|
183 * iWait->AsyncStop(). |
|
184 * @param aError return value from the completed operation. |
|
185 */ |
|
186 void Complete(TInt aError); |
|
187 |
|
188 /** |
|
189 * Waits for the current asynchronic operation to complete. |
|
190 * Leaves with the error code if the asynchronic operation fails. |
|
191 */ |
|
192 void WaitForCompletionL(); |
|
193 |
|
194 /** |
|
195 * Creates a signature. |
|
196 * @param aCaNames distinguished names for certificate |
|
197 * authorities which are trusted to sign certificates. |
|
198 * @param aUsage Usage of the certificates (either |
|
199 * EX509UsageDigitalSignature or EX509UsageNonRepudiation ) |
|
200 * @param aSecurityElementPrompt displayed to user if key is |
|
201 * not found |
|
202 */ |
|
203 HBufC8* CreateSignatureL(const CDesCArray& aCaNames, |
|
204 const TKeyUsageX509 aUsage, |
|
205 const TDesC& aSecurityElementPrompt); |
|
206 |
|
207 /** |
|
208 * Fills iCertificateArray with applicable certificate handles. |
|
209 * Leaves with KErrNotFound if no certificates could be found. |
|
210 * @param aCaNames distinguished names for certificate |
|
211 * authorities which are trusted to sign certificates. |
|
212 * @param aUsage Usage of the certificates (either |
|
213 * EX509UsageDigitalSignature or EX509UsageNonRepudiation ) |
|
214 */ |
|
215 void FindCertificatesL(const CDesCArray& aCaNames, |
|
216 const TKeyUsageX509 aUsage); |
|
217 |
|
218 /** |
|
219 * Fills iCertificateArray from iCertInfos. |
|
220 */ |
|
221 void HandlesFromCertInfosL(); |
|
222 |
|
223 /** |
|
224 * Finds the key associated with iCertificate |
|
225 */ |
|
226 void FindKeyL(); |
|
227 |
|
228 /** |
|
229 * Opens a signer for the key in iKeys |
|
230 */ |
|
231 void OpenSignerL(); |
|
232 |
|
233 /** |
|
234 * Signs the message |
|
235 */ |
|
236 void SignL(); |
|
237 |
|
238 /** |
|
239 * Creates signed data |
|
240 */ |
|
241 void CreateSignedDataL(); |
|
242 |
|
243 /** |
|
244 * Converts data from UTF8 to Unicode |
|
245 * @param aUTF8String UTF8String to convert |
|
246 * @return Unicode string |
|
247 */ |
|
248 HBufC* ConvertUTF8ToUnicodeL(const TDesC8& aUTF8String); |
|
249 |
|
250 // From FunctionServer |
|
251 virtual void vmAttached(); |
|
252 virtual void doServerSideInit(); |
|
253 void AddToScheduler(); |
|
254 |
|
255 private: // Data |
|
256 |
|
257 // internal state |
|
258 TState iState; |
|
259 |
|
260 // internal error variable |
|
261 TInt iError; |
|
262 |
|
263 // type of current authentication operation |
|
264 TAuthDialogType iAuthType; |
|
265 |
|
266 // security dialog, owned |
|
267 MSecurityDialog* iDialog; |
|
268 |
|
269 // PKI Dialog, owned |
|
270 MPKIDialog* iPKIDialog; |
|
271 |
|
272 // certificate store, owned |
|
273 CUnifiedCertStore* iCertStore; |
|
274 |
|
275 // key store, owned |
|
276 CUnifiedKeyStore* iKeyStore; |
|
277 |
|
278 // Waits for the operation to complete. Owned. |
|
279 CActiveSchedulerWait* iWait; |
|
280 |
|
281 // Used by CUnifiedCertStore |
|
282 RFs iFileServer; |
|
283 |
|
284 // holds the selection of certificates which are displayed to the user |
|
285 RArray< TCTTokenObjectHandle > iCertificateArray; |
|
286 |
|
287 // certificate store places found certificates here |
|
288 RMPointerArray< CCTCertInfo > iCertInfos; |
|
289 |
|
290 // filter is used for searching appropriate certificates, owned |
|
291 CCertAttributeFilter* iFilter; |
|
292 |
|
293 // contains certificate authority distinguished names in DER |
|
294 // encoding. The descriptors are owned by iDERNamesHBufC, as |
|
295 // const pointers can't be deleted. |
|
296 RPointerArray< const TDesC8 > iDERNames; |
|
297 |
|
298 // contains certificate authority distinguished names in DER |
|
299 // encoding. Owns the descriptors. |
|
300 RPointerArray< HBufC8 > iDERNamesHBufC; |
|
301 |
|
302 // handle to the specific certificate which is used in |
|
303 // creation of the signature |
|
304 TCTTokenObjectHandle iCertificateHandle; |
|
305 |
|
306 // The certificate used in creation of the signature, owned |
|
307 CCTCertInfo* iCertificate; |
|
308 |
|
309 // The certificate in X.509 format, owned |
|
310 CCertificate* iX509Certificate; |
|
311 |
|
312 // Data to be signed; this is shown to the user. owned. |
|
313 HBufC* iTextToDisplay; |
|
314 |
|
315 // filter used to find the correct key from key store |
|
316 TCTKeyAttributeFilter iKeyFilter; |
|
317 |
|
318 // contains the key used for signing |
|
319 RMPointerArray< CCTKeyInfo > iKeys; |
|
320 |
|
321 // RSA Signer, owned |
|
322 MRSASigner* iRSASigner; |
|
323 |
|
324 // RSA Signature, owned |
|
325 CRSASignature* iRSASignature; |
|
326 |
|
327 // DSA Signer, owned |
|
328 MDSASigner* iDSASigner; |
|
329 |
|
330 // DSA Signature, owned |
|
331 CDSASignature* iDSASignature; |
|
332 |
|
333 // message to be signed |
|
334 TPtrC8 iMessage; |
|
335 |
|
336 // certificate to be included in the message, owned |
|
337 CCMSX509Certificate* iCMSCertificate; |
|
338 |
|
339 // SignerInfo to be included in the message, owned |
|
340 CCMSSignerInfo* iSignerInfo; |
|
341 |
|
342 // encoded signed attributes hash, owned |
|
343 HBufC8* iEncodedSignedAttributesHash; |
|
344 |
|
345 // pointer to the above |
|
346 TPtrC8 iEncodedSignedAttributesHashPointer; |
|
347 |
|
348 // signature, owned |
|
349 HBufC8* iSignature; |
|
350 |
|
351 // security element prompt, owned |
|
352 HBufC* iSecurityElementPrompt; |
|
353 |
|
354 // options |
|
355 TInt iOptions; |
|
356 |
|
357 // ETrue if signing done/cancelled notes are to be shown |
|
358 TBool iShowNotes; |
|
359 }; |
|
360 |
|
361 |
|
362 #endif // CSTSSIGNATURESERVICE_H |
|
363 |
|
364 // End of File |