|
1 /* |
|
2 * Copyright (c) 2001-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: EAP and WLAN authentication protocols. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // This is enumeration of EAPOL source code. |
|
20 #if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
21 #undef EAP_FILE_NUMBER_ENUM |
|
22 #define EAP_FILE_NUMBER_ENUM 390 |
|
23 #undef EAP_FILE_NUMBER_DATE |
|
24 #define EAP_FILE_NUMBER_DATE 1127594498 |
|
25 #endif //#if defined(USE_EAP_MINIMUM_RELEASE_TRACES) |
|
26 |
|
27 |
|
28 // INCLUDE FILES |
|
29 #include "EapTlsPeapCertInterface.h" |
|
30 #include "EapTlsPeapUtils.h" |
|
31 #include <x509keys.h> |
|
32 #include <x509cert.h> |
|
33 #include "eap_tlv_message_data.h" |
|
34 #include "eap_am_trace_symbian.h" |
|
35 |
|
36 const TText8 KKeyStoreHandlePrefix[] = "EapTlsPeapKeyStoreHandler"; |
|
37 const TText8 KKeyStoreHandleKey[] = "CEapTlsPeapCertInterface KeyStore handle"; |
|
38 |
|
39 enum TAlgorithmAndSignedType |
|
40 { |
|
41 ERSASign = 1, |
|
42 EDSASign, |
|
43 ERSASignWithFixedDH, |
|
44 EDSASignWithFixedDH, |
|
45 ERSASignWithEphemeralDH, |
|
46 EDSASignWithEphemeralDH |
|
47 }; |
|
48 |
|
49 enum eap_type_tlspeap_stored_e |
|
50 { |
|
51 eap_type_tlspeap_stored_keystore_handle = 1 |
|
52 }; |
|
53 |
|
54 // ================= MEMBER FUNCTIONS ======================= |
|
55 |
|
56 // Completition functions should be moved to abstract IF |
|
57 |
|
58 CEapTlsPeapCertInterface* CEapTlsPeapCertInterface::NewL(abs_eap_am_tools_c* const aTools, |
|
59 eap_am_type_tls_peap_symbian_c* const aParent) |
|
60 { |
|
61 CEapTlsPeapCertInterface* self = new(ELeave) CEapTlsPeapCertInterface(aTools, aParent); |
|
62 CleanupStack::PushL(self); |
|
63 self->ConstructL(); |
|
64 CleanupStack::Pop(); |
|
65 return self; |
|
66 } |
|
67 |
|
68 //-------------------------------------------------- |
|
69 |
|
70 CEapTlsPeapCertInterface::CEapTlsPeapCertInterface(abs_eap_am_tools_c* const aTools, eap_am_type_tls_peap_symbian_c* const aParent) |
|
71 : CActive(CActive::EPriorityStandard) |
|
72 ,iParent(aParent) |
|
73 ,m_am_tools(aTools) |
|
74 ,iAllowedUserCerts(1) |
|
75 ,iEncodedCertificate(0) |
|
76 ,iCertPtr(0,0) |
|
77 ,iMatchingUserCertInfos(1) |
|
78 ,iCAIndex(0) |
|
79 { |
|
80 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
81 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
82 } |
|
83 |
|
84 //-------------------------------------------------- |
|
85 |
|
86 void CEapTlsPeapCertInterface::ConstructL() |
|
87 { |
|
88 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
89 |
|
90 User::LeaveIfError(iFs.Connect()); |
|
91 |
|
92 CActiveScheduler::Add(this); |
|
93 |
|
94 iValidationResult = CPKIXValidationResult::NewL(); |
|
95 |
|
96 iEncodedCertificate = HBufC8::NewL(0); |
|
97 iCertPtr.Set(iEncodedCertificate->Des()); |
|
98 |
|
99 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
100 } |
|
101 |
|
102 //-------------------------------------------------- |
|
103 |
|
104 CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface() |
|
105 { |
|
106 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
107 |
|
108 iMatchingUserCerts.ResetAndDestroy(); |
|
109 |
|
110 iMatchingUserCertInfos.Reset(); |
|
111 |
|
112 iAllowedUserCerts.Reset(); |
|
113 |
|
114 iRootCerts.ResetAndDestroy(); |
|
115 iUserCertChain.ResetAndDestroy(); |
|
116 |
|
117 iCertAuthorities.ResetAndDestroy(); |
|
118 |
|
119 TInt i(0); |
|
120 for (i = 0; i < iCertInfos.Count(); i++) |
|
121 { |
|
122 iCertInfos[i]->Release(); |
|
123 } |
|
124 iCertInfos.Reset(); |
|
125 |
|
126 for (i = 0; i < iKeyInfos.Count(); i++) |
|
127 { |
|
128 iKeyInfos[i]->Release(); |
|
129 } |
|
130 iKeyInfos.Reset(); |
|
131 |
|
132 delete iCertFilter; |
|
133 delete iCertStore; |
|
134 delete iCertChain; |
|
135 delete iValidationResult; |
|
136 delete iInputCertChain; |
|
137 delete iEncodedCertificate; |
|
138 delete iDataIn; |
|
139 delete iDataOut; |
|
140 delete iSignature; |
|
141 delete iPtrOut; |
|
142 delete iSignaturePtr; |
|
143 |
|
144 iFs.Close(); |
|
145 |
|
146 EAP_TRACE_DEBUG( |
|
147 m_am_tools, |
|
148 TRACE_FLAGS_DEFAULT, |
|
149 (EAPL("CEapTlsPeapCertInterface::~CEapTlsPeapCertInterface(): returns\n"))); |
|
150 |
|
151 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
152 } |
|
153 |
|
154 //-------------------------------------------------- |
|
155 |
|
156 void CEapTlsPeapCertInterface::GetMatchingCertificatesL( |
|
157 const RArray<SCertEntry>& aAllowedUserCerts, |
|
158 const TBool aUseCertAuthoritiesFilter, |
|
159 EAP_TEMPLATE_CONST eap_array_c<eap_variable_data_c> * const aCertAuthorities, |
|
160 const TBool aUseCertTypesFilter, |
|
161 EAP_TEMPLATE_CONST eap_array_c<u8_t> * const aCertTypes, |
|
162 const TBool aUseAllowedCipherSuitesFilter, |
|
163 const RArray<TUint>& aAllowedCipherSuites) |
|
164 { |
|
165 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
166 |
|
167 iUseCertAuthoritiesFilter = aUseCertAuthoritiesFilter; |
|
168 |
|
169 iUseCertTypesFilter = aUseCertTypesFilter; |
|
170 |
|
171 iUseAllowedCipherSuitesFilter = aUseAllowedCipherSuitesFilter; |
|
172 |
|
173 iAllowedUserCerts.Reset(); |
|
174 |
|
175 EAP_TRACE_DEBUG( |
|
176 m_am_tools, |
|
177 TRACE_FLAGS_DEFAULT, |
|
178 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: Total allowed user certs=%d\n"), |
|
179 aAllowedUserCerts.Count())); |
|
180 |
|
181 EAP_TRACE_DEBUG( |
|
182 m_am_tools, |
|
183 TRACE_FLAGS_DEFAULT, |
|
184 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL:UseCertAuthoritiesFilter=%d, UseCertTypesFilter=%d, UseAllowedCipherSuitesFilter=%d\n"), |
|
185 iUseCertAuthoritiesFilter,iUseCertTypesFilter,iUseAllowedCipherSuitesFilter)); |
|
186 |
|
187 for (TInt j = 0; j < aAllowedUserCerts.Count(); j++) |
|
188 { |
|
189 iAllowedUserCerts.AppendL(aAllowedUserCerts[j]); |
|
190 |
|
191 #if defined(_DEBUG) || defined(DEBUG) |
|
192 |
|
193 // This is just for the debug prints. |
|
194 TCertLabel tempLabel = iAllowedUserCerts[j].iLabel; |
|
195 TKeyIdentifier tempSubjectKeyId = iAllowedUserCerts[j].iSubjectKeyId; |
|
196 |
|
197 EAP_TRACE_DEBUG( |
|
198 m_am_tools, |
|
199 TRACE_FLAGS_DEFAULT, |
|
200 (EAPL("CEapTlsPeapCertInterface::GetMatchingCertificatesL: details of allowed user certs,Label=%S\n"), |
|
201 &tempLabel)); |
|
202 |
|
203 EAP_TRACE_DATA_DEBUG_SYMBIAN( ( "GetMatchingCertificatesL : Subject Key Id:", |
|
204 tempSubjectKeyId.Ptr(), tempSubjectKeyId.Size() ) ); |
|
205 #endif |
|
206 } |
|
207 |
|
208 if (iCertAuthorities.Count() > 0) |
|
209 { |
|
210 iCertAuthorities.ResetAndDestroy(); |
|
211 } |
|
212 if (aUseCertAuthoritiesFilter) |
|
213 { |
|
214 for (TUint i = 0; i < aCertAuthorities->get_object_count(); i++) |
|
215 { |
|
216 HBufC8* buf = HBufC8::NewLC((aCertAuthorities->get_object(i))->get_data_length()); |
|
217 TPtr8 ptr = buf->Des(); |
|
218 ptr.Copy((aCertAuthorities->get_object(i))->get_data((aCertAuthorities->get_object(i))->get_data_length()), |
|
219 (aCertAuthorities->get_object(i))->get_data_length()); |
|
220 |
|
221 // Try to form distiguished name |
|
222 CX500DistinguishedName* tmp = 0; |
|
223 TRAPD(err, tmp = CX500DistinguishedName::NewL(ptr)); |
|
224 if (err == KErrNone) |
|
225 { |
|
226 CleanupStack::PushL(tmp); |
|
227 // Distinguished name was found -> add it to array. |
|
228 User::LeaveIfError(iCertAuthorities.Append(tmp)); |
|
229 CleanupStack::Pop(tmp); |
|
230 } |
|
231 CleanupStack::PopAndDestroy(buf); |
|
232 } |
|
233 } |
|
234 |
|
235 if (aUseCertTypesFilter) |
|
236 { |
|
237 iCertTypes = aCertTypes; |
|
238 } |
|
239 |
|
240 if (aUseAllowedCipherSuitesFilter) |
|
241 { |
|
242 iRSACertsAllowed = EFalse; |
|
243 iDSACertsAllowed = EFalse; |
|
244 |
|
245 for (TInt i = 0; i < aAllowedCipherSuites.Count(); i++) |
|
246 { |
|
247 if (EapTlsPeapUtils::CipherSuiteUseRSAKeys(static_cast<tls_cipher_suites_e>(aAllowedCipherSuites[i]))) |
|
248 { |
|
249 iRSACertsAllowed = ETrue; |
|
250 } |
|
251 else if (EapTlsPeapUtils::CipherSuiteUseDSAKeys(static_cast<tls_cipher_suites_e>(aAllowedCipherSuites[i]))) |
|
252 { |
|
253 iDSACertsAllowed = ETrue; |
|
254 } |
|
255 } |
|
256 } |
|
257 |
|
258 iState = EGetMatchingCertsInitStore; |
|
259 |
|
260 if (iCertStore == 0) |
|
261 { |
|
262 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
|
263 iCertStore->Initialize(iStatus); |
|
264 } |
|
265 else |
|
266 { |
|
267 TRequestStatus* status = &iStatus; |
|
268 User::RequestComplete(status, KErrNone); |
|
269 } |
|
270 SetActive(); |
|
271 |
|
272 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
273 } |
|
274 |
|
275 //-------------------------------------------------- |
|
276 |
|
277 void CEapTlsPeapCertInterface::ReadCertificateL(SCertEntry& aCertInfo, const TBool aRetrieveChain) |
|
278 { |
|
279 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
280 iCertInfo = aCertInfo; |
|
281 iRetrieveChain = aRetrieveChain; |
|
282 iState = EReadCertInitStore; |
|
283 |
|
284 if (iCertStore == 0) |
|
285 { |
|
286 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
|
287 iCertStore->Initialize(iStatus); |
|
288 } |
|
289 else |
|
290 { |
|
291 TRequestStatus* status = &iStatus; |
|
292 User::RequestComplete(status, KErrNone); |
|
293 } |
|
294 SetActive(); |
|
