branch | RCL_3 |
changeset 19 | c74b3d9f6b9e |
parent 18 | bad0cc58d154 |
18:bad0cc58d154 | 19:c74b3d9f6b9e |
---|---|
14 * Description: EAP and WLAN authentication protocols. |
14 * Description: EAP and WLAN authentication protocols. |
15 * |
15 * |
16 */ |
16 */ |
17 |
17 |
18 /* |
18 /* |
19 * %version: 38.1.26 % |
19 * %version: 43 % |
20 */ |
20 */ |
21 |
21 |
22 // This is enumeration of EAPOL source code. |
22 // This is enumeration of EAPOL source code. |
23 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
23 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
24 #undef EAP_FILE_NUMBER_ENUM |
24 #undef EAP_FILE_NUMBER_ENUM |
32 #include "EapTlsPeapCertInterface.h" |
32 #include "EapTlsPeapCertInterface.h" |
33 #include "EapTlsPeapUtils.h" |
33 #include "EapTlsPeapUtils.h" |
34 #include <x509keys.h> |
34 #include <x509keys.h> |
35 #include <x509cert.h> |
35 #include <x509cert.h> |
36 #include "eap_tlv_message_data.h" |
36 #include "eap_tlv_message_data.h" |
37 #include "EapTraceSymbian.h" |
37 #include "eap_am_trace_symbian.h" |
38 #include "eap_automatic_variable.h" |
38 |
39 |
39 const TText8 KKeyStoreHandlePrefix[] = "EapTlsPeapKeyStoreHandler"; |
40 #if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
40 const TText8 KKeyStoreHandleKey[] = "CEapTlsPeapCertInterface KeyStore handle"; |
41 const TText8 KKeyStoreHandlePrefix[] = "EapTlsPeapKeyStoreHandler"; |
|
42 const TText8 KKeyStoreHandleKey[] = "CEapTlsPeapCertInterface KeyStore handle"; |
|
43 #endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
44 |
41 |
45 enum TAlgorithmAndSignedType |
42 enum TAlgorithmAndSignedType |
46 { |
43 { |
47 ERSASign = 1, |
44 ERSASign = 1, |
48 EDSASign, |
45 EDSASign, |
62 // Completition functions should be moved to abstract IF |
59 // Completition functions should be moved to abstract IF |
63 |
60 |
64 CEapTlsPeapCertInterface* CEapTlsPeapCertInterface::NewL(abs_eap_am_tools_c* const aTools, |
61 CEapTlsPeapCertInterface* CEapTlsPeapCertInterface::NewL(abs_eap_am_tools_c* const aTools, |
65 eap_am_type_tls_peap_symbian_c* const aParent) |
62 eap_am_type_tls_peap_symbian_c* const aParent) |
66 { |
63 { |
67 EAP_TRACE_DEBUG( |
|
68 aTools, |
|
69 TRACE_FLAGS_DEFAULT, |
|
70 (EAPL("CEapTlsPeapCertInterface::NewL()\n"))); |
|
71 |
|
72 EAP_TRACE_RETURN_STRING(aTools, "returns: CEapTlsPeapCertInterface::NewL()"); |
|
73 |
|
74 |
|
75 CEapTlsPeapCertInterface* self = new(ELeave) CEapTlsPeapCertInterface(aTools, aParent); |
64 CEapTlsPeapCertInterface* self = new(ELeave) CEapTlsPeapCertInterface(aTools, aParent); |
76 CleanupStack::PushL(self); |
65 CleanupStack::PushL(self); |
77 self->ConstructL(); |
66 self->ConstructL(); |
78 CleanupStack::Pop(); |
67 CleanupStack::Pop(); |
79 return self; |
68 return self; |
81 |
70 |
82 //-------------------------------------------------- |
71 //-------------------------------------------------- |
83 |
72 |
84 CEapTlsPeapCertInterface::CEapTlsPeapCertInterface(abs_eap_am_tools_c* const aTools, eap_am_type_tls_peap_symbian_c* const aParent) |
73 CEapTlsPeapCertInterface::CEapTlsPeapCertInterface(abs_eap_am_tools_c* const aTools, eap_am_type_tls_peap_symbian_c* const aParent) |
85 : CActive(CActive::EPriorityStandard) |
74 : CActive(CActive::EPriorityStandard) |
86 , iParent(aParent) |
75 ,iParent(aParent) |
87 , m_am_tools(aTools) |
76 ,m_am_tools(aTools) |
88 , iAllowedUserCerts(1) |
77 ,iAllowedUserCerts(1) |
89 , iEncodedCertificate(0) |
78 ,iEncodedCertificate(0) |
90 , iCertPtr(0,0) |
79 ,iCertPtr(0,0) |
91 , iMatchingUserCertInfos(1) |
80 ,iMatchingUserCertInfos(1) |
92 , iCAIndex(0) |
81 ,iCAIndex(0) |
93 , iUseAutomaticCaCertificate(EFalse) |
|
94 { |
82 { |
95 EAP_TRACE_DEBUG( |
|
96 m_am_tools, |
|
97 TRACE_FLAGS_DEFAULT, |
|
98 (EAPL("CEapTlsPeapCertInterface::CEapTlsPeapCertInterface()\n"))); |
|
99 |
|
100 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::CEapTlsPeapCertInterface()"); |
|
101 |
|
102 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
83 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
103 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
84 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
104 } |
85 } |
105 |
86 |
106 //-------------------------------------------------- |
87 //-------------------------------------------------- |
107 |
88 |
108 void CEapTlsPeapCertInterface::ConstructL() |
89 void CEapTlsPeapCertInterface::ConstructL() |
109 { |
90 { |
110 EAP_TRACE_DEBUG( |
91 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
111 m_am_tools, |
92 |
112 TRACE_FLAGS_DEFAULT, |
|
113 (EAPL("CEapTlsPeapCertInterface::ConstructL()\n"))); |
|
114 |
|
115 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ConstructL()"); |
|
116 |
|
117 User::LeaveIfError(iFs.Connect()); |
93 User::LeaveIfError(iFs.Connect()); |
118 |
94 |
119 CActiveScheduler::Add(this); |
95 CActiveScheduler::Add(this); |
120 |
96 |
121 iValidationResult = CPKIXValidationResult::NewL(); |
97 iValidationResult = CPKIXValidationResult::NewL(); |
128 |
104 |
129 //-------------------------------------------------- |
105 //-------------------------------------------------- |
130 |
106 |
131 CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface() |
107 CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface() |
132 { |
108 { |
133 EAP_TRACE_DEBUG( |
109 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
134 m_am_tools, |
110 |
135 TRACE_FLAGS_DEFAULT, |
|
136 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface()\n"))); |
|
137 |
|
138 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface()"); |
|
139 |
|
140 if(IsActive()) |
|
141 { |
|
142 Cancel(); |
|
143 } |
|
144 |
|
145 EAP_TRACE_DEBUG( |
|
146 m_am_tools, |
|
147 TRACE_FLAGS_DEFAULT, |
|
148 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iMatchingUserCerts.ResetAndDestroy(): count=%d\n"), |
|
149 iMatchingUserCerts.Count())); |
|
150 |
|
151 iMatchingUserCerts.ResetAndDestroy(); |
111 iMatchingUserCerts.ResetAndDestroy(); |
152 |
112 |
153 EAP_TRACE_DEBUG( |
113 iMatchingUserCertInfos.Reset(); |
154 m_am_tools, |
114 |
155 TRACE_FLAGS_DEFAULT, |
115 iAllowedUserCerts.Reset(); |
156 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iMatchingUserCertInfos.ResetAndDestroy(): count=%d\n"), |
|
157 iMatchingUserCertInfos.Count())); |
|
158 |
|
159 iMatchingUserCertInfos.ResetAndDestroy(); |
|
160 |
|
161 EAP_TRACE_DEBUG( |
|
162 m_am_tools, |
|
163 TRACE_FLAGS_DEFAULT, |
|
164 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iAllowedUserCerts.ResetAndDestroy(): count=%d\n"), |
|
165 iAllowedUserCerts.Count())); |
|
166 |
|
167 iAllowedUserCerts.ResetAndDestroy(); |
|
168 |
|
169 EAP_TRACE_DEBUG( |
|
170 m_am_tools, |
|
171 TRACE_FLAGS_DEFAULT, |
|
172 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iAllowedCACerts.ResetAndDestroy(): count=%d\n"), |
|
173 iAllowedCACerts.Count())); |
|
174 |
|
175 iAllowedCACerts.ResetAndDestroy(); |
|
176 |
|
177 EAP_TRACE_DEBUG( |
|
178 m_am_tools, |
|
179 TRACE_FLAGS_DEFAULT, |
|
180 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iRootCerts.ResetAndDestroy(): count=%d\n"), |
|
181 iRootCerts.Count())); |
|
182 |
116 |
183 iRootCerts.ResetAndDestroy(); |
117 iRootCerts.ResetAndDestroy(); |
184 |
|
185 EAP_TRACE_DEBUG( |
|
186 m_am_tools, |
|
187 TRACE_FLAGS_DEFAULT, |
|
188 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iUserCertChain.ResetAndDestroy(): count=%d\n"), |
|
189 iUserCertChain.Count())); |
|
190 |
|
191 iUserCertChain.ResetAndDestroy(); |
118 iUserCertChain.ResetAndDestroy(); |
192 |
119 |
193 EAP_TRACE_DEBUG( |
|
194 m_am_tools, |
|
195 TRACE_FLAGS_DEFAULT, |
|
196 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iCertAuthorities.ResetAndDestroy(): count=%d\n"), |
|
197 iCertAuthorities.Count())); |
|
198 |
|
199 iCertAuthorities.ResetAndDestroy(); |
120 iCertAuthorities.ResetAndDestroy(); |
200 |
121 |
201 EAP_TRACE_DEBUG( |
|
202 m_am_tools, |
|
203 TRACE_FLAGS_DEFAULT, |
|
204 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iCertInfos.Reset(): count=%d\n"), |
|
205 iCertInfos.Count())); |
|
206 |
|
207 TInt i(0); |
122 TInt i(0); |
208 for (i = 0; i < iCertInfos.Count(); i++) |
123 for (i = 0; i < iCertInfos.Count(); i++) |
209 { |
124 { |
210 iCertInfos[i]->Release(); |
125 iCertInfos[i]->Release(); |
211 } |
126 } |
212 iCertInfos.Reset(); |
127 iCertInfos.Reset(); |
213 |
128 |
214 EAP_TRACE_DEBUG( |
|
215 m_am_tools, |
|
216 TRACE_FLAGS_DEFAULT, |
|
217 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): iKeyInfos.Reset(): count=%d\n"), |
|
218 iKeyInfos.Count())); |
|
219 |
|
220 for (i = 0; i < iKeyInfos.Count(); i++) |
129 for (i = 0; i < iKeyInfos.Count(); i++) |
221 { |
130 { |
222 iKeyInfos[i]->Release(); |
131 iKeyInfos[i]->Release(); |
223 } |
132 } |
224 iKeyInfos.Reset(); |
133 iKeyInfos.Reset(); |
225 |
|
226 EAP_TRACE_DEBUG( |
|
227 m_am_tools, |
|
228 TRACE_FLAGS_DEFAULT, |
|
229 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): delete rest\n"))); |
|
230 |
134 |
231 delete iCertFilter; |
135 delete iCertFilter; |
232 delete iCertStore; |
136 delete iCertStore; |
233 delete iCertChain; |
137 delete iCertChain; |
234 delete iValidationResult; |
138 delete iValidationResult; |
240 delete iPtrOut; |
144 delete iPtrOut; |
241 delete iSignaturePtr; |
145 delete iSignaturePtr; |
242 delete iRSASignature; |
146 delete iRSASignature; |
243 delete iDSASignature; |
147 delete iDSASignature; |
244 delete iKeyFilter; |
148 delete iKeyFilter; |
245 |
149 |
246 #if !defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
150 iFs.Close(); |
247 |
151 |
248 delete iKeyStore; |
|
249 |
|
250 #endif //#if !defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
251 |
|
252 iFs.Close(); |
|
253 |
|
254 EAP_TRACE_DEBUG( |
152 EAP_TRACE_DEBUG( |
255 m_am_tools, |
153 m_am_tools, |
256 TRACE_FLAGS_DEFAULT, |
154 TRACE_FLAGS_DEFAULT, |
257 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): returns\n"))); |
155 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): returns\n"))); |
258 |
156 |
260 } |
158 } |
261 |
159 |
262 //-------------------------------------------------- |
160 //-------------------------------------------------- |
263 |
161 |
264 void CEapTlsPeapCertInterface::GetMatchingCertificatesL( |
162 void CEapTlsPeapCertInterface::GetMatchingCertificatesL( |
265 const RPointerArray<EapCertificateEntry>& aAllowedUserCerts, |
163 const RArray<SCertEntry>& aAllowedUserCerts, |
266 const TBool aUseCertAuthoritiesFilter, |
164 const TBool aUseCertAuthoritiesFilter, |
267 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const aCertAuthorities, |
165 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const aCertAuthorities, |
268 const TBool aUseCertTypesFilter, |
166 const TBool aUseCertTypesFilter, |
269 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const aCertTypes, |
167 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const aCertTypes, |
270 const TBool aUseAllowedCipherSuitesFilter, |
168 const TBool aUseAllowedCipherSuitesFilter, |
271 const RArray<TUint>& aAllowedCipherSuites) |
169 const RArray<TUint>& aAllowedCipherSuites) |
272 { |
170 { |
171 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
172 |
|
173 iUseCertAuthoritiesFilter = aUseCertAuthoritiesFilter; |
|
174 |
|
175 iUseCertTypesFilter = aUseCertTypesFilter; |
|
176 |
|
177 iUseAllowedCipherSuitesFilter = aUseAllowedCipherSuitesFilter; |
|
178 |
|
179 iAllowedUserCerts.Reset(); |
|
180 |
|
273 EAP_TRACE_DEBUG( |
181 EAP_TRACE_DEBUG( |
274 m_am_tools, |
182 m_am_tools, |
275 TRACE_FLAGS_DEFAULT, |
183 TRACE_FLAGS_DEFAULT, |
276 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): Total allowed user certs=%d, aAllowedUserCerts=0x%08x, iAllowedUserCerts=0x%08x, aCertAuthorities=0x%08x, aCertTypes=0x%08x, aAllowedCipherSuites=0x%08x\n"), |
184 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: Total allowed user certs=%d\n"), |
277 aAllowedUserCerts.Count(), |
185 aAllowedUserCerts.Count())); |
278 &aAllowedUserCerts, |
186 |
279 &iAllowedUserCerts, |
|
280 aCertAuthorities, |
|
281 aCertTypes, |