295 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
296 } |
|
297 |
|
298 //-------------------------------------------------- |
|
299 |
|
300 void CEapTlsPeapCertInterface::ReadCACertificateL(SCertEntry& aCertInfo) |
|
301 { |
|
302 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
303 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("CEapTlsPeapCertInterface::ReadCACertificateL.\n"))); |
|
304 |
|
305 iCertInfo = aCertInfo; |
|
306 iState = EReadCACertInitStore; |
|
307 |
|
308 if (iCertStore == 0) |
|
309 { |
|
310 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
|
311 iCertStore->Initialize(iStatus); |
|
312 } |
|
313 else |
|
314 { |
|
315 TRequestStatus* status = &iStatus; |
|
316 User::RequestComplete(status, KErrNone); |
|
317 } |
|
318 SetActive(); |
|
319 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
320 } |
|
321 |
|
322 |
|
323 //-------------------------------------------------- |
|
324 |
|
325 void CEapTlsPeapCertInterface::ValidateChainL(TDesC8& aCertChain, RArray<SCertEntry>& aAllowedCACerts) |
|
326 { |
|
327 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
328 iCAIndex = 0; |
|
329 iAllowedCACerts = aAllowedCACerts; |
|
330 delete iInputCertChain; |
|
331 |
|
332 iInputCertChain = 0; |
|
333 iInputCertChain = aCertChain.AllocL(); |
|
334 iState = EValidateChainInitStore; |
|
335 if (iCertStore == 0) |
|
336 { |
|
337 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
|
338 iCertStore->Initialize(iStatus); |
|
339 } |
|
340 else |
|
341 { |
|
342 TRequestStatus* status = &iStatus; |
|
343 User::RequestComplete(status, KErrNone); |
|
344 } |
|
345 SetActive(); |
|
346 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
347 } |
|
348 |
|
349 //-------------------------------------------------- |
|
350 |
|
351 void CEapTlsPeapCertInterface::DoCancel() |
|
352 { |
|
353 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
354 |
|
355 EAP_TRACE_DEBUG( |
|
356 m_am_tools, |
|
357 TRACE_FLAGS_DEFAULT, |
|
358 (EAPL("CEapTlsPeapCertInterface::DoCancel()\n"))); |
|
359 |
|
360 if (iCertStore != 0 && iCertStore->IsActive()) |
|
361 { |
|
362 EAP_TRACE_DEBUG( |
|
363 m_am_tools, |
|
364 TRACE_FLAGS_DEFAULT, |
|
365 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iCertStore->CancelInitialize and other cancels()\n"))); |
|
366 |
|
367 iCertStore->CancelInitialize(); |
|
368 iCertStore->CancelList(); |
|
369 iCertStore->CancelGetCert(); |
|
370 iCertStore->CancelRetrieve(); |
|
371 } |
|
372 |
|
373 // We have to cancel singing if it is ongoing. Both for RSA and DSA. |
|
374 if(iRSASigner != 0) |
|
375 { |
|
376 EAP_TRACE_DEBUG( |
|
377 m_am_tools, |
|
378 TRACE_FLAGS_DEFAULT, |
|
379 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iRSASigner->CancelSign()\n"))); |
|
380 |
|
381 iRSASigner->CancelSign(); |
|
382 |
|
383 EAP_TRACE_DEBUG( |
|
384 m_am_tools, |
|
385 TRACE_FLAGS_DEFAULT, |
|
386 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iRSASigner->Release()\n"))); |
|
387 |
|
388 iRSASigner->Release(); // This seems to be needed. |
|
389 } |
|
390 |
|
391 if(iDSASigner != 0) |
|
392 { |
|
393 EAP_TRACE_DEBUG( |
|
394 m_am_tools, |
|
395 TRACE_FLAGS_DEFAULT, |
|
396 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iDSASigner->CancelSign()\n"))); |
|
397 |
|
398 iDSASigner->CancelSign(); |
|
399 |
|
400 EAP_TRACE_DEBUG( |
|
401 m_am_tools, |
|
402 TRACE_FLAGS_DEFAULT, |
|
403 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iDSASigner->Release()\n"))); |
|
404 |
|
405 iDSASigner->Release(); // This seems to be needed. |
|
406 } |
|
407 |
|
408 // We have to cancel decrypting if it is ongoing. |
|
409 if(iDecryptor != 0) |
|
410 { |
|
411 EAP_TRACE_DEBUG( |
|
412 m_am_tools, |
|
413 TRACE_FLAGS_DEFAULT, |
|
414 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iDecryptor->CancelDecrypt()\n"))); |
|
415 |
|
416 iDecryptor->CancelDecrypt(); |
|
417 } |
|
418 |
|
419 if (iKeyStore != 0 && iKeyStore->IsActive()) |
|
420 { |
|
421 EAP_TRACE_DEBUG( |
|
422 m_am_tools, |
|
423 TRACE_FLAGS_DEFAULT, |
|
424 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iKeyStore->CancelOpen()\n"))); |
|
425 |
|
426 iKeyStore->CancelOpen(); |
|
427 |
|
428 EAP_TRACE_DEBUG( |
|
429 m_am_tools, |
|
430 TRACE_FLAGS_DEFAULT, |
|
431 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iKeyStore->Cancel()\n"))); |
|
432 |
|
433 iKeyStore->Cancel(); |
|
434 } |
|
435 |
|
436 if (iCertChain != 0) |
|
437 { |
|
438 EAP_TRACE_DEBUG( |
|
439 m_am_tools, |
|
440 TRACE_FLAGS_DEFAULT, |
|
441 (EAPL("CEapTlsPeapCertInterface::DoCancel(): calls iCertChain->CancelValidate()\n"))); |
|
442 |
|
443 iCertChain->CancelValidate(); |
|
444 } |
|
445 |
|
446 EAP_TRACE_DEBUG( |
|
447 m_am_tools, |
|
448 TRACE_FLAGS_DEFAULT, |
|
449 (EAPL("CEapTlsPeapCertInterface::DoCancel(): returns\n"))); |
|
450 |
|
451 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
452 } |
|
453 |
|
454 //-------------------------------------------------- |
|
455 |
|
456 void CEapTlsPeapCertInterface::SignL( |
|
457 TKeyIdentifier& aKeyId, |
|
458 const TDesC8& aHashIn, |
|
459 const TUint aSignatureLength) |
|
460 { |
|
461 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
462 iKeyIdentifier = aKeyId; |
|
463 if (aHashIn.Size() > KMaxHashLength) |
|
464 { |
|
465 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Illegal hash size to SignL.\n"))); |
|
466 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
467 User::Leave(KErrGeneral); |
|
468 } |
|
469 iHashIn.Copy(aHashIn); |
|
470 |
|
471 delete iSignature; |
|
472 iSignature = 0; |
|
473 |
|
474 // Allocate space for the signature |
|
475 iSignature = HBufC8::NewL(aSignatureLength); |
|
476 |
|
477 delete iSignaturePtr; |
|
478 iSignaturePtr = 0; |
|
479 |
|
480 iSignaturePtr = new(ELeave) TPtr8(iSignature->Des()); |
|
481 |
|
482 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("SignL: aKeyId"), |
|
483 aKeyId.Ptr(), |
|
484 aKeyId.Length())); |
|
485 |
|
486 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("SignL: aHashIn"), |
|
487 aHashIn.Ptr(), |
|
488 aHashIn.Length())); |
|
489 |
|
490 |
|
491 if (iKeyStore == 0) |
|
492 { |
|
493 // Try to get the keystore class pointer from memory store |
|
494 eap_variable_data_c key(m_am_tools); |
|
495 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
|
496 if (status != eap_status_ok) |
|
497 { |
|
498 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
499 User::Leave(KErrNoMemory); |
|
500 } |
|
501 status = key.add_data(KKeyStoreHandleKey, sizeof(KKeyStoreHandleKey)); |
|
502 if (status != eap_status_ok) |
|
503 { |
|
504 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
505 User::Leave(KErrNoMemory); |
|
506 } |
|
507 |
|
508 eap_tlv_message_data_c tlv_data(m_am_tools); |
|
509 |
|
510 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
|
511 if (status != eap_status_ok) |
|
512 { |
|
513 EAP_TRACE_DEBUG( |
|
514 m_am_tools, |
|
515 TRACE_FLAGS_DEFAULT, |
|
516 (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); |
|
517 |
|
518 |
|
519 // At this point we can set the passphrase timeout because it the passphrase |
|
520 // cache in the FS token server is still empty. Passphrase timeout setting clears |
|
521 // the cache. |
|
522 iState = ESignInitStore; |
|
523 |
|
524 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
|
525 iKeyStore->Initialize(iStatus); |
|
526 |
|
527 status = tlv_data.add_message_data( |
|
528 eap_type_tlspeap_stored_keystore_handle, |
|
529 sizeof(iKeyStore), |
|
530 &iKeyStore); |
|
531 if (status != eap_status_ok) |
|
532 { |
|
533 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
534 User::Leave(KErrNoMemory); |
|
535 } |
|
536 |
|
537 status = m_am_tools->memory_store_add_data( |
|
538 &key, |
|
539 &tlv_data, |
|
540 0); |
|
541 if (status != eap_status_ok) |
|
542 { |
|
543 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
544 User::Leave(KErrNoMemory); |
|
545 } |
|
546 } |
|
547 else |
|
548 { |
|
549 |
|
550 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
|
551 |
|
552 EAP_TRACE_DEBUG( |
|
553 m_am_tools, |
|
554 TRACE_FLAGS_DEFAULT, |
|
555 (EAPL("EAP_type_TLSPEAP: Found previous keystore handle.\n"))); |
|
556 |
|
557 // Parse read data. |
|
558 eap_array_c<eap_tlv_header_c> tlv_blocks(m_am_tools); |
|
559 |
|
560 status = tlv_data.parse_message_data(&tlv_blocks); |
|
561 if (status != eap_status_ok) |
|
562 { |
|
563 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
564 User::Leave(KErrGeneral); |
|
565 } |
|
566 |
|
567 if (tlv_blocks.get_object_count() > 0) |
|
568 { |
|
569 eap_tlv_header_c * const tlv = tlv_blocks.get_object(0); |
|
570 if (tlv != 0) |
|
571 { |
|
572 if (tlv->get_type() == eap_type_tlspeap_stored_keystore_handle) |
|
573 { |
|
574 iKeyStore = *(reinterpret_cast<CUnifiedKeyStore **>(tlv->get_value(tlv->get_value_length()))); |
|
575 |
|
576 // Skip passphrase setting because it clears the passphrase cache |
|
577 iState = ESetPassphraseTimeout; |
|
578 |
|
579 TRequestStatus* status = &iStatus; |
|
580 User::RequestComplete(status, KErrNone); |
|
581 |
|
582 } |
|
583 else |
|
584 { |
|
585 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
586 User::Leave(KErrGeneral); |
|
587 } |
|
588 } |
|
589 else |
|
590 { |
|
591 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
592 User::Leave(KErrGeneral); |
|
593 } |
|
594 } |
|
595 else |
|
596 { |
|
597 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
598 User::Leave(KErrGeneral); |
|
599 } |
|
600 } |
|
601 } |
|
602 else |
|
603 { |
|
604 // Skip passphrase setting because it clears the passphrase cache |
|
605 iState = ESetPassphraseTimeout; |
|
606 |
|
607 TRequestStatus* status = &iStatus; |
|
608 User::RequestComplete(status, KErrNone); |
|
609 } |
|
610 SetActive(); |
|
611 |
|
612 |
|
613 |
|
614 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
615 } |
|
616 |
|
617 //-------------------------------------------------- |
|
618 |
|
619 void CEapTlsPeapCertInterface::DecryptL( |
|
620 TKeyIdentifier& aKeyId, |
|
621 const TDesC8& aDataIn) |
|
622 { |
|
623 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
624 iKeyIdentifier = aKeyId; |
|
625 |
|
626 delete iDataIn; |
|
627 iDataIn = 0; |
|
628 delete iDataOut; |
|
629 iDataOut = 0; |
|
630 |
|
631 iDataIn = HBufC8::NewL(aDataIn.Length()); |
|
632 iDataOut = HBufC8::NewL(aDataIn.Length()); |
|
633 |
|
634 delete iPtrOut; |
|
635 iPtrOut = 0; |
|
636 |
|
637 iPtrOut = new(ELeave) TPtr8(iDataOut->Des()); |
|
638 TPtr8 ptrIn = iDataIn->Des(); |
|
639 |
|
640 ptrIn.Copy(aDataIn); |
|
641 |
|
642 iState = EDecryptInitStore; |
|
643 |
|
644 // Try to get the keystore handler class from memory store |
|
645 if (iKeyStore == 0) |
|
646 { |
|
647 // Try to get the keystore class pointer from memory store |
|
648 eap_variable_data_c key(m_am_tools); |
|
649 eap_status_e status = key.set_copy_of_buffer(KKeyStoreHandlePrefix, sizeof(KKeyStoreHandlePrefix)); |
|
650 if (status != eap_status_ok) |
|
651 { |
|
652 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
653 User::Leave(KErrNoMemory); |
|
654 } |
|
655 status = key.add_data(KKeyStoreHandleKey, sizeof(KKeyStoreHandleKey)); |
|
656 if (status != eap_status_ok) |
|
657 { |
|
658 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
659 User::Leave(KErrNoMemory); |
|
660 } |
|
661 |
|
662 eap_tlv_message_data_c tlv_data(m_am_tools); |
|
663 |
|
664 status = m_am_tools->memory_store_get_data(&key, &tlv_data); |
|
665 if (status != eap_status_ok) |
|
666 { |
|
667 EAP_TRACE_DEBUG( |
|
668 m_am_tools, |
|
669 TRACE_FLAGS_DEFAULT, |
|
670 (EAPL("EAP_type_TLSPEAP: cannot get previous keystore handle.\n"))); |
|
671 |
|
672 iKeyStore = CUnifiedKeyStore::NewL(iFs); |
|
673 iKeyStore->Initialize(iStatus); |
|
674 |
|
675 status = tlv_data.add_message_data( |
|
676 eap_type_tlspeap_stored_keystore_handle, |
|
677 sizeof(iKeyStore), |
|
678 &iKeyStore); |
|
679 if (status != eap_status_ok) |
|
680 { |
|
681 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
682 User::Leave(KErrNoMemory); |
|
683 } |
|
684 |
|
685 status = m_am_tools->memory_store_add_data( |
|
686 &key, |
|
687 &tlv_data, |
|
688 0); |
|
689 if (status != eap_status_ok) |
|
690 { |
|
691 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
692 User::Leave(KErrNoMemory); |
|
693 } |
|
694 } |
|
695 else |
|
696 { |
|
697 EAP_TRACE_DEBUG( |
|
698 m_am_tools, |
|
699 TRACE_FLAGS_DEFAULT, |
|
700 (EAPL("EAP_type_TLSPEAP: Found previous keystore handle.\n"))); |
|
701 |
|
702 // Parse read data. |
|
703 eap_array_c<eap_tlv_header_c> tlv_blocks(m_am_tools); |
|
704 |
|
705 status = tlv_data.parse_message_data(&tlv_blocks); |
|
706 if (status != eap_status_ok) |
|
707 { |
|
708 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
709 User::Leave(KErrGeneral); |
|
710 } |
|
711 |
|
712 if (tlv_blocks.get_object_count() > 0) |
|
713 { |
|
714 eap_tlv_header_c * const tlv = tlv_blocks.get_object(0); |
|
715 if (tlv != 0) |
|
716 { |
|
717 if (tlv->get_type() == eap_type_tlspeap_stored_keystore_handle) |
|
718 { |
|
719 iKeyStore = *(reinterpret_cast<CUnifiedKeyStore **>(tlv->get_value(tlv->get_value_length()))); |
|
720 |
|
721 TRequestStatus* status = &iStatus; |
|
722 User::RequestComplete(status, KErrNone); |
|
723 |
|
724 } |
|
725 else |
|
726 { |
|
727 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
728 User::Leave(KErrGeneral); |
|
729 } |
|
730 } |
|
731 else |
|
732 { |
|
733 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
734 User::Leave(KErrGeneral); |
|
735 } |
|
736 } |
|
737 else |
|
738 { |
|
739 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
740 User::Leave(KErrGeneral); |
|
741 } |
|
742 } |
|
743 } |
|
744 else |
|
745 { |
|
746 TRequestStatus* status = &iStatus; |
|
747 User::RequestComplete(status, KErrNone); |
|
748 } |
|
749 |
|
750 SetActive(); |
|
751 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
752 } |
|
753 |
|
754 //-------------------------------------------------- |
|
755 |
|
756 void CEapTlsPeapCertInterface::RunL() |
|
757 { |
|
758 EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
759 |
|
760 EAP_TRACE_DEBUG_SYMBIAN( |
|
761 (_L("CEapTlsPeapCertInterface::RunL(): TEMP iStatus=%d, iState=%d"), |
|
762 iStatus.Int(), iState)); |
|
763 |
|
764 EAP_TRACE_DEBUG( |
|
765 m_am_tools, |
|
766 TRACE_FLAGS_DEFAULT, |
|
767 (EAPL("CEapTlsPeapCertInterface::RunL(): iStatus %d\n"), |
|
768 iStatus.Int())); |
|
769 |
|
770 if (!(iStatus.Int() == KErrNone)) |
|
771 { |
|
772 EAP_TRACE_ERROR( |
|
773 m_am_tools, |
|
774 TRACE_FLAGS_DEFAULT, |
|
775 (EAPL("ERROR: EAP-TLS certificate interface failed: %d.\n"), |
|
776 iStatus.Int())); |
|
777 iParent->SendErrorNotification(eap_status_user_cancel_authentication); |
|
778 |
|
779 if(iState == ESignOpenKeyStore) |
|
780 { |
|
781 // User probably cancelled the keystore password query. |
|
782 |
|
783 EAP_TRACE_DEBUG_SYMBIAN( |
|
784 (_L("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore Failed"))); |
|
785 |
|
786 if(iRSASigner != NULL) |
|
787 { |
|
788 iRSASigner->Release(); |
|
789 |
|
790 EAP_TRACE_DEBUG_SYMBIAN( |
|
791 (_L("CEapTlsPeapCertInterface::RunL(): iRSASigner->Release() OK"))); |
|
792 |
|
793 } |
|
794 |
|
795 if(iDSASigner != NULL) |
|
796 { |
|
797 iDSASigner->Release(); |
|
798 |
|
799 EAP_TRACE_DEBUG_SYMBIAN( |
|
800 (_L("CEapTlsPeapCertInterface::RunL(): iDSASigner->Release() OK"))); |
|
801 } |
|
802 } |
|
803 |
|
804 return; |
|
805 } |
|
806 |
|
807 switch (iState) |
|
808 { |
|
809 |
|
810 case EGetMatchingCertsInitStore: |
|
811 { |
|
812 EAP_TRACE_DEBUG( |
|
813 m_am_tools, |
|
814 TRACE_FLAGS_DEFAULT, |
|
815 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitStore\n"))); |
|
816 |
|
817 // Set up filter |
|
818 delete iCertFilter; |
|
819 iCertFilter = 0; |
|
820 |
|
821 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
822 { |
|
823 iCertInfos[i]->Release(); |
|
824 } |
|
825 iCertInfos.Reset(); |
|
826 |
|
827 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
|
828 if (err != KErrNone) |
|
829 { |
|
830 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
831 |
|
832 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
833 |
|
834 m_am_tools->enter_global_mutex(); |
|
835 |
|
836 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
837 |
|
838 m_am_tools->leave_global_mutex(); |
|
839 break; |
|
840 } |
|
841 |
|
842 iCertFilter->SetFormat(EX509Certificate); |
|
843 iCertFilter->SetOwnerType(EUserCertificate); |
|
844 |
|
845 iState = EGetMatchingCertsInitialize; |
|
846 iCertStore->List( |
|
847 iCertInfos, |
|
848 *iCertFilter, |
|
849 iStatus); |
|
850 SetActive(); |
|
851 |
|
852 } |
|
853 break; |
|
854 |
|
855 case EGetMatchingCertsInitialize: |
|
856 { |
|
857 EAP_TRACE_DEBUG( |
|
858 m_am_tools, |
|
859 TRACE_FLAGS_DEFAULT, |
|
860 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize, Total Certs: iCertInfos.Count()=%d\n"), |
|
861 iCertInfos.Count())); |
|
862 |
|
863 iMatchingUserCertInfos.Reset(); |
|
864 |
|
865 // Remove non-allowed |
|
866 TInt i(0); |
|
867 TInt j(0); |
|
868 for (i = 0; i < iCertInfos.Count(); i++) |
|
869 { |
|
870 for (j = 0; j < iAllowedUserCerts.Count(); j++) |
|
871 { |
|
872 if ( (iCertInfos[i]->Label().Compare(iAllowedUserCerts[j].iLabel) == 0 |
|
873 || iCertInfos[i]->Label().Length() == 0 |
|
874 || iAllowedUserCerts[j].iLabel.Length() == 0) |
|
875 && iCertInfos[i]->SubjectKeyId() == iAllowedUserCerts[j].iSubjectKeyId) |
|
876 { |
|
877 |
|
878 EAP_TRACE_DEBUG( |
|
879 m_am_tools, |
|
880 TRACE_FLAGS_DEFAULT, |
|
881 (EAPL("RunL(): EGetMatchingCertsInitialize, Found a Matching USER cert\n"))); |
|
882 |
|
883 EAP_TRACE_DEBUG( |
|
884 m_am_tools, |
|
885 TRACE_FLAGS_DEFAULT, |
|
886 (EAPL("RunL(): EGetMatchingCertsInitialize,Label of matching cert=%S\n"), |
|
887 &(iCertInfos[i]->Label()))); |
|
888 |
|
889 EAP_TRACE_DATA_DEBUG_SYMBIAN(("RunL(): EGetMatchingCertsInitialize,SubjectkeyID of matching cert", |
|
890 iCertInfos[i]->SubjectKeyId().Ptr(), iCertInfos[i]->SubjectKeyId().Size())); |
|
891 |
|
892 break; |
|
893 } |
|
894 } |
|
895 if (j == iAllowedUserCerts.Count()) |
|
896 { |
|
897 // Not allowed -> remove |
|
898 iCertInfos.Remove(i); |
|
899 i--; |
|
900 } |
|
901 } |
|
902 if (iCertInfos.Count() == 0) |
|
903 { |
|
904 EAP_TRACE_DEBUG( |
|
905 m_am_tools, |
|
906 TRACE_FLAGS_DEFAULT, |
|
907 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsInitialize - No matching Certificates.\n"))); |
|
908 |
|
909 // No matching certs |
|
910 |
|
911 CArrayFixFlat<SCertEntry>* tmp = NULL; |
|
912 |