|
282 &aAllowedCipherSuites)); |
|
283 |
|
284 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::GetMatchingCertificatesL()"); |
|
285 |
|
286 iUseCertAuthoritiesFilter = aUseCertAuthoritiesFilter; |
|
287 |
|
288 iUseCertTypesFilter = aUseCertTypesFilter; |
|
289 |
|
290 iUseAllowedCipherSuitesFilter = aUseAllowedCipherSuitesFilter; |
|
291 |
|
292 EAP_TRACE_DEBUG( |
187 EAP_TRACE_DEBUG( |
293 m_am_tools, |
188 m_am_tools, |
294 TRACE_FLAGS_DEFAULT, |
189 TRACE_FLAGS_DEFAULT, |
295 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): iAllowedUserCerts.Count()=%d\n"), |
190 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL:UseCertAuthoritiesFilter=%d, UseCertTypesFilter=%d, UseAllowedCipherSuitesFilter=%d\n"), |
296 iAllowedUserCerts.Count())); |
191 iUseCertAuthoritiesFilter,iUseCertTypesFilter,iUseAllowedCipherSuitesFilter)); |
297 |
|
298 iAllowedUserCerts.ResetAndDestroy(); |
|
299 |
|
300 EAP_TRACE_DEBUG( |
|
301 m_am_tools, |
|
302 TRACE_FLAGS_DEFAULT, |
|
303 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL(): UseCertAuthoritiesFilter=%d, UseCertTypesFilter=%d, UseAllowedCipherSuitesFilter=%d\n"), |
|
304 iUseCertAuthoritiesFilter, |
|
305 iUseCertTypesFilter, |
|
306 iUseAllowedCipherSuitesFilter)); |
|
307 |
192 |
308 for (TInt j = 0; j < aAllowedUserCerts.Count(); j++) |
193 for (TInt j = 0; j < aAllowedUserCerts.Count(); j++) |
309 { |
194 { |
310 EapCertificateEntry * const copy_cert = aAllowedUserCerts[j]->Copy(); |
195 iAllowedUserCerts.AppendL(aAllowedUserCerts[j]); |
311 if (copy_cert == 0) |
196 |
312 { |
197 #if defined(_DEBUG) || defined(DEBUG) |
313 User::Leave(KErrNoMemory); |
198 |
314 } |
199 // This is just for the debug prints. |
315 |
200 TCertLabel tempLabel = iAllowedUserCerts[j].iLabel; |
316 iAllowedUserCerts.AppendL(copy_cert); |
201 TKeyIdentifier tempSubjectKeyId = iAllowedUserCerts[j].iSubjectKeyId; |
317 |
202 |
318 EAP_TRACE_SETTINGS(copy_cert); |
203 EAP_TRACE_DEBUG( |
204 m_am_tools, |
|
205 TRACE_FLAGS_DEFAULT, |
|
206 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: details of allowed user certs,Label=%S\n"), |
|
207 &tempLabel)); |
|
208 |
|
209 EAP_TRACE_DATA_DEBUG_SYMBIAN( ( "GetMatchingCertificatesL : Subject Key Id:", |
|
210 tempSubjectKeyId.Ptr(), tempSubjectKeyId.Size() ) ); |
|
211 #endif |
|
319 } |
212 } |
320 |
213 |
321 if (iCertAuthorities.Count() > 0) |
214 if (iCertAuthorities.Count() > 0) |
322 { |
215 { |
323 iCertAuthorities.ResetAndDestroy(); |
216 iCertAuthorities.ResetAndDestroy(); |
324 } |
217 } |
325 |
218 if (aUseCertAuthoritiesFilter) |
326 if (aUseCertAuthoritiesFilter |
|
327 && aCertAuthorities) |
|
328 { |
219 { |
329 for (TUint i = 0; i < aCertAuthorities->get_object_count(); i++) |
220 for (TUint i = 0; i < aCertAuthorities->get_object_count(); i++) |
330 { |
221 { |
331 HBufC8* buf = HBufC8::NewLC((aCertAuthorities->get_object(i))->get_data_length()); |
222 HBufC8* buf = HBufC8::NewLC((aCertAuthorities->get_object(i))->get_data_length()); |
332 TPtr8 ptr = buf->Des(); |
223 TPtr8 ptr = buf->Des(); |
333 ptr.Copy((aCertAuthorities->get_object(i))->get_data((aCertAuthorities->get_object(i))->get_data_length()), |
224 ptr.Copy((aCertAuthorities->get_object(i))->get_data((aCertAuthorities->get_object(i))->get_data_length()), |
334 (aCertAuthorities->get_object(i))->get_data_length()); |
225 (aCertAuthorities->get_object(i))->get_data_length()); |
335 |
226 |
336 // Try to form distiguished name |
227 // Try to form distiguished name |
337 CX500DistinguishedName* tmp = 0; |
228 CX500DistinguishedName* tmp = 0; |
338 TRAPD(error, tmp = CX500DistinguishedName::NewL(ptr)); |
229 TRAPD(err, tmp = CX500DistinguishedName::NewL(ptr)); |
339 if (error == KErrNone) |
230 if (err == KErrNone) |
340 { |
231 { |
341 CleanupStack::PushL(tmp); |
232 CleanupStack::PushL(tmp); |
342 // Distinguished name was found -> add it to array. |
233 // Distinguished name was found -> add it to array. |
343 User::LeaveIfError(iCertAuthorities.Append(tmp)); |
234 User::LeaveIfError(iCertAuthorities.Append(tmp)); |
344 CleanupStack::Pop(tmp); |
235 CleanupStack::Pop(tmp); |
372 |
263 |
373 iState = EGetMatchingCertsInitStore; |
264 iState = EGetMatchingCertsInitStore; |
374 |
265 |
375 if (iCertStore == 0) |
266 if (iCertStore == 0) |
376 { |
267 { |
377 iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); |
268 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
378 iCertStore->Initialize(iStatus); |
269 iCertStore->Initialize(iStatus); |
379 } |
270 } |
380 else |
271 else |
381 { |
272 { |
382 TRequestStatus* status = &iStatus; |
273 TRequestStatus* status = &iStatus; |
387 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
278 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
388 } |
279 } |
389 |
280 |
390 //-------------------------------------------------- |
281 //-------------------------------------------------- |
391 |
282 |
392 void CEapTlsPeapCertInterface::ReadCertificateL(EapCertificateEntry& aCertInfo, const TBool aRetrieveChain) |
283 void CEapTlsPeapCertInterface::ReadCertificateL(SCertEntry& aCertInfo, const TBool aRetrieveChain) |
393 { |
284 { |
394 EAP_TRACE_DEBUG( |
285 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
395 m_am_tools, |
|
396 TRACE_FLAGS_DEFAULT, |
|
397 (EAPL("CEapTlsPeapCertInterface::ReadCertificateL()\n"))); |
|
398 |
|
399 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ReadCertificateL()"); |
|
400 |
|
401 iCertInfo = aCertInfo; |
286 iCertInfo = aCertInfo; |
402 iRetrieveChain = aRetrieveChain; |
287 iRetrieveChain = aRetrieveChain; |
403 iState = EReadCertInitStore; |
288 iState = EReadCertInitStore; |
404 |
289 |
405 if (iCertStore == 0) |
290 if (iCertStore == 0) |
406 { |
291 { |
407 iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); |
292 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
408 iCertStore->Initialize(iStatus); |
293 iCertStore->Initialize(iStatus); |
409 } |
294 } |
410 else |
295 else |
411 { |
296 { |
412 TRequestStatus* status = &iStatus; |
297 TRequestStatus* status = &iStatus; |
416 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
301 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
417 } |
302 } |
418 |
303 |
419 //-------------------------------------------------- |
304 //-------------------------------------------------- |
420 |
305 |
421 void CEapTlsPeapCertInterface::ReadCACertificateL(EapCertificateEntry& aCertInfo) |
306 void CEapTlsPeapCertInterface::ReadCACertificateL(SCertEntry& aCertInfo) |
422 { |
307 { |
423 EAP_TRACE_DEBUG( |
308 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
424 m_am_tools, |
309 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("CEapTlsPeapCertInterface::ReadCACertificateL.\n"))); |
425 TRACE_FLAGS_DEFAULT, |
310 |
426 (EAPL("CEapTlsPeapCertInterface::ReadCACertificateL()\n"))); |
|
427 |
|
428 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ReadCACertificateL()"); |
|
429 |
|
430 iCertInfo = aCertInfo; |
311 iCertInfo = aCertInfo; |
431 iState = EReadCACertInitStore; |
312 iState = EReadCACertInitStore; |
432 |
313 |
433 if (iCertStore == 0) |
314 if (iCertStore == 0) |
434 { |
315 { |
435 iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); |
316 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
436 iCertStore->Initialize(iStatus); |
317 iCertStore->Initialize(iStatus); |
437 } |
318 } |
438 else |
319 else |
439 { |
320 { |
440 TRequestStatus* status = &iStatus; |
321 TRequestStatus* status = &iStatus; |
445 } |
326 } |
446 |
327 |
447 |
328 |
448 //-------------------------------------------------- |
329 //-------------------------------------------------- |
449 |
330 |
450 void CEapTlsPeapCertInterface::ValidateChainL( |
331 void CEapTlsPeapCertInterface::ValidateChainL(TDesC8& aCertChain, RArray<SCertEntry>& aAllowedCACerts) |
451 TDesC8& aCertChain, |
332 { |
452 RPointerArray<EapCertificateEntry>& aAllowedCACerts, |
333 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
453 const TBool aUseAutomaticCaCertificate) |
|
454 { |
|
455 EAP_TRACE_DEBUG( |
|
456 m_am_tools, |
|
457 TRACE_FLAGS_DEFAULT, |
|
458 (EAPL("CEapTlsPeapCertInterface::ValidateChainL(): aUseAutomaticCaCertificate=%d\n"), |
|
459 aUseAutomaticCaCertificate)); |
|
460 |
|
461 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::ValidateChainL()"); |
|
462 |
|
463 iUseAutomaticCaCertificate = aUseAutomaticCaCertificate; |
|
464 iCAIndex = 0; |
334 iCAIndex = 0; |
465 iAllowedCACerts.ResetAndDestroy(); |
335 iAllowedCACerts = aAllowedCACerts; |
466 |
|
467 if (!iUseAutomaticCaCertificate) |
|
468 { |
|
469 for (TInt j = 0; j < aAllowedCACerts.Count(); j++) |
|
470 { |
|
471 EapCertificateEntry * const copy_cert = aAllowedCACerts[j]->Copy(); |
|
472 if (copy_cert == 0) |
|
473 { |
|
474 User::Leave(KErrNoMemory); |
|
475 } |
|
476 |
|
477 iAllowedCACerts.AppendL(copy_cert); |
|
478 |
|
479 EAP_TRACE_SETTINGS(copy_cert); |
|
480 } |
|
481 } |
|
482 |
|
483 delete iInputCertChain; |
336 delete iInputCertChain; |
484 |
337 |
485 iInputCertChain = 0; |
338 iInputCertChain = 0; |
486 iInputCertChain = aCertChain.AllocL(); |
339 iInputCertChain = aCertChain.AllocL(); |
487 iState = EValidateChainInitStore; |
340 iState = EValidateChainInitStore; |
488 |
|
489 if (iCertStore == 0) |
341 if (iCertStore == 0) |
490 { |
342 { |
491 iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); |
343 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
492 iCertStore->Initialize(iStatus); |
344 iCertStore->Initialize(iStatus); |
493 } |
345 } |
494 else |
346 else |
495 { |
347 { |
496 TRequestStatus* status = &iStatus; |
348 TRequestStatus* status = &iStatus; |
497 User::RequestComplete(status, KErrNone); |
349 User::RequestComplete(status, KErrNone); |
498 } |
350 } |
499 |
|
500 SetActive(); |
351 SetActive(); |
501 |
|
502 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
352 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
503 } |
353 } |
504 |
354 |
505 //-------------------------------------------------- |
355 //-------------------------------------------------- |
506 |
356 |
507 void CEapTlsPeapCertInterface::DoCancel() |
357 void CEapTlsPeapCertInterface::DoCancel() |
508 { |
358 { |
359 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
360 |
|
509 EAP_TRACE_DEBUG( |
361 EAP_TRACE_DEBUG( |
510 m_am_tools, |
362 m_am_tools, |
511 TRACE_FLAGS_DEFAULT, |
363 TRACE_FLAGS_DEFAULT, |
512 (EAPL("CEapTlsPeapCertInterface::DoCancel()\n"))); |
364 (EAPL("CEapTlsPeapCertInterface::DoCancel()\n"))); |
513 |
|
514 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::DoCancel()"); |
|
515 |
365 |
516 if (iCertStore != 0 && iCertStore->IsActive()) |
366 if (iCertStore != 0 && iCertStore->IsActive()) |
517 { |
367 { |
518 EAP_TRACE_DEBUG( |
368 EAP_TRACE_DEBUG( |
519 m_am_tools, |
369 m_am_tools, |
608 } |
458 } |
609 |
459 |
610 //-------------------------------------------------- |
460 //-------------------------------------------------- |
611 |
461 |
612 void CEapTlsPeapCertInterface::SignL( |
462 void CEapTlsPeapCertInterface::SignL( |
613 const TKeyIdentifier& aKeyId, |
463 TKeyIdentifier& aKeyId, |
614 const TDesC8& aHashIn, |
464 const TDesC8& aHashIn, |
615 const TUint aSignatureLength) |
465 const TUint aSignatureLength) |
616 { |
466 { |
617 EAP_TRACE_DEBUG( |
467 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
618 m_am_tools, |
|
619 TRACE_FLAGS_DEFAULT, |
|
620 (EAPL("CEapTlsPeapCertInterface::SignL()\n"))); |
|
621 |
|
622 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::SignL()"); |
|
623 |
|
624 iKeyIdentifier = aKeyId; |
468 iKeyIdentifier = aKeyId; |
625 if (aHashIn.Size() > KMaxHashLength) |
469 if (aHashIn.Size() > KMaxHashLength) |
626 { |
470 { |
627 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Illegal hash size %d to SignL(), shoudbe <= %d.\n"), |
471 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Illegal hash size to SignL.\n"))); |
628 aHashIn.Size(), |
|
629 KMaxHashLength)); |
|
630 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
472 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