|
913 TRAPD(err, tmp = new (ELeave) CArrayFixFlat<SCertEntry>(1) ); |
|
914 if (tmp == 0 || err != KErrNone) |
|
915 { |
|
916 // Timeout handles error situation |
|
917 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
918 } |
|
919 |
|
920 m_am_tools->enter_global_mutex(); |
|
921 |
|
922 iParent->complete_get_matching_certificates(*tmp, eap_status_illegal_certificate); //Failure |
|
923 |
|
924 m_am_tools->leave_global_mutex(); |
|
925 |
|
926 delete tmp; |
|
927 break; |
|
928 } |
|
929 |
|
930 // Get the first certificate |
|
931 iUserCertIndex = 0; |
|
932 |
|
933 iMatchingUserCerts.ResetAndDestroy(); |
|
934 |
|
935 iState = EGetMatchingCertsLoop; |
|
936 |
|
937 iEncodedCertificate->Des().SetLength(0); |
|
938 |
|
939 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
|
940 if (err != KErrNone) |
|
941 { |
|
942 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
943 |
|
944 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
945 |
|
946 m_am_tools->enter_global_mutex(); |
|
947 |
|
948 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
949 |
|
950 m_am_tools->leave_global_mutex(); |
|
951 |
|
952 break; |
|
953 } |
|
954 |
|
955 iCertPtr.Set(iEncodedCertificate->Des()); |
|
956 |
|
957 iCertStore->Retrieve( |
|
958 *(iCertInfos[iUserCertIndex]), |
|
959 iCertPtr, |
|
960 iStatus); |
|
961 |
|
962 SetActive(); |
|
963 } |
|
964 break; |
|
965 |
|
966 case EGetMatchingCertsLoop: |
|
967 { |
|
968 EAP_TRACE_DEBUG( |
|
969 m_am_tools, |
|
970 TRACE_FLAGS_DEFAULT, |
|
971 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetMatchingCertsLoop\n"))); |
|
972 |
|
973 CX509Certificate* cert = 0; |
|
974 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
975 if (err != KErrNone || cert == 0) |
|
976 { |
|
977 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
978 |
|
979 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
980 |
|
981 m_am_tools->enter_global_mutex(); |
|
982 |
|
983 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
984 |
|
985 m_am_tools->leave_global_mutex(); |
|
986 |
|
987 break; |
|
988 } |
|
989 |
|
990 if (iMatchingUserCerts.Append(cert) != KErrNone) |
|
991 { |
|
992 delete cert; |
|
993 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
994 |
|
995 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
996 |
|
997 m_am_tools->enter_global_mutex(); |
|
998 |
|
999 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
1000 |
|
1001 m_am_tools->leave_global_mutex(); |
|
1002 |
|
1003 break; |
|
1004 } |
|
1005 |
|
1006 // No need to validate iCertInfos here as the execution doesn't come to this case if iCertInfos |
|
1007 // is empty, check is done in the above case. |
|
1008 |
|
1009 SCertEntry entry; |
|
1010 entry.iLabel.Copy(iCertInfos[iUserCertIndex]->Label()); |
|
1011 entry.iSubjectKeyId = iCertInfos[iUserCertIndex]->SubjectKeyId(); |
|
1012 |
|
1013 TRAP(err, iMatchingUserCertInfos.AppendL(entry)); |
|
1014 if (err != KErrNone) |
|
1015 { |
|
1016 EAP_TRACE_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1017 |
|
1018 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
1019 |
|
1020 m_am_tools->enter_global_mutex(); |
|
1021 |
|
1022 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
1023 |
|
1024 m_am_tools->leave_global_mutex(); |
|
1025 |
|
1026 break; |
|
1027 } |
|
1028 |
|
1029 iUserCertIndex++; |
|
1030 |
|
1031 if (iUserCertIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
1032 { |
|
1033 // Check each item in iMatchingUserCerts against filters |
|
1034 TInt i(0); |
|
1035 |
|
1036 // CA filter |
|
1037 if (iUseCertAuthoritiesFilter) |
|
1038 { |
|
1039 for (i = 0; i < iMatchingUserCerts.Count(); i++) |
|
1040 { |
|
1041 const CX500DistinguishedName& dn = iMatchingUserCerts[i]->IssuerName(); |
|
1042 |
|
1043 TInt j(0); |
|
1044 |
|
1045 for (j = 0; j < iCertAuthorities.Count(); j++) |
|
1046 { |
|
1047 if (dn.ExactMatchL(*iCertAuthorities[j])) |
|
1048 { |
|
1049 // Matches |
|
1050 break; |
|
1051 } |
|
1052 } |
|
1053 if (j == iCertAuthorities.Count()) |
|
1054 { |
|
1055 // No match. Remove |
|
1056 delete iMatchingUserCerts[i]; |
|
1057 iMatchingUserCerts.Remove(i); |
|
1058 iMatchingUserCertInfos.Delete(i); |
|
1059 i--; |
|
1060 |
|
1061 EAP_TRACE_DEBUG( |
|
1062 m_am_tools, |
|
1063 TRACE_FLAGS_DEFAULT, |
|
1064 (EAPL("RunL(): EGetMatchingCertsLoop Using CertAuthoritiesFilter - no distinguished name matching - Matching cert removed\n"))); |
|
1065 } |
|
1066 } |
|
1067 } |
|
1068 // Check Certificate types |
|
1069 if (iUseCertTypesFilter) |
|
1070 { |
|
1071 for (i = 0; i < (TInt) iMatchingUserCerts.Count(); i++) |
|
1072 { |
|
1073 // Get the public key algorithm |
|
1074 const CSubjectPublicKeyInfo& public_key = iMatchingUserCerts[i]->PublicKey(); |
|
1075 TAlgorithmId algorithm = public_key.AlgorithmId(); |
|
1076 |
|
1077 TUint j(0); |
|
1078 for (j = 0; j < iCertTypes->get_object_count(); j++) |
|
1079 { |
|
1080 u8_t* val = iCertTypes->get_object(j); |
|
1081 if (algorithm == ERSA |
|
1082 && (*val == ERSASign |
|
1083 || *val == ERSASignWithFixedDH |
|
1084 || *val == ERSASignWithEphemeralDH)) |
|
1085 { |
|
1086 break; |
|
1087 } |
|
1088 if (algorithm == EDSA |
|
1089 && (*val == EDSASign |
|
1090 || *val == EDSASignWithFixedDH |
|
1091 || *val == EDSASignWithEphemeralDH)) |
|
1092 { |
|
1093 break; |
|
1094 } |
|
1095 } |
|
1096 if (j == iCertTypes->get_object_count()) |
|
1097 { |
|
1098 // No match. Remove |
|
1099 delete iMatchingUserCerts[i]; |
|
1100 iMatchingUserCerts.Remove(i); |
|
1101 iMatchingUserCertInfos.Delete(i); |
|
1102 i--; |
|
1103 |
|
1104 EAP_TRACE_DEBUG( |
|
1105 m_am_tools, |
|
1106 TRACE_FLAGS_DEFAULT, |
|
1107 (EAPL("RunL(): EGetMatchingCertsLoop Using CertTypesFilter - Public key algorithm(%d) or Signing methods NOT matching - Matching cert removed\n"), |
|
1108 algorithm)); |
|
1109 } |
|
1110 |
|
1111 } |
|
1112 } |
|
1113 // Check cipher suites |
|
1114 if (iUseAllowedCipherSuitesFilter) |
|
1115 { |
|
1116 for (i = 0; i < static_cast<TUint> (iMatchingUserCerts.Count()); i++) |
|
1117 { |
|
1118 // Get the public key algorithm |
|
1119 const CSubjectPublicKeyInfo& public_key = iMatchingUserCerts[i]->PublicKey(); |
|
1120 TAlgorithmId algorithm = public_key.AlgorithmId(); |
|
1121 |
|
1122 // IF it is RSA certificate that is not allowed |
|
1123 if (algorithm == ERSA && iRSACertsAllowed == EFalse |
|
1124 // OR it is DSA certificate that is not allowed |
|
1125 || (algorithm == EDSA && iDSACertsAllowed == EFalse) |
|
1126 // OR it is some other type |
|
1127 || (algorithm != ERSA && algorithm != EDSA)) |
|
1128 { |
|
1129 // No match. Remove |
|
1130 delete iMatchingUserCerts[i]; |
|
1131 iMatchingUserCerts.Remove(i); |
|
1132 iMatchingUserCertInfos.Delete(i); |
|
1133 i--; |
|
1134 |
|
1135 EAP_TRACE_DEBUG( |
|
1136 m_am_tools, |
|
1137 TRACE_FLAGS_DEFAULT, |
|
1138 (EAPL("RunL(): EGetMatchingCertsLoop Using AllowedCipherSuitesFilter - Cert is NOT allowed (RSACertsAllowed=%d,DSACertsAllowed=%d) for this Public key algorithm(%d) - Matching cert removed\n"), |
|
1139 iRSACertsAllowed, iDSACertsAllowed, algorithm)); |
|
1140 } |
|
1141 } |
|
1142 } |
|
1143 // Return the certificates. |
|
1144 m_am_tools->enter_global_mutex(); |
|
1145 |
|
1146 iParent->complete_get_matching_certificates(iMatchingUserCertInfos, eap_status_ok); |
|
1147 |
|
1148 m_am_tools->leave_global_mutex(); |
|
1149 } |
|
1150 else |
|
1151 { |
|
1152 |
|
1153 iState = EGetMatchingCertsLoop; |
|
1154 |
|
1155 iEncodedCertificate->Des().SetLength(0); |
|
1156 |
|
1157 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(iCertInfos[iUserCertIndex]->Size())); |
|
1158 if (err != KErrNone) |
|
1159 { |
|
1160 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1161 |
|
1162 CArrayFixFlat<SCertEntry> tmp(sizeof(SCertEntry)); |
|
1163 |
|
1164 m_am_tools->enter_global_mutex(); |
|
1165 |
|
1166 iParent->complete_get_matching_certificates(tmp, eap_status_allocation_error); //Failure |
|
1167 |
|
1168 m_am_tools->leave_global_mutex(); |
|
1169 |
|
1170 break; |
|
1171 } |
|
1172 |
|
1173 iCertPtr.Set(iEncodedCertificate->Des()); |
|
1174 |
|
1175 iCertStore->Retrieve( |
|
1176 *(iCertInfos[iUserCertIndex]), |
|
1177 iCertPtr, |
|
1178 iStatus); |
|
1179 |
|
1180 SetActive(); |
|
1181 } |
|
1182 } |
|
1183 break; |
|
1184 |
|
1185 case EReadCertInitStore: |
|
1186 { |
|
1187 EAP_TRACE_DEBUG( |
|
1188 m_am_tools, |
|
1189 TRACE_FLAGS_DEFAULT, |
|
1190 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCertInitStore\n"))); |
|
1191 |
|
1192 // Set up filter |
|
1193 delete iCertFilter; |
|
1194 iCertFilter = 0; |
|
1195 |
|
1196 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
1197 { |
|
1198 iCertInfos[i]->Release(); |
|
1199 } |
|
1200 iCertInfos.Reset(); |
|
1201 |
|
1202 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
|
1203 if (err != KErrNone || iCertFilter == 0) |
|
1204 { |
|
1205 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1206 |
|
1207 RPointerArray<CX509Certificate> tmp; |
|
1208 |
|
1209 m_am_tools->enter_global_mutex(); |
|
1210 |
|
1211 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1212 |
|
1213 m_am_tools->leave_global_mutex(); |
|
1214 |
|
1215 break; |
|
1216 } |
|
1217 |
|
1218 iCertFilter->SetFormat(EX509Certificate); |
|
1219 iCertFilter->SetOwnerType(EUserCertificate); |
|
1220 iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); |
|
1221 if (iCertInfo.iLabel.Size()>0) |
|
1222 iCertFilter->SetLabel(iCertInfo.iLabel); // We can not use Label in the filter as certificates saved |
|
1223 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
|
1224 |
|
1225 iState = EReadCertList; |
|
1226 iCertStore->List( |
|
1227 iCertInfos, |
|
1228 *iCertFilter, |
|
1229 iStatus); |
|
1230 SetActive(); |
|
1231 |
|
1232 } |
|
1233 break; |
|
1234 |
|
1235 case EReadCertList: |
|
1236 { |
|
1237 EAP_TRACE_DEBUG( |
|
1238 m_am_tools, |
|
1239 TRACE_FLAGS_DEFAULT, |
|
1240 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCertList\n"))); |
|
1241 |
|
1242 // Now we should have all the cert infos in iCertInfos. |
|
1243 if (iCertInfos.Count() == 0) |
|
1244 { |
|
1245 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCertList iCertInfos.Count = 0.\n"))); |
|
1246 |
|
1247 RPointerArray<CX509Certificate> tmp; |
|
1248 |
|
1249 m_am_tools->enter_global_mutex(); |
|
1250 |
|
1251 iParent->complete_read_own_certificate(tmp, eap_status_illegal_certificate); //Failure |
|
1252 |
|
1253 m_am_tools->leave_global_mutex(); |
|
1254 |
|
1255 break; |
|
1256 } |
|
1257 |
|
1258 // Just take the first found certificate |
|
1259 CCTCertInfo* info; |
|
1260 info = iCertInfos[0]; |
|
1261 |
|
1262 iState = EReadCert; |
|
1263 |
|
1264 iEncodedCertificate->Des().SetLength(0); |
|
1265 |
|
1266 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
1267 if (err != KErrNone) |
|
1268 { |
|
1269 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1270 |
|
1271 RPointerArray<CX509Certificate> tmp; |
|
1272 |
|
1273 m_am_tools->enter_global_mutex(); |
|
1274 |
|
1275 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1276 |
|
1277 m_am_tools->leave_global_mutex(); |
|
1278 |
|
1279 break; |
|
1280 } |
|
1281 |
|
1282 iCertPtr.Set(iEncodedCertificate->Des()); |
|
1283 |
|
1284 iCertStore->Retrieve( |
|
1285 *info, |
|
1286 iCertPtr, |
|
1287 iStatus); |
|
1288 |
|
1289 SetActive(); |
|
1290 } |
|
1291 break; |
|
1292 case EReadCert: |
|
1293 { |
|
1294 EAP_TRACE_DEBUG( |
|
1295 m_am_tools, |
|
1296 TRACE_FLAGS_DEFAULT, |
|
1297 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCert\n"))); |
|
1298 |
|
1299 CX509Certificate* cert = 0; |
|
1300 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
1301 if (err != KErrNone) |
|
1302 { |
|
1303 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1304 |
|
1305 RPointerArray<CX509Certificate> tmp; |
|
1306 |
|
1307 m_am_tools->enter_global_mutex(); |
|
1308 |
|
1309 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1310 |
|
1311 m_am_tools->leave_global_mutex(); |
|
1312 |
|
1313 break; |
|
1314 } |
|
1315 |
|
1316 iUserCertChain.ResetAndDestroy(); |
|
1317 if (iUserCertChain.Append(cert) != KErrNone) |
|
1318 { |
|
1319 delete cert; |
|
1320 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1321 |
|
1322 RPointerArray<CX509Certificate> tmp; |
|
1323 |
|
1324 m_am_tools->enter_global_mutex(); |
|
1325 |
|
1326 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1327 |
|
1328 m_am_tools->leave_global_mutex(); |
|
1329 |
|
1330 break; |
|
1331 } |
|
1332 |
|
1333 EAP_TRACE_DEBUG( |
|
1334 m_am_tools, |
|
1335 TRACE_FLAGS_DEFAULT, |
|
1336 (EAPL("CEapTlsPeapCertInterface::RunL()-EReadCert: iRetrieveChain=%d\n"), |
|
1337 iRetrieveChain)); |
|
1338 if (iRetrieveChain) |
|
1339 { |
|
1340 // Init Symbian store for cert fetching |
|
1341 iState = ERetrieveChainInitStore; |
|
1342 if (iCertStore == 0) |
|
1343 { |
|
1344 iCertStore = CUnifiedCertStore::NewL(iFs, false); |
|
1345 iCertStore->Initialize(iStatus); |
|
1346 } |
|
1347 else |
|
1348 { |
|
1349 TRequestStatus* status = &iStatus; |
|
1350 User::RequestComplete(status, KErrNone); |
|
1351 } |
|
1352 SetActive(); |
|
1353 break; |
|
1354 } |
|
1355 |
|
1356 // Note that parent handles cert deletion from now on. |
|
1357 iParent->complete_read_own_certificate(iUserCertChain, eap_status_ok); |
|
1358 } |
|
1359 break; |
|
1360 |
|
1361 case ERetrieveChainInitStore: |
|
1362 { |
|
1363 EAP_TRACE_DEBUG( |
|
1364 m_am_tools, |
|
1365 TRACE_FLAGS_DEFAULT, |
|
1366 (EAPL("CEapTlsPeapCertInterface::RunL(): ERetrieveChainInitStore\n"))); |
|
1367 |
|
1368 // List all certificates |
|
1369 delete iCertFilter; |
|
1370 iCertFilter = 0; |
|
1371 |
|
1372 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
1373 { |
|
1374 iCertInfos[i]->Release(); |
|
1375 } |
|
1376 iCertInfos.Reset(); |
|
1377 |
|
1378 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
|
1379 if (err != KErrNone) |
|
1380 { |
|
1381 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1382 |
|
1383 RPointerArray<CX509Certificate> tmp; |
|
1384 |
|
1385 m_am_tools->enter_global_mutex(); |
|
1386 |
|
1387 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1388 |
|
1389 m_am_tools->leave_global_mutex(); |
|
1390 |
|
1391 break; |
|
1392 } |
|
1393 |
|
1394 iCertFilter->SetFormat(EX509Certificate); |
|
1395 iCertFilter->SetOwnerType(ECACertificate); |
|
1396 |
|
1397 EAP_TRACE_DEBUG( |
|
1398 m_am_tools, |
|
1399 TRACE_FLAGS_DEFAULT, |
|
1400 (EAPL("CEapTlsPeapCertInterface::RunL(): For chain init store, we need CA certificates only\n"))); |
|
1401 |
|
1402 iState = EGetAllCerts; |
|
1403 iCertStore->List( |
|
1404 iCertInfos, |
|
1405 *iCertFilter, |
|
1406 iStatus); |
|
1407 SetActive(); |
|
1408 } |
|
1409 break; |
|
1410 |
|
1411 case EGetAllCerts: |
|
1412 { |
|
1413 EAP_TRACE_DEBUG( |
|
1414 m_am_tools, |
|
1415 TRACE_FLAGS_DEFAULT, |
|
1416 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetAllCerts\n"))); |
|
1417 |
|
1418 // Now we should have all the cert infos in iCertInfos. |
|
1419 |
|
1420 iRootCerts.ResetAndDestroy(); |
|
1421 |
|
1422 // Validate iCertInfos before using it. |
|
1423 if (iCertInfos.Count() == 0) |
|
1424 { |
|
1425 EAP_TRACE_DEBUG( |
|
1426 m_am_tools, |
|
1427 TRACE_FLAGS_DEFAULT, |
|
1428 (EAPL("CEapTlsPeapCertInterface::RunL(): EGetAllCerts - No matching Certificates.\n"))); |
|
1429 |
|
1430 // No matching certs. The authentication should fail now. So complete the request with an |
|
1431 // empty chain. |
|
1432 |
|
1433 iUserCertChain.ResetAndDestroy(); |
|
1434 |
|
1435 m_am_tools->enter_global_mutex(); |
|
1436 |
|
1437 // Note that parent handles cert deletion from now on. |
|
1438 iParent->complete_read_own_certificate(iUserCertChain, eap_status_illegal_certificate); |
|
1439 |
|
1440 m_am_tools->leave_global_mutex(); |
|
1441 |
|
1442 break; |
|
1443 } |
|
1444 |
|
1445 CCTCertInfo* info; |
|
1446 info = iCertInfos[0]; |
|
1447 iCAIndex = 0; |
|
1448 |
|
1449 iState = ECreateCertChain; |
|
1450 |
|
1451 iEncodedCertificate->Des().SetLength(0); |
|
1452 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
1453 if (err != KErrNone) |
|
1454 { |
|
1455 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1456 |
|
1457 RPointerArray<CX509Certificate> tmp; |
|
1458 |
|
1459 m_am_tools->enter_global_mutex(); |
|
1460 |
|
1461 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1462 |
|
1463 m_am_tools->leave_global_mutex(); |
|
1464 |
|
1465 break; |
|
1466 } |
|
1467 |
|
1468 iCertPtr.Set(iEncodedCertificate->Des()); |
|
1469 |
|
1470 iCertStore->Retrieve( |
|
1471 *info, |
|
1472 iCertPtr, |
|
1473 iStatus); |
|
1474 |
|
1475 SetActive(); |
|
1476 } |
|
1477 break; |
|
1478 |
|
1479 case ECreateCertChain: |
|
1480 { |
|
1481 EAP_TRACE_DEBUG( |
|
1482 m_am_tools, |
|
1483 TRACE_FLAGS_DEFAULT, |
|
1484 (EAPL("CEapTlsPeapCertInterface::RunL(): ECreateCertChain\n"))); |
|
1485 |
|
1486 CX509Certificate* cert = 0; |
|
1487 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
1488 if (err != KErrNone || cert == 0) |
|
1489 { |
|
1490 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1491 |
|
1492 RPointerArray<CX509Certificate> tmp; |
|
1493 |
|
1494 m_am_tools->enter_global_mutex(); |
|
1495 |
|
1496 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1497 |
|
1498 m_am_tools->leave_global_mutex(); |
|
1499 |
|
1500 break; |
|
1501 } |
|
1502 |
|
1503 #if defined(_DEBUG) || defined(DEBUG) |
|
1504 |
|
1505 // No need to validate iCertInfos in here as it is done in case: EGetAllCerts |
|
1506 CCTCertInfo* tempInfo; |
|
1507 tempInfo = iCertInfos[iCAIndex]; |
|
1508 |
|
1509 // These are for the trace debug. |
|
1510 TCertLabel label = tempInfo->Label(); |
|
1511 TKeyIdentifier KeyIdentifier = tempInfo->SubjectKeyId(); |
|
1512 TKeyIdentifier IssuerId = tempInfo->IssuerKeyId(); |
|
1513 TCertificateFormat format = tempInfo->CertificateFormat(); |
|
1514 TCertificateOwnerType ownerType = tempInfo->CertificateOwnerType(); |
|
1515 |
|
1516 EAP_TRACE_DEBUG_SYMBIAN((_L("\n CEapTlsPeapCertInterface::RunL() : About to retrieve Cert with details, Label = %S"), &label)); |
|
1517 EAP_TRACE_DEBUG_SYMBIAN((_L("Other detials- Format=%d, Owner type=%d, IsDeletable=%d, Type UID=%d"), |
|
1518 format, ownerType, tempInfo->IsDeletable(), tempInfo->Type())); |
|
1519 |
|
1520 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Subject key Id is"), |
|
1521 KeyIdentifier.Ptr(), |
|
1522 KeyIdentifier.Size())); |
|
1523 |
|
1524 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("Issuer Id is"), |
|