631 User::Leave(KErrGeneral); |
473 User::Leave(KErrGeneral); |
632 } |
474 } |
633 iHashIn.Copy(aHashIn); |
475 iHashIn.Copy(aHashIn); |
634 |
476 |
652 aHashIn.Length())); |
494 aHashIn.Length())); |
653 |
495 |
654 |
496 |
655 if (iKeyStore == 0) |
497 if (iKeyStore == 0) |
656 { |
498 { |
657 |
|
658 #if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
659 |
|
660 // Try to get the keystore class pointer from memory store |
499 // Try to get the keystore class pointer from memory store |
661 eap_variable_data_c key(m_am_tools); |
500 eap_variable_data_c key(m_am_tools); |
662 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
501 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
663 if (status != eap_status_ok) |
502 if (status != eap_status_ok) |
664 { |
503 { |
673 } |
512 } |
674 |
513 |
675 eap_tlv_message_data_c tlv_data(m_am_tools); |
514 eap_tlv_message_data_c tlv_data(m_am_tools); |
676 |
515 |
677 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
516 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
678 |
|
679 if (status != eap_status_ok) |
517 if (status != eap_status_ok) |
680 { |
518 { |
681 |
519 EAP_TRACE_DEBUG( |
682 #endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
520 m_am_tools, |
683 |
521 TRACE_FLAGS_DEFAULT, |
684 |
522 (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); |
685 EAP_TRACE_DEBUG( |
|
686 m_am_tools, |
|
687 TRACE_FLAGS_DEFAULT, |
|
688 (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::SignL(): cannot get previous CUnifiedKeyStore handle.\n"))); |
|
689 |
523 |
690 |
524 |
691 // At this point we can set the passphrase timeout because it the passphrase |
525 // At this point we can set the passphrase timeout because it the passphrase |
692 // cache in the FS token server is still empty. Passphrase timeout setting clears |
526 // cache in the FS token server is still empty. Passphrase timeout setting clears |
693 // the cache. |
527 // the cache. |
694 iState = ESignInitStore; |
528 iState = ESignInitStore; |
695 |
529 |
696 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
530 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
697 iKeyStore->Initialize(iStatus); |
531 iKeyStore->Initialize(iStatus); |
698 |
532 |
699 #if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
700 |
|
701 status = tlv_data.add_message_data( |
533 status = tlv_data.add_message_data( |
702 eap_type_tlspeap_stored_keystore_handle, |
534 eap_type_tlspeap_stored_keystore_handle, |
703 sizeof(iKeyStore), |
535 sizeof(iKeyStore), |
704 &iKeyStore); |
536 &iKeyStore); |
705 if (status != eap_status_ok) |
537 if (status != eap_status_ok) |
770 { |
602 { |
771 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
603 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
772 User::Leave(KErrGeneral); |
604 User::Leave(KErrGeneral); |
773 } |
605 } |
774 } |
606 } |
775 |
|
776 #endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
777 |
|
778 } |
607 } |
779 else |
608 else |
780 { |
609 { |
781 EAP_TRACE_DEBUG( |
|
782 m_am_tools, |
|
783 TRACE_FLAGS_DEFAULT, |
|
784 (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::SignL(): uses previous CUnifiedKeyStore handle.\n"))); |
|
785 |
|
786 // Skip passphrase setting because it clears the passphrase cache |
610 // Skip passphrase setting because it clears the passphrase cache |
787 iState = ESetPassphraseTimeout; |
611 iState = ESetPassphraseTimeout; |
788 |
612 |
789 TRequestStatus* status = &iStatus; |
613 TRequestStatus* status = &iStatus; |
790 User::RequestComplete(status, KErrNone); |
614 User::RequestComplete(status, KErrNone); |
791 } |
615 } |
792 |
|
793 SetActive(); |
616 SetActive(); |
794 |
617 |
795 |
618 |
796 |
619 |
797 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
620 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
798 } |
621 } |
799 |
622 |
800 //-------------------------------------------------- |
623 //-------------------------------------------------- |
801 |
624 |
802 void CEapTlsPeapCertInterface::DecryptL( |
625 void CEapTlsPeapCertInterface::DecryptL( |
803 const TKeyIdentifier& aKeyId, |
626 TKeyIdentifier& aKeyId, |
804 const TDesC8& aDataIn) |
627 const TDesC8& aDataIn) |
805 { |
628 { |
806 EAP_TRACE_DEBUG( |
629 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
807 m_am_tools, |
|
808 TRACE_FLAGS_DEFAULT, |
|
809 (EAPL("CEapTlsPeapCertInterface::DecryptL()\n"))); |
|
810 |
|
811 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::DecryptL()"); |
|
812 |
|
813 iKeyIdentifier = aKeyId; |
630 iKeyIdentifier = aKeyId; |
814 |
631 |
815 delete iDataIn; |
632 delete iDataIn; |
816 iDataIn = 0; |
633 iDataIn = 0; |
817 delete iDataOut; |
634 delete iDataOut; |
831 iState = EDecryptInitStore; |
648 iState = EDecryptInitStore; |
832 |
649 |
833 // Try to get the keystore handler class from memory store |
650 // Try to get the keystore handler class from memory store |
834 if (iKeyStore == 0) |
651 if (iKeyStore == 0) |
835 { |
652 { |
836 |
|
837 #if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
838 |
|
839 // Try to get the keystore class pointer from memory store |
653 // Try to get the keystore class pointer from memory store |
840 eap_variable_data_c key(m_am_tools); |
654 eap_variable_data_c key(m_am_tools); |
841 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
655 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
842 if (status != eap_status_ok) |
656 if (status != eap_status_ok) |
843 { |
657 { |
852 } |
666 } |
853 |
667 |
854 eap_tlv_message_data_c tlv_data(m_am_tools); |
668 eap_tlv_message_data_c tlv_data(m_am_tools); |
855 |
669 |
856 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
670 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
857 |
|
858 if (status != eap_status_ok) |
671 if (status != eap_status_ok) |
859 { |
672 { |
860 |
673 EAP_TRACE_DEBUG( |
861 #endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
674 m_am_tools, |
862 |
675 TRACE_FLAGS_DEFAULT, |
863 EAP_TRACE_DEBUG( |
676 (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); |
864 m_am_tools, |
|
865 TRACE_FLAGS_DEFAULT, |
|
866 (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): cannot get previous CUnifiedKeyStore handle.\n"))); |
|
867 |
677 |
868 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
678 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
869 iKeyStore->Initialize(iStatus); |
679 iKeyStore->Initialize(iStatus); |
870 |
680 |
871 #if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
872 |
|
873 status = tlv_data.add_message_data( |
681 status = tlv_data.add_message_data( |
874 eap_type_tlspeap_stored_keystore_handle, |
682 eap_type_tlspeap_stored_keystore_handle, |
875 sizeof(iKeyStore), |
683 sizeof(iKeyStore), |
876 &iKeyStore); |
684 &iKeyStore); |
877 if (status != eap_status_ok) |
685 if (status != eap_status_ok) |
893 else |
701 else |
894 { |
702 { |
895 EAP_TRACE_DEBUG( |
703 EAP_TRACE_DEBUG( |
896 m_am_tools, |
704 m_am_tools, |
897 TRACE_FLAGS_DEFAULT, |
705 TRACE_FLAGS_DEFAULT, |
898 (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): Found previous keystore handle.\n"))); |
706 (EAPL("EAP_type_TLSPEAP: Found previous keystore handle.\n"))); |
899 |
707 |
900 // Parse read data. |
708 // Parse read data. |
901 eap_array_c<eap_tlv_header_c> tlv_blocks(m_am_tools); |
709 eap_array_c<eap_tlv_header_c> tlv_blocks(m_am_tools); |
902 |
710 |
903 status = tlv_data.parse_message_data(&tlv_blocks); |
711 status = tlv_data.parse_message_data(&tlv_blocks); |
936 { |
744 { |
937 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
745 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
938 User::Leave(KErrGeneral); |
746 User::Leave(KErrGeneral); |
939 } |
747 } |
940 } |
748 } |
941 |
|
942 #endif //#if defined(USE_EAP_TLS_PEAP_UNIFIED_KEY_STORE_CACHE) |
|
943 |
|
944 } |
749 } |
945 else |
750 else |
946 { |
751 { |
947 EAP_TRACE_DEBUG( |
|
948 m_am_tools, |
|
949 TRACE_FLAGS_DEFAULT, |
|
950 (EAPL("EAP_type_TLSPEAP: CEapTlsPeapCertInterface::DecryptL(): uses previous CUnifiedKeyStore handle.\n"))); |
|
951 |
|
952 TRequestStatus* status = &iStatus; |
752 TRequestStatus* status = &iStatus; |
953 User::RequestComplete(status, KErrNone); |
753 User::RequestComplete(status, KErrNone); |
954 } |
754 } |
955 |
755 |
956 SetActive(); |
756 SetActive(); |
957 |
|
958 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
757 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
959 } |
758 } |
960 |
759 |
961 //-------------------------------------------------- |
760 //-------------------------------------------------- |
962 |
761 |
963 void CEapTlsPeapCertInterface::RunL() |
762 void CEapTlsPeapCertInterface::RunL() |
964 { |
763 { |
764 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
765 |
|
766 EAP_TRACE_DEBUG_SYMBIAN( |
|
767 (_L("CEapTlsPeapCertInterface::RunL(): TEMP iStatus=%d, iState=%d"), |
|
768 iStatus.Int(), iState)); |
|
769 |
|
965 EAP_TRACE_DEBUG( |
770 EAP_TRACE_DEBUG( |
966 m_am_tools, |
771 m_am_tools, |
967 TRACE_FLAGS_DEFAULT, |
772 TRACE_FLAGS_DEFAULT, |
968 (EAPL("CEapTlsPeapCertInterface::RunL(): TEMP iStatus=%d, iState=%d\n"), |
773 (EAPL("CEapTlsPeapCertInterface::RunL(): iStatus %d\n"), |
969 iStatus.Int(), |
774 iStatus.Int())); |
970 iState)); |
|
971 |
|
972 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::RunL()"); |
|
973 |
775 |
974 if (!(iStatus.Int() == KErrNone)) |
776 if (!(iStatus.Int() == KErrNone)) |
975 { |
777 { |
976 EAP_TRACE_ERROR( |
778 EAP_TRACE_ERROR( |
977 m_am_tools, |
779 m_am_tools, |
978 TRACE_FLAGS_DEFAULT, |
780 TRACE_FLAGS_DEFAULT, |
979 (EAPL("ERROR: EAP-TLS certificate interface failed: error=%d.\n"), |
781 (EAPL("ERROR: EAP-TLS certificate interface failed: %d.\n"), |
980 iStatus.Int())); |
782 iStatus.Int())); |
981 iParent->SendErrorNotification(eap_status_user_cancel_authentication); |
783 iParent->SendErrorNotification(eap_status_user_cancel_authentication); |
982 |
784 |
983 if(iState == ESignOpenKeyStore) |
785 if(iState == ESignOpenKeyStore) |
984 { |
786 { |
985 // User probably cancelled the keystore password query. |
787 // User probably cancelled the keystore password query. |
986 |
788 |
987 EAP_TRACE_DEBUG( |
789 EAP_TRACE_DEBUG_SYMBIAN( |
988 m_am_tools, |
790 (_L("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore Failed"))); |
989 TRACE_FLAGS_DEFAULT, |
791 |
990 (EAPL("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore Failed\n"))); |
|
991 |
|
992 if(iRSASigner != NULL) |
792 if(iRSASigner != NULL) |
993 { |
793 { |
994 iRSASigner->Release(); |
794 iRSASigner->Release(); |
995 |
795 |
996 EAP_TRACE_DEBUG( |
796 EAP_TRACE_DEBUG_SYMBIAN( |
997 m_am_tools, |
797 (_L("CEapTlsPeapCertInterface::RunL(): iRSASigner->Release() OK"))); |
998 TRACE_FLAGS_DEFAULT, |
798 |
999 (EAPL("CEapTlsPeapCertInterface::RunL(): iRSASigner->Release() OK\n"))); |
|
1000 } |
799 } |
1001 |
800 |
1002 if(iDSASigner != NULL) |
801 if(iDSASigner != NULL) |
1003 { |
802 { |
1004 iDSASigner->Release(); |
803 iDSASigner->Release(); |
1005 |
804 |
1006 EAP_TRACE_DEBUG( |
805 EAP_TRACE_DEBUG_SYMBIAN( |
1007 m_am_tools, |
806 (_L("CEapTlsPeapCertInterface::RunL(): iDSASigner->Release() OK"))); |
1008 TRACE_FLAGS_DEFAULT, |
|
1009 (EAPL("CEapTlsPeapCertInterface::RunL(): iDSASigner->Release() OK\n"))); |
|
1010 } |
807 } |
1011 } |
808 } |
1012 |
809 |
1013 return; |
810 return; |
1014 } |
811 } |
1031 { |
828 { |
1032 iCertInfos[i]->Release(); |
829 iCertInfos[i]->Release(); |
1033 } |
830 } |
1034 iCertInfos.Reset(); |
831 iCertInfos.Reset(); |
1035 |
832 |
1036 TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); |
833 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
1037 if (error != KErrNone) |
834 if (err != KErrNone) |
1038 { |
835 { |
1039 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
836 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1040 |
837 |
1041 RPointerArray<EapCertificateEntry> tmp(sizeof(EapCertificateEntry)); |
838 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1042 |
839 |
1043 m_am_tools->enter_global_mutex(); |