1525 IssuerId.Ptr(), |
|
1526 IssuerId.Size())); |
|
1527 |
|
1528 EAP_TRACE_DEBUG( |
|
1529 m_am_tools, |
|
1530 TRACE_FLAGS_DEFAULT, |
|
1531 (EAPL("CEapTlsPeapCertInterface::RunL()- NEW subject key id stuff\n"))); |
|
1532 |
|
1533 if( cert != NULL ) |
|
1534 { |
|
1535 const CX509CertExtension* certExt = cert->Extension(KSubjectKeyId); |
|
1536 |
|
1537 if (certExt) |
|
1538 { |
|
1539 const CX509SubjectKeyIdExt* subKeyExt = CX509SubjectKeyIdExt::NewLC(certExt->Data()); |
|
1540 EAP_UNREFERENCED_PARAMETER(subKeyExt); |
|
1541 |
|
1542 EAP_TRACE_DATA_DEBUG(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("NEW Subject key Id is:"), |
|
1543 subKeyExt->KeyId().Ptr(), |
|
1544 subKeyExt->KeyId().Size())); |
|
1545 |
|
1546 CleanupStack::PopAndDestroy(); // subKeyIdExt |
|
1547 } |
|
1548 else |
|
1549 { |
|
1550 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("WARNING: No extension for this certificate\n"))); |
|
1551 } |
|
1552 } |
|
1553 else |
|
1554 { |
|
1555 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: No Certs here!\n"))); |
|
1556 } |
|
1557 |
|
1558 #endif |
|
1559 |
|
1560 |
|
1561 // Signal completition |
|
1562 if (iRootCerts.Append(cert) != KErrNone) |
|
1563 { |
|
1564 delete cert; |
|
1565 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1566 |
|
1567 RPointerArray<CX509Certificate> tmp; |
|
1568 |
|
1569 m_am_tools->enter_global_mutex(); |
|
1570 |
|
1571 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1572 |
|
1573 m_am_tools->leave_global_mutex(); |
|
1574 |
|
1575 break; |
|
1576 } |
|
1577 |
|
1578 EAP_TRACE_DEBUG( |
|
1579 m_am_tools, |
|
1580 TRACE_FLAGS_DEFAULT, |
|
1581 (EAPL("CEapTlsPeapCertInterface::RunL()-ECreateCertChain: iCAIndex=%d, iRootCerts.Count()=%d, iUserCertChain.Count()= %d, iCertInfos-count=%d\n"), |
|
1582 iCAIndex, iRootCerts.Count(), iUserCertChain.Count(), iCertInfos.Count())); |
|
1583 |
|
1584 iCAIndex++; |
|
1585 if (iCAIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
1586 { |
|
1587 if(iUserCertChain.Count() == 0) |
|
1588 { |
|
1589 iParent->complete_read_own_certificate(iUserCertChain, eap_status_ca_certificate_unknown); |
|
1590 break; |
|
1591 } |
|
1592 |
|
1593 // We got all. Validate. |
|
1594 TInt i(0); |
|
1595 for (i = 0; i < iRootCerts.Count(); i++) |
|
1596 { |
|
1597 if (iUserCertChain[iUserCertChain.Count()-1]->IsSelfSignedL()) |
|
1598 { |
|
1599 // The last cert in chain is self-signed. Our chain is ready. |
|
1600 |
|
1601 EAP_TRACE_DEBUG( |
|
1602 m_am_tools, |
|
1603 TRACE_FLAGS_DEFAULT, |
|
1604 (EAPL("CEapTlsPeapCertInterface::RunL()-ECreateCertChain: The last cert in chain is self-signed\n"))); |
|
1605 |
|
1606 break; |
|
1607 } |
|
1608 if (iUserCertChain[iUserCertChain.Count()-1]->IssuerName().ExactMatchL(iRootCerts[i]->SubjectName())) |
|
1609 { |
|
1610 // DNs match. Check signature. |
|
1611 if (iUserCertChain[iUserCertChain.Count()-1]->PublicKey().AlgorithmId() != iRootCerts[i]->PublicKey().AlgorithmId()) |
|
1612 { |
|
1613 // The algorithms differ. |
|
1614 continue; |
|
1615 } |
|
1616 CDSAParameters* dsaParams = 0; |
|
1617 CSigningKeyParameters* signParams = 0; |
|
1618 |
|
1619 if (iUserCertChain[iUserCertChain.Count()-1]->PublicKey().AlgorithmId() == EDSA) |
|
1620 { |
|
1621 // DSA signing |
|
1622 const CSubjectPublicKeyInfo& key = iRootCerts[i]->PublicKey(); |
|
1623 const TPtrC8 params = key.EncodedParams(); |
|
1624 |
|
1625 TRAPD(err, dsaParams = CX509DSAPublicKey::DSAParametersL(params)); |
|
1626 if (err != KErrNone) |
|
1627 { |
|
1628 |
|
1629 RPointerArray<CX509Certificate> tmp; |
|
1630 m_am_tools->enter_global_mutex(); |
|
1631 |
|
1632 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1633 |
|
1634 m_am_tools->leave_global_mutex(); |
|
1635 |
|
1636 return; |
|
1637 } |
|
1638 |
|
1639 TRAP(err, signParams = CSigningKeyParameters::NewL()); |
|
1640 if (err != KErrNone) |
|
1641 { |
|
1642 RPointerArray<CX509Certificate> tmp; |
|
1643 |
|
1644 m_am_tools->enter_global_mutex(); |
|
1645 |
|
1646 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1647 |
|
1648 m_am_tools->leave_global_mutex(); |
|
1649 |
|
1650 delete dsaParams; |
|
1651 return; |
|
1652 } |
|
1653 TRAP(err, signParams->SetDSAParamsL(*dsaParams)); |
|
1654 if (err != KErrNone) |
|
1655 { |
|
1656 RPointerArray<CX509Certificate> tmp; |
|
1657 |
|
1658 m_am_tools->enter_global_mutex(); |
|
1659 |
|
1660 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1661 |
|
1662 m_am_tools->leave_global_mutex(); |
|
1663 |
|
1664 delete dsaParams; |
|
1665 delete signParams; |
|
1666 return; |
|
1667 } |
|
1668 |
|
1669 TRAP(err, iUserCertChain[iUserCertChain.Count()-1]->SetParametersL(*signParams)); |
|
1670 if (err != KErrNone) |
|
1671 { |
|
1672 RPointerArray<CX509Certificate> tmp; |
|
1673 m_am_tools->enter_global_mutex(); |
|
1674 |
|
1675 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1676 |
|
1677 m_am_tools->leave_global_mutex(); |
|
1678 |
|
1679 delete dsaParams; |
|
1680 delete signParams; |
|
1681 return; |
|
1682 } |
|
1683 } |
|
1684 |
|
1685 if (iUserCertChain[iUserCertChain.Count()-1]->VerifySignatureL(iRootCerts[i]->PublicKey().KeyData())) |
|
1686 { |
|
1687 // This is the next item in the chain. |
|
1688 if (iUserCertChain.Append(iRootCerts[i]) != KErrNone) |
|
1689 { |
|
1690 delete dsaParams; |
|
1691 delete signParams; |
|
1692 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1693 RPointerArray<CX509Certificate> tmp; |
|
1694 |
|
1695 m_am_tools->enter_global_mutex(); |
|
1696 |
|
1697 iParent->complete_read_own_certificate(tmp, eap_status_allocation_error); //Failure |
|
1698 |
|
1699 m_am_tools->leave_global_mutex(); |
|
1700 |
|
1701 return; |
|
1702 } |
|
1703 // Remove the copied pointer from original list |
|
1704 iRootCerts.Remove(i); |
|
1705 i--; |
|
1706 } |
|
1707 // delete all |
|
1708 delete dsaParams; |
|
1709 delete signParams; |
|
1710 } |
|
1711 } |
|
1712 |
|
1713 iRootCerts.ResetAndDestroy(); |
|
1714 |
|
1715 // The chain is complete |
|
1716 m_am_tools->enter_global_mutex(); |
|
1717 |
|
1718 // Note that parent handles cert deletion from now on. |
|
1719 iParent->complete_read_own_certificate(iUserCertChain, eap_status_ok); |
|
1720 |
|
1721 m_am_tools->leave_global_mutex(); |
|
1722 |
|
1723 } |
|
1724 else // if (iCAIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
1725 { |
|
1726 CCTCertInfo* info; |
|
1727 info = iCertInfos[iCAIndex]; // No need to vvalidate iCertInfos, as execution comes |
|
1728 // here only if iCertInfos has more items than iCAIndex |
|
1729 |
|
1730 iState = ECreateCertChain; |
|
1731 |
|
1732 EAP_TRACE_DEBUG( |
|
1733 m_am_tools, |
|
1734 TRACE_FLAGS_DEFAULT, |
|
1735 (EAPL("CEapTlsPeapCertInterface::RunL()- ECreateCertChain - Before Retrieve(): iCAIndex=%d, size=%d\n"), |
|
1736 iCAIndex, info->Size())); |
|
1737 |
|
1738 |
|
1739 |
|
1740 iEncodedCertificate->Des().SetLength(0); |
|
1741 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
1742 if (err != KErrNone) |
|
1743 { |
|
1744 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1745 |
|
1746 RPointerArray<CX509Certificate> tmp; |
|
1747 |
|
1748 m_am_tools->enter_global_mutex(); |
|
1749 |
|
1750 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1751 |
|
1752 m_am_tools->leave_global_mutex(); |
|
1753 |
|
1754 break; |
|
1755 } |
|
1756 |
|
1757 iCertPtr.Set(iEncodedCertificate->Des()); |
|
1758 |
|
1759 iCertStore->Retrieve( |
|
1760 *info, |
|
1761 iCertPtr, |
|
1762 iStatus); |
|
1763 |
|
1764 SetActive(); |
|
1765 } |
|
1766 } |
|
1767 break; |
|
1768 |
|
1769 case EReadCACertInitStore: |
|
1770 { |
|
1771 EAP_TRACE_DEBUG( |
|
1772 m_am_tools, |
|
1773 TRACE_FLAGS_DEFAULT, |
|
1774 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCACertInitStore\n"))); |
|
1775 |
|
1776 // Set up filter |
|
1777 delete iCertFilter; |
|
1778 iCertFilter = 0; |
|
1779 |
|
1780 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
1781 { |
|
1782 iCertInfos[i]->Release(); |
|
1783 } |
|
1784 iCertInfos.Reset(); |
|
1785 |
|
1786 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
|
1787 if (err != KErrNone) |
|
1788 { |
|
1789 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1790 RPointerArray<CX509Certificate> tmp; |
|
1791 |
|
1792 m_am_tools->enter_global_mutex(); |
|
1793 |
|
1794 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1795 |
|
1796 m_am_tools->leave_global_mutex(); |
|
1797 break; |
|
1798 } |
|
1799 |
|
1800 iCertFilter->SetFormat(EX509Certificate); |
|
1801 iCertFilter->SetOwnerType(ECACertificate); |
|
1802 iCertFilter->SetSubjectKeyId(iCertInfo.iSubjectKeyId); |
|
1803 if (iCertInfo.iLabel.Size()>0) |
|
1804 iCertFilter->SetLabel(iCertInfo.iLabel);// We can not use Label in the filter as certificates saved |
|
1805 // by using SetConfigurationL (OMA DM etc uses it) will not have Label. |
|
1806 |
|
1807 iState = EReadCACertList; |
|
1808 iCertStore->List( |
|
1809 iCertInfos, |
|
1810 *iCertFilter, |
|
1811 iStatus); |
|
1812 SetActive(); |
|
1813 |
|
1814 } |
|
1815 break; |
|
1816 |
|
1817 case EReadCACertList: |
|
1818 { |
|
1819 EAP_TRACE_DEBUG( |
|
1820 m_am_tools, |
|
1821 TRACE_FLAGS_DEFAULT, |
|
1822 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCACertList\n"))); |
|
1823 |
|