840 m_am_tools->enter_global_mutex(); |
1044 |
841 |
1045 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
842 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1046 |
843 |
1067 m_am_tools, |
864 m_am_tools, |
1068 TRACE_FLAGS_DEFAULT, |
865 TRACE_FLAGS_DEFAULT, |
1069 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize, Total Certs: iCertInfos.Count()=%d\n"), |
866 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize, Total Certs: iCertInfos.Count()=%d\n"), |
1070 iCertInfos.Count())); |
867 iCertInfos.Count())); |
1071 |
868 |
1072 iMatchingUserCertInfos.ResetAndDestroy(); |
869 iMatchingUserCertInfos.Reset(); |
1073 |
870 |
1074 // Remove non-allowed |
871 // Remove non-allowed |
1075 TInt i(0); |
872 TInt i(0); |
1076 TInt j(0); |
873 TInt j(0); |
1077 for (i = 0; i < iCertInfos.Count(); i++) |
874 for (i = 0; i < iCertInfos.Count(); i++) |
1078 { |
875 { |
1079 for (j = 0; j < iAllowedUserCerts.Count(); j++) |
876 for (j = 0; j < iAllowedUserCerts.Count(); j++) |
1080 { |
877 { |
1081 if ( (iCertInfos[i]->Label().Compare(*(iAllowedUserCerts[j]->GetLabel())) == 0 |
878 if ( (iCertInfos[i]->Label().Compare(iAllowedUserCerts[j].iLabel) == 0 |
1082 || iCertInfos[i]->Label().Length() == 0 |
879 || iCertInfos[i]->Label().Length() == 0 |
1083 || iAllowedUserCerts[j]->GetLabel()->Length() == 0) |
880 || iAllowedUserCerts[j].iLabel.Length() == 0) |
1084 && iCertInfos[i]->SubjectKeyId() == iAllowedUserCerts[j]->GetSubjectKeyId()) |
881 && iCertInfos[i]->SubjectKeyId() == iAllowedUserCerts[j].iSubjectKeyId) |
1085 { |
882 { |
1086 |
883 |
1087 EAP_TRACE_DEBUG( |
884 EAP_TRACE_DEBUG( |
1088 m_am_tools, |
885 m_am_tools, |
1089 TRACE_FLAGS_DEFAULT, |
886 TRACE_FLAGS_DEFAULT, |
1090 (EAPL("RunL(): EGetMatchingCertsInitialize, Found a Matching USER cert\n"))); |
887 (EAPL("RunL(): EGetMatchingCertsInitialize, Found a Matching USER cert\n"))); |
1091 |
888 |
1092 EAP_TRACE_DATA_DEBUG( |
889 EAP_TRACE_DEBUG( |
1093 m_am_tools, |
890 m_am_tools, |
1094 TRACE_FLAGS_DEFAULT, |
891 TRACE_FLAGS_DEFAULT, |
1095 (EAPL("RunL(): EGetMatchingCertsInitialize, Label of matching cert"), |
892 (EAPL("RunL(): EGetMatchingCertsInitialize,Label of matching cert=%S\n"), |
1096 iCertInfos[i]->Label().Ptr(), |
893 &(iCertInfos[i]->Label()))); |
1097 iCertInfos[i]->Label().Size())); |
894 |
1098 |
895 EAP_TRACE_DATA_DEBUG_SYMBIAN(("RunL(): EGetMatchingCertsInitialize,SubjectkeyID of matching cert", |
1099 EAP_TRACE_DATA_DEBUG( |
896 iCertInfos[i]->SubjectKeyId().Ptr(), iCertInfos[i]->SubjectKeyId().Size())); |
1100 m_am_tools, |
|
1101 TRACE_FLAGS_DEFAULT, |
|
1102 (EAPL("RunL(): EGetMatchingCertsInitialize, SubjectkeyID of matching cert"), |
|
1103 iCertInfos[i]->SubjectKeyId().Ptr(), |
|
1104 iCertInfos[i]->SubjectKeyId().Size())); |
|
1105 |
897 |
1106 break; |
898 break; |
1107 } |
899 } |
1108 } |
900 } |
1109 if (j == iAllowedUserCerts.Count()) |
901 if (j == iAllowedUserCerts.Count()) |
1110 { |
902 { |
1111 // Not allowed -> remove |
903 // Not allowed -> remove |
1112 iCertInfos.Remove(i); |
904 iCertInfos.Remove(i); |
1113 i--; |
905 i--; |
1114 } |
906 } |
1115 } |
907 } |
1116 |
|
1117 if (iCertInfos.Count() == 0) |
908 if (iCertInfos.Count() == 0) |
1118 { |
909 { |
1119 EAP_TRACE_DEBUG( |
910 EAP_TRACE_DEBUG( |
1120 m_am_tools, |
911 m_am_tools, |
1121 TRACE_FLAGS_DEFAULT, |
912 TRACE_FLAGS_DEFAULT, |
1122 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize - No matching Certificates.\n"))); |
913 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize - No matching Certificates.\n"))); |
1123 |
914 |
1124 // No matching certs |
915 // No matching certs |
1125 |
916 |
1126 // Timeout handles error situation |
917 CArrayFixFlat<SCertEntry>* tmp = NULL; |
1127 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
918 |
1128 |
919 TRAPD(err, tmp = new (ELeave) CArrayFixFlat<SCertEntry>(1) ); |
1129 m_am_tools->enter_global_mutex(); |
920 if (tmp == 0 || err != KErrNone) |
1130 |
921 { |
1131 iParent->complete_get_matching_certificates(empty, eap_status_illegal_certificate); //Failure |
922 // Timeout handles error situation |
1132 |
923 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1133 m_am_tools->leave_global_mutex(); |
924 } |
1134 |
925 |
926 m_am_tools->enter_global_mutex(); |
|
927 |
|
928 iParent->complete_get_matching_certificates(*tmp, eap_status_illegal_certificate); //Failure |
|
929 |
|
930 m_am_tools->leave_global_mutex(); |
|
931 |
|
932 delete tmp; |
|
1135 break; |
933 break; |
1136 } |
934 } |
1137 |
935 |
1138 // Get the first certificate |
936 // Get the first certificate |
1139 iUserCertIndex = 0; |
937 iUserCertIndex = 0; |
1142 |
940 |
1143 iState = EGetMatchingCertsLoop; |
941 iState = EGetMatchingCertsLoop; |
1144 |
942 |
1145 iEncodedCertificate->Des().SetLength(0); |
943 iEncodedCertificate->Des().SetLength(0); |
1146 |
944 |
1147 HBufC8 * tmpCert = 0; |
945 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
1148 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
946 if (err != KErrNone) |
1149 if (error != KErrNone) |
|
1150 { |
947 { |
1151 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
948 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1152 |
949 |
1153 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
950 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1154 |
951 |
1155 m_am_tools->enter_global_mutex(); |
952 m_am_tools->enter_global_mutex(); |
1156 |
953 |
1157 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
954 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1158 |
955 |
1159 m_am_tools->leave_global_mutex(); |
956 m_am_tools->leave_global_mutex(); |
1160 |
957 |
1161 break; |
958 break; |
1162 } |
959 } |
1163 |
960 |
1164 iEncodedCertificate = tmpCert; |
|
1165 |
|
1166 iCertPtr.Set(iEncodedCertificate->Des()); |
961 iCertPtr.Set(iEncodedCertificate->Des()); |
1167 |
962 |
1168 iCertStore->Retrieve( |
963 iCertStore->Retrieve( |
1169 *(iCertInfos[iUserCertIndex]), |
964 *(iCertInfos[iUserCertIndex]), |
1170 iCertPtr, |
965 iCertPtr, |
1171 iStatus); |
966 iStatus); |
1172 |
967 |
1173 SetActive(); |
968 SetActive(); |
1174 } |
969 } |
1175 break; |
970 break; |
1176 |
971 |
1177 case EGetMatchingCertsLoop: |
972 case EGetMatchingCertsLoop: |
1180 m_am_tools, |
975 m_am_tools, |
1181 TRACE_FLAGS_DEFAULT, |
976 TRACE_FLAGS_DEFAULT, |
1182 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsLoop\n"))); |
977 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsLoop\n"))); |
1183 |
978 |
1184 CX509Certificate* cert = 0; |
979 CX509Certificate* cert = 0; |
1185 TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
980 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1186 if (error != KErrNone || cert == 0) |
981 if (err != KErrNone || cert == 0) |
1187 { |
982 { |
1188 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
983 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1189 |
984 |
1190 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
985 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1191 |
986 |
1192 m_am_tools->enter_global_mutex(); |
987 m_am_tools->enter_global_mutex(); |
1193 |
988 |
1194 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
989 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1195 |
990 |
1196 m_am_tools->leave_global_mutex(); |
991 m_am_tools->leave_global_mutex(); |
1197 |
992 |
1198 break; |
993 break; |
1199 } |
994 } |
1201 if (iMatchingUserCerts.Append(cert) != KErrNone) |
996 if (iMatchingUserCerts.Append(cert) != KErrNone) |
1202 { |
997 { |
1203 delete cert; |
998 delete cert; |
1204 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
999 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1205 |
1000 |
1206 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
1001 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1207 |
1002 |
1208 m_am_tools->enter_global_mutex(); |
1003 m_am_tools->enter_global_mutex(); |
1209 |
1004 |
1210 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
1005 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1211 |
1006 |
1212 m_am_tools->leave_global_mutex(); |
1007 m_am_tools->leave_global_mutex(); |
1213 |
1008 |
1214 break; |
1009 break; |
1215 } |
1010 } |
1216 |
1011 |
1217 // No need to validate iCertInfos here as the execution doesn't come to this case if iCertInfos |
1012 // No need to validate iCertInfos here as the execution doesn't come to this case if iCertInfos |
1218 // is empty, check is done in the above case. |
1013 // is empty, check is done in the above case. |
1219 |
1014 |
1220 EapCertificateEntry * entry = new EapCertificateEntry; |
1015 SCertEntry entry; |
1221 if (entry == 0) |
1016 entry.iLabel.Copy(iCertInfos[iUserCertIndex]->Label()); |
1222 { |
1017 entry.iSubjectKeyId = iCertInfos[iUserCertIndex]->SubjectKeyId(); |
1223 // Timeout handles error situation |
1018 |
1224 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1019 TRAP(err, iMatchingUserCertInfos.AppendL(entry)); |
1225 |
1020 if (err != KErrNone) |
1226 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
|
1227 |
|
1228 m_am_tools->enter_global_mutex(); |
|
1229 |
|
1230 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
|
1231 |
|
1232 m_am_tools->leave_global_mutex(); |
|
1233 |
|
1234 delete entry; |
|
1235 |
|
1236 break; |
|
1237 } |
|
1238 |
|
1239 entry->SetLabel(iCertInfos[iUserCertIndex]->Label()); |
|
1240 entry->SetSubjectKeyId(iCertInfos[iUserCertIndex]->SubjectKeyId()); |
|
1241 |
|
1242 TRAP(error, iMatchingUserCertInfos.AppendL(entry)); |
|
1243 if (error != KErrNone) |
|
1244 { |
1021 { |
1245 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1022 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1246 |
1023 |
1247 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
1024 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1248 |
1025 |
1249 m_am_tools->enter_global_mutex(); |
1026 m_am_tools->enter_global_mutex(); |
1250 |
1027 |
1251 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
1028 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1252 |
1029 |
1253 m_am_tools->leave_global_mutex(); |
1030 m_am_tools->leave_global_mutex(); |
1254 |
1031 |
1255 delete entry; |
|
1256 |
|
1257 break; |
1032 break; |
1258 } |
1033 } |
1259 |
1034 |
1260 iUserCertIndex++; |
1035 iUserCertIndex++; |
1261 |
1036 |
1278 if (dn.ExactMatchL(*iCertAuthorities[j])) |
1053 if (dn.ExactMatchL(*iCertAuthorities[j])) |
1279 { |
1054 { |
1280 // Matches |
1055 // Matches |
1281 break; |
1056 break; |
1282 } |
1057 } |
1283 } // for() |
1058 } |
1284 |
|
1285 if (j == iCertAuthorities.Count()) |
1059 if (j == iCertAuthorities.Count()) |
1286 { |
1060 { |
1287 // No match. Remove |
1061 // No match. Remove |
1288 delete iMatchingUserCerts[i]; |
1062 delete iMatchingUserCerts[i]; |
1289 iMatchingUserCerts.Remove(i); |
1063 iMatchingUserCerts.Remove(i); |
1290 delete iMatchingUserCertInfos[i]; |
1064 iMatchingUserCertInfos.Delete(i); |
1291 iMatchingUserCertInfos.Remove(i); |
|
1292 i--; |
1065 i--; |
1293 |
1066 |
1294 EAP_TRACE_DEBUG( |
1067 EAP_TRACE_DEBUG( |
1295 m_am_tools, |
1068 m_am_tools, |
1296 TRACE_FLAGS_DEFAULT, |
1069 TRACE_FLAGS_DEFAULT, |
1297 (EAPL("RunL(): EGetMatchingCertsLoop Using CertAuthoritiesFilter - no distinguished name matching - Matching cert removed\n"))); |
1070 (EAPL("RunL(): EGetMatchingCertsLoop Using CertAuthoritiesFilter - no distinguished name matching - Matching cert removed\n"))); |
1298 } |
1071 } |
1299 } |
1072 } |
1300 } |
1073 } |
1301 // Check Certificate types |
1074 // Check Certificate types |
1302 if (iUseCertTypesFilter |
1075 if (iUseCertTypesFilter) |
1303 && iCertTypes != 0) |
|
1304 { |
1076 { |
1305 for (i = 0; i < (TInt) iMatchingUserCerts.Count(); i++) |
1077 for (i = 0; i < (TInt) iMatchingUserCerts.Count(); i++) |
1306 { |
1078 { |
1307 // Get the public key algorithm |
1079 // Get the public key algorithm |
1308 const CSubjectPublicKeyInfo& public_key = iMatchingUserCerts[i]->PublicKey(); |
1080 const CSubjectPublicKeyInfo& public_key = iMatchingUserCerts[i]->PublicKey(); |