1824 // Now we should have all the cert infos in iCertInfos. |
|
1825 if (iCertInfos.Count() == 0) |
|
1826 { |
|
1827 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EReadCACertList iCertInfos.Count = 0.\n"))); |
|
1828 RPointerArray<CX509Certificate> tmp; |
|
1829 |
|
1830 m_am_tools->enter_global_mutex(); |
|
1831 |
|
1832 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1833 |
|
1834 m_am_tools->leave_global_mutex(); |
|
1835 break; |
|
1836 } |
|
1837 |
|
1838 // Just take the first found certificate |
|
1839 CCTCertInfo* info; |
|
1840 info = iCertInfos[0]; |
|
1841 |
|
1842 iState = EReadCACert; |
|
1843 |
|
1844 iEncodedCertificate->Des().SetLength(0); |
|
1845 |
|
1846 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
1847 if (err != KErrNone) |
|
1848 { |
|
1849 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1850 RPointerArray<CX509Certificate> tmp; |
|
1851 |
|
1852 m_am_tools->enter_global_mutex(); |
|
1853 |
|
1854 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1855 |
|
1856 m_am_tools->leave_global_mutex(); |
|
1857 break; |
|
1858 } |
|
1859 |
|
1860 iCertPtr.Set(iEncodedCertificate->Des()); |
|
1861 |
|
1862 iCertStore->Retrieve( |
|
1863 *info, |
|
1864 iCertPtr, |
|
1865 iStatus); |
|
1866 |
|
1867 SetActive(); |
|
1868 } |
|
1869 break; |
|
1870 |
|
1871 case EReadCACert: |
|
1872 { |
|
1873 EAP_TRACE_DEBUG( |
|
1874 m_am_tools, |
|
1875 TRACE_FLAGS_DEFAULT, |
|
1876 (EAPL("CEapTlsPeapCertInterface::RunL(): EReadCACert\n"))); |
|
1877 |
|
1878 EAP_TRACE_DEBUG( |
|
1879 m_am_tools, |
|
1880 TRACE_FLAGS_DEFAULT, |
|
1881 (EAPL("CEapTlsPeapCertInterface::RunL():EncodedCertificate string size=%d\n"), |
|
1882 iEncodedCertificate->Size())); |
|
1883 |
|
1884 CX509Certificate* cert = 0; |
|
1885 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
1886 if (err != KErrNone) |
|
1887 { |
|
1888 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1889 RPointerArray<CX509Certificate> tmp; |
|
1890 |
|
1891 m_am_tools->enter_global_mutex(); |
|
1892 |
|
1893 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1894 |
|
1895 m_am_tools->leave_global_mutex(); |
|
1896 break; |
|
1897 } |
|
1898 |
|
1899 // Use iUserCertChain on purpose for this anyway even though this is CA cert. |
|
1900 iUserCertChain.ResetAndDestroy(); |
|
1901 if (iUserCertChain.Append(cert) != KErrNone) |
|
1902 { |
|
1903 delete cert; |
|
1904 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1905 RPointerArray<CX509Certificate> tmp; |
|
1906 |
|
1907 m_am_tools->enter_global_mutex(); |
|
1908 |
|
1909 iParent->complete_read_ca_certificate(tmp, eap_status_allocation_error); //Failure |
|
1910 |
|
1911 m_am_tools->leave_global_mutex(); |
|
1912 break; |
|
1913 } |
|
1914 |
|
1915 // Note that parent handles cert deletion from now on. |
|
1916 iParent->complete_read_ca_certificate(iUserCertChain, eap_status_ok); |
|
1917 } |
|
1918 break; |
|
1919 |
|
1920 case EValidateChainInitStore: |
|
1921 { |
|
1922 EAP_TRACE_DEBUG( |
|
1923 m_am_tools, |
|
1924 TRACE_FLAGS_DEFAULT, |
|
1925 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainInitStore\n"))); |
|
1926 |
|
1927 delete iCertFilter; |
|
1928 iCertFilter = 0; |
|
1929 |
|
1930 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
1931 { |
|
1932 iCertInfos[i]->Release(); |
|
1933 } |
|
1934 iCertInfos.Reset(); |
|
1935 |
|
1936 TRAPD(err, iCertFilter = CCertAttributeFilter::NewL()); |
|
1937 if (err != KErrNone) |
|
1938 { |
|
1939 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1940 CPKIXValidationResult* tmp = 0; |
|
1941 |
|
1942 m_am_tools->enter_global_mutex(); |
|
1943 |
|
1944 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
1945 |
|
1946 m_am_tools->leave_global_mutex(); |
|
1947 break; |
|
1948 } |
|
1949 iCertFilter->SetOwnerType(ECACertificate); |
|
1950 iCertFilter->SetFormat(EX509Certificate); |
|
1951 |
|
1952 iState = EValidateChainGetCACertList; |
|
1953 iCertStore->List( |
|
1954 iCertInfos, |
|
1955 *iCertFilter, |
|
1956 iStatus); |
|
1957 SetActive(); |
|
1958 } |
|
1959 break; |
|
1960 |
|
1961 case EValidateChainGetCACertList: |
|
1962 { |
|
1963 EAP_TRACE_DEBUG( |
|
1964 m_am_tools, |
|
1965 TRACE_FLAGS_DEFAULT, |
|
1966 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACertList\n"))); |
|
1967 |
|
1968 int index; |
|
1969 TIdentityRelation<SCertEntry> comparator(&EapTlsPeapUtils::CompareSCertEntries); |
|
1970 // Remove disallowed CA certs from the array |
|
1971 for (TInt i = 0; i < iCertInfos.Count(); i++) |
|
1972 { |
|
1973 SCertEntry certEntry; |
|
1974 certEntry.iLabel.Copy(iCertInfos[i]->Label()); |
|
1975 certEntry.iSubjectKeyId.Copy(iCertInfos[i]->SubjectKeyId()); |
|
1976 index = iAllowedCACerts.Find(certEntry, comparator); |
|
1977 |
|
1978 if (index == KErrNotFound) |
|
1979 { |
|
1980 // Remove |
|
1981 iCertInfos[i]->Release(); |
|
1982 iCertInfos.Remove(i); |
|
1983 i--; |
|
1984 } |
|
1985 } |
|
1986 if (iCertInfos.Count() == 0) |
|
1987 { |
|
1988 // Create new validation result for this failure case. |
|
1989 // CPKIXValidationResult does include a Reset-member function |
|
1990 // but it is not in x500.lib as the documentation says. |
|
1991 CPKIXValidationResult* validationResult = 0; |
|
1992 TRAPD(err, validationResult = CPKIXValidationResult::NewL()); |
|
1993 if (err != KErrNone) |
|
1994 { |
|
1995 // Do nothing. Session timeout takes care of cleanup... |
|
1996 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
1997 } |
|
1998 m_am_tools->enter_global_mutex(); |
|
1999 |
|
2000 iParent->complete_validate_chain(*validationResult, eap_status_ca_certificate_unknown); //Failure. |
|
2001 |
|
2002 m_am_tools->leave_global_mutex(); |
|
2003 delete validationResult; |
|
2004 break; |
|
2005 } |
|
2006 |
|
2007 CCTCertInfo* info; |
|
2008 info = iCertInfos[0]; |
|
2009 iCAIndex = 0; |
|
2010 |
|
2011 iState = EValidateChainGetCACert; |
|
2012 |
|
2013 iEncodedCertificate->Des().SetLength(0); |
|
2014 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
2015 if (err != KErrNone) |
|
2016 { |
|
2017 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2018 |
|
2019 CPKIXValidationResult* tmp = 0; |
|
2020 |
|
2021 m_am_tools->enter_global_mutex(); |
|
2022 |
|
2023 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2024 |
|
2025 m_am_tools->leave_global_mutex(); |
|
2026 break; |
|
2027 } |
|
2028 |
|
2029 iCertPtr.Set(iEncodedCertificate->Des()); |
|
2030 |
|
2031 iCertStore->Retrieve( |
|
2032 *info, |
|
2033 iCertPtr, |
|
2034 iStatus); |
|
2035 |
|
2036 SetActive(); |
|
2037 } |
|
2038 break; |
|
2039 |
|
2040 case EValidateChainGetCACert: |
|
2041 { |
|
2042 EAP_TRACE_DEBUG( |
|
2043 m_am_tools, |
|
2044 TRACE_FLAGS_DEFAULT, |
|
2045 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainGetCACert\n"))); |
|
2046 |
|
2047 CX509Certificate* cert = 0; |
|
2048 TRAPD(err, cert = CX509Certificate::NewL(iEncodedCertificate->Des())); |
|
2049 if (err != KErrNone) |
|
2050 { |
|
2051 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2052 CPKIXValidationResult* tmp = 0; |
|
2053 |
|
2054 m_am_tools->enter_global_mutex(); |
|
2055 |
|
2056 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2057 |
|
2058 m_am_tools->leave_global_mutex(); |
|
2059 break; |
|
2060 } |
|
2061 |
|
2062 // Signal completition |
|
2063 if (iRootCerts.Append(cert) != KErrNone) |
|
2064 { |
|
2065 delete cert; |
|
2066 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2067 CPKIXValidationResult* tmp = 0; |
|
2068 |
|
2069 m_am_tools->enter_global_mutex(); |
|
2070 |
|
2071 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2072 |
|
2073 m_am_tools->leave_global_mutex(); |
|
2074 break; |
|
2075 } |
|
2076 |
|
2077 iCAIndex++; |
|
2078 if (iCAIndex >= static_cast<TUint>(iCertInfos.Count())) |
|
2079 { |
|
2080 delete iCertChain; |
|
2081 iCertChain = 0; |
|
2082 |
|
2083 TRAPD(err, iCertChain = CPKIXCertChain::NewL(iFs, *iInputCertChain, iRootCerts)); |
|
2084 if (err != KErrNone) |
|
2085 { |
|
2086 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: EAP-TLS error %d.\n"), err)); |
|
2087 CPKIXValidationResult* tmp = 0; |
|
2088 |
|
2089 m_am_tools->enter_global_mutex(); |
|
2090 |
|
2091 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2092 |
|
2093 m_am_tools->leave_global_mutex(); |
|
2094 break; |
|
2095 } |
|
2096 // Set the current time |
|
2097 iTime.UniversalTime(); |
|
2098 iState = EValidateChainEnd; |
|
2099 TRAP(err, iCertChain->ValidateL(*iValidationResult, iTime, iStatus)); |
|
2100 if (err != KErrNone) |
|
2101 { |
|
2102 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Error in certificate validation in EAP-TLS.\n"))); |
|
2103 CPKIXValidationResult* tmp = 0; |
|
2104 |
|
2105 m_am_tools->enter_global_mutex(); |
|
2106 |
|
2107 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2108 |
|
2109 m_am_tools->leave_global_mutex(); |
|
2110 break; |
|
2111 } |
|
2112 SetActive(); // Validate. |
|
2113 } |
|
2114 else |
|
2115 { |
|
2116 CCTCertInfo* info; |
|
2117 info = iCertInfos[iCAIndex]; |
|
2118 |
|
2119 iState = EValidateChainGetCACert; |
|
2120 |
|
2121 iEncodedCertificate->Des().SetLength(0); |
|
2122 TRAPD(err, iEncodedCertificate = iEncodedCertificate->ReAllocL(info->Size())); |
|
2123 if (err != KErrNone) |
|
2124 { |
|