1310 |
1082 |
1311 TUint j(0); |
1083 TUint j(0); |
1312 for (j = 0; j < iCertTypes->get_object_count(); j++) |
1084 for (j = 0; j < iCertTypes->get_object_count(); j++) |
1313 { |
1085 { |
1314 u8_t* val = iCertTypes->get_object(j); |
1086 u8_t* val = iCertTypes->get_object(j); |
1315 |
1087 if (algorithm == ERSA |
1316 if (val != 0) |
1088 && (*val == ERSASign |
1089 || *val == ERSASignWithFixedDH |
|
1090 || *val == ERSASignWithEphemeralDH)) |
|
1317 { |
1091 { |
1318 if (algorithm == ERSA |
1092 break; |
1319 && (*val == ERSASign |
|
1320 || *val == ERSASignWithFixedDH |
|
1321 || *val == ERSASignWithEphemeralDH)) |
|
1322 { |
|
1323 break; |
|
1324 } |
|
1325 else if (algorithm == EDSA |
|
1326 && (*val == EDSASign |
|
1327 || *val == EDSASignWithFixedDH |
|
1328 || *val == EDSASignWithEphemeralDH)) |
|
1329 { |
|
1330 break; |
|
1331 } |
|
1332 } |
1093 } |
1333 } // for() |
1094 if (algorithm == EDSA |
1334 |
1095 && (*val == EDSASign |
1096 || *val == EDSASignWithFixedDH |
|
1097 || *val == EDSASignWithEphemeralDH)) |
|
1098 { |
|
1099 break; |
|
1100 } |
|
1101 } |
|
1335 if (j == iCertTypes->get_object_count()) |
1102 if (j == iCertTypes->get_object_count()) |
1336 { |
1103 { |
1337 // No match. Remove |
1104 // No match. Remove |
1338 delete iMatchingUserCerts[i]; |
1105 delete iMatchingUserCerts[i]; |
1339 iMatchingUserCerts.Remove(i); |
1106 iMatchingUserCerts.Remove(i); |
1340 delete iMatchingUserCertInfos[i]; |
1107 iMatchingUserCertInfos.Delete(i); |
1341 iMatchingUserCertInfos.Remove(i); |
|
1342 i--; |
1108 i--; |
1343 |
1109 |
1344 EAP_TRACE_DEBUG( |
1110 EAP_TRACE_DEBUG( |
1345 m_am_tools, |
1111 m_am_tools, |
1346 TRACE_FLAGS_DEFAULT, |
1112 TRACE_FLAGS_DEFAULT, |
1348 algorithm)); |
1114 algorithm)); |
1349 } |
1115 } |
1350 |
1116 |
1351 } |
1117 } |
1352 } |
1118 } |
1353 |
|
1354 // Check cipher suites |
1119 // Check cipher suites |
1355 if (iUseAllowedCipherSuitesFilter) |
1120 if (iUseAllowedCipherSuitesFilter) |
1356 { |
1121 { |
1357 for (i = 0; i < static_cast<TUint> (iMatchingUserCerts.Count()); i++) |
1122 for (i = 0; i < static_cast<TUint> (iMatchingUserCerts.Count()); i++) |
1358 { |
1123 { |
1368 || (algorithm != ERSA && algorithm != EDSA)) |
1133 || (algorithm != ERSA && algorithm != EDSA)) |
1369 { |
1134 { |
1370 // No match. Remove |
1135 // No match. Remove |
1371 delete iMatchingUserCerts[i]; |
1136 delete iMatchingUserCerts[i]; |
1372 iMatchingUserCerts.Remove(i); |
1137 iMatchingUserCerts.Remove(i); |
1373 delete iMatchingUserCertInfos[i]; |
1138 iMatchingUserCertInfos.Delete(i); |
1374 iMatchingUserCertInfos.Remove(i); |
|
1375 i--; |
1139 i--; |
1376 |
1140 |
1377 EAP_TRACE_DEBUG( |
1141 EAP_TRACE_DEBUG( |
1378 m_am_tools, |
1142 m_am_tools, |
1379 TRACE_FLAGS_DEFAULT, |
1143 TRACE_FLAGS_DEFAULT, |
1394 |
1158 |
1395 iState = EGetMatchingCertsLoop; |
1159 iState = EGetMatchingCertsLoop; |
1396 |
1160 |
1397 iEncodedCertificate->Des().SetLength(0); |
1161 iEncodedCertificate->Des().SetLength(0); |
1398 |
1162 |
1399 HBufC8 * tmpCert = 0; |
1163 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
1400 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
1164 if (err != KErrNone) |
1401 if (error != KErrNone) |
|
1402 { |
1165 { |
1403 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1166 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1404 |
1167 |
1405 RPointerArray<EapCertificateEntry> empty(sizeof(EapCertificateEntry)); |
1168 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
1406 |
1169 |
1407 m_am_tools->enter_global_mutex(); |
1170 m_am_tools->enter_global_mutex(); |
1408 |
1171 |
1409 iParent->complete_get_matching_certificates(empty, eap_status_allocation_error); //Failure |
1172 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
1410 |
1173 |
1411 m_am_tools->leave_global_mutex(); |
1174 m_am_tools->leave_global_mutex(); |
1412 |
1175 |
1413 break; |
1176 break; |
1414 } |
1177 } |
1415 |
|
1416 iEncodedCertificate = tmpCert; |
|
1417 |
1178 |
1418 iCertPtr.Set(iEncodedCertificate->Des()); |
1179 iCertPtr.Set(iEncodedCertificate->Des()); |
1419 |
1180 |
1420 iCertStore->Retrieve( |
1181 iCertStore->Retrieve( |
1421 *(iCertInfos[iUserCertIndex]), |
1182 *(iCertInfos[iUserCertIndex]), |
1442 { |
1203 { |
1443 iCertInfos[i]->Release(); |
1204 iCertInfos[i]->Release(); |
1444 } |
1205 } |
1445 iCertInfos.Reset(); |
1206 iCertInfos.Reset(); |
1446 |
1207 |
1447 TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); |
1208 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
1448 if (error != KErrNone || iCertFilter == 0) |
1209 if (err != KErrNone || iCertFilter == 0) |
1449 { |
1210 { |
1450 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1211 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1451 |
1212 |
1452 RPointerArray<CX509Certificate> empty; |
1213 RPointerArray<CX509Certificate> tmp; |
1453 |
1214 |
1454 m_am_tools->enter_global_mutex(); |
1215 m_am_tools->enter_global_mutex(); |
1455 |
1216 |
1456 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1217 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1457 |
1218 |
1458 m_am_tools->leave_global_mutex(); |
1219 m_am_tools->leave_global_mutex(); |
1459 |
1220 |
1460 break; |
1221 break; |
1461 } |
1222 } |
1462 |
1223 |
1463 iCertFilter->SetFormat(EX509Certificate); |
1224 iCertFilter->SetFormat(EX509Certificate); |
1464 iCertFilter->SetOwnerType(EUserCertificate); |
1225 iCertFilter->SetOwnerType(EUserCertificate); |
1465 iCertFilter->SetSubjectKeyId(iCertInfo.GetSubjectKeyId()); |
1226 iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); |
1466 |
1227 if (iCertInfo.iLabel.Size()>0) |
1467 if (iCertInfo.GetLabel()->Size() > 0) |
1228 iCertFilter->SetLabel(iCertInfo.iLabel); // We can not use Label in the filter as certificates saved |
1468 { |
|
1469 iCertFilter->SetLabel(*(iCertInfo.GetLabel())); // We can not use Label in the filter as certificates saved |
|
1470 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
1229 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
1471 } |
|
1472 |
1230 |
1473 iState = EReadCertList; |
1231 iState = EReadCertList; |
1474 iCertStore->List( |
1232 iCertStore->List( |
1475 iCertInfos, |
1233 iCertInfos, |
1476 *iCertFilter, |
1234 *iCertFilter, |
1490 // Now we should have all the cert infos in iCertInfos. |
1248 // Now we should have all the cert infos in iCertInfos. |
1491 if (iCertInfos.Count() == 0) |
1249 if (iCertInfos.Count() == 0) |
1492 { |
1250 { |
1493 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCertList iCertInfos.Count = 0.\n"))); |
1251 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCertList iCertInfos.Count = 0.\n"))); |
1494 |
1252 |
1495 RPointerArray<CX509Certificate> empty; |
1253 RPointerArray<CX509Certificate> tmp; |
1496 |
1254 |
1497 m_am_tools->enter_global_mutex(); |
1255 m_am_tools->enter_global_mutex(); |
1498 |
1256 |
1499 iParent->complete_read_own_certificate(empty, eap_status_illegal_certificate); //Failure |
1257 iParent->complete_read_own_certificate(tmp, eap_status_illegal_certificate); //Failure |
1500 |
1258 |
1501 m_am_tools->leave_global_mutex(); |
1259 m_am_tools->leave_global_mutex(); |
1502 |
1260 |
1503 break; |
1261 break; |
1504 } |
1262 } |
1509 |
1267 |
1510 iState = EReadCert; |
1268 iState = EReadCert; |
1511 |
1269 |
1512 iEncodedCertificate->Des().SetLength(0); |
1270 iEncodedCertificate->Des().SetLength(0); |
1513 |
1271 |
1514 HBufC8 * tmpCert = 0; |
1272 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
1515 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
1273 if (err != KErrNone) |
1516 if (error != KErrNone) |
|
1517 { |
1274 { |
1518 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1275 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1519 |
1276 |
1520 RPointerArray<CX509Certificate> empty; |
1277 RPointerArray<CX509Certificate> tmp; |
1521 |
1278 |
1522 m_am_tools->enter_global_mutex(); |
1279 m_am_tools->enter_global_mutex(); |
1523 |
1280 |
1524 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1281 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1525 |
1282 |
1526 m_am_tools->leave_global_mutex(); |
1283 m_am_tools->leave_global_mutex(); |
1527 |
1284 |
1528 break; |
1285 break; |
1529 } |
1286 } |
1530 |
|
1531 iEncodedCertificate = tmpCert; |
|
1532 |
1287 |
1533 iCertPtr.Set(iEncodedCertificate->Des()); |
1288 iCertPtr.Set(iEncodedCertificate->Des()); |
1534 |
1289 |
1535 iCertStore->Retrieve( |
1290 iCertStore->Retrieve( |
1536 *info, |
1291 *info, |
1546 m_am_tools, |
1301 m_am_tools, |
1547 TRACE_FLAGS_DEFAULT, |
1302 TRACE_FLAGS_DEFAULT, |
1548 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCert\n"))); |
1303 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCert\n"))); |
1549 |
1304 |
1550 CX509Certificate* cert = 0; |
1305 CX509Certificate* cert = 0; |
1551 TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1306 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1552 if (error != KErrNone) |
1307 if (err != KErrNone) |
1553 { |
1308 { |
1554 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1309 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1555 |
1310 |
1556 RPointerArray<CX509Certificate> empty; |
1311 RPointerArray<CX509Certificate> tmp; |
1557 |
1312 |
1558 m_am_tools->enter_global_mutex(); |
1313 m_am_tools->enter_global_mutex(); |
1559 |
1314 |
1560 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1315 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1561 |
1316 |
1562 m_am_tools->leave_global_mutex(); |
1317 m_am_tools->leave_global_mutex(); |
1563 |
1318 |
1564 break; |
1319 break; |
1565 } |
1320 } |
1568 if (iUserCertChain.Append(cert) != KErrNone) |
1323 if (iUserCertChain.Append(cert) != KErrNone) |
1569 { |
1324 { |
1570 delete cert; |
1325 delete cert; |
1571 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1326 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1572 |
1327 |
1573 RPointerArray<CX509Certificate> empty; |
1328 RPointerArray<CX509Certificate> tmp; |
1574 |
1329 |
1575 m_am_tools->enter_global_mutex(); |
1330 m_am_tools->enter_global_mutex(); |
1576 |
1331 |
1577 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1332 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1578 |
1333 |
1579 m_am_tools->leave_global_mutex(); |
1334 m_am_tools->leave_global_mutex(); |
1580 |
1335 |
1581 break; |
1336 break; |
1582 } |
1337 } |
1590 { |
1345 { |
1591 // Init Symbian store for cert fetching |
1346 // Init Symbian store for cert fetching |
1592 iState = ERetrieveChainInitStore; |
1347 iState = ERetrieveChainInitStore; |
1593 if (iCertStore == 0) |
1348 if (iCertStore == 0) |
1594 { |
1349 { |
1595 iCertStore = CUnifiedCertStore::NewL(iFs, EFalse); |
1350 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
1596 iCertStore->Initialize(iStatus); |
1351 iCertStore->Initialize(iStatus); |
1597 } |
1352 } |
1598 else |
1353 else |
1599 { |
1354 { |
1600 TRequestStatus* status = &iStatus; |
1355 TRequestStatus* status = &iStatus; |
1624 { |
1379 { |
1625 iCertInfos[i]->Release(); |
1380 iCertInfos[i]->Release(); |
1626 } |
1381 } |
1627 iCertInfos.Reset(); |
1382 iCertInfos.Reset(); |
1628 |
1383 |
1629 TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); |
1384 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
1630 if (error != KErrNone) |
1385 if (err != KErrNone) |
1631 { |
1386 { |
1632 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1387 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1633 |
1388 |
1634 RPointerArray<CX509Certificate> empty; |
1389 RPointerArray<CX509Certificate> tmp; |
1635 |
1390 |
1636 m_am_tools->enter_global_mutex(); |
1391 m_am_tools->enter_global_mutex(); |
1637 |
1392 |
1638 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1393 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1639 |
1394 |
1640 m_am_tools->leave_global_mutex(); |
1395 m_am_tools->leave_global_mutex(); |
1641 |
1396 |
1642 break; |
1397 break; |
1643 } |
1398 } |
1698 iCAIndex = 0; |
1453 iCAIndex = 0; |
1699 |
1454 |
1700 iState = ECreateCertChain; |
1455 iState = ECreateCertChain; |
1701 |
1456 |
1702 iEncodedCertificate->Des().SetLength(0); |
1457 iEncodedCertificate->Des().SetLength(0); |
1703 |
1458 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
1704 HBufC8 * tmpCert = 0; |
1459 if (err != KErrNone) |
1705 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
|
1706 if (error != KErrNone) |
|
1707 { |
1460 { |
1708 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1461 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1709 |
1462 |
1710 RPointerArray<CX509Certificate> empty; |
1463 RPointerArray<CX509Certificate> tmp; |
1711 |
1464 |
1712 m_am_tools->enter_global_mutex(); |
1465 m_am_tools->enter_global_mutex(); |
1713 |
1466 |
1714 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1467 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1715 |
1468 |
1716 m_am_tools->leave_global_mutex(); |
1469 m_am_tools->leave_global_mutex(); |
1717 |
1470 |
1718 break; |
1471 break; |
1719 } |
1472 } |
1720 |
|
1721 iEncodedCertificate = tmpCert; |
|
1722 |
1473 |
1723 iCertPtr.Set(iEncodedCertificate->Des()); |
1474 iCertPtr.Set(iEncodedCertificate->Des()); |
1724 |
1475 |
1725 iCertStore->Retrieve( |
1476 iCertStore->Retrieve( |
1726 *info, |
1477 *info, |
1737 m_am_tools, |
1488 m_am_tools, |
1738 TRACE_FLAGS_DEFAULT, |
1489 TRACE_FLAGS_DEFAULT, |
1739 (EAPL("CEapTlsPeapCertInterface::RunL(): ECreateCertChain\n"))); |
1490 (EAPL("CEapTlsPeapCertInterface::RunL(): ECreateCertChain\n"))); |
1740 |
1491 |
1741 CX509Certificate* cert = 0; |
1492 CX509Certificate* cert = 0; |
1742 TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1493 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1743 if (error != KErrNone || cert == 0) |
1494 if (err != KErrNone || cert == 0) |
1744 { |
1495 { |
1745 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1496 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1746 |
1497 |
1747 RPointerArray<CX509Certificate> empty; |
1498 RPointerArray<CX509Certificate> tmp; |
1748 |
1499 |
1749 m_am_tools->enter_global_mutex(); |
1500 m_am_tools->enter_global_mutex(); |
1750 |
1501 |
1751 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1502 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1752 |
1503 |
1753 m_am_tools->leave_global_mutex(); |
1504 m_am_tools->leave_global_mutex(); |
1754 |
1505 |
1755 break; |
1506 break; |
1756 } |
1507 } |
1757 |
1508 |
1758 #if defined(_DEBUG) || defined(DEBUG) |
1509 #if defined(_DEBUG) || defined(DEBUG) |
1759 |
1510 |
1760 { |
|
1761 // No need to validate iCertInfos in here as it is done in case: EGetAllCerts |
1511 // No need to validate iCertInfos in here as it is done in case: EGetAllCerts |
1762 CCTCertInfo* tempInfo; |
1512 CCTCertInfo* tempInfo; |
1763 tempInfo = iCertInfos[iCAIndex]; |
1513 tempInfo = iCertInfos[iCAIndex]; |
1764 |
1514 |
1765 // These are for the trace debug. |
1515 // These are for the trace debug. |
1766 TCertLabel label = tempInfo->Label(); |
1516 TCertLabel label = tempInfo->Label(); |
1767 TKeyIdentifier SubjectKeyId = tempInfo->SubjectKeyId(); |
1517 TKeyIdentifier KeyIdentifier = tempInfo->SubjectKeyId(); |
1768 TKeyIdentifier IssuerId = tempInfo->IssuerKeyId(); |
1518 TKeyIdentifier IssuerId = tempInfo->IssuerKeyId(); |
1769 TCertificateFormat format = tempInfo->CertificateFormat(); |
1519 TCertificateFormat format = tempInfo->CertificateFormat(); |
1770 TCertificateOwnerType ownerType = tempInfo->CertificateOwnerType(); |
1520 TCertificateOwnerType ownerType = tempInfo->CertificateOwnerType(); |
1771 |
1521 |
1772 EAP_TRACE_DEBUG_SYMBIAN((_L("\n CEapTlsPeapCertInterface::RunL() : About to retrieve Cert with details, Label = %S"), |
1522 EAP_TRACE_DEBUG_SYMBIAN((_L("\n CEapTlsPeapCertInterface::RunL() : About to retrieve Cert with details, Label = %S"), &label)); |
1773 &label)); |
1523 EAP_TRACE_DEBUG_SYMBIAN((_L("Other detials- Format=%d, Owner type=%d, IsDeletable=%d, Type UID=%d"), |
1774 |
1524 format, ownerType, tempInfo->IsDeletable(), tempInfo->Type())); |
1775 EAP_TRACE_DEBUG( |
|
1776 m_am_tools, |
|
1777 TRACE_FLAGS_DEFAULT, |
|
1778 (EAPL("Other detials- Format=%d, Owner type=%d, IsDeletable=%d, Type UID=%d\n"), |
|
1779 format, |
|
1780 ownerType, |
|
1781 tempInfo->IsDeletable(), |
|
1782 tempInfo->Type())); |
|
1783 |
1525 |
1784 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Subject key Id is"), |
1526 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Subject key Id is"), |
1785 SubjectKeyId.Ptr(), |
1527 KeyIdentifier.Ptr(), |
1786 SubjectKeyId.Size())); |
1528 KeyIdentifier.Size())); |
1787 |
1529 |
1788 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Issuer Id is"), |
1530 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Issuer Id is"), |
1789 IssuerId.Ptr(), |
1531 IssuerId.Ptr(), |
1790 IssuerId.Size())); |
1532 IssuerId.Size())); |
1791 |
1533 |
1809 |
1551 |
1810 CleanupStack::PopAndDestroy(); // subKeyIdExt |
1552 CleanupStack::PopAndDestroy(); // subKeyIdExt |
1811 } |
1553 } |
1812 else |
1554 else |
1813 { |
1555 { |
1814 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("WARNING: No extension for this certificate\n"))); |
1556 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("WARNING: No extension for this certificate\n"))); |
1815 } |
1557 } |
1816 } |
1558 } |
1817 else |
1559 else |
1818 { |
1560 { |
1819 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: No Certs here!\n"))); |
1561 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: No Certs here!\n"))); |
1820 } |
1562 } |
1821 } |
1563 |
1822 |
|
1823 #endif |
1564 #endif |
1824 |
1565 |
1825 |
1566 |
1826 // Signal completition |
1567 // Signal completition |
1827 if (iRootCerts.Append(cert) != KErrNone) |
1568 if (iRootCerts.Append(cert) != KErrNone) |
1828 { |
1569 { |
1829 delete cert; |
1570 delete cert; |
1830 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1571 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1831 |
1572 |
1832 RPointerArray<CX509Certificate> empty; |
1573 RPointerArray<CX509Certificate> tmp; |
1833 |
1574 |
1834 m_am_tools->enter_global_mutex(); |
1575 m_am_tools->enter_global_mutex(); |
1835 |
1576 |
1836 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1577 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1837 |
1578 |
1838 m_am_tools->leave_global_mutex(); |
1579 m_am_tools->leave_global_mutex(); |
1839 |
1580 |
1840 break; |
1581 break; |
1841 } |
1582 } |
1885 { |
1626 { |
1886 // DSA signing |
1627 // DSA signing |
1887 const CSubjectPublicKeyInfo& key = iRootCerts[i]->PublicKey(); |
1628 const CSubjectPublicKeyInfo& key = iRootCerts[i]->PublicKey(); |
1888 const TPtrC8 params = key.EncodedParams(); |
1629 const TPtrC8 params = key.EncodedParams(); |
1889 |
1630 |
1890 TRAPD(error, dsaParams = CX509DSAPublicKey::DSAParametersL(params)); |
1631 TRAPD(err, dsaParams = CX509DSAPublicKey::DSAParametersL(params)); |
1891 if (error != KErrNone) |
1632 if (err != KErrNone) |
1892 { |
1633 { |
1893 |
1634 |
1894 RPointerArray<CX509Certificate> empty; |
1635 RPointerArray<CX509Certificate> tmp; |
1895 m_am_tools->enter_global_mutex(); |
1636 m_am_tools->enter_global_mutex(); |
1896 |
1637 |
1897 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1638 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1898 |
1639 |
1899 m_am_tools->leave_global_mutex(); |
1640 m_am_tools->leave_global_mutex(); |
1900 |
1641 |
1901 return; |
1642 return; |
1902 } |
1643 } |
1903 |
1644 |
1904 TRAP(error, signParams = CSigningKeyParameters::NewL()); |
1645 TRAP(err, signParams = CSigningKeyParameters::NewL()); |
1905 if (error != KErrNone) |
1646 if (err != KErrNone) |
1906 { |
1647 { |
1907 RPointerArray<CX509Certificate> empty; |
1648 RPointerArray<CX509Certificate> tmp; |
1908 |
1649 |
1909 m_am_tools->enter_global_mutex(); |
1650 m_am_tools->enter_global_mutex(); |
1910 |
1651 |
1911 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1652 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1912 |
1653 |
1913 m_am_tools->leave_global_mutex(); |
1654 m_am_tools->leave_global_mutex(); |
1914 |
1655 |
1915 delete dsaParams; |
1656 delete dsaParams; |
1916 return; |
1657 return; |
1917 } |
1658 } |
1918 TRAP(error, signParams->SetDSAParamsL(*dsaParams)); |
1659 TRAP(err, signParams->SetDSAParamsL(*dsaParams)); |
1919 if (error != KErrNone) |
1660 if (err != KErrNone) |
1920 { |
1661 { |
1921 RPointerArray<CX509Certificate> empty; |
1662 RPointerArray<CX509Certificate> tmp; |
1922 |
1663 |
1923 m_am_tools->enter_global_mutex(); |
1664 m_am_tools->enter_global_mutex(); |
1924 |
1665 |
1925 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1666 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1926 |
1667 |
1927 m_am_tools->leave_global_mutex(); |
1668 m_am_tools->leave_global_mutex(); |
1928 |
1669 |
1929 delete dsaParams; |
1670 delete dsaParams; |
1930 delete signParams; |
1671 delete signParams; |
1931 return; |
1672 return; |
1932 } |
1673 } |
1933 |
1674 |
1934 TRAP(error, iUserCertChain[iUserCertChain.Count()-1]->SetParametersL(*signParams)); |
1675 TRAP(err, iUserCertChain[iUserCertChain.Count()-1]->SetParametersL(*signParams)); |
1935 if (error != KErrNone) |
1676 if (err != KErrNone) |
1936 { |
1677 { |
1937 RPointerArray<CX509Certificate> empty; |
1678 RPointerArray<CX509Certificate> tmp; |
1938 m_am_tools->enter_global_mutex(); |
1679 m_am_tools->enter_global_mutex(); |
1939 |
1680 |
1940 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1681 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1941 |
1682 |
1942 m_am_tools->leave_global_mutex(); |
1683 m_am_tools->leave_global_mutex(); |
1943 |
1684 |
1944 delete dsaParams; |
1685 delete dsaParams; |
1945 delete signParams; |
1686 delete signParams; |
1953 if (iUserCertChain.Append(iRootCerts[i]) != KErrNone) |
1694 if (iUserCertChain.Append(iRootCerts[i]) != KErrNone) |
1954 { |
1695 { |
1955 delete dsaParams; |
1696 delete dsaParams; |
1956 delete signParams; |
1697 delete signParams; |
1957 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1698 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1958 |
1699 RPointerArray<CX509Certificate> tmp; |
1959 RPointerArray<CX509Certificate> empty; |
|
1960 |
1700 |
1961 m_am_tools->enter_global_mutex(); |
1701 m_am_tools->enter_global_mutex(); |
1962 |
1702 |
1963 iParent->complete_read_own_certificate(empty, eap_status_allocation_error); //Failure |
1703 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
1964 |
1704 |
1965 m_am_tools->leave_global_mutex(); |
1705 m_am_tools->leave_global_mutex(); |
1966 |
1706 |
1967 return; |
1707 return; |
1968 } |
1708 } |
1999 m_am_tools, |
1739 m_am_tools, |
2000 TRACE_FLAGS_DEFAULT, |
1740 TRACE_FLAGS_DEFAULT, |
2001 (EAPL("CEapTlsPeapCertInterface::RunL()- ECreateCertChain - Before Retrieve(): iCAIndex=%d, size=%d\n"), |
1741 (EAPL("CEapTlsPeapCertInterface::RunL()- ECreateCertChain - Before Retrieve(): iCAIndex=%d, size=%d\n"), |
2002 iCAIndex, info->Size())); |
1742 iCAIndex, info->Size())); |
2003 |
1743 |
1744 |
|
1745 |
|
2004 iEncodedCertificate->Des().SetLength(0); |
1746 iEncodedCertificate->Des().SetLength(0); |
2005 |
1747 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
2006 HBufC8 * tmpCert = 0; |
1748 if (err != KErrNone) |
2007 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
|
2008 if (error != KErrNone) |
|
2009 { |
1749 { |
2010 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1750 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2011 |
1751 |
2012 RPointerArray<CX509Certificate> empty; |
1752 RPointerArray<CX509Certificate> tmp; |
2013 |
1753 |
2014 m_am_tools->enter_global_mutex(); |
1754 m_am_tools->enter_global_mutex(); |
2015 |
1755 |
2016 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
1756 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2017 |
1757 |
2018 m_am_tools->leave_global_mutex(); |
1758 m_am_tools->leave_global_mutex(); |
2019 |
1759 |
2020 break; |
1760 break; |
2021 } |
1761 } |
2022 |
|
2023 iEncodedCertificate = tmpCert; |
|
2024 |
1762 |
2025 iCertPtr.Set(iEncodedCertificate->Des()); |