2125 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2126 CPKIXValidationResult* tmp = 0; |
|
2127 |
|
2128 m_am_tools->enter_global_mutex(); |
|
2129 |
|
2130 iParent->complete_validate_chain(*tmp, eap_status_ca_certificate_unknown); //Failure. |
|
2131 |
|
2132 m_am_tools->leave_global_mutex(); |
|
2133 break; |
|
2134 } |
|
2135 |
|
2136 iCertPtr.Set(iEncodedCertificate->Des()); |
|
2137 |
|
2138 iCertStore->Retrieve( |
|
2139 *info, |
|
2140 iCertPtr, |
|
2141 iStatus); |
|
2142 |
|
2143 SetActive(); |
|
2144 } |
|
2145 } |
|
2146 break; |
|
2147 |
|
2148 case EValidateChainEnd: |
|
2149 |
|
2150 EAP_TRACE_DEBUG( |
|
2151 m_am_tools, |
|
2152 TRACE_FLAGS_DEFAULT, |
|
2153 (EAPL("CEapTlsPeapCertInterface::RunL(): EValidateChainEnd\n"))); |
|
2154 |
|
2155 m_am_tools->enter_global_mutex(); |
|
2156 |
|
2157 iParent->complete_validate_chain(*iValidationResult, eap_status_ok); |
|
2158 |
|
2159 m_am_tools->leave_global_mutex(); |
|
2160 // Ignore error because there is nothing that can be done. |
|
2161 break; |
|
2162 |
|
2163 case ESignInitStore: |
|
2164 { |
|
2165 EAP_TRACE_DEBUG( |
|
2166 m_am_tools, |
|
2167 TRACE_FLAGS_DEFAULT, |
|
2168 (EAPL("CEapTlsPeapCertInterface::RunL(): ESignInitStore\n"))); |
|
2169 |
|
2170 iState = ESetPassphraseTimeout; |
|
2171 iKeyStore->SetPassphraseTimeout(-1 , iStatus); |
|
2172 SetActive(); |
|
2173 } |
|
2174 break; |
|
2175 |
|
2176 case ESetPassphraseTimeout: |
|
2177 { |
|
2178 EAP_TRACE_DEBUG( |
|
2179 m_am_tools, |
|
2180 TRACE_FLAGS_DEFAULT, |
|
2181 (EAPL("CEapTlsPeapCertInterface::RunL(): ESetPassphraseTimeout\n"))); |
|
2182 |
|
2183 // Set up filter |
|
2184 delete iKeyFilter; |
|
2185 iKeyFilter = 0; |
|
2186 |
|
2187 TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); |
|
2188 if (err != KErrNone) |
|
2189 { |
|
2190 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2191 RInteger tmp; |
|
2192 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
|
2193 break; |
|
2194 } |
|
2195 |
|
2196 iKeyFilter->iKeyId = iKeyIdentifier; |
|
2197 iKeyFilter->iPolicyFilter = TCTKeyAttributeFilter::EUsableKeys; |
|
2198 |
|
2199 iState = ESignList; |
|
2200 iKeyStore->List( |
|
2201 iKeyInfos, |
|
2202 *iKeyFilter, |
|
2203 iStatus); |
|
2204 SetActive(); |
|
2205 } |
|
2206 break; |
|
2207 |
|
2208 case ESignList: |
|
2209 { |
|
2210 EAP_TRACE_DEBUG( |
|
2211 m_am_tools, |
|
2212 TRACE_FLAGS_DEFAULT, |
|
2213 (EAPL("CEapTlsPeapCertInterface::RunL(): ESignList, iKeyInfos.Count=%d\n"), |
|
2214 iKeyInfos.Count())); |
|
2215 |
|
2216 if(iKeyInfos.Count() <= 0) |
|
2217 { |
|
2218 RInteger tmp; |
|
2219 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
|
2220 break; |
|
2221 } |
|
2222 |
|
2223 iState = ESignOpenKeyStore; |
|
2224 |
|
2225 CKeyInfoBase::EKeyAlgorithm rsa(static_cast<CKeyInfoBase::EKeyAlgorithm> (1)); |
|
2226 |
|
2227 if (iKeyInfos[0]->Algorithm() == rsa) |
|
2228 { |
|
2229 // Note to the CodeScanner users. This function does not return any value. |
|
2230 (void)iKeyStore->Open( |
|
2231 iKeyInfos[0]->Handle(), |
|
2232 iRSASigner, |
|
2233 iStatus); |
|
2234 } |
|
2235 else |
|
2236 { |
|
2237 // Note to the CodeScanner users. This function does not return any value. |
|
2238 (void)iKeyStore->Open( |
|
2239 iKeyInfos[0]->Handle(), |
|
2240 iDSASigner, |
|
2241 iStatus); |
|
2242 } |
|
2243 SetActive(); |
|
2244 } |
|
2245 break; |
|
2246 |
|
2247 case ESignOpenKeyStore: |
|
2248 { |
|
2249 EAP_TRACE_DEBUG( |
|
2250 m_am_tools, |
|
2251 TRACE_FLAGS_DEFAULT, |
|
2252 (EAPL("CEapTlsPeapCertInterface::RunL(): ESignOpenKeyStore, iKeyInfos.Count=%d\n"), |
|
2253 iKeyInfos.Count())); |
|
2254 |
|
2255 if(iKeyInfos.Count() <= 0) |
|
2256 { |
|
2257 RInteger tmp; |
|
2258 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
|
2259 break; |
|
2260 } |
|
2261 |
|
2262 iState = ESign; |
|
2263 |
|
2264 CKeyInfoBase::EKeyAlgorithm rsa(static_cast<CKeyInfoBase::EKeyAlgorithm> (1)); |
|
2265 |
|
2266 if (iKeyInfos[0]->Algorithm() == rsa) |
|
2267 { |
|
2268 iRSASigner->Sign( |
|
2269 iHashIn, |
|
2270 iRSASignature, |
|
2271 iStatus); |
|
2272 } |
|
2273 else |
|
2274 { |
|
2275 iDSASigner->Sign( |
|
2276 iHashIn, |
|
2277 iDSASignature, |
|
2278 iStatus); |
|
2279 } |
|
2280 |
|
2281 SetActive(); |
|
2282 } |
|
2283 break; |
|
2284 |
|
2285 case ESign: |
|
2286 { |
|
2287 EAP_TRACE_DEBUG( |
|
2288 m_am_tools, |
|
2289 TRACE_FLAGS_DEFAULT, |
|
2290 (EAPL("CEapTlsPeapCertInterface::RunL(): ESign, iKeyInfos.Count=%d\n"), |
|
2291 iKeyInfos.Count())); |
|
2292 |
|
2293 if(iKeyInfos.Count() <= 0) |
|
2294 { |
|
2295 RInteger tmp; |
|
2296 iParent->complete_sign(tmp, tmp, eap_status_key_error); |
|
2297 break; |
|
2298 } |
|
2299 |
|
2300 CKeyInfoBase::EKeyAlgorithm rsa(static_cast<CKeyInfoBase::EKeyAlgorithm> (1)); |
|
2301 |
|
2302 if (iKeyInfos[0]->Algorithm() == rsa) |
|
2303 { |
|
2304 // This is just dummy integer. It is ignored in RSA case. |
|
2305 RInteger R = RInteger::NewL(); |
|
2306 |
|
2307 CleanupStack::PushL(R); |
|
2308 |
|
2309 iParent->complete_sign(R, reinterpret_cast<const RInteger&>(iRSASignature->S()), eap_status_ok); |
|
2310 |
|
2311 CleanupStack::PopAndDestroy(); |
|
2312 |
|
2313 iRSASigner->Release(); // This seems to be needed. |
|
2314 } |
|
2315 else |
|
2316 { |
|
2317 iParent->complete_sign(reinterpret_cast<const RInteger&>(iDSASignature->R()), |
|
2318 reinterpret_cast<const RInteger&>(iDSASignature->S()), eap_status_ok); |
|
2319 |
|
2320 iDSASigner->Release(); // This seems to be needed. |
|
2321 } |
|
2322 } |
|
2323 break; |
|
2324 |
|
2325 case EDecryptInitStore: |
|
2326 { |
|
2327 EAP_TRACE_DEBUG( |
|
2328 m_am_tools, |
|
2329 TRACE_FLAGS_DEFAULT, |
|
2330 (EAPL("CEapTlsPeapCertInterface::RunL(): EDecryptInitStore\n"))); |
|
2331 |
|
2332 // Set up filter |
|
2333 delete iKeyFilter; |
|
2334 iKeyFilter = 0; |
|
2335 |
|
2336 TRAPD(err, iKeyFilter = new (ELeave) TCTKeyAttributeFilter); |
|
2337 if (err != KErrNone) |
|
2338 { |
|
2339 EAP_TRACE_ERROR(m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("ERROR: Out of memory in EAP-TLS.\n"))); |
|
2340 TBuf8<1> tmp; |
|
2341 iParent->complete_decrypt(tmp, eap_status_key_error); |
|
2342 break; |
|
2343 } |
|
2344 |
|
2345 iKeyFilter->iKeyId = iKeyIdentifier; |
|
2346 iKeyFilter->iPolicyFilter = TCTKeyAttributeFilter::EUsableKeys; |
|
2347 |
|
2348 iState = EDecryptList; |
|
2349 iKeyStore->List( |
|
2350 iKeyInfos, |
|
2351 *iKeyFilter, |
|
2352 iStatus); |
|
2353 SetActive(); |
|
2354 } |
|
2355 break; |
|
2356 |
|
2357 case EDecryptList: |
|
2358 { |
|
2359 EAP_TRACE_DEBUG( |
|
2360 m_am_tools, |
|
2361 TRACE_FLAGS_DEFAULT, |
|
2362 (EAPL("CEapTlsPeapCertInterface::RunL(): EDecryptList, iKeyInfos.Count=%d\n"), |
|
2363 iKeyInfos.Count())); |
|
2364 |
|
2365 if(iKeyInfos.Count() <= 0) |
|
2366 { |
|
2367 TBuf8<1> tmp; |
|
2368 iParent->complete_decrypt(tmp, eap_status_key_error); |
|
2369 break; |
|
2370 } |
|
2371 |
|
2372 iState = EDecryptOpenKeyStore; |
|
2373 |
|
2374 // Note to the CodeScanner users. This function does not return any value. |
|
2375 (void)iKeyStore->Open( |
|
2376 iKeyInfos[0]->Handle(), |
|
2377 iDecryptor, |
|
2378 iStatus); |
|
2379 |
|
2380 SetActive(); |
|
2381 } |
|
2382 break; |
|
2383 |
|
2384 case EDecryptOpenKeyStore: |
|
2385 { |
|
2386 EAP_TRACE_DEBUG( |
|
2387 m_am_tools, |
|
2388 TRACE_FLAGS_DEFAULT, |
|
2389 (EAPL("CEapTlsPeapCertInterface::RunL(): EDecryptOpenKeyStore\n"))); |
|
2390 |
|
2391 iState = EDecrypt; |
|
2392 |
|
2393 iDecryptor->Decrypt( |
|
2394 *iDataIn, |
|
2395 *iPtrOut, |
|
2396 iStatus); |
|
2397 |
|
2398 SetActive(); |
|
2399 } |
|
2400 break; |
|
2401 |
|
2402 case EDecrypt: |
|
2403 { |
|
2404 EAP_TRACE_DEBUG( |
|
2405 m_am_tools, |
|
2406 TRACE_FLAGS_DEFAULT, |
|
2407 (EAPL("CEapTlsPeapCertInterface::RunL(): EDecrypt\n"))); |
|
2408 |
|
2409 iParent->complete_decrypt(*iPtrOut, eap_status_ok); |
|
2410 } |
|
2411 break; |
|
2412 |
|
2413 default: |
|
2414 EAP_TRACE_DEBUG( |
|
2415 m_am_tools, |
|
2416 TRACE_FLAGS_DEFAULT, |
|
2417 (EAPL("CEapTlsPeapCertInterface::RunL(): unknown %d\n"), |
|
2418 iState)); |
|
2419 break; |
|
2420 } |
|
2421 EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); |
|
2422 return; |
|
2423 } |
|
2424 |
|
2425 void CEapTlsPeapCertInterface::CancelSignWithPrivateKey() |
|
2426 { |
|
2427 EAP_TRACE_DEBUG( |
|
2428 m_am_tools, |
|
2429 TRACE_FLAGS_DEFAULT, |
|
2430 (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey():Cancelling Signing - iState=%d (13=ESign)\n"), |
|
2431 iState)); |
|
2432 |
|
2433 if(IsActive()) |
|
2434 { |
|
2435 |
|
2436 // We have to cancel singing if it is ongoing. Both for RSA and DSA. |
|
2437 if(iRSASigner != 0) |
|
2438 { |
|
2439 EAP_TRACE_DEBUG( |
|
2440 m_am_tools, |
|
2441 TRACE_FLAGS_DEFAULT, |
|
2442 (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey(): calls iRSASigner->CancelSign()\n"))); |
|
2443 |
|
2444 iRSASigner->CancelSign(); |
|
2445 } |
|
2446 |
|
2447 if(iDSASigner != 0) |
|
2448 { |
|
2449 EAP_TRACE_DEBUG( |
|
2450 m_am_tools, |
|
2451 TRACE_FLAGS_DEFAULT, |
|
2452 (EAPL("CEapTlsPeapCertInterface::CancelSignWithPrivateKey(): calls iDSASigner->CancelSign()\n"))); |
|
2453 |
|
2454 iDSASigner->CancelSign(); |
|
2455 } |
|
2456 } |
|
2457 } |
|
2458 |
|
2459 // End of file |