1763 iCertPtr.Set(iEncodedCertificate->Des()); |
2026 |
1764 |
2027 iCertStore->Retrieve( |
1765 iCertStore->Retrieve( |
2028 *info, |
1766 *info, |
2049 { |
1787 { |
2050 iCertInfos[i]->Release(); |
1788 iCertInfos[i]->Release(); |
2051 } |
1789 } |
2052 iCertInfos.Reset(); |
1790 iCertInfos.Reset(); |
2053 |
1791 |
2054 TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); |
1792 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
2055 if (error != KErrNone) |
1793 if (err != KErrNone) |
2056 { |
1794 { |
2057 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1795 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2058 |
1796 RPointerArray<CX509Certificate> tmp; |
2059 RPointerArray<CX509Certificate> empty; |
1797 |
2060 |
1798 m_am_tools->enter_global_mutex(); |
2061 m_am_tools->enter_global_mutex(); |
1799 |
2062 |
1800 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2063 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
|
2064 |
1801 |
2065 m_am_tools->leave_global_mutex(); |
1802 m_am_tools->leave_global_mutex(); |
2066 break; |
1803 break; |
2067 } |
1804 } |
2068 |
1805 |
2069 iCertFilter->SetFormat(EX509Certificate); |
1806 iCertFilter->SetFormat(EX509Certificate); |
2070 iCertFilter->SetOwnerType(ECACertificate); |
1807 iCertFilter->SetOwnerType(ECACertificate); |
2071 iCertFilter->SetSubjectKeyId(iCertInfo.GetSubjectKeyId()); |
1808 iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); |
2072 |
1809 if (iCertInfo.iLabel.Size()>0) |
2073 if (iCertInfo.GetLabel()->Size() > 0) |
1810 iCertFilter->SetLabel(iCertInfo.iLabel);// We can not use Label in the filter as certificates saved |
2074 { |
|
2075 iCertFilter->SetLabel(*(iCertInfo.GetLabel()));// We can not use Label in the filter as certificates saved |
|
2076 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
1811 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
2077 } |
|
2078 |
1812 |
2079 iState = EReadCACertList; |
1813 iState = EReadCACertList; |
2080 iCertStore->List( |
1814 iCertStore->List( |
2081 iCertInfos, |
1815 iCertInfos, |
2082 *iCertFilter, |
1816 *iCertFilter, |
2095 |
1829 |
2096 // Now we should have all the cert infos in iCertInfos. |
1830 // Now we should have all the cert infos in iCertInfos. |
2097 if (iCertInfos.Count() == 0) |
1831 if (iCertInfos.Count() == 0) |
2098 { |
1832 { |
2099 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCACertList iCertInfos.Count = 0.\n"))); |
1833 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCACertList iCertInfos.Count = 0.\n"))); |
2100 |
1834 RPointerArray<CX509Certificate> tmp; |
2101 RPointerArray<CX509Certificate> empty; |
1835 |
2102 |
1836 m_am_tools->enter_global_mutex(); |
2103 m_am_tools->enter_global_mutex(); |
1837 |
2104 |
1838 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2105 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
|
2106 |
1839 |
2107 m_am_tools->leave_global_mutex(); |
1840 m_am_tools->leave_global_mutex(); |
2108 break; |
1841 break; |
2109 } |
1842 } |
2110 |
1843 |
2114 |
1847 |
2115 iState = EReadCACert; |
1848 iState = EReadCACert; |
2116 |
1849 |
2117 iEncodedCertificate->Des().SetLength(0); |
1850 iEncodedCertificate->Des().SetLength(0); |
2118 |
1851 |
2119 HBufC8 * tmpCert = 0; |
1852 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
2120 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
1853 if (err != KErrNone) |
2121 if (error != KErrNone) |
|
2122 { |
1854 { |
2123 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1855 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2124 |
1856 RPointerArray<CX509Certificate> tmp; |
2125 RPointerArray<CX509Certificate> empty; |
1857 |
2126 |
1858 m_am_tools->enter_global_mutex(); |
2127 m_am_tools->enter_global_mutex(); |
1859 |
2128 |
1860 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2129 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
1861 |
2130 |
1862 m_am_tools->leave_global_mutex(); |
2131 m_am_tools->leave_global_mutex(); |
1863 break; |
2132 break; |
1864 } |
2133 } |
|
2134 |
|
2135 iEncodedCertificate = tmpCert; |
|
2136 |
1865 |
2137 iCertPtr.Set(iEncodedCertificate->Des()); |
1866 iCertPtr.Set(iEncodedCertificate->Des()); |
2138 |
1867 |
2139 iCertStore->Retrieve( |
1868 iCertStore->Retrieve( |
2140 *info, |
1869 *info, |
2157 TRACE_FLAGS_DEFAULT, |
1886 TRACE_FLAGS_DEFAULT, |
2158 (EAPL("CEapTlsPeapCertInterface::RunL():EncodedCertificate string size=%d\n"), |
1887 (EAPL("CEapTlsPeapCertInterface::RunL():EncodedCertificate string size=%d\n"), |
2159 iEncodedCertificate->Size())); |
1888 iEncodedCertificate->Size())); |
2160 |
1889 |
2161 CX509Certificate* cert = 0; |
1890 CX509Certificate* cert = 0; |
2162 TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
1891 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
2163 if (error != KErrNone) |
1892 if (err != KErrNone) |
2164 { |
1893 { |
2165 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1894 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2166 |
1895 RPointerArray<CX509Certificate> tmp; |
2167 RPointerArray<CX509Certificate> empty; |
1896 |
2168 |
1897 m_am_tools->enter_global_mutex(); |
2169 m_am_tools->enter_global_mutex(); |
1898 |
2170 |
1899 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2171 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
|
2172 |
1900 |
2173 m_am_tools->leave_global_mutex(); |
1901 m_am_tools->leave_global_mutex(); |
2174 break; |
1902 break; |
2175 } |
1903 } |
2176 |
1904 |
2178 iUserCertChain.ResetAndDestroy(); |
1906 iUserCertChain.ResetAndDestroy(); |
2179 if (iUserCertChain.Append(cert) != KErrNone) |
1907 if (iUserCertChain.Append(cert) != KErrNone) |
2180 { |
1908 { |
2181 delete cert; |
1909 delete cert; |
2182 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1910 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2183 |
1911 RPointerArray<CX509Certificate> tmp; |
2184 RPointerArray<CX509Certificate> empty; |
1912 |
2185 |
1913 m_am_tools->enter_global_mutex(); |
2186 m_am_tools->enter_global_mutex(); |
1914 |
2187 |
1915 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
2188 iParent->complete_read_ca_certificate(empty, eap_status_allocation_error); //Failure |
|
2189 |
1916 |
2190 m_am_tools->leave_global_mutex(); |
1917 m_am_tools->leave_global_mutex(); |
2191 break; |
1918 break; |
2192 } |
1919 } |
2193 |
1920 |
2210 { |
1937 { |
2211 iCertInfos[i]->Release(); |
1938 iCertInfos[i]->Release(); |
2212 } |
1939 } |
2213 iCertInfos.Reset(); |
1940 iCertInfos.Reset(); |
2214 |
1941 |
2215 TRAPD(error, iCertFilter = CCertAttributeFilter::NewL()); |
1942 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
2216 if (error != KErrNone) |
1943 if (err != KErrNone) |
2217 { |
1944 { |
2218 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
1945 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2219 |
1946 CPKIXValidationResult* tmp = 0; |
2220 const CPKIXValidationResult * const empty = 0; |
1947 |
2221 |
1948 m_am_tools->enter_global_mutex(); |
2222 m_am_tools->enter_global_mutex(); |
1949 |
2223 |
1950 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
2224 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
1951 |
2225 |
1952 m_am_tools->leave_global_mutex(); |
2226 m_am_tools->leave_global_mutex(); |
1953 break; |
2227 break; |
1954 } |
2228 } |
|
2229 |
|
2230 iCertFilter->SetOwnerType(ECACertificate); |
1955 iCertFilter->SetOwnerType(ECACertificate); |
2231 iCertFilter->SetFormat(EX509Certificate); |
1956 iCertFilter->SetFormat(EX509Certificate); |
2232 |
1957 |
2233 iState = EValidateChainGetCACertList; |
1958 iState = EValidateChainGetCACertList; |
2234 |
|
2235 iCertStore->List( |
1959 iCertStore->List( |
2236 iCertInfos, |
1960 iCertInfos, |
2237 *iCertFilter, |
1961 *iCertFilter, |
2238 iStatus); |
1962 iStatus); |
2239 SetActive(); |
1963 SetActive(); |
2246 m_am_tools, |
1970 m_am_tools, |
2247 TRACE_FLAGS_DEFAULT, |
1971 TRACE_FLAGS_DEFAULT, |
2248 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList\n"))); |
1972 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList\n"))); |
2249 |
1973 |
2250 int index; |
1974 int index; |
2251 TIdentityRelation<EapCertificateEntry> comparator(&EapTlsPeapUtils::CompareSCertEntries); |
1975 TIdentityRelation<SCertEntry> comparator(&EapTlsPeapUtils::CompareSCertEntries); |
2252 |
1976 // Remove disallowed CA certs from the array |
2253 if (iUseAutomaticCaCertificate) |
1977 for (TInt i = 0; i < iCertInfos.Count(); i++) |
2254 { |
1978 { |
2255 // All CA certificates are allowed. |
1979 SCertEntry certEntry; |
2256 EAP_TRACE_DEBUG( |
1980 certEntry.iLabel.Copy(iCertInfos[i]->Label()); |
2257 m_am_tools, |
1981 certEntry.iSubjectKeyId.Copy(iCertInfos[i]->SubjectKeyId()); |
2258 TRACE_FLAGS_DEFAULT, |
1982 index = iAllowedCACerts.Find(certEntry, comparator); |
2259 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList: All CA certificates are allowed.\n"))); |
1983 |
2260 } |
1984 if (index == KErrNotFound) |
2261 else |
|
2262 { |
|
2263 // Remove disallowed CA certs from the array |
|
2264 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
2265 { |
1985 { |
2266 EapCertificateEntry certEntry; |
1986 // Remove |
2267 certEntry.SetLabel(iCertInfos[i]->Label()); |
1987 iCertInfos[i]->Release(); |
2268 certEntry.SetSubjectKeyId(iCertInfos[i]->SubjectKeyId()); |
1988 iCertInfos.Remove(i); |
2269 index = iAllowedCACerts.Find(&certEntry, comparator); |
1989 i--; |
2270 |
|
2271 if (index == KErrNotFound) |
|
2272 { |
|
2273 // Remove |
|
2274 iCertInfos[i]->Release(); |
|
2275 iCertInfos.Remove(i); |
|
2276 i--; |
|
2277 } |
|
2278 } |
1990 } |
2279 } |
1991 } |
2280 |
|
2281 if (iCertInfos.Count() == 0) |
1992 if (iCertInfos.Count() == 0) |
2282 { |
1993 { |
2283 // Create new validation result for this failure case. |
1994 // Create new validation result for this failure case. |
2284 // CPKIXValidationResult does include a Reset-member function |
1995 // CPKIXValidationResult does include a Reset-member function |
2285 // but it is not in x500.lib as the documentation says. |
1996 // but it is not in x500.lib as the documentation says. |
2286 const CPKIXValidationResult * const empty = 0; |
1997 CPKIXValidationResult* validationResult = 0; |
2287 |
1998 TRAPD(err, validationResult = CPKIXValidationResult::NewL()); |
2288 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: No cert infos\n"))); |
1999 if (err != KErrNone) |
2289 |
|
2290 m_am_tools->enter_global_mutex(); |
|
2291 |
|
2292 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2293 |
|
2294 m_am_tools->leave_global_mutex(); |
|
2295 break; |
|
2296 } |
|
2297 |
|
2298 { |
|
2299 CCTCertInfo* info; |
|
2300 info = iCertInfos[0]; |
|
2301 iCAIndex = 0; |
|
2302 |
|
2303 iState = EValidateChainGetCACert; |
|
2304 |
|
2305 iEncodedCertificate->Des().SetLength(0); |
|
2306 |
|
2307 HBufC8 * tmpCert = 0; |
|
2308 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
|
2309 if (error != KErrNone) |
|
2310 { |
2000 { |
2311 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2001 // Do nothing. Session timeout takes care of cleanup... |
2312 |
2002 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2313 const CPKIXValidationResult * const empty = 0; |
2003 } |
2004 m_am_tools->enter_global_mutex(); |
|
2005 |
|
2006 iParent->complete_validate_chain(*validationResult, eap_status_ca_certificate_unknown); //Failure. |
|
2007 |
|
2008 m_am_tools->leave_global_mutex(); |
|
2009 delete validationResult; |
|
2010 break; |
|
2011 } |
|
2012 |
|
2013 CCTCertInfo* info; |
|
2014 info = iCertInfos[0]; |
|
2015 iCAIndex = 0; |
|
2016 |
|
2017 iState = EValidateChainGetCACert; |
|
2018 |
|
2019 iEncodedCertificate->Des().SetLength(0); |
|
2020 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
2021 if (err != KErrNone) |
|
2022 { |
|
2023 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2024 |
|
2025 CPKIXValidationResult* tmp = 0; |
|
2026 |
|
2027 m_am_tools->enter_global_mutex(); |
|
2028 |
|
2029 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2030 |
|
2031 m_am_tools->leave_global_mutex(); |
|
2032 break; |
|
2033 } |
|
2034 |
|
2035 iCertPtr.Set(iEncodedCertificate->Des()); |
|
2036 |
|
2037 iCertStore->Retrieve( |
|
2038 *info, |
|
2039 iCertPtr, |
|
2040 iStatus); |
|
2041 |
|
2042 SetActive(); |
|
2043 } |
|
2044 break; |
|
2045 |
|
2046 case EValidateChainGetCACert: |
|
2047 { |
|
2048 EAP_TRACE_DEBUG( |
|
2049 m_am_tools, |
|
2050 TRACE_FLAGS_DEFAULT, |
|
2051 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert\n"))); |
|
2052 |
|
2053 CX509Certificate* cert = 0; |
|
2054 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
2055 if (err != KErrNone) |
|
2056 { |
|
2057 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2058 CPKIXValidationResult* tmp = 0; |
|
2059 |
|
2060 m_am_tools->enter_global_mutex(); |
|
2061 |
|
2062 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2063 |
|
2064 m_am_tools->leave_global_mutex(); |
|
2065 break; |
|
2066 } |
|
2067 |
|
2068 // Signal completition |
|
2069 if (iRootCerts.Append(cert) != KErrNone) |
|
2070 { |
|
2071 delete cert; |
|
2072 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2073 CPKIXValidationResult* tmp = 0; |
|
2074 |
|
2075 m_am_tools->enter_global_mutex(); |
|
2076 |
|
2077 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2078 |
|
2079 m_am_tools->leave_global_mutex(); |
|
2080 break; |
|
2081 } |
|
2082 |
|
2083 iCAIndex++; |
|
2084 if (iCAIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
2085 { |
|
2086 delete iCertChain; |
|
2087 iCertChain = 0; |
|
2088 |
|
2089 TRAPD(err, iCertChain = CPKIXCertChain::NewL(iFs, *iInputCertChain, iRootCerts)); |
|
2090 if (err != KErrNone) |
|
2091 { |
|
2092 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EAP-TLS error %d.\n"), err)); |
|
2093 CPKIXValidationResult* tmp = 0; |
|
2314 |
2094 |
2315 m_am_tools->enter_global_mutex(); |
2095 m_am_tools->enter_global_mutex(); |
2316 |
2096 |
2317 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
2097 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
2318 |
2098 |
2319 m_am_tools->leave_global_mutex(); |
2099 m_am_tools->leave_global_mutex(); |
2320 break; |
2100 break; |
2321 } |
2101 } |
2322 |
2102 // Set the current time |
2323 iEncodedCertificate = tmpCert; |
2103 iTime.UniversalTime(); |
2324 |
2104 iState = EValidateChainEnd; |
2105 TRAP(err, iCertChain->ValidateL(*iValidationResult, iTime, iStatus)); |
|
2106 if (err != KErrNone) |
|
2107 { |
|
2108 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Error in certificate validation in EAP-TLS.\n"))); |
|
2109 CPKIXValidationResult* tmp = 0; |
|
2110 |
|
2111 m_am_tools->enter_global_mutex(); |
|
2112 |
|
2113 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2114 |
|
2115 m_am_tools->leave_global_mutex(); |
|
2116 break; |
|
2117 } |
|
2118 SetActive(); // Validate. |
|
2119 } |
|
2120 else |
|
2121 { |
|
2122 CCTCertInfo* info; |
|
2123 info = iCertInfos[iCAIndex]; |
|
2124 |
|
2125 iState = EValidateChainGetCACert; |
|
2126 |
|
2127 iEncodedCertificate->Des().SetLength(0); |
|
2128 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
2129 if (err != KErrNone) |
|
2130 { |
|
2131 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2132 CPKIXValidationResult* tmp = 0; |
|
2133 |
|
2134 m_am_tools->enter_global_mutex(); |
|
2135 |
|
2136 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2137 |
|
2138 m_am_tools->leave_global_mutex(); |
|
2139 break; |
|
2140 } |
|
2141 |
|
2325 iCertPtr.Set(iEncodedCertificate->Des()); |
2142 iCertPtr.Set(iEncodedCertificate->Des()); |
2326 |
2143 |
2327 iCertStore->Retrieve( |
2144 iCertStore->Retrieve( |
2328 *info, |
2145 *info, |
2329 iCertPtr, |
2146 iCertPtr, |
2330 iStatus); |
2147 iStatus); |
2331 |
2148 |
2332 SetActive(); |
|
2333 } |
|
2334 } |
|
2335 break; |
|
2336 |
|
2337 case EValidateChainGetCACert: |
|
2338 { |
|
2339 EAP_TRACE_DEBUG( |
|
2340 m_am_tools, |
|
2341 TRACE_FLAGS_DEFAULT, |
|
2342 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert\n"))); |
|
2343 |
|
2344 CX509Certificate* cert = 0; |
|
2345 TRAPD(error, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
2346 if (error != KErrNone) |
|
2347 { |
|
2348 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2349 |
|
2350 const CPKIXValidationResult * const empty = 0; |
|
2351 |
|
2352 m_am_tools->enter_global_mutex(); |
|
2353 |
|
2354 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2355 |
|
2356 m_am_tools->leave_global_mutex(); |
|
2357 break; |
|
2358 } |
|
2359 |
|
2360 // Signal completition |
|
2361 if (iRootCerts.Append(cert) != KErrNone) |
|
2362 { |
|
2363 delete cert; |
|
2364 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2365 |
|
2366 const CPKIXValidationResult * const empty = 0; |
|
2367 |
|
2368 m_am_tools->enter_global_mutex(); |
|
2369 |
|
2370 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2371 |
|
2372 m_am_tools->leave_global_mutex(); |
|
2373 break; |
|
2374 } |
|
2375 |
|
2376 iCAIndex++; |
|
2377 if (iCAIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
2378 { |
|
2379 delete iCertChain; |
|
2380 iCertChain = 0; |
|
2381 |
|
2382 TRAPD(error, iCertChain = CPKIXCertChain::NewL(iFs, *iInputCertChain, iRootCerts)); |
|
2383 if (error != KErrNone) |
|
2384 { |
|
2385 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EAP-TLS error %d.\n"), error)); |
|
2386 |
|
2387 const CPKIXValidationResult * const empty = 0; |
|
2388 |
|
2389 m_am_tools->enter_global_mutex(); |
|
2390 |
|
2391 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2392 |
|
2393 m_am_tools->leave_global_mutex(); |
|
2394 break; |
|
2395 } |
|
2396 |
|
2397 // Set the current time |
|
2398 iTime.UniversalTime(); |
|
2399 iState = EValidateChainEnd; |
|
2400 |
|
2401 EAP_TRACE_DEBUG( |
|
2402 m_am_tools, |
|
2403 TRACE_FLAGS_DEFAULT, |
|
2404 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert, calls iCertChain->ValidateL(), count of root CA certificates = %d\n"), |
|
2405 iRootCerts.Count())); |
|
2406 |
|
2407 TRAP(error, iCertChain->ValidateL(*iValidationResult, iTime, iStatus)); |
|
2408 if (error != KErrNone) |
|
2409 { |
|
2410 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Error in certificate validation in EAP-TLS, error = %d.\n"), |
|
2411 error)); |
|
2412 |
|
2413 const CPKIXValidationResult * const empty = 0; |
|
2414 |
|
2415 m_am_tools->enter_global_mutex(); |
|
2416 |
|
2417 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2418 |
|
2419 m_am_tools->leave_global_mutex(); |
|
2420 break; |
|
2421 } |
|
2422 SetActive(); // Validate. |
|
2423 } |
|
2424 else |
|
2425 { |
|
2426 CCTCertInfo* info; |
|
2427 info = iCertInfos[iCAIndex]; |
|
2428 |
|
2429 iState = EValidateChainGetCACert; |
|
2430 |
|
2431 iEncodedCertificate->Des().SetLength(0); |
|
2432 |
|
2433 HBufC8 * tmpCert = 0; |
|
2434 TRAPD(error, tmpCert = iEncodedCertificate->ReAllocL(info->Size())); |
|
2435 if (error != KErrNone) |
|
2436 { |
|
2437 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2438 |
|
2439 const CPKIXValidationResult * const empty = 0; |
|
2440 |
|
2441 m_am_tools->enter_global_mutex(); |
|
2442 |
|
2443 iParent->complete_validate_chain(empty, eap_status_ca_certificate_unknown); //Failure. |
|
2444 |
|
2445 m_am_tools->leave_global_mutex(); |
|
2446 break; |
|
2447 } |
|
2448 |
|
2449 iEncodedCertificate = tmpCert; |
|
2450 |
|
2451 iCertPtr.Set(iEncodedCertificate->Des()); |
|
2452 |
|
2453 iCertStore->Retrieve( |
|
2454 *info, |
|
2455 iCertPtr, |
|
2456 iStatus); |
|
2457 |
|
2458 SetActive(); |
2149 SetActive(); |
2459 } |
2150 } |
2460 } |
2151 } |
2461 break; |
2152 break; |
2462 |
2153 |
2463 case EValidateChainEnd: |
2154 case EValidateChainEnd: |
2464 |
2155 |
2465 EAP_TRACE_DEBUG( |
2156 EAP_TRACE_DEBUG( |
2466 m_am_tools, |
2157 m_am_tools, |
2467 TRACE_FLAGS_DEFAULT, |
2158 TRACE_FLAGS_DEFAULT, |
2468 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainEnd, iValidationResult->Error().iReason=%d\n"), |
2159 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainEnd\n"))); |
2469 iValidationResult->Error().iReason)); |
|
2470 |
2160 |
2471 m_am_tools->enter_global_mutex(); |
2161 m_am_tools->enter_global_mutex(); |
2472 |
2162 |
2473 iParent->complete_validate_chain(iValidationResult, eap_status_ok); |
2163 iParent->complete_validate_chain(*iValidationResult, eap_status_ok); |
2474 |
2164 |
2475 m_am_tools->leave_global_mutex(); |
2165 m_am_tools->leave_global_mutex(); |
2476 // Ignore error because there is nothing that can be done. |
2166 // Ignore error because there is nothing that can be done. |
2477 break; |
2167 break; |
2478 |
2168 |
2498 |
2188 |
2499 // Set up filter |
2189 // Set up filter |
2500 delete iKeyFilter; |
2190 delete iKeyFilter; |
2501 iKeyFilter = 0; |
2191 iKeyFilter = 0; |
2502 |
2192 |
2503 iKeyFilter = new (ELeave) TCTKeyAttributeFilter; |
2193 TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); |
2504 if (!iKeyFilter) |
2194 if (err != KErrNone) |
2505 { |
2195 { |
2506 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2196 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2507 RInteger tmp; |
2197 RInteger tmp; |
2508 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
2198 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
2509 break; |
2199 break; |
2621 RInteger R = RInteger::NewL(); |
2311 RInteger R = RInteger::NewL(); |
2622 |
2312 |
2623 CleanupStack::PushL(R); |
2313 CleanupStack::PushL(R); |
2624 |
2314 |
2625 iParent->complete_sign(R, reinterpret_cast<const RInteger&>(iRSASignature->S()), eap_status_ok); |
2315 iParent->complete_sign(R, reinterpret_cast<const RInteger&>(iRSASignature->S()), eap_status_ok); |
2316 |
|
2317 CleanupStack::PopAndDestroy(); |
|
2626 |
2318 |
2627 delete iRSASignature; |
2319 delete iRSASignature; |
2628 iRSASignature = 0; |
2320 iRSASignature = 0; |
2629 |
|
2630 CleanupStack::PopAndDestroy(); |
|
2631 |
2321 |
2632 iRSASigner->Release(); // This seems to be needed. |
2322 iRSASigner->Release(); // This seems to be needed. |
2633 } |
2323 } |
2634 else |
2324 else |
2635 { |
2325 { |
2653 |
2343 |
2654 // Set up filter |
2344 // Set up filter |
2655 delete iKeyFilter; |
2345 delete iKeyFilter; |
2656 iKeyFilter = 0; |
2346 iKeyFilter = 0; |
2657 |
2347 |
2658 iKeyFilter = new (ELeave) TCTKeyAttributeFilter; |
2348 TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); |
2659 if (!iKeyFilter) |
2349 if (err != KErrNone) |
2660 { |
2350 { |
2661 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2351 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
2662 TBuf8<1> tmp; |
2352 TBuf8<1> tmp; |
2663 iParent->complete_decrypt(tmp, eap_status_key_error); |
2353 iParent->complete_decrypt(tmp, eap_status_key_error); |
2664 break; |
2354 break; |
2742 } |
2432 } |
2743 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
2433 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
2744 return; |
2434 return; |
2745 } |
2435 } |
2746 |
2436 |
2747 //-------------------------------------------------- |
|
2748 |
|
2749 void CEapTlsPeapCertInterface::CancelSignWithPrivateKey() |
2437 void CEapTlsPeapCertInterface::CancelSignWithPrivateKey() |
2750 { |
2438 { |
2751 EAP_TRACE_DEBUG( |
2439 EAP_TRACE_DEBUG( |
2752 m_am_tools, |
2440 m_am_tools, |
2753 TRACE_FLAGS_DEFAULT, |
2441 TRACE_FLAGS_DEFAULT, |
2754 (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey(): iState=%d (13=ESign)\n"), |
2442 (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey():Cancelling Signing - iState=%d (13=ESign)\n"), |
2755 iState)); |
2443 iState)); |
2756 |
|
2757 EAP_TRACE_RETURN_STRING(m_am_tools, "returns: CEapTlsPeapCertInterface::CancelSignWithPrivateKey()"); |
|
2758 |
2444 |
2759 if(IsActive()) |
2445 if(IsActive()) |
2760 { |
2446 { |
2761 |
2447 |
2762 // We have to cancel singing if it is ongoing. Both for RSA and DSA. |
2448 // We have to cancel singing if it is ongoing. Both for RSA and DSA. |
2780 iDSASigner->CancelSign(); |
2466 iDSASigner->CancelSign(); |
2781 } |
2467 } |
2782 } |
2468 } |
2783 } |
2469 } |
2784 |
2470 |
2785 |
|
2786 //-------------------------------------------------- |
|
2787 // End of file |
2471 // End of file